Document and clean up MAC address expiry.
This commit is contained in:
Guus Sliepen
parent
14979f835d
commit
ab90fa9bd1
5 changed files with 60 additions and 39 deletions
|
|
@ -165,6 +165,12 @@ Currently this option only affects the Linux tun/tap device.
|
|||
This option controls the period the encryption keys used to encrypt the data are valid.
|
||||
It is common practice to change keys at regular intervals to make it even harder for crackers,
|
||||
even though it is thought to be nearly impossible to crack a single key.
|
||||
.It Va MACExpire Li = Ar period Pq 600
|
||||
This option controls the amount of time MAC addresses are kept before they are removed.
|
||||
This only has effect when
|
||||
.Va Mode
|
||||
is set to
|
||||
.Qq switch .
|
||||
.It Va MaxTimeout Li = Ar period Pq 900
|
||||
This is the maximum delay before trying to reconnect to other tinc daemons.
|
||||
.It Va Mode Li = router | switch | hub Pq router
|
||||
|
|
@ -183,7 +189,7 @@ at the cost of frequent broadcast ARP requests and routing table updates.
|
|||
.It hub
|
||||
This mode is almost the same as the switch mode, but instead
|
||||
every packet will be broadcast to the other daemons
|
||||
while no routing table is created.
|
||||
while no routing table is managed.
|
||||
.El
|
||||
.It Va Name Li = Ar name Bq required
|
||||
This is the name which identifies this tinc daemon.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
\input texinfo @c -*-texinfo-*-
|
||||
@c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $
|
||||
@c $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $
|
||||
@c %**start of header
|
||||
@setfilename tinc.info
|
||||
@settitle tinc Manual
|
||||
|
|
@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans
|
|||
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
|
||||
Wessel Dankers <wsl@@nl.linux.org>.
|
||||
|
||||
$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $
|
||||
$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
manual provided the copyright notice and this permission notice are
|
||||
|
|
@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans
|
|||
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
|
||||
Wessel Dankers <wsl@@nl.linux.org>.
|
||||
|
||||
$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $
|
||||
$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
manual provided the copyright notice and this permission notice are
|
||||
|
|
@ -813,13 +813,15 @@ Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this
|
|||
@cindex switch
|
||||
@item switch
|
||||
In this mode the MAC addresses of the packets on the VPN will be used to
|
||||
dynamically create a routing table just like a network switch does.
|
||||
Unicast, multicast and broadcast packets of every ethernet protocol are supported in this mode
|
||||
dynamically create a routing table just like an Ethernet switch does.
|
||||
Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode
|
||||
at the cost of frequent broadcast ARP requests and routing table updates.
|
||||
|
||||
@cindex hub
|
||||
@item hub
|
||||
In this mode every packet will be broadcast to the other daemons.
|
||||
This mode is almost the same as the switch mode, but instead
|
||||
every packet will be broadcast to the other daemons
|
||||
while no routing table is managed.
|
||||
@end table
|
||||
|
||||
@cindex KeyExpire
|
||||
|
|
@ -829,6 +831,11 @@ are valid. It is common practice to change keys at regular intervals to
|
|||
make it even harder for crackers, even though it is thought to be nearly
|
||||
impossible to crack a single key.
|
||||
|
||||
@cindex MACExpire
|
||||
@item MACExpire = <seconds> (600)
|
||||
This option controls the amount of time MAC addresses are kept before they are removed.
|
||||
This only has effect when Mode is set to "switch".
|
||||
|
||||
@cindex Name
|
||||
@item @strong{Name = <name>}
|
||||
This is a symbolic name for this connection. It can be anything
|
||||
|
|
|
|||
63
po/nl.po
63
po/nl.po
|
|
@ -5,7 +5,7 @@
|
|||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: tinc 1.0-cvs\n"
|
||||
"POT-Creation-Date: 2002-03-01 14:19+0100\n"
|
||||
"POT-Creation-Date: 2002-03-01 15:22+0100\n"
|
||||
"PO-Revision-Date: 2002-03-01 14:19+0100\n"
|
||||
"Last-Translator: Guus Sliepen <guus@sliepen.warande.net>\n"
|
||||
"Language-Team: Dutch <vertaling@nl.linux.org>\n"
|
||||
|
|
@ -172,53 +172,53 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s"
|
|||
msgid "Metadata read buffer overflow for %s (%s)"
|
||||
msgstr "Metadata leesbuffer overloop voor %s (%s)"
|
||||
|
||||
#: src/net.c:114
|
||||
#: src/net.c:116
|
||||
msgid "Purging unreachable nodes"
|
||||
msgstr "Verwijderen onbereikbare nodes"
|
||||
|
||||
#: src/net.c:124
|
||||
#: src/net.c:126
|
||||
#, c-format
|
||||
msgid "Purging node %s (%s)"
|
||||
msgstr "Verwijdering node %s (%s)"
|
||||
|
||||
#: src/net.c:178
|
||||
#: src/net.c:180
|
||||
#, c-format
|
||||
msgid "Closing connection with %s (%s)"
|
||||
msgstr "Beëindigen verbinding met %s (%s)"
|
||||
|
||||
#: src/net.c:249
|
||||
#: src/net.c:248
|
||||
#, c-format
|
||||
msgid "%s (%s) didn't respond to PING"
|
||||
msgstr "%s (%s) antwoordde niet op ping"
|
||||
|
||||
#: src/net.c:262
|
||||
#: src/net.c:261
|
||||
#, c-format
|
||||
msgid "Timeout from %s (%s) during authentication"
|
||||
msgstr "Timeout van %s (%s) tijdens authenticatie"
|
||||
|
||||
#: src/net.c:315 src/net_socket.c:246
|
||||
#: src/net.c:314 src/net_socket.c:246
|
||||
#, c-format
|
||||
msgid "Error while connecting to %s (%s): %s"
|
||||
msgstr "Fout tijdens schrijven naar %s (%s): %s"
|
||||
|
||||
#: src/net.c:377
|
||||
#: src/net.c:378
|
||||
#, c-format
|
||||
msgid "Error while waiting for input: %s"
|
||||
msgstr "Fout tijdens wachten op invoer: %s"
|
||||
|
||||
#: src/net.c:411
|
||||
#: src/net.c:413
|
||||
msgid "Regenerating symmetric key"
|
||||
msgstr "Hergenereren symmetrische sleutel"
|
||||
|
||||
#: src/net.c:428
|
||||
#: src/net.c:430
|
||||
msgid "Flushing event queue"
|
||||
msgstr "Legen taakrij"
|
||||
|
||||
#: src/net.c:445
|
||||
#: src/net.c:447
|
||||
msgid "Rereading configuration file and restarting in 5 seconds"
|
||||
msgstr "Herlezen configuratiebestand en herstart in 5 seconden"
|
||||
|
||||
#: src/net.c:452
|
||||
#: src/net.c:454
|
||||
msgid "Unable to reread configuration file, exiting"
|
||||
msgstr "Kan configuratiebestand niet herlezen, beëindigen"
|
||||
|
||||
|
|
@ -259,7 +259,7 @@ msgid "Setting outgoing packet priority to %d"
|
|||
msgstr "Instellen prioriteit uitgaand pakket op %d"
|
||||
|
||||
#. SO_PRIORITY doesn't seem to work
|
||||
#: src/net_packet.c:270 src/net_setup.c:476 src/net_socket.c:99
|
||||
#: src/net_packet.c:270 src/net_setup.c:479 src/net_socket.c:99
|
||||
#: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258
|
||||
#: src/process.c:293
|
||||
#, c-format
|
||||
|
|
@ -369,44 +369,44 @@ msgstr "Ongeldig publiek/priv
|
|||
msgid "Invalid routing mode!"
|
||||
msgstr "Ongeldige routing modus!"
|
||||
|
||||
#: src/net_setup.c:335
|
||||
#: src/net_setup.c:338
|
||||
msgid "Bogus maximum timeout!"
|
||||
msgstr "Onzinnige maximum timeout!"
|
||||
|
||||
#: src/net_setup.c:352
|
||||
#: src/net_setup.c:355
|
||||
msgid "Invalid address family!"
|
||||
msgstr "Ongeldige adresfamilie!"
|
||||
|
||||
#: src/net_setup.c:374
|
||||
#: src/net_setup.c:377
|
||||
msgid "Unrecognized cipher type!"
|
||||
msgstr "Onbekend cipher type!"
|
||||
|
||||
#: src/net_setup.c:409
|
||||
#: src/net_setup.c:412
|
||||
msgid "Unrecognized digest type!"
|
||||
msgstr "Onbekend digest type!"
|
||||
|
||||
#: src/net_setup.c:425
|
||||
#: src/net_setup.c:428
|
||||
msgid "MAC length exceeds size of digest!"
|
||||
msgstr "MAC lengte is groter dan dat van digest!"
|
||||
|
||||
#: src/net_setup.c:430
|
||||
#: src/net_setup.c:433
|
||||
msgid "Bogus MAC length!"
|
||||
msgstr "Onzinnige MAC lengte!"
|
||||
|
||||
#: src/net_setup.c:446
|
||||
#: src/net_setup.c:449
|
||||
msgid "Bogus compression level!"
|
||||
msgstr "Onzinnig compressieniveau!"
|
||||
|
||||
#: src/net_setup.c:491
|
||||
#: src/net_setup.c:494
|
||||
#, c-format
|
||||
msgid "Listening on %s"
|
||||
msgstr "Luisterend op %s"
|
||||
|
||||
#: src/net_setup.c:501
|
||||
#: src/net_setup.c:504
|
||||
msgid "Ready"
|
||||
msgstr "Gereed"
|
||||
|
||||
#: src/net_setup.c:504
|
||||
#: src/net_setup.c:507
|
||||
msgid "Unable to create any listening socket!"
|
||||
msgstr "Kon geen enkele luistersocket aanmaken!"
|
||||
|
||||
|
|
@ -1028,17 +1028,22 @@ msgstr "Signaal %d (%s) genegeerd"
|
|||
msgid "Installing signal handler for signal %d (%s) failed: %s\n"
|
||||
msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n"
|
||||
|
||||
#: src/route.c:70
|
||||
#: src/route.c:71
|
||||
#, c-format
|
||||
msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"
|
||||
msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd"
|
||||
|
||||
#: src/route.c:120
|
||||
#: src/route.c:104
|
||||
#, c-format
|
||||
msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"
|
||||
msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen"
|
||||
|
||||
#: src/route.c:149
|
||||
#, c-format
|
||||
msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"
|
||||
msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d"
|
||||
|
||||
#: src/route.c:140
|
||||
#: src/route.c:169
|
||||
#, c-format
|
||||
msgid ""
|
||||
"Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%"
|
||||
|
|
@ -1047,16 +1052,16 @@ msgstr ""
|
|||
"Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%"
|
||||
"hx:%hx"
|
||||
|
||||
#: src/route.c:184
|
||||
#: src/route.c:213
|
||||
msgid "Cannot route packet: received unknown type ARP request"
|
||||
msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek"
|
||||
|
||||
#: src/route.c:197
|
||||
#: src/route.c:226
|
||||
#, c-format
|
||||
msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d"
|
||||
msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d"
|
||||
|
||||
#: src/route.c:249
|
||||
#: src/route.c:278
|
||||
#, c-format
|
||||
msgid "Cannot route packet: unknown type %hx"
|
||||
msgstr "Kan pakket niet routeren: onbekend type %hx"
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
$Id: net.c,v 1.35.4.160 2002/03/01 14:09:31 guus Exp $
|
||||
$Id: net.c,v 1.35.4.161 2002/03/01 14:25:10 guus Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
|
@ -402,7 +402,7 @@ cp
|
|||
check_dead_connections();
|
||||
last_ping_check = now;
|
||||
|
||||
if(routing_mode != RMODE_ROUTER)
|
||||
if(routing_mode== RMODE_SWITCH)
|
||||
age_mac();
|
||||
|
||||
/* Should we regenerate our key? */
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
$Id: route.c,v 1.1.2.26 2002/03/01 14:09:31 guus Exp $
|
||||
$Id: route.c,v 1.1.2.27 2002/03/01 14:25:10 guus Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
|
@ -100,6 +100,9 @@ cp
|
|||
s = (subnet_t *)node->data;
|
||||
if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now)
|
||||
{
|
||||
if(debug_lvl >= DEBUG_TRAFFIC)
|
||||
syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"),
|
||||
s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]);
|
||||
for(node2 = connection_tree->head; node2; node2 = node2->next)
|
||||
{
|
||||
c = (connection_t *)node2->data;
|
||||
|
|
|
|||
Loading…
Reference in a new issue