j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Document and clean up MAC address expiry.

Browse source
This commit is contained in:
Guus Sliepen 2002-03-01 14:25:10 +00:00
parent 14979f835d
commit ab90fa9bd1
5 changed files with 60 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/tinc.conf.5
View file

@ -165,6 +165,12 @@ Currently this option only affects the Linux tun/tap device.
This option controls the period the encryption keys used to encrypt the data are valid. This option controls the period the encryption keys used to encrypt the data are valid.
It is common practice to change keys at regular intervals to make it even harder for crackers, It is common practice to change keys at regular intervals to make it even harder for crackers,
even though it is thought to be nearly impossible to crack a single key. even though it is thought to be nearly impossible to crack a single key.
.It Va MACExpire Li = Ar period Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when
.Va Mode
is set to
.Qq switch .
.It Va MaxTimeout Li = Ar period Pq 900 .It Va MaxTimeout Li = Ar period Pq 900
This is the maximum delay before trying to reconnect to other tinc daemons. This is the maximum delay before trying to reconnect to other tinc daemons.
.It Va Mode Li = router | switch | hub Pq router .It Va Mode Li = router | switch | hub Pq router
@ -183,7 +189,7 @@ at the cost of frequent broadcast ARP requests and routing table updates.
.It hub .It hub
This mode is almost the same as the switch mode, but instead This mode is almost the same as the switch mode, but instead
every packet will be broadcast to the other daemons every packet will be broadcast to the other daemons
while no routing table is created. while no routing table is managed.
.El .El
.It Va Name Li = Ar name Bq required .It Va Name Li = Ar name Bq required
This is the name which identifies this tinc daemon. This is the name which identifies this tinc daemon.

19
doc/tinc.texi
View file

@ -1,5 +1,5 @@
\input texinfo @c -*-texinfo-*- \input texinfo @c -*-texinfo-*-
@c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ @c $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $
@c %**start of header @c %**start of header
@setfilename tinc.info @setfilename tinc.info
@settitle tinc Manual @settitle tinc Manual
@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and <itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>. Wessel Dankers <wsl@@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $
Permission is granted to make and distribute verbatim copies of this Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are manual provided the copyright notice and this permission notice are
@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and <itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>. Wessel Dankers <wsl@@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $
Permission is granted to make and distribute verbatim copies of this Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are manual provided the copyright notice and this permission notice are
@ -813,13 +813,15 @@ Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this
@cindex switch @cindex switch
@item switch @item switch
In this mode the MAC addresses of the packets on the VPN will be used to In this mode the MAC addresses of the packets on the VPN will be used to
dynamically create a routing table just like a network switch does. dynamically create a routing table just like an Ethernet switch does.
Unicast, multicast and broadcast packets of every ethernet protocol are supported in this mode Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode
at the cost of frequent broadcast ARP requests and routing table updates. at the cost of frequent broadcast ARP requests and routing table updates.
@cindex hub @cindex hub
@item hub @item hub
In this mode every packet will be broadcast to the other daemons. This mode is almost the same as the switch mode, but instead
every packet will be broadcast to the other daemons
while no routing table is managed.
@end table @end table
@cindex KeyExpire @cindex KeyExpire
@ -829,6 +831,11 @@ are valid. It is common practice to change keys at regular intervals to
make it even harder for crackers, even though it is thought to be nearly make it even harder for crackers, even though it is thought to be nearly
impossible to crack a single key. impossible to crack a single key.
@cindex MACExpire
@item MACExpire = <seconds> (600)
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when Mode is set to "switch".
@cindex Name @cindex Name
@item @strong{Name = <name>} @item @strong{Name = <name>}
This is a symbolic name for this connection. It can be anything This is a symbolic name for this connection. It can be anything

63
po/nl.po
View file

@ -5,7 +5,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: tinc 1.0-cvs\n" "Project-Id-Version: tinc 1.0-cvs\n"
"POT-Creation-Date: 2002-03-01 14:19+0100\n" "POT-Creation-Date: 2002-03-01 15:22+0100\n"
"PO-Revision-Date: 2002-03-01 14:19+0100\n" "PO-Revision-Date: 2002-03-01 14:19+0100\n"
"Last-Translator: Guus Sliepen <guus@sliepen.warande.net>\n" "Last-Translator: Guus Sliepen <guus@sliepen.warande.net>\n"
"Language-Team: Dutch <vertaling@nl.linux.org>\n" "Language-Team: Dutch <vertaling@nl.linux.org>\n"
@ -172,53 +172,53 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s"
msgid "Metadata read buffer overflow for %s (%s)" msgid "Metadata read buffer overflow for %s (%s)"
msgstr "Metadata leesbuffer overloop voor %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)"
#: src/net.c:114 #: src/net.c:116
msgid "Purging unreachable nodes" msgid "Purging unreachable nodes"
msgstr "Verwijderen onbereikbare nodes" msgstr "Verwijderen onbereikbare nodes"
#: src/net.c:124 #: src/net.c:126
#, c-format #, c-format
msgid "Purging node %s (%s)" msgid "Purging node %s (%s)"
msgstr "Verwijdering node %s (%s)" msgstr "Verwijdering node %s (%s)"
#: src/net.c:178 #: src/net.c:180
#, c-format #, c-format
msgid "Closing connection with %s (%s)" msgid "Closing connection with %s (%s)"
msgstr "Beëindigen verbinding met %s (%s)" msgstr "Beëindigen verbinding met %s (%s)"
#: src/net.c:249 #: src/net.c:248
#, c-format #, c-format
msgid "%s (%s) didn't respond to PING" msgid "%s (%s) didn't respond to PING"
msgstr "%s (%s) antwoordde niet op ping" msgstr "%s (%s) antwoordde niet op ping"
#: src/net.c:262 #: src/net.c:261
#, c-format #, c-format
msgid "Timeout from %s (%s) during authentication" msgid "Timeout from %s (%s) during authentication"
msgstr "Timeout van %s (%s) tijdens authenticatie" msgstr "Timeout van %s (%s) tijdens authenticatie"
#: src/net.c:315 src/net_socket.c:246 #: src/net.c:314 src/net_socket.c:246
#, c-format #, c-format
msgid "Error while connecting to %s (%s): %s" msgid "Error while connecting to %s (%s): %s"
msgstr "Fout tijdens schrijven naar %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s"
#: src/net.c:377 #: src/net.c:378
#, c-format #, c-format
msgid "Error while waiting for input: %s" msgid "Error while waiting for input: %s"
msgstr "Fout tijdens wachten op invoer: %s" msgstr "Fout tijdens wachten op invoer: %s"
#: src/net.c:411 #: src/net.c:413
msgid "Regenerating symmetric key" msgid "Regenerating symmetric key"
msgstr "Hergenereren symmetrische sleutel" msgstr "Hergenereren symmetrische sleutel"
#: src/net.c:428 #: src/net.c:430
msgid "Flushing event queue" msgid "Flushing event queue"
msgstr "Legen taakrij" msgstr "Legen taakrij"
#: src/net.c:445 #: src/net.c:447
msgid "Rereading configuration file and restarting in 5 seconds" msgid "Rereading configuration file and restarting in 5 seconds"
msgstr "Herlezen configuratiebestand en herstart in 5 seconden" msgstr "Herlezen configuratiebestand en herstart in 5 seconden"
#: src/net.c:452 #: src/net.c:454
msgid "Unable to reread configuration file, exiting" msgid "Unable to reread configuration file, exiting"
msgstr "Kan configuratiebestand niet herlezen, beëindigen" msgstr "Kan configuratiebestand niet herlezen, beëindigen"
@ -259,7 +259,7 @@ msgid "Setting outgoing packet priority to %d"
msgstr "Instellen prioriteit uitgaand pakket op %d" msgstr "Instellen prioriteit uitgaand pakket op %d"
#. SO_PRIORITY doesn't seem to work #. SO_PRIORITY doesn't seem to work
#: src/net_packet.c:270 src/net_setup.c:476 src/net_socket.c:99 #: src/net_packet.c:270 src/net_setup.c:479 src/net_socket.c:99
#: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258 #: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258
#: src/process.c:293 #: src/process.c:293
#, c-format #, c-format
@ -369,44 +369,44 @@ msgstr "Ongeldig publiek/priv
msgid "Invalid routing mode!" msgid "Invalid routing mode!"
msgstr "Ongeldige routing modus!" msgstr "Ongeldige routing modus!"
#: src/net_setup.c:335 #: src/net_setup.c:338
msgid "Bogus maximum timeout!" msgid "Bogus maximum timeout!"
msgstr "Onzinnige maximum timeout!" msgstr "Onzinnige maximum timeout!"
#: src/net_setup.c:352 #: src/net_setup.c:355
msgid "Invalid address family!" msgid "Invalid address family!"
msgstr "Ongeldige adresfamilie!" msgstr "Ongeldige adresfamilie!"
#: src/net_setup.c:374 #: src/net_setup.c:377
msgid "Unrecognized cipher type!" msgid "Unrecognized cipher type!"
msgstr "Onbekend cipher type!" msgstr "Onbekend cipher type!"
#: src/net_setup.c:409 #: src/net_setup.c:412
msgid "Unrecognized digest type!" msgid "Unrecognized digest type!"
msgstr "Onbekend digest type!" msgstr "Onbekend digest type!"
#: src/net_setup.c:425 #: src/net_setup.c:428
msgid "MAC length exceeds size of digest!" msgid "MAC length exceeds size of digest!"
msgstr "MAC lengte is groter dan dat van digest!" msgstr "MAC lengte is groter dan dat van digest!"
#: src/net_setup.c:430 #: src/net_setup.c:433
msgid "Bogus MAC length!" msgid "Bogus MAC length!"
msgstr "Onzinnige MAC lengte!" msgstr "Onzinnige MAC lengte!"
#: src/net_setup.c:446 #: src/net_setup.c:449
msgid "Bogus compression level!" msgid "Bogus compression level!"
msgstr "Onzinnig compressieniveau!" msgstr "Onzinnig compressieniveau!"
#: src/net_setup.c:491 #: src/net_setup.c:494
#, c-format #, c-format
msgid "Listening on %s" msgid "Listening on %s"
msgstr "Luisterend op %s" msgstr "Luisterend op %s"
#: src/net_setup.c:501 #: src/net_setup.c:504
msgid "Ready" msgid "Ready"
msgstr "Gereed" msgstr "Gereed"
#: src/net_setup.c:504 #: src/net_setup.c:507
msgid "Unable to create any listening socket!" msgid "Unable to create any listening socket!"
msgstr "Kon geen enkele luistersocket aanmaken!" msgstr "Kon geen enkele luistersocket aanmaken!"
@ -1028,17 +1028,22 @@ msgstr "Signaal %d (%s) genegeerd"
msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgid "Installing signal handler for signal %d (%s) failed: %s\n"
msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n"
#: src/route.c:70 #: src/route.c:71
#, c-format #, c-format
msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"
msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd"
#: src/route.c:120 #: src/route.c:104
#, c-format
msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"
msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen"
#: src/route.c:149
#, c-format #, c-format
msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"
msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d"
#: src/route.c:140 #: src/route.c:169
#, c-format #, c-format
msgid "" msgid ""
"Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%"
@ -1047,16 +1052,16 @@ msgstr ""
"Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%"
"hx:%hx" "hx:%hx"
#: src/route.c:184 #: src/route.c:213
msgid "Cannot route packet: received unknown type ARP request" msgid "Cannot route packet: received unknown type ARP request"
msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek"
#: src/route.c:197 #: src/route.c:226
#, c-format #, c-format
msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d"
msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d"
#: src/route.c:249 #: src/route.c:278
#, c-format #, c-format
msgid "Cannot route packet: unknown type %hx" msgid "Cannot route packet: unknown type %hx"
msgstr "Kan pakket niet routeren: onbekend type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx"

4
src/net.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.c,v 1.35.4.160 2002/03/01 14:09:31 guus Exp $ $Id: net.c,v 1.35.4.161 2002/03/01 14:25:10 guus Exp $
*/ */
#include "config.h" #include "config.h"
@ -402,7 +402,7 @@ cp
check_dead_connections(); check_dead_connections();
last_ping_check = now; last_ping_check = now;
if(routing_mode != RMODE_ROUTER) if(routing_mode== RMODE_SWITCH)
age_mac(); age_mac();
/* Should we regenerate our key? */ /* Should we regenerate our key? */

5
src/route.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: route.c,v 1.1.2.26 2002/03/01 14:09:31 guus Exp $ $Id: route.c,v 1.1.2.27 2002/03/01 14:25:10 guus Exp $
*/ */
#include "config.h" #include "config.h"
@ -100,6 +100,9 @@ cp
s = (subnet_t *)node->data; s = (subnet_t *)node->data;
if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now)
{ {
if(debug_lvl >= DEBUG_TRAFFIC)
syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"),
s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]);
for(node2 = connection_tree->head; node2; node2 = node2->next) for(node2 = connection_tree->head; node2; node2 = node2->next)
{ {
c = (connection_t *)node2->data; c = (connection_t *)node2->data;