Commit graph

2128 commits

Author SHA1 Message Date
Guus Sliepen
0acdce222f Add generic crypto headers.
They should have been included in commit 9b9230a.
2013-05-01 17:58:30 +02:00
Guus Sliepen
5b07039b07 Rename xmalloc_and_zero() to xzalloc().
The former name is more or less only used by tinc, the latter is used by other
projects as well, and shorter as well.
2013-05-01 17:31:33 +02:00
Guus Sliepen
9b9230a0a7 Use conditional compilation for cryptographic functions.
This gets rid of the rest of the symbolic links. However, as a consequence, the
crypto header files have now moved to src/, and can no longer contain
library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t
and rsa_t are now all opaque types, and only pointers to those types can be
used.
2013-05-01 17:17:22 +02:00
Guus Sliepen
e70b5b5bd7 Use conditional compilation for device.c.
This requires the automake option "subdir-objects" to be enabled, and it
becomes more critical to specify the exact path to local header files.
2013-05-01 12:20:06 +02:00
Guus Sliepen
9f8020a09c Modernize the configure script a bit. 2013-05-01 11:46:40 +02:00
Guus Sliepen
43c72093ad Don't try to create tinc.conf when using set or add commands.
It is almost certainly an error. If one really wants to create a new tinc.conf
file, one should use the init command.
2013-04-28 19:33:04 +02:00
Guus Sliepen
8e732fcbbb Releasing 1.1pre7. 2013-04-22 15:54:05 +02:00
Guus Sliepen
258bf7ea0f Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Normally all requests sent via the meta connections are checked so that they
cannot be larger than the input buffer. However, when packets are forwarded via
meta connections, they are copied into a packet buffer without checking whether
it fits into it. Since the packet buffer is allocated on the stack, this in
effect allows an authenticated remote node to cause a stack overflow.

This issue was found by Martin Schobert.
2013-04-22 15:53:45 +02:00
Guus Sliepen
9e2ae03d1d Fix completion of add/del/get/set commands. 2013-03-12 11:28:40 +01:00
Guus Sliepen
f8f250ca12 Describe the SPTPS protocol in the manual.
Also mention that Cipher, Digest and MACLength have no influence on the SPTPS protocol,
since that uses a fixed ciphersuite.
2013-03-12 10:49:45 +01:00
Guus Sliepen
40666a5f5b Remove references to the config keyword. 2013-03-08 16:26:21 +01:00
Guus Sliepen
23a634becf Rename tincctl to tinc. 2013-03-08 16:22:56 +01:00
Guus Sliepen
3793cf10da Include README.android in the tarballs. 2013-03-08 14:12:48 +01:00
Guus Sliepen
4c30004cb6 Avoid calling time(NULL).
In most cases we can use the cached time.
2013-03-08 14:11:15 +01:00
Guus Sliepen
af77e5d475 Allow changing configuration with tincctl without the "config" keyword.
This saves typing some characters, and forces one to be more explicit about the
desired command (get, set).
2013-03-08 11:40:40 +01:00
Guus Sliepen
1d226977a4 Better default output file for generated public keys. 2013-03-08 11:24:37 +01:00
Guus Sliepen
f9ab8e266b Flush output buffers in the tap reader thread on Windows.
This is basically a port of commit 50fcfea1 to 1.1.
2013-03-01 17:37:56 +01:00
Guus Sliepen
4d05e695ab Use UDP when using sptps_test in datagram mode. 2013-02-22 15:37:48 +01:00
Guus Sliepen
a93c0139c5 Releasing 1.1pre6. 2013-02-20 15:35:19 +01:00
Guus Sliepen
d298ebe91c Fix compiler warnings on some BSD variants. 2013-02-20 15:35:08 +01:00
Guus Sliepen
3847b78ba5 Fix compiler warnings on Windows. 2013-02-20 15:34:55 +01:00
Guus Sliepen
1bb969c930 Fix a tiny memory leak.
Found by cppcheck.
2013-02-20 13:59:50 +01:00
Guus Sliepen
d21f63d5b3 Don't expect a response from tincd after sending REQ_STOP. 2013-02-08 16:44:50 +01:00
Guus Sliepen
26eca51650 Let the GUI use UNIX sockets if available. 2013-02-07 15:27:16 +01:00
Guus Sliepen
a8b52becbb Derive UNIX socket filename from PID filename. 2013-02-07 15:26:56 +01:00
Guus Sliepen
079dcd0179 Don't send proxy requests for incoming connections. 2013-02-07 14:22:28 +01:00
Guus Sliepen
ee63f2a32b Fix segmentation fault when trying to connect via a SOCKS5 proxy. 2013-02-06 15:24:02 +01:00
Guus Sliepen
053af97c9e Check for writability when waiting for a socket to finish connecting.
We were checking only for readability, which is not a problem for normal
connections, since the server side of a connection will always send an ID
request. But when using a proxy, the proxy server doesn't send anything before
the client, so tinc would not see that its connection to the proxy had already
been established.
2013-02-06 15:12:53 +01:00
Guus Sliepen
1135669b3c Fix tincd terminating immediately on Windows. 2013-02-06 11:30:35 +01:00
Guus Sliepen
9c878bf56f Remove direct inclusion of OpenSSL headers in net_packet.c and tincd.c. 2013-01-31 16:12:56 +01:00
Guus Sliepen
42b222ecb6 Detect increases in PMTU.
Tinc never restarts PMTU discovery unless a node becomes unreachable. However,
it can be that the PMTU was very low during the initial discovery, but has
increased later. To detect this, tinc now tries to send an extra packet every
PingInterval, with a size slightly higher than the currently known PMTU. If
this packet is succesfully received back, we partially restart PMTU discovery
to find out the new maximum.

Conflicts:
	src/net_packet.c
2013-01-31 16:10:58 +01:00
Guus Sliepen
87416bcd8b Get microsecond time resolution on Windows. 2013-01-21 16:12:18 +01:00
Guus Sliepen
8aadbd4b37 Fix a typo. 2013-01-21 13:59:52 +01:00
Guus Sliepen
3a039ece25 Fix datagram SPTPS.
Commit dd07c9fc1f broke the reception of datagram
SPTPS packets, by undoing the conversion of the sequence number to host byte
order before comparison. This caused error messages like "Packet is 16777215
seqs in the future, dropped (1)".
2013-01-21 13:47:46 +01:00
Guus Sliepen
cc3c69c892 Releasing 1.1pre5. 2013-01-20 21:03:22 +01:00
Guus Sliepen
76dbcf8989 Fix tincctl init when /etc/tinc does not yet exist. 2013-01-20 21:02:58 +01:00
Guus Sliepen
aa46596991 Remove possible definition of timersub(), which is also in dropin.h. 2013-01-20 20:19:08 +01:00
Guus Sliepen
1be7dc759a Make sure PriorityInheritance also works in switch mode.
Conflicts:
	src/route.c
2013-01-20 15:20:52 +01:00
Guus Sliepen
94587264bd Allow connections via UNIX sockets.
This is mainly useful for control connections. The client must still present
the control cookie from the PID file.
2013-01-17 18:12:55 +01:00
Guus Sliepen
2c14123062 Fix compilation of UML and VDE device support. 2013-01-17 16:39:41 +01:00
Guus Sliepen
f5bb64b36a Move make_names() and related variables to its own source file. 2013-01-17 16:39:02 +01:00
Guus Sliepen
a9eba276a4 Handle SIGINT gracefully. 2013-01-17 14:14:17 +01:00
Guus Sliepen
1ddd6111a4 Fix the minimum spanning tree algorithm.
Tinc uses Kruskal's algorithm to calculate a MST. However, this was broken in
commit 6e80da3370. Revert back to the working
algorithm from tinc 1.0.

Thanks to Cheng LI for spotting the problem.
2013-01-17 11:21:18 +01:00
Guus Sliepen
61275547cd Estimate RTT, bandwidth and packet loss between nodes.
Without adding any extra traffic, we can measure round trip times, estimate the
bandwidth and packet loss between nodes. The RTT and bandwidth can be measured
by timing the MTU probe packets. The RTT is the difference between the time a
burst of MTU probes was sent and when the first reply is received. The
bandwidth can be estimated by multiplying the size of the probe packets by the
time between succesive received probe replies of the same burst. The packet
loss can be estimated for incoming traffic by comparing how many packets have
actually been received to the increase in the sequence numbers.

The estimates are not perfect. Especially bandwidth is difficult to measure,
the only accurate way is to continuously send as much data as possible, but
that is obviously not desirable. The packet loss rate is also almost always
a few percent when sending a lot of data over the VPN via TCP, since TCP
*needs* packet loss to work properly.
2013-01-16 16:31:56 +01:00
Guus Sliepen
eef25266cb Count the number of correctly received UDP packets.
Keep track of the number of correct, non-replayed UDP packets that have been
received, regardless of their content. This can be compared to the sequence
number to determine the real packet loss.
2013-01-15 13:33:16 +01:00
Guus Sliepen
b50a92d0c3 Add the tincctl exchange and exchange-all commands.
These are identical to an export/export-all followed by an import, and make
it simpler to exchange host config files with other nodes.
2013-01-15 13:31:51 +01:00
Guus Sliepen
dd07c9fc1f Check HMAC before sequence number. 2013-01-14 13:08:35 +01:00
Guus Sliepen
83a94ab08f Always complain if too many arguments are given for tincctl commands. 2013-01-14 13:02:39 +01:00
Guus Sliepen
50e1790101 Better error messages when using -L, -R or -U on platforms that do not support it. 2013-01-14 13:01:47 +01:00
Guus Sliepen
cad86108f3 Don't complain about garbage if we skipped importing a host file. 2013-01-14 12:59:17 +01:00