j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
2678 commits 2 branches 0 tags 10 MiB
Commit graph

144 commits

Author SHA1 Message Date
Guus Sliepen
58007d7efa Always pass request strings to other functions as const char *. 2012-05-08 16:44:15 +02:00
Guus Sliepen
86c2990327 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	src/Makefile.am
	src/conf.c
	src/conf.h
	src/connection.c
	src/net.c
	src/tincd.c
 2012-03-25 23:35:31 +01:00
Guus Sliepen
4712d8f92e Update copyright notices. 2012-03-10 13:23:08 +01:00
Guus Sliepen
8ac096b5bf Allow log messages to be captured by tincctl. 
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
 2012-02-26 18:37:36 +01:00
Guus Sliepen
3fba80174d Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	src/Makefile.am
	src/bsd/device.c
	src/connection.c
	src/connection.h
	src/cygwin/device.c
	src/device.h
	src/dropin.h
	src/linux/device.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/raw_socket_device.c
	src/route.c
	src/solaris/device.c
	src/tincd.c
	src/uml_device.c
 2012-02-22 14:23:59 +01:00
Guus Sliepen
ea415ccc16 Rename connection_t *broadcast to everyone. 2012-02-20 17:12:48 +01:00
Guus Sliepen
5672863e59 Fix a few small memory leaks. 2011-12-03 21:59:47 +01:00
Guus Sliepen
cff27a258f Use ECDSA to sign ECDH key exchange for UDP session keys. 
The ECDSA public keys will also be included in the ANS_KEY requests,
but are only used when no ECDSA public key is known yet.
 2011-07-16 20:21:44 +02:00
Guus Sliepen
2ba61742d4 Use the correct direction flag when setting cipher keys. 
The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.
 2011-07-16 15:15:29 +02:00
Guus Sliepen
303dd1e702 Fix compiler warnings. 2011-07-13 22:52:52 +02:00
Guus Sliepen
fec279a9c5 Make use of the improved hex and base64 functions. 
Also, use base64 for all EC related data, it is shorter and easy to
distinguish from the legacy protocol.
 2011-07-12 23:43:12 +02:00
Guus Sliepen
bbeab00f46 Require ExperimentalProtocol = yes for new features, update documentation. 2011-07-11 21:54:01 +02:00
Guus Sliepen
ac163120d7 Proper use of PRF. 2011-07-03 16:30:49 +02:00
Guus Sliepen
82f00ea07b Use PRF. 2011-07-03 15:59:49 +02:00
Guus Sliepen
8dfa072733 Support ECDH key exchange. 
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
 2011-07-03 13:17:28 +02:00
Guus Sliepen
365f60f3f8 Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h(). 2011-06-24 22:49:18 +02:00
Guus Sliepen
6d08eb1614 Fix sparse warnings and add an extra sprinkling of const. 
This is more or less the equivalent of Sven-Haegar Koch's fixes in the 1.1
branch.
 2011-05-28 23:36:52 +02:00
Sven-Haegar Koch
f4010694b3 sparse fixup: warning: non-ANSI function declaration of function '...' 2011-05-28 15:24:39 +02:00
Guus Sliepen
3794e551c7 Fix check for event initialization due to the merge. 2011-05-14 11:52:35 +02:00
Guus Sliepen
ce8775000a Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	lib/pidfile.c
	src/bsd/device.c
	src/dropin.h
	src/net.c
	src/net_packet.c
	src/node.c
	src/process.c
	src/tincd.c
 2011-05-09 21:35:14 +02:00
Guus Sliepen
67766d65f0 Update THANKS and copyright information. 2011-05-08 21:22:20 +02:00
Guus Sliepen
f99661a4ca Always send MTU probes at least once every PingInterval. 
Before, if MTU probes failed, tinc would stop sending probes until the next
time keys were regenerated (by default, once every hour).  Now it continues to
send them every PingInterval, so it recovers faster from temporary failures.
 2011-01-02 15:02:23 +01:00
Guus Sliepen
886a6f61a1 Merge branch 'master' into 1.1 
Conflicts:
	src/net_packet.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
 2010-11-19 12:22:48 +00:00
Brandon L Black
23acc19bc0 Configurable ReplayWindow size, zero disables 2010-11-13 21:25:46 +01:00
Guus Sliepen
9e3ca39773 Use variable length arrays instead of alloca(). 2010-11-13 15:55:38 +01:00
Guus Sliepen
a22041922f Merge branch 'master' into 1.1 
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
 2010-11-12 16:15:29 +01:00
Guus Sliepen
4b6a9f1c1f Do not append an address to ANS_KEY messages if we don't know any address. 
This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.
 2010-06-04 16:03:19 +02:00
Guus Sliepen
2911af6e23 Fix merge of commit 4a0b998151. 2010-04-17 12:33:15 +02:00
Sven-Haegar Koch
ffa1dc73dc Fixed 1.0 miss-merges 2010-03-31 05:01:39 +02:00
Sven-Haegar Koch
103543aa2c Merge branch 'master' into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	have.h
	src/conf.c
	src/conf.h
	src/net.c
	src/net_packet.c
	src/protocol_key.c
	src/protocol_subnet.c
	src/route.c
	src/tincd.c
 2010-03-26 16:51:03 +01:00
Guus Sliepen
cd0c2e86a4 Ensure peers with a meta connection always have our key. 
This keeps UDP probes going, which in turn keeps NAT mappings alive.
 2010-02-03 11:18:46 +01:00
Guus Sliepen
40d91ff619 Update copyright notices. 2010-02-02 22:49:21 +01:00
Guus Sliepen
4a0b998151 Determine peer's reflexive address and port when exchanging keys. 
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.

Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
 2010-02-02 00:51:44 +01:00
Guus Sliepen
d15099e002 Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. 
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
 2010-01-23 18:48:01 +01:00
Guus Sliepen
c845bc109c Fix packet authentication. 
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
 2009-12-18 01:15:25 +01:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1 
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
 2009-09-29 14:55:29 +02:00
Guus Sliepen
4c85542894 Drop support for localisation. 
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
 2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing. 
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
 2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces. 
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
 2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
1cbddbd573 Use correct format specifiers. 2009-09-16 20:17:11 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1 
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
 2009-09-16 19:55:47 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random(). 
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
 2009-09-14 23:06:00 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1 
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
 2009-06-05 23:14:13 +02:00
Guus Sliepen
261d1eac1c Properly set HMAC length for incoming packets. 2009-06-05 16:14:31 +02:00
Michael Tokarev
ca5b67111e Fix ans_key exchange in recent changes 
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
 2009-05-25 01:30:01 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e. 
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
 2009-05-24 19:31:31 +02:00
Guus Sliepen
3308d13e7e Handle UDP packets from different and ports than advertised. 
Previously, tinc used a fixed address and port for each node for UDP packet
exchange.  The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different.  Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
 2009-04-03 01:05:23 +02:00
Guus Sliepen
08aabbf931 Merge branch 'master' into 1.1 
Conflicts:
	NEWS
	README
	doc/tinc.conf.5.in
	doc/tinc.texi
	po/nl.po
	src/conf.c
	src/connection.c
	src/event.c
	src/graph.c
	src/net.c
	src/net_packet.c
	src/net_socket.c
	src/node.c
	src/node.h
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
	src/protocol_misc.c
	src/subnet.c
	src/subnet.h
	src/tincd.c
 2009-03-09 19:02:24 +01:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
67df7fb7e1 Only send packets via UDP if UDP communication is possible. 
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP.  The per-node
packet queue is now no longer necessary and has been removed.
 2009-01-03 22:33:55 +01:00
Guus Sliepen
e9576632dc Update copyright information. 2008-12-22 20:27:52 +00:00
Guus Sliepen
636200d1a2 Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible. 2008-12-11 15:56:18 +00:00
Guus Sliepen
76165488f8 Backport fixes from trunk since revision 1555. 2008-12-11 15:21:40 +00:00
Guus Sliepen
046158a216 Use the crypto wrappers again instead of calling OpenSSL directly. 
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
 2008-12-11 14:44:44 +00:00
Guus Sliepen
4a1740ede7 Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes. 2008-10-25 19:54:00 +00:00
Scott Lamb
40731d030f Temporarily revert to old crypto code 
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)

This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
 2007-11-07 02:47:05 +00:00
Guus Sliepen
1b8f891836 Finish crypto wrapping. Also provide wrappers for OpenSSL. 
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
 2007-05-23 13:45:49 +00:00
Guus Sliepen
fbf305c09d Use libevent for meta socket input/output buffering. 2007-05-19 22:23:02 +00:00
Guus Sliepen
fb0cfccf7d Use splay trees instead of AVL trees. 2007-05-18 10:05:26 +00:00
Guus Sliepen
f02d3ed3e1 K&R style braces 2007-05-18 10:00:00 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
af95368c0f Fix signedness compiler warnings. 2006-03-19 13:06:21 +00:00
Guus Sliepen
e810545dc2 Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys. 
Thanks to Tonnerre Lombard for noticing!
 2005-06-03 10:16:03 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
7926a156e5 Update copyrights, links, email addresses and let Subversion update $Id$ keywords. 2004-03-21 14:21:22 +00:00
Guus Sliepen
6d41b429a2 Better name, show probed MTU in dump. 2003-12-20 21:25:17 +00:00
Guus Sliepen
6b12bea62f Let tinc figure out the exact MTU of the link. 2003-12-20 19:47:53 +00:00
Guus Sliepen
e3220cacb5 Replace Opaque and Strict options with a TunnelServer option. 2003-11-17 15:30:18 +00:00
Guus Sliepen
a1ab57e275 Check all EVP_ function calls. 2003-10-11 12:16:13 +00:00
Guus Sliepen
83263b7446 Sprinkle around a lot of const and some C99 initialisers. 2003-07-24 12:08:16 +00:00
Guus Sliepen
5cb1471351 Don't initialise a CIPHER_CTX if cipher == NULL. 2003-07-23 22:17:31 +00:00
Guus Sliepen
eefa28059a Use bools and enums where appropriate. 2003-07-22 20:55:21 +00:00
Guus Sliepen
e449d94cae Big header file cleanup: everything that has to do with standard system 
libraries is moved to system.h.
 2003-07-17 15:06:27 +00:00
Guus Sliepen
5db596c684 Simplify logging, update copyrights and some minor cleanups. 2003-07-12 17:41:48 +00:00
Guus Sliepen
0b9175e998 Define logger(), cleans up source code and allows us to write log entries 
to a separate file.
 2003-07-06 22:11:37 +00:00
Guus Sliepen
c70f52087b - Per-node EVP_CIPHER_CTX to avoid initialisation overhead. 
- LZO compression, thanks to Teemu Kiviniemi.
- Updated dutch translation.
 2003-05-06 21:13:18 +00:00
Guus Sliepen
bc9e78250e Better handling of late packets. 2003-04-18 21:18:36 +00:00
Guus Sliepen
6f9f6779e6 Remove redundant spaces. 2002-09-09 22:33:31 +00:00
Guus Sliepen
f75dcef72a Switch to K&R style indentation. 2002-09-09 21:25:28 +00:00
Guus Sliepen
5fc1ed17f4 Cleanups: 
- Convert cp to cp(); so that automatic indenters work.
 - Convert constructions like if(x == NULL) to if(!x).
 - Move all assignments out of conditions.
 2002-09-09 19:40:12 +00:00
Guus Sliepen
66741978e1 Reset the *correct* seqnos. 2002-09-06 14:31:12 +00:00
Guus Sliepen
8b2b67e26c Generalized request broadcasting/forwarding. 2002-09-04 16:26:45 +00:00
Guus Sliepen
4a7c2026ae Reduce KEY_CHANGED traffic. 2002-09-04 08:02:33 +00:00
Guus Sliepen
d134c4542d Drop graph and edge stuff. Use new node stuff instead. 2002-09-03 20:43:26 +00:00
Guus Sliepen
627f7c22b4 s/sliepen.warande.net/sliepen.eu.org/g 
s/itimmermans@bigfoot.com/ivo@o2w.nl/g
 2002-06-21 10:11:37 +00:00
Guus Sliepen
3c5655f59e Fix compiler warnings, strictly use long int and %lx for options. 2002-03-22 13:31:18 +00:00
Guus Sliepen
9da5390666 Put a break on requests that run around in circles. 2002-03-21 23:11:53 +00:00
Guus Sliepen
17bc5220c3 Fix send_request() bug. 2002-02-27 22:37:55 +00:00
Guus Sliepen
c6d0158831 Protocol now also exchanges cipher/digest/maclength/compression for the 
meta connection.
 2002-02-20 19:25:09 +00:00
Guus Sliepen
d9a62c6354 Added support for packet compression, thanks to Mark Glines. 
Add "Compression = <level>" to the host config files, where level can be
0 (off), or any integer between 1 (fast) and 9 (best).
 2002-02-11 15:59:18 +00:00
Guus Sliepen
5bf4b88666 Forgot to merge new files from pre5. 2002-02-11 10:05:58 +00:00