j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
1946 commits 2 branches 0 tags 10 MiB
Commit graph

96 commits

Author SHA1 Message Date
Guus Sliepen
5eeed38b8e Make sure tinc compiles on Windows. 2012-07-21 12:51:53 +02:00
Guus Sliepen
68a20876d0 Use minor protocol version to determine whether to use ECDH key exchange between nodes. 2012-07-20 01:02:51 +02:00
Guus Sliepen
58007d7efa Always pass request strings to other functions as const char *. 2012-05-08 16:44:15 +02:00
Guus Sliepen
86c2990327 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	src/Makefile.am
	src/conf.c
	src/conf.h
	src/connection.c
	src/net.c
	src/tincd.c
 2012-03-25 23:35:31 +01:00
Guus Sliepen
4712d8f92e Update copyright notices. 2012-03-10 13:23:08 +01:00
Guus Sliepen
8ac096b5bf Allow log messages to be captured by tincctl. 
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
 2012-02-26 18:37:36 +01:00
Guus Sliepen
3fba80174d Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	src/Makefile.am
	src/bsd/device.c
	src/connection.c
	src/connection.h
	src/cygwin/device.c
	src/device.h
	src/dropin.h
	src/linux/device.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/raw_socket_device.c
	src/route.c
	src/solaris/device.c
	src/tincd.c
	src/uml_device.c
 2012-02-22 14:23:59 +01:00
Guus Sliepen
ea415ccc16 Rename connection_t *broadcast to everyone. 2012-02-20 17:12:48 +01:00
Guus Sliepen
5672863e59 Fix a few small memory leaks. 2011-12-03 21:59:47 +01:00
Guus Sliepen
cff27a258f Use ECDSA to sign ECDH key exchange for UDP session keys. 
The ECDSA public keys will also be included in the ANS_KEY requests,
but are only used when no ECDSA public key is known yet.
 2011-07-16 20:21:44 +02:00
Guus Sliepen
2ba61742d4 Use the correct direction flag when setting cipher keys. 
The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.
 2011-07-16 15:15:29 +02:00
Guus Sliepen
303dd1e702 Fix compiler warnings. 2011-07-13 22:52:52 +02:00
Guus Sliepen
fec279a9c5 Make use of the improved hex and base64 functions. 
Also, use base64 for all EC related data, it is shorter and easy to
distinguish from the legacy protocol.
 2011-07-12 23:43:12 +02:00
Guus Sliepen
bbeab00f46 Require ExperimentalProtocol = yes for new features, update documentation. 2011-07-11 21:54:01 +02:00
Guus Sliepen
ac163120d7 Proper use of PRF. 2011-07-03 16:30:49 +02:00
Guus Sliepen
82f00ea07b Use PRF. 2011-07-03 15:59:49 +02:00
Guus Sliepen
8dfa072733 Support ECDH key exchange. 
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
 2011-07-03 13:17:28 +02:00
Guus Sliepen
365f60f3f8 Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h(). 2011-06-24 22:49:18 +02:00
Guus Sliepen
6d08eb1614 Fix sparse warnings and add an extra sprinkling of const. 
This is more or less the equivalent of Sven-Haegar Koch's fixes in the 1.1
branch.
 2011-05-28 23:36:52 +02:00
Sven-Haegar Koch
f4010694b3 sparse fixup: warning: non-ANSI function declaration of function '...' 2011-05-28 15:24:39 +02:00
Guus Sliepen
3794e551c7 Fix check for event initialization due to the merge. 2011-05-14 11:52:35 +02:00
Guus Sliepen
ce8775000a Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	lib/pidfile.c
	src/bsd/device.c
	src/dropin.h
	src/net.c
	src/net_packet.c
	src/node.c
	src/process.c
	src/tincd.c
 2011-05-09 21:35:14 +02:00
Guus Sliepen
67766d65f0 Update THANKS and copyright information. 2011-05-08 21:22:20 +02:00
Guus Sliepen
f99661a4ca Always send MTU probes at least once every PingInterval. 
Before, if MTU probes failed, tinc would stop sending probes until the next
time keys were regenerated (by default, once every hour).  Now it continues to
send them every PingInterval, so it recovers faster from temporary failures.
 2011-01-02 15:02:23 +01:00
Guus Sliepen
886a6f61a1 Merge branch 'master' into 1.1 
Conflicts:
	src/net_packet.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
 2010-11-19 12:22:48 +00:00
Brandon L Black
23acc19bc0 Configurable ReplayWindow size, zero disables 2010-11-13 21:25:46 +01:00
Guus Sliepen
9e3ca39773 Use variable length arrays instead of alloca(). 2010-11-13 15:55:38 +01:00
Guus Sliepen
a22041922f Merge branch 'master' into 1.1 
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
 2010-11-12 16:15:29 +01:00
Guus Sliepen
4b6a9f1c1f Do not append an address to ANS_KEY messages if we don't know any address. 
This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.
 2010-06-04 16:03:19 +02:00
Guus Sliepen
2911af6e23 Fix merge of commit 4a0b998151. 2010-04-17 12:33:15 +02:00
Sven-Haegar Koch
ffa1dc73dc Fixed 1.0 miss-merges 2010-03-31 05:01:39 +02:00
Sven-Haegar Koch
103543aa2c Merge branch 'master' into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	have.h
	src/conf.c
	src/conf.h
	src/net.c
	src/net_packet.c
	src/protocol_key.c
	src/protocol_subnet.c
	src/route.c
	src/tincd.c
 2010-03-26 16:51:03 +01:00
Guus Sliepen
cd0c2e86a4 Ensure peers with a meta connection always have our key. 
This keeps UDP probes going, which in turn keeps NAT mappings alive.
 2010-02-03 11:18:46 +01:00
Guus Sliepen
40d91ff619 Update copyright notices. 2010-02-02 22:49:21 +01:00
Guus Sliepen
4a0b998151 Determine peer's reflexive address and port when exchanging keys. 
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.

Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
 2010-02-02 00:51:44 +01:00
Guus Sliepen
d15099e002 Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. 
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
 2010-01-23 18:48:01 +01:00
Guus Sliepen
c845bc109c Fix packet authentication. 
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
 2009-12-18 01:15:25 +01:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1 
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
 2009-09-29 14:55:29 +02:00
Guus Sliepen
4c85542894 Drop support for localisation. 
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
 2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing. 
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
 2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces. 
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
 2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
1cbddbd573 Use correct format specifiers. 2009-09-16 20:17:11 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1 
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
 2009-09-16 19:55:47 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random(). 
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
 2009-09-14 23:06:00 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1 
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
 2009-06-05 23:14:13 +02:00
Guus Sliepen
261d1eac1c Properly set HMAC length for incoming packets. 2009-06-05 16:14:31 +02:00
Michael Tokarev
ca5b67111e Fix ans_key exchange in recent changes 
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
 2009-05-25 01:30:01 +02:00