Commit graph

2209 commits

Author SHA1 Message Date
thorkill
6c6675e72a Do not cancel outgoing reconnects to nodes defined with ConnectTo 2015-07-10 02:01:06 +02:00
thorkill
76d278a5c0 Set keep_it flag on outgoing connections which are set by ConnectTo 2015-07-10 01:44:49 +02:00
thorkill
606948116d Do not disconnect random hosts which are explicit set with ConnectTo 2015-07-10 01:43:24 +02:00
thorkill
bdab2e15f6 Make changes to edge more verbose 2015-07-10 01:09:51 +02:00
thorkill
ab3c7dded0 Yet another attempt to make edge update work as expected 2015-07-10 00:48:41 +02:00
thorkill
c18771a96d Make informative logs about edge changes 2015-07-09 23:49:52 +02:00
thorkill
f93352b095 Prevent packet loops when ICMP6 router solicitation packets are sent to tinc device
When tincd setups it's network device some operating systems send router
solicitation packets from local scope ip addresses. tincd forwards it
then to his neighbors then those nodes follow the same routine fowarding it
to the next hops. I may happen that an loop will occur consuming large amount
of bandwith. Constrains: Mode = Router, Broadcast = mst.

Reproduction: ping6 -c 1  ff02::2%<tincd interface>
Sending one packet will, depending on your setup, generate about 3k packets.

Proposed solution in this commit: enable StrictSubnets, tincd will reject such
packets due to unknown subnet.

Future work: check scope of the ip address and make decisions about forwarding
based on Mode tincd is configured to work.
2015-07-09 22:19:26 +02:00
thorkill
49cc329cf9 Reverted changes on EDGE_ADD update if weight differs 2015-07-09 17:33:17 +02:00
thorkill
0c30f9f0f1 Revert "Forward edge information"
This reverts commit 24af5b94a7.
2015-07-09 17:16:07 +02:00
thorkill
24af5b94a7 Forward edge information 2015-07-09 17:09:35 +02:00
thorkill
5cb5ab3412 Fix memory leak in setup_outgoing_connection
Do not allocate new configuration for outgoing connection if it's already initialized.
2015-07-09 01:04:57 +02:00
thorkill
1f2e14df8c merged with thkr-1.1-fix-0004 2015-07-08 00:44:08 +02:00
thorkill
5f6613e36f Attempt to fix the heap-use-after-free error in mst_kruskal
For some reason the edges ware removed in one direction resulting in e->reverse
point into invalid memory.

Do not insert edge into edge_weight_tree if not needed.
2015-07-08 00:36:22 +02:00
thorkill
06d4eac9ac Prevent tinc from forgeting e->local_address
If ADD_EDGE came from tinc version 1.0.x local_address.sa.sa_family is set to 0.
If it came from tinc version 1.1.x forwarded for older verion it will be 255 - AF_UNKNOWN.
2015-07-07 23:51:56 +02:00
thorkill
5ae403f9e6 Make sure we do not allocate new edge when talking to old nodes and the same edge already exists
When tinc gets ADD_EDGE from older versions it will allocate
new edge in protocol_edge.c:189 due to missed case in lines 149-171 where
local_address is not defined.
2015-07-07 23:51:43 +02:00
thorkill
de8b7a8dfb Prevent tinc from forgeting e->local_address
If ADD_EDGE came from tinc version 1.0.x local_address.sa.sa_family is set to 0.
If it came from tinc version 1.1.x forwarded for older verion it will be 255 - AF_UNKNOWN.
2015-07-07 23:14:08 +02:00
thorkill
e0d14e978f Make sure we do not allocate new edge when talking to old nodes and the same edge already exists
When tinc gets ADD_EDGE from older versions it will allocate
new edge in protocol_edge.c:189 due to missed case in lines 149-171 where
local_address is not defined.
2015-07-07 21:19:26 +02:00
thorkill
80ccfb2894 Update weight if needed at the beginning 2015-07-07 20:50:53 +02:00
thorkill
78d0342a12 Update weight on reverse edge too 2015-07-07 20:49:16 +02:00
thorkill
0c334bb077 Do not insert edge into edge_weight_tree if not needed 2015-07-07 20:37:17 +02:00
thorkill
bb3fd0a985 Make usage of weight 2015-07-07 20:35:52 +02:00
thorkill
d49fd87dbc Attempt to fix the heap-use-after-free error in mst_kruskal
For some reason the edges ware removed in one direction resulting in e->reverse
point into invalid memory.
2015-07-07 00:05:58 +02:00
thorkill
77eac310c5 Revert "Set edge->reverse to NULL before we free it"
This reverts commit eda9f0ea8e.
2015-07-06 01:54:01 +02:00
thorkill
8dcd2a9995 Do not delete edges which differ only by weight
Added special case where we get weight update from other node.
Previous version called edge_del() which caused segmentation
faults in mst_kruskal.
2015-07-06 01:52:40 +02:00
thorkill
38c42fb973 Move the edge weight update handling to edge.c 2015-07-06 01:50:31 +02:00
thorkill
7c85db5421 Introducing new function for edge weight update 2015-07-06 01:49:45 +02:00
thorkill
b7820caf03 removed edge_clone() 2015-07-06 01:49:03 +02:00
thorkill
eda9f0ea8e Set edge->reverse to NULL before we free it 2015-07-06 01:04:11 +02:00
thorkill
e51dd1b196 Changed the name of edge from node to oldnode 2015-07-06 00:42:59 +02:00
thorkill
7dc8c736bc list_each shadowed node
move it into the loop
2015-07-05 22:32:32 +02:00
thorkill
841ca358e0 Forgot to set node->data 2015-07-05 21:58:27 +02:00
thorkill
25ad32d206 Use usage of splay_node_t 2015-07-05 21:41:49 +02:00
thorkill
bebe8e6808 Fixed edge->reverse corruption resulting in a segfault in graph()
Thanks to Guus for helping us with this one.
2015-07-05 20:54:32 +02:00
thorkill
82706970cf Removed unused declaration in bind_to_intercface() 2015-07-05 00:32:11 +02:00
thorkill
614a03c886 Do not try to zero memory on unitialized hash 2015-07-05 00:31:39 +02:00
thorkill
aea7938f19 Added sanity check in test in sssp_bfs() 2015-07-05 00:31:01 +02:00
thorkill
837469c747 Add small jitter to keyexpire_handle and edgeupdate_handler 2015-07-05 00:16:02 +02:00
thorkill
d172f2db29 Merge with guus patch for exit_edges() 2015-07-05 00:15:04 +02:00
thorkill
aa9994e49e Cleanup after merge 2015-07-04 18:52:16 +02:00
thorkill
dc5491a59e Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof 2015-07-04 18:45:43 +02:00
Guus Sliepen
de7d9ee437 Call sockaddrfree(&e->local_address) in free_edge() instead of exit_edges().
The proper place to clean up resources of objects is in their
destructor. This makes sure proper cleanup when edge_del() is called as
well. At exit, free_edge() is called on all edges by free_edge_tree(),
which is called by exit_nodes().
2015-07-04 17:53:11 +02:00
Guus Sliepen
36cec9af88 Coalesce two if statements that check for the same thing. 2015-07-04 17:51:05 +02:00
Jo-Philipp Wich
14ccf50954 fix musl compatibility
Let configure include sys/if_tun.h when testing for netinet/if_ether.h
to detect the Kernel/libc header conflict on musl.

After this patch, configure will correctly detect netinet/if_ether.h as
unusable and the subsequent compilation will not attempt to use it.

Conflicts:
	src/have.h
2015-07-04 17:34:37 +02:00
Guus Sliepen
37588b8d5c Don't #include OpenSSL headers when compiling without OpenSSL. 2015-07-04 17:34:31 +02:00
thorkill
abb24e9d71 Cleanup local_address in protocol_edge.c
In line 131 local_address has been defined,
but the memory was never freed on return.
2015-07-04 03:24:13 +02:00
thorkill
92df36a610 Cleanup edges stored in edge_weight_tree on exit
protocol_edge.c: 131 defines local_address using str2sockaddr

str2sockaddr() allocates memory which has to be freed on exit.
2015-07-04 03:24:05 +02:00
thorkill
1140ca6d30 Fixed 2 leaks in setup_myself() 2015-07-04 03:23:58 +02:00
thorkill
e3ae318059 Cleanup local_address in protocol_edge.c
In line 131 local_address has been defined,
but the memory was never freed on return.
2015-07-04 03:21:01 +02:00
thorkill
d08c7cf4cf Cleanup edges stored in edge_weight_tree on exit
protocol_edge.c: 131 defines local_address using str2sockaddr

str2sockaddr() allocates memory which has to be freed on exit.
2015-07-04 02:39:12 +02:00
thorkill
6efd3ff302 Fixed 2 leaks in setup_myself() 2015-07-04 00:29:36 +02:00
thorkill
94703cdfa9 getopt.c fixes for unitialized parameters on FreeBSD 2015-07-02 21:48:15 +02:00
thorkill
ad58c0f65d Revert "Marked missing parameters in getopt.c on FreeBSD"
This reverts commit 5bba2cc066.
2015-07-02 21:45:43 +02:00
thorkill
5bba2cc066 Marked missing parameters in getopt.c on FreeBSD 2015-07-02 21:42:44 +02:00
thorkill
3f4855587c Marked unused parameter in net_socket.c
Found by clang on FreeBSD
2015-07-02 21:39:07 +02:00
thorkill
d2e038ab24 Makred unused parameter in net_packet.c
Found by clang -Wunused-parameter on FreeBSD
2015-07-02 21:37:33 +02:00
Florian Klink
0267aef826 setup_outgoing_connection: log to LOG_DEBUG on if no known address
With AutoConnect = yes, tinc tries to establish connections to known hosts.
However, you could have set no Address for this host, which is perfectly fine
(as long as there is at least one bootstrap node with an address or a local
discovered node already part of the network)

So log this to LOG_DEBUG
2015-07-02 21:22:53 +02:00
Florian Klink
91355b9ac5 (read|append)_config_file: log open errors as LOG_DEBUG
In a "decentrally managed vpn" it is very likely that host config
files for some reachable nodes do not exist. Currently, tinc
fills the logs with "Cannot open config file" messages.

This commit changes the log level to LOG_DEBUG so
syslog doesn't get filled by default.
2015-07-02 21:22:47 +02:00
thorkill
743671278f Attempt to track an segfault in mst_kruskal()
(gdb) bt
#0  mst_kruskal () at graph.c:107
#1  graph () at graph.c:302
#2  0x00007ffff7b509fe in del_edge_h (c=<optimized out>, request=<optimized out>) at protocol_edge.c:292
#3  0x00007ffff7b4de2e in receive_request (c=0x5555557e3ef0, request=0x555555800e13 "13 3fc17404 node1 node2") at protocol.c:136
#4  0x00007ffff7b43513 in receive_meta (c=0x5555557e3ef0) at meta.c:290
#5  0x00007ffff7b442d9 in handle_meta_connection_data (c=0x5555557e3ef0) at net.c:291
#6  0x00007ffff7b41391 in event_loop () at event.c:287
#7  0x00007ffff7b449b2 in main_loop () at net.c:469
#8  0x0000555555556716 in main (argc=<optimized out>, argv=<optimized out>) at tincd.c:480
2015-07-02 20:38:02 +02:00
thorkill
f1a9a40c90 Marked all unsued parameters found by -Werror=unused-parameter with UNUSED() 2015-07-02 18:37:08 +02:00
thorkill
1391b2d7dc Added -Werror=unused-parameter
In system.h UNUSED() macro has been defined which can be used to mark unsed parameters.
2015-07-02 18:35:57 +02:00
thorkill
50da19addf Removed unused variables.
Found using clang -Wunused-variable
2015-07-02 18:03:03 +02:00
thorkill
656af8fa07 Remove conflicting function definitions
- send_request
- send_meta
2015-07-02 17:51:46 +02:00
thorkill
9b3ff33dba Added missing function prototypes
Found by clang -Wmissing-prototypes
2015-07-02 17:43:51 +02:00
thorkill
78397eda9b Added extra check for edge->from and edge->to in edge_add
edge_add() and edge_del() assume, that from and to are always set.
This was triggered while working on cmocka test.
2015-07-02 00:02:05 +02:00
thorkill
536256b2da Added support for cmocka *alloc 2015-07-01 19:04:22 +02:00
thorkill
dca3558d05 Leave a notice in the log when aborting 2015-07-01 19:01:42 +02:00
thorkill
24cea32efb Fix memory leak in splay_delete_tree
Use splay_delete_node to properly decrease counters and release memory.
2015-07-01 16:57:05 +02:00
thorkill
faef01317b Do not free splay_tree when tree->count != 0 2015-07-01 16:56:07 +02:00
thorkill
278cd4d856 Added missing libchacha_poly1305 while linking sptps_* tools
- should work on gentoo and Arch Linux - AUR
2015-07-01 13:54:57 +02:00
thorkill
905572863c Added support for darwin
Darwin does not have -lrt
2015-07-01 11:18:29 +02:00
thorkill
fbb62fa80e Make proper checks in configure
now compiles with gcc 5.1.0
2015-06-30 23:20:31 +02:00
thorkill
c3f8a93d52 Define variables in getopt.h 2015-06-30 22:50:29 +02:00
thorkill
82300c623d Make sptps_speed and sptps_test compile
TODO: tests do not work
2015-06-30 22:49:11 +02:00
thorkill
4bfa726f8b Cleanup src/Makefile.am
Make it compile on FreeBSD
2015-06-30 22:48:15 +02:00
thorkill
f8154e3012 Initialize values in tincctl.c 2015-06-30 19:51:19 +02:00
thorkill
6a6113b366 Initialize variables in info.c 2015-06-30 19:48:49 +02:00
thorkill
84d34f4f35 Initialize variables in invitation.c 2015-06-30 19:46:14 +02:00
thorkill
8fb52e05f3 Define g_argv as static 2015-06-30 19:44:35 +02:00
thorkill
de9f04c30e Initialize variables in linux/device.c 2015-06-30 19:42:37 +02:00
thorkill
fb2942a249 Initialize result 2015-06-30 19:40:33 +02:00
thorkill
7a61acabea Added hash_t definitions 2015-06-30 19:39:11 +02:00
thorkill
9e0c77e21f Initialize variables in splay_tree.c - splay_top_down() 2015-06-30 19:35:13 +02:00
thorkill
044fc684d0 Initialize variables in route.c 2015-06-30 19:33:22 +02:00
thorkill
6b3b90a7b1 Initialize variables in protocol_subnet.c 2015-06-30 19:29:44 +02:00
thorkill
932dc76f43 Initialize variables in protocol_edge.c 2015-06-30 19:28:11 +02:00
thorkill
fb1a8fd631 Initialize variables in protocol.c 2015-06-30 19:26:42 +02:00
thorkill
0bd116195a Initialize variables in node.c 2015-06-30 19:24:27 +02:00
thorkill
d803ac93dc Initialize variables in netutl.c 2015-06-30 19:23:15 +02:00
thorkill
e2245da720 Initialize addrinfo hint 2015-06-30 19:20:57 +02:00
thorkill
94b9723917 Initialize sock 2015-06-30 19:19:30 +02:00
thorkill
c17cb1a0f2 Proper initialization of subnet 2015-06-30 19:15:43 +02:00
thorkill
7ed725888b Do not exit on unused-parameters 2015-06-30 19:15:22 +02:00
thorkill
78be3b19de Fixed signal_t initialization 2015-06-30 19:14:54 +02:00
thorkill
8f5a59a027 Included missing names.h 2015-06-30 19:11:45 +02:00
thorkill
3dc9542ec2 Disable -fno-strict-overflow and enable some -Werror= 2015-06-30 19:06:17 +02:00
thorkill
daf99058e3 Moved few config parameters to make lib usage possible. 2015-06-30 18:43:37 +02:00
thorkill
6633bf52e3 First working version 2015-06-30 18:36:57 +02:00
thorkill
6d9853618a Working on libs 2015-06-30 18:36:46 +02:00
thorkill
6b62992c25 Revert "Silence most noisy sources of memory leakage."
This reverts commit 408fb3b011.
2015-06-30 18:10:38 +02:00
thorkill
c53a9719d5 Revert "s_errno was nerver used"
This reverts commit 157ee90568.
2015-06-30 18:10:23 +02:00
thorkill
d661be413f Revert "Proper variable initialization"
This reverts commit bf91a8a340.
2015-06-30 18:10:20 +02:00
thorkill
54b8bc6e86 Revert "Type mismatch and debug_t is always >= 0"
This reverts commit 62dc7b6fe5.
2015-06-30 18:10:18 +02:00
thorkill
8a39621c64 Revert "make usage of function parameters"
This reverts commit 8108b0d5eb.
2015-06-30 18:10:16 +02:00
thorkill
f5f35bd148 Revert "initialize variables used in conditional jumps"
This reverts commit f89b38947a.
2015-06-30 18:10:10 +02:00
thorkill
104017df7a Revert "Added UNUSED macro to silnce unused-parameter warnings"
This reverts commit 8d4b974dda.
2015-06-30 18:10:07 +02:00
thorkill
c68aa9d5cc Revert "explicit middle parameter definition"
This reverts commit 0ef605d864.
2015-06-30 18:10:05 +02:00
thorkill
ce7b019067 Revert "Added type casting from debug_t to int"
This reverts commit 3bfb343b85.
2015-06-30 18:10:02 +02:00
thorkill
d7c623b8c7 Revert "Changed int size into size_t"
This reverts commit f755d57f4e.
2015-06-30 18:10:00 +02:00
thorkill
5dac5eb451 Revert "Marked unused parameters"
This reverts commit 3a61d104d4.
2015-06-30 18:09:50 +02:00
thorkill
3eb3cc7898 Revert "Type casting fixes"
This reverts commit dbfc168fa4.
2015-06-30 18:09:17 +02:00
thorkill
01098e2078 Revert "Fixing implicit conversion changes to signedness"
This reverts commit 7099a4437e.
2015-06-30 18:09:11 +02:00
thorkill
4f82a6359f Revert "Proper struct initialization"
This reverts commit bc8dbfc9fd.
2015-06-30 18:09:07 +02:00
thorkill
84ede57e52 Revert "fixed initialization of pollfd"
This reverts commit 319e0ac8ce.
2015-06-30 18:09:02 +02:00
thorkill
fe99eb02df Revert "Still hunting down uninitialized variables"
This reverts commit 46b9578cad.
2015-06-30 18:08:31 +02:00
thorkill
46b9578cad Still hunting down uninitialized variables 2015-06-30 02:04:16 +02:00
thorkill
319e0ac8ce fixed initialization of pollfd 2015-06-29 23:40:33 +02:00
thorkill
bc8dbfc9fd Proper struct initialization
Detected by clang -Wmissing-field-initializers
2015-06-29 23:32:34 +02:00
thorkill
7099a4437e Fixing implicit conversion changes to signedness
- format string
- function parameters
- logging
2015-06-29 23:32:26 +02:00
thorkill
dbfc168fa4 Type casting fixes 2015-06-29 16:19:23 +02:00
thorkill
3a61d104d4 Marked unused parameters 2015-06-29 16:19:19 +02:00
thorkill
f755d57f4e Changed int size into size_t 2015-06-29 16:19:15 +02:00
thorkill
3bfb343b85 Added type casting from debug_t to int 2015-06-29 16:19:11 +02:00
thorkill
0ef605d864 explicit middle parameter definition
error: use of GNU ?: conditional expression extension, omitting middle operand [-Werror,-Wgnu-conditional-omitted-operand]
2015-06-29 16:19:03 +02:00
thorkill
8d4b974dda Added UNUSED macro to silnce unused-parameter warnings 2015-06-29 16:18:52 +02:00
thorkill
f89b38947a initialize variables used in conditional jumps
Errors detected by clang -Wconditional-uninitialized.
2015-06-29 16:18:39 +02:00
thorkill
8108b0d5eb make usage of function parameters 2015-06-29 16:18:30 +02:00
thorkill
62dc7b6fe5 Type mismatch and debug_t is always >= 0
- Proper function definitions
2015-06-29 16:18:20 +02:00
thorkill
bf91a8a340 Proper variable initialization 2015-06-29 16:18:11 +02:00
thorkill
157ee90568 s_errno was nerver used 2015-06-29 16:18:02 +02:00
thorkill
da1a77998c Removed double break; 2015-06-29 16:17:53 +02:00
thorkill
408fb3b011 Silence most noisy sources of memory leakage.
==27135== Use of uninitialised value of size 8
==27135==    at 0x57BE17B: BN_num_bits_word (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57BE205: BN_num_bits (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57BADF7: BN_div (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57C48FC: BN_mod_inverse (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57C3647: BN_BLINDING_create_param (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x5812D44: RSA_setup_blinding (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x58095CB: rsa_get_blinding (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x580A64F: RSA_eay_private_decrypt (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x4E5D9BC: rsa_private_decrypt (rsa.c:97)
==27135==    by 0x4E51E1B: metakey_h (protocol_auth.c:524)
==27135==    by 0x4E505FD: receive_request (protocol.c:136)
==27135==    by 0x4E46002: receive_meta (meta.c:290)
==27135==  Uninitialised value was created by a heap allocation
==27135==    at 0x4C29F90: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27135==    by 0x575DCD7: CRYPTO_malloc (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57C24E1: BN_rand (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57C216F: bn_rand_range (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x57C3630: BN_BLINDING_create_param (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x5812D44: RSA_setup_blinding (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x58095CB: rsa_get_blinding (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x580A64F: RSA_eay_private_decrypt (in /usr/lib/libcrypto.so.1.0.0)
==27135==    by 0x4E5D9BC: rsa_private_decrypt (rsa.c:97)
==27135==    by 0x4E51E1B: metakey_h (protocol_auth.c:524)
==27135==    by 0x4E505FD: receive_request (protocol.c:136)
==27135==    by 0x4E46002: receive_meta (meta.c:290)
2015-06-28 00:40:31 +02:00
Etienne Dechamps
7aca0be0f9 Protect against callbacks removing items from the io tree.
The definition of the splay_each() macro is somewhat complicated for
syntactic reasons. Here's what it does in a more readable way:

  for (splay_node_t* node = tree->head; node;) {
    type* item = node->data;
    splay_node_t* next = node->next;

    // RUN USER BLOCK with (item)

    node = next;
  }

list_each() works in the same way. Since node->next is saved before the
user block runs, this construct supports removing the current item from
within the user block. However, what it does *not* support is removing
*other items* from within the user block, especially the next item.
Indeed, that will invalide the next pointer in the above loop and
therefore result in an invalid pointer dereference.

Unfortunately, there is at least one code path where that unsupported
operation happens. It is located in ack_h(), where the authentication
protocol code detects a double connection (i.e. being connected to
another node twice). Running in the context of a socket read event, this
code will happily terminate the *other* metaconnection, resulting in its
socket being removed from the io tree. If, by misfortune, this other
metaconnection happened to have the next socket FD number (which is
quite possible due to FD reuse - albeit unlikely), and was part of the
io tree (which is quite likely because if that connection is stuck, it
will most likely have pending writes) then this will result in the next
pending io item being destroyed. Invalid pointer dereference ensues.

I did a quick audit of other uses of splay_each() and list_each() and
I believe this is the only scenario in which this "next pointer
invalidation" problem can occur in practice. While this bug has been
there since at least 6bc5d626a8 (November
2012), if not sooner, it happens quite rarely due to the very specific
set of conditions required to trigger it. Nevertheless, it does manage
to crash my central production nodes every other week or so.
2015-06-26 20:11:31 +02:00
Guus Sliepen
d150e82b94 Fix crash is sptps_logger().
Unfortunately, sptps_logger() cannot know if s->handle is pointing to a
connection_t or a node_t. But it needs to print name and hostname in
both cases. So make sure both types have name and hostname fields at the
start with the same offset.
2015-06-26 20:11:31 +02:00
Guus Sliepen
8960694e51 Fix alignment of output of sptps_speed. 2015-06-26 20:11:31 +02:00
Guus Sliepen
06a7c60db7 Fix receiving SPTPS data in sptps_speed and sptps_test.
The sptps_receive_data() was changed in commit d237efd to only process
one SPTPS record from a stream input. So now we have to put a loop
around it to ensure we process everything.
2015-06-26 20:11:30 +02:00
Guus Sliepen
479a10b484 Fix warnings about missing return value checks.
In some harmless places, checks for the return value of ECDSA and RSA
key generation and verification was omitted. Add them to keep the
compiler happy and to warn end users in case something is wrong.
2015-06-26 20:11:30 +02:00
thorkill
8e3edeec3d Reverted error messages to original one 2015-06-26 17:13:52 +02:00
Etienne Dechamps
ebffa40aa7 Protect against callbacks removing items from the io tree.
The definition of the splay_each() macro is somewhat complicated for
syntactic reasons. Here's what it does in a more readable way:

  for (splay_node_t* node = tree->head; node;) {
    type* item = node->data;
    splay_node_t* next = node->next;

    // RUN USER BLOCK with (item)

    node = next;
  }

list_each() works in the same way. Since node->next is saved before the
user block runs, this construct supports removing the current item from
within the user block. However, what it does *not* support is removing
*other items* from within the user block, especially the next item.
Indeed, that will invalide the next pointer in the above loop and
therefore result in an invalid pointer dereference.

Unfortunately, there is at least one code path where that unsupported
operation happens. It is located in ack_h(), where the authentication
protocol code detects a double connection (i.e. being connected to
another node twice). Running in the context of a socket read event, this
code will happily terminate the *other* metaconnection, resulting in its
socket being removed from the io tree. If, by misfortune, this other
metaconnection happened to have the next socket FD number (which is
quite possible due to FD reuse - albeit unlikely), and was part of the
io tree (which is quite likely because if that connection is stuck, it
will most likely have pending writes) then this will result in the next
pending io item being destroyed. Invalid pointer dereference ensues.

I did a quick audit of other uses of splay_each() and list_each() and
I believe this is the only scenario in which this "next pointer
invalidation" problem can occur in practice. While this bug has been
there since at least 6bc5d626a8 (November
2012), if not sooner, it happens quite rarely due to the very specific
set of conditions required to trigger it. Nevertheless, it does manage
to crash my central production nodes every other week or so.
2015-06-20 14:09:00 +01:00
Guus Sliepen
45a46f068c Fix crash is sptps_logger().
Unfortunately, sptps_logger() cannot know if s->handle is pointing to a
connection_t or a node_t. But it needs to print name and hostname in
both cases. So make sure both types have name and hostname fields at the
start with the same offset.
2015-06-10 23:42:17 +02:00
thorkill
7941f68ab0 removed debug output in sptps.c 2015-06-08 13:03:41 +02:00
Guus Sliepen
bfe231b977 Fix alignment of output of sptps_speed. 2015-06-07 23:20:14 +02:00
Guus Sliepen
a797b4a192 Fix receiving SPTPS data in sptps_speed and sptps_test.
The sptps_receive_data() was changed in commit d237efd to only process
one SPTPS record from a stream input. So now we have to put a loop
around it to ensure we process everything.
2015-06-07 23:17:54 +02:00
Guus Sliepen
d8d1ab4ee1 Fix warnings about missing return value checks.
In some harmless places, checks for the return value of ECDSA and RSA
key generation and verification was omitted. Add them to keep the
compiler happy and to warn end users in case something is wrong.
2015-06-07 22:50:05 +02:00
thorkill
e0221cc00d Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof 2015-06-06 01:50:28 +02:00
Guus Sliepen
84ecc972e5 Fix missing return value caused by the previous commit. 2015-05-31 23:51:39 +02:00
Etienne Dechamps
eca357ed91 Don't try to relay packets to unreachable nodes.
It is not unusual for tinc to receive SPTPS packets to be relayed to
nodes that just became unreachable, due to state propagation delays in
the metagraph.

Unfortunately, the current code doesn't handle that situation correctly,
and still tries to relay the packet to the unreachable node. This
typically ends up segfaulting.

This commit fixes the issue by checking for reachability before relaying
the packet.
2015-05-31 20:19:48 +01:00
thorkill
9bf36c8666 Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof 2015-05-26 12:57:15 +02:00
Etienne Dechamps
9e3adef5cb Fix invalid pointer use in get_my_hostname().
clang-3.7 warnings surfaced an actual bug:

invitation.c:185:5: error: address of array 'filename' will always evaluate to 'true'
      [-Werror,-Wpointer-bool-conversion]
        if(filename) {
        ~~ ^~~~~~~~

The regression was introduced in 3ccdf50beb.
2015-05-24 09:49:16 +01:00
Etienne Dechamps
7fcfbe2bd2 Fix wrong format string type in send_sptps_tcppacket().
This issue was found through a clang-3.7 warning:

protocol_misc.c:167:46: error: format specifies type 'short' but the argument has type 'int'
      [-Werror,-Wformat]
        if(!send_request(c, "%d %hd", SPTPS_PACKET, len))
                                ~~~                 ^~~
                                %d
2015-05-24 09:45:09 +01:00
Etienne Dechamps
3e61c7233b Don't set up an ongoing connection to myself.
It is entirely possible that the configuration file could contain a
ConnectTo statement refering to its own name; that's a reasonable
scenario when one deploys semi-automatically generated tinc.conf files.

Amusingly, tinc does not like that at all, and actually sets up an
outgoing_t structure to myself (which obviously makes no sense). This is
mostly benign, though it does result in non-sensical "Already connected
to myself" messages every retry interval.

However, that also makes things blow up in close_network_connections(),
because there we delete the entire outgoing list and *then* the myself
node, which still has a reference to the freshly deleted outgoing
structure. Boom.
2015-05-23 17:33:32 +01:00
Etienne Dechamps
8587e8c0d9 Fix crashes when trying unreachable nodes.
timeout_handler() calls try_tx(c->node) when c->edge exists.
Unfortunately, the existence of c->edge is not enough to conclude that
the node is reachable.

In fact, during connection establishment, there is a short period of
time where we create an edge for the node at the other end of the
metaconnection, but we don't have one from the other side yet.
Unfortunately, if timeout_handler() runs during that short time
window, it will call try_tx() on an unreachable node, which makes
things explode because that function is not prepared to handle that
case.

A typical symptom of this race condition is a hard SEGFAULT while trying
to send packets using metaconnections that don't exist, due to
n->nexthop containing garbage.

This patch fixes the issue by making try_tx() check for reachability,
and then making all code paths use try_tx() instead of the more
specialized methods so that they go through the check.

This regression was introduced in
eb7a0db18e.
2015-05-23 10:24:00 +01:00
Guus Sliepen
537a936671 Update copyright notices. 2015-05-21 11:09:01 +02:00
Guus Sliepen
0a786ffbb9 Set the CLOEXEC flag on the umbilical socket. 2015-05-21 11:06:38 +02:00
Guus Sliepen
87e0952773 Use socketpair() instead of pipe() for the umbilical.
This prepares for a possible conversion of the umbilical socket to a
control socket.
2015-05-20 21:28:54 +02:00
Guus Sliepen
19e0d449eb Don't write log messages to the umbilical pipe if we don't detach.
If we run in the foreground and are started by the CLI, this would
otherwise cause the first few log messages to appear twice.
2015-05-20 21:25:06 +02:00
Guus Sliepen
11868b890d Ensure "tinc start" knows if the daemon really started succesfully.
We do this by creating an umbilical between the CLI and the daemon. The
daemon pipes log messages to the CLI until it starts the main loop. The
daemon then cuts the umbilical. The CLI copies all the received log
messages to stderr, and the last byte indicates whether the daemon
started succesfully or not, so the CLI can exit with a useful exit code.
2015-05-20 16:59:43 +02:00
thorkill
26c7ff7fdd fixed conflict in src/sptps.c 2015-05-20 14:34:10 +02:00
Guus Sliepen
7f96ef081d Fix check for LOCALSTATEDIR accessibility for the CLI.
The CLI does not need write access to the directory where the PID file
is stored, it just needs to be able to read the PID file.
2015-05-20 11:11:12 +02:00
Guus Sliepen
3ccdf50beb Allocate temporary filenames on the stack.
This gets rid of xasprintf() in a number of places, and removes the need
to free() the temporary strings. A few potential memory leaks have been
fixed.
2015-05-20 00:58:00 +02:00
Guus Sliepen
58e8f598f3 Allow dumping a list of outstanding invitations.
This dumps the name of the invitation file, as well as the name of the
node that is being invited. This can make it easier to find the
invitation file belonging to a given node.
2015-05-20 00:12:01 +02:00
Guus Sliepen
7c8f54cdb2 Add "list" as an alias for "dump" in the CLI. 2015-05-20 00:02:53 +02:00
Guus Sliepen
69ba5f621e Quit with an error message if ioctl(TUNSETIFF) fails.
It is possible that opening /dev/net/tun works but that interface
creation itself fails, for example if a non-root user tries to create a
new interface, or if the desired interface is already opened by another
process. In this case, the ioctl() fails, but we actually silently
ignored this condition.
2015-05-19 22:26:32 +02:00
thorkill
587e177dc3 Fixed format-warnings 2015-05-19 22:21:25 +02:00
Guus Sliepen
60fbdb3f2c If LOCALSTATEDIR is inaccessible, store the pid and socket files in the configuration directory.
The compile time local state directory is usually /var or
/usr/local/var. If this is not accessible for some reason, for example
because someone ./configured tinc without --localstatedir and
/usr/local/var does not exist, or if tinc is started by a non-root user,
then tinc will fall back to the directory where tinc.conf is stored.
A warning is logged when this happens.
2015-05-19 22:17:18 +02:00
Guus Sliepen
dece2db78e Don't log seqno failures in sptps_verify_datagram().
This function is not used for normal traffic, only when a packet from an
unknown source is received and we need to check against candidates. No
failures should be logger in this case; if the packet is really not
valid this will be logged by handle_incoming_vpn_data().
2015-05-19 21:32:30 +02:00
Guus Sliepen
a752211801 Add source of SPTPS errors to log messages. 2015-05-19 21:23:35 +02:00
thorkill
ef4a0848ca Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof 2015-05-19 17:59:03 +02:00
Guus Sliepen
d89f37eb17 Add newline at end of precomp_data.h and sc.h. 2015-05-19 14:25:20 +02:00
Guus Sliepen
d8a3a182de Fix src/Makefile.am for *BSD.
Apparently the BSDs don't like $(srcdir) but want to see ${srcdir} in
their rules.
2015-05-19 14:09:53 +02:00
Etienne Dechamps
a196e9b0fd Fix direct UDP communciation with pre-relaying 1.1 nodes.
try_tx_sptps() gives up on UDP communication if the recipient doesn't
support relaying. This is too restrictive - we only need the other node
to support relaying if we actually want to relay through them. If the
packet is sent directly, it's fine to send it to an old pre-node-IDs
tinc-1.1 node.
2015-05-18 21:08:43 +01:00
Etienne Dechamps
fef29d0193 Don't parse node IDs if the sending node doesn't support them.
Currently, tinc tries to parse node IDs for all SPTPS packets, including
ones sent from older, pre-node-IDs tinc-1.1 nodes, and therefore doesn't
recognize packets from these nodes. This commit fixes that.

It also makes code slightly clearer by reducing the amount of fiddling
around packet offset/length.
2015-05-18 20:56:16 +01:00
Etienne Dechamps
643149b449 Fix SPTPS condition in try_harder().
A condition in try_harder() is always evaluating to false when talking
to a SPTPS node because n->status.validkey_in is always false in that
case. Fix the condition so that the SPTPS status is correctly checked.

This prevented recent tinc-1.1 nodes from talking to older, pre-node-ID
tinc-1.1 nodes.

The regression was introduced in
6056f1c13b.
2015-05-18 20:38:01 +01:00
Etienne Dechamps
01d2519862 Don't pollute the system header directory namespace.
Since commit 13f9bc1ff1, tinc passes the
-I. option to the preprocessor so that version_git.h can be found during
out-of-tree ("VPATH") builds.

The problem is, this option also affects the directory search for files
included *from* system headers. For example, on MinGW, unistd.h contains
the following line:

  #include <process.h>

Which, due to -I. putting the tinc directory at the head of the search
order, results in tinc's process.h being included instead of the file
from MinGW. Hilarity ensues.

This commit fixes the issue by using -iquote, which doesn't affect
system headers.
2015-05-17 22:40:48 +01:00
Etienne Dechamps
c1154bf696 Make sure the MIN() macro is defined.
On MinGW this is not automatically the case, thereby breaking the build.
2015-05-17 22:21:11 +01:00
thorkill
23eff91634 resolved conflict 2015-05-17 23:13:43 +02:00
thorkill
b1aefcd8d0 extended logging in sptps 2015-05-17 23:12:27 +02:00
Guus Sliepen
5c32bd1578 Merge remote-tracking branches 'dechamps/sptpsrestart' and 'dechamps/keychanged' into 1.1 2015-05-17 21:07:45 +02:00
Etienne Dechamps
2cb216d83d Don't send KEY_CHANGED messages if we don't support the legacy protocol.
KEY_CHANGED messages are only useful to invalidate keys for non-SPTPS nodes;
SPTPS nodes use a different internal mechanism (forced KEX) for that purpose.
Therefore, if we know we can't talk to legacy nodes, there's no point in
sending them these messages.
2015-05-17 19:27:20 +01:00
Etienne Dechamps
1a7a9078c0 Proactively restart the SPTPS tunnel if we get receive errors.
There are a number of ways a SPTPS tunnel can get into a corrupt state.
For example, during key regeneration, the KEX and SIG messages from
other nodes might arrive out of order, which confuses the hell out of
the SPTPS code. Another possible scenario is not noticing another node
crashed and restarted because there was no point in time where the node
was seen completely disconnected from *all* nodes; this could result in
using the wrong (old) key. There are probably other scenarios which have
not even been considered yet. Distributed systems are hard.

When SPTPS got confused by a packet, it used to crash the entire
process; fortunately that was fixed by commit
2e7f68ad2b. However, the error handling
(or lack thereof) leaves a lot to be desired. Currently, when SPTPS
encounters an error when receiving a packet, it just shrugs it off and
continues as if nothing happened. The problem is, sometimes getting
receive errors mean the tunnel is completely stuck and will not recover
on its own. In that case, the node will become unreachable - possibly
indefinitely.

The goal of this commit is to improve SPTPS error handling by taking
proactive action when an incoming packet triggers a failure, which is
often an indicator that the tunnel is stuck in some way. When that
happens, we simply restart SPTPS entirely, which should make the tunnel
recover quickly.

To prevent "storms" where two buggy nodes flood each other with invalid
packets and therefore spend all their time negotiating new tunnels, we
limit the frequency at which tunnel restarts happen to ten seconds.

It is likely this commit will solve the "Invalid KEX record length
during key regeneration" issue that has been seen in the wild. It is
difficult to be sure though because we do not have a full understanding
of all the possible conditions that can trigger this problem.
2015-05-17 19:21:50 +01:00
Etienne Dechamps
aa52300b2b Trivial: make sptps_receive_data_datagram() a little more readable.
The new code updates variables as stuff is being consumed, so that the
reader doesn't have to do that in his head.
2015-05-17 17:52:15 +01:00
Guus Sliepen
30e839b0a1 Don't send local_address in ADD_EDGE messages if it's AF_UNSPEC. 2015-05-17 18:44:09 +02:00
Sven-Haegar Koch
23fda4db6d Let sockaddr2hostname() handle AF_UNSPEC addresses. 2015-05-17 18:43:34 +02:00
Etienne Dechamps
1e89a63f16 Prevent SPTPS key regeneration packets from entering an UDP relay path.
Commit 10c1f60c64 introduced a mechanism
by which a packet received by REQ_KEY could continue its journey over
UDP. This was based on the assumption that REQ_KEY messages would never
be used for handshake packets (which should never be sent over UDP,
because SPTPS currently doesn't handle lost handshake packets very
well).

Unfortunately, there is one case where handshake packets are sent using
REQ_KEY: when regenerating the SPTPS key for a pre-established channel.
With the current code, such packets risk getting relayed over UDP.

When processing a REQ_KEY message, it is impossible for the receiving
end to distinguish between a data SPTPS packet and a handshake packet,
because this information is stored in the type field which is encrypted
with the end-to-end key.

This commit fixes the issue by making tinc use ANS_KEY for all SPTPS
handshake messages. This works because ANS_KEY messages are never
forwarded using the SPTPS relay mechanisms, therefore they are
guaranteed to stick to TCP.
2015-05-17 17:09:56 +01:00
thorkill
69c0a5fe66 fixed conflict on src/net_packet.c 2015-05-17 00:27:21 +02:00
Guus Sliepen
eecfeadeb4 Let sockaddr2str() handle AF_UNSPEC addresses. 2015-05-16 02:01:54 +02:00
Guus Sliepen
613c121cdc Try all addresses for the hostname in an invitation URL. 2015-05-15 23:35:46 +02:00
Guus Sliepen
54a8bd78e3 Be more liberal accepting ADD_EDGE messages with conflicting local address information.
If the ADD_EDGE is for one of the edges we own, and if it is not the
same as we actually have, send a correcting ADD_EDGE back. Otherwise, if
the ADD_EDGE contains new information, update our idea of the local
address for that edge.

If the ADD_EDGE does not contain local address information, then we
never make a correction nor log a warning.
2015-05-15 23:08:53 +02:00
Guus Sliepen
8028e01100 Use AF_UNSPEC instead of AF_UNKNOWN for unspecified local address in add_edge_h().
AF_UNKNOWN is reserved for valid addresses that the local node cannot
parse, but remote nodes possibly can.
2015-05-15 23:01:06 +02:00
Guus Sliepen
fd1cff6df2 Fix receiving UDP packets from tinc 1.0.x nodes.
In try_mac(), the wrong offsets were used into the packet buffer,
causing the digest verification to always fail.
2015-05-15 00:21:48 +02:00
Guus Sliepen
44e9f1e1d8 Fix invitations.
These were broken due to a change in behaviour of sptps_receive_data()
introduced in commit d237efd325.
2015-05-13 14:28:28 +02:00
thorkill
35af740537 Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof 2015-05-12 17:28:29 +02:00
thorkill
2189232b79 Init avg. RTT based on weight 2015-05-12 17:23:28 +02:00
Etienne Dechamps
7e6b2dd1ea Introduce raw TCP SPTPS packet transport.
Currently, SPTPS packets are transported over TCP metaconnections using
extended REQ_KEY requests, in order for the packets to pass through
tinc-1.0 nodes unaltered. Unfortunately, this method presents two
significant downsides:

 - An already encrypted SPTPS packet is decrypted and then encrypted
   again every time it passes through a node, since it is transported
   over the SPTPS channels of the metaconnections. This
   double-encryption is unnecessary and wastes CPU cycles.

 - More importantly, the only way to transport binary data over
   standard metaconnection messages such as REQ_KEY is to encode it
   in base64, which has a 33% encoding overhead. This wastes 25% of the
   network bandwidth.

This commit introduces a new protocol message, SPTPS_PACKET, which can
be used to transport SPTPS packets over a TCP metaconnection in an
efficient way. The new message is appropriately protected through a
minor protocol version increment, and extended REQ_KEY messages are
still used with nodes that do not support the new message, as well as
for the intial handshake packets, for which efficiency is not a concern.

The way SPTPS_PACKET works is very similar to how the traditional PACKET
message works: after the SPTPS_PACKET message, the raw binary packet is
sent directly over the metaconnection. There is one important
difference, however: in the case of SPTPS_PACKET, the packet is sent
directly over the TCP stream completely bypassing the SPTPS channel of
the metaconnection itself for maximum efficiency. This is secure because
the SPTPS packet that is being sent is already encrypted with an
end-to-end key.
2015-05-10 21:08:57 +01:00
Etienne Dechamps
d237efd325 Only read one record at a time in sptps_receive_data().
sptps_receive_data() always consumes the entire buffer passed to it,
which is somewhat inflexible. This commit improves the interface so that
sptps_receive_data() consumes at most one record. The goal is to allow
non-SPTPS stuff to be interleaved with SPTPS records in a single TCP
stream.
2015-05-10 21:08:57 +01:00
Etienne Dechamps
de14308840 Rename REQ_SPTPS to SPTPS_PACKET.
REQ_SPTPS implies the message has an ANS_ counterpart (like REQ_KEY,
ANS_KEY), but it doesn't. Therefore dropping the REQ_ seems more
appropriate, and we add a _PACKET suffix to reduce the likelihood of
naming conflicts.
2015-05-10 21:08:57 +01:00
Etienne Dechamps
10c1f60c64 Try to use UDP to relay SPTPS packets received over TCP.
Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY
encapsulation mechanism, it forwards it like any other TCP request. This
is inefficient, because even though we received the packet over TCP,
we might have an UDP link with the next hop, which means the packet
could be sent over UDP.

This commit removes that limitation by making sure SPTPS data packets
received through REQ_KEY requests are not forwarded as-is but passed
to send_sptps_data() instead, thereby using the same code path as if
the packet was received over UDP.
2015-05-10 21:08:57 +01:00
Etienne Dechamps
1296f715b5 Expose the raw SPTPS send interface from net_packet.
net_packet doesn't actually use send_sptps_data(); it only uses
send_sptps_data_priv(). In addition, the only user of send_sptps_data()
is protocol_key. Therefore it makes sense to expose
send_sptps_data_priv() directly, and move send_sptps_data() (which is
basically just boilerplate) as a local function in protocol_key.
2015-05-10 21:08:57 +01:00
Etienne Dechamps
8e43a2fc74 Use the correct originator node when relaying SPTPS UDP packets.
Currently, when relaying SPTPS UDP packets, the code uses the direct
sender as the originator, instead of preserving the original source ID.

This wouldn't cause any issues in most cases because the originator and
the sender are the same in simple one-hop relay chains, but this will
break as soon as there is more than one relay.
2015-05-10 18:46:47 +01:00
Etienne Dechamps
9d223cb7e7 When relaying, send probes to the destination, not the source.
This seems to be a typo from c23e50385d.
Achievement unlocked: got a one-line commit wrong.
2015-05-10 18:37:30 +01:00
Etienne Dechamps
13f9bc1ff1 Add support for out-of-tree ("VPATH") builds.
This fixes some issues with the build system when building out of tree.

With this commit, it is now possible to do the following:

    $ cd /tmp/build
    $ /path/to/tinc/configure
    $ make
2015-05-09 16:41:48 +01:00
Pierre Emeriaud
1c77069064 Fix typo in tincctl help. 2015-05-09 00:03:51 +02:00
Guus Sliepen
54554cc276 Don't include build-time generated version_git.h in the tarball. 2015-05-05 23:05:22 +02:00
Guus Sliepen
c46bdbde18 Remove "release-" from displayed git version.
Also make sure that version_git.h is only written to if the "git
describe" command succeeds.
2015-05-05 23:03:41 +02:00
Etienne Dechamps
120e0567cb Use git description as the tinc version.
Instead of using the hardcoded version number in configure.ac, this
makes tinc use the live version reported by "git describe",
queried on-the-fly during the build process and regenerated for every
build.

This makes tinc version output more useful, as tinc will now display the
number of commits since the last tag as well as the commit the binary is
built from, following the format described in git-describe(1).

Here's an example of tincd --version output:

  tinc version release-1.1pre10-48-gc149315 (built Jun 29 2014 15:21:10, protocol 17.3)

When building directly from a release tag, this will look like the following:

  tinc version release-1.1pre10 (built Jun 29 2014 15:21:10, protocol 17.3)

(Note that the format is slightly different - because of the way the
tags are named, it says "release-1.1pre10" instead of just "1.1pre10")

If git describe fails (for example when building from a release
tarball), the build automatically falls back to the autoconf-provided
VERSION macro (i.e. the old behavior).
2015-05-04 21:38:23 +01:00
thorkill
bb2084da59 Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof 2015-04-24 23:52:45 +02:00
Guus Sliepen
95594f4738 Fix typo 0fda572c88 that prevented some errors from being logged. 2015-04-24 23:51:29 +02:00
thorkill
9e0c4a7349 Merge branch '1.1' of github.com:gsliepen/tinc into thkr-1.1-ponyhof
,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
2015-04-24 23:47:25 +02:00
Guus Sliepen
0fda572c88 Don't log an error message when receiving a TERMREQ. 2015-04-24 23:43:58 +02:00
Guus Sliepen
ea1e815223 Fix a possible segmentation fault during key upgrades.
read_rsa_public_key() was bailing out early if the given node already has an Ed25519 key, and
returned true even though c->rsa was NULL. The early bailout code isn't necessary anymore, so just
remove it.
2015-04-24 23:43:19 +02:00
Guus Sliepen
2059814238 Allow one-sided upgrades to Ed25519.
This deals with the case where one node knows the Ed25519 key of another node, but not the other
way around. This was blocked by an overly paranoid check in id_h(). The upgrade_h() function already
handled this case, and the node that already knows the other's Ed25519 key checks that it has not
been changed, otherwise the connection will be aborted.
2015-04-24 23:40:20 +02:00
thorkill
50bf9b5a1a It seems that this patch is needed. Strange things happens.
Revert "Want to test old version with latest patches."

This reverts commit fcc0c2239f.
2015-04-24 18:07:12 +02:00
thorkill
fcc0c2239f Want to test old version with latest patches.
Revert "Temporal fix for broken hopes."

This reverts commit df42bc3621.
2015-04-24 17:47:04 +02:00
thorkill
655d8a0f67 Removed debug output 2015-04-16 10:55:50 +02:00
thorkill
0fc873a161 Merge branch '1.1' into thkr-1.1-ponyhof 2015-04-16 10:44:01 +02:00
Guus Sliepen
3def9d2ad8 Merge remote-tracking branch 'dechamps/wintapver' into 1.1 2015-04-12 15:43:05 +02:00
Guus Sliepen
95921696a4 Always call res_init() before getaddrinfo().
Unfortunately, glibc assumes that /etc/resolv.conf is a static file that
never changes. Even on servers, /etc/resolv.conf might be a dynamically
generated file, and we never know when it changes. So just call
res_init() every time, so glibc uses up-to-date nameserver information.

Conflicts:
	src/have.h
	src/net.c
	src/net_setup.c
2015-04-12 15:42:48 +02:00
Guus Sliepen
f500a3d4e6 Merge remote-tracking branch 'dechamps/windevice' into 1.1 2015-04-12 15:36:50 +02:00
Guus Sliepen
417981462a Merge remote-tracking branch 'dechamps/winmtu' into 1.1 2015-04-12 15:35:50 +02:00
Guus Sliepen
11effab85b Merge remote-tracking branch 'dechamps/fsckwin' into 1.1 2015-04-12 15:35:37 +02:00
Guus Sliepen
9e71b74ed8 Merge remote-tracking branch 'dechamps/staticfix' into 1.1 2015-04-12 15:34:50 +02:00
thorkill
0cd387fd90 This commit implements average RTT estimation based on PING-PONG between active TCP connections.
Average RTT can be used to update edge weight and propagate it to the network.
tinc dump edges has been also extended to give the current RTT.
New edge weight will change only if the config has EdgeUpdateInterval set to other value than 0.

- Ignore local configuration for editors
- Extended manpage with informations about EdgeUpdateInterval
- Added clone_edge and fixed potential segfault when b->from not defined
- Compute avg_rtt based on the time values we got back in PONG
- Add avg_rtt on dump edge
- Send current time on PING and return it on PONG
- Changed last_ping_time to struct timeval
- Extended edge_t with avg_rtt
2015-04-11 15:27:28 +02:00
thorkill
9910f8f2d1 Fixed a SIGABRT in send_ans_key().
In some cases the remote host does not know our key but we have got theirs.
So we send him our key but send_ans_key() aborted on this point.
2015-04-04 20:16:42 +02:00
thorkill
df42bc3621 Temporal fix for broken hopes. 2015-03-18 15:45:52 +01:00
thorkill
157bc90e64 Temporal fix for 'unknown source' and broken direct UDP links. 2015-03-18 14:54:45 +01:00
Etienne Dechamps
0c010ff9fe Warn about performance if using TAP-Windows >=9.21.
Testing has revealed that the newer series of Windows TAP drivers (i.e.
9.0.0.21 and later, also known as NDIS6, tap-windows6) suffer from
serious performance issues in the write path. Write operations seems to
take a very long time to complete, resulting in massive packet loss even
for throughputs as low as 10 Mbit/s.

I've made some attempts to alleviate the problem using parellelism. By
using custom code that allows up to 256 write operations at the same
time the results are much better, but it's still about 2 times worse
than the traditional 9.0.0.9 driver.

We need to investigate more and file a bug against tap-windows6, but in
the mean time, let's inform the user that he might not want to use the
latest drivers.
2015-03-15 18:37:58 +00:00
Etienne Dechamps
0f328d9d28 Log TAP-Windows driver version on startup.
This is generally useful. We've seen issues that are specific to some
version of these drivers (especially the newer 9.0.0.21 version), so
it's relevant to log it, especially since that means it will be
copy-pasted by people posting their logs asking for help.
2015-03-15 18:36:37 +00:00
Etienne Dechamps
7027bba541 Increase the ReplayWindow default from 16 to 32.
As a rule, it seems reasonable to make sure that tinc operates correctly
on at least 1G links, since these are pretty common. However, I have
observed replay window issues when operating at speeds of 600 Mbit/s and
above, especially when the receiving end is a Windows system (not sure
why). This commit increases the default so that this won't occur on
fresh setups.
2015-03-15 18:04:58 +00:00
Etienne Dechamps
94f49a163a Set the default for UDPRcvBuf and UDPSndBuf to 1M.
It may not be obvious, but due to the way tinc operates (single-threaded
control loop with no intermediate packet buffer), UDP send and receive
buffers can have a massive impact on performance. It is therefore of
paramount importance that the buffers be large enough to prevent packet
drops that could occur while tinc is processing a packet.

Leaving that value to the OS default could be reasonable if we weren't
relying on it so much. Instead, this makes performance somewhat
unpredictable.

In practice, the worst case scenario occurs on Windows, where Microsoft
had the brillant idea of making the buffers 8K in size by default, no
matter what the link speed is. Considering that 8K flies past in a
matter of microseconds on >1G links, this is extremely inappropriate. On
these systems, changing the buffer size to 1M results in *obscene*
raw throughput improvements; I have observed a 10X jump from 40 Mbit/s
to 400 Mbit/s on my system.

In this commit, we stop trusting the OS to get this right and we use a
fixed 1M value instead, which should be enough for <=1G links.
2015-03-15 18:04:55 +00:00
Etienne Dechamps
89715454c0 Fix Windows device asynchronous write behavior.
Write operations to the Windows device do not necessarily complete
immediately; in fact, with the latest TAP-Win32 drivers, this never
seems to be the case.

write_packet() does not handle that case correctly, because the
OVERLAPPED structure and the packet data go out of scope before the
write operation completes, resulting in race conditions.

This commit fixes the issue by making sure these data structures are
kept in global scope, and by dropping any packets that may arrive while
the previous write operation is still pending.
2015-03-15 10:34:40 +00:00
Etienne Dechamps
675142c7d8 When disabling the Windows device, wait for pending reads to complete.
On Windows, when disabling the device, tinc uses the CancelIo() to
cancel the pending read operation, and then proceeds to delete the event
handle immediately.

This assumes that CancelIo() blocks until the pending read request is
completely torn down and no references to it remain. While MSDN is not
completely clear on that subject, it does suggest that this is not the
case:

  http://msdn.microsoft.com/en-us/library/windows/desktop/aa363791.aspx
  If the function succeeds [...] the cancel operation for all pending
  I/O operations issued by the calling thread for the specified file
  handle was successfully requested.

This implies that cancellation was merely "requested", and that there
are no guarantees as to the state of the operation when CancelIo()
returns. Therefore, care must be taken not to close event handles
prematurely.

While I'm no aware of this potential race condition causing any problems
in practice, I don't want to take any chances.
2015-03-15 10:32:18 +00:00
Etienne Dechamps
176ee01526 Make sure packet header structures are correctly packed on Windows.
Modern versions of GCC handle structure packing differently when
compiling for Windows, as reported in the following GCC bug report:

  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991

In practice, this affects tinc because it uses packed structs as a
convenient way to populate packet headers. "struct ip" is especially
affected - on Linux, sizeof(struct ip) returns 20 as expected, while on
Windows, it returns 24 because of the broken alignment.

This in turn completely breaks code that has to populate an IP header.
Specifically, this breaks route_ipv4_unreachable() which is responsible,
among other things, for the generation of ICMP Fragmentation Needed
messages. On Windows, these messages are corrupted beyond hope because
of this alignment issue. For TCP connections that are established
before tinc obtains a fix on the MTU (and thus are not MSS clamped),
this can result in massive disruption.

This commit fixes the issue by forcing GCC to use standard alignment
for all packed structures in the tinc codebase instead of the MSVC
alignment.
2015-03-15 10:12:18 +00:00
Etienne Dechamps
43b41e9095 Fix HAVE_DECL_RES_INIT conditionals.
HAVE_DECL_RES_INIT is generated using AC_CHECK_DECLS. tinc checks this
symbol using #ifdef, which is wrong because (according to autoconf docs)
the symbol is always defined, it's just set to zero if the check failed.

This broke the Windows build starting from
0b310bf406, because it introduced this
conditional in code that's not excluded from the Windows build.
2015-03-14 16:22:26 +00:00
Etienne Dechamps
4989362300 Fix invalid getuid() call on Windows.
This is breaking the Windows build. Regression was introduced in
268e3ffca7.
2015-03-14 16:07:54 +00:00
Etienne Dechamps
fa432426df Don't send UDP probes past static relays.
Ironically, commit 0f8e2cc78c introduced
a regression on its own, since it accidently removed a return statement
that prevented try_tx_sptps() from sending UDP/MTU probes to nodes that
are past static relays.
2015-03-14 14:04:50 +00:00
Etienne Dechamps
76a9be5bce Throttle the rate of MTU_INFO messages.
This makes sure MTU_INFO messages are only sent at the maximum rate of
5 per second (by default). As usual with these "probe" mechanisms, the
rate of these messages cannot be higher than the rate of data packets
themselves, since they are sent from the RX path.
2015-03-14 13:39:05 +00:00
Etienne Dechamps
467397f25d Throttle the rate of UDP_INFO messages.
This makes sure UDP_INFO messages are only sent at the maximum rate of
5 per second (by default). As usual with these "probe" mechanisms, the
rate of these messages cannot be higher than the rate of data packets
themselves, since they are sent from the RX path.
2015-03-14 13:39:05 +00:00
Etienne Dechamps
b1421b9190 Add MTU_INFO protocol message.
In this commit, nodes use MTU_INFO messages to provide MTU information.

The issue this code is meant to address is the non-trivial problem of
finding the proper MTU when UDP SPTPS relays are involved. Currently,
tinc has no idea what the MTU looks like beyond the first relay, and
will arbitrarily use the first relay's MTU as the limit. This will fail
miserably if the MTU decreases after the first relay, forcing relays to
fall back to TCP. More generally, one should keep in mind that relay
paths can be arbitrarily complex, resulting in packets taking "epic
journeys" through the graph, switching back and forth between UDP (with
variable MTUs) and TCP multiple times along the path.

A solution that was considered consists in sending standard MTU probes
through the relays. This is inefficient (if there are 3 nodes on one
side of relay and 3 nodes on the other side, we end up with 3*3=9 MTU
discoveries taking place at the same time, while technically only
3+3=6 are needed) and would involve eyebrow-raising behaviors such as
probes being sent over TCP.

This commit implements an alternative solution, which consists in
the packet receiver sending MTU_INFO messages to the packet sender.
The message contains an MTU value which is set to maximum when the
message is originally sent. The message gets altered as it travels
through the metagraph, such that when the message arrives to the
destination, the MTU value contained in the message can be used to
send packets while making sure no relays will be forced to fall back to
TCP to deliver them.

The operating principles behind such a protocol message are similar to
how the UDP_INFO message works, but there is a key difference that
prevents us from simply reusing the same message: the UDP_INFO message
only cares about relay-to-relay links (i.e. it is sent between static
relays and the information it contains only makes sense between two
adjacent static relays), while the MTU_INFO cares about the end-to-end
MTU, including the entire relay path. Therefore, UDP_INFO messages stop
when they encounter static relays, while MTU_INFO messages don't stop
until they get to the original packet sender.

Note that, technically, the MTU that is obtained through this mechanism
can be slightly pessimistic, because it can be lowered by an
intermediate node that is not being used as a relay. Since nodes have no
way of knowing whether they'll be used as dynamic relays or not (and
have no say in the matter), this is not a trivial problem. That said,
this is highly unlikely to result in noticeable issues in realistic
scenarios.
2015-03-14 13:39:05 +00:00
Etienne Dechamps
9bb230f30f Add UDP_INFO protocol message.
In this commit, nodes use UDP_INFO messages to provide UDP address
information. The basic principle is that the node that receives packets
sends UDP_INFO messages to the node that's sending the packets. The
message originally contains no address information, and is (hopefully)
updated with relevant address information as it gets relayed through the
metagraph - specifically, each intermediate node will update the message
with its best guess as to what the address is while forwarding it.

When a node receives an UDP_INFO message, and it doesn't have a
confirmed UDP tunnel with the originator node, it will update its
records with the new address for that node, so that it always has the
best possible guess as to how to reach that node. This applies to the
destination node of course, but also to any intermediate nodes, because
there's no reason they should pass on the free intel, and because it
results in nice behavior in the presence of relay chains (multiple nodes
in a path all trying to reach the same destination).

If, on the other hand, the node does have a confirmed UDP tunnel, it
will ignore the address information contained in the message.

In all cases, if the node that receives the message is not the
destination node specified in the message, it will forward the message
but not before overriding the address information with the one from its
own records. If the node has a confirmed UDP tunnel, that means the
message is updated with the address of the confirmed tunnel; if not,
the message simply reflects the records of the intermediate node, which
just happen to be the contents of the UDP_INFO message it just got, so
it's simply forwarded with no modification.

This is similar to the way ANS_KEY messages are currently
overloaded to provide UDP address information, with two differences:

 - UDP_INFO messages are sent way more often than ANS_KEY messages,
   thereby keeping the address information fresh. Previously, if the UDP
   situation were to change after the ANS_KEY message was sent, the
   sender would virtually never get the updated information.

 - Once a node puts address information in an ANS_KEY message, it is
   never changed again as the message travels through the metagraph; in
   contrast, UDP_INFO messages behave the opposite way, as they get
   rewritten every time they travel through a node with a confirmed UDP
   tunnel. The latter behavior seems more appropriate because UDP tunnel
   information becomes more relevant as it moves closer to the
   destination node. The ANS_KEY behavior is not satisfactory in some
   cases such as multi-layered graphs where the first hop is located
   before a NAT.

Ultimately, the rationale behind this whole process is to improve UDP
hole punching capabilities when port translation is in effect, and more
generally, to make tinc more reliable in (very) hostile network
conditions (such as multi-layered NAT).
2015-03-14 13:39:05 +00:00
Guus Sliepen
6568cffd52 --syslog and --logfile are mutually exclusive. 2015-03-14 12:02:29 +00:00
Guus Sliepen
15ad628f06 Fix the case where we detach and use --logfile. 2015-03-14 12:02:06 +00:00
Guus Sliepen
04fc19112d Merge remote-tracking branch 'seehuhn/1.1' into 1.1 2015-03-14 11:45:55 +00:00
Guus Sliepen
f9ecaa1076 Merge remote-tracking branch 'dechamps/sptpsabort' into 1.1 2015-03-14 11:44:38 +00:00
Jochen Voss
19d16e40cc Add a new --syslog option for tincd.
This commit adds a new command line option for tincd which allows to
use tincd in non-detached mode with log messages still going to
syslog.  The motivation for this change is to ease use of tincd
in Docker containers.
2015-03-13 11:05:22 +00:00
Etienne Dechamps
2e7f68ad2b Don't abort() willy-nilly in SPTPS code.
If receive_handshake() or the receive_record() user callback returns an
error, sptps_receive_data_datagram() crashes the entire process. This is
heavy-handed, makes tinc very brittle to certain failures (i.e.
unexpected packets), and is inconsistent with the rest of SPTPS code.
2015-03-08 17:35:06 +00:00
Etienne Dechamps
c23e50385d Fix UDP/MTU discovery in intermediate SPTPS UDP relays.
Refactoring commit 81578484dc seems to
have introduced a regression as it moved discovery code away from
send_sptps_data_priv() and within send_packet(). The issue is,
send_packet() is not called when the node is simply relaying an UDP
SPTPS packet: indeed, send_sptps_data_priv() is called directly from
handle_incoming_vpn_data() in that case.

As a result, try_tx_sptps() is not called in the relaying case, which in
practice means that a relay doesn't initiate UDP/MTU discovery with the
next relay (unless some other activity compels it to do so). This can
result in packets getting sent over TCP instead of UDP from the relay.
2015-03-08 14:40:27 +00:00
Etienne Dechamps
0f8e2cc78c Fix dynamic UDP SPTPS relaying.
Refactoring commit 0e65326047 broke UDP
SPTPS relaying by accidently removing try_tx_sptps() logic related to
establishing connectivity to so-called "dynamic" relays (i.e. relays
that are not specified by IndirectData configuration statements, but
are used on-the-fly to circumvent loss of direct UDP connectivity).

Specifically, the TX path was not trying to establish a tunnel to
dynamic relays (nexthop) anymore. This meant that MTU was not being
discovered with dynamic relays, which basically meant that all packets
being sent to dynamic relays went over TCP, thereby defeating the whole
purpose of SPTPS UDP relaying.

Note that this bug could easily go unnoticed if a tunnel was established
with the dynamic tunnel for some other reason (i.e. exchanging actual
data packets with the relay node).
2015-03-08 14:28:07 +00:00
xentec
537c352886 Fix compile errors introduced in cfe9285adf
Compiling with `--disable-legacy-protocol` resulted in failure caused by the missing exclusion of some symbols in net_packet.c.
2015-02-17 04:02:35 +01:00
Guus Sliepen
cffcaf966b Suppress warnings about parsing Ed25519 keys when they are not present. 2015-02-16 08:42:30 +01:00
Guus Sliepen
833a8a048b Document that --force should precede commands. 2015-02-16 08:26:49 +01:00
Guus Sliepen
4b2ddded2c Make "tinc add" idempotent.
When calling "tinc add" multiple times with the same variable and value,
make sure only one unique line is added to the configuration file.
2015-02-09 15:23:59 +01:00