Commit graph

99 commits

Author SHA1 Message Date
Guus Sliepen
2a538ed343 Clamp MSS of IPv4 SYN packets.
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends.  We
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
sending too large packets.
2010-01-15 13:42:37 +01:00
Guus Sliepen
43e34d8180 Do not fragment packets smaller than RFC defined minimum MTUs.
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
68, but this is such a low limit that it will probably hurt performance, so we
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
791). If we detect a path MTU smaller than those minima, and we have to handle
a packet that is bigger than the PMTU but smaller than those minima, we forward
them via TCP instead of fragmenting or returning ICMP packets.
2009-12-23 19:22:06 +01:00
Guus Sliepen
92aefd25bf When learning MAC addresses, only check our own Subnets for previous entries.
Before it would check all addresses, and not learn an address if another node
already claimed that address. This caused fast roaming to fail, the code from
commit 6f6f426b35 was never triggered.
2009-11-28 11:52:23 +00:00
Guus Sliepen
43a6e78664 Handle weighted Subnets in switch and hub modes.
We now handle MAC Subnets in exactly the same way as IPv4 and IPv6 Subnets.
This also fixes a problem that causes unncessary broadcasting of unicast
packets in VPNs where some daemons run 1.0.10 and some run other versions.
2009-10-20 22:33:16 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
b5ccce2968 Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum.  If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives.  We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
2009-09-15 23:22:13 +02:00
Guus Sliepen
9915f2abbe Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
2009-09-12 14:19:36 +02:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
1c1a67fd93 Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
2009-02-17 14:43:05 +01:00
Guus Sliepen
67df7fb7e1 Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP.  The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
a4d99ebf50 Add missing parentheses in check for IPv4 multicast addresses. 2008-12-26 12:46:45 +00:00
Guus Sliepen
de032054de Handle broadcast and multicast packets in router mode.
Multicast packets are treated as broadcast packets.
Based on a patch from Max Rijevski.
2008-12-23 22:31:38 +00:00
Guus Sliepen
134dc8995b memcpy() addresses from packet headers before calling the lookup functions.
This probably fixes a problem on the ARM architecture that causes tinc to fail to lookup IPv4 addresses.
2006-08-09 22:31:10 +00:00
Guus Sliepen
9fa27097dd Fix format string warnings. 2006-08-08 13:29:17 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
d02d81ff9d Let compiler decide when to inline. 2004-11-10 19:36:02 +00:00
Guus Sliepen
e8b11b1cca Missing check for NULL-pointer. 2004-11-10 18:10:59 +00:00
Guus Sliepen
b0a80007e8 Fix several #includes. 2004-10-01 18:23:08 +00:00
Guus Sliepen
7926a156e5 Update copyrights, links, email addresses and let Subversion update $Id$ keywords. 2004-03-21 14:21:22 +00:00
Guus Sliepen
aebc97a77f Small fixes for PMTU discovery. 2003-12-24 10:48:15 +00:00
Guus Sliepen
35399784b6 Improvements for PMTU discovery and IPv4 packet fragmentation. 2003-12-22 11:04:17 +00:00
Guus Sliepen
6d41b429a2 Better name, show probed MTU in dump. 2003-12-20 21:25:17 +00:00
Guus Sliepen
6b12bea62f Let tinc figure out the exact MTU of the link. 2003-12-20 19:47:53 +00:00
Guus Sliepen
e8fbef5de6 Forget multicast. Always inline some function. 2003-12-13 21:50:26 +00:00
Guus Sliepen
5a1406adef Code beautification, start of multicast support. 2003-12-12 19:52:25 +00:00
Guus Sliepen
354b7ab20e Fix proxy-neighborsolicitation. 2003-12-08 12:00:40 +00:00
Guus Sliepen
c97b8827ed const 2003-10-06 13:57:12 +00:00
Guus Sliepen
60943122f7 Copy structs from packets to the stack before using them, to prevent
alignment issues.
2003-10-06 13:49:57 +00:00
Guus Sliepen
acbb9d6692 Better length checks. 2003-10-01 09:14:01 +00:00
Guus Sliepen
288d956728 Check for short packets from the tun/tap device and from other tinc daemons. 2003-09-23 20:59:01 +00:00
Guus Sliepen
6c5f3d8b74 We don't have to tell GCC how to cast. 2003-08-28 21:05:11 +00:00
Guus Sliepen
1fe5663787 No easy way to properly detect header files... 2003-07-31 13:18:34 +00:00
Guus Sliepen
eefa28059a Use bools and enums where appropriate. 2003-07-22 20:55:21 +00:00
Guus Sliepen
271d3537fe Remove all #ifndefs from route.c 2003-07-18 12:21:03 +00:00
Guus Sliepen
b0a4f7b555 Even more missing definitions. 2003-07-18 12:16:24 +00:00
Guus Sliepen
e449d94cae Big header file cleanup: everything that has to do with standard system
libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
Guus Sliepen
d26a4af456 Export mymac. 2003-07-15 16:26:18 +00:00
Guus Sliepen
5db596c684 Simplify logging, update copyrights and some minor cleanups. 2003-07-12 17:41:48 +00:00
Guus Sliepen
30c0381d71 Provide all missing IPv6 definitions in lib/ipv6.h. 2003-07-07 11:11:33 +00:00
Guus Sliepen
1401faf608 Sprinkling the source with static and attributes. 2003-07-06 23:16:29 +00:00
Guus Sliepen
0b9175e998 Define logger(), cleans up source code and allows us to write log entries
to a separate file.
2003-07-06 22:11:37 +00:00
Guus Sliepen
8681047030 Check for IPv6 header files. 2003-07-06 17:49:49 +00:00
Guus Sliepen
81f5713ab7 - simplify configure.in
- drop support for OpenSSL < 0.9.7
- add some missing definitions/includes
2003-07-06 17:15:25 +00:00
Guus Sliepen
0a9aef2da7 More braces to make gcc happy. 2003-06-11 19:40:43 +00:00
Guus Sliepen
12de5a8eed Remove mymac stuff from device.c. 2003-06-11 19:28:38 +00:00