j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
2089 commits 2 branches 0 tags 10 MiB
Commit graph

195 commits

Author SHA1 Message Date
Guus Sliepen
73d77dd416 Replace asprintf() by xasprintf(). 2009-09-08 18:18:36 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1 
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
 2009-06-05 23:14:13 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e. 
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
 2009-05-24 19:31:31 +02:00
Michael Tokarev
218adee785 format 'not supported on this platform' error message 
Format it in a similar way in all places, to make translation happier.
No functional changes.
 2009-05-18 15:35:52 +02:00
Michael Tokarev
6698f7c390 Rename setup_network_connections() and split out try_outgoing_connections() 
In preparation of chroot/setuid operations, split out call to
try_outgoing_connections() from setup_network_connections()
(which was the last call in setup_network_connections()).
This is because dropping privileges should be done in-between
setup_network_connections() and try_outgoing_connections().

This patch renames setup_network_connections() to setup_network()
and moves call to try_outgoing_connections() into main routine.

No functional changes.
 2009-05-18 14:34:24 +02:00
Guus Sliepen
3308d13e7e Handle UDP packets from different and ports than advertised. 
Previously, tinc used a fixed address and port for each node for UDP packet
exchange.  The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different.  Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
 2009-04-03 01:05:23 +02:00
Guus Sliepen
08aabbf931 Merge branch 'master' into 1.1 
Conflicts:
	NEWS
	README
	doc/tinc.conf.5.in
	doc/tinc.texi
	po/nl.po
	src/conf.c
	src/connection.c
	src/event.c
	src/graph.c
	src/net.c
	src/net_packet.c
	src/net_socket.c
	src/node.c
	src/node.h
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
	src/protocol_misc.c
	src/subnet.c
	src/subnet.h
	src/tincd.c
 2009-03-09 19:02:24 +01:00
Guus Sliepen
43fa7283ac Use a simple Random Early Drop algorithm in send_tcppacket(). 2009-03-09 14:04:31 +01:00
Guus Sliepen
d5b56bbba5 Disable PMTUDiscovery in switch and hub modes. 
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU.  However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
 2009-03-09 13:48:54 +01:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
503c32eb0e Use a global list to track outgoing connections. 
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.

Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
 2009-01-20 13:12:41 +01:00
Guus Sliepen
a7e793c94e Add missing cleanup functions in close_network_connections(). 2009-01-19 23:17:28 +01:00
Guus Sliepen
a39a9506cd Move free()s at the end om main() to the proper destructor functions. 2009-01-09 12:36:06 +01:00
Guus Sliepen
0e4d419aae Enable PMTU discovery by default. 2008-12-22 20:35:45 +00:00
Guus Sliepen
046158a216 Use the crypto wrappers again instead of calling OpenSSL directly. 
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
 2008-12-11 14:44:44 +00:00
Scott Lamb
40731d030f Temporarily revert to old crypto code 
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)

This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
 2007-11-07 02:47:05 +00:00
Guus Sliepen
1b8f891836 Finish crypto wrapping. Also provide wrappers for OpenSSL. 
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
 2007-05-23 13:45:49 +00:00
Guus Sliepen
465837dd7f Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption. 2007-05-20 22:28:49 +00:00
Guus Sliepen
bf8e3ce13d Remove pidfile in favour of control socket. 2007-05-19 14:13:21 +00:00
Guus Sliepen
01f47c46af Start of control socket implementation. 2007-05-18 16:52:34 +00:00
Guus Sliepen
fb0cfccf7d Use splay trees instead of AVL trees. 2007-05-18 10:05:26 +00:00
Guus Sliepen
f02d3ed3e1 K&R style braces 2007-05-18 10:00:00 +00:00
Guus Sliepen
ddc6a81a85 Remove global variable "now". 2007-05-18 09:34:06 +00:00
Guus Sliepen
7e1117197c Move key regeneration handling to net_setup.c. 2007-05-17 23:57:48 +00:00
Guus Sliepen
bf6490825e Remove legacy event system. 2007-05-17 22:13:12 +00:00
Guus Sliepen
d8dea8091f Properly delete listener socket events on shutdown. 2007-05-17 19:51:26 +00:00
Scott Lamb
38c25d62c2 Convert to libevent. 
This is a quick initial conversion that doesn't yet show much advantage:
- We roll our own timeouts.
- We roll our own signal handling.
- We build up the meta connection fd events on each loop rather than
  on state changes.
 2007-02-27 01:57:01 +00:00
Scott Lamb
834290b00f A couple missed tevent things. 
(Sorry; had a couple changes queued.)
 2007-02-27 01:30:57 +00:00
Scott Lamb
6362b12df7 Rename "event_t" to "tevent_t", along with associated functions. 
This relieves some confusion and problems during the libevent transition.
In particular, "event_add" was defined by both.
(The 't' stands for 'timeout', 'tinc', 'temporary', or some such.)
 2007-02-27 01:26:11 +00:00
Guus Sliepen
1bb5a284fe Make sure resolved addressed for outgoing connections are freed, if there are any. 2006-11-29 16:57:46 +00:00
Guus Sliepen
0714ac6c59 Nodes use events, so event system should be initialised first and destroyed last. 2006-11-11 22:44:15 +00:00
Guus Sliepen
1728d5b2c4 The "active" bit in node.status is not used. 2006-11-11 13:43:00 +00:00
Guus Sliepen
f88c9942e1 Use memcpy() to copy sockaddrs returned by getaddrinfo(). 
Thanks to Miles Nordin for spotting this.
 2006-06-11 18:53:27 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
af95368c0f Fix signedness compiler warnings. 2006-03-19 13:06:21 +00:00
Guus Sliepen
a90f1b652c Make sure $NAME is set correctly when executing tinc-down script. 2006-02-06 12:30:51 +00:00
Guus Sliepen
228e7a5c8f Apply patch from Scott Lamb adding an output buffer for the TCP sockets. 
This helps coalescing multiple send_meta() commands into one TCP packet.
Also limit the size of the output buffer before dropping PACKETs.
 2006-01-19 17:13:18 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
c46f56a8b8 subnet-up/down hooks 2004-12-01 20:06:05 +00:00
Guus Sliepen
4fe7aff4d1 Add BlockingTCP option, useful when using TCPOnly on slow or congested links. 2004-11-10 21:56:31 +00:00
Guus Sliepen
7926a156e5 Update copyrights, links, email addresses and let Subversion update $Id$ keywords. 2004-03-21 14:21:22 +00:00
Guus Sliepen
af86a3226e Revert Martin Kihlgren's patch, it doesn't work the way it should. 2004-03-20 22:23:42 +00:00
Guus Sliepen
56aad1bb48 Applied Martin Kihlgren's IdentityGenerosity patch, 
simplified and renamed to StrictSource.
 2004-03-20 15:28:55 +00:00
Guus Sliepen
a92c471a2b Only read our public key if it wasn't already in the private key file. 2004-03-15 18:15:02 +00:00
Guus Sliepen
6d41b429a2 Better name, show probed MTU in dump. 2003-12-20 21:25:17 +00:00
Guus Sliepen
9bab08e972 More sensible name, and try to set PMTU discovery on IPv6 sockets as well. 2003-12-20 21:09:33 +00:00
Guus Sliepen
6b12bea62f Let tinc figure out the exact MTU of the link. 2003-12-20 19:47:53 +00:00
Guus Sliepen
25447b3841 Read MaxTimeout from tinc.conf like the manpage says. 2003-12-07 14:28:39 +00:00
Guus Sliepen
e3220cacb5 Replace Opaque and Strict options with a TunnelServer option. 2003-11-17 15:30:18 +00:00
Guus Sliepen
a1ab57e275 Check all EVP_ function calls. 2003-10-11 12:16:13 +00:00
Guus Sliepen
6c5f3d8b74 We don't have to tell GCC how to cast. 2003-08-28 21:05:11 +00:00
Guus Sliepen
7ed2559025 Fix permissions check for rsa_key.priv. 2003-08-14 14:21:35 +00:00
Guus Sliepen
9bde92ce97 Simpler checking of permissions on private RSA key and other fixes. 2003-08-08 22:11:54 +00:00
Guus Sliepen
fcbe29bc4c No C99 initialisers, gcc 2.95.3 doesn't like it. 
Also make sure getopt.h is included.
 2003-07-30 11:50:45 +00:00
Guus Sliepen
721e4caee0 Native Windows support. 2003-07-29 22:59:01 +00:00
Guus Sliepen
5cb1471351 Don't initialise a CIPHER_CTX if cipher == NULL. 2003-07-23 22:17:31 +00:00
Guus Sliepen
4aadb9500d Run setup_device() after parsing configuration but before claiming we're ready. 2003-07-22 21:13:23 +00:00
Guus Sliepen
eefa28059a Use bools and enums where appropriate. 2003-07-22 20:55:21 +00:00
Guus Sliepen
123bb765d1 Use iface instead of interface because it might already be declared in 
system header files.
 2003-07-18 13:45:06 +00:00
Guus Sliepen
e449d94cae Big header file cleanup: everything that has to do with standard system 
libraries is moved to system.h.
 2003-07-17 15:06:27 +00:00
Guus Sliepen
5db596c684 Simplify logging, update copyrights and some minor cleanups. 2003-07-12 17:41:48 +00:00
Guus Sliepen
0b9175e998 Define logger(), cleans up source code and allows us to write log entries 
to a separate file.
 2003-07-06 22:11:37 +00:00
Guus Sliepen
9528a63c35 Really make tinc default to any addressfamily. 2003-06-25 20:52:59 +00:00
Guus Sliepen
c70f52087b - Per-node EVP_CIPHER_CTX to avoid initialisation overhead. 
- LZO compression, thanks to Teemu Kiviniemi.
- Updated dutch translation.
 2003-05-06 21:13:18 +00:00
Guus Sliepen
9792ba2cac - Avoid memory leak caused by OpenSSL 0.9.7a. 
- Disable RSA_blinding_on() because it segfaults.
 2003-03-28 13:41:49 +00:00
Ivo Timmermans
2fff0a91a7 Call RSA_blinding_on(), as advised in the paper on 
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
to offer some resistance against timing attacks.
 2003-03-14 09:43:10 +00:00
Guus Sliepen
38f562fdfc Add $NAME for tinc-up/down scripts. 2003-01-14 12:53:59 +00:00
Guus Sliepen
5eca9520d9 Small fixes so tinc compiles out of the box on SunOS 5.8 2002-09-15 14:55:54 +00:00
Guus Sliepen
6f9f6779e6 Remove redundant spaces. 2002-09-09 22:33:31 +00:00
Guus Sliepen
f75dcef72a Switch to K&R style indentation. 2002-09-09 21:25:28 +00:00
Guus Sliepen
5fc1ed17f4 Cleanups: 
- Convert cp to cp(); so that automatic indenters work.
 - Convert constructions like if(x == NULL) to if(!x).
 - Move all assignments out of conditions.
 2002-09-09 19:40:12 +00:00
Guus Sliepen
82ebfc923d Revert to edge and graph stuff. This time, use a directed graph. 2002-09-04 13:48:52 +00:00
Guus Sliepen
d134c4542d Drop graph and edge stuff. Use new node stuff instead. 2002-09-03 20:43:26 +00:00
Guus Sliepen
36cbaa32f4 Allow list of environment variables to be passed to execute_script(). 
When executing host-up/down scripts, include the address and port of the
remote host.
 2002-07-10 11:27:06 +00:00
Guus Sliepen
627f7c22b4 s/sliepen.warande.net/sliepen.eu.org/g 
s/itimmermans@bigfoot.com/ivo@o2w.nl/g
 2002-06-21 10:11:37 +00:00
Guus Sliepen
940fcb6701 Reset listen_sockets after SIGHUP. 2002-06-13 16:12:40 +00:00
Guus Sliepen
78e8852184 - netinet/* include files depend on netinet/in_systm.h. 
- Squash bashism in configure.in.
 2002-06-08 14:08:57 +00:00
Guus Sliepen
116ba3b3da Cleanup: 
- Remove checks for specific OS's, instead check for #defines/#includes.
 - Use uint??_t where appropriate.
 - Mask handling functions use void pointers to get rid of silly casts.
 2002-06-08 12:57:10 +00:00
Guus Sliepen
4856d8e1f8 Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts 
public keys generated by the OpenSSL command line tools.
 2002-06-02 16:06:33 +00:00
Guus Sliepen
b6ad4ce35a Add BindToAddress variable, similar to the late BindToIP. 2002-04-23 07:49:38 +00:00
Guus Sliepen
d8c249008a check_rsa() is broken, I don't know why, just remove it for now. 2002-04-01 21:28:39 +00:00
Guus Sliepen
33d8747021 Set myself->status.reachable. 2002-03-25 13:54:49 +00:00
Guus Sliepen
52e7699273 - Added support for jumbograms. 
- Remove tcpaddress from edges, it is not used at all.
- Last bits of code to prevent looping requests.
 2002-03-22 11:43:48 +00:00
Guus Sliepen
305505f5ec Remember sockaddrs of listening sockets, use appropriate one when sending 
UDP packets.
 2002-03-18 22:47:20 +00:00
Guus Sliepen
5ffeb13d65 Don't retry to make outgoing connections when exitting. 2002-03-10 16:09:15 +00:00
Guus Sliepen
0c16add71c Check if BindToDevice and PriorityInheritance are supported. 2002-03-01 15:14:29 +00:00
Guus Sliepen
14979f835d - Global time_t now, so that we don't have to call time() too often. 
- MAC addresses expire after a time configurable by MACExpire (default 600
  seconds)
 2002-03-01 14:09:31 +00:00
Guus Sliepen
f93b1334e0 Create/bind TCP and UDP listening sockets in pairs. 2002-03-01 13:18:54 +00:00
Guus Sliepen
80ea653e8d Fix listening sockets. 2002-03-01 12:25:58 +00:00
Guus Sliepen
50403909b6 Allow multiple listening sockets. 2002-02-26 23:26:41 +00:00
Guus Sliepen
dbc5b5bb5e - Use gai_strerror() where appropriate 
- Clear hints before using them with getaddrinfo()
- Use sa_len on platforms that support them
 2002-02-20 22:15:32 +00:00
Guus Sliepen
c6d0158831 Protocol now also exchanges cipher/digest/maclength/compression for the 
meta connection.
 2002-02-20 19:25:09 +00:00
Guus Sliepen
8c91fac315 Use AF_UNSPEC for listening sockets if AddressFamily = any. 2002-02-20 16:04:39 +00:00
Guus Sliepen
c2b9c06062 - Non-blocking connect()s. 
- Socket handling revamped to use sockaddr_t.
- tinc can now tunnel over IPv6.
- Handle all addresses and subnets in network byte order.
  Only convert them when they need to be printed.
- IPv6 subnets bigger than /128 now work.
- Use %s and strerror(errno) instead of %m.
 2002-02-18 16:25:19 +00:00