Guus Sliepen
66be914d35
Do not log errors when recvfrom() returns EAGAIN or EINTR.
...
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
2009-06-11 19:26:34 +02:00
Guus Sliepen
36f8e4da8b
Don't try to send MTU probes to unreachable nodes.
...
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
2009-06-11 18:36:08 +02:00
Guus Sliepen
9b129c07e2
Fix pointer arithmetic when creating and verifying message authentication codes.
2009-06-06 20:14:51 +02:00
Guus Sliepen
4124b9682f
Handle truncated message authentication codes.
2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de
Merge branch 'master' into 1.1
...
Conflicts:
doc/tincd.8.in
lib/pidfile.c
src/graph.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/node.h
src/protocol_auth.c
src/protocol_key.c
src/tincd.c
2009-06-05 23:14:13 +02:00
Guus Sliepen
4e9e3ca89d
Do not forward broadcast packets when TunnelServer is enabled.
...
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
2009-05-25 15:04:33 +02:00
Guus Sliepen
7fc69bc73b
Use packet size before decompression to calculate path MTU.
...
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
2009-05-25 12:19:37 +02:00
Guus Sliepen
e012e752f4
Fix initialisation of packet decryption context broken by commit 3308d13e7e
.
...
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.
Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Michael Tokarev
0246939ce1
don't log every strange packet coming to the UDP port
...
it's a sure way to fill up syslog. Only log those if
debug level is up to PROTOCOL
2009-05-24 17:28:24 +02:00
Guus Sliepen
2c67eafc6e
If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily.
2009-05-24 15:58:47 +02:00
Guus Sliepen
3308d13e7e
Handle UDP packets from different and ports than advertised.
...
Previously, tinc used a fixed address and port for each node for UDP packet
exchange. The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different. Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
2009-04-03 01:05:23 +02:00
Guus Sliepen
08aabbf931
Merge branch 'master' into 1.1
...
Conflicts:
NEWS
README
doc/tinc.conf.5.in
doc/tinc.texi
po/nl.po
src/conf.c
src/connection.c
src/event.c
src/graph.c
src/net.c
src/net_packet.c
src/net_socket.c
src/node.c
src/node.h
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_key.c
src/protocol_misc.c
src/subnet.c
src/subnet.h
src/tincd.c
2009-03-09 19:02:24 +01:00
Guus Sliepen
78fc59e994
Update THANKS and copyright information.
2009-03-05 14:12:36 +01:00
Guus Sliepen
67df7fb7e1
Only send packets via UDP if UDP communication is possible.
...
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
636200d1a2
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
2008-12-11 15:56:18 +00:00
Guus Sliepen
046158a216
Use the crypto wrappers again instead of calling OpenSSL directly.
...
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Scott Lamb
40731d030f
Temporarily revert to old crypto code
...
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)
This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Guus Sliepen
1b8f891836
Finish crypto wrapping. Also provide wrappers for OpenSSL.
...
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
2007-05-23 13:45:49 +00:00
Guus Sliepen
fb0cfccf7d
Use splay trees instead of AVL trees.
2007-05-18 10:05:26 +00:00
Guus Sliepen
f02d3ed3e1
K&R style braces
2007-05-18 10:00:00 +00:00
Guus Sliepen
ddc6a81a85
Remove global variable "now".
2007-05-18 09:34:06 +00:00
Guus Sliepen
7e1117197c
Move key regeneration handling to net_setup.c.
2007-05-17 23:57:48 +00:00
Guus Sliepen
531d5a904a
Properly use the timeout_initialized() macro.
2007-05-17 22:17:24 +00:00
Guus Sliepen
3321591d93
Use libevent to send MTU probes.
2007-05-17 22:01:07 +00:00
Scott Lamb
38c25d62c2
Convert to libevent.
...
This is a quick initial conversion that doesn't yet show much advantage:
- We roll our own timeouts.
- We roll our own signal handling.
- We build up the meta connection fd events on each loop rather than
on state changes.
2007-02-27 01:57:01 +00:00
Scott Lamb
6362b12df7
Rename "event_t" to "tevent_t", along with associated functions.
...
This relieves some confusion and problems during the libevent transition.
In particular, "event_add" was defined by both.
(The 't' stands for 'timeout', 'tinc', 'temporary', or some such.)
2007-02-27 01:26:11 +00:00
Guus Sliepen
47d916ec5e
Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h.
2006-11-29 17:18:39 +00:00
Guus Sliepen
0714ac6c59
Nodes use events, so event system should be initialised first and destroyed last.
2006-11-11 22:44:15 +00:00
Guus Sliepen
8d393b30a9
Support and autodetect LZO version 2.0 and later.
2006-11-11 20:10:46 +00:00
Guus Sliepen
412f3fb510
Restore length of the original packet in send_udppacket().
2006-04-26 16:29:47 +00:00
Guus Sliepen
de78d79db8
Update copyright notices, remove Ivo's email address.
2006-04-26 13:52:58 +00:00
Guus Sliepen
af95368c0f
Fix signedness compiler warnings.
2006-03-19 13:06:21 +00:00
Guus Sliepen
df3220a154
Update copyright notices.
2005-05-04 18:09:30 +00:00
Guus Sliepen
0077cfaae1
Make sure broadcast packet reach the local network interface.
2004-11-16 19:02:54 +00:00
Guus Sliepen
ca7948fc06
Hopefully this really fixes late packet handling.
2004-11-09 09:51:35 +00:00
Guus Sliepen
f7b9761000
Fixed another bug in late packet handling.
2004-11-08 22:30:13 +00:00
Guus Sliepen
5373129344
Marking potential late packets was in the wrong place.
2004-09-20 20:55:49 +00:00
Guus Sliepen
7926a156e5
Update copyrights, links, email addresses and let Subversion update $Id$ keywords.
2004-03-21 14:21:22 +00:00
Guus Sliepen
af86a3226e
Revert Martin Kihlgren's patch, it doesn't work the way it should.
2004-03-20 22:23:42 +00:00
Guus Sliepen
56aad1bb48
Applied Martin Kihlgren's IdentityGenerosity patch,
...
simplified and renamed to StrictSource.
2004-03-20 15:28:55 +00:00
Guus Sliepen
519d63bedb
Don't forget to update destination MAC address.
2003-12-27 16:32:52 +00:00
Guus Sliepen
aebc97a77f
Small fixes for PMTU discovery.
2003-12-24 10:48:15 +00:00
Guus Sliepen
35399784b6
Improvements for PMTU discovery and IPv4 packet fragmentation.
2003-12-22 11:04:17 +00:00
Guus Sliepen
9bab08e972
More sensible name, and try to set PMTU discovery on IPv6 sockets as well.
2003-12-20 21:09:33 +00:00
Guus Sliepen
6b12bea62f
Let tinc figure out the exact MTU of the link.
2003-12-20 19:47:53 +00:00
Guus Sliepen
5a1406adef
Code beautification, start of multicast support.
2003-12-12 19:52:25 +00:00
Guus Sliepen
a1ab57e275
Check all EVP_ function calls.
2003-10-11 12:16:13 +00:00
Guus Sliepen
b0dd705a26
Check return value of EVP_* functions, and check if length before en/decryption
...
matches that after in meta.c.
2003-10-10 16:24:24 +00:00
Guus Sliepen
288d956728
Check for short packets from the tun/tap device and from other tinc daemons.
2003-09-23 20:59:01 +00:00
Guus Sliepen
6c5f3d8b74
We don't have to tell GCC how to cast.
2003-08-28 21:05:11 +00:00
Guus Sliepen
72bdc05cb7
Allow tinc to handle unknown type addresses from other tinc daemons.
2003-08-22 11:18:42 +00:00
Guus Sliepen
f4e80cc5e0
Don't getsockopt() SO_ERROR. We get the error from send()/recv() anyway.
2003-08-16 12:40:01 +00:00
Guus Sliepen
b4c913aaa9
Log error first, try to close later.
2003-08-08 19:42:35 +00:00
Guus Sliepen
83263b7446
Sprinkle around a lot of const and some C99 initialisers.
2003-07-24 12:08:16 +00:00
Guus Sliepen
eefa28059a
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
Guus Sliepen
e449d94cae
Big header file cleanup: everything that has to do with standard system
...
libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
Guus Sliepen
5db596c684
Simplify logging, update copyrights and some minor cleanups.
2003-07-12 17:41:48 +00:00
Guus Sliepen
1401faf608
Sprinkling the source with static and attributes.
2003-07-06 23:16:29 +00:00
Guus Sliepen
0b9175e998
Define logger(), cleans up source code and allows us to write log entries
...
to a separate file.
2003-07-06 22:11:37 +00:00
Guus Sliepen
249933350b
Small fixes.
2003-05-07 11:21:58 +00:00
Guus Sliepen
6ba4e2da55
Small fixes to make LZO compression work.
2003-05-06 23:14:45 +00:00
Guus Sliepen
c70f52087b
- Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
...
- LZO compression, thanks to Teemu Kiviniemi.
- Updated dutch translation.
2003-05-06 21:13:18 +00:00
Guus Sliepen
bc9e78250e
Better handling of late packets.
2003-04-18 21:18:36 +00:00
Guus Sliepen
9792ba2cac
- Avoid memory leak caused by OpenSSL 0.9.7a.
...
- Disable RSA_blinding_on() because it segfaults.
2003-03-28 13:41:49 +00:00
Guus Sliepen
5b2a62ebb6
Fix PriorityInheritance.
2002-11-14 22:09:03 +00:00
Guus Sliepen
5eca9520d9
Small fixes so tinc compiles out of the box on SunOS 5.8
2002-09-15 14:55:54 +00:00
Guus Sliepen
6f9f6779e6
Remove redundant spaces.
2002-09-09 22:33:31 +00:00
Guus Sliepen
f75dcef72a
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Guus Sliepen
5fc1ed17f4
Cleanups:
...
- Convert cp to cp(); so that automatic indenters work.
- Convert constructions like if(x == NULL) to if(!x).
- Move all assignments out of conditions.
2002-09-09 19:40:12 +00:00
Guus Sliepen
fbf8a47879
Remove global edge_tree.
2002-09-06 10:23:52 +00:00
Guus Sliepen
82ebfc923d
Revert to edge and graph stuff. This time, use a directed graph.
2002-09-04 13:48:52 +00:00
Guus Sliepen
d134c4542d
Drop graph and edge stuff. Use new node stuff instead.
2002-09-03 20:43:26 +00:00
Guus Sliepen
627f7c22b4
s/sliepen.warande.net/sliepen.eu.org/g
...
s/itimmermans@bigfoot.com/ivo@o2w.nl/g
2002-06-21 10:11:37 +00:00
Guus Sliepen
78e8852184
- netinet/* include files depend on netinet/in_systm.h.
...
- Squash bashism in configure.in.
2002-06-08 14:08:57 +00:00
Guus Sliepen
116ba3b3da
Cleanup:
...
- Remove checks for specific OS's, instead check for #defines/#includes.
- Use uint??_t where appropriate.
- Mask handling functions use void pointers to get rid of silly casts.
2002-06-08 12:57:10 +00:00
Ivo Timmermans
97d492d9e2
Put #ifndef checks for HAVE_RAND_PSEUDO_BYTES in the correct places.
2002-04-18 20:09:05 +00:00
Guus Sliepen
5eba1e1f6f
Limit the amount of packets in a queue to 8.
2002-03-27 15:01:37 +00:00
Guus Sliepen
2de5e0eef9
Send REQ_KEY only once until ANS_KEY has arrived.
2002-03-25 15:51:58 +00:00
Guus Sliepen
305505f5ec
Remember sockaddrs of listening sockets, use appropriate one when sending
...
UDP packets.
2002-03-18 22:47:20 +00:00
Guus Sliepen
8b84c44175
Unmap v4mapped sockaddrs.
2002-03-17 15:59:29 +00:00
Guus Sliepen
d6c2c4f2b7
Packet sequence number/authentication warnings only if debug_lvl >= 5.
2002-03-12 14:19:51 +00:00
Guus Sliepen
0c16add71c
Check if BindToDevice and PriorityInheritance are supported.
2002-03-01 15:14:29 +00:00
Guus Sliepen
14979f835d
- Global time_t now, so that we don't have to call time() too often.
...
- MAC addresses expire after a time configurable by MACExpire (default 600
seconds)
2002-03-01 14:09:31 +00:00
Guus Sliepen
c2b738e7b5
If "PriorityInheritance = yes" is specified in tinc.conf, the value of the
...
TOS field of the tunneled packets will be passed on to the UDP packets tinc
sends out.
2002-03-01 12:26:56 +00:00
Guus Sliepen
50403909b6
Allow multiple listening sockets.
2002-02-26 23:26:41 +00:00
Guus Sliepen
23fda5688e
- Change SA_LEN to SALEN, former one is already defined on some platforms.
...
- Use SALEN everywhere appropriate.
2002-02-20 22:37:38 +00:00
Guus Sliepen
dbc5b5bb5e
- Use gai_strerror() where appropriate
...
- Clear hints before using them with getaddrinfo()
- Use sa_len on platforms that support them
2002-02-20 22:15:32 +00:00
Guus Sliepen
28cc9a6488
Preserve inpkt->len, needed for broadcasts.
2002-02-20 19:31:15 +00:00
Guus Sliepen
c2b9c06062
- Non-blocking connect()s.
...
- Socket handling revamped to use sockaddr_t.
- tinc can now tunnel over IPv6.
- Handle all addresses and subnets in network byte order.
Only convert them when they need to be printed.
- IPv6 subnets bigger than /128 now work.
- Use %s and strerror(errno) instead of %m.
2002-02-18 16:25:19 +00:00