Commit graph

173 commits

Author SHA1 Message Date
Guus Sliepen
402b85c482 Log error if two hosts connect with same IP/port tuple. 2001-06-29 13:09:32 +00:00
Guus Sliepen
9a0a50cd3c Woops - big bug in send_key_changed fixed. 2001-06-09 10:00:34 +00:00
Guus Sliepen
ba918dce28 Only reset seconds_till_retry when we activate the outgoing connection. 2001-06-08 18:02:10 +00:00
Guus Sliepen
4f9dad0972 - tinc can now act as a switch or a hub too (as opposed to a router only)
- cleaner initialisation of "UNKNOWN" and "MYSELF" names
2001-06-05 16:09:55 +00:00
Guus Sliepen
fcf869cd42 TCPonly now works (in a relatively clean way too). 2001-05-25 11:54:28 +00:00
Guus Sliepen
4dee76522e Small fixes:
- Fix compiler warnings (one was a real (but harmless) bug)
- Don't send PING packets if there is UDP traffic
- Correctly terminate strings containing salt for PING/PONG packets
2001-05-25 08:36:11 +00:00
Guus Sliepen
bfc5d6014e Only send key_changed if it was previously requested. 2001-05-24 21:52:26 +00:00
Guus Sliepen
d1b597758e Add randomness to PING/PONG packets to prevent crypto attacks on quiet
tunnels.
2001-05-24 21:29:09 +00:00
Guus Sliepen
e4f3d93ec6 - s/ip_t/ipv4_t/g
- Add "salt" to the beginning of UDP packets. Replaces length field which
  is not useful anyway.
2001-05-07 19:08:46 +00:00
Guus Sliepen
156ec67652 Check indirectdata option before forwarding certain requests. 2001-03-13 21:33:31 +00:00
Guus Sliepen
34f9e6cf2d - route.c is now used to determine destination
- flags are removed, since they were not used at all. Use options instead.
- indirectdata works now, tcponly almost...
- made functions that don't return useful information void
2001-03-04 13:59:32 +00:00
Guus Sliepen
d2a54597e0 Added explaination of our key exchange using RSA encryption. 2001-03-02 11:25:56 +00:00
Guus Sliepen
4fa12eb85d Removed lots of compiler warnings. 2001-02-27 16:37:31 +00:00
Guus Sliepen
34b7a876c3 - Make sure METAKEY is smaller than the modulus of the RSA key
- Get symmetric key from the least significant bytes of the RSA message
2001-02-26 11:37:20 +00:00
Guus Sliepen
82455be966 Implemented new authentication scheme from doc/SECURITY2. 2001-02-25 19:09:45 +00:00
Guus Sliepen
54881faf6f Encrypt network packets in CBC mode instead of CFB mode.
(This breaks compatibility with all previous versions!)
2001-02-25 16:34:19 +00:00
Guus Sliepen
153fc35e57 Corrected check for errors after read() calls. 2001-02-25 11:09:29 +00:00
Guus Sliepen
f1cb3d8fa5 Removed another local definition of the variable "errno" 2001-02-06 10:42:27 +00:00
Guus Sliepen
f777c1807d FreeBSD compile fixes (thanks to XeF4) 2001-02-06 10:12:51 +00:00
Guus Sliepen
11f3e9d138 - Squashed another nasty bug. 2001-01-08 20:35:30 +00:00
Guus Sliepen
447a43d639 - Added indirectdata and tcponly functionality. 2001-01-07 20:19:35 +00:00
Guus Sliepen
d3f889c807 - It's 2001, all copyright notices are updated. 2001-01-07 17:09:07 +00:00
Guus Sliepen
07a08f5539 - Reinstated a queue for outgoing packets. 2001-01-07 15:25:49 +00:00
Guus Sliepen
f7bb205022 - Check and follow symlinks in is_safe_path
- By default write keys to tinc config directory
- Small fix in protocol.c
2001-01-06 18:03:41 +00:00
Guus Sliepen
e924096f62 - Let user choose whether keys are in the config files or separate
- Use AVL trees instead of RBL trees
- Fixed a lot of annoying subtle bugs! Thanks to gdb...
2001-01-05 23:53:53 +00:00
Guus Sliepen
e1707f7739 - Don't even think about using sscanf with %as anymore
- Allow keys to be inside the config files or in a seperate file
- Small fixes
2000-12-22 21:34:24 +00:00
Ivo Timmermans
6327f32f43 Tiny bits of code beautifying 2000-12-05 08:59:30 +00:00
Ivo Timmermans
a0f7af3ed7 New function read_rsa_public_key();
In net.c/setup_myself deleted old code to read the public key (which
is now implicitly read in together with the private key).
2000-11-30 23:18:21 +00:00
Guus Sliepen
1eedf54681 - Use only one socket for all UDP traffic (for compatibility)
- Write pidfile again after detaching
- Check OS (for handling FreeBSD/Solaris tun/tap stuff)
2000-11-25 13:33:33 +00:00
Guus Sliepen
6f373e6902 - More porting to FreeBSD and Solaris. 2000-11-22 22:05:37 +00:00
Guus Sliepen
5971e352da - Work with the correct key buffer in ans_key_h 2000-11-22 20:25:27 +00:00
Guus Sliepen
a07602c4fd - No more %as. 2000-11-22 19:55:53 +00:00
Guus Sliepen
f8b4a000d0 - Cleaned up and checked for some more NULL pointers in rbl.c
- Two connection lists: one for incoming connections, sorted on ip/port,
  one for connections whose identity we know, sorted on id ofcourse...
2000-11-22 18:54:08 +00:00
Guus Sliepen
408ca91766 - Integrate rbl trees into tinc. 2000-11-20 19:12:17 +00:00
Guus Sliepen
e118ba0a64 Porting to FreeBSD:
- Reorganized and added some #includes
2000-11-15 13:33:27 +00:00
Ivo Timmermans
bb2495e569 Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during
configure.
2000-11-15 01:06:13 +00:00
Guus Sliepen
7d0f82bd4b - Open UDP connection for all known hosts. Comments please. 2000-11-07 22:02:14 +00:00
Guus Sliepen
698191fd2f - Prepended config_ to all configuration option names, because it confused
everything (including myself).
- Use connection oriented UDP sockets for both incoming and outgoing
  packets.
2000-11-04 22:57:33 +00:00
Guus Sliepen
afc0579707 - Simplified ping mechanism. 2000-11-04 20:44:28 +00:00
Guus Sliepen
ac47586552 - Forward keys in hex notation, not as binary data. 2000-11-04 16:54:21 +00:00
Guus Sliepen
3f8f067e8b - Don't forget to set packet cipher for added hosts. 2000-11-04 16:39:19 +00:00
Ivo Timmermans
5065ea32c3 Warnings removal pass: always include config.h first; add a few
prototypes in the header files.

This also fixes a few lint errors/warnings.
2000-11-03 22:35:12 +00:00
Guus Sliepen
b7d4d4c177 - Finishing touch: encrypt the meta connections 2000-10-29 22:55:15 +00:00
Guus Sliepen
ec12269355 - Use CFB mode for encrypting packets: it works and we don't need padding. 2000-10-29 22:10:44 +00:00
Guus Sliepen
cea3d8f305 - Small fixes
- Do proper key exchange
- Encrypt packets - it works, but there is something wrong with the MAC
  header after decryption...
2000-10-29 10:39:08 +00:00
Guus Sliepen
8fa9bc017d - Removed old encr stuff 2000-10-29 09:19:27 +00:00
Guus Sliepen
2689690dc3 - Enforce correct order of authentication requests 2000-10-29 01:08:09 +00:00
Guus Sliepen
7398002ade - Fixed ans_key_h
- Removed tapsubnet configuration option.
2000-10-29 00:24:31 +00:00
Guus Sliepen
35932fe6c8 - Very big cleanup. 2000-10-29 00:02:20 +00:00
Guus Sliepen
f25868fd2b - Lots of small fixes
- Exchange subnets on acknowledgement of connection
- Do proper lookup when incoming packets from tap
- off-by-a small number-error when reading/sending tap packets
2000-10-28 21:05:20 +00:00
Guus Sliepen
9c2f805255 - Lots of little stuff modified
- Succesfully reads in subnets from host config file now and adds them to
  the list.
2000-10-24 15:46:18 +00:00
Guus Sliepen
52b842f807 - Fixed all debug levels.
- Seed PRNG before generating a challenge
- Strange thing in challenge decryption: it fails if first bit is set!?
2000-10-21 11:52:08 +00:00
Guus Sliepen
9f64499e40 - tinc now really does public/private key encryption! It even works, whee! 2000-10-20 15:34:38 +00:00
Guus Sliepen
20301888b7 - More fixing. Tinc daemons can now even create activated connections. 2000-10-16 19:04:47 +00:00
Guus Sliepen
bb3d18d56f - Fixing little things
- Two tinc daemons can connect to eachother now (but they disconnect right
  after the ACKs).
2000-10-16 16:33:30 +00:00
Guus Sliepen
85adeef212 - The daemon actually runs now (somewhat)
- Added support for tun/tap driver (autodetect!)
- More sophisticated checkpoint functionality
- Updated dutch translation
2000-10-15 00:59:37 +00:00
Guus Sliepen
e9635ae38e - Second fixing-things pass: it even links now.
- Lots of FIXME comments added to the source code.
2000-10-14 17:04:16 +00:00
Guus Sliepen
183a8edd22 - Fixing-things pass: every source file compiles into an object file now,
but linking tincd does not work yet (must link with openssl libs and
  define some missing functions).
2000-10-11 22:01:02 +00:00
Guus Sliepen
6e39481d8f - Generalized config file parsing to support multiple configuration trees. 2000-10-11 13:42:52 +00:00
Guus Sliepen
c78a204f06 - Added meta.c which contains functions to send, receive and broadcast
metadata. It will also handle encryption and decryption, and possibly
  compression and checksumming.
- Moved request dispatcher to protocol.c.
2000-09-26 14:06:11 +00:00
Guus Sliepen
361690b18c - Removed options "string" stuff. It was a bad idea...
- free() everything that is allocated.
2000-09-22 16:20:07 +00:00
Guus Sliepen
5afc1e98f4 - Severe code reduction and simplification of challenge requests
- "Finished" [add|del]_subnet_h
- Added lots of sanity checks to [add|del]_host_h
2000-09-22 15:06:28 +00:00
Guus Sliepen
5d0b3516d5 - Updated authentication scheme.
- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
2000-09-17 21:42:05 +00:00
Ivo Timmermans
7f3ab38c22 Second round of fixes 2000-09-15 12:58:40 +00:00
Ivo Timmermans
ed397b6ac6 First round of needed fixes after the overhaul 2000-09-14 21:51:21 +00:00
Guus Sliepen
c04c84c980 - Lots of small changes. 2000-09-14 11:54:51 +00:00
Guus Sliepen
9c75350ac6 - Fixed modulo in keylength check
- Updated header file to reflect new protocol code
2000-09-11 10:05:35 +00:00
Guus Sliepen
76b5f255c6 - Some key exchange stuff. (Last commit before going to bed.) 2000-09-10 23:11:37 +00:00
Guus Sliepen
675ed08a71 - Lots of functions added for the new protocol. 2000-09-10 22:49:46 +00:00
Guus Sliepen
6b9ec9ed1e - Added more function skeletons for the new protocol. 2000-09-10 16:15:35 +00:00
Guus Sliepen
28cc301595 - New protocol. Will break everything else for now. 2000-09-10 15:18:03 +00:00
Guus Sliepen
3cfc9424f2 - Moved TCP packet reception to meta handler: less kludgy and less buggy! 2000-08-08 17:07:48 +00:00
Guus Sliepen
ff87f385c3 Removed calling add_queue for tcponly packets. 2000-08-08 13:47:57 +00:00
Guus Sliepen
ac73c72488 Fixed PACKET read loop. 2000-08-08 08:48:50 +00:00
Guus Sliepen
b6997b0050 - Lots o' buglets fixed (-Wall helps)
- Made TCPonly work :)
2000-08-07 16:27:29 +00:00
Guus Sliepen
fdc6a2f106 - Added experimental hackish tunneling-over-TCP support.
Just use TCPonly = true in the configuration file.
2000-08-07 14:52:16 +00:00
Guus Sliepen
1a1ebefd57 - Made tinc even more silent if no -d flag is given at all. 2000-06-30 21:03:51 +00:00
Guus Sliepen
c5737583c8 - Instead of logging an error when remote end closes the connection,
we print a nice message if appropiate debug level is set.
- If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists
  are really messed up. We restart, and hope our problems go away.
2000-06-30 12:41:06 +00:00
Guus Sliepen
0f9ad1f047 - Fixed memory leak.
- Implemented SIGHUP configuration file reloading.
- Other small changes.
2000-06-29 19:47:04 +00:00
Guus Sliepen
18c85caac3 - New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
improve connection list consistency, ensures the tree property, and
  allows for recovery from situations where track of connections is lost.
2000-06-29 17:09:08 +00:00
Guus Sliepen
e8e7379311 - Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
connection now has two hostnames: real_hostname (replacing the old),
  and vpn_hostname. In those places where hostnames really aren't usefull
  IP_ADDR_S has been replaced by %d.%d.%d.%d.
2000-06-29 13:04:15 +00:00
Guus Sliepen
8c6c60adf3 - Fixed a message in nl.po
- Woops, we forgot to send our connection list to our uplink when we
  connect to it... Fixed.
2000-06-28 13:41:02 +00:00
Guus Sliepen
ea40d3f1a0 - Fixed some spelling errors.
- Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de
  tijd gebracht.
2000-06-28 11:38:01 +00:00
Guus Sliepen
070ad08118 - Purge old connections that are ADD_HOSTed. 2000-06-27 20:55:12 +00:00
Guus Sliepen
4aeaea5e59 - Improved handling of errors on connection attempts. 2000-06-27 20:10:48 +00:00
Guus Sliepen
4faed1b854 - Fixed KEY_CHANGED notification. A lot of notify_others() calls were
wrong (first two arguments swapped). Should probably be doublechecked.
- Don't retry to connect to hosts with different protocol versions.
2000-06-27 12:58:04 +00:00
Guus Sliepen
04cb206298 - Moved all connection messages to debug level 1, without -d's only the
startup message will be logged.
- Fixed DEL_HOST rebound.
2000-06-26 20:30:21 +00:00
Guus Sliepen
783c829861 - Indirectdata finally REALLY REALLY works now!
- More precise debug messages
2000-06-26 19:39:34 +00:00
Guus Sliepen
b3681ebf6c Fixes some hostlookups. Fixes indirectdata for real now (hopefully). 2000-06-26 17:20:58 +00:00
Guus Sliepen
a473ece8a0 - More verbose connection list
- Added "myself" as hostname when logging indirect ADD_HOSTs
2000-06-25 16:39:17 +00:00
Guus Sliepen
f1f901112e Hostlookup() is actually being called now. 2000-06-25 16:20:27 +00:00
Guus Sliepen
54079bdf03 Hostnames are back! 2000-06-25 16:01:12 +00:00
Guus Sliepen
e4b586ed07 - Log possible spoofing attacks.
- Don't broadcast DEL_HOSTs for hosts that haven't been activated yet.
- If a host sends a TERMREQ, deactivate them.
2000-06-25 15:45:09 +00:00
Guus Sliepen
7f7e158aae Large cleanup:
- Removed hostname lookup (it blocks, and you can always do it yourself)
- Reorganized debug levels (after hints from Axel M�ller):
  0	Startup message and errors
  1	Connection logging
  2	Meta protocol information
  3	Verbose meta protocol (includes copy of transmitted requests)
  4	Packet information (logs transmission/errors of UDP packets)
  5	Verbose packet information (every single byte, not implemented yet
	to protect ourselves from filling up /var/log directories)
- Made log messages more consistent
2000-06-25 15:16:12 +00:00
Guus Sliepen
d8e2f7104c First step for implementation of the "indirectdata" directive. This should
allow _leaf_ tincds to be behind firewalls.
The protocol has changed and is INCOMPATIBLE with previous versions. The
PROT_CURRENT value has been incremented.
2000-06-23 19:27:03 +00:00
Ivo Timmermans
17fa07510a Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients. 2000-05-30 21:36:16 +00:00
Guus Sliepen
a7ad161d2b Only activate a connection upon receiving it's public key if it's an
incoming connection. When it's outgoing, we need to receive an ack first.
2000-05-29 23:40:05 +00:00
Ivo Timmermans
9fd02ffcb0 Internationalization of tinc. 2000-05-29 21:01:26 +00:00
Guus Sliepen
61e71ab74a Terminate a connection on any error. Furthermore, disallow del_host,
add_host and other important requests until remote host has properly
authenticated itself.
2000-05-27 20:23:01 +00:00
Guus Sliepen
028659bfbf Fixed typos. When terminating a connection, it's status is not only set to
remove=1 but also active=0.
2000-05-27 19:23:20 +00:00