Commit graph

107 commits

Author SHA1 Message Date
Guus Sliepen
19be9cf715 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	lib/utils.c
	src/linux/device.c
	src/meta.c
	src/net.h
	src/net_setup.c
	src/net_socket.c
	src/protocol.c
	src/protocol_auth.c
	src/tincd.c
2012-06-26 13:24:20 +02:00
Guus Sliepen
58007d7efa Always pass request strings to other functions as const char *. 2012-05-08 16:44:15 +02:00
Sven-Haegar Koch
8b9e5af0d9 Label control connections for log output as "<control>", not "<unknown>". 2012-05-08 16:18:28 +02:00
Guus Sliepen
5ae19cb0bb Add support for proxying through an external command.
Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.
2012-04-19 15:18:31 +02:00
Guus Sliepen
fb5588856f Add support for SOCKS 5 proxies.
This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.
2012-04-19 14:10:54 +02:00
Guus Sliepen
b58d95eb29 Add basic support for SOCKS 4 and HTTP CONNECT proxies.
When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.
2012-04-18 23:19:40 +02:00
Guus Sliepen
86c2990327 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	src/Makefile.am
	src/conf.c
	src/conf.h
	src/connection.c
	src/net.c
	src/tincd.c
2012-03-25 23:35:31 +01:00
Guus Sliepen
3a4fe104a0 Add datagram mode to the SPTPS protocol.
* Everything is identical except the headers of the records.
* Instead of sending explicit message length and having an implicit sequence
  number, datagram mode has an implicit message length and an explicit sequence
  number.
* The sequence number is used to set the most significant bytes of the counter.
2012-03-18 16:42:02 +01:00
Guus Sliepen
4712d8f92e Update copyright notices. 2012-03-10 13:23:08 +01:00
Guus Sliepen
8ac096b5bf Allow log messages to be captured by tincctl.
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
2012-02-26 18:37:36 +01:00
Guus Sliepen
84570275ac Ensure all SPTPS functions are prefixed with sptps_. 2012-02-26 12:33:16 +01:00
Guus Sliepen
65d6f023c4 Use SPTPS when ExperimentalProtocol is enabled. 2012-02-25 18:25:21 +01:00
Guus Sliepen
3fba80174d Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	src/Makefile.am
	src/bsd/device.c
	src/connection.c
	src/connection.h
	src/cygwin/device.c
	src/device.h
	src/dropin.h
	src/linux/device.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/raw_socket_device.c
	src/route.c
	src/solaris/device.c
	src/tincd.c
	src/uml_device.c
2012-02-22 14:23:59 +01:00
Guus Sliepen
ea415ccc16 Rename connection_t *broadcast to everyone. 2012-02-20 17:12:48 +01:00
Guus Sliepen
b50d6a7f2a Fix compiler warnings. 2011-12-26 23:04:40 +01:00
Guus Sliepen
2f4ccfe247 Fix tinc 1.0.x daemons connecting when ExperimentalProtocol = yes. 2011-07-19 21:11:11 +02:00
Guus Sliepen
cff27a258f Use ECDSA to sign ECDH key exchange for UDP session keys.
The ECDSA public keys will also be included in the ANS_KEY requests,
but are only used when no ECDSA public key is known yet.
2011-07-16 20:21:44 +02:00
Guus Sliepen
2ba61742d4 Use the correct direction flag when setting cipher keys.
The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.
2011-07-16 15:15:29 +02:00
Guus Sliepen
303dd1e702 Fix compiler warnings. 2011-07-13 22:52:52 +02:00
Guus Sliepen
fec279a9c5 Make use of the improved hex and base64 functions.
Also, use base64 for all EC related data, it is shorter and easy to
distinguish from the legacy protocol.
2011-07-12 23:43:12 +02:00
Guus Sliepen
bbeab00f46 Require ExperimentalProtocol = yes for new features, update documentation. 2011-07-11 21:54:01 +02:00
Guus Sliepen
30ef2a981e Automatically exchange ECDSA keys and upgrade to new authentication protocol.
If we don't have ECDSA keys for the node we connect to, set protocol_minor
to 1, to indicate this to the other end. This will first complete the
old way of authentication with RSA keys, and will then exchange ECDSA keys.
The connection will be terminated right afterwards, and the next attempt
will use ECDSA keys.
2011-07-10 22:34:17 +02:00
Guus Sliepen
8132be8fbd Very primitive ECDSA signed ECDH key exchange for the meta protocol.
Nonces and hash of the ID requests should be included in the seed for the PRF.
2011-07-07 22:30:55 +02:00
Guus Sliepen
86d83bd9bd Bump minor protocol to indicate ECDH capability for UDP session keys. 2011-07-05 21:29:31 +02:00
Guus Sliepen
9708bbfa8e Add a minor number to the protocol version. 2011-07-05 21:19:48 +02:00
Guus Sliepen
9e3ca39773 Use variable length arrays instead of alloca(). 2010-11-13 15:55:38 +01:00
Guus Sliepen
a22041922f Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2010-11-12 16:15:29 +01:00
Guus Sliepen
ff71f28902 Merge local host configuration with server configuration.
With some exceptions, tinc only accepted host configuration options for the
local node from the corresponding host configuration file. Although this is
documented, many people expect that they can also put those options in
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
local host configuration file.
2010-10-22 12:47:12 +02:00
Guus Sliepen
113458c286 Use correct digest length when checking a received key. 2010-04-30 23:11:48 +02:00
Guus Sliepen
79e46d08a4 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	src/net.c
	src/net.h
2010-04-17 12:21:53 +02:00
Guus Sliepen
f75e71bc69 Convert Port to numeric form before sending it to other nodes.
If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes.  However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.
2010-04-03 09:46:45 +01:00
Sven-Haegar Koch
103543aa2c Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	have.h
	src/conf.c
	src/conf.h
	src/net.c
	src/net_packet.c
	src/protocol_key.c
	src/protocol_subnet.c
	src/route.c
	src/tincd.c
2010-03-26 16:51:03 +01:00
Guus Sliepen
40d91ff619 Update copyright notices. 2010-02-02 22:49:21 +01:00
Guus Sliepen
b455111184 Make MSS clamping configurable, but enabled by default.
It can either be set globally in tinc.conf, or per-node in host config files.
2010-01-16 20:16:33 +01:00
Guus Sliepen
edebf579f2 Use the TCP socket infrastructure for control sockets.
The control socket code was completely different from how meta connections are
handled, resulting in lots of extra code to handle requests.  Also, not every
operating system has UNIX sockets, so we have to resort to another type of
sockets or pipes for those anyway.  To reduce code duplication and make control
sockets work the same on all platforms, we now just connect to the TCP port
where tincd is already listening on.

To authenticate, the program that wants to control a running tinc daemon must
send the contents of a cookie file. The cookie is a random 256 bits number that
is regenerated every time tincd starts. The cookie file should only be readable
by the same user that can start a tincd.

Instead of the binary-ish protocol previously used, we now use an ASCII
protocol similar to that of the meta connections, but this can still change.
2009-11-07 23:43:25 +01:00
Guus Sliepen
108b238915 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tinc.texi
	doc/tincd.8.in
	src/Makefile.am
	src/connection.c
	src/edge.c
	src/meta.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/node.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_edge.c
	src/subnet.c
2009-11-02 14:24:27 +01:00
Guus Sliepen
5cbddc68ba Use uint32_t instead of long int for connection options.
Options should have a fixed width anyway, but this also fixes a possible MinGW
compiler bug where %lx tries to print a 64 bit value, even though a long int is
only 32 bits.
2009-10-24 16:15:24 +02:00
Guus Sliepen
07a560eab6 Drop localisation and checkpoint tracing in files not covered by the merge. 2009-09-29 15:19:55 +02:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
2009-09-29 14:55:29 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2009-06-05 23:14:13 +02:00
Guus Sliepen
7034338bc3 Use xrealloc instead of if(ptr) ptr = xmalloc(). 2009-05-24 19:35:51 +02:00
Guus Sliepen
08aabbf931 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	doc/tinc.conf.5.in
	doc/tinc.texi
	po/nl.po
	src/conf.c
	src/connection.c
	src/event.c
	src/graph.c
	src/net.c
	src/net_packet.c
	src/net_socket.c
	src/node.c
	src/node.h
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
	src/protocol_misc.c
	src/subnet.c
	src/subnet.h
	src/tincd.c
2009-03-09 19:02:24 +01:00
Guus Sliepen
d5b56bbba5 Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU.  However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
2009-03-09 13:48:54 +01:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00