j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
2095 commits 2 branches 0 tags 10 MiB
Commit graph

2095 commits

This branch
This branch
All branches
Author SHA1 Message Date
Guus Sliepen
2f1c337c54 Add missing ICMP6 message type definitions. 2012-03-08 22:19:20 +01:00
Guus Sliepen
40c2858932 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	src/net_packet.c
 2012-03-08 21:15:08 +01:00
Guus Sliepen
9dea33f530 Accept Subnets passed with the -o option when StrictSubnets = yes. 2012-03-07 10:40:06 +01:00
Guus Sliepen
63f8303a5d Only log errors sending UDP packets when debug level >= 5. 
Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.
 2012-03-02 16:09:58 +01:00
Guus Sliepen
8ac096b5bf Allow log messages to be captured by tincctl. 
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
 2012-02-26 18:37:36 +01:00
Guus Sliepen
a1bd3a2913 Don't close control connections when handling a reload command. 
Because this would terminate the connection while the control message
handler was still running, it would lead to a segmentation fault later
on.
 2012-02-26 16:56:53 +01:00
Guus Sliepen
483c5dcfb4 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 2012-02-26 16:27:13 +01:00
Guus Sliepen
ae52496109 Only use broadcast at the start of the PMTU discovery phase. 
For local peer discovery, only a handful of packets are necessary for
peers to detect each other.
 2012-02-26 16:23:02 +01:00
Guus Sliepen
344d6b9ac3 Let tincctl use the NETNAME environment variable if no -n option is given. 
This allows administrators who frequently want to work with one tinc
network to omit the -n option. Since the NETNAME variable is set by
tincd when executing scripts, this makes it slightly easier to use
tincctl from within scripts.
 2012-02-26 13:08:34 +01:00
Guus Sliepen
84570275ac Ensure all SPTPS functions are prefixed with sptps_. 2012-02-26 12:33:16 +01:00
Guus Sliepen
8b1ad6f76f Go back to breadth first search for path finding. 
If 1.1.x nodes using Dijkstra's algorithm are mixed with 1.0.x nodes using BFS,
then routing loops can occur.
 2012-02-25 23:03:09 +01:00
Guus Sliepen
36623e15a1 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 2012-02-25 22:52:57 +01:00
Guus Sliepen
5140656de6 Stricter checks against routing loops. 
If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.
 2012-02-25 22:11:30 +01:00
Guus Sliepen
f1d5eae643 Don't send ICMP Time Exceeded messages for other Time Exceeded messages. 
That would be silly.
 2012-02-25 21:46:18 +01:00
Guus Sliepen
65d6f023c4 Use SPTPS when ExperimentalProtocol is enabled. 2012-02-25 18:25:21 +01:00
Guus Sliepen
efd21e232d Apply HMAC after encryption. 2012-02-25 15:18:15 +01:00
Guus Sliepen
f5dc136cfd Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	src/net.c
	src/net_packet.c
	src/net_socket.c
 2012-02-23 13:26:01 +01:00
Guus Sliepen
5a28aa7b8b Add LocalDiscovery option which tries to detect peers on the local network. 
Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.
 2012-02-22 23:17:43 +01:00
Guus Sliepen
8e717ddb60 Pass index into listen_socket[] to handle_incoming_vpn_data(). 2012-02-22 14:37:56 +01:00
Guus Sliepen
3fba80174d Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	src/Makefile.am
	src/bsd/device.c
	src/connection.c
	src/connection.h
	src/cygwin/device.c
	src/device.h
	src/dropin.h
	src/linux/device.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/raw_socket_device.c
	src/route.c
	src/solaris/device.c
	src/tincd.c
	src/uml_device.c
 2012-02-22 14:23:59 +01:00
Guus Sliepen
fba1c85f44 Remove useless warning about signature length being shorter than expected. 2012-02-21 23:19:51 +01:00
Guus Sliepen
cb6cbf452f Use only one hash algorithm (SHA512) in the PRF. 
On some platforms, OpenSSL by default does not support the Whirlpool algorithm.
 2012-02-21 23:17:12 +01:00
Nick Hibma
65e8e06c6d Add missing ICMP message type definitions. 2012-02-21 17:16:21 +01:00
Guus Sliepen
ac48c4ee8c Fix check for raw socket support. 
Also, move some variables so there are no compiler warnings about unused
variables when there is no support for raw sockets.
 2012-02-21 14:06:55 +01:00
Guus Sliepen
d9ad3d313d Fix a bug that caused tinc to ignore all but the last listening socket. 2012-02-21 13:31:21 +01:00
Guus Sliepen
46506b7aaf Document the command line flag -o and provide --option as well. 2012-02-21 13:13:40 +01:00
Guus Sliepen
7d76e28759 Move initialization of char *priority up to prevent freeing an uninitialized pointer. 2012-02-21 11:39:21 +01:00
Guus Sliepen
8420a0c8bd Allow disabling of broadcast packets. 
The Broadcast option can be used to cause tinc to drop all broadcast and
multicast packets. This option might be expanded in the future to selectively
allow only some broadcast packet types.
 2012-02-20 17:19:00 +01:00
Guus Sliepen
ea415ccc16 Rename connection_t *broadcast to everyone. 2012-02-20 17:12:48 +01:00
Guus Sliepen
cff5a844a3 Don't bind outgoing TCP sockets anymore. 
The code introduced in commit 41a05f59ba is not
needed anymore, since tinc has been able to handle UDP packets from a different
source address than those of the TCP packets since 1.0.10.  When using multiple
BindToAddress statements, this code does not make sense anymore, we do want the
kernel to choose the source address on its own.
 2012-02-20 16:52:53 +01:00
Guus Sliepen
0233b1d710 Decrement TTL of incoming packets. 
Tinc will now, by default, decrement the TTL field of incoming IPv4 and IPv6
packets, before forwarding them to the virtual network device or to another
node. Packets with a TTL value of zero will be dropped, and an ICMP Time
Exceeded message will be sent back.

This behaviour can be disabled using the DecrementTTL option.
 2012-02-20 16:34:02 +01:00
Guus Sliepen
6289859ab3 Only compile raw socket code when it is supported on that platform. 2012-02-20 15:44:52 +01:00
Guus Sliepen
d1dcdf8eb6 Merge branch 'master' of black:tinc 2012-02-18 14:31:08 +01:00
Guus Sliepen
3b1fad04de Allow setting DeviceType to tun or tap on Linux. 2012-02-18 14:37:52 +01:00
Guus Sliepen
6455654d26 Send packets back using the same socket as they were received on. 2012-02-18 11:48:21 +01:00
Guus Sliepen
1b2846d907 Merge branch 'master' of black:tinc 2012-02-18 11:43:00 +01:00
Guus Sliepen
9f6a96af39 Allow multiple BindToAddress statements. 2012-02-17 16:25:00 +01:00
Guus Sliepen
708314df2f Set FD_CLOEXEC flag on all sockets. 
Scripts called by tinc would inherit its open filedescriptors. This could
be a problem if other long-running daemons are started from those scripts,
if those daemons would not close all filedescriptors before going into the
background.

Problem found and solution suggested by Nick Hibma.
 2012-02-17 16:13:38 +01:00
Guus Sliepen
1f00111e94 Fix a few small memory leaks. 2011-12-26 23:11:27 +01:00
Guus Sliepen
b50d6a7f2a Fix compiler warnings. 2011-12-26 23:04:40 +01:00
Guus Sliepen
178e52f76e Allow linking with multiple device drivers. 
Apart from the platform specific tun/tap driver, link with the dummy and
raw_socket devices, and optionally with support for UML and VDE devices.
At runtime, the DeviceType option can be used to select which driver to
use.
 2011-12-04 01:20:59 +01:00
Guus Sliepen
5672863e59 Fix a few small memory leaks. 2011-12-03 21:59:47 +01:00
Guus Sliepen
52ded09d17 Add vde/device.c to the tarball. 2011-11-27 12:13:16 +01:00
Guus Sliepen
2c7c87ec75 Fix compilation of VDE and UML interfaces. 2011-11-27 12:12:34 +01:00
Guus Sliepen
2a9060bba6 Exchange ACK records to indicate switch to new keys. 
This allow application records to be sent while key renegotiation is still
happening.
 2011-10-06 15:32:12 +02:00
Guus Sliepen
3b5898078a Use counter mode encryption. 2011-10-06 09:34:34 +02:00
Guus Sliepen
a0f795ff5b Add counter mode encryption. 2011-10-06 09:33:09 +02:00
Guus Sliepen
67ff81ec16 Test corner cases in the SPTPS protocol. 
* Test zero-byte messages.
* Test maximum size (65535 byte) messages.
* Test different message types.
* Test key renegotiation.
 2011-10-05 22:05:13 +02:00
Guus Sliepen
3001351150 Update SPTPS protocol. 
* Exchange nonce and ECDH public key first, calculate the ECDSA signature
  over the complete key exchange.
* Make an explicit distinction between client and server in the signatures.
* Add more comments and replace some magic numbers by #defines.

Thanks to Erik Tews for very helpful hints and comments!
 2011-10-05 22:00:51 +02:00
Guus Sliepen
810847248a Fix compiler warning. 2011-10-05 21:59:33 +02:00