Commit graph

47 commits

Author SHA1 Message Date
Guus Sliepen
4a0b998151 Determine peer's reflexive address and port when exchanging keys.
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.

Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
2010-02-02 00:51:44 +01:00
Guus Sliepen
d15099e002 Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 18:48:01 +01:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
2009-09-14 23:06:00 +02:00
Guus Sliepen
261d1eac1c Properly set HMAC length for incoming packets. 2009-06-05 16:14:31 +02:00
Michael Tokarev
ca5b67111e Fix ans_key exchange in recent changes
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
2009-05-25 01:30:01 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Guus Sliepen
3308d13e7e Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange.  The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different.  Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
2009-04-03 01:05:23 +02:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
67df7fb7e1 Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP.  The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
e9576632dc Update copyright information. 2008-12-22 20:27:52 +00:00
Guus Sliepen
4a1740ede7 Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes. 2008-10-25 19:54:00 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
af95368c0f Fix signedness compiler warnings. 2006-03-19 13:06:21 +00:00
Guus Sliepen
e810545dc2 Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
Thanks to Tonnerre Lombard for noticing!
2005-06-03 10:16:03 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
7926a156e5 Update copyrights, links, email addresses and let Subversion update $Id$ keywords. 2004-03-21 14:21:22 +00:00
Guus Sliepen
6d41b429a2 Better name, show probed MTU in dump. 2003-12-20 21:25:17 +00:00
Guus Sliepen
6b12bea62f Let tinc figure out the exact MTU of the link. 2003-12-20 19:47:53 +00:00
Guus Sliepen
e3220cacb5 Replace Opaque and Strict options with a TunnelServer option. 2003-11-17 15:30:18 +00:00
Guus Sliepen
a1ab57e275 Check all EVP_ function calls. 2003-10-11 12:16:13 +00:00
Guus Sliepen
83263b7446 Sprinkle around a lot of const and some C99 initialisers. 2003-07-24 12:08:16 +00:00
Guus Sliepen
5cb1471351 Don't initialise a CIPHER_CTX if cipher == NULL. 2003-07-23 22:17:31 +00:00
Guus Sliepen
eefa28059a Use bools and enums where appropriate. 2003-07-22 20:55:21 +00:00
Guus Sliepen
e449d94cae Big header file cleanup: everything that has to do with standard system
libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
Guus Sliepen
5db596c684 Simplify logging, update copyrights and some minor cleanups. 2003-07-12 17:41:48 +00:00
Guus Sliepen
0b9175e998 Define logger(), cleans up source code and allows us to write log entries
to a separate file.
2003-07-06 22:11:37 +00:00
Guus Sliepen
c70f52087b - Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
- LZO compression, thanks to Teemu Kiviniemi.
- Updated dutch translation.
2003-05-06 21:13:18 +00:00
Guus Sliepen
bc9e78250e Better handling of late packets. 2003-04-18 21:18:36 +00:00
Guus Sliepen
6f9f6779e6 Remove redundant spaces. 2002-09-09 22:33:31 +00:00
Guus Sliepen
f75dcef72a Switch to K&R style indentation. 2002-09-09 21:25:28 +00:00
Guus Sliepen
5fc1ed17f4 Cleanups:
- Convert cp to cp(); so that automatic indenters work.
 - Convert constructions like if(x == NULL) to if(!x).
 - Move all assignments out of conditions.
2002-09-09 19:40:12 +00:00
Guus Sliepen
66741978e1 Reset the *correct* seqnos. 2002-09-06 14:31:12 +00:00
Guus Sliepen
8b2b67e26c Generalized request broadcasting/forwarding. 2002-09-04 16:26:45 +00:00
Guus Sliepen
4a7c2026ae Reduce KEY_CHANGED traffic. 2002-09-04 08:02:33 +00:00
Guus Sliepen
d134c4542d Drop graph and edge stuff. Use new node stuff instead. 2002-09-03 20:43:26 +00:00
Guus Sliepen
627f7c22b4 s/sliepen.warande.net/sliepen.eu.org/g
s/itimmermans@bigfoot.com/ivo@o2w.nl/g
2002-06-21 10:11:37 +00:00
Guus Sliepen
3c5655f59e Fix compiler warnings, strictly use long int and %lx for options. 2002-03-22 13:31:18 +00:00
Guus Sliepen
9da5390666 Put a break on requests that run around in circles. 2002-03-21 23:11:53 +00:00
Guus Sliepen
17bc5220c3 Fix send_request() bug. 2002-02-27 22:37:55 +00:00
Guus Sliepen
c6d0158831 Protocol now also exchanges cipher/digest/maclength/compression for the
meta connection.
2002-02-20 19:25:09 +00:00
Guus Sliepen
d9a62c6354 Added support for packet compression, thanks to Mark Glines.
Add "Compression = <level>" to the host config files, where level can be
0 (off), or any integer between 1 (fast) and 9 (best).
2002-02-11 15:59:18 +00:00
Guus Sliepen
5bf4b88666 Forgot to merge new files from pre5. 2002-02-11 10:05:58 +00:00