j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
953 commits 2 branches 0 tags 10 MiB
Commit graph

169 commits

Author SHA1 Message Date
Guus Sliepen
fcf869cd42 TCPonly now works (in a relatively clean way too). 2001-05-25 11:54:28 +00:00
Guus Sliepen
4dee76522e Small fixes: 
- Fix compiler warnings (one was a real (but harmless) bug)
- Don't send PING packets if there is UDP traffic
- Correctly terminate strings containing salt for PING/PONG packets
 2001-05-25 08:36:11 +00:00
Guus Sliepen
bfc5d6014e Only send key_changed if it was previously requested. 2001-05-24 21:52:26 +00:00
Guus Sliepen
d1b597758e Add randomness to PING/PONG packets to prevent crypto attacks on quiet 
tunnels.
 2001-05-24 21:29:09 +00:00
Guus Sliepen
e4f3d93ec6 - s/ip_t/ipv4_t/g 
- Add "salt" to the beginning of UDP packets. Replaces length field which
  is not useful anyway.
 2001-05-07 19:08:46 +00:00
Guus Sliepen
156ec67652 Check indirectdata option before forwarding certain requests. 2001-03-13 21:33:31 +00:00
Guus Sliepen
34f9e6cf2d - route.c is now used to determine destination 
- flags are removed, since they were not used at all. Use options instead.
- indirectdata works now, tcponly almost...
- made functions that don't return useful information void
 2001-03-04 13:59:32 +00:00
Guus Sliepen
d2a54597e0 Added explaination of our key exchange using RSA encryption. 2001-03-02 11:25:56 +00:00
Guus Sliepen
4fa12eb85d Removed lots of compiler warnings. 2001-02-27 16:37:31 +00:00
Guus Sliepen
34b7a876c3 - Make sure METAKEY is smaller than the modulus of the RSA key 
- Get symmetric key from the least significant bytes of the RSA message
 2001-02-26 11:37:20 +00:00
Guus Sliepen
82455be966 Implemented new authentication scheme from doc/SECURITY2. 2001-02-25 19:09:45 +00:00
Guus Sliepen
54881faf6f Encrypt network packets in CBC mode instead of CFB mode. 
(This breaks compatibility with all previous versions!)
 2001-02-25 16:34:19 +00:00
Guus Sliepen
153fc35e57 Corrected check for errors after read() calls. 2001-02-25 11:09:29 +00:00
Guus Sliepen
f1cb3d8fa5 Removed another local definition of the variable "errno" 2001-02-06 10:42:27 +00:00
Guus Sliepen
f777c1807d FreeBSD compile fixes (thanks to XeF4) 2001-02-06 10:12:51 +00:00
Guus Sliepen
11f3e9d138 - Squashed another nasty bug. 2001-01-08 20:35:30 +00:00
Guus Sliepen
447a43d639 - Added indirectdata and tcponly functionality. 2001-01-07 20:19:35 +00:00
Guus Sliepen
d3f889c807 - It's 2001, all copyright notices are updated. 2001-01-07 17:09:07 +00:00
Guus Sliepen
07a08f5539 - Reinstated a queue for outgoing packets. 2001-01-07 15:25:49 +00:00
Guus Sliepen
f7bb205022 - Check and follow symlinks in is_safe_path 
- By default write keys to tinc config directory
- Small fix in protocol.c
 2001-01-06 18:03:41 +00:00
Guus Sliepen
e924096f62 - Let user choose whether keys are in the config files or separate 
- Use AVL trees instead of RBL trees
- Fixed a lot of annoying subtle bugs! Thanks to gdb...
 2001-01-05 23:53:53 +00:00
Guus Sliepen
e1707f7739 - Don't even think about using sscanf with %as anymore 
- Allow keys to be inside the config files or in a seperate file
- Small fixes
 2000-12-22 21:34:24 +00:00
Ivo Timmermans
6327f32f43 Tiny bits of code beautifying 2000-12-05 08:59:30 +00:00
Ivo Timmermans
a0f7af3ed7 New function read_rsa_public_key(); 
In net.c/setup_myself deleted old code to read the public key (which
is now implicitly read in together with the private key).
 2000-11-30 23:18:21 +00:00
Guus Sliepen
1eedf54681 - Use only one socket for all UDP traffic (for compatibility) 
- Write pidfile again after detaching
- Check OS (for handling FreeBSD/Solaris tun/tap stuff)
 2000-11-25 13:33:33 +00:00
Guus Sliepen
6f373e6902 - More porting to FreeBSD and Solaris. 2000-11-22 22:05:37 +00:00
Guus Sliepen
5971e352da - Work with the correct key buffer in ans_key_h 2000-11-22 20:25:27 +00:00
Guus Sliepen
a07602c4fd - No more %as. 2000-11-22 19:55:53 +00:00
Guus Sliepen
f8b4a000d0 - Cleaned up and checked for some more NULL pointers in rbl.c 
- Two connection lists: one for incoming connections, sorted on ip/port,
  one for connections whose identity we know, sorted on id ofcourse...
 2000-11-22 18:54:08 +00:00
Guus Sliepen
408ca91766 - Integrate rbl trees into tinc. 2000-11-20 19:12:17 +00:00
Guus Sliepen
e118ba0a64 Porting to FreeBSD: 
- Reorganized and added some #includes
 2000-11-15 13:33:27 +00:00
Ivo Timmermans
bb2495e569 Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during 
configure.
 2000-11-15 01:06:13 +00:00
Guus Sliepen
7d0f82bd4b - Open UDP connection for all known hosts. Comments please. 2000-11-07 22:02:14 +00:00
Guus Sliepen
698191fd2f - Prepended config_ to all configuration option names, because it confused 
everything (including myself).
- Use connection oriented UDP sockets for both incoming and outgoing
  packets.
 2000-11-04 22:57:33 +00:00
Guus Sliepen
afc0579707 - Simplified ping mechanism. 2000-11-04 20:44:28 +00:00
Guus Sliepen
ac47586552 - Forward keys in hex notation, not as binary data. 2000-11-04 16:54:21 +00:00
Guus Sliepen
3f8f067e8b - Don't forget to set packet cipher for added hosts. 2000-11-04 16:39:19 +00:00
Ivo Timmermans
5065ea32c3 Warnings removal pass: always include config.h first; add a few 
prototypes in the header files.

This also fixes a few lint errors/warnings.
 2000-11-03 22:35:12 +00:00
Guus Sliepen
b7d4d4c177 - Finishing touch: encrypt the meta connections 2000-10-29 22:55:15 +00:00
Guus Sliepen
ec12269355 - Use CFB mode for encrypting packets: it works and we don't need padding. 2000-10-29 22:10:44 +00:00
Guus Sliepen
cea3d8f305 - Small fixes 
- Do proper key exchange
- Encrypt packets - it works, but there is something wrong with the MAC
  header after decryption...
 2000-10-29 10:39:08 +00:00
Guus Sliepen
8fa9bc017d - Removed old encr stuff 2000-10-29 09:19:27 +00:00
Guus Sliepen
2689690dc3 - Enforce correct order of authentication requests 2000-10-29 01:08:09 +00:00
Guus Sliepen
7398002ade - Fixed ans_key_h 
- Removed tapsubnet configuration option.
 2000-10-29 00:24:31 +00:00
Guus Sliepen
35932fe6c8 - Very big cleanup. 2000-10-29 00:02:20 +00:00
Guus Sliepen
f25868fd2b - Lots of small fixes 
- Exchange subnets on acknowledgement of connection
- Do proper lookup when incoming packets from tap
- off-by-a small number-error when reading/sending tap packets
 2000-10-28 21:05:20 +00:00
Guus Sliepen
9c2f805255 - Lots of little stuff modified 
- Succesfully reads in subnets from host config file now and adds them to
  the list.
 2000-10-24 15:46:18 +00:00
Guus Sliepen
52b842f807 - Fixed all debug levels. 
- Seed PRNG before generating a challenge
- Strange thing in challenge decryption: it fails if first bit is set!?
 2000-10-21 11:52:08 +00:00
Guus Sliepen
9f64499e40 - tinc now really does public/private key encryption! It even works, whee! 2000-10-20 15:34:38 +00:00
Guus Sliepen
20301888b7 - More fixing. Tinc daemons can now even create activated connections. 2000-10-16 19:04:47 +00:00
Guus Sliepen
bb3d18d56f - Fixing little things 
- Two tinc daemons can connect to eachother now (but they disconnect right
  after the ACKs).
 2000-10-16 16:33:30 +00:00
Guus Sliepen
85adeef212 - The daemon actually runs now (somewhat) 
- Added support for tun/tap driver (autodetect!)
- More sophisticated checkpoint functionality
- Updated dutch translation
 2000-10-15 00:59:37 +00:00
Guus Sliepen
e9635ae38e - Second fixing-things pass: it even links now. 
- Lots of FIXME comments added to the source code.
 2000-10-14 17:04:16 +00:00
Guus Sliepen
183a8edd22 - Fixing-things pass: every source file compiles into an object file now, 
but linking tincd does not work yet (must link with openssl libs and
  define some missing functions).
 2000-10-11 22:01:02 +00:00
Guus Sliepen
6e39481d8f - Generalized config file parsing to support multiple configuration trees. 2000-10-11 13:42:52 +00:00
Guus Sliepen
c78a204f06 - Added meta.c which contains functions to send, receive and broadcast 
metadata. It will also handle encryption and decryption, and possibly
  compression and checksumming.
- Moved request dispatcher to protocol.c.
 2000-09-26 14:06:11 +00:00
Guus Sliepen
361690b18c - Removed options "string" stuff. It was a bad idea... 
- free() everything that is allocated.
 2000-09-22 16:20:07 +00:00
Guus Sliepen
5afc1e98f4 - Severe code reduction and simplification of challenge requests 
- "Finished" [add|del]_subnet_h
- Added lots of sanity checks to [add|del]_host_h
 2000-09-22 15:06:28 +00:00
Guus Sliepen
5d0b3516d5 - Updated authentication scheme. 
- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
 2000-09-17 21:42:05 +00:00
Ivo Timmermans
7f3ab38c22 Second round of fixes 2000-09-15 12:58:40 +00:00
Ivo Timmermans
ed397b6ac6 First round of needed fixes after the overhaul 2000-09-14 21:51:21 +00:00
Guus Sliepen
c04c84c980 - Lots of small changes. 2000-09-14 11:54:51 +00:00
Guus Sliepen
9c75350ac6 - Fixed modulo in keylength check 
- Updated header file to reflect new protocol code
 2000-09-11 10:05:35 +00:00
Guus Sliepen
76b5f255c6 - Some key exchange stuff. (Last commit before going to bed.) 2000-09-10 23:11:37 +00:00
Guus Sliepen
675ed08a71 - Lots of functions added for the new protocol. 2000-09-10 22:49:46 +00:00
Guus Sliepen
6b9ec9ed1e - Added more function skeletons for the new protocol. 2000-09-10 16:15:35 +00:00
Guus Sliepen
28cc301595 - New protocol. Will break everything else for now. 2000-09-10 15:18:03 +00:00
Guus Sliepen
3cfc9424f2 - Moved TCP packet reception to meta handler: less kludgy and less buggy! 2000-08-08 17:07:48 +00:00
Guus Sliepen
ff87f385c3 Removed calling add_queue for tcponly packets. 2000-08-08 13:47:57 +00:00
Guus Sliepen
ac73c72488 Fixed PACKET read loop. 2000-08-08 08:48:50 +00:00
Guus Sliepen
b6997b0050 - Lots o' buglets fixed (-Wall helps) 
- Made TCPonly work :)
 2000-08-07 16:27:29 +00:00
Guus Sliepen
fdc6a2f106 - Added experimental hackish tunneling-over-TCP support. 
Just use TCPonly = true in the configuration file.
 2000-08-07 14:52:16 +00:00
Guus Sliepen
1a1ebefd57 - Made tinc even more silent if no -d flag is given at all. 2000-06-30 21:03:51 +00:00
Guus Sliepen
c5737583c8 - Instead of logging an error when remote end closes the connection, 
we print a nice message if appropiate debug level is set.
- If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists
  are really messed up. We restart, and hope our problems go away.
 2000-06-30 12:41:06 +00:00
Guus Sliepen
0f9ad1f047 - Fixed memory leak. 
- Implemented SIGHUP configuration file reloading.
- Other small changes.
 2000-06-29 19:47:04 +00:00
Guus Sliepen
18c85caac3 - New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will 
improve connection list consistency, ensures the tree property, and
  allows for recovery from situations where track of connections is lost.
 2000-06-29 17:09:08 +00:00
Guus Sliepen
e8e7379311 - Removed all IP_ADDR_S macros, because gettext doesn't like them. Each 
connection now has two hostnames: real_hostname (replacing the old),
  and vpn_hostname. In those places where hostnames really aren't usefull
  IP_ADDR_S has been replaced by %d.%d.%d.%d.
 2000-06-29 13:04:15 +00:00
Guus Sliepen
8c6c60adf3 - Fixed a message in nl.po 
- Woops, we forgot to send our connection list to our uplink when we
  connect to it... Fixed.
 2000-06-28 13:41:02 +00:00
Guus Sliepen
ea40d3f1a0 - Fixed some spelling errors. 
- Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de
  tijd gebracht.
 2000-06-28 11:38:01 +00:00
Guus Sliepen
070ad08118 - Purge old connections that are ADD_HOSTed. 2000-06-27 20:55:12 +00:00
Guus Sliepen
4aeaea5e59 - Improved handling of errors on connection attempts. 2000-06-27 20:10:48 +00:00
Guus Sliepen
4faed1b854 - Fixed KEY_CHANGED notification. A lot of notify_others() calls were 
wrong (first two arguments swapped). Should probably be doublechecked.
- Don't retry to connect to hosts with different protocol versions.
 2000-06-27 12:58:04 +00:00
Guus Sliepen
04cb206298 - Moved all connection messages to debug level 1, without -d's only the 
startup message will be logged.
- Fixed DEL_HOST rebound.
 2000-06-26 20:30:21 +00:00
Guus Sliepen
783c829861 - Indirectdata finally REALLY REALLY works now! 
- More precise debug messages
 2000-06-26 19:39:34 +00:00
Guus Sliepen
b3681ebf6c Fixes some hostlookups. Fixes indirectdata for real now (hopefully). 2000-06-26 17:20:58 +00:00
Guus Sliepen
a473ece8a0 - More verbose connection list 
- Added "myself" as hostname when logging indirect ADD_HOSTs
 2000-06-25 16:39:17 +00:00
Guus Sliepen
f1f901112e Hostlookup() is actually being called now. 2000-06-25 16:20:27 +00:00
Guus Sliepen
54079bdf03 Hostnames are back! 2000-06-25 16:01:12 +00:00
Guus Sliepen
e4b586ed07 - Log possible spoofing attacks. 
- Don't broadcast DEL_HOSTs for hosts that haven't been activated yet.
- If a host sends a TERMREQ, deactivate them.
 2000-06-25 15:45:09 +00:00
Guus Sliepen
7f7e158aae Large cleanup: 
- Removed hostname lookup (it blocks, and you can always do it yourself)
- Reorganized debug levels (after hints from Axel M�ller):
  0	Startup message and errors
  1	Connection logging
  2	Meta protocol information
  3	Verbose meta protocol (includes copy of transmitted requests)
  4	Packet information (logs transmission/errors of UDP packets)
  5	Verbose packet information (every single byte, not implemented yet
	to protect ourselves from filling up /var/log directories)
- Made log messages more consistent
 2000-06-25 15:16:12 +00:00
Guus Sliepen
d8e2f7104c First step for implementation of the "indirectdata" directive. This should 
allow _leaf_ tincds to be behind firewalls.
The protocol has changed and is INCOMPATIBLE with previous versions. The
PROT_CURRENT value has been incremented.
 2000-06-23 19:27:03 +00:00
Ivo Timmermans
17fa07510a Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients. 2000-05-30 21:36:16 +00:00
Guus Sliepen
a7ad161d2b Only activate a connection upon receiving it's public key if it's an 
incoming connection. When it's outgoing, we need to receive an ack first.
 2000-05-29 23:40:05 +00:00
Ivo Timmermans
9fd02ffcb0 Internationalization of tinc. 2000-05-29 21:01:26 +00:00
Guus Sliepen
61e71ab74a Terminate a connection on any error. Furthermore, disallow del_host, 
add_host and other important requests until remote host has properly
authenticated itself.
 2000-05-27 20:23:01 +00:00
Guus Sliepen
028659bfbf Fixed typos. When terminating a connection, it's status is not only set to 
remove=1 but also active=0.
 2000-05-27 19:23:20 +00:00
Guus Sliepen
e4ff969a98 Fix for a DoS attack: 
A remote user could telnet to the tinc daemon and type only this line:
 61 6 00000000/00000000:28f
 This would deny any packets to be sent to other tinc networks (except
 for to the hosts that run tincd's themselves). Solution is to skip
 hosts in lookup_conn() that have not been activated yet.
Fixed potential conn_list table corruption:
 If a new connection is accepted but a connection with the same subnet
 would already exist in the connection list, the OLD connection is
 terminated.
 2000-05-27 19:04:12 +00:00
Ivo Timmermans
de09916ead Only print an error with send_termreq if debug_lvl is 2 or more. 2000-05-14 13:50:10 +00:00
Guus Sliepen
ee96ccabbb Cleanups. 2000-05-14 12:22:42 +00:00
Ivo Timmermans
74b0cbecce Include sys/types.h. 2000-05-04 23:17:02 +00:00