Commit graph

3044 commits

Author SHA1 Message Date
thorkill
4b3c0aea78 Merge remote-tracking branch 'guus/1.1' into thkr-20170131-merge 2017-01-31 15:44:02 +01:00
Guus Sliepen
d3cc96b027 Don't build sptps_* binaries by default. 2017-01-31 12:05:03 +01:00
Guus Sliepen
88d158e15b Fix potential segfault in the replacement vasprintf() function. 2017-01-31 12:03:27 +01:00
Rafał Leśniak
8e0e0aea5f Merge pull request #5 from AiyionPrime/thkr-1.1-ponyhof 2017-01-30 20:02:26 +01:00
aiyion.prime
e63e871d40 zu is a size_t, so maybe a cast would calm the dumb compilers down 2017-01-30 19:21:20 +01:00
aiyion.prime
5fa56e530d revoked unneccessary and probably breaking change in misc 2017-01-30 17:45:02 +01:00
aiyion.prime
39e2ea03b2 fixed usage of size_t for time_t (now using difftime()), in order to make it compile on armhf architectures 2017-01-30 16:43:12 +01:00
Etienne Dechamps
06b8201332 Fix address memory leaks in add_edge_h().
Note that this is not as bad as it looks, because in practice
sockaddrfree() is a no-op for typical address types.
2016-12-18 17:14:17 +00:00
Etienne Dechamps
02093b12b0 Clarify the flow of add_edge_h().
This is an attempt at making the control flow through this function
easier to understand by rearranging branches and cutting back on
indentation levels.

This is a pure refactoring; there is no change in behavior.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
3bf3d7d3e7 Fix edge updates containing local address changes.
This commit fixes a logic bug in the edge update code where local
address changes are not taken into account if they are bundled in with
other changes. This bug breaks local discovery in some scenarios.

The regression was introduced by commit
e4670fc4a0576eb76f1807ce29fa9455dd247632.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
0792a10a5a Fix edge local addresses not being set when connections are established.
This bug prevented nodes from advertising their local addresses, thus
breaking local discovery.

The regression was introduced in
ab13c14a14.
2016-12-18 17:14:16 +00:00
Guus Sliepen
979acc48ad Enforce maximum amount of bytes sent/received on meta-connections.
This is 2^{block_length_in_bits / 2 - 1}.
2016-10-30 15:19:12 +01:00
Guus Sliepen
edc1efed3c Use AES256 and SHA256 by default for the legacy protocol.
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
2016-10-30 15:17:52 +01:00
Dennis Lan
fcaf158494 Fix typo in src/upnp.c. 2016-10-12 13:35:39 +02:00
Vittorio G (VittGam)
9cbd3c2b5b tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.
Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2016-10-11 20:30:41 +02:00
Vittorio G (VittGam)
c7c5c74d4a fsck: Fix ed25519 public key reading, and fclose usage.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2016-10-11 13:30:05 +02:00
Guus Sliepen
e6497a23f7 Log warnings about dropped packets only with debug level 5 or higher. 2016-07-26 16:47:45 +02:00
Etienne Dechamps
2784a171ec Fix error handling when setting up the UDP socket.
Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.

The regression was introduced in
6bc5d626a8.
2016-07-14 19:15:35 +01:00
Guus Sliepen
b1c29464b6 Fix compiling with OpenSSL < 1.1.0. 2016-06-24 11:22:24 +02:00
Guus Sliepen
9a9f6fac00 Add missing m4 files.
ax_cflags_warn_all.m4 depends on them.
2016-06-24 11:22:11 +02:00
Guus Sliepen
b9b0defaf4 Fix potential memory leaks found by the Clang static analyzer. 2016-06-23 15:59:43 +02:00
Guus Sliepen
49edf9c53a Fix warnings from the Clang static analyzer.
These are all false positives or harmless dead stores.
2016-06-23 15:59:16 +02:00
Guus Sliepen
e16ab7b899 Force nul-termination of strings after vsnprintf().
Apparently, on Windows this function might not always be properly
terminated.
2016-06-23 15:26:58 +02:00
Guus Sliepen
2de5d866b5 Use EVP_MD_CTX_destroy() instead of _free().
Thanks to azrdev for pointing out the build failure on Fedora 23.
2016-06-22 23:08:30 +02:00
Guus Sliepen
9b148fd844 Check return value of RSA_generate_key_ex(). 2016-06-22 17:42:25 +02:00
Guus Sliepen
172763f4af Add -Wall to CFLAGS. 2016-06-22 17:35:12 +02:00
Guus Sliepen
323c17e232 Ensure compatibility with OpenSSL 1.1.0. 2016-06-22 16:32:05 +02:00
thorkill
6e6bc9f443 Merge remote-tracking branch 'guus/1.1' into thkr-1.1-ponyhof 2016-06-06 22:00:58 +02:00
thorkill
8ac16a5cf2 Merge remote-tracking branch 'guus/1.1' into thkr-1.1-ponyhof 2016-06-05 15:34:46 +02:00
Guus Sliepen
74eb4cc974 Fix the previous commit. 2016-06-05 15:20:57 +02:00
Guus Sliepen
ab13c14a14 Preserve IPv6 scope_id in edges.
When creating an edge after authenticating a peer, we copy the
address used for the TCP connection, but change the port to that used
for UDP. But the way we did it discarded the scope_id for IPv6
addresses. This prevented UDP communication from working correctly when
connecting to a peer on the same LAN using an IPv6 link-local address.

Thanks to Rafał Leśniak for pointing out this issue.
2016-06-05 14:47:21 +02:00
thorkill
9a550ff4e3 Remove code commited by mistake 2016-05-30 23:11:50 +02:00
thorkill
6bd518935f Moved SLPD related #define to slpd.h 2016-05-26 16:12:03 +02:00
thorkill
04cac1f462 Typo in tinc.conf 2016-05-25 22:48:03 +02:00
thorkill
fb15bef4c0 Change misleading comment - 1.1 node does have source ID in the packet 2016-05-25 22:47:18 +02:00
thorkill
e51ce69079 Change scope of len 2016-05-25 22:45:07 +02:00
thorkill
9ab8d025ca Initialize struct ip and icmp 2016-05-25 22:44:21 +02:00
thorkill
3b3bdf72d4 Initialize outoging->config_tree 2016-05-25 22:42:48 +02:00
thorkill
dbddbc2dd7 Remove debug 2016-05-25 21:38:03 +02:00
thorkill
37c128580a Remove debug output from try_harder() 2016-05-25 20:29:13 +02:00
thorkill
649b55d988 SLPD refactor - cleanup net.h 2016-05-25 19:27:40 +02:00
thorkill
0fbde0e5a0 Continue SLPD refactor 2016-05-25 19:26:53 +02:00
thorkill
26a7e51cbe Moved SLPD related code to slpd.c
- Added setup_slpd()
2016-05-25 19:18:32 +02:00
thorkill
62b63fff8b Do not include rsa.h when DISABLE_LEGACY 2016-05-25 19:13:34 +02:00
thorkill
3327feb025 Refactor of do_outgoing_connection - make it use config_address2addrinfo
This means: setup_outgoing_connection() has to prepare fake
Address = "ip port" config based on the actuall configuration file

Prefer the addresses discovered via SLDP while making outgoing connections
2016-05-25 18:30:33 +02:00
thorkill
69bb848f59 Let choose_local_address() prefer addresses discovered via SLPD 2016-05-25 18:25:28 +02:00
thorkill
11b8eb81b9 Refactor of SLPD - moved most of the SLPD related code into slpd.{c,h} 2016-05-25 18:23:42 +02:00
thorkill
299b223bba Added new function config_address2addrinfo
This function takes an "Address" config string, splits it into
address and port, then calls str2addinfo() on it returning addrinfo.

The aim is to refactor the code an allow simple translation
of addresses listed in configuration or generated on demand
in other places in the code.
2016-05-25 18:16:45 +02:00
thorkill
deccb83a29 try_harder() in only needed in legacy-protocol 2016-05-24 13:35:30 +02:00
thorkill
b7fe5910d6 Add information about sending address in try_harder() 2016-05-24 13:13:35 +02:00