Commit graph

78 commits

Author SHA1 Message Date
Guus Sliepen
7242868b64 Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba5
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
2009-09-12 13:40:32 +02:00
Guus Sliepen
73d77dd416 Replace asprintf() by xasprintf(). 2009-09-08 18:18:36 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Michael Tokarev
218adee785 format 'not supported on this platform' error message
Format it in a similar way in all places, to make translation happier.
No functional changes.
2009-05-18 15:35:52 +02:00
Michael Tokarev
6698f7c390 Rename setup_network_connections() and split out try_outgoing_connections()
In preparation of chroot/setuid operations, split out call to
try_outgoing_connections() from setup_network_connections()
(which was the last call in setup_network_connections()).
This is because dropping privileges should be done in-between
setup_network_connections() and try_outgoing_connections().

This patch renames setup_network_connections() to setup_network()
and moves call to try_outgoing_connections() into main routine.

No functional changes.
2009-05-18 14:34:24 +02:00
Guus Sliepen
3308d13e7e Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange.  The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different.  Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
2009-04-03 01:05:23 +02:00
Guus Sliepen
43fa7283ac Use a simple Random Early Drop algorithm in send_tcppacket(). 2009-03-09 14:04:31 +01:00
Guus Sliepen
d5b56bbba5 Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU.  However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
2009-03-09 13:48:54 +01:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
503c32eb0e Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.

Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
2009-01-20 13:12:41 +01:00
Guus Sliepen
a7e793c94e Add missing cleanup functions in close_network_connections(). 2009-01-19 23:17:28 +01:00
Guus Sliepen
a39a9506cd Move free()s at the end om main() to the proper destructor functions. 2009-01-09 12:36:06 +01:00
Guus Sliepen
0e4d419aae Enable PMTU discovery by default. 2008-12-22 20:35:45 +00:00
Guus Sliepen
1bb5a284fe Make sure resolved addressed for outgoing connections are freed, if there are any. 2006-11-29 16:57:46 +00:00
Guus Sliepen
0714ac6c59 Nodes use events, so event system should be initialised first and destroyed last. 2006-11-11 22:44:15 +00:00
Guus Sliepen
1728d5b2c4 The "active" bit in node.status is not used. 2006-11-11 13:43:00 +00:00
Guus Sliepen
f88c9942e1 Use memcpy() to copy sockaddrs returned by getaddrinfo().
Thanks to Miles Nordin for spotting this.
2006-06-11 18:53:27 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
af95368c0f Fix signedness compiler warnings. 2006-03-19 13:06:21 +00:00
Guus Sliepen
a90f1b652c Make sure $NAME is set correctly when executing tinc-down script. 2006-02-06 12:30:51 +00:00
Guus Sliepen
228e7a5c8f Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
This helps coalescing multiple send_meta() commands into one TCP packet.
Also limit the size of the output buffer before dropping PACKETs.
2006-01-19 17:13:18 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
c46f56a8b8 subnet-up/down hooks 2004-12-01 20:06:05 +00:00
Guus Sliepen
4fe7aff4d1 Add BlockingTCP option, useful when using TCPOnly on slow or congested links. 2004-11-10 21:56:31 +00:00
Guus Sliepen
7926a156e5 Update copyrights, links, email addresses and let Subversion update $Id$ keywords. 2004-03-21 14:21:22 +00:00
Guus Sliepen
af86a3226e Revert Martin Kihlgren's patch, it doesn't work the way it should. 2004-03-20 22:23:42 +00:00
Guus Sliepen
56aad1bb48 Applied Martin Kihlgren's IdentityGenerosity patch,
simplified and renamed to StrictSource.
2004-03-20 15:28:55 +00:00
Guus Sliepen
a92c471a2b Only read our public key if it wasn't already in the private key file. 2004-03-15 18:15:02 +00:00
Guus Sliepen
6d41b429a2 Better name, show probed MTU in dump. 2003-12-20 21:25:17 +00:00
Guus Sliepen
9bab08e972 More sensible name, and try to set PMTU discovery on IPv6 sockets as well. 2003-12-20 21:09:33 +00:00
Guus Sliepen
6b12bea62f Let tinc figure out the exact MTU of the link. 2003-12-20 19:47:53 +00:00
Guus Sliepen
25447b3841 Read MaxTimeout from tinc.conf like the manpage says. 2003-12-07 14:28:39 +00:00
Guus Sliepen
e3220cacb5 Replace Opaque and Strict options with a TunnelServer option. 2003-11-17 15:30:18 +00:00
Guus Sliepen
a1ab57e275 Check all EVP_ function calls. 2003-10-11 12:16:13 +00:00
Guus Sliepen
6c5f3d8b74 We don't have to tell GCC how to cast. 2003-08-28 21:05:11 +00:00
Guus Sliepen
7ed2559025 Fix permissions check for rsa_key.priv. 2003-08-14 14:21:35 +00:00
Guus Sliepen
9bde92ce97 Simpler checking of permissions on private RSA key and other fixes. 2003-08-08 22:11:54 +00:00
Guus Sliepen
fcbe29bc4c No C99 initialisers, gcc 2.95.3 doesn't like it.
Also make sure getopt.h is included.
2003-07-30 11:50:45 +00:00
Guus Sliepen
721e4caee0 Native Windows support. 2003-07-29 22:59:01 +00:00
Guus Sliepen
5cb1471351 Don't initialise a CIPHER_CTX if cipher == NULL. 2003-07-23 22:17:31 +00:00
Guus Sliepen
4aadb9500d Run setup_device() after parsing configuration but before claiming we're ready. 2003-07-22 21:13:23 +00:00
Guus Sliepen
eefa28059a Use bools and enums where appropriate. 2003-07-22 20:55:21 +00:00
Guus Sliepen
123bb765d1 Use iface instead of interface because it might already be declared in
system header files.
2003-07-18 13:45:06 +00:00
Guus Sliepen
e449d94cae Big header file cleanup: everything that has to do with standard system
libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
Guus Sliepen
5db596c684 Simplify logging, update copyrights and some minor cleanups. 2003-07-12 17:41:48 +00:00
Guus Sliepen
0b9175e998 Define logger(), cleans up source code and allows us to write log entries
to a separate file.
2003-07-06 22:11:37 +00:00
Guus Sliepen
9528a63c35 Really make tinc default to any addressfamily. 2003-06-25 20:52:59 +00:00
Guus Sliepen
c70f52087b - Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
- LZO compression, thanks to Teemu Kiviniemi.
- Updated dutch translation.
2003-05-06 21:13:18 +00:00
Guus Sliepen
9792ba2cac - Avoid memory leak caused by OpenSSL 0.9.7a.
- Disable RSA_blinding_on() because it segfaults.
2003-03-28 13:41:49 +00:00
Ivo Timmermans
2fff0a91a7 Call RSA_blinding_on(), as advised in the paper on
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
to offer some resistance against timing attacks.
2003-03-14 09:43:10 +00:00