Michael Tokarev
2327d3f6eb
Allow tunnelserver to work with clients that have other peers.
...
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
2009-02-09 23:51:10 +01:00
Guus Sliepen
23730375f2
Disable old RSA keys when generating new ones.
...
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
2009-02-03 14:54:45 +01:00
Guus Sliepen
0d0dfd0852
Validate Name before using it in a filename when generating a keypair.
2009-01-20 14:21:50 +01:00
Guus Sliepen
0966cca8ab
Allow reading config files with CRLF endings on Unix systems.
2009-01-20 14:20:44 +01:00
Guus Sliepen
d1910ac198
Remove unused definitions from net.h.
2009-01-20 13:19:31 +01:00
Guus Sliepen
503c32eb0e
Use a global list to track outgoing connections.
...
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
2009-01-20 13:12:41 +01:00
Guus Sliepen
a7e793c94e
Add missing cleanup functions in close_network_connections().
2009-01-19 23:17:28 +01:00
Guus Sliepen
116065afe3
Change flush_events() to expire_events().
...
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
2009-01-19 22:50:05 +01:00
Guus Sliepen
a39a9506cd
Move free()s at the end om main() to the proper destructor functions.
2009-01-09 12:36:06 +01:00
Guus Sliepen
67df7fb7e1
Only send packets via UDP if UDP communication is possible.
...
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
b069da90d6
Consistently allocate device and iface variables on the heap.
...
This fixes a segfault when no Device has been specified and tinc exits, and it
would try to free() a static string. Thanks to Borg for spottin.
2009-01-03 22:06:10 +01:00
Guus Sliepen
f81cea3bdc
Update documentation for git.
2008-12-27 11:09:43 +01:00
Guus Sliepen
c81f90b91a
Releasing 1.0.9.
2008-12-26 13:47:34 +00:00
Guus Sliepen
a4d99ebf50
Add missing parentheses in check for IPv4 multicast addresses.
2008-12-26 12:46:45 +00:00
Guus Sliepen
099bc56f53
Apply patch from Max Rijevski fixing a memory leak when closing connections.
...
It also cleans up more when stopping tinc, helping tools like valgrind.
2008-12-23 23:14:37 +00:00
Guus Sliepen
de032054de
Handle broadcast and multicast packets in router mode.
...
Multicast packets are treated as broadcast packets.
Based on a patch from Max Rijevski.
2008-12-23 22:31:38 +00:00
Guus Sliepen
a5f899a979
Update the manpage as well, and some whitespace to make its source more legible.
2008-12-22 21:49:23 +00:00
Guus Sliepen
e8f08ced76
Update documentation.
...
- TCPOnly is not experimental.
- Do not mention old Linux kernels and Ethertap anymore.
- Document the DeviceType, PMTU and PMTUDiscovery options.
2008-12-22 21:29:21 +00:00
Guus Sliepen
0e4d419aae
Enable PMTU discovery by default.
2008-12-22 20:35:45 +00:00
Guus Sliepen
e9576632dc
Update copyright information.
2008-12-22 20:27:52 +00:00
Guus Sliepen
f50dc972cd
Update Dutch translation.
2008-12-22 19:43:49 +00:00
Guus Sliepen
26b490e86b
Make sure IPv6 sockets are IPv6 only.
...
This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
in use" message on Linux.
2008-12-22 19:40:40 +00:00
Guus Sliepen
c6830ba821
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
2008-12-22 19:33:37 +00:00
Guus Sliepen
a269ec4193
Treat virtual network device as tap if Mode = switch or hub.
...
On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
2008-12-21 16:19:31 +00:00
Guus Sliepen
551cd19406
Move RSA key generation into the wrappers.
2008-12-14 12:47:26 +00:00
Guus Sliepen
911c05f873
Make sure IPv6 sockets are IPv6 only.
2008-12-11 20:49:14 +00:00
Guus Sliepen
6e80da3370
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
2008-12-11 18:07:26 +00:00
Guus Sliepen
26a228e302
Remove wrong checks.
2008-12-11 18:05:59 +00:00
Guus Sliepen
636200d1a2
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
2008-12-11 15:56:18 +00:00
Guus Sliepen
a9bdfb424e
Fix compiler warnings.
2008-12-11 15:42:46 +00:00
Guus Sliepen
76165488f8
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
Guus Sliepen
046158a216
Use the crypto wrappers again instead of calling OpenSSL directly.
...
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Guus Sliepen
8c69f42d7d
Move AC_GNU_SOURCE up to make autoconf happy.
...
Also bump libgcrypt dependency to 1.4.0, because that version supports the OFB cipher mode.
2008-12-11 14:43:13 +00:00
Guus Sliepen
8e8fe805c8
Only show meta connection related debug messages when debug level >= 4
2008-12-11 14:03:52 +00:00
Guus Sliepen
40bebbb19f
Look in the configured sbin directory for the tincd binary.
2008-12-11 13:59:46 +00:00
Guus Sliepen
38c2d6c1da
Correct debug message.
2008-12-05 14:17:39 +00:00
Guus Sliepen
a36259435c
Prevent freeing a NULL pointer when a hostname is unresolvable.
2008-11-18 15:11:27 +00:00
Guus Sliepen
4a1740ede7
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
2008-10-25 19:54:00 +00:00
Guus Sliepen
cb52aa0683
Fix reading configuration files that do not end with a newline.
2008-10-25 18:10:08 +00:00
Guus Sliepen
b2cee41b18
Make sure the prefixlength of subnets is sane.
...
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
2007-12-14 21:17:08 +00:00
Scott Lamb
fe2f1fceb5
Use a control socket directory to restrict access
...
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.
We could add a cryptographic handshake later if desired.
2007-11-08 19:18:44 +00:00
Scott Lamb
b1f8c65a2c
Coding style corrections
2007-11-07 06:45:28 +00:00
Scott Lamb
d82fcc88f3
Reload configuration through control socket
...
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
2007-11-07 02:51:24 +00:00
Scott Lamb
f0a57eab4c
Retry connections through control socket
2007-11-07 02:50:58 +00:00
Scott Lamb
a62a6825a8
Alter debugging levels through control socket
2007-11-07 02:50:27 +00:00
Scott Lamb
1065879c8c
Purge through the control socket
2007-11-07 02:49:57 +00:00
Scott Lamb
6eaefb4dbc
Dump through control socket
...
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
2007-11-07 02:49:25 +00:00
Scott Lamb
50ad3f2a89
Fancier protocol for control socket
...
* pass error status back
* pass message boundaries
2007-11-07 02:48:33 +00:00
Scott Lamb
b0b5299184
Fix reload crash
...
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
2007-11-07 02:48:15 +00:00
Scott Lamb
da81da064a
Update documentation to match tincctl changes
...
(Most of this was done in r1559, but it looks like tincctl.8.in got missed.)
2007-11-07 02:48:00 +00:00