Commit graph

2191 commits

Author SHA1 Message Date
Guus Sliepen
bc87b45003 Send a new key when we receive packets from a node we don't have a valid key for. 2013-05-18 16:11:30 +02:00
Guus Sliepen
a9b80226e1 Enable and fix warnings from automake. 2013-05-15 13:55:06 +02:00
Sven-Haegar Koch
a518f82af7 Modified some error messages in src/sptps.c. 2013-05-15 13:53:13 +02:00
Guus Sliepen
fa20cfceec Don't try to handle incoming data if sptps_start() has not been called yet. 2013-05-12 13:39:22 +02:00
Guus Sliepen
52f64cdf95 Fix potential NULL pointer dereferences. 2013-05-11 16:54:50 +02:00
Guus Sliepen
d03dc91e27 Don't free ephemeral ECDH keys twice.
ecdh_compute_shared() was changed to immediately delete the ephemeral key after
the shared secret was computed.  Therefore, the pointer to the ecdh_t struct
should be zeroed so it won't be freed again when a struct sptps_t is freed.
2013-05-11 14:14:20 +02:00
Guus Sliepen
fc119fb009 Use read_host_config() where appropriate. 2013-05-11 14:05:28 +02:00
Guus Sliepen
3c163a3796 Fix check for presence of ECDSA public key for outgoing connections.
At this point, c->config_tree may or may not be NULL, but this does not tell us whether it is an
outgoing connection or not. For incoming connections, we do not know the peer's name yet,
so we always have to claim ECDSA support. For outgoing connections, we always need to check
whether we have the peer's ECDSA public key, so that if we don't, we correctly tell the peer that
we want to upgrade.
2013-05-11 14:04:39 +02:00
Guus Sliepen
c83c2d080f Enable the SPTPS protocol by default. 2013-05-10 21:18:32 +02:00
Guus Sliepen
ee34ac3d61 Add a few more checks and warnings in the crypto functions. 2013-05-10 20:55:52 +02:00
Guus Sliepen
214060ef20 Fix warnings for functions marked __attribute((warn_unused_result)). 2013-05-10 20:30:47 +02:00
Guus Sliepen
7b949262c4 Add __attribute__((warn_unused_result)) to crypto functions. 2013-05-10 20:23:01 +02:00
Guus Sliepen
45063953fd Add more __attribute__((malloc)) where appropriate. 2013-05-10 20:15:27 +02:00
Guus Sliepen
0acdce222f Add generic crypto headers.
They should have been included in commit 9b9230a.
2013-05-01 17:58:30 +02:00
Guus Sliepen
5b07039b07 Rename xmalloc_and_zero() to xzalloc().
The former name is more or less only used by tinc, the latter is used by other
projects as well, and shorter as well.
2013-05-01 17:31:33 +02:00
Guus Sliepen
9b9230a0a7 Use conditional compilation for cryptographic functions.
This gets rid of the rest of the symbolic links. However, as a consequence, the
crypto header files have now moved to src/, and can no longer contain
library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t
and rsa_t are now all opaque types, and only pointers to those types can be
used.
2013-05-01 17:17:22 +02:00
Guus Sliepen
e70b5b5bd7 Use conditional compilation for device.c.
This requires the automake option "subdir-objects" to be enabled, and it
becomes more critical to specify the exact path to local header files.
2013-05-01 12:20:06 +02:00
Guus Sliepen
9f8020a09c Modernize the configure script a bit. 2013-05-01 11:46:40 +02:00
Guus Sliepen
43c72093ad Don't try to create tinc.conf when using set or add commands.
It is almost certainly an error. If one really wants to create a new tinc.conf
file, one should use the init command.
2013-04-28 19:33:04 +02:00
Guus Sliepen
8e732fcbbb Releasing 1.1pre7. 2013-04-22 15:54:05 +02:00
Guus Sliepen
258bf7ea0f Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Normally all requests sent via the meta connections are checked so that they
cannot be larger than the input buffer. However, when packets are forwarded via
meta connections, they are copied into a packet buffer without checking whether
it fits into it. Since the packet buffer is allocated on the stack, this in
effect allows an authenticated remote node to cause a stack overflow.

This issue was found by Martin Schobert.
2013-04-22 15:53:45 +02:00
Guus Sliepen
9e2ae03d1d Fix completion of add/del/get/set commands. 2013-03-12 11:28:40 +01:00
Guus Sliepen
f8f250ca12 Describe the SPTPS protocol in the manual.
Also mention that Cipher, Digest and MACLength have no influence on the SPTPS protocol,
since that uses a fixed ciphersuite.
2013-03-12 10:49:45 +01:00
Guus Sliepen
40666a5f5b Remove references to the config keyword. 2013-03-08 16:26:21 +01:00
Guus Sliepen
23a634becf Rename tincctl to tinc. 2013-03-08 16:22:56 +01:00
Guus Sliepen
3793cf10da Include README.android in the tarballs. 2013-03-08 14:12:48 +01:00
Guus Sliepen
4c30004cb6 Avoid calling time(NULL).
In most cases we can use the cached time.
2013-03-08 14:11:15 +01:00
Guus Sliepen
af77e5d475 Allow changing configuration with tincctl without the "config" keyword.
This saves typing some characters, and forces one to be more explicit about the
desired command (get, set).
2013-03-08 11:40:40 +01:00
Guus Sliepen
1d226977a4 Better default output file for generated public keys. 2013-03-08 11:24:37 +01:00
Guus Sliepen
f9ab8e266b Flush output buffers in the tap reader thread on Windows.
This is basically a port of commit 50fcfea1 to 1.1.
2013-03-01 17:37:56 +01:00
Guus Sliepen
4d05e695ab Use UDP when using sptps_test in datagram mode. 2013-02-22 15:37:48 +01:00
Guus Sliepen
a93c0139c5 Releasing 1.1pre6. 2013-02-20 15:35:19 +01:00
Guus Sliepen
d298ebe91c Fix compiler warnings on some BSD variants. 2013-02-20 15:35:08 +01:00
Guus Sliepen
3847b78ba5 Fix compiler warnings on Windows. 2013-02-20 15:34:55 +01:00
Guus Sliepen
1bb969c930 Fix a tiny memory leak.
Found by cppcheck.
2013-02-20 13:59:50 +01:00
Guus Sliepen
d21f63d5b3 Don't expect a response from tincd after sending REQ_STOP. 2013-02-08 16:44:50 +01:00
Guus Sliepen
26eca51650 Let the GUI use UNIX sockets if available. 2013-02-07 15:27:16 +01:00
Guus Sliepen
a8b52becbb Derive UNIX socket filename from PID filename. 2013-02-07 15:26:56 +01:00
Guus Sliepen
079dcd0179 Don't send proxy requests for incoming connections. 2013-02-07 14:22:28 +01:00
Guus Sliepen
ee63f2a32b Fix segmentation fault when trying to connect via a SOCKS5 proxy. 2013-02-06 15:24:02 +01:00
Guus Sliepen
053af97c9e Check for writability when waiting for a socket to finish connecting.
We were checking only for readability, which is not a problem for normal
connections, since the server side of a connection will always send an ID
request. But when using a proxy, the proxy server doesn't send anything before
the client, so tinc would not see that its connection to the proxy had already
been established.
2013-02-06 15:12:53 +01:00
Guus Sliepen
1135669b3c Fix tincd terminating immediately on Windows. 2013-02-06 11:30:35 +01:00
Guus Sliepen
9c878bf56f Remove direct inclusion of OpenSSL headers in net_packet.c and tincd.c. 2013-01-31 16:12:56 +01:00
Guus Sliepen
42b222ecb6 Detect increases in PMTU.
Tinc never restarts PMTU discovery unless a node becomes unreachable. However,
it can be that the PMTU was very low during the initial discovery, but has
increased later. To detect this, tinc now tries to send an extra packet every
PingInterval, with a size slightly higher than the currently known PMTU. If
this packet is succesfully received back, we partially restart PMTU discovery
to find out the new maximum.

Conflicts:
	src/net_packet.c
2013-01-31 16:10:58 +01:00
Guus Sliepen
87416bcd8b Get microsecond time resolution on Windows. 2013-01-21 16:12:18 +01:00
Guus Sliepen
8aadbd4b37 Fix a typo. 2013-01-21 13:59:52 +01:00
Guus Sliepen
3a039ece25 Fix datagram SPTPS.
Commit dd07c9fc1f broke the reception of datagram
SPTPS packets, by undoing the conversion of the sequence number to host byte
order before comparison. This caused error messages like "Packet is 16777215
seqs in the future, dropped (1)".
2013-01-21 13:47:46 +01:00
Guus Sliepen
cc3c69c892 Releasing 1.1pre5. 2013-01-20 21:03:22 +01:00
Guus Sliepen
76dbcf8989 Fix tincctl init when /etc/tinc does not yet exist. 2013-01-20 21:02:58 +01:00
Guus Sliepen
aa46596991 Remove possible definition of timersub(), which is also in dropin.h. 2013-01-20 20:19:08 +01:00