Commit graph

34 commits

Author SHA1 Message Date
Guus Sliepen
af2e0c9a32 Remove unused functions and variables. 2011-06-02 17:57:53 +02:00
Guus Sliepen
b3aeaf0f91 Show hostname and port in error message when connecting to a running tincd. 2011-05-29 22:10:54 +02:00
Guus Sliepen
5bc957074a Allow tincctl to connect to something besides localhost.
This would allow tincctl to connect to a remote tincd, or to a local tincd that
isn't listening on localhost, for example if it is using the BindToInterface or
BindToAddress options.
2011-05-29 14:41:05 +02:00
Sven-Haegar Koch
e6b21e1a51 fgets() returns NULL on error, not < 0 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
d772289f6d sparse fixup: warning: symbol '...' was not declared. Should it be static? 2011-05-28 15:24:39 +02:00
Guus Sliepen
453c44e7b2 Add the ability to dump all traffic going through route() over a control connection.
One can get the packet stream in pcap format, which can be decoded using
tcpdump, for example:

tincctl -n <netname> pcap | tcpdump -r -
2011-05-22 14:17:30 +02:00
Guus Sliepen
8de8f1d9e2 Fix some compiler warnings. 2011-05-17 10:58:22 +02:00
Guus Sliepen
97355690b9 Add a very primitive "top" command to tincctl. 2011-05-15 13:16:48 +02:00
Guus Sliepen
55ef2f806f Allow connections to be closed.
This only closes existing meta connections, it may not affect node
reachability.
2009-12-16 21:16:56 +01:00
Guus Sliepen
5d78e497f1 Fix compiler warnings. 2009-12-11 22:38:06 +01:00
Guus Sliepen
fec14791e8 Only call ioctlsocket() on Windows. 2009-12-11 22:24:07 +01:00
Guus Sliepen
edebf579f2 Use the TCP socket infrastructure for control sockets.
The control socket code was completely different from how meta connections are
handled, resulting in lots of extra code to handle requests.  Also, not every
operating system has UNIX sockets, so we have to resort to another type of
sockets or pipes for those anyway.  To reduce code duplication and make control
sockets work the same on all platforms, we now just connect to the TCP port
where tincd is already listening on.

To authenticate, the program that wants to control a running tinc daemon must
send the contents of a cookie file. The cookie is a random 256 bits number that
is regenerated every time tincd starts. The cookie file should only be readable
by the same user that can start a tincd.

Instead of the binary-ish protocol previously used, we now use an ASCII
protocol similar to that of the meta connections, but this can still change.
2009-11-07 23:43:25 +01:00
Guus Sliepen
c388527e34 Small fixes to get really working control sockets on Windows. 2009-11-07 16:09:56 +01:00
Guus Sliepen
075264a9e1 Make sure the 1.1 branch compiles in a MinGW environment.
UNIX domain sockets, of course, don't exist on Windows. For now, when compiling
tinc in a MinGW environment, try to use a TCP socket bound to localhost as an
alternative.
2009-11-05 23:29:28 +01:00
Guus Sliepen
761517c21c Update FSF address in files not covered by the merge. 2009-09-29 15:33:58 +02:00
Guus Sliepen
07a560eab6 Drop localisation and checkpoint tracing in files not covered by the merge. 2009-09-29 15:19:55 +02:00
Guus Sliepen
4bdf0e80ee Replace asprintf()s not covered by the merge to xasprintf(). 2009-09-16 20:28:30 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
2009-09-16 19:55:47 +02:00
Guus Sliepen
551cd19406 Move RSA key generation into the wrappers. 2008-12-14 12:47:26 +00:00
Guus Sliepen
636200d1a2 Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible. 2008-12-11 15:56:18 +00:00
Guus Sliepen
a9bdfb424e Fix compiler warnings. 2008-12-11 15:42:46 +00:00
Guus Sliepen
40bebbb19f Look in the configured sbin directory for the tincd binary. 2008-12-11 13:59:46 +00:00
Scott Lamb
fe2f1fceb5 Use a control socket directory to restrict access
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.

We could add a cryptographic handshake later if desired.
2007-11-08 19:18:44 +00:00
Scott Lamb
b1f8c65a2c Coding style corrections 2007-11-07 06:45:28 +00:00
Scott Lamb
d82fcc88f3 Reload configuration through control socket
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
2007-11-07 02:51:24 +00:00
Scott Lamb
f0a57eab4c Retry connections through control socket 2007-11-07 02:50:58 +00:00
Scott Lamb
a62a6825a8 Alter debugging levels through control socket 2007-11-07 02:50:27 +00:00
Scott Lamb
1065879c8c Purge through the control socket 2007-11-07 02:49:57 +00:00
Scott Lamb
6eaefb4dbc Dump through control socket
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
2007-11-07 02:49:25 +00:00
Scott Lamb
50ad3f2a89 Fancier protocol for control socket
* pass error status back
* pass message boundaries
2007-11-07 02:48:33 +00:00
Guus Sliepen
8c6131deda Implement "stop" command, and allow tincctl to retrieve a running tincd's PID. 2007-05-19 15:21:26 +00:00
Guus Sliepen
e9043e17c7 Move key generation to tincctl. 2007-05-19 14:55:35 +00:00
Guus Sliepen
bf8e3ce13d Remove pidfile in favour of control socket. 2007-05-19 14:13:21 +00:00
Guus Sliepen
01f47c46af Start of control socket implementation. 2007-05-18 16:52:34 +00:00