Commit graph

1150 commits

Author SHA1 Message Date
Guus Sliepen
075264a9e1 Make sure the 1.1 branch compiles in a MinGW environment.
UNIX domain sockets, of course, don't exist on Windows. For now, when compiling
tinc in a MinGW environment, try to use a TCP socket bound to localhost as an
alternative.
2009-11-05 23:29:28 +01:00
Guus Sliepen
08615e420b Handle PKCS#5 padding in the gcrypt backend. 2009-11-05 00:02:42 +01:00
Guus Sliepen
d9b2ac6767 Handle truncated message authentication codes with gcrypt.
Commit 4124b9682f did not update the gcrypt
backend.
2009-11-05 00:01:25 +01:00
Guus Sliepen
c4afc48154 Use %x instead of %lx where appropriate.
Some conversions were not properly merged from the master branch.
2009-11-04 16:19:08 +01:00
Guus Sliepen
37ccb325af Don't enable device events when there is no valid filedescriptor. 2009-11-04 16:18:08 +01:00
Guus Sliepen
108b238915 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tinc.texi
	doc/tincd.8.in
	src/Makefile.am
	src/connection.c
	src/edge.c
	src/meta.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/node.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_edge.c
	src/subnet.c
2009-11-02 14:24:27 +01:00
Guus Sliepen
d331f04e45 Start a tinc service if it already exists. 2009-11-01 15:57:28 +01:00
Guus Sliepen
6f6f426b35 Fast handoff of roaming MAC addresses.
In switch mode, if a known MAC address is claimed by a second node before it
expired at the first node, it is likely that this is because a computer has
roamed from the LAN of the first node to that of the second node. To ensure
packets for that computer are routed to the second node, the first node should
delete its corresponding Subnet as soon as possible, without waiting for the
normal expiry timeout.
2009-10-27 23:53:49 +01:00
Guus Sliepen
e00b44cb98 Move socket error interpretation to utils.h. 2009-10-25 01:40:07 +02:00
Guus Sliepen
c11dc8079b Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
2009-10-25 00:50:09 +02:00
Michael Tokarev
1bca167b7e Remove localedir leftovers. 2009-10-24 23:46:11 +02:00
Guus Sliepen
c3acae034c Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
This ensures the DF bit on outgoing UDP packets gets set on Windows when path
MTU discovery is enabled, reducing fragmentation.
2009-10-24 22:32:35 +02:00
Guus Sliepen
242c4e2ca6 Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
2009-10-24 21:53:01 +02:00
Guus Sliepen
d922db253c Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
2009-10-24 21:35:40 +02:00
Guus Sliepen
a8f7fccbc2 Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
2009-10-24 21:32:06 +02:00
Guus Sliepen
cddcdc9af3 Allow UDP packets with an address different from the corresponding TCP connection. 2009-10-24 20:54:44 +02:00
Guus Sliepen
5cbddc68ba Use uint32_t instead of long int for connection options.
Options should have a fixed width anyway, but this also fixes a possible MinGW
compiler bug where %lx tries to print a 64 bit value, even though a long int is
only 32 bits.
2009-10-24 16:15:24 +02:00
Guus Sliepen
468f393c4f Add dummy device. 2009-10-24 16:05:12 +02:00
Guus Sliepen
b6543af762 Clarify and increase level of log message about MTU probes to unreachable nodes. 2009-10-20 22:39:07 +02:00
Guus Sliepen
43a6e78664 Handle weighted Subnets in switch and hub modes.
We now handle MAC Subnets in exactly the same way as IPv4 and IPv6 Subnets.
This also fixes a problem that causes unncessary broadcasting of unicast
packets in VPNs where some daemons run 1.0.10 and some run other versions.
2009-10-20 22:33:16 +02:00
Guus Sliepen
35af4051c3 Fix a possible crash when sending the HUP signal.
When the HUP signal is sent while some outgoing connections have not been made
yet, or are being retried, a NULL pointer could be dereferenced resulting in
tinc crashing. We fix this by more careful handling of outgoing_ts, and by
deleting all connections that have not been fully activated yet at the HUP
signal is received.
2009-10-20 22:14:47 +02:00
Guus Sliepen
c7fdc7d5b8 Remove debugging message when reading packets from a BSD device.
This was inadvertently introduced by commit
4a5d42178c.
2009-10-12 23:51:57 +02:00
Guus Sliepen
ec4c8bcb18 Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
This device works like /dev/tun on Linux, automatically creating a new tap
interface when a program opens it. We now pass the actual name of the newly
created interface in $INTERFACE.
2009-10-12 22:14:47 +02:00
Guus Sliepen
92b8abc921 Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.

If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.

We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
2009-10-11 18:57:58 +02:00
Guus Sliepen
a4f132770d Revert "Raise default crypto algorithms to AES256 and SHA256."
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.

This reverts commit 4bb3793e38.
2009-10-11 13:56:04 +02:00
Guus Sliepen
2762509be1 Remove code duplication when checking ADD_EDGE/DEL_EDGE messages. 2009-10-11 13:54:05 +02:00
Guus Sliepen
5cddf5e52a Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
So that we are liberal in what we accept.
2009-10-11 13:51:10 +02:00
Borg
430c90412c Removed last gettext function. 2009-10-03 13:06:00 +02:00
Guus Sliepen
761517c21c Update FSF address in files not covered by the merge. 2009-09-29 15:33:58 +02:00
Guus Sliepen
07a560eab6 Drop localisation and checkpoint tracing in files not covered by the merge. 2009-09-29 15:19:55 +02:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
2009-09-29 14:55:29 +02:00
Guus Sliepen
46e481dc94 Add more authors to the copyright headers.
Git's log and blame tools were used to find out which files had significant
contributions from authors who sent in patches that were applied before we used
git.
2009-09-25 21:14:56 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
0e6856b137 Remove Ivo's old email addresses. 2009-09-24 23:42:30 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
c23fcf555e Update copyright information.
- Update year numbers in copyright headers.
- Add copyright information for Michael Tokarev and Florian Forster to the
  copyright headers of files to which they have contributed significantly.
- Mention Michael and Florian in AUTHORS.
- Mention that tinc is GPLv3 or later if compiled with the --enable-tunemu
  flag.
2009-09-24 23:29:46 +02:00
Guus Sliepen
4bdf0e80ee Replace asprintf()s not covered by the merge to xasprintf(). 2009-09-16 20:28:30 +02:00
Guus Sliepen
1cbddbd573 Use correct format specifiers. 2009-09-16 20:17:11 +02:00
Guus Sliepen
2f97bdb46b Add missing #include. 2009-09-16 20:16:54 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
2009-09-16 19:55:47 +02:00
Guus Sliepen
b5ccce2968 Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum.  If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives.  We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
2009-09-15 23:22:13 +02:00
Guus Sliepen
d273efb177 Raise default RSA key length to 2048 bits. 2009-09-15 23:04:52 +02:00
Guus Sliepen
b47c17bcde Use a mutex to allow the TAP reader to process packets faster on Windows.
The TAP-Win32 device is not a socket, and select() under Windows only works
with sockets.  Tinc used a separate thread to read from the TAP-Win32 device,
and passed this via a local socket to the main thread which could then select()
from it. We now use a global mutex, which is only unlocked when the main thread
is waiting for select(), to allow the TAP reader thread to process packets
directly.
2009-09-15 22:59:01 +02:00
Guus Sliepen
4bb3793e38 Raise default crypto algorithms to AES256 and SHA256.
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
2009-09-15 12:08:05 +02:00
Guus Sliepen
633c0cf1b0 Use access() instead of stat() for checking whether scripts exist. 2009-09-15 00:36:07 +02:00
Guus Sliepen
f80bf14f28 Also do not use drand48(), it is not available on Windows. 2009-09-14 23:28:28 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
2009-09-14 23:06:00 +02:00
Guus Sliepen
75773efe26 Apparently it's impolite to ask GCC to subtract two pointers.
If two pointers do not belong to the same array, pointer subtraction gives
nonsensical results, depending on the level of optimisation and the
architecture one is compiling for. It is apparently not just subtracting the
pointer values and dividing by the size of the object, but uses some kind of
higher magic not intended for mere mortals. GCC will not warn about this at
all. Casting to void * is also a no-no, because then GCC does warn that strict
aliasing rules are being broken. The only safe way to query the ordering of two
pointers is to use the (in)equality operators.

The unsafe implementation of connection_compare() has probably caused the "old
connection_t for ... still lingering" messages. Our implementation of AVL trees
is augmented with a doubly linked list, which is normally what is traversed.
Only when deleting an old connection the tree itself is traversed.
2009-09-13 14:08:59 +02:00
Guus Sliepen
23e151aeed Remove superfluous call to avl_delete(). 2009-09-13 14:07:40 +02:00
Guus Sliepen
9915f2abbe Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
2009-09-12 14:19:36 +02:00
Guus Sliepen
7242868b64 Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba5
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
2009-09-12 13:40:32 +02:00
Guus Sliepen
052ff8b2c5 Put Subnet weight in a separate environment variable.
Commit 5674bba5c5 introduced weighted Subnets,
but the weight was included in the SUBNET variable passed to subnet-up/down
scripts. This makes it harder to use in those scripts. The weight is now
stripped from the SUBNET variable and put in the WEIGHT variabel.
2009-09-12 13:34:11 +02:00
Guus Sliepen
a60a0a1f13 Don't stat() on iPhone/iPod.
Grzegorz Dymarek noted that tinc segfaults at the stat() call in
execute_script() on the iPhone.  We can omit the stat() call for the moment,
the subsequent call to system() will fail with just a warning.
2009-09-10 19:51:08 +02:00
Guus Sliepen
4a5d42178c Add support for iPhones and recent iPods.
This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use
the tunemu device, which allows tinc to be compiled for iPhones and recent
iPods. To enable support for tunemu, the --enable-tunemu option has to be used
when running the configure script.
2009-09-10 19:32:54 +02:00
Guus Sliepen
ff946d0423 Another safe bitfield conversion. 2009-09-09 14:51:36 +02:00
Guus Sliepen
81afa26e4a Convert bitfields to integers in a safe way.
This is commit eb391c52ee redone, but without the
non-standard anonymous union.
2009-09-09 12:04:08 +02:00
Guus Sliepen
9b394bc887 Ensure tinc compiles with gcc -std=c99.
We use a lot of C99 features already, but also some extensions which are not in
the standard.
2009-09-08 21:45:24 +02:00
Guus Sliepen
f52ea0a7eb UNIX signal numbers start at 1. 2009-09-08 18:21:52 +02:00
Guus Sliepen
73d77dd416 Replace asprintf() by xasprintf(). 2009-09-08 18:18:36 +02:00
Michael Tokarev
63fe89e9eb Remove extra semicolon in my definition of setpriority() 2009-09-08 16:49:38 +02:00
Guus Sliepen
5a7fc58012 Always remove a node from the UDP tree before freeing it.
Valgrind caught tinc reading free'd memory during a purge(). This was caused by
first removing it from the main node tree, which will already call free_node(),
and then removing it from the UDP tree. This might cause spurious segmentation
faults.
2009-09-08 16:35:28 +02:00
Guus Sliepen
de029ce460 Change level of some debug messages, zero pointer after freeing hostname. 2009-06-11 19:39:25 +02:00
Guus Sliepen
66be914d35 Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
2009-06-11 19:26:34 +02:00
Guus Sliepen
df4add94a4 Remove pending MTU probe events when a node's reachability status changes. 2009-06-11 19:07:54 +02:00
Guus Sliepen
36f8e4da8b Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
2009-06-11 18:36:08 +02:00
Guus Sliepen
9b129c07e2 Fix pointer arithmetic when creating and verifying message authentication codes. 2009-06-06 20:14:51 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2009-06-05 23:14:13 +02:00
Guus Sliepen
261d1eac1c Properly set HMAC length for incoming packets. 2009-06-05 16:14:31 +02:00
Michael Tokarev
591c38eb38 try outgoing connections before chroot/drop_privs
When chrooted, we either need to force-initialize resolver
and/or nsswitch somehow (no clean way) or resolve all the
names we want before entering chroot jail.  The latter
looks cleaner, easier and it is actually safe because
we still don't talk with the remote nodes there, only
initiating outgoing connections.
2009-06-05 11:40:08 +02:00
Michael Tokarev
a42a8dde45 cleanup setpriority thing to make it readable 2009-06-05 10:02:55 +02:00
Guus Sliepen
41c10c5a96 Add ProcessPriority option.
This option can be set to low, normal or high. On UNIX flavours, this changes
the nice value of the process by +10, 0 and -10 respectively. On Windows, it
sets the priority to BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS and
HIGH_PRIORITY_CLASS respectively.

A high priority might help to reduce latency and packet loss on the VPN.
2009-05-28 22:51:30 +02:00
Florian Forster
41a05f59ba src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
If a host has multiple addresses on an interface, the source address of the TCP
connection(s) was picked by the operating system while the UDP packets used a
bound socket, i. e. the source address was the address specified by the user.
This caused problems because the receiving code requires the TCP connection and
the UDP connection to originate from the same IP address.

This patch adds support for the `BindToInterface' and `BindToAddress' options
to the setup of outgoing TCP connections.

Tested with Debian Etch on x86 and Debian Lenny on x86_64.

Signed-off-by: Florian Forster <octo@verplant.org>
2009-05-28 00:35:00 +02:00
Florian Forster
6b415a1a7f src/linux/device.c: Fix segfault when running without `--net'.
If running without `--net', the (global) variable `netname' is NULL. This
creates a segmentation fault because this NULL-pointer is passed to strdup:

 Program terminated with signal 11, Segmentation fault.
 #0  0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
 (gdb) bt
 #0  0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
 #1  0xb7d30175 in strdup () from /lib/tls/i686/cmov/libc.so.6
 #2  0x0805bf47 in xstrdup (s=0x0) at xmalloc.c:118  <---
 #3  0x0805be33 in setup_device () at device.c:66
 #4  0x0805072e in setup_myself () at net_setup.c:432
 #5  0x08050db2 in setup_network () at net_setup.c:536
 #6  0x0805b27f in main (argc=Cannot access memory at address 0x0) at tincd.c:580

This patch fixes this by checking `netname' in `setup_device'. An alternative
would be to check for NULL-pointers in `xstrdup' and return NULL in this case.

Signed-off-by: Florian Forster <octo@verplant.org>
2009-05-27 10:55:09 +02:00
Michael Tokarev
a8a65cee08 tunnelserver: log which ADD_SUBNET was refused
Add some logging about refused ADD_SUBNET
(it causes subsequent client disconnect so it's
important to know which subnet was at fault).

Maybe we should just ignore it completely.
2009-05-25 16:55:55 +02:00
Guus Sliepen
4e9e3ca89d Do not forward broadcast packets when TunnelServer is enabled.
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
2009-05-25 15:04:33 +02:00
Guus Sliepen
7fc69bc73b Use packet size before decompression to calculate path MTU.
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
2009-05-25 12:19:37 +02:00
Guus Sliepen
1b3add6c29 Add declaration for sockaddrcmp_noport(). 2009-05-25 12:19:08 +02:00
Michael Tokarev
ca5b67111e Fix ans_key exchange in recent changes
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
2009-05-25 01:30:01 +02:00
Guus Sliepen
7034338bc3 Use xrealloc instead of if(ptr) ptr = xmalloc(). 2009-05-24 19:35:51 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Michael Tokarev
0246939ce1 don't log every strange packet coming to the UDP port
it's a sure way to fill up syslog.  Only log those if
debug level is up to PROTOCOL
2009-05-24 17:28:24 +02:00
Guus Sliepen
2c67eafc6e If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily. 2009-05-24 15:58:47 +02:00
Michael Tokarev
7e4d57adf5 ignore indirect edge registrations in tunnelserver mode
In tunnelserver mode we're not interested to hear about
our client edges, just like in case of subnets.  Just
ignore all requests which are not about our node or the
client node.

The fix is very similar to what was done for subnets.

Note that we don't need to add the "unknown" nodes to
the list in tunnelserver mode too, so move allocation
of new nodes down the line.
2009-05-22 00:43:48 +02:00
Michael Tokarev
3759aa5f77 TunnelServer: Don't disconnect client on DEL_SUBNET too
Similar changes as was in 2327d3f6eb
but for del_subnet_h().

Before, we vere returning false (and causing disconnect of the
client) in case of tunnelserver and the client sending DEL_SUBNET
for non-his subnet or for subnet which owner isn't in our connection
list.

After the mentioned change to add_subnet_h() that routine does not
add such indirect owners to the connection list anymore, so that
was ok (owner == NULL and we return true).

But if we too has a connection with the node about which the client
is sending DEL_SUBNET notification, say, because that client lost
connection with that other node, we'll disconnect this client from
us too, returning false for indirect DEL_SUBNET.

Fix that by allowing and ignoring indirect DEL_SUBNET in tunnelserver
mode.

Also rearranged the function a bit, to match add_subnet_h() (in
particular, syntax-check everything first, see if we've seen this
request before).

And also fix some comments.
2009-05-20 20:16:19 +02:00
Michael Tokarev
218adee785 format 'not supported on this platform' error message
Format it in a similar way in all places, to make translation happier.
No functional changes.
2009-05-18 15:35:52 +02:00
Michael Tokarev
54cb6b1aec change error messages in droppriv code to match the rest
Change formatting of error messages about failed syscalls
to be the same as in other places in tincd.

Also suggest a change in "$foo not supported on this platform"
message as it's now used more than once.
2009-05-18 15:05:43 +02:00
Michael Tokarev
d4f9863635 bugfix: chdir(/) after chroot
Fix the famous chdir(".") vs chdir("/") after chroot(something).
2009-05-18 15:05:43 +02:00
Michael Tokarev
6be5d4f5b6 bugfix: move mlock to after detach() so it works for child, not parent
mlock()/mlockall() are not persistent across fork(), and it's
done in parent process before daemon() which does fork().  So
basically, current --mlock does nothing useful.

Move mlock() to after detach() so it works for child process
instead of parent.

Also, check if the platform supports mlock right when processing
options (since else we'll have to die after startup, not at
startup, the error message will be in log only).
2009-05-18 15:03:56 +02:00
Michael Tokarev
ec316aa32e Implement privilege dropping
Add two options, -R/--chroot and -U/--user=user, to chroot to the
config directory (where tinc.conf is located) and to perform
setuid to the user specified, after all the initialization is done.

What's left is handling of pid file since we can't remove it anymore.
2009-05-18 14:34:24 +02:00
Michael Tokarev
6698f7c390 Rename setup_network_connections() and split out try_outgoing_connections()
In preparation of chroot/setuid operations, split out call to
try_outgoing_connections() from setup_network_connections()
(which was the last call in setup_network_connections()).
This is because dropping privileges should be done in-between
setup_network_connections() and try_outgoing_connections().

This patch renames setup_network_connections() to setup_network()
and moves call to try_outgoing_connections() into main routine.

No functional changes.
2009-05-18 14:34:24 +02:00
Guus Sliepen
3308d13e7e Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange.  The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different.  Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
2009-04-03 01:05:23 +02:00
Guus Sliepen
08aabbf931 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	doc/tinc.conf.5.in
	doc/tinc.texi
	po/nl.po
	src/conf.c
	src/connection.c
	src/event.c
	src/graph.c
	src/net.c
	src/net_packet.c
	src/net_socket.c
	src/node.c
	src/node.h
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
	src/protocol_misc.c
	src/subnet.c
	src/subnet.h
	src/tincd.c
2009-03-09 19:02:24 +01:00
Guus Sliepen
43fa7283ac Use a simple Random Early Drop algorithm in send_tcppacket(). 2009-03-09 14:04:31 +01:00
Guus Sliepen
d5b56bbba5 Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU.  However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
2009-03-09 13:48:54 +01:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
5674bba5c5 Allow weight to be assigned to Subnets.
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.

Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority.  The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
2009-03-05 13:34:13 +01:00
Michael Tokarev
76a1bcaffc Enable PMTUDiscovery only if BOTH sides wants it.
Don't enable PMTUDiscovery if at least one side does not support it.
Before it was enabled if at least one side supported it, now both are required.
2009-03-04 21:12:20 +01:00
Guus Sliepen
1c1a67fd93 Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
2009-02-17 14:43:05 +01:00
Michael Tokarev
2327d3f6eb Allow tunnelserver to work with clients that have other peers.
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too).  Fix that by ignoring such (indirect) announces instead.

While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
2009-02-09 23:51:10 +01:00
Guus Sliepen
23730375f2 Disable old RSA keys when generating new ones.
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
2009-02-03 14:54:45 +01:00
Guus Sliepen
0d0dfd0852 Validate Name before using it in a filename when generating a keypair. 2009-01-20 14:21:50 +01:00
Guus Sliepen
0966cca8ab Allow reading config files with CRLF endings on Unix systems. 2009-01-20 14:20:44 +01:00
Guus Sliepen
d1910ac198 Remove unused definitions from net.h. 2009-01-20 13:19:31 +01:00
Guus Sliepen
503c32eb0e Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.

Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
2009-01-20 13:12:41 +01:00
Guus Sliepen
a7e793c94e Add missing cleanup functions in close_network_connections(). 2009-01-19 23:17:28 +01:00
Guus Sliepen
116065afe3 Change flush_events() to expire_events().
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree.  This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.

The new function just moves the expiration time of all events to the past.
2009-01-19 22:50:05 +01:00
Guus Sliepen
a39a9506cd Move free()s at the end om main() to the proper destructor functions. 2009-01-09 12:36:06 +01:00
Guus Sliepen
67df7fb7e1 Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP.  The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
b069da90d6 Consistently allocate device and iface variables on the heap.
This fixes a segfault when no Device has been specified and tinc exits, and it
would try to free() a static string. Thanks to Borg for spottin.
2009-01-03 22:06:10 +01:00
Guus Sliepen
a4d99ebf50 Add missing parentheses in check for IPv4 multicast addresses. 2008-12-26 12:46:45 +00:00
Guus Sliepen
099bc56f53 Apply patch from Max Rijevski fixing a memory leak when closing connections.
It also cleans up more when stopping tinc, helping tools like valgrind.
2008-12-23 23:14:37 +00:00
Guus Sliepen
de032054de Handle broadcast and multicast packets in router mode.
Multicast packets are treated as broadcast packets.
Based on a patch from Max Rijevski.
2008-12-23 22:31:38 +00:00
Guus Sliepen
0e4d419aae Enable PMTU discovery by default. 2008-12-22 20:35:45 +00:00
Guus Sliepen
e9576632dc Update copyright information. 2008-12-22 20:27:52 +00:00
Guus Sliepen
26b490e86b Make sure IPv6 sockets are IPv6 only.
This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
in use" message on Linux.
2008-12-22 19:40:40 +00:00
Guus Sliepen
c6830ba821 Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works. 2008-12-22 19:33:37 +00:00
Guus Sliepen
a269ec4193 Treat virtual network device as tap if Mode = switch or hub.
On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
2008-12-21 16:19:31 +00:00
Guus Sliepen
551cd19406 Move RSA key generation into the wrappers. 2008-12-14 12:47:26 +00:00
Guus Sliepen
911c05f873 Make sure IPv6 sockets are IPv6 only. 2008-12-11 20:49:14 +00:00
Guus Sliepen
6e80da3370 Use Dijkstra's algorithm. Based on patches from Max Rijevskiy. 2008-12-11 18:07:26 +00:00
Guus Sliepen
26a228e302 Remove wrong checks. 2008-12-11 18:05:59 +00:00
Guus Sliepen
636200d1a2 Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible. 2008-12-11 15:56:18 +00:00
Guus Sliepen
a9bdfb424e Fix compiler warnings. 2008-12-11 15:42:46 +00:00
Guus Sliepen
76165488f8 Backport fixes from trunk since revision 1555. 2008-12-11 15:21:40 +00:00
Guus Sliepen
046158a216 Use the crypto wrappers again instead of calling OpenSSL directly.
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Guus Sliepen
8e8fe805c8 Only show meta connection related debug messages when debug level >= 4 2008-12-11 14:03:52 +00:00
Guus Sliepen
40bebbb19f Look in the configured sbin directory for the tincd binary. 2008-12-11 13:59:46 +00:00
Guus Sliepen
38c2d6c1da Correct debug message. 2008-12-05 14:17:39 +00:00
Guus Sliepen
a36259435c Prevent freeing a NULL pointer when a hostname is unresolvable. 2008-11-18 15:11:27 +00:00
Guus Sliepen
4a1740ede7 Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes. 2008-10-25 19:54:00 +00:00
Guus Sliepen
cb52aa0683 Fix reading configuration files that do not end with a newline. 2008-10-25 18:10:08 +00:00
Guus Sliepen
b2cee41b18 Make sure the prefixlength of subnets is sane.
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
2007-12-14 21:17:08 +00:00
Scott Lamb
fe2f1fceb5 Use a control socket directory to restrict access
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.

We could add a cryptographic handshake later if desired.
2007-11-08 19:18:44 +00:00
Scott Lamb
b1f8c65a2c Coding style corrections 2007-11-07 06:45:28 +00:00
Scott Lamb
d82fcc88f3 Reload configuration through control socket
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
2007-11-07 02:51:24 +00:00
Scott Lamb
f0a57eab4c Retry connections through control socket 2007-11-07 02:50:58 +00:00
Scott Lamb
a62a6825a8 Alter debugging levels through control socket 2007-11-07 02:50:27 +00:00
Scott Lamb
1065879c8c Purge through the control socket 2007-11-07 02:49:57 +00:00
Scott Lamb
6eaefb4dbc Dump through control socket
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
2007-11-07 02:49:25 +00:00
Scott Lamb
50ad3f2a89 Fancier protocol for control socket
* pass error status back
* pass message boundaries
2007-11-07 02:48:33 +00:00
Scott Lamb
b0b5299184 Fix reload crash
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
2007-11-07 02:48:15 +00:00
Scott Lamb
40731d030f Temporarily revert to old crypto code
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)

This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Guus Sliepen
269892f70b Prevent double free() of a used challenge nonce. 2007-10-20 11:21:44 +00:00
Guus Sliepen
b0709d2649 Fix meta data segfault when receiving a partial command. 2007-10-19 19:07:30 +00:00
Guus Sliepen
67d9a72ea2 Use a dummy function as the read callback for connection bufferevents. Should not be triggered. 2007-10-19 18:54:43 +00:00
Guus Sliepen
54892b2e3e Fix connection weight estimation. 2007-10-19 18:53:48 +00:00
Guus Sliepen
6c453769fd Apply patch from Scott Lamb: Update documentation to match tincctl changes 2007-09-04 15:06:35 +00:00
Guus Sliepen
86358fabfe Small fixes to make gcrypt routines compile. 2007-09-04 14:58:52 +00:00
Guus Sliepen
f8733d1935 Fix formatting of --help output. 2007-09-04 14:58:11 +00:00
Guus Sliepen
d7ca0300a3 Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this. 2007-08-17 22:09:00 +00:00
Scott Lamb
1fd1d5bd93 const correctness
cipher_encrypt and cipher_decrypt should take "const void *" data
2007-07-20 20:10:46 +00:00
Guus Sliepen
1b8f891836 Finish crypto wrapping. Also provide wrappers for OpenSSL.
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
2007-05-23 13:45:49 +00:00
Guus Sliepen
f42e57f663 Some more crypto wrapper functions are needed. 2007-05-22 23:41:22 +00:00
Guus Sliepen
19413a8048 Make sure the crypto wrapper functions can actually be compiled. 2007-05-22 21:44:17 +00:00
Guus Sliepen
e8689a4753 Create wrappers for the cryptographic operations used in tinc.
Implement them using libgcrypt.
2007-05-22 21:32:48 +00:00
Guus Sliepen
465837dd7f Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption. 2007-05-20 22:28:49 +00:00
Guus Sliepen
fbf305c09d Use libevent for meta socket input/output buffering. 2007-05-19 22:23:02 +00:00
Guus Sliepen
59108e4e4f Use bufferevents to handle control socket buffering. 2007-05-19 16:21:52 +00:00
Guus Sliepen
8c6131deda Implement "stop" command, and allow tincctl to retrieve a running tincd's PID. 2007-05-19 15:21:26 +00:00
Guus Sliepen
e9043e17c7 Move key generation to tincctl. 2007-05-19 14:55:35 +00:00
Guus Sliepen
bf8e3ce13d Remove pidfile in favour of control socket. 2007-05-19 14:13:21 +00:00
Guus Sliepen
bc0a24ec81 Fix retrying outgoing connections. 2007-05-19 13:34:32 +00:00
Guus Sliepen
ce976717ea We can safely delete a connection_t in terminate_connection() now. 2007-05-19 12:07:30 +00:00
Guus Sliepen
01f47c46af Start of control socket implementation. 2007-05-18 16:52:34 +00:00
Guus Sliepen
e37ef57a95 More consistent variable naming. 2007-05-18 11:19:31 +00:00
Guus Sliepen
29fbce4497 Detect duplicate outgoing connections. 2007-05-18 10:29:10 +00:00
Guus Sliepen
fb0cfccf7d Use splay trees instead of AVL trees. 2007-05-18 10:05:26 +00:00
Guus Sliepen
f02d3ed3e1 K&R style braces 2007-05-18 10:00:00 +00:00
Guus Sliepen
760dd966ef Remove last references to the global variable "running". 2007-05-18 09:51:54 +00:00
Guus Sliepen
3909b8e51b Remove the last bits of the legacy main_loop(). 2007-05-18 09:43:52 +00:00
Guus Sliepen
ddc6a81a85 Remove global variable "now". 2007-05-18 09:34:06 +00:00
Guus Sliepen
7e1117197c Move key regeneration handling to net_setup.c. 2007-05-17 23:57:48 +00:00
Guus Sliepen
563577a147 Use libevent to handle key expiration. 2007-05-17 23:33:07 +00:00
Guus Sliepen
8852d4407d Use libevent to age learned MAC addresses. 2007-05-17 23:24:40 +00:00
Guus Sliepen
a530f94e7c Use libevent to age past requests. 2007-05-17 23:14:42 +00:00
Guus Sliepen
aaf1851315 Redo SIGALRM handling. 2007-05-17 23:04:02 +00:00
Guus Sliepen
6d19ebd612 Use libevent to handle all non-fatal signals. 2007-05-17 22:41:34 +00:00
Guus Sliepen
531d5a904a Properly use the timeout_initialized() macro. 2007-05-17 22:17:24 +00:00
Guus Sliepen
bf6490825e Remove legacy event system. 2007-05-17 22:13:12 +00:00
Guus Sliepen
a67ab277c9 Use libevent for retrying outgoing connections. 2007-05-17 22:09:55 +00:00
Guus Sliepen
3321591d93 Use libevent to send MTU probes. 2007-05-17 22:01:07 +00:00
Guus Sliepen
ee7844905f Configure events after obtaining a socket. 2007-05-17 21:47:27 +00:00
Guus Sliepen
294ce72441 Use libevent to handle HUP signal. 2007-05-17 21:34:58 +00:00
Guus Sliepen
4d0621b1f3 Use libevent to dump graphs when necessary.
event_add() can be called repeatedly, the second and later calls are ignored if
the event hasn't been removed yet.
2007-05-17 21:14:30 +00:00
Guus Sliepen
0f6f54ff8a Use a separate event structure to handle meta data writes.
Make meta socket events persistent.
2007-05-17 20:20:10 +00:00
Guus Sliepen
17c8033029 128 listener sockets is way too much. 2007-05-17 19:52:12 +00:00
Guus Sliepen
d8dea8091f Properly delete listener socket events on shutdown. 2007-05-17 19:51:26 +00:00
Guus Sliepen
6ea1dfc995 Port fixes from release 1.0.8. 2007-05-17 19:15:48 +00:00
Guus Sliepen
6af8900f8e Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski. 2007-05-16 14:46:25 +00:00
Guus Sliepen
480dd127c8 Make sure connection->name is never NULL. 2007-05-16 14:42:08 +00:00
Guus Sliepen
f0cf4991e2 Apply patch from "dnk" making sockets non-blocking under Windows. 2007-05-14 09:21:09 +00:00
Guus Sliepen
3730156165 Only free members of connection_t that have been allocated. 2007-03-12 17:55:43 +00:00
Scott Lamb
38c25d62c2 Convert to libevent.
This is a quick initial conversion that doesn't yet show much advantage:
- We roll our own timeouts.
- We roll our own signal handling.
- We build up the meta connection fd events on each loop rather than
  on state changes.
2007-02-27 01:57:01 +00:00
Scott Lamb
834290b00f A couple missed tevent things.
(Sorry; had a couple changes queued.)
2007-02-27 01:30:57 +00:00
Scott Lamb
6362b12df7 Rename "event_t" to "tevent_t", along with associated functions.
This relieves some confusion and problems during the libevent transition.
In particular, "event_add" was defined by both.
(The 't' stands for 'timeout', 'tinc', 'temporary', or some such.)
2007-02-27 01:26:11 +00:00
Guus Sliepen
45fca3c723 Apply patch from Scott Lamb fixing some memory and resource leaks. 2007-02-14 09:21:34 +00:00
Guus Sliepen
6c6535a416 Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM. 2007-02-14 09:20:20 +00:00
Guus Sliepen
a1e72f84d0 Update copyright notices. 2007-01-05 13:18:36 +00:00
Guus Sliepen
d80cc7a5cc rename() cannot replace existing files on Windows. 2007-01-05 05:44:01 +00:00
Guus Sliepen
5214ece030 Fix generic BSD tun device to write only the actual packet length.
Due to a copy&paste bug, it tried to write a packet with the maximum size.
This was not a problem until the maximum size was increased to support VLANs.
2007-01-05 04:49:02 +00:00
Guus Sliepen
40f02ff8ee Tapreader socket should be bound to localhost only. 2007-01-04 15:28:36 +00:00
Guus Sliepen
03f3fc01e8 Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
It's a wonder it ever worked before. The socket that is created is not of a
datagram type, therefore packet boundaries were not preserved, which becomes
a problem as soon as the TAP-Win32 device receives packets in fast succession.
2007-01-03 18:18:54 +00:00
Guus Sliepen
855806b2f7 Do a simple test for linux/if_tun.h instead of no test at all. 2006-12-16 16:53:58 +00:00
Guus Sliepen
0322c0883b Remove the test for linux/if_tun.h.
It has been available for years on any decent Linux distribution.
Although linux/if_tun.h is now required to compile tinc,
you can still run it on systems which only support Ethertap.
2006-12-16 16:40:09 +00:00
Guus Sliepen
b834d67d7c Use the correct next pointer. 2006-12-12 14:54:39 +00:00
Guus Sliepen
8b55dfacb1 When building the minimum spanning tree, make sure we start from a reachable node. 2006-12-12 14:49:09 +00:00
Guus Sliepen
47d916ec5e Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h. 2006-11-29 17:18:39 +00:00
Guus Sliepen
1bb5a284fe Make sure resolved addressed for outgoing connections are freed, if there are any. 2006-11-29 16:57:46 +00:00
Guus Sliepen
e5b1b5cefb EWOULDBLOCK does not exist on platforms without O_NONBLOCK 2006-11-14 12:28:04 +00:00
Guus Sliepen
0714ac6c59 Nodes use events, so event system should be initialised first and destroyed last. 2006-11-11 22:44:15 +00:00
Guus Sliepen
8d393b30a9 Support and autodetect LZO version 2.0 and later. 2006-11-11 20:10:46 +00:00
Guus Sliepen
0d1ac68c59 popen() requires pclose(). 2006-11-11 14:37:03 +00:00
Guus Sliepen
0200d3cd5d Added graph dumping ability based on Markus Goetz's patch. 2006-11-11 14:11:16 +00:00
Guus Sliepen
1728d5b2c4 The "active" bit in node.status is not used. 2006-11-11 13:43:00 +00:00
Guus Sliepen
134dc8995b memcpy() addresses from packet headers before calling the lookup functions.
This probably fixes a problem on the ARM architecture that causes tinc to fail to lookup IPv4 addresses.
2006-08-09 22:31:10 +00:00
Guus Sliepen
64e0519cb5 Remove unused variable. 2006-08-08 13:50:58 +00:00
Guus Sliepen
ddcf079cad Remove unused parameter from maskcmp(). 2006-08-08 13:44:37 +00:00
Guus Sliepen
c620df3c15 Remove unused variables. 2006-08-08 13:44:19 +00:00
Guus Sliepen
9fa27097dd Fix format string warnings. 2006-08-08 13:29:17 +00:00
Guus Sliepen
eb391c52ee Do not break strict aliasing of status_t structs. 2006-08-08 13:21:08 +00:00
Guus Sliepen
2077451e07 Add generic host-up and host-down scripts.
Thanks to Menno Smits for a patch.
2006-06-12 21:45:39 +00:00
Guus Sliepen
f88c9942e1 Use memcpy() to copy sockaddrs returned by getaddrinfo().
Thanks to Miles Nordin for spotting this.
2006-06-11 18:53:27 +00:00
Guus Sliepen
412f3fb510 Restore length of the original packet in send_udppacket(). 2006-04-26 16:29:47 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
8ebb017a10 Fix a bug in handling prefixlengths that are not a multiple of 4.
Thanks to Sven-Haegar Koch for spotting the bug and providing the fix.
2006-04-12 08:38:35 +00:00
Guus Sliepen
af95368c0f Fix signedness compiler warnings. 2006-03-19 13:06:21 +00:00
Guus Sliepen
fb1cda2ca4 Export flush_meta(). 2006-03-19 12:43:45 +00:00
Guus Sliepen
098090468a Missing #include. 2006-03-19 12:43:28 +00:00
Guus Sliepen
a90f1b652c Make sure $NAME is set correctly when executing tinc-down script. 2006-02-06 12:30:51 +00:00
Guus Sliepen
228e7a5c8f Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
This helps coalescing multiple send_meta() commands into one TCP packet.
Also limit the size of the output buffer before dropping PACKETs.
2006-01-19 17:13:18 +00:00
Guus Sliepen
a5a4d2b865 Apply patch from Scott Lamb unifying configuration of TCP socket options. 2006-01-13 11:21:59 +00:00
Guus Sliepen
e02f13cdb3 EVP_Cleanup() when quitting. 2006-01-13 11:09:19 +00:00
Guus Sliepen
0912260755 Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh. 2005-11-16 10:45:11 +00:00
Guus Sliepen
e810545dc2 Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
Thanks to Tonnerre Lombard for noticing!
2005-06-03 10:16:03 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
faaaa1ef38 Searching through splay trees may change the tree variable. 2005-05-04 15:52:55 +00:00
Guus Sliepen
dc09f6fe89 Be on the safe side with initialisation of c->name. 2005-05-04 15:51:45 +00:00
Guus Sliepen
92c4a28d7d Remove unused (and potentially segfaulting) net2str() call. 2005-04-06 20:43:37 +00:00
Guus Sliepen
6363ed4d9c Don't try to add a non-existing node back to the node_udp_tree. 2005-01-20 15:14:25 +00:00
Guus Sliepen
39fe3b445c Nodes should only be in the node_udp_tree if they are reachable. 2005-01-04 22:19:56 +00:00
Guus Sliepen
fe0bfa3e65 Correct size argument for strncat(). 2005-01-04 22:18:58 +00:00
Guus Sliepen
56c36a14d8 Use the proper free function. 2004-12-03 13:27:33 +00:00
Guus Sliepen
18c617ecf2 Free memory used by connection_t after it is deleted from the connection tree. 2004-12-03 13:22:18 +00:00
Guus Sliepen
672ad5634c Small fix. 2004-12-01 21:26:51 +00:00
Guus Sliepen
40b1692940 subnet-up/down hooks, use list_t for the todo list. 2004-12-01 20:06:39 +00:00
Guus Sliepen
c46f56a8b8 subnet-up/down hooks 2004-12-01 20:06:05 +00:00