Commit graph

1576 commits

Author SHA1 Message Date
Guus Sliepen
ac7f82cb23 Handle errors from TAP-Win32/64 adapter in a better way.
Before, the tapreader thread would just exit immediately after encountering the
first error, without notifying the main thread. Now, the tapreader thead never
exits itself, but tells the main thread to stop when more than ten errors are
encountered in a row.
2014-02-07 19:55:31 +01:00
Guus Sliepen
e717e424c2 Use addresses learned from other nodes when making outgoing connections.
Before, when making a meta-connection to a node (either because of a ConnectTo
or because AutoConnect is set), tinc required one or more Address statements
in the corresponding host config file. However, tinc learns addresses from
other nodes that it uses for UDP connections. We can use those just as well for
TCP connections.
2014-01-30 17:10:30 +01:00
Guus Sliepen
995444c4f9 Document Weight and also allow it to be set from tinc.conf. 2014-01-29 17:32:18 +01:00
Guus Sliepen
2e318f3799 Don't ask questions if we are not running interactively.
When creating invitations or using them to join a VPN, and the tinc command is
not run interactively (ie, when stdin and stdout are not connected or
redirected to/from a file), don't ask questions. If normally tinc would ask for
a confirmation, just assume the default answer instead. If tinc really needs
some input, just print an error message instead.

In case an invitation is used for a VPN which uses a netname that is already in
use on the local host, tinc will store the configuration in a temporary
directory. Normally it asks for an alternative netname and then renames the
temporary directory, but when not run interactively, it now just prints the
location of the unchanged temporary directory.
2014-01-29 17:17:59 +01:00
Guus Sliepen
00398a60ec Add missing newlines when copying variables from tinc.conf to an invitation file. 2014-01-27 23:21:25 +01:00
Guus Sliepen
38adc8bf54 Add the ListenAddress option.
ListenAddress works the same as BindToAddress, except that from now on,
explicitly binding outgoing packets to the address of a socket is only done for
sockets specified with BindToAddress.
2014-01-20 21:19:13 +01:00
Florent Clairambault
c8543bbe6b Adding "conf.d" configuration dir support.
Any file matching the pattern /etc/tinc/$NETNAME/conf.d/*.conf will be
parsed after the tinc.conf file.
2013-12-29 23:11:54 +01:00
Guus Sliepen
53b00f8c1a Add our own autoconf check for libgcrypt.
This one doesn't require one to have libgcrypt installed while running
autoreconf, making life easier for people who compile tinc from git.
2013-12-10 11:18:04 +01:00
Guus Sliepen
ef8efdfff1 Remove erroneous warning about SPTPS being disabled. 2013-12-08 21:37:56 +01:00
Guus Sliepen
be1446f5d0 Don't print an error when no ECDSA key is known for a node using the legacy protocol. 2013-12-08 21:32:21 +01:00
Guus Sliepen
c151cfa2e9 Give full path to unconfigured tinc-up script. 2013-12-08 21:31:50 +01:00
Guus Sliepen
1b580b2a6b Allow running without ECDSA keys If ExperimentalProtocol is not explicitly set.
To make upgrading less painful, allow running tinc 1.1 without ECDSA keys
unless ExperimentalProtocol is explicitly set to yes.
2013-12-08 21:10:06 +01:00
Guus Sliepen
41583d5dcf Don't print device statistics when exiting tinc.
Much more detailed statistics are now kept per node, which can be queried at
any time, which makes the device statistics obsolete.
2013-12-08 20:23:44 +01:00
Guus Sliepen
b115de2199 Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris. 2013-12-07 22:54:02 +01:00
Guus Sliepen
cf9bea4e93 Avoid using a variable named "sun". Solaris doesn't like it. 2013-12-07 22:39:24 +01:00
Guus Sliepen
221f559bcf Stricter check for raw socket support. 2013-12-07 22:20:10 +01:00
Guus Sliepen
c1f7357e7d Include <limits.h> for PATH_MAX. 2013-12-07 22:19:39 +01:00
Guus Sliepen
c9bdac68e1 Update support for Solaris.
Adds support for the latest TAP driver from
http://www.whiteboard.ne.jp/~admin2/tuntap/, so tinc now also works in switch
mode on Solaris 11.
2013-12-07 21:52:41 +01:00
Guus Sliepen
06943e828c If no Port is specified, set myport to actual port of first listening socket.
If the Port statement is not used, there are two other ways to let tinc listen
on a non-default port: either by specifying one or more BindToAddress
statements including port numbers, or by starting it from systemd with socket
activation. Tinc announces its own port to other nodes, but before it only
announced what was set using the Port statement.
2013-12-05 15:01:30 +01:00
Guus Sliepen
51bddfd4dd Allow "none" for Cipher and Digest again. 2013-11-28 14:28:18 +01:00
Guus Sliepen
3d41e7d712 Make LocalDiscovery work for SPTPS packets. 2013-11-21 22:13:14 +01:00
Guus Sliepen
c1703ea917 Remove an unused variable. 2013-11-20 23:02:20 +01:00
Guus Sliepen
6168a9b6d5 Fix two warnings from Clang's static analyzer. 2013-11-15 15:32:53 +01:00
Guus Sliepen
29b42aa17e Fix sending bulk data starting with a newline. 2013-10-22 21:30:17 +02:00
Guus Sliepen
a5bcb29fdf Make sptps_test less verbose by default. 2013-10-22 21:19:41 +02:00
Guus Sliepen
7da999f4ae Clean up child processes from proxy type exec. 2013-10-18 16:58:47 +02:00
Guus Sliepen
9b2eaebdf6 Fix sending empty SPTPS records. 2013-10-15 14:09:42 +02:00
Guus Sliepen
0da0728088 Use AES-256-GCM for the SPTPS protocol.
It is faster than AES-256-CTR + HMAC-SHA256, especially on Intel chips with AES
and PCLMULQDQ instructions.
2013-10-13 01:02:52 +02:00
Guus Sliepen
68e3efe349 Fix segfault when Name = $HOST but $HOST is not set.
Conflicts:
	src/net_setup.c
2013-09-27 11:36:46 +02:00
Guus Sliepen
22d804d446 Link sptps_speed with -lrt.
This is necessary for clock_gettime() on older versions of libc.
2013-09-15 22:03:00 +02:00
Guus Sliepen
c621dd62c7 Don't leak memory during the key generation speed test. 2013-09-15 22:02:33 +02:00
Guus Sliepen
b7b68c3e97 Add a benchmark for the SPTPS protocol. 2013-09-15 17:35:55 +02:00
Guus Sliepen
87b017c710 Avoid using BIOs. 2013-09-15 16:21:25 +02:00
Guus Sliepen
e11daa2646 Don't try to mkdir(CONFDIR) if --config is used. 2013-09-08 15:03:06 +02:00
Guus Sliepen
fe1d0043c8 Don't return zero-length packets when receiving multicast loopback packets. 2013-09-05 17:41:05 +02:00
Guus Sliepen
6242b68242 Fix multicast device. 2013-09-05 14:51:13 +02:00
Guus Sliepen
09b5a3c020 Exit value 1 instead of a random non-zero value. 2013-09-05 14:50:10 +02:00
Guus Sliepen
796c14b75c Slightly relax the connection rate limit for a single address.
The restriction of accepting only 1 connection per second from a single address
is a bit too much, especially if one wants to join a VPN using an invitation,
which requires two connections.
2013-09-02 00:11:04 +02:00
Guus Sliepen
933f7f7526 Send a RELOAD to a running tincd when a new invitation key has been generated. 2013-09-01 22:59:51 +02:00
Guus Sliepen
09cd7ac62a Make sptps_test more easy to work with.
It now defers reading from stdin until after the authentication phase is
completed.  Furthermore, it supports the -q, -r, -w options similar to those of
Jürgen Nickelsen's socket.
2013-09-01 16:02:49 +02:00
Guus Sliepen
d01ab07f78 Allow testing the replay window with sptps_test. 2013-08-30 14:23:02 +02:00
Guus Sliepen
ccbf70b66f Fix the replay window in SPTPS. 2013-08-30 14:22:05 +02:00
Guus Sliepen
c7752ca73e Fix CTR mode. 2013-08-30 13:43:23 +02:00
Guus Sliepen
d0aa0817d2 Add an option to test datagram SPTPS with packet loss. 2013-08-30 13:04:14 +02:00
Guus Sliepen
5da0ebd421 When generating invitations, handle any order of Port and Adress statements. 2013-08-28 14:24:07 +02:00
Guus Sliepen
f0e11cd2c5 Call WSAStartup() in main().
The tinc utility defered calling WSAStartup() until it tried to connect to a
running tinc daemon. However, socket functions are now also used for other
things (like joining another VPN using an invitation). Now we just
unconditionally call WSAStartup() early in main().
2013-08-27 21:19:50 +02:00
Guus Sliepen
82575bd44d Tell invited node about Mode and Broadcast settings.
Since these settings really should be the same for all nodes in a VPN.
2013-08-24 00:48:24 +02:00
Guus Sliepen
57991e2642 Use PATHEXT when checking for the presence of scripts on Windows.
It seems like a lot of overhead to call access() for every possible extension
defined in PATHEXT, but apparently this is what Windows does itself too. At
least this avoids calling system() when the script one is looking for does not
exist at all.

Since the tinc utility also needs to call scripts, execute_script() is now
split off into its own source file.
2013-08-23 21:23:46 +02:00
Guus Sliepen
21184674b3 Execute scripts when invitations are created or accepted. 2013-08-21 00:24:55 +02:00
Guus Sliepen
9699f08afc Ensure the invitation filenames do not reveal the secret cookie.
Since filenames could potentially leak to unprivileged users (for example,
because of locatedb), it should not contain the cookie used for invitations.
Instead, tinc now uses the hash of the cookie and the invitation key as the
filename to store pending invitations in.
2013-08-20 23:09:36 +02:00