Commit graph

2331 commits

Author SHA1 Message Date
Guus Sliepen
a4f132770d Revert "Raise default crypto algorithms to AES256 and SHA256."
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.

This reverts commit 4bb3793e38.
2009-10-11 13:56:04 +02:00
Guus Sliepen
2762509be1 Remove code duplication when checking ADD_EDGE/DEL_EDGE messages. 2009-10-11 13:54:05 +02:00
Guus Sliepen
5cddf5e52a Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
So that we are liberal in what we accept.
2009-10-11 13:51:10 +02:00
Borg
430c90412c Removed last gettext function. 2009-10-03 13:06:00 +02:00
Guus Sliepen
3282375f4d Remove autogenerated files from EXTRA_DIST.
Apparently they were once necessary, but autoconf now includes them
automatically.  Some of them are not used anymore, and this caused make dist to
fail.
2009-09-29 16:25:20 +02:00
Guus Sliepen
761517c21c Update FSF address in files not covered by the merge. 2009-09-29 15:33:58 +02:00
Guus Sliepen
07a560eab6 Drop localisation and checkpoint tracing in files not covered by the merge. 2009-09-29 15:19:55 +02:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
2009-09-29 14:55:29 +02:00
Guus Sliepen
9a2b0f88a9 Update the NEWS. 2009-09-26 12:51:52 +02:00
Guus Sliepen
46e481dc94 Add more authors to the copyright headers.
Git's log and blame tools were used to find out which files had significant
contributions from authors who sent in patches that were applied before we used
git.
2009-09-25 21:14:56 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
0e6856b137 Remove Ivo's old email addresses. 2009-09-24 23:42:30 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
c23fcf555e Update copyright information.
- Update year numbers in copyright headers.
- Add copyright information for Michael Tokarev and Florian Forster to the
  copyright headers of files to which they have contributed significantly.
- Mention Michael and Florian in AUTHORS.
- Mention that tinc is GPLv3 or later if compiled with the --enable-tunemu
  flag.
2009-09-24 23:29:46 +02:00
Guus Sliepen
f1fec466e2 Add a better autoconf check for libevent. 2009-09-16 23:43:19 +02:00
Guus Sliepen
4bdf0e80ee Replace asprintf()s not covered by the merge to xasprintf(). 2009-09-16 20:28:30 +02:00
Guus Sliepen
1cbddbd573 Use correct format specifiers. 2009-09-16 20:17:11 +02:00
Guus Sliepen
2f97bdb46b Add missing #include. 2009-09-16 20:16:54 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
2009-09-16 19:55:47 +02:00
Guus Sliepen
b5ccce2968 Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum.  If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives.  We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
2009-09-15 23:22:13 +02:00
Guus Sliepen
d273efb177 Raise default RSA key length to 2048 bits. 2009-09-15 23:04:52 +02:00
Guus Sliepen
b47c17bcde Use a mutex to allow the TAP reader to process packets faster on Windows.
The TAP-Win32 device is not a socket, and select() under Windows only works
with sockets.  Tinc used a separate thread to read from the TAP-Win32 device,
and passed this via a local socket to the main thread which could then select()
from it. We now use a global mutex, which is only unlocked when the main thread
is waiting for select(), to allow the TAP reader thread to process packets
directly.
2009-09-15 22:59:01 +02:00
Guus Sliepen
802a50ffcd Remove extra {. 2009-09-15 22:58:16 +02:00
Guus Sliepen
4bb3793e38 Raise default crypto algorithms to AES256 and SHA256.
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
2009-09-15 12:08:05 +02:00
Guus Sliepen
633c0cf1b0 Use access() instead of stat() for checking whether scripts exist. 2009-09-15 00:36:07 +02:00
Guus Sliepen
6f1e0ece4e Remove dropin random() function, as it is not used anymore. 2009-09-15 00:28:20 +02:00
Guus Sliepen
fa9bedd47c Allow compiling for Windows XP and higher.
This allows us to use getaddrinfo(), getnameinfo() and related functions, which
allow tinc to make connections over existing IPv6 networks. These functions are
not available on Windows 2000 however. By default, support is enabled, but when
compiling for Windows 2000 the configure switch --with-windows2000 should be
used.

Since getaddrinfo() et al. are not functions but macros on Windows, we have to
use AC_CHECK_DECLS() instead of AC_CHECK_FUNCS() in configure.in.
2009-09-15 00:24:31 +02:00
Guus Sliepen
f80bf14f28 Also do not use drand48(), it is not available on Windows. 2009-09-14 23:28:28 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
2009-09-14 23:06:00 +02:00
Guus Sliepen
75773efe26 Apparently it's impolite to ask GCC to subtract two pointers.
If two pointers do not belong to the same array, pointer subtraction gives
nonsensical results, depending on the level of optimisation and the
architecture one is compiling for. It is apparently not just subtracting the
pointer values and dividing by the size of the object, but uses some kind of
higher magic not intended for mere mortals. GCC will not warn about this at
all. Casting to void * is also a no-no, because then GCC does warn that strict
aliasing rules are being broken. The only safe way to query the ordering of two
pointers is to use the (in)equality operators.

The unsafe implementation of connection_compare() has probably caused the "old
connection_t for ... still lingering" messages. Our implementation of AVL trees
is augmented with a doubly linked list, which is normally what is traversed.
Only when deleting an old connection the tree itself is traversed.
2009-09-13 14:08:59 +02:00
Guus Sliepen
23e151aeed Remove superfluous call to avl_delete(). 2009-09-13 14:07:40 +02:00
Guus Sliepen
9915f2abbe Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
2009-09-12 14:19:36 +02:00
Guus Sliepen
7242868b64 Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba5
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
2009-09-12 13:40:32 +02:00
Guus Sliepen
052ff8b2c5 Put Subnet weight in a separate environment variable.
Commit 5674bba5c5 introduced weighted Subnets,
but the weight was included in the SUBNET variable passed to subnet-up/down
scripts. This makes it harder to use in those scripts. The weight is now
stripped from the SUBNET variable and put in the WEIGHT variabel.
2009-09-12 13:34:11 +02:00
Guus Sliepen
a60a0a1f13 Don't stat() on iPhone/iPod.
Grzegorz Dymarek noted that tinc segfaults at the stat() call in
execute_script() on the iPhone.  We can omit the stat() call for the moment,
the subsequent call to system() will fail with just a warning.
2009-09-10 19:51:08 +02:00
Guus Sliepen
4a5d42178c Add support for iPhones and recent iPods.
This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use
the tunemu device, which allows tinc to be compiled for iPhones and recent
iPods. To enable support for tunemu, the --enable-tunemu option has to be used
when running the configure script.
2009-09-10 19:32:54 +02:00
Guus Sliepen
ff946d0423 Another safe bitfield conversion. 2009-09-09 14:51:36 +02:00
Guus Sliepen
dd6226062c Add the GPL license to the repository.
Tinc is licensed under the GPL version 2 or later. To ensure autoconf does not
install the wrong license if COPYING is missing, we have to put the right one
in place.
2009-09-09 13:23:16 +02:00
Guus Sliepen
81afa26e4a Convert bitfields to integers in a safe way.
This is commit eb391c52ee redone, but without the
non-standard anonymous union.
2009-09-09 12:04:08 +02:00
Guus Sliepen
9b394bc887 Ensure tinc compiles with gcc -std=c99.
We use a lot of C99 features already, but also some extensions which are not in
the standard.
2009-09-08 21:45:24 +02:00
Guus Sliepen
f52ea0a7eb UNIX signal numbers start at 1. 2009-09-08 18:21:52 +02:00
Guus Sliepen
73d77dd416 Replace asprintf() by xasprintf(). 2009-09-08 18:18:36 +02:00
Guus Sliepen
3e55dc77f4 Check the return value of fscanf() when reading a PID file. 2009-09-08 18:18:16 +02:00
Guus Sliepen
5e0efd53e7 Add xasprintf() and xvasprintf().
These functions wrap asprintf() and vasprintf(), and check the return value. If
the function failed, tinc will exit with an error message, similar to xmalloc()
and friends.
2009-09-08 18:16:58 +02:00
Michael Tokarev
63fe89e9eb Remove extra semicolon in my definition of setpriority() 2009-09-08 16:49:38 +02:00
Guus Sliepen
5a7fc58012 Always remove a node from the UDP tree before freeing it.
Valgrind caught tinc reading free'd memory during a purge(). This was caused by
first removing it from the main node tree, which will already call free_node(),
and then removing it from the UDP tree. This might cause spurious segmentation
faults.
2009-09-08 16:35:28 +02:00
Guus Sliepen
de029ce460 Change level of some debug messages, zero pointer after freeing hostname. 2009-06-11 19:39:25 +02:00