Commit graph

1711 commits

Author SHA1 Message Date
Guus Sliepen
09a8ff649c Don't try to mkdir(CONFDIR) on Windows when there is a registry key for tinc. 2012-07-21 15:58:16 +02:00
Guus Sliepen
ed8ce60845 Fix crash when no netname is specified. 2012-07-21 15:51:15 +02:00
Guus Sliepen
7303b512b0 Fix some compiler warnings. 2012-07-21 15:50:50 +02:00
Guus Sliepen
33521eabd4 Have tincd and tincctl use the same method of determining netname. 2012-07-21 15:15:04 +02:00
Guus Sliepen
1d322d2eda Add a newline to a configuration file if it is missing. 2012-07-21 15:02:44 +02:00
Guus Sliepen
dea722c4ac Add some checks when changing configuration. 2012-07-21 15:02:17 +02:00
Guus Sliepen
cc0c35267f Call event_init() after detaching.
Otherwise, the call to daemon() could close filedescriptors in use by libevent
itself; for example if it uses kqueue or epoll instead of a select() or poll()
backend.
2012-07-21 14:19:23 +02:00
Guus Sliepen
4e0fc52197 Fix various compiler warnings. 2012-07-21 13:53:22 +02:00
Guus Sliepen
98a72d6869 Make sure sptps.h and info.h are in the tarball. 2012-07-21 13:12:30 +02:00
Guus Sliepen
5eeed38b8e Make sure tinc compiles on Windows. 2012-07-21 12:51:53 +02:00
Guus Sliepen
1d4590ca5c Prefer routes with lower weight as long as they do not increase the number of hops.
This should improve traffic to nodes that are not directly reachable somewhat.
2012-07-20 20:35:07 +02:00
Guus Sliepen
4c8ead9874 Allow more configuration variables to be changed when reloading configuration.
In particular, Subnets may be added or removed from the local node on the fly.
2012-07-20 20:01:29 +02:00
Guus Sliepen
c678e7c4fb Split setup_myself() into two functions, one for reloading configuration. 2012-07-20 19:59:47 +02:00
Guus Sliepen
4591e96c76 Never remove items from cmdline_conf.
We should treat cmdline_conf as const, so we can call read_config_options()
more than once with prefix = NULL.
2012-07-20 17:29:16 +02:00
Guus Sliepen
68a20876d0 Use minor protocol version to determine whether to use ECDH key exchange between nodes. 2012-07-20 01:02:51 +02:00
Guus Sliepen
76a3ada4eb Put minor protocol version in connection options so other nodes can see it.
This allows two nodes that do not have a meta-connection with each other see
which version they are.
2012-07-17 18:05:55 +02:00
Guus Sliepen
68de7b481e When exporting configuration files, don't copy Name variables.
These interfere with tincctl import. Besides, host configuration files should
not contain Name at all.
2012-07-16 18:49:39 +02:00
Guus Sliepen
c52c46f871 Add an easy way to export and import host configuration files. 2012-07-16 16:48:24 +02:00
Guus Sliepen
6319dc9dde Strip default subnet weight from output. 2012-07-16 01:14:08 +02:00
Guus Sliepen
74646a4afa Give an error message when tincctl info cannot parse the given subnet or address. 2012-07-16 01:09:47 +02:00
Guus Sliepen
53735a9d96 "tincctl info" gives more human readable information about nodes or subnets. 2012-07-16 01:05:25 +02:00
Guus Sliepen
3c7003893f Move all functions related to subnet parsing to subnet_parse.c. 2012-07-16 00:52:50 +02:00
Guus Sliepen
e72e6febfe Fix tincctl dump. 2012-07-15 22:53:03 +02:00
Guus Sliepen
9be8980a2b Let tincctl ignore tincd options, so they will be passed on. 2012-07-15 21:17:10 +02:00
Guus Sliepen
36dee4c539 Fix tincctl start. 2012-07-15 21:15:35 +02:00
Guus Sliepen
439069bda6 Have tincctl notify a running tincd of configuration file changes. 2012-07-15 20:59:17 +02:00
Guus Sliepen
eb01fd9625 Add an easy way to edit a configuration file. 2012-07-15 20:37:38 +02:00
Guus Sliepen
cedfeccb24 Stricter checks for node names. 2012-07-15 20:22:21 +02:00
Guus Sliepen
03f72c6173 Allow configuration variables to be added/removed using tincctl. 2012-07-15 18:16:35 +02:00
Guus Sliepen
dd102efd24 Put every command in its own function. 2012-07-15 15:46:16 +02:00
Guus Sliepen
a444ec3964 "tincctl init" creates initial directory structure, tinc.conf and keypairs. 2012-07-15 14:49:36 +02:00
Guus Sliepen
268c8545aa Merge branch 'master' into 1.1 2012-07-14 15:13:21 +02:00
Guus Sliepen
ae8c0b65d8 Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch. 2012-07-12 11:25:11 +02:00
Guus Sliepen
bce177767d Fix crash when handling the ALRM signal.
In retry() the function do_outgoing_connection() is called, which can delete
items from the connection_tree, so when walking the tree we must first save the
pointer to the next item.
2012-06-26 14:22:57 +02:00
Guus Sliepen
19be9cf715 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	lib/utils.c
	src/linux/device.c
	src/meta.c
	src/net.h
	src/net_setup.c
	src/net_socket.c
	src/protocol.c
	src/protocol_auth.c
	src/tincd.c
2012-06-26 13:24:20 +02:00
Guus Sliepen
236b0ba4eb Fix crash when using Broadcast = direct. 2012-06-25 19:03:54 +02:00
Guus Sliepen
0a84f9cb8f Fix compiler warnings. 2012-06-25 19:01:51 +02:00
Guus Sliepen
c0af4c37d2 Small fixes in proxy code. 2012-06-25 15:00:24 +02:00
Guus Sliepen
62b61a1b7c Don't forget to send a newline when forwarding requests. 2012-05-13 22:16:42 +02:00
Guus Sliepen
58007d7efa Always pass request strings to other functions as const char *. 2012-05-08 16:44:15 +02:00
Sven-Haegar Koch
291a59b5b7 free_connection_partially(): also reset remote protocol version infos
The used remote protocol can change between two reconnects, aka if
the remote side has enabled/disabled for example their ExperimentalProtocols
setting.
2012-05-08 16:20:21 +02:00
Sven-Haegar Koch
32e5c5bb7c Silence SPTPS log messages, reduce them from DEBUG_ALWAYS to DEBUG_META. 2012-05-08 16:19:20 +02:00
Sven-Haegar Koch
c78bb14303 terminate_connection(): delete non-outgoing (aka incoming) connections. 2012-05-08 16:19:04 +02:00
Sven-Haegar Koch
8b9e5af0d9 Label control connections for log output as "<control>", not "<unknown>". 2012-05-08 16:18:28 +02:00
Sven-Haegar Koch
d3f4cf59ca free_connection_partially(): Avoid possible use-after-free for c->hischallenge 2012-05-08 16:18:18 +02:00
Sven-Haegar Koch
7a6ca7a993 terminate_connection(): only kill c->node->connection if it is pointing
to the same connection
2012-05-08 16:17:55 +02:00
Sven-Haegar Koch
a96c4f016c terminate_connection(): Avoid use-after-free and double-free for
already freed edge structure.
2012-05-08 16:16:59 +02:00
Guus Sliepen
5ae19cb0bb Add support for proxying through an external command.
Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.
2012-04-19 15:18:31 +02:00
Guus Sliepen
fb5588856f Add support for SOCKS 5 proxies.
This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.
2012-04-19 14:10:54 +02:00
Guus Sliepen
b58d95eb29 Add basic support for SOCKS 4 and HTTP CONNECT proxies.
When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.
2012-04-18 23:19:40 +02:00
Guus Sliepen
84531fb6e6 Allow broadcast packets to be sent directly instead of via the MST.
When the "Broadcast = direct" option is used, broadcast packets are not sent
and forwarded via the Minimum Spanning Tree to all nodes, but are sent directly
to all nodes that can be reached in one hop.

One use for this is to allow running ad-hoc routing protocols, such as OLSR, on
top of tinc.
2012-04-16 01:57:25 +02:00
Sven-Haegar Koch
f8e15dfe8d ecdh & ecdsa: avoid some possible memory leaks in error conditions. 2012-04-16 00:54:50 +02:00
Sven-Haegar Koch
8792b9a9f3 Remove confusing error message for failed reading in ECDSA keys.
Most likeley the error is that there just is no valid key inside the used
host file, and in this case errno just contains a random value from the
last previously failed call.
2012-04-16 00:54:43 +02:00
Sven-Haegar Koch
a5bb6d40fb sptps_stop(): clear pointers after free to avoid double free.
sptps_stop() may get called twice on some failed connection setups.
2012-04-15 01:10:49 +02:00
Guus Sliepen
535a55100b Allow environment variables to be used for Name.
When the Name starts with a $, the rest will be interpreted as the name of an
environment variable containing the real Name. When Name is $HOST, but this
environment variable does not exist, gethostname() will be used to set the
Name. In both cases, illegal characters will be converted to underscores.
2012-03-29 16:45:25 +01:00
Guus Sliepen
1d9dacb1f2 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	src/logger.c
	src/net_setup.c
2012-03-26 19:06:39 +01:00
Guus Sliepen
89f4574e0b Add support for systemd style socket activation.
If the LISTEN_FDS environment variable is set and tinc is run in the
foreground, tinc will use filedescriptors 3 to 3 + LISTEN_FDS for its listening
TCP sockets. For now, tinc will create matching listening UDP sockets itself.

There is no dependency on systemd or on libsystemd-daemon.
2012-03-26 14:46:09 +01:00
Guus Sliepen
cc6aee7846 Remove newline from log message. 2012-03-26 14:45:20 +01:00
Guus Sliepen
86c2990327 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	src/Makefile.am
	src/conf.c
	src/conf.h
	src/connection.c
	src/net.c
	src/tincd.c
2012-03-25 23:35:31 +01:00
Guus Sliepen
b23681dddb Support :: in IPv6 Subnets. 2012-03-25 22:54:36 +01:00
Guus Sliepen
482c6119a7 Releasing 1.0.18. 2012-03-25 15:32:26 +01:00
Guus Sliepen
f71ce34180 Fix return type of vde_recv() as well.
In this case it is not really necessary as the conversion to int will already
take care of ensuring the return value is treated as signed.
2012-03-25 15:17:50 +01:00
Guus Sliepen
3998353853 Fix some more compiler warnings. 2012-03-25 14:46:50 +01:00
Guus Sliepen
cfe6558d4b Fix return value type of vde_send().
The libvdeplug_dyn.h header file incorrectly declares the return type of
vde_send() to size_t, while in reality it is ssize_t.
2012-03-25 14:00:21 +01:00
Guus Sliepen
95968c67f9 Fix compiler warnings. 2012-03-25 13:58:14 +01:00
Guus Sliepen
e2d1b0b899 Allow scoped addresses to be used for IPv6 multicast socket. 2012-03-25 13:42:10 +01:00
Guus Sliepen
2512040632 Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast. 2012-03-25 13:40:55 +01:00
Guus Sliepen
b5e3bf1a85 Set default value of DecrementTTL to "no".
Decrementing the TTL causes IPv6 to fail when Mode = switch, and there may be
other unforeseen side-effects.
2012-03-23 13:18:36 +01:00
Guus Sliepen
c373de2e98 Add support for multicast communication with UML/QEMU/KVM.
DeviceType = multicast allows one to specify a multicast address and port with
a Device statement. Tinc will then read/send packets to that multicast group
instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM
instances that are listening on the same group.
2012-03-21 17:00:53 +01:00
Guus Sliepen
a7dbb50c23 Allow a port to be specified in BindToAddress statements.
This can be used to let tinc listen on multiple ports for incoming connections.
2012-03-21 13:20:15 +01:00
Guus Sliepen
80e15d8b96 Always try next Address when an outgoing connection fails to authenticate.
When making outgoing connections, tinc goes through the list of Addresses and
tries all of them until one succeeds. However, before it would consider
establishing a TCP connection a success, even when the authentication failed.
This would be a problem if the first Address would point to a hostname and port
combination that belongs to the wrong tinc node, or perhaps even to a non-tinc
service, causing tinc to endlessly try this Address instead of moving to the
next one.

Problem found by Delf Eldkraft.
2012-03-20 23:49:16 +01:00
Guus Sliepen
d7bf63c63a Make sure the signature also covers the session label. 2012-03-18 21:24:46 +01:00
Guus Sliepen
d756bb92ed Don't send an ACK message after the first key exchange in the SPTPS protocol. 2012-03-18 17:46:30 +01:00
Guus Sliepen
c970ecdd75 Test SPTPS messages sent while key renegotation is in progress. 2012-03-18 17:42:43 +01:00
Guus Sliepen
3a4fe104a0 Add datagram mode to the SPTPS protocol.
* Everything is identical except the headers of the records.
* Instead of sending explicit message length and having an implicit sequence
  number, datagram mode has an implicit message length and an explicit sequence
  number.
* The sequence number is used to set the most significant bytes of the counter.
2012-03-18 16:42:02 +01:00
Guus Sliepen
03e06fd43a Allow CTR mode counter to be set to a specific value. 2012-03-18 16:41:13 +01:00
Guus Sliepen
4712d8f92e Update copyright notices. 2012-03-10 13:23:08 +01:00
Guus Sliepen
5b0f5ad958 Make sure disabling old RSA keys works on Windows.
Seeking in files and rewriting parts of them does not seem to work properly on
Windows. Instead, when old RSA keys are found when generating new ones, the
file containing the old keys is copied to a temporary file where the changes
are made, and that file is renamed back to the original filename. On Windows,
we cannot atomically replace files with a rename(), so we need to move the
original file out of the way first. If anything fails, the new code will warn
that the user has to solve the problem by hand.
2012-03-08 23:23:39 +01:00
Guus Sliepen
40c2858932 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	src/net_packet.c
2012-03-08 21:15:08 +01:00
Guus Sliepen
9dea33f530 Accept Subnets passed with the -o option when StrictSubnets = yes. 2012-03-07 10:40:06 +01:00
Guus Sliepen
63f8303a5d Only log errors sending UDP packets when debug level >= 5.
Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.
2012-03-02 16:09:58 +01:00
Guus Sliepen
8ac096b5bf Allow log messages to be captured by tincctl.
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
2012-02-26 18:37:36 +01:00
Guus Sliepen
a1bd3a2913 Don't close control connections when handling a reload command.
Because this would terminate the connection while the control message
handler was still running, it would lead to a segmentation fault later
on.
2012-02-26 16:56:53 +01:00
Guus Sliepen
483c5dcfb4 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 2012-02-26 16:27:13 +01:00
Guus Sliepen
ae52496109 Only use broadcast at the start of the PMTU discovery phase.
For local peer discovery, only a handful of packets are necessary for
peers to detect each other.
2012-02-26 16:23:02 +01:00
Guus Sliepen
344d6b9ac3 Let tincctl use the NETNAME environment variable if no -n option is given.
This allows administrators who frequently want to work with one tinc
network to omit the -n option. Since the NETNAME variable is set by
tincd when executing scripts, this makes it slightly easier to use
tincctl from within scripts.
2012-02-26 13:08:34 +01:00
Guus Sliepen
84570275ac Ensure all SPTPS functions are prefixed with sptps_. 2012-02-26 12:33:16 +01:00
Guus Sliepen
8b1ad6f76f Go back to breadth first search for path finding.
If 1.1.x nodes using Dijkstra's algorithm are mixed with 1.0.x nodes using BFS,
then routing loops can occur.
2012-02-25 23:03:09 +01:00
Guus Sliepen
36623e15a1 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 2012-02-25 22:52:57 +01:00
Guus Sliepen
5140656de6 Stricter checks against routing loops.
If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.
2012-02-25 22:11:30 +01:00
Guus Sliepen
f1d5eae643 Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
That would be silly.
2012-02-25 21:46:18 +01:00
Guus Sliepen
65d6f023c4 Use SPTPS when ExperimentalProtocol is enabled. 2012-02-25 18:25:21 +01:00
Guus Sliepen
efd21e232d Apply HMAC after encryption. 2012-02-25 15:18:15 +01:00
Guus Sliepen
f5dc136cfd Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	src/net.c
	src/net_packet.c
	src/net_socket.c
2012-02-23 13:26:01 +01:00
Guus Sliepen
5a28aa7b8b Add LocalDiscovery option which tries to detect peers on the local network.
Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.
2012-02-22 23:17:43 +01:00
Guus Sliepen
8e717ddb60 Pass index into listen_socket[] to handle_incoming_vpn_data(). 2012-02-22 14:37:56 +01:00
Guus Sliepen
3fba80174d Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	src/Makefile.am
	src/bsd/device.c
	src/connection.c
	src/connection.h
	src/cygwin/device.c
	src/device.h
	src/dropin.h
	src/linux/device.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/raw_socket_device.c
	src/route.c
	src/solaris/device.c
	src/tincd.c
	src/uml_device.c
2012-02-22 14:23:59 +01:00
Guus Sliepen
fba1c85f44 Remove useless warning about signature length being shorter than expected. 2012-02-21 23:19:51 +01:00
Guus Sliepen
cb6cbf452f Use only one hash algorithm (SHA512) in the PRF.
On some platforms, OpenSSL by default does not support the Whirlpool algorithm.
2012-02-21 23:17:12 +01:00
Guus Sliepen
ac48c4ee8c Fix check for raw socket support.
Also, move some variables so there are no compiler warnings about unused
variables when there is no support for raw sockets.
2012-02-21 14:06:55 +01:00
Guus Sliepen
d9ad3d313d Fix a bug that caused tinc to ignore all but the last listening socket. 2012-02-21 13:31:21 +01:00
Guus Sliepen
46506b7aaf Document the command line flag -o and provide --option as well. 2012-02-21 13:13:40 +01:00
Guus Sliepen
7d76e28759 Move initialization of char *priority up to prevent freeing an uninitialized pointer. 2012-02-21 11:39:21 +01:00
Guus Sliepen
8420a0c8bd Allow disabling of broadcast packets.
The Broadcast option can be used to cause tinc to drop all broadcast and
multicast packets. This option might be expanded in the future to selectively
allow only some broadcast packet types.
2012-02-20 17:19:00 +01:00
Guus Sliepen
ea415ccc16 Rename connection_t *broadcast to everyone. 2012-02-20 17:12:48 +01:00
Guus Sliepen
cff5a844a3 Don't bind outgoing TCP sockets anymore.
The code introduced in commit 41a05f59ba is not
needed anymore, since tinc has been able to handle UDP packets from a different
source address than those of the TCP packets since 1.0.10.  When using multiple
BindToAddress statements, this code does not make sense anymore, we do want the
kernel to choose the source address on its own.
2012-02-20 16:52:53 +01:00
Guus Sliepen
0233b1d710 Decrement TTL of incoming packets.
Tinc will now, by default, decrement the TTL field of incoming IPv4 and IPv6
packets, before forwarding them to the virtual network device or to another
node. Packets with a TTL value of zero will be dropped, and an ICMP Time
Exceeded message will be sent back.

This behaviour can be disabled using the DecrementTTL option.
2012-02-20 16:34:02 +01:00
Guus Sliepen
6289859ab3 Only compile raw socket code when it is supported on that platform. 2012-02-20 15:44:52 +01:00
Guus Sliepen
d1dcdf8eb6 Merge branch 'master' of black:tinc 2012-02-18 14:31:08 +01:00
Guus Sliepen
3b1fad04de Allow setting DeviceType to tun or tap on Linux. 2012-02-18 14:37:52 +01:00
Guus Sliepen
6455654d26 Send packets back using the same socket as they were received on. 2012-02-18 11:48:21 +01:00
Guus Sliepen
1b2846d907 Merge branch 'master' of black:tinc 2012-02-18 11:43:00 +01:00
Guus Sliepen
9f6a96af39 Allow multiple BindToAddress statements. 2012-02-17 16:25:00 +01:00
Guus Sliepen
708314df2f Set FD_CLOEXEC flag on all sockets.
Scripts called by tinc would inherit its open filedescriptors. This could
be a problem if other long-running daemons are started from those scripts,
if those daemons would not close all filedescriptors before going into the
background.

Problem found and solution suggested by Nick Hibma.
2012-02-17 16:13:38 +01:00
Guus Sliepen
1f00111e94 Fix a few small memory leaks. 2011-12-26 23:11:27 +01:00
Guus Sliepen
b50d6a7f2a Fix compiler warnings. 2011-12-26 23:04:40 +01:00
Guus Sliepen
178e52f76e Allow linking with multiple device drivers.
Apart from the platform specific tun/tap driver, link with the dummy and
raw_socket devices, and optionally with support for UML and VDE devices.
At runtime, the DeviceType option can be used to select which driver to
use.
2011-12-04 01:20:59 +01:00
Guus Sliepen
5672863e59 Fix a few small memory leaks. 2011-12-03 21:59:47 +01:00
Guus Sliepen
52ded09d17 Add vde/device.c to the tarball. 2011-11-27 12:13:16 +01:00
Guus Sliepen
2c7c87ec75 Fix compilation of VDE and UML interfaces. 2011-11-27 12:12:34 +01:00
Guus Sliepen
2a9060bba6 Exchange ACK records to indicate switch to new keys.
This allow application records to be sent while key renegotiation is still
happening.
2011-10-06 15:32:12 +02:00
Guus Sliepen
3b5898078a Use counter mode encryption. 2011-10-06 09:34:34 +02:00
Guus Sliepen
a0f795ff5b Add counter mode encryption. 2011-10-06 09:33:09 +02:00
Guus Sliepen
67ff81ec16 Test corner cases in the SPTPS protocol.
* Test zero-byte messages.
* Test maximum size (65535 byte) messages.
* Test different message types.
* Test key renegotiation.
2011-10-05 22:05:13 +02:00
Guus Sliepen
3001351150 Update SPTPS protocol.
* Exchange nonce and ECDH public key first, calculate the ECDSA signature
  over the complete key exchange.
* Make an explicit distinction between client and server in the signatures.
* Add more comments and replace some magic numbers by #defines.

Thanks to Erik Tews for very helpful hints and comments!
2011-10-05 22:00:51 +02:00
Guus Sliepen
810847248a Fix compiler warning. 2011-10-05 21:59:33 +02:00
Guus Sliepen
ddea7a23a6 Return false instead of void when there is an error. 2011-08-30 20:49:48 +02:00
Guus Sliepen
e838289683 Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
In case the config file could not be opened a new but unitialized RSA structure
would be returned, causing a segmentation fault later on. This would only
happen in the case that the config file could be opened before, but not when
read_rsa_public_key() was called. This situation could occur when the --user
option was used, and the config files were not readable by the specified user.
2011-08-30 20:04:18 +02:00
Guus Sliepen
5d4336e542 Handle UDP packets with unknown source addresses properly.
Probably due to a merge, the try_harder() function had duplicated the
rate-limiting code for detecting the sender node based on the HMAC of the
packet. This prevented this detection from running at all. The function is now
identical again to that in the 1.0 branch.
2011-08-10 17:04:17 +02:00
Michael Tokarev
bbc0ba9e87 use execvp() not execve() in tincctl start
sometimes argv[0] will have directory-less name (when the
command is started by shell searching in $PATH for example).
For tincctl start we want the same rules to run tincd as for
tincctl itself (having full path is better but if shell does
not provide one we've no other choice).  Previous code tried
to run ./tincd in this case, which is obviously wrong.

This is a fix for the previous commit.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2011-08-07 10:51:21 +02:00
Michael Tokarev
a7556a9d2c run tincd from the same directory as tincctl and pass all options to it
For tincctl start, run tincd from dirname($0) not SBINDIR -
this allows painless alternative directory installation and
running from build directory too.

Also while at it, pass the rest of command line to tincd, not
only options before "start" argument.  This way it's possible
to pass options to tincd like this:
  tincctl -n net start -- -d 1 -R -U tincuser ...

And also add missing newline at the end of error message there.

Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
2011-08-07 10:12:43 +02:00
Michael Tokarev
2696ad2cca don't mention reload twice in tincctl help
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
2011-08-07 10:12:38 +02:00
Guus Sliepen
3d75dbc088 Start of "Simple Peer-To-Peer Security" protocol.
Encryption and authentication of the meta connection is spread out over
meta.c and protocol_auth.c. The new protocol was added there as well,
leading to spaghetti code. To improve things, the new protocol will now
be implemented in sptps.[ch].

The goal is to have a very simplified version of TLS. There is a record
layer, and there are only two record types: application data and
handshake messages. The handshake message contains a random nonce, an
ephemeral ECDH public key, and an ECDSA signature over the former. After
the ECDH public keys are exchanged, a shared secret is calculated, and a
TLS style PRF is used to generate the key material for the cipher and
HMAC algorithm, and further communication is encrypted and authenticated.

A lot of the simplicity comes from the fact that both sides must have
each other's public keys in advance, and there are no options to choose.
There will be one fixed cipher suite, and both peers always authenticate
each other. (Inspiration taken from Ian Grigg's hypotheses[0].)
There might be some compromise in the future, to enable or disable
encryption, authentication and compression, but there will be no choice
of algorithms. This will allow SPTPS to be built with a few embedded
crypto algorithms instead of linking with huge crypto libraries.

The API is also kept simple. There is a start and a stop function. All
data necessary to make the connection work is passed in the start
function. Instead having both send- and receive-record functions, there
is a send-record function and a receive-data function. The latter will
pass protocol data received from the peer to the SPTPS implementation,
which will in turn call a receive-record callback function when
necessary. This hides all the handshaking from the application, and is
completely independent from any event loop or socket characteristics.

[0] http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html
2011-07-24 15:44:51 +02:00
Guus Sliepen
e16ead8dd9 Use usleep() instead of sleep(), MinGW complained. 2011-07-23 14:11:44 +02:00
Guus Sliepen
ff751903aa Don't abort() on low-level crypto errors, just return false.
The abort() calls were accidentily left in for debugging.
2011-07-20 08:19:18 +02:00
Guus Sliepen
2f4ccfe247 Fix tinc 1.0.x daemons connecting when ExperimentalProtocol = yes. 2011-07-19 21:11:11 +02:00
Guus Sliepen
c259d552fa Add missing newline. 2011-07-17 20:06:06 +02:00
Guus Sliepen
f6020a5224 Write loopback address instead of "any" address in pidfile. 2011-07-17 20:01:24 +02:00
Guus Sliepen
50fcfea127 Flush output buffer in send_tcppacket().
This is mainly important for Windows, where the select() call in the
main thread is not being woken up when the tapreader thread calls
route(), causing a delay of up to 1 second before the output buffer is
flushed. This would cause bad performance when UDP communication is not
possible.
2011-07-17 19:34:01 +02:00
Guus Sliepen
25091454da "tincctl stop" now removes the tinc service on Windows. 2011-07-17 19:23:52 +02:00
Guus Sliepen
c6c989cfa1 Fix declaration of usleep(). 2011-07-17 18:02:56 +02:00
Guus Sliepen
18e9839dc8 Ensure symlinked files do not end up in the tarball. 2011-07-17 10:59:54 +02:00
Guus Sliepen
fa4a01e4a2 Use const pointer to source in base64 and hex routines. 2011-07-16 22:38:50 +02:00
Guus Sliepen
574b380dfc Use usleep() instead of sleep(), MinGW complained. 2011-07-16 22:38:22 +02:00
Guus Sliepen
cff27a258f Use ECDSA to sign ECDH key exchange for UDP session keys.
The ECDSA public keys will also be included in the ANS_KEY requests,
but are only used when no ECDSA public key is known yet.
2011-07-16 20:21:44 +02:00
Guus Sliepen
03ac48ea19 Use the same logic as tinc 1.0.x for detecting two nodes with the same Name. 2011-07-16 15:21:37 +02:00
Guus Sliepen
2ba61742d4 Use the correct direction flag when setting cipher keys.
The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.
2011-07-16 15:15:29 +02:00
Guus Sliepen
be2fc8b045 Make code to detect two nodes with the same Name less triggerhappy.
First of all, if there really are two nodes with the same name, much
more than 10 contradicting ADD_EDGE and DEL_EDGE messages will be sent.
Also, we forgot to reset the counters when nothing happened.

In case there is a ADD_EDGE/DEL_EDGE storm, we do not shut down, but
sleep an increasing amount of time, allowing tinc to recover gracefully
from temporary failures.
2011-07-16 10:47:35 +02:00
Guus Sliepen
303dd1e702 Fix compiler warnings. 2011-07-13 22:52:52 +02:00
Guus Sliepen
791c1898ea Remove unnecessary variables and functions. 2011-07-13 22:31:53 +02:00
Guus Sliepen
fec279a9c5 Make use of the improved hex and base64 functions.
Also, use base64 for all EC related data, it is shorter and easy to
distinguish from the legacy protocol.
2011-07-12 23:43:12 +02:00
Guus Sliepen
06b8271ed5 Make hexadecimal and base64 routines behave the same.
The length parameter for the encoding functions is the length of the
binary input, and for the decoding functions it is the maximum size of
the binary output.

The return value is always the length of the resulting output, excluding
the terminating NULL character for the encoding routines.

All functions can encode and decode in-place. The encoding functions
will always write a terminating NULL character, and the decoding
functions will stop at a NULL character.
2011-07-12 23:23:26 +02:00
Guus Sliepen
bbeab00f46 Require ExperimentalProtocol = yes for new features, update documentation. 2011-07-11 21:54:01 +02:00
Guus Sliepen
d1cd3c8145 Close meta connection socket after cleaning up event structures.
Epoll doesn't like it when an already closed filedescriptor is being
removed, so we defer closing the socket until after all else is cleaned
up.
2011-07-10 22:46:43 +02:00
Guus Sliepen
30ef2a981e Automatically exchange ECDSA keys and upgrade to new authentication protocol.
If we don't have ECDSA keys for the node we connect to, set protocol_minor
to 1, to indicate this to the other end. This will first complete the
old way of authentication with RSA keys, and will then exchange ECDSA keys.
The connection will be terminated right afterwards, and the next attempt
will use ECDSA keys.
2011-07-10 22:34:17 +02:00
Guus Sliepen
027228debe Free ECDSA and RSA structures when freeing a connection_t. 2011-07-10 21:04:31 +02:00
Guus Sliepen
73863fab8a Hash input before signing it with ECDSA. 2011-07-08 18:17:34 +02:00
Guus Sliepen
8132be8fbd Very primitive ECDSA signed ECDH key exchange for the meta protocol.
Nonces and hash of the ID requests should be included in the seed for the PRF.
2011-07-07 22:30:55 +02:00
Guus Sliepen
210b5ceeee Read ECDSA keys. 2011-07-07 22:28:25 +02:00
Guus Sliepen
03582eb669 Implement ECDSA sign and verify operations.
Very basic at the moment, doesn't hash the input first,
and uses OpenSSL's DER encoded signature as output.
2011-07-07 22:27:17 +02:00
Guus Sliepen
86d83bd9bd Bump minor protocol to indicate ECDH capability for UDP session keys. 2011-07-05 21:29:31 +02:00
Guus Sliepen
9708bbfa8e Add a minor number to the protocol version. 2011-07-05 21:19:48 +02:00
Guus Sliepen
b99656d84a Round up the size of the secret parts after splitting it in two. 2011-07-04 07:51:47 +02:00
Guus Sliepen
95e1cc36d3 Add ECDSA key import. 2011-07-03 23:44:43 +02:00
Guus Sliepen
1e2d9b0899 Finish base64 decoding routine. 2011-07-03 23:33:56 +02:00
Guus Sliepen
80b81c00b1 Have tincctl generate ECDSA keys.
The generate-keys command now generates both an RSA and an ECDSA keypair,
but one can generate-rsa-keys or generate-ecdsa-keys to just generate one type.
2011-07-03 22:25:29 +02:00
Guus Sliepen
8ace7f3e57 Add ECDSA key generation. 2011-07-03 22:15:00 +02:00
Guus Sliepen
1d92dd62a7 Base64 encoding and decoding functions. 2011-07-03 22:13:58 +02:00
Guus Sliepen
c385d11533 Cleanups in ECDH code. 2011-07-03 22:13:34 +02:00
Guus Sliepen
895f868714 No need to keep around pointers to EC_GROUP. 2011-07-03 21:21:37 +02:00
Guus Sliepen
ac163120d7 Proper use of PRF. 2011-07-03 16:30:49 +02:00
Guus Sliepen
82f00ea07b Use PRF. 2011-07-03 15:59:49 +02:00
Guus Sliepen
feb3f22fff Add PRF to derive key material from the ECDH shared secret.
It is modelled after the pseudorandom function from RFC4346 (TLS 1.1), the only
significant change is the use of SHA512 and Whirlpool instead of MD5 and SHA1.
2011-07-03 15:26:58 +02:00
Guus Sliepen
8dfa072733 Support ECDH key exchange.
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
2011-07-03 13:17:28 +02:00
Guus Sliepen
ee8a214318 Preliminary implementation of Elliptic Curve Diffie-Hellman Ephemeral key exchange. 2011-06-27 21:52:23 +02:00
Guus Sliepen
8c953b1bfe Don't react to escape character in tincctl top.
Not only the ESC key generates an escape character, but many other keys
do as well, such as arrow keys.
2011-06-26 12:58:50 +02:00
Guus Sliepen
660f530a6f Really stable sorting of tincctl top output. 2011-06-25 22:20:39 +02:00
Guus Sliepen
ab4d289faf Make pid files backwards compatible and add address of listening socket.
The pid is now written first, so that a version 1.0.x tincd can be used to stop
a running version 1.1 tincd.  Getsockname() is used to determine the address of
the first listening socket, so that tincctl can connect to the local tincd even
if AddressFamily = ipv6, or if BindToAddress or BindToInterface is used.
2011-06-25 21:35:27 +02:00
Guus Sliepen
a05fa7f882 Rename controlcookie file to pidfile. 2011-06-25 21:21:36 +02:00
Guus Sliepen
c64f64b875 Don't call exit_control() if we didn't do init_control(). 2011-06-25 21:16:13 +02:00
Guus Sliepen
3b237afbda Re-add support for SIGALRM. 2011-06-25 20:20:07 +02:00
Guus Sliepen
8733110dec Ensure the right files end up in the tarball after make dist. 2011-06-25 17:08:40 +02:00
Guus Sliepen
7944cce19e Don't use AM_CONDITIONAL for CURSES.
For some reason, this doesn't work when cross-compiling for Windows.
2011-06-25 00:06:06 +02:00
Guus Sliepen
365f60f3f8 Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h(). 2011-06-24 22:49:18 +02:00
Guus Sliepen
1fe8ba2f06 Delete mtuevent if it is not used.
Keeping it around prevents ans_key_h() from restarting PMTU discovery.
2011-06-24 22:10:03 +02:00
Guus Sliepen
79e9a4f743 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	src/Makefile.am
2011-06-24 21:40:55 +02:00
Guus Sliepen
3c0511984f Remove redundant @CFLAGS@ from AM_CFLAGS. 2011-06-24 12:27:04 +02:00
Guus Sliepen
532557beea Only log UDP address changes at the appropriate debug levels. 2011-06-21 23:06:53 +02:00
Guus Sliepen
60ed7fe598 Reopen log file after SIGHUP.
This was missed by the previous merge.
2011-06-06 21:19:30 +02:00
Guus Sliepen
33f241d978 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	configure.in
	doc/tincd.8.in
	lib/pidfile.c
	lib/pidfile.h
	lib/xalloc.h
	lib/xmalloc.c
	src/conf.c
	src/conf.h
	src/connection.c
	src/connection.h
	src/event.c
	src/graph.c
	src/graph.h
	src/net.c
	src/net.h
	src/node.h
	src/openssl/crypto.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/route.c
2011-06-06 20:42:15 +02:00
Guus Sliepen
601f3b2dd7 Clean up digests when freeing a connection_t. 2011-06-06 20:12:33 +02:00
Guus Sliepen
4b3fd94b1c Improved --logfile option.
Instead of UNIX time, the log messages now start with the time in RFC3339
format, which human-readable and still easy for the computer to parse and sort.
The HUP signal will also cause the log file to be closed and reopened, which is
useful when log rotation is used. If there is an error while opening the log
file, this is logged to stderr.
2011-06-06 16:26:11 +02:00
Guus Sliepen
b3bbeab6e6 Attribution for Loïc Grenié. 2011-06-04 11:27:54 +02:00
Loïc Grenié
50af33d01f Nearly tickless tinc.
Use pselect instead of select in main_loop (if available). This lets
tincd sleeps as long as there is nothing to do.
2011-06-04 11:19:46 +02:00
Guus Sliepen
8b3cc695b5 Don't ignore SIGCHLD, system() needs it.
But we do ignore SIGPIPE, and tinc 1.0.x signals that are no longer used
(SIGUSR1 and SIGUSR2), since the default handler of these signals is to
terminate tincd immediately.
2011-06-03 15:50:20 +02:00
Guus Sliepen
5989a29d7b Fix format strings for Windows.
Windows doesn't like %zd, so cast (s)size_t to int. Also, some shorts were
incorrectly printed with %d instead of %hd.
2011-06-03 00:46:56 +02:00
Guus Sliepen
3ade33bfac Use send() when writing to sockets, and the return type is ssize_t. 2011-06-03 00:34:30 +02:00
Guus Sliepen
5f4d57e846 Small fixes for Windows. 2011-06-02 23:40:27 +02:00
Guus Sliepen
2adc789401 Even simpler signal handling. 2011-06-02 22:14:53 +02:00
Guus Sliepen
2f42896789 Remove debugging message that was accidentily left in. 2011-06-02 21:29:11 +02:00
Guus Sliepen
c6b0e102ad Don't treat packets coming in via TCP as having zero length. 2011-06-02 21:16:57 +02:00
Guus Sliepen
80ca91769d Fix nodes joining the VPN after tincctl top started. 2011-06-02 21:14:50 +02:00
Guus Sliepen
311f60f4f0 Make traffic statistics more readable with configurable scaling. 2011-06-02 20:48:18 +02:00
Guus Sliepen
a8f0d21330 More stable sorting in tincctl top.
Although we use qsort(), which is not guaranteed to be stable, resorting the
previously sorted array is more stable than recreating and resorting the array
each time.
2011-06-02 20:27:16 +02:00
Guus Sliepen
2bda2aa885 Fix some compiler and cppcheck warnings. 2011-06-02 18:22:26 +02:00
Guus Sliepen
809dfd2f5b Remove support for the Ethertap device. 2011-06-02 18:07:50 +02:00
Guus Sliepen
af2e0c9a32 Remove unused functions and variables. 2011-06-02 17:57:53 +02:00
Guus Sliepen
b7754e5aaa Drop the GNU memcmp.c implementation. 2011-06-02 17:53:35 +02:00
Guus Sliepen
25b467638a Drop the GNU malloc.c, realloc.c, and xmalloc.c.
We live in the 21st century, and we require C99 semantics, so we do not need to
work around buggy libcs. The xmalloc() and related functions are now static
inline functions.
2011-06-02 17:45:06 +02:00
Guus Sliepen
e452a933f9 Simplify signal handling.
We don't override any signal handlers anymore except those for SIGPIPE and
SIGCHLD. Fatal signals (SIGSEGV, SIGBUS etc.) will terminate tincd and
optionally dump core.  The previous behaviour was to terminate gracefully and
try to restart, but that usually failed and made any core dump useless.
2011-06-02 17:14:30 +02:00
Guus Sliepen
4d440336c3 Remove outgoing event in free_connection(). 2011-05-29 22:34:19 +02:00
Guus Sliepen
d29bfc9a45 Initialise priority field to zero for packets read from the VPN interface. 2011-05-29 22:14:35 +02:00
Guus Sliepen
4c403840ff Cosmetic fix when pressing 's' in tincctl top. 2011-05-29 22:12:37 +02:00
Guus Sliepen
b3aeaf0f91 Show hostname and port in error message when connecting to a running tincd. 2011-05-29 22:10:54 +02:00
Sven-Haegar Koch
04de15984f do_outgoing_connection() may delete a failed connection, and the structure
must not be accessed afterwards.
2011-05-29 22:05:14 +02:00
Sven-Haegar Koch
82109868b5 src/net_socket.c bind_to_address(): Use after free in error path. 2011-05-29 22:05:04 +02:00
Guus Sliepen
5bc957074a Allow tincctl to connect to something besides localhost.
This would allow tincctl to connect to a remote tincd, or to a local tincd that
isn't listening on localhost, for example if it is using the BindToInterface or
BindToAddress options.
2011-05-29 14:41:05 +02:00
Guus Sliepen
64771f73eb Remove a few unnecessary #includes.
Some spotted by Michael Tokarev.
2011-05-28 23:46:56 +02:00
Guus Sliepen
5cff8c47c1 Remove newlines from log messages. 2011-05-28 23:42:18 +02:00
Guus Sliepen
6d08eb1614 Fix sparse warnings and add an extra sprinkling of const.
This is more or less the equivalent of Sven-Haegar Koch's fixes in the 1.1
branch.
2011-05-28 23:36:52 +02:00
Sven-Haegar Koch
e6b21e1a51 fgets() returns NULL on error, not < 0 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
434e57ae5e sparse fixup: warning: Using plain integer as NULL pointer 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
f4010694b3 sparse fixup: warning: non-ANSI function declaration of function '...' 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
d772289f6d sparse fixup: warning: symbol '...' was not declared. Should it be static? 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
02e32cf61e sparse fixup: error: too many arguments for function send_key_changed 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
b995243ac3 sparse fixup: error: dubious one-bit signed bitfield 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
bbd0025ae3 Use same definition for xalloc_fail_func as is really used. 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
3fca2cad48 Removed two newlines from the end of log messages which created empty lines. 2011-05-28 15:24:39 +02:00
Sven-Haegar Koch
9cce44dfe3 Fixed error logging on "Input buffer full" condition. 2011-05-28 15:24:38 +02:00
Guus Sliepen
07ffb1a198 Make return value of SetPriorityClass() behave the same as setpriority(). 2011-05-22 15:56:04 +02:00
Guus Sliepen
453c44e7b2 Add the ability to dump all traffic going through route() over a control connection.
One can get the packet stream in pcap format, which can be decoded using
tcpdump, for example:

tincctl -n <netname> pcap | tcpdump -r -
2011-05-22 14:17:30 +02:00
Guus Sliepen
54c900e961 Reset tcplen after use. 2011-05-22 14:02:27 +02:00
Guus Sliepen
8ddcad5fa1 Check if an event is initialized before calling event_del().
Libevent prints a warning to stderr if we do that.
2011-05-22 13:24:01 +02:00
Guus Sliepen
931e30f91a Always compact the buffer if it has reached MAXBUFSIZE. 2011-05-22 13:24:01 +02:00
Guus Sliepen
90c7fafe59 Compact input buffer before trying to read instead of after.
Also log an error when the input buffer contains more than MAXBUFSIZE bytes
already, instead of silently claiming the other side closed the connection.
2011-05-22 13:20:44 +02:00
Guus Sliepen
8de8f1d9e2 Fix some compiler warnings. 2011-05-17 10:58:22 +02:00
Guus Sliepen
f536504a7d Add top.h. 2011-05-16 09:48:19 +02:00
Guus Sliepen
e272fab858 Add tincctl.h. 2011-05-16 09:46:54 +02:00
Guus Sliepen
6d97cb1e22 Nicer top command.
- Configurable refresh interval.
- Switch between cumulative count or current rate.
- Configurable sorting.
2011-05-15 16:30:13 +02:00
Guus Sliepen
4574b04f79 Allow inserting items in the middle of a list. 2011-05-15 16:29:54 +02:00
Guus Sliepen
97355690b9 Add a very primitive "top" command to tincctl. 2011-05-15 13:16:48 +02:00
Guus Sliepen
362d8a6358 Dump traffic statistics over control sockets. 2011-05-15 11:59:13 +02:00
Guus Sliepen
f5843e7d64 Add per-node traffic counters. 2011-05-15 00:42:29 +02:00
Guus Sliepen
ffa3a443b9 Several fixes for the buffer code. 2011-05-14 22:30:23 +02:00
Guus Sliepen
cdb793f687 Remove use of bufferevent and eventbuffers, use our own buffering instead. 2011-05-14 19:20:56 +02:00
Guus Sliepen
f431fcb35f Add simple buffer management code.
Libevent 2.0's buffer code is not completely backward compatible with 1.4's.
In order to not (mis)use it anymore, we implement it ourselves. The buffers
are automatically expanding when necessary. When consuming data from the
buffer, no memmove()s are performed. Only when adding to the buffer would
write past the end do we shift everything back to the start.
2011-05-14 19:15:04 +02:00
Guus Sliepen
3794e551c7 Fix check for event initialization due to the merge. 2011-05-14 11:52:35 +02:00
Guus Sliepen
ce8775000a Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	lib/pidfile.c
	src/bsd/device.c
	src/dropin.h
	src/net.c
	src/net_packet.c
	src/node.c
	src/process.c
	src/tincd.c
2011-05-09 21:35:14 +02:00
Guus Sliepen
5686ad80b5 Releasing 1.0.14. 2011-05-08 23:17:46 +02:00
Guus Sliepen
67766d65f0 Update THANKS and copyright information. 2011-05-08 21:22:20 +02:00
Guus Sliepen
257cb6ac60 Always use the default signal handler for ABRT signals.
This will allow coredumps to be generated when tinc is daemonized.
Also add the -kABRT option.
2011-05-08 12:40:44 +02:00
Guus Sliepen
eacb5a28fb Increase threshold for detecting two nodes with the same Name.
In commit 4a21aabada, code was added to detect
contradicting ADD_EDGE and DEL_EDGE messages being sent, which is an indication
of two nodes with the same Name connected to the same VPN.  However, these
contradictory messages can also happen when there is a network partitioning. In
the former case a loop happens which causes many contradictory message, while
in the latter case only a few of those messages will be sent. So, now we
increase the threshold to at least 10 of both ADD_EDGE and DEL_EDGE messages.
2011-05-08 12:16:26 +02:00
Julien Muchembled
f11c6101f3 Fix command-line '-o' option for host configuration
This fixes a regression introduced by commit 667b1ba while refactoring option
parsing code.
2011-04-28 14:30:32 +02:00
Guus Sliepen
0aa86d4b8b Do not set indirect flag on edges from nodes with multiple addresses.
Since tinc now handles UDP packets with a different source address and port
than used for TCP connections, the heuristic to treat edges as indirect when
tinc could detect that multiple addresses were used does not make sense
anymore, and can actually reduce performance.
2011-03-09 09:34:56 +01:00
Guus Sliepen
7cf68b5e35 Prevent anything from updating our own UDP address.
Because we don't want to keep track of that, and this will cause the node
structure from being relinked into the node tree, which results in myself
pointing to an invalid address.
2011-02-18 23:11:43 +01:00
Guus Sliepen
cdbbbfabea Fix spurious misidentification of incoming UDP packets.
When a UDP packet was received with an unknown source address/port, and if it
failed a HMAC check against known keys, it could still incorrectly assign that
UDP address to another node. This would temporarily cause outgoing UDP packets
to go to the wrong destination address, until packets from the correct address
were received again.
2011-02-18 23:02:11 +01:00
Rumko
046d83bf91 DragonFlyBSD support
* added DragonFly BSD support
* added a check for sys/resource.h (needed on DragonFly)
2011-02-12 18:22:14 +01:00
Guus Sliepen
f017c7f98f Add support for VDE through libvdeplug.
When compiled with vde/device.c, tinc will connect to a vde_switch instance
instead of using a tun/tap device.
2011-02-07 18:34:55 +01:00
Guus Sliepen
6c05bf082b Remove unused variables. 2011-01-02 16:59:42 +01:00
Guus Sliepen
6a51d89cf7 Replace bogus #else with #endif.
Found by cppcheck, which complained about lenin not being initialized, but the
real problem is that reading packets would fail when using code compiled with
--tunemu on a normal tun device.
2011-01-02 16:55:42 +01:00
Guus Sliepen
3ce5e292da Close all filedescriptors in Solaris close_device(). 2011-01-02 16:50:24 +01:00
Guus Sliepen
f99661a4ca Always send MTU probes at least once every PingInterval.
Before, if MTU probes failed, tinc would stop sending probes until the next
time keys were regenerated (by default, once every hour).  Now it continues to
send them every PingInterval, so it recovers faster from temporary failures.
2011-01-02 15:02:23 +01:00
Guus Sliepen
cac0a5c651 Use setpriority() instead of nice() on UNIX-like systems.
The return value of nice() can not reliably indicate errors. The return value
of the setpriority() call is well-defined.
2010-11-20 14:31:11 +00:00
Guus Sliepen
3f59a26d80 Do not try to dereference myself->connection->config_tree.
This was a bug introduced due to an incomplete merge (commit
ff71f28902).
2010-11-19 12:26:20 +00:00
Guus Sliepen
886a6f61a1 Merge branch 'master' into 1.1
Conflicts:
	src/net_packet.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
2010-11-19 12:22:48 +00:00
Guus Sliepen
d91903ef3c Attribution for Brandon Black. 2010-11-16 17:28:41 +01:00
Guus Sliepen
e764ff7be9 Fix variable length array declaration. 2010-11-16 16:45:36 +01:00
Guus Sliepen
5eb0440110 Free replay window when freeing a node_t. 2010-11-13 21:36:51 +01:00
Guus Sliepen
a9445e38f2 Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails. 2010-11-13 21:34:59 +01:00
Brandon L Black
0d61d4ae13 Improved handling of queue-jumping packets on receive 2010-11-13 21:25:48 +01:00
Brandon L Black
23acc19bc0 Configurable ReplayWindow size, zero disables 2010-11-13 21:25:46 +01:00
Brandon L Black
8dfe1b374e Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket 2010-11-13 21:25:44 +01:00
Brandon L Black
3f410e2f8f Experimental IFF_ONE_QUEUE support for Linux 2010-11-13 21:25:41 +01:00
Guus Sliepen
9e3ca39773 Use variable length arrays instead of alloca(). 2010-11-13 15:55:38 +01:00
Guus Sliepen
23dddc2593 Link tincctl with dropin.o. 2010-11-13 15:46:19 +01:00
Guus Sliepen
a22041922f Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2010-11-12 16:15:29 +01:00
Guus Sliepen
930bf74fbe Don't use strlen() on a NULL pointer.
A bug introduced in commit 667b1bac77 caused tinc
to crash on startup.
2010-11-12 11:38:05 +01:00
Guus Sliepen
66b7aea294 Read error counter must be static. 2010-11-02 14:23:43 +01:00
Guus Sliepen
a91bf2dfcd Quit when there are too many consecutive errors on the tun/tap device.
Although transient errors sometimes happen on the tun/tap device (for example,
if the kernel is temporarily out of buffer space), there are situations where
the tun/tap device becomes permanently broken. Instead of endlessly spamming
the syslog, we now sleep an increasing amount of time between consecutive read
errors, and if reads still fail after 10 attempts (approximately 3 seconds),
tinc will quit.
2010-11-02 14:18:35 +01:00
Michael Tokarev
aca70cd3c3 Treat netname="." in a special way.
Treat netname "." in a special way as if there was no netname
specified.  Before, f.e. tincd -n. -k didn't work as it tried
to open /var/run/tinc-.pid.  Now -n. works as if there was no
-n option is specified.

Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
2010-10-24 13:32:36 +02:00
Guus Sliepen
5f729f76f5 Remove unused variables.
These were caused by commit 667b1bac77.
2010-10-22 22:46:44 +02:00
Guus Sliepen
20ae7dd8c1 Abort disabling old PEM keys on I/O errors. 2010-10-22 22:43:50 +02:00
Guus Sliepen
a08462bf84 Ensure there is a newline character before a PEM key is written. 2010-10-22 22:42:21 +02:00
Guus Sliepen
c6ccbadfcf Attribution for Timothy Redaelli. 2010-10-22 13:40:04 +02:00
Guus Sliepen
1c2cd7ed27 Attribution for Julien Muchembled. 2010-10-22 13:17:42 +02:00
Guus Sliepen
667b1bac77 Remove duplicate command-line option parsing.
Also fix parsing of command-line host configuration options for the local node.
2010-10-22 13:06:06 +02:00
Guus Sliepen
ff71f28902 Merge local host configuration with server configuration.
With some exceptions, tinc only accepted host configuration options for the
local node from the corresponding host configuration file. Although this is
documented, many people expect that they can also put those options in
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
local host configuration file.
2010-10-22 12:47:12 +02:00
Julien Muchembled
8c3105283a New '-o' option to configure server or hosts from command line
Options given on the command line have precedence over configuration from files.

This can be useful, for example, for a roaming node, for which 'ConnectTo' and
<host>.Address depends on its location.
2010-09-05 22:26:26 +02:00
Guus Sliepen
4b6a9f1c1f Do not append an address to ANS_KEY messages if we don't know any address.
This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.
2010-06-04 16:03:19 +02:00
Guus Sliepen
798fa2f04c Use 64 bit counters to keep track of bytes sent/received from the virtual network interface. 2010-06-04 15:04:08 +02:00
Guus Sliepen
4a21aabada Detect and prevent two nodes with the same Name being on the VPN simultaneously.
In this situation, the two nodes will start fighting over the edges they announced.
When we have to contradict both ADD_EDGE and DEL_EDGE messages, we log a warning,
and with 25% chance per PingTimeout we quit.
2010-06-04 14:53:52 +02:00
Guus Sliepen
dbf3d168b7 Use strrchr() insteaad of rindex().
The latter function is deprecated, some build environments do not support.
2010-05-07 12:24:49 +02:00
Timothy Redaelli
eda7179874 Fix warnings under BSD 2010-05-06 21:19:49 +02:00
Timothy Redaelli
df985256a7 Fix warnings showed using -D_FORTIFY_SOURCE=2 2010-05-04 00:54:37 +02:00
Guus Sliepen
f5122ccece Fix all warnings when compiling with mingw64. 2010-05-01 15:39:59 +02:00
Guus Sliepen
ee427cac0d Do not try to free NULL pointers. 2010-04-30 23:13:02 +02:00
Guus Sliepen
113458c286 Use correct digest length when checking a received key. 2010-04-30 23:11:48 +02:00
Guus Sliepen
76b41ba20d Add missing return statement. 2010-04-17 12:33:36 +02:00
Guus Sliepen
2911af6e23 Fix merge of commit 4a0b998151. 2010-04-17 12:33:15 +02:00
Guus Sliepen
79e46d08a4 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	src/net.c
	src/net.h
2010-04-17 12:21:53 +02:00
Guus Sliepen
4766359e14 Fix reading configuration files that do not end with a newline. Again. 2010-04-17 12:01:38 +02:00
Guus Sliepen
0ddce6370d Don't redefine MAX if it already exists. 2010-04-11 19:39:31 +02:00
Guus Sliepen
a9bbb3357a Fixes for definitions under Windows. 2010-04-11 19:20:02 +02:00
Guus Sliepen
4708f2c89e Ensure subnet-up/down scripts are called after HUP when necessary. 2010-04-11 18:34:50 +02:00
Guus Sliepen
32f5524c4b Fix reloading Subnets when StrictSubnets is set. 2010-04-11 04:35:16 +02:00
Guus Sliepen
9f53ab209d Reload Subnets when getting a HUP signal and StrictSubnets is used. 2010-04-11 00:50:42 +02:00
Guus Sliepen
f75e71bc69 Convert Port to numeric form before sending it to other nodes.
If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes.  However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.
2010-04-03 09:46:45 +01:00
Sven-Haegar Koch
e49891e188 Fixed metadata protokoll corruption on forwarded requests
When forwarding a metadata request through forward_request() we were
adding the required newline char to our buffer, but then sending the
data without it - this results in the forwarded request and the next one
to be garbled together.

Additionally while at it add a warning comment that request string is
not zero terminated anymore after a call to the forward_request()
function - for now this is ok as it is not used by any caller after this.
2010-03-31 05:06:40 +02:00
Sven-Haegar Koch
0310deb225 Demote all LOG_EMERG to LOG_ERR, spamming all xterms is bad. 2010-03-31 05:06:33 +02:00
Sven-Haegar Koch
685509ffe1 Function flush_meta() does not exist anymore. 2010-03-31 05:06:33 +02:00
Sven-Haegar Koch
ffa1dc73dc Fixed 1.0 miss-merges 2010-03-31 05:01:39 +02:00
Sven-Haegar Koch
103543aa2c Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	have.h
	src/conf.c
	src/conf.h
	src/net.c
	src/net_packet.c
	src/protocol_key.c
	src/protocol_subnet.c
	src/route.c
	src/tincd.c
2010-03-26 16:51:03 +01:00
Sven-Haegar Koch
292354912f Never delete Subnets when StrictSubnets is set
If a node is unreachable, and not connected to an edge anymore, it gets
deleted. When this happens its subnets are also removed, which should
not happen with StrictSubnets=yes.

Solution:
- do not remove subnets in src/net.c::purge(), we know that all subnets
  in the list came from our hosts files.
  I think here you got the check wrong by looking at the tunnelserver
  code below it - with strictsubnets we still inform others but do not
  remove the subnet from our data.
- do not remove nodes in net.c::purge() that still have subnets
  attached.
2010-03-18 11:50:45 +01:00
Guus Sliepen
f2346771cf Log unauthorized Subnets when StrictSubnets is set. 2010-03-08 21:44:32 +01:00
Guus Sliepen
8ae54dc7c7 Fixes for the Forwarding option. 2010-03-02 23:27:50 +01:00
Guus Sliepen
3e4829e78a Add the DirectOnly option.
When this option is enabled, packets that cannot be sent directly to the destination node,
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
2010-03-02 22:55:24 +01:00
Guus Sliepen
95a6974de1 Add the Forwarding option.
This determines if and how incoming packets that are not meant for the local
node are forwarded.  It can either be off, internal (tinc forwards them itself,
as in previous versions), or kernel (packets are always sent to the TUN/TAP
device, letting the kernel sort them out).
2010-03-02 22:34:26 +01:00
Guus Sliepen
5038964032 Add the StrictSubnets option.
When this option is enabled, tinc will not accept dynamic updates of Subnets
from other nodes, but will only use Subnets read from local host config files
to build its routing table.
2010-03-02 00:18:44 +01:00
Guus Sliepen
9fed0ec34b Preload all Subnets in TunnelServer mode.
This simplifies the logic in protocol_subnet.c.
2010-03-01 23:44:56 +01:00
Guus Sliepen
21f33b6382 Simplify reading lines from configuration files.
Instead of allocating storage for each line read, we now read into fixed-size
buffers on the stack. This fixes a case where a malformed configuration file
could crash tinc.
2010-03-01 23:35:02 +01:00
Guus Sliepen
3cb91d75f8 Clamp MSS to miminum MTU in both directions.
Clamp MSS of both incoming and outgoing packets, and use the minimum of the
PMTU of both directions when clamping.
2010-02-28 18:20:13 +01:00
Timothy Redaelli
ddb8cb0779 Add --disable-zlib configure option 2010-02-10 16:47:52 +01:00
Timothy Redaelli
eeb505af36 Add --disable-lzo configure option 2010-02-10 16:47:52 +01:00
Guus Sliepen
cd0c2e86a4 Ensure peers with a meta connection always have our key.
This keeps UDP probes going, which in turn keeps NAT mappings alive.
2010-02-03 11:18:46 +01:00
Guus Sliepen
40d91ff619 Update copyright notices. 2010-02-02 22:49:21 +01:00
Guus Sliepen
44f8f61396 Try to set DF bit on BSDs as well.
Every operating system seems to have its own, slightly different way to disable
packet fragmentation. Emit a compiler warning when no suitable way is found.
On OpenBSD, it seems impossible to do it for IPv4.
2010-02-02 22:22:27 +01:00
Guus Sliepen
ed14ef93b4 Immediately exchange keys when establishing a meta connection.
This in turn will trigger PMTU discovery, and ensures nodes know each others
reflexive UDP address and port.
2010-02-02 01:02:40 +01:00
Guus Sliepen
4a0b998151 Determine peer's reflexive address and port when exchanging keys.
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.

Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
2010-02-02 00:51:44 +01:00
Guus Sliepen
d15099e002 Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 18:48:01 +01:00
Guus Sliepen
469fa318bc Run subnet-up/down scripts for local MAC addresses as well. 2010-01-22 21:59:40 +01:00
Guus Sliepen
5d194b9f87 Fix subnet-up/down scripts being called with an empty SUBNET.
Commit 052ff8b2c5 contained a bug that causes
scripts to be called with an empty, or possibly corrupted SUBNET variable when
a Subnet is added or removed while the owner is still online. In router mode,
this normally does not happen, but in switch mode this is normal.
2010-01-22 21:47:26 +01:00
Guus Sliepen
b455111184 Make MSS clamping configurable, but enabled by default.
It can either be set globally in tinc.conf, or per-node in host config files.
2010-01-16 20:16:33 +01:00
Guus Sliepen
95928f7c29 Also clamp MSS of TCP over IPv6 packets. 2010-01-16 19:32:33 +01:00
Guus Sliepen
b1945f70fe Optimise handling of select() returning <= 0.
Before, we immediately retried select() if it returned -1 and errno is EAGAIN
or EINTR, and if it returned 0 it would check for network events even if we
know there are none.  Now, if -1 or 0 is returned we skip checking network
events, but we do check for timer and signal events.
2010-01-15 23:41:14 +01:00
Guus Sliepen
51099658c9 Ping nodes immediately when receiving SIGALRM.
One reason to send the ALRM signal is to let tinc immediately try to connect to
outgoing nodes, for example when PPP or DHCP configuration of the outgoing
interface finished.  Conversely, when the outgoing interface goes down one can
now send this signal to let tinc quickly detect that links are down too.
2010-01-15 23:19:08 +01:00
Guus Sliepen
2a538ed343 Clamp MSS of IPv4 SYN packets.
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends.  We
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
sending too large packets.
2010-01-15 13:42:37 +01:00
Guus Sliepen
35b1c25093 Move source from lib/ to src/.
The utility functions in the lib/ directory do not really form a library.
Also, now that we build two binaries, tincctl does not need everything that was
in libvpn.a, so it is wasteful to link to it.
2009-12-31 13:19:13 +01:00
Guus Sliepen
e4812ba9cc Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default. 2009-12-24 12:42:21 +01:00
Guus Sliepen
7203d5fb07 Use xstrdup() instead of xasprintf() to copy static strings. 2009-12-23 19:51:55 +01:00
Guus Sliepen
a9a803d566 Allow port to be specified in Address statements.
This allows one to connect to use more than one port number to connect to
another node. The syntax is now:

Address = <hostname> [<port>]
2009-12-23 19:49:38 +01:00
Guus Sliepen
43e34d8180 Do not fragment packets smaller than RFC defined minimum MTUs.
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
68, but this is such a low limit that it will probably hurt performance, so we
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
791). If we detect a path MTU smaller than those minima, and we have to handle
a packet that is bigger than the PMTU but smaller than those minima, we forward
them via TCP instead of fragmenting or returning ICMP packets.
2009-12-23 19:22:06 +01:00
Guus Sliepen
3626165002 Do not use hardcoded cipher block length when padding. 2009-12-19 23:23:25 +01:00
Guus Sliepen
f542ef8f9e Fix alignment of results of RSA operations when using libgcrypt.
If the result of an RSA encryption or decryption operation can be represented
in less bytes than given, gcry_mpi_print() will not add leading zero bytes. Fix
this by adding those ourself.
2009-12-19 22:17:39 +01:00
Guus Sliepen
4c68a8cb60 Do not consider unreachable nodes when trying to determine packet origin. 2009-12-19 20:53:48 +01:00
Guus Sliepen
74e50d52e0 recv() and recvfrom() return int, do not prematurely cast the return value. 2009-12-19 20:52:19 +01:00
Guus Sliepen
0bfd69a273 Fix reading raw RSA keys with libgcrypt. 2009-12-19 20:26:30 +01:00
Guus Sliepen
0ff44fc241 Reinitialise block cipher IV each time we encrypt a packet when using libgcrypt. 2009-12-19 20:10:38 +01:00
Guus Sliepen
3c90be7678 Fix block cipher padding when using libgcrypt. 2009-12-19 18:57:54 +01:00
Guus Sliepen
c845bc109c Fix packet authentication.
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
2009-12-18 01:15:25 +01:00
Guus Sliepen
55ef2f806f Allow connections to be closed.
This only closes existing meta connections, it may not affect node
reachability.
2009-12-16 21:16:56 +01:00
Guus Sliepen
f12c36afd5 Include missing header files and source directories. 2009-12-14 21:25:06 +01:00
Guus Sliepen
2a410cd26d Do not include OpenSSL headers directly. 2009-12-14 21:20:56 +01:00
Guus Sliepen
5d78e497f1 Fix compiler warnings. 2009-12-11 22:38:06 +01:00
Guus Sliepen
d6c50eb73a Merge branch 'master' into 1.1
Conflicts:
	src/subnet.c
2009-12-11 22:31:27 +01:00
Guus Sliepen
fec14791e8 Only call ioctlsocket() on Windows. 2009-12-11 22:24:07 +01:00
Guus Sliepen
369fe1ab1c Forget addresses of unreachable nodes.
We clear the cached address used for UDP connections when a node becomes
unreachable. This also prevents host-up scripts from passing the old, cached
address from when the host becomes reachable again from a different address.
2009-12-08 22:18:37 +00:00
Guus Sliepen
62f235e05c Remove unused variable in lookup_subnet_*() functions. 2009-11-28 11:56:13 +00:00
Guus Sliepen
92aefd25bf When learning MAC addresses, only check our own Subnets for previous entries.
Before it would check all addresses, and not learn an address if another node
already claimed that address. This caused fast roaming to fail, the code from
commit 6f6f426b35 was never triggered.
2009-11-28 11:52:23 +00:00
Guus Sliepen
edebf579f2 Use the TCP socket infrastructure for control sockets.
The control socket code was completely different from how meta connections are
handled, resulting in lots of extra code to handle requests.  Also, not every
operating system has UNIX sockets, so we have to resort to another type of
sockets or pipes for those anyway.  To reduce code duplication and make control
sockets work the same on all platforms, we now just connect to the TCP port
where tincd is already listening on.

To authenticate, the program that wants to control a running tinc daemon must
send the contents of a cookie file. The cookie is a random 256 bits number that
is regenerated every time tincd starts. The cookie file should only be readable
by the same user that can start a tincd.

Instead of the binary-ish protocol previously used, we now use an ASCII
protocol similar to that of the meta connections, but this can still change.
2009-11-07 23:43:25 +01:00
Guus Sliepen
c388527e34 Small fixes to get really working control sockets on Windows. 2009-11-07 16:09:56 +01:00
Guus Sliepen
5c5548fc71 Better integration of libevent in build system.
Since event.h is not part of tinc, we include it in have.h were all other
system header files are included.  We also ensure -levent comes before -lgdi32
when compiling with MinGW, apparently it doesn't work when the order is
reversed.
2009-11-07 14:35:48 +01:00
Guus Sliepen
075264a9e1 Make sure the 1.1 branch compiles in a MinGW environment.
UNIX domain sockets, of course, don't exist on Windows. For now, when compiling
tinc in a MinGW environment, try to use a TCP socket bound to localhost as an
alternative.
2009-11-05 23:29:28 +01:00
Guus Sliepen
08615e420b Handle PKCS#5 padding in the gcrypt backend. 2009-11-05 00:02:42 +01:00
Guus Sliepen
d9b2ac6767 Handle truncated message authentication codes with gcrypt.
Commit 4124b9682f did not update the gcrypt
backend.
2009-11-05 00:01:25 +01:00
Guus Sliepen
c4afc48154 Use %x instead of %lx where appropriate.
Some conversions were not properly merged from the master branch.
2009-11-04 16:19:08 +01:00
Guus Sliepen
37ccb325af Don't enable device events when there is no valid filedescriptor. 2009-11-04 16:18:08 +01:00
Guus Sliepen
108b238915 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tinc.texi
	doc/tincd.8.in
	src/Makefile.am
	src/connection.c
	src/edge.c
	src/meta.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/node.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_edge.c
	src/subnet.c
2009-11-02 14:24:27 +01:00
Guus Sliepen
d331f04e45 Start a tinc service if it already exists. 2009-11-01 15:57:28 +01:00
Guus Sliepen
6f6f426b35 Fast handoff of roaming MAC addresses.
In switch mode, if a known MAC address is claimed by a second node before it
expired at the first node, it is likely that this is because a computer has
roamed from the LAN of the first node to that of the second node. To ensure
packets for that computer are routed to the second node, the first node should
delete its corresponding Subnet as soon as possible, without waiting for the
normal expiry timeout.
2009-10-27 23:53:49 +01:00
Guus Sliepen
e00b44cb98 Move socket error interpretation to utils.h. 2009-10-25 01:40:07 +02:00
Guus Sliepen
c11dc8079b Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
2009-10-25 00:50:09 +02:00
Michael Tokarev
1bca167b7e Remove localedir leftovers. 2009-10-24 23:46:11 +02:00
Guus Sliepen
c3acae034c Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
This ensures the DF bit on outgoing UDP packets gets set on Windows when path
MTU discovery is enabled, reducing fragmentation.
2009-10-24 22:32:35 +02:00
Guus Sliepen
242c4e2ca6 Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
2009-10-24 21:53:01 +02:00
Guus Sliepen
d922db253c Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
2009-10-24 21:35:40 +02:00
Guus Sliepen
a8f7fccbc2 Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
2009-10-24 21:32:06 +02:00
Guus Sliepen
cddcdc9af3 Allow UDP packets with an address different from the corresponding TCP connection. 2009-10-24 20:54:44 +02:00
Guus Sliepen
5cbddc68ba Use uint32_t instead of long int for connection options.
Options should have a fixed width anyway, but this also fixes a possible MinGW
compiler bug where %lx tries to print a 64 bit value, even though a long int is
only 32 bits.
2009-10-24 16:15:24 +02:00
Guus Sliepen
468f393c4f Add dummy device. 2009-10-24 16:05:12 +02:00
Guus Sliepen
b6543af762 Clarify and increase level of log message about MTU probes to unreachable nodes. 2009-10-20 22:39:07 +02:00
Guus Sliepen
43a6e78664 Handle weighted Subnets in switch and hub modes.
We now handle MAC Subnets in exactly the same way as IPv4 and IPv6 Subnets.
This also fixes a problem that causes unncessary broadcasting of unicast
packets in VPNs where some daemons run 1.0.10 and some run other versions.
2009-10-20 22:33:16 +02:00
Guus Sliepen
35af4051c3 Fix a possible crash when sending the HUP signal.
When the HUP signal is sent while some outgoing connections have not been made
yet, or are being retried, a NULL pointer could be dereferenced resulting in
tinc crashing. We fix this by more careful handling of outgoing_ts, and by
deleting all connections that have not been fully activated yet at the HUP
signal is received.
2009-10-20 22:14:47 +02:00
Guus Sliepen
c7fdc7d5b8 Remove debugging message when reading packets from a BSD device.
This was inadvertently introduced by commit
4a5d42178c.
2009-10-12 23:51:57 +02:00
Guus Sliepen
ec4c8bcb18 Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
This device works like /dev/tun on Linux, automatically creating a new tap
interface when a program opens it. We now pass the actual name of the newly
created interface in $INTERFACE.
2009-10-12 22:14:47 +02:00
Guus Sliepen
92b8abc921 Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.

If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.

We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
2009-10-11 18:57:58 +02:00
Guus Sliepen
a4f132770d Revert "Raise default crypto algorithms to AES256 and SHA256."
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.

This reverts commit 4bb3793e38.
2009-10-11 13:56:04 +02:00
Guus Sliepen
2762509be1 Remove code duplication when checking ADD_EDGE/DEL_EDGE messages. 2009-10-11 13:54:05 +02:00
Guus Sliepen
5cddf5e52a Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
So that we are liberal in what we accept.
2009-10-11 13:51:10 +02:00
Borg
430c90412c Removed last gettext function. 2009-10-03 13:06:00 +02:00
Guus Sliepen
761517c21c Update FSF address in files not covered by the merge. 2009-09-29 15:33:58 +02:00
Guus Sliepen
07a560eab6 Drop localisation and checkpoint tracing in files not covered by the merge. 2009-09-29 15:19:55 +02:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
2009-09-29 14:55:29 +02:00
Guus Sliepen
46e481dc94 Add more authors to the copyright headers.
Git's log and blame tools were used to find out which files had significant
contributions from authors who sent in patches that were applied before we used
git.
2009-09-25 21:14:56 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
0e6856b137 Remove Ivo's old email addresses. 2009-09-24 23:42:30 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
c23fcf555e Update copyright information.
- Update year numbers in copyright headers.
- Add copyright information for Michael Tokarev and Florian Forster to the
  copyright headers of files to which they have contributed significantly.
- Mention Michael and Florian in AUTHORS.
- Mention that tinc is GPLv3 or later if compiled with the --enable-tunemu
  flag.
2009-09-24 23:29:46 +02:00
Guus Sliepen
4bdf0e80ee Replace asprintf()s not covered by the merge to xasprintf(). 2009-09-16 20:28:30 +02:00
Guus Sliepen
1cbddbd573 Use correct format specifiers. 2009-09-16 20:17:11 +02:00
Guus Sliepen
2f97bdb46b Add missing #include. 2009-09-16 20:16:54 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
2009-09-16 19:55:47 +02:00
Guus Sliepen
b5ccce2968 Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum.  If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives.  We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
2009-09-15 23:22:13 +02:00
Guus Sliepen
d273efb177 Raise default RSA key length to 2048 bits. 2009-09-15 23:04:52 +02:00
Guus Sliepen
b47c17bcde Use a mutex to allow the TAP reader to process packets faster on Windows.
The TAP-Win32 device is not a socket, and select() under Windows only works
with sockets.  Tinc used a separate thread to read from the TAP-Win32 device,
and passed this via a local socket to the main thread which could then select()
from it. We now use a global mutex, which is only unlocked when the main thread
is waiting for select(), to allow the TAP reader thread to process packets
directly.
2009-09-15 22:59:01 +02:00
Guus Sliepen
4bb3793e38 Raise default crypto algorithms to AES256 and SHA256.
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
2009-09-15 12:08:05 +02:00
Guus Sliepen
633c0cf1b0 Use access() instead of stat() for checking whether scripts exist. 2009-09-15 00:36:07 +02:00
Guus Sliepen
f80bf14f28 Also do not use drand48(), it is not available on Windows. 2009-09-14 23:28:28 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
2009-09-14 23:06:00 +02:00
Guus Sliepen
75773efe26 Apparently it's impolite to ask GCC to subtract two pointers.
If two pointers do not belong to the same array, pointer subtraction gives
nonsensical results, depending on the level of optimisation and the
architecture one is compiling for. It is apparently not just subtracting the
pointer values and dividing by the size of the object, but uses some kind of
higher magic not intended for mere mortals. GCC will not warn about this at
all. Casting to void * is also a no-no, because then GCC does warn that strict
aliasing rules are being broken. The only safe way to query the ordering of two
pointers is to use the (in)equality operators.

The unsafe implementation of connection_compare() has probably caused the "old
connection_t for ... still lingering" messages. Our implementation of AVL trees
is augmented with a doubly linked list, which is normally what is traversed.
Only when deleting an old connection the tree itself is traversed.
2009-09-13 14:08:59 +02:00
Guus Sliepen
23e151aeed Remove superfluous call to avl_delete(). 2009-09-13 14:07:40 +02:00
Guus Sliepen
9915f2abbe Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
2009-09-12 14:19:36 +02:00
Guus Sliepen
7242868b64 Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba5
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
2009-09-12 13:40:32 +02:00
Guus Sliepen
052ff8b2c5 Put Subnet weight in a separate environment variable.
Commit 5674bba5c5 introduced weighted Subnets,
but the weight was included in the SUBNET variable passed to subnet-up/down
scripts. This makes it harder to use in those scripts. The weight is now
stripped from the SUBNET variable and put in the WEIGHT variabel.
2009-09-12 13:34:11 +02:00
Guus Sliepen
a60a0a1f13 Don't stat() on iPhone/iPod.
Grzegorz Dymarek noted that tinc segfaults at the stat() call in
execute_script() on the iPhone.  We can omit the stat() call for the moment,
the subsequent call to system() will fail with just a warning.
2009-09-10 19:51:08 +02:00
Guus Sliepen
4a5d42178c Add support for iPhones and recent iPods.
This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use
the tunemu device, which allows tinc to be compiled for iPhones and recent
iPods. To enable support for tunemu, the --enable-tunemu option has to be used
when running the configure script.
2009-09-10 19:32:54 +02:00
Guus Sliepen
ff946d0423 Another safe bitfield conversion. 2009-09-09 14:51:36 +02:00
Guus Sliepen
81afa26e4a Convert bitfields to integers in a safe way.
This is commit eb391c52ee redone, but without the
non-standard anonymous union.
2009-09-09 12:04:08 +02:00
Guus Sliepen
9b394bc887 Ensure tinc compiles with gcc -std=c99.
We use a lot of C99 features already, but also some extensions which are not in
the standard.
2009-09-08 21:45:24 +02:00
Guus Sliepen
f52ea0a7eb UNIX signal numbers start at 1. 2009-09-08 18:21:52 +02:00
Guus Sliepen
73d77dd416 Replace asprintf() by xasprintf(). 2009-09-08 18:18:36 +02:00
Michael Tokarev
63fe89e9eb Remove extra semicolon in my definition of setpriority() 2009-09-08 16:49:38 +02:00
Guus Sliepen
5a7fc58012 Always remove a node from the UDP tree before freeing it.
Valgrind caught tinc reading free'd memory during a purge(). This was caused by
first removing it from the main node tree, which will already call free_node(),
and then removing it from the UDP tree. This might cause spurious segmentation
faults.
2009-09-08 16:35:28 +02:00
Guus Sliepen
de029ce460 Change level of some debug messages, zero pointer after freeing hostname. 2009-06-11 19:39:25 +02:00
Guus Sliepen
66be914d35 Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
2009-06-11 19:26:34 +02:00
Guus Sliepen
df4add94a4 Remove pending MTU probe events when a node's reachability status changes. 2009-06-11 19:07:54 +02:00
Guus Sliepen
36f8e4da8b Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
2009-06-11 18:36:08 +02:00
Guus Sliepen
9b129c07e2 Fix pointer arithmetic when creating and verifying message authentication codes. 2009-06-06 20:14:51 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2009-06-05 23:14:13 +02:00
Guus Sliepen
261d1eac1c Properly set HMAC length for incoming packets. 2009-06-05 16:14:31 +02:00
Michael Tokarev
591c38eb38 try outgoing connections before chroot/drop_privs
When chrooted, we either need to force-initialize resolver
and/or nsswitch somehow (no clean way) or resolve all the
names we want before entering chroot jail.  The latter
looks cleaner, easier and it is actually safe because
we still don't talk with the remote nodes there, only
initiating outgoing connections.
2009-06-05 11:40:08 +02:00
Michael Tokarev
a42a8dde45 cleanup setpriority thing to make it readable 2009-06-05 10:02:55 +02:00
Guus Sliepen
41c10c5a96 Add ProcessPriority option.
This option can be set to low, normal or high. On UNIX flavours, this changes
the nice value of the process by +10, 0 and -10 respectively. On Windows, it
sets the priority to BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS and
HIGH_PRIORITY_CLASS respectively.

A high priority might help to reduce latency and packet loss on the VPN.
2009-05-28 22:51:30 +02:00
Florian Forster
41a05f59ba src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
If a host has multiple addresses on an interface, the source address of the TCP
connection(s) was picked by the operating system while the UDP packets used a
bound socket, i. e. the source address was the address specified by the user.
This caused problems because the receiving code requires the TCP connection and
the UDP connection to originate from the same IP address.

This patch adds support for the `BindToInterface' and `BindToAddress' options
to the setup of outgoing TCP connections.

Tested with Debian Etch on x86 and Debian Lenny on x86_64.

Signed-off-by: Florian Forster <octo@verplant.org>
2009-05-28 00:35:00 +02:00
Florian Forster
6b415a1a7f src/linux/device.c: Fix segfault when running without `--net'.
If running without `--net', the (global) variable `netname' is NULL. This
creates a segmentation fault because this NULL-pointer is passed to strdup:

 Program terminated with signal 11, Segmentation fault.
 #0  0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
 (gdb) bt
 #0  0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
 #1  0xb7d30175 in strdup () from /lib/tls/i686/cmov/libc.so.6
 #2  0x0805bf47 in xstrdup (s=0x0) at xmalloc.c:118  <---
 #3  0x0805be33 in setup_device () at device.c:66
 #4  0x0805072e in setup_myself () at net_setup.c:432
 #5  0x08050db2 in setup_network () at net_setup.c:536
 #6  0x0805b27f in main (argc=Cannot access memory at address 0x0) at tincd.c:580

This patch fixes this by checking `netname' in `setup_device'. An alternative
would be to check for NULL-pointers in `xstrdup' and return NULL in this case.

Signed-off-by: Florian Forster <octo@verplant.org>
2009-05-27 10:55:09 +02:00
Michael Tokarev
a8a65cee08 tunnelserver: log which ADD_SUBNET was refused
Add some logging about refused ADD_SUBNET
(it causes subsequent client disconnect so it's
important to know which subnet was at fault).

Maybe we should just ignore it completely.
2009-05-25 16:55:55 +02:00
Guus Sliepen
4e9e3ca89d Do not forward broadcast packets when TunnelServer is enabled.
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
2009-05-25 15:04:33 +02:00
Guus Sliepen
7fc69bc73b Use packet size before decompression to calculate path MTU.
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
2009-05-25 12:19:37 +02:00
Guus Sliepen
1b3add6c29 Add declaration for sockaddrcmp_noport(). 2009-05-25 12:19:08 +02:00
Michael Tokarev
ca5b67111e Fix ans_key exchange in recent changes
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
2009-05-25 01:30:01 +02:00
Guus Sliepen
7034338bc3 Use xrealloc instead of if(ptr) ptr = xmalloc(). 2009-05-24 19:35:51 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Michael Tokarev
0246939ce1 don't log every strange packet coming to the UDP port
it's a sure way to fill up syslog.  Only log those if
debug level is up to PROTOCOL
2009-05-24 17:28:24 +02:00
Guus Sliepen
2c67eafc6e If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily. 2009-05-24 15:58:47 +02:00
Michael Tokarev
7e4d57adf5 ignore indirect edge registrations in tunnelserver mode
In tunnelserver mode we're not interested to hear about
our client edges, just like in case of subnets.  Just
ignore all requests which are not about our node or the
client node.

The fix is very similar to what was done for subnets.

Note that we don't need to add the "unknown" nodes to
the list in tunnelserver mode too, so move allocation
of new nodes down the line.
2009-05-22 00:43:48 +02:00
Michael Tokarev
3759aa5f77 TunnelServer: Don't disconnect client on DEL_SUBNET too
Similar changes as was in 2327d3f6eb
but for del_subnet_h().

Before, we vere returning false (and causing disconnect of the
client) in case of tunnelserver and the client sending DEL_SUBNET
for non-his subnet or for subnet which owner isn't in our connection
list.

After the mentioned change to add_subnet_h() that routine does not
add such indirect owners to the connection list anymore, so that
was ok (owner == NULL and we return true).

But if we too has a connection with the node about which the client
is sending DEL_SUBNET notification, say, because that client lost
connection with that other node, we'll disconnect this client from
us too, returning false for indirect DEL_SUBNET.

Fix that by allowing and ignoring indirect DEL_SUBNET in tunnelserver
mode.

Also rearranged the function a bit, to match add_subnet_h() (in
particular, syntax-check everything first, see if we've seen this
request before).

And also fix some comments.
2009-05-20 20:16:19 +02:00
Michael Tokarev
218adee785 format 'not supported on this platform' error message
Format it in a similar way in all places, to make translation happier.
No functional changes.
2009-05-18 15:35:52 +02:00