j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
3082 commits 2 branches 0 tags 10 MiB
Commit graph

3082 commits

This branch
This branch
All branches
Author SHA1 Message Date
Guus Sliepen
edc1efed3c Use AES256 and SHA256 by default for the legacy protocol. 
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
 2016-10-30 15:17:52 +01:00
Dennis Lan
fcaf158494 Fix typo in src/upnp.c. 2016-10-12 13:35:39 +02:00
Vittorio G (VittGam)
9cbd3c2b5b tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified. 
Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
 2016-10-11 20:30:41 +02:00
Vittorio G (VittGam)
c7c5c74d4a fsck: Fix ed25519 public key reading, and fclose usage. 
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
 2016-10-11 13:30:05 +02:00
Guus Sliepen
e6497a23f7 Log warnings about dropped packets only with debug level 5 or higher. 2016-07-26 16:47:45 +02:00
Etienne Dechamps
2784a171ec Fix error handling when setting up the UDP socket. 
Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.

The regression was introduced in
6bc5d626a8.
 2016-07-14 19:15:35 +01:00
Guus Sliepen
b1c29464b6 Fix compiling with OpenSSL < 1.1.0. 2016-06-24 11:22:24 +02:00
Guus Sliepen
9a9f6fac00 Add missing m4 files. 
ax_cflags_warn_all.m4 depends on them.
 2016-06-24 11:22:11 +02:00
Guus Sliepen
b9b0defaf4 Fix potential memory leaks found by the Clang static analyzer. 2016-06-23 15:59:43 +02:00
Guus Sliepen
49edf9c53a Fix warnings from the Clang static analyzer. 
These are all false positives or harmless dead stores.
 2016-06-23 15:59:16 +02:00
Guus Sliepen
e16ab7b899 Force nul-termination of strings after vsnprintf(). 
Apparently, on Windows this function might not always be properly
terminated.
 2016-06-23 15:26:58 +02:00
Guus Sliepen
2de5d866b5 Use EVP_MD_CTX_destroy() instead of _free(). 
Thanks to azrdev for pointing out the build failure on Fedora 23.
 2016-06-22 23:08:30 +02:00
Guus Sliepen
9b148fd844 Check return value of RSA_generate_key_ex(). 2016-06-22 17:42:25 +02:00
Guus Sliepen
172763f4af Add -Wall to CFLAGS. 2016-06-22 17:35:12 +02:00
Guus Sliepen
323c17e232 Ensure compatibility with OpenSSL 1.1.0. 2016-06-22 16:32:05 +02:00
thorkill
6e6bc9f443 Merge remote-tracking branch 'guus/1.1' into thkr-1.1-ponyhof 2016-06-06 22:00:58 +02:00
thorkill
8ac16a5cf2 Merge remote-tracking branch 'guus/1.1' into thkr-1.1-ponyhof 2016-06-05 15:34:46 +02:00
Guus Sliepen
74eb4cc974 Fix the previous commit. 2016-06-05 15:20:57 +02:00
Guus Sliepen
ab13c14a14 Preserve IPv6 scope_id in edges. 
When creating an edge after authenticating a peer, we copy the
address used for the TCP connection, but change the port to that used
for UDP. But the way we did it discarded the scope_id for IPv6
addresses. This prevented UDP communication from working correctly when
connecting to a peer on the same LAN using an IPv6 link-local address.

Thanks to Rafał Leśniak for pointing out this issue.
 2016-06-05 14:47:21 +02:00
thorkill
9a550ff4e3 Remove code commited by mistake 2016-05-30 23:11:50 +02:00
thorkill
6bd518935f Moved SLPD related #define to slpd.h 2016-05-26 16:12:03 +02:00
thorkill
04cac1f462 Typo in tinc.conf 2016-05-25 22:48:03 +02:00
thorkill
fb15bef4c0 Change misleading comment - 1.1 node does have source ID in the packet 2016-05-25 22:47:18 +02:00
thorkill
e51ce69079 Change scope of len 2016-05-25 22:45:07 +02:00
thorkill
9ab8d025ca Initialize struct ip and icmp 2016-05-25 22:44:21 +02:00
thorkill
3b3bdf72d4 Initialize outoging->config_tree 2016-05-25 22:42:48 +02:00
thorkill
dbddbc2dd7 Remove debug 2016-05-25 21:38:03 +02:00
thorkill
37c128580a Remove debug output from try_harder() 2016-05-25 20:29:13 +02:00
thorkill
649b55d988 SLPD refactor - cleanup net.h 2016-05-25 19:27:40 +02:00
thorkill
0fbde0e5a0 Continue SLPD refactor 2016-05-25 19:26:53 +02:00
thorkill
26a7e51cbe Moved SLPD related code to slpd.c 
- Added setup_slpd()
 2016-05-25 19:18:32 +02:00
thorkill
62b63fff8b Do not include rsa.h when DISABLE_LEGACY 2016-05-25 19:13:34 +02:00
thorkill
3327feb025 Refactor of do_outgoing_connection - make it use config_address2addrinfo 
This means: setup_outgoing_connection() has to prepare fake
Address = "ip port" config based on the actuall configuration file

Prefer the addresses discovered via SLDP while making outgoing connections
 2016-05-25 18:30:33 +02:00
thorkill
69bb848f59 Let choose_local_address() prefer addresses discovered via SLPD 2016-05-25 18:25:28 +02:00
thorkill
11b8eb81b9 Refactor of SLPD - moved most of the SLPD related code into slpd.{c,h} 2016-05-25 18:23:42 +02:00
thorkill
299b223bba Added new function config_address2addrinfo 
This function takes an "Address" config string, splits it into
address and port, then calls str2addinfo() on it returning addrinfo.

The aim is to refactor the code an allow simple translation
of addresses listed in configuration or generated on demand
in other places in the code.
 2016-05-25 18:16:45 +02:00
thorkill
deccb83a29 try_harder() in only needed in legacy-protocol 2016-05-24 13:35:30 +02:00
thorkill
b7fe5910d6 Add information about sending address in try_harder() 2016-05-24 13:13:35 +02:00
thorkill
e60657765c Extended man page for tinc.conf to include SLPD 
References: 43ed440176
 2016-05-23 22:54:54 +02:00
thorkill
20df09ef89 Fix compile error 2016-05-23 21:27:53 +02:00
thorkill
06350df9ee Change scope of *closest variable 2016-05-23 21:19:52 +02:00
thorkill
f922b1c1e1 merged with guus/1.1 2016-05-23 21:17:42 +02:00
thorkill
a429889bed Added replaywin into logger 2016-05-23 13:08:31 +02:00
thorkill
6369a4157b Revert the order of seqno check and decryption in sptps_receive_data_datagram 
the late seqno check changes the sequence numbers!
 2016-05-23 12:52:18 +02:00
thorkill
b5593abe05 Extend sptps logging to farfuture and check the seqno before decryption in sptps_receive_data_datagram 2016-05-23 12:38:49 +02:00
thorkill
9c2170ed43 Changed ping_h - assume node is live when it pinged us 
On larger networks with almost the same ping interval
nodes will ping each other at the same time, of course
it doesn't makes much traffic but the main reason why
we have PING/PONG is to check if other side is still
online. So, when we got PING from the other node then
it is alive.
 2016-05-23 09:58:32 +02:00
Sean McVeigh
e47fe48aed fix check in cmd_pid() for failure to connect to tincd 2016-05-21 17:38:14 -04:00
thorkill
0bab833f76 Lower log level for "Ignore multicast" log messages 2016-05-21 23:35:26 +02:00
Sean McVeigh
4314df644e check for daemon pid existence before trying to connect to the control socket, and clean up stale files otherwise. 2016-05-21 17:25:18 -04:00
thorkill
1f34493be4 Changed comment in node.h for SLPD 2016-05-21 22:57:46 +02:00