Commit graph

2764 commits

Author SHA1 Message Date
Guus Sliepen
be8e5cbd1c Remove dead stores.
Found by the Clang static analyzer.
2017-04-18 20:07:33 +02:00
Guus Sliepen
70fed5f7ff Add missing tinc stop command to the scripts test. 2017-04-17 16:05:30 +02:00
Guus Sliepen
a144147319 Fix tests on *BSD. 2017-04-17 14:22:39 +02:00
Guus Sliepen
db80dbbac9 Fix segfault when adding environment variables. 2017-04-17 13:53:48 +02:00
Guus Sliepen
1be0c284c7 Fix compiler warnings on *BSD. 2017-04-17 13:07:15 +02:00
Guus Sliepen
2b4c0c6362 Make sure realname is always initialized. 2017-04-17 13:02:39 +02:00
Guus Sliepen
c87a77b5fd Ensure tests compile on *BSD. 2017-04-17 12:50:30 +02:00
Guus Sliepen
95f09569be Use getmsg()/putmsg() instead of read()/write() on Solaris.
This fixes a problem where read() returns packets from the IP layer before
fragmentation is done.

# Conflicts:
#	src/solaris/device.c
2017-04-08 13:34:40 +02:00
Guus Sliepen
6011197be5 Use /dev/udp instead of /dev/ip on Solaris.
# Conflicts:
#	src/solaris/device.c
2017-04-08 13:31:04 +02:00
Guus Sliepen
9a113db0a6 Ensure sptps_keypair and sptps_test get build for make check. 2017-03-29 08:08:56 +02:00
Guus Sliepen
d9a7f2d105 Use 127.0.0.1 instead of localhost to ensure tests are reproducible. 2017-03-29 08:08:19 +02:00
Guus Sliepen
3ab1893a4b Ensure proper logging in the invite-offline test. 2017-03-26 17:54:37 +02:00
Guus Sliepen
0af3dcf7a8 Add the scripts test.
This test whether all the scripts are run with the right information in
the right order.
2017-03-26 17:54:30 +02:00
Guus Sliepen
ebade1e8f8 Update .gitignore. 2017-03-26 16:48:02 +02:00
Guus Sliepen
fd3ec60757 Add the invite-offline test.
This tests generating an invitation on the server while no tinc daemon is
running.
2017-03-26 16:47:54 +02:00
Guus Sliepen
5fcf6e16ac Remove superfluous sleep command in invite-join test. 2017-03-26 16:46:31 +02:00
Guus Sliepen
ccb4fb6f7a Use unique ports for all tests. 2017-03-26 16:46:03 +02:00
Guus Sliepen
add75303e9 Add DEBUG environment variable for scripts.
This contains the current debug level used by tinc. Scripts can use it
to decide whether to log debugging information of their own.

Closes #138 on GitHub.
2017-03-21 21:25:27 +01:00
Guus Sliepen
5cbef90620 Put script environment creation/deletion in functions.
This makes environment handling safer, and also has a single place where
we can add new environment variables that should be present for all
scripts.
2017-03-21 21:25:19 +01:00
Vittorio Gambaletta (VittGam)
3e643d5d7e route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2017-03-20 22:38:59 +01:00
Guus Sliepen
aebaaa8db8 Merge remote-tracking branch 'dechamps/sleep' into 1.1 2017-03-20 22:33:18 +01:00
Guus Sliepen
2c333f0f45 Don't try to use kill() on Windows. 2017-03-20 22:20:25 +01:00
Guus Sliepen
26dc50599d Add missing #defines used by fd_device.c. 2017-03-20 22:15:20 +01:00
Guus Sliepen
3fc678a8df Use free_known_addresses() to free memory allocated by get_known_addresses().
We know what struct addrinfo looks like, but the standard says nothing
about how it is allocated. So we cannot trust freeaddrinfo() to work
correctly on the struct addrinfo list we allocated ourselves in
get_known_addresses(). To make a distinction by allocations from the
latter and from str2addrinfo(), we keep two pointers (*ai and *kai) in
struct outgoing, and use the freeing function that is appropriate for
each.
2017-03-07 19:19:19 +01:00
Roman Savelyev
ef661316f1 Fix lost pointer trails in get_known_addresses(). 2017-03-07 19:07:19 +01:00
Pacien TRAN-GIRARD
7a54fe5e88
Add fd_device 2017-03-01 21:34:37 +01:00
Guus Sliepen
4a45a65fe2 Remove the description of the LocalDiscoveryAddress option from the manual.
This option is no longer implemented.
2017-02-14 20:51:43 +01:00
Guus Sliepen
d3cc96b027 Don't build sptps_* binaries by default. 2017-01-31 12:05:03 +01:00
Guus Sliepen
88d158e15b Fix potential segfault in the replacement vasprintf() function. 2017-01-31 12:03:27 +01:00
Etienne Dechamps
06b8201332 Fix address memory leaks in add_edge_h().
Note that this is not as bad as it looks, because in practice
sockaddrfree() is a no-op for typical address types.
2016-12-18 17:14:17 +00:00
Etienne Dechamps
02093b12b0 Clarify the flow of add_edge_h().
This is an attempt at making the control flow through this function
easier to understand by rearranging branches and cutting back on
indentation levels.

This is a pure refactoring; there is no change in behavior.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
3bf3d7d3e7 Fix edge updates containing local address changes.
This commit fixes a logic bug in the edge update code where local
address changes are not taken into account if they are bundled in with
other changes. This bug breaks local discovery in some scenarios.

The regression was introduced by commit
e4670fc4a0576eb76f1807ce29fa9455dd247632.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
0792a10a5a Fix edge local addresses not being set when connections are established.
This bug prevented nodes from advertising their local addresses, thus
breaking local discovery.

The regression was introduced in
ab13c14a14.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
d21d97eaf5 On Windows, don't cancel I/O when disabling the device.
I have observed cases where disable_device() can get stuck on the
GetOverlappedResult() call, especially when the computer is waking up
from sleep. This is problematic when combined with DeviceStandby=yes:

    other_side (1.2.3.4 port 655) didn't respond to PING in 5 seconds
    Closing connection with other_side (1.2.3.4 port 655)
    Disabling Windows tap device
    <STUCK>

gdb reveals the following stack trace:

    #0  0x77c7dd3c in ?? ()
    #1  0x7482aad0 in KERNELBASE!GetOverlappedResult () from C:\WINDOWS\SysWoW64\KernelBase.dll
    #2  0x0043c343 in disable_device () at mingw/device.c:244
    #3  0x0040fcee in device_disable () at net_setup.c:759
    #4  0x00405bb5 in check_reachability () at graph.c:292
    #5  0x00405be2 in graph () at graph.c:301
    #6  0x004088db in terminate_connection (c=0x4dea5c0, report=true) at net.c:108
    #7  0x00408aed in timeout_handler (data=0x5af0c0 <pingtimer>) at net.c:168
    #8  0x00403af8 in get_time_remaining (diff=0x2a8fd64) at event.c:239
    #9  0x00403b6c in event_loop () at event.c:303
    #10 0x00409904 in main_loop () at net.c:461
    #11 0x00424a95 in main2 (argc=6, argv=0x2b42a60) at tincd.c:489
    #12 0x00424788 in main (argc=6, argv=0x2b42a60) at tincd.c:416

This is with TAP-Win32 9.0.0.9. I suspect driver bugs related to sleep.
In any case, this commit fixes the issue by cancelling I/O only when the
entire tinc process is being gracefully shut down, as opposed to every
time the device is disabled. Thankfully, the driver seems to be
perfectly fine with this code issuing TAP_IOCTL_SET_MEDIA_STATUS ioctls
while there are I/O operations inflight.
2016-12-03 23:25:14 +00:00
Etienne Dechamps
1672dbd66b Fix crash on Windows when a socket is available for both write and read.
Currently, if both write and read events fire at the same time on a
socket, the Windows-specific event loop will call both the write and
read callbacks, in that order. Problem is, the write callback could have
deleted the io handle, which makes the next call to the write callback a
use-after-free typically resulting in a hard crash.

In practice, this issue is triggered quite easily by putting the
computer to sleep, which basically freezes the tinc process. When the
computer wakes up and the process resumes, all TCP connections are
suddenly gone; as a result, the following sequence of events might
appear in the logs:

    Metadata socket read error for node1 (1.2.3.4 port 655): (10054) An existing connection was forcibly closed by the remote host.
    Closing connection with node1 (1.2.3.4 port 655)
    Sending DEL_EDGE to everyone (BROADCAST): 13 4bf6 mynode node1
    Sending 43 bytes of metadata to node2 (5.6.7.8 port 655)
    Could not send 10891 bytes of data to node2 (5.6.7.8 port 655): (10054) An existing connection was forcibly closed by the remote host.a
    Closing connection with node2 (5.6.7.8 port 655)
    <CRASH>

In this example the crash occurs because the socket to node2 was
signaled for reading *in addition* to writing, but since the connection
was terminated, the attempt to call the read callback crashed the
process.

This commit fixes the problem by not even attempting to fire the write
callback when the write event on the socket is signaled - instead, we
just rely on the part of the event loop that simulates level-triggered
write events. Arguably that's even cleaner and faster, because the code
being removed was technically redundant - we have to go through that
write check loop anyway.
2016-12-03 23:21:25 +00:00
Guus Sliepen
979acc48ad Enforce maximum amount of bytes sent/received on meta-connections.
This is 2^{block_length_in_bits / 2 - 1}.
2016-10-30 15:19:12 +01:00
Guus Sliepen
edc1efed3c Use AES256 and SHA256 by default for the legacy protocol.
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
2016-10-30 15:17:52 +01:00
Dennis Lan
fcaf158494 Fix typo in src/upnp.c. 2016-10-12 13:35:39 +02:00
Vittorio G (VittGam)
9cbd3c2b5b tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.
Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2016-10-11 20:30:41 +02:00
Vittorio G (VittGam)
c7c5c74d4a fsck: Fix ed25519 public key reading, and fclose usage.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2016-10-11 13:30:05 +02:00
Guus Sliepen
e6497a23f7 Log warnings about dropped packets only with debug level 5 or higher. 2016-07-26 16:47:45 +02:00
Etienne Dechamps
2784a171ec Fix error handling when setting up the UDP socket.
Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.

The regression was introduced in
6bc5d626a8.
2016-07-14 19:15:35 +01:00
Guus Sliepen
b1c29464b6 Fix compiling with OpenSSL < 1.1.0. 2016-06-24 11:22:24 +02:00
Guus Sliepen
9a9f6fac00 Add missing m4 files.
ax_cflags_warn_all.m4 depends on them.
2016-06-24 11:22:11 +02:00
Guus Sliepen
b9b0defaf4 Fix potential memory leaks found by the Clang static analyzer. 2016-06-23 15:59:43 +02:00
Guus Sliepen
49edf9c53a Fix warnings from the Clang static analyzer.
These are all false positives or harmless dead stores.
2016-06-23 15:59:16 +02:00
Guus Sliepen
e16ab7b899 Force nul-termination of strings after vsnprintf().
Apparently, on Windows this function might not always be properly
terminated.
2016-06-23 15:26:58 +02:00
Guus Sliepen
2de5d866b5 Use EVP_MD_CTX_destroy() instead of _free().
Thanks to azrdev for pointing out the build failure on Fedora 23.
2016-06-22 23:08:30 +02:00
Guus Sliepen
9b148fd844 Check return value of RSA_generate_key_ex(). 2016-06-22 17:42:25 +02:00
Guus Sliepen
172763f4af Add -Wall to CFLAGS. 2016-06-22 17:35:12 +02:00