Guus Sliepen
d1b597758e
Add randomness to PING/PONG packets to prevent crypto attacks on quiet
...
tunnels.
2001-05-24 21:29:09 +00:00
Guus Sliepen
e4f3d93ec6
- s/ip_t/ipv4_t/g
...
- Add "salt" to the beginning of UDP packets. Replaces length field which
is not useful anyway.
2001-05-07 19:08:46 +00:00
Guus Sliepen
a26081467c
Correctly cycle through ConnectTo variables.
2001-05-04 18:45:02 +00:00
Guus Sliepen
156ec67652
Check indirectdata option before forwarding certain requests.
2001-03-13 21:33:31 +00:00
Guus Sliepen
c426e981ee
Ignore alarm signals if we do not need to respond to them.
2001-03-13 21:32:24 +00:00
Guus Sliepen
b413257e10
Fixed bug in setup_signals() that would make tinc die when unexpected
...
signals were caught.
2001-03-13 09:55:14 +00:00
Guus Sliepen
f1a082823c
Fixed a race condition triggered by receive_meta() and the new
...
authentication scheme.
2001-03-12 23:58:19 +00:00
Guus Sliepen
34f9e6cf2d
- route.c is now used to determine destination
...
- flags are removed, since they were not used at all. Use options instead.
- indirectdata works now, tcponly almost...
- made functions that don't return useful information void
2001-03-04 13:59:32 +00:00
Guus Sliepen
d2a54597e0
Added explaination of our key exchange using RSA encryption.
2001-03-02 11:25:56 +00:00
Guus Sliepen
125c497881
Various small fixes.
2001-03-01 21:32:04 +00:00
Guus Sliepen
4fa12eb85d
Removed lots of compiler warnings.
2001-02-27 16:37:31 +00:00
Guus Sliepen
173d606514
- Fixed Interface option (untested)
...
- Removed error handling for non-critical socket options
- Added TCP_NODELAY and IPTOS_LOWDELAY options for meta sockets.
2001-02-27 16:17:04 +00:00
Guus Sliepen
24fa685859
Don't forget to reconnect if outgoing connection fails during
...
authentication.
2001-02-27 15:33:39 +00:00
Guus Sliepen
34b7a876c3
- Make sure METAKEY is smaller than the modulus of the RSA key
...
- Get symmetric key from the least significant bytes of the RSA message
2001-02-26 11:37:20 +00:00
Guus Sliepen
82455be966
Implemented new authentication scheme from doc/SECURITY2.
2001-02-25 19:09:45 +00:00
Guus Sliepen
54881faf6f
Encrypt network packets in CBC mode instead of CFB mode.
...
(This breaks compatibility with all previous versions!)
2001-02-25 16:34:19 +00:00
Guus Sliepen
9de5787574
Copy packets before putting them in the queue.
2001-02-25 16:04:00 +00:00
Guus Sliepen
e250d64300
Add missing \n.
2001-02-25 14:51:42 +00:00
Guus Sliepen
153fc35e57
Corrected check for errors after read() calls.
2001-02-25 11:09:29 +00:00
Ivo Timmermans
cebb6efeb0
More files to ignore in CVS
2001-02-11 11:55:28 +00:00
Guus Sliepen
603781831f
- Updated CVS_CREATED to remove intl/ directory and some other
...
autogenerated files.
- Checked if all INCLUDES/LIBS/etc directives inherit the global variables.
2001-02-11 11:50:09 +00:00
Guus Sliepen
88dfdc9dba
Ignore file for src/
2001-02-11 11:46:14 +00:00
Guus Sliepen
f1cb3d8fa5
Removed another local definition of the variable "errno"
2001-02-06 10:42:27 +00:00
Guus Sliepen
f777c1807d
FreeBSD compile fixes (thanks to XeF4)
2001-02-06 10:12:51 +00:00
Ivo Timmermans
54e19d3466
Fix error reporting of read_config
2001-01-17 01:30:05 +00:00
Guus Sliepen
a56df1e06b
- Allow ASN1 style keys to be in the config files.
...
Note: tinc ignores private key in the main config file, tinc.conf,
because it should really be in a separate file.
- When generating new keys, check if name is known and by default append
the public key to the host configuration file (otherwise rsa_key.pub).
2001-01-13 16:36:23 +00:00
Guus Sliepen
d646f4e094
- Only send out DEL_HOSTs for hosts with a meta connection
2001-01-11 11:19:08 +00:00
Guus Sliepen
c8beaf35ee
- Cleaned up subnet_t
2001-01-08 21:32:30 +00:00
Guus Sliepen
11f3e9d138
- Squashed another nasty bug.
2001-01-08 20:35:30 +00:00
Guus Sliepen
447a43d639
- Added indirectdata and tcponly functionality.
2001-01-07 20:19:35 +00:00
Guus Sliepen
7cd2baedc6
- Fixed IPv6 subnet lookup routine.
2001-01-07 20:19:08 +00:00
Guus Sliepen
d3f889c807
- It's 2001, all copyright notices are updated.
2001-01-07 17:09:07 +00:00
Guus Sliepen
7109526c67
- Added header file for route.c. The routing routines in it are not used
...
yet, but have a look at the source for the ideas behind it.
2001-01-07 15:27:30 +00:00
Guus Sliepen
07a08f5539
- Reinstated a queue for outgoing packets.
2001-01-07 15:25:49 +00:00
Guus Sliepen
f7bb205022
- Check and follow symlinks in is_safe_path
...
- By default write keys to tinc config directory
- Small fix in protocol.c
2001-01-06 18:03:41 +00:00
Guus Sliepen
e924096f62
- Let user choose whether keys are in the config files or separate
...
- Use AVL trees instead of RBL trees
- Fixed a lot of annoying subtle bugs! Thanks to gdb...
2001-01-05 23:53:53 +00:00
Guus Sliepen
e1707f7739
- Don't even think about using sscanf with %as anymore
...
- Allow keys to be inside the config files or in a seperate file
- Small fixes
2000-12-22 21:34:24 +00:00
Ivo Timmermans
ecae72de94
Added lint target, requires lclint.
2000-12-22 17:15:26 +00:00
Ivo Timmermans
e469fca4d7
Re-introduced MyVirtualIP and VpnMask, as dummy options.
2000-12-06 13:33:49 +00:00
Ivo Timmermans
6327f32f43
Tiny bits of code beautifying
2000-12-05 08:59:30 +00:00
Ivo Timmermans
9267bed9f5
Oops. I did some VERY wrong things with readline(). Fixed now.
2000-12-05 08:56:44 +00:00
Ivo Timmermans
bc22ee16e6
Option -d accepts an argument to set the debug level immediately.
2000-12-03 12:23:06 +00:00
Ivo Timmermans
01d23601a2
Sort configuration directives
2000-12-03 12:22:19 +00:00
Ivo Timmermans
52575a573c
Use buffer instead of line in read_config_file(), line may be assigned
...
NULL, so buffer always holds the pointer to the allocated space.
2000-12-01 12:38:42 +00:00
Ivo Timmermans
ab33c1aa60
readline() accepts two extra parameters, buf and buflen, to avoid
...
mallocing and freeing for every line that is read.
2000-12-01 12:36:36 +00:00
Ivo Timmermans
a0f7af3ed7
New function read_rsa_public_key();
...
In net.c/setup_myself deleted old code to read the public key (which
is now implicitly read in together with the private key).
2000-11-30 23:18:21 +00:00
Ivo Timmermans
28deaeac14
Avoid printing duplicate messages from read_rsa_keys
2000-11-30 22:48:48 +00:00
Ivo Timmermans
2293304748
Better error checking when reading the RSA private key.
2000-11-30 22:33:16 +00:00
Ivo Timmermans
bf4e969899
In readline(): initialise the line to zero length;
...
In read_config_file(): Test for EOF, and print the variable name that
caused an error.
2000-11-30 22:32:14 +00:00
Ivo Timmermans
113198d9c0
The file is safe if it doesn't exist.
2000-11-30 21:11:03 +00:00
Ivo Timmermans
09260b43d1
Read the PEM file pointed to by the configuration directive
...
PrivateKey. This means thatt he meaning of this variable has changed,
it no longer should contain the private key directly.
WARNING: This code is untested.
2000-11-30 20:08:41 +00:00
Ivo Timmermans
8ccb1ede92
Implemented is_safe_path, and extended ask_and_safe_open.
...
is_safe_path needs more work before it is useable.
2000-11-30 00:24:13 +00:00
Ivo Timmermans
d36da1948a
Also free the pointer returned by readline().
2000-11-29 14:30:07 +00:00
Ivo Timmermans
9e55426d72
Use readline() in read_config_file() instead of fgets.
2000-11-29 14:27:24 +00:00
Ivo Timmermans
54ef13bf75
Implemented a readline() function that will read an entire line into a
...
dynamically allocated buffer;
Ask for a file name in ask_and_safe_open().
2000-11-29 14:24:40 +00:00
Ivo Timmermans
3ff76eb10a
Save RSA public and private keys to a separate file, instead of
...
wanting to copy them into a configuration file.
2000-11-28 23:12:57 +00:00
Ivo Timmermans
4c502b005b
Use sigaction to set signal handlers, the previous commit (1.1.2.16)
...
already contained a large portion of what should have gone in this
one.
2000-11-28 08:59:27 +00:00
Ivo Timmermans
67a4abda70
Give an error message if daemon() failed.
2000-11-26 22:42:34 +00:00
Guus Sliepen
1eedf54681
- Use only one socket for all UDP traffic (for compatibility)
...
- Write pidfile again after detaching
- Check OS (for handling FreeBSD/Solaris tun/tap stuff)
2000-11-25 13:33:33 +00:00
Guus Sliepen
cf49b2c064
Another big & bad commit:
...
- Added some extra search functions to rbl routines
- Fix subnet_lookup()
- Reorder some syslog messages to make more sense
- daemon() is back
- Don't let scripts execute in parallel (gives race conditions, and
anyway something MIGHT just be configured which is necessary for further
execution of tinc itself)
- Accidently merged check_child() with execute_script().
- Small fixes
2000-11-24 23:13:07 +00:00
Ivo Timmermans
b0ff879e7c
Do not use the C library's daemon() call.
2000-11-24 12:44:39 +00:00
Guus Sliepen
dac256505e
- Fixed all (except 2) compiler warnings gcc -Wall gave.
2000-11-22 22:18:03 +00:00
Guus Sliepen
6f373e6902
- More porting to FreeBSD and Solaris.
2000-11-22 22:05:37 +00:00
Guus Sliepen
5971e352da
- Work with the correct key buffer in ans_key_h
2000-11-22 20:25:27 +00:00
Guus Sliepen
a07602c4fd
- No more %as.
2000-11-22 19:55:53 +00:00
Guus Sliepen
394ed3fb17
- Write pidfile AFTER detaching...
...
- Minor cleanups
2000-11-22 19:14:09 +00:00
Guus Sliepen
f8b4a000d0
- Cleaned up and checked for some more NULL pointers in rbl.c
...
- Two connection lists: one for incoming connections, sorted on ip/port,
one for connections whose identity we know, sorted on id ofcourse...
2000-11-22 18:54:08 +00:00
Ivo Timmermans
785684f0ec
Declare fd.
2000-11-22 17:49:16 +00:00
Ivo Timmermans
e42255ae13
Add more checks to ensure that filedescriptors are right in
...
_execute_script().
2000-11-22 17:48:15 +00:00
Ivo Timmermans
2ed6813404
Honor the --localstatedir option to configure, instead of hardcoded /var.
2000-11-22 16:19:07 +00:00
Guus Sliepen
da9a1e8084
- More fixes.
2000-11-20 23:29:47 +00:00
Guus Sliepen
3a6200c1e3
- Various small fixes.
2000-11-20 22:13:14 +00:00
Guus Sliepen
1857b3c97c
- Proper initialization of rbltree structures.
2000-11-20 19:41:13 +00:00
Guus Sliepen
408ca91766
- Integrate rbl trees into tinc.
2000-11-20 19:12:17 +00:00
Ivo Timmermans
9024e01ce6
Also include process.h
2000-11-20 18:06:17 +00:00
Guus Sliepen
7fcc0c6415
- Removed stray @INCLUDE@ (how did that get there?)
...
- Use 0 instead of FALSE
2000-11-17 10:03:02 +00:00
Guus Sliepen
44cbd13e52
- Simplified do_detach
2000-11-17 00:56:49 +00:00
Ivo Timmermans
5d1145f2c4
Move more functions from tincd.c into process.c.
2000-11-16 22:12:23 +00:00
Ivo Timmermans
485f7a5043
Delete struct ifr
2000-11-16 22:11:40 +00:00
Ivo Timmermans
2764532ea7
Move all process-related functions into process.c.
2000-11-16 17:54:29 +00:00
Ivo Timmermans
7f87c3d913
Keep a list of running children, and in each loop in main_loop(),
...
check if one has exited.
2000-11-15 22:07:36 +00:00
Guus Sliepen
e118ba0a64
Porting to FreeBSD:
...
- Reorganized and added some #includes
2000-11-15 13:33:27 +00:00
Ivo Timmermans
596e248bc5
Let the output from an executed script in execute_script() go to
...
syslog, with proper error detection.
2000-11-15 01:28:21 +00:00
Ivo Timmermans
bb2495e569
Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during
...
configure.
2000-11-15 01:06:13 +00:00
Ivo Timmermans
5b74909ea0
Add prototype for destroy_queue
2000-11-09 21:33:18 +00:00
Guus Sliepen
16847ea255
- Make checkpoint tracing a compile time option (off by default)
2000-11-08 20:52:37 +00:00
Guus Sliepen
5055e1dedc
- Applied Jamie Brigg's patch (close sockets after error)
2000-11-08 17:56:34 +00:00
Guus Sliepen
74326df7ad
- Fixed --config
...
- Show warning when both netname and config directory are given.
2000-11-08 00:20:06 +00:00
Guus Sliepen
f8f1007bf4
Porting to SunOS 5.8:
...
- More #includes Linux doesn't seem to need
- Don't do unsetenv() on SunOS
- Use a replacement asprintf() in case the OS doesn't support it
It now compiles properly under SunOS.
2000-11-08 00:10:50 +00:00
Guus Sliepen
7d0f82bd4b
- Open UDP connection for all known hosts. Comments please.
2000-11-07 22:02:14 +00:00
Guus Sliepen
f95cc86d0c
Changed execution of tinc-up:
...
- Do not free() strings that have been putenv()d, see man page of the
latter.
- Do not set IFNAME anymore, it appears that the ioctl to get the name of
the interface does not work at all. Since it is set to NETNAME in case
of tun/tap and it is known beforehand in case of ethertap, there is no
need for it anyway... (though it would've simplified things).
2000-11-07 21:43:28 +00:00
Guus Sliepen
698191fd2f
- Prepended config_ to all configuration option names, because it confused
...
everything (including myself).
- Use connection oriented UDP sockets for both incoming and outgoing
packets.
2000-11-04 22:57:33 +00:00
Guus Sliepen
afc0579707
- Simplified ping mechanism.
2000-11-04 20:44:28 +00:00
Guus Sliepen
5019dd8791
- Check for packets that are looping back.
2000-11-04 17:09:10 +00:00
Guus Sliepen
ac47586552
- Forward keys in hex notation, not as binary data.
2000-11-04 16:54:21 +00:00
Guus Sliepen
3f8f067e8b
- Don't forget to set packet cipher for added hosts.
2000-11-04 16:39:19 +00:00
Guus Sliepen
433858d410
- connlist.c added to translation
2000-11-04 15:34:07 +00:00
Ivo Timmermans
15246df85d
In execute_script:
...
- add an environment variable NETNAME.
- chdir to the configuration directory before execing the script.
2000-11-04 15:32:05 +00:00
Guus Sliepen
3d7189a444
- Resolve scriptname after fork()
2000-11-04 14:52:40 +00:00
Ivo Timmermans
d38772ebc4
Use putenv() instead of clumsy do-it-yourself in execute_script.
2000-11-04 14:16:46 +00:00
Ivo Timmermans
f83803c1bf
Small change to the way the environment is copied.
2000-11-04 13:25:15 +00:00
Guus Sliepen
ed0bf283e3
- Removed even more warnings.
2000-11-04 11:49:58 +00:00
Guus Sliepen
dc699f8b12
- Removed unused MAC strip/add functions.
2000-11-04 10:37:27 +00:00
Ivo Timmermans
5065ea32c3
Warnings removal pass: always include config.h first; add a few
...
prototypes in the header files.
This also fixes a few lint errors/warnings.
2000-11-03 22:35:12 +00:00
Ivo Timmermans
73aa7fbf7e
Run the scripts tinc-up and tinc-down from a separate function, which
...
sets the environment as it should be and checks for errors.
2000-11-03 22:33:16 +00:00
Ivo Timmermans
4ad1e382d6
Save the environment on startup.
2000-11-03 22:31:55 +00:00
Ivo Timmermans
013fcb0e9f
Changed a few messages wrt. system calls; updated and changed the Dutch translation a bit.
2000-11-02 22:05:36 +00:00
Ivo Timmermans
cadf81fe67
Do not include $(top_srcdir)/cipher, it does no longer exist.
2000-11-02 21:26:51 +00:00
Guus Sliepen
b4c1d4e2d3
- Fixed some spelling mistakes and terminology here and there.
2000-10-30 10:19:06 +00:00
Guus Sliepen
4811afa073
- Small cleanups
...
- Updated dutch translation
- Updated man pages
2000-10-30 00:22:54 +00:00
Guus Sliepen
b7d4d4c177
- Finishing touch: encrypt the meta connections
2000-10-29 22:55:15 +00:00
Guus Sliepen
ec12269355
- Use CFB mode for encrypting packets: it works and we don't need padding.
2000-10-29 22:10:44 +00:00
Guus Sliepen
cea3d8f305
- Small fixes
...
- Do proper key exchange
- Encrypt packets - it works, but there is something wrong with the MAC
header after decryption...
2000-10-29 10:39:08 +00:00
Guus Sliepen
8fa9bc017d
- Removed old encr stuff
2000-10-29 09:19:27 +00:00
Guus Sliepen
a26d371d0d
- Updated dutch translation.
...
- Shutdown properly.
2000-10-29 02:07:41 +00:00
Guus Sliepen
e8391bd499
- Moved connlist stuff to the proper header file.
2000-10-29 01:27:23 +00:00
Guus Sliepen
2689690dc3
- Enforce correct order of authentication requests
2000-10-29 01:08:09 +00:00
Guus Sliepen
3b9802a542
- Hit people who can't figure out subnet address/mask pairs with a
...
(clue)bat.
2000-10-29 00:46:43 +00:00
Guus Sliepen
7398002ade
- Fixed ans_key_h
...
- Removed tapsubnet configuration option.
2000-10-29 00:24:31 +00:00
Guus Sliepen
35932fe6c8
- Very big cleanup.
2000-10-29 00:02:20 +00:00
Guus Sliepen
db21f01516
- Override destination ethernet address on incoming packets with
...
FE:FD:00:00:00:00
2000-10-28 21:52:22 +00:00
Guus Sliepen
8738c007b1
- Fixed offsets when reading/writing from/to tap device
2000-10-28 21:25:21 +00:00
Guus Sliepen
f25868fd2b
- Lots of small fixes
...
- Exchange subnets on acknowledgement of connection
- Do proper lookup when incoming packets from tap
- off-by-a small number-error when reading/sending tap packets
2000-10-28 21:05:20 +00:00
Guus Sliepen
d47d5932a3
- Updated subnet list handling. Subnets are added to two lists now, the
...
owner's list and a global list. It is all fucked up but it probably
works anyway, good enough for pre3 :).
2000-10-28 16:41:40 +00:00
Guus Sliepen
9c2f805255
- Lots of little stuff modified
...
- Succesfully reads in subnets from host config file now and adds them to
the list.
2000-10-24 15:46:18 +00:00
Guus Sliepen
c46e84837d
- route.c will contain the routing logic.
2000-10-23 13:52:54 +00:00
Ivo Timmermans
76d794eaf7
read_server_config: Check for result of read_config_file.
2000-10-22 13:47:41 +00:00
Ivo Timmermans
56d8e86240
Include linux/sockios.h and net/if.h anyway, regardless of the value of HAVE_TUNTAP.
2000-10-22 13:37:15 +00:00
Guus Sliepen
52b842f807
- Fixed all debug levels.
...
- Seed PRNG before generating a challenge
- Strange thing in challenge decryption: it fails if first bit is set!?
2000-10-21 11:52:08 +00:00
Guus Sliepen
73f7efddd7
- Removed last reference to genauth from Makefile.am
...
- Tinc spawns tinc-up and tinc-down scripts which can be used to configure
the network device. The environment variable IFNAME is set to the name
of the interface.
2000-10-20 19:46:58 +00:00
Guus Sliepen
fba19c30c9
- Made Makefile.am stub for doc/es/
...
- Merged genauth into tincd
- Updated dutch translation
2000-10-20 16:49:20 +00:00
Guus Sliepen
9f64499e40
- tinc now really does public/private key encryption! It even works, whee!
2000-10-20 15:34:38 +00:00
Guus Sliepen
d5fd1344e6
- Seed the PRNG using /dev/random before generating the keys.
2000-10-19 14:42:00 +00:00
Guus Sliepen
20301888b7
- More fixing. Tinc daemons can now even create activated connections.
2000-10-16 19:04:47 +00:00
Guus Sliepen
bb3d18d56f
- Fixing little things
...
- Two tinc daemons can connect to eachother now (but they disconnect right
after the ACKs).
2000-10-16 16:33:30 +00:00
Guus Sliepen
baeac83bf4
Corrected #ifdefs for tun/tap support.
2000-10-15 20:30:39 +00:00
Ivo Timmermans
e5130495d7
Wrap the tun/tap code in #ifdef HAVE_TUNTAP
2000-10-15 19:53:15 +00:00
Guus Sliepen
85adeef212
- The daemon actually runs now (somewhat)
...
- Added support for tun/tap driver (autodetect!)
- More sophisticated checkpoint functionality
- Updated dutch translation
2000-10-15 00:59:37 +00:00
Guus Sliepen
e9635ae38e
- Second fixing-things pass: it even links now.
...
- Lots of FIXME comments added to the source code.
2000-10-14 17:04:16 +00:00
Guus Sliepen
183a8edd22
- Fixing-things pass: every source file compiles into an object file now,
...
but linking tincd does not work yet (must link with openssl libs and
define some missing functions).
2000-10-11 22:01:02 +00:00
Guus Sliepen
6e39481d8f
- Generalized config file parsing to support multiple configuration trees.
2000-10-11 13:42:52 +00:00
Guus Sliepen
451e9e3e7a
- Changed genauth to produce rsa keypairs instead of random passphrases.
2000-10-11 12:07:27 +00:00
Guus Sliepen
950fb8e916
Big and bad commit of my current tree...
...
- Added seperate file for connection list handling
- Updating everything to use connlist, meta and subnet files
- Removed dependency on libgmp
- Lots of other stuff...
2000-10-11 10:35:17 +00:00
Guus Sliepen
2228b16159
- Added subnet handling code
...
- Other small changes to header files
2000-10-01 03:21:49 +00:00
Guus Sliepen
c78a204f06
- Added meta.c which contains functions to send, receive and broadcast
...
metadata. It will also handle encryption and decryption, and possibly
compression and checksumming.
- Moved request dispatcher to protocol.c.
2000-09-26 14:06:11 +00:00
Guus Sliepen
361690b18c
- Removed options "string" stuff. It was a bad idea...
...
- free() everything that is allocated.
2000-09-22 16:20:07 +00:00
Guus Sliepen
5afc1e98f4
- Severe code reduction and simplification of challenge requests
...
- "Finished" [add|del]_subnet_h
- Added lots of sanity checks to [add|del]_host_h
2000-09-22 15:06:28 +00:00
Guus Sliepen
5d0b3516d5
- Updated authentication scheme.
...
- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
2000-09-17 21:42:05 +00:00
Ivo Timmermans
7f3ab38c22
Second round of fixes
2000-09-15 12:58:40 +00:00
Ivo Timmermans
ed397b6ac6
First round of needed fixes after the overhaul
2000-09-14 21:51:21 +00:00
Ivo Timmermans
296171d115
New directive: Name.
2000-09-14 14:34:38 +00:00
Ivo Timmermans
d335c6d0d7
Added some structures and types that are needed for the overhaul.
2000-09-14 14:32:34 +00:00
Guus Sliepen
c04c84c980
- Lots of small changes.
2000-09-14 11:54:51 +00:00
Guus Sliepen
9c75350ac6
- Fixed modulo in keylength check
...
- Updated header file to reflect new protocol code
2000-09-11 10:05:35 +00:00
Guus Sliepen
76b5f255c6
- Some key exchange stuff. (Last commit before going to bed.)
2000-09-10 23:11:37 +00:00
Guus Sliepen
675ed08a71
- Lots of functions added for the new protocol.
2000-09-10 22:49:46 +00:00
Ivo Timmermans
9926dae464
Add Guus' name and shift out old protocol requests
2000-09-10 21:57:11 +00:00
Guus Sliepen
6b9ec9ed1e
- Added more function skeletons for the new protocol.
2000-09-10 16:15:35 +00:00
Guus Sliepen
28cc301595
- New protocol. Will break everything else for now.
2000-09-10 15:18:03 +00:00
Guus Sliepen
4dde583bc9
- Use strerror() instead of sys_errlist[] for increased portability
...
(Needed for SunOS)
2000-09-06 11:49:05 +00:00
Guus Sliepen
5c78e158d4
Commented on some size calculations.
2000-08-18 11:17:09 +00:00
Guus Sliepen
3831f51a53
Fixed all sprintf() spl01ts.
2000-08-17 16:51:08 +00:00
Guus Sliepen
9acd4379f7
- Added two extra configuration options, Interface and InterfaceIP, to
...
bind the listen socket to a network device or a specific IP.
2000-08-09 14:02:16 +00:00
Guus Sliepen
f6d79366b3
- Reinstated O_NONBLOCK for meta socket
...
- Set SO_KEEPALIVE on meta socket
2000-08-09 09:34:21 +00:00
Guus Sliepen
3cfc9424f2
- Moved TCP packet reception to meta handler: less kludgy and less buggy!
2000-08-08 17:07:48 +00:00
Guus Sliepen
e092d15be1
- Added date/time of build and protocol number to --version output.
2000-08-08 14:54:57 +00:00
Guus Sliepen
ff87f385c3
Removed calling add_queue for tcponly packets.
2000-08-08 13:47:57 +00:00
Guus Sliepen
ac73c72488
Fixed PACKET read loop.
2000-08-08 08:48:50 +00:00
Guus Sliepen
b6997b0050
- Lots o' buglets fixed (-Wall helps)
...
- Made TCPonly work :)
2000-08-07 16:27:29 +00:00
Guus Sliepen
fdc6a2f106
- Added experimental hackish tunneling-over-TCP support.
...
Just use TCPonly = true in the configuration file.
2000-08-07 14:52:16 +00:00
Guus Sliepen
42455e97a0
- Fixed typo.
2000-07-02 13:40:57 +00:00
Guus Sliepen
b1ecbf9777
- Delayed address resolving for ConnectTo lines in configuration file to
...
allow DynDNS to work without restarting tincd.
2000-07-02 13:36:18 +00:00
Guus Sliepen
1b28f88808
- Removed a single unused bit from status_bits_t.
2000-07-01 07:49:21 +00:00
Guus Sliepen
1a1ebefd57
- Made tinc even more silent if no -d flag is given at all.
2000-06-30 21:03:51 +00:00
Guus Sliepen
c5737583c8
- Instead of logging an error when remote end closes the connection,
...
we print a nice message if appropiate debug level is set.
- If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists
are really messed up. We restart, and hope our problems go away.
2000-06-30 12:41:06 +00:00
Guus Sliepen
24874d0806
- Removed segfault bug in conf.c (must have been there for ages!)
...
- Made main_loop() signal proof
- #defined MAXTIMEOUT (15 minutes)
- If something really really bad happens, close all connections, wait
for MAXTIMEOUT seconds, and then restart tinc
2000-06-30 11:45:16 +00:00
Guus Sliepen
0f9ad1f047
- Fixed memory leak.
...
- Implemented SIGHUP configuration file reloading.
- Other small changes.
2000-06-29 19:47:04 +00:00
Guus Sliepen
18c85caac3
- New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
...
improve connection list consistency, ensures the tree property, and
allows for recovery from situations where track of connections is lost.
2000-06-29 17:09:08 +00:00
Guus Sliepen
e8e7379311
- Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
...
connection now has two hostnames: real_hostname (replacing the old),
and vpn_hostname. In those places where hostnames really aren't usefull
IP_ADDR_S has been replaced by %d.%d.%d.%d.
2000-06-29 13:04:15 +00:00
Guus Sliepen
3df9b89204
- Added log message when SIGCHLD is received ("thanks" to Ivo van Dong)
2000-06-28 14:34:40 +00:00
Guus Sliepen
8c6c60adf3
- Fixed a message in nl.po
...
- Woops, we forgot to send our connection list to our uplink when we
connect to it... Fixed.
2000-06-28 13:41:02 +00:00
Guus Sliepen
ea40d3f1a0
- Fixed some spelling errors.
...
- Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de
tijd gebracht.
2000-06-28 11:38:01 +00:00
Guus Sliepen
dba2995db7
- Extra check op EINTR bij inlezen requests
2000-06-28 10:11:10 +00:00
Guus Sliepen
4ee53e7dac
- Fixes a silly little insignificant buglet.
2000-06-27 21:05:07 +00:00
Guus Sliepen
070ad08118
- Purge old connections that are ADD_HOSTed.
2000-06-27 20:55:12 +00:00
Guus Sliepen
4aeaea5e59
- Improved handling of errors on connection attempts.
2000-06-27 20:10:48 +00:00
Guus Sliepen
45a28b1e89
- Fixed indirectdata=no problem
...
- Added support for multiple ConnectTo lines in tinc.conf.
2000-06-27 15:08:58 +00:00
Guus Sliepen
4faed1b854
- Fixed KEY_CHANGED notification. A lot of notify_others() calls were
...
wrong (first two arguments swapped). Should probably be doublechecked.
- Don't retry to connect to hosts with different protocol versions.
2000-06-27 12:58:04 +00:00
Guus Sliepen
04cb206298
- Moved all connection messages to debug level 1, without -d's only the
...
startup message will be logged.
- Fixed DEL_HOST rebound.
2000-06-26 20:30:21 +00:00
Guus Sliepen
783c829861
- Indirectdata finally REALLY REALLY works now!
...
- More precise debug messages
2000-06-26 19:39:34 +00:00
Guus Sliepen
b3681ebf6c
Fixes some hostlookups. Fixes indirectdata for real now (hopefully).
2000-06-26 17:20:58 +00:00
Guus Sliepen
a473ece8a0
- More verbose connection list
...
- Added "myself" as hostname when logging indirect ADD_HOSTs
2000-06-25 16:39:17 +00:00
Guus Sliepen
f1f901112e
Hostlookup() is actually being called now.
2000-06-25 16:20:27 +00:00
Guus Sliepen
54079bdf03
Hostnames are back!
2000-06-25 16:01:12 +00:00
Guus Sliepen
e4b586ed07
- Log possible spoofing attacks.
...
- Don't broadcast DEL_HOSTs for hosts that haven't been activated yet.
- If a host sends a TERMREQ, deactivate them.
2000-06-25 15:45:09 +00:00
Guus Sliepen
7648bc6065
Added CVS Id tags to header files.
2000-06-25 15:22:16 +00:00
Guus Sliepen
7f7e158aae
Large cleanup:
...
- Removed hostname lookup (it blocks, and you can always do it yourself)
- Reorganized debug levels (after hints from Axel M�ller):
0 Startup message and errors
1 Connection logging
2 Meta protocol information
3 Verbose meta protocol (includes copy of transmitted requests)
4 Packet information (logs transmission/errors of UDP packets)
5 Verbose packet information (every single byte, not implemented yet
to protect ourselves from filling up /var/log directories)
- Made log messages more consistent
2000-06-25 15:16:12 +00:00
Guus Sliepen
3c54a513b0
If we have "indirectdata" flag set, we only send data to our uplink.
2000-06-24 12:35:42 +00:00
Guus Sliepen
d8e2f7104c
First step for implementation of the "indirectdata" directive. This should
...
allow _leaf_ tincds to be behind firewalls.
The protocol has changed and is INCOMPATIBLE with previous versions. The
PROT_CURRENT value has been incremented.
2000-06-23 19:27:03 +00:00
Ivo Timmermans
33c3a25a66
Configuration directive `IndirectData'.
2000-06-17 20:55:54 +00:00
Ivo Timmermans
ef294a6967
Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries.
2000-06-06 10:24:33 +00:00
Ivo Timmermans
77be52422d
Miscellaneous copyright updates.
2000-05-31 18:23:06 +00:00
Ivo Timmermans
8cb4bb619d
Handle locale settings.
2000-05-31 18:21:27 +00:00
Ivo Timmermans
17fa07510a
Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients.
2000-05-30 21:36:16 +00:00
Ivo Timmermans
e7f22d2f5f
In terminate_connection, only send a notification to hosts that are directly connected to us. (DEL_HOST gets forwarded automatically.)
2000-05-30 12:38:15 +00:00
Ivo Timmermans
2fdda8e4fa
When a connection is terminated, all hosts that are still connected get notified of the lost connections.
2000-05-30 12:31:41 +00:00
Ivo Timmermans
f826301889
Added new configuration directive `Hostnames', which controls the resolving of IP addresses to hostnames.
2000-05-30 11:18:12 +00:00
Guus Sliepen
a7ad161d2b
Only activate a connection upon receiving it's public key if it's an
...
incoming connection. When it's outgoing, we need to receive an ack first.
2000-05-29 23:40:05 +00:00
Ivo Timmermans
a822c7466a
Bounds check for request id (between 0 and 255).
2000-05-29 22:20:04 +00:00
Ivo Timmermans
386a62ff57
Define LOCALEDIR in CFLAGS.
2000-05-29 21:40:51 +00:00
Ivo Timmermans
9fd02ffcb0
Internationalization of tinc.
2000-05-29 21:01:26 +00:00
Guus Sliepen
61e71ab74a
Terminate a connection on any error. Furthermore, disallow del_host,
...
add_host and other important requests until remote host has properly
authenticated itself.
2000-05-27 20:23:01 +00:00
Guus Sliepen
cc01b18bc6
Made tinc persistent. If no outgoing connection can be established right
...
after the start of the daemon, it won't quit anymore but will retry in 5
minutes. Also, 5 minutes is now the maximum time to wait for a retry.
2000-05-27 19:44:04 +00:00
Guus Sliepen
028659bfbf
Fixed typos. When terminating a connection, it's status is not only set to
...
remove=1 but also active=0.
2000-05-27 19:23:20 +00:00
Guus Sliepen
e4ff969a98
Fix for a DoS attack:
...
A remote user could telnet to the tinc daemon and type only this line:
61 6 00000000/00000000:28f
This would deny any packets to be sent to other tinc networks (except
for to the hosts that run tincd's themselves). Solution is to skip
hosts in lookup_conn() that have not been activated yet.
Fixed potential conn_list table corruption:
If a new connection is accepted but a connection with the same subnet
would already exist in the connection list, the OLD connection is
terminated.
2000-05-27 19:04:12 +00:00
Guus Sliepen
85963f4c85
Stub for VpnMask config directive.
2000-05-16 13:09:15 +00:00
Ivo Timmermans
7e817fcf0f
Unlimited length in the config file, thanks to Cris van Pelt.
2000-05-15 18:28:45 +00:00
Ivo Timmermans
803f908078
Give IP address instead of hex number when connecting tcp socket failed.
2000-05-14 21:07:16 +00:00
Ivo Timmermans
de09916ead
Only print an error with send_termreq if debug_lvl is 2 or more.
2000-05-14 13:50:10 +00:00
Guus Sliepen
9d023b1f2e
Fixed typos.
2000-05-14 13:06:52 +00:00
Guus Sliepen
e20e143f1e
Changed ping behaviour (backwards compatible). If we don't have any data
...
to send, we don't need to check if the connection is still alive.
Furthermore, if we receive any kind of data from the other end, we know
it's alive, so we don't need to check it either. So, PING requests are
only sent if we send packets but there is no response.
2000-05-14 13:02:20 +00:00
Guus Sliepen
ee96ccabbb
Cleanups.
2000-05-14 12:22:42 +00:00
Guus Sliepen
8caa1b9d75
Proxymode removed.
2000-05-14 11:39:18 +00:00
Guus Sliepen
d0ba34ccae
Added new config variable "ProxyMode". If enabled, all outgoing packets
...
are sent to the uplink (ConnectTo), which will have to forward them for
us (kernel should do that). This is for people behind firewalls.
2000-05-08 18:44:15 +00:00
Ivo Timmermans
74b0cbecce
Include sys/types.h.
2000-05-04 23:17:02 +00:00
Ivo Timmermans
2f7e532d70
Don't link in libdl.
2000-05-04 23:16:43 +00:00
Guus Sliepen
a083b1cf30
Squashed gcc warning.
2000-05-03 18:02:15 +00:00
Guus Sliepen
7853247523
Fixes typo and UDP network byte order.
2000-05-03 17:59:07 +00:00
Guus Sliepen
505b5ec2cd
Outgoing packets now use network byte order in header.
2000-05-03 15:37:32 +00:00
Guus Sliepen
89610e3fba
Replaced sprintf() by safer snprintf(), removed possible buffer overflow
...
by one byte.
2000-05-02 10:16:50 +00:00
Guus Sliepen
aeccaca829
Previous fix fixed. Meta protocol should be really flawless from now on!
2000-05-02 09:55:34 +00:00
Guus Sliepen
989d7edc07
Fixed small mistake that would prevent forwarding requests.
2000-05-02 09:10:33 +00:00
Ivo Timmermans
a9247e6f2c
Fixed meta protocol.
2000-05-01 21:31:59 +00:00
Guus Sliepen
ca6abd41ea
Meta protocol overhaul. Tinc is now incompatible with previous versions,
...
furthermore this version does NOT work yet because of a problem with
sending keys (these should be converted to base36 or something like that).
It is possible to telnet to the tinc daemon now and type some commands
by hand though :).
2000-05-01 18:07:12 +00:00
Ivo Timmermans
33cfdf43f4
Key forwarding, write one byte extra.
2000-04-30 20:48:48 +00:00
Ivo Timmermans
75d351eaf1
Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility.
2000-04-30 19:49:49 +00:00
Ivo Timmermans
b4290c3f43
Send one less byte from an ANS_KEY request.
2000-04-30 19:03:00 +00:00
Ivo Timmermans
d878230ebe
Read one less byte from an ANS_KEY request.
2000-04-30 18:57:16 +00:00
Ivo Timmermans
789a4c4f40
Removed debug messages.
2000-04-30 16:34:31 +00:00
Ivo Timmermans
eb1c9814e6
Read public keys the right way (tm).
2000-04-30 16:31:23 +00:00
Ivo Timmermans
ca73b722cb
New way of handling the meta protocol.
2000-04-30 16:11:05 +00:00
Ivo Timmermans
cd12345032
Replaced check for status.active by status.dataopen in check_network_activity.
2000-04-30 13:23:53 +00:00
Ivo Timmermans
4b076ee87f
Initially, the vpn_mask of a connection is 255.255.255.255 to avoid confusion with lookup_conn.
2000-04-30 01:16:51 +00:00
Ivo Timmermans
1c007c0627
Got rid of the nasty hacks... and replaced it by another one.
2000-04-30 01:15:47 +00:00
Ivo Timmermans
c027459914
Filled up the protocol structs with unused bytes.
2000-04-29 20:39:36 +00:00
Guus Sliepen
2371551014
Oops! Reference to write_n() removed and changed into neat write() call.
2000-04-28 11:33:25 +00:00
Guus Sliepen
bb8fff92e1
Removed write_n() function.
2000-04-27 20:57:18 +00:00
Ivo Timmermans
4fec0cc457
Default config file name is tinc.conf, and pidfile is tinc.pid.
2000-04-27 13:47:51 +00:00
Guus Sliepen
44f9449888
Cleanups:
...
- Changed recv/send calls into read/write calls for streams
- Made all sizeof() functions use a variable name instead of type
2000-04-26 17:42:55 +00:00
Guus Sliepen
8efe4874da
Converted every &variable[0] to variable.
2000-04-25 22:15:28 +00:00
Ivo Timmermans
643d8712eb
Debug level tweaking.
2000-04-25 22:00:49 +00:00
Guus Sliepen
468f1d2efc
When trying to talk to a host that is in the netmask of a tinc server but
...
not the tinc server itself, and no keys have been exchanged yet, the key
request would be directed to the host instead of the server. Fixed.
2000-04-25 20:50:59 +00:00
Guus Sliepen
dad90e82d3
Fixed typo and removed some unnecessary variables.
2000-04-25 20:17:44 +00:00
Guus Sliepen
5b72422857
Packet queues fixed. They caused the trouble when resending keys.
2000-04-25 20:10:37 +00:00
Guus Sliepen
3a33568652
Added checkpoints to beginning and ending of every function.
2000-04-25 18:57:23 +00:00
Ivo Timmermans
e1e590fe9a
Propagate CFLAGS from configure to gcc.
2000-04-25 15:08:10 +00:00
Guus Sliepen
16d581be68
Bug found! Wrong pointer was used for handling multiple ADD_HOST requests
...
at once. (See line 606.)
2000-04-24 09:39:50 +00:00
Guus Sliepen
f6802d349d
Added extra checks for desynchronized connection lists. Hopefully this will
...
fix those strange segmentation faults.
2000-04-24 08:32:57 +00:00
Ivo Timmermans
0b02ebc4d9
Address for bugreports changed to tinc@nl.linux.org.
2000-04-18 16:04:10 +00:00
Ivo Timmermans
93287d2b2c
Default passphrase length of 1024, added -h/--help options.
2000-04-17 17:04:33 +00:00
Ivo Timmermans
9c2ac77594
Check if stdout is a terminal, if so, print a verbose message.
2000-04-17 16:59:42 +00:00
Ivo Timmermans
c924689690
Check for an illegal length of passphrase in read_passphrase().
2000-04-17 16:52:58 +00:00
Ivo Timmermans
baebae2749
Pass the requested size from xmalloc() and xrealloc() on to xalloc_fail_func()
2000-04-17 16:23:29 +00:00
Ivo Timmermans
210a92cae9
Only one round of reading bits out of urandom;
...
Reading `bytes' bytes out of it;
Print a newline after completion.
2000-04-17 15:38:47 +00:00
Ivo Timmermans
18e044bde3
New option -D, don't detach.
2000-04-06 18:28:29 +00:00
Ivo Timmermans
523c80c4e3
Ignore SIGCHLD.
2000-03-28 19:16:27 +00:00
Ivo Timmermans
f2076e3e70
Kill the parent after any error conditions in detach().
2000-03-28 19:09:52 +00:00
Ivo Timmermans
98de35c742
Upon regeneration, free the old encryption key `securely\' by overwriting it.
2000-03-27 22:59:16 +00:00
Ivo Timmermans
b50523dc44
Get rid of the message `zxnrbl\'.
2000-03-27 22:30:27 +00:00
Ivo Timmermans
1243156a5e
Initial revision
2000-03-26 00:33:07 +00:00