Commit graph

3090 commits

Author SHA1 Message Date
aiyion.prime
39e2ea03b2 fixed usage of size_t for time_t (now using difftime()), in order to make it compile on armhf architectures 2017-01-30 16:43:12 +01:00
Etienne Dechamps
06b8201332 Fix address memory leaks in add_edge_h().
Note that this is not as bad as it looks, because in practice
sockaddrfree() is a no-op for typical address types.
2016-12-18 17:14:17 +00:00
Etienne Dechamps
02093b12b0 Clarify the flow of add_edge_h().
This is an attempt at making the control flow through this function
easier to understand by rearranging branches and cutting back on
indentation levels.

This is a pure refactoring; there is no change in behavior.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
3bf3d7d3e7 Fix edge updates containing local address changes.
This commit fixes a logic bug in the edge update code where local
address changes are not taken into account if they are bundled in with
other changes. This bug breaks local discovery in some scenarios.

The regression was introduced by commit
e4670fc4a0576eb76f1807ce29fa9455dd247632.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
0792a10a5a Fix edge local addresses not being set when connections are established.
This bug prevented nodes from advertising their local addresses, thus
breaking local discovery.

The regression was introduced in
ab13c14a14.
2016-12-18 17:14:16 +00:00
Etienne Dechamps
d21d97eaf5 On Windows, don't cancel I/O when disabling the device.
I have observed cases where disable_device() can get stuck on the
GetOverlappedResult() call, especially when the computer is waking up
from sleep. This is problematic when combined with DeviceStandby=yes:

    other_side (1.2.3.4 port 655) didn't respond to PING in 5 seconds
    Closing connection with other_side (1.2.3.4 port 655)
    Disabling Windows tap device
    <STUCK>

gdb reveals the following stack trace:

    #0  0x77c7dd3c in ?? ()
    #1  0x7482aad0 in KERNELBASE!GetOverlappedResult () from C:\WINDOWS\SysWoW64\KernelBase.dll
    #2  0x0043c343 in disable_device () at mingw/device.c:244
    #3  0x0040fcee in device_disable () at net_setup.c:759
    #4  0x00405bb5 in check_reachability () at graph.c:292
    #5  0x00405be2 in graph () at graph.c:301
    #6  0x004088db in terminate_connection (c=0x4dea5c0, report=true) at net.c:108
    #7  0x00408aed in timeout_handler (data=0x5af0c0 <pingtimer>) at net.c:168
    #8  0x00403af8 in get_time_remaining (diff=0x2a8fd64) at event.c:239
    #9  0x00403b6c in event_loop () at event.c:303
    #10 0x00409904 in main_loop () at net.c:461
    #11 0x00424a95 in main2 (argc=6, argv=0x2b42a60) at tincd.c:489
    #12 0x00424788 in main (argc=6, argv=0x2b42a60) at tincd.c:416

This is with TAP-Win32 9.0.0.9. I suspect driver bugs related to sleep.
In any case, this commit fixes the issue by cancelling I/O only when the
entire tinc process is being gracefully shut down, as opposed to every
time the device is disabled. Thankfully, the driver seems to be
perfectly fine with this code issuing TAP_IOCTL_SET_MEDIA_STATUS ioctls
while there are I/O operations inflight.
2016-12-03 23:25:14 +00:00
Etienne Dechamps
1672dbd66b Fix crash on Windows when a socket is available for both write and read.
Currently, if both write and read events fire at the same time on a
socket, the Windows-specific event loop will call both the write and
read callbacks, in that order. Problem is, the write callback could have
deleted the io handle, which makes the next call to the write callback a
use-after-free typically resulting in a hard crash.

In practice, this issue is triggered quite easily by putting the
computer to sleep, which basically freezes the tinc process. When the
computer wakes up and the process resumes, all TCP connections are
suddenly gone; as a result, the following sequence of events might
appear in the logs:

    Metadata socket read error for node1 (1.2.3.4 port 655): (10054) An existing connection was forcibly closed by the remote host.
    Closing connection with node1 (1.2.3.4 port 655)
    Sending DEL_EDGE to everyone (BROADCAST): 13 4bf6 mynode node1
    Sending 43 bytes of metadata to node2 (5.6.7.8 port 655)
    Could not send 10891 bytes of data to node2 (5.6.7.8 port 655): (10054) An existing connection was forcibly closed by the remote host.a
    Closing connection with node2 (5.6.7.8 port 655)
    <CRASH>

In this example the crash occurs because the socket to node2 was
signaled for reading *in addition* to writing, but since the connection
was terminated, the attempt to call the read callback crashed the
process.

This commit fixes the problem by not even attempting to fire the write
callback when the write event on the socket is signaled - instead, we
just rely on the part of the event loop that simulates level-triggered
write events. Arguably that's even cleaner and faster, because the code
being removed was technically redundant - we have to go through that
write check loop anyway.
2016-12-03 23:21:25 +00:00
Guus Sliepen
979acc48ad Enforce maximum amount of bytes sent/received on meta-connections.
This is 2^{block_length_in_bits / 2 - 1}.
2016-10-30 15:19:12 +01:00
Guus Sliepen
edc1efed3c Use AES256 and SHA256 by default for the legacy protocol.
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
2016-10-30 15:17:52 +01:00
Dennis Lan
fcaf158494 Fix typo in src/upnp.c. 2016-10-12 13:35:39 +02:00
Vittorio G (VittGam)
9cbd3c2b5b tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.
Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2016-10-11 20:30:41 +02:00
Vittorio G (VittGam)
c7c5c74d4a fsck: Fix ed25519 public key reading, and fclose usage.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2016-10-11 13:30:05 +02:00
Guus Sliepen
e6497a23f7 Log warnings about dropped packets only with debug level 5 or higher. 2016-07-26 16:47:45 +02:00
Etienne Dechamps
2784a171ec Fix error handling when setting up the UDP socket.
Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.

The regression was introduced in
6bc5d626a8.
2016-07-14 19:15:35 +01:00
Guus Sliepen
b1c29464b6 Fix compiling with OpenSSL < 1.1.0. 2016-06-24 11:22:24 +02:00
Guus Sliepen
9a9f6fac00 Add missing m4 files.
ax_cflags_warn_all.m4 depends on them.
2016-06-24 11:22:11 +02:00
Guus Sliepen
b9b0defaf4 Fix potential memory leaks found by the Clang static analyzer. 2016-06-23 15:59:43 +02:00
Guus Sliepen
49edf9c53a Fix warnings from the Clang static analyzer.
These are all false positives or harmless dead stores.
2016-06-23 15:59:16 +02:00
Guus Sliepen
e16ab7b899 Force nul-termination of strings after vsnprintf().
Apparently, on Windows this function might not always be properly
terminated.
2016-06-23 15:26:58 +02:00
Guus Sliepen
2de5d866b5 Use EVP_MD_CTX_destroy() instead of _free().
Thanks to azrdev for pointing out the build failure on Fedora 23.
2016-06-22 23:08:30 +02:00
Guus Sliepen
9b148fd844 Check return value of RSA_generate_key_ex(). 2016-06-22 17:42:25 +02:00
Guus Sliepen
172763f4af Add -Wall to CFLAGS. 2016-06-22 17:35:12 +02:00
Guus Sliepen
323c17e232 Ensure compatibility with OpenSSL 1.1.0. 2016-06-22 16:32:05 +02:00
thorkill
6e6bc9f443 Merge remote-tracking branch 'guus/1.1' into thkr-1.1-ponyhof 2016-06-06 22:00:58 +02:00
thorkill
8ac16a5cf2 Merge remote-tracking branch 'guus/1.1' into thkr-1.1-ponyhof 2016-06-05 15:34:46 +02:00
Guus Sliepen
74eb4cc974 Fix the previous commit. 2016-06-05 15:20:57 +02:00
Guus Sliepen
ab13c14a14 Preserve IPv6 scope_id in edges.
When creating an edge after authenticating a peer, we copy the
address used for the TCP connection, but change the port to that used
for UDP. But the way we did it discarded the scope_id for IPv6
addresses. This prevented UDP communication from working correctly when
connecting to a peer on the same LAN using an IPv6 link-local address.

Thanks to Rafał Leśniak for pointing out this issue.
2016-06-05 14:47:21 +02:00
thorkill
9a550ff4e3 Remove code commited by mistake 2016-05-30 23:11:50 +02:00
thorkill
6bd518935f Moved SLPD related #define to slpd.h 2016-05-26 16:12:03 +02:00
thorkill
04cac1f462 Typo in tinc.conf 2016-05-25 22:48:03 +02:00
thorkill
fb15bef4c0 Change misleading comment - 1.1 node does have source ID in the packet 2016-05-25 22:47:18 +02:00
thorkill
e51ce69079 Change scope of len 2016-05-25 22:45:07 +02:00
thorkill
9ab8d025ca Initialize struct ip and icmp 2016-05-25 22:44:21 +02:00
thorkill
3b3bdf72d4 Initialize outoging->config_tree 2016-05-25 22:42:48 +02:00
thorkill
dbddbc2dd7 Remove debug 2016-05-25 21:38:03 +02:00
thorkill
37c128580a Remove debug output from try_harder() 2016-05-25 20:29:13 +02:00
thorkill
649b55d988 SLPD refactor - cleanup net.h 2016-05-25 19:27:40 +02:00
thorkill
0fbde0e5a0 Continue SLPD refactor 2016-05-25 19:26:53 +02:00
thorkill
26a7e51cbe Moved SLPD related code to slpd.c
- Added setup_slpd()
2016-05-25 19:18:32 +02:00
thorkill
62b63fff8b Do not include rsa.h when DISABLE_LEGACY 2016-05-25 19:13:34 +02:00
thorkill
3327feb025 Refactor of do_outgoing_connection - make it use config_address2addrinfo
This means: setup_outgoing_connection() has to prepare fake
Address = "ip port" config based on the actuall configuration file

Prefer the addresses discovered via SLDP while making outgoing connections
2016-05-25 18:30:33 +02:00
thorkill
69bb848f59 Let choose_local_address() prefer addresses discovered via SLPD 2016-05-25 18:25:28 +02:00
thorkill
11b8eb81b9 Refactor of SLPD - moved most of the SLPD related code into slpd.{c,h} 2016-05-25 18:23:42 +02:00
thorkill
299b223bba Added new function config_address2addrinfo
This function takes an "Address" config string, splits it into
address and port, then calls str2addinfo() on it returning addrinfo.

The aim is to refactor the code an allow simple translation
of addresses listed in configuration or generated on demand
in other places in the code.
2016-05-25 18:16:45 +02:00
thorkill
deccb83a29 try_harder() in only needed in legacy-protocol 2016-05-24 13:35:30 +02:00
thorkill
b7fe5910d6 Add information about sending address in try_harder() 2016-05-24 13:13:35 +02:00
thorkill
e60657765c Extended man page for tinc.conf to include SLPD
References: 43ed440176
2016-05-23 22:54:54 +02:00
thorkill
20df09ef89 Fix compile error 2016-05-23 21:27:53 +02:00
thorkill
06350df9ee Change scope of *closest variable 2016-05-23 21:19:52 +02:00
thorkill
f922b1c1e1 merged with guus/1.1 2016-05-23 21:17:42 +02:00