j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
2267 commits 2 branches 0 tags 10 MiB
Commit graph

2267 commits

This branch
This branch
All branches
Author SHA1 Message Date
Guus Sliepen
482c6119a7 Releasing 1.0.18. 2012-03-25 15:32:26 +01:00
Guus Sliepen
64c657b32d Mark DecrementTTL option experimental. 2012-03-25 15:30:58 +01:00
Guus Sliepen
f71ce34180 Fix return type of vde_recv() as well. 
In this case it is not really necessary as the conversion to int will already
take care of ensuring the return value is treated as signed.
 2012-03-25 15:17:50 +01:00
Guus Sliepen
6225b1884a Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands. 2012-03-25 14:55:56 +01:00
Guus Sliepen
3998353853 Fix some more compiler warnings. 2012-03-25 14:46:50 +01:00
Guus Sliepen
cfe6558d4b Fix return value type of vde_send(). 
The libvdeplug_dyn.h header file incorrectly declares the return type of
vde_send() to size_t, while in reality it is ssize_t.
 2012-03-25 14:00:21 +01:00
Guus Sliepen
95968c67f9 Fix compiler warnings. 2012-03-25 13:58:14 +01:00
Guus Sliepen
e2d1b0b899 Allow scoped addresses to be used for IPv6 multicast socket. 2012-03-25 13:42:10 +01:00
Guus Sliepen
2512040632 Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast. 2012-03-25 13:40:55 +01:00
Guus Sliepen
b5e3bf1a85 Set default value of DecrementTTL to "no". 
Decrementing the TTL causes IPv6 to fail when Mode = switch, and there may be
other unforeseen side-effects.
 2012-03-23 13:18:36 +01:00
Guus Sliepen
c373de2e98 Add support for multicast communication with UML/QEMU/KVM. 
DeviceType = multicast allows one to specify a multicast address and port with
a Device statement. Tinc will then read/send packets to that multicast group
instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM
instances that are listening on the same group.
 2012-03-21 17:00:53 +01:00
Guus Sliepen
a7dbb50c23 Allow a port to be specified in BindToAddress statements. 
This can be used to let tinc listen on multiple ports for incoming connections.
 2012-03-21 13:20:15 +01:00
Guus Sliepen
80e15d8b96 Always try next Address when an outgoing connection fails to authenticate. 
When making outgoing connections, tinc goes through the list of Addresses and
tries all of them until one succeeds. However, before it would consider
establishing a TCP connection a success, even when the authentication failed.
This would be a problem if the first Address would point to a hostname and port
combination that belongs to the wrong tinc node, or perhaps even to a non-tinc
service, causing tinc to endlessly try this Address instead of moving to the
next one.

Problem found by Delf Eldkraft.
 2012-03-20 23:49:16 +01:00
Guus Sliepen
d7bf63c63a Make sure the signature also covers the session label. 2012-03-18 21:24:46 +01:00
Guus Sliepen
42a0b61076 Start documenting the SPTPS protocol. 2012-03-18 20:38:48 +01:00
Guus Sliepen
d756bb92ed Don't send an ACK message after the first key exchange in the SPTPS protocol. 2012-03-18 17:46:30 +01:00
Guus Sliepen
c970ecdd75 Test SPTPS messages sent while key renegotation is in progress. 2012-03-18 17:42:43 +01:00
Guus Sliepen
3a4fe104a0 Add datagram mode to the SPTPS protocol. 
* Everything is identical except the headers of the records.
* Instead of sending explicit message length and having an implicit sequence
  number, datagram mode has an implicit message length and an explicit sequence
  number.
* The sequence number is used to set the most significant bytes of the counter.
 2012-03-18 16:42:02 +01:00
Guus Sliepen
03e06fd43a Allow CTR mode counter to be set to a specific value. 2012-03-18 16:41:13 +01:00
Guus Sliepen
28a1501b9a Releasing 1.0.17. 2012-03-10 13:45:53 +01:00
Guus Sliepen
4712d8f92e Update copyright notices. 2012-03-10 13:23:08 +01:00
Guus Sliepen
5b0f5ad958 Make sure disabling old RSA keys works on Windows. 
Seeking in files and rewriting parts of them does not seem to work properly on
Windows. Instead, when old RSA keys are found when generating new ones, the
file containing the old keys is copied to a temporary file where the changes
are made, and that file is renamed back to the original filename. On Windows,
we cannot atomically replace files with a rename(), so we need to move the
original file out of the way first. If anything fails, the new code will warn
that the user has to solve the problem by hand.
 2012-03-08 23:23:39 +01:00
Guus Sliepen
2f1c337c54 Add missing ICMP6 message type definitions. 2012-03-08 22:19:20 +01:00
Guus Sliepen
40c2858932 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	src/net_packet.c
 2012-03-08 21:15:08 +01:00
Guus Sliepen
9dea33f530 Accept Subnets passed with the -o option when StrictSubnets = yes. 2012-03-07 10:40:06 +01:00
Guus Sliepen
63f8303a5d Only log errors sending UDP packets when debug level >= 5. 
Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.
 2012-03-02 16:09:58 +01:00
Guus Sliepen
8ac096b5bf Allow log messages to be captured by tincctl. 
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
 2012-02-26 18:37:36 +01:00
Guus Sliepen
a1bd3a2913 Don't close control connections when handling a reload command. 
Because this would terminate the connection while the control message
handler was still running, it would lead to a segmentation fault later
on.
 2012-02-26 16:56:53 +01:00
Guus Sliepen
483c5dcfb4 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 2012-02-26 16:27:13 +01:00
Guus Sliepen
ae52496109 Only use broadcast at the start of the PMTU discovery phase. 
For local peer discovery, only a handful of packets are necessary for
peers to detect each other.
 2012-02-26 16:23:02 +01:00
Guus Sliepen
344d6b9ac3 Let tincctl use the NETNAME environment variable if no -n option is given. 
This allows administrators who frequently want to work with one tinc
network to omit the -n option. Since the NETNAME variable is set by
tincd when executing scripts, this makes it slightly easier to use
tincctl from within scripts.
 2012-02-26 13:08:34 +01:00
Guus Sliepen
84570275ac Ensure all SPTPS functions are prefixed with sptps_. 2012-02-26 12:33:16 +01:00
Guus Sliepen
8b1ad6f76f Go back to breadth first search for path finding. 
If 1.1.x nodes using Dijkstra's algorithm are mixed with 1.0.x nodes using BFS,
then routing loops can occur.
 2012-02-25 23:03:09 +01:00
Guus Sliepen
36623e15a1 Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 2012-02-25 22:52:57 +01:00
Guus Sliepen
5140656de6 Stricter checks against routing loops. 
If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.
 2012-02-25 22:11:30 +01:00
Guus Sliepen
f1d5eae643 Don't send ICMP Time Exceeded messages for other Time Exceeded messages. 
That would be silly.
 2012-02-25 21:46:18 +01:00
Guus Sliepen
65d6f023c4 Use SPTPS when ExperimentalProtocol is enabled. 2012-02-25 18:25:21 +01:00
Guus Sliepen
efd21e232d Apply HMAC after encryption. 2012-02-25 15:18:15 +01:00
Guus Sliepen
f5dc136cfd Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	src/net.c
	src/net_packet.c
	src/net_socket.c
 2012-02-23 13:26:01 +01:00
Guus Sliepen
5a28aa7b8b Add LocalDiscovery option which tries to detect peers on the local network. 
Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.
 2012-02-22 23:17:43 +01:00
Guus Sliepen
8e717ddb60 Pass index into listen_socket[] to handle_incoming_vpn_data(). 2012-02-22 14:37:56 +01:00
Guus Sliepen
3fba80174d Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1 
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	src/Makefile.am
	src/bsd/device.c
	src/connection.c
	src/connection.h
	src/cygwin/device.c
	src/device.h
	src/dropin.h
	src/linux/device.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/process.c
	src/protocol.c
	src/protocol_key.c
	src/raw_socket_device.c
	src/route.c
	src/solaris/device.c
	src/tincd.c
	src/uml_device.c
 2012-02-22 14:23:59 +01:00
Guus Sliepen
fba1c85f44 Remove useless warning about signature length being shorter than expected. 2012-02-21 23:19:51 +01:00
Guus Sliepen
cb6cbf452f Use only one hash algorithm (SHA512) in the PRF. 
On some platforms, OpenSSL by default does not support the Whirlpool algorithm.
 2012-02-21 23:17:12 +01:00
Nick Hibma
65e8e06c6d Add missing ICMP message type definitions. 2012-02-21 17:16:21 +01:00
Guus Sliepen
ac48c4ee8c Fix check for raw socket support. 
Also, move some variables so there are no compiler warnings about unused
variables when there is no support for raw sockets.
 2012-02-21 14:06:55 +01:00
Guus Sliepen
d9ad3d313d Fix a bug that caused tinc to ignore all but the last listening socket. 2012-02-21 13:31:21 +01:00
Guus Sliepen
46506b7aaf Document the command line flag -o and provide --option as well. 2012-02-21 13:13:40 +01:00
Guus Sliepen
7d76e28759 Move initialization of char *priority up to prevent freeing an uninitialized pointer. 2012-02-21 11:39:21 +01:00
Guus Sliepen
8420a0c8bd Allow disabling of broadcast packets. 
The Broadcast option can be used to cause tinc to drop all broadcast and
multicast packets. This option might be expanded in the future to selectively
allow only some broadcast packet types.
 2012-02-20 17:19:00 +01:00