Commit graph

97 commits

Author SHA1 Message Date
Brandon L Black
0d61d4ae13 Improved handling of queue-jumping packets on receive 2010-11-13 21:25:48 +01:00
Brandon L Black
23acc19bc0 Configurable ReplayWindow size, zero disables 2010-11-13 21:25:46 +01:00
Guus Sliepen
c6ccbadfcf Attribution for Timothy Redaelli. 2010-10-22 13:40:04 +02:00
Timothy Redaelli
eda7179874 Fix warnings under BSD 2010-05-06 21:19:49 +02:00
Timothy Redaelli
ddb8cb0779 Add --disable-zlib configure option 2010-02-10 16:47:52 +01:00
Timothy Redaelli
eeb505af36 Add --disable-lzo configure option 2010-02-10 16:47:52 +01:00
Guus Sliepen
40d91ff619 Update copyright notices. 2010-02-02 22:49:21 +01:00
Guus Sliepen
d15099e002 Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 18:48:01 +01:00
Guus Sliepen
e00b44cb98 Move socket error interpretation to utils.h. 2009-10-25 01:40:07 +02:00
Guus Sliepen
c11dc8079b Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
2009-10-25 00:50:09 +02:00
Guus Sliepen
242c4e2ca6 Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
2009-10-24 21:53:01 +02:00
Guus Sliepen
d922db253c Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
2009-10-24 21:35:40 +02:00
Guus Sliepen
a8f7fccbc2 Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
2009-10-24 21:32:06 +02:00
Guus Sliepen
cddcdc9af3 Allow UDP packets with an address different from the corresponding TCP connection. 2009-10-24 20:54:44 +02:00
Guus Sliepen
b6543af762 Clarify and increase level of log message about MTU probes to unreachable nodes. 2009-10-20 22:39:07 +02:00
Guus Sliepen
92b8abc921 Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.

If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.

We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
2009-10-11 18:57:58 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
b5ccce2968 Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum.  If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives.  We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
2009-09-15 23:22:13 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
2009-09-14 23:06:00 +02:00
Guus Sliepen
de029ce460 Change level of some debug messages, zero pointer after freeing hostname. 2009-06-11 19:39:25 +02:00
Guus Sliepen
66be914d35 Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
2009-06-11 19:26:34 +02:00
Guus Sliepen
36f8e4da8b Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
2009-06-11 18:36:08 +02:00
Guus Sliepen
4e9e3ca89d Do not forward broadcast packets when TunnelServer is enabled.
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
2009-05-25 15:04:33 +02:00
Guus Sliepen
7fc69bc73b Use packet size before decompression to calculate path MTU.
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
2009-05-25 12:19:37 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Michael Tokarev
0246939ce1 don't log every strange packet coming to the UDP port
it's a sure way to fill up syslog.  Only log those if
debug level is up to PROTOCOL
2009-05-24 17:28:24 +02:00
Guus Sliepen
2c67eafc6e If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily. 2009-05-24 15:58:47 +02:00
Guus Sliepen
3308d13e7e Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange.  The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different.  Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
2009-04-03 01:05:23 +02:00
Guus Sliepen
78fc59e994 Update THANKS and copyright information. 2009-03-05 14:12:36 +01:00
Guus Sliepen
67df7fb7e1 Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP.  The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
47d916ec5e Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h. 2006-11-29 17:18:39 +00:00
Guus Sliepen
0714ac6c59 Nodes use events, so event system should be initialised first and destroyed last. 2006-11-11 22:44:15 +00:00
Guus Sliepen
8d393b30a9 Support and autodetect LZO version 2.0 and later. 2006-11-11 20:10:46 +00:00
Guus Sliepen
412f3fb510 Restore length of the original packet in send_udppacket(). 2006-04-26 16:29:47 +00:00
Guus Sliepen
de78d79db8 Update copyright notices, remove Ivo's email address. 2006-04-26 13:52:58 +00:00
Guus Sliepen
af95368c0f Fix signedness compiler warnings. 2006-03-19 13:06:21 +00:00
Guus Sliepen
df3220a154 Update copyright notices. 2005-05-04 18:09:30 +00:00
Guus Sliepen
0077cfaae1 Make sure broadcast packet reach the local network interface. 2004-11-16 19:02:54 +00:00
Guus Sliepen
ca7948fc06 Hopefully this really fixes late packet handling. 2004-11-09 09:51:35 +00:00
Guus Sliepen
f7b9761000 Fixed another bug in late packet handling. 2004-11-08 22:30:13 +00:00
Guus Sliepen
5373129344 Marking potential late packets was in the wrong place. 2004-09-20 20:55:49 +00:00
Guus Sliepen
7926a156e5 Update copyrights, links, email addresses and let Subversion update $Id$ keywords. 2004-03-21 14:21:22 +00:00
Guus Sliepen
af86a3226e Revert Martin Kihlgren's patch, it doesn't work the way it should. 2004-03-20 22:23:42 +00:00
Guus Sliepen
56aad1bb48 Applied Martin Kihlgren's IdentityGenerosity patch,
simplified and renamed to StrictSource.
2004-03-20 15:28:55 +00:00
Guus Sliepen
519d63bedb Don't forget to update destination MAC address. 2003-12-27 16:32:52 +00:00
Guus Sliepen
aebc97a77f Small fixes for PMTU discovery. 2003-12-24 10:48:15 +00:00