Commit graph

776 commits

Author SHA1 Message Date
Guus Sliepen
c78a204f06 - Added meta.c which contains functions to send, receive and broadcast
metadata. It will also handle encryption and decryption, and possibly
  compression and checksumming.
- Moved request dispatcher to protocol.c.
2000-09-26 14:06:11 +00:00
Guus Sliepen
361690b18c - Removed options "string" stuff. It was a bad idea...
- free() everything that is allocated.
2000-09-22 16:20:07 +00:00
Guus Sliepen
5afc1e98f4 - Severe code reduction and simplification of challenge requests
- "Finished" [add|del]_subnet_h
- Added lots of sanity checks to [add|del]_host_h
2000-09-22 15:06:28 +00:00
Guus Sliepen
5d0b3516d5 - Updated authentication scheme.
- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
2000-09-17 21:42:05 +00:00
Ivo Timmermans
7f3ab38c22 Second round of fixes 2000-09-15 12:58:40 +00:00
Ivo Timmermans
ed397b6ac6 First round of needed fixes after the overhaul 2000-09-14 21:51:21 +00:00
Ivo Timmermans
296171d115 New directive: Name. 2000-09-14 14:34:38 +00:00
Ivo Timmermans
d335c6d0d7 Added some structures and types that are needed for the overhaul. 2000-09-14 14:32:34 +00:00
Guus Sliepen
c04c84c980 - Lots of small changes. 2000-09-14 11:54:51 +00:00
Guus Sliepen
9c75350ac6 - Fixed modulo in keylength check
- Updated header file to reflect new protocol code
2000-09-11 10:05:35 +00:00
Guus Sliepen
76b5f255c6 - Some key exchange stuff. (Last commit before going to bed.) 2000-09-10 23:11:37 +00:00
Guus Sliepen
675ed08a71 - Lots of functions added for the new protocol. 2000-09-10 22:49:46 +00:00
Ivo Timmermans
9926dae464 Add Guus' name and shift out old protocol requests 2000-09-10 21:57:11 +00:00
Guus Sliepen
6b9ec9ed1e - Added more function skeletons for the new protocol. 2000-09-10 16:15:35 +00:00
Guus Sliepen
28cc301595 - New protocol. Will break everything else for now. 2000-09-10 15:18:03 +00:00
Guus Sliepen
4dde583bc9 - Use strerror() instead of sys_errlist[] for increased portability
(Needed for SunOS)
2000-09-06 11:49:05 +00:00
Guus Sliepen
5c78e158d4 Commented on some size calculations. 2000-08-18 11:17:09 +00:00
Guus Sliepen
3831f51a53 Fixed all sprintf() spl01ts. 2000-08-17 16:51:08 +00:00
Guus Sliepen
9acd4379f7 - Added two extra configuration options, Interface and InterfaceIP, to
bind the listen socket to a network device or a specific IP.
2000-08-09 14:02:16 +00:00
Guus Sliepen
f6d79366b3 - Reinstated O_NONBLOCK for meta socket
- Set SO_KEEPALIVE on meta socket
2000-08-09 09:34:21 +00:00
Guus Sliepen
3cfc9424f2 - Moved TCP packet reception to meta handler: less kludgy and less buggy! 2000-08-08 17:07:48 +00:00
Guus Sliepen
e092d15be1 - Added date/time of build and protocol number to --version output. 2000-08-08 14:54:57 +00:00
Guus Sliepen
ff87f385c3 Removed calling add_queue for tcponly packets. 2000-08-08 13:47:57 +00:00
Guus Sliepen
ac73c72488 Fixed PACKET read loop. 2000-08-08 08:48:50 +00:00
Guus Sliepen
b6997b0050 - Lots o' buglets fixed (-Wall helps)
- Made TCPonly work :)
2000-08-07 16:27:29 +00:00
Guus Sliepen
fdc6a2f106 - Added experimental hackish tunneling-over-TCP support.
Just use TCPonly = true in the configuration file.
2000-08-07 14:52:16 +00:00
Guus Sliepen
42455e97a0 - Fixed typo. 2000-07-02 13:40:57 +00:00
Guus Sliepen
b1ecbf9777 - Delayed address resolving for ConnectTo lines in configuration file to
allow DynDNS to work without restarting tincd.
2000-07-02 13:36:18 +00:00
Guus Sliepen
1b28f88808 - Removed a single unused bit from status_bits_t. 2000-07-01 07:49:21 +00:00
Guus Sliepen
1a1ebefd57 - Made tinc even more silent if no -d flag is given at all. 2000-06-30 21:03:51 +00:00
Guus Sliepen
c5737583c8 - Instead of logging an error when remote end closes the connection,
we print a nice message if appropiate debug level is set.
- If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists
  are really messed up. We restart, and hope our problems go away.
2000-06-30 12:41:06 +00:00
Guus Sliepen
24874d0806 - Removed segfault bug in conf.c (must have been there for ages!)
- Made main_loop() signal proof
- #defined MAXTIMEOUT (15 minutes)
- If something really really bad happens, close all connections, wait
  for MAXTIMEOUT seconds, and then restart tinc
2000-06-30 11:45:16 +00:00
Guus Sliepen
0f9ad1f047 - Fixed memory leak.
- Implemented SIGHUP configuration file reloading.
- Other small changes.
2000-06-29 19:47:04 +00:00
Guus Sliepen
18c85caac3 - New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
improve connection list consistency, ensures the tree property, and
  allows for recovery from situations where track of connections is lost.
2000-06-29 17:09:08 +00:00
Guus Sliepen
e8e7379311 - Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
connection now has two hostnames: real_hostname (replacing the old),
  and vpn_hostname. In those places where hostnames really aren't usefull
  IP_ADDR_S has been replaced by %d.%d.%d.%d.
2000-06-29 13:04:15 +00:00
Guus Sliepen
3df9b89204 - Added log message when SIGCHLD is received ("thanks" to Ivo van Dong) 2000-06-28 14:34:40 +00:00
Guus Sliepen
8c6c60adf3 - Fixed a message in nl.po
- Woops, we forgot to send our connection list to our uplink when we
  connect to it... Fixed.
2000-06-28 13:41:02 +00:00
Guus Sliepen
ea40d3f1a0 - Fixed some spelling errors.
- Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de
  tijd gebracht.
2000-06-28 11:38:01 +00:00
Guus Sliepen
dba2995db7 - Extra check op EINTR bij inlezen requests 2000-06-28 10:11:10 +00:00
Guus Sliepen
4ee53e7dac - Fixes a silly little insignificant buglet. 2000-06-27 21:05:07 +00:00
Guus Sliepen
070ad08118 - Purge old connections that are ADD_HOSTed. 2000-06-27 20:55:12 +00:00
Guus Sliepen
4aeaea5e59 - Improved handling of errors on connection attempts. 2000-06-27 20:10:48 +00:00
Guus Sliepen
45a28b1e89 - Fixed indirectdata=no problem
- Added support for multiple ConnectTo lines in tinc.conf.
2000-06-27 15:08:58 +00:00
Guus Sliepen
4faed1b854 - Fixed KEY_CHANGED notification. A lot of notify_others() calls were
wrong (first two arguments swapped). Should probably be doublechecked.
- Don't retry to connect to hosts with different protocol versions.
2000-06-27 12:58:04 +00:00
Guus Sliepen
04cb206298 - Moved all connection messages to debug level 1, without -d's only the
startup message will be logged.
- Fixed DEL_HOST rebound.
2000-06-26 20:30:21 +00:00
Guus Sliepen
783c829861 - Indirectdata finally REALLY REALLY works now!
- More precise debug messages
2000-06-26 19:39:34 +00:00
Guus Sliepen
b3681ebf6c Fixes some hostlookups. Fixes indirectdata for real now (hopefully). 2000-06-26 17:20:58 +00:00
Guus Sliepen
a473ece8a0 - More verbose connection list
- Added "myself" as hostname when logging indirect ADD_HOSTs
2000-06-25 16:39:17 +00:00
Guus Sliepen
f1f901112e Hostlookup() is actually being called now. 2000-06-25 16:20:27 +00:00
Guus Sliepen
54079bdf03 Hostnames are back! 2000-06-25 16:01:12 +00:00
Guus Sliepen
e4b586ed07 - Log possible spoofing attacks.
- Don't broadcast DEL_HOSTs for hosts that haven't been activated yet.
- If a host sends a TERMREQ, deactivate them.
2000-06-25 15:45:09 +00:00
Guus Sliepen
7648bc6065 Added CVS Id tags to header files. 2000-06-25 15:22:16 +00:00
Guus Sliepen
7f7e158aae Large cleanup:
- Removed hostname lookup (it blocks, and you can always do it yourself)
- Reorganized debug levels (after hints from Axel M�ller):
  0	Startup message and errors
  1	Connection logging
  2	Meta protocol information
  3	Verbose meta protocol (includes copy of transmitted requests)
  4	Packet information (logs transmission/errors of UDP packets)
  5	Verbose packet information (every single byte, not implemented yet
	to protect ourselves from filling up /var/log directories)
- Made log messages more consistent
2000-06-25 15:16:12 +00:00
Guus Sliepen
3c54a513b0 If we have "indirectdata" flag set, we only send data to our uplink. 2000-06-24 12:35:42 +00:00
Guus Sliepen
d8e2f7104c First step for implementation of the "indirectdata" directive. This should
allow _leaf_ tincds to be behind firewalls.
The protocol has changed and is INCOMPATIBLE with previous versions. The
PROT_CURRENT value has been incremented.
2000-06-23 19:27:03 +00:00
Ivo Timmermans
33c3a25a66 Configuration directive `IndirectData'. 2000-06-17 20:55:54 +00:00
Ivo Timmermans
ef294a6967 Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries. 2000-06-06 10:24:33 +00:00
Ivo Timmermans
77be52422d Miscellaneous copyright updates. 2000-05-31 18:23:06 +00:00
Ivo Timmermans
8cb4bb619d Handle locale settings. 2000-05-31 18:21:27 +00:00
Ivo Timmermans
17fa07510a Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients. 2000-05-30 21:36:16 +00:00
Ivo Timmermans
e7f22d2f5f In terminate_connection, only send a notification to hosts that are directly connected to us. (DEL_HOST gets forwarded automatically.) 2000-05-30 12:38:15 +00:00
Ivo Timmermans
2fdda8e4fa When a connection is terminated, all hosts that are still connected get notified of the lost connections. 2000-05-30 12:31:41 +00:00
Ivo Timmermans
f826301889 Added new configuration directive `Hostnames', which controls the resolving of IP addresses to hostnames. 2000-05-30 11:18:12 +00:00
Guus Sliepen
a7ad161d2b Only activate a connection upon receiving it's public key if it's an
incoming connection. When it's outgoing, we need to receive an ack first.
2000-05-29 23:40:05 +00:00
Ivo Timmermans
a822c7466a Bounds check for request id (between 0 and 255). 2000-05-29 22:20:04 +00:00
Ivo Timmermans
386a62ff57 Define LOCALEDIR in CFLAGS. 2000-05-29 21:40:51 +00:00
Ivo Timmermans
9fd02ffcb0 Internationalization of tinc. 2000-05-29 21:01:26 +00:00
Guus Sliepen
61e71ab74a Terminate a connection on any error. Furthermore, disallow del_host,
add_host and other important requests until remote host has properly
authenticated itself.
2000-05-27 20:23:01 +00:00
Guus Sliepen
cc01b18bc6 Made tinc persistent. If no outgoing connection can be established right
after the start of the daemon, it won't quit anymore but will retry in 5
minutes. Also, 5 minutes is now the maximum time to wait for a retry.
2000-05-27 19:44:04 +00:00
Guus Sliepen
028659bfbf Fixed typos. When terminating a connection, it's status is not only set to
remove=1 but also active=0.
2000-05-27 19:23:20 +00:00
Guus Sliepen
e4ff969a98 Fix for a DoS attack:
A remote user could telnet to the tinc daemon and type only this line:
 61 6 00000000/00000000:28f
 This would deny any packets to be sent to other tinc networks (except
 for to the hosts that run tincd's themselves). Solution is to skip
 hosts in lookup_conn() that have not been activated yet.
Fixed potential conn_list table corruption:
 If a new connection is accepted but a connection with the same subnet
 would already exist in the connection list, the OLD connection is
 terminated.
2000-05-27 19:04:12 +00:00
Guus Sliepen
85963f4c85 Stub for VpnMask config directive. 2000-05-16 13:09:15 +00:00
Ivo Timmermans
7e817fcf0f Unlimited length in the config file, thanks to Cris van Pelt. 2000-05-15 18:28:45 +00:00
Ivo Timmermans
803f908078 Give IP address instead of hex number when connecting tcp socket failed. 2000-05-14 21:07:16 +00:00
Ivo Timmermans
de09916ead Only print an error with send_termreq if debug_lvl is 2 or more. 2000-05-14 13:50:10 +00:00
Guus Sliepen
9d023b1f2e Fixed typos. 2000-05-14 13:06:52 +00:00
Guus Sliepen
e20e143f1e Changed ping behaviour (backwards compatible). If we don't have any data
to send, we don't need to check if the connection is still alive.
Furthermore, if we receive any kind of data from the other end, we know
it's alive, so we don't need to check it either. So, PING requests are
only sent if we send packets but there is no response.
2000-05-14 13:02:20 +00:00
Guus Sliepen
ee96ccabbb Cleanups. 2000-05-14 12:22:42 +00:00
Guus Sliepen
8caa1b9d75 Proxymode removed. 2000-05-14 11:39:18 +00:00
Guus Sliepen
d0ba34ccae Added new config variable "ProxyMode". If enabled, all outgoing packets
are sent to the uplink (ConnectTo), which will have to forward them for
us (kernel should do that). This is for people behind firewalls.
2000-05-08 18:44:15 +00:00
Ivo Timmermans
74b0cbecce Include sys/types.h. 2000-05-04 23:17:02 +00:00
Ivo Timmermans
2f7e532d70 Don't link in libdl. 2000-05-04 23:16:43 +00:00
Guus Sliepen
a083b1cf30 Squashed gcc warning. 2000-05-03 18:02:15 +00:00
Guus Sliepen
7853247523 Fixes typo and UDP network byte order. 2000-05-03 17:59:07 +00:00
Guus Sliepen
505b5ec2cd Outgoing packets now use network byte order in header. 2000-05-03 15:37:32 +00:00
Guus Sliepen
89610e3fba Replaced sprintf() by safer snprintf(), removed possible buffer overflow
by one byte.
2000-05-02 10:16:50 +00:00
Guus Sliepen
aeccaca829 Previous fix fixed. Meta protocol should be really flawless from now on! 2000-05-02 09:55:34 +00:00
Guus Sliepen
989d7edc07 Fixed small mistake that would prevent forwarding requests. 2000-05-02 09:10:33 +00:00
Ivo Timmermans
a9247e6f2c Fixed meta protocol. 2000-05-01 21:31:59 +00:00
Guus Sliepen
ca6abd41ea Meta protocol overhaul. Tinc is now incompatible with previous versions,
furthermore this version does NOT work yet because of a problem with
sending keys (these should be converted to base36 or something like that).
It is possible to telnet to the tinc daemon now and type some commands
by hand though :).
2000-05-01 18:07:12 +00:00
Ivo Timmermans
33cfdf43f4 Key forwarding, write one byte extra. 2000-04-30 20:48:48 +00:00
Ivo Timmermans
75d351eaf1 Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility. 2000-04-30 19:49:49 +00:00
Ivo Timmermans
b4290c3f43 Send one less byte from an ANS_KEY request. 2000-04-30 19:03:00 +00:00
Ivo Timmermans
d878230ebe Read one less byte from an ANS_KEY request. 2000-04-30 18:57:16 +00:00
Ivo Timmermans
789a4c4f40 Removed debug messages. 2000-04-30 16:34:31 +00:00
Ivo Timmermans
eb1c9814e6 Read public keys the right way (tm). 2000-04-30 16:31:23 +00:00
Ivo Timmermans
ca73b722cb New way of handling the meta protocol. 2000-04-30 16:11:05 +00:00
Ivo Timmermans
cd12345032 Replaced check for status.active by status.dataopen in check_network_activity. 2000-04-30 13:23:53 +00:00
Ivo Timmermans
4b076ee87f Initially, the vpn_mask of a connection is 255.255.255.255 to avoid confusion with lookup_conn. 2000-04-30 01:16:51 +00:00
Ivo Timmermans
1c007c0627 Got rid of the nasty hacks... and replaced it by another one. 2000-04-30 01:15:47 +00:00
Ivo Timmermans
c027459914 Filled up the protocol structs with unused bytes. 2000-04-29 20:39:36 +00:00
Guus Sliepen
2371551014 Oops! Reference to write_n() removed and changed into neat write() call. 2000-04-28 11:33:25 +00:00
Guus Sliepen
bb8fff92e1 Removed write_n() function. 2000-04-27 20:57:18 +00:00
Ivo Timmermans
4fec0cc457 Default config file name is tinc.conf, and pidfile is tinc.pid. 2000-04-27 13:47:51 +00:00
Guus Sliepen
44f9449888 Cleanups:
- Changed recv/send calls into read/write calls for streams
- Made all sizeof() functions use a variable name instead of type
2000-04-26 17:42:55 +00:00
Guus Sliepen
8efe4874da Converted every &variable[0] to variable. 2000-04-25 22:15:28 +00:00
Ivo Timmermans
643d8712eb Debug level tweaking. 2000-04-25 22:00:49 +00:00
Guus Sliepen
468f1d2efc When trying to talk to a host that is in the netmask of a tinc server but
not the tinc server itself, and no keys have been exchanged yet, the key
request would be directed to the host instead of the server. Fixed.
2000-04-25 20:50:59 +00:00
Guus Sliepen
dad90e82d3 Fixed typo and removed some unnecessary variables. 2000-04-25 20:17:44 +00:00
Guus Sliepen
5b72422857 Packet queues fixed. They caused the trouble when resending keys. 2000-04-25 20:10:37 +00:00
Guus Sliepen
3a33568652 Added checkpoints to beginning and ending of every function. 2000-04-25 18:57:23 +00:00
Ivo Timmermans
e1e590fe9a Propagate CFLAGS from configure to gcc. 2000-04-25 15:08:10 +00:00
Guus Sliepen
16d581be68 Bug found! Wrong pointer was used for handling multiple ADD_HOST requests
at once. (See line 606.)
2000-04-24 09:39:50 +00:00
Guus Sliepen
f6802d349d Added extra checks for desynchronized connection lists. Hopefully this will
fix those strange segmentation faults.
2000-04-24 08:32:57 +00:00
Ivo Timmermans
0b02ebc4d9 Address for bugreports changed to tinc@nl.linux.org. 2000-04-18 16:04:10 +00:00
Ivo Timmermans
93287d2b2c Default passphrase length of 1024, added -h/--help options. 2000-04-17 17:04:33 +00:00
Ivo Timmermans
9c2ac77594 Check if stdout is a terminal, if so, print a verbose message. 2000-04-17 16:59:42 +00:00
Ivo Timmermans
c924689690 Check for an illegal length of passphrase in read_passphrase(). 2000-04-17 16:52:58 +00:00
Ivo Timmermans
baebae2749 Pass the requested size from xmalloc() and xrealloc() on to xalloc_fail_func() 2000-04-17 16:23:29 +00:00
Ivo Timmermans
210a92cae9 Only one round of reading bits out of urandom;
Reading `bytes' bytes out of it;
Print a newline after completion.
2000-04-17 15:38:47 +00:00
Ivo Timmermans
18e044bde3 New option -D, don't detach. 2000-04-06 18:28:29 +00:00
Ivo Timmermans
523c80c4e3 Ignore SIGCHLD. 2000-03-28 19:16:27 +00:00
Ivo Timmermans
f2076e3e70 Kill the parent after any error conditions in detach(). 2000-03-28 19:09:52 +00:00
Ivo Timmermans
98de35c742 Upon regeneration, free the old encryption key `securely\' by overwriting it. 2000-03-27 22:59:16 +00:00
Ivo Timmermans
b50523dc44 Get rid of the message `zxnrbl\'. 2000-03-27 22:30:27 +00:00
Ivo Timmermans
1243156a5e Initial revision 2000-03-26 00:33:07 +00:00