Commit graph

1738 commits

Author SHA1 Message Date
Guus Sliepen
933f7f7526 Send a RELOAD to a running tincd when a new invitation key has been generated. 2013-09-01 22:59:51 +02:00
Guus Sliepen
09cd7ac62a Make sptps_test more easy to work with.
It now defers reading from stdin until after the authentication phase is
completed.  Furthermore, it supports the -q, -r, -w options similar to those of
Jürgen Nickelsen's socket.
2013-09-01 16:02:49 +02:00
Guus Sliepen
d01ab07f78 Allow testing the replay window with sptps_test. 2013-08-30 14:23:02 +02:00
Guus Sliepen
ccbf70b66f Fix the replay window in SPTPS. 2013-08-30 14:22:05 +02:00
Guus Sliepen
c7752ca73e Fix CTR mode. 2013-08-30 13:43:23 +02:00
Guus Sliepen
d0aa0817d2 Add an option to test datagram SPTPS with packet loss. 2013-08-30 13:04:14 +02:00
Guus Sliepen
5da0ebd421 When generating invitations, handle any order of Port and Adress statements. 2013-08-28 14:24:07 +02:00
Guus Sliepen
f0e11cd2c5 Call WSAStartup() in main().
The tinc utility defered calling WSAStartup() until it tried to connect to a
running tinc daemon. However, socket functions are now also used for other
things (like joining another VPN using an invitation). Now we just
unconditionally call WSAStartup() early in main().
2013-08-27 21:19:50 +02:00
Guus Sliepen
82575bd44d Tell invited node about Mode and Broadcast settings.
Since these settings really should be the same for all nodes in a VPN.
2013-08-24 00:48:24 +02:00
Guus Sliepen
57991e2642 Use PATHEXT when checking for the presence of scripts on Windows.
It seems like a lot of overhead to call access() for every possible extension
defined in PATHEXT, but apparently this is what Windows does itself too. At
least this avoids calling system() when the script one is looking for does not
exist at all.

Since the tinc utility also needs to call scripts, execute_script() is now
split off into its own source file.
2013-08-23 21:23:46 +02:00
Guus Sliepen
21184674b3 Execute scripts when invitations are created or accepted. 2013-08-21 00:24:55 +02:00
Guus Sliepen
9699f08afc Ensure the invitation filenames do not reveal the secret cookie.
Since filenames could potentially leak to unprivileged users (for example,
because of locatedb), it should not contain the cookie used for invitations.
Instead, tinc now uses the hash of the cookie and the invitation key as the
filename to store pending invitations in.
2013-08-20 23:09:36 +02:00
Guus Sliepen
5dec1c2571 Let a server explicitly send a notification when the invitation protocol succeeded. 2013-08-20 22:36:31 +02:00
Guus Sliepen
c798f73093 Use our own infrastructure for finding out the local node's externally visible host name. 2013-08-20 22:18:01 +02:00
Guus Sliepen
160b7cb5e3 Resolve the local host name before generating the invitation file. 2013-08-20 16:47:07 +02:00
Guus Sliepen
65f5e8fba4 Bind outgoing sockets again.
Commit cff5a84 removed the feature of binding outgoing TCP sockets to a local
address. We now call bind() again, but only if there is exactly one listening
socket with the same address family as the destination address of the outgoing
socket.
2013-08-18 23:55:40 +02:00
Guus Sliepen
0c54f36553 Remove broadcast of KEY_CHANGED message during tinc's initialization. 2013-08-18 22:43:55 +02:00
Guus Sliepen
09b0b49b98 Fix order of tincd's initialization.
The order in which tinc initialized things was not completely correct. Now, it
is done as follows:

- Load and parse configuration files.
- Create all TCP and UDP listening sockets.
- Create PID file and UNIX socket.
- Run the tinc-up script.
- Drop privileges.
- Start outgoing connections.
- Run the main loop.

The PID file can only be created correctly if the listening sockets have been
set up ,as it includes the address and port of the first listening socket. The
tinc-up script has to be run after the PID file and UNIX socket have been
created so it can change their permissions if necessary. Outgoing connections
should only be started right before the main loop, because this is not really
part of the initialization.
2013-08-18 22:35:27 +02:00
Guus Sliepen
8f84244458 Don't force a .bat extension for scripts under Windows. 2013-08-18 18:20:41 +02:00
Guus Sliepen
b180c1af99 Create UNIX socket at the same time as the PID file is created.
The PID file was created before tinc-up was called, but the UNIX socket was
created afterwards, which meant one could not change the UNIX socket's owner or
permissions from the tinc-up script.
2013-08-18 17:02:49 +02:00
Guus Sliepen
5e50a56dd9 Stop using EXTRA_DIST in src/Makefile.am.
Automake finds the files in the subdirectories of src/ now that they are
properly declared in the _SOURCES variables. Using EXTRA_DIST would now cause
.o files to be included in the tarball.
2013-08-14 16:17:12 +02:00
Guus Sliepen
6aa864baa6 Don't typedef the same struct in two header files.
Some (older?) versions of GCC don't like this.
2013-08-13 20:40:40 +02:00
Guus Sliepen
5e00a24e1f Update copyright notices. 2013-08-13 20:38:57 +02:00
Guus Sliepen
2df534808d Move .h files from noinst_HEADERS to tincd_SOURCES.
This is the recommended way according to the Automake manual.
2013-08-13 20:35:48 +02:00
Guus Sliepen
de8e6bf452 Don't echo broadcast packets back when Broadcast = direct. 2013-08-08 17:40:15 +02:00
Guus Sliepen
81c7120320 Fix a typo. 2013-08-02 23:51:55 +02:00
Guus Sliepen
76c90e1639 Non-zero exit code when reloading config file fails after SIGHUP.
When reloading the configuration file via the tinc command, the user will get
an error message if reloading has failed. However, no such warning exists when
sending a HUP signal. Previously, tincd would exit in both cases, but with a
zero exit code. Now it will exit with code 1 when reloading fails after a
SIGHUP, but tincd will keep running if it is signaled via the tinc command.
Instead, the tinc command will exit with a non-zero exit code.
2013-08-02 23:50:44 +02:00
Guus Sliepen
f3a2bed063 Really retry outgoing connections immediately if requested.
The retry() function would only abort connections that were in progress of
being made, it wouldn't reschedule the outgoing connections that had been
sleeping.
2013-08-02 20:53:54 +02:00
Guus Sliepen
1e7d1cd3c7 Clean up the SIGINT handler. 2013-08-02 20:50:19 +02:00
Guus Sliepen
a38e0d6213 Use umask() to set file and UNIX socket permissions without race conditions.
As mentioned by Erik Tews, calling fchmod() after fopen() leaves a small window
for exploits. As long as tinc is single-threaded, we can use umask() instead to
reduce file permissions. This also works when creating the AF_UNIX control socket.

The umask of the user running tinc(d) is used for most files, except for the
private keys, invitation files, PID file and control socket.
2013-08-02 19:28:34 +02:00
Guus Sliepen
a1f4f14c6c Defer handling netname conflicts when accepting an invitation.
In case no explicit netname of configuration directory is specified when
accepting an invitation, the netname specified in the invitation data is
used. However, this new netname is only known after making the connection
to the server. If the new netname conflicts with an existing one at the
client, we ask the user for a netname that doesn't conflict. However, we
should first finish accepting the invitation, so we don't run into the
problem that the server times out and cancels the invitation. So, we create
a random netname and store the files there, and only after we finish
accepting the invitation we ask the user for a better netname, and then
just rename the temporary directory to the final name.
2013-07-26 15:48:52 +02:00
Guus Sliepen
d47c79533f Make absolutely sure we can write config files before accepting an invitation. 2013-07-26 15:44:05 +02:00
Guus Sliepen
37cca72e6c Choose a different Port when 655 isn't available when doing "tinc join". 2013-07-26 14:53:36 +02:00
Guus Sliepen
8f2db4afdd Choose a different Port when 655 isn't available when doing "tinc init".
If port 655 cannot be bound to when using the init command, tinc will try to
find a random port number that can be bound to, and will add the appropriate
Port variable to its host config file. A warning will be printed as well.
2013-07-26 14:17:15 +02:00
Guus Sliepen
d6a67266c8 Don't forget the Port variable when creating an invitation URL. 2013-07-25 17:30:47 +02:00
Guus Sliepen
d1e01bc880 Allow control-C to stop tincd without stopping the tinc shell. 2013-07-25 17:30:47 +02:00
Guus Sliepen
d219fe2c09 Warn when incorrect use of add or set causes variables to be removed. 2013-07-25 17:30:47 +02:00
Guus Sliepen
e624969568 Fix compression when using the SPTPS protocol. 2013-07-24 20:48:31 +02:00
Guus Sliepen
5fca595b80 Honour umask, let temporary key files inherit original's permissions.
During the init command, tinc changed the umask to 077 when writing the public
and private key files, to prevent the temporary copies from being world
readable. However, subsequently created files would therefore also be
unreadable for others. Now we don't change the umask anymore, therefore
allowing the user to choose whether the files are world readable or not by
setting the umask as desired. The private key files are still made unreadable
for others of course. Temporary files now inherit the permissions of the
original, and the tinc-up script's permissions now also honour the umask.
2013-07-22 23:05:07 +02:00
Etienne Dechamps
ae85a02030 Further improve bandwidth estimation for type 2 MTU probe replies.
This patch adds timestamp information to type 2 MTU probe replies. This
timestamp can then be used by the recipient to estimate bandwidth more
accurately, as jitter in the RX direction won't affect the results.
2013-07-22 21:25:44 +01:00
Etienne Dechamps
e3c763eae8 Introduce lightweight PMTU probe replies.
When replying to a PMTU probe, tinc sends a packet with the same length
as the PMTU probe itself, which is usually large (~1450 bytes). This is
not necessary: the other node wants to know the size of the PMTU probes
that have been received, but encoding this information as the actual
reply length is probably the most inefficient way to do it. It doubles
the bandwidth usage of the PMTU discovery process, and makes it less
reliable since large packets are more likely to be dropped.

This patch introduces a new PMTU probe reply type, encoded as type "2"
in the first byte of the packet, that indicates that the length of the
PMTU probe that is being replied to is encoded in the next two bytes of
the packet. Thus reply packets are only 3 bytes long.

(This also protects against very broken networks that drop very small
packets - yes, I've seen it happen on a subnet of a national ISP - in
such a case the PMTU probe replies will be dropped, and tinc won't
enable UDP communication, which is a good thing.)

Because legacy nodes won't understand type 2 probe replies, the minor
protocol number is bumped to 3.

Note that this also improves bandwidth estimation, as it is able to
measure bandwidth in both directions independently (the node receiving
the replies is measuring in the TX direction) and the use of smaller
reply packets might decrease the influence of jitter.
2013-07-22 21:25:37 +01:00
Etienne Dechamps
e3a4672afb Disable PMTU discovery when TCPOnly is set.
Obviously, PMTU discovery doesn't make much sense when we know we'll be
using TCP anyway.
2013-07-21 00:36:28 +02:00
Guus Sliepen
b03bbaa385 Allow extra options to be passed to "tinc restart" again. 2013-07-21 00:20:54 +02:00
Guus Sliepen
e82bec6670 Forbid protocol version rollback.
When we know a node's ECDSA key, we only allow communication via the SPTPS
protocol.
2013-07-21 00:13:38 +02:00
Etienne Dechamps
51c1639884 Fix hash_function().
The hashing function that tinc uses is currently broken as it only looks
at the first 4 bytes of data.

This leads to interesting bugs, like the node UDP address cache being
subtly broken because two addresses with the same protocol and port (but
not the same IP address) will override each other. This is because
the first four bytes of sockaddr_in contains the IP protocol and port,
while the IP address itself is contained in the four remaining bytes
that are never used when the hash is computed.
2013-07-20 23:31:19 +02:00
Guus Sliepen
1828908148 Don't use vasprintf() anymore on Windows.
Windows doesn't actually support it, but MinGW provides it. However, with some versions of
MinGW it doesn't work correctly. Instead, we vsnprintf() to a local buffer and xstrdup() the
results.
2013-07-17 18:06:56 +02:00
Guus Sliepen
54127996ca Don't search in local directories for include files.
Tinc's source code doesn't rely on this anymore, and this gets rid of potential conflicts with
system headers.
2013-07-17 18:02:07 +02:00
Guus Sliepen
fb1e69072e Add missing definitions on Windows. 2013-07-17 18:00:40 +02:00
Guus Sliepen
918067f117 Fix warning "Both netname and configuration directory given" on Windows. 2013-07-15 14:48:43 +02:00
Etienne Dechamps
633b7cbb45 Fix combination of Mode = router and DeviceType = tap on Linux.
I believe I have found a bug in tinc on Linux when it is used with
Mode = router and DeviceType = tap. This combination is useful because
it allows global broadcast packets to be used in router mode. However,
when tinc receives a packet in this situation, it needs to make sure its
destination MAC address matches the address of the TAP adapter, which is
typically not the case since the sending node doesn't know the MAC
address of the recipient. Unfortunately, this is not the case on Linux,
which breaks connectivity.
2013-07-15 00:28:35 +02:00
Guus Sliepen
24e3ec863e Add connection rate limiting.
Tinc now strictly limits incoming connections from the same host to 1 per
second. For incoming connections from multiple hosts short bursts of incoming
connections are allowed (by default 100), but on average also only 1 connection
per second is allowed.

When an incoming connection exceeds the limit, tinc will keep the connection in
a tarpit; the connection will be kept open but it is ignored completely. Only
one connection is in a tarpit at a time to limit the number of useless open
connections.
2013-07-11 23:38:38 +02:00
Guus Sliepen
2eba793305 Set $NAME when calling host-up/down and subnet-up/down scripts. 2013-07-05 21:36:51 +02:00
Guus Sliepen
b811e980e3 Add the LocalDiscoveryAddress option.
When LocalDiscovery is enabled, tinc normally sends broadcast packets during
PMTU discovery to the broadcast address (255.255.255.255 or ff02::1). This
option lets tinc use a different address.

At the moment only one LocalDiscoveryAddress can be specified.
2013-05-31 18:50:34 +02:00
Guus Sliepen
e92b2004e2 Use strerror() instead of gai_strerror() when err == EAI_SYSTEM. 2013-05-31 17:23:00 +02:00
Guus Sliepen
ce5e0f6557 Allow the log output to be stopped with control-C in tinc's shell. 2013-05-30 17:38:48 +02:00
Guus Sliepen
6bf3595a91 Better optional argument handling.
Some options can take an optional argument. However, in this case GNU getopt
requires that the optional argument is right next to the option without
whitespace inbetween. If there is whitespace, getopt will treat it as a
non-option argument, but tincd ignored those without a warning. Now tincd will
allow optional arguments with whitespace inbetween, and will give an error when
it encounters any other non-option arguments.

The tinc binary now requires that all options for itself are given before the
command.
2013-05-30 16:53:16 +02:00
Guus Sliepen
ced4c1a327 Add an invitation protocol.
Using the tinc command, an administrator of an existing VPN can generate
invitations for new nodes. The invitation is a small URL that can easily
be copy&pasted into email or live chat. Another person can have tinc
automatically setup the necessary configuration files and exchange keys
with the server, by only using the invitation URL.

The invitation protocol uses temporary ECDSA keys. The invitation URL
consists of the hostname and port of the server, a hash of the server's
temporary ECDSA key and a cookie. When the client wants to accept an
invitation, it also creates a temporary ECDSA key, connects to the server
and says it wants to accept an invitation. Both sides exchange their
temporary keys. The client verifies that the server's key matches the hash
in the invitation URL. After setting up an SPTPS connection using the
temporary keys, the client gives the cookie to the server. If the cookie
is valid, the server sends the client an invitation file containing the
client's new name and a copy of the server's host config file. If everything
is ok, the client will generate a long-term ECDSA key and send it to the
server, which will add it to a new host config file for the client.

The invitation protocol currently allows multiple host config files to be
send from the server to the client. However, the client filters out
most configuration variables for its own host configuration file. In
particular, it only accepts Name, Mode, Broadcast, ConnectTo, Subnet and
AutoConnect. Also, at the moment no tinc-up script is generated.

When an invitation has succesfully been accepted, the client needs to start
the tinc daemon manually.
2013-05-29 18:31:10 +02:00
Guus Sliepen
12e68b95e6 Fix port number in pidfile. 2013-05-28 13:41:53 +02:00
Guus Sliepen
cbe03b0932 Add a newline when logging to stderr in the tinc binary. 2013-05-28 13:40:32 +02:00
Guus Sliepen
c3d357af6c Improve base64 encoding/decoding, add URL-safe variant.
b64decode() now returns length 0 when an invalid character was encountered.
2013-05-28 13:39:15 +02:00
Guus Sliepen
ad93dc3a4b Annotate the xalloc functions.
Most important is the annotation of xasprintf() with the format attribute,
which allows the compiler to give warnings about the format string and
arguments.
2013-05-28 13:36:26 +02:00
Guus Sliepen
bc87b45003 Send a new key when we receive packets from a node we don't have a valid key for. 2013-05-18 16:11:30 +02:00
Guus Sliepen
a9b80226e1 Enable and fix warnings from automake. 2013-05-15 13:55:06 +02:00
Sven-Haegar Koch
a518f82af7 Modified some error messages in src/sptps.c. 2013-05-15 13:53:13 +02:00
Guus Sliepen
fa20cfceec Don't try to handle incoming data if sptps_start() has not been called yet. 2013-05-12 13:39:22 +02:00
Guus Sliepen
52f64cdf95 Fix potential NULL pointer dereferences. 2013-05-11 16:54:50 +02:00
Guus Sliepen
d03dc91e27 Don't free ephemeral ECDH keys twice.
ecdh_compute_shared() was changed to immediately delete the ephemeral key after
the shared secret was computed.  Therefore, the pointer to the ecdh_t struct
should be zeroed so it won't be freed again when a struct sptps_t is freed.
2013-05-11 14:14:20 +02:00
Guus Sliepen
fc119fb009 Use read_host_config() where appropriate. 2013-05-11 14:05:28 +02:00
Guus Sliepen
3c163a3796 Fix check for presence of ECDSA public key for outgoing connections.
At this point, c->config_tree may or may not be NULL, but this does not tell us whether it is an
outgoing connection or not. For incoming connections, we do not know the peer's name yet,
so we always have to claim ECDSA support. For outgoing connections, we always need to check
whether we have the peer's ECDSA public key, so that if we don't, we correctly tell the peer that
we want to upgrade.
2013-05-11 14:04:39 +02:00
Guus Sliepen
c83c2d080f Enable the SPTPS protocol by default. 2013-05-10 21:18:32 +02:00
Guus Sliepen
ee34ac3d61 Add a few more checks and warnings in the crypto functions. 2013-05-10 20:55:52 +02:00
Guus Sliepen
214060ef20 Fix warnings for functions marked __attribute((warn_unused_result)). 2013-05-10 20:30:47 +02:00
Guus Sliepen
7b949262c4 Add __attribute__((warn_unused_result)) to crypto functions. 2013-05-10 20:23:01 +02:00
Guus Sliepen
45063953fd Add more __attribute__((malloc)) where appropriate. 2013-05-10 20:15:27 +02:00
Guus Sliepen
0acdce222f Add generic crypto headers.
They should have been included in commit 9b9230a.
2013-05-01 17:58:30 +02:00
Guus Sliepen
5b07039b07 Rename xmalloc_and_zero() to xzalloc().
The former name is more or less only used by tinc, the latter is used by other
projects as well, and shorter as well.
2013-05-01 17:31:33 +02:00
Guus Sliepen
9b9230a0a7 Use conditional compilation for cryptographic functions.
This gets rid of the rest of the symbolic links. However, as a consequence, the
crypto header files have now moved to src/, and can no longer contain
library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t
and rsa_t are now all opaque types, and only pointers to those types can be
used.
2013-05-01 17:17:22 +02:00
Guus Sliepen
e70b5b5bd7 Use conditional compilation for device.c.
This requires the automake option "subdir-objects" to be enabled, and it
becomes more critical to specify the exact path to local header files.
2013-05-01 12:20:06 +02:00
Guus Sliepen
43c72093ad Don't try to create tinc.conf when using set or add commands.
It is almost certainly an error. If one really wants to create a new tinc.conf
file, one should use the init command.
2013-04-28 19:33:04 +02:00
Guus Sliepen
258bf7ea0f Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Normally all requests sent via the meta connections are checked so that they
cannot be larger than the input buffer. However, when packets are forwarded via
meta connections, they are copied into a packet buffer without checking whether
it fits into it. Since the packet buffer is allocated on the stack, this in
effect allows an authenticated remote node to cause a stack overflow.

This issue was found by Martin Schobert.
2013-04-22 15:53:45 +02:00
Guus Sliepen
9e2ae03d1d Fix completion of add/del/get/set commands. 2013-03-12 11:28:40 +01:00
Guus Sliepen
23a634becf Rename tincctl to tinc. 2013-03-08 16:22:56 +01:00
Guus Sliepen
4c30004cb6 Avoid calling time(NULL).
In most cases we can use the cached time.
2013-03-08 14:11:15 +01:00
Guus Sliepen
af77e5d475 Allow changing configuration with tincctl without the "config" keyword.
This saves typing some characters, and forces one to be more explicit about the
desired command (get, set).
2013-03-08 11:40:40 +01:00
Guus Sliepen
1d226977a4 Better default output file for generated public keys. 2013-03-08 11:24:37 +01:00
Guus Sliepen
f9ab8e266b Flush output buffers in the tap reader thread on Windows.
This is basically a port of commit 50fcfea1 to 1.1.
2013-03-01 17:37:56 +01:00
Guus Sliepen
4d05e695ab Use UDP when using sptps_test in datagram mode. 2013-02-22 15:37:48 +01:00
Guus Sliepen
d298ebe91c Fix compiler warnings on some BSD variants. 2013-02-20 15:35:08 +01:00
Guus Sliepen
3847b78ba5 Fix compiler warnings on Windows. 2013-02-20 15:34:55 +01:00
Guus Sliepen
1bb969c930 Fix a tiny memory leak.
Found by cppcheck.
2013-02-20 13:59:50 +01:00
Guus Sliepen
d21f63d5b3 Don't expect a response from tincd after sending REQ_STOP. 2013-02-08 16:44:50 +01:00
Guus Sliepen
a8b52becbb Derive UNIX socket filename from PID filename. 2013-02-07 15:26:56 +01:00
Guus Sliepen
079dcd0179 Don't send proxy requests for incoming connections. 2013-02-07 14:22:28 +01:00
Guus Sliepen
ee63f2a32b Fix segmentation fault when trying to connect via a SOCKS5 proxy. 2013-02-06 15:24:02 +01:00
Guus Sliepen
053af97c9e Check for writability when waiting for a socket to finish connecting.
We were checking only for readability, which is not a problem for normal
connections, since the server side of a connection will always send an ID
request. But when using a proxy, the proxy server doesn't send anything before
the client, so tinc would not see that its connection to the proxy had already
been established.
2013-02-06 15:12:53 +01:00
Guus Sliepen
1135669b3c Fix tincd terminating immediately on Windows. 2013-02-06 11:30:35 +01:00
Guus Sliepen
9c878bf56f Remove direct inclusion of OpenSSL headers in net_packet.c and tincd.c. 2013-01-31 16:12:56 +01:00
Guus Sliepen
42b222ecb6 Detect increases in PMTU.
Tinc never restarts PMTU discovery unless a node becomes unreachable. However,
it can be that the PMTU was very low during the initial discovery, but has
increased later. To detect this, tinc now tries to send an extra packet every
PingInterval, with a size slightly higher than the currently known PMTU. If
this packet is succesfully received back, we partially restart PMTU discovery
to find out the new maximum.

Conflicts:
	src/net_packet.c
2013-01-31 16:10:58 +01:00
Guus Sliepen
87416bcd8b Get microsecond time resolution on Windows. 2013-01-21 16:12:18 +01:00
Guus Sliepen
3a039ece25 Fix datagram SPTPS.
Commit dd07c9fc1f broke the reception of datagram
SPTPS packets, by undoing the conversion of the sequence number to host byte
order before comparison. This caused error messages like "Packet is 16777215
seqs in the future, dropped (1)".
2013-01-21 13:47:46 +01:00
Guus Sliepen
cc3c69c892 Releasing 1.1pre5. 2013-01-20 21:03:22 +01:00
Guus Sliepen
76dbcf8989 Fix tincctl init when /etc/tinc does not yet exist. 2013-01-20 21:02:58 +01:00
Guus Sliepen
aa46596991 Remove possible definition of timersub(), which is also in dropin.h. 2013-01-20 20:19:08 +01:00
Guus Sliepen
1be7dc759a Make sure PriorityInheritance also works in switch mode.
Conflicts:
	src/route.c
2013-01-20 15:20:52 +01:00
Guus Sliepen
94587264bd Allow connections via UNIX sockets.
This is mainly useful for control connections. The client must still present
the control cookie from the PID file.
2013-01-17 18:12:55 +01:00
Guus Sliepen
2c14123062 Fix compilation of UML and VDE device support. 2013-01-17 16:39:41 +01:00
Guus Sliepen
f5bb64b36a Move make_names() and related variables to its own source file. 2013-01-17 16:39:02 +01:00
Guus Sliepen
a9eba276a4 Handle SIGINT gracefully. 2013-01-17 14:14:17 +01:00
Guus Sliepen
1ddd6111a4 Fix the minimum spanning tree algorithm.
Tinc uses Kruskal's algorithm to calculate a MST. However, this was broken in
commit 6e80da3370. Revert back to the working
algorithm from tinc 1.0.

Thanks to Cheng LI for spotting the problem.
2013-01-17 11:21:18 +01:00
Guus Sliepen
61275547cd Estimate RTT, bandwidth and packet loss between nodes.
Without adding any extra traffic, we can measure round trip times, estimate the
bandwidth and packet loss between nodes. The RTT and bandwidth can be measured
by timing the MTU probe packets. The RTT is the difference between the time a
burst of MTU probes was sent and when the first reply is received. The
bandwidth can be estimated by multiplying the size of the probe packets by the
time between succesive received probe replies of the same burst. The packet
loss can be estimated for incoming traffic by comparing how many packets have
actually been received to the increase in the sequence numbers.

The estimates are not perfect. Especially bandwidth is difficult to measure,
the only accurate way is to continuously send as much data as possible, but
that is obviously not desirable. The packet loss rate is also almost always
a few percent when sending a lot of data over the VPN via TCP, since TCP
*needs* packet loss to work properly.
2013-01-16 16:31:56 +01:00
Guus Sliepen
eef25266cb Count the number of correctly received UDP packets.
Keep track of the number of correct, non-replayed UDP packets that have been
received, regardless of their content. This can be compared to the sequence
number to determine the real packet loss.
2013-01-15 13:33:16 +01:00
Guus Sliepen
b50a92d0c3 Add the tincctl exchange and exchange-all commands.
These are identical to an export/export-all followed by an import, and make
it simpler to exchange host config files with other nodes.
2013-01-15 13:31:51 +01:00
Guus Sliepen
dd07c9fc1f Check HMAC before sequence number. 2013-01-14 13:08:35 +01:00
Guus Sliepen
83a94ab08f Always complain if too many arguments are given for tincctl commands. 2013-01-14 13:02:39 +01:00
Guus Sliepen
50e1790101 Better error messages when using -L, -R or -U on platforms that do not support it. 2013-01-14 13:01:47 +01:00
Guus Sliepen
cad86108f3 Don't complain about garbage if we skipped importing a host file. 2013-01-14 12:59:17 +01:00
Guus Sliepen
17a0b3a890 Fix support for tunemu on iOS devices.
The actual code was fine but the #ifdefs tested for the wrong preprocessor
variable.

Conflicts:
	src/bsd/device.c
	src/process.c
2012-12-18 16:34:37 +01:00
Guus Sliepen
c26581e29f Fix infinite loop in timeout handling on Windows. 2012-12-07 15:49:21 +01:00
Guus Sliepen
58026f72a1 Fix display of cumulative packet counters. 2012-12-06 16:59:35 +01:00
Guus Sliepen
4c16094e94 Fix whitespace. 2012-12-05 21:42:43 +01:00
Guus Sliepen
4f8abf1b29 Scale packet counters similar to byte counters. 2012-12-05 21:40:49 +01:00
Guus Sliepen
d5f0ff5df8 Don't use nested functions.
This allows tinc to be compiled with Clang.
2012-12-05 21:33:01 +01:00
Guus Sliepen
eb80105ea8 Fix compiler warnings on OpenBSD. 2012-12-05 14:42:21 +01:00
Guus Sliepen
a717b9bcfb Add option to dump only a list of reachable nodes. 2012-12-03 13:08:03 +01:00
Guus Sliepen
75c619e372 More fixes for Windows.
In particular, Windows does support many of the timer* macros, except timeradd
and timersub.
2012-12-03 10:41:28 +01:00
Guus Sliepen
d53384c2de Fix compiler error on Windows. 2012-12-03 09:08:21 +01:00
Guus Sliepen
76816e119b Fix crash in timeout handling. 2012-12-03 09:07:23 +01:00
Guus Sliepen
d19b006065 Set a node's pointers to zero before trying to insert it into a tree. 2012-12-03 09:02:08 +01:00
Guus Sliepen
d2b19be1a0 Fix use of unitialised values in hash tables.
Not only was Valgrind unhappy about it, it could also result in cache misses.
2012-11-29 14:35:08 +01:00
Guus Sliepen
d9c70767aa Fix check for expired events.
This would trigger a infinite loop if a timeout expired and the next timeout
was not expired yet, but less than 1 second from being expired.
2012-11-29 14:32:12 +01:00
Guus Sliepen
8825cddd0d Allow multiple timeouts to expire at the exact same time. 2012-11-29 12:37:04 +01:00
Guus Sliepen
6bc5d626a8 Drop libevent and use our own event handling again.
There are several reasons for this:

- MacOS/X doesn't support polling the tap device using kqueue, requiring a
  workaround to fall back to select().
- On Windows only sockets are properly handled, therefore tinc uses a second
  thread that does a blocking ReadFile() on the TAP-Win32/64 device. However,
  this does not mix well with libevent.
- Libevent, event just the core, is quite large, and although it is easy to get
  and install on many platforms, it can be a burden.
- Libev is more lightweight and seems technically superior, but it doesn't
  abstract away all the platform differences (for example, async events are not
  supported on Windows).
2012-11-29 12:28:23 +01:00
Guus Sliepen
d30b9e1272 Ensure MTU probe replies are sent back the same way they came in.
Also sprinkle some comments over mtu_probe_h().
2012-11-19 14:20:50 +01:00
Guus Sliepen
3c1b704733 Improve UDP address selection.
We don't need to search the whole edge tree, we can use the node's own edge
tree since each edge has a pointer to its reverse. Also, we do need to make
sure we try the reflexive address often.
2012-11-19 13:50:17 +01:00
Guus Sliepen
f57129ce34 Try all known addresses of node during PMTU discovery, now also for SPTPS. 2012-11-17 22:48:06 +01:00
Guus Sliepen
30404650b2 Choose a suitable socket when updating a node's UDP address. 2012-11-17 22:14:52 +01:00
Guus Sliepen
8f9ee89522 Also don't use poll() on MacOS/X. 2012-11-15 11:24:18 +01:00
Guus Sliepen
8a77df9e28 Disable support for kqueue on MacOS/X.
Apparently MacOS/X doesn't support kqueue events on character devices.
2012-11-15 11:13:40 +01:00
Guus Sliepen
e8bf81794f Send broadcast packets using a random socket, and properly support IPv6.
Before it would always use the first socket, and always send an IPv4 broadcast packet. That
works fine in a lot of situations, but it is better to try all sockets, and to send IPv6 packets
on IPv6 sockets. This is especially important for users that are on IPv6-only networks or that
have multiple physical network interfaces, although in the latter case it probably requires
them to use the ListenAddress variable to create a separate socket for each interface.
2012-11-13 15:05:41 +01:00
Guus Sliepen
0870c7c32c Don't take the address of a variable whose scope is about to disappear. 2012-11-13 15:01:43 +01:00
Guus Sliepen
0ee139e914 Make sure PMTU discovery works in switch mode with VLAN tags.
Before, when tinc saw a packet larger than the PMTU with a VLAN tag, it would
not know what to do with it, and would just forward it via TCP. Now, tinc
handles 802.1q packets correctly, as long as there is only one tag.
2012-11-10 23:55:56 +01:00
Guus Sliepen
ade4fccad6 Using alloca() for a constant sized buffer is very silly.
Cppcheck said using alloca() in the 21st century is silly anyway.
2012-11-10 23:13:05 +01:00
Guus Sliepen
b355476e91 Fix potential buffer overflow reading the PID file.
Found by cppcheck.
2012-11-10 23:09:31 +01:00
Guus Sliepen
edc08b73a9 Slightly randomize all timeouts. 2012-10-21 17:45:16 +02:00
Guus Sliepen
717ea66d7b Add the AutoConnect option.
When set to a non-zero value, tinc will try to maintain exactly that number of
meta connections to other nodes.  If there are not enough connections, it will
periodically try to set up an outgoing connection to a random node.  If there
are too many connections, it will periodically try to remove an outgoing
connection.
2012-10-21 17:35:13 +02:00
Guus Sliepen
1f8b70efa0 Keep track of the number of nodes in a tree. 2012-10-21 17:34:53 +02:00
Guus Sliepen
3254e75afe Fix a few compiler errors/warnings. 2012-10-14 19:21:13 +02:00
Guus Sliepen
70a1a5594a Update copyright notices. 2012-10-14 17:42:49 +02:00
Guus Sliepen
4200a378c4 Fix compile error on Windows. 2012-10-14 16:39:16 +02:00
Guus Sliepen
368727c3da tincctl: add node colors and edge weight to graph dump. 2012-10-14 16:12:17 +02:00
Guus Sliepen
40ed0c07dd Log more messages using logger(). 2012-10-14 15:37:24 +02:00
Guus Sliepen
b234304b66 Make sure the ReplayWindow option works for SPTPS as well. 2012-10-14 14:48:35 +02:00
Guus Sliepen
ee1d655f2f Only log success of initial datagram SPTPS handshake. 2012-10-14 14:45:27 +02:00
Guus Sliepen
44a24f63ac Fix handling of initial datagram SPTPS packet.
Only the very first packet of an SPTPS session should be send with REQ_KEY,
this signals the peer to abort any previous session and start a new one as
well.
2012-10-14 14:33:54 +02:00
Sven-Haegar Koch
ec1f7e525d sptps.c: Add missing newline to log message. 2012-10-12 17:19:56 +02:00
Guus Sliepen
94ec8d34db Strip newline from incoming SPTPS requests.
Most of the code doesn't care whether requests are terminated with a newline or
not, except that when requests are forwarded, it is assumed they do not have
one and a newline is added.  When a node using SPTPS receives a request from
another SPTPS-using node, and forwards it to a non-SPTPS-using node, this will
result in two consecutive newlines, which the latter node will see as an empty,
and thus invalid, request.
2012-10-11 22:47:13 +02:00
Guus Sliepen
45944e4514 Clear status and options fields of unreachable nodes. 2012-10-11 22:21:30 +02:00
Guus Sliepen
d917c8cb6b Fix whitespace. 2012-10-10 17:17:49 +02:00
Guus Sliepen
58f4b845b9 Try all known addresses of node during the PMTU discovery phase.
This helps in situations where some nodes have IPv6 and others have not.
2012-10-10 14:46:22 +02:00
Guus Sliepen
0ed0cc6f9c Fix hash functions for keys whose size is not divisible by 4. 2012-10-09 17:49:09 +02:00
Guus Sliepen
d1ec010660 Fix memory leaks found by valgrind. 2012-10-09 16:27:28 +02:00
Guus Sliepen
72642b40b3 Clear Ethernet header when reading packets from a tun device.
This fixes a warning from valgrind about uninitialized bytes, which were being
sent to other nodes.
2012-10-09 15:52:58 +02:00
Guus Sliepen
b346338f9c Remove unused variables, fix some #includes. 2012-10-09 13:28:09 +02:00
Guus Sliepen
f62b4a9134 Fix deleting connections from the connection list. 2012-10-09 13:23:12 +02:00
Guus Sliepen
0b8b23e0dd C99 extravaganza. 2012-10-08 00:35:38 +02:00
Guus Sliepen
ff306f0cda Replace the connection_tree with a connection_list.
The tree functions were never used on the connection_tree, a list is more appropriate.
Also be more paranoid about connections disappearing while traversing the list.
2012-10-07 21:59:53 +02:00
Guus Sliepen
ce059e36fd Refactor outgoing connection handling.
Struct outgoing_ts and connection_ts were depending too much on each other,
causing lots of problems, especially the reuse of a connection_t. Now, whenever
a connection is closed it is immediately removed from the list of connections
and destroyed.
2012-10-07 21:02:40 +02:00
Guus Sliepen
d93a37928b Fix warnings from cppcheck. 2012-10-07 17:53:23 +02:00
Guus Sliepen
5d0812d492 Remove a debug message. 2012-10-07 14:06:47 +02:00
Guus Sliepen
c2a9ed9e98 Handle packets encrypted via SPTPS that need to be forwarded via TCP. 2012-10-07 14:03:50 +02:00
Guus Sliepen
bb6b97ce34 Make datagram SPTPS key exchange more robust.
Similar to old style key exchange requests, keep track of whether a key
exchange is already in progress and how long it took. If no key is known yet
or if key exchange takes too long, (re)start a new key exchange.
2012-10-07 13:31:19 +02:00
Guus Sliepen
b99af2f813 Useful error messages when writing to a meta connection fails. 2012-10-07 11:45:54 +02:00
Guus Sliepen
e053713465 When terminating, keep control connections open until the end.
This ensures all device files and listening sockets have been closed before
tincctl gets notified of tincd's termination.
2012-10-06 21:16:17 +02:00
Guus Sliepen
86116bb022 Clear connection options and status fields in free_connection_partially().
Most fields should be zero when reusing a connection. In particular, when an
outgoing connection to a node which is reachable on more than one address is
made, the second connection to that node will have status.encryptout set but
outctx will be NULL, causing a NULL pointer dereference when
EVP_EncryptUpdate() is called in send_meta() when it shouldn't.
2012-10-06 21:15:19 +02:00
Guus Sliepen
ef9358c0d6 Improve starting/stopping tincd using tincctl.
When starting tincd, tincctl now strips non-options from the command line, and
sets argv[0] to the name of the tincd command instead of copying its own
command name.

When stopping a running tincd, tincctl now waits for it to terminate.
2012-10-06 17:45:03 +02:00
Guus Sliepen
47f33e07ff Fix off-by-one error.
Apart from writing 1 byte beyond an array allocated on the stack, this slipped
an unitialized byte in the seed used for key generation.
2012-10-06 16:53:43 +02:00
Guus Sliepen
20b441a6de Libreadline might depend on libcurses. 2012-10-01 10:42:13 +02:00
Guus Sliepen
3887e6dcb5 Remove abort() call that accidentily sneaked into commit dd1b69e. 2012-10-01 10:39:15 +02:00
Guus Sliepen
0b0949e5bb Make sure sptps_test compiles without -flto. 2012-10-01 10:36:23 +02:00
Guus Sliepen
b381acd60d Remove unused function declaration. 2012-09-30 23:12:43 +02:00
Guus Sliepen
dd1b69e31f Fix not reading Port statement from host config file. 2012-09-30 22:43:48 +02:00
Guus Sliepen
6dfdb32361 Merge branch 'master' into 1.1
Conflicts:
	lib/utils.c
	src/net_setup.c
	src/process.c
	src/protocol_auth.c
	src/protocol_key.c
	src/utils.h
2012-09-30 15:00:47 +02:00
Guus Sliepen
c4940a5c88 Add strict checks to hex to binary conversions.
The main goal is to catch misuse of the obsolete PrivateKey and PublicKey
statements.
2012-09-30 13:45:47 +02:00
Guus Sliepen
3bd810ea79 Attribution for Martin Schürrer. 2012-09-30 13:45:39 +02:00
Martin Schürrer
5a161e86cf Output details of encryption errors 2012-09-30 02:04:55 +02:00
Guus Sliepen
9e76c464b2 Remove some debugging messages. 2012-09-28 17:51:48 +02:00
Guus Sliepen
e971130b60 Make tincctl robust against dropped control connections. 2012-09-28 17:36:25 +02:00
Guus Sliepen
c5325ffdd1 Correctly add/remove outgoing connections when reloading configuration. 2012-09-28 17:05:01 +02:00
Guus Sliepen
f70cbc9d3e Comment out old public/private keys when generating new ones. 2012-09-27 15:45:02 +02:00
Guus Sliepen
1f312137d5 Allow dumping either directed or undirected graphs.
Internally, tinc maintains a directed graph of the meta connections between
nodes. However, this causes graphviz to draw two lines between nodes, which is
not always desirable. The "dump graph" command now defaults to dumping an
undirected graph, the "dump digraph" command will dump a directed graph.
2012-09-26 23:52:36 +02:00
Guus Sliepen
d6388d782e Let tincctl parse and format dumps.
At the moment it just reproduces the old format.
2012-09-26 23:18:32 +02:00
Guus Sliepen
9ade39b7d5 Keep last known address and time since reachability changed.
This allows tincctl info to show since when a node is online or offline.
2012-09-26 22:20:43 +02:00
Guus Sliepen
1e5deec973 Remove remnants of Ethertap and old TUNSETIFF ioctl(). 2012-09-25 22:28:08 +02:00
Guus Sliepen
66e702d90d Attribution for Vil Brekin and some code style cleanups. 2012-09-24 14:02:07 +02:00
Vilbrekin
afe4bf62ec Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation. 2012-09-24 13:55:29 +02:00
Vilbrekin
f2570c1b7f Replace hard-code with new ScriptsInterpreter configuration property.
This new setting allows choosing a custom script interpreter used for the various tinc callbacks.
If none is specified, the script itself is called as executable (as before).
This is particularly useful when storing tinc configuration and script on a mount point with no-exec attribute.
2012-09-24 13:55:24 +02:00
Vilbrekin
8a6f278fd2 Basic patch for android cross-compilation.
Commented non-existing functions in android NDK.
Prefix scripts execution with shell binary to allow execution on no-exec mount points.
Everyything is currently hard coded, while it should use pre-compiler variables...
2012-09-24 13:53:11 +02:00
Guus Sliepen
2dc8deb104 Ensure sptps_test compiles with -flto. 2012-09-13 21:35:29 +02:00
Guus Sliepen
90f1cba1fd Replace node_udp_tree with a hash table. 2012-09-05 13:05:48 +02:00
Guus Sliepen
4c05afd19a Use hash tables to lookup owners of addresses. 2012-09-05 12:45:36 +02:00
Guus Sliepen
6b6a025488 Add a simple hash table implementation. 2012-09-05 12:44:41 +02:00
Guus Sliepen
e9de08be0d Remove newlines at end of log messages. 2012-09-04 14:21:50 +02:00
Guus Sliepen
05dac63dbc Remove some debug messages. 2012-09-04 14:16:05 +02:00
Guus Sliepen
742f7bb04e Properly handle SPTPS packets with stripped Ethernet headers. 2012-08-30 14:21:23 +02:00
Guus Sliepen
d74b81b61e Fix node name check for "connect" and "disconnect" commands. 2012-08-30 14:00:34 +02:00
Guus Sliepen
5567c0d410 Quit when "exit" or "quit" commands are used in tincctl's shell. 2012-08-05 17:25:31 +02:00
Guus Sliepen
d18519ae21 Fix segfault when using tincctl's shell without readline. 2012-08-05 17:03:57 +02:00
Guus Sliepen
e29e0fee88 Make sure the top command can be used more than once in tincctl's shell. 2012-08-03 14:17:02 +02:00
Guus Sliepen
a57db1dfe0 Fork when using the "start" command in tincctl.
This allows the command to be given in its shell without immediatly exiting tincctl.
2012-08-03 14:15:50 +02:00
Guus Sliepen
36c6afede3 Add readline completion for tincctl config and tincctl info. 2012-08-03 13:23:07 +02:00
Guus Sliepen
8af2f3f5a4 Optionally compress and/or strip Ethernet header from SPTPS packets. 2012-08-02 17:44:59 +02:00
Guus Sliepen
73348be58e Have tincctl act as a shell when no command is given.
By default it uses readline to read commands. If the input and output are not a
tty, no prompt is shown.
2012-08-02 17:24:42 +02:00
Guus Sliepen
91937812bd Clear struct sptps before reusing it. 2012-08-02 17:23:51 +02:00
Guus Sliepen
6396f42d74 Stricter checks for netname and node names.
- Node names should not be empty.
- Net names should not contain slashes or start with a dot, because they are
  used in pathnames.
2012-08-01 16:51:59 +02:00
Guus Sliepen
61006ced88 Add missing configuration variables. 2012-08-01 16:13:23 +02:00
Guus Sliepen
b0f3a76e9b Add the ability to query configuration variables to tincctl. 2012-08-01 15:53:20 +02:00
Guus Sliepen
a9caa2a6ea tincctl restart should work even if no tincd is running. 2012-08-01 15:15:37 +02:00
Guus Sliepen
07980b056c Try sending SIGTERM if we cannot connect to a tincd but we know its PID. 2012-08-01 15:14:48 +02:00
Guus Sliepen
7a71d48009 Use a status bit to track which nodes use SPTPS. 2012-07-31 21:43:49 +02:00
Guus Sliepen
6bc8df3e01 Add Brandon Black's replay window code to SPTPS. 2012-07-31 20:39:15 +02:00
Guus Sliepen
5ede437307 Handle SPTPS datagrams in try_mac(). 2012-07-31 20:36:35 +02:00
Guus Sliepen
aaff0ed089 Remove unused #include. 2012-07-31 20:29:13 +02:00
Guus Sliepen
153abaa4d9 Use datagram SPTPS for packet exchange between nodes.
When two nodes which support SPTPS want to send packets to each other, they now
always use SPTPS. The node initiating the SPTPS session send the first SPTPS
packet via an extended REQ_KEY messages. All other handshake messages are sent
using ANS_KEY messages. This ensures that intermediate nodes using an older
version of tinc can still help with NAT traversal. After the authentication
phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended
REQ_KEY messages instead of PACKET messages.
2012-07-30 18:36:59 +02:00
Guus Sliepen
2b97a7d7cf tincctl init now also creates a template tinc-up script. 2012-07-22 12:52:31 +02:00
Guus Sliepen
eb430005c7 Fix exit code when installing tincd as a service on Windows. 2012-07-21 17:10:10 +02:00
Guus Sliepen
e5e96882c3 Windows doesn't like quotes around "edit" when calling it through system().
Even though that works fine on the command line.
2012-07-21 16:33:09 +02:00
Guus Sliepen
18237e1f2d Use backslashes on Windows.
Although Windows itself supports the forward slash, some programs may not.
2012-07-21 16:26:55 +02:00
Guus Sliepen
09a8ff649c Don't try to mkdir(CONFDIR) on Windows when there is a registry key for tinc. 2012-07-21 15:58:16 +02:00
Guus Sliepen
ed8ce60845 Fix crash when no netname is specified. 2012-07-21 15:51:15 +02:00
Guus Sliepen
7303b512b0 Fix some compiler warnings. 2012-07-21 15:50:50 +02:00
Guus Sliepen
33521eabd4 Have tincd and tincctl use the same method of determining netname. 2012-07-21 15:15:04 +02:00
Guus Sliepen
1d322d2eda Add a newline to a configuration file if it is missing. 2012-07-21 15:02:44 +02:00
Guus Sliepen
dea722c4ac Add some checks when changing configuration. 2012-07-21 15:02:17 +02:00
Guus Sliepen
cc0c35267f Call event_init() after detaching.
Otherwise, the call to daemon() could close filedescriptors in use by libevent
itself; for example if it uses kqueue or epoll instead of a select() or poll()
backend.
2012-07-21 14:19:23 +02:00
Guus Sliepen
4e0fc52197 Fix various compiler warnings. 2012-07-21 13:53:22 +02:00
Guus Sliepen
98a72d6869 Make sure sptps.h and info.h are in the tarball. 2012-07-21 13:12:30 +02:00
Guus Sliepen
5eeed38b8e Make sure tinc compiles on Windows. 2012-07-21 12:51:53 +02:00
Guus Sliepen
1d4590ca5c Prefer routes with lower weight as long as they do not increase the number of hops.
This should improve traffic to nodes that are not directly reachable somewhat.
2012-07-20 20:35:07 +02:00
Guus Sliepen
4c8ead9874 Allow more configuration variables to be changed when reloading configuration.
In particular, Subnets may be added or removed from the local node on the fly.
2012-07-20 20:01:29 +02:00
Guus Sliepen
c678e7c4fb Split setup_myself() into two functions, one for reloading configuration. 2012-07-20 19:59:47 +02:00
Guus Sliepen
4591e96c76 Never remove items from cmdline_conf.
We should treat cmdline_conf as const, so we can call read_config_options()
more than once with prefix = NULL.
2012-07-20 17:29:16 +02:00
Guus Sliepen
68a20876d0 Use minor protocol version to determine whether to use ECDH key exchange between nodes. 2012-07-20 01:02:51 +02:00
Guus Sliepen
76a3ada4eb Put minor protocol version in connection options so other nodes can see it.
This allows two nodes that do not have a meta-connection with each other see
which version they are.
2012-07-17 18:05:55 +02:00
Guus Sliepen
68de7b481e When exporting configuration files, don't copy Name variables.
These interfere with tincctl import. Besides, host configuration files should
not contain Name at all.
2012-07-16 18:49:39 +02:00
Guus Sliepen
c52c46f871 Add an easy way to export and import host configuration files. 2012-07-16 16:48:24 +02:00
Guus Sliepen
6319dc9dde Strip default subnet weight from output. 2012-07-16 01:14:08 +02:00
Guus Sliepen
74646a4afa Give an error message when tincctl info cannot parse the given subnet or address. 2012-07-16 01:09:47 +02:00
Guus Sliepen
53735a9d96 "tincctl info" gives more human readable information about nodes or subnets. 2012-07-16 01:05:25 +02:00
Guus Sliepen
3c7003893f Move all functions related to subnet parsing to subnet_parse.c. 2012-07-16 00:52:50 +02:00
Guus Sliepen
e72e6febfe Fix tincctl dump. 2012-07-15 22:53:03 +02:00