Guus Sliepen
283c5d1cf0
Enable compiler hardening flags by default.
...
Check whether the compiler supports hardening flags and enable them unless
--disable-hardening is specified.
Conflicts:
configure.ac
2013-12-10 10:48:00 +01:00
Guus Sliepen
ef8efdfff1
Remove erroneous warning about SPTPS being disabled.
2013-12-08 21:37:56 +01:00
Guus Sliepen
be1446f5d0
Don't print an error when no ECDSA key is known for a node using the legacy protocol.
2013-12-08 21:32:21 +01:00
Guus Sliepen
c151cfa2e9
Give full path to unconfigured tinc-up script.
2013-12-08 21:31:50 +01:00
Guus Sliepen
1b580b2a6b
Allow running without ECDSA keys If ExperimentalProtocol is not explicitly set.
...
To make upgrading less painful, allow running tinc 1.1 without ECDSA keys
unless ExperimentalProtocol is explicitly set to yes.
2013-12-08 21:10:06 +01:00
Guus Sliepen
41583d5dcf
Don't print device statistics when exiting tinc.
...
Much more detailed statistics are now kept per node, which can be queried at
any time, which makes the device statistics obsolete.
2013-12-08 20:23:44 +01:00
Guus Sliepen
19b97e79aa
Prefer ncurses over curses.
2013-12-07 22:59:37 +01:00
Guus Sliepen
b115de2199
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
2013-12-07 22:54:02 +01:00
Guus Sliepen
cf9bea4e93
Avoid using a variable named "sun". Solaris doesn't like it.
2013-12-07 22:39:24 +01:00
Guus Sliepen
221f559bcf
Stricter check for raw socket support.
2013-12-07 22:20:10 +01:00
Guus Sliepen
c1f7357e7d
Include <limits.h> for PATH_MAX.
2013-12-07 22:19:39 +01:00
Guus Sliepen
c9bdac68e1
Update support for Solaris.
...
Adds support for the latest TAP driver from
http://www.whiteboard.ne.jp/~admin2/tuntap/ , so tinc now also works in switch
mode on Solaris 11.
2013-12-07 21:52:41 +01:00
Guus Sliepen
06943e828c
If no Port is specified, set myport to actual port of first listening socket.
...
If the Port statement is not used, there are two other ways to let tinc listen
on a non-default port: either by specifying one or more BindToAddress
statements including port numbers, or by starting it from systemd with socket
activation. Tinc announces its own port to other nodes, but before it only
announced what was set using the Port statement.
2013-12-05 15:01:30 +01:00
Guus Sliepen
3e924045cc
Mention in the manual that multiple Address staments are allowed.
2013-12-05 14:36:29 +01:00
Guus Sliepen
51bddfd4dd
Allow "none" for Cipher and Digest again.
2013-11-28 14:28:18 +01:00
Guus Sliepen
3d41e7d712
Make LocalDiscovery work for SPTPS packets.
2013-11-21 22:13:14 +01:00
Guus Sliepen
c1703ea917
Remove an unused variable.
2013-11-20 23:02:20 +01:00
Guus Sliepen
6168a9b6d5
Fix two warnings from Clang's static analyzer.
2013-11-15 15:32:53 +01:00
Guus Sliepen
29b42aa17e
Fix sending bulk data starting with a newline.
2013-10-22 21:30:17 +02:00
Guus Sliepen
a5bcb29fdf
Make sptps_test less verbose by default.
2013-10-22 21:19:41 +02:00
Guus Sliepen
7da999f4ae
Clean up child processes from proxy type exec.
2013-10-18 16:58:47 +02:00
Guus Sliepen
9b2eaebdf6
Fix sending empty SPTPS records.
2013-10-15 14:09:42 +02:00
Guus Sliepen
0da0728088
Use AES-256-GCM for the SPTPS protocol.
...
It is faster than AES-256-CTR + HMAC-SHA256, especially on Intel chips with AES
and PCLMULQDQ instructions.
2013-10-13 01:02:52 +02:00
Guus Sliepen
e42bd60097
Fix typos in the documentation.
...
Thanks to Thomas Sattler for finding and reporting them.
2013-09-27 11:36:57 +02:00
Guus Sliepen
68e3efe349
Fix segfault when Name = $HOST but $HOST is not set.
...
Conflicts:
src/net_setup.c
2013-09-27 11:36:46 +02:00
Guus Sliepen
22d804d446
Link sptps_speed with -lrt.
...
This is necessary for clock_gettime() on older versions of libc.
2013-09-15 22:03:00 +02:00
Guus Sliepen
c621dd62c7
Don't leak memory during the key generation speed test.
2013-09-15 22:02:33 +02:00
Guus Sliepen
b7b68c3e97
Add a benchmark for the SPTPS protocol.
2013-09-15 17:35:55 +02:00
Guus Sliepen
87b017c710
Avoid using BIOs.
2013-09-15 16:21:25 +02:00
Guus Sliepen
aaa7caad3d
Wrong date for the 1.1pre9 release in the NEWS.
2013-09-15 13:36:53 +02:00
Guus Sliepen
85d33e563a
Releasing 1.1pre9.
2013-09-08 17:30:40 +02:00
Guus Sliepen
e11daa2646
Don't try to mkdir(CONFDIR) if --config is used.
2013-09-08 15:03:06 +02:00
Guus Sliepen
c25c684a84
Make sure test scripts end up in the tarball.
2013-09-08 14:47:59 +02:00
Guus Sliepen
6072759bcb
Automake doesn't like info files being mentioned in CLEANFILES.
2013-09-08 14:42:32 +02:00
Guus Sliepen
b80cbaba04
Test running ping through two tinc daemons.
...
This is a more complicated test with one tinc daemon using a tap interface
(therefore requiring root), and a second one using a multicast interface. A
separate program "pong" is listening on the same multicast address, and waits
for ARP and ICMP packets, responding to ICMP echo packets with replies.
This test doesn't require any configuration of the tap interface.
2013-09-05 17:42:31 +02:00
Guus Sliepen
fe1d0043c8
Don't return zero-length packets when receiving multicast loopback packets.
2013-09-05 17:41:05 +02:00
Guus Sliepen
2faf3e91af
Add two more test scripts.
2013-09-05 15:36:37 +02:00
Guus Sliepen
6242b68242
Fix multicast device.
2013-09-05 14:51:13 +02:00
Guus Sliepen
09b5a3c020
Exit value 1 instead of a random non-zero value.
2013-09-05 14:50:10 +02:00
Guus Sliepen
bdbb710060
Add a test for invite and join commands.
2013-09-02 00:15:50 +02:00
Guus Sliepen
566ef6bcba
Also test whether tinc daemons can connect to each other after import/export.
2013-09-02 00:15:18 +02:00
Guus Sliepen
796c14b75c
Slightly relax the connection rate limit for a single address.
...
The restriction of accepting only 1 connection per second from a single address
is a bit too much, especially if one wants to join a VPN using an invitation,
which requires two connections.
2013-09-02 00:11:04 +02:00
Guus Sliepen
933f7f7526
Send a RELOAD to a running tincd when a new invitation key has been generated.
2013-09-01 22:59:51 +02:00
Guus Sliepen
4e7e4818b7
Clean up leftover tincd and sptps_test processes.
2013-09-01 22:59:24 +02:00
Guus Sliepen
b00a6d0666
Fix tincd logfile location when running tests.
2013-09-01 21:55:16 +02:00
Etienne Dechamps
c179dd0fc8
Fix broken build with --with-openssl, --with-libgcrypt.
...
When --with-openssl is used, $openssl is set to the specified path.
Unfortunately, that confuses the OPENSSL conditional which expects it to
be set to "true". The result is that the contents of the openssl/
directory are not built when --with-openssl is used, resulting in
undefined references and a broken build.
In addition, there is a typo in the GCRYPT conditional definition
("grypt" instead of "gcrypt") which means GCRYPT never gets set,
(presumably) breaking builds using libgcrypt.
These regressions were introduced in
9b9230a0a7
.
2013-09-01 21:24:59 +02:00
Guus Sliepen
a4e49f4566
Add test for import, export and exchange commands.
2013-09-01 21:07:02 +02:00
Guus Sliepen
2cd8e2b8e8
Small fixes for tests.
2013-09-01 21:06:25 +02:00
Guus Sliepen
09cd7ac62a
Make sptps_test more easy to work with.
...
It now defers reading from stdin until after the authentication phase is
completed. Furthermore, it supports the -q, -r, -w options similar to those of
Jürgen Nickelsen's socket.
2013-09-01 16:02:49 +02:00
Guus Sliepen
1cdb0c21d4
Some shells set $_ to an absolute path.
2013-09-01 15:40:59 +02:00