Commit graph

129 commits

Author SHA1 Message Date
Guus Sliepen
ce8775000a Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tincd.8.in
	lib/pidfile.c
	src/bsd/device.c
	src/dropin.h
	src/net.c
	src/net_packet.c
	src/node.c
	src/process.c
	src/tincd.c
2011-05-09 21:35:14 +02:00
Guus Sliepen
67766d65f0 Update THANKS and copyright information. 2011-05-08 21:22:20 +02:00
Guus Sliepen
7cf68b5e35 Prevent anything from updating our own UDP address.
Because we don't want to keep track of that, and this will cause the node
structure from being relinked into the node tree, which results in myself
pointing to an invalid address.
2011-02-18 23:11:43 +01:00
Guus Sliepen
cdbbbfabea Fix spurious misidentification of incoming UDP packets.
When a UDP packet was received with an unknown source address/port, and if it
failed a HMAC check against known keys, it could still incorrectly assign that
UDP address to another node. This would temporarily cause outgoing UDP packets
to go to the wrong destination address, until packets from the correct address
were received again.
2011-02-18 23:02:11 +01:00
Guus Sliepen
f99661a4ca Always send MTU probes at least once every PingInterval.
Before, if MTU probes failed, tinc would stop sending probes until the next
time keys were regenerated (by default, once every hour).  Now it continues to
send them every PingInterval, so it recovers faster from temporary failures.
2011-01-02 15:02:23 +01:00
Guus Sliepen
886a6f61a1 Merge branch 'master' into 1.1
Conflicts:
	src/net_packet.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_key.c
2010-11-19 12:22:48 +00:00
Guus Sliepen
d91903ef3c Attribution for Brandon Black. 2010-11-16 17:28:41 +01:00
Brandon L Black
0d61d4ae13 Improved handling of queue-jumping packets on receive 2010-11-13 21:25:48 +01:00
Brandon L Black
23acc19bc0 Configurable ReplayWindow size, zero disables 2010-11-13 21:25:46 +01:00
Guus Sliepen
a22041922f Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2010-11-12 16:15:29 +01:00
Guus Sliepen
c6ccbadfcf Attribution for Timothy Redaelli. 2010-10-22 13:40:04 +02:00
Timothy Redaelli
eda7179874 Fix warnings under BSD 2010-05-06 21:19:49 +02:00
Sven-Haegar Koch
ffa1dc73dc Fixed 1.0 miss-merges 2010-03-31 05:01:39 +02:00
Sven-Haegar Koch
103543aa2c Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	have.h
	src/conf.c
	src/conf.h
	src/net.c
	src/net_packet.c
	src/protocol_key.c
	src/protocol_subnet.c
	src/route.c
	src/tincd.c
2010-03-26 16:51:03 +01:00
Timothy Redaelli
ddb8cb0779 Add --disable-zlib configure option 2010-02-10 16:47:52 +01:00
Timothy Redaelli
eeb505af36 Add --disable-lzo configure option 2010-02-10 16:47:52 +01:00
Guus Sliepen
40d91ff619 Update copyright notices. 2010-02-02 22:49:21 +01:00
Guus Sliepen
d15099e002 Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 18:48:01 +01:00
Guus Sliepen
4c68a8cb60 Do not consider unreachable nodes when trying to determine packet origin. 2009-12-19 20:53:48 +01:00
Guus Sliepen
74e50d52e0 recv() and recvfrom() return int, do not prematurely cast the return value. 2009-12-19 20:52:19 +01:00
Guus Sliepen
c845bc109c Fix packet authentication.
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
2009-12-18 01:15:25 +01:00
Guus Sliepen
108b238915 Merge branch 'master' into 1.1
Conflicts:
	NEWS
	README
	configure.in
	doc/tinc.texi
	doc/tincd.8.in
	src/Makefile.am
	src/connection.c
	src/edge.c
	src/meta.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/node.c
	src/openssl/rsagen.h
	src/protocol_auth.c
	src/protocol_edge.c
	src/subnet.c
2009-11-02 14:24:27 +01:00
Guus Sliepen
e00b44cb98 Move socket error interpretation to utils.h. 2009-10-25 01:40:07 +02:00
Guus Sliepen
c11dc8079b Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
2009-10-25 00:50:09 +02:00
Guus Sliepen
242c4e2ca6 Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
2009-10-24 21:53:01 +02:00
Guus Sliepen
d922db253c Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
2009-10-24 21:35:40 +02:00
Guus Sliepen
a8f7fccbc2 Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
2009-10-24 21:32:06 +02:00
Guus Sliepen
cddcdc9af3 Allow UDP packets with an address different from the corresponding TCP connection. 2009-10-24 20:54:44 +02:00
Guus Sliepen
b6543af762 Clarify and increase level of log message about MTU probes to unreachable nodes. 2009-10-20 22:39:07 +02:00
Guus Sliepen
92b8abc921 Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.

If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.

We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
2009-10-11 18:57:58 +02:00
Guus Sliepen
7ea85043ac Merge branch 'master' into 1.1
Conflicts:
	NEWS
	configure.in
	lib/Makefile.am
	lib/pidfile.c
	lib/pidfile.h
	lib/utils.c
	po/POTFILES.in
	po/nl.po
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/cygwin/device.c
	src/edge.c
	src/event.c
	src/graph.c
	src/linux/device.c
	src/meta.c
	src/mingw/device.c
	src/net.c
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/process.c
	src/protocol.c
	src/protocol_auth.c
	src/protocol_edge.c
	src/protocol_key.c
	src/protocol_misc.c
	src/protocol_subnet.c
	src/raw_socket/device.c
	src/route.c
	src/solaris/device.c
	src/subnet.c
	src/tincd.c
	src/uml_socket/device.c
2009-09-29 14:55:29 +02:00
Guus Sliepen
4c85542894 Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
2009-09-25 00:54:07 +02:00
Guus Sliepen
a227843b73 Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
2009-09-25 00:33:04 +02:00
Guus Sliepen
5dde6461a3 K&R style braces.
This is essentially commit f02d3ed3e1 from the
1.1 branch, making it easier to merge between master and 1.1.
2009-09-25 00:14:03 +02:00
Guus Sliepen
ab7c61b06f Update the address of the Free Software Foundation in all copyright headers. 2009-09-25 00:01:00 +02:00
Guus Sliepen
c217d214f4 Remove all occurences of $Id$. 2009-09-24 23:39:16 +02:00
Guus Sliepen
075e6828a7 Merge branch 'master' into 1.1
Conflicts:
	have.h
	lib/dropin.c
	lib/fake-getaddrinfo.c
	lib/pidfile.c
	src/Makefile.am
	src/bsd/device.c
	src/conf.c
	src/connection.c
	src/connection.h
	src/graph.c
	src/mingw/device.c
	src/net.c
	src/net_setup.c
	src/node.c
	src/protocol_key.c
	src/protocol_misc.c
	src/tincd.c
2009-09-16 19:55:47 +02:00
Guus Sliepen
b5ccce2968 Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum.  If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives.  We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
2009-09-15 23:22:13 +02:00
Guus Sliepen
35e87b903e Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
2009-09-14 23:06:00 +02:00
Guus Sliepen
de029ce460 Change level of some debug messages, zero pointer after freeing hostname. 2009-06-11 19:39:25 +02:00
Guus Sliepen
66be914d35 Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
2009-06-11 19:26:34 +02:00
Guus Sliepen
36f8e4da8b Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
2009-06-11 18:36:08 +02:00
Guus Sliepen
9b129c07e2 Fix pointer arithmetic when creating and verifying message authentication codes. 2009-06-06 20:14:51 +02:00
Guus Sliepen
4124b9682f Handle truncated message authentication codes. 2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de Merge branch 'master' into 1.1
Conflicts:
	doc/tincd.8.in
	lib/pidfile.c
	src/graph.c
	src/net.c
	src/net.h
	src/net_packet.c
	src/net_setup.c
	src/net_socket.c
	src/netutl.c
	src/node.c
	src/node.h
	src/protocol_auth.c
	src/protocol_key.c
	src/tincd.c
2009-06-05 23:14:13 +02:00
Guus Sliepen
4e9e3ca89d Do not forward broadcast packets when TunnelServer is enabled.
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
2009-05-25 15:04:33 +02:00
Guus Sliepen
7fc69bc73b Use packet size before decompression to calculate path MTU.
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
2009-05-25 12:19:37 +02:00
Guus Sliepen
e012e752f4 Fix initialisation of packet decryption context broken by commit 3308d13e7e.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.

Also only set status.validkey after all checks have been evaluated.
2009-05-24 19:31:31 +02:00
Michael Tokarev
0246939ce1 don't log every strange packet coming to the UDP port
it's a sure way to fill up syslog.  Only log those if
debug level is up to PROTOCOL
2009-05-24 17:28:24 +02:00
Guus Sliepen
2c67eafc6e If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily. 2009-05-24 15:58:47 +02:00