tinc/ChangeLog

22660 lines
765 KiB
Text
Raw Permalink Normal View History

2019-08-26 11:44:53 +00:00
commit 2b74e1b01af2d56d6e7ebc135143fbe81f6ca455
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 11:00:01 2018 +0200
Releasing 1.1pre17.
commit 32ff5ab8a22ab80cd6c141625538dcc027458c0e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 18:05:50 2018 +0200
Update THANKS.
commit 5f3e9858952277ef3d6ac9d119826cbdda0746d7
Author: Rafael Sadowski <rafael@sizeofvoid.org>
Date: Mon Oct 1 15:14:24 2018 +0200
OpenBSD has a proper tap device.
commit 5e1f7fb11138bc552facfb4b64eca9131f3f25b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 13:41:23 2018 +0200
Update README and links to required libraries.
commit a03991b7911a5f0afbf1269ac47143d09be76c52
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 13:32:25 2018 +0200
Don't check for NULL-pointers before calling free().
commit b0ffeb7eeb21920842382c302ca15ec0d758e9b6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 13:05:49 2018 +0200
Fix spelling errors.
Found by codespell.
commit 1c475ecb575367a6b3f9328b0f643ad636155341
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 23:31:05 2018 +0200
Fix all warnings when compiling with -Wall -W -pedantic.
commit 953f5b4231bbbb8269bb0c55b96a1c8c4bb34a59
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 18:18:45 2018 +0200
Fix warnings from the Clang static analyzer.
commit a6448291834ca7419553a807ee367c719c2956d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 17:51:41 2018 +0200
Fix compiler warnings.
commit 69e550f5950e31fb97eb4558c3d6e564211ab03a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 9 22:13:43 2018 +0200
Add a test for backwards compatibility with the legacy protocol.
commit 46f3eba7755089ff68fdc137b0754cae2fa523eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 9 18:19:15 2018 +0200
Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)
The legacy authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:
- Connections are no longer closed immediately on error, but put in
a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
initiator of a connection before sending a CHAL_REPLY of its own.
- Reduce the amount of connections per second accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
rejected.
Just to be on the safe side:
- The new protocol now requires a valid SIG from the initiator of a
connection before sending a SIG of its own.
commit 01cb1961eac33de9e9d9cecd0910850a2cb549c3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 24 16:19:10 2018 +0200
Enable AutoConnect by default.
commit 291b8f864ea57dd68b894a3b1482ee822aad66ed
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 23 22:32:19 2018 +0200
Remove address cache debug messages printed to stderr.
commit e5b9bd324cc24355956e9e59e5ec2df72cf9d469
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 23 22:26:12 2018 +0200
Avoid treating compressed MTU probes as having a negative length.
This was not harmful, but caused negative values being logged.
commit 950bbc8f2f9c580ac85bef7bab9a3ae36ea99c4b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 13 22:41:02 2018 +0200
Print UDP RTT on its own line.
commit 22ae0c3549628739ca7c40e48ce1a276469ded92
Merge: 15341e76 70e1e467
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 13 22:23:27 2018 +0200
Merge remote-tracking branch 'volth/release-1.1pre16-rtt' into 1.1
Also, reformat the code and fix a compiler warning.
commit 15341e7697fe88a9f3b4646a2cb784dc515609bd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 12 20:50:58 2018 +0200
Add missing item and attribution to NEWS.
commit e60405831565062c914fe5498cf3b17b0bd13e8b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 12 20:50:37 2018 +0200
Remove the ping test.
This was kind of a hack. The ns-ping test is a much better test, although
it only works on Linux.
commit 70e1e467f93f885da3e49289e96757d5cd2ae5ba
Author: volth <volth@volth.com>
Date: Wed Jun 13 18:10:47 2018 +0000
minor
commit 72136f8418bc7e8a0a5bf3c11215aa49dc679659
Author: volth <volth@volth.com>
Date: Wed Jun 13 14:12:02 2018 +0000
expose traffic stats to 'tinc info ___' and 'tinc dump nodes'
commit 0f0585d71b28428792e53258bc570dddc17b0b27
Author: volth <volth@volth.com>
Date: Tue Jun 12 21:17:30 2018 +0000
keep track of round trip times of UDP pings
commit 6c0584c55b99dd9814fed5c13536d831b3e5317e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 12 20:01:43 2018 +0200
Releasing 1.1pre16.
commit 75271559a9dc2536b9da1c655a012eb837c58761
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 12 19:47:02 2018 +0200
Remove the wxPython GUI.
This GUI is missing a lot of functionality, and won't be part of an 1.1.0
release. Therefore, it's being removed, and might be brought back after
1.1.0.
commit 809ee79b458b0c45d4d60761b1d71171648bdbd5
Author: Oliver Freyermuth <o.freyermuth@googlemail.com>
Date: Wed Apr 4 22:01:52 2018 +0200
Fix compiling when support for UML sockets is enabled.
commit f52e4d07706e6314bb11cf9b553f58210f5dd181
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 2 16:49:06 2018 +0200
Reformat all code using astyle.
commit 7ee885a1f6776be85e5397eda04f75d98ff0b631
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 2 16:33:14 2018 +0200
Add the ability to set a firewall mark on sockets.
The FWMark option is added, when set it will use setsockopt(SOL_SOCKET, SO_MARK)
to set the given value as the mark on all sockets created by tinc.
Thanks to Olivier Tirat for submitting a similar patch in the past.
commit d32226bc14428864df08beccb3cf4f8a472f2eef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 2 12:29:46 2018 +0200
Fix invitation tests if port 655 is available.
Running the "del Port" command when no Port is set returns an error. But
it is not necessary anyway since the later "set Port" command will
overwrite it.
commit 63fbaf7b4a33d5657cd3338b7ea91a173b9973fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 30 11:50:40 2018 +0200
Prevent an infinite loop in get_recent_address().
When a node is offline, but we still have edges to it that have the same
address as we already have in our address cache, an infinite loop would
happen in get_recent_address(), because we forgot to advance the pointer
in the list of known addresses, and kept looking at the same one over
and over.
Thanks to Sven-Haegar Koch for spotting the bug and providing
diagnostics.
commit 04e498f8b79c1ebfd7080338ffa0399d01862424
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 30 11:38:22 2018 +0200
Properly implement tinc.texi's dependency on tincinclude.texi.
With this, make distcheck succeeds even without the info-in-builddir
option to AM_INIT_AUTOMAKE.
commit 63a3369cbc41ba68e221da174c28f5f909c2ed8d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 27 22:54:15 2018 +0200
Warn if we cannot reload the tincd when creating an invitation.
commit 2d268fc06bc01419e7f7f32d4da1b560e72e4ad3
Author: Mike Sullivan <mksully22@gmail.com>
Date: Mon Mar 26 14:19:04 2018 -0500
Fix handling partial SPTPS messages in sptps_test.
commit 69a18395931d657b77641b68ca12473ad6b996da
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 6 19:31:17 2018 +0100
Ensure we call CloseServiceHandle() in case of errors.
commit a3f04cf74463e783eeddd45e998c1d15db0f868a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 6 19:24:14 2018 +0100
Reformat all code using astyle.
commit fa305d9570bc7350d04c7de66cfec28b9a2f53d1
Author: Gjergji <gjergjiramku@gmail.com>
Date: Tue Mar 6 11:10:41 2018 +0100
fix service removal.
Windows service was not removed until tincctl exits
commit 7761a6992025ef06bf8dbf88d39a3bf9e459346a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 28 21:34:48 2018 +0100
Fix compatibility with LibreSSL and OpenSSL < 1.1.
Closes #184 on GitHub.
commit a742ea4d040ecfaabbc875c63f2625654ce68923
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 28 21:28:16 2018 +0100
Try to process all pending events after select().
If we break out of the loop every time at the first filedescriptor that
is read/writeable, we risk starving the other filedescriptors.
commit d6c8a1a3d3e945142b251b2897517e10ce0dfce4
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Tue Feb 27 14:20:46 2018 -0700
Call WSAWaitForMultipleEvents() in a loop until we have checked all events.
WSAWaitForMultipleEvents() only returns the index of the first event that is read. We need to call WSAWaitForMultipleEvents() repeatedly to check if other events are also ready. Otherwise, a single busy event (such as the TAP device) can starve the other events.
commit 7c73cb3ace6659df58ec2382b8d47bb521dad886
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 27 21:08:57 2018 +0100
Work around a GCC bug that causes inet_checksum() to give wrong results.
Valgrind reports the following bug:
==24877== Conditional jump or move depends on uninitialised value(s)
==24877== at 0x12283E: inet_checksum (route.c:80)
==24877== by 0x12283E: route_ipv6_unreachable (route.c:315)
==24877== by 0x1236AC: route_ipv6 (route.c:751)
==24877== by 0x1236AC: route (route.c:1160)
==24877== by 0x113DE0: receive_tcppacket (net_packet.c:493)
==24877== by 0x1119D4: receive_meta (meta.c:315)
==24877== by 0x113288: handle_meta_connection_data (net.c:287)
==24877== by 0x11A091: handle_meta_io (net_socket.c:491)
==24877== by 0x10FB0C: event_loop (event.c:370)
==24877== by 0x11362E: main_loop (net.c:489)
==24877== by 0x10CACA: main (tincd.c:551)
Clearing the variable pseudo in route_ipv6_unreachable removes this error,
but the resulting checksum is still bad. If one instead adds a dummy
write that depends on checksum, the error goes away and the checksum is
correct.
commit d661c7c7353da90911e9f2d0195ac861d6837f5c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 27 19:11:38 2018 +0100
Revert "Unconditionally remove timeouts from the queue before calling the callback."
This reverts commit e8a60109fc91a42420ec626b63956771675f89b0.
commit e8a60109fc91a42420ec626b63956771675f89b0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 26 22:19:43 2018 +0100
Unconditionally remove timeouts from the queue before calling the callback.
We are going to unlink the timeout from the splay tree anyway, so do it
unconditionally before the callback, instead of waiting until after the
callback to check whether or not to remove it based on its expiration
time.
commit 03a94cb3148544230bdd306e905d2ce88c551c12
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Thu Feb 22 14:27:37 2018 -0700
In device_handle_read() we need to reset the read event on error or
it will keep firing. This is easy to reproduce by suspending the
machine while tinc is running.
commit f10e98f5e5a3537b43fbc53f07ab691265de999a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 21 20:34:42 2018 +0100
Update the documentation of the control protocol.
commit 89102b02047d0220766f55ec041c8fc46234cf69
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Tue Feb 20 20:18:38 2018 -0700
Fix heap corruption on Windows exposed by the use-after free fix.
reset_address_cache() could call free_known_addresses() on a struct
addrinfo * that was returned by getaddrinfo(). It seems safest to just
make a copy of the addresses returned by getaddrinfo() so we can always
use free_known_addresses() instead of trying to determine whether or
not we need to use freeaddrinfo().
commit 8f73169567fed6703acbad4f0f5fd5cff700d619
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 19 20:41:21 2018 +0100
Document the control protocol.
commit ecfef0eeb9b52f6d75b4aa936a1e11e6d8e678e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 18 16:51:06 2018 +0100
Reduce memory allocations due to HMAC() and EVP_MD_*().
HMAC() allocates a temporary buffer on the heap each time it is called.
Similarly, we called EVP_MD_CTX_create() every time we wanted to
calculate a hash. Use HMAC_CTX and EVP_MD_CTX variables to store the
state so no (re)allocations are necessary. HMAC() was called for every
legacy packet sent and received.
This issue was found thanks to heaptrack.
commit 6be453fc63da9f87455b5e579cb686f95fa92102
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 18 15:38:12 2018 +0100
Reduce memory allocations due to zlib's uncompress().
Everytime uncompress() is called, zlib allocates some buffer on the heap
and frees it again. When compression is enabled, this is the biggest source
of memory allocations in tinc. Instead of using this function, use
inflate(), which can store its state in a z_stream variable, which avoids
(re)allocating memory for every packet received.
This issue was found thanks to heaptrack.
commit 8f2ef1a174d18a9efdf9b0bd2417132fe7d84e9f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 18 15:33:36 2018 +0100
Add code coverage testing support.
Allows configure to be run with the --enable-code-coverage flag, allowing
one to run make check-code-coverage, which runs the test suite and produces
a code coverage report.
commit d2b03f006f98d504e3e30f2d4b91ce02abd19c51
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 17 14:39:29 2018 +0100
Reformat all code using astyle.
commit 536fe3ffcdc4c894ed986dfb5fdc0d6f78d6fe25
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Fri Feb 16 14:17:39 2018 -0700
Fix a use-after-free bug in get_recent_address() and two related issues.
1) The sockaddr_t * returned may be part of memory freed by the call to
freeaddrinfo().
2) The sockaddr_t * returned from a recently seen address not in the
cache was cast from struct addrinfo *ai, not the struct sockaddr *
inside of it.
3) In do_outgoing_connection(), when filling in the address in the
connection_t, there is a buffer overflow (read, not write) if
the sa returned by get_recent_address() didn't come from the
cache of recently seen addresses. That is, it was really a
struct sockaddr * and not a sockaddr_t *. This last was
found by building tinc with address sanitizer.
commit 8145a3392bdcff4d7856ba72e66a90d73d887c00
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Wed Jan 31 14:55:20 2018 -0700
In device_issue_read() there is no need to reset Offset and OffsetHigh
to 0; they are only used for seekable files (not sockets).
Reset the write event before the call to WriteFile(). This is
consistent with how the read event is reset before ReadFile().
Clear device_write_packet.len() if WriteFile() fails with an error
other than ERROR_IO_PENDING; otherwise write_packet() will call
GetOverlappedResult() the next time it is run even though there is
no write in progress.
commit 5ec513ec0ffc735e30c559a03378659ba4cc4515
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Tue Jan 23 15:57:58 2018 -0700
WSAEVENT is a pointer, so we cannot simply return the different of two
events in io_compare(), which returns an int. This can return the wrong
result for 64-bit executables.
commit 92d66492e0824674f68d26e787dd1ba4444a4601
Author: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon Jan 22 10:27:16 2018 -0700
Add some missing freeaddrinfo() calls to avoid leaking memory.
commit e0f6d90e7fac4c567900e98c354af979c97f8d59
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 22 18:05:09 2018 +0100
Fix calling freeaddrinfo() on the wrong pointer.
Thanks to Todd C. Miller for finding this issue.
commit 7bf4d225a994d8ce9fb45d42afd53793c4232e8e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Wed Jan 17 19:37:53 2018 +0000
Move ResetEvent() call before ReadFile().
Commit 313a752 changed the Windows device code such that ResetEvent() is
called on the read OVERLAPPED structure before GetOverlappedResult(), as
opposed to before ReadFile(). In [1] Guus pointed out that this doesn't
make a ton of sense, and I agree with him; it must have been an
oversight on my part when I wrote this code.
Surprisingly, none of this makes any difference in my testing, at least
with the standard TAP 9.0.0.9 driver. Nevertheless, this code is
probably wrong and fixing it will make me sleep better at night.
[1]: https://www.tinc-vpn.org/pipermail/tinc/2018-January/005091.html
commit 43cf631bc10097448db041639ad07f84f647017e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jan 7 14:48:08 2018 +0000
Fix "use of GNU empty initializer extension" warning.
commit 1b777010e7255cb354e31ca28c6442ee86383bac
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jan 7 14:44:12 2018 +0000
Fix "void function should not return void expression" warning.
commit ddf798a0ef7df21d682d2f6763d5417400c987ba
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jan 7 14:26:00 2018 +0000
Fix AC_CHECK_DECLS usage in openssl.m4.
See:
https://www.gnu.org/software/autoconf/manual/autoconf-2.62/html_node/Generic-Declarations.html
"For each of the symbols (comma-separated list)"
When building with aggressive warning settings the current code results
in the following configure test code being generated:
#ifndef OpenSSL_add_all_algorithms EVP_aes_256_cfb
#ifdef __cplusplus
(void) OpenSSL_add_all_algorithms EVP_aes_256_cfb;
#else
(void) OpenSSL_add_all_algorithms EVP_aes_256_cfb;
#endif
#endif
Which is obviously wrong and makes the configure check fail.
commit 04543a57e73e29c3e2a1968fd330f03c94dd6059
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 22:49:30 2018 +0100
Add a cache of recently seen addresses.
This maintains a cache file for each host we have communicated with, either
via TCP or UDP. The cache is used when trying to make outgoing connections,
and is updated whenever a successful TCP or UDP connection is established.
Up to 8 addresses are stored in the cache.
Currently, the cache is stored in /etc/tinc/NETNAME/cache. The directory
has to be manually created to opt in to this feature for now.
commit ca989c0c8b19901cbd7664a9d2b42aa85c9c176e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 20:46:22 2018 +0100
Fix all spelling errors found by codespell.
commit 6989a070c35b9672683ebb0764ab9051e0650469
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 20:34:37 2018 +0100
Document how to enable tinc at boot time using systemd.
commit fe9089337093c917d172aa26eedc9285c8bafb6a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 16:59:21 2018 +0100
Don't include generated files into the tarball.
commit e56589082f6198380d7f2246a776e41d388496f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 16:21:19 2018 +0100
Update .gitignore.
commit ee5e3404e49ef08437cd6b6e4c5b83d190efa053
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 16:20:25 2018 +0100
Ensure the sptps-basic test doesn't fail during make distcheck.
commit c2d8264dbe8478d27ba694062cebecee0a0342c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 16:20:03 2018 +0100
Set default systemd unit path to ${libdir}/systemd/system.
This installs systemd unit files into /usr/local, just like the binaries.
The systemd documentation claims to read this directory as well.
commit c550c85d75ae38b9621147fdca4bf4380d54edda
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 16:17:35 2018 +0100
Remove hardcoded paths from systemd unit files.
Closes #160 on GitHub.
commit bdeba3f9c26f9225c17c097ca490dc651cd40b90
Merge: 696dc2ad 9ca5a3c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 19:58:28 2018 +0100
Merge remote-tracking branch 'dechamps/ipip' into 1.1
commit 9ca5a3c43854fba782d87be080d7a97a88ef3427
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Tue Jan 2 09:55:26 2018 +0000
Support MSS clamping for IP in IP (RFC 2003) packets.
This change allows tinc MSS clamping to operate on TCP streams that are
inside an IP in IP tunnel.
commit 696dc2ad9743c62e56a6d21addb8c4e8efbffec1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 17:13:57 2018 +0100
Add missing newlines to some error messages.
commit 313b05b67c59c316c0eff631598e0700e0fd3c8d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 17:13:25 2018 +0100
Document that invitation files MUST always start with Name = ...
commit 356118324f7cde276f393162fca54040f8c67f04
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 17:12:06 2018 +0100
Don't warn about empty lines in invitation files.
commit 50afa82a8f14ead7d4d3eafd2a1347b3bb9a2879
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 18 10:47:40 2017 +0100
Document the --batch option.
commit 0b2361a9399944cd57def87226f2be7f92646aa5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 16 22:54:31 2017 +0100
Assume all IPPROTO_* macros exist.
commit b8acb89add4e553d141a45392bc0126c331deee6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 22:52:17 2017 +0100
Fix building documentation when using OpenBSD's make.
commit 4986917cb11be70a9103917d58e7aa47ab88f09d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 22:49:41 2017 +0100
Update THANKS.
commit 38489e37f50e807e51bfd28ebb8b20396eed1447
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 22:44:12 2017 +0100
Const correctness.
commit 61b441dc995c1e6dd21fd85e2014dd981e9c9350
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 22:35:28 2017 +0100
Support autoconf's --runstatedir option.
Put the PID file in @runstatedir@ instead of @localstatedir@/run. This
requires autoconf 2.70, which is not released yet, so add a fallback to
use @localstatedir@/run if @runstatedir@ is not set.
commit 42d2dff33306beae8ddbd9cc991ad80f135950a6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 22:28:32 2017 +0100
Ensure all parameters have names in header files.
commit b34eb5555d40b7e87c1e06988250e4977a793c09
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 22:27:57 2017 +0100
Remove unused functions.
commit 6123ed30992d671b94fc016660086be6a62a3871
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 6 21:46:17 2017 +0100
Don't log errors when autoconnecting fails and debuglevel is 0.
commit c84fce52d2191df06e24737449e8983174984ddc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 26 21:33:46 2017 +0200
If we are using libncurses, also try to link with libtinfo.
On some distributions, tinc might not be linked correctly if -ltinfo is
not explicitly specified.
commit e88b3fb52fb375cd8ab233a671f38ed2240ed828
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 25 21:08:29 2017 +0200
Only forward SPTPS packets if Forwarding = internal.
This tries to match what is done for packets using the legacy protocol.
However, since SPTPS is end-to-end encrypted, Forwarding = kernel cannot
be implemented. In that case, we also drop the packets.
commit 87f96aec8c48327d879c20ff2b789c88a675173d
Author: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed Oct 25 10:05:06 2017 -0600
Replace remaining sizeof foo with sizeof(foo).
commit 9e7c6d4dce8b87d40cea537fd0b035a2612580e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 23 21:10:20 2017 +0200
Disable PMTU discovery when TCPOnly is used.
commit 7c359313aca273319f94fe18121831ab4b62a4b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 11 19:30:17 2017 +0200
Add some information about the requirements of a chroot environment.
commit a0baeddb8aa745007d0302ed06247cabb8facb32
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 8 21:32:12 2017 +0200
Ensure "make distcheck" really runs without errors.
commit f6e87ab476a0faf8b124ecaaa27f967d825e6457
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 7 17:50:22 2017 +0200
Reformat all code using astyle.
commit 3a316823b971396a428f020f401b9fe41252d98d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 7 17:47:19 2017 +0200
Convert sizeof foo to sizeof(foo).
While technically sizeof is an operator and doesn't need the parentheses
around expressions it operates on, except if they are type names, code
formatters don't seem to handle this very well.
commit 5822f817aa802c2c5a83e9d99a8ae78cb822799b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 7 17:40:34 2017 +0200
Update all header guards.
Don't start with underscores, as those are reserved for system
libraries. Make sure all start with TINC_, and that they appear at
the top of the file.
commit 3465746b9bf75124b21eab21cdf390696b608405
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 7 16:51:32 2017 +0200
Remove unused/obsolete checks from configure.ac.
commit ced6c3151d6012df560f088d39d306370bb115b7
Author: Daniel Lublin <daniel@lublin.se>
Date: Thu Oct 5 09:23:20 2017 +0200
doc: there is, not their is
commit d3cb2a7342218c1aadfacd92d640c426d725112f
Author: Guus Sliepen <guus@sliepen.org>
Date: Tue Oct 3 21:23:28 2017 +0200
Prepare for automatic code formatting using Artistic Style.
commit e3d914a4d5f5be1c263ec77b9b5c62afb5fc1b78
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 1 22:04:40 2017 +0200
Update THANKS.
commit 453e6070ddfab2157f52536bdd7a79fc16f851f4
Author: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu Sep 28 16:39:59 2017 -0600
Fix parsing of -b flag
Only the short -b option is missing, --batch works as expected.
commit af81c436d6e11a53803747af7cc8ecfd449ccd4c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 21:56:17 2017 +0200
Releasing 1.1pre15.
commit 4e5c2193a1fa1ed054956fc0b1df387b19c546a5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 21:55:47 2017 +0200
Drop h and hh length modifiers from printf format strings.
commit 91d50f8b375503be6b6081985f5948773d64b9d3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 21:54:34 2017 +0200
Ensure packet priority is cleared when sending PMTU probe replies.
Found by the Clang static analyzer.
commit 00d81ee6236e76f80b84372ac5c635636ad48136
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 21:52:44 2017 +0200
Fix a file descriptor leak when using an invitation.
Found by cppcheck.
commit a073b2cb0bca646685a83479db6b66d518240bc5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 21:06:25 2017 +0200
Fix a compiler warning.
commit 843990d8df0c060db9b64e170996e9d49c8c921d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 17:24:05 2017 +0200
Force IPv4 for sptps-basic.test.
Allow forcing either IPv4 or IPv6 for sptps_test, and use IPv4 for the
sptps-basic test. Since sptps_test is only opening a single listening
socket, and you cannot control which address family it uses, this gets
around a problem where the listening side is using a different address
family than the one connecting to it.
commit 5f89950f47a9cf73169e797d4e2d6ef8b7f74a5a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 2 17:04:25 2017 +0200
Add missing break statements.
commit 92fdabc439bdb5e16f64a4bf2ed1deda54f7c544
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 22 20:51:44 2017 +0200
Make autoconnect try to heal network splits.
When we have less than three connections, we greedily try to connect to any
viable node. However, once we have three connections, try to connect to
nodes that we know of but that aren't reachable.
We also make sure that if there are 100 reachable nodes, and 1 unreachable
one, that not all 100 reachable nodes try to connect to the unreachable
at the same time.
commit 7c223917cb3d478fc3f5b23ee5602925f083e4d4
Author: pacien <pacien.trangirard@pacien.net>
Date: Tue Aug 15 19:56:06 2017 +0200
Add LogLevel config option
commit e4544dbc6989e4a146c19519924e52c116bfc343
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 27 10:06:13 2017 +0200
Forward-port tinc 1.0's handling of device errors.
commit d73cdee5df3e6c7395270c69e944b3c853f013ae
Author: volth <volth@webmaster.ms>
Date: Thu Jul 27 06:32:28 2017 +0000
Avoid infinite loop on EBADFD
On Linux network restart, Tinc can get into a loop writing millions of error messages "Error while reading from Linux tun/tap device (tun mode) /dev/net/tun: File descriptor in bad state" to the log. https://github.com/NixOS/nixpkgs/pull/27675
It should be somehow aborted.
Here is my quick hack.
commit acefa66dbd97617d86dee270b2b95ecdb763434b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 9 16:12:55 2017 +0200
Store the invitation data after a succesful join.
This can be used by the invitee to examine the file after a join, and
process it in different ways than the tinc CLI does.
commit cd854fa86a9dc177dcaa56fa774afb127b29651a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 9 15:57:51 2017 +0200
Add configurable experation time for invitations.
commit 93584bc1cad7c7cc9c95859a8cde548bc18b6fa8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 28 12:48:32 2017 +0200
Set KillMode=mixed in the systemd service file.
This ensures only the main process is sent the SIGTERM, and not anything
else that might have started in the same control group, including the
tinc-down script.
Closes #145 on GitHub.
commit 970799aa3406c22a575f665d3964c15d7c9ab555
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 28 12:26:44 2017 +0200
Move logging of "would block" messages to debug level 4.
commit 3d8a8363544bfcf75a9124251eff0caae3a8f1a2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 7 15:29:22 2017 +0200
Remove unused add_scalar function.
commit 958a751e20270da821fee651ff9ecda8a2afc5d0
Author: thorkill <thkr@hannover.ccc.de>
Date: Thu May 4 23:44:56 2017 +0200
Fix NULL pointer dereference in send_udp_info
commit 9527f4f22cd71feeee8a49866e29cce98408f1e7
Author: thorkill <thkr@hannover.ccc.de>
Date: Mon May 1 12:40:22 2017 +0200
Sanitize input in id_h - prevent integer overflows
commit 18646deca120f0ccc3bfad643dba83547ecc2f20
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 18 20:09:38 2017 +0200
Fix some minor issues found by cppcheck.
commit 060ab1cd7cdf750a0477f2a8b6193d28849877e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 18 20:09:08 2017 +0200
Add field widths to sscanf() calls.
Found by cppcheck.
commit be8e5cbd1cfcd198f975542e52085abdd543ec80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 18 20:07:33 2017 +0200
Remove dead stores.
Found by the Clang static analyzer.
commit 70fed5f7ffdeb0416ee6b77881098faab9a7cd47
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 17 16:05:30 2017 +0200
Add missing tinc stop command to the scripts test.
commit a14414731925cd59e64b3a90309b5a9ec60ac690
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 17 13:54:02 2017 +0200
Fix tests on *BSD.
commit db80dbbac93ce3c714247e0af2147f5e1474a135
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 17 13:53:48 2017 +0200
Fix segfault when adding environment variables.
commit 1be0c284c7c8d34c2dd6c2160ce49aeae468e867
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 17 13:07:15 2017 +0200
Fix compiler warnings on *BSD.
commit 2b4c0c63628ff9b432ec5d4b4c7b7ab2d4b02fb2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 17 13:02:39 2017 +0200
Make sure realname is always initialized.
commit c87a77b5fd2a0378f2b992a5d579a80ee4033cec
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 17 12:50:30 2017 +0200
Ensure tests compile on *BSD.
commit 95f09569beb2e304e6a2112d20cee6fab88f3729
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 8 13:34:40 2017 +0200
Use getmsg()/putmsg() instead of read()/write() on Solaris.
This fixes a problem where read() returns packets from the IP layer before
fragmentation is done.
# Conflicts:
# src/solaris/device.c
commit 6011197be5cdb18aa79713990d6a1887b9261d12
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 8 13:31:04 2017 +0200
Use /dev/udp instead of /dev/ip on Solaris.
# Conflicts:
# src/solaris/device.c
commit 9a113db0a61242a0273a7ac95dd536f3a4bdb581
Author: Guus Sliepen <guus@sliepen.org>
Date: Wed Mar 29 08:08:56 2017 +0200
Ensure sptps_keypair and sptps_test get build for make check.
commit d9a7f2d1054a7155b5f23855ba28dd98e0df73be
Author: Guus Sliepen <guus@sliepen.org>
Date: Wed Mar 29 08:08:19 2017 +0200
Use 127.0.0.1 instead of localhost to ensure tests are reproducible.
commit 3ab1893a4b6c2895075ac889cf06c511e2001a9e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 26 17:54:37 2017 +0200
Ensure proper logging in the invite-offline test.
commit 0af3dcf7a838dede699194c02444f1607644bb28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 26 17:43:33 2017 +0200
Add the scripts test.
This test whether all the scripts are run with the right information in
the right order.
commit ebade1e8f80ebaa476f701089da7ae654837397c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 26 16:48:02 2017 +0200
Update .gitignore.
commit fd3ec60757a84b7551e03b3a48dd30f35015c448
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 26 16:47:54 2017 +0200
Add the invite-offline test.
This tests generating an invitation on the server while no tinc daemon is
running.
commit 5fcf6e16acccdaac573eebae21a5a47294e346e4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 26 16:46:31 2017 +0200
Remove superfluous sleep command in invite-join test.
commit ccb4fb6f7ac2efbb99d044aa072e75c035f504aa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 26 16:46:03 2017 +0200
Use unique ports for all tests.
commit add75303e918af5e94ff545d969872799fac5cef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 21 21:25:27 2017 +0100
Add DEBUG environment variable for scripts.
This contains the current debug level used by tinc. Scripts can use it
to decide whether to log debugging information of their own.
Closes #138 on GitHub.
commit 5cbef906209eb5005f821af8f55a6f5d7e7d060c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 21 21:21:23 2017 +0100
Put script environment creation/deletion in functions.
This makes environment handling safer, and also has a single place where
we can add new environment variables that should be present for all
scripts.
commit 3e643d5d7e5c7db35eacb3703d497c584e93cf18
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Wed Oct 12 13:52:17 2016 +0200
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
commit aebaaa8db80ec3931346af710f2182d129c74c41
Merge: 2c333f0f d21d97ea
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 20 22:33:18 2017 +0100
Merge remote-tracking branch 'dechamps/sleep' into 1.1
commit 2c333f0f45f445d0811a364817d03df0c8cf2d2f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 20 22:19:36 2017 +0100
Don't try to use kill() on Windows.
commit 26dc50599d6e38be1e7304602ffea0ba282c1091
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 20 22:15:20 2017 +0100
Add missing #defines used by fd_device.c.
commit 3fc678a8df4d6c057ef9f2c602b86ed106651e68
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 7 19:19:19 2017 +0100
Use free_known_addresses() to free memory allocated by get_known_addresses().
We know what struct addrinfo looks like, but the standard says nothing
about how it is allocated. So we cannot trust freeaddrinfo() to work
correctly on the struct addrinfo list we allocated ourselves in
get_known_addresses(). To make a distinction by allocations from the
latter and from str2addrinfo(), we keep two pointers (*ai and *kai) in
struct outgoing, and use the freeing function that is appropriate for
each.
commit ef661316f163f2ecf6c75a3dd28e2cad51772c56
Author: Roman Savelyev <roman@savelyev.net>
Date: Tue Mar 7 19:07:19 2017 +0100
Fix lost pointer trails in get_known_addresses().
commit 7a54fe5e884e98ade91af527c67f9c5df1452a50
Author: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
Date: Mon Feb 27 20:56:55 2017 +0100
Add fd_device
commit 4a45a65fe2555efc5b6763a293d30251755e78a8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 14 20:51:43 2017 +0100
Remove the description of the LocalDiscoveryAddress option from the manual.
This option is no longer implemented.
commit d3cc96b027a919e22bbf06d634edb0a2a069ac92
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 31 12:05:03 2017 +0100
Don't build sptps_* binaries by default.
commit 88d158e15b9e16b4227b374d8bb4640010670cef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 31 12:03:27 2017 +0100
Fix potential segfault in the replacement vasprintf() function.
commit 06b820133285f83f7e1a839cccbed13358b84081
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Dec 18 14:53:33 2016 +0000
Fix address memory leaks in add_edge_h().
Note that this is not as bad as it looks, because in practice
sockaddrfree() is a no-op for typical address types.
commit 02093b12b0133b51dd04613c94c762ad2761cd3c
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Dec 18 14:32:25 2016 +0000
Clarify the flow of add_edge_h().
This is an attempt at making the control flow through this function
easier to understand by rearranging branches and cutting back on
indentation levels.
This is a pure refactoring; there is no change in behavior.
commit 3bf3d7d3e7d51034bda873861c52578f3abe6b5d
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Dec 18 14:25:20 2016 +0000
Fix edge updates containing local address changes.
This commit fixes a logic bug in the edge update code where local
address changes are not taken into account if they are bundled in with
other changes. This bug breaks local discovery in some scenarios.
The regression was introduced by commit
e4670fc4a0576eb76f1807ce29fa9455dd247632.
commit 0792a10a5a66bcbf56185e479feed78252122667
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Dec 18 16:56:27 2016 +0000
Fix edge local addresses not being set when connections are established.
This bug prevented nodes from advertising their local addresses, thus
breaking local discovery.
The regression was introduced in
ab13c14a1480561bb9f59ccfbbd6045e0484ce9c.
commit d21d97eaf5db9e848d8eee28784c4f54af85f43d
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Dec 3 23:13:46 2016 +0000
On Windows, don't cancel I/O when disabling the device.
I have observed cases where disable_device() can get stuck on the
GetOverlappedResult() call, especially when the computer is waking up
from sleep. This is problematic when combined with DeviceStandby=yes:
other_side (1.2.3.4 port 655) didn't respond to PING in 5 seconds
Closing connection with other_side (1.2.3.4 port 655)
Disabling Windows tap device
<STUCK>
gdb reveals the following stack trace:
#0 0x77c7dd3c in ?? ()
#1 0x7482aad0 in KERNELBASE!GetOverlappedResult () from C:\WINDOWS\SysWoW64\KernelBase.dll
#2 0x0043c343 in disable_device () at mingw/device.c:244
#3 0x0040fcee in device_disable () at net_setup.c:759
#4 0x00405bb5 in check_reachability () at graph.c:292
#5 0x00405be2 in graph () at graph.c:301
#6 0x004088db in terminate_connection (c=0x4dea5c0, report=true) at net.c:108
#7 0x00408aed in timeout_handler (data=0x5af0c0 <pingtimer>) at net.c:168
#8 0x00403af8 in get_time_remaining (diff=0x2a8fd64) at event.c:239
#9 0x00403b6c in event_loop () at event.c:303
#10 0x00409904 in main_loop () at net.c:461
#11 0x00424a95 in main2 (argc=6, argv=0x2b42a60) at tincd.c:489
#12 0x00424788 in main (argc=6, argv=0x2b42a60) at tincd.c:416
This is with TAP-Win32 9.0.0.9. I suspect driver bugs related to sleep.
In any case, this commit fixes the issue by cancelling I/O only when the
entire tinc process is being gracefully shut down, as opposed to every
time the device is disabled. Thankfully, the driver seems to be
perfectly fine with this code issuing TAP_IOCTL_SET_MEDIA_STATUS ioctls
while there are I/O operations inflight.
commit 1672dbd66b619f84cb86950298ad89df93e1dcba
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Dec 3 22:52:30 2016 +0000
Fix crash on Windows when a socket is available for both write and read.
Currently, if both write and read events fire at the same time on a
socket, the Windows-specific event loop will call both the write and
read callbacks, in that order. Problem is, the write callback could have
deleted the io handle, which makes the next call to the write callback a
use-after-free typically resulting in a hard crash.
In practice, this issue is triggered quite easily by putting the
computer to sleep, which basically freezes the tinc process. When the
computer wakes up and the process resumes, all TCP connections are
suddenly gone; as a result, the following sequence of events might
appear in the logs:
Metadata socket read error for node1 (1.2.3.4 port 655): (10054) An existing connection was forcibly closed by the remote host.
Closing connection with node1 (1.2.3.4 port 655)
Sending DEL_EDGE to everyone (BROADCAST): 13 4bf6 mynode node1
Sending 43 bytes of metadata to node2 (5.6.7.8 port 655)
Could not send 10891 bytes of data to node2 (5.6.7.8 port 655): (10054) An existing connection was forcibly closed by the remote host.a
Closing connection with node2 (5.6.7.8 port 655)
<CRASH>
In this example the crash occurs because the socket to node2 was
signaled for reading *in addition* to writing, but since the connection
was terminated, the attempt to call the read callback crashed the
process.
This commit fixes the problem by not even attempting to fire the write
callback when the write event on the socket is signaled - instead, we
just rely on the part of the event loop that simulates level-triggered
write events. Arguably that's even cleaner and faster, because the code
being removed was technically redundant - we have to go through that
write check loop anyway.
commit 979acc48aded5bb04f1574128d174d56550be302
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 30 15:19:12 2016 +0100
Enforce maximum amount of bytes sent/received on meta-connections.
This is 2^{block_length_in_bits / 2 - 1}.
commit edc1efed3c0cf5aebb1c765066c0413757229a31
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 30 15:17:52 2016 +0100
Use AES256 and SHA256 by default for the legacy protocol.
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.
The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
commit fcaf158494af7cb015d8658a3241c324518e8d7f
Author: Dennis Lan <dennis.yxun@gmail.com>
Date: Wed Oct 12 13:35:39 2016 +0200
Fix typo in src/upnp.c.
commit 9cbd3c2b5b03c29c116a14f196db8a32c7135391
Author: Vittorio G (VittGam) <github@vittgam.net>
Date: Tue Oct 11 20:30:41 2016 +0200
tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.
Also warn the user if a key smaller than 2048 bits is being generated.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
commit c7c5c74d4af7442b92d863fc9eb04395c456b0be
Author: Vittorio G (VittGam) <github@vittgam.net>
Date: Tue Oct 11 13:30:05 2016 +0200
fsck: Fix ed25519 public key reading, and fclose usage.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
commit e6497a23f7689663aa2c19311a278e20661bddc1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 26 16:47:45 2016 +0200
Log warnings about dropped packets only with debug level 5 or higher.
commit 2784a171ec39e2a34aabf8194a651de570e19e0e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Thu Jul 14 19:15:35 2016 +0100
Fix error handling when setting up the UDP socket.
Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.
The regression was introduced in
6bc5d626a8726fc23365ee705761a3c666a08ad4.
commit b1c29464b68d756035acc4b4d1681f05d8831eaf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 11:22:24 2016 +0200
Fix compiling with OpenSSL < 1.1.0.
commit 9a9f6fac009caf31c3786e13231eb05b3bad0681
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 11:22:11 2016 +0200
Add missing m4 files.
ax_cflags_warn_all.m4 depends on them.
commit b9b0defaf422bcc1272f87d791d9ac53c9539734
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 23 15:59:43 2016 +0200
Fix potential memory leaks found by the Clang static analyzer.
commit 49edf9c53a31714b740d0ee67c29aca503973d81
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 23 15:59:16 2016 +0200
Fix warnings from the Clang static analyzer.
These are all false positives or harmless dead stores.
commit e16ab7b89948c24a2c47652e8eb1a817a4b1424c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 23 15:26:58 2016 +0200
Force nul-termination of strings after vsnprintf().
Apparently, on Windows this function might not always be properly
terminated.
commit 2de5d866b5e4d4e6b827dcfb985c24edbda71f4f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 22 23:08:30 2016 +0200
Use EVP_MD_CTX_destroy() instead of _free().
Thanks to azrdev for pointing out the build failure on Fedora 23.
commit 9b148fd844587fbf956e28f57e4bd39a11edc07f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 22 17:42:25 2016 +0200
Check return value of RSA_generate_key_ex().
commit 172763f4af4340ac2c2549e8fbb7490f5f995d47
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 22 17:35:12 2016 +0200
Add -Wall to CFLAGS.
commit 323c17e232539f3f06e7cebc664ab48f60127e0e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 22 16:32:05 2016 +0200
Ensure compatibility with OpenSSL 1.1.0.
commit 74eb4cc974f6d24370f439a1761dc4412d7fa58d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 5 15:20:57 2016 +0200
Fix the previous commit.
commit ab13c14a1480561bb9f59ccfbbd6045e0484ce9c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 5 14:47:21 2016 +0200
Preserve IPv6 scope_id in edges.
When creating an edge after authenticating a peer, we copy the
address used for the TCP connection, but change the port to that used
for UDP. But the way we did it discarded the scope_id for IPv6
addresses. This prevented UDP communication from working correctly when
connecting to a peer on the same LAN using an IPv6 link-local address.
Thanks to Rafał Leśniak for pointing out this issue.
commit e47fe48aed76bfd7d2cb957e402a8cdcb0c84759
Author: Sean McVeigh <sean@vger.beerbot.ca>
Date: Sat May 21 17:38:14 2016 -0400
fix check in cmd_pid() for failure to connect to tincd
commit 4314df644e22778a554ca1760941a2bfae08bce2
Author: Sean McVeigh <sean@vger.beerbot.ca>
Date: Sat May 21 17:25:18 2016 -0400
check for daemon pid existence before trying to connect to the control socket, and clean up stale files otherwise.
commit 9d0e86683cdb7d53263569ad2e49dd87bd217939
Author: lemoer <git@irrelefant.net>
Date: Thu May 19 17:24:31 2016 +0200
Added comments and unfold deep "if"-construct in timeout_handler
commit 5baecfd11be67bb80aab6c482e0b0ac98b267cca
Author: thorkill <thkr@hannover.ccc.de>
Date: Thu May 19 15:48:15 2016 +0200
Prevent tincd from sending packets to unexpecting nodes
Make tincd recognize when it was asleep and close connections to it's
peers. This happens when e.g. RoadWarrior has been suspended for
"longer" time period. After resume, it will start to communicate
with it's peers using the contextes it had before suspend.
On the other side, the nodes closed the connections since PingTimeout
and/or TCP connection went down.
Sending data to such unaware (sptps mostly) nodes will cause
havoc in the logs. Misleading the developers to wrong assumptions
that something is wrong with sptps.
# Conflicts:
# src/net.c
commit 0cf943753ab16704c818bebe74b4e7ea96399b05
Author: thorkill <thkr@hannover.ccc.de>
Date: Wed May 11 19:27:05 2016 +0200
Send PKT_PROBE only when handshake has been done already.
commit 0edef996a6d944e9143f87dd3c72390979c33630
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 1 20:35:26 2016 +0200
Releasing 1.1pre14.
commit 3f6c663a06aac728912c4e47cbc2dc4343a3798c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 1 12:07:44 2016 +0200
Revert "Remove tinc.service, it is not necessary."
This reverts commit 0b6f84f96eeed20a0d771fedb72c0e19941adb7e. Although
systemd does automatically provide a "tinc.slice" when there is only a
tinc@.service template, it doesn't quite work the same way as
tinc.service.
commit 0a6d89acc6417399dcf95efd68553d21e1f744e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 30 20:55:12 2016 +0200
Releasing 1.1pre13.
commit 2055c3e21d5b3f4217883d52d5e5b0fbad504785
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 30 20:05:22 2016 +0200
AutoConnect now only chooses from nodes for which we know an address.
Based partially on work from Rafał Leśniak.
commit 0b6f84f96eeed20a0d771fedb72c0e19941adb7e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 30 18:08:31 2016 +0200
Remove tinc.service, it is not necessary.
Thanks to Alexander Ried for pointing out that if you have
tinc@.service template, systemd will provide a default slice containing
all instances of that template. So "systemctl start tinc" will still do
what we want it to do.
commit 8377d0b8569b8d5240ad88683ad527c67237617a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 27 20:30:36 2016 +0200
Fix BSD tun device support.
This was broken by a botched merge from the master branch in commit d7f6737.
commit 390d25f0b80dd7418e147de3561c70461628574d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 24 13:23:06 2016 +0200
Releasing 1.1pre12.
commit 5a7c6546a46bdcc97cf73a9aef206d2a83bb1eb4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 23 21:39:53 2016 +0200
Don't check file permissions on Windows during fsck.
commit 83fa44ce42c67837dad30ba1538bf1fa8c49a47d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 23 21:32:42 2016 +0200
Fix starting tinc as a service on Windows.
Don't assume tincd.exe is in the working directory, especially now that
chdir() is called very early. We use GetModuleFileName() instead.
commit 9a66d7499ae2c838c25f9c6bfcc277c3fa231dea
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 23 21:32:29 2016 +0200
Fix a compiler warning on Windows.
commit ab5f4cbdc65cbc55062b36a6c11482c217884fe8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 23 17:28:30 2016 +0200
Fix possible read of freed memory when verifying the signature of a file.
commit 76955a6c8b7a76d00ed401853c9d283e32d9ce1c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 23 17:20:08 2016 +0200
Have "tinc fsck" recognize Ed25519PublicKey statements.
commit 6805b157312c1f9adeee0035f540f4cbd63a79fd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 23 16:05:41 2016 +0200
Move documentation of invitations to the manual.
commit 51a0dc51451897cc0290d5040e42616dda9bdc8a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 18:11:04 2016 +0200
Fix the "network" command in tinc shell.
commit b6b302cee9de92d157f73d7739cc259d269c0ca0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 17:06:11 2016 +0200
Speed up AutoConnect at startup.
Call periodic_handler() immediately at startup. Also, don't try to
connect to ourself.
commit f934417aa658367587dadc81bd5c466baef407ef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 16:23:31 2016 +0200
Don't call terminate_connection(myself->connection).
It doesn't do anything except give a confusing error message that we are
closing the connection to ourself. Replace it with connection_del().
This also fixes a double free.
commit 2213ecaea550ce81c595464ad4347414bcb5d786
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 16:01:49 2016 +0200
Handle special characters in sptps_test only if the --special option is given.
sptps_test treats lines starting with #, ^ and $ specially, in order to
test the SPTPS protocol. However, this should only be done if explicitly
requested, otherwise it can unexpectedly fail.
commit c2dc3784f127ef6db6e9960a4abecc1aab6f4e31
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 14:38:37 2016 +0200
Add stricter checks for netnames.
When passing a NetName via an invitation, we don't allow any characters
that are unsafe (either because they could cause shells to expand things,
or because they are not allowed on some filesystems).
Also, warn when tinc is started with unsafe netnames.
commit 097c69fc6a223213302fe9ffbe00a4c05357e660
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 14:36:29 2016 +0200
Use ifconfig_header().
commit af9ee7ff003fb448b783ccf39347907adc239cb2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 14:04:57 2016 +0200
Chdir() to the configuration directory instead of /.
commit 9bd978cc8ebf2fd9075f2be646fafd90128d403f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 13:56:37 2016 +0200
Add a test for tinc-up creation from invitations.
commit 0b96b6967256803c739a6b0a89d54ab8d6f63335
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 13:55:36 2016 +0200
Fix compiler warnings.
commit a08860ff8c2ad859836ed51c5629d6a85343e802
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 13:55:18 2016 +0200
Fix gateway parsing in invitation files.
commit 6d0452896673c36226c24144d4bde824a49c3950
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 13:23:01 2016 +0200
Allow gateways to be specified for routes.
Also improve the variable names, and ensure the % symbols in
%INTERFACE% are properly quoted.
commit 03878f12150cbdb1aeb43e207404a0929a35ff13
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 01:13:56 2016 +0200
Move some stray #includes.
commit 3273e3254107a4b89cd9963012d5fac8927c417c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 17 01:13:27 2016 +0200
Generate a tinc-up script from an invitation.
This adds the ability for an invitation to provision an invitee with a
tinc-up script. This is quite strictly controlled; only address configuration
and routes are supported by adding "Ifconfig" and "Route" statements to
the invitation file. The "tinc join" command will generate a tinc-up script
from those statements, and will ask before enabling the tinc-up script.
commit b2200f216658e07ab4e45592fa7de012a2ed96df
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 16 22:06:47 2016 +0200
Document how invitation files work.
This should eventually be merged in to tinc.texi.
commit a31e1f03c4eff16403178695d971a0838996ba2e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 16:56:56 2016 +0200
Stop using SOL_TCP, SOL_IP and SOL_IPV6.
Instead, use IPPROTO_TCP, _IP and _IPv6. This fixes an issue on OS X where
it didn't create an UDP socket that listened on IPv4.
commit a0a8f8f81fc8da068e93088c7c13f689a96fac66
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 16:30:45 2016 +0200
Fix crash at startup when Device is not specified on OS X.
commit 8afb52a39a72805cd24b6979248135e0d8b17c32
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 14:27:52 2016 +0200
Fix conditional checking of tun/tap headers on DragonFly BSD.
commit 039d6d48afe00a0fa9e11bcdbfea8e996cce4ad0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 12:42:30 2016 +0200
Fix some compiler warnings from MinGW.
commit 1f5c26102e228420fd954af1d73d3a89fc700d9d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 12:30:01 2016 +0200
Fix generation of version_git.h for some versions of BSD make.
In order to support VPATH builds, we have to use ${srcdir}/version.c as
the target for the rule that depends on the generation of version_git.h.
When not doing a VPATH build, ${srcdir} expands to ".", so the target
will be "./version.c". However, on some BSDs, make does not understand
that "./version.c" is the same as "version.c", and therefore it doesn't
trigger generating version_git.h when trying to build version.o. (It
works fine if you do a VPATH build, and OpenBSD's make does the right
thing in all cases.)
The trick is to have version.c depend on ${srcdir}/version.c. Of course,
Linux's make knows this is nonsense and will complain about a circular
dependency, so add this rule only on BSD platforms.
commit 0037ec7cb38994dda6ab5e4fa85ce595b9a59f6b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 12:29:31 2016 +0200
Fix a non-working cast to get rid of a compiler warning.
commit 25bcdad878eb7349d19ea877fdcc058d4c6b2242
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 11:38:56 2016 +0200
Don't use HAVE_SYSTEM, the autoconf check was removed.
commit cd5f222cc4e769395a7c6c8646abefe1d657f844
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 11:25:18 2016 +0200
Remove use of strcpy() and sprintf().
Even though they were safe, compilers like to warn about them nowadays.
commit d4410d0cce40929db9a0ce7042ef962f1867234d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 11:10:50 2016 +0200
Don't assume sa.sa_family is a short int.
Because FreeBSD's compiler complained about it.
commit d704a89ecc0811eb0cdac4e4be8ff3bdb0838976
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 15 11:00:14 2016 +0200
Add version_git.h and sample-config.tar.gz to CLEANFILES.
commit 3cceae93f61a44d4f9f38d729555b2f31e209beb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 23:51:18 2016 +0200
Make some platform-specific header checks conditional.
Don't check for linux/if_tun.h on BSD platforms for example.
commit d10834e92015f1e0e5bf74e03b161b3a5dc363fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 23:24:22 2016 +0200
Remove support for Windows 2000 and anything that doesn't support getaddrinfo().
commit 615ecb7a8a6e0ffc8d37f08fe46d5c50cef8b3e0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 23:10:59 2016 +0200
Remove checks for non-C99 compliant compilers.
commit ed09fa4e03c907736b2be0a831d10863ce4cae84
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 23:01:18 2016 +0200
Fix version_get.h generation on BSD.
It doesn't like .PHONY rules that are actually doing stuff. So make a really
phony rule that does nothing and depend in it in the version_git.h rule.
commit 2802b3a49797a0f58d6a8f4d9945d54acc64d996
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 22:59:42 2016 +0200
Fix typo in Makefile.am.
commit 46ebfbb6eb9966239f7826e002d99554420bbbc8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 17:29:25 2016 +0200
Use getcwd() instead of get_current_dir_name().
commit b5b04910b928c63a31a0859f04bf067ca9bd1cc2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 17:20:36 2016 +0200
Replace usleep() with nanosleep().
commit 491839a81aba00d4af50b66563cedaac4fa7028c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 17:05:10 2016 +0200
Fix compiling under MinGW.
commit 34ea20af73a35cd918ce9dc25796bebf9493b49c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 14 17:03:01 2016 +0200
Remove checks for headers and functions that are in C99.
commit fd3800324f4e4c67b087eaf5e0a61a184a270812
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 13 15:34:16 2016 +0200
Make text files Markdown-compatible.
commit 7f749c7e75c08549d7ce43838622624a8093de85
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 11 15:28:26 2016 +0200
Update .gitignore.
commit 9ba3e95a9a559240d16de71ca1513c7bfa98a70c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 11 15:27:08 2016 +0200
Remove elliptic curve stubs from gcrypt/, add PRF implementation.
commit 20dd1c21dc6d238200e62a1111a7d0d145168548
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 8 17:49:49 2016 +0200
Really don't compile getopt*.c if the system provides getopt_long().
commit 9527622abc75ef41498de70ed6ded6bf5b38cfac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 9 22:17:47 2016 +0200
Enable silent builds by default.
Cleaner build messages make it easier to spot compiler warnings and errors.
Use make V=1 to get the verbose output back.
# Conflicts:
# configure.ac
# doc/Makefile.am
commit 413faffca356b25cf69ddf0a718730d46f9941bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 10 15:04:59 2016 +0200
Update links in the documentation.
# Conflicts:
# doc/tinc.conf.5.in
# doc/tinc.texi
# src/avl_tree.c
# src/avl_tree.h
commit 5cbc12b3d482231fc7e71fbe176c91971993760e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 10 14:47:21 2016 +0200
Explicitly mention that LibreSSL can be used as well.
# Conflicts:
# doc/tinc.texi
# m4/openssl.m4
commit d7f6737cfcae75e8c2f522c68aaedee0519a6131
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 11 14:49:51 2016 +0200
Update support for BSD tun/tap devices, add support for OS X utun interfaces.
commit 2a7871990bc401921b8bb9accbc6a8206d564f72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 1 21:07:56 2015 +0100
Update "now" after connect() when making outgoing connections.
It could be that address resolution takes a long time, don't let that
count against a connection. This is especially important when using a
nameserver from the VPN.
# Conflicts:
# src/net_socket.c
commit cadbf587a09bd4adde664cd635b962315228b3f5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 3 20:06:12 2015 +0200
Never call putenv() with data on the stack.
Even though we are using putenv() here to remove items from the
environment, there is no guarantee that putenv() doesn't add the
argument to the environment anyway. In that case, we have to make sure
that it doesn't go away. We also don't want a memory leak, so keep a
list of things we unputenv()ed around, so we can reuse things.
Thanks to Poul-Henning Kamp for pointing out this problem.
# Conflicts:
# src/process.c
commit 0e8e53b4cee8f1ea27bad501cbc18292ced54fa1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 14 11:20:24 2015 +0200
Fix --logfile without a filename on Windows.
On Windows, the log filename now defaults to "tinc.log" in the same
directory as tinc.conf.
# Conflicts:
# src/tincd.c
commit c544e5e8fe22250b230a46f0340483db5403a6c1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 10 17:22:41 2016 +0200
Support ToS/DiffServ for IPv6 meta and UDP connections.
Also remember ToS/DiffServ priority for each socket individually. This
is a port of commits c72e237 and 042a6c1.
commit e355088535ee9ebb12a4db0043bf6a9743085b28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 8 18:09:30 2016 +0200
Use iface instead of interface.
This was accidentally added in commit 2f03a5d.
commit 6f97c0011572a1e12fa6267068b7f3fd46ceffd8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 10 17:01:04 2016 +0200
Update THANKS.
commit 8be447ac0227a8ecb89facb2831c121a7ca81748
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 10 16:51:03 2016 +0200
Update .gitignore.
commit 9f0fb224a6c2eab93b6917ef6c034423c49126cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 8 17:49:49 2016 +0200
Don't compile getopt*.c if the system provides getopt_long().
# Conflicts:
# configure.ac
# src/Makefile.am
# src/tincd.c
commit c2726dae62d632883f822741f9619265640e57b3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 10 16:38:45 2016 +0200
Fix typo.
Found by LunarShaddow.
commit e44c337eae674120745f7c7c56a1a70919ff40ca
Author: LunarShaddow <aflyhorse@hotmail.com>
Date: Mon Mar 7 15:43:04 2016 +0800
re-arrange include sequence to avoid a mingw introduced bug.
refers: https://www.cygwin.com/ml/cygwin/2012-12/msg00194.html
# Conflicts:
# src/cygwin/device.c
commit af83d0b9e87fe795a3d01d0ee3fb35e0d8579b88
Author: LunarShaddow <aflyhorse@hotmail.com>
Date: Mon Mar 7 15:42:34 2016 +0800
fix typo
commit bf50b3502a022b406424d0d03aaf7670133452b2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 28 16:38:49 2016 +0100
Fix for botched cherry-pick commit 60fb230.
commit 1ceea259c3ba5efb9b8b12161e75256270ba4804
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 27 14:46:01 2016 +0100
Add warnings for bad combinations of Device and Interface.
On Linux, the name of the tun/tap interface can be set freely. However,
on most other operating systems, tinc cannot change the name of the
interface. In those situations, it is possible to specify a Device and
an Interface that conflict with each other. On BSD, this can cause
$INTERFACE to be set incorrectly, on Windows, this results in a
potentially unreliable way in which a TAP-Win32 interface is selected.
# Conflicts:
# src/bsd/device.c
commit e3f80e9167ecef8db8add9359b6660ecdcaeb7af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 27 14:22:36 2016 +0100
Small fixes for the documentation.
# Conflicts:
# doc/tinc.texi
commit 72cfd4f047210cc7cab9014cbf48e007bfd704e6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 27 14:21:53 2016 +0100
Clarify that scripts are called synchronously.
# Conflicts:
# doc/tinc.conf.5.in
# doc/tinc.texi
commit 4d7469e0da6652bddc8acde499068db4b41b646d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 28 16:28:28 2016 +0100
Fix forwarding of edge updates.
Commit e4670fc accidentily prevented ADD_EDGE messages from propagating
in some cases.
commit 60fb2308e5bf1fd9ce642f6c4bcde81997593504
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 27 14:18:20 2016 +0100
Improve performance of edge updates.
commit 994adadf2752fd7515ee30ed5fdb91178a615fe9
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Fri Sep 25 16:51:51 2015 +0200
Remove forward declaration for do_decrement_ttl.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
commit 0f3ae1a9f29c845a69e44a4f691f43d6a6651583
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Fri Sep 25 15:35:28 2015 +0200
s/broadcast_packet_helper/route_broadcast/
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
commit 496f775568873bb769e48ceb644b15ab9f150d62
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Fri Sep 25 04:52:25 2015 +0200
Fix DecrementTTL option for packets destined to the local node.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
commit 17e54ea0bec4d3a3b9a760854dde6039c7a1c421
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Fri Sep 4 17:04:03 2015 +0200
Try to reply with node address only when decrementing the TTL.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
commit 92203bdbcb1af4a52c7ca9d0e1a271168435c905
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Fri Sep 4 04:00:57 2015 +0200
Fix source IP address for ICMP unreachable packets generated by tinc.
Try to send ICMP unreachable replies from an address assigned to the
local machine, instead of the destination address of the original
packet.
The address is found by looking up the route towards the sender of
the packet that generated the error; in usual configurations, this
is the tinc interface.
This also fixes the traceroute display in mtr when using the
DecrementTTL option.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
commit a8a3a2c8ceb19bcb6c2c3ef0647c94d7d0624b7a
Author: Vittorio Gambaletta (VittGam) <github@vittgam.net>
Date: Thu Sep 3 16:02:50 2015 +0200
Fix DecrementTTL option.
The option was not actually working, as it could be seen on traceroute or mtr.
The problem is that it was checking if the TTL was < 1 (so equal to 0) before decrementing it.
This meant that a packet with a TTL of 1 was being sent with a TTL of 0 on the VPN, instead of being discarded with the ICMP error message.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
commit ac9e32ff91ee2318c49808522f0c7d458c79eb44
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 28 15:48:19 2016 +0100
Use nostdinc instead of overriding DEFAULT_INCLUDES.
commit 96dd6e5f6c6f3f7717102fb3b38759b6cc0c0555
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 5 16:03:03 2015 +0200
Only check for -fno-strict-overflow if -fwrapv does not work.
commit 92f0c4db77a5e2733442491227625d0233f94a97
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 28 15:39:41 2016 +0100
Update .gitignore.
commit d8ca00fe40ff4b6d87e7e64c273f536fab462356
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jan 27 00:09:29 2016 +0100
Add the ability to sign and verify files.
commit 7418e9077f84db10ef6bb082a375870a7130bd7d
Merge: 420989e4 b6ed5c13
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 17 23:29:23 2016 +0100
Merge remote-tracking branch 'mweinelt/tinc-gui' into 1.1
commit 420989e4c3ff109c7d077b2f8c06506540f1c0bd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 14 15:07:22 2016 +0100
Only add a reflexive address when we're sure it's working.
commit cda5a477c8138226d184a176256d559971b4f7ed
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 10 16:45:05 2015 +0100
Use static buffers for recvmmsg(), initialize them only as needed.
As suggested by Michael Tokarev.
commit e4fd81ed2d66b8fe3c2857244fe3da85c803cf60
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 10 16:30:32 2015 +0100
Add support for recvmmsg().
Based on a patch from Samuel Thibault and input from Michael Tokarev.
commit cef40b8b978694fc0e7c02e292fcbb60806bf028
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 26 11:29:54 2015 +0100
list_delete() already free()s the deleted element.
commit 9fdf4278f8c8c1563d45205c9e9f1bc351bd814f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 24 16:48:44 2015 +0100
Don't leave dead outgoing_t's in the outgoing_list.
If an outgoing connection cannot be made because no address is known for
it, it should be removed from the outgoing_list, otherwise it will
prevent it from being re-added later when we do know addresses for it.
commit c58eba587da3ac884c6c18b64c262aed8fd1c452
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Nov 22 18:57:59 2015 +0000
Add upnp.h to tincd SOURCES.
This was missing from 513bffe1fee07bcbcb50691e221874adc1507857.
commit 613d586afd22159cee57c9524218c7200f4f1096
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Nov 22 17:14:14 2015 +0000
Don't unset validkey when receiving SPTPS handshakes over ANS_KEY.
This fixes a hairy race condition that was introduced in
1e89a63f1638e43dee79afbb18d5f733b27d830b, which changed
the underlying transport of handshake packets from REQ_KEY to ANS_KEY.
Unfortunately, what I missed in that commit is, on the receiving side,
there is a slight difference between req_key_h() and ans_key_h():
indeed, the latter resets validkey to false.
The reason why this is not a problem during typical operation is
because the normal SPTPS key regeneration procedure looks like this:
KEX ->
<- KEX
SIG ->
<- SIG
All these messages are sent over ANS_KEY, therefore the receiving side
will unset validkey. However, that's typically not a problem in practice
because upon reception of the last message (SIG), SPTPS will call
sptps_receive_record(), which will set validkey to true again, and
everything works out fine in the end.
However, that was the *typical* scenario. Now let's assume that the
SPTPS channel is in active use at the same time key regeneration
happens. Specifically, let's assume a normal VPN data packet sneaks in
during the key regeneration procedure:
KEX ->
<- KEX
<- (SPTPS packet, over TCP or UDP)
<- KEX (wtf?)
SIG -> (refused with Invalid packet seqno: XXX != 0)
At this point, both nodes are extremely confused and the SPTPS channel
becomes unusable with various errors being thrown on both sides. The
channel will stay down until automatic SPTPS channel restart kicks in
after 10 seconds.
(Note: the above is just an example - the race can occur on either side
whenever a packet is sent during the period of time between KEX and SIG
messages are received by the node sending the packet.)
I've seen this race occur in the wild - it is very likely to occur if
key regeneration occurs on a heavily loaded channel. It can be
reproduced fairly easily by setting KeyExpire to a short value (a few
seconds) and then running something like ping -f foobar -i 0.01.
The reason why this occurs is because tinc's TX code path triggers the
following:
- send_packet()
- try_tx()
- try_tx_sptps()
- validkey is false because we just received an ANS_KEY message
- waitingforkey is false because it's not used for key regeneration
- send_req_key()
- SPTPS channel restart (sptps_stop(), sptps_start()).
Obviously, it all goes downhill from there and the two nodes get very
confused quickly (for example the seqno gets reset, hence the error
messages).
This commit fixes the issue by keeping validkey set when SPTPS data is
received over ANS_KEY messages.
commit 95935cecb6290fd13b1266a96be1b8f9c1c54d0f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 21 19:41:14 2015 +0100
Update THANKS file.
commit 0f6d34dc1b43edc6f5bea45c17ce2d6a417265f1
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Nov 15 17:42:14 2015 +0000
Try to ensure we build correctly against various libminiupnpc versions.
Unfortunately, libminiupnpc has a somewhat... "peculiar" approach to
backwards compatibility for their API, where they reserve the right to
make breaking changes when they feel like it, forcing users to resort
to #ifdefs to ensure they use the correct API. Sigh.
Previously, tinc would only build against API versions <= 13, because I
was doing my initial development using miniupnpc-1.9.20140610 which is
the version that ships with Debian. The changes in this commit are
required for tinc to build against more recent versions, from
1.9.20150730 to the latest one at the time of this commit, 1.9.20151026.
commit 675e3b497bdc87f5a4dfdef7508cd2070850e69e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Nov 15 15:30:01 2015 +0000
Allow tinc to be built with miniupnpc on Windows.
Contrary to what I expected, it so happens that modern versions of MinGW
include an implementation of pthread natively by default, so there is no
need to introduce Win32-specific threading code. This means the only
changes required to make UPnP work on Windows are just build parameter
tuning.
This commit forces MinGW to be built statically. This makes linking
against miniupnpc simpler (otherwise we would have to handle the mess
of dllimport & co.) and it also prevents libwinpthread from being linked
dynamically (which it is by default), as this would require additional
DLLs to be distributed. Since static linking is how tinc is
traditionally built on Windows, I don't expect this to be a big deal.
commit 513bffe1fee07bcbcb50691e221874adc1507857
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Nov 15 13:40:07 2015 +0000
Add UPnP support to tincd.
This commit makes tincd capable of discovering UPnP-IGD devices on the
local network, and add mappings (port redirects) for its TCP and/or UDP
port.
The goal is to improve reliability and performance of tinc with nodes
sitting behind home routers that support UPnP, by making it less reliant
on UDP Hole Punching, which is prone to failure when "hostile" NATs are
involved.
The way this is implemented is by leveraging the libminiupnpc library,
which we have just added a new dependency on. We use pthread to run the
UPnP client code in a dedicated thread; we can't use the tinc event loop
because libminiupnpc doesn't have a non-blocking API.
commit 2bb567c6a31e333ebdd16d6d076ba9976e6ed4fb
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Nov 14 14:47:42 2015 +0000
Add a new optional dependency on the miniupnpc library.
The miniupnpc library is a lightweight UPnP-IGD client.
http://miniupnp.free.fr/
Contrary to other libraries, this dependency is disabled by default.
This is because the library is somewhat obscure and is only tangentially
useful, so enabling it by default would probably annoy most users.
commit bdd84660c756437cf3bc8f64adf612055acc84ea
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Nov 7 11:04:13 2015 +0000
Make sure the packet source MAC address is always set.
When tinc is used in router mode with a TAP device, Ethernet (MAC)
headers are not present in packets flowing over the VPN; it is the
node's responsibility to fill out this header before handing the
packet over to the TAP interface (which expects such headers).
Currently, tinc fills out the destination MAC address of the packet
(otherwise the host would not recognize the packets, and nothing would
work), but it does not fill out the source MAC address. In practice this
doesn't seem to cause any real issues (the host doesn't care about the
source address), but it does look weird when looking at the packets with
a sniffer, and it also result in the following valgrind warning:
==13651== Syscall param write(buf) points to uninitialised byte(s)
==13651== at 0x5C4B620: __write_nocancel (syscall-template.S:81)
==13651== by 0x1445AA: write_packet (device.c:183)
==13651== by 0x118C7C: send_packet (net_packet.c:1259)
==13651== by 0x12B70A: route_ipv4 (route.c:443)
==13651== by 0x12D5F8: route (route.c:971)
==13651== by 0x1152BC: receive_packet (net_packet.c:250)
==13651== by 0x117E1B: receive_sptps_record (net_packet.c:904)
==13651== by 0x1309A8: sptps_receive_data_datagram (sptps.c:488)
==13651== by 0x130A90: sptps_receive_data (sptps.c:508)
==13651== by 0x115569: receive_udppacket (net_packet.c:286)
==13651== by 0x119856: handle_incoming_vpn_data (net_packet.c:1499)
==13651== by 0x10F3DA: event_loop (event.c:287)
==13651== Address 0xffeffea3a is on thread 1's stack
==13651== in frame #6, created by receive_sptps_record (net_packet.c:821)
==13651==
This commit fixes the issue by filling out the source MAC address. It is
generated by negating the last byte of the device MAC address, which is
consistent with what route_arp() does.
In addition, this commit stops route_arp() from filling out the Ethernet
header of the packet - this is the responsibility of send_packet(), not
route().
commit 684bd659ae0c6ca623422851c245188037658698
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Wed Nov 4 19:18:12 2015 +0000
Revert "Cache node IDs in a hash table for faster lookups."
This reverts commit c2319e90b16962fe899bc60abc8af0e2542bb176.
As a general principle, I do not believe it is worthwhile to cache
nodes. Sure, it brings lookup time down from O(log n) to O(1), but
considering that the scalability target of tinc is around 1000 nodes
and log2(1000) is 10, that looks like premature optimization; tree
lookups should already be very fast. Therefore, I believe it makes sense
to remove the cache as a code cleanup initiative.
commit eeebff55c07c09c5bc5e62a7b2a21f68ecd1c802
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Wed Nov 4 19:07:14 2015 +0000
Use a splay tree for node UDP addresses in order to avoid collisions.
This commit replaces the node UDP address hash table "cache" with a
full-blown splay tree, aligning it with node_tree (name-indexed) and
node_id_tree (ID-indexed).
I'm doing this for two reasons. The first reason is to make sure we
don't suddenly degrade to O(n) performance when two "hot" nodes end up
in the same hash table bucket (collision).
The second, and most important, reason, has to do with the fact that
the hash table that was being used overrides elements that collide.
Indeed, it turns out that there is one scenario in which the contents of
node_udp_cache has *correctness* implications, not just performance
implications. This has to do with the way handle_incoming_vpn_data() is
implemented.
Assume the following topology:
A <-> B <-> C
Now let's consider the perspective of tincd running on B, and let's
assume the following is true:
- All nodes are using the 1.1 protocol with node IDs and relaying
support.
- Nodes A and C have UDP addresses that hash to the same value.
- Node C "wins" in the node_udp_cache (i.e. it overwrites A in the
cache).
- Node A has a "dynamic" UDP address (i.e. an UDP address that has been
detected dynamically and cannot be deduced from edge addresses).
Then, before this commit, A would be unable to relay packets through B.
This is because handle_incoming_vpn_data() will fall back to
try_harder(), which won't be able to match any edge addresses, doesn't
check the dynamic UDP addresses, and won't be able to match any keys
because this is a relayed packet which is encrypted with C's key, not
B's. As a result, tinc will fail to match the source of the packet and
will drop the packet with a "Received UDP packet from unknown source"
message.
I have seen this happen in the wild; it is actually quite likely to
occur when there are more than a handful of nodes because node_udp_cache
only has 256 buckets, making collisions quite likely. This problem is
quite severe because it can completely prevent all packet communication
between nodes - indeed, if node A tries to initiate some communication
with C, it will use relaying at first, until C responds and helps A
establish direct communication with it (e.g. hole punching). If relaying
is broken, C will not help establish direct communication, and as a
result no packets can make it through at all.
The bug can be reproduced fairly easily by reproducing the topology
above while changing the (hardcoded) node_udp_cache size to 1 to force a
collision. One will quickly observe various issues when trying to make A
talk to C. Setting IndirectData on B will make the issue even more
severe and prevent all communication.
Arguably, another way to fix this problem is to make try_harder()
compare the packet's source address to each node's dynamic UDP
addresses. However, I do not like this solution because if two "hot"
nodes are contending on the same hash bucket, try_harder() will be
called very often and packet routing performance will degrade closer to
O(N) (where N is the total number of nodes in the graph). Using a more
appropriate data structure fixes the bug without introducing this
performance problem.
commit 7a8515112a4bf94da3cec157ada6e0794a03b946
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 26 13:46:30 2015 +0100
Avoid undefined behavior.
Left shifts of negative values is undefined in C. This happens a lot in
the Ed25519 code. Cast to unsigned first, then cast the result back to
signed where necessary.
commit b6ed5c134fc43d438c622d24f949c240632f5e67
Author: Martin Weinelt <mweinelt@gmail.com>
Date: Mon Sep 28 06:34:15 2015 +0200
tinc-gui: Properly initialize class attributes for VPN in __init__
commit 927efeff6242e262b176976a1eb298891578f77d
Author: Martin Weinelt <mweinelt@gmail.com>
Date: Mon Sep 28 05:54:17 2015 +0200
tinc-gui: Use ArgumentParser, default to python2
commit e92bb7d1dd7adc02503e3ee795e53b15634df570
Author: Martin Weinelt <mweinelt@gmail.com>
Date: Mon Sep 28 05:34:22 2015 +0200
tinc-gui: Fix GetListCtrl method name in SuperListCtrl
wxPython wrongly expects camelcase method names, this however
is against PEP8
commit 53333d6d0d870de6801352bda106286255f14319
Author: Martin Weinelt <mweinelt@gmail.com>
Date: Mon Sep 28 05:31:59 2015 +0200
tinc-gui: Update Node object to correctly parse responses
The application was expecting a different respoonse from tinc
and wouldn't properly it, and thus not start at all.
commit 0c7e0210d900185d4c1a9ffd969dc2a26d9523a9
Author: Martin Weinelt <mweinelt@gmail.com>
Date: Mon Sep 28 05:20:03 2015 +0200
tinc-gui: Reformat codebase according to PEP8
commit 73068238436d8a22abb86e67b08f573b09fd04e1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 10:06:18 2015 +0200
Fix a few memory leaks in the CLI found by AddressSanitizer.
commit 543c0abbd91a7b076670b8763548b8d5849860a0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 10:05:24 2015 +0200
Fix struct node_status_t.
Although not a problem for tinc internally, the size of the struct was 12
bytes instead of 4, causing some problems when interpreting the value
received from tincd by the CLI.
commit 706d855e507980de3845556989d7de7a3b9c76e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 24 22:20:00 2015 +0200
Replace bare if statements with AS_IF in configure.ac.
commit f54a87b800d551bec4532a5d3bf124d02e167856
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 24 21:53:49 2015 +0200
Optionally install systemd service files.
If --with-systemd is given when running the configure script, two
systemd service files will be installed. There is a template
tinc@.service, which can be used to control individual instances of
tinc. For example:
systemctl enable tinc@foo
Will create an instance for tinc with netname foo. There is also a
tinc.service, which can be used to start and stop all instances at once.
commit 5ad43673acf03f86643f1463f1ebfa6e9ca189cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 24 17:10:25 2015 +0200
Add -I m4 back to ACLOCAL_AMFLAGS.
In commit b7b5d51, AC_CONFIG_MACRO_DIRS([m4]) was added to configure.ac,
which is the current proper way of including the m4 directory. However,
old versions of autoconf ignore it and need the -I m4 statement in
Makefile.am. Both the old and new way of indicating that the m4/
directory should be included can coexist.
commit ae89a25695411149a7499189c9771762ad1f1726
Author: Nathan Stratton Treadway <nathanst@ontko.com>
Date: Sat Sep 12 16:33:52 2015 +0200
Fix invalid checksum generation.
Use equation 3 given in RFC 1624 and the UpdateTTL() example function given
RFC 1141.
# Conflicts:
# src/route.c
commit 56a8b90d863171d62e0a337b5635fbfc53a67fb0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 22 14:33:56 2015 +0200
In sssp_bfs(), never try to update myself.
commit f75e6f61f280b138082b87ce69bdbdee3e4ba56e
Author: thorkill <thkr@hannover.ccc.de>
Date: Sun Jul 19 18:53:29 2015 +0200
Do not access e->to->prevedge if not defined
In some cases - mostly when e->to == myself the prevedge is set to NULL,
causing invalid memory access. In rare cases this may lead to malformed mst
or segfaults.
commit f92c3446f2052a59d1e6a28f1bc7cec278cb1e48
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 15 15:12:53 2015 +0200
Use AC_CONFIG_MACRO_DIR() instead of _DIRS().
The former is guaranteed to work with autoconf 2.58 and later, and we
don't have multiple m4 directories anyway.
commit 9ca1750245b28ed8306f150b6371139c656be111
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 12 16:31:32 2015 +0200
Fix the PRF function when compiling without OpenSSL.
commit 3c54765bcdf8bd6114da0cb31f45404950089e3a
Author: thorkill <thkr@hannover.ccc.de>
Date: Tue Jul 7 23:14:08 2015 +0200
Prevent tinc from forgeting e->local_address
If ADD_EDGE came from tinc version 1.0.x local_address.sa.sa_family is set to 0.
If it came from tinc version 1.1.x forwarded for older verion it will be 255 - AF_UNKNOWN.
commit 1e7ef381980a5c4c84d699522265290dde5ac728
Author: thorkill <thkr@hannover.ccc.de>
Date: Tue Jul 7 21:19:26 2015 +0200
Make sure we do not allocate new edge when talking to old nodes and the same edge already exists
When tinc gets ADD_EDGE from older versions it will allocate
new edge in protocol_edge.c:189 due to missed case in lines 149-171 where
local_address is not defined.
commit 7b831804aafa370a6c8d9e86caee31cda1a3dd72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 12 13:08:34 2015 +0200
Make subnet caches static.
commit 322ffadac43c7e357cc12340d7b8112a0aaad5af
Author: thorkill <thkr@hannover.ccc.de>
Date: Tue Jun 30 19:11:45 2015 +0200
Included missing names.h
commit b7b5d516137713c594990cd982a29f7e5718b45b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 12 13:05:51 2015 +0200
Use AC_CONFIG_MACRO_DIRS([m4]).
commit 97457716d7efc541d18d08263bbd338e94195bd9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 12 12:55:13 2015 +0200
Remove unused code that caused warnings about an uninitialized variable.
commit b22b9d438970a0442559949da35be9cc0ffaec00
Author: thorkill <thkr@hannover.ccc.de>
Date: Mon Jun 29 00:23:13 2015 +0200
Removed double break;
commit b396585383fe12c890ef7953efaa13a83963b5d7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 12 12:33:07 2015 +0200
Fix undefined behaviour when left-shifting signed integers.
Found by -fsanitize=undefined.
commit de7d9ee437bc0e5d72f8c6744e1df7ea7b64d2e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 4 17:53:11 2015 +0200
Call sockaddrfree(&e->local_address) in free_edge() instead of exit_edges().
The proper place to clean up resources of objects is in their
destructor. This makes sure proper cleanup when edge_del() is called as
well. At exit, free_edge() is called on all edges by free_edge_tree(),
which is called by exit_nodes().
commit 36cec9af88909cb2cf012d609e5c4d8c444ddab9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 4 17:51:05 2015 +0200
Coalesce two if statements that check for the same thing.
commit 14ccf509540e338502ad806f60bdc3f71ddce66f
Author: Jo-Philipp Wich <jow@openwrt.org>
Date: Thu Jun 18 23:58:31 2015 +0200
fix musl compatibility
Let configure include sys/if_tun.h when testing for netinet/if_ether.h
to detect the Kernel/libc header conflict on musl.
After this patch, configure will correctly detect netinet/if_ether.h as
unusable and the subsequent compilation will not attempt to use it.
Conflicts:
src/have.h
commit 37588b8d5cface1bc72424a198b1cc1a6044adb0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 4 17:18:40 2015 +0200
Don't #include OpenSSL headers when compiling without OpenSSL.
commit abb24e9d71b3edb9cacf4c04361cc0dfd4e6a061
Author: thorkill <thkr@hannover.ccc.de>
Date: Sat Jul 4 03:21:01 2015 +0200
Cleanup local_address in protocol_edge.c
In line 131 local_address has been defined,
but the memory was never freed on return.
commit 92df36a610421ed5fcae90e832f64e3acfb7d431
Author: thorkill <thkr@hannover.ccc.de>
Date: Sat Jul 4 02:39:12 2015 +0200
Cleanup edges stored in edge_weight_tree on exit
protocol_edge.c: 131 defines local_address using str2sockaddr
str2sockaddr() allocates memory which has to be freed on exit.
commit 1140ca6d3004b228947bad8736f0b49d6b169267
Author: thorkill <thkr@hannover.ccc.de>
Date: Sat Jul 4 00:29:36 2015 +0200
Fixed 2 leaks in setup_myself()
commit 0267aef826ba627aba3a525b36c0e7bfc0f9a221
Author: Florian Klink <flokli@flokli.de>
Date: Thu Jul 2 12:35:42 2015 +0200
setup_outgoing_connection: log to LOG_DEBUG on if no known address
With AutoConnect = yes, tinc tries to establish connections to known hosts.
However, you could have set no Address for this host, which is perfectly fine
(as long as there is at least one bootstrap node with an address or a local
discovered node already part of the network)
So log this to LOG_DEBUG
commit 91355b9ac5a80d6d7da6951a72ea0c22651bdfa8
Author: Florian Klink <flokli@flokli.de>
Date: Thu Jul 2 12:35:41 2015 +0200
(read|append)_config_file: log open errors as LOG_DEBUG
In a "decentrally managed vpn" it is very likely that host config
files for some reachable nodes do not exist. Currently, tinc
fills the logs with "Cannot open config file" messages.
This commit changes the log level to LOG_DEBUG so
syslog doesn't get filled by default.
commit ebffa40aa7832459f63801e3a91cc741e6b339a8
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jun 20 11:41:20 2015 +0100
Protect against callbacks removing items from the io tree.
The definition of the splay_each() macro is somewhat complicated for
syntactic reasons. Here's what it does in a more readable way:
for (splay_node_t* node = tree->head; node;) {
type* item = node->data;
splay_node_t* next = node->next;
// RUN USER BLOCK with (item)
node = next;
}
list_each() works in the same way. Since node->next is saved before the
user block runs, this construct supports removing the current item from
within the user block. However, what it does *not* support is removing
*other items* from within the user block, especially the next item.
Indeed, that will invalide the next pointer in the above loop and
therefore result in an invalid pointer dereference.
Unfortunately, there is at least one code path where that unsupported
operation happens. It is located in ack_h(), where the authentication
protocol code detects a double connection (i.e. being connected to
another node twice). Running in the context of a socket read event, this
code will happily terminate the *other* metaconnection, resulting in its
socket being removed from the io tree. If, by misfortune, this other
metaconnection happened to have the next socket FD number (which is
quite possible due to FD reuse - albeit unlikely), and was part of the
io tree (which is quite likely because if that connection is stuck, it
will most likely have pending writes) then this will result in the next
pending io item being destroyed. Invalid pointer dereference ensues.
I did a quick audit of other uses of splay_each() and list_each() and
I believe this is the only scenario in which this "next pointer
invalidation" problem can occur in practice. While this bug has been
there since at least 6bc5d626a8726fc23365ee705761a3c666a08ad4 (November
2012), if not sooner, it happens quite rarely due to the very specific
set of conditions required to trigger it. Nevertheless, it does manage
to crash my central production nodes every other week or so.
commit 7f020cf456b327313f0cfa8d103fb14f06f71994
Author: Dato Simó <dato@net.com.org.es>
Date: Tue Jun 16 20:44:45 2015 -0300
Fix typo in tinc.texi.
commit 45a46f068cf8fbe6cc8c59673de2d8580d18f87f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 10 23:42:17 2015 +0200
Fix crash is sptps_logger().
Unfortunately, sptps_logger() cannot know if s->handle is pointing to a
connection_t or a node_t. But it needs to print name and hostname in
both cases. So make sure both types have name and hostname fields at the
start with the same offset.
commit bfe231b977284ba78a582db96a05b5854ddf0d91
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 7 23:20:14 2015 +0200
Fix alignment of output of sptps_speed.
commit a797b4a19235be740c51bcb3bb6ec5de01915f46
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 7 23:14:48 2015 +0200
Fix receiving SPTPS data in sptps_speed and sptps_test.
The sptps_receive_data() was changed in commit d237efd to only process
one SPTPS record from a stream input. So now we have to put a loop
around it to ensure we process everything.
commit d8d1ab4ee1e92ec84fe9ea86eec2396275483a92
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 7 22:50:05 2015 +0200
Fix warnings about missing return value checks.
In some harmless places, checks for the return value of ECDSA and RSA
key generation and verification was omitted. Add them to keep the
compiler happy and to warn end users in case something is wrong.
commit ab0576a2034b03f92943ac477e4e97731a899554
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 7 22:25:22 2015 +0200
Fix autoconf check for function attributes.
GCC warns when a function attribute has no effect. The autoconf check
turns warnings about attributes into errors, therefore thinking that
they did not work. The reason was that the test function returned void,
which is not suitable for checking both __malloc__ and
__warn_unused_result__.
commit 84ecc972e5c11f683ac618c5a734a17c295d9b46
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 31 23:51:39 2015 +0200
Fix missing return value caused by the previous commit.
commit eca357ed916c9782a64a68a2f30b144d84027795
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 31 20:19:48 2015 +0100
Don't try to relay packets to unreachable nodes.
It is not unusual for tinc to receive SPTPS packets to be relayed to
nodes that just became unreachable, due to state propagation delays in
the metagraph.
Unfortunately, the current code doesn't handle that situation correctly,
and still tries to relay the packet to the unreachable node. This
typically ends up segfaulting.
This commit fixes the issue by checking for reachability before relaying
the packet.
commit 9e3adef5cb31cb73fbbbd25d3fce115aac107714
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 24 09:49:16 2015 +0100
Fix invalid pointer use in get_my_hostname().
clang-3.7 warnings surfaced an actual bug:
invitation.c:185:5: error: address of array 'filename' will always evaluate to 'true'
[-Werror,-Wpointer-bool-conversion]
if(filename) {
~~ ^~~~~~~~
The regression was introduced in 3ccdf50beb6b2d3f2730bdc66006b43190537cde.
commit 7fcfbe2bd2d14d13e06e3e2addfe0ea12b67873f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 24 09:45:09 2015 +0100
Fix wrong format string type in send_sptps_tcppacket().
This issue was found through a clang-3.7 warning:
protocol_misc.c:167:46: error: format specifies type 'short' but the argument has type 'int'
[-Werror,-Wformat]
if(!send_request(c, "%d %hd", SPTPS_PACKET, len))
~~~ ^~~
%d
commit 3e61c7233b087b8400c29ca7a8d079aad8b706d8
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat May 23 17:24:05 2015 +0100
Don't set up an ongoing connection to myself.
It is entirely possible that the configuration file could contain a
ConnectTo statement refering to its own name; that's a reasonable
scenario when one deploys semi-automatically generated tinc.conf files.
Amusingly, tinc does not like that at all, and actually sets up an
outgoing_t structure to myself (which obviously makes no sense). This is
mostly benign, though it does result in non-sensical "Already connected
to myself" messages every retry interval.
However, that also makes things blow up in close_network_connections(),
because there we delete the entire outgoing list and *then* the myself
node, which still has a reference to the freshly deleted outgoing
structure. Boom.
commit 8587e8c0d9ac997fcd2040470c1ccf5930bc18c3
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat May 23 10:24:00 2015 +0100
Fix crashes when trying unreachable nodes.
timeout_handler() calls try_tx(c->node) when c->edge exists.
Unfortunately, the existence of c->edge is not enough to conclude that
the node is reachable.
In fact, during connection establishment, there is a short period of
time where we create an edge for the node at the other end of the
metaconnection, but we don't have one from the other side yet.
Unfortunately, if timeout_handler() runs during that short time
window, it will call try_tx() on an unreachable node, which makes
things explode because that function is not prepared to handle that
case.
A typical symptom of this race condition is a hard SEGFAULT while trying
to send packets using metaconnections that don't exist, due to
n->nexthop containing garbage.
This patch fixes the issue by making try_tx() check for reachability,
and then making all code paths use try_tx() instead of the more
specialized methods so that they go through the check.
This regression was introduced in
eb7a0db18ea71a44999d6a37b4b179dac0ed9bc7.
commit 537a9366718b39278fd4eb33b2ac568011e374cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 21 11:09:01 2015 +0200
Update copyright notices.
commit 0a786ffbb9d293d7704b8e264f3943a616ed25cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 21 11:06:38 2015 +0200
Set the CLOEXEC flag on the umbilical socket.
commit 87e09527735632aae3f595f5a28667880ca4c8c1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 21:28:54 2015 +0200
Use socketpair() instead of pipe() for the umbilical.
This prepares for a possible conversion of the umbilical socket to a
control socket.
commit 19e0d449ebd06450c9d7f16f032c0806242c7515
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 21:25:06 2015 +0200
Don't write log messages to the umbilical pipe if we don't detach.
If we run in the foreground and are started by the CLI, this would
otherwise cause the first few log messages to appear twice.
commit 11868b890d1a7f4cfbfb37099393b32019010f66
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 16:59:43 2015 +0200
Ensure "tinc start" knows if the daemon really started succesfully.
We do this by creating an umbilical between the CLI and the daemon. The
daemon pipes log messages to the CLI until it starts the main loop. The
daemon then cuts the umbilical. The CLI copies all the received log
messages to stderr, and the last byte indicates whether the daemon
started succesfully or not, so the CLI can exit with a useful exit code.
commit 7f96ef081dc0dc41e3955e35c1a36a62fd47f72b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 11:11:12 2015 +0200
Fix check for LOCALSTATEDIR accessibility for the CLI.
The CLI does not need write access to the directory where the PID file
is stored, it just needs to be able to read the PID file.
commit 3ccdf50beb6b2d3f2730bdc66006b43190537cde
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 00:55:00 2015 +0200
Allocate temporary filenames on the stack.
This gets rid of xasprintf() in a number of places, and removes the need
to free() the temporary strings. A few potential memory leaks have been
fixed.
commit 58e8f598f38dbb2f210d8a62c8fb4b46513dc39f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 00:12:01 2015 +0200
Allow dumping a list of outstanding invitations.
This dumps the name of the invitation file, as well as the name of the
node that is being invited. This can make it easier to find the
invitation file belonging to a given node.
commit 7c8f54cdb2925ba787209f5358b62d3cee414d43
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 20 00:02:53 2015 +0200
Add "list" as an alias for "dump" in the CLI.
commit 69ba5f621e4931417f9f41061a7689e36c70e3d9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 22:26:32 2015 +0200
Quit with an error message if ioctl(TUNSETIFF) fails.
It is possible that opening /dev/net/tun works but that interface
creation itself fails, for example if a non-root user tries to create a
new interface, or if the desired interface is already opened by another
process. In this case, the ioctl() fails, but we actually silently
ignored this condition.
commit 60fbdb3f2cf0216afb2cfcc2c4128fb5765471ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 22:17:18 2015 +0200
If LOCALSTATEDIR is inaccessible, store the pid and socket files in the configuration directory.
The compile time local state directory is usually /var or
/usr/local/var. If this is not accessible for some reason, for example
because someone ./configured tinc without --localstatedir and
/usr/local/var does not exist, or if tinc is started by a non-root user,
then tinc will fall back to the directory where tinc.conf is stored.
A warning is logged when this happens.
commit dece2db78e2c4ccd6e617e69195754639b086170
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 21:32:30 2015 +0200
Don't log seqno failures in sptps_verify_datagram().
This function is not used for normal traffic, only when a packet from an
unknown source is received and we need to check against candidates. No
failures should be logger in this case; if the packet is really not
valid this will be logged by handle_incoming_vpn_data().
commit a7522118018928e17fc53840b420df570cf1bec5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 21:23:35 2015 +0200
Add source of SPTPS errors to log messages.
commit d89f37eb17196e38105a92d746ed7cb6b6f6ba45
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 14:25:20 2015 +0200
Add newline at end of precomp_data.h and sc.h.
commit d8a3a182de30d649ed6764dd5d64b57ad77a446e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 14:09:53 2015 +0200
Fix src/Makefile.am for *BSD.
Apparently the BSDs don't like $(srcdir) but want to see ${srcdir} in
their rules.
commit 96a323e16a1f3e99d0b498aa90423b060c3d458f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 19 13:31:26 2015 +0200
Remove info-in-builddir option from AM_INIT_AUTOMAKE().
This option is not supported by older, but still widely used versions of
automake. The drawback is that when doing multiple VPATH builds in a
row, the info manual may mention incorrect paths, but it doesn't affect
the executables at all.
commit 51b5aab9b042dffc6ef0791358f097895a3234eb
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Wed May 13 21:24:29 2015 +0200
Fix check for public key in invite-join.test.
Small fix to test/invite-join.test, comparing no-longer-existing
ECDSAPublicKey does not make sense.
commit a196e9b0fde1e8a67108eacd51ac663eac5a63ae
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon May 18 21:06:16 2015 +0100
Fix direct UDP communciation with pre-relaying 1.1 nodes.
try_tx_sptps() gives up on UDP communication if the recipient doesn't
support relaying. This is too restrictive - we only need the other node
to support relaying if we actually want to relay through them. If the
packet is sent directly, it's fine to send it to an old pre-node-IDs
tinc-1.1 node.
commit fef29d0193afc7e0a9dc766ef75b79cd4dc6fa37
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon May 18 20:48:45 2015 +0100
Don't parse node IDs if the sending node doesn't support them.
Currently, tinc tries to parse node IDs for all SPTPS packets, including
ones sent from older, pre-node-IDs tinc-1.1 nodes, and therefore doesn't
recognize packets from these nodes. This commit fixes that.
It also makes code slightly clearer by reducing the amount of fiddling
around packet offset/length.
commit 643149b44991121c618a2412c64072ad22955991
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon May 18 20:35:44 2015 +0100
Fix SPTPS condition in try_harder().
A condition in try_harder() is always evaluating to false when talking
to a SPTPS node because n->status.validkey_in is always false in that
case. Fix the condition so that the SPTPS status is correctly checked.
This prevented recent tinc-1.1 nodes from talking to older, pre-node-ID
tinc-1.1 nodes.
The regression was introduced in
6056f1c13bb37bf711dff9c25a6eaea99f14d31f.
commit 01d251986260faf306927aa91daff705ee0523d6
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 17 22:36:15 2015 +0100
Don't pollute the system header directory namespace.
Since commit 13f9bc1ff199bea46d3dde391a848f119e2cc0f0, tinc passes the
-I. option to the preprocessor so that version_git.h can be found during
out-of-tree ("VPATH") builds.
The problem is, this option also affects the directory search for files
included *from* system headers. For example, on MinGW, unistd.h contains
the following line:
#include <process.h>
Which, due to -I. putting the tinc directory at the head of the search
order, results in tinc's process.h being included instead of the file
from MinGW. Hilarity ensues.
This commit fixes the issue by using -iquote, which doesn't affect
system headers.
commit c1154bf696b0b3ad22126a76750d610e32e2ffc1
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 17 22:21:11 2015 +0100
Make sure the MIN() macro is defined.
On MinGW this is not automatically the case, thereby breaking the build.
commit 5c32bd1578d59e005f634621d17ca96af32bb630
Merge: aa52300b 1a7a9078 2cb216d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 17 21:07:45 2015 +0200
Merge remote-tracking branches 'dechamps/sptpsrestart' and 'dechamps/keychanged' into 1.1
commit 2cb216d83d825fcca2fa2b66c756b253f8f0828b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 17 19:23:12 2015 +0100
Don't send KEY_CHANGED messages if we don't support the legacy protocol.
KEY_CHANGED messages are only useful to invalidate keys for non-SPTPS nodes;
SPTPS nodes use a different internal mechanism (forced KEX) for that purpose.
Therefore, if we know we can't talk to legacy nodes, there's no point in
sending them these messages.
commit 1a7a9078c093f77950192c32be009bbe463fe372
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 17 18:50:11 2015 +0100
Proactively restart the SPTPS tunnel if we get receive errors.
There are a number of ways a SPTPS tunnel can get into a corrupt state.
For example, during key regeneration, the KEX and SIG messages from
other nodes might arrive out of order, which confuses the hell out of
the SPTPS code. Another possible scenario is not noticing another node
crashed and restarted because there was no point in time where the node
was seen completely disconnected from *all* nodes; this could result in
using the wrong (old) key. There are probably other scenarios which have
not even been considered yet. Distributed systems are hard.
When SPTPS got confused by a packet, it used to crash the entire
process; fortunately that was fixed by commit
2e7f68ad2b51648b89c4b5c61aeb4cec67c2fbbb. However, the error handling
(or lack thereof) leaves a lot to be desired. Currently, when SPTPS
encounters an error when receiving a packet, it just shrugs it off and
continues as if nothing happened. The problem is, sometimes getting
receive errors mean the tunnel is completely stuck and will not recover
on its own. In that case, the node will become unreachable - possibly
indefinitely.
The goal of this commit is to improve SPTPS error handling by taking
proactive action when an incoming packet triggers a failure, which is
often an indicator that the tunnel is stuck in some way. When that
happens, we simply restart SPTPS entirely, which should make the tunnel
recover quickly.
To prevent "storms" where two buggy nodes flood each other with invalid
packets and therefore spend all their time negotiating new tunnels, we
limit the frequency at which tunnel restarts happen to ten seconds.
It is likely this commit will solve the "Invalid KEX record length
during key regeneration" issue that has been seen in the wild. It is
difficult to be sure though because we do not have a full understanding
of all the possible conditions that can trigger this problem.
commit aa52300b2b6e9d923d6d5b8c95fa500f549620d0
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 17 17:51:05 2015 +0100
Trivial: make sptps_receive_data_datagram() a little more readable.
The new code updates variables as stuff is being consumed, so that the
reader doesn't have to do that in his head.
commit 30e839b0a1810b9cb0a2de2595cef2f8ebb06357
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 17 18:44:09 2015 +0200
Don't send local_address in ADD_EDGE messages if it's AF_UNSPEC.
commit 23fda4db6d1bb400a97f6d2a07d9b700f9546129
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun May 17 05:29:21 2015 +0200
Let sockaddr2hostname() handle AF_UNSPEC addresses.
commit 1e89a63f1638e43dee79afbb18d5f733b27d830b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 17 17:09:56 2015 +0100
Prevent SPTPS key regeneration packets from entering an UDP relay path.
Commit 10c1f60c643607d9dafd79271c3475cddf81e903 introduced a mechanism
by which a packet received by REQ_KEY could continue its journey over
UDP. This was based on the assumption that REQ_KEY messages would never
be used for handshake packets (which should never be sent over UDP,
because SPTPS currently doesn't handle lost handshake packets very
well).
Unfortunately, there is one case where handshake packets are sent using
REQ_KEY: when regenerating the SPTPS key for a pre-established channel.
With the current code, such packets risk getting relayed over UDP.
When processing a REQ_KEY message, it is impossible for the receiving
end to distinguish between a data SPTPS packet and a handshake packet,
because this information is stored in the type field which is encrypted
with the end-to-end key.
This commit fixes the issue by making tinc use ANS_KEY for all SPTPS
handshake messages. This works because ANS_KEY messages are never
forwarded using the SPTPS relay mechanisms, therefore they are
guaranteed to stick to TCP.
commit eecfeadeb4fc70ee002b81c20ba12ba3e3acb843
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 16 02:01:54 2015 +0200
Let sockaddr2str() handle AF_UNSPEC addresses.
commit 613c121cdceec0199dc4d056857be021ed1d21de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 15 23:35:46 2015 +0200
Try all addresses for the hostname in an invitation URL.
commit 54a8bd78e3fbe2de4d9daea748643f9c9b5b240e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 15 23:08:53 2015 +0200
Be more liberal accepting ADD_EDGE messages with conflicting local address information.
If the ADD_EDGE is for one of the edges we own, and if it is not the
same as we actually have, send a correcting ADD_EDGE back. Otherwise, if
the ADD_EDGE contains new information, update our idea of the local
address for that edge.
If the ADD_EDGE does not contain local address information, then we
never make a correction nor log a warning.
commit 8028e01100eb40f64da5e50ef33fbf9e3f8099de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 15 23:01:06 2015 +0200
Use AF_UNSPEC instead of AF_UNKNOWN for unspecified local address in add_edge_h().
AF_UNKNOWN is reserved for valid addresses that the local node cannot
parse, but remote nodes possibly can.
commit fd1cff6df23c3f16a46edaff8a52a7212914b2f0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 15 00:21:48 2015 +0200
Fix receiving UDP packets from tinc 1.0.x nodes.
In try_mac(), the wrong offsets were used into the packet buffer,
causing the digest verification to always fail.
commit 44e9f1e1d8d6dbd4625e5458cfffcf6b5168374a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 13 14:28:28 2015 +0200
Fix invitations.
These were broken due to a change in behaviour of sptps_receive_data()
introduced in commit d237efd325cd7bdd73f5eb111c769470238dce6e.
commit 7e6b2dd1ea51057b7135139c200d97a9e8f9c9cb
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 10 19:00:03 2015 +0100
Introduce raw TCP SPTPS packet transport.
Currently, SPTPS packets are transported over TCP metaconnections using
extended REQ_KEY requests, in order for the packets to pass through
tinc-1.0 nodes unaltered. Unfortunately, this method presents two
significant downsides:
- An already encrypted SPTPS packet is decrypted and then encrypted
again every time it passes through a node, since it is transported
over the SPTPS channels of the metaconnections. This
double-encryption is unnecessary and wastes CPU cycles.
- More importantly, the only way to transport binary data over
standard metaconnection messages such as REQ_KEY is to encode it
in base64, which has a 33% encoding overhead. This wastes 25% of the
network bandwidth.
This commit introduces a new protocol message, SPTPS_PACKET, which can
be used to transport SPTPS packets over a TCP metaconnection in an
efficient way. The new message is appropriately protected through a
minor protocol version increment, and extended REQ_KEY messages are
still used with nodes that do not support the new message, as well as
for the intial handshake packets, for which efficiency is not a concern.
The way SPTPS_PACKET works is very similar to how the traditional PACKET
message works: after the SPTPS_PACKET message, the raw binary packet is
sent directly over the metaconnection. There is one important
difference, however: in the case of SPTPS_PACKET, the packet is sent
directly over the TCP stream completely bypassing the SPTPS channel of
the metaconnection itself for maximum efficiency. This is secure because
the SPTPS packet that is being sent is already encrypted with an
end-to-end key.
commit d237efd325cd7bdd73f5eb111c769470238dce6e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 10 19:28:11 2015 +0100
Only read one record at a time in sptps_receive_data().
sptps_receive_data() always consumes the entire buffer passed to it,
which is somewhat inflexible. This commit improves the interface so that
sptps_receive_data() consumes at most one record. The goal is to allow
non-SPTPS stuff to be interleaved with SPTPS records in a single TCP
stream.
commit de14308840a96060d700c93117789e83ec948c01
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 10 18:05:19 2015 +0100
Rename REQ_SPTPS to SPTPS_PACKET.
REQ_SPTPS implies the message has an ANS_ counterpart (like REQ_KEY,
ANS_KEY), but it doesn't. Therefore dropping the REQ_ seems more
appropriate, and we add a _PACKET suffix to reduce the likelihood of
naming conflicts.
commit 10c1f60c643607d9dafd79271c3475cddf81e903
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat May 9 18:09:23 2015 +0100
Try to use UDP to relay SPTPS packets received over TCP.
Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY
encapsulation mechanism, it forwards it like any other TCP request. This
is inefficient, because even though we received the packet over TCP,
we might have an UDP link with the next hop, which means the packet
could be sent over UDP.
This commit removes that limitation by making sure SPTPS data packets
received through REQ_KEY requests are not forwarded as-is but passed
to send_sptps_data() instead, thereby using the same code path as if
the packet was received over UDP.
commit 1296f715b57c88c17299cacadaccdc0be898e0b1
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat May 9 17:54:34 2015 +0100
Expose the raw SPTPS send interface from net_packet.
net_packet doesn't actually use send_sptps_data(); it only uses
send_sptps_data_priv(). In addition, the only user of send_sptps_data()
is protocol_key. Therefore it makes sense to expose
send_sptps_data_priv() directly, and move send_sptps_data() (which is
basically just boilerplate) as a local function in protocol_key.
commit 8e43a2fc744559956640d3eb9a7a26a945d94fde
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 10 18:46:47 2015 +0100
Use the correct originator node when relaying SPTPS UDP packets.
Currently, when relaying SPTPS UDP packets, the code uses the direct
sender as the originator, instead of preserving the original source ID.
This wouldn't cause any issues in most cases because the originator and
the sender are the same in simple one-hop relay chains, but this will
break as soon as there is more than one relay.
commit 9d223cb7e7f337c6b9707f07e3e9796108a3b597
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun May 10 18:37:30 2015 +0100
When relaying, send probes to the destination, not the source.
This seems to be a typo from c23e50385d9de538af676706596f6508b2ceb01a.
Achievement unlocked: got a one-line commit wrong.
commit 13f9bc1ff199bea46d3dde391a848f119e2cc0f0
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 16:01:41 2014 +0100
Add support for out-of-tree ("VPATH") builds.
This fixes some issues with the build system when building out of tree.
With this commit, it is now possible to do the following:
$ cd /tmp/build
$ /path/to/tinc/configure
$ make
commit 462e9892ae2765d0c7036005fafe036fd2a9f4f2
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 16:21:32 2014 +0100
Remove explicit distribution rules for m4 scripts.
It turns out Automake is smart enough to include these files in the
distribution by itself.
commit 362b79176439a2eb643612633aa0ff210a6a4d81
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 9 15:41:37 2015 +0200
Really remove "release-" from the git-derived version string.
commit b109e8b16488f9bbfdc4aefe0e9b00c4f202e905
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 18:26:55 2014 +0100
Use git describe to populate autoconf's VERSION.
This uses the output of "git describe" directly in configure.ac to
determine the version number to use, instead of hardcoding it.
With this change, current version information is completely removed
from the codebase itself, and is always fetched on-the-fly from git as
the single source of truth.
In order to ensure make dist always uses the current version number in
the contents of the packaged configure script as well as the package
name, a dependency is added to the dist target such that autoconf is
always run before dist to regenerate the version number. If this wasn't
the case, make dist would use the version number from when autoconf was
originally run, not the version number that make dist is running from.
That said, errors from that rule are ignored so that people can still
run make dist without a working autoconf.
In addition, the NEWS check is dropped, as it would then become annoying
because it would force make dist users to always have a line for the
current commit in the NEWS file.
commit 1c77069064e0cf0e0ddd81bab1b1354a8952fb33
Author: Pierre Emeriaud <petrus.lt@gmail.com>
Date: Sat May 9 00:03:51 2015 +0200
Fix typo in tincctl help.
commit 54554cc2765befc2e95fd7fe2fedfd75a94b5926
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 5 23:05:22 2015 +0200
Don't include build-time generated version_git.h in the tarball.
commit c46bdbde18629f0a0613c776c13a79fea0ec6093
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 5 23:03:41 2015 +0200
Remove "release-" from displayed git version.
Also make sure that version_git.h is only written to if the "git
describe" command succeeds.
commit 120e0567cba17eeb57c12a34686fddbbb491b62f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 15:22:10 2014 +0100
Use git description as the tinc version.
Instead of using the hardcoded version number in configure.ac, this
makes tinc use the live version reported by "git describe",
queried on-the-fly during the build process and regenerated for every
build.
This makes tinc version output more useful, as tinc will now display the
number of commits since the last tag as well as the commit the binary is
built from, following the format described in git-describe(1).
Here's an example of tincd --version output:
tinc version release-1.1pre10-48-gc149315 (built Jun 29 2014 15:21:10, protocol 17.3)
When building directly from a release tag, this will look like the following:
tinc version release-1.1pre10 (built Jun 29 2014 15:21:10, protocol 17.3)
(Note that the format is slightly different - because of the way the
tags are named, it says "release-1.1pre10" instead of just "1.1pre10")
If git describe fails (for example when building from a release
tarball), the build automatically falls back to the autoconf-provided
VERSION macro (i.e. the old behavior).
commit 95594f47384b60a6f994f0fca6fd9f79b2b283aa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 24 23:51:29 2015 +0200
Fix typo 0fda572c88d02b0b200ef81d72cc4da594fa0e38 that prevented some errors from being logged.
commit 0fda572c88d02b0b200ef81d72cc4da594fa0e38
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 24 23:43:58 2015 +0200
Don't log an error message when receiving a TERMREQ.
commit ea1e815223e99f3747f94cf0d10eb06e52f70b21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 24 23:43:19 2015 +0200
Fix a possible segmentation fault during key upgrades.
read_rsa_public_key() was bailing out early if the given node already has an Ed25519 key, and
returned true even though c->rsa was NULL. The early bailout code isn't necessary anymore, so just
remove it.
commit 2059814238320b761fb93608b7f8a114de861302
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 24 23:40:20 2015 +0200
Allow one-sided upgrades to Ed25519.
This deals with the case where one node knows the Ed25519 key of another node, but not the other
way around. This was blocked by an overly paranoid check in id_h(). The upgrade_h() function already
handled this case, and the node that already knows the other's Ed25519 key checks that it has not
been changed, otherwise the connection will be aborted.
commit 3def9d2ad88a9015af4c42aac329e0e2a80679f7
Merge: 95921696 0c010ff9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 12 15:43:05 2015 +0200
Merge remote-tracking branch 'dechamps/wintapver' into 1.1
commit 95921696a49d1eff058880c90a80efd208de959d
Merge: f500a3d4 7027bba5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 12 15:42:48 2015 +0200
Always call res_init() before getaddrinfo().
Unfortunately, glibc assumes that /etc/resolv.conf is a static file that
never changes. Even on servers, /etc/resolv.conf might be a dynamically
generated file, and we never know when it changes. So just call
res_init() every time, so glibc uses up-to-date nameserver information.
Conflicts:
src/have.h
src/net.c
src/net_setup.c
commit f500a3d4e6e51ea1d88235e89e494ecb8f71ba5b
Merge: 41798146 89715454
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 12 15:36:50 2015 +0200
Merge remote-tracking branch 'dechamps/windevice' into 1.1
commit 417981462a2dde7800768eb58cf8f4e5238d4ad7
Merge: 11effab8 176ee015
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 12 15:35:50 2015 +0200
Merge remote-tracking branch 'dechamps/winmtu' into 1.1
commit 11effab85b6b278ccf0ac3ba52a12bbca3e3dcc5
Merge: 9e71b74e 43b41e90
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 12 15:35:37 2015 +0200
Merge remote-tracking branch 'dechamps/fsckwin' into 1.1
commit 9e71b74ed83c51e0b35114a4f153b62b54fd3702
Merge: 76a9be5b fa432426
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 12 15:34:50 2015 +0200
Merge remote-tracking branch 'dechamps/staticfix' into 1.1
commit 0c010ff9fe50b4046b5c7977bafac3e74037f075
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 15 18:30:39 2015 +0000
Warn about performance if using TAP-Windows >=9.21.
Testing has revealed that the newer series of Windows TAP drivers (i.e.
9.0.0.21 and later, also known as NDIS6, tap-windows6) suffer from
serious performance issues in the write path. Write operations seems to
take a very long time to complete, resulting in massive packet loss even
for throughputs as low as 10 Mbit/s.
I've made some attempts to alleviate the problem using parellelism. By
using custom code that allows up to 256 write operations at the same
time the results are much better, but it's still about 2 times worse
than the traditional 9.0.0.9 driver.
We need to investigate more and file a bug against tap-windows6, but in
the mean time, let's inform the user that he might not want to use the
latest drivers.
commit 0f328d9d2853ca723ff3205f39bb22207d21a932
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 15 18:18:04 2015 +0000
Log TAP-Windows driver version on startup.
This is generally useful. We've seen issues that are specific to some
version of these drivers (especially the newer 9.0.0.21 version), so
it's relevant to log it, especially since that means it will be
copy-pasted by people posting their logs asking for help.
commit 7027bba541eca3e34f689bebd6f6e408ba4e7710
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 15 18:01:03 2015 +0000
Increase the ReplayWindow default from 16 to 32.
As a rule, it seems reasonable to make sure that tinc operates correctly
on at least 1G links, since these are pretty common. However, I have
observed replay window issues when operating at speeds of 600 Mbit/s and
above, especially when the receiving end is a Windows system (not sure
why). This commit increases the default so that this won't occur on
fresh setups.
commit 94f49a163aa570ea272bf3bbd7734187098d88b7
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 15 17:50:53 2015 +0000
Set the default for UDPRcvBuf and UDPSndBuf to 1M.
It may not be obvious, but due to the way tinc operates (single-threaded
control loop with no intermediate packet buffer), UDP send and receive
buffers can have a massive impact on performance. It is therefore of
paramount importance that the buffers be large enough to prevent packet
drops that could occur while tinc is processing a packet.
Leaving that value to the OS default could be reasonable if we weren't
relying on it so much. Instead, this makes performance somewhat
unpredictable.
In practice, the worst case scenario occurs on Windows, where Microsoft
had the brillant idea of making the buffers 8K in size by default, no
matter what the link speed is. Considering that 8K flies past in a
matter of microseconds on >1G links, this is extremely inappropriate. On
these systems, changing the buffer size to 1M results in *obscene*
raw throughput improvements; I have observed a 10X jump from 40 Mbit/s
to 400 Mbit/s on my system.
In this commit, we stop trusting the OS to get this right and we use a
fixed 1M value instead, which should be enough for <=1G links.
commit 89715454c083aaeb4dc73340f2d0ab9a3d9503e0
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Mar 14 18:19:22 2015 +0000
Fix Windows device asynchronous write behavior.
Write operations to the Windows device do not necessarily complete
immediately; in fact, with the latest TAP-Win32 drivers, this never
seems to be the case.
write_packet() does not handle that case correctly, because the
OVERLAPPED structure and the packet data go out of scope before the
write operation completes, resulting in race conditions.
This commit fixes the issue by making sure these data structures are
kept in global scope, and by dropping any packets that may arrive while
the previous write operation is still pending.
commit 675142c7d88c9d325c0ca0bc5761072a5d810c75
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Mar 14 17:27:14 2015 +0000
When disabling the Windows device, wait for pending reads to complete.
On Windows, when disabling the device, tinc uses the CancelIo() to
cancel the pending read operation, and then proceeds to delete the event
handle immediately.
This assumes that CancelIo() blocks until the pending read request is
completely torn down and no references to it remain. While MSDN is not
completely clear on that subject, it does suggest that this is not the
case:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363791.aspx
If the function succeeds [...] the cancel operation for all pending
I/O operations issued by the calling thread for the specified file
handle was successfully requested.
This implies that cancellation was merely "requested", and that there
are no guarantees as to the state of the operation when CancelIo()
returns. Therefore, care must be taken not to close event handles
prematurely.
While I'm no aware of this potential race condition causing any problems
in practice, I don't want to take any chances.
commit 176ee015267d87ff4fd4d2615e9f5ac978116171
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 15 10:00:56 2015 +0000
Make sure packet header structures are correctly packed on Windows.
Modern versions of GCC handle structure packing differently when
compiling for Windows, as reported in the following GCC bug report:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991
In practice, this affects tinc because it uses packed structs as a
convenient way to populate packet headers. "struct ip" is especially
affected - on Linux, sizeof(struct ip) returns 20 as expected, while on
Windows, it returns 24 because of the broken alignment.
This in turn completely breaks code that has to populate an IP header.
Specifically, this breaks route_ipv4_unreachable() which is responsible,
among other things, for the generation of ICMP Fragmentation Needed
messages. On Windows, these messages are corrupted beyond hope because
of this alignment issue. For TCP connections that are established
before tinc obtains a fix on the MTU (and thus are not MSS clamped),
this can result in massive disruption.
This commit fixes the issue by forcing GCC to use standard alignment
for all packed structures in the tinc codebase instead of the MSVC
alignment.
commit 43b41e9095e6261c53da1ae46117d018296c3b68
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Mar 14 16:17:32 2015 +0000
Fix HAVE_DECL_RES_INIT conditionals.
HAVE_DECL_RES_INIT is generated using AC_CHECK_DECLS. tinc checks this
symbol using #ifdef, which is wrong because (according to autoconf docs)
the symbol is always defined, it's just set to zero if the check failed.
This broke the Windows build starting from
0b310bf406dbe58afe37fa31156b9ea47599d7be, because it introduced this
conditional in code that's not excluded from the Windows build.
commit 4989362300f800a6f407508f1e0127867cf80cba
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Mar 14 16:07:54 2015 +0000
Fix invalid getuid() call on Windows.
This is breaking the Windows build. Regression was introduced in
268e3ffca7b45cfc736e1bc9bec7a113c6c45701.
commit fa432426df7e2e364e310ab4bac28e60f732a3c9
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Mar 14 14:04:50 2015 +0000
Don't send UDP probes past static relays.
Ironically, commit 0f8e2cc78cafe47a087d3fc9b480551b841aeb30 introduced
a regression on its own, since it accidently removed a return statement
that prevented try_tx_sptps() from sending UDP/MTU probes to nodes that
are past static relays.
commit 76a9be5bce43a1a7363c670882f5315c824c903c
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 8 20:17:27 2015 +0000
Throttle the rate of MTU_INFO messages.
This makes sure MTU_INFO messages are only sent at the maximum rate of
5 per second (by default). As usual with these "probe" mechanisms, the
rate of these messages cannot be higher than the rate of data packets
themselves, since they are sent from the RX path.
commit 467397f25d3a99ec1a97d4419502c37b64276f49
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 8 19:54:44 2015 +0000
Throttle the rate of UDP_INFO messages.
This makes sure UDP_INFO messages are only sent at the maximum rate of
5 per second (by default). As usual with these "probe" mechanisms, the
rate of these messages cannot be higher than the rate of data packets
themselves, since they are sent from the RX path.
commit b1421b919090351e885ed3d06df67fb2eb69e765
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 8 18:54:50 2015 +0000
Add MTU_INFO protocol message.
In this commit, nodes use MTU_INFO messages to provide MTU information.
The issue this code is meant to address is the non-trivial problem of
finding the proper MTU when UDP SPTPS relays are involved. Currently,
tinc has no idea what the MTU looks like beyond the first relay, and
will arbitrarily use the first relay's MTU as the limit. This will fail
miserably if the MTU decreases after the first relay, forcing relays to
fall back to TCP. More generally, one should keep in mind that relay
paths can be arbitrarily complex, resulting in packets taking "epic
journeys" through the graph, switching back and forth between UDP (with
variable MTUs) and TCP multiple times along the path.
A solution that was considered consists in sending standard MTU probes
through the relays. This is inefficient (if there are 3 nodes on one
side of relay and 3 nodes on the other side, we end up with 3*3=9 MTU
discoveries taking place at the same time, while technically only
3+3=6 are needed) and would involve eyebrow-raising behaviors such as
probes being sent over TCP.
This commit implements an alternative solution, which consists in
the packet receiver sending MTU_INFO messages to the packet sender.
The message contains an MTU value which is set to maximum when the
message is originally sent. The message gets altered as it travels
through the metagraph, such that when the message arrives to the
destination, the MTU value contained in the message can be used to
send packets while making sure no relays will be forced to fall back to
TCP to deliver them.
The operating principles behind such a protocol message are similar to
how the UDP_INFO message works, but there is a key difference that
prevents us from simply reusing the same message: the UDP_INFO message
only cares about relay-to-relay links (i.e. it is sent between static
relays and the information it contains only makes sense between two
adjacent static relays), while the MTU_INFO cares about the end-to-end
MTU, including the entire relay path. Therefore, UDP_INFO messages stop
when they encounter static relays, while MTU_INFO messages don't stop
until they get to the original packet sender.
Note that, technically, the MTU that is obtained through this mechanism
can be slightly pessimistic, because it can be lowered by an
intermediate node that is not being used as a relay. Since nodes have no
way of knowing whether they'll be used as dynamic relays or not (and
have no say in the matter), this is not a trivial problem. That said,
this is highly unlikely to result in noticeable issues in realistic
scenarios.
commit 9bb230f30f665779eb89dcce077a15360ec50be1
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jan 3 17:46:33 2015 +0000
Add UDP_INFO protocol message.
In this commit, nodes use UDP_INFO messages to provide UDP address
information. The basic principle is that the node that receives packets
sends UDP_INFO messages to the node that's sending the packets. The
message originally contains no address information, and is (hopefully)
updated with relevant address information as it gets relayed through the
metagraph - specifically, each intermediate node will update the message
with its best guess as to what the address is while forwarding it.
When a node receives an UDP_INFO message, and it doesn't have a
confirmed UDP tunnel with the originator node, it will update its
records with the new address for that node, so that it always has the
best possible guess as to how to reach that node. This applies to the
destination node of course, but also to any intermediate nodes, because
there's no reason they should pass on the free intel, and because it
results in nice behavior in the presence of relay chains (multiple nodes
in a path all trying to reach the same destination).
If, on the other hand, the node does have a confirmed UDP tunnel, it
will ignore the address information contained in the message.
In all cases, if the node that receives the message is not the
destination node specified in the message, it will forward the message
but not before overriding the address information with the one from its
own records. If the node has a confirmed UDP tunnel, that means the
message is updated with the address of the confirmed tunnel; if not,
the message simply reflects the records of the intermediate node, which
just happen to be the contents of the UDP_INFO message it just got, so
it's simply forwarded with no modification.
This is similar to the way ANS_KEY messages are currently
overloaded to provide UDP address information, with two differences:
- UDP_INFO messages are sent way more often than ANS_KEY messages,
thereby keeping the address information fresh. Previously, if the UDP
situation were to change after the ANS_KEY message was sent, the
sender would virtually never get the updated information.
- Once a node puts address information in an ANS_KEY message, it is
never changed again as the message travels through the metagraph; in
contrast, UDP_INFO messages behave the opposite way, as they get
rewritten every time they travel through a node with a confirmed UDP
tunnel. The latter behavior seems more appropriate because UDP tunnel
information becomes more relevant as it moves closer to the
destination node. The ANS_KEY behavior is not satisfactory in some
cases such as multi-layered graphs where the first hop is located
before a NAT.
Ultimately, the rationale behind this whole process is to improve UDP
hole punching capabilities when port translation is in effect, and more
generally, to make tinc more reliable in (very) hostile network
conditions (such as multi-layered NAT).
commit 6568cffd52d4803effaf52a9bb9c98d69cf7922a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 14 12:02:29 2015 +0000
--syslog and --logfile are mutually exclusive.
commit 15ad628f06895175d7e629ce0188805dc00159fd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 14 12:02:06 2015 +0000
Fix the case where we detach and use --logfile.
commit 04fc19112da5e7fcefefcf6e490987cdcfb6f620
Merge: f9ecaa10 19d16e40
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 14 11:45:55 2015 +0000
Merge remote-tracking branch 'seehuhn/1.1' into 1.1
commit f9ecaa10768926302f24a70975f36e360b51c8ce
Merge: c23e5038 2e7f68ad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 14 11:44:38 2015 +0000
Merge remote-tracking branch 'dechamps/sptpsabort' into 1.1
commit 19d16e40ccfb39461eda5336f4e754e10a640aba
Author: Jochen Voss <voss@seehuhn.de>
Date: Fri Mar 13 11:05:22 2015 +0000
Add a new --syslog option for tincd.
This commit adds a new command line option for tincd which allows to
use tincd in non-detached mode with log messages still going to
syslog. The motivation for this change is to ease use of tincd
in Docker containers.
commit 2e7f68ad2b51648b89c4b5c61aeb4cec67c2fbbb
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 8 17:32:39 2015 +0000
Don't abort() willy-nilly in SPTPS code.
If receive_handshake() or the receive_record() user callback returns an
error, sptps_receive_data_datagram() crashes the entire process. This is
heavy-handed, makes tinc very brittle to certain failures (i.e.
unexpected packets), and is inconsistent with the rest of SPTPS code.
commit c23e50385d9de538af676706596f6508b2ceb01a
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 8 14:32:01 2015 +0000
Fix UDP/MTU discovery in intermediate SPTPS UDP relays.
Refactoring commit 81578484dc74fd92f1b01f71f882016f120ab1de seems to
have introduced a regression as it moved discovery code away from
send_sptps_data_priv() and within send_packet(). The issue is,
send_packet() is not called when the node is simply relaying an UDP
SPTPS packet: indeed, send_sptps_data_priv() is called directly from
handle_incoming_vpn_data() in that case.
As a result, try_tx_sptps() is not called in the relaying case, which in
practice means that a relay doesn't initiate UDP/MTU discovery with the
next relay (unless some other activity compels it to do so). This can
result in packets getting sent over TCP instead of UDP from the relay.
commit 0f8e2cc78cafe47a087d3fc9b480551b841aeb30
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Mar 8 14:20:15 2015 +0000
Fix dynamic UDP SPTPS relaying.
Refactoring commit 0e653260478005eb7c824a9a1a3df04f39938cd6 broke UDP
SPTPS relaying by accidently removing try_tx_sptps() logic related to
establishing connectivity to so-called "dynamic" relays (i.e. relays
that are not specified by IndirectData configuration statements, but
are used on-the-fly to circumvent loss of direct UDP connectivity).
Specifically, the TX path was not trying to establish a tunnel to
dynamic relays (nexthop) anymore. This meant that MTU was not being
discovered with dynamic relays, which basically meant that all packets
being sent to dynamic relays went over TCP, thereby defeating the whole
purpose of SPTPS UDP relaying.
Note that this bug could easily go unnoticed if a tunnel was established
with the dynamic tunnel for some other reason (i.e. exchanging actual
data packets with the relay node).
commit 537c3528863c4736e877c4d1b6c6579940e6df5d
Author: xentec <artificial.i7@gmail.com>
Date: Tue Feb 17 04:02:35 2015 +0100
Fix compile errors introduced in cfe9285adf391ab66faeb5def811fe08e47a221a
Compiling with `--disable-legacy-protocol` resulted in failure caused by the missing exclusion of some symbols in net_packet.c.
commit cffcaf966b65a61943a00120f1ec5c868c917c1f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 16 08:42:30 2015 +0100
Suppress warnings about parsing Ed25519 keys when they are not present.
commit 833a8a048b22612cd12d703d55a71448b7179b4a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 16 08:26:49 2015 +0100
Document that --force should precede commands.
commit 85000a30ca68d3c8e9a98eb9537f4d1505bd849e
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Tue Feb 10 01:17:12 2015 +0100
Fixed variables.test testsuite after 'Make "tinc add" idempotent.' change.
commit 4b2ddded2c8ae1a1a5930637552eeb48f30d6530
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 9 15:23:59 2015 +0100
Make "tinc add" idempotent.
When calling "tinc add" multiple times with the same variable and value,
make sure only one unique line is added to the configuration file.
commit 0b310bf406dbe58afe37fa31156b9ea47599d7be
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 9 15:16:36 2015 +0100
Always call res_init() before getaddrinfo().
Unfortunately, glibc assumes that /etc/resolv.conf is a static file that
never changes. Even on servers, /etc/resolv.conf might be a dynamically
generated file, and we never know when it changes. So just call
res_init() every time, so glibc uses up-to-date nameserver information.
commit 268e3ffca7b45cfc736e1bc9bec7a113c6c45701
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 15 22:57:56 2015 +0100
Add the "fsck" command to the CLI.
This will report possible problems in the configuration files, and in
some cases offers to fix them.
The code is far from perfect yet. It expects keys to be in their default
locations, it doesn't check for Public/PrivateKey[File] statemetns yet.
It also does not correctly handle Ed25519 public keys yet.
commit a95e182d9ca54960383bfe3950b2b798e1f24f9e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 12 14:43:32 2015 +0100
Improve packet source detection.
When no UDP communication has been done yet, tinc establishes a guess
for the UDP address+port of each node. However, when there are multiple nodes
behind a NAT, tinc will guess the exact same address+port combination
for them, because it doesn't know about the NAT mappings yet. So when
receiving a packet, don't trust that guess unless we have confirmed UDP
communication.
This ensures try_harder() is called in such cases. However, this
function was actually very inefficient, trying to verify packets
multiple times for nodes with multiple edges. Only call try_mac() at
most once per node.
commit ae5b56c03d1e1af7561d7f1d1d8a333c3a9691ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 17:44:50 2015 +0100
Send gratuitous type 2 probe replies.
If we receive any traffic from another node, we periodically send back a
gratuitous type 2 probe reply with the maximum received packet length.
On the other node, this causes the udp and perhaps mtu probe timers to
be reset, so it does not need to send a probe request. Gratuitous probe
replies from another node also count as received traffic for this
purpose, so for nodes that also have a meta-connection, UDP keepalive
packets in principle can now solely be type 2 replies. This reduces the
amount of probe traffic even more.
To work, gratuitous replies should be sent slightly more often than
udp_discovery_keepalive_interval, so probe requests won't be triggered.
This also means that the timer resolution must be smaller than the
difference between the two, and at the moment it's kind of a hack.
commit 7b76b7ac35b49b8a94ad91c432886a0a54e144d1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 16:14:05 2015 +0100
Send the size of the largest recently received packets in type 2 probe replies.
commit 79b6adb489dde4ae92207ae7b9146f4e141c946c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 16:12:57 2015 +0100
Move UDP probe reply code into its own function.
This reduces the level of indentation, and prepares for sending gratuitous type 2 probe replies.
commit f0afde0467443969eb408090d6b8ee542768ee33
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 16:10:58 2015 +0100
Keep track of the largest UDP packet size received from a node.
commit d63941593736fbf268f2770d42e7f3f6a2132fae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 15:38:56 2015 +0100
Move detection of PMTU decrease to try_mtu().
When we have fixed the PMTU, n->mtuprobes == -1. When we send MTU probes
when mtuprobes == -1, decrease mtuprobes, and reset it back to -1 in
mtu_probe_h(). If mtuprobes < -1, send MTU probes every second, until
mtuprobes <= -4, in which case we will restart MTU discovery.
commit e97e9b22cb6061070611212a06756fb493846955
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 14:44:27 2015 +0100
Send MTU probes only once every PingInterval.
commit 088b5fd9ee6d5f566e8726eae861cbc7cd832b17
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 14:44:15 2015 +0100
Remove RTT and packet loss estimation code.
This is not working at all anymore. Just remove it, and we'll do another
attempt at RTT, bandwidth and packet loss estimation after the new
probing code stabilizes.
commit ce7079f4af3157eaef514d6d160933a016b2ab62
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 13:53:16 2015 +0100
Only send small packets during UDP probes.
We are trying to decouple UDP probing from MTU probing, so only send
very small packets during UDP probing. This significantly reduces the
amount of traffic sent (54 to 67 bytes per probe instead of 1500 bytes).
This means the MTU probing code takes over sending PMTU sized probes,
but this commit does not take care of detecting PMTU decreases.
commit e4077c00c6fead63467d296c89d5afc2860e2935
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 13:51:55 2015 +0100
Immediately send our key when a meta-connection is established.
This is what 1.0 does, and speeds up the UDP probing.
commit eb7a0db18ea71a44999d6a37b4b179dac0ed9bc7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 13:31:01 2015 +0100
Always keep UDP mappings alive for nodes that also have a meta-connection.
This is necessary for assisting with UDP hole punching. But we don't
need to know the PMTU for this, so only send UDP probes.
commit 545ecb339654573b3ee91bffb45c8282154885c6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 11 01:52:37 2015 +0100
Fix segfault when sptps_test cannot open the key files.
commit 69d4ccc43781152dc90521b3f517b0d9588ae207
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Tue Dec 30 09:56:30 2014 +0000
Fix typo in logging statement.
This was introduced in cfe9285adf391ab66faeb5def811fe08e47a221a.
commit 6fcfe763aa54e0522e726dc088b23d24899794d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 23:58:35 2015 +0100
Don't send probe replies if we don't have the other's key.
This can happen with the legacy protocol. Don't try to send anything
back in this case, otherwise it will be sent via TCP, which is silly.
commit f3801cb54311da2c30cbe27cd66559a2ea5daa91
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 23:52:23 2015 +0100
Proactively send our own key when we request another node's key.
commit c26bb47af130d48d003afd29af4d7ea6ad0538c5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 23:33:55 2015 +0100
Fix size of type 2 probe replies.
Type 2 replies should be as small as possible. The minimum payload size
for probe packets is 14 bytes, otherwise they won't be recognized as
such.
commit 0209f12d27d29f3aedc09b228bd289305851c75d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 23:00:51 2015 +0100
Correctly estimate the initial MTU for legacy packets.
commit 0e653260478005eb7c824a9a1a3df04f39938cd6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 22:28:47 2015 +0100
Try to clarify the new code in net_packet.c a bit.
Mainly by trying to reduce complex if statements, by splitting try_tx() into try_tx_legacy() and
try_tx_sptps(), since they don't share a lot of code.
commit 6056f1c13bb37bf711dff9c25a6eaea99f14d31f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 22:26:33 2015 +0100
Remember whether we sent our key to another node.
In tinc 1.0.x, this was tracked in node->inkey, however in tinc 1.1 we have an abstraction layer for
the legacy cipher and digest, and we don't keep an explicit copy of the key around. We cannot use
cipher_active() or digest_active(), since it is possible to set both to the null algorithm. So add a bit to
node_status_t.
commit f1f2df07387bc48a3b165c85a0493ff2774de737
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 4 16:00:02 2015 +0100
Use global "now" in try_udp() and try_mtu().
commit b737103a9187e0191dbc1995da3399ab3dbcdc66
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 4 14:19:23 2015 +0100
Use void pointers for opaque data blobs in the SHA512 code.
commit 4b42518813de7459a1fb264fe9ddfaf066ecc22b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 4 14:15:35 2015 +0100
Fix indentation and some whitespace issues.
commit 07108117ceddaff0654f9def703e717c002f3e2d
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jan 3 10:05:57 2015 +0000
Use a different UDP discovery interval if the tunnel is established.
This introduces a new configuration option,
UDPDiscoveryKeepaliveInterval, which is used as the UDP discovery
interval once the UDP tunnel is established. The pre-existing option,
UDPDiscoveryInterval, is therefore only used before UDP connectivity
is established.
The defaults are set so that tinc sends UDP pings more aggressively
if the tunnel is not established yet. This is appropriate since the
size of probes in that scenario is very small (16 bytes).
commit 06345f89b9a1e9acaf74cbbf896559b4286c102e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Thu Jan 1 16:59:45 2015 +0000
Recalculate and resend MTU probes if they are too large for the system.
Currently, if a MTU probe is sent and gets rejected by the system
because it is too large (i.e. send() returns EMSGSIZE), the MTU
discovery algorithm is not aware of it and still behaves as if the probe
was actually sent.
This patch makes the MTU discovery algorithm recalculate and send a new
probe when this happens, so that the probe "slot" does not go to waste.
commit f89319f9815da5ece8e96f1a2a777fb6d2e31c33
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Wed Dec 31 16:21:08 2014 +0000
Fine-tune the MTU discovery multiplier for the maxmtu < MTU case.
The original multiplier constant for the MTU discovery algorithm, 0.97,
assumes a somewhat pessmistic scenario where we don't get any help from
the OS - i.e. maxmtu never changes. This can happen if IP_MTU is not
usable and the OS doesn't reject overly large packets.
However, in most systems the OS will, in fact, contribute to the MTU
discovery process. In these situations, an actual MTU equal to maxmtu
is quite likely (as opposed to the maxmtu = 1518 case where that is
highly unlikely, unless the physical network supports jumbo frames).
It therefore makes sense to use a multiplier of 1 - that will make the
first probe length equal to maxmtu.
The best results are obtained if the OS supports the getsockopt(IP_MTU)
call, and its result is accurate. In that case, tinc will typically fix
the MTU after one single probe(!), like so:
Using system-provided maximum tinc MTU for foobar (1.2.3.4 port 655): 1442
Sending UDP probe length 1442 to foobar (1.2.3.4 port 655)
Got type 2 UDP probe reply 1442 from foobar (1.2.3.4 port 655)
Fixing MTU of foobar (1.2.3.4 port 655) to 1442 after 1 probes
commit bce17c83e871cb8a8c9158045eaf13f1be4b3d13
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Wed Dec 31 16:12:11 2014 +0000
Add IP_MTU-based maxmtu estimation.
Linux provides a getsockopt() option, IP_MTU, to get the kernel's best
guess at a connection MTU. In practice, it seems to return the MTU of
the physical interface the socket is using.
This patch uses this option to initialize maxmtu to a better value when
MTU discovery starts.
Unfortunately, this is not supported on Windows. Winsock has options
such as SO_MAX_MSG_SIZE, SO_MAXDG and SO_MAXPATHDG but they seem useless
as they always return absurdly large values (typically, 65507), as
confirmed by http://support.microsoft.com/kb/822061/
commit c1532035e2850dc4ec0eb22a6d51208e3128eb94
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Wed Dec 31 09:26:14 2014 +0000
Don't send MTU probes smaller than 512 bytes.
If MTU discovery comes up with an MTU smaller than 512 bytes (e.g. due
to massive packet loss), it's pretty much guaranteed to be wrong. Even
if it's not, most Internet applications assume the MTU will be at least
512, so fixing the MTU to a small value is likely to cause trouble
anyway.
This also makes the discovery algorithm converge even faster, since the
interval it has to consider is smaller.
commit 172cbe6771fd3b98233f71e42ac9c9407d534568
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Tue Dec 30 17:02:38 2014 +0000
Adjust MTU probe counts.
The recently introduced new MTU discovery algorithm converges much
faster than the previous one, which allows us to reduce the number
of probes required before we can confidently fix the MTU. This commit
reduces the number of initial discovery probes from 90 to 20. With the
new algorithm this is more than enough to get to the precise (byte-level
accuracy) MTU value; in cases of packet loss or weird MTU values for
which the algorithm is not optimized, we should get close to the actual
value, and then we rely on MTU increase detection (steady state probes)
to fine-tune it later if the need arises.
This patch also triggers MTU increase detection even if the MTU we have
is off by only one byte. Previously we only did that if it was off by at
least 8 bytes. Considering that (1) this should happen less often,
(2) restarting MTU discovery is cheaper than before and (3) having MTUs
that are subtly off from their intended values by just a few bytes
sounds like trouble, this sounds like a good idea.
commit 24d28adf64934c8d726959e25dce8c10dbd10d1f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Tue Dec 30 16:34:48 2014 +0000
Use a smarter algorithm for choosing MTU discovery probe sizes.
Currently, tinc uses a naive algorithm for choosing MTU discovery probe
sizes, picking a size at random between minmtu and maxmtu.
This is of course suboptimal - since the behavior of probes is
deterministic (assuming no packet loss), it seems likely that using a
non-deterministic discovery algorithm will not yield the best results.
Furthermore, the randomness introduces a lot of variation in convergence
times.
The random solution also suffers from pathological cases - since it's
using a uniform distribution, it doesn't take into account the fact that
it's often more interesting to send small probes rather than large ones,
because getting replies is the only way we can make progress (assuming
the worst case scenario in which the OS doesn't know anything, therefore
keeping maxmtu constant). This can lead to absurd situations where the
discovery algorithm is close to the real MTU, but can't get to it
because the random number generator keeps generating numbers that are
past it.
The algorithm implemented in this patch aims to improve on the naive
random algorithm. It is organized around "cycles" of 8 probes; the sizes
of the probes decrease as we go through the cycle, thus making sure the
algorithm can cover lots of ground quickly (in case we're far from
actual MTU), but also examining the local area (in case we're close to
actual MTU). Using cycles ensures that the algorithm will "go back" to
large probes to better cover the new interval and to protect against
packet loss.
For the probe size itself, various mathematical models were simulated in
an attempt to find the one that converges the fastest; it has been
determined that using an exponential based on the size of the remaining
interval was the most effective option. The exponential is adjusted with
a magic multiplier fine-tuned to make tinc jump to the "most
interesting" (i.e. 1400+) section as soon as discovery starts.
Simulations indicate that assuming no packet loss and no help from the
OS (i.e. maxmtu stays constant), this algorithm will typically converge
to the *exact* MTU value in less than 10 probes, and will get within 8
bytes in less than 5 probes, for actual MTUs between 1417 and ~1450
(which is the range the algorithm is fine-tuned for). In contrast, the
previous algorithm gives results all over the place, sometimes taking
30+ probes to get in the ballpark. Because of the issues with the
distribution, the previous algorithm sometimes never gets to the precise
MTU value within any reasonable amount of time - in contrast, the new
algorithm will always get to the precise value in less than 30 probes,
even if the actual MTU is completely outside the optimized range.
commit c22560ae3283a8f5f12eee8ee4dcaa5e65ee8cf9
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Tue Dec 30 10:47:56 2014 +0000
Remove bandwidth estimation code.
tinc bandwidth estimation has always been quite unreliable (at least in
my experience), but there's no chance of it working anymore since the
last changes to MTU discovery code, because packets are not sent in
batches of three anymore.
This commit removes the dead code - fortunately, nothing depends on this
estimation (it's not even shown in node info). We probably need be
smarter about this if we do want this estimation back.
commit 1b972f22733dc979568bc0ad8ebe0c711887e447
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Tue Dec 30 10:16:32 2014 +0000
Send one MTU probe at a time.
Currently, tinc sends MTU probes in batches of three every second. This
commit changes that to send one packet every 333 milliseconds instead.
This change brings two benefits:
- It makes MTU probing faster, because MTU probe lengths are calculated
based on minmtu, and minmtu is adjusted based on the replies. When
sending batches of three packets, all three packets are based on the
same minmtu estimation; in contrast, by sending one packet more
frequently, each subsequent packet can benefit from the replies that
have been received since the last packet was sent. As a result, MTU
discovery converges much faster (2-3 times as fast, typically).
- It reduces network spikiness - it's more network-friendly to send
one packet from time to time as opposed to sending bursts.
commit 5bdc1f2b82869d379812879334dbf2b549ff48db
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Thu Jan 1 16:04:08 2015 +0000
Use -1 to identify the post-initial MTU discovery state.
This is a minor cosmetic nit to emphasise the distinction between the
initial MTU discovery phase, and the post-initial phase (i.e. maxmtu
checking).
Furthermore, this is an improvement with regard to the DRY (Don't
Repeat Yourself) principle, as the maximum mtuprobes value is only
written once.
commit df6f67895723dd0c4226fa0f94257245a81a273f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Thu Jan 1 10:32:14 2015 +0000
Fix MTU as soon as possible.
If a probe reply is received that makes minmtu equal to maxmtu, we
have to wait until try_mtu() runs to realize that. Since try_mtu()
runs after a packet is sent, this means there is at least one packet
(possibly more, depending on timing) that won't benefit from the
fixed MTU. This also happens when maxmtu is updated from the send()
path.
This commit fixes that by making sure we check whether the MTU can be
fixed every time minmtu or maxmtu is touched.
commit 97cf4783188b8027d2309ce594fea5fc6daf31d1
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Dec 29 17:05:19 2014 +0000
Move try_mtu() closer to try_tx().
This moves related functions together, and is a pure cut-and-paste
change. The reason it was not done in the previous commit is because it
would have made the diff harder to review.
commit 98716a227ee39fdcdfafa7309adb73499311a2ce
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Dec 29 16:47:49 2014 +0000
Move PMTU discovery code into the TX path.
Currently, the PMTU discovery code is run by a timeout callback,
independently of tunnel activity. This commit moves it into the TX
path, meaning that send_mtu_probe_handler() is only called if a
packet is about to be sent. Consequently, it has been renamed to
try_mtu() for consistency with try_tx(), try_udp() and try_sptps().
Running PMTU discovery code only as part of the TX path prevents
PMTU discovery from generating unreasonable amounts of traffic when
the "real" traffic is negligible. One extreme example is sending one
real packet and then going silent: in the current code this one little
packet will result in the entire PMTU discovery algorithm being run
from start to finish, resulting in absurd write traffic amplification.
With this patch, PMTU discovery stops as soon as "real" packets stop
flowing, and will be no more aggressive than the underlying traffic.
Furthermore, try_mtu() only runs if there is confirmed UDP
connectivity as per the UDP discovery mechanism. This prevents
unnecessary network chatter - previously, the PMTU discovery code
would send bursts of (potentially large) probe packets every second
even if there was nothing on the other side. With this patch, the
PMTU code only does that if something replied to the lightweight UDP
discovery pings.
These inefficiencies were made even worse when the node is not a
direct neighbour, as tinc will use PMTU discovery both on the
destination node *and* the relay. UDP discovery is more lightweight for
this purpose.
As a bonus, this code simplifies overall code somewhat - state is
easier to manage when code is run in predictable contexts as opposed
to "surprise callbacks". In addition, there is no need to call PMTU
discovery code outside of net_packet.c anymore, thereby simplifying
module boundaries.
commit eef792c01ed1704c03d55163de3f302a3c1d42fa
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Dec 29 16:11:04 2014 +0000
Remove PMTU discovery code redundant with UDP discovery.
This is a rewrite of the send_mtu_probe_handler() function to make it
focus on the actual discovery of PMTU. In particular, the PMTU
discovery code doesn't care about tunnel state anymore - it only cares
about doing the initial PMTU discovery, and once that's done, making
sure PMTU did not increase by checking it from time to time. All other
duties have already been rewritten in the UDP discovery code.
As a result, the send_mtu_probe_handler(), which previously implemented
a nightmarish state machine which was very difficult to follow and
understand, has been massively simplified. We moved from four persistent
states to only two - initial discovery and steady state.
Furthermore, a side effect is that network chatter is reduced: instead
of sending bursts of three minmtu-sized packets in the steady state,
there is only one such packet that's sent from the UDP discovery code.
However, that introduces a slight regression in the bandwidth estimation
code, which relies on three-packet bursts in order to function.
Considering that this estimation is extremely unreliable (in my
experience) and isn't relied on by anything, this seems like an
acceptable regression.
commit 88026f27715774a7647c109ba5594068f0ba56af
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Dec 29 15:40:55 2014 +0000
Move responsibility for local discovery to UDP discovery.
Since UDP discovery is the place where UDP feasibility is checked, it
makes sense to test for local connectivity as well. This was previously
done as part of PMTU discovery.
commit 7939ee12836bf2ef772f2a6a1e805ee0d64a8e70
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Dec 29 10:34:39 2014 +0000
Add UDP discovery mechanism.
This adds a new mechanism by which tinc can determine if a node is
reachable via UDP. The new mechanism is currently redundant with the
PMTU discovery mechanism - that will be fixed in a future commit.
Conceptually, the UDP discovery mechanism works similarly to PMTU
discovery: it sends UDP probes (of minmtu size, to make sure the tunnel
is fully usable), and assumes UDP is usable if it gets replies. It
assumes UDP is broken if too much time has passed since the last reply.
The big difference with the current PMTU discovery mechanism, however,
is that UDP discovery probes are only triggered as part of the
packet TX path (through try_tx()). This is quite interesting, because
it means tinc will never send UDP pings more often than normal packets,
and most importantly, it will automatically stop sending pings as soon
as packets stop flowing, thereby nicely reducing network chatter.
Of course, there are small drawbacks in some edge cases: for example,
if a node only sends one packet every minute to another node, these
packets will only be sent over TCP, because the interval between packets
is too long for tinc to maintain the UDP tunnel. I consider this a
feature, not a bug: I believe it is appropriate to use TCP in scenarios
where traffic is negligible, so that we don't pollute the network with
pings just to maintain a UDP tunnel that's seeing negligible usage.
commit 5d6478b9fbb7379fe6017b2b74c0f1ccb3d2501f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Dec 28 17:29:03 2014 +0000
Move try_sptps() closer to try_tx().
This moves related functions together. try_tx() is at the right place
since its only caller is send_packet().
This is a pure cut-and-paste change. The reason it was not done in the
previous commit is because it would have made the diff harder to review.
commit 81578484dc74fd92f1b01f71f882016f120ab1de
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Dec 28 17:16:27 2014 +0000
Add the try_tx() function.
Currently, the TX path (starting from send_packet()) in tinc has three
responsabilities:
- Making sure packets can be sent (e.g. fetching SPTPS keys);
- Making sure they can be sent optimally (e.g. fetching non-SPTPS keys
so that UDP can be used);
- Sending the actual packet, if feasible.
The first two are closely related; the third one, however, can be
cleanly separated from the other two - meaning, we can loosen code
coupling between sending packets and "optimizing" the way packets are
sent. This will become increasingly important as future commits will
move more tunnel establishment and maintenance code into the TX path,
so we will benefit from a cleaner separation of concerns.
This is especially relevant because of the dual nature of the TX path
(SPTPS versus non-SPTPS), which can make things really complicated when
trying to share low-level code between both.
In this commit, code related to establishing or improving tunnels is
moved away from the core TX path by introducing the "try_*()" family of
function, of which try_sptps() already existed before this commit.
This is a pure refactoring; this commit shouldn't introduce any change
in behavior.
commit 950edc0744dfa04790ae274e8b7f55b1a990a43c
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Oct 12 19:44:33 2014 +0100
Clarify the send_mtu_probe() function.
This cleans up the PMTU probing function a little bit. It moves the
low-level sending of packets to a separate function, so that the code
reads naturally instead of using a weird for loop with "special
indexes". In addition, comments are moved inside the body of the
function for additional context.
This shouldn't introduce any change of behavior, except for local
discovery which has some minor logic fixes and which now always uses
small packets (16 bytes) because there's no need for a full-length
probe just to try the local network.
commit d28f33228635e78dac8f9e9bcaec92690f2ca10a
Author: Guus Sliepen <guus@sliepen.org>
Date: Thu Jan 1 00:52:39 2015 +0100
Fixes for bugs in src/Makefile.am and tincctl.c introduced by cfe9285adf391ab66faeb5def811fe08e47a221a.
commit 4d50f9f3485503099f5cb6e8486e9b98b72cb9be
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 30 11:16:08 2014 +0100
Add missing nolegacy/crypto.c and prf.c.
commit cfe9285adf391ab66faeb5def811fe08e47a221a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 29 22:57:18 2014 +0100
Allow tinc to be compiled without OpenSSL.
The option "--disable-legacy-protocol" was added to the configure
script. The new protocol does not depend on any external crypto
libraries, so when the option is used tinc is no longer linked to
OpenSSL's libcrypto.
commit 8d32b283b016e205b051b0bacb49a1e86fd5e1bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 27 09:22:31 2014 +0100
Releasing 1.1pre11.
commit db465434e2736f6e052e5c52d3613ad81b4bde10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 27 09:20:46 2014 +0100
Add BroadcastSubnet and DeviceStandby options to the manual and completion.
commit 26d3ee0dd9b770a857615752b5c5588be0354a16
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 27 09:08:34 2014 +0100
Better default paths for log and PID files on Windows.
commit b78436ff1e9afd767c3da473d34b7553d8411b6a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 18:22:13 2014 +0100
Remove AES-GCM support.
commit 128a37397432e5e63099633e275c65a652c16673
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 18:12:28 2014 +0100
Linux doesn't like .PHONY .o files.
In order to please every OS, make version.c .PHONY again, and add an
empty rule to make version.c.
commit 69689f908b0c9a14b7108b7ab8edd92facc53ddf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 17:53:40 2014 +0100
We don't depend on ECDH functions from OpenSSL anymore.
commit aa2d4f8dd9bab794dd197b92ba54e6428400555f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 15:58:28 2014 +0100
BSD make doesn't like .PHONY .c files.
It then thinks there should be a rule to make the .c file, which does
not exist of course. Luckily, we can tell it that version.o is .PHONY,
and this will still cause the .o file to be regenerated and linked into
the binaries everytime make is called.
commit 8ee4004edfbc79b1a17bf03c262f063f2f4c128d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 15:40:09 2014 +0100
Check whether res_init() really lives in libresolv.
On some platforms (Mac OS X for example), the res_init() function requires
linking with libresolv. On others (Linux, OpenBSD for example), res_init()
lives in libc.
commit 9f20922d62d258d7f5f1ef30dcd538c661062439
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 14:59:15 2014 +0100
Update THANKS file.
commit 880d74ad2d8a6d73c2e94ec54df542b88dc0c6f4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 14:38:01 2014 +0100
Allow running tinc without RSA keys.
This allows one to run tinc with only Ed25519 keys, forcing tinc to
always use the SPTPS protocol.
commit 266afc6c63d3d02584feb24b69063f97057daac8
Merge: 7730d5f3 c269a17c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 25 18:13:24 2014 +0100
Merge remote-tracking branch 'groxxda/gui-fixes' into 1.1
commit 7730d5f3ed9bd7c011dced5808130ffcbd74ea6b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Oct 12 12:14:46 2014 +0100
Use plain old PACKET for TCP packets sent directly to a neighbor.
Currently, when sending packets over TCP where the final recipient is
a node we have a direct metaconnection to, tinc first establishes a
SPTPS handshake between the two neighbors.
It turns out this SPTPS tunnel is not actually useful, because the
packet is only being sent over one metaconnection with no intermediate
nodes, and the metaconnection itself is already secured using a separate
SPTPS handshake.
Therefore it seems simpler and more efficient to simply send these
packets directly over the metaconnection itself without any additional
layer. This commits implements this solution without any changes to the
metaprotocol, since the appropriate message already exists: it's the
good old "plaintext" PACKET message.
This change brings two significant benefits:
- Packets to neighbors can be sent immediately - there is no initial
delay and packet loss previously caused by the SPTPS handshake;
- Performance of sending packets to neighbors over TCP is greatly
improved since the data only goes through one round of encryption
instead of two.
Conflicts:
src/net_packet.c
commit 0356efecb6385b59a69bea220057396d6daa30bc
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Oct 12 11:41:08 2014 +0100
Don't spontaneously start SPTPS with neighbors.
Currently, when tinc establishes a metaconnection, it automatically
starts a VPN SPTPS tunnel with the other side of the metaconnection.
It is not clear what this is trying to accomplish. Having a
metaconnection with a node does not necessarily mean we're going to send
packets to that node. This patch removes this behavior, thereby
simplifying code paths and removing unnecessary network chatter.
Naturally, this introduces a slight delay (as well as at least one
initial packet loss) between the moment a metaconnection is established
and the moment VPN packets can be exchanged between the two nodes.
However this is no different to the non-neighbor case, so it makes
things more consistent and therefore easier to reason about.
commit 6b92ac505d2cd5c7e390d49bf1f0b399ef9f8327
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 22:23:24 2014 +0100
Add a variable offset to vpn_packet_t, drop sptps_packet_t.
The offset value indicates where the actual payload starts, so we can
process both legacy and SPTPS UDP packets without having to do casting
tricks and/or moving memory around.
commit 107d9c7da5b206425a8e1643a6849ea990f725f8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 22:15:40 2014 +0100
Use void pointers for opaque data blobs in the SPTPS code.
commit 3df86ef17bce9f24c3dad79ccc2b17aa6e93ea34
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 17:31:33 2014 +0100
Fix memory leaks found by Valgrind.
commit d00d8dbb9b122a17ef93090de10396ebdd2c4a84
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 17:06:05 2014 +0100
Don't use myself->name in device_disable(), it's already freed.
commit 313de46e70b249de2938b04e7fc9c3872d99474a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 16:59:08 2014 +0100
Don't pass uninitialized bytes to ioctl().
commit a99ded7d987c3242f972162e02767c498257f2b8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 16:54:12 2014 +0100
Avoid using OpenSSL's random number functions.
commit 199573f1e834290290a1c278072a153b90443b05
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 14 13:05:30 2014 +0100
Fix reception of SPTPS UDP packets.
Some bugs were introduced in 46fa12e666badb79e480c4b2399787551f8266d0.
commit 558b19c2432d938afc4a659668bd461ace6ed744
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 14 12:42:03 2014 +0100
Fix segfault when receiving UDP packets with an unknown source address.
commit 5104001bae7d09040703ddbe18cf8781c7aaa94f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 8 08:43:15 2014 +0100
Changes that should have been in commit 46fa12e666badb79e480c4b2399787551f8266d0.
commit 46fa12e666badb79e480c4b2399787551f8266d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 8 00:58:09 2014 +0100
Make UDP packet handling more efficient.
Limit the amount of address/ID lookups to the minimum in all cases:
1) Legacy packets, need an address lookup.
2) Indirect SPTPS packets, need an address lookup + two ID lookups.
3) Direct SPTPS packets, need an ID or an address lookup.
So we start with an address lookup. If the source is an 1.1 node, we know it's an SPTPS packet,
and then the check for direct packets is a simple check if dstid is zero. If not, do the srcid and dstid
lookup. If the source is an 1.0 node, we don't have to do anything else.
If the address is unknown, we first check whether it's from a 1.1 node by assuming it has a valid srcid
and verifying the packet. If not, use the old try_harder().
commit 263d9903826ffb65aec89bdf5d46f72bd183d467
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 8 00:44:38 2014 +0100
Avoid memmove() for legacy UDP packets.
commit c2319e90b16962fe899bc60abc8af0e2542bb176
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 22:11:37 2014 +0100
Cache node IDs in a hash table for faster lookups.
commit 9d48d5b7d48ad23e23eae02feae69bdc5ae80c8e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 22:10:16 2014 +0100
Add an explicit hash_delete() function.
commit 6062df4a0fa6214d21ac83d885087e9dbdac3f39
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 21:42:20 2014 +0100
Better log messages when we already know the peer's key during an upgrade.
If the peer presents a different one from the one we already know, log
an error. Otherwise, log an informational message, and terminate in the
same way as we would if we didn't already have that key.
commit 148a4c9161735a76b0a4ce73ffaaec21d76ca702
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Dec 5 03:06:44 2014 +0100
Try handling the case when the first side knows the ecdsa key of
the second, but the second not the key of the first.
(And both have the experimental protocol enabled)
commit b90c42a33b78f22b7046da5a5445c712020f30eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 17:25:30 2014 +0100
Log an error message with the node's name when receiving bad SPTPS packets.
The SPTPS code doesn't know about nodes, so when it logs an error about
a bad packet, it doesn't log which node it came from. So add a log
message with the node's name and hostname in receive_udppacket().
commit 660a2c7d1bf7f5fba905b525bc7c3b9a5ac2ec99
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 17:20:18 2014 +0100
Check validity of Ed25519 key during an upgrade.
commit 5716c8877fd705d5af36d82e27632b123fa5dde0
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Dec 5 02:41:55 2014 +0100
Do not disconnect when no ecdsa key is known yet.
This is the normal case when we support the experimental protocol,
but the other side is a tinc 1.0 which does not.
commit dd6b0e65b96280235893705a947eac4a1c71276e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 3 14:51:45 2014 +0100
Fix compiler warnings.
commit 790b107f668a886c3b335e68b9440ef5152a2844
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Oct 4 16:33:33 2014 +0100
Query the Linux device for its MAC address.
On Linux, tinc doesn't know the MAC address of the TAP device until the
first read. This means that if no packets are sent through the
interface, tinc won't be able to figure out which MAC address to tag
incoming packets with. As a result, it is impossible to receive any
packet until at least one packet has been sent.
When IPv6 is disabled Linux does not spontanously send any packets
when the interface comes up. At first users wonder why the node is not
responding to ICMP pings, and then as soon as at least one packet is
sent through the interface, pings mysteriously start working, resulting
in user confusion.
This change fixes that problem by making sure tinc is aware of the
device's MAC address even before the first packet is sent.
commit c269a17ca4d4e4946a3f8ab05da8cdd338d97ffb
Author: groxxda <ried@mytum.de>
Date: Tue Oct 14 22:18:56 2014 +0200
2019-08-26 11:44:51 +00:00
tinc-gui: Don't assign broadcast subnets to any node, fix parsing of Edges, fix diplay of Subnet.weight.
2019-08-26 11:44:53 +00:00
commit 9a366544c297d5c558800f9ffc301e2cb5a6a672
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Oct 4 15:01:11 2014 +0100
Make sure to discover MTU with relays.
Currently, when tinc sends UDP SPTPS datagrams through a relay, it
doesn't automatically start discovering PMTU with the relay. This means
that unless something else triggers PMTU discovery, tinc will keep using
TCP when sending packets through the relay.
This patches fixes the issue by explicitly establishing UDP tunnels with
relays.
commit 63daebcd1ec2975c0c2ad8e0ee0fced33b1fbbf0
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Oct 4 14:25:16 2014 +0100
Don't send MTU probes to nodes we can't reach directly.
Currently, we send MTU probes to each node we receive a key for, even if
we know we will never send UDP packets to that node because of
indirection. This commit disables MTU probing between nodes that have
direct communication disabled, otherwise MTU probes end up getting sent
through relays.
With the legacy protocol this was never a problem because we would never
request the key of a node with indirection enabled; with SPTPS this was
not a problem until we introduced relaying because send_sptps_data()
would simply ignore indirections, but this is not the case anymore.
Note that the fix is implemented in a quick and dirty way, by disabling
the call to send_mtu_probe() in ans_key_h(); this is not a clean fix
because there's no code to resume sending MTU probes in case the
indirection disappears because of a graph change.
commit 111040d7d1993c67246c52cbfd073183818655f9
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 28 12:38:06 2014 +0100
Add UDP datagram relay support to SPTPS.
This commit changes the layout of UDP datagrams to include a 6-byte
destination node ID at the very beginning of the datagram (i.e. before
the source node ID and the seqno). Note that this only applies to SPTPS.
Thanks to this new field, it is now possible to send SPTPS datagrams to
nodes that are not the final recipient of the packets, thereby using
these nodes as relay nodes. Previously SPTPS was unable to relay packets
using UDP, and required a fallback to TCP if the final recipient could
not be contacted directly using UDP. In that sense it fixes a regression
that SPTPS introduced with regard to the legacy protocol.
This change also updates tinc's low-level routing logic (i.e.
send_sptps_data()) to automatically use this relaying facility if at all
possible. Specifically, it will relay packets if we don't have a
confirmed UDP link to the final recipient (but we have one with the next
hop node), or if IndirectData is specified. This is similar to how the
legacy protocol forwards packets.
When sending packets directly without any relaying, the sender node uses
a special value for the destination node ID: instead of setting the
field to the ID of the recipient node, it writes a zero ID instead. This
allows the recipient node to distinguish between a relayed packet and a
direct packet, which is important when determining the UDP address of
the sending node.
On the relay side, relay nodes will happily relay packets that have a
destination ID which is non-zero *and* is different from their own,
provided that the source IP address of the packet is known. This is to
prevent abuse by random strangers, since a node can't authenticate the
packets that are being relayed through it.
This change keeps the protocol number from the previous datagram format
change (source IDs), 17.4. Compatibility is still preserved with 1.0 and
with pre-1.1 releases. Note, however, that nodes running this code won't
understand datagrams sent from nodes that only use source IDs and
vice-versa (not that we really care).
There is one caveat: in the current state, there is no way for the
original sender to know what the PMTU is beyond the first hop, and
contrary to the legacy protocol, relay nodes can't apply MSS clamping
because they can't decrypt the relayed packets. This leads to
inefficient scenarios where a reduced PMTU over some link that's part of
the relay path will result in relays falling back to TCP to send packets
to their final destinations.
Another caveat is that once a packet gets sent over TCP, it will use
TCP over the entire path, even if it is technically possible to use UDP
beyond the TCP-only link(s).
Arguably, these two caveats can be fixed by improving the
metaconnection protocol, but that's out of scope for this change. TODOs
are added instead. In any case, this is no worse than before.
In addition, this change increases SPTPS datagram overhead by another
6 bytes for the destination ID, on top of the existing 6-byte overhead
from the source ID.
commit 8dd1c8a020e3babf5054179b0d30e2aa850d2e2b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Sep 27 18:13:33 2014 +0100
Prepend source node ID information to UDP datagrams.
This commit changes the layout of UDP datagrams to include the 6-byte ID
(i.e. node name hash) of the node that crafted the packet at the very
beginning of the datagram (i.e. before the seqno). Note that this only
applies to SPTPS.
This is implemented at the lowest layer, i.e. in
handle_incoming_vpn_data() and send_sptps_data() functions. Source ID is
added and removed there, in such a way that the upper layers are unaware
of its presence.
This is the first stepping stone towards supporting UDP relaying in
SPTPS, by providing information about the original sender in the packet
itself. Nevertheless, even without relaying this commit already provides
a few benefits such as being able to reliably determine the source node
of a packet in the presence of an unknown source IP address, without
having to painfully go through all node keys. This makes tinc's behavior
much more scalable in this regard.
This change does not break anything with regard to the protocol: It
preserves compatibility with 1.0 and even with older pre-1.1 releases
thanks to a minor protocol version change (17.4). Source ID information
won't be included in packets sent to nodes with minor version < 4.
One drawback, however, is that this change increases SPTPS datagram
overhead by 6 bytes (the size of the source ID itself).
commit 092d620dbb3fdc8226ea0a4e1cfd5cd53d608420
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Sep 27 13:34:56 2014 +0100
Change vpn_packet_t::seqno from uint32_t to uint8_t[4].
This is to make sure on-wire vpn_packet_t fields are always 1-byte
aligned, otherwise padding could get in the way.
commit 55a78da4e0b496fc599704473f41d5ea52669737
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 21 18:17:02 2014 +0100
Introduce node IDs.
This introduces a new type of identifier for nodes, which complements
node names: node IDs. Node IDs are defined as the first 6 bytes of the
SHA-256 hash of the node name. They will be used in future code in lieu
of node names as unique node identifiers in contexts where space is at
a premium (such as VPN packets).
The semantics of node IDs is that they are supposed to be unique in a
tinc graph; i.e. two different nodes that are part of the same graph
should not have the same ID, otherwise things could break. This
solution provides this guarantee based on realistic probabilities:
indeed, according to the birthday problem, with a 48-bit hash, the
probability of at least one collision is 1e-13 with 10 nodes, 1e-11
with 100 nodes, 1e-9 with 1000 nodes and 1e-7 with 10000 nodes. Things
only start getting hairy with more than 1 million nodes, as the
probability gets over 0.2%.
commit ac77e3c1eb9d7503e30dd69e96e411e7baaa1dfd
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 21 15:44:59 2014 +0100
Invalidate UDP information on address changes.
Currently, when tinc receives an UDP packet from an unexpected address
(i.e. an address different from the node's current address), it just
updates its internal UDP address record and carries on like nothing
happened.
This poses two problems:
- It assumes that the PMTU for the new address is the same as the
old address, which is risky. Packets might get dropped if the PMTU
turns out to be smaller (or if UDP communication on the new address
turns out to be impossible).
- Because the source address in the UDP packet itself is not
authenticated (i.e. it can be forged by an attacker), this
introduces a potential vulnerability by which an attacker with
control over one link can trick a tinc node into dumping its network
traffic to an arbitrary IP address.
This commit fixes the issue by invalidating UDP/PMTU state for a node
when its UDP address changes. This will trigger a temporary fallback
to indirect communication until we get confirmation via PMTU discovery
that the node is indeed sitting at the other end of the new UDP address.
commit f57d53c3ad9af89489e15a8cfd94b56937bf3179
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Sep 27 17:51:33 2014 +0100
Fix protocol version check for type 2 MTU probe replies.
Currently tinc only uses type 2 MTU probe replies if the recipient uses
protocol version 17.3. It should of course support any higher minor
protocol version as well.
commit f6b008d7317cb1c3766419bdf6bd97d7b4d561f1
Author: Franz Pletz <fpletz@fnordicwalking.de>
Date: Mon Sep 22 22:43:15 2014 +0200
tinc-gui: Use /usr/bin/env to resolve path to python
commit daf65919d1ccc40f6c11f3f723f325de9021c422
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 21 11:38:41 2014 +0200
Preemptively mirror REQ_PUBKEY messages from nodes with unknown keys.
In this commit, if a node receives a REQ_PUBKEY message from a node it
doesn't have the key for, it will send a REQ_PUBKEY message in return
*before* sending its own key.
The rationale is to prevent delays when establishing communication
between two nodes that see each other for the first time. These delays
are caused by the first SPTPS packet being dropped on the floor, as
shown in the following typical exchange:
node1: No Ed25519 key known for node2
REQ_PUBKEY ->
<- ANS_PUBKEY
node1: Learned Ed25519 public key from node2
REQ_SPTPS_START ->
node2: No Ed25519 key known for zyklos
<- REQ_PUBKEY
ANS_PUBKEY ->
node2: Learned Ed25519 public key from node1
-- 10-second delay --
node1: No key from node2 after 10 seconds, restarting SPTPS
REQ_SPTPS_START ->
<- SPTPS ->
node1: SPTPS key exchange with node2 succesful
node2: SPTPS key exchange with node1 succesful
With this patch, the following happens instead:
node1: No Ed25519 key known for node2
REQ_PUBKEY ->
node2: Preemptively requesting Ed25519 key for node1
<- REQ_PUBKEY
<- ANS_PUBKEY
ANS_PUBKEY ->
node2: Learned Ed25519 public key from node1
node1: Learned Ed25519 public key from node2
REQ_SPTPS_START ->
<- SPTPS ->
node1: SPTPS key exchange with node2 succesful
node2: SPTPS key exchange with node1 succesful
commit c897f8c99e0b0827cff60f098bd3f9852a062233
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 21 12:58:23 2014 +0200
Fix default device path selection on BSD.
Currently, if DeviceType = tap but Mode = router, the default
device path is /dev/tun0, which is wrong. This commit fixes that.
commit a649aa51bf8e5b5fcc76061c9f660122a08245a8
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 21 11:25:49 2014 +0100
Ignore the Interface option if device rename is impossible.
There are platforms on which it is impossible to rename the TUN/TAP
device. An example is Mac OS X (tuntapx). On these platforms,
specifying the Interface option will not rename the interface, but
the specified name will still be passed to tinc-up scripts and the
like, resulting in potential confusion for the user.
commit 053925efebf466b5866de12434010c1e8127c172
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 21 11:14:19 2014 +0100
Fix default TAP device on Darwin.
On Darwin (tuntapx), the first TAP device is /dev/tap0, not /dev/tun0.
commit 1ac9a3fbd18f961d604c2c080374b8fc32f155d6
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Sep 6 18:16:46 2014 +0100
Fix wrong identifier in SO_NOSIGPIPE call.
f134bd0c9c2213fbbb3967f3d784759cb65e2c76 broke the Mac OS X build by
introducing a reference to an identifier, c, that doesn't exist.
commit 7ac52637659b7f17ab5139010f0436aefcf9625c
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Sep 6 10:43:15 2014 +0100
Don't enable the device if the reachable count is zero.
A logic bug was introduced in bd451cfe1512fa69eac35a60dbe6df17bfc39154
in which running graph() several times with zero reachable nodes had
the effect of calling device_enable() (instead of keeping the device
disabled).
This results in weird behavior when DeviceStandby is enabled, especially
on Windows where calling device_enable() several times in a row corrupts
I/O structures for the device, rendering it unusable.
commit 9ad656b512582ed95a574b3fd74b948f876953ce
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Aug 31 13:59:30 2014 +0100
Fix undefined HOST_NAME_MAX on Windows.
The Windows build was broken by commit
826ad11e419db90b66b3f76a90b54df021bb39fc which introduced a dependency
on the HOST_NAME_MAX macro, which is not defined on Windows. According
to MSDN for gethostname(), the maximum length of the returned string
is 256 bytes (including the terminating null byte), so let's use that
as a fallback.
commit 0f09260b1377f2d6f14bcdf5de7cbad415743c1e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Aug 30 10:57:57 2014 +0100
Remove Google from the list of copyright owners.
Google released copyright to me for my own contributions.
commit 38d7e730e619a8b86dfbf68d77773564595f12a1
Author: William A. Kennington III <william@wkennington.com>
Date: Sun Aug 24 22:35:25 2014 -0700
tincctl: Use replace_name to properly replace and validate input hostnames
commit 511b51ffe60c20a9091829c03863197b76027716
Author: William A. Kennington III <william@wkennington.com>
Date: Sun Aug 24 21:55:42 2014 -0700
utils: Refactor check_id out of protocol for global access
commit 826ad11e419db90b66b3f76a90b54df021bb39fc
Author: William A. Kennington III <william@wkennington.com>
Date: Sun Aug 24 19:49:27 2014 -0700
utils: Refactor get_name's functionality into util for global access
commit 78bf82cf332327889f0f61388b73053850d8e59b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Aug 17 20:22:44 2014 +0100
Clarify copyright ownership for code authored by Etienne Dechamps.
commit 73d8393bd6c54e0ec28d5f6c114a6eb3821a8ec1
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Thu Aug 7 22:14:20 2014 +0200
commandline.test: Adding test that fetching non-existing config setting really fails.
commit 9fe5ab7ccb60537810b60b76a415507ef2cadfdd
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Thu Aug 7 23:01:05 2014 +0200
Fix exit code of "tinc get".
Successfully getting an existing variable ("tinc get name") should
not result in an error exitcode (1) from the tinc command.
This changes the result of test/commandline.test from FAIL to PASS.
commit 5ae1ec8d80393182b6ff235062b6816b64edfa9b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 19 18:11:42 2014 +0100
Handle TAP-Win32 immediate reads correctly.
The handling of TAP-Win32 virtual network device reads that complete
immediately (ReadFile() returns TRUE) is incorrect - instead of
starting a new read, tinc will continue listening for the overlapped
read completion event which will never fire. As a result, tinc stops
receiving packets on the interface.
commit 1d10afd3d33f5623494d9eeb2fa8237712f8aa2e
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 19 16:05:23 2014 +0100
Only read from TAP-Win32 if the device is enabled.
With newer TAP-Win32 versions (such as the experimental
tap-windows6 9.21.0), tinc is unable to read from the virtual network
device:
Error while reading from (null) {23810A13-BCA9-44CE-94C6-9AEDFBF85736}: No such file or directory
This is because these new drivers apparently don't accept reads when
the device is not in the connected state (media status).
This commit fixes the issue by making sure we start reading no sooner
than when the device is enabled, and that we stop reading when the
device is disabled. This also makes the behavior somewhat cleaner,
because it doesn't make much sense to read from a disabled device
anyway.
commit cc9203ee75c49360dd29710ac12bb67fe503f97b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jul 13 15:54:34 2014 +0100
Add a non-interactive mode to tinc commands.
Some tinc commands, such as "tinc generate-keys", use the terminal to
ask the user for information. This can be bypassed by making sure
there is no terminal, which is trivial on *nix but might require
jumping through some hoops on Windows depending on how the command is
invoked.
This commit adds a --batch option that ensures tinc will never ask the
user for input, even if it is attached to a terminal.
commit afb175873e6aa10d2d4dca3572edf054968c538d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 22:51:37 2014 +0200
Revert "Use git description as the tinc version."
This reverts commit e024b7a2c50e23311834e6d180e5acc72783b339. Automatic version
number generation needs a little bit more work to get it working correctly in
all cases.
commit 19e42b76f546dc3baee4a5d6a4f161155d279c74
Merge: f7043048 b12f122f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 22:25:55 2014 +0200
Merge branch 'keysegfault' of https://github.com/dechamps/tinc into 1.1
commit f704304823df0ac868786ac89355eda38592dc3f
Merge: 54fd228e ea12a0fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 22:22:31 2014 +0200
Merge branch 'tincstart' of https://github.com/dechamps/tinc into 1.1
commit 54fd228e696acc9d78a17845402640cc04e2c54c
Merge: 53036a58 14be1d30
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 22:21:01 2014 +0200
Merge branch 'ctrl' of https://github.com/dechamps/tinc into 1.1
commit 53036a58790168e18f524bd923f9a7d34691ba2d
Merge: ddd0cd47 b2a6381a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 22:19:45 2014 +0200
Merge branch 'winwarnings' of https://github.com/dechamps/tinc into 1.1
commit ddd0cd47bc0bb3478b7d250192248a1e3aa2a243
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Jun 30 14:03:17 2014 +0100
Verify seqno early in sptps_verify_datagram().
This is a slight optimization for sptps_verify_datagram(), which might
come in handy since this function is called in a loop via try_harder().
It turns out that since sptps_verify_datagram() doesn't update any
state, it doesn't matter in which order verifications are done. However,
it does affect performance since it's much cheaper to check the seqno
than to try to decrypt the packet.
Since this function is called with the wrong node most of the time, it
makes verification vastly faster for the majority of calls because the
seqno will be wrong in most cases.
commit 7bf61575fe1009ecb93b3f6b8f5145525874e470
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jul 6 11:34:57 2014 +0100
Add documentation about using system-assigned ports.
There are two caveats to be aware of which are documented in this
commit:
- Because the system will likely assign different ports when binding
several times to different address families, it is recommended to
only use a single address family, otherwise other nodes will only
get one port among the several that were assigned, possibly breaking
communication.
- AutoConnect won't work in this scenario, because it relies on the UDP
port being the same as the TCP port, which is not the case when using
system-assigned ports.
commit ea12a0fb066793c316ccc9ef21444f092f74b4ba
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 18:53:25 2014 +0100
Improve subprocess behavior in tinc start command.
When invoking tincd, tinc start currently uses the execvp() function,
which doesn't behave well in a console as the console displays a new
prompt before the subprocess finishes (which makes me suspect the exit
value is not handled at all). This new code uses spawnvp() instead,
which seems like a better fit.
commit b22499668a7aa63c619cb8fa8535282a38841ce9
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 18:37:56 2014 +0100
Fix "tinc start" on Windows when the path contains spaces.
When invoking "tinc start" with spaces in the path, the following
happens:
> "c:\Program Files (x86)\tinc\tinc.exe" start
c:\Program: unrecognized argument 'Files'
Try `c:\Program --help' for more information.
This is caused by inconsistent handling of command line strings between
execvp() and the spawned process' CRT, as documented on MSDN:
http://msdn.microsoft.com/library/431x4c1w.aspx
commit 14be1d30ec3727906907dad49d3bcb868c19d777
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 17:47:01 2014 +0100
Shutdown cleanly when receiving a Windows console shutdown request.
This commit makes tinc exit cleanly on Windows when hitting CTRL+C at
the console or when the user logs off. This change has no effect when
running tinc as a service.
commit b12f122f1be89b49d8a3e39fb1b10c6e4d3ada94
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 13:56:01 2014 +0100
Check if devops is valid before closing the device.
This fixes a segfault that occurs on exit if tinc fails before the
device is initialized (for example, if it fails to read the private
key).
commit 5ffdff685a0e7d25f7c016f3a6cd89bb82fed71c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 14:35:29 2014 +0200
Fix unsafe use of strncpy() and sprintf().
The strncpy() problem was found by cppcheck.
commit 31361075d36fd3f4a393eeb90b75ae2567992ef2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 14:34:39 2014 +0200
Fix a potential file descriptor leak.
Found by cppcheck.
commit b2a6381ab28dbae4bf976627afccbf6c2fcb0625
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 13:32:23 2014 +0100
Resolve KEY_EVENT conflict between Windows and ncurses.
This fixes the following compiler warning when building for Windows:
In file included from top.c:24:0:
/usr/local/mingw/ncurses/include/curses.h:1478:0: error: "KEY_EVENT" redefined [-Werror]
#define KEY_EVENT 0633 /* We were interrupted by an event */
^
In file included from /usr/share/mingw-w64/include/windows.h:74:0,
from /usr/share/mingw-w64/include/winsock2.h:23,
from have.h:46,
from system.h:26,
from top.c:20:
/usr/share/mingw-w64/include/wincon.h:101:0: note: this is the location of the previous definition
#define KEY_EVENT 0x1
^
commit 5217c16db4babd64580c2fd7aa36180bb9bd838c
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 13:27:05 2014 +0100
Remove unused device stats variables.
This removes a bunch of variables that are never actually used anywhere.
This fixes the following compiler warning when building for Windows:
mingw/device.c:46:17: error: device_total_in defined but not used [-Werror=unused-variable]
static uint64_t device_total_in = 0;
^
commit 6e221a828f87a511aecee9d9263a1db0836701c4
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 12:57:11 2014 +0100
Remove unused variable in TAP-Win32 setup_device().
This fixes the following compiler warning when building for Windows:
mingw/device.c: In function setup_device:
mingw/device.c:92:9: error: unused variable thread [-Werror=unused-variable]
HANDLE thread;
^
commit 2d2e94406c5f595eff67a01ee6bb1190f77c37ff
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 12:54:45 2014 +0100
Fix callback signature for TAP-Win32 device_handle_read().
This fixes the following compiler warning when building for Windows:
mingw/device.c: In function setup_device:
mingw/device.c:186:2: error: passing argument 2 of io_add_event from incompatible pointer type [-Werror]
io_add_event(&device_read_io, device_handle_read, NULL, CreateEvent(NULL, TRUE, FALSE, NULL));
^
In file included from mingw/../net.h:27:0,
from mingw/../subnet.h:24,
from mingw/../conf.h:34,
from mingw/device.c:26:
mingw/../event.h:61:13: note: expected io_cb_t but argument is of type void (*)(void *)
extern void io_add_event(io_t *io, io_cb_t cb, void* data, WSAEVENT event);
commit f693cb7295298ecd6993a4feac1faf9129aa204d
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 12:52:25 2014 +0100
Remove an unnecessary pointer dereference in execute_script().
This fixes the following compiler warning when building for Windows:
script.c: In function execute_script:
script.c:52:5: error: value computed is not used [-Werror=unused-value]
*q++;
^
commit d7f89a79448dd1633342ea5ee344d403c8e6890b
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 12:49:59 2014 +0100
Only declare the origpriority variable if we support priority.
This fixes the following compiler warning when building for Windows:
net_packet.c: In function send_udppacket:
net_packet.c:633:6: error: unused variable origpriority [-Werror=unused-variable]
int origpriority = origpkt->priority;
^
commit 5aed916ef4fd75e6843f8fe739444dae91ea106a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 14:24:16 2014 +0200
Reserve legacy active bit in connection_status_t.
This is so the positions of the other bits don't change, making it easier to
debug problems with different versions of tinc.
Also fix the padding so connection_status_t is exactly 32 bits.
commit b23bf132838156d2fe5a18d50a2b5e068ae18ec3
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 11:57:03 2014 +0100
Remove redundant connection_t::status.active field.
The only places where connection_t::status.active is modified is in
ack_h() and terminate_connection(). In both cases, connection_t::edge
is added and removed at the same time, and that's the only places
connection_t::edge is set. Therefore, the following is true at all
times:
!c->status.active == !c->edge
This commit removes the redundant state information by getting rid of
connection_t::status.active, and using connection_t::edge instead.
commit 127f2f99f3d43e0565782750f26f1d3980c72711
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 11:13:04 2014 +0100
Don't initialize outpkt to an unused value.
in receive_udppacket(), we initialize outpkt to a default value but the
value is never read anywhere, as every read is preceded by a write.
This issue was found by the clang static analyzer tool:
http://clang-analyzer.llvm.org/
commit 77e96c07912c2a8b280d3e812c71fa1f12efb0ff
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 12 11:06:36 2014 +0100
Handle the "no local address" case in send_sptps_data().
If choose_local_address() is unable to find a local address (e.g.
because of old nodes that don't send their local address information),
then send_sptps_data() ends up using uninitialized variables for the
socket and address.
This regression was introduced in
415910897122da0073a862784d148802ca390020. The commit took care of
handling that case in send_udppacket() but was missing the same fix
for send_sptps_data().
This bug was found by the clang static analyzer tool:
http://clang-analyzer.llvm.org/
commit 45a30f71572fab8e73c456737b7506b2cf12be25
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 10 22:41:01 2014 +0200
Fix incorrect format qualifiers.
Based on a patch from Etienne Dechamps. We avoid the use of %hhx, since even
though it is C99, not all compilers support it yet. We use %x instead, since
it's guaranteed that the minimum size of function arguments on the stack or in
registers is that of an int.
commit d8ed5cf36d0c6d5a863497674248c8e8b63b9d98
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Thu Jul 10 20:29:12 2014 +0100
Fix a typo (FORTIFY_SOURCE).
commit 2f4075f7da2c6ddf777c5bab93992a6c6ac5ec40
Author: Baptiste Jonglez <baptiste--git@jonglez.org>
Date: Sun Jul 6 20:55:26 2014 +0900
Fix typos in the manual page
commit d8ea4c11dec5946c135ad2d2d05954473a0bfda9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 8 14:20:11 2014 +0200
Fix segmentation fault when dumping subnets.
commit 23a22ea1ceb9d0a6b6c288142130f0e30c0fdec9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 8 14:20:01 2014 +0200
Fix compiler warnings.
commit 163773d7107b7726bed24cb1c31b1cecc0d0c239
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jul 6 12:35:32 2014 +0100
Fix event loop io tree inconsistency on Windows.
On Windows, the event loop io tree uses the Windows Event handle to
differentiate between io_t objects. Unfortunately, there is a bug in
the io_add_event() function (introduced in
2f9a1d4ab5ff51b05a5e8cc41a1528fdeb36c723) as it sets the event after
inserting the object into the tree, resulting in objects appearing in
io_tree out of order.
This can lead to crashes on Windows as the event loop is unable to
determine which events fired.
commit fcf5b53e785fd191dd951b77ad831fe6ac78dce4
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jul 6 10:55:23 2014 +0100
Make sure myport is set correctly when running with Port = 0.
Setting the Port configuration variable to zero can be used to make tinc
listen on a system-assigned port. Unfortunately, in this scenario myport
will be zero, which means that tinc won't transmit its actual UDP
listening port to other nodes. This breaks UDP hole punching and local
discovery.
commit c786ed116805c0bc911f592c03dc0d5562287283
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 5 00:23:05 2014 +0100
Fix tinc event loop reentrancy from timeout handlers.
Commit 611217c96ec684799882cf330f40a0936131b6b5 introduced a regression
because it accidentally reordered the timeout handler calls and the
fdset setup code. This means that any io_add(), io_del() or io_set()
calls in timeout handlers would be ignored in the current event loop
iteration, resulting in erratic behavior.
The most visible symptom is when a metaconnection timeout occurs and the
connection is closed; the timeout handler closes the socket but it still
ends up in the select() call, typically resulting in the following
crash:
Error while waiting for input: Bad file descriptor
commit d0d01a44485ee04f60a8fccf9bdf8311e23ffa43
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 5 19:51:19 2014 +0100
Canonicalize IPv6 addresses as per RFC 5952 before printing them.
Currently we don't do any shortening on IPv6 addresses (aside from
removing trailing zeroes) before printing them. This commit makes
textual addresses smaller by shortening them according to the rules
described in RFC 5952. This is also the canonical textual representation
for IPv6 addresses, thus making them easier to compare.
commit dec0400714cc6b125f615c224ac37903f44addb9
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 5 19:02:02 2014 +0100
Don't print subnet prefix lengths and weights for one-host subnets.
This commit suppresses subnet prefix length output (/xx) for subnets
that only contain one address (/32 for IPv4, /128 for IPv6). It also
suppresses weight information if the subnet is using the default
weight. This improves readability of net2str() output in the majority
of cases.
commit dc55691ca7399bab28963f92e4c3dea9d6bf8eb1
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 5 18:52:03 2014 +0100
When printing MAC addresses, always use trailing zeroes.
tinc currently prints MAC addresses without trailing zeroes, for example:
1:2:3:4:5:6
This looks weird and is inconsistent with how MAC addresses are
displayed everywhere else. This commit adds trailing zeroes, so the
above address will be printed as the following:
01:02:03:04:05:06
commit 3d730a40a42d9b238da8725438a612296dea3860
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 5 18:05:55 2014 +0100
Rewrite, fix and improve str2net().
This is a complete rewrite of the str2net() function. Besides
refactoring duplicate code, this new code brings the following fixes
and improvements:
- Fixes handling of leading/trailing double colon in IPv6 addresses.
For example, with the previous code the address
2001:0db8:85a3:0000:0000:8a2e:0370:: is interpreted as a MAC address,
and ::0db8:85a3:0000:0000:8a2e:0370:7334 is rejected.
- Catches more invalid cases, such as garbage at the end of the string.
- Adds support for dotted quad notation in IPv6 (e.g. ::1.2.3.4).
See RFC 4291, section 2.2 for details on the textual format of IPv6
addresses.
commit e024b7a2c50e23311834e6d180e5acc72783b339
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 15:22:10 2014 +0100
Use git description as the tinc version.
Instead of using a hardcoded version number in configure.ac, this makes
tinc use the live version reported by "git describe", queried on-the-fly
during the build process and regenerated for every build.
This provides several advantages:
- Less redundancy: git is now the source of truth for version
information, no need to store it in the repository itself.
- Simpler release process: just creating a git tag automatically
updates the version. No need to change files.
- More useful version information: tinc will now display the number of
commits since the last tag as well as the commit the binary is built
from, following the format described in git-describe(1).
Here's an example of tincd --version output:
tinc version release-1.1pre10-48-gc149315 (built Jun 29 2014 15:21:10, protocol 17.3)
When building directly from a release tag, this would like the following:
tinc version release-1.1pre10 (built Jun 29 2014 15:21:10, protocol 17.3)
(Note that the format is slightly different - because of the way the
tags are named, it says "release-1.1pre10" instead of just "1.1pre10")
commit aec82bb1c94af6d3142cdef0c51f42f38e9be3e0
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 14:57:42 2014 +0100
Regenerate build date and time every time tinc is built.
This prevents the date and time shown in version information from
getting stale because of partial builds. With these changes, date and
time information is written to a dedicated object file that gets rebuilt
every time make is run, even if there are no changes.
commit 116f2ed27a74982e4d1a19b7a8fd08b0aaee1f8d
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 14:15:58 2014 +0100
Make IPv4 multicast space 224.0.0.0/4 broadcast by default.
We already do this for IPv6 multicast space (ff00::/8), so why not
extend it to IPv4.
commit 46a5aa0d674914f4220d8583b1b2f87c7f05a804
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 13:18:25 2014 +0100
Make broadcast addresses configurable.
This adds a new option, BroadcastSubnet, that allows the user to
declare broadcast subnets, i.e. subnets which are considered broadcast
addresses by the tinc routing layer. Previously only the global IPv4
and IPv6 broadcast addresses were supported by virtue of being
hardcoded.
This is useful when using tinc in router mode with Ethernet virtual
devices, as it can be used to provide broadcast support for a local
broadcast address (e.g. 10.42.255.255) instead of just the global
address (255.255.255.255).
This is implemented by removing hardcoded broadcast addresses and
introducing "broadcast subnets", which are subnets with a NULL owner.
By default, behavior is unchanged; this is accomplished by adding
the global broadcast addresses for Ethernet, IPv4 and IPv6 at start
time.
commit b54fde67474e7201e94fa4be34dae65d295b2936
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 09:57:11 2014 +0100
Implement sptps_verify_datagram().
Implementation of sptps_verify_datagram() was left as a TODO. This
causes problems when using SPTPS in tinc, because this function is
used in try_mac(), which itself is used in try_harder() to locate
nodes sending UDP packets from unexpected addresses. In the current
state this function always returns true, resulting in UDP addresses
of random nodes getting changed which makes UDP communication
fragile and unreliable. In addition, this makes UDP communication
impossible through port translation and local discovery.
This commit adds the missing implementation, thus fixing the issue.
commit 498f1b1d5835ab1ac21886cdf0d1471ac90f75b2
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 11:06:44 2014 +0100
Enable LocalDiscovery by default.
Recent improvements to the local discovery mechanism makes it cheaper,
more network-friendly, and now it cannot make things worse (as opposed
to the old mechanism). Thus there is no reason not to enable it by
default.
commit 415910897122da0073a862784d148802ca390020
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 29 11:01:24 2014 +0100
Remove broadcast-based local discovery mechanism.
The new local address based local discovery mechanism is technically
superior to the old broadcast-based one. In fact, the old algorithm
can technically make things worse by e.g. sending broadcasts over the
VPN itself and then selecting the VPN address as the node's UDP
address. This cannot happen with the new mechanism.
Note that this means old nodes that don't send their local addresses in
ADD_EDGE messages can't be discovered, because there is no address to
send discovery packets to. Old nodes can still discover new nodes by
sending them broadcasts, though.
commit e16ade874d08f82481dca7302b98305bcfbe27cf
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 17:27:55 2014 +0100
Use edge local addresses for local discovery.
This introduces a new way of doing local discovery: when tinc has
local address information for the recipient node, it will send local
discovery packets directly to the local address of that node, instead
of using broadcast packets.
This new way of doing local discovery provides numerous advantages compared to
using broadcasts:
- No broadcast packets "polluting" the local network;
- Reliable even if the sending host has multiple network interfaces (in
contrast, broadcasts will only be sent through one unpredictable
interface)
- Works even if the two hosts are not on the same broadcast domain. One
example is a large LAN where the two hosts might be on different local
subnets. In fact, thanks to UDP hole punching this might even work if
there is a NAT sitting in the middle of the LAN between the two nodes!
- Sometimes a node is reachable through its "normal" address, and via a
local subnet as well. One might think the local subnet is the best route
to the node in this case, but more often than not it's actually worse -
one example is where the local segment is a third party VPN running in
parallel, or ironically it can be the local segment formed by the tinc
VPN itself! Because this new algorithm only checks the addresses for
which an edge is already established, it is less likely to fall into
these traps.
commit bfce56d473e1e01a8af0260262ca84f09154e71f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 16:29:30 2014 +0100
Add local address information to edges.
In addition to the remote address, each edge now stores the local address from
the point of view of the "from" node. This information is then made available
to other nodes through a backwards-compatible extension to ADD_EDGE messages.
This information can be used in future code to improve packet routing.
commit 762db91ef7d3b2eab00c23250ca61c7f814899c7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 28 21:54:34 2014 +0200
Give getsockopt() a reference to a socklen_t.
commit e57daac63b6f703af8e7c8209ef61a4d3b2180c3
Merge: cc284e7c 313a752c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 28 21:49:55 2014 +0200
Merge branch 'winevents-clean' of https://github.com/dechamps/tinc into 1.1
commit 313a752cb5fbf27450d34c15b0085d2d8a4147af
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jun 28 18:39:00 2014 +0100
Remove the TAP-Win32 reader thread.
tinc is using a separate thread to read from the TAP device on Windows.
The rationale was that the notification mechanism for packets arriving
on the virtual network device is based on Win32 events, and the event
loop did not support listening to these events.
Thanks to recent improvements, this event loop limitation has been
lifted. Therefore we can get rid of the separate thread and simply add
the Win32 "incoming packet" event to the event loop, just like a socket.
The result is cleaner code that's easier to reason about.
commit ffbc99558cae4dff876645fe205349d8c4cd7acb
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jun 28 15:19:11 2014 +0100
Use a Windows event to stop tinc when running as a service.
Currently, when the tinc service handler callback (which runs in a
separate thread) receives a service shutdown request, it calls
event_exit() to request the event loop to exit.
This approach has a few issues:
- The event loop will only notice the exit request when the next event
fires. This slows down tinc service shutdown. In some extreme cases
(DeviceStandby enabled, long PingTimeout and no connections),
shutdown can take ages.
- Strictly speaking, because of the absence of memory barriers, there
is no guarantee that the event loop will even notice an exit request
coming from another thread. I suppose marking the "running" variable
as "volatile" is supposed to alleviate that, but it's unclear whether
that provides any guarantees with modern systems and compilers.
This commit fixes the issue by leveraging the new event loop Windows
interface, using a custom Windows event that is manually set when
shutdown is requested.
commit 2f9a1d4ab5ff51b05a5e8cc41a1528fdeb36c723
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jun 28 15:15:41 2014 +0100
Make the event loop expose a Windows event interface.
This allows event loop users to specify Win32 events to wait on,
thus making the event loop more flexible.
commit 611217c96ec684799882cf330f40a0936131b6b5
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Fri Jun 27 21:58:35 2014 +0100
Use native Windows events for the event loop.
This commit changes the event loop to use WSAEventSelect() and
WSAWaitForMultipleEvents() on Windows. This paves the way for making the
event loop more flexible on Windows by introducing the required
infrastructure to make the event loop wait on any Win32 event.
This commit only affects the internal implementation of the event
module. Externally visible behavior remains strictly unchanged (for
now).
commit cc284e7c5d298ca887c07f918da35e376bf98720
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jun 28 11:13:29 2014 +0100
Fix connection event error handling.
Commit 86a99c6b999671ed444711139db1937617e802a0 changed the way we
handle connection events to protect against spurious event loop
callbacks. Unfortunately, it turns out that calling connect() twice on
the same socket results in different behaviors depending on the platform
(even though it seems well defined in POSIX). On Windows this resulted
in the connection handling code being unable to react to connection
errors (such as connection refused), always hitting the timeout; on
Linux this resulted in spurious error messages about connect() returning
success.
In POSIX and on Linux, using connect() on a socket where the previous
attempt failed will attempt to connect again, resulting in unnecessary
network activity. Using getsockopt(SO_ERROR) before connect() solves
that, but introduces a race condition if a connection failure happens
between the two calls.
For this reason, this commit switches from connect() to a zero-sized
send() call, which is more consistent (though not completely, see the
truth table in the comments) and simpler to use for that purpose. Note
that Windows explictly support empty send() calls; POSIX says nothing
on the subject, but testing shows it works at least on Linux.
(Surprisingly enough, Windows seems more POSIX-compliant than Linux on
this one!)
commit 86a99c6b999671ed444711139db1937617e802a0
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Fri Jun 27 19:33:31 2014 +0100
Protect against spurious connection events.
The event loop does not guarantee that spurious write I/O events do not
happen; in fact, they are guaranteed to happen on Windows when
event_flush_output() is called. Because handle_meta_io() does not check
for spurious events, a metaconnection socket might appear connected even
though it's not, and will fail immediately when sending the ID request.
This commit fixes this issue by making handle_meta_io() check the
connection status before assuming the socket is connected. It seems that
the only reliable way to do that is to try to call connect() again and
look at the error code, which will be EISCONN if the socket is
connected, or EALREADY if it's not.
commit 0c026f3c6dec784c3267ad7e2c4709d5393dc292
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Thu Jun 26 20:42:40 2014 +0100
Fix errno references when handling socket errors.
When using socket functions, "sockerrno" is supposed to be used to
retrieve the error code as opposed to "errno", so that it is translated
to the correct call on Windows (WSAGetLastError() - Windows does not
update errno on socket errors). Unfortunately, the use of sockerrno is
inconsistent throughout the tinc codebase, as errno is often used
incorrectly on socket-related calls.
This commit fixes these oversights, which improves socket error
handling on Windows.
commit 058473dc8d4cf60f79aee18d473342b8a3c25fbe
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 18:45:49 2014 +0100
Fix Windows includes.
These Windows include lines are capitalized, which causes the build to fail
when cross-compiling from Linux to Windows using MinGW as the MinGW headers
are entirely lower case.
commit b24faf3cbe07dd931911ec4d70f1a9e0d6a87519
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 11 17:11:02 2014 +0200
Remove the warnings when IP_DONTFRAGMENT/IPV6-DONTFRAG is not supported.
There is nothing we can do about it, and tinc will run fine anyway.
commit b99e1a306c7fb8f43dd61e432f3c896f5142e4ac
Author: Alexis Hildebrandt <afh@surryhill.net>
Date: Sun Jun 22 16:43:15 2014 +0200
Add support to link against libresolv Mac OS X
commit e76df30cb2af7a22e9c1dc91bb47a76c2fcbc43d
Author: Armin Fisslthaler <armin@fisslthaler.net>
Date: Fri Apr 25 14:44:06 2014 +0200
reload /etc/resolv.conf in SIGALRM handler
commit 132bdb77a0792d85d03ad89f846cbd4024037393
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 10:48:34 2014 +0100
Make DeviceStandby control network interface link status on Windows.
Besides controlling when tinc-up and tinc-down get called, this commit makes
DeviceStandby control when the virtual network interface "cable" is "plugged"
on Windows. This is more user-friendly as the status of the tinc network can
be seen just by looking at the state of the network interface, and it makes
Windows behave better when isolated.
commit bd451cfe1512fa69eac35a60dbe6df17bfc39154
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 10:48:34 2014 +0100
Add DeviceStandby option to only enable the device when nodes are reachable.
This adds a new DeviceStandby option; when it is disabled (the default),
behavior is unchanged. If it is enabled, tinc-up will not be called during
tinc initialization, but will instead be deferred until the first node is
reachable, and it will be closed as soon as no nodes are reachable.
This is useful because it means the device won't be set up until we are fairly
sure there is something listening on the other side. This is more user-friendly,
as one can check on the status of the tinc network connection just by checking
the status of the network interface. Besides, it prevents the OS from thinking
it is connected to some network when it is in fact completely isolated.
commit f0885b8d2fe69610e7e294735795d98db11157a5
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 14:06:44 2014 +0100
Cleanly remove the device FD from the event loop before closing it.
commit ed1d0878afe53032a4b63e87afd4a435015cf5de
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 09:53:26 2014 +0100
Make device close cleaner.
commit 638260865399693c3ced9337ef2664c5ba968a2a
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jun 22 09:54:45 2014 +0100
Move Solaris if_fd to local scope.
This variable is never used outside of setup_device(), therefore there is no
reason to declare it in global scope.
commit 9bfc228ef5fcd4166897e32fbe82f4cc4e252922
Author: Baptiste Jonglez <baptiste--git@jonglez.org>
Date: Fri Jun 20 15:56:13 2014 +0900
Clarify man page regarding the IndirectData option
commit 31c68993989fbca3c88df1449ea2077baafce481
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 15 12:19:10 2014 +0200
Unconditionally return non-zero exit code when "tinc del" does not find the requested variable.
commit 1ce0f7613964c7441ef683f9d875dd09cbfd667c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 15 12:14:01 2014 +0200
Return non-zero exit code when "tinc get" does not find the requested variable.
commit ef5e8b6920d1dd3097f36bd0c50170100acf2f28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 3 11:02:58 2014 +0200
Fix base64 decoding of Ed25519 keys.
commit b0d80c7f28528c2c8857c5662b4aca779b3184bb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 18 21:51:42 2014 +0200
Allow Cipher and Digest "none".
This is for backwards compatibility with tinc 1.0, it has no effect on
the SPTPS protocol.
commit 666718998eaa044f6f25fe99810a78dca8471393
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 18 20:49:35 2014 +0200
Implement a PEM-like format for Ed25519 keys.
We don't require compatibility with any other software, but we do want Ed25519 keys to work
the same as RSA keys for now.
commit f0e7e6b03e34e69cac5b01a2d943ad3b9b59d36c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 18 20:47:04 2014 +0200
Rename ECDSA to Ed25519.
commit 35437a50e2a46861742b6fb8e49d065aa52a04dc
Author: Guus Sliepen <guus@sliepen.org>
Date: Tue May 13 20:29:09 2014 +0200
Add sanity checks when generating new RSA keys.
The key size should be a multiple of 8 bits, and it should be between 1024 and
8192 bits.
commit 66f325f4674e70d83744626f3b8dda6760f8d613
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 12 15:57:40 2014 +0200
Fix PMTU discovery via datagram SPTPS.
In send_sptps_data(), the len variable contains the length of the whole
datagram that needs to be sent to the peer, including the overhead from SPTPS
itself.
commit c35bfa18ec49439d4a028990fcf0ae6d8c4508a5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 12 15:56:29 2014 +0200
Fix a crash when we have a malformed public ECDSA key of another node.
commit c32fcdfc1dde289c52bc359b7b6c5f8c30186e58
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 12 14:35:56 2014 +0200
Add missing closedir().
commit 75e5b2e906bd8563bf0f53a76065618c88122e1c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 12 14:35:12 2014 +0200
Use void pointers to opaque buffers.
commit 332b55d4720fadea76c0a5d9b9d484af6a724006
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 6 14:11:55 2014 +0200
Change AutoConnect from int to bool.
The proper value is 3, not 2 or 4, and 5 is right out. So just hardcode this value,
and only have the option to turn AutoConnect on or off.
commit 27acb5d04792f2da70e937543de9110e16aae21c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 6 13:01:48 2014 +0200
Fix compiler warnings.
commit bc33a073d82cd4b5e75d00e379ddfeeaa6ade962
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 6 12:58:25 2014 +0200
Nexthop calculation should always use the shortest path.
When tinc runs the graph algorithms and updates the nexthop and via pointers,
it uses a breadth-first search, but it can sometimes revisit nodes that have
already been visited if the previous path is marked as being indirect, and
there is a longer path that is "direct". The via pointer should be updated in
this case, because this points to the closest hop to the destination that can
be reached directly. However, the nexthop pointer should not be updated.
This fixes a bug where there could potentially be a routing loop if a node in
the graph has an edge with the indirect flag set, and some other edge without
that flag, the indirect edge is part of the minimum spanning tree, and a
broadcast packet is being sent.
commit b6e2b416bf9a5788c8847267b849efcd9e5bbf95
Author: Saverio Proto <zioproto@gmail.com>
Date: Mon May 5 15:23:25 2014 +0200
Fix typo in comment
commit 18698c4e123d1ed22f3a2fc5529fac62fbabaf19
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 25 17:00:55 2014 +0200
Put brackets around IPv6 addresses in invitation URL, even if there is no port number.
commit 475088ed77df925ce0680c9993305cd746742708
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 15 17:26:08 2014 +0200
sptps_test: allow using a tun device instead of stdio.
commit 2980173ee7f8142598fe5e1ab117e463751da310
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 14 21:43:45 2014 +0200
Use the ChaCha-Poly1305 cipher for the SPTPS protocol.
The main reason to switch from AES-256-GCM to ChaCha-Poly1305 is to remove a
dependency on OpenSSL, whose behaviour of the AES-256-GCM decryption function
changes between versions. The source code for ChaCha-Pol1305 is small and in
the public domain, and can therefore be easily included in tinc itself.
Moreover, it is very fast even without using any optimized assembler, easily
outperforming AES-256-GCM on platforms that don't have special AES instructions
in hardware.
commit 49e3baec20ddad9cc297c3eeb1d13f0e421f69c8
Merge: 37b729d7 2f01744f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 14 20:49:43 2014 +0200
Merge branch '1.1-ed25519' into 1.1
commit 37b729d7fdd49da5466696f7995a96ebb54fbcbb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 13 12:09:48 2014 +0200
Properly initialize buffers.
Valgrind complained about use of uninitialized data.
commit 2f01744f82be542894fe2ceecbfb9ead93c9ffa5
Author: Guus Sliepen <guus@sliepen.org>
Date: Sun Apr 6 22:47:26 2014 +0200
Use Ed25519 keys.
This uses the portable Ed25519 library made by Orson Peters, which in turn uses
the reference implementation made by Daniel J. Bernstein.
This implementation also allows Ed25519 keys to be used for key exchange, so
there is no need to add a separate implementation of Curve25519.
commit d6734a2da483675f5bcc9cf7b15723a409b1019f
Author: Guus Sliepen <guus@sliepen.org>
Date: Sun Apr 6 22:46:06 2014 +0200
Fix return value of b64encode().
commit f134bd0c9c2213fbbb3967f3d784759cb65e2c76
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 9 15:32:10 2014 +0100
Handle a disconnecting tincd better.
- Try to prevent SIGPIPE from being sent for errors sending to the control
socket. We don't outright block the SIGPIPE signal because we still want the
tinc CLI to exit when its output is actually sent to a real (broken) pipe.
- Don't call exit() from top(), and properly detect when the control socket is
closed by the tincd.
commit 09e000ba54fd4a4ffe3e5c15ee7aeadac35d6996
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 26 17:27:57 2014 +0100
Rewind the file before trying to use PEM_read_RSA_PUBKEY().
commit 44c7f554c7a6eb411428cfd30ca2cb21a613830e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 26 11:00:30 2014 +0100
Add "network" command to list or switch networks.
commit 48ecff6ddb7e6f9d6b6df7f8952c4cfb318572fa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 23:06:26 2014 +0100
Add missing attribution for 1.1pre10 to the NEWS file.
commit 9f7e2dffb27297385c56698638386b264c9aff1a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 23:05:33 2014 +0100
Really fix compiling under Windows.
commit 173072ff078a8917b60c24dbe58aa7c258450de2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 21:40:42 2014 +0100
Releasing 1.1pre10.
commit cb5c1b5986861361207fa244662bb2c7f3d6a3a4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 21:40:29 2014 +0100
Check whether OpenSSL has support for GCM.
commit cdda0388a82eb44ff260e25c0902794c8db9643a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 21:14:41 2014 +0100
Fix compiling for Windows.
commit 06a4a8c153407b690a3ce3f0e7fdaa8568ccb1a3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 20:38:48 2014 +0100
Update copyright notices.
commit bc9347042bf6586d23bf17efd9fdf64a2c4a4d27
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 19:57:06 2014 +0100
Attribution for Dennis Joachimsthaler.
commit ac7f82cb235008d1711781a87ffdce5d45465134
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 16:34:08 2014 +0100
Handle errors from TAP-Win32/64 adapter in a better way.
Before, the tapreader thread would just exit immediately after encountering the
first error, without notifying the main thread. Now, the tapreader thead never
exits itself, but tells the main thread to stop when more than ten errors are
encountered in a row.
commit 2f41780023bffc81fa42b0e72f67be86a52b370c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 7 19:48:11 2014 +0100
Attribution for various contributors.
Conflicts:
THANKS
commit e717e424c22233aa728b75c4c8bb047e13b0107a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 30 17:10:30 2014 +0100
Use addresses learned from other nodes when making outgoing connections.
Before, when making a meta-connection to a node (either because of a ConnectTo
or because AutoConnect is set), tinc required one or more Address statements
in the corresponding host config file. However, tinc learns addresses from
other nodes that it uses for UDP connections. We can use those just as well for
TCP connections.
commit 995444c4f96bafecf7fb5d59510b3034459cf85c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jan 29 17:32:18 2014 +0100
Document Weight and also allow it to be set from tinc.conf.
commit 2e318f379992a730f592b4c5261d26d8e1a38cfd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jan 29 17:17:59 2014 +0100
Don't ask questions if we are not running interactively.
When creating invitations or using them to join a VPN, and the tinc command is
not run interactively (ie, when stdin and stdout are not connected or
redirected to/from a file), don't ask questions. If normally tinc would ask for
a confirmation, just assume the default answer instead. If tinc really needs
some input, just print an error message instead.
In case an invitation is used for a VPN which uses a netname that is already in
use on the local host, tinc will store the configuration in a temporary
directory. Normally it asks for an alternative netname and then renames the
temporary directory, but when not run interactively, it now just prints the
location of the unchanged temporary directory.
commit 00398a60ec317740bcec83c5a524c5a95ce7f1c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 27 23:21:25 2014 +0100
Add missing newlines when copying variables from tinc.conf to an invitation file.
commit fa1e9b046128db81c207c9ed920d068a144cd687
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 24 16:09:32 2014 +0100
Test two tinc daemons using network namespaces.
Testing multiple daemons connecting to each other on the same computer is
usually difficult, because connections to local IP addresses will bypass most
of the network stack. However, recent versions of Linux support network
namespaces, which can isolate network interfaces. We use this to isolate the
virtual interface of the daemons from each other, so we get the behaviour as if
the daemons were each running on their own machine. This can also be used for
more complicated tests (including those with firewall rules) without disturbing
the real network setup of the host computer.
commit 38adc8bf548c2c465d5f4147866c3d3f9112d3a8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 20 21:19:13 2014 +0100
Add the ListenAddress option.
ListenAddress works the same as BindToAddress, except that from now on,
explicitly binding outgoing packets to the address of a socket is only done for
sockets specified with BindToAddress.
commit e187758a7e163cb2d2e57db8b093823f68f1491f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 20 20:21:15 2014 +0100
Document that 1.1 uses AES-256 in GCM mode.
commit 1a115d1d1c58db179df6568e9b33fab3e8f80486
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 20 20:16:58 2014 +0100
Document clearly that tinc depends on curses and readline libraries.
commit a3decd09513370fbb3aa22dae11435103d179c30
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 19 21:15:23 2014 +0100
Let tinc-gui use correct address family when connecting to tincd via TCP.
commit c10f3105b354c523d4d4d36b09dd46f890e94a30
Author: Dennis Joachimsthaler <dennis@efjot.de>
Date: Fri Jan 17 18:15:40 2014 +0100
Ensure tinc-gui running in 64 bits mode can find tinc's 32 bit registry key.
commit ab583f7e8c550822c63a1a6b73a7a329f622d9e0
Author: Dennis Joachimsthaler <dennis@efjot.de>
Date: Fri Jan 17 16:10:10 2014 +0100
Fix tinc-gui on Windows.
commit 11d562e9b2b3ce483b04bb8c8cadb22a0beb1ab6
Author: Guus Sliepen <Guus.Sliepen@astro.su.se>
Date: Thu Jan 16 14:52:44 2014 +0100
Add index entries for the CLI commands.
commit d8ea66ff1fc68ca9ea672727b0274663df6f4866
Author: Guus Sliepen <Guus.Sliepen@astro.su.se>
Date: Thu Jan 16 14:46:44 2014 +0100
Update the documentation of the tinc command.
commit 8af6d64fd9dfdd684a56534249e12d201628055c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 16 14:02:56 2014 +0100
Clarify StrictSubnets.
commit c8543bbe6b9ae2de318b0ed4f54cdebcbc3fe5a4
Author: Florent Clairambault <florent@clairambault.fr>
Date: Sun Dec 29 23:11:54 2013 +0100
Adding "conf.d" configuration dir support.
Any file matching the pattern /etc/tinc/$NETNAME/conf.d/*.conf will be
parsed after the tinc.conf file.
commit e6b32936c569d9f2ceaea76af2f8f0551d163dd9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 10 17:13:15 2013 +0100
Fix handling of --with-libgcrypt.
commit b7d59f035bfa2e546428cac2b72318d4f5c517fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 10 17:02:52 2013 +0100
Don't enable -fstack-protector-all.
It is not supported on all architectures and is problematic on some
platforms.
commit 53b00f8c1abda0d477c75e4d70a7341301fa1733
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 10 11:18:04 2013 +0100
Add our own autoconf check for libgcrypt.
This one doesn't require one to have libgcrypt installed while running
autoreconf, making life easier for people who compile tinc from git.
commit 283c5d1cf07f77d29fc1fc2f09532508f5124679
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 10 10:48:00 2013 +0100
Enable compiler hardening flags by default.
Check whether the compiler supports hardening flags and enable them unless
--disable-hardening is specified.
Conflicts:
configure.ac
commit ef8efdfff1de2b18092f9d4f383e3f2898bf86cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 8 21:37:56 2013 +0100
Remove erroneous warning about SPTPS being disabled.
commit be1446f5d0e8831b60ea473a5b7b9ba40f18986e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 8 21:32:21 2013 +0100
Don't print an error when no ECDSA key is known for a node using the legacy protocol.
commit c151cfa2e978e92c1e5394bfcc8b41c6155f8436
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 8 21:31:50 2013 +0100
Give full path to unconfigured tinc-up script.
commit 1b580b2a6beee9d32488a1d95c45de336dee9c2e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 8 21:06:03 2013 +0100
Allow running without ECDSA keys If ExperimentalProtocol is not explicitly set.
To make upgrading less painful, allow running tinc 1.1 without ECDSA keys
unless ExperimentalProtocol is explicitly set to yes.
commit 41583d5dcfc1277b1a203478de4cce2cd0cda1b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 8 20:23:44 2013 +0100
Don't print device statistics when exiting tinc.
Much more detailed statistics are now kept per node, which can be queried at
any time, which makes the device statistics obsolete.
commit 19b97e79aa63bcb6f81c2dbfd7ca91d89a230387
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 7 22:59:37 2013 +0100
Prefer ncurses over curses.
commit b115de21990ecb1a2f377a73d07ff26e35980aba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 7 22:54:02 2013 +0100
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
commit cf9bea4e938f4eec531782e2e947d711cac16014
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 7 22:39:24 2013 +0100
Avoid using a variable named "sun". Solaris doesn't like it.
commit 221f559bcf13febc9a4135c5eb54c236c543ee19
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 7 22:20:10 2013 +0100
Stricter check for raw socket support.
commit c1f7357e7dca18f43f02541cff2684f737512686
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 7 22:19:39 2013 +0100
Include <limits.h> for PATH_MAX.
commit c9bdac68e1b56d34b8fd8bff03bddda1d2cca516
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 7 21:52:41 2013 +0100
Update support for Solaris.
Adds support for the latest TAP driver from
http://www.whiteboard.ne.jp/~admin2/tuntap/, so tinc now also works in switch
mode on Solaris 11.
commit 06943e828c45d8f4f1da6dc51907499f92957a39
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 5 15:01:30 2013 +0100
If no Port is specified, set myport to actual port of first listening socket.
If the Port statement is not used, there are two other ways to let tinc listen
on a non-default port: either by specifying one or more BindToAddress
statements including port numbers, or by starting it from systemd with socket
activation. Tinc announces its own port to other nodes, but before it only
announced what was set using the Port statement.
commit 3e924045ccaab1441b77ff43a2d7eb759b313f7b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 5 14:30:00 2013 +0100
Mention in the manual that multiple Address staments are allowed.
commit 51bddfd4dd95161afae2cac4aa5d31970fef5714
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 28 14:19:55 2013 +0100
Allow "none" for Cipher and Digest again.
commit 3d41e7d71247998b7c4a3dd4eacb93bd3529428d
Author: Guus Sliepen <guus@sliepen.org>
Date: Thu Nov 21 22:13:14 2013 +0100
Make LocalDiscovery work for SPTPS packets.
commit c1703ea9172be05f501d636510834e31d5d4f98c
Author: Guus Sliepen <guus@sliepen.org>
Date: Wed Nov 20 23:02:20 2013 +0100
Remove an unused variable.
commit 6168a9b6d51b19378af9ba9977227042cf6eafc6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 15 15:32:53 2013 +0100
Fix two warnings from Clang's static analyzer.
commit 29b42aa17ede17bc67963292e86b186cc09039b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 22 21:28:44 2013 +0200
Fix sending bulk data starting with a newline.
commit a5bcb29fdffe9bb2a9dd59c2e315f13fda6d5b34
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 22 21:19:41 2013 +0200
Make sptps_test less verbose by default.
commit 7da999f4aee4e9c8b192769fddbe1c61cd31d7d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 18 16:58:47 2013 +0200
Clean up child processes from proxy type exec.
commit 9b2eaebdf6eb46321403bfc6af1145d051d3bbdc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 15 14:09:42 2013 +0200
Fix sending empty SPTPS records.
commit 0da07280882253b792ddf9c6bd8b6690ba585b7a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 13 01:02:52 2013 +0200
Use AES-256-GCM for the SPTPS protocol.
It is faster than AES-256-CTR + HMAC-SHA256, especially on Intel chips with AES
and PCLMULQDQ instructions.
commit e42bd6009785263b545c1651840943c01461ffda
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 27 10:43:56 2013 +0200
Fix typos in the documentation.
Thanks to Thomas Sattler for finding and reporting them.
commit 68e3efe34980cc82ffc143fc33d3c11b69ec8e2b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 27 11:36:46 2013 +0200
Fix segfault when Name = $HOST but $HOST is not set.
Conflicts:
src/net_setup.c
commit 22d804d4467cfe9f3926ab6d37b69c3760395b6c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 22:03:00 2013 +0200
Link sptps_speed with -lrt.
This is necessary for clock_gettime() on older versions of libc.
commit c621dd62c74284bfc307a351bec875eb6918bf0f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 22:02:33 2013 +0200
Don't leak memory during the key generation speed test.
commit b7b68c3e979994a70f3adb9b40784f65cadf6a75
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 17:35:55 2013 +0200
Add a benchmark for the SPTPS protocol.
commit 87b017c71062bbc75ab5a98795abaf87f96ceba6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 16:21:25 2013 +0200
Avoid using BIOs.
commit aaa7caad3d2a03d799264b0d62cddac6b4ee4092
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 13:36:53 2013 +0200
Wrong date for the 1.1pre9 release in the NEWS.
commit 85d33e563a0e4ce5910c9ba3b34eba8fbb1cbd30
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 8 17:29:12 2013 +0200
Releasing 1.1pre9.
commit e11daa264615f6eb5782f1f349b23f47518577dd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 8 15:03:06 2013 +0200
Don't try to mkdir(CONFDIR) if --config is used.
commit c25c684a847e11be80916e6de0608f11958d701d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 8 14:47:59 2013 +0200
Make sure test scripts end up in the tarball.
commit 6072759bcb6118923685ace08048c2917425680a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 8 14:42:32 2013 +0200
Automake doesn't like info files being mentioned in CLEANFILES.
commit b80cbaba040775ba20159b20d02c8c903c84e0e1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 5 17:42:31 2013 +0200
Test running ping through two tinc daemons.
This is a more complicated test with one tinc daemon using a tap interface
(therefore requiring root), and a second one using a multicast interface. A
separate program "pong" is listening on the same multicast address, and waits
for ARP and ICMP packets, responding to ICMP echo packets with replies.
This test doesn't require any configuration of the tap interface.
commit fe1d0043c81b26f337bdce63dd290d882b01cf21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 5 17:41:05 2013 +0200
Don't return zero-length packets when receiving multicast loopback packets.
commit 2faf3e91af90716180bde27f54370fe4cbfc64c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 5 14:59:56 2013 +0200
Add two more test scripts.
commit 6242b68242646fa94bdacc94be93f0e894ae757e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 5 14:51:13 2013 +0200
Fix multicast device.
commit 09b5a3c02057fe9448c4e9494a99c93a61f98280
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 5 14:50:10 2013 +0200
Exit value 1 instead of a random non-zero value.
commit bdbb710060bef4b3ec63f5592e4def57a4817bd9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 2 00:15:50 2013 +0200
Add a test for invite and join commands.
commit 566ef6bcbae2bb17c30d500c96331d0c7bdca070
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 2 00:15:18 2013 +0200
Also test whether tinc daemons can connect to each other after import/export.
commit 796c14b75c9e8066b4f68f6ce7cdaddd97c46a87
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 2 00:11:04 2013 +0200
Slightly relax the connection rate limit for a single address.
The restriction of accepting only 1 connection per second from a single address
is a bit too much, especially if one wants to join a VPN using an invitation,
which requires two connections.
commit 933f7f7526d89a4ad41e2c2936c26cb41997ed78
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 22:59:51 2013 +0200
Send a RELOAD to a running tincd when a new invitation key has been generated.
commit 4e7e4818b771af47a10ce0b8f4046ab455ef14a9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 22:58:45 2013 +0200
Clean up leftover tincd and sptps_test processes.
commit b00a6d0666f13b5206b6fcb21479281270169584
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 21:55:16 2013 +0200
Fix tincd logfile location when running tests.
commit c179dd0fc8ba0d20e8b29b0a5d2485a637e999e6
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Sep 1 20:07:32 2013 +0100
Fix broken build with --with-openssl, --with-libgcrypt.
When --with-openssl is used, $openssl is set to the specified path.
Unfortunately, that confuses the OPENSSL conditional which expects it to
be set to "true". The result is that the contents of the openssl/
directory are not built when --with-openssl is used, resulting in
undefined references and a broken build.
In addition, there is a typo in the GCRYPT conditional definition
("grypt" instead of "gcrypt") which means GCRYPT never gets set,
(presumably) breaking builds using libgcrypt.
These regressions were introduced in
9b9230a0a79c670b86f54fadd2807b864ff9d91f.
commit a4e49f45664cfc9414d6eaaa7bd45f1eb3012e37
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 21:07:02 2013 +0200
Add test for import, export and exchange commands.
commit 2cd8e2b8e8d60fdeb633afe54eaf38e18afb04dc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 21:06:25 2013 +0200
Small fixes for tests.
commit 09cd7ac62a40851a73f0bf7e8721848c10a7b1ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 16:02:49 2013 +0200
Make sptps_test more easy to work with.
It now defers reading from stdin until after the authentication phase is
completed. Furthermore, it supports the -q, -r, -w options similar to those of
Jürgen Nickelsen's socket.
commit 1cdb0c21d42d600d0e89857f4e9f33843f9372c8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 15:40:59 2013 +0200
Some shells set $_ to an absolute path.
commit 05a7f0b2fb07f8ee7752604a2a87b85f2430aaa3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 1 00:39:14 2013 +0200
Start of a test suite.
commit d01ab07f78f84d7d30c5788416c8d4ca0e1f74bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 30 14:23:02 2013 +0200
Allow testing the replay window with sptps_test.
commit ccbf70b66f8e5ac18e672309a7bad899cfc0f400
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 30 14:22:05 2013 +0200
Fix the replay window in SPTPS.
commit c7752ca73e582d63412e7f40984cff2fca02c22f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 30 13:43:23 2013 +0200
Fix CTR mode.
commit d0aa0817d2387e89555ed090d900f61c56b19caa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 30 13:04:14 2013 +0200
Add an option to test datagram SPTPS with packet loss.
commit 5da0ebd421572230fbd213ca0749df6771f4cb10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 28 14:24:07 2013 +0200
When generating invitations, handle any order of Port and Adress statements.
commit f0e11cd2c55a83662049646d2f6ffba3ac697989
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 27 21:19:50 2013 +0200
Call WSAStartup() in main().
The tinc utility defered calling WSAStartup() until it tried to connect to a
running tinc daemon. However, socket functions are now also used for other
things (like joining another VPN using an invitation). Now we just
unconditionally call WSAStartup() early in main().
commit 82575bd44dc02bd1febd265c1db0f05b298329af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 24 00:48:24 2013 +0200
Tell invited node about Mode and Broadcast settings.
Since these settings really should be the same for all nodes in a VPN.
commit 57991e264202ad83e2c1b663777b358bf5573652
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 23 19:24:36 2013 +0200
Use PATHEXT when checking for the presence of scripts on Windows.
It seems like a lot of overhead to call access() for every possible extension
defined in PATHEXT, but apparently this is what Windows does itself too. At
least this avoids calling system() when the script one is looking for does not
exist at all.
Since the tinc utility also needs to call scripts, execute_script() is now
split off into its own source file.
commit 21184674b38ea1da87588de97dab076c9b9e4a81
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 21 00:24:55 2013 +0200
Execute scripts when invitations are created or accepted.
commit 9699f08afc6420d2bdac1063ea6789b585aaf42e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 20 23:09:36 2013 +0200
Ensure the invitation filenames do not reveal the secret cookie.
Since filenames could potentially leak to unprivileged users (for example,
because of locatedb), it should not contain the cookie used for invitations.
Instead, tinc now uses the hash of the cookie and the invitation key as the
filename to store pending invitations in.
commit 5dec1c25713a19c49fcbb885200184a9682ef175
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 20 22:36:31 2013 +0200
Let a server explicitly send a notification when the invitation protocol succeeded.
commit c798f7309337fc4c6dec7fd99d45cd76f809ab02
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 20 16:49:03 2013 +0200
Use our own infrastructure for finding out the local node's externally visible host name.
commit 160b7cb5e3e9b7869f6ca38e6a7ab2db39aba979
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 20 16:47:07 2013 +0200
Resolve the local host name before generating the invitation file.
commit 65f5e8fba45c6c51cfdfa2a41ab6db14663cdf73
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 18 23:55:40 2013 +0200
Bind outgoing sockets again.
Commit cff5a84 removed the feature of binding outgoing TCP sockets to a local
address. We now call bind() again, but only if there is exactly one listening
socket with the same address family as the destination address of the outgoing
socket.
commit 0c54f365534fcb345e87961e71d452e269e170fe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 18 22:43:55 2013 +0200
Remove broadcast of KEY_CHANGED message during tinc's initialization.
commit 09b0b49b98cc16f6b281e4e635c2c70234e38865
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 18 22:35:27 2013 +0200
Fix order of tincd's initialization.
The order in which tinc initialized things was not completely correct. Now, it
is done as follows:
- Load and parse configuration files.
- Create all TCP and UDP listening sockets.
- Create PID file and UNIX socket.
- Run the tinc-up script.
- Drop privileges.
- Start outgoing connections.
- Run the main loop.
The PID file can only be created correctly if the listening sockets have been
set up ,as it includes the address and port of the first listening socket. The
tinc-up script has to be run after the PID file and UNIX socket have been
created so it can change their permissions if necessary. Outgoing connections
should only be started right before the main loop, because this is not really
part of the initialization.
commit 8f8424445810aa7d5e9d4d537494e64811a8e29f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 18 18:20:41 2013 +0200
Don't force a .bat extension for scripts under Windows.
commit b180c1af99c559809d0e7b23fce3022817ec56a9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 18 17:02:49 2013 +0200
Create UNIX socket at the same time as the PID file is created.
The PID file was created before tinc-up was called, but the UNIX socket was
created afterwards, which meant one could not change the UNIX socket's owner or
permissions from the tinc-up script.
commit 707914e0e4b45183b1f687b44d97731127df3078
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 14 16:20:32 2013 +0200
Remove texi2html rule in docs/Makefile.
According to Debian, texi2html is deprecated and makeinfo --html should be used
instead. Automake already provides a html target that invokes makeinfo.
commit 5e50a56dd9ebef71683b60856f904d352a3b89dc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 14 16:17:12 2013 +0200
Stop using EXTRA_DIST in src/Makefile.am.
Automake finds the files in the subdirectories of src/ now that they are
properly declared in the _SOURCES variables. Using EXTRA_DIST would now cause
.o files to be included in the tarball.
commit 60e774942826cb28c53ac6fd23887162323696e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 13 22:05:43 2013 +0200
Releasing 1.1pre8.
commit 6aa864baa626b366f5bba1f1b349a870b68d7c01
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 13 20:40:40 2013 +0200
Don't typedef the same struct in two header files.
Some (older?) versions of GCC don't like this.
commit 5e00a24e1f13fa70a6945831c409d873b7809d11
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 13 20:38:57 2013 +0200
Update copyright notices.
commit a61d3d1c0b6d0dc1b53040ae2e1a055fb34eb832
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 13 20:37:55 2013 +0200
Build .tar.gz instead of .tar.xz.
Only FreeBSD's tar supports xz compression, the other BSDs do not. NetBSD doesn't even
like bzip2.
commit 2df534808d75c5898a819a7a4063c7a6f2445bd4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 13 20:35:48 2013 +0200
Move .h files from noinst_HEADERS to tincd_SOURCES.
This is the recommended way according to the Automake manual.
commit de8e6bf452227094a8aadd32dd5ea0d94d4b5db9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 8 17:40:15 2013 +0200
Don't echo broadcast packets back when Broadcast = direct.
commit 81c71203201f6642a496f466660236efdd522ceb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 2 23:51:55 2013 +0200
Fix a typo.
commit 76c90e1639ee900fca4fc858260f0078ba32b9b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 2 23:46:19 2013 +0200
Non-zero exit code when reloading config file fails after SIGHUP.
When reloading the configuration file via the tinc command, the user will get
an error message if reloading has failed. However, no such warning exists when
sending a HUP signal. Previously, tincd would exit in both cases, but with a
zero exit code. Now it will exit with code 1 when reloading fails after a
SIGHUP, but tincd will keep running if it is signaled via the tinc command.
Instead, the tinc command will exit with a non-zero exit code.
commit f3a2bed063d98961d0619ca318185740f8cf6f99
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 2 20:53:54 2013 +0200
Really retry outgoing connections immediately if requested.
The retry() function would only abort connections that were in progress of
being made, it wouldn't reschedule the outgoing connections that had been
sleeping.
commit 1e7d1cd3c72cc478482fb75b15f9f50745b68504
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 2 20:50:19 2013 +0200
Clean up the SIGINT handler.
commit a38e0d621397d6d69c939ccc287d5a803b668195
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 2 19:27:06 2013 +0200
Use umask() to set file and UNIX socket permissions without race conditions.
As mentioned by Erik Tews, calling fchmod() after fopen() leaves a small window
for exploits. As long as tinc is single-threaded, we can use umask() instead to
reduce file permissions. This also works when creating the AF_UNIX control socket.
The umask of the user running tinc(d) is used for most files, except for the
private keys, invitation files, PID file and control socket.
commit a1f4f14c6c5e269c901e6e019418fb8f789cf96b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 26 15:48:52 2013 +0200
Defer handling netname conflicts when accepting an invitation.
In case no explicit netname of configuration directory is specified when
accepting an invitation, the netname specified in the invitation data is
used. However, this new netname is only known after making the connection
to the server. If the new netname conflicts with an existing one at the
client, we ask the user for a netname that doesn't conflict. However, we
should first finish accepting the invitation, so we don't run into the
problem that the server times out and cancels the invitation. So, we create
a random netname and store the files there, and only after we finish
accepting the invitation we ask the user for a better netname, and then
just rename the temporary directory to the final name.
commit d47c79533f831a2714aff277aff31c46da1ec684
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 26 15:44:05 2013 +0200
Make absolutely sure we can write config files before accepting an invitation.
commit 37cca72e6c973b77b5d11dcf721ae050edc23586
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 26 14:53:36 2013 +0200
Choose a different Port when 655 isn't available when doing "tinc join".
commit 8f2db4afddf109e59c7ec0cdb7ad79db75d698e5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 26 14:17:15 2013 +0200
Choose a different Port when 655 isn't available when doing "tinc init".
If port 655 cannot be bound to when using the init command, tinc will try to
find a random port number that can be bound to, and will add the appropriate
Port variable to its host config file. A warning will be printed as well.
commit d6a67266c812a85f11c734503ae5560ab8983edb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 25 17:17:33 2013 +0200
Don't forget the Port variable when creating an invitation URL.
commit d1e01bc880a6970050e55f19bafe8eaf1f0b9be2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 25 17:14:07 2013 +0200
Allow control-C to stop tincd without stopping the tinc shell.
commit d219fe2c09652fcdc6b457bb5fd72ad18a3a33c5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 25 16:21:11 2013 +0200
Warn when incorrect use of add or set causes variables to be removed.
commit e6249695684dcddc5d7ae0269adc7764ecec925a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 24 20:48:31 2013 +0200
Fix compression when using the SPTPS protocol.
commit 5fca595b80f5d2a6629d74e89ca2ef46ba9ae292
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 22 22:58:13 2013 +0200
Honour umask, let temporary key files inherit original's permissions.
During the init command, tinc changed the umask to 077 when writing the public
and private key files, to prevent the temporary copies from being world
readable. However, subsequently created files would therefore also be
unreadable for others. Now we don't change the umask anymore, therefore
allowing the user to choose whether the files are world readable or not by
setting the umask as desired. The private key files are still made unreadable
for others of course. Temporary files now inherit the permissions of the
original, and the tinc-up script's permissions now also honour the umask.
commit ae85a020303d523f24ddf45a816e6a2ceb4fc935
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Mon Jul 22 21:22:26 2013 +0100
Further improve bandwidth estimation for type 2 MTU probe replies.
This patch adds timestamp information to type 2 MTU probe replies. This
timestamp can then be used by the recipient to estimate bandwidth more
accurately, as jitter in the RX direction won't affect the results.
commit e3c763eae89df9a69bb2d611238ef18f78de311f
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sun Jul 21 13:05:42 2013 +0100
Introduce lightweight PMTU probe replies.
When replying to a PMTU probe, tinc sends a packet with the same length
as the PMTU probe itself, which is usually large (~1450 bytes). This is
not necessary: the other node wants to know the size of the PMTU probes
that have been received, but encoding this information as the actual
reply length is probably the most inefficient way to do it. It doubles
the bandwidth usage of the PMTU discovery process, and makes it less
reliable since large packets are more likely to be dropped.
This patch introduces a new PMTU probe reply type, encoded as type "2"
in the first byte of the packet, that indicates that the length of the
PMTU probe that is being replied to is encoded in the next two bytes of
the packet. Thus reply packets are only 3 bytes long.
(This also protects against very broken networks that drop very small
packets - yes, I've seen it happen on a subnet of a national ISP - in
such a case the PMTU probe replies will be dropped, and tinc won't
enable UDP communication, which is a good thing.)
Because legacy nodes won't understand type 2 probe replies, the minor
protocol number is bumped to 3.
Note that this also improves bandwidth estimation, as it is able to
measure bandwidth in both directions independently (the node receiving
the replies is measuring in the TX direction) and the use of smaller
reply packets might decrease the influence of jitter.
commit e3a4672afb8eb341b380e74b2bf6d098f61c08a3
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 20 22:59:57 2013 +0100
Disable PMTU discovery when TCPOnly is set.
Obviously, PMTU discovery doesn't make much sense when we know we'll be
using TCP anyway.
commit b03bbaa38561e790873de3adabc3d4405be17fb8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 21 00:20:54 2013 +0200
Allow extra options to be passed to "tinc restart" again.
commit e82bec667059b370b0cfd5df2a34647b8f32829c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 21 00:13:38 2013 +0200
Forbid protocol version rollback.
When we know a node's ECDSA key, we only allow communication via the SPTPS
protocol.
commit fab2965d381f2f71ea8d249d30294918e954d2db
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 20 23:41:01 2013 +0200
Attribution for Etienne Dechamps.
commit 51c1639884b409a98a4581a7b661ef65b94e9d86
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 20 14:50:28 2013 +0100
Fix hash_function().
The hashing function that tinc uses is currently broken as it only looks
at the first 4 bytes of data.
This leads to interesting bugs, like the node UDP address cache being
subtly broken because two addresses with the same protocol and port (but
not the same IP address) will override each other. This is because
the first four bytes of sockaddr_in contains the IP protocol and port,
while the IP address itself is contained in the four remaining bytes
that are never used when the hash is computed.
commit 182890814881be90e28ac5183039e25709766992
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 17 18:06:56 2013 +0200
Don't use vasprintf() anymore on Windows.
Windows doesn't actually support it, but MinGW provides it. However, with some versions of
MinGW it doesn't work correctly. Instead, we vsnprintf() to a local buffer and xstrdup() the
results.
commit 54127996ca4156668b6c7df3bb5d8f952dc598ad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 17 18:02:07 2013 +0200
Don't search in local directories for include files.
Tinc's source code doesn't rely on this anymore, and this gets rid of potential conflicts with
system headers.
commit fb1e69072e9c1dda35033cc2785c27e324a2abda
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 17 18:00:40 2013 +0200
Add missing definitions on Windows.
commit 918067f117d5b9983a8f2273fd81983362a2ff88
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 15 14:48:43 2013 +0200
Fix warning "Both netname and configuration directory given" on Windows.
commit 633b7cbb452ea19e515cadee9bc63e631f8183c2
Author: Etienne Dechamps <etienne@edechamps.fr>
Date: Sat Jul 13 23:34:42 2013 +0100
Fix combination of Mode = router and DeviceType = tap on Linux.
I believe I have found a bug in tinc on Linux when it is used with
Mode = router and DeviceType = tap. This combination is useful because
it allows global broadcast packets to be used in router mode. However,
when tinc receives a packet in this situation, it needs to make sure its
destination MAC address matches the address of the TAP adapter, which is
typically not the case since the sending node doesn't know the MAC
address of the recipient. Unfortunately, this is not the case on Linux,
which breaks connectivity.
commit 24e3ec863ec463186501f76961c6d4b1dfe122af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 11 23:38:38 2013 +0200
Add connection rate limiting.
Tinc now strictly limits incoming connections from the same host to 1 per
second. For incoming connections from multiple hosts short bursts of incoming
connections are allowed (by default 100), but on average also only 1 connection
per second is allowed.
When an incoming connection exceeds the limit, tinc will keep the connection in
a tarpit; the connection will be kept open but it is ignored completely. Only
one connection is in a tarpit at a time to limit the number of useless open
connections.
commit 2eba7933053d7d21bf82e647978ee90abe98dc3a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 5 21:36:51 2013 +0200
Set $NAME when calling host-up/down and subnet-up/down scripts.
commit b811e980e3a2a301c019459b91df2252468fd572
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 31 18:50:34 2013 +0200
Add the LocalDiscoveryAddress option.
When LocalDiscovery is enabled, tinc normally sends broadcast packets during
PMTU discovery to the broadcast address (255.255.255.255 or ff02::1). This
option lets tinc use a different address.
At the moment only one LocalDiscoveryAddress can be specified.
commit e92b2004e20e1c8e6bc56f97bf4a45c6da4a630c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 31 17:23:00 2013 +0200
Use strerror() instead of gai_strerror() when err == EAI_SYSTEM.
commit ce5e0f6557edba19f8077661c034f48cdfd64b9a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 30 17:38:48 2013 +0200
Allow the log output to be stopped with control-C in tinc's shell.
commit 6bf3595a915111770b7a167c54ccbca86cfbec78
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 30 16:53:16 2013 +0200
Better optional argument handling.
Some options can take an optional argument. However, in this case GNU getopt
requires that the optional argument is right next to the option without
whitespace inbetween. If there is whitespace, getopt will treat it as a
non-option argument, but tincd ignored those without a warning. Now tincd will
allow optional arguments with whitespace inbetween, and will give an error when
it encounters any other non-option arguments.
The tinc binary now requires that all options for itself are given before the
command.
commit ced4c1a327b321a6d73028a3a15b41b0be64d910
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 29 18:31:10 2013 +0200
Add an invitation protocol.
Using the tinc command, an administrator of an existing VPN can generate
invitations for new nodes. The invitation is a small URL that can easily
be copy&pasted into email or live chat. Another person can have tinc
automatically setup the necessary configuration files and exchange keys
with the server, by only using the invitation URL.
The invitation protocol uses temporary ECDSA keys. The invitation URL
consists of the hostname and port of the server, a hash of the server's
temporary ECDSA key and a cookie. When the client wants to accept an
invitation, it also creates a temporary ECDSA key, connects to the server
and says it wants to accept an invitation. Both sides exchange their
temporary keys. The client verifies that the server's key matches the hash
in the invitation URL. After setting up an SPTPS connection using the
temporary keys, the client gives the cookie to the server. If the cookie
is valid, the server sends the client an invitation file containing the
client's new name and a copy of the server's host config file. If everything
is ok, the client will generate a long-term ECDSA key and send it to the
server, which will add it to a new host config file for the client.
The invitation protocol currently allows multiple host config files to be
send from the server to the client. However, the client filters out
most configuration variables for its own host configuration file. In
particular, it only accepts Name, Mode, Broadcast, ConnectTo, Subnet and
AutoConnect. Also, at the moment no tinc-up script is generated.
When an invitation has succesfully been accepted, the client needs to start
the tinc daemon manually.
commit 12e68b95e6a84582a016492a467d0a16337a3c4b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 28 13:41:53 2013 +0200
Fix port number in pidfile.
commit cbe03b09324dcf930e9bec71a809c66e2d3d77d5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 28 13:40:32 2013 +0200
Add a newline when logging to stderr in the tinc binary.
commit c3d357af6c73d538f7cbcaca293ebbca666d3a82
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 28 13:39:15 2013 +0200
Improve base64 encoding/decoding, add URL-safe variant.
b64decode() now returns length 0 when an invalid character was encountered.
commit ad93dc3a4b89799e8d5c1154e1dacc5b9a31c83b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 28 13:36:26 2013 +0200
Annotate the xalloc functions.
Most important is the annotation of xasprintf() with the format attribute,
which allows the compiler to give warnings about the format string and
arguments.
commit bc87b450034382858822b918f43bdf31ad8e6995
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 18 16:11:30 2013 +0200
Send a new key when we receive packets from a node we don't have a valid key for.
commit a9b80226e10b0a957604ad55edd945f49bc5f334
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 15 13:55:06 2013 +0200
Enable and fix warnings from automake.
commit a518f82af79036527cb8d1a592a6778ec1657e9c
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Tue May 14 02:57:35 2013 +0200
Modified some error messages in src/sptps.c.
commit fa20cfceecee1756ecb7882b6fe9167f4db92777
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 12 13:39:22 2013 +0200
Don't try to handle incoming data if sptps_start() has not been called yet.
commit 52f64cdf954a525bf7de1c5f9d3be60dfbe220b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 11 16:54:50 2013 +0200
Fix potential NULL pointer dereferences.
commit d03dc91e27b31851f87351c03cfc9a43c1b06458
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 11 14:13:23 2013 +0200
Don't free ephemeral ECDH keys twice.
ecdh_compute_shared() was changed to immediately delete the ephemeral key after
the shared secret was computed. Therefore, the pointer to the ecdh_t struct
should be zeroed so it won't be freed again when a struct sptps_t is freed.
commit fc119fb0096a9221f2cff279b07c886bcd794d28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 11 14:05:28 2013 +0200
Use read_host_config() where appropriate.
commit 3c163a3796c984deb874fb1cca1ed9a85fc1d087
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 11 14:04:39 2013 +0200
Fix check for presence of ECDSA public key for outgoing connections.
At this point, c->config_tree may or may not be NULL, but this does not tell us whether it is an
outgoing connection or not. For incoming connections, we do not know the peer's name yet,
so we always have to claim ECDSA support. For outgoing connections, we always need to check
whether we have the peer's ECDSA public key, so that if we don't, we correctly tell the peer that
we want to upgrade.
commit c83c2d080f21b12db42ef664d7c3272b8b700656
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 10 21:11:45 2013 +0200
Enable the SPTPS protocol by default.
commit ee34ac3d6125b7d1f41afa82c7e30f0a7205546c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 10 20:55:52 2013 +0200
Add a few more checks and warnings in the crypto functions.
commit 214060ef20499332b0369030b664a8e239518661
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 10 20:30:47 2013 +0200
Fix warnings for functions marked __attribute((warn_unused_result)).
commit 7b949262c4c01fdeff30a612d43f4b64f1ad426f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 10 20:23:01 2013 +0200
Add __attribute__((warn_unused_result)) to crypto functions.
commit 45063953fd3f2c25c7f8cc65860b32a35b3ba80e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 10 20:15:27 2013 +0200
Add more __attribute__((malloc)) where appropriate.
commit 0acdce222ff21c84cafc82c137e3d1e107a66fd9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 1 17:45:38 2013 +0200
Add generic crypto headers.
They should have been included in commit 9b9230a.
commit 5b07039b0712bee0f19749d63116a10fb08a2d8b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 1 17:31:33 2013 +0200
Rename xmalloc_and_zero() to xzalloc().
The former name is more or less only used by tinc, the latter is used by other
projects as well, and shorter as well.
commit 9b9230a0a79c670b86f54fadd2807b864ff9d91f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 1 17:17:22 2013 +0200
Use conditional compilation for cryptographic functions.
This gets rid of the rest of the symbolic links. However, as a consequence, the
crypto header files have now moved to src/, and can no longer contain
library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t
and rsa_t are now all opaque types, and only pointers to those types can be
used.
commit e70b5b5bd77bb66e8dd324c17d86d9bff151aa82
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 1 12:20:06 2013 +0200
Use conditional compilation for device.c.
This requires the automake option "subdir-objects" to be enabled, and it
becomes more critical to specify the exact path to local header files.
commit 9f8020a09ce08210a10a0c65cefd83d2646395ab
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 1 11:46:40 2013 +0200
Modernize the configure script a bit.
commit 43c72093ade72f14cb2fc78bef55dade8cd38df7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 28 19:33:04 2013 +0200
Don't try to create tinc.conf when using set or add commands.
It is almost certainly an error. If one really wants to create a new tinc.conf
file, one should use the init command.
commit 8e732fcbbb5ac627ea302bf5c0ea17ec9b3cea7c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 22 15:54:05 2013 +0200
Releasing 1.1pre7.
commit 258bf7ea0fe69bae395a084843ba59b9770199f1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 12 17:15:05 2013 +0200
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Normally all requests sent via the meta connections are checked so that they
cannot be larger than the input buffer. However, when packets are forwarded via
meta connections, they are copied into a packet buffer without checking whether
it fits into it. Since the packet buffer is allocated on the stack, this in
effect allows an authenticated remote node to cause a stack overflow.
This issue was found by Martin Schobert.
commit 9e2ae03d1dc3b0d9a32a748320b9ed1565fa1374
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 11:28:40 2013 +0100
Fix completion of add/del/get/set commands.
commit f8f250ca1289990cb1fe69dfa252f0796aa38255
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 10:49:45 2013 +0100
Describe the SPTPS protocol in the manual.
Also mention that Cipher, Digest and MACLength have no influence on the SPTPS protocol,
since that uses a fixed ciphersuite.
commit 40666a5f5b85aa0151c3ba60950267f3c2a3a6bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 8 16:26:21 2013 +0100
Remove references to the config keyword.
commit 23a634becf09ac84c71250474fcb96e23b0ebdf1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 8 16:22:56 2013 +0100
Rename tincctl to tinc.
commit 3793cf10da488b9f4f7a1ac71f60bc270bdf31c6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 8 14:12:48 2013 +0100
Include README.android in the tarballs.
commit 4c30004cb6dc23616d7295b0ce631f066e7f1f82
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 8 14:11:15 2013 +0100
Avoid calling time(NULL).
In most cases we can use the cached time.
commit af77e5d475d4d4ab7ad036e926a05f4f3b5c6589
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 8 11:40:40 2013 +0100
Allow changing configuration with tincctl without the "config" keyword.
This saves typing some characters, and forces one to be more explicit about the
desired command (get, set).
commit 1d226977a43cc6c3e4ff32e1a41a06dde08356e0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 8 11:24:37 2013 +0100
Better default output file for generated public keys.
commit f9ab8e266b93aa3be772374ef4a8fdb06e376568
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 17:15:26 2013 +0100
Flush output buffers in the tap reader thread on Windows.
This is basically a port of commit 50fcfea1 to 1.1.
commit 4d05e695ab68a16cc5ed853b50482c443c6e12a9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 22 15:37:48 2013 +0100
Use UDP when using sptps_test in datagram mode.
commit a93c0139c5734f89180483b5fe160b334f7ece4b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 15:35:19 2013 +0100
Releasing 1.1pre6.
commit d298ebe91c9209d139f38b6de2e42bf7c5bb5899
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 15:35:08 2013 +0100
Fix compiler warnings on some BSD variants.
commit 3847b78ba5900fe4311e9ef62474e32e1a6750e5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 14:39:24 2013 +0100
Fix compiler warnings on Windows.
commit 1bb969c9306812d0d5c954fe8db32ed1a248bf20
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 13:59:50 2013 +0100
Fix a tiny memory leak.
Found by cppcheck.
commit d21f63d5b39280b653ca72a272f3a70c7c3f03be
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 8 16:44:50 2013 +0100
Don't expect a response from tincd after sending REQ_STOP.
commit 26eca516508829c3f9d8f2549335f613b569e8f5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Feb 7 15:27:16 2013 +0100
Let the GUI use UNIX sockets if available.
commit a8b52becbbd86a52dc50a6a1b725a80737f2c760
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Feb 7 15:26:56 2013 +0100
Derive UNIX socket filename from PID filename.
commit 079dcd01794187d2857e1233f6c9930310812593
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Feb 7 14:22:28 2013 +0100
Don't send proxy requests for incoming connections.
commit ee63f2a32be398c31301e9ce9154511b24089d8d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 6 15:24:02 2013 +0100
Fix segmentation fault when trying to connect via a SOCKS5 proxy.
commit 053af97c9e729ab485609e4202f5195fdc8aeeb5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 6 15:12:53 2013 +0100
Check for writability when waiting for a socket to finish connecting.
We were checking only for readability, which is not a problem for normal
connections, since the server side of a connection will always send an ID
request. But when using a proxy, the proxy server doesn't send anything before
the client, so tinc would not see that its connection to the proxy had already
been established.
commit 1135669b3c6820f5473ea451a58865f552ba768f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 6 11:30:35 2013 +0100
Fix tincd terminating immediately on Windows.
commit 9c878bf56f81049397a35d3a41aa69749c697fce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 31 16:12:56 2013 +0100
Remove direct inclusion of OpenSSL headers in net_packet.c and tincd.c.
commit 42b222ecb66b1957d7b439e5d8be8b287aef0054
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 31 15:58:33 2013 +0100
Detect increases in PMTU.
Tinc never restarts PMTU discovery unless a node becomes unreachable. However,
it can be that the PMTU was very low during the initial discovery, but has
increased later. To detect this, tinc now tries to send an extra packet every
PingInterval, with a size slightly higher than the currently known PMTU. If
this packet is succesfully received back, we partially restart PMTU discovery
to find out the new maximum.
Conflicts:
src/net_packet.c
commit 87416bcd8bd3e8816750150e2dbe90a970400a00
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 21 16:12:18 2013 +0100
Get microsecond time resolution on Windows.
commit 8aadbd4b37cddaf021949e93bceab98146f4c499
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 21 13:59:52 2013 +0100
Fix a typo.
commit 3a039ece25198c87e67950f0c4687587bf268075
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 21 13:47:46 2013 +0100
Fix datagram SPTPS.
Commit dd07c9fc1f37bed8d1f67ffe7b203f61e7914edf broke the reception of datagram
SPTPS packets, by undoing the conversion of the sequence number to host byte
order before comparison. This caused error messages like "Packet is 16777215
seqs in the future, dropped (1)".
commit cc3c69c892b0dad9a6ece0a0f4ccd429a22fcbff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 20 21:03:22 2013 +0100
Releasing 1.1pre5.
commit 76dbcf89895e87144e1bcb3b5cb98ffce03c383b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 20 21:02:58 2013 +0100
Fix tincctl init when /etc/tinc does not yet exist.
commit aa465969918ce3f3332f5829dbc482fc3b732012
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 20 20:19:08 2013 +0100
Remove possible definition of timersub(), which is also in dropin.h.
commit 1be7dc759a64d436fd7586aad43b545f2dc665b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 20 15:16:13 2013 +0100
Make sure PriorityInheritance also works in switch mode.
Conflicts:
src/route.c
commit 94587264bda45cce0295aaa37b59905d4b9843a8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 17 18:12:55 2013 +0100
Allow connections via UNIX sockets.
This is mainly useful for control connections. The client must still present
the control cookie from the PID file.
commit 2c1412306242d26f7803829873e582b50adde922
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 17 16:39:41 2013 +0100
Fix compilation of UML and VDE device support.
commit f5bb64b36ae0807cdd3f241f81a8e933065437f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 17 16:39:02 2013 +0100
Move make_names() and related variables to its own source file.
commit a9eba276a4ccec1c67611e8496ac0a30137b7493
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 17 14:14:17 2013 +0100
Handle SIGINT gracefully.
commit 1ddd6111a40733929089316838020f89176cbda2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 17 11:21:18 2013 +0100
Fix the minimum spanning tree algorithm.
Tinc uses Kruskal's algorithm to calculate a MST. However, this was broken in
commit 6e80da3370249caa1082c23c3ef55f338d1e9e74. Revert back to the working
algorithm from tinc 1.0.
Thanks to Cheng LI for spotting the problem.
commit 61275547cdf950e1c4499f19044ff171a9a74af7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jan 16 16:31:56 2013 +0100
Estimate RTT, bandwidth and packet loss between nodes.
Without adding any extra traffic, we can measure round trip times, estimate the
bandwidth and packet loss between nodes. The RTT and bandwidth can be measured
by timing the MTU probe packets. The RTT is the difference between the time a
burst of MTU probes was sent and when the first reply is received. The
bandwidth can be estimated by multiplying the size of the probe packets by the
time between succesive received probe replies of the same burst. The packet
loss can be estimated for incoming traffic by comparing how many packets have
actually been received to the increase in the sequence numbers.
The estimates are not perfect. Especially bandwidth is difficult to measure,
the only accurate way is to continuously send as much data as possible, but
that is obviously not desirable. The packet loss rate is also almost always
a few percent when sending a lot of data over the VPN via TCP, since TCP
*needs* packet loss to work properly.
commit eef25266cb862b5e2c24450d158d99e3cb43e511
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 15 13:33:16 2013 +0100
Count the number of correctly received UDP packets.
Keep track of the number of correct, non-replayed UDP packets that have been
received, regardless of their content. This can be compared to the sequence
number to determine the real packet loss.
commit b50a92d0c3d26edfeb7c8d6c1b8c3adc28edd6fe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 15 13:31:51 2013 +0100
Add the tincctl exchange and exchange-all commands.
These are identical to an export/export-all followed by an import, and make
it simpler to exchange host config files with other nodes.
commit dd07c9fc1f37bed8d1f67ffe7b203f61e7914edf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 13:08:35 2013 +0100
Check HMAC before sequence number.
commit 83a94ab08fb36b88a473a56b164a9795637fe798
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 13:02:39 2013 +0100
Always complain if too many arguments are given for tincctl commands.
commit 50e1790101efa1d695ce27498e7d7dede7ed3f9b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 13:01:47 2013 +0100
Better error messages when using -L, -R or -U on platforms that do not support it.
commit cad86108f3a47e9bba885ccd8decf20057f909f7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 12:59:17 2013 +0100
Don't complain about garbage if we skipped importing a host file.
commit c90c431bc93c1478836149a8724fdc68d1ec455c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 12:58:24 2013 +0100
Mention that the -L, -R and -U options are not supported on all platforms.
commit 5b88f5ba74fa9aa2cad82576308847e08cea88b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 12:57:33 2013 +0100
Note that tincctl import is only meant to work with data from tincctl export.
commit bb228e2f058c1274dca29ba255714e6fa2be494f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 12:56:54 2013 +0100
Note that node Names are case sensitive.
commit 2c7ecdcd0c50d4d3da6ff0b8fc2ea39573338d7f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 14 12:56:14 2013 +0100
Fix a typo.
commit 17a0b3a8907d7e618eb94ee2792d10c7cb8d3f30
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 16 15:36:06 2012 +0100
Fix support for tunemu on iOS devices.
The actual code was fine but the #ifdefs tested for the wrong preprocessor
variable.
Conflicts:
src/bsd/device.c
src/process.c
commit c26581e29f1f8f23217da266b57082e81dfc8320
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 7 15:49:21 2012 +0100
Fix infinite loop in timeout handling on Windows.
commit 58026f72a17b316f1b9756400f0ee9e9f519f877
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 6 16:57:57 2012 +0100
Fix display of cumulative packet counters.
commit b300f99dfbda5fc57a5366cdcb2a347e38723417
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 6 16:55:28 2012 +0100
Clarify the description of IndirectData and Mode = router.
commit 5b7f42bca4dbfee7a5fa2bc119f4739baaeb2f55
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 5 22:32:10 2012 +0100
Releasing 1.1pre4.
commit 4c16094e949e1f17461ac744118076a3cec437e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 5 21:42:43 2012 +0100
Fix whitespace.
commit 4f8abf1b29b117c5d593bfa7703966fd88e9eace
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 5 21:40:49 2012 +0100
Scale packet counters similar to byte counters.
commit d5f0ff5df86d06825110527ddc252b1268e31479
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 5 21:33:01 2012 +0100
Don't use nested functions.
This allows tinc to be compiled with Clang.
commit eb80105ea855f2c7ee0ea467574acf86cf455a77
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 5 14:42:21 2012 +0100
Fix compiler warnings on OpenBSD.
commit 5e3607b616538eac7bb70d78d4f20d847a1c3064
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 3 13:09:40 2012 +0100
Remove GraphDumpFile from the manual and manpages.
This option is not supported in tinc 1.1, "tincctl dump graph" can be used
instead.
commit a717b9bcfbe811787fd6718fb3f8fb3f272bcfb9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 3 13:08:03 2012 +0100
Add option to dump only a list of reachable nodes.
commit 75c619e372f02f8225d158fd514f01bd04857d3b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 3 10:41:28 2012 +0100
More fixes for Windows.
In particular, Windows does support many of the timer* macros, except timeradd
and timersub.
commit d53384c2de6d2824b9adcec111301d86e6b25f8e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 3 09:08:21 2012 +0100
Fix compiler error on Windows.
commit 76816e119b7d38a14823d430aafeff362dfbfd41
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 3 09:07:23 2012 +0100
Fix crash in timeout handling.
commit d19b00606576d19ef206e363ac709daf3bd00f25
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 3 09:02:08 2012 +0100
Set a node's pointers to zero before trying to insert it into a tree.
commit d2b19be1a0dd3c4987aa926117f5bf281892c78b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 29 14:35:08 2012 +0100
Fix use of unitialised values in hash tables.
Not only was Valgrind unhappy about it, it could also result in cache misses.
commit d9c70767aa6da8b62b4a1034d5f07892603beddd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 29 14:32:12 2012 +0100
Fix check for expired events.
This would trigger a infinite loop if a timeout expired and the next timeout
was not expired yet, but less than 1 second from being expired.
commit 8825cddd0d8ed6dad00924ef382139da51ca3fc4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 29 12:37:04 2012 +0100
Allow multiple timeouts to expire at the exact same time.
commit 6bc5d626a8726fc23365ee705761a3c666a08ad4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 29 12:28:23 2012 +0100
Drop libevent and use our own event handling again.
There are several reasons for this:
- MacOS/X doesn't support polling the tap device using kqueue, requiring a
workaround to fall back to select().
- On Windows only sockets are properly handled, therefore tinc uses a second
thread that does a blocking ReadFile() on the TAP-Win32/64 device. However,
this does not mix well with libevent.
- Libevent, event just the core, is quite large, and although it is easy to get
and install on many platforms, it can be a burden.
- Libev is more lightweight and seems technically superior, but it doesn't
abstract away all the platform differences (for example, async events are not
supported on Windows).
commit d30b9e1272fef18070d37d10b2b3e4bb2fc07f59
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 19 14:20:50 2012 +0100
Ensure MTU probe replies are sent back the same way they came in.
Also sprinkle some comments over mtu_probe_h().
commit 3c1b7047332f4b5e9d5ae7109e696b33712a5fb2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 19 13:50:17 2012 +0100
Improve UDP address selection.
We don't need to search the whole edge tree, we can use the node's own edge
tree since each edge has a pointer to its reverse. Also, we do need to make
sure we try the reflexive address often.
commit f57129ce3439f3826c12f15feb5df05e5ad8cab9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 17 22:48:06 2012 +0100
Try all known addresses of node during PMTU discovery, now also for SPTPS.
commit 30404650b28bf72d0b05b55393f2dd492434f9f3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 17 22:14:52 2012 +0100
Choose a suitable socket when updating a node's UDP address.
commit 8f9ee895224b39347783f3119343efc3bdaa3511
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 15 11:24:18 2012 +0100
Also don't use poll() on MacOS/X.
commit 8a77df9e28114cbfd83351070fdb266cf31fc310
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 15 11:13:40 2012 +0100
Disable support for kqueue on MacOS/X.
Apparently MacOS/X doesn't support kqueue events on character devices.
commit 818c92e6583006bf2e38f1027044925df6cf0ca0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 14 10:44:35 2012 +0100
Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
commit e8bf81794f412b27261be0f2aa4eb287352041af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 13 15:05:41 2012 +0100
Send broadcast packets using a random socket, and properly support IPv6.
Before it would always use the first socket, and always send an IPv4 broadcast packet. That
works fine in a lot of situations, but it is better to try all sockets, and to send IPv6 packets
on IPv6 sockets. This is especially important for users that are on IPv6-only networks or that
have multiple physical network interfaces, although in the latter case it probably requires
them to use the ListenAddress variable to create a separate socket for each interface.
commit 0870c7c32cf8a24f234fc066df867747ddb1ddc7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 13 15:01:43 2012 +0100
Don't take the address of a variable whose scope is about to disappear.
commit bb3d7f3b31d4a429d1c31c6621d82f34dd552482
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 11 19:01:28 2012 +0100
Fix configure script help text for --enable options.
commit 5bfbb8f6c58307a8109f556caa30be122cc4d39f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 11 19:01:02 2012 +0100
Fix index entry for section about readline library.
commit 5766518589a5e6cc43ba77a4049059ead05fb300
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 11 18:53:23 2012 +0100
Mention in the manual that support for LZO and zlib can be disabled.
commit 6ec4596557d658f6c15c2cb9a96152c8c476118a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 11 18:45:40 2012 +0100
Mention libcurses and libreadline in the manual.
commit 0ee139e91431527015b7132e4c36f8d4ec09f66b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 10 23:45:22 2012 +0100
Make sure PMTU discovery works in switch mode with VLAN tags.
Before, when tinc saw a packet larger than the PMTU with a VLAN tag, it would
not know what to do with it, and would just forward it via TCP. Now, tinc
handles 802.1q packets correctly, as long as there is only one tag.
commit ade4fccad6857f3d6d548e52bc94ab23751e4fef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 10 23:13:05 2012 +0100
Using alloca() for a constant sized buffer is very silly.
Cppcheck said using alloca() in the 21st century is silly anyway.
commit b355476e917f377abb6434657933fcf4ffe6870a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 10 23:09:31 2012 +0100
Fix potential buffer overflow reading the PID file.
Found by cppcheck.
commit edc08b73a9e353bde6db4c73866a6a730a1a7cb4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 21 17:45:16 2012 +0200
Slightly randomize all timeouts.
commit 717ea66d7ba0c23f27d86b3d5c6992b751135455
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 21 17:35:13 2012 +0200
Add the AutoConnect option.
When set to a non-zero value, tinc will try to maintain exactly that number of
meta connections to other nodes. If there are not enough connections, it will
periodically try to set up an outgoing connection to a random node. If there
are too many connections, it will periodically try to remove an outgoing
connection.
commit 1f8b70efa0dedbd3642e0ee82a640d125664af34
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 21 17:34:53 2012 +0200
Keep track of the number of nodes in a tree.
commit 0006c754f2e61e108aa2dd5a6ddd2e9b50d51bd6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 17 13:51:02 2012 +0200
Fix warnings from groff.
commit 0db9e471ea53b48687ea247c855cd95ec453530c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 19:22:30 2012 +0200
Releasing 1.1pre3.
commit 3254e75afe0ff28fed68d8682f61c184f442161d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 19:21:13 2012 +0200
Fix a few compiler errors/warnings.
commit 70a1a5594af5d4e6a364186b42ba4e34c676009b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 17:42:49 2012 +0200
Update copyright notices.
commit 4200a378c4fedf64e89b9f8481d7cd09dac14965
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 16:39:16 2012 +0200
Fix compile error on Windows.
commit 368727c3dac4a1f8343e2e0eccf5bc62d9b197e2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 16:07:35 2012 +0200
tincctl: add node colors and edge weight to graph dump.
commit 40ed0c07dd3d4667054b0f5952b89ee39686493b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 15:37:24 2012 +0200
Log more messages using logger().
commit b234304b6628aeddce63d7f751da97c3344bbb78
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 14:48:35 2012 +0200
Make sure the ReplayWindow option works for SPTPS as well.
commit ee1d655f2f1ede6da66b6268974d6f9585c616b3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 14:45:27 2012 +0200
Only log success of initial datagram SPTPS handshake.
commit 44a24f63acc70d19904e5540986b8301b3c9b882
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 14 14:33:54 2012 +0200
Fix handling of initial datagram SPTPS packet.
Only the very first packet of an SPTPS session should be send with REQ_KEY,
this signals the peer to abort any previous session and start a new one as
well.
commit ec1f7e525d046bcaeb8e7040b8cec9a34a568371
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Oct 12 17:08:01 2012 +0200
sptps.c: Add missing newline to log message.
commit 94ec8d34db0ddef14b5446975663e5ff37e27b45
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 11 22:47:13 2012 +0200
Strip newline from incoming SPTPS requests.
Most of the code doesn't care whether requests are terminated with a newline or
not, except that when requests are forwarded, it is assumed they do not have
one and a newline is added. When a node using SPTPS receives a request from
another SPTPS-using node, and forwards it to a non-SPTPS-using node, this will
result in two consecutive newlines, which the latter node will see as an empty,
and thus invalid, request.
commit 45944e4514a7765f858fa33cc1d9719a603099e0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 11 22:21:30 2012 +0200
Clear status and options fields of unreachable nodes.
commit d917c8cb6b69475d568ccbe82389b9f2b3eb5e80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 10 17:17:49 2012 +0200
Fix whitespace.
commit 58f4b845b9a7d83739af77337f2ce263d8df7838
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 10 14:46:22 2012 +0200
Try all known addresses of node during the PMTU discovery phase.
This helps in situations where some nodes have IPv6 and others have not.
commit 0ed0cc6f9c30537bd74222fd99a41726d488dd37
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 17:49:09 2012 +0200
Fix hash functions for keys whose size is not divisible by 4.
commit d1ec010660905ae0b99d783737350ccc08b37b16
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 16:27:28 2012 +0200
Fix memory leaks found by valgrind.
commit 72642b40b3ad476101622da202b6f977a32b472f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 15:52:58 2012 +0200
Clear Ethernet header when reading packets from a tun device.
This fixes a warning from valgrind about uninitialized bytes, which were being
sent to other nodes.
commit b346338f9c2de6f71d87cb4ad8e61b0af0052688
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 13:28:09 2012 +0200
Remove unused variables, fix some #includes.
commit f62b4a91344bd0de09e7fb4e4c8c1993ffc027c3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 13:23:12 2012 +0200
Fix deleting connections from the connection list.
commit 0b8b23e0dd7219344543f135ca0aeba8a4a42d48
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 00:35:38 2012 +0200
C99 extravaganza.
commit ff306f0cdaedb50de1472e7c1fb55de922a6ca60
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 21:59:53 2012 +0200
Replace the connection_tree with a connection_list.
The tree functions were never used on the connection_tree, a list is more appropriate.
Also be more paranoid about connections disappearing while traversing the list.
commit ce059e36fdb3d3049c278e8b2f36b03c93778996
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 21:02:40 2012 +0200
Refactor outgoing connection handling.
Struct outgoing_ts and connection_ts were depending too much on each other,
causing lots of problems, especially the reuse of a connection_t. Now, whenever
a connection is closed it is immediately removed from the list of connections
and destroyed.
commit d93a37928b75b17ac5e1eae5c2d62fd0760a6608
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 17:53:23 2012 +0200
Fix warnings from cppcheck.
commit 5d0812d49275ec8bda2b5b0ac813239045463777
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 14:06:47 2012 +0200
Remove a debug message.
commit c2a9ed9e98e3dc4218c74fff774ddfe654adfd72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 14:03:50 2012 +0200
Handle packets encrypted via SPTPS that need to be forwarded via TCP.
commit bb6b97ce3493d49b79f1bd57fdac420c312ef8d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 13:31:19 2012 +0200
Make datagram SPTPS key exchange more robust.
Similar to old style key exchange requests, keep track of whether a key
exchange is already in progress and how long it took. If no key is known yet
or if key exchange takes too long, (re)start a new key exchange.
commit b99af2f813b897e1fd49c87a7cf44241cad3a017
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 7 11:45:54 2012 +0200
Useful error messages when writing to a meta connection fails.
commit e05371346548dee977d4ee45e12e3058e749afb6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 21:16:17 2012 +0200
When terminating, keep control connections open until the end.
This ensures all device files and listening sockets have been closed before
tincctl gets notified of tincd's termination.
commit 86116bb022f0b885638ff9ba21b359fc9f55286a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 21:15:19 2012 +0200
Clear connection options and status fields in free_connection_partially().
Most fields should be zero when reusing a connection. In particular, when an
outgoing connection to a node which is reachable on more than one address is
made, the second connection to that node will have status.encryptout set but
outctx will be NULL, causing a NULL pointer dereference when
EVP_EncryptUpdate() is called in send_meta() when it shouldn't.
commit ef9358c0d616c5ff3391c8ec3da5d357286a4457
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 17:45:03 2012 +0200
Improve starting/stopping tincd using tincctl.
When starting tincd, tincctl now strips non-options from the command line, and
sets argv[0] to the name of the tincd command instead of copying its own
command name.
When stopping a running tincd, tincctl now waits for it to terminate.
commit 47f33e07ff90b557cfa96999e921d35ea537ca80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 6 16:53:43 2012 +0200
Fix off-by-one error.
Apart from writing 1 byte beyond an array allocated on the stack, this slipped
an unitialized byte in the seed used for key generation.
commit 20b441a6de743b2149df59cfb94a7663e1924fa3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 1 10:42:13 2012 +0200
Libreadline might depend on libcurses.
commit 3887e6dcb54494ee11798e721e274e06b0a5621a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 1 10:39:15 2012 +0200
Remove abort() call that accidentily sneaked into commit dd1b69e.
commit 0b0949e5bb63f9545feb4714812e2aa2112fb092
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 1 10:36:23 2012 +0200
Make sure sptps_test compiles without -flto.
commit b381acd60dbadbb4bc679d35a7d86bf425f21f86
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 30 23:12:43 2012 +0200
Remove unused function declaration.
commit dd1b69e31f83e2cc200ecc10e6d927373823332b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 30 22:43:48 2012 +0200
Fix not reading Port statement from host config file.
commit 6dfdb323612184529b4b83c1be914dda8262de47
Merge: 9e76c464 c4940a5c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 30 15:00:47 2012 +0200
Merge branch 'master' into 1.1
Conflicts:
lib/utils.c
src/net_setup.c
src/process.c
src/protocol_auth.c
src/protocol_key.c
src/utils.h
commit c4940a5c888d85b4c477b6face5e9a618e64718d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 30 13:45:47 2012 +0200
Add strict checks to hex to binary conversions.
The main goal is to catch misuse of the obsolete PrivateKey and PublicKey
statements.
commit 3bd810ea79d6933839ddac4a2cf1445c51947d38
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 30 13:45:39 2012 +0200
Attribution for Martin Schürrer.
commit 5a161e86cf35351f5274d7a8e17fef4630b40686
Author: Martin Schürrer <martin@schuerrer.org>
Date: Sun Sep 30 02:04:55 2012 +0200
Output details of encryption errors
commit 9e76c464b26b066e1eb3aa5232e573792e28020d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 28 17:51:48 2012 +0200
Remove some debugging messages.
commit e971130b601064090815c31c90b876e3d0d1d5b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 28 17:36:25 2012 +0200
Make tincctl robust against dropped control connections.
commit c5325ffdd1c6749beaf842c272eb28ecd5a070b6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 28 17:05:01 2012 +0200
Correctly add/remove outgoing connections when reloading configuration.
commit f417271ea1447589ea05901f54fbb0377e7afaf9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 28 17:03:14 2012 +0200
Fix column sorting, make all lists sortable.
commit aee86011ff2d389832fc9a23081ea23ab8484607
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 27 22:12:15 2012 +0200
Let the GUI handle the new dump format.
commit fac5593f44e47f3bd4f4b425ada38ab49fbe3b42
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 27 17:19:02 2012 +0200
Fix links in documenation.
commit 2e09986a1fd6dc5b6313f10e5d86aaaf4a531235
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 27 17:18:49 2012 +0200
Fix links in documentation.
commit f70cbc9d3ee3a88cf956592007e57f7a1dde2c17
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 27 15:45:02 2012 +0200
Comment out old public/private keys when generating new ones.
commit 38dbc63f118dbfdb955b56740b8c20a9379fb3ba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 26 23:56:21 2012 +0200
Update documentation of the "dump graph" command.
commit 1f312137d5ab12a2d996d5f7972f169aeb852040
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 26 23:52:36 2012 +0200
Allow dumping either directed or undirected graphs.
Internally, tinc maintains a directed graph of the meta connections between
nodes. However, this causes graphviz to draw two lines between nodes, which is
not always desirable. The "dump graph" command now defaults to dumping an
undirected graph, the "dump digraph" command will dump a directed graph.
commit d6388d782ede1bbe49a5c2643362e2e0f383fa89
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 26 23:18:32 2012 +0200
Let tincctl parse and format dumps.
At the moment it just reproduces the old format.
commit 9ade39b7d5564fb6f5a41946c9a23cfa7851a19f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 26 22:20:43 2012 +0200
Keep last known address and time since reachability changed.
This allows tincctl info to show since when a node is online or offline.
commit 1e5deec973cd366b9d9cec6c1314a97e7051ce0f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 25 22:28:08 2012 +0200
Remove remnants of Ethertap and old TUNSETIFF ioctl().
commit 125dd0dbcf4f46033ead3486044eb00b413fe537
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 25 22:12:36 2012 +0200
Fix typo in manpage.
commit 72f08932cf6f1ac0cfb837d377b423207e8c671a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 24 14:56:00 2012 +0200
Don't ignore Makefile.am.
commit 66e702d90d83977dc089736d7e4146330bc5df28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 24 14:02:07 2012 +0200
Attribution for Vil Brekin and some code style cleanups.
commit f421a640777bd9484c59fa6feacadcf3e05d4b44
Author: Vilbrekin <vilbrekin@gmail.com>
Date: Sat Aug 25 20:32:38 2012 +0200
Android cross-compilation instructions.
commit afe4bf62eccab76c75e5a661fb2c16f1391a8417
Author: Vilbrekin <vilbrekin@gmail.com>
Date: Sat Aug 25 20:01:11 2012 +0200
Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
commit c6720f1a608d19c722d8601fab1048773dbad59b
Author: Vilbrekin <vilbrekin@gmail.com>
Date: Sat Aug 25 19:59:26 2012 +0200
Add basic .gitignore file, cleaning (most) files generated by autotools.
commit f2570c1b7f5813e087c867cf002f36f0c09b5cfa
Author: Vilbrekin <vilbrekin@gmail.com>
Date: Sat Aug 25 19:14:00 2012 +0200
Replace hard-code with new ScriptsInterpreter configuration property.
This new setting allows choosing a custom script interpreter used for the various tinc callbacks.
If none is specified, the script itself is called as executable (as before).
This is particularly useful when storing tinc configuration and script on a mount point with no-exec attribute.
commit 8a6f278fd2606c0a8f133f05df83b2649eacf6c3
Author: Vilbrekin <vilbrekin@gmail.com>
Date: Wed Aug 22 10:46:24 2012 +0200
Basic patch for android cross-compilation.
Commented non-existing functions in android NDK.
Prefix scripts execution with shell binary to allow execution on no-exec mount points.
Everyything is currently hard coded, while it should use pre-compiler variables...
commit 2dc8deb1047a076d1c040f47bedf36ad4b41b17c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 13 21:35:29 2012 +0200
Ensure sptps_test compiles with -flto.
commit 90f1cba1fd9e748ec4b8274511d5a36ec1a24d9d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 5 13:05:48 2012 +0200
Replace node_udp_tree with a hash table.
commit 4c05afd19acada4781e1b8865cf702b197882e5d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 5 12:45:36 2012 +0200
Use hash tables to lookup owners of addresses.
commit 6b6a025488f289f749498a7e6cc1994be19f53e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 5 12:44:41 2012 +0200
Add a simple hash table implementation.
commit e9de08be0dab58a48f9a8ce3d250516cf05d6b8e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 4 14:21:50 2012 +0200
Remove newlines at end of log messages.
commit 05dac63dbc03dc5a64a7f4b50e24eb3766135916
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 4 14:16:05 2012 +0200
Remove some debug messages.
commit 742f7bb04e72d93f2c4a858534144a599b3fc14d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 30 14:21:23 2012 +0200
Properly handle SPTPS packets with stripped Ethernet headers.
commit d74b81b61e87c66d364a8590a48d87773ad2652c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 30 14:00:34 2012 +0200
Fix node name check for "connect" and "disconnect" commands.
commit 5567c0d4107e6ff6f4639d8664651841bd59ddad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 5 17:25:31 2012 +0200
Quit when "exit" or "quit" commands are used in tincctl's shell.
commit d18519ae21345fea68dd7f0f5525adba3a7639a9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 5 17:03:57 2012 +0200
Fix segfault when using tincctl's shell without readline.
commit b332bd964663b7109a5fc4be596d36fbf1dbaa47
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 5 13:50:51 2012 +0200
Add bash completion script.
commit e29e0fee8812851473bcf24324a15cbf3cc854a0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 3 14:17:02 2012 +0200
Make sure the top command can be used more than once in tincctl's shell.
commit a57db1dfe0736fd902a45ed5f695630faf3f0e1e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 3 14:15:50 2012 +0200
Fork when using the "start" command in tincctl.
This allows the command to be given in its shell without immediatly exiting tincctl.
commit 36c6afede36b6956bd86df824f5616c1afee35ed
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 3 13:23:07 2012 +0200
Add readline completion for tincctl config and tincctl info.
commit 8af2f3f5a4061a8dbfd4f7d259e0038df06a373e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 2 17:44:59 2012 +0200
Optionally compress and/or strip Ethernet header from SPTPS packets.
commit 73348be58ecb9c40cf435122a00e72ac4d1a4c9b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 2 17:24:42 2012 +0200
Have tincctl act as a shell when no command is given.
By default it uses readline to read commands. If the input and output are not a
tty, no prompt is shown.
commit 91937812bdfe74699e4f7cdf86265d07423acbba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 2 17:23:51 2012 +0200
Clear struct sptps before reusing it.
commit 6bcd03c2027636f82ab7228566717d112df7bc6d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 1 22:22:52 2012 +0200
Update the documentation to encourage using "tincctl init" and "tincctl config".
commit 6396f42d74f22ab5f8e736dc5cb04c57917f9319
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 1 16:51:59 2012 +0200
Stricter checks for netname and node names.
- Node names should not be empty.
- Net names should not contain slashes or start with a dot, because they are
used in pathnames.
commit 61006ced88e1bf62e8883216cabc636f2d4cb12a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 1 16:13:23 2012 +0200
Add missing configuration variables.
commit b0f3a76e9bf8ceeab75c1e6f4dce6763aecddc5e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 1 15:50:45 2012 +0200
Add the ability to query configuration variables to tincctl.
commit a9caa2a6ea3aa553c9d2140ad4f5b34b7ab7297b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 1 15:15:37 2012 +0200
tincctl restart should work even if no tincd is running.
commit 07980b056c5371f8b6fdd50172f501be07155bdf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 1 15:14:48 2012 +0200
Try sending SIGTERM if we cannot connect to a tincd but we know its PID.
commit 7a71d48009e03ff1143a6e1084803f456a27c849
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 31 21:43:49 2012 +0200
Use a status bit to track which nodes use SPTPS.
commit 6bc8df3e010509f69af95d2cc14ec893def6f644
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 31 20:39:15 2012 +0200
Add Brandon Black's replay window code to SPTPS.
commit 5ede437307cc3bbb20431f4b82f4a2ef79c9b746
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 31 20:36:35 2012 +0200
Handle SPTPS datagrams in try_mac().
commit aaff0ed08916f936b0a7b8a3d0607b8111b7a185
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 31 20:29:13 2012 +0200
Remove unused #include.
commit 153abaa4d940bf2bc9bd7275d5efe5c01c354190
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 30 18:36:59 2012 +0200
Use datagram SPTPS for packet exchange between nodes.
When two nodes which support SPTPS want to send packets to each other, they now
always use SPTPS. The node initiating the SPTPS session send the first SPTPS
packet via an extended REQ_KEY messages. All other handshake messages are sent
using ANS_KEY messages. This ensures that intermediate nodes using an older
version of tinc can still help with NAT traversal. After the authentication
phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended
REQ_KEY messages instead of PACKET messages.
commit 248d300f1be0d5f2aae39202041699ab2b46c56b
Merge: e1355e24 3391018e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 27 22:48:24 2012 +0200
Merge branch 'master' into 1.1
commit 3391018efbd41858d42ccae6ae919749ba94c8db
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 27 22:43:01 2012 +0200
Also clarify hostnames=[yes|no] in tinc.conf(5).
commit e895b358db8863d19dfa3d77c861ae19b76bc750
Author: Mesar Hameed <mhameed@src.gnome.org>
Date: Tue Jul 24 07:18:50 2012 +0100
Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
commit e1355e24eb7fe36bdb5dd7c818815fa266046a51
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 13:05:56 2012 +0200
Remove unused po/ directory.
commit 6c9b33c8b67374d38525b88f292840034c559a45
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 12:55:04 2012 +0200
Have tinc-gui use same way of locating pidfile as tincd and tincctl.
commit 2b97a7d7cf6ca7f4d84d3df754062a55bdf55305
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 12:52:31 2012 +0200
tincctl init now also creates a template tinc-up script.
commit eb430005c74b6b5f717e7e264afa3bd35284740d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 17:10:10 2012 +0200
Fix exit code when installing tincd as a service on Windows.
commit e5e96882c3825cee81ff163490b2f39fad3192b8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 16:33:09 2012 +0200
Windows doesn't like quotes around "edit" when calling it through system().
Even though that works fine on the command line.
commit 18237e1f2d9dd5eef4a4e0d746d016bf94a42ad4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 16:26:55 2012 +0200
Use backslashes on Windows.
Although Windows itself supports the forward slash, some programs may not.
commit 09a8ff649cc7aa51d291c89e1556526a6265cc81
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:58:16 2012 +0200
Don't try to mkdir(CONFDIR) on Windows when there is a registry key for tinc.
commit ed8ce60845dc0568840c64c692838136f342fa54
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:51:15 2012 +0200
Fix crash when no netname is specified.
commit 7303b512b0e4f0d9cbc3236e846b2618f527b830
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:50:50 2012 +0200
Fix some compiler warnings.
commit 33521eabd4501b4add35468618453ac4f76311f3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:15:04 2012 +0200
Have tincd and tincctl use the same method of determining netname.
commit 1d322d2eda8223f21b0c00381af34b94054f251a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:02:44 2012 +0200
Add a newline to a configuration file if it is missing.
commit dea722c4aca9a8cfa463807d279aa10cc6a0fc64
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:02:17 2012 +0200
Add some checks when changing configuration.
commit cc0c35267f8fac4f82622ff73474ed1e2d3a1e36
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 14:19:23 2012 +0200
Call event_init() after detaching.
Otherwise, the call to daemon() could close filedescriptors in use by libevent
itself; for example if it uses kqueue or epoll instead of a select() or poll()
backend.
commit 4e0fc52197546bbf8a0be7af946f4b569e13048c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 13:53:22 2012 +0200
Fix various compiler warnings.
commit b161088b35fad1d284855f6434a895a20e34a250
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 13:38:14 2012 +0200
BSD make doesn't like $<.
commit 98a72d686983178f71cd2bf336c1f3d5c647f1e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 13:02:35 2012 +0200
Make sure sptps.h and info.h are in the tarball.
commit 5eeed38b8eb15f4c0464675b7d8c7722bc8be168
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 12:51:53 2012 +0200
Make sure tinc compiles on Windows.
commit 1d4590ca5cae09ea3b7a7e80355639e20861d349
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 20:35:07 2012 +0200
Prefer routes with lower weight as long as they do not increase the number of hops.
This should improve traffic to nodes that are not directly reachable somewhat.
commit 4c8ead98743254be97c830e942f0cc53539d780c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 20:01:29 2012 +0200
Allow more configuration variables to be changed when reloading configuration.
In particular, Subnets may be added or removed from the local node on the fly.
commit c678e7c4fb52d93350eafaed0f666018ed469e10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 19:59:47 2012 +0200
Split setup_myself() into two functions, one for reloading configuration.
commit 4591e96c76914795aaae317c067f16abc22fb2e0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 17:29:16 2012 +0200
Never remove items from cmdline_conf.
We should treat cmdline_conf as const, so we can call read_config_options()
more than once with prefix = NULL.
commit 68a20876d0c4a6c370064d78786dd9f2aa6273cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 01:02:51 2012 +0200
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
commit 76a3ada4eb4032172c3d780915a07680f9954d42
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 17 18:05:55 2012 +0200
Put minor protocol version in connection options so other nodes can see it.
This allows two nodes that do not have a meta-connection with each other see
which version they are.
commit 68de7b481e54d6a7c573d9a2d61f76d4d3a6b2f9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 16 18:49:39 2012 +0200
When exporting configuration files, don't copy Name variables.
These interfere with tincctl import. Besides, host configuration files should
not contain Name at all.
commit c52c46f8717aac6904f32766d774fa3fdf9611d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 16 16:48:24 2012 +0200
Add an easy way to export and import host configuration files.
commit 6319dc9dde3b328ba800f25a6bb4cf303d27f664
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 16 01:14:08 2012 +0200
Strip default subnet weight from output.
commit 74646a4afa6557a0363cc85e0a95d578d4ab0ac2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 16 01:09:47 2012 +0200
Give an error message when tincctl info cannot parse the given subnet or address.
commit 53735a9d964579829d089f4b7572aef50c4e1468
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 16 01:05:25 2012 +0200
"tincctl info" gives more human readable information about nodes or subnets.
commit 3c7003893fe2f82023d0d4f54b488bb7a16d0007
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 16 00:52:50 2012 +0200
Move all functions related to subnet parsing to subnet_parse.c.
commit e72e6febfeddbd4354560388c8e0e125a8017909
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 22:53:03 2012 +0200
Fix tincctl dump.
commit 9be8980a2bb6245da017270f85bd6da186fb433b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 21:17:10 2012 +0200
Let tincctl ignore tincd options, so they will be passed on.
commit 36dee4c539521578005eed5e58b4803b73f0c889
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 21:15:35 2012 +0200
Fix tincctl start.
commit 439069bda62b25baaabeb765ac0557efa57b6cfb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 20:59:17 2012 +0200
Have tincctl notify a running tincd of configuration file changes.
commit eb01fd96258e5f99be0e4930eac04e5487a108a0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 20:37:38 2012 +0200
Add an easy way to edit a configuration file.
commit cedfeccb247abb00063316068d7d2ade880f9d09
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 20:22:21 2012 +0200
Stricter checks for node names.
commit 03f72c6173f27198e2e68227cb41e00f8ec4ddc9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 18:16:35 2012 +0200
Allow configuration variables to be added/removed using tincctl.
commit dd102efd24d847c41890adfcc7ce6d9d2592dcdb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 15:46:16 2012 +0200
Put every command in its own function.
commit a444ec396456a25546a4ab3d185c7fb5e4bb7ae3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 14:49:36 2012 +0200
"tincctl init" creates initial directory structure, tinc.conf and keypairs.
commit 268c8545aaf83b7433f43402f5c77e39e20006ef
Merge: bce17776 f13fd8c3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 14 15:13:21 2012 +0200
Merge branch 'master' into 1.1
commit f13fd8c35068cd1f776e33362dcac40be9499035
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 12 11:32:08 2012 +0200
Update THANKS file.
commit 2eb0043e1352944b1113c1f7e40f37dffac0021d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 12 11:30:56 2012 +0200
Document how to load the tap driver on FreeBSD.
commit ae8c0b65d8f97942d7eff5f96344f781b8dec35d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 12 11:25:11 2012 +0200
Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
commit bce177767d521b47efd458c5cd570959a98d940d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 26 14:22:57 2012 +0200
Fix crash when handling the ALRM signal.
In retry() the function do_outgoing_connection() is called, which can delete
items from the connection_tree, so when walking the tree we must first save the
pointer to the next item.
commit 19be9cf7150858311f7898fa3fb525d692d02f64
Merge: 62b61a1b 00e71ece
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 26 13:24:20 2012 +0200
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
lib/utils.c
src/linux/device.c
src/meta.c
src/net.h
src/net_setup.c
src/net_socket.c
src/protocol.c
src/protocol_auth.c
src/tincd.c
commit 00e71ece25070dc919f9bc0696e4ff3a387360d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 19:45:51 2012 +0200
Releasing 1.0.19.
commit 236b0ba4ebba01e22e382e79897100338a039bbb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 19:03:54 2012 +0200
Fix crash when using Broadcast = direct.
commit 0a84f9cb8f52f2d2b4f03a5ad5ef9dfcd3509033
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 19:01:51 2012 +0200
Fix compiler warnings.
commit 62ee9b776d45af41c8b040ad86e50ba8f6f8e6c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 15:01:42 2012 +0200
#include <winsock2.h> on Windows.
MinGW complained about it not being included.
commit c0af4c37d2046ffb3e07dd62f266a4fb99ea5614
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 15:00:24 2012 +0200
Small fixes in proxy code.
commit 62b61a1b7c2382b1bade142b3a41a9b27c1fd40d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 13 22:16:42 2012 +0200
Don't forget to send a newline when forwarding requests.
commit 42a8158b1dca6ee4ec1707176199cc36c26da7af
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Fri May 4 16:41:47 2012 +0400
add (errnum) in front of windows error messages
On localized, non-English versions of windows, it is
common to have two active charsets -- for console applications
and for GUI applications, together with localized error messages
returned by windows. But two charsets are rarely compatible,
so sending the same byte sequence to console and to windows
event log makes one or another to be unreadable. So at least
include the error number, this way it will be possible to
lookup the actual error test using external ways.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
commit 58007d7efa3940c863c5a398f8b257a686ce37ba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 8 16:44:15 2012 +0200
Always pass request strings to other functions as const char *.
commit 291a59b5b732de084e392daea1433b1fdb9fbfd5
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun Apr 22 03:44:28 2012 +0200
free_connection_partially(): also reset remote protocol version infos
The used remote protocol can change between two reconnects, aka if
the remote side has enabled/disabled for example their ExperimentalProtocols
setting.
commit 32e5c5bb7c2c9127274247cb74cffa7345b04fad
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun Apr 22 03:05:29 2012 +0200
Silence SPTPS log messages, reduce them from DEBUG_ALWAYS to DEBUG_META.
commit c78bb143030162f0c820f08c87808e157c014a07
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun Apr 22 02:55:06 2012 +0200
terminate_connection(): delete non-outgoing (aka incoming) connections.
commit 8b9e5af0d93069a81ce2ebed9899eedf3b7b184b
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat Apr 21 03:44:24 2012 +0200
Label control connections for log output as "<control>", not "<unknown>".
commit d3f4cf59ca917386e7c6358a98adbe3b8e9ce87a
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat Apr 21 01:59:01 2012 +0200
free_connection_partially(): Avoid possible use-after-free for c->hischallenge
commit 7a6ca7a993e5907497d97fef09e375698dde182f
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat Apr 21 01:51:36 2012 +0200
terminate_connection(): only kill c->node->connection if it is pointing
to the same connection
commit a96c4f016c9fff2392d85f762e16f5430c0b6463
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Apr 20 00:24:38 2012 +0200
terminate_connection(): Avoid use-after-free and double-free for
already freed edge structure.
commit 5c0dd104f94519c3cb50e9ca44227656c5adc7ae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 19 15:56:08 2012 +0200
Document new proxy types.
commit 5ae19cb0bb8dd6be1e9bcd560bb051f496a373ec
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 19 15:18:31 2012 +0200
Add support for proxying through an external command.
Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.
commit fb5588856fa4dd6f140c72f7360302fe85b20c75
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 19 14:10:54 2012 +0200
Add support for SOCKS 5 proxies.
This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.
commit b58d95eb29662bce4388f95dbc5762b9e2999806
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 18 23:19:40 2012 +0200
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.
commit 84531fb6e621959e06519fdbb7f2a8f7578f66bd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 16 01:57:25 2012 +0200
Allow broadcast packets to be sent directly instead of via the MST.
When the "Broadcast = direct" option is used, broadcast packets are not sent
and forwarded via the Minimum Spanning Tree to all nodes, but are sent directly
to all nodes that can be reached in one hop.
One use for this is to allow running ad-hoc routing protocols, such as OLSR, on
top of tinc.
commit 9ebb34f907e8a15cb71dd20b111270d80bad1e96
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 16 01:16:59 2012 +0200
Update README to reflect that only OpenSSL is currently supported.
commit a851d8a9f6e3b69ab75695d84471ff4d525341b7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 16 01:14:59 2012 +0200
Add autoconf checks for OpenSSL's elliptic curve functions.
commit f8e15dfe8d155b5bdb1e39bf6b9af486606145e8
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat Apr 14 02:28:43 2012 +0200
ecdh & ecdsa: avoid some possible memory leaks in error conditions.
commit 8792b9a9f343e751dc3cfd789db9528da609ba9f
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat Apr 14 02:02:11 2012 +0200
Remove confusing error message for failed reading in ECDSA keys.
Most likeley the error is that there just is no valid key inside the used
host file, and in this case errno just contains a random value from the
last previously failed call.
commit a5bb6d40fb517aa175510ec179091e4f9ffaf6f6
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat Apr 14 02:29:32 2012 +0200
sptps_stop(): clear pointers after free to avoid double free.
sptps_stop() may get called twice on some failed connection setups.
commit 535a55100bb77f107c85361e9f72a194e92bc8bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 29 16:45:25 2012 +0100
Allow environment variables to be used for Name.
When the Name starts with a $, the rest will be interpreted as the name of an
environment variable containing the real Name. When Name is $HOST, but this
environment variable does not exist, gethostname() will be used to set the
Name. In both cases, illegal characters will be converted to underscores.
commit 1d9dacb1f26971e19463b5501c2410c57f780ecb
Merge: 86c29903 89f4574e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 26 19:06:39 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
src/logger.c
src/net_setup.c
commit 89f4574e0b1553c8e5dcbfc275e829a759b697f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 26 14:46:09 2012 +0100
Add support for systemd style socket activation.
If the LISTEN_FDS environment variable is set and tinc is run in the
foreground, tinc will use filedescriptors 3 to 3 + LISTEN_FDS for its listening
TCP sockets. For now, tinc will create matching listening UDP sockets itself.
There is no dependency on systemd or on libsystemd-daemon.
commit cc6aee784659bfbd21eb8d414e00a8f1a801cac4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 26 14:45:20 2012 +0100
Remove newline from log message.
commit 16e6769feef21a5bf58f6022d990452987bb5efb
Author: Anthony G. Basile <basile@opensource.dyc.edu>
Date: Mon Mar 26 06:29:40 2012 -0400
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
The current configure.in file does not correctly make use of these
macros. The resulting configure file will therefore enable an item
even if --disable-FEATURE is given. This patch restores the intended
behavior.
commit 86c2990327fdf7ec1197aa73cb2b9a926a734db4
Merge: d7bf63c6 b23681dd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 23:35:31 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
src/Makefile.am
src/conf.c
src/conf.h
src/connection.c
src/net.c
src/tincd.c
commit b23681dddb8987571f04d46fc14f0ba012a7929c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 22:54:36 2012 +0100
Support :: in IPv6 Subnets.
commit 482c6119a7ae80f320e5b519ef2e785e04a77b8e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 15:32:26 2012 +0100
Releasing 1.0.18.
commit 64c657b32d1eb34eb669c6d5b0ec26c1a643b194
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 15:30:58 2012 +0100
Mark DecrementTTL option experimental.
commit f71ce341800739c7cdee01d7cf025e7492da22ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 15:17:50 2012 +0100
Fix return type of vde_recv() as well.
In this case it is not really necessary as the conversion to int will already
take care of ensuring the return value is treated as signed.
commit 6225b1884a25af4debc2d0821a4c377ddbaec696
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 14:55:56 2012 +0100
Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
commit 399835385380d485416d6d59a8f27ce71f1db644
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 14:46:50 2012 +0100
Fix some more compiler warnings.
commit cfe6558d4ba4f572311aeafd62737f6f2692ad86
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 14:00:21 2012 +0100
Fix return value type of vde_send().
The libvdeplug_dyn.h header file incorrectly declares the return type of
vde_send() to size_t, while in reality it is ssize_t.
commit 95968c67f9df9102ddbce5b7c8d34107989ad51a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 13:58:14 2012 +0100
Fix compiler warnings.
commit e2d1b0b899ef66cd7ff227549e58b96c292f784e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 13:42:10 2012 +0100
Allow scoped addresses to be used for IPv6 multicast socket.
commit 251204063255d95910f9a079015e2f9b428fd983
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 13:40:55 2012 +0100
Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
commit b5e3bf1a85462f0c41638c11305d28f87af24395
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 23 13:18:36 2012 +0100
Set default value of DecrementTTL to "no".
Decrementing the TTL causes IPv6 to fail when Mode = switch, and there may be
other unforeseen side-effects.
commit c373de2e9812700c0568640727ad917b6fc7d758
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 21 17:00:53 2012 +0100
Add support for multicast communication with UML/QEMU/KVM.
DeviceType = multicast allows one to specify a multicast address and port with
a Device statement. Tinc will then read/send packets to that multicast group
instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM
instances that are listening on the same group.
commit a7dbb50c23f447a23b543c92ec096ff178bc2de3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 21 13:20:15 2012 +0100
Allow a port to be specified in BindToAddress statements.
This can be used to let tinc listen on multiple ports for incoming connections.
commit 80e15d8b96e5313b33c91003b1f75d7f6db9924e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 20 23:49:16 2012 +0100
Always try next Address when an outgoing connection fails to authenticate.
When making outgoing connections, tinc goes through the list of Addresses and
tries all of them until one succeeds. However, before it would consider
establishing a TCP connection a success, even when the authentication failed.
This would be a problem if the first Address would point to a hostname and port
combination that belongs to the wrong tinc node, or perhaps even to a non-tinc
service, causing tinc to endlessly try this Address instead of moving to the
next one.
Problem found by Delf Eldkraft.
commit d7bf63c63ab397cf3e5ca4a065922364925788e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 18 21:24:46 2012 +0100
Make sure the signature also covers the session label.
commit 42a0b61076d5d0f6391f0dd5c2c400b8fb89c5c5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 18 20:38:48 2012 +0100
Start documenting the SPTPS protocol.
commit d756bb92ed52d5b1ecdd42af32f11f733db64d91
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 18 17:46:30 2012 +0100
Don't send an ACK message after the first key exchange in the SPTPS protocol.
commit c970ecdd75d4e7b3203a788f28b6e40cd532759b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 18 17:42:43 2012 +0100
Test SPTPS messages sent while key renegotation is in progress.
commit 3a4fe104a06b73fd19c550546e7c65a59ff2afe3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 18 16:42:02 2012 +0100
Add datagram mode to the SPTPS protocol.
* Everything is identical except the headers of the records.
* Instead of sending explicit message length and having an implicit sequence
number, datagram mode has an implicit message length and an explicit sequence
number.
* The sequence number is used to set the most significant bytes of the counter.
commit 03e06fd43aff73b4a5c9d367968a1279371ae252
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 18 16:41:13 2012 +0100
Allow CTR mode counter to be set to a specific value.
commit 28a1501b9a8b4c730f7f965d6b2e8fc50feba261
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 10 13:31:36 2012 +0100
Releasing 1.0.17.
commit 4712d8f92e63e86e835ffb624d6399343ee568ea
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 10 13:23:08 2012 +0100
Update copyright notices.
commit 5b0f5ad958d6db4e73aebc5ee6c608cdae81b7b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 8 23:23:39 2012 +0100
Make sure disabling old RSA keys works on Windows.
Seeking in files and rewriting parts of them does not seem to work properly on
Windows. Instead, when old RSA keys are found when generating new ones, the
file containing the old keys is copied to a temporary file where the changes
are made, and that file is renamed back to the original filename. On Windows,
we cannot atomically replace files with a rename(), so we need to move the
original file out of the way first. If anything fails, the new code will warn
that the user has to solve the problem by hand.
commit 2f1c337c541fcb7e2c62aeeab245ff7a43eb51a5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 8 22:19:20 2012 +0100
Add missing ICMP6 message type definitions.
commit 40c28589328a2aa96c2ce1419c5d90616c758b3d
Merge: 8ac096b5 9dea33f5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 8 21:15:08 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
src/net_packet.c
commit 9dea33f5301119dd4423eb962956cf2d246af3f3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 7 10:40:06 2012 +0100
Accept Subnets passed with the -o option when StrictSubnets = yes.
commit 63f8303a5dc1758876451a580a8317dbc3d295d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 2 16:09:58 2012 +0100
Only log errors sending UDP packets when debug level >= 5.
Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.
commit 8ac096b5bf9da1b3961a3ac4a03d083629222a63
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 26 18:37:36 2012 +0100
Allow log messages to be captured by tincctl.
This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.
commit a1bd3a291379492c8ffecd53792065dc20a28c79
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 26 16:56:53 2012 +0100
Don't close control connections when handling a reload command.
Because this would terminate the connection while the control message
handler was still running, it would lead to a segmentation fault later
on.
commit 483c5dcfb43719e5fd50902641252e28a04fd74e
Merge: 344d6b9a ae524961
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 26 16:27:13 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
commit ae5249610954af17c68c547bb1b45ad286ad647e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 26 16:23:02 2012 +0100
Only use broadcast at the start of the PMTU discovery phase.
For local peer discovery, only a handful of packets are necessary for
peers to detect each other.
commit 344d6b9ac3c795f2942e457c1ab38b1dac5f7242
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 26 12:39:46 2012 +0100
Let tincctl use the NETNAME environment variable if no -n option is given.
This allows administrators who frequently want to work with one tinc
network to omit the -n option. Since the NETNAME variable is set by
tincd when executing scripts, this makes it slightly easier to use
tincctl from within scripts.
commit 84570275acd84628586a6ca591a283d074ca10f0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 26 12:33:16 2012 +0100
Ensure all SPTPS functions are prefixed with sptps_.
commit 8b1ad6f76f821648079818f6ff018bbc33b9d9e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 25 23:03:09 2012 +0100
Go back to breadth first search for path finding.
If 1.1.x nodes using Dijkstra's algorithm are mixed with 1.0.x nodes using BFS,
then routing loops can occur.
commit 36623e15a1c8685e5d8730345c1a7f9c93710fef
Merge: 65d6f023 5140656d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 25 22:52:57 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
commit 5140656de6bcfda72951a7827b05414ce306e3ca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 25 22:11:30 2012 +0100
Stricter checks against routing loops.
If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.
commit f1d5eae643cdf537ef357f10f2da8ff83bdf32b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 25 21:46:18 2012 +0100
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
That would be silly.
commit 65d6f023c46ac3a087f59b60762f87c869783f21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 25 18:25:21 2012 +0100
Use SPTPS when ExperimentalProtocol is enabled.
commit efd21e232dced3225f119aeb7a585ebf55b7cf77
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 25 15:18:15 2012 +0100
Apply HMAC after encryption.
commit f5dc136cfd7a3a195b75f7174722734e25f30fd9
Merge: 3fba8017 5a28aa7b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Feb 23 13:26:01 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
src/net.c
src/net_packet.c
src/net_socket.c
commit 5a28aa7b8b0ab6237c2eab5f8b11253ea3ec5a05
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 22 23:17:43 2012 +0100
Add LocalDiscovery option which tries to detect peers on the local network.
Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.
commit 8e717ddb602f01f656369106ec0398efbe9ca4a4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 22 14:37:56 2012 +0100
Pass index into listen_socket[] to handle_incoming_vpn_data().
commit 3fba80174dbe29bcfe0d121a2a1d2e61be5ee57b
Merge: fba1c85f 65e8e06c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 22 14:23:59 2012 +0100
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
doc/tincd.8.in
src/Makefile.am
src/bsd/device.c
src/connection.c
src/connection.h
src/cygwin/device.c
src/device.h
src/dropin.h
src/linux/device.c
src/mingw/device.c
src/net.c
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/process.c
src/protocol.c
src/protocol_key.c
src/raw_socket_device.c
src/route.c
src/solaris/device.c
src/tincd.c
src/uml_device.c
commit fba1c85f44edfc56c19d35332b1eb825179a8bb6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 21 23:19:51 2012 +0100
Remove useless warning about signature length being shorter than expected.
commit cb6cbf452f6183a00746afc5bff8f63f3f55235f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 21 23:17:12 2012 +0100
Use only one hash algorithm (SHA512) in the PRF.
On some platforms, OpenSSL by default does not support the Whirlpool algorithm.
commit 65e8e06c6dc7349b11c3c1e8f4071b51e2994c65
Author: Nick Hibma <nick@van-laarhoven.org>
Date: Tue Feb 21 15:26:58 2012 +0100
Add missing ICMP message type definitions.
commit ac48c4ee8c09c8144f830cb66386b9dbe7298440
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 21 14:06:55 2012 +0100
Fix check for raw socket support.
Also, move some variables so there are no compiler warnings about unused
variables when there is no support for raw sockets.
commit d9ad3d313d96d30ef45cd53367dff9a855a396d4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 21 13:31:21 2012 +0100
Fix a bug that caused tinc to ignore all but the last listening socket.
commit 46506b7aaf6c6a8a85561c38fdb9c95eae21aa75
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 21 13:13:40 2012 +0100
Document the command line flag -o and provide --option as well.
commit 7d76e287598c8c18cadfb5818046d9dd1b0ad881
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 21 11:39:21 2012 +0100
Move initialization of char *priority up to prevent freeing an uninitialized pointer.
commit 8420a0c8bde1781db04dd2436eb9d5dca5a1732a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 20 17:19:00 2012 +0100
Allow disabling of broadcast packets.
The Broadcast option can be used to cause tinc to drop all broadcast and
multicast packets. This option might be expanded in the future to selectively
allow only some broadcast packet types.
commit ea415ccc1690d6e5864a7500977b181e5c8faafe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 20 17:12:48 2012 +0100
Rename connection_t *broadcast to everyone.
commit cff5a844a3e6b494f4a4f6eb5b48a84780f2d0e5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 20 16:52:53 2012 +0100
Don't bind outgoing TCP sockets anymore.
The code introduced in commit 41a05f59ba2c3eb5caab555f096ed1b9fbe69ee3 is not
needed anymore, since tinc has been able to handle UDP packets from a different
source address than those of the TCP packets since 1.0.10. When using multiple
BindToAddress statements, this code does not make sense anymore, we do want the
kernel to choose the source address on its own.
commit 0233b1d710222cb09be0cbd08c1297e3ece38a9f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 20 16:34:02 2012 +0100
Decrement TTL of incoming packets.
Tinc will now, by default, decrement the TTL field of incoming IPv4 and IPv6
packets, before forwarding them to the virtual network device or to another
node. Packets with a TTL value of zero will be dropped, and an ICMP Time
Exceeded message will be sent back.
This behaviour can be disabled using the DecrementTTL option.
commit 6289859ab365dc1c0d420323174418b316b14502
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 20 15:44:52 2012 +0100
Only compile raw socket code when it is supported on that platform.
commit d1dcdf8eb6f800704be426b1ce6f6c1a8e65ba0d
Merge: 1b2846d9 3b1fad04
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 18 14:31:08 2012 +0100
Merge branch 'master' of black:tinc
commit 3b1fad04de6bed2f284fdf3d5b27d4162aeebc8c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 18 14:37:52 2012 +0100
Allow setting DeviceType to tun or tap on Linux.
commit 6455654d26d204cea4bbc102e5bd6550b7fff7a7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 18 11:48:21 2012 +0100
Send packets back using the same socket as they were received on.
commit 1b2846d907adfc8472fc9da0c951c3243c7ee143
Merge: 9f6a96af 6455654d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 18 11:43:00 2012 +0100
Merge branch 'master' of black:tinc
commit 9f6a96af3939bd2de410ce346a8c8fbcf93e7c9b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 17 16:25:00 2012 +0100
Allow multiple BindToAddress statements.
commit 708314df2f61675d0f54e541c9fff62ac1f433b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 17 16:13:38 2012 +0100
Set FD_CLOEXEC flag on all sockets.
Scripts called by tinc would inherit its open filedescriptors. This could
be a problem if other long-running daemons are started from those scripts,
if those daemons would not close all filedescriptors before going into the
background.
Problem found and solution suggested by Nick Hibma.
commit 1f00111e94b2f9a4beb9608b1e03a5e73c9c5d21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 26 23:11:27 2011 +0100
Fix a few small memory leaks.
commit b50d6a7f2ad98239018bc5ce7a5739e3bf4f50f7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 26 23:04:40 2011 +0100
Fix compiler warnings.
commit 178e52f76ef4ba40748c13ea7e518837394d6dbc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 4 01:20:59 2011 +0100
Allow linking with multiple device drivers.
Apart from the platform specific tun/tap driver, link with the dummy and
raw_socket devices, and optionally with support for UML and VDE devices.
At runtime, the DeviceType option can be used to select which driver to
use.
commit 5672863e59e6a114ac6b66de98254b14266c0e61
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 3 21:59:47 2011 +0100
Fix a few small memory leaks.
commit 52ded09d1713b83222b56db7d29ff061aefb95e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 27 12:13:16 2011 +0100
Add vde/device.c to the tarball.
commit 2c7c87ec75c94d0b3cca9f7a5aeba34384f77cc1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 27 12:12:34 2011 +0100
Fix compilation of VDE and UML interfaces.
commit 2a9060bba62d78f73da9b09ca791fe80993520fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 6 15:32:12 2011 +0200
Exchange ACK records to indicate switch to new keys.
This allow application records to be sent while key renegotiation is still
happening.
commit 3b5898078af1ab86797b3e24f2381131e6e702f7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 6 09:34:34 2011 +0200
Use counter mode encryption.
commit a0f795ff5bd671ca10a7203e4234b37a12d8d1cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 6 09:33:09 2011 +0200
Add counter mode encryption.
commit 67ff81ec16b8ab5f15d16efbedfecfaf0be17c13
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 5 22:05:13 2011 +0200
Test corner cases in the SPTPS protocol.
* Test zero-byte messages.
* Test maximum size (65535 byte) messages.
* Test different message types.
* Test key renegotiation.
commit 30013511504e925729ebc67772205a74c4b8aeea
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 5 22:00:51 2011 +0200
Update SPTPS protocol.
* Exchange nonce and ECDH public key first, calculate the ECDSA signature
over the complete key exchange.
* Make an explicit distinction between client and server in the signatures.
* Add more comments and replace some magic numbers by #defines.
Thanks to Erik Tews for very helpful hints and comments!
commit 810847248ae90140ee6f3e568add80aef88c3def
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 5 21:59:33 2011 +0200
Fix compiler warning.
commit ddea7a23a66b8fee4942f2ce237dcabe02e17270
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 30 20:49:48 2011 +0200
Return false instead of void when there is an error.
commit e838289683c0039fac0ae6172d40b4177c17911b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 30 19:56:56 2011 +0200
Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
In case the config file could not be opened a new but unitialized RSA structure
would be returned, causing a segmentation fault later on. This would only
happen in the case that the config file could be opened before, but not when
read_rsa_public_key() was called. This situation could occur when the --user
option was used, and the config files were not readable by the specified user.
commit 5d4336e5429b88dcc53e80c00412e76a5269b384
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 10 17:04:17 2011 +0200
Handle UDP packets with unknown source addresses properly.
Probably due to a merge, the try_harder() function had duplicated the
rate-limiting code for detecting the sender node based on the HMAC of the
packet. This prevented this detection from running at all. The function is now
identical again to that in the 1.0 branch.
commit bbc0ba9e87f76111529d6dc9cb00c0b9435b5858
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun Aug 7 12:18:20 2011 +0400
use execvp() not execve() in tincctl start
sometimes argv[0] will have directory-less name (when the
command is started by shell searching in $PATH for example).
For tincctl start we want the same rules to run tincd as for
tincctl itself (having full path is better but if shell does
not provide one we've no other choice). Previous code tried
to run ./tincd in this case, which is obviously wrong.
This is a fix for the previous commit.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
commit a7556a9d2c943a6317d2dab66d9f742997f0d47a
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun Aug 7 12:05:07 2011 +0400
run tincd from the same directory as tincctl and pass all options to it
For tincctl start, run tincd from dirname($0) not SBINDIR -
this allows painless alternative directory installation and
running from build directory too.
Also while at it, pass the rest of command line to tincd, not
only options before "start" argument. This way it's possible
to pass options to tincd like this:
tincctl -n net start -- -d 1 -R -U tincuser ...
And also add missing newline at the end of error message there.
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
commit 2696ad2cca73aee13e38f740d5530dc33e4a92e6
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun Aug 7 11:25:03 2011 +0400
don't mention reload twice in tincctl help
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
commit 3d75dbc0880484ff6d2f689a9b981def3cd75b5e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 24 15:44:51 2011 +0200
Start of "Simple Peer-To-Peer Security" protocol.
Encryption and authentication of the meta connection is spread out over
meta.c and protocol_auth.c. The new protocol was added there as well,
leading to spaghetti code. To improve things, the new protocol will now
be implemented in sptps.[ch].
The goal is to have a very simplified version of TLS. There is a record
layer, and there are only two record types: application data and
handshake messages. The handshake message contains a random nonce, an
ephemeral ECDH public key, and an ECDSA signature over the former. After
the ECDH public keys are exchanged, a shared secret is calculated, and a
TLS style PRF is used to generate the key material for the cipher and
HMAC algorithm, and further communication is encrypted and authenticated.
A lot of the simplicity comes from the fact that both sides must have
each other's public keys in advance, and there are no options to choose.
There will be one fixed cipher suite, and both peers always authenticate
each other. (Inspiration taken from Ian Grigg's hypotheses[0].)
There might be some compromise in the future, to enable or disable
encryption, authentication and compression, but there will be no choice
of algorithms. This will allow SPTPS to be built with a few embedded
crypto algorithms instead of linking with huge crypto libraries.
The API is also kept simple. There is a start and a stop function. All
data necessary to make the connection work is passed in the start
function. Instead having both send- and receive-record functions, there
is a send-record function and a receive-data function. The latter will
pass protocol data received from the peer to the SPTPS implementation,
which will in turn call a receive-record callback function when
necessary. This hides all the handshaking from the application, and is
completely independent from any event loop or socket characteristics.
[0] http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html
commit 0f2aa4bd8b698608876bec141c5aef1aa619730b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 23 14:12:23 2011 +0200
Releasing 1.0.16.
commit e16ead8dd9d4600664058069f0695832dfe068b2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 23 14:11:44 2011 +0200
Use usleep() instead of sleep(), MinGW complained.
commit ff751903aa82bd6dd66a099f9c05dcdae9fc57f2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 20 08:19:18 2011 +0200
Don't abort() on low-level crypto errors, just return false.
The abort() calls were accidentily left in for debugging.
commit 2f4ccfe2473948372f7c9f14d9ffce1d77f5fd8c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 19 21:11:11 2011 +0200
Fix tinc 1.0.x daemons connecting when ExperimentalProtocol = yes.
commit f8d94f34fc5d7fe9ed4a076a2fd77eacbd83adca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 20:09:08 2011 +0200
Releasing 1.1pre2.
commit c259d552fa89c3e4a962d9adf2b237f24bc077da
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 20:06:06 2011 +0200
Add missing newline.
commit f6020a5224c9c4c17c11c5f9d2c8441638ac04fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 20:01:24 2011 +0200
Write loopback address instead of "any" address in pidfile.
commit 50fcfea127c9d2fdf8894498a9fdcc6fb3bbb2ce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 19:34:01 2011 +0200
Flush output buffer in send_tcppacket().
This is mainly important for Windows, where the select() call in the
main thread is not being woken up when the tapreader thread calls
route(), causing a delay of up to 1 second before the output buffer is
flushed. This would cause bad performance when UDP communication is not
possible.
commit 25091454da21941dd92375ddbee7dd6151343058
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 19:23:52 2011 +0200
"tincctl stop" now removes the tinc service on Windows.
commit c6c989cfa175154f4cd3830c5a77fbd2071f52af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 18:02:56 2011 +0200
Fix declaration of usleep().
commit 18e9839dc861c368141bbbc9a963f719a83eba3e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 17 10:59:54 2011 +0200
Ensure symlinked files do not end up in the tarball.
commit fa4a01e4a27dd4b3a57077acbd0e69f95d55944a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 22:38:50 2011 +0200
Use const pointer to source in base64 and hex routines.
commit 574b380dfc75ef13ee4accba1f2416165c58a5a2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 22:38:22 2011 +0200
Use usleep() instead of sleep(), MinGW complained.
commit 8efc8dc961865ceddb74cb36f0b4a2ebde39cc55
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 21:44:17 2011 +0200
Update info manual.
commit cff27a258f3b3a97b5d2e309c264eceea41dff3a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 20:21:44 2011 +0200
Use ECDSA to sign ECDH key exchange for UDP session keys.
The ECDSA public keys will also be included in the ANS_KEY requests,
but are only used when no ECDSA public key is known yet.
commit 03ac48ea19914e4162f17a2fb0f742b99ae32499
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 15:21:37 2011 +0200
Use the same logic as tinc 1.0.x for detecting two nodes with the same Name.
commit 2ba61742d4c2ab82525efb806dc654a6d95d335e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 15:15:29 2011 +0200
Use the correct direction flag when setting cipher keys.
The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.
commit be2fc8b0458b1e2ced3b5de410356d8d8639acff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 16 10:47:35 2011 +0200
Make code to detect two nodes with the same Name less triggerhappy.
First of all, if there really are two nodes with the same name, much
more than 10 contradicting ADD_EDGE and DEL_EDGE messages will be sent.
Also, we forgot to reset the counters when nothing happened.
In case there is a ADD_EDGE/DEL_EDGE storm, we do not shut down, but
sleep an increasing amount of time, allowing tinc to recover gracefully
from temporary failures.
commit 303dd1e70219a7542921f6e63d9391ab326d434f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 13 22:52:52 2011 +0200
Fix compiler warnings.
commit 791c1898ea8f92b07f1d79e90540c257ac38298d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 13 22:29:30 2011 +0200
Remove unnecessary variables and functions.
commit fec279a9c54ec8a13bd1ba4c7bec0d2a15454992
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 12 23:43:12 2011 +0200
Make use of the improved hex and base64 functions.
Also, use base64 for all EC related data, it is shorter and easy to
distinguish from the legacy protocol.
commit 06b8271ed5d56c9bd3de459d95907d0ef4f0ea3c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 12 22:54:49 2011 +0200
Make hexadecimal and base64 routines behave the same.
The length parameter for the encoding functions is the length of the
binary input, and for the decoding functions it is the maximum size of
the binary output.
The return value is always the length of the resulting output, excluding
the terminating NULL character for the encoding routines.
All functions can encode and decode in-place. The encoding functions
will always write a terminating NULL character, and the decoding
functions will stop at a NULL character.
commit c108c79a22118ef7246a3d7b3bc20e205e11d179
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 11 22:14:06 2011 +0200
Don't use wildcards in filenames in configure.in.
commit bbeab00f46a6c856573fe0d2b9b85bce35728403
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 11 21:54:01 2011 +0200
Require ExperimentalProtocol = yes for new features, update documentation.
commit d1cd3c81455ecb32149cbaa424b7870075b2b2fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 10 22:46:43 2011 +0200
Close meta connection socket after cleaning up event structures.
Epoll doesn't like it when an already closed filedescriptor is being
removed, so we defer closing the socket until after all else is cleaned
up.
commit 30ef2a981e1d62692b3a2363e0b3a0e8711d9604
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 10 22:34:17 2011 +0200
Automatically exchange ECDSA keys and upgrade to new authentication protocol.
If we don't have ECDSA keys for the node we connect to, set protocol_minor
to 1, to indicate this to the other end. This will first complete the
old way of authentication with RSA keys, and will then exchange ECDSA keys.
The connection will be terminated right afterwards, and the next attempt
will use ECDSA keys.
commit 027228debee2ea6f31cd176e456c13d626380066
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 10 21:02:34 2011 +0200
Free ECDSA and RSA structures when freeing a connection_t.
commit 73863fab8ae1ecd8307aaeef486919cc76b85d63
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 8 18:17:34 2011 +0200
Hash input before signing it with ECDSA.
commit 8132be8fbd6c45be309c63a117f418ad12ced094
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 7 22:30:55 2011 +0200
Very primitive ECDSA signed ECDH key exchange for the meta protocol.
Nonces and hash of the ID requests should be included in the seed for the PRF.
commit 210b5ceeeebdf742a74dcf95a0a13d69623ee001
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 7 22:28:25 2011 +0200
Read ECDSA keys.
commit 03582eb669494cb778ebea7b0fe3b1b841335750
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 7 22:27:17 2011 +0200
Implement ECDSA sign and verify operations.
Very basic at the moment, doesn't hash the input first,
and uses OpenSSL's DER encoded signature as output.
commit 86d83bd9bd69e2129f4e4e8397f1c7e223685e2f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 5 21:29:31 2011 +0200
Bump minor protocol to indicate ECDH capability for UDP session keys.
commit 9708bbfa8e3094de8932a30b1d24c661558d8a03
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 5 21:19:48 2011 +0200
Add a minor number to the protocol version.
commit b99656d84a88dad7935d5981fcdb43a5b2bfa417
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 4 07:51:47 2011 +0200
Round up the size of the secret parts after splitting it in two.
commit 95e1cc36d320b47408ac3ec6f89df54e55a010d4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 23:44:43 2011 +0200
Add ECDSA key import.
commit 1e2d9b08991861c8770aa2c5a73d86dc02e3067d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 23:33:56 2011 +0200
Finish base64 decoding routine.
commit 80b81c00b129b006981b76bdb734df3296317d6f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 22:25:29 2011 +0200
Have tincctl generate ECDSA keys.
The generate-keys command now generates both an RSA and an ECDSA keypair,
but one can generate-rsa-keys or generate-ecdsa-keys to just generate one type.
commit 8ace7f3e5771957fbdda8b817fa26951d9d62c28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 22:15:00 2011 +0200
Add ECDSA key generation.
commit 1d92dd62a786ecabbc05dfba5195f3f08e0f9585
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 22:13:58 2011 +0200
Base64 encoding and decoding functions.
commit c385d115331845e8a844322e66571d74d833e822
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 22:13:34 2011 +0200
Cleanups in ECDH code.
commit 895f868714f9422a757a95650345e0c662d12b49
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 21:21:37 2011 +0200
No need to keep around pointers to EC_GROUP.
commit ac163120d7f0300c8d555f76ace3368ce2ffa655
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 16:30:49 2011 +0200
Proper use of PRF.
commit 82f00ea07bffc10985ccb1a15723e6daa0ab4969
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 15:59:49 2011 +0200
Use PRF.
commit feb3f22fffa2620b9b11a509ce51ff9fa3be9418
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 15:26:58 2011 +0200
Add PRF to derive key material from the ECDH shared secret.
It is modelled after the pseudorandom function from RFC4346 (TLS 1.1), the only
significant change is the use of SHA512 and Whirlpool instead of MD5 and SHA1.
commit 8dfa072733feab737cabf69f000c70657719826a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 3 13:17:28 2011 +0200
Support ECDH key exchange.
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
commit ee8a214318fd6dbe6bc5d6b510896f30d92d46c6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 27 21:52:23 2011 +0200
Preliminary implementation of Elliptic Curve Diffie-Hellman Ephemeral key exchange.
commit 6c21b5716b8e9e5ff5def8070f92b76a0f353cb0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 26 13:15:44 2011 +0200
Add manpage for tinc-gui.
commit 4c934d0903a32e71ae83ffdf344957bd06b7164d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 26 13:14:48 2011 +0200
Remove debug messages that were printed to stdout.
commit e73052b05444679d922dbdf3d0c507873110957e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 26 12:59:11 2011 +0200
Update documentation to mention pidfiles instead of controlcookies.
commit 8c953b1bfef3c6ebee7c537c2c2f144807d0311a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 26 12:58:50 2011 +0200
Don't react to escape character in tincctl top.
Not only the ESC key generates an escape character, but many other keys
do as well, such as arrow keys.
commit 27e6a89b155b171b0b026d5e24ee0cc68f43d010
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 26 12:51:25 2011 +0200
Use pidfile in tinc-gui as well.
commit 660f530a6ff733f96f81eefa69b38e2ea685f890
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 22:20:39 2011 +0200
Really stable sorting of tincctl top output.
commit 810766e1394f18b8709e9f0c75a41a2c348e3fad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 21:38:59 2011 +0200
Add +git to the version string.
commit ab4d289fafd1d391583935ab4c306f1f508ea1d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 21:35:27 2011 +0200
Make pid files backwards compatible and add address of listening socket.
The pid is now written first, so that a version 1.0.x tincd can be used to stop
a running version 1.1 tincd. Getsockname() is used to determine the address of
the first listening socket, so that tincctl can connect to the local tincd even
if AddressFamily = ipv6, or if BindToAddress or BindToInterface is used.
commit a05fa7f88264599a43f9e411287e018259dc22b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 21:21:36 2011 +0200
Rename controlcookie file to pidfile.
commit c64f64b875879591873d68faf2d3cd8e9d644101
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 21:16:13 2011 +0200
Don't call exit_control() if we didn't do init_control().
commit 3b237afbda86bc95703ed25386cc9a26695d4602
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 20:20:07 2011 +0200
Re-add support for SIGALRM.
commit 386c1aff08a3ce6e295931e2fcf4bfc607053ff0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 17:39:02 2011 +0200
Merge Tinc.py into tinc-gui to simplify make install.
Autoconf/automake's Python support is strange.
commit c4c32f40599eb8e75b1160083020d924c5807ac8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 17:11:05 2011 +0200
Thank Scott Lamb, Sven-Haegar Koch and Loïc Grenié in the NEWS file.
commit 8733110dec28967d67a3c00d00cdfa608dbeb9c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 17:08:40 2011 +0200
Ensure the right files end up in the tarball after make dist.
commit e4f65db89726ac06ba7e787d420db4422d9a6e98
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 15:28:54 2011 +0200
Releasing 1.1pre1.
commit 2c5ded652035bfaa204a7e1cc6766efb87135569
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 15:28:13 2011 +0200
Ensure that the texinfo manual can be converted to HTML.
Somehow commit 2c30af6c90926340a89748c63cc453b1c0b5a589 was not properly
merged.
commit e8deda0b23463599a7533e82cf038a01062956a7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 14:52:47 2011 +0200
Update manpages and info manual.
commit 47393b5de42120dfb7d01f8b77aff16ac68177ec
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 00:32:45 2011 +0200
Add Makefile.am in gui/.
This ensures the gui source will be included in the tarball with make dist,
and will be installed with make install.
commit 7944cce19e4de4207a4ef20569155118acebd406
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 25 00:06:06 2011 +0200
Don't use AM_CONDITIONAL for CURSES.
For some reason, this doesn't work when cross-compiling for Windows.
commit 365f60f3f8a8ff85a616d5014d555b470740d395
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 22:49:18 2011 +0200
Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h().
commit 1fe8ba2f06c39d7c8b81f0e451bdbac94ae9375f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 22:10:03 2011 +0200
Delete mtuevent if it is not used.
Keeping it around prevents ans_key_h() from restarting PMTU discovery.
commit 79e9a4f743b7b59fed968575f6b36171cf4a0063
Merge: fb5b2601 05260f94
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 21:40:55 2011 +0200
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
src/Makefile.am
commit 05260f941c2a24eb3f09070a2550cf15e431266a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 14:50:20 2011 +0200
Releasing 1.0.15.
commit 3c0511984f0041f79e64bcc55d58680f86e8e408
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 24 12:27:04 2011 +0200
Remove redundant @CFLAGS@ from AM_CFLAGS.
commit fb5b260190b1c6d07ec822154094aee7416f292e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 21 23:08:05 2011 +0200
No need to check for pselect() in tinc 1.1.
commit 532557beeaa60d96ac423248ff62d2cc03205c22
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 21 23:06:53 2011 +0200
Only log UDP address changes at the appropriate debug levels.
commit 60ed7fe598ccf3ac11fab616c9c85492c576b722
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 6 21:19:30 2011 +0200
Reopen log file after SIGHUP.
This was missed by the previous merge.
commit 33f241d97852d7a171f1aaf1bda7f66356ff889e
Merge: 601f3b2d 4b3fd94b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 6 20:42:15 2011 +0200
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
configure.in
doc/tincd.8.in
lib/pidfile.c
lib/pidfile.h
lib/xalloc.h
lib/xmalloc.c
src/conf.c
src/conf.h
src/connection.c
src/connection.h
src/event.c
src/graph.c
src/graph.h
src/net.c
src/net.h
src/node.h
src/openssl/crypto.c
src/process.c
src/protocol.c
src/protocol_key.c
src/route.c
commit 601f3b2dd746ff5726eca256861f2ecf662b3a55
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 6 20:12:33 2011 +0200
Clean up digests when freeing a connection_t.
commit 4b3fd94b1cc79c24c4092b6b10ed4627a2648d26
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 6 16:26:11 2011 +0200
Improved --logfile option.
Instead of UNIX time, the log messages now start with the time in RFC3339
format, which human-readable and still easy for the computer to parse and sort.
The HUP signal will also cause the log file to be closed and reopened, which is
useful when log rotation is used. If there is an error while opening the log
file, this is logged to stderr.
commit b3bbeab6e669795f6f5a6b98590da359178bfdce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 4 11:27:54 2011 +0200
Attribution for Loïc Grenié.
commit 50af33d01f425983dd2b1d7b61092a6325be3f41
Author: Loïc Grenié <loic.grenie@gmail.com>
Date: Sat Jun 4 09:05:23 2011 +0200
Nearly tickless tinc.
Use pselect instead of select in main_loop (if available). This lets
tincd sleeps as long as there is nothing to do.
commit 8b3cc695b56d4ab5e51c7e194153894f920b307f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 3 15:50:20 2011 +0200
Don't ignore SIGCHLD, system() needs it.
But we do ignore SIGPIPE, and tinc 1.0.x signals that are no longer used
(SIGUSR1 and SIGUSR2), since the default handler of these signals is to
terminate tincd immediately.
commit 5989a29d7b53b25e8ed2f60bc3a0e089e423c02c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 3 00:46:56 2011 +0200
Fix format strings for Windows.
Windows doesn't like %zd, so cast (s)size_t to int. Also, some shorts were
incorrectly printed with %d instead of %hd.
commit 3ade33bfac11715190ed3e6cc3589d1a738ce257
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 3 00:34:30 2011 +0200
Use send() when writing to sockets, and the return type is ssize_t.
commit 5f4d57e846b566e80557c57a72e2bad562f66e7b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 23:40:27 2011 +0200
Small fixes for Windows.
commit 2adc789401153ffde847f76155e07665fbf909ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 22:14:53 2011 +0200
Even simpler signal handling.
commit 2f42896789a1798e71374fa2ddf555fe2fa46c44
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 21:29:11 2011 +0200
Remove debugging message that was accidentily left in.
commit c6b0e102ad7caabae6876849c97f8acaecf5bc1a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 21:16:57 2011 +0200
Don't treat packets coming in via TCP as having zero length.
commit 80ca91769d48e546d3e4cde03c2eb2820c03acc4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 21:14:50 2011 +0200
Fix nodes joining the VPN after tincctl top started.
commit 311f60f4f0bdf974d4890d7eb4a752299d1c9458
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 20:48:18 2011 +0200
Make traffic statistics more readable with configurable scaling.
commit a8f0d21330b40993d52421327b1aa33a6ea7acb7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 20:27:16 2011 +0200
More stable sorting in tincctl top.
Although we use qsort(), which is not guaranteed to be stable, resorting the
previously sorted array is more stable than recreating and resorting the array
each time.
commit 2bda2aa8855ff3ae42aba7aa86e1d7ff2b7a3b34
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 18:22:26 2011 +0200
Fix some compiler and cppcheck warnings.
commit 809dfd2f5b08ecbfe55d1a06d267abeef0044b0b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 18:07:50 2011 +0200
Remove support for the Ethertap device.
commit af2e0c9a32642065aedd2e67ca1f5791ca7a407d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 17:57:53 2011 +0200
Remove unused functions and variables.
commit 9eca49329db0c3b0a80114045cf214eaeaf3d5c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 17:55:29 2011 +0200
Don't #include <alloca.h> anymore.
commit b7754e5aaa3cc453582d6c8c2e66483fdcd1ac0d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 17:53:35 2011 +0200
Drop the GNU memcmp.c implementation.
commit 25b467638a23ad03524719329027225ae1da75bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 17:45:06 2011 +0200
Drop the GNU malloc.c, realloc.c, and xmalloc.c.
We live in the 21st century, and we require C99 semantics, so we do not need to
work around buggy libcs. The xmalloc() and related functions are now static
inline functions.
commit e452a933f9c53fd58db9d932afd15319129dd988
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 2 17:14:30 2011 +0200
Simplify signal handling.
We don't override any signal handlers anymore except those for SIGPIPE and
SIGCHLD. Fatal signals (SIGSEGV, SIGBUS etc.) will terminate tincd and
optionally dump core. The previous behaviour was to terminate gracefully and
try to restart, but that usually failed and made any core dump useless.
commit 4d440336c3ce68719e23b2fc51fac368e23352ad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 29 22:34:19 2011 +0200
Remove outgoing event in free_connection().
commit d29bfc9a450b4758e44757a71675bac631dd3c55
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 29 22:14:35 2011 +0200
Initialise priority field to zero for packets read from the VPN interface.
commit 4c403840ffdeb2a2ff04c9b7780a407920b2b794
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 29 22:12:37 2011 +0200
Cosmetic fix when pressing 's' in tincctl top.
commit b3aeaf0f917a895332ff937c7ab64638eacc0eae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 29 22:10:54 2011 +0200
Show hostname and port in error message when connecting to a running tincd.
commit 04de15984f1479d0142bdfa5bd968274aea2209e
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun May 29 21:53:21 2011 +0200
do_outgoing_connection() may delete a failed connection, and the structure
must not be accessed afterwards.
commit 82109868b5acd55e452569c565ab6dc090ea1de0
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun May 29 21:35:31 2011 +0200
src/net_socket.c bind_to_address(): Use after free in error path.
commit 5bc957074a35e58f49cbcf8d1fb5d6237d37363d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 29 14:41:05 2011 +0200
Allow tincctl to connect to something besides localhost.
This would allow tincctl to connect to a remote tincd, or to a local tincd that
isn't listening on localhost, for example if it is using the BindToInterface or
BindToAddress options.
commit 64771f73ebbff04262defcde59263e98f89f0fa1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 28 23:46:56 2011 +0200
Remove a few unnecessary #includes.
Some spotted by Michael Tokarev.
commit 5cff8c47c1781a88123c128a4cec6cdd39925aa5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 28 23:42:18 2011 +0200
Remove newlines from log messages.
commit 6d08eb1614b59d5f86a43edda9db06fca72b76cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 28 23:36:52 2011 +0200
Fix sparse warnings and add an extra sprinkling of const.
This is more or less the equivalent of Sven-Haegar Koch's fixes in the 1.1
branch.
commit e6b21e1a510691a86dcc1ecdf71a80a7c62ff17f
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 03:48:07 2011 +0200
fgets() returns NULL on error, not < 0
commit 434e57ae5ee79b3d990c4d75358047bad641998b
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 03:46:39 2011 +0200
sparse fixup: warning: Using plain integer as NULL pointer
commit f4010694b3b16453e5e6298c208910264e326978
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 03:57:20 2011 +0200
sparse fixup: warning: non-ANSI function declaration of function '...'
commit d772289f6d6adfb8932658b533349d43f08ec326
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 03:56:06 2011 +0200
sparse fixup: warning: symbol '...' was not declared. Should it be static?
commit 02e32cf61ee25d3d0e2fc1fef5cd98cbfa1c9a2f
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 03:12:03 2011 +0200
sparse fixup: error: too many arguments for function send_key_changed
commit b995243ac3d9605003996ba879808ddcbc77ae15
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 03:08:31 2011 +0200
sparse fixup: error: dubious one-bit signed bitfield
commit bbd0025ae323e7141ba04a5371ec2f3f75f9b059
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 02:57:40 2011 +0200
Use same definition for xalloc_fail_func as is really used.
commit 3fca2cad485ef70360bca085c5c4d052b6deb15b
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 01:36:10 2011 +0200
Removed two newlines from the end of log messages which created empty lines.
commit 9cce44dfe3401867f753778b73fd1e7ac1ee3122
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sat May 28 01:33:45 2011 +0200
Fixed error logging on "Input buffer full" condition.
commit 07ffb1a19859791d419b83a876ba552dadedbf46
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 22 15:56:04 2011 +0200
Make return value of SetPriorityClass() behave the same as setpriority().
commit 453c44e7b27d4259461795ab4ec6ef264085dd28
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 22 14:17:30 2011 +0200
Add the ability to dump all traffic going through route() over a control connection.
One can get the packet stream in pcap format, which can be decoded using
tcpdump, for example:
tincctl -n <netname> pcap | tcpdump -r -
commit 54c900e961de6065f607f5661edeb7c84be29ea5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 22 14:02:27 2011 +0200
Reset tcplen after use.
commit 8ddcad5fa1908727f68abb461b615c666616064f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 22 13:15:27 2011 +0200
Check if an event is initialized before calling event_del().
Libevent prints a warning to stderr if we do that.
commit 931e30f91a9241ab8aa705c911c92ba8943f80fd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 22 13:15:05 2011 +0200
Always compact the buffer if it has reached MAXBUFSIZE.
commit 90c7fafe594cf6d03c15a072a3d749f3e4d78482
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 22 12:56:51 2011 +0200
Compact input buffer before trying to read instead of after.
Also log an error when the input buffer contains more than MAXBUFSIZE bytes
already, instead of silently claiming the other side closed the connection.
commit 8de8f1d9e2c2c02d4a14a5506e7d0d914dc328da
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 17 10:58:22 2011 +0200
Fix some compiler warnings.
commit a80c18dd20e5303b26d5283e6cb5062a1812ddc3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 17 10:57:30 2011 +0200
Use GetItemCount() on ListCtrls instead of directly accessing ItemCount.
commit f536504a7de90927b09d16f3bf0d3c6adead9955
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 16 09:48:19 2011 +0200
Add top.h.
commit e272fab858d5d3eeb43ff9f36268d25d3c6d32f1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 16 09:46:54 2011 +0200
Add tincctl.h.
commit 6d97cb1e229c22d1d34aa9889aeaf17644ff06dc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 15 16:30:13 2011 +0200
Nicer top command.
- Configurable refresh interval.
- Switch between cumulative count or current rate.
- Configurable sorting.
commit 4574b04f79d79d53492b7e0eb592d64ff9b2362b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 15 16:29:54 2011 +0200
Allow inserting items in the middle of a list.
commit 97355690b9cf8d8b56a316e01f73f8ff1fee68c8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 15 13:16:48 2011 +0200
Add a very primitive "top" command to tincctl.
commit ec495b2f15fc5ae22136c226c7966caf51f643f8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 15 12:06:21 2011 +0200
Add an autoconf check for the curses library.
commit 362d8a6358019cb97456c8133832f18798cea41f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 15 11:59:13 2011 +0200
Dump traffic statistics over control sockets.
commit f5843e7d649f4a7f72cb3fd356bc935457aa492f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 15 00:42:29 2011 +0200
Add per-node traffic counters.
commit ffa3a443b9f01d3ea0fcb3c4fc6928a5c695cf4a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 14 22:30:23 2011 +0200
Several fixes for the buffer code.
commit cdb793f687262b9f56823ca9046523a609a758af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 14 19:20:56 2011 +0200
Remove use of bufferevent and eventbuffers, use our own buffering instead.
commit f431fcb35f400be388a905ae0f7f50c1f5c4cd5d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 14 19:15:04 2011 +0200
Add simple buffer management code.
Libevent 2.0's buffer code is not completely backward compatible with 1.4's.
In order to not (mis)use it anymore, we implement it ourselves. The buffers
are automatically expanding when necessary. When consuming data from the
buffer, no memmove()s are performed. Only when adding to the buffer would
write past the end do we shift everything back to the start.
commit 3794e551c7db9aa81405f65f7b04a9951c4120b2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 14 11:52:35 2011 +0200
Fix check for event initialization due to the merge.
commit 03b7118139f57033659730afb740bf5cef7c961c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 13 12:37:26 2011 +0200
Reorder checks for libraries to allow ./configure LDFLAGS=-static.
OpenSSL depends on libdl and libz. When linking dynamically, libcrypto will
automatically link with the other two libraries. However, when linking
statically, these libraries need to be specified explicitly while linking. By
moving the autoconf checks for libdl and libz before those for libcrypto, we
ensure the latter test will be done with the proper libraries.
commit ce8775000ab38229a78ecf3dc26bab008ca0f332
Merge: 3f59a26d 5686ad80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 9 21:35:14 2011 +0200
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
doc/tincd.8.in
lib/pidfile.c
src/bsd/device.c
src/dropin.h
src/net.c
src/net_packet.c
src/node.c
src/process.c
src/tincd.c
commit 5686ad80b545afa3de9ed2f4176a5346e289aaa8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 23:17:46 2011 +0200
Releasing 1.0.14.
commit 0d906489f2ce9faf81dc230f7db6ab5378573554
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 23:12:44 2011 +0200
Include <inttypes.h> when using intptr_t.
commit dc887f5011834d5a9a6ec5deb8781c6bfd88c474
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 23:12:06 2011 +0200
Ensure proper linking with OpenSSL with recent versions of MinGW.
commit 67766d65f06854ee894d784f638c5c9cd2b50bca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 21:22:20 2011 +0200
Update THANKS and copyright information.
commit 6e6b037ef4fd9877aeb1d947da7364409fa8cbb7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 21:06:06 2011 +0200
Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
The latter function disappeared, and wasn't actually used in tinc, so now we
check on a function that we do use.
commit 257cb6ac60bb0924720de9e252cdf7f4759bf741
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 12:40:44 2011 +0200
Always use the default signal handler for ABRT signals.
This will allow coredumps to be generated when tinc is daemonized.
Also add the -kABRT option.
commit eacb5a28fb4c1515633f2b8a206e7067bc7b8f0c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 8 12:16:26 2011 +0200
Increase threshold for detecting two nodes with the same Name.
In commit 4a21aabada23d1d2c8a10f54dd7248171c4ec82f, code was added to detect
contradicting ADD_EDGE and DEL_EDGE messages being sent, which is an indication
of two nodes with the same Name connected to the same VPN. However, these
contradictory messages can also happen when there is a network partitioning. In
the former case a loop happens which causes many contradictory message, while
in the latter case only a few of those messages will be sent. So, now we
increase the threshold to at least 10 of both ADD_EDGE and DEL_EDGE messages.
commit f11c6101f30df645223920bef3eb7592de9bcb79
Author: Julien Muchembled <jm@jmuchemb.eu>
Date: Thu Apr 28 13:21:55 2011 +0200
Fix command-line '-o' option for host configuration
This fixes a regression introduced by commit 667b1ba while refactoring option
parsing code.
commit 0aa86d4b8b3010522e6de8842f5bd29004ba3df6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 9 09:34:56 2011 +0100
Do not set indirect flag on edges from nodes with multiple addresses.
Since tinc now handles UDP packets with a different source address and port
than used for TCP connections, the heuristic to treat edges as indirect when
tinc could detect that multiple addresses were used does not make sense
anymore, and can actually reduce performance.
commit 7cf68b5e35c002511cc7468967de6a75934cc998
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 18 23:11:43 2011 +0100
Prevent anything from updating our own UDP address.
Because we don't want to keep track of that, and this will cause the node
structure from being relinked into the node tree, which results in myself
pointing to an invalid address.
commit cdbbbfabea173894bd2fb5f28135a04ddc5e3fd7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Feb 18 23:02:11 2011 +0100
Fix spurious misidentification of incoming UDP packets.
When a UDP packet was received with an unknown source address/port, and if it
failed a HMAC check against known keys, it could still incorrectly assign that
UDP address to another node. This would temporarily cause outgoing UDP packets
to go to the wrong destination address, until packets from the correct address
were received again.
commit 046d83bf91e01bc7a32e66a02758caf228bc4601
Author: Rumko <rumko@rumko.net>
Date: Sat Feb 12 18:22:14 2011 +0100
DragonFlyBSD support
* added DragonFly BSD support
* added a check for sys/resource.h (needed on DragonFly)
commit f017c7f98f8f68d6ca50ebe247f4115aadd93635
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 7 18:34:55 2011 +0100
Add support for VDE through libvdeplug.
When compiled with vde/device.c, tinc will connect to a vde_switch instance
instead of using a tun/tap device.
commit 8d18cc6c4e625625a2437d26c587f9f382a0c589
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 29 10:49:44 2011 +0100
Fix typo spotted by Andrew Scheller.
commit b3731c04097e66a6b8908bb893c5da831d89c04d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jan 12 20:57:14 2011 +0100
Proper check and dropin replacement for usleep().
commit 4b8a5993036fccc2108fcc2550649d9b78fb1ab7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 17:25:24 2011 +0100
Update the NEWS.
commit c228da54d47657811dfb679e7f138cbba58a9f67
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 17:25:03 2011 +0100
Update the manual.
commit 4575c6c7dffe228ce302776022a2075b7ef37ab0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 17:24:23 2011 +0100
Document the behavior of "-n."
commit 6c05bf082b1ce9acfc0ebb5c6f32c2ece41c7f80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 16:59:42 2011 +0100
Remove unused variables.
commit 6a51d89cf706bcefce1861a1a66d40ef7d7db43b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 16:55:42 2011 +0100
Replace bogus #else with #endif.
Found by cppcheck, which complained about lenin not being initialized, but the
real problem is that reading packets would fail when using code compiled with
--tunemu on a normal tun device.
commit d7636352ce359e807b392a6e5ac0a6aeff4a63d2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 16:52:36 2011 +0100
Limit field width when scanning PID file.
Cppcheck warns that scanf() might otherwise crash when presented with a huge,
bogus PID file.
commit 3ce5e292da8bab3a1316faf1ca18625f05074467
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 16:50:24 2011 +0100
Close all filedescriptors in Solaris close_device().
commit f99661a4ca5bacff47239ce7978b9c9948917c54
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 2 15:02:23 2011 +0100
Always send MTU probes at least once every PingInterval.
Before, if MTU probes failed, tinc would stop sending probes until the next
time keys were regenerated (by default, once every hour). Now it continues to
send them every PingInterval, so it recovers faster from temporary failures.
commit cac0a5c651535e8317839b0deff1ee98086a8184
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 20 14:31:11 2010 +0000
Use setpriority() instead of nice() on UNIX-like systems.
The return value of nice() can not reliably indicate errors. The return value
of the setpriority() call is well-defined.
commit 3f59a26d8098b8b0902b8746715508360b347f47
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 19 12:26:20 2010 +0000
Do not try to dereference myself->connection->config_tree.
This was a bug introduced due to an incomplete merge (commit
ff71f289022ccb91abc2726f16522d55b5ccf0f6).
commit 886a6f61a1f4cc48a77b42d10f34f9126377d904
Merge: 23dddc25 d91903ef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 19 12:22:48 2010 +0000
Merge branch 'master' into 1.1
Conflicts:
src/net_packet.c
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_key.c
commit d91903ef3c2a1f4481ae8757bb2b14282f2b7e68
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 16 17:28:41 2010 +0100
Attribution for Brandon Black.
commit e764ff7be9949c91865aff72844357e76ae6dd78
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 16 16:45:36 2010 +0100
Fix variable length array declaration.
commit 5eb0440110f99f0a49838cc00a0686c7a7595663
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 13 21:36:51 2010 +0100
Free replay window when freeing a node_t.
commit a9445e38f25bd24eca289768fc46e44e36b842ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 13 21:34:59 2010 +0100
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
commit 0d61d4ae1358553fc8dde350747542f137f5cb8b
Author: Brandon L Black <blblack@gmail.com>
Date: Sat Nov 13 12:05:51 2010 -0600
Improved handling of queue-jumping packets on receive
commit 23acc19bc090051156ad895caed61848f5afb144
Author: Brandon L Black <blblack@gmail.com>
Date: Sat Nov 13 12:05:50 2010 -0600
Configurable ReplayWindow size, zero disables
commit 8dfe1b374e165ecba5d3ae324ee834d337476be8
Author: Brandon L Black <blblack@gmail.com>
Date: Sat Nov 13 12:05:49 2010 -0600
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
commit 3f410e2f8f7c365630f226adf4904935698f9e0d
Author: Brandon L Black <blblack@gmail.com>
Date: Sat Nov 13 12:05:48 2010 -0600
Experimental IFF_ONE_QUEUE support for Linux
commit 9e3ca397735077f85bbde48c36e1b3e0fa950988
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 13 15:55:38 2010 +0100
Use variable length arrays instead of alloca().
commit e2e6ec8050274b0a8678d6fc263e7dc4ef66feae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 13 15:50:39 2010 +0100
Provide usleep() for Windows.
commit 23dddc25930bc9033e5a2ac659376032aff44d82
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 13 15:46:19 2010 +0100
Link tincctl with dropin.o.
commit a22041922f160667573e9a5ae3f4195e1668906a
Merge: 8b70c5be 930bf74f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 12 16:15:29 2010 +0100
Merge branch 'master' into 1.1
Conflicts:
doc/tincd.8.in
lib/pidfile.c
src/graph.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/node.h
src/protocol_auth.c
src/protocol_key.c
src/tincd.c
commit 930bf74fbe5ce8363b6cc2ae3a3e960e910e0996
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 12 11:38:05 2010 +0100
Don't use strlen() on a NULL pointer.
A bug introduced in commit 667b1bac77b134cf32c98d5dc25619e8c3303f52 caused tinc
to crash on startup.
commit a07aa92176571eb7f063708640d0d486280808ef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 12 11:33:01 2010 +0100
Add short options -R and -U to the tincd(8) manpage.
commit 66b7aea294896a99df289231143a506b422b994c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 2 14:23:43 2010 +0100
Read error counter must be static.
commit a91bf2dfcd0f5857905e59da7d944654e0875503
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 2 14:18:35 2010 +0100
Quit when there are too many consecutive errors on the tun/tap device.
Although transient errors sometimes happen on the tun/tap device (for example,
if the kernel is temporarily out of buffer space), there are situations where
the tun/tap device becomes permanently broken. Instead of endlessly spamming
the syslog, we now sleep an increasing amount of time between consecutive read
errors, and if reads still fail after 10 attempts (approximately 3 seconds),
tinc will quit.
commit aca70cd3c3fe787e62c618849e43f67b3870ac20
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun Oct 24 15:23:10 2010 +0400
Treat netname="." in a special way.
Treat netname "." in a special way as if there was no netname
specified. Before, f.e. tincd -n. -k didn't work as it tried
to open /var/run/tinc-.pid. Now -n. works as if there was no
-n option is specified.
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
commit 5f729f76f5a63114df582fc29f4189140c1e5ead
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 22:46:44 2010 +0200
Remove unused variables.
These were caused by commit 667b1bac77b134cf32c98d5dc25619e8c3303f52.
commit 20ae7dd8c12390f7360eb28cc17e1b8a8a706b06
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 22:43:50 2010 +0200
Abort disabling old PEM keys on I/O errors.
commit a08462bf845973016e061b8ca1233142d80416f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 22:42:21 2010 +0200
Ensure there is a newline character before a PEM key is written.
commit c6ccbadfcf93a7bd4a88dee8ff146b4db7f85e71
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 13:40:04 2010 +0200
Attribution for Timothy Redaelli.
commit 1c2cd7ed273ee1538ff8a13d036c68aa9992c4aa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 13:17:42 2010 +0200
Attribution for Julien Muchembled.
commit 667b1bac77b134cf32c98d5dc25619e8c3303f52
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 13:06:06 2010 +0200
Remove duplicate command-line option parsing.
Also fix parsing of command-line host configuration options for the local node.
commit ff71f289022ccb91abc2726f16522d55b5ccf0f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 22 12:47:12 2010 +0200
Merge local host configuration with server configuration.
With some exceptions, tinc only accepted host configuration options for the
local node from the corresponding host configuration file. Although this is
documented, many people expect that they can also put those options in
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
local host configuration file.
commit 8c3105283ac53f8cc9cc4dde25957ec1cf6b53a0
Author: Julien Muchembled <jm@jmuchemb.eu>
Date: Fri Sep 3 13:34:22 2010 +0200
New '-o' option to configure server or hosts from command line
Options given on the command line have precedence over configuration from files.
This can be useful, for example, for a roaming node, for which 'ConnectTo' and
<host>.Address depends on its location.
commit 4b6a9f1c1f645ce5989692655337d9e23ca28648
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 4 16:03:19 2010 +0200
Do not append an address to ANS_KEY messages if we don't know any address.
This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.
commit 798fa2f04c52b0639713f74b1195847bec40c16a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 4 15:04:08 2010 +0200
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
commit 4a21aabada23d1d2c8a10f54dd7248171c4ec82f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 4 14:53:52 2010 +0200
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
In this situation, the two nodes will start fighting over the edges they announced.
When we have to contradict both ADD_EDGE and DEL_EDGE messages, we log a warning,
and with 25% chance per PingTimeout we quit.
commit dbf3d168b720045328d476f3b9e5f5e45b4ab6de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 7 12:24:49 2010 +0200
Use strrchr() insteaad of rindex().
The latter function is deprecated, some build environments do not support.
commit eda71798749e8b0abf5e8b3cbc11da82aa607f00
Author: Timothy Redaelli <timothy@redaelli.eu>
Date: Tue May 4 15:43:48 2010 +0200
Fix warnings under BSD
commit df985256a766ee90f2fa4269b95fa0565c969dda
Author: Timothy Redaelli <timothy@redaelli.eu>
Date: Tue May 4 00:27:44 2010 +0200
Fix warnings showed using -D_FORTIFY_SOURCE=2
commit f5122ccecee095b9185b2324dea7bcd9655462ee
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 1 15:39:59 2010 +0200
Fix all warnings when compiling with mingw64.
commit ef92a5725c47c6e8e801e07190dd7dd3f9cb3a17
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 1 15:39:03 2010 +0200
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
commit 0fdd7da52077d77a11a3646eb3e7d5b6ffa178e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 1 15:38:04 2010 +0200
Use intptr_t instead of long to store a pointer.
commit c94ede3b8708cdf105a3fecfc119a558e1583f27
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 1 15:37:11 2010 +0200
Define WINVER before including any other header file on Windows.
commit 8b70c5be9bc762d81354f9cd77c3748a44a4956d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 30 23:18:22 2010 +0200
Remove obsolete lib/ directory.
commit ee427cac0d04c60d09cc235c04664eab8b0c6527
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 30 23:13:02 2010 +0200
Do not try to free NULL pointers.
commit 113458c2864ec8c046ab7d63ff1b417252c8e4df
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 30 23:11:48 2010 +0200
Use correct digest length when checking a received key.
commit 76b41ba20dc9783ff0d21dd738739a81d62142e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 17 12:33:36 2010 +0200
Add missing return statement.
commit 2911af6e23d0dba6d771fcd590551a84bd9dc932
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 17 12:33:15 2010 +0200
Fix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.
commit 79e46d08a46f2fef2ee4e8eac7ba487007160564
Merge: 4ce4af4c 4766359e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 17 12:21:53 2010 +0200
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
configure.in
src/net.c
src/net.h
commit 4ce4af4c712c80d08630767ec34787253da1021b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 17 12:03:08 2010 +0200
Fix experimental GUI when reading hexadecimal values.
commit 4766359e1426bdf1383c898d6103d8760e5e296d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 17 12:01:38 2010 +0200
Fix reading configuration files that do not end with a newline. Again.
commit 26b8cf8680ae68443dccac2adbc2361caafc3712
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 20:40:20 2010 +0200
Releasing 1.0.13.
commit 74653beb5bc510e60579058ee15c0f66350f5137
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 19:47:44 2010 +0200
Mark Forwarding and DirectOnly options as being experimental.
commit 0ddce6370d39eff162bd212a6e47fe3a8e96a09e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 19:39:31 2010 +0200
Don't redefine MAX if it already exists.
commit a9bbb3357a89e27185312fbce0ee134eda4eda90
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 19:20:02 2010 +0200
Fixes for definitions under Windows.
commit 4708f2c89edea4be2562256544cf35309cf1ea89
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 18:34:50 2010 +0200
Ensure subnet-up/down scripts are called after HUP when necessary.
commit 32f5524c4b52a2d3a96bc48ee2437f8b9b4dbe10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 04:35:16 2010 +0200
Fix reloading Subnets when StrictSubnets is set.
commit 9f53ab209d8a6a7622a49ed03cef735b6e3f3eeb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Apr 11 00:50:42 2010 +0200
Reload Subnets when getting a HUP signal and StrictSubnets is used.
commit d1cc637470edaed663e694fdeb290eb45cc9ecca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 10 23:55:15 2010 +0200
Ensure ICMP_NET_ANO is defined.
commit f75e71bc693847af71f61fb72cd788e3e47f9bd3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 3 09:46:45 2010 +0100
Convert Port to numeric form before sending it to other nodes.
If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes. However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.
commit e49891e188f618a0e98f1d30bcbf240286e8ad5c
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Wed Mar 31 03:56:53 2010 +0200
Fixed metadata protokoll corruption on forwarded requests
When forwarding a metadata request through forward_request() we were
adding the required newline char to our buffer, but then sending the
data without it - this results in the forwarded request and the next one
to be garbled together.
Additionally while at it add a warning comment that request string is
not zero terminated anymore after a call to the forward_request()
function - for now this is ok as it is not used by any caller after this.
commit 0310deb225cad21c458fb32fd589027e3f844735
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Mar 26 17:25:18 2010 +0100
Demote all LOG_EMERG to LOG_ERR, spamming all xterms is bad.
commit d5654f568dcaf81341395b52b2711f68c0417ec6
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Mar 26 16:54:13 2010 +0100
README.git: tinc 1.1 needs libevent
commit 685509ffe10d1bf9c409e5ba90f46cd747f2d9cd
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Sun Mar 28 17:51:26 2010 +0200
Function flush_meta() does not exist anymore.
commit c6d2b9d734859ccbd9582b28351983a12b04abb0
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Mar 26 17:07:30 2010 +0100
Add missing AC_CHECK_HEADERS([dirent.h]) to configure.in
commit ffa1dc73dcd62a856325641972a13d398aa8121c
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Mar 26 17:18:04 2010 +0100
Fixed 1.0 miss-merges
commit 103543aa2c15d9f1e2aa313a2e593a7524cce484
Merge: 35b1c250 29235491
Author: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri Mar 26 16:51:03 2010 +0100
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
configure.in
have.h
src/conf.c
src/conf.h
src/net.c
src/net_packet.c
src/protocol_key.c
src/protocol_subnet.c
src/route.c
src/tincd.c
commit 292354912f346fe467f557f0dc026b519997289c
Author: Sven-Haegar Koch <haegar@ccc.de>
Date: Wed Mar 10 02:50:51 2010 +0100
Never delete Subnets when StrictSubnets is set
If a node is unreachable, and not connected to an edge anymore, it gets
deleted. When this happens its subnets are also removed, which should
not happen with StrictSubnets=yes.
Solution:
- do not remove subnets in src/net.c::purge(), we know that all subnets
in the list came from our hosts files.
I think here you got the check wrong by looking at the tunnelserver
code below it - with strictsubnets we still inform others but do not
remove the subnet from our data.
- do not remove nodes in net.c::purge() that still have subnets
attached.
commit 146760bd35b351d58e817ce0e67f5c6f74750cd4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 10 16:07:01 2010 +0100
Fix typo.
commit f2346771cf5b22092dd3f5af3674008aa1e878d1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 8 21:44:32 2010 +0100
Log unauthorized Subnets when StrictSubnets is set.
commit ee64b8ef33b709fabfc1ed56762d5f52fc026e52
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 8 17:54:57 2010 +0100
ConnectTo does not mean tinc does not listen for incoming connections anymore.
commit 8ae54dc7c782bcc4b771ec0766fcf9eee115756e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 2 23:27:50 2010 +0100
Fixes for the Forwarding option.
commit 3e4829e78a3c7f7e19017d05611e5b69d5268119
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 2 22:55:24 2010 +0100
Add the DirectOnly option.
When this option is enabled, packets that cannot be sent directly to the destination node,
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
commit 95a6974de173e0cb78611c6704ed09631d510dae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 2 22:34:26 2010 +0100
Add the Forwarding option.
This determines if and how incoming packets that are not meant for the local
node are forwarded. It can either be off, internal (tinc forwards them itself,
as in previous versions), or kernel (packets are always sent to the TUN/TAP
device, letting the kernel sort them out).
commit 5038964032ef55913b2d4741c67bf191b2208abb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 2 00:18:44 2010 +0100
Add the StrictSubnets option.
When this option is enabled, tinc will not accept dynamic updates of Subnets
from other nodes, but will only use Subnets read from local host config files
to build its routing table.
commit 9fed0ec34b9208611a7e96a595f23fa04e60a5c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 1 23:44:56 2010 +0100
Preload all Subnets in TunnelServer mode.
This simplifies the logic in protocol_subnet.c.
commit d47ab576a25d91600acf7eecf376ed026bdc9c83
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 1 23:44:46 2010 +0100
Check for dirent.h.
commit 21f33b638291c2ffe7156e6c1e0df339f855d831
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 1 23:35:02 2010 +0100
Simplify reading lines from configuration files.
Instead of allocating storage for each line read, we now read into fixed-size
buffers on the stack. This fixes a case where a malformed configuration file
could crash tinc.
commit 3cb91d75f874e3398c35cd4280c1e0a1ceeedabc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 28 18:20:13 2010 +0100
Clamp MSS to miminum MTU in both directions.
Clamp MSS of both incoming and outgoing packets, and use the minimum of the
PMTU of both directions when clamping.
commit ddb8cb0779ed36d17ce186dd0bf67e9f0c860d28
Author: Timothy Redaelli <timothy@redaelli.eu>
Date: Wed Feb 10 14:52:15 2010 +0100
Add --disable-zlib configure option
commit eeb505af36ba9496ad29b32cd0917afb8c6cd355
Author: Timothy Redaelli <timothy@redaelli.eu>
Date: Wed Feb 10 13:24:33 2010 +0100
Add --disable-lzo configure option
commit f7b2a2ea43fca323f543e152e6a43a29a4eb6671
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 3 22:49:48 2010 +0100
Releasing 1.0.12.
commit cd0c2e86a403fc9aabecdc8d51413f94491b5494
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 3 11:18:46 2010 +0100
Ensure peers with a meta connection always have our key.
This keeps UDP probes going, which in turn keeps NAT mappings alive.
commit 40d91ff619a6ea24a2a35c9d934bcc6bace27e24
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 2 22:49:21 2010 +0100
Update copyright notices.
commit 44f8f61396a92c899172a1863bbc9c705cbfa649
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 2 22:22:27 2010 +0100
Try to set DF bit on BSDs as well.
Every operating system seems to have its own, slightly different way to disable
packet fragmentation. Emit a compiler warning when no suitable way is found.
On OpenBSD, it seems impossible to do it for IPv4.
commit ed14ef93b47622ba13099dfc6be5335222e987a6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 2 01:02:40 2010 +0100
Immediately exchange keys when establishing a meta connection.
This in turn will trigger PMTU discovery, and ensures nodes know each others
reflexive UDP address and port.
commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 2 00:51:44 2010 +0100
Determine peer's reflexive address and port when exchanging keys.
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.
Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
commit d15099e0029578bfd24d6b464b941f4693280001
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 23 18:48:01 2010 +0100
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request. However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
commit 469fa318bc817908af9a51e3a980ffc998fae6f2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 22 21:59:40 2010 +0100
Run subnet-up/down scripts for local MAC addresses as well.
commit 5d194b9f8767390d9fb1170554a8b6928214957a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 22 21:47:26 2010 +0100
Fix subnet-up/down scripts being called with an empty SUBNET.
Commit 052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
scripts to be called with an empty, or possibly corrupted SUBNET variable when
a Subnet is added or removed while the owner is still online. In router mode,
this normally does not happen, but in switch mode this is normal.
commit b45511118421920771f5dcd5e4bafc04376e4450
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 16 20:16:33 2010 +0100
Make MSS clamping configurable, but enabled by default.
It can either be set globally in tinc.conf, or per-node in host config files.
commit 95928f7c2910a7da01a89cdc63c86c4d87fac004
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 16 19:32:33 2010 +0100
Also clamp MSS of TCP over IPv6 packets.
commit b1945f70fe993ca447555a1e27f35638b0c1fd8b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 15 23:41:14 2010 +0100
Optimise handling of select() returning <= 0.
Before, we immediately retried select() if it returned -1 and errno is EAGAIN
or EINTR, and if it returned 0 it would check for network events even if we
know there are none. Now, if -1 or 0 is returned we skip checking network
events, but we do check for timer and signal events.
commit 51099658c919794cde72ea1107b9d9b9c3cee926
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 15 23:19:08 2010 +0100
Ping nodes immediately when receiving SIGALRM.
One reason to send the ALRM signal is to let tinc immediately try to connect to
outgoing nodes, for example when PPP or DHCP configuration of the outgoing
interface finished. Conversely, when the outgoing interface goes down one can
now send this signal to let tinc quickly detect that links are down too.
commit 2a538ed34332b3392f866d56accd9efecc9467ed
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 15 13:42:37 2010 +0100
Clamp MSS of IPv4 SYN packets.
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends. We
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
sending too large packets.
commit 35b1c25093a478d20e01f0ff391c9cdc9c41c2b8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 31 13:19:13 2009 +0100
Move source from lib/ to src/.
The utility functions in the lib/ directory do not really form a library.
Also, now that we build two binaries, tincctl does not need everything that was
in libvpn.a, so it is wasteful to link to it.
commit 41497246eeccbcc417f93c2ae087e927751c6914
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 31 13:09:14 2009 +0100
Remove unused AVL tree library.
commit e4812ba9cc4262ec921944f02639ce55781d7497
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 24 12:42:21 2009 +0100
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
commit 7203d5fb07be2d3ae006c2b65d0be1e6533e1273
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 23 19:51:55 2009 +0100
Use xstrdup() instead of xasprintf() to copy static strings.
commit a9a803d5662832eb397837055a49fd94118eabf3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 23 19:49:38 2009 +0100
Allow port to be specified in Address statements.
This allows one to connect to use more than one port number to connect to
another node. The syntax is now:
Address = <hostname> [<port>]
commit 43e34d8180c90682ed1601dec3de7f68ec96d65b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 23 19:22:06 2009 +0100
Do not fragment packets smaller than RFC defined minimum MTUs.
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
68, but this is such a low limit that it will probably hurt performance, so we
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
791). If we detect a path MTU smaller than those minima, and we have to handle
a packet that is bigger than the PMTU but smaller than those minima, we forward
them via TCP instead of fragmenting or returning ICMP packets.
commit 36261650024ba8e18f9c77396f1d7a4e51f20602
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 23:23:25 2009 +0100
Do not use hardcoded cipher block length when padding.
commit f542ef8f9e645bf30e11e196dd768fac4f957eac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 22:17:39 2009 +0100
Fix alignment of results of RSA operations when using libgcrypt.
If the result of an RSA encryption or decryption operation can be represented
in less bytes than given, gcry_mpi_print() will not add leading zero bytes. Fix
this by adding those ourself.
commit 4c68a8cb60eb0a4c05d9ce98963b930a976b55ee
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 20:53:48 2009 +0100
Do not consider unreachable nodes when trying to determine packet origin.
commit 74e50d52e0e23c9dd1e21fb447f1e1a59d02d0b2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 20:52:19 2009 +0100
recv() and recvfrom() return int, do not prematurely cast the return value.
commit 0bfd69a2736cb98470b47c1f6cba617b58bb86ef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 20:26:30 2009 +0100
Fix reading raw RSA keys with libgcrypt.
commit 0ff44fc2417217d542bf0e9a7ecfd20020893bc7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 20:10:38 2009 +0100
Reinitialise block cipher IV each time we encrypt a packet when using libgcrypt.
commit 3c90be7678566203d38624c4a6fe3affaffbe5e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 19 18:57:54 2009 +0100
Fix block cipher padding when using libgcrypt.
commit c845bc109c85e6fb350096c63e13ef8e617ee29b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 18 01:15:25 2009 +0100
Fix packet authentication.
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
commit 10d609b1f0dd9eeb024cd40359683d48542aecbf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 16 21:18:21 2009 +0100
Start of a GUI for tinc.
commit 55ef2f806f9840103bceb472564a711b22e73d58
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 16 21:16:56 2009 +0100
Allow connections to be closed.
This only closes existing meta connections, it may not affect node
reachability.
commit f12c36afd5293ddbecccf13f36edb8d36e56f040
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 14 21:25:06 2009 +0100
Include missing header files and source directories.
commit 2a410cd26d25cc01b96d255644df3ad138eae776
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 14 21:20:56 2009 +0100
Do not include OpenSSL headers directly.
commit 5d78e497f1c352c8d490eed1d44d128523a34572
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 11 22:38:06 2009 +0100
Fix compiler warnings.
commit d6c50eb73ad49bd2eac67214995dff76b7a20661
Merge: fec14791 369fe1ab
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 11 22:31:27 2009 +0100
Merge branch 'master' into 1.1
Conflicts:
src/subnet.c
commit fec14791e869180bb7994ca38ca7006cc2e957fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 11 22:24:07 2009 +0100
Only call ioctlsocket() on Windows.
commit 369fe1ab1cbfc3f8305de1faab2e30157378b044
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 8 22:18:37 2009 +0000
Forget addresses of unreachable nodes.
We clear the cached address used for UDP connections when a node becomes
unreachable. This also prevents host-up scripts from passing the old, cached
address from when the host becomes reachable again from a different address.
commit 62f235e05c54e458724f437e519ed1b3e17835b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 28 11:56:13 2009 +0000
Remove unused variable in lookup_subnet_*() functions.
commit 92aefd25bf9e8e63f199cc252218f5c427f836b7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 28 11:52:23 2009 +0000
When learning MAC addresses, only check our own Subnets for previous entries.
Before it would check all addresses, and not learn an address if another node
already claimed that address. This caused fast roaming to fail, the code from
commit 6f6f426b353596edca77829c0477268fc2fc1925 was never triggered.
commit edebf579f2ea29e6e84360cb13731f5858a1555b
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Sat Nov 7 23:43:25 2009 +0100
Use the TCP socket infrastructure for control sockets.
The control socket code was completely different from how meta connections are
handled, resulting in lots of extra code to handle requests. Also, not every
operating system has UNIX sockets, so we have to resort to another type of
sockets or pipes for those anyway. To reduce code duplication and make control
sockets work the same on all platforms, we now just connect to the TCP port
where tincd is already listening on.
To authenticate, the program that wants to control a running tinc daemon must
send the contents of a cookie file. The cookie is a random 256 bits number that
is regenerated every time tincd starts. The cookie file should only be readable
by the same user that can start a tincd.
Instead of the binary-ish protocol previously used, we now use an ASCII
protocol similar to that of the meta connections, but this can still change.
commit c388527e341658dc915dd67c90bbc9b52b8539c0
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Sat Nov 7 16:09:56 2009 +0100
Small fixes to get really working control sockets on Windows.
commit 5c5548fc7185cc1462602dadcd39a53cef481d29
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Sat Nov 7 14:35:48 2009 +0100
Better integration of libevent in build system.
Since event.h is not part of tinc, we include it in have.h were all other
system header files are included. We also ensure -levent comes before -lgdi32
when compiling with MinGW, apparently it doesn't work when the order is
reversed.
commit 075264a9e18f9fd58cad044c064a91557e9ed429
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Thu Nov 5 23:29:28 2009 +0100
Make sure the 1.1 branch compiles in a MinGW environment.
UNIX domain sockets, of course, don't exist on Windows. For now, when compiling
tinc in a MinGW environment, try to use a TCP socket bound to localhost as an
alternative.
commit 08615e420b2dd5054dd978bf53c88b8dde6e4788
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 5 00:02:42 2009 +0100
Handle PKCS#5 padding in the gcrypt backend.
commit d9b2ac6767f85927a26e2b95bba69c052ac503ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 5 00:01:25 2009 +0100
Handle truncated message authentication codes with gcrypt.
Commit 4124b9682f8f890acb25d0c92f2583eef670274a did not update the gcrypt
backend.
commit c4afc481541bff4db7f57c81796b7a5f61cdb1b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 4 16:19:08 2009 +0100
Use %x instead of %lx where appropriate.
Some conversions were not properly merged from the master branch.
commit 37ccb325af5c7865eb16716780121a8a6dce8abd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 4 16:18:08 2009 +0100
Don't enable device events when there is no valid filedescriptor.
commit 108b238915c5f58b3d94ab433dc5d04e064c2b11
Merge: 761517c2 44834d03
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 2 14:24:27 2009 +0100
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
configure.in
doc/tinc.texi
doc/tincd.8.in
src/Makefile.am
src/connection.c
src/edge.c
src/meta.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/node.c
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_edge.c
src/subnet.c
commit 44834d030464bbe1f7733caba8d96c678f1d6cf2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 1 16:24:39 2009 +0100
Releasing 1.0.11.
commit d331f04e4598824afc7de33ac1228cf441ae9872
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 1 15:57:28 2009 +0100
Start a tinc service if it already exists.
commit 6f6f426b353596edca77829c0477268fc2fc1925
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 27 23:53:49 2009 +0100
Fast handoff of roaming MAC addresses.
In switch mode, if a known MAC address is claimed by a second node before it
expired at the first node, it is likely that this is because a computer has
roamed from the LAN of the first node to that of the second node. To ensure
packets for that computer are routed to the second node, the first node should
delete its corresponding Subnet as soon as possible, without waiting for the
normal expiry timeout.
commit e00b44cb98e4d50a0d426048ba01dbd80bcb5941
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 25 01:40:07 2009 +0200
Move socket error interpretation to utils.h.
commit c11dc8079b60d9f8c5b1c7e8fecd90d0fac5a20c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 25 00:50:09 2009 +0200
Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
commit 1bca167b7e24a9cb00ad6130c24f0bb60e208f1f
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun Oct 18 21:27:24 2009 +0400
Remove localedir leftovers.
commit c3acae034c4da2d1c70f31b852b14ca098c0eeb9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 22:32:35 2009 +0200
Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
This ensures the DF bit on outgoing UDP packets gets set on Windows when path
MTU discovery is enabled, reducing fragmentation.
commit 242c4e2ca67d0b5c78dfe6e68a5ddcd27be1de99
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 21:53:01 2009 +0200
Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
commit d922db253cd098bc038449e5c591cc94c1019952
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 21:35:40 2009 +0200
Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
commit a8f7fccbc2b5f1c4c39fc2804abaa358b31a5080
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 21:32:06 2009 +0200
Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
commit cddcdc9af34afb388a8e4bdfff6882f568b98313
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 20:54:44 2009 +0200
Allow UDP packets with an address different from the corresponding TCP connection.
commit 5cbddc68bade0d1f8ded1b784bb27bb44c5dc5dc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 16:15:24 2009 +0200
Use uint32_t instead of long int for connection options.
Options should have a fixed width anyway, but this also fixes a possible MinGW
compiler bug where %lx tries to print a 64 bit value, even though a long int is
only 32 bits.
commit 468f393c4fabf9223a1bd15adfb3906cde90d547
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 24 16:05:12 2009 +0200
Add dummy device.
commit b6543af7626403516b5fc54c24b11d3a242a2992
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 20 22:39:07 2009 +0200
Clarify and increase level of log message about MTU probes to unreachable nodes.
commit 43a6e786648fb666a9b7be8f05c8a173031c9110
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 20 22:33:16 2009 +0200
Handle weighted Subnets in switch and hub modes.
We now handle MAC Subnets in exactly the same way as IPv4 and IPv6 Subnets.
This also fixes a problem that causes unncessary broadcasting of unicast
packets in VPNs where some daemons run 1.0.10 and some run other versions.
commit 3a925479c2883a6a9711f7b6931863d7f2a2c09b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 20 22:22:59 2009 +0200
Starting to work towards 1.0.11.
commit 35af4051c3749cd2c2137a7eb57171a1fbb12af7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 20 22:14:47 2009 +0200
Fix a possible crash when sending the HUP signal.
When the HUP signal is sent while some outgoing connections have not been made
yet, or are being retried, a NULL pointer could be dereferenced resulting in
tinc crashing. We fix this by more careful handling of outgoing_ts, and by
deleting all connections that have not been fully activated yet at the HUP
signal is received.
commit 8c267d3d558ac97a4ce7381a37abb6cc4b46b133
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 18 16:45:13 2009 +0200
Releasing 1.0.10.
commit 3849de9a331ad132ed9d01c9f0cac47196624b3e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 18 16:44:32 2009 +0200
Fix description of the WEIGHT environment variable.
commit 87364c16564c897b1a2d306615804d68ea5a9ba1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 18 14:22:20 2009 +0200
Include missing header.
commit c7fdc7d5b8d728c744b13a823e7eef9d2432c61e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 12 23:51:57 2009 +0200
Remove debugging message when reading packets from a BSD device.
This was inadvertently introduced by commit
4a5d42178cc0954efba8b24058da9c70cc77c35a.
commit ec4c8bcb18c1f463cf4544126e027fc8ec9b3a39
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 12 22:14:47 2009 +0200
Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
This device works like /dev/tun on Linux, automatically creating a new tap
interface when a program opens it. We now pass the actual name of the newly
created interface in $INTERFACE.
commit 92b8abc921dd15b710f67335562210eb713fbb39
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 11 18:57:58 2009 +0200
Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.
If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.
We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
commit 927064e5fd0ebf29a7ea768a7f9c4226da626a72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 11 15:46:52 2009 +0200
Small updates to the documentation.
Mention that TCPOnly is not necessary anymore since tinc will autodetect
whether it can send via UDP or not. Also mention the WEIGHT environment
variable and the new default value (2048 bits) of RSA keys.
commit 2c30af6c90926340a89748c63cc453b1c0b5a589
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 11 14:20:14 2009 +0200
Ensure that the texinfo manual can be converted to HTML.
The top node was made conditional with the @iftex command, since it should not
appear in PostScript and PDF output. However, it is still necessary for
texi2html, so we have to use @ifnottex instead.
Texi2html also complains about the use of @cindex in the copyright statement,
so we remove that.
commit a4f132770dc136d456c67b01d209e73f5f4d7a65
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 11 13:56:04 2009 +0200
Revert "Raise default crypto algorithms to AES256 and SHA256."
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.
This reverts commit 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2.
commit 2762509be179dcb21d855f3d6f90d3ee686e3910
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 11 13:54:05 2009 +0200
Remove code duplication when checking ADD_EDGE/DEL_EDGE messages.
commit 5cddf5e52aeb20e50c887356ad23aec354e04151
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 11 13:51:10 2009 +0200
Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
So that we are liberal in what we accept.
commit 430c90412c521c534113b3c4e5fc883e9b7ecff0
Author: Borg <borg@uu3.net>
Date: Sat Oct 3 13:06:00 2009 +0200
Removed last gettext function.
commit 3282375f4d64d9402141ac4bf142629ec2e1cd53
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 29 16:25:20 2009 +0200
Remove autogenerated files from EXTRA_DIST.
Apparently they were once necessary, but autoconf now includes them
automatically. Some of them are not used anymore, and this caused make dist to
fail.
commit 761517c21c37a808a19b487aa116c3c19439feca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 29 15:33:58 2009 +0200
Update FSF address in files not covered by the merge.
commit 07a560eab66b575f382428a956550817697e25e2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 29 15:19:55 2009 +0200
Drop localisation and checkpoint tracing in files not covered by the merge.
commit 7ea85043ac1fb2096baea44f6b0af27ac0d0b2cf
Merge: f1fec466 9a2b0f88
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 29 14:55:29 2009 +0200
Merge branch 'master' into 1.1
Conflicts:
NEWS
configure.in
lib/Makefile.am
lib/pidfile.c
lib/pidfile.h
lib/utils.c
po/POTFILES.in
po/nl.po
src/Makefile.am
src/bsd/device.c
src/conf.c
src/connection.c
src/cygwin/device.c
src/edge.c
src/event.c
src/graph.c
src/linux/device.c
src/meta.c
src/mingw/device.c
src/net.c
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/process.c
src/protocol.c
src/protocol_auth.c
src/protocol_edge.c
src/protocol_key.c
src/protocol_misc.c
src/protocol_subnet.c
src/raw_socket/device.c
src/route.c
src/solaris/device.c
src/subnet.c
src/tincd.c
src/uml_socket/device.c
commit 9a2b0f88a9cae753ebc81c939d01403178b18a35
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 26 12:51:52 2009 +0200
Update the NEWS.
commit 46e481dc945c5572eb6091a3660f6bf258ee0cfa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 21:14:56 2009 +0200
Add more authors to the copyright headers.
Git's log and blame tools were used to find out which files had significant
contributions from authors who sent in patches that were applied before we used
git.
commit 4c85542894f7fca823b119b05e07179deb24229a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 00:54:07 2009 +0200
Drop support for localisation.
Localised messages don't make much sense for a daemon, and there is only the
Dutch translation which costs time to maintain.
commit a227843b739d279b63adcf3736ebb03d856080c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 00:33:04 2009 +0200
Remove checkpoint tracing.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
commit 5dde6461a321ee47b06e33f8203f2acf00a31a51
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 00:14:03 2009 +0200
K&R style braces.
This is essentially commit f02d3ed3e135b5326003e7f69f8331ff6a3cc219 from the
1.1 branch, making it easier to merge between master and 1.1.
commit ab7c61b06f6c6e991225f2fcc32d02b8e1084aee
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 25 00:01:00 2009 +0200
Update the address of the Free Software Foundation in all copyright headers.
commit 0e6856b1379e278aa5ed116d0911851339a6064c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 24 23:42:30 2009 +0200
Remove Ivo's old email addresses.
commit c217d214f4f071c235bc7c463a1da6124e2570a6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 24 23:39:16 2009 +0200
Remove all occurences of $Id$.
commit c23fcf555ee4b69f03b76a0ffb731c3a475a77e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 24 23:29:46 2009 +0200
Update copyright information.
- Update year numbers in copyright headers.
- Add copyright information for Michael Tokarev and Florian Forster to the
copyright headers of files to which they have contributed significantly.
- Mention Michael and Florian in AUTHORS.
- Mention that tinc is GPLv3 or later if compiled with the --enable-tunemu
flag.
commit f1fec466e232c00c668422014029dce9114d3add
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Wed Sep 16 23:43:19 2009 +0200
Add a better autoconf check for libevent.
commit 4bdf0e80ee4cd0d40eb6522dab05df9346a5b3d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 16 20:28:30 2009 +0200
Replace asprintf()s not covered by the merge to xasprintf().
commit 1cbddbd573d786f6b2bf9812dda89d1ea5b7e021
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 16 20:17:11 2009 +0200
Use correct format specifiers.
commit 2f97bdb46b1ed0a669619e0b9acf76f43dfa648b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 16 20:16:54 2009 +0200
Add missing #include.
commit 075e6828a7533e7daa790225f17aa6bb39703278
Merge: 9b129c07 b5ccce29
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Wed Sep 16 19:55:47 2009 +0200
Merge branch 'master' into 1.1
Conflicts:
have.h
lib/dropin.c
lib/fake-getaddrinfo.c
lib/pidfile.c
src/Makefile.am
src/bsd/device.c
src/conf.c
src/connection.c
src/connection.h
src/graph.c
src/mingw/device.c
src/net.c
src/net_setup.c
src/node.c
src/protocol_key.c
src/protocol_misc.c
src/tincd.c
commit b5ccce296848aab72d574ca3de14af5fdf3efa4d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 23:22:13 2009 +0200
Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum. If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives. We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
commit d273efb177738d429e3cef7d8db8ee5cc8dcada7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 23:04:52 2009 +0200
Raise default RSA key length to 2048 bits.
commit b47c17bcdeb70b63ad9346dc97ba575597cbd803
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 22:59:01 2009 +0200
Use a mutex to allow the TAP reader to process packets faster on Windows.
The TAP-Win32 device is not a socket, and select() under Windows only works
with sockets. Tinc used a separate thread to read from the TAP-Win32 device,
and passed this via a local socket to the main thread which could then select()
from it. We now use a global mutex, which is only unlocked when the main thread
is waiting for select(), to allow the TAP reader thread to process packets
directly.
commit 802a50ffcd5f39bfc6424ac841de4e41154092fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 22:58:16 2009 +0200
Remove extra {.
commit 4bb3793e38b7c7f24dd308801e7f6dbb02cf02d2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 12:08:05 2009 +0200
Raise default crypto algorithms to AES256 and SHA256.
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
commit 633c0cf1b067d118d5453bc8522fab65ffc82d2c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 00:36:07 2009 +0200
Use access() instead of stat() for checking whether scripts exist.
commit 6f1e0ece4e61f30612ed84ca4640635a02892cc8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 00:28:20 2009 +0200
Remove dropin random() function, as it is not used anymore.
commit fa9bedd47cf8c143e801889c78f0a0979ac4d2fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 15 00:24:31 2009 +0200
Allow compiling for Windows XP and higher.
This allows us to use getaddrinfo(), getnameinfo() and related functions, which
allow tinc to make connections over existing IPv6 networks. These functions are
not available on Windows 2000 however. By default, support is enabled, but when
compiling for Windows 2000 the configure switch --with-windows2000 should be
used.
Since getaddrinfo() et al. are not functions but macros on Windows, we have to
use AC_CHECK_DECLS() instead of AC_CHECK_FUNCS() in configure.in.
commit f80bf14f28925df6eaa56f3ed77adaf418ab9890
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 14 23:28:28 2009 +0200
Also do not use drand48(), it is not available on Windows.
commit 35e87b903e08fc51975a8cc97f06251d5153a424
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 14 23:06:00 2009 +0200
Use only rand(), not random().
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
commit 75773efe2689d347a2f219c5f27e4a82eef1236b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 13 14:08:59 2009 +0200
Apparently it's impolite to ask GCC to subtract two pointers.
If two pointers do not belong to the same array, pointer subtraction gives
nonsensical results, depending on the level of optimisation and the
architecture one is compiling for. It is apparently not just subtracting the
pointer values and dividing by the size of the object, but uses some kind of
higher magic not intended for mere mortals. GCC will not warn about this at
all. Casting to void * is also a no-no, because then GCC does warn that strict
aliasing rules are being broken. The only safe way to query the ordering of two
pointers is to use the (in)equality operators.
The unsafe implementation of connection_compare() has probably caused the "old
connection_t for ... still lingering" messages. Our implementation of AVL trees
is augmented with a doubly linked list, which is normally what is traversed.
Only when deleting an old connection the tree itself is traversed.
commit 23e151aeed6b3ffe0fab10f51ffdb134deb7a852
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 13 14:07:40 2009 +0200
Remove superfluous call to avl_delete().
commit 9915f2abbedb7f1aa2b9e2f81d52ddcfca60e82d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 12 14:19:36 2009 +0200
Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
commit 7242868b64f9d6f62b6c5bbf1526eb632ed9a4d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 12 13:40:32 2009 +0200
Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba56480b5565ffb38496175a7c1df60ac
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
commit 052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 12 13:34:11 2009 +0200
Put Subnet weight in a separate environment variable.
Commit 5674bba5c54c1aee3a4ac5b3aba6b3ebded91bbc introduced weighted Subnets,
but the weight was included in the SUBNET variable passed to subnet-up/down
scripts. This makes it harder to use in those scripts. The weight is now
stripped from the SUBNET variable and put in the WEIGHT variabel.
commit a60a0a1f1357508063ee565d672c39898a787e33
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 10 19:51:08 2009 +0200
Don't stat() on iPhone/iPod.
Grzegorz Dymarek noted that tinc segfaults at the stat() call in
execute_script() on the iPhone. We can omit the stat() call for the moment,
the subsequent call to system() will fail with just a warning.
commit 4a5d42178cc0954efba8b24058da9c70cc77c35a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 10 19:32:54 2009 +0200
Add support for iPhones and recent iPods.
This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use
the tunemu device, which allows tinc to be compiled for iPhones and recent
iPods. To enable support for tunemu, the --enable-tunemu option has to be used
when running the configure script.
commit ff946d0423fe547ea42bb11acfb3035c3b8aee4e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 9 14:51:36 2009 +0200
Another safe bitfield conversion.
commit dd6226062c2356d2a3679e2c7972be71233cb9de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 9 13:23:16 2009 +0200
Add the GPL license to the repository.
Tinc is licensed under the GPL version 2 or later. To ensure autoconf does not
install the wrong license if COPYING is missing, we have to put the right one
in place.
commit 81afa26e4ad53bea00da18a7666f63d33cf3f588
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 9 12:04:08 2009 +0200
Convert bitfields to integers in a safe way.
This is commit eb391c52eed46f3f03b404553df417851fc0cb90 redone, but without the
non-standard anonymous union.
commit 9b394bc887695da6db74f4b9796b4823e553f8cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 8 21:45:24 2009 +0200
Ensure tinc compiles with gcc -std=c99.
We use a lot of C99 features already, but also some extensions which are not in
the standard.
commit f52ea0a7eb0383cc2a5f41db1bf24c39424fdb04
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 8 18:21:52 2009 +0200
UNIX signal numbers start at 1.
commit 73d77dd416b87b7c4e9b6aa450f64846235cd2b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 8 18:18:36 2009 +0200
Replace asprintf() by xasprintf().
commit 3e55dc77f4ba19fd9e79f3d5ce9d28bb6b05019e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 8 18:18:16 2009 +0200
Check the return value of fscanf() when reading a PID file.
commit 5e0efd53e797a2b5468b91b41b6122f3b942efb2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 8 18:16:58 2009 +0200
Add xasprintf() and xvasprintf().
These functions wrap asprintf() and vasprintf(), and check the return value. If
the function failed, tinc will exit with an error message, similar to xmalloc()
and friends.
commit 63fe89e9eb8ef9077bfe3cd416c86820715eb33b
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sat Sep 5 17:24:41 2009 +0400
Remove extra semicolon in my definition of setpriority()
commit 5a7fc58012da10b96073804994777255463d1b8d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 8 16:35:28 2009 +0200
Always remove a node from the UDP tree before freeing it.
Valgrind caught tinc reading free'd memory during a purge(). This was caused by
first removing it from the main node tree, which will already call free_node(),
and then removing it from the UDP tree. This might cause spurious segmentation
faults.
commit de029ce46056e02908b5390da9b71a6a59133f26
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 11 19:39:25 2009 +0200
Change level of some debug messages, zero pointer after freeing hostname.
commit 66be914d35cb7e7ea4dd4aed68ae9e41addd9f70
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 11 19:26:34 2009 +0200
Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
commit df4add94a4a6461758b218a9ad257efc735062fe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 11 19:07:54 2009 +0200
Remove pending MTU probe events when a node's reachability status changes.
commit 36f8e4da8b1708474505f5a1fa8cf1ba848921de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 11 18:36:08 2009 +0200
Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.
commit 9b129c07e273ae113f3c67a9feeee82e8146f3a1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 6 20:14:51 2009 +0200
Fix pointer arithmetic when creating and verifying message authentication codes.
commit 4124b9682f8f890acb25d0c92f2583eef670274a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 6 19:04:04 2009 +0200
Handle truncated message authentication codes.
commit 5a132550deb58473285e5f91705d286aef47be71
Merge: 08aabbf9 591c38eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 5 23:03:28 2009 +0200
Merge branch 'master' into 1.1
Conflicts:
doc/tincd.8.in
lib/pidfile.c
src/graph.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/node.h
src/protocol_auth.c
src/protocol_key.c
src/tincd.c
commit 261d1eac1c5bbe6c87aa707566f290e611169432
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 5 16:14:31 2009 +0200
Properly set HMAC length for incoming packets.
commit 591c38eb38dbf0851bdebdd50b08d1bcbf6d7b0f
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Fri Jun 5 13:33:58 2009 +0400
try outgoing connections before chroot/drop_privs
When chrooted, we either need to force-initialize resolver
and/or nsswitch somehow (no clean way) or resolve all the
names we want before entering chroot jail. The latter
looks cleaner, easier and it is actually safe because
we still don't talk with the remote nodes there, only
initiating outgoing connections.
commit a42a8dde45fe95aa3fd3f7f15a74c5166efe3633
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Fri Jun 5 11:58:17 2009 +0400
cleanup setpriority thing to make it readable
commit a5fb0d8c6c384b9ea1074fb469c0a3dd5b874e98
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 28 23:18:22 2009 +0200
Add some const where appropriate.
commit 41c10c5a966000531099c79d6006429253ff8fd6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 28 22:51:30 2009 +0200
Add ProcessPriority option.
This option can be set to low, normal or high. On UNIX flavours, this changes
the nice value of the process by +10, 0 and -10 respectively. On Windows, it
sets the priority to BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS and
HIGH_PRIORITY_CLASS respectively.
A high priority might help to reduce latency and packet loss on the VPN.
commit 41a05f59ba2c3eb5caab555f096ed1b9fbe69ee3
Author: Florian Forster <octo@verplant.org>
Date: Wed May 27 14:20:24 2009 +0200
src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
If a host has multiple addresses on an interface, the source address of the TCP
connection(s) was picked by the operating system while the UDP packets used a
bound socket, i. e. the source address was the address specified by the user.
This caused problems because the receiving code requires the TCP connection and
the UDP connection to originate from the same IP address.
This patch adds support for the `BindToInterface' and `BindToAddress' options
to the setup of outgoing TCP connections.
Tested with Debian Etch on x86 and Debian Lenny on x86_64.
Signed-off-by: Florian Forster <octo@verplant.org>
commit 6b415a1a7f5bad2fff7b133ef2a2febccb96d6e5
Author: Florian Forster <octo@verplant.org>
Date: Wed May 27 09:27:44 2009 +0200
src/linux/device.c: Fix segfault when running without `--net'.
If running without `--net', the (global) variable `netname' is NULL. This
creates a segmentation fault because this NULL-pointer is passed to strdup:
Program terminated with signal 11, Segmentation fault.
#0 0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7d30463 in strlen () from /lib/tls/i686/cmov/libc.so.6
#1 0xb7d30175 in strdup () from /lib/tls/i686/cmov/libc.so.6
#2 0x0805bf47 in xstrdup (s=0x0) at xmalloc.c:118 <---
#3 0x0805be33 in setup_device () at device.c:66
#4 0x0805072e in setup_myself () at net_setup.c:432
#5 0x08050db2 in setup_network () at net_setup.c:536
#6 0x0805b27f in main (argc=Cannot access memory at address 0x0) at tincd.c:580
This patch fixes this by checking `netname' in `setup_device'. An alternative
would be to check for NULL-pointers in `xstrdup' and return NULL in this case.
Signed-off-by: Florian Forster <octo@verplant.org>
commit a8a65cee083a27afe42cab360596e1453e7141b9
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun May 24 17:23:24 2009 +0400
tunnelserver: log which ADD_SUBNET was refused
Add some logging about refused ADD_SUBNET
(it causes subsequent client disconnect so it's
important to know which subnet was at fault).
Maybe we should just ignore it completely.
commit 4e9e3ca89dba68cbacaaa15ddfb298b181a969da
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 25 15:04:33 2009 +0200
Do not forward broadcast packets when TunnelServer is enabled.
First of all, the idea behind the TunnelServer option is to hide all other
nodes from each other, so we shouldn't forward broadcast packets from them
anyway. The other reason is that since edges from other nodes are ignored, the
calculated minimum spanning tree might not be correct, which can result in
routing loops.
commit 7fc69bc73b15349dafc193a50464caeb2f978369
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 25 12:19:37 2009 +0200
Use packet size before decompression to calculate path MTU.
Since compression can either grow or shrink a packet, the size of an MTU probe
after decompression might not reflect the real path MTU. Now we use the size
before decompression, which is independent of the compression algorithm, and
substract a safety margin such that the calculated path MTU will be safe even
for packets which grow as much as possible after compression.
commit 1b3add6c29f8eb424a62837e89fe7d384fc94a48
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 25 12:19:08 2009 +0200
Add declaration for sockaddrcmp_noport().
commit ca5b67111e4d797d15623c2163f67fe489dc3bf2
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sun May 24 22:32:24 2009 +0400
Fix ans_key exchange in recent changes
send_ans_key() was using the wrong in vs. outkeylength to
terminate the key being sent, so it was always empty.
commit 7034338bc36d9ea96d152091b9d58c2afc3f0c20
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 24 19:35:51 2009 +0200
Use xrealloc instead of if(ptr) ptr = xmalloc().
commit e012e752f4f1a2b06dfab4640bbbea8f084999ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 24 19:31:31 2009 +0200
Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66.
Instead of a single, global decryption context, each node has its own context.
However, in send_ans_key(), the global context was initialised. This commit
fixes that and removes the global context completely.
Also only set status.validkey after all checks have been evaluated.
commit 0246939ce18e1af9660b782b6814be182a7af9da
Author: Michael Tokarev <mjt@corpit.ru>
Date: Fri May 22 01:10:16 2009 +0400
don't log every strange packet coming to the UDP port
it's a sure way to fill up syslog. Only log those if
debug level is up to PROTOCOL
commit 576899ef0dec3aaede9b8ac101d189798587a646
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 24 17:13:00 2009 +0200
Fix link to Mattias Nissler's tun/tap driver for MacOS/X.
Thanks to Martin Christof Kindsmüller for spotting.
commit 2c67eafc6e6c5e210636c0d2bad15827bf2d7cf0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 24 15:58:47 2009 +0200
If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily.
commit 7e4d57adf54ce369e4111bde0ccd3ea4b9e853ee
Author: Michael Tokarev <mjt@corpit.ru>
Date: Fri May 22 01:01:35 2009 +0400
ignore indirect edge registrations in tunnelserver mode
In tunnelserver mode we're not interested to hear about
our client edges, just like in case of subnets. Just
ignore all requests which are not about our node or the
client node.
The fix is very similar to what was done for subnets.
Note that we don't need to add the "unknown" nodes to
the list in tunnelserver mode too, so move allocation
of new nodes down the line.
commit 3759aa5f7745709c43f81faa36510ff650b4bf99
Author: Michael Tokarev <mjt@corpit.ru>
Date: Wed May 20 18:40:04 2009 +0400
TunnelServer: Don't disconnect client on DEL_SUBNET too
Similar changes as was in 2327d3f6eb5982bcc922ff1ab1ec436ba6aeffdc
but for del_subnet_h().
Before, we vere returning false (and causing disconnect of the
client) in case of tunnelserver and the client sending DEL_SUBNET
for non-his subnet or for subnet which owner isn't in our connection
list.
After the mentioned change to add_subnet_h() that routine does not
add such indirect owners to the connection list anymore, so that
was ok (owner == NULL and we return true).
But if we too has a connection with the node about which the client
is sending DEL_SUBNET notification, say, because that client lost
connection with that other node, we'll disconnect this client from
us too, returning false for indirect DEL_SUBNET.
Fix that by allowing and ignoring indirect DEL_SUBNET in tunnelserver
mode.
Also rearranged the function a bit, to match add_subnet_h() (in
particular, syntax-check everything first, see if we've seen this
request before).
And also fix some comments.
commit 218adee785df7c79ac18395d056a2eb6d63c407f
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 17:34:30 2009 +0400
format 'not supported on this platform' error message
Format it in a similar way in all places, to make translation happier.
No functional changes.
commit 54cb6b1aecb06a1ca44a7a60c74dd0d65b0043dd
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 17:00:00 2009 +0400
change error messages in droppriv code to match the rest
Change formatting of error messages about failed syscalls
to be the same as in other places in tincd.
Also suggest a change in "$foo not supported on this platform"
message as it's now used more than once.
commit d4f9863635d06665cfbd3c46dc482344de240e97
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 16:53:08 2009 +0400
bugfix: chdir(/) after chroot
Fix the famous chdir(".") vs chdir("/") after chroot(something).
commit 6be5d4f5b67764115b37528d2fe01bd245b3cd3e
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 16:49:39 2009 +0400
bugfix: move mlock to after detach() so it works for child, not parent
mlock()/mlockall() are not persistent across fork(), and it's
done in parent process before daemon() which does fork(). So
basically, current --mlock does nothing useful.
Move mlock() to after detach() so it works for child process
instead of parent.
Also, check if the platform supports mlock right when processing
options (since else we'll have to die after startup, not at
startup, the error message will be in log only).
commit cdf7f13c31310da0c40819fd812e19519bf4318c
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 16:28:55 2009 +0400
bugfix: initialize pid (as read from pidfile) to zero
If we didn't read any number from a pid file, we'll return
an unitialized variable to the caller, and it will treat
that garbage as a pid of a process (possible to kill).
Fix that.
commit ec316aa32e8567395a88c4583007f01ffae008ce
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 16:25:41 2009 +0400
Implement privilege dropping
Add two options, -R/--chroot and -U/--user=user, to chroot to the
config directory (where tinc.conf is located) and to perform
setuid to the user specified, after all the initialization is done.
What's left is handling of pid file since we can't remove it anymore.
commit 6698f7c390a5ae2f262e30560d9df59f9d5c418d
Author: Michael Tokarev <mjt@corpit.ru>
Date: Mon May 18 16:25:10 2009 +0400
Rename setup_network_connections() and split out try_outgoing_connections()
In preparation of chroot/setuid operations, split out call to
try_outgoing_connections() from setup_network_connections()
(which was the last call in setup_network_connections()).
This is because dropping privileges should be done in-between
setup_network_connections() and try_outgoing_connections().
This patch renames setup_network_connections() to setup_network()
and moves call to try_outgoing_connections() into main routine.
No functional changes.
commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Fri Apr 3 01:05:23 2009 +0200
Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange. The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different. Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
commit 08aabbf9317806bc50a9a6693ca866c8936ce26b
Merge: 551cd194 43fa7283
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 9 19:02:24 2009 +0100
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
doc/tinc.conf.5.in
doc/tinc.texi
po/nl.po
src/conf.c
src/connection.c
src/event.c
src/graph.c
src/net.c
src/net_packet.c
src/net_socket.c
src/node.c
src/node.h
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_key.c
src/protocol_misc.c
src/subnet.c
src/subnet.h
src/tincd.c
commit 43fa7283ac01f2ecc95381b519ef6b3342546f35
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 9 14:04:31 2009 +0100
Use a simple Random Early Drop algorithm in send_tcppacket().
commit d5b56bbba56480b5565ffb38496175a7c1df60ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 9 13:48:54 2009 +0100
Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU. However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
commit 78fc59e994c764d072bf0045177f690a378d1308
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 5 14:12:36 2009 +0100
Update THANKS and copyright information.
commit 5674bba5c54c1aee3a4ac5b3aba6b3ebded91bbc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 5 13:34:13 2009 +0100
Allow weight to be assigned to Subnets.
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.
Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority. The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
commit 76a1bcaffcf1f1abf81fdda379b703a004640cb4
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Sat Feb 28 16:37:51 2009 +0300
Enable PMTUDiscovery only if BOTH sides wants it.
Don't enable PMTUDiscovery if at least one side does not support it.
Before it was enabled if at least one side supported it, now both are required.
commit 1c1a67fd93530b9d16538ab2897c3911d3b16574
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 17 14:43:05 2009 +0100
Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
commit 2327d3f6eb5982bcc922ff1ab1ec436ba6aeffdc
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Mon Feb 9 23:51:10 2009 +0100
Allow tunnelserver to work with clients that have other peers.
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
commit 23730375f27c32e0fe1a59c7a761dd85296a7a4a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 3 14:54:45 2009 +0100
Disable old RSA keys when generating new ones.
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
commit 0d0dfd0852e9b2c9a7660880966a3c84790d5ea2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 20 14:21:50 2009 +0100
Validate Name before using it in a filename when generating a keypair.
commit 0966cca8ab6dcde2747c717f21d73fd332e04242
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 20 14:20:44 2009 +0100
Allow reading config files with CRLF endings on Unix systems.
commit d1910ac198232573c1b18d8238a27bc29bc73f8a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 20 13:19:31 2009 +0100
Remove unused definitions from net.h.
commit 503c32eb0ef9d6329e931559082f4ddf6d487dc6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 20 13:12:41 2009 +0100
Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
commit a7e793c94ec414eb71ec2aa3debc9e2e5ed5cfef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 19 23:17:28 2009 +0100
Add missing cleanup functions in close_network_connections().
commit 116065afe352221ac6c2c8e34c109252004d6a59
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 19 22:50:05 2009 +0100
Change flush_events() to expire_events().
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
commit a39a9506cd041a7092a98498b362eaacfd2f33c3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 9 12:36:06 2009 +0100
Move free()s at the end om main() to the proper destructor functions.
commit 67df7fb7e1c9eefe4bbc920fdc68b595ef28abd9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 3 22:33:55 2009 +0100
Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
commit b069da90d67b49dce041f513a3855b8da3d82f80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 3 22:06:10 2009 +0100
Consistently allocate device and iface variables on the heap.
This fixes a segfault when no Device has been specified and tinc exits, and it
would try to free() a static string. Thanks to Borg for spottin.
commit f81cea3bdc8683b27188cd8f24a2de906a29eb81
Author: Guus Sliepen <guus@sliepen.eu.org>
Date: Sat Dec 27 11:09:43 2008 +0100
Update documentation for git.
commit c81f90b91a054eeafcc3c8c45abc52045e4a8146
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 13:47:34 2008 +0000
Releasing 1.0.9.
commit a4d99ebf5042dedb609359cbbfc3fa4630b5fc70
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 26 12:46:45 2008 +0000
Add missing parentheses in check for IPv4 multicast addresses.
commit 099bc56f53e7d3cb7b799d26ff9535673ff03e1c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 23 23:14:37 2008 +0000
Apply patch from Max Rijevski fixing a memory leak when closing connections.
It also cleans up more when stopping tinc, helping tools like valgrind.
commit de032054dee67bcc406b4a15fb9e957a766d016a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 23 22:31:38 2008 +0000
Handle broadcast and multicast packets in router mode.
Multicast packets are treated as broadcast packets.
Based on a patch from Max Rijevski.
commit a5f899a9794f215e8174455ead04862a2c14a5b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 21:49:23 2008 +0000
Update the manpage as well, and some whitespace to make its source more legible.
commit e8f08ced76bf1b9a94dd0dc874ad22761ad8900b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 21:29:21 2008 +0000
Update documentation.
- TCPOnly is not experimental.
- Do not mention old Linux kernels and Ethertap anymore.
- Document the DeviceType, PMTU and PMTUDiscovery options.
commit 0e4d419aae8a82f2ae4552f755894a9bc70c83d2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 20:35:45 2008 +0000
Enable PMTU discovery by default.
commit e9576632dc4b780b867044269d06cc50f76d8c05
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 20:27:52 2008 +0000
Update copyright information.
commit f50dc972cde2644588eabf35a2422fe0e372a024
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 19:43:49 2008 +0000
Update Dutch translation.
commit 26b490e86bc305b150200c0b08cd8e9c3bd605fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 19:40:40 2008 +0000
Make sure IPv6 sockets are IPv6 only.
This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
in use" message on Linux.
commit c6830ba821e6387be961ca68b32992382a74a0e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 19:33:37 2008 +0000
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
commit a269ec4193900feee01ac83f0e18a6e2b98e751f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 21 16:19:31 2008 +0000
Treat virtual network device as tap if Mode = switch or hub.
On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
commit 551cd19406a560d0d206bff5b4e9da064ec222b6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 14 12:47:26 2008 +0000
Move RSA key generation into the wrappers.
commit 911c05f873ad967c40d04aa7347b1067fe62c055
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 20:49:14 2008 +0000
Make sure IPv6 sockets are IPv6 only.
commit 6e80da3370249caa1082c23c3ef55f338d1e9e74
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 18:07:26 2008 +0000
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
commit 26a228e3025c3970fd461af777013e3807b0fc58
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 18:05:59 2008 +0000
Remove wrong checks.
commit 636200d1a2024982fe5b3062153daa72a8253015
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 15:56:18 2008 +0000
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
commit a9bdfb424e7a469d15156aa44bbe2fd0b8e28531
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 15:42:46 2008 +0000
Fix compiler warnings.
commit 76165488f8201a59e649b4eec02ee31398b3fb92
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 15:21:40 2008 +0000
Backport fixes from trunk since revision 1555.
commit 046158a216e78a0412186ec8463157f6bce45d5d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 14:44:44 2008 +0000
Use the crypto wrappers again instead of calling OpenSSL directly.
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
commit 8c69f42d7d9b4d9d5f6b6656cfc1bf1e1abee854
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 14:43:13 2008 +0000
Move AC_GNU_SOURCE up to make autoconf happy.
Also bump libgcrypt dependency to 1.4.0, because that version supports the OFB cipher mode.
commit 8e8fe805c81d3edc974c12c468f793ea0c1e5ee7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 14:03:52 2008 +0000
Only show meta connection related debug messages when debug level >= 4
commit 40bebbb19fd69fa094e2f6c3c1474adc0105b048
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Dec 11 13:59:46 2008 +0000
Look in the configured sbin directory for the tincd binary.
commit 38c2d6c1dae3f09c68baa37fd24caa2e0ec6d8ad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 5 14:17:39 2008 +0000
Correct debug message.
commit a36259435c17f76cf12476234a56f40fcd8faf41
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 18 15:11:27 2008 +0000
Prevent freeing a NULL pointer when a hostname is unresolvable.
commit 4a1740ede7c1992f7f3da5e197db9975c0344ac3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 25 19:54:00 2008 +0000
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
commit cb52aa06833a69e57b5e26337e51a4d375b6d8fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 25 18:10:08 2008 +0000
Fix reading configuration files that do not end with a newline.
commit b2cee41b187d79c095914d1097b8ff34a0609ec3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 14 21:17:08 2007 +0000
Make sure the prefixlength of subnets is sane.
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
commit fe2f1fceb546ca4326435cac26bcf3f513e82b43
Author: Scott Lamb <slamb@slamb.org>
Date: Thu Nov 8 19:18:44 2007 +0000
Use a control socket directory to restrict access
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.
We could add a cryptographic handshake later if desired.
commit b1f8c65a2cfa307d9b8ed8cc3c8d4819f605e4f6
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 06:45:28 2007 +0000
Coding style corrections
commit d82fcc88f355e3c8144478a860dfae0b299004a9
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:51:24 2007 +0000
Reload configuration through control socket
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
commit f0a57eab4cfd64d4f8261b1885a2072177f9e76b
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:50:58 2007 +0000
Retry connections through control socket
commit a62a6825a8a69e279ee0688a4cd9e51fbc52054b
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:50:27 2007 +0000
Alter debugging levels through control socket
commit 1065879c8c6e8cdf8d3755024241f31eaabd4138
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:49:57 2007 +0000
Purge through the control socket
commit 6eaefb4dbce240334e35f67d9f3db5d4f44e49c9
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:49:25 2007 +0000
Dump through control socket
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
commit 50ad3f2a895c38f8d546f87490ca96ab7d9e011e
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:48:33 2007 +0000
Fancier protocol for control socket
* pass error status back
* pass message boundaries
commit b0b52991849073de059a188800d1b2f03663a188
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:48:15 2007 +0000
Fix reload crash
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
commit da81da064a093f94e460fc1c359b5cfab26d6b5b
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:48:00 2007 +0000
Update documentation to match tincctl changes
(Most of this was done in r1559, but it looks like tincctl.8.in got missed.)
commit 40731d030fef793c6b6405efd9b3e64c26c00045
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Nov 7 02:47:05 2007 +0000
Temporarily revert to old crypto code
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)
This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
commit 269892f70bf357de6ad66ca89daa34b225ee9e37
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 20 11:21:44 2007 +0000
Prevent double free() of a used challenge nonce.
commit b0709d2649ebd7ad01d6e24851dcdfc2707d09c5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 19 19:07:30 2007 +0000
Fix meta data segfault when receiving a partial command.
commit 67d9a72ea2f10f1a2d2eb7c04a41183359d5e1cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 19 18:54:43 2007 +0000
Use a dummy function as the read callback for connection bufferevents. Should not be triggered.
commit 54892b2e3efcbbbd65b26a32f487829bbb8d787c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 19 18:53:48 2007 +0000
Fix connection weight estimation.
commit 6c453769fd16125ec18e8e6d102a3eaa09d370c7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 4 15:06:35 2007 +0000
Apply patch from Scott Lamb: Update documentation to match tincctl changes
commit 86358fabfedca395b60310799a648b4875596efb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 4 14:58:52 2007 +0000
Small fixes to make gcrypt routines compile.
commit f8733d1935ed83399c4851a31f4be710eb8c825f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 4 14:58:11 2007 +0000
Fix formatting of --help output.
commit 65375289dff849f00b3429dfe4be7e66efe48444
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 4 14:57:37 2007 +0000
Only check for libgcrypt if --with-gcrypt is used.
commit d7ca0300a3f004e9dc7d97ffb6fa6bdeda890fda
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 17 22:09:00 2007 +0000
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
commit 1fd1d5bd9330e02ab5dc32ad027f654ff2620099
Author: Scott Lamb <slamb@slamb.org>
Date: Fri Jul 20 20:10:46 2007 +0000
const correctness
cipher_encrypt and cipher_decrypt should take "const void *" data
commit 35d865a6348cd62d2992bb3d353e37471d902889
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Jul 18 16:44:05 2007 +0000
Updated svn:ignores list for new symlinked sources and tincctl.
commit dd299c06dccceeb9b4db09eee17268cf5631fa41
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Jul 18 16:40:41 2007 +0000
Refresh po/POTFILES.in.
In particular, remove lib/pidfile.c which was causing failures. Also sort
for diffability with "find . -type f -name '*.c' | cut -c3- | sort" output.
commit 46018a1a16579ce00b02eb6a991a70615ab9bc3e
Author: Scott Lamb <slamb@slamb.org>
Date: Wed Jul 18 16:40:29 2007 +0000
Revert to only requiring autoconf 2.59.
The new autoconf macros introduced at the same time (AC_GNU_SOURCE,
AC_FUNC_MALLOC, AC_FUNC_REALLOC) exist in the autoconf 2.59 documentation,
and autoconf 2.59 appears to still work. This is more convenient, as RHEL 5
ships with autoconf 2.59.
commit 1b8f8918360b40a2749d40355266ed7dedbe41b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 23 13:45:49 2007 +0000
Finish crypto wrapping. Also provide wrappers for OpenSSL.
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
commit f42e57f663a2663c830c4fb4c01927c2d3c89c09
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 22 23:41:22 2007 +0000
Some more crypto wrapper functions are needed.
commit 19413a8048fd851866c551ab8035f008f0c7e806
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 22 21:44:17 2007 +0000
Make sure the crypto wrapper functions can actually be compiled.
commit e8689a4753ca2b1665e131cc40217da6c033ebd3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 22 21:32:48 2007 +0000
Create wrappers for the cryptographic operations used in tinc.
Implement them using libgcrypt.
commit 465837dd7f7b727d489b354e4b75489dd49fd6e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 20 22:28:49 2007 +0000
Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption.
commit fbf305c09d91bf34b1504b58d50392df2e6bcfba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 22:23:02 2007 +0000
Use libevent for meta socket input/output buffering.
commit 59108e4e4f7aa4632c510d16961edd8c551a6542
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 16:21:52 2007 +0000
Use bufferevents to handle control socket buffering.
commit 8c6131deda546452386f3703af968ee664cadfbd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 15:21:26 2007 +0000
Implement "stop" command, and allow tincctl to retrieve a running tincd's PID.
commit e9043e17c76f92b787c9ecdaf1a2ae7916f690a6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 14:55:35 2007 +0000
Move key generation to tincctl.
commit bf8e3ce13dba6109757c14dc0013a315a75d2ba3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 14:13:21 2007 +0000
Remove pidfile in favour of control socket.
commit bc0a24ec810cb911610ae7aafa245e47d1268cd2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 13:34:32 2007 +0000
Fix retrying outgoing connections.
commit ce976717ea9756aa985699547fdbf132b694748d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 12:07:30 2007 +0000
We can safely delete a connection_t in terminate_connection() now.
commit 01f47c46af514a9d7f39c143e4558a8426a0d3eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 16:52:34 2007 +0000
Start of control socket implementation.
commit 6ded8a3f089a22c98d2a06b960d65b44e60188d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 11:54:16 2007 +0000
Update documentation.
commit 86586594334e951a99845d92baed1966e394aafa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 11:35:21 2007 +0000
Show branch version number.
commit e37ef57a956507cc29e80930201731562b4266e5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 11:19:31 2007 +0000
More consistent variable naming.
commit 29fbce4497357580fc0aa00f087e8f1a538a2a50
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 10:29:10 2007 +0000
Detect duplicate outgoing connections.
commit fb0cfccf7dc2240b576011edcf74fd5b058916cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 10:05:26 2007 +0000
Use splay trees instead of AVL trees.
commit f02d3ed3e135b5326003e7f69f8331ff6a3cc219
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 10:00:00 2007 +0000
K&R style braces
commit 760dd966efe7dbff316a8c638e40dee162848256
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 09:51:54 2007 +0000
Remove last references to the global variable "running".
commit 3909b8e51b27b11c6d54541220cb7767bf25569c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 09:43:52 2007 +0000
Remove the last bits of the legacy main_loop().
commit ddc6a81a854023e38b563f213aa9a449ee91add8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 18 09:34:06 2007 +0000
Remove global variable "now".
commit 7e1117197ca4fc62af93fda50e28e0ff06cb736c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 23:57:48 2007 +0000
Move key regeneration handling to net_setup.c.
commit 563577a1479549fa0c20dcda45831a0fff8c7513
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 23:33:07 2007 +0000
Use libevent to handle key expiration.
commit 8852d4407d87cf5dcf2c212d352279015aa050c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 23:24:40 2007 +0000
Use libevent to age learned MAC addresses.
commit a530f94e7c4acd94d1cd568b384931eec6f60563
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 23:14:42 2007 +0000
Use libevent to age past requests.
commit aaf1851315023c2f960c58a0d977085a485298e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 23:04:02 2007 +0000
Redo SIGALRM handling.
commit 6d19ebd612e6387ba34419cce5cd4d5d861b9a9e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 22:41:34 2007 +0000
Use libevent to handle all non-fatal signals.
commit 531d5a904a3a91bca8b7d373fb6ab2869b31e7fa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 22:17:24 2007 +0000
Properly use the timeout_initialized() macro.
commit bf6490825eabdf4eda6e64f2e5fcd690db7b72ce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 22:13:12 2007 +0000
Remove legacy event system.
commit a67ab277c9fdbcfc8c0550e9046df2a00b5fed81
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 22:09:55 2007 +0000
Use libevent for retrying outgoing connections.
commit 3321591d93d00326eee01fa7c78fb0d56b3d0fba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 22:01:07 2007 +0000
Use libevent to send MTU probes.
commit ee7844905f63872e12cd12f5a3d1a62220594831
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 21:47:27 2007 +0000
Configure events after obtaining a socket.
commit 294ce72441e44c0561556c2984f0e26a74230347
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 21:34:58 2007 +0000
Use libevent to handle HUP signal.
commit 4d0621b1f39537699b0ec4655b0c6e6b84581c9a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 21:14:30 2007 +0000
Use libevent to dump graphs when necessary.
event_add() can be called repeatedly, the second and later calls are ignored if
the event hasn't been removed yet.
commit 0f6f54ff8aa96d981f68b5b71c7126b8fdbead6c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 20:20:10 2007 +0000
Use a separate event structure to handle meta data writes.
Make meta socket events persistent.
commit 17c8033029d50ce4a30b6e3585c0ee28ef45bc97
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 19:52:12 2007 +0000
128 listener sockets is way too much.
commit d8dea8091fa2260071f775db58ba277d4ce44ea7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 19:51:26 2007 +0000
Properly delete listener socket events on shutdown.
commit 6ea1dfc995f386b3a9406c7935642524dc755c51
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 17 19:15:48 2007 +0000
Port fixes from release 1.0.8.
commit cf2be574948fdd02db0503d9639d3b6e268dd4ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 16 17:16:09 2007 +0000
Releasing 1.0.8.
commit 6af8900f8e1c7f2fe6a50a991ae6cbd0fd7edd43
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 16 14:46:25 2007 +0000
Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski.
commit 31a190dc7db21aa9bb97792563dd83e7c41b831c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 16 14:42:41 2007 +0000
Update dutch translation.
commit 480dd127c8a539036ff82a3810a0ad83136944f8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 16 14:42:08 2007 +0000
Make sure connection->name is never NULL.
commit f0cf4991e2bd0e618c7020511fb12cb0b5c59a40
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 14 09:21:09 2007 +0000
Apply patch from "dnk" making sockets non-blocking under Windows.
commit 3730156165fd1aa7c8810cd8e390aba6a8badcfa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 12 17:55:43 2007 +0000
Only free members of connection_t that have been allocated.
commit 39f6d59b4b81dc2d754329e6c9f885e8211c5e70
Author: Scott Lamb <slamb@slamb.org>
Date: Tue Feb 27 08:13:41 2007 +0000
Lots of svn:ignore entries
commit 38c25d62c2bc76908bd95fb21c8f5e39ad269884
Author: Scott Lamb <slamb@slamb.org>
Date: Tue Feb 27 01:57:01 2007 +0000
Convert to libevent.
This is a quick initial conversion that doesn't yet show much advantage:
- We roll our own timeouts.
- We roll our own signal handling.
- We build up the meta connection fd events on each loop rather than
on state changes.
commit 834290b00f859412ee48bef454a07083cb727130
Author: Scott Lamb <slamb@slamb.org>
Date: Tue Feb 27 01:30:57 2007 +0000
A couple missed tevent things.
(Sorry; had a couple changes queued.)
commit 6362b12df725044f3404faceff113e469d8ac860
Author: Scott Lamb <slamb@slamb.org>
Date: Tue Feb 27 01:26:11 2007 +0000
Rename "event_t" to "tevent_t", along with associated functions.
This relieves some confusion and problems during the libevent transition.
In particular, "event_add" was defined by both.
(The 't' stands for 'timeout', 'tinc', 'temporary', or some such.)
commit 54431094d95f3989084755fdb91883b24cf5a9f4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Feb 24 22:50:42 2007 +0000
Created the 1.1 branch where large code changes can take place,
at the same time keeping compatibility with 1.0.
commit ab6f76f6a9fc8028fff96322a52b770710ffa1a9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 14 09:32:16 2007 +0000
Close the proper filedescriptor (if it exists).
commit 45fca3c723302868de3225e7509d2292008948f7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 14 09:21:34 2007 +0000
Apply patch from Scott Lamb fixing some memory and resource leaks.
commit 6c6535a4161d04accb3a22c51477e9f92ae34086
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 14 09:20:20 2007 +0000
Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM.
commit 16c8b0e5bb7c05a0559b2d799a32204bfa0a0e3f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 15:03:07 2007 +0000
Releasing 1.0.7.
commit a1e72f84d08b76784c11ff723666ceeaef2756eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 13:18:36 2007 +0000
Update copyright notices.
commit a22ef25f9b81993226a74b193377c7d6baf910ca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 13:17:33 2007 +0000
No things to do for the 1.0 branch except bugfixing.
commit d80cc7a5cc918a1dbf8dd789d2125f55c4949d27
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 05:44:01 2007 +0000
rename() cannot replace existing files on Windows.
commit 5214ece03009a916159c710cf436af1e92909f41
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 04:49:02 2007 +0000
Fix generic BSD tun device to write only the actual packet length.
Due to a copy&paste bug, it tried to write a packet with the maximum size.
This was not a problem until the maximum size was increased to support VLANs.
commit 40f02ff8eee359dc0ccc898f8da319f56af161ad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 4 15:28:36 2007 +0000
Tapreader socket should be bound to localhost only.
commit 03f3fc01e8d9402c4a14904fded883ff8cc574f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jan 3 18:18:54 2007 +0000
Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
It's a wonder it ever worked before. The socket that is created is not of a
datagram type, therefore packet boundaries were not preserved, which becomes
a problem as soon as the TAP-Win32 device receives packets in fast succession.
commit 52787a73b0211bcb4cb3cdd308b1a4c53a60f8ce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 18 17:38:05 2006 +0000
Releasing 1.0.6.
commit b32c22cf54e47677726d15a5fca7eecc2fa42754
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 18 11:41:53 2006 +0000
Prevent compiler warnings about redefinition of EAI_FAMILY on FreeBSD 6.1.
commit 855806b2f75fc1c566cfaac01c788cdc625b4687
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 16 16:53:58 2006 +0000
Do a simple test for linux/if_tun.h instead of no test at all.
commit 0322c0883b76257c0893aa75a510e264056ac15b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 16 16:40:09 2006 +0000
Remove the test for linux/if_tun.h.
It has been available for years on any decent Linux distribution.
Although linux/if_tun.h is now required to compile tinc,
you can still run it on systems which only support Ethertap.
commit b55813dc0b4a6a1f70c0f8d5f0512c8cebb4a5ba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 16 16:34:04 2006 +0000
We do properly check for malloc and realloc.
commit 5219ee25a248fe26055e54215c5027cbf8483439
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 16 16:26:57 2006 +0000
Use standard autoconf macros instead of our own.
commit 9d469a19691f9749b5d729a1ae903d7aa224a6e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 16 16:26:08 2006 +0000
Fix rule that creates html version of manpages.
commit dd03a003962788eb21910c3faabbda0e84eff5eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 15 20:44:33 2006 +0000
Remove old Spanish translation.
commit 031e09f865e2c634f30fb0ed4e0b6a1f6df57588
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 15 20:43:39 2006 +0000
Remove unnecessary stuff from configure.in.
commit b834d67d7cc7d7f5d8b729b340ec0c809c7d54b6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 12 14:54:39 2006 +0000
Use the correct next pointer.
commit 8b55dfacb199d152391aa5f7adbbbe35bceea7d7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Dec 12 14:49:09 2006 +0000
When building the minimum spanning tree, make sure we start from a reachable node.
commit 47d916ec5eb61fa396c0ec6962afed7885141478
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 29 17:18:39 2006 +0000
Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h.
commit 1bb5a284fec8c538f8ba243d4f9b2e46f68cd7e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 29 16:57:46 2006 +0000
Make sure resolved addressed for outgoing connections are freed, if there are any.
commit 5c69c390a17fc2b37218881e7285b639b79cfc5a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 14 15:43:28 2006 +0000
Releasing 1.0.5.
commit e5b1b5cefb82531e8a700c2ee251da1bb0a06fbf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 14 12:28:04 2006 +0000
EWOULDBLOCK does not exist on platforms without O_NONBLOCK
commit 3353ab37c2d6fb3652fbf7a85d85997be1c0c1b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 22:45:45 2006 +0000
When deleting an entire tree, start at head, not at root.
commit 0714ac6c59099a398e67770ad9c72fcec615812b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 22:44:15 2006 +0000
Nodes use events, so event system should be initialised first and destroyed last.
commit 35e4096120236db8d64a767f1ccdd6bf03a091fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 21:37:22 2006 +0000
Update Dutch translation.
commit 315ef3e42bf16e03cfbea763442a52389a16b832
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 20:37:58 2006 +0000
Document GraphDumpFile option.
commit 8d393b30a922110ec77d5b243347416b50cd2160
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 20:10:46 2006 +0000
Support and autodetect LZO version 2.0 and later.
commit bdb3c24cea06e9557738b42e3c37cd036613b58d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 20:06:14 2006 +0000
Support and autodetect LZO version 2.0 and later.
commit 0d1ac68c59db87141616f69bcd3d79c705b1ecd0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 14:37:03 2006 +0000
popen() requires pclose().
commit 0200d3cd5d773d9b101c33264532d2a301c2af32
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 14:11:16 2006 +0000
Added graph dumping ability based on Markus Goetz's patch.
commit 1728d5b2c43b33700a9997f97fe8503ad1cf3585
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 11 13:43:00 2006 +0000
The "active" bit in node.status is not used.
commit 134dc8995b296b0bd8b346617c705204b0f3125c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 9 22:31:10 2006 +0000
memcpy() addresses from packet headers before calling the lookup functions.
This probably fixes a problem on the ARM architecture that causes tinc to fail to lookup IPv4 addresses.
commit 64e0519cb5042b251e7345f07429e8b82e2ac09b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 13:50:58 2006 +0000
Remove unused variable.
commit ddcf079cad3351f0823fc07af15787d02e5f1901
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 13:44:37 2006 +0000
Remove unused parameter from maskcmp().
commit c620df3c1511643aa533ca31afc17db75b7255b8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 13:44:19 2006 +0000
Remove unused variables.
commit 9fa27097dd82e20299f5277ecb4efffb4a99669c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 13:29:17 2006 +0000
Fix format string warnings.
commit eb391c52eed46f3f03b404553df417851fc0cb90
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 13:21:08 2006 +0000
Do not break strict aliasing of status_t structs.
commit 2077451e07f93edc520cf5bc31815624a2b03fdd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 12 21:45:39 2006 +0000
Add generic host-up and host-down scripts.
Thanks to Menno Smits for a patch.
commit f88c9942e1e3d4d463ec71ba5a60d045381bda8f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 11 18:53:27 2006 +0000
Use memcpy() to copy sockaddrs returned by getaddrinfo().
Thanks to Miles Nordin for spotting this.
commit 412f3fb5101514d9a7d4d9e5729ee9c665a07cb6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 26 16:29:47 2006 +0000
Restore length of the original packet in send_udppacket().
commit de78d79db84c486afcc353884ec1770866beb653
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 26 13:52:58 2006 +0000
Update copyright notices, remove Ivo's email address.
commit 8ebb017a10cd85406ddf5ab60d8ef1f56df526ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 12 08:38:35 2006 +0000
Fix a bug in handling prefixlengths that are not a multiple of 4.
Thanks to Sven-Haegar Koch for spotting the bug and providing the fix.
commit af95368c0f30955f0e13b587d5d6d4989fd5a83e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 19 13:06:21 2006 +0000
Fix signedness compiler warnings.
commit fb1cda2ca4ca74a85e88c39c11b97340e6495a08
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 19 12:43:45 2006 +0000
Export flush_meta().
commit 098090468a9e1e8c5cdb0aeefa277329ff5f3406
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 19 12:43:28 2006 +0000
Missing #include.
commit a90f1b652c0fb52950f3b0783a7e2b7f2e0cf2db
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 6 12:30:51 2006 +0000
Make sure $NAME is set correctly when executing tinc-down script.
commit 228e7a5c8f0e517dcede50f886965a44fca39853
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 19 17:13:18 2006 +0000
Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
This helps coalescing multiple send_meta() commands into one TCP packet.
Also limit the size of the output buffer before dropping PACKETs.
commit a5a4d2b865879b8694760c0a5b5909c9a3675027
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 13 11:21:59 2006 +0000
Apply patch from Scott Lamb unifying configuration of TCP socket options.
commit e02f13cdb3133c33ac84d9582e2f47ca5ebd35bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 13 11:09:19 2006 +0000
EVP_Cleanup() when quitting.
commit 0912260755021b9b836830dd99ae128c5fd912d9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 16 10:45:11 2005 +0000
Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh.
commit 64e4c12778697f71ad3fcf33ee6cf1066322caa5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 3 10:56:02 2005 +0000
Add alloca.h to the list of necessary header files.
commit e810545dc2ae158745624c1575b76c55f883c892
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 3 10:16:03 2005 +0000
Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
Thanks to Tonnerre Lombard for noticing!
commit 02746165a21a4a495d0069526c9a2355110a5784
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 4 19:38:28 2005 +0000
Releasing 1.0.4.
commit df3220a1549f992cbf4a9b6e67c1e67b69896c7d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 4 18:09:30 2005 +0000
Update copyright notices.
commit 54a30e30ad41d7c0e73fcc4e6ff23c3e85af75c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 4 16:53:11 2005 +0000
Describe subnet-up/down scripts in documentation.
commit bded1b74cc23c60e7319ed9e7465413b94a7914e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 4 15:56:25 2005 +0000
Several splay tree fixes.
commit faaaa1ef38dcdf19d5d5d73ab66806b15467c043
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 4 15:52:55 2005 +0000
Searching through splay trees may change the tree variable.
commit dc09f6fe896f5e35fffe8cc2004781b2e1b6fd5a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 4 15:51:45 2005 +0000
Be on the safe side with initialisation of c->name.
commit 92c4a28d7d43b68a324cf2eca741298ed6b692d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 6 20:43:37 2005 +0000
Remove unused (and potentially segfaulting) net2str() call.
commit 6363ed4d9c675b8b9301b694c4e4dd9c892e04e2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 20 15:14:25 2005 +0000
Don't try to add a non-existing node back to the node_udp_tree.
commit 39fe3b445c2f20b325ee492dd1845877777b25c8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 4 22:19:56 2005 +0000
Nodes should only be in the node_udp_tree if they are reachable.
commit fe0bfa3e65049d6e7cd46cf6caea7eb91b478008
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 4 22:18:58 2005 +0000
Correct size argument for strncat().
commit 56c36a14d87b58c14dbc48df4d3d977207e2c06e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 3 13:27:33 2004 +0000
Use the proper free function.
commit 18c617ecf29b9dfb95227e764c76fff0f9d7af96
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 3 13:22:18 2004 +0000
Free memory used by connection_t after it is deleted from the connection tree.
commit 672ad5634cbedfbd6345e887935eed3e806f1e2d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 1 21:26:51 2004 +0000
Small fix.
commit 40b1692940a8d588c08fb6b8f24ded7c33b041b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 1 20:06:39 2004 +0000
subnet-up/down hooks, use list_t for the todo list.
commit c46f56a8b8bb865dd8951441b5acf4701b5b5b09
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 1 20:06:05 2004 +0000
subnet-up/down hooks
commit f08baa3072e7cd6cee7a2a7cde35b46c85363baf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 18 20:34:48 2004 +0000
Fix splay tree code.
commit 0077cfaae112b63d6af6aa1e5d079cebdde84b74
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 16 19:02:54 2004 +0000
Make sure broadcast packet reach the local network interface.
commit 79c48cfafd75dfc86a382f6454a9f009d3c099b6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 11 19:42:25 2004 +0000
Releasing 1.0.3.
commit 2771691bfc85b2544b30ccaee8a709bd26c7e1ab
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 11 19:39:28 2004 +0000
Add more people who have contributed to tinc.
Remove details and sort on name;
the details were not always equally accurate and are hard to maintain.
commit 4f3f6f07b234b4abd32bf3bae1be0551bc7dd9dc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 11 11:17:04 2004 +0000
Short readme about how to compile tinc from a Subversion checkout.
commit 704c3707c2c400b7e35ef4ac2c1d21e0f2de0187
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 23:28:32 2004 +0000
Updated dutch translation.
commit a20eb05714f828be7dc0f78c1a07f218a3482dff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 23:21:41 2004 +0000
Remove duplication.
commit d8fe2ecdd8dc5caf6f8d6acf2923a0baed64735f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 23:20:59 2004 +0000
Set BSD tuns to broadcast mode. On OpenBSD, this enables IPv6 on the tun device!
commit 2369b0ab09a008c519cd4307b634fd294c66014e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 21:57:04 2004 +0000
Update documentation.
commit 4fe7aff4d1b8605d4997b842481cc78bd062fe2a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 21:56:31 2004 +0000
Add BlockingTCP option, useful when using TCPOnly on slow or congested links.
commit 5bba3124c8c23568def7a4804651a53f3a6b4fd2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 21:14:08 2004 +0000
Support tunneling IPv6 on Solaris.
commit d02d81ff9dbb12253957065752c56785aedccee3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 19:36:02 2004 +0000
Let compiler decide when to inline.
commit db68db4b0e0f8b776f2d3dc938fb81dac975fdd8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 19:34:38 2004 +0000
Fix order of arguments for tar.
commit 923abcfa35c7282251d507af83d6163df76c943b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 18:11:44 2004 +0000
Use the generic BSD tun/tap code.
commit e8b11b1cca11f7f50542a7b34f4251f43447db0d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 10 18:10:59 2004 +0000
Missing check for NULL-pointer.
commit ca7948fc06fd0495dc8104d7f55948f702ac09e2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 9 09:51:35 2004 +0000
Hopefully this really fixes late packet handling.
commit f7b9761000000063bd00460af4b57117db7361e4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 8 22:30:13 2004 +0000
Fixed another bug in late packet handling.
commit 14eab178295768311d4518289533005991add8ba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 8 22:11:33 2004 +0000
Update to make it compile again.
commit 804b2892a5e26a2dc46d19397cc8b321b43b8add
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 8 22:03:28 2004 +0000
Hoopjumping to get the default directories in the manuals properly.
commit 719cb95ea4fa7a2e6f4291aed607323f290c7a91
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 2 20:50:53 2004 +0000
Splay trees.
commit 2af1538976c9c85c40becfdd8601b421ad2ab057
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 17:05:09 2004 +0000
Don't include .svn directory in sample configuration.
commit dced64c5c3625f6d2f0674e9fed14455aabc635e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 17:04:28 2004 +0000
Check for sys/uio.h, net/if_tun.h and net/if_tap.h
commit 1f00810da336f3b7132df17b7fe4625748ff4b63
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 17:02:19 2004 +0000
static
commit 82b29e9a3b1dc6b2104ab92ed78bf431a4e55649
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 17:01:56 2004 +0000
Generic device driver for *BSD and MacOS/X
commit 922e5b7beaad5bb3fcbfa6b8dd13c05bda29e5fa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 15:18:53 2004 +0000
Support alternative tun/tap driver from http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
commit faff6498821555e6afb3dc5e4e3b61d448a4fef1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 15:18:22 2004 +0000
Don't let tinc service depend on NDIS component.
commit 396ac4be802f8b75c5a2ab5925925427c61c1da3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 1 15:16:12 2004 +0000
Correct return value.
commit 58153cca98fd43c37ae52d3cf69474c3d736c431
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 1 18:26:15 2004 +0000
Allow tinc to work with the latest TAP-Win32 driver.
commit 6411e0d8bda8abc2cef87ca852255502f9bb03d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 1 18:24:41 2004 +0000
strndupa() is too arcane for some environments.
commit b0a80007e8945a11d7ce25aab096c5ee58ce0ad5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 1 18:23:08 2004 +0000
Fix several #includes.
commit 2c40495747945bc497dac65b734a4995ab3400a3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 1 18:22:06 2004 +0000
Move all #ifdef HAVE_HEADER_H #include <header.h> to have.h,
this allows for simplification of configure.in.
commit 7717cb0c54cc1b736b9f210b180c3cb3f4663ded
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 20 20:56:14 2004 +0000
Remove duplicate #include "system.h"
commit 5373129344d349ff6aeb2b3d21f947f5ecbbcfaf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 20 20:55:49 2004 +0000
Marking potential late packets was in the wrong place.
commit c44f69a30243a94ab93bd15915dbfa71db698bde
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 17 12:04:30 2004 +0000
Don't set $INTERFACE automatically, don't quit on EINTR/EAGAIN.
commit dcec713675b604f5ef82e64d0671727e3f5ea518
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 17 00:09:14 2004 +0000
Added UML network socket handling.
Now you can use tinc instead of uml_switch.
commit fe84fafcb684391739a1b3366705c58683210392
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 21 14:37:52 2004 +0000
Handle timeouts during connecting the same way as other errors.
commit e5e0dd7534be5fb96032fb733ca36a09cb067f17
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 14 14:32:10 2004 +0000
Clean up environment after executing scripts.
commit 9e44f116bf0f72d1dd4f099440a351dbe0a74573
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 15 14:09:56 2004 +0000
Increase MTU by 4 bytes to allow VLAN tagged Ethernet frames in hub and switch mode.
commit 7926a156e5b118d06295228e57de0cc9de0433b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 21 14:21:22 2004 +0000
Update copyrights, links, email addresses and let Subversion update $Id$ keywords.
commit 42e01abd54bd36ee84a45a2b646cfa27034de8d1
Merge: 5ca64f89 af86a322
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 21 13:22:24 2004 +0000
Move CABAL branch to its rightful place: the trunk.
commit af86a3226ea42375644b3f99c182c778d327de1e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 20 22:23:42 2004 +0000
Revert Martin Kihlgren's patch, it doesn't work the way it should.
commit 27c304940a5dbe83fb0f655c5c43150bafed3b63
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 20 15:40:26 2004 +0000
Use Subversion to create ChangeLog, better svn-clean rule.
commit 8df22248293a8cd5e6056415b6e08740e40aa2bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 20 15:33:07 2004 +0000
Fix declaration of update_node_address().
commit 56aad1bb486675ff9aba31418708cc179eea0381
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 20 15:28:55 2004 +0000
Applied Martin Kihlgren's IdentityGenerosity patch,
simplified and renamed to StrictSource.
commit 8c189c2a9b77fb326ab5f27a05bf2601e16af017
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 15 19:09:52 2004 +0000
Even better svn-clean command.
commit b05df3fcbfb8dbef4c87691d118c5b68aeb79e4a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 15 18:36:14 2004 +0000
Updating dutch translation.
commit a92c471a2bc0773a7473ef0361d1a51fafee50d4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 15 18:15:02 2004 +0000
Only read our public key if it wasn't already in the private key file.
commit a67a21ef3c17d32af95373e921138429a7fc507e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 15 18:05:41 2004 +0000
Eat trailing whitespace in config files.
commit 4350704d6578656af98195b26006c6b6d6a798e3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 15 17:54:19 2004 +0000
Remove CVS related cruft.
commit 538595f7350ba6c7d11aba7d9f481ea1641e1857
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 15 17:53:17 2004 +0000
Replace cvs-clean with a much better svn-clean.
commit 5ca64f89be71131e77a29661827dc8866a5f278c
Author: cvs2svn <cvs2svn@example.org>
Date: Sat Jan 10 23:21:36 2004 +0000
This commit was generated by cvs2svn to compensate for changes in r1352,
which included commits to RCS files with non-trunk default branches.
commit fcd836c609568fab323f4af6dd525de957a6f4cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 23:21:36 2004 +0000
Remove autogen.sh, the autoreconf program does exactly that.
Update everything for the latest autoconf and automake versions.
commit f2aa7466e6db9777090583ef26d923fc0a4fcea8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 10 23:19:20 2004 +0000
Small updates.
commit 519d63bedbdcc533dd7839aae02b4d7bc2debfb0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 27 16:32:52 2003 +0000
Don't forget to update destination MAC address.
commit aebc97a77f37ec63fbd36721f9b284c975e54270
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Dec 24 10:48:15 2003 +0000
Small fixes for PMTU discovery.
commit 2c7ce7de12d16cb407fd40224b6cb802528ee942
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 11:05:23 2003 +0000
Missing definitions.
commit 35399784b695c9ac692beba7be7930ee9f24412f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 22 11:04:17 2003 +0000
Improvements for PMTU discovery and IPv4 packet fragmentation.
commit 6d41b429a26dd1acaa7c56b2124f2daf55b5b97c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 20 21:25:17 2003 +0000
Better name, show probed MTU in dump.
commit af490a745d4ddc8994ceca546b5f9139f6a6ebe2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 20 21:20:10 2003 +0000
Describe the TunnelServer and PMTUDiscovery options.
commit 9bab08e972ae0ca4b904a659d9aed46aaa9b5dd5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 20 21:09:33 2003 +0000
More sensible name, and try to set PMTU discovery on IPv6 sockets as well.
commit 6b12bea62fe2e4bd8b5b6bd0e5ca7f53318705db
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 20 19:47:53 2003 +0000
Let tinc figure out the exact MTU of the link.
commit e8fbef5de653e4df35eee49aae6e1ac92d6466e6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Dec 13 21:50:26 2003 +0000
Forget multicast. Always inline some function.
commit 5a1406adefd8b51981af0da5ac0ebec830eb43b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 12 19:52:25 2003 +0000
Code beautification, start of multicast support.
commit 354b7ab20e04736b368985a9e9dfd54ff5b7584e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Dec 8 12:00:40 2003 +0000
Fix proxy-neighborsolicitation.
commit 331cef948db4b3cca245ab62cb0fafb5b1e5ebb3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 14:31:09 2003 +0000
Don't retry if configuration is wrong from the beginning.
commit a3cd273751fdcef90a43108a5d2e669877b0bccb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 14:29:02 2003 +0000
Missing space between words.
commit 25447b384173cc3c99660c784fd784c787917e80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Dec 7 14:28:39 2003 +0000
Read MaxTimeout from tinc.conf like the manpage says.
commit 0b5e6cf04ec0c7e3c54c74a54a32b30e6e3c1f83
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 27 23:24:59 2003 +0000
Complain if pid file cannot be created.
commit e3220cacb5bc79fc56167e61b7a342f88a33a479
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 17 15:30:18 2003 +0000
Replace Opaque and Strict options with a TunnelServer option.
commit 0e59fb022c6c015a5be7ed70e0378cb011be98b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 10 22:31:53 2003 +0000
Add Opaque option which prevent information from being forwarded to certain nodes.
commit a8f415e67fd316d929f9b9e6661e0d3d66fc197b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 8 15:29:40 2003 +0000
Release notes for 1.0.2
commit 507a83c74635955f803bb26c450f3e83dd4809f9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 8 15:09:03 2003 +0000
Add missing definitions.
commit 0271de0e80459bdebcac50d38c053d4aaf657e9a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 8 12:56:24 2003 +0000
Update dutch translation.
commit d35a510fff65a7a3318036f27c11b956526b26f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 12 11:40:00 2003 +0000
Fix another bug in meta.c.
commit e88ea7277a97d46fa2c3ba1896cf0d0c62bdf128
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 11 14:42:30 2003 +0000
Small fixes in documentation.
commit ffb7327c20952cefcb5578e40f9802295172c5c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 11 14:18:52 2003 +0000
Fix bug that could lead to an assertion failure in libcrypto when multiple
requests arrive and TCP packets are heavily fragmented.
commit 258b7ce220607bb3f2a24bb7cab5fcd19e82314a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 11 12:28:48 2003 +0000
Parentheses in the wrong spots.
commit a1ab57e2755df6c1a8fab95a0886fea368200b96
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 11 12:16:13 2003 +0000
Check all EVP_ function calls.
commit b0dd705a264f0f72a7afba6de85200598cbe083b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 10 16:24:24 2003 +0000
Check return value of EVP_* functions, and check if length before en/decryption
matches that after in meta.c.
commit 9d2bf718f233672c11a9740ed2a1539eaab1509b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 10 16:23:30 2003 +0000
Fix ASCII art.
commit e33307fc9f5354933554d26de618db1b08fc04c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 9 21:33:15 2003 +0000
Update documentation.
commit 98edfb14fcc7167d24d440ed2772d0755daac3b7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 8 12:09:37 2003 +0000
Some platforms don't know sa_family_t or define it other than uint16_t.
commit f2ebdf75806d8c04138db0eb30727f846541ed75
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 8 11:37:53 2003 +0000
Set media status for newer TAP-Win32 driver.
commit acf5f9c968d17ad3e31129d2184309de06d72eed
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 8 11:37:20 2003 +0000
Missing declaration.
commit 1d7706a8506d8073def0965da809960c6ad8bf9a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 8 11:34:55 2003 +0000
Update missing definitions, structs describing headers get __packed__ attribute.
commit 5b556c0971e847580b85268e57f0b29dbde5499c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 8 11:33:54 2003 +0000
Forgot to #include "xalloc.h"
commit ad39db95fecf760297b4e320ef2f6d6d9fdad605
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 16:49:42 2003 +0000
Make sure type of AF_UNKNOWN is sa_family_t.
commit 5900c07fab39d2833ea66429ad652ca49a91a508
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 16:13:08 2003 +0000
PIDs are of type pid_t, and use %ld when reading/writing them to the pidfile.
commit e898b930dcd0694a49dc8cdcf373e0fc125c9fde
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 16:05:30 2003 +0000
Use CPPFLAGS, LDFLAGS and LIBS as appropiate.
commit 6350334aa44f85e737c1eb0b55e0392766aa1e84
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 14:41:45 2003 +0000
Don't confuse users with "Address family not supported" warnings.
commit 0842998c0bd46855d198923acc2c13cff7430ffe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 14:33:04 2003 +0000
Unused variable in struct.
commit 77cb10dac0abbfa4389a7588f51797152d91ac22
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 14:16:51 2003 +0000
Ethernet protocol types.
commit c97b8827ed34284535706e8017c962ff8f3a4383
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 13:57:12 2003 +0000
const
commit 60943122f7b3a5896ce64c9000e119931484c12c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 6 13:49:57 2003 +0000
Copy structs from packets to the stack before using them, to prevent
alignment issues.
commit 5713fb07b3e831b78d8841d56a53c2a2698fe738
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 1 09:43:01 2003 +0000
Add description of new authentication scheme.
commit acbb9d6692614539260749c7b763eca5a6f81f07
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 1 09:14:01 2003 +0000
Better length checks.
commit eeb97e3ef4eb9089851f7b71d5393df24313c993
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 25 10:34:16 2003 +0000
Generate keys with 0x10001 as public exponent, which has less prime factors
than 0xFFFF.
commit 288d956728ab4d4aabe9bc59b87991420dbda151
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 23 20:59:01 2003 +0000
Check for short packets from the tun/tap device and from other tinc daemons.
commit 4e80612ac0f38daa0f2280c293427c7f25dac278
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 9 15:47:59 2003 +0000
Update translations.
commit cbf5a741aa2af937b3db606f0894990703f77bcb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 8 21:52:47 2003 +0000
Remove pidfile when exitting.
commit 0dba26267c76982a422984b61a3196ed2cd2b04a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 3 16:20:33 2003 +0000
Prevent multiple inclusions.
commit 6c5f3d8b74ffea1522a727ef189a5ba65a939e07
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 28 21:05:11 2003 +0000
We don't have to tell GCC how to cast.
commit 762cc2d2797d62ab593ea64d8ceeb4fe96be2a0d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 28 15:27:12 2003 +0000
Remove old edges from unreachable nodes to us. This prevents the hosts/NAME-up
script from being called twice in some situations.
commit a6dc69e7f30522bf885714f6b663960b6fbfff6a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 27 13:58:29 2003 +0000
Forgot to synchronise po/ directory...
commit 62349da6f2617c7250a77af6610344ec0dbfc4f2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 27 13:57:04 2003 +0000
Makevars file was accidentily removed.
commit dc3b7d47f3297e22161787a1d6e06205140cf0fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 27 13:47:52 2003 +0000
Some device.c files weren't synchronised.
commit 9e81a6ab5f50df4f5ca36d5303b91a8d5a0e753e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 24 20:50:30 2003 +0000
This will become 2.0.
commit 013a2e159e42c46808ea8d0b6abd57525db30a50
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 24 20:38:31 2003 +0000
Synchronise HEAD with CABAL branch.
commit ffb55e6904426a31c03b56c3bd87bb60db0624c6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 22 21:32:45 2003 +0000
Add license exception from Markus Oberhumer.
commit 3e0b28b0c4d874934dde7b487a56cfacc956e3b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 22 15:07:57 2003 +0000
Remove debug message.
commit 89c9f3ed8fddb316d0f9ef7de30bdc76fba39e41
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 22 15:04:26 2003 +0000
When purging nodes, only delete them if nobody references them anymore.
commit 22dd23b650eb9b760bc68ab3a9227caf3b449140
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 22 15:03:59 2003 +0000
Add checkpoints.
commit 570e7e9c615388cfba263c7a7c66cbc3d092d6e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 22 15:05:01 2003 +0000
Don't overwrite the first " when installing a service.
commit 72bdc05cb7e246e56ed21a25256d441c45fccca8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 22 11:18:42 2003 +0000
Allow tinc to handle unknown type addresses from other tinc daemons.
commit 5ac4179df66747a7013a10d576c23531d2b4fc58
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 17 12:05:08 2003 +0000
If we're not in main_loop() and the service is stopped, exit immediately.
commit 46cfe6199449a86eb58abaeac45b4021ffa7e178
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 17 12:04:35 2003 +0000
Do what the SDK documentation tells.
commit 107448698fc078bbd4cdbacdfbf51298ddc9ea65
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 17 12:03:40 2003 +0000
Compilation fix.
commit 3112e6a863b4421eb1a0b32632b86c55e47f989e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 17 09:04:00 2003 +0000
Use the event log under Windows.
commit 5e7c52610f8c8b9c38e437ef166a08372d5b8a61
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 17 09:03:30 2003 +0000
Fix --logfile under Windows.
commit 2236e05e518c9e317d82c027596bea5228725214
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 17 08:32:39 2003 +0000
Fix fake getnameinfo() and check more arguments.
commit f4e80cc5e0d1689bcdd828ac7f158bd634b7dd20
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 16 12:40:01 2003 +0000
Don't getsockopt() SO_ERROR. We get the error from send()/recv() anyway.
commit fd40130eb6bbba34176d34936a01bb6a6f9121d4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 16 12:11:11 2003 +0000
stat() batch files under Windows.
commit 03995ca52ee31ed505902a3c8c3d1119988c8497
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 16 12:10:28 2003 +0000
Simplify fake getname/addrinfo() functions, possibly fixing freeing a NULL pointer.
commit dbfd6f284e0ff0aa04e6d6e62b902966912da516
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 14 14:32:34 2003 +0000
Update.
commit 7ed25590257b6ed33dfa879d187a09b0d790794f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 14 14:21:35 2003 +0000
Fix permissions check for rsa_key.priv.
commit 1f2670aab295dfd09c8c655611d2a5b820cb00fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 12 14:48:13 2003 +0000
Small fixes.
commit b038e8db376969e70f1315840428b8a14ec8420f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 12 12:35:53 2003 +0000
Updated dutch translation.
commit ae070b917066f612e9aba8611c7a5da88e19a51a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 10 13:35:05 2003 +0000
Add a description for the Service control panel.
commit 9b579eb9ffdc1fd4a3d0cacb0728ec0796526bc5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 9 00:53:22 2003 +0000
Update documentation.
commit 7eed829d288d0fdec2f31709a18ec420e489c2e4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 22:45:46 2003 +0000
Only system() needs script name quoted.
commit 91f65c277483b47343b1b64d0f4edd497a8045a3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 22:13:50 2003 +0000
Check for fchmod().
commit 9bde92ce97d5503ff2d31dcc6f0648902580ec14
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 22:11:54 2003 +0000
Simpler checking of permissions on private RSA key and other fixes.
commit 96f5d98fc299a53fcdad304a56eb3a77a2c229e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 19:56:11 2003 +0000
Small things.
commit ef65a64443f740e3b22d9e903f764d9a58ce0ff0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 19:49:47 2003 +0000
Better error checking and reporting.
commit bb2f18a3fc8acb7802f30e06153def30eb97a994
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 19:45:21 2003 +0000
Under Windows, the installation directory can be found in the registry.
commit 7f05445047c6479b81b7d393543ff73a95ee0dc8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 19:43:47 2003 +0000
Quote when needed and don't try stuff that doesn't work under Windows.
commit b4c913aaa926d80a72aeb97459f84f992b65d1ed
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 19:42:35 2003 +0000
Log error first, try to close later.
commit b0825f36b7b5dade1693fdbddfec7eef3f5ed86f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 19:39:41 2003 +0000
Better error messages under Windows.
commit 6f3099595530280028f6ec3d0b310df523e75f98
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 17:20:12 2003 +0000
Typo.
commit 691907caaeb348dee3dbe8a85f3590241f2cc992
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 17:17:13 2003 +0000
Readd quotes.
commit f956a28147ec8596c9a51b0c1535bb4b8c87692c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 16:49:29 2003 +0000
Make rule for sample-config.tar.gz.
commit 7e74e00d167da659ba6c3db3e8822008d27c081b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 14:59:27 2003 +0000
Allow empty lines in config files.
commit 863349638beb1eaab09e2a3d537c20a7913aef30
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 14:48:33 2003 +0000
Simplify execute_script(). It will probably work under Windows as well.
commit deba3ed900eb4453d27412606cecfaf89b5a5643
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 14:24:09 2003 +0000
Correct error message when remote host closed connection.
commit 0c2256670fc0822cc5a86bca754186c50f943a1c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 14:07:12 2003 +0000
Remove unused stuff from doc/.
Let configure update pathnames in documentation.
commit 070aee3be16b8d8078b049c5bb43dce7b18123df
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 12:55:05 2003 +0000
Tell windows to be patient.
commit adb68b9c2aa7ad72dd5c38b95c083c47599cb65a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 12:24:52 2003 +0000
Windows uses backslashes...
commit ef091d1ddb1f7ab5244db96841274dc769e85167
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 8 11:45:37 2003 +0000
Sync CABAL branch with release-1_0 branch.
commit 5193a14ddea4c20ffc708dc629a2f91f1e4ccea3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 21:45:41 2003 +0000
Use our own port when connecting to ourself.
commit 62a7fa9a7bfd1cd1592fd7c381ea28aac0ed7936
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 21:45:13 2003 +0000
Simplify translation
commit 98f97da9d7d80b528d9a2b2f03f710cdd2b293d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 21:43:19 2003 +0000
Update dutch translation
commit e220187f484f3549df3ad3a04939b9a38051d1a0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 12:38:43 2003 +0000
Remove newlines from log messages.
commit 3671ed806d7371fb6b14a5909451b20e54a1b14a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 12:38:18 2003 +0000
Keep Windows happy.
commit 7bed2a7099fc7359f6ec24e5f2d7050c7d63b6ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 12:37:55 2003 +0000
Cygwin needs windows.h.
commit fa9c00733e4b793691bf5a068ff7f2f391854fb4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 09:55:20 2003 +0000
Old gcc compilers don't like declarations in the middle of a function.
commit a65011b3c54cd4ddc66f20909ca0e495de0d6eb0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Aug 3 09:08:52 2003 +0000
Clean up last part of main().
commit e20ac7b52da8e3f7da292836c6e2551fc9f64617
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 22:01:50 2003 +0000
Typo and another thing to think about.
commit 92938c07b17fdd30f4e7f9ae1b884b05c7aa312c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 21:55:12 2003 +0000
Explain how tinc detaches and how it is "killed" under Windows.
commit 8a1969bc8319761e3821fc76a7c2f7037ffb8850
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 21:39:11 2003 +0000
Updated dutch translation.
commit f605ec47bed26362e24ffacf71c7ae5aeed3c230
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 21:34:10 2003 +0000
Oops.
commit e6e32814584f82ee61f658a71cb435bbb491bd39
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 21:33:52 2003 +0000
Missing include.
commit c044d12dfd54c033bc5ad9fbf9f889724762f76c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 21:33:19 2003 +0000
Cleanups and error messages.
commit 3fd96ebec7e44a0a7288c60da1cdec2d4fe03e8c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 21:01:50 2003 +0000
Error messages.
commit f08fc359a0b7f638e73a8f866119b016b7dff8de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 20:50:38 2003 +0000
Install tinc as a service under Windows (MinGW). Remove cleanup_and_exit(),
either exit() directly on errors or let main_loop() shutdown gracefully.
commit 7c34122af7ed4667748ceae4966bd5b519ac8ad7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 16:05:33 2003 +0000
When compiling with MinGW, link with ws2_32.
commit 9a491a10eee55b243dd1030ee9016ec510908a10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 15:32:57 2003 +0000
Windows has no symbolic links as we know it.
commit 9c2d5d9f9212dee5ee988f4824e5e4afedb7a2dd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 15:29:06 2003 +0000
Oops.
commit c7bf64c7946ece3e1a6a7cdd7bce00045bddb9cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 15:27:24 2003 +0000
Allow whitespace in values.
commit b79e55b183898911e2c2b7b151b281aef8d474e1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 2 15:13:08 2003 +0000
Prevent system headers from including our own headers.
commit 998ac634d456567e7caf99fe879d4ef1602f36bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 1 08:18:22 2003 +0000
Wrong function...
commit 2531ff59b73af3a6de85fdc33d744758a6ab9449
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 31 14:24:19 2003 +0000
Woops!
commit 1fe56637874a1e93882a2ca6ffb8c50a773f80e4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 31 13:18:34 2003 +0000
No easy way to properly detect header files...
commit 8eca27e863d9cb139a1e4039f63aaac3c9afc3c6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 31 11:31:51 2003 +0000
Remove forgotten braces.
commit 5c29d066688691dd1664597ba1c76195634f06c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 31 11:20:32 2003 +0000
Wrong argument.
commit da3078c63a3b658573f6e2f986f69ed4d7993b3a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 31 11:17:39 2003 +0000
Check if the compiler knows about the __malloc__ attribute.
commit d798b8b3d832f8c69769e08cfd64a4d8355faf0e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 30 21:52:41 2003 +0000
Prevent definitions from messing up attributes.
commit 2edc764a333764e7e5c4d3420131c13e9c81ecf7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 30 16:00:59 2003 +0000
Replacement for stdbool.h
commit fcbe29bc4cc67530581a36cf1a3a1445c741b8e5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 30 11:50:45 2003 +0000
No C99 initialisers, gcc 2.95.3 doesn't like it.
Also make sure getopt.h is included.
commit de223b51b94c58d1674f1ef56e9d485ff48d366d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 30 09:45:21 2003 +0000
Remove doc/es/ and src/device.c from the distribution.
commit 63568bb6bca20b4d2b2068a6367084a273eabac8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 30 09:22:29 2003 +0000
Update documentation and remove stuff that's too outdated.
commit 2ed154e73192d5e162544bc570abbb3a1df3ec83
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 23:21:01 2003 +0000
Cleanups.
commit 721e4caee0f7c6e003c297c95fb6d93bd4102219
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 22:59:01 2003 +0000
Native Windows support.
commit 586f15ed20682413d1bddbb4518dd2714c96b255
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 12:38:49 2003 +0000
Make sure (at least) the MinGW device driver works.
commit 6f7cce69479f9b2796d81f458bf836287b74462e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 12:18:35 2003 +0000
Make sure it works.
commit 4370b98bb1dfa9eb1e400549cb6fcb6711aa1b29
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 11:50:39 2003 +0000
Update configure scripts.
commit ae50b0077e27c4c4d81a98da46c66865ffa069be
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 11:06:23 2003 +0000
Update dutch translation and make sure all device drivers are included in
the translation and distribution.
commit 714fb32d0377ed9f5643ed8f0bd914843d12266b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 29 10:50:15 2003 +0000
Fix compile errors and warnings.
commit 0e945413315c9d15a3eb013fa3731dd978a8c7b8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 28 22:06:09 2003 +0000
More checks for missing functions.
commit c15e8a96bf7e45adf750b7a36b0e8446ea049468
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 28 21:54:03 2003 +0000
More generic handling of tap device under Windows.
commit 83263b74460656ba557fd9bb84dc27258549e9cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 24 12:08:16 2003 +0000
Sprinkle around a lot of const and some C99 initialisers.
commit 5cb147135184e3748c6f5e6e6203d22ab9f904f8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 23 22:17:31 2003 +0000
Don't initialise a CIPHER_CTX if cipher == NULL.
commit 4aadb9500d9198f9c271deb048a2d36000bfae34
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 22 21:13:23 2003 +0000
Run setup_device() after parsing configuration but before claiming we're ready.
commit eefa28059ab989c915a7d95fb4ae728abd7ce713
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 22 20:55:21 2003 +0000
Use bools and enums where appropriate.
commit 471308e1636e7a06e1d9ebc98e82b1c0c5150dde
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 22 12:58:34 2003 +0000
Option to specify pidfile location.
commit c96900f378966ca1be96ddb1c43f855c74083b70
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 21 19:58:58 2003 +0000
Add section about configuring Cygwin and CIPE on Windows.
commit bad82522ecfc1f3c72c600cbca6e8fa7e950c3bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 21 15:51:00 2003 +0000
Copy cygwin driver to mingw directory. It doesn't work (yet).
commit e169244e4b10dbcc1910c0f7fd811304d5b1a5a5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 21 14:47:43 2003 +0000
Use functions from logger.c
commit 2f2defc4525befd5b5cb69d03b7887db35e9e46c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 21 13:18:44 2003 +0000
Check for sys/mman.h.
commit 64fd25aa6b794bb1d957b50d48705f30ed47c878
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 21 13:15:36 2003 +0000
Oops.
commit c1e8152f4fe5e4557784d8411e50006d461b8786
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 21 13:14:02 2003 +0000
Be consistent.
commit b657f0519456d05bcea5742017165793f79e56df
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 14:10:27 2003 +0000
No UNIX style permissions under Windows.
commit 38aa0319ef79124e59b587e6d55f37a79a9d847c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 14:09:47 2003 +0000
Oops.
commit 123bb765d10453fdccbe363a02e3042c588729cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 13:45:06 2003 +0000
Use iface instead of interface because it might already be declared in
system header files.
commit 96ee04b678143defa1040f2defdd3424efedea11
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 13:42:35 2003 +0000
Check for ethernet/ipv4/ipv6 related structures.
commit 00ddbf5723511d80fbd2522fc503bd409dc6189a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 13:41:37 2003 +0000
Update all device.c files.
commit 271d3537fed28b3e76cf0e76082b44c8771ac5da
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 12:21:03 2003 +0000
Remove all #ifndefs from route.c
commit b0a4f7b5551cae6fb5af2eb4bcb0dfb3443f7d89
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 18 12:16:24 2003 +0000
Even more missing definitions.
commit e449d94caef963809d417f16497f6f978e10d731
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 17 15:06:27 2003 +0000
Big header file cleanup: everything that has to do with standard system
libraries is moved to system.h.
commit 47721be760c495ec13d68181bc03b151ffc1399c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 15 16:38:18 2003 +0000
Windows headers declare a struct interface somewhere.
commit 4c52febc57f2e34f5a187f0e57782903fe1eb95e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 15 16:27:39 2003 +0000
Make use of the CIPE driver. Woohoo, tinc for Windows!
commit d26a4af4561ce4236b8224919cf4f3636f57b4c1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 15 16:26:18 2003 +0000
Export mymac.
commit 784db4e70d2573468c82ff5dfee723b77a20322f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 20:24:04 2003 +0000
Format string checking for logger().
commit a438ac911e7e60e54d7d1fc4f84373fab7e055af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 20:19:22 2003 +0000
Removing distribution specific files from CVS.
commit 085d33e6265e139bb08cdfda3d7498993190d187
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 17:48:38 2003 +0000
Update copyrights.
commit 5db596c6844169f1eb5f804b72abe99d067aaa5a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 12 17:41:48 2003 +0000
Simplify logging, update copyrights and some minor cleanups.
commit 2a7f11c0e90f5f0465bbc3c75de715454066ff72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 11 16:13:00 2003 +0000
More missing IPv6 definitions and autoconf checks to make sure it compiles
under Solaris 2.6.
commit 71f8124ea49f2a0e00e0cedbb1b76e49e9f1425d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 7 11:50:52 2003 +0000
More missing definitions.
commit a88f1edf297152580a7729c6f3d274ba2bff7360
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 7 11:13:31 2003 +0000
Actually add ipv6.h.
commit 30c0381d71d333a99f6c83ff9d03ef4a0857f423
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 7 11:11:33 2003 +0000
Provide all missing IPv6 definitions in lib/ipv6.h.
commit 1401faf608e1c8af0d0754e545b0ec79d2bd5d93
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 6 23:16:29 2003 +0000
Sprinkling the source with static and attributes.
commit 0b9175e998c2180e5d73ef3d644a49d620c68cad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 6 22:11:37 2003 +0000
Define logger(), cleans up source code and allows us to write log entries
to a separate file.
commit 868104703003605711582c984b57f8933bf361ee
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 6 17:49:49 2003 +0000
Check for IPv6 header files.
commit 81f5713ab71944d51703653eab7f364fba0c482e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 6 17:15:25 2003 +0000
- simplify configure.in
- drop support for OpenSSL < 0.9.7
- add some missing definitions/includes
commit 6c7172d694dcb80e538518282b6c4bd51818f1d2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 25 20:55:05 2003 +0000
This subtle pointer arithmetic thingy is (I'm very sure of it) the cause
of the lingering connections problem. Hopefully it is fixed now...
commit 9528a63c35da77ba5b825068aeffbc5587816dd5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 25 20:52:59 2003 +0000
Really make tinc default to any addressfamily.
commit 8bfa554af97ee0694919b9f5b78ada89c6af62f5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 12 11:08:40 2003 +0000
There are two lzo compression levels.
commit c3593491d44e8e8f239bb297f5d5f6541d581b78
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 20:36:36 2003 +0000
Typo and conversion to UTF-8.
commit 636e650261712e3687048fe19987fd50ce84b093
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 20:19:46 2003 +0000
Update dutch translation.
commit 9279b3c69982b066e2aaea4e444892b51332881a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 20:18:48 2003 +0000
Update documentation.
commit 0a9aef2da749f7b7d1ca183daad88f6433579b9f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 19:40:43 2003 +0000
More braces to make gcc happy.
commit cf63cbef2bcb6a1f21ded439cbb09842581b9020
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 19:39:02 2003 +0000
Fixes from Wessel Danker's libavl.
commit 12de5a8eedd985f4732e88de6185f77a8244612c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 19:28:38 2003 +0000
Remove mymac stuff from device.c.
commit 31f17d43346a9175aec7c29ce41c71b1d08f725e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 19:27:35 2003 +0000
AddressFamily is "any" by default.
commit 451800eda87e886021fabd1888e486c51e97902a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 19:09:52 2003 +0000
If we have a Linux tun/tap device and we are in router mode, open the device
in tun mode.
commit 9e02a3d5631b687833e4cdcde18cda66e38138fc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 11 19:07:56 2003 +0000
Call make_names() before doing anything else.
commit 4b0e5a03fe89529ebe5d471a82c29c153a12116b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 7 13:18:32 2003 +0000
Fix warning and add missing checks for LZO library.
commit f238c209f4a0ced889b8fb443753ed2cdb3548b3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 17 22:12:52 2003 +0000
Fix links.
commit 249933350bda2c3fa09c7ce8eb36bf84ee30a1cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 7 11:21:58 2003 +0000
Small fixes.
commit 6ba4e2da55001e17aec6a7ee71002130555ff439
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 6 23:14:45 2003 +0000
Small fixes to make LZO compression work.
commit c70f52087bf6f7514684bbc859b83aec2ca17ae4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 6 21:13:18 2003 +0000
- Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
- LZO compression, thanks to Teemu Kiviniemi.
- Updated dutch translation.
commit 1ad2394b8468593030653bbfd0dee879fb711432
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 19 11:12:45 2003 +0000
Make sure outgoing_t is completely freed.
commit bc9e78250ef6fb5169d03565b7d8d9caf309eb98
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 18 21:18:36 2003 +0000
Better handling of late packets.
commit 51a1bcf00143319c74ffb58a66a19c41be422c21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 3 11:43:17 2003 +0000
HUP signal now closes connections to hosts if their host config file is
gone or changed. The tinc.conf file is reread for changes in the ConnectTo
lines.
commit 8285827da127e38728b60b5c5484e5cdabff2f21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 29 22:11:22 2003 +0000
Checksums must also work for uneven number of bytes.
commit c3ad3731a8dfa34535a156a7cfdb4e18afaa8bce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 29 21:58:35 2003 +0000
Don't copy more than necessary.
commit 7d21a8d1c7fd8909fe02385dbb4717c074db4648
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 29 21:51:21 2003 +0000
- Speed up checksumming
- If a destination is not found in the subnet list or the destination node
is unreachable, respond with an appropiate ICMP message.
commit 9792ba2cac35cb50cc99b72dd4cb9d3ef350dbd4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 28 13:41:49 2003 +0000
- Avoid memory leak caused by OpenSSL 0.9.7a.
- Disable RSA_blinding_on() because it segfaults.
commit 69158563e9f790777eb27aeb8484a86d12385af4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 19 11:45:05 2003 +0000
Typo.
commit 88ae2e9e0c1eb62d9b74c4b38d9c0e93557fed9f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 19 11:43:42 2003 +0000
Make sure send_meta() writes everything.
commit 2fff0a91a7e3e5f44e97255b6dd5807656b255a8
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Mar 14 09:43:10 2003 +0000
Call RSA_blinding_on(), as advised in the paper on
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
to offer some resistance against timing attacks.
commit 1783a3aaa9b692ab64260a9c2adf588ed6083a1c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 17 00:43:58 2003 +0000
Various fixes for autoconf and OpenSSL 0.9.7 and a missing header.
commit c08858baa91a00e38c0f5482dbb0817dbd0361f1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 17 00:37:20 2003 +0000
- Fix indentation in some places.
- Optimise select loop.
- Remove unused function setup_outgoing_socket().
- Clear EVP_CIPHER_CTX structures before using them.
commit 38f562fdfcacb50d34b9a48bfaea7faa132f493a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jan 14 12:53:59 2003 +0000
Add $NAME for tinc-up/down scripts.
commit 44b87ddb7ac90be13ef3e3d5118acaa158184853
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 12 17:02:23 2003 +0000
Run graph algorithm when replacing a second connection from the same host
replaces an older one.
commit 4c88ff86bcd32735d4768ef3464812cd77c500be
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 27 19:32:33 2002 +0000
PrivateKeyFile instead of PrivateKey.
commit 5b2a62ebb6317cd88e491ee958c54670f381aee8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 14 22:09:03 2002 +0000
Fix PriorityInheritance.
commit 07db46a44feb283c1c17bcce918ab49274a3b11f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 7 07:32:31 2002 +0000
Add documentation for BindToAddress.
commit e310cc82d3f9c9bdb3b827daa149861a41e2e00a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Sep 30 19:04:37 2002 +0000
Fix saving of debug level for startup level 0
commit 006591efe5b3e6c64040d267f8c0477468abf2bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 24 11:43:34 2002 +0000
Run graph() after edge_del() when updating an edge.
commit 6904e0469ef52aa6100f0185d579bc205bd07be8
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Mon Sep 16 14:08:04 2002 +0000
its: Engels voor "van het" - 3e persoon enkelvoud, genitief, onzijdig
it's: Engels voor "het is". Dus niet "van het".
commit 4f3395ee4dad3cdd23706af180ebddfa5e576012
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 22:37:59 2002 +0000
Thank some more people.
commit b216297a004f083336c633aaccecb4ab175360b3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 22:34:25 2002 +0000
Remarks about 1.0pre8 release.
commit 1dcbdf48eb4a642e4d70a9e67aaca78deacf352d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 22:19:38 2002 +0000
Update documentation.
commit bf3a11898898c0618cd1b2e7a792b7d7fe56aecb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 22:19:19 2002 +0000
Use /dev/net/tun as default for tun/tap device under Linux.
commit 7d76ceaebd5180f4ef37086980c799199eb7de16
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 17:40:00 2002 +0000
Updated dutch translation.
commit 5eca9520d93bced1275d45e5e2a933d69354cd6d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 14:55:54 2002 +0000
Small fixes so tinc compiles out of the box on SunOS 5.8
commit 8d472a415e9c5fdb878386005d29cdfd97b8a404
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 12:26:24 2002 +0000
port_t isn't used anymore and conflicts with MacOS/X headers.
commit 38c80bdd46fab68c686a293e2820041291972f3a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 15 12:26:04 2002 +0000
MacOS/X needs #define _P1003_1B_VISIBLE in order to use mlockall().
commit 3e3b4a3190cf950c265a8c62d577812a22b11dcc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 11 22:25:58 2002 +0000
What was I thinking?
commit f6905582d0e70ac5b44369780aaa921d9c721197
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 10 22:13:22 2002 +0000
Make sure malloc() is declared.
commit eaf1208e9d5c5a15e4b23de936830520bf3b5685
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 10 22:13:01 2002 +0000
Fix placement of #include "config.h"
commit dd888ca685176128bf41034208f3dbb220f9d832
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 10 21:46:05 2002 +0000
Link with libintl if necessary.
commit c01f78ed3603eecaec8e3649a3bfb3de9742fd24
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 10 21:29:42 2002 +0000
Clean up after indent.
commit 161f917dd03c174742fb8c6722f430a93b506cb1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 10 09:40:25 2002 +0000
Fix compiler warnings.
commit 3bc554347560a9c24e68bb2c7c7749be07bbec3d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 9 22:41:56 2002 +0000
Let GCC check format string and arguments of send_request().
commit 6f9f6779e6bd1dd7bb795b42dad550863a386ca8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 9 22:33:31 2002 +0000
Remove redundant spaces.
commit 9f38e394636a177c00a4545de2a99c661de36386
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 9 21:49:16 2002 +0000
Switch to K&R style indentation.
commit f75dcef72a81a337e847adf0bae54198894f65b9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 9 21:25:28 2002 +0000
Switch to K&R style indentation.
commit 5fc1ed17f41f0c535cf57a4b7e00cd6d45759503
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 9 19:40:12 2002 +0000
Cleanups:
- Convert cp to cp(); so that automatic indenters work.
- Convert constructions like if(x == NULL) to if(!x).
- Move all assignments out of conditions.
commit 5638b9830f9cfe43f545c37cfd7ccf1d4b4bfcc6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 6 21:22:35 2002 +0000
Why don't these connection_t's get cleaned up?
commit a8ddba42b99d7694359f1387235596b84d297b9e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 6 21:02:36 2002 +0000
Fix MST algorithm.
commit 66741978e16cc407e5c760621c34d1aabb753cd2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 6 14:31:12 2002 +0000
Reset the *correct* seqnos.
commit d5b61fc0cd249fd2b2751a1ff77b321323a17beb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 6 12:19:16 2002 +0000
edge_weight_compare() shouldn't rely on edge_compare().
commit fc7116a32b798589e7731db9f9db66345c8c3e01
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Sep 6 11:08:21 2002 +0000
Added AM_MAINTAINER_MODE
commit fbf8a47879671541939cfdc6beb93b02b9eee303
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 6 10:23:52 2002 +0000
Remove global edge_tree.
commit 641705df90b4c41e7f5083f6cd601cbbfb1c2c85
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 6 09:48:39 2002 +0000
Only reset seqno's when a key is sent or received.
commit e4d85a6557ee45870bee0c5a16807e48b7a3c243
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 23:11:58 2002 +0000
Typo.
commit b4f87952bf2d37524c705b32864f802144f94d68
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 23:05:49 2002 +0000
Add missing headers.
commit b18bd211bec84a804f58da5f2d2908e54de3fe40
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 23:04:52 2002 +0000
Run autopoint and libtoolize before creating initial makefiles.
commit 6fdaa8e1caff4edb44a105b03c79403b743e9bd2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 19:57:53 2002 +0000
Small updates.
commit d4277e9ee8affa59ac9b3475245360bd14af1fa8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 16:36:03 2002 +0000
Updated dutch translation.
commit 8b2b67e26c5b971761f5015764d5e188f6343bc4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 16:26:45 2002 +0000
Generalized request broadcasting/forwarding.
commit 431fa10b37e78172a03c952e28a0364cc0e438f0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 14:17:28 2002 +0000
Small fixes.
commit 82ebfc923ddb050c88bdf5d65ac943a15ca8748a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 13:48:52 2002 +0000
Revert to edge and graph stuff. This time, use a directed graph.
commit 973530db628fb91106d6fb7a17151e1d036e40a2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 08:48:03 2002 +0000
Just ignore wrong ADD_NODEs instead of replying with a DEL_NODE, in the
hope other DEL_NODEs will catch up eventually.
commit 2af0bcc8fd39ca34a7ff856d539cdf38728a8c25
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 08:36:34 2002 +0000
Don't forget to set prevhop to myself for new connections.
commit 698d6ddac6ab32d5a4b802941b02232793442684
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 08:33:08 2002 +0000
Prevent looping DEL_NODE/ADD_NODE messages after a node disconnects.
commit 4a7c2026aec6966f934b60d75bc472d28f8587d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 4 08:02:33 2002 +0000
Reduce KEY_CHANGED traffic.
commit ddb96301a39dd3dac8d3df4e2e189b13b75e0b6e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 3 22:49:55 2002 +0000
Woops.
commit b5bb06200eda170c9836e1b4474d6f5b920c2151
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 3 22:37:49 2002 +0000
A reachable node is always more preferable to an unreachable one...
commit d134c4542d4e890e1c1007f32b866742319853c5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 3 20:43:26 2002 +0000
Drop graph and edge stuff. Use new node stuff instead.
commit 856de4c5fe8acd779aa9277d4554e34ff3625e97
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 3 20:42:05 2002 +0000
Make sure setlocale() is available.
commit 2cb21f8810a6e0241a80623e991c8308b603ae95
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 2 22:40:42 2002 +0000
Replacement for the current routing algorithm.
commit f2c2443bbcfd5e09518bd87f3fd8d4a727d73ae2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 24 12:54:55 2002 +0000
Check for ranlib.
commit 912e7e968f4888d62b3c620893a70e825599973b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Aug 24 12:11:40 2002 +0000
Gettext 1.11.5 compatibility.
commit 18948c5784bfedf0dd5a371e41bc2cceee76d92e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 18 14:30:45 2002 +0000
Added support for raw sockets. This can be used instead of tun/tap devices.
commit 9f370893fafaeacdd78f5488cfa8b76fdee0d224
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 16 13:18:27 2002 +0000
Don't bother to chown, and correctly document ConnectTo.
commit 227ccd3a8a5602e4c31add8da1bfd8b35c6a801f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 16 13:12:49 2002 +0000
Allow tincd to be locked into main memory.
commit c4cd19935763b379e730a6fdf53dc1ca98d0b938
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 12 11:45:21 2002 +0000
Include complete fake-getname/addrinfo from OpenSSH.
commit afabbd6b9020dd6555a7ecd320a7b3e96119d538
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 11 12:57:06 2002 +0000
Added stub device.c for Cygwin.
commit 8949404db08f4ab594e60778bb76a9061426d7cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 11 12:55:58 2002 +0000
Started port to Cygwin.
commit c98db1b861d62430e23f26b0da18e7b3ec875767
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 11 12:42:43 2002 +0000
Clear subnets before using them.
commit 8dd09568f1604f1ac8cc0d8d5120d986f5654900
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 10 11:32:33 2002 +0000
Allow identical subnets from different owners.
commit 36cbaa32f480b481bf2ee99fd4835586a02ebc60
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 10 11:27:06 2002 +0000
Allow list of environment variables to be passed to execute_script().
When executing host-up/down scripts, include the address and port of the
remote host.
commit a1bd878e11ae7e66e7e9a4040c3b19f9b7bc50f4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 21 17:49:48 2002 +0000
Fix for prefixlengths of 32 (IPv4) and 128 (IPv6) bits.
commit 627f7c22b447bd464b536cd016278545674df93d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 21 10:11:37 2002 +0000
s/sliepen.warande.net/sliepen.eu.org/g
s/itimmermans@bigfoot.com/ivo@o2w.nl/g
commit faabd163adf89bd0580cd40b8735ef8d9028a942
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 14 11:51:29 2002 +0000
Update comments about IPv6 autoconfiguration.
commit 940fcb6701d055f49530f12c93371f0280efce80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 13 16:12:40 2002 +0000
Reset listen_sockets after SIGHUP.
commit 3a3adf5b690e9be1390a5df3caee6af64b25838f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 12 13:45:23 2002 +0000
Add configuration details for NetBSD and Darwin (MacOS/X).
commit 8988b127e18435054e48cbcca8ac712ddda3d6d2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 11 11:03:17 2002 +0000
Autoconf cleanup. Works for both 2.13 and 2.53, although running autoconf
2.53 still gives some errors.
commit de6835a9dd1891b6435c128cc6c2293950a4d7a7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 10 15:08:23 2002 +0000
Include darwin/device.c in distribution.
commit 40ac473cb10f9c6a59739ce70032b746d8e0bf68
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 10 14:35:18 2002 +0000
Use darwin/device.c when compiling on MacOS/X.
commit 69b758879ee6d322e89143141b98d52167845c26
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 10 14:33:40 2002 +0000
Added Darwin (MacOS/X) tun device handling.
commit bd72e14138185f342885c0ed1c0f2c5dbf571132
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 9 16:23:12 2002 +0000
Added Alessandro Gatti
commit 944df3eeee50972fcac84cfc8eefb36033bf04ad
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 9 16:19:20 2002 +0000
Include netbsd's device.c in make dist
commit 7608136a8dae24f2df30eac8644efd0d7cd57dc9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 9 16:12:04 2002 +0000
Include a few more header files
commit cd3601c5df57c7544ece00bf79e82b36499a26ff
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 9 15:58:05 2002 +0000
Add /sw/{include,lib} to search paths if they exist
commit 548551fd05f58863dfbbaaf147febfab0a22889b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 9 15:50:12 2002 +0000
getnameinfo fixes
commit 9d769e0bf2ce266e8533e5e7c16bf07e44a9be34
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 9 15:26:10 2002 +0000
OSX support
commit 78e88521845ae3bdd963ae5a414cb9c251963fa2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 8 14:08:57 2002 +0000
- netinet/* include files depend on netinet/in_systm.h.
- Squash bashism in configure.in.
commit e47e51e9d17416e2b614287d14a5518881decd44
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 8 13:46:43 2002 +0000
Use inttypes.h instead of stdint.h.
commit 116ba3b3da73fb857cf75b5c92c6aacd70d94dd9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 8 12:57:10 2002 +0000
Cleanup:
- Remove checks for specific OS's, instead check for #defines/#includes.
- Use uint??_t where appropriate.
- Mask handling functions use void pointers to get rid of silly casts.
commit d333fca4d611b85dd922ddf35bd9eddcb8095c85
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 7 11:14:05 2002 +0000
This should work much better.
commit 14e570f5eeff631c1312b11fcc5d22230ec27aff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 5 00:25:55 2002 +0000
Use correct includes on NetBSD.
commit 5886b6a10d0d2edf20ff53c4926ec4e41a36b8c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 5 00:20:40 2002 +0000
Make it work correctly with NetBSD tun device.
commit 4856d8e1f8398780a49545f35ba9b5746c9fc060
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 2 16:06:33 2002 +0000
Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts
public keys generated by the OpenSSL command line tools.
commit efa5148bc76effb440d807d653dda02de050fde0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 7 14:48:41 2002 +0000
Hm.
commit 151ab8c9708534e012447688ed44d711d5b5fa2d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 2 13:23:58 2002 +0000
test 2
commit be04387a0c868b22ee4427822573df8b3b479bbe
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 2 13:22:44 2002 +0000
test
commit a9bb66367df82d062175f2b9b4bf236d77ae3ff1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 2 13:11:55 2002 +0000
Moved event.c/h
commit 474aab6325bf94724874cb74a9b56d9da739e1b8
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 2 11:52:28 2002 +0000
Callbacks
commit 4c1a4e8a790584e4c7d5c0f2485706f4c01e1911
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 2 11:50:07 2002 +0000
Another file moved; random interface stuff.
commit 2be8e69ca16e1558463c39c48af76d3d4a4674b7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 1 09:15:58 2002 +0000
Only purge once when there are no more connections.
commit a77b35e748b7cf4cf7ac31750cefab7b2b0325f5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 29 20:19:42 2002 +0000
Commit diff test
commit 7caa253df4a34e594438e3fbe80c2bddab9a2b4a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 29 20:05:07 2002 +0000
Fix very stupid bug in node_del(), which might have caused corruption of
subnets.
commit 04d33be4bd102de67bb6dba5c449e12fea0db4d2
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 28 12:46:26 2002 +0000
Moving files, first attempt at gcrypt compatibility, more interface
abstraction
commit b0a676988a8da3120e64ef0e1a4ea4c28b1511e1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 28 12:43:40 2002 +0000
*** empty log message ***
commit 67a6d7bcc4891c627663c639c0e02315bd4cf437
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Apr 27 11:40:45 2002 +0000
Informative log message if execl() failed.
commit e6a67fc439fc3b46157647bed1af59b7519adb80
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Apr 26 18:13:00 2002 +0000
Typo
commit 01747d73a217f7ddf2107b086476702a9d04d683
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 25 19:17:24 2002 +0000
Added Nick Patavalis for his RedHat package.
commit b6ad4ce35a4434c209ee26015f15a18180987bac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 23 07:49:38 2002 +0000
Add BindToAddress variable, similar to the late BindToIP.
commit 40c2e36a96a3f5c34d4851b30f3561123f3906b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 19 14:06:40 2002 +0000
Support for MaxOS/X.
commit 97d492d9e23f43fe4c8a5ca8c95747088cf32f98
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 18 20:09:05 2002 +0000
Put #ifndef checks for HAVE_RAND_PSEUDO_BYTES in the correct places.
commit fa8faff84bbbeb818adaea80d7bf9e12e0074978
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 18:01:58 2002 +0000
Print newline when writing to stderr
commit fbebc5b65606119c01e9e1e3fcc7b2cc4cfd1daf
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:24:25 2002 +0000
...
commit 7c75090025a4b06290663e0033a62414f3368f7c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:23:46 2002 +0000
Rename libvpn to libtinc
commit 55385cacbfb0c743fc518e54854e24b7b05a623c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:23:19 2002 +0000
Renamed libvpn to libtinc
commit 2389dcd573d909f21c8ec2d349b079075af6c7d3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:21:58 2002 +0000
Include logging.h
commit 246ce12c92ccc7badbb8c8c9a88fa03a7de9811f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:21:01 2002 +0000
Use new logging system
commit a5b3ec41214ac8aea9b82734f92b5953e04a0c09
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:15:43 2002 +0000
Things to ignore...
commit e239504524589a0f1549ca174f927afd07d563ba
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:14:50 2002 +0000
Compile in logging.c
commit e26dd564163fca001ab1694a51e7412f9ac970de
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:08:31 2002 +0000
Use logging.h instead of syslog.h
commit 72cd8938e2c759905666ea7d2c90dc1f0b2e2cd5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 11:00:41 2002 +0000
Added prototype for log_syslog
commit 48b80c93d30d5fae4273b0b496252bbc884abe53
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:55:42 2002 +0000
log_default_hook was renamed to log_default
commit b63c3a1f0002675b6bedbd0b235e0ad0a708d4e3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:50:48 2002 +0000
Added priority definitions from syslog.h
commit 490b13edcfcae0422b6bd77fdb2a7f0181b14307
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:45:56 2002 +0000
Some magic
commit 738389581b1ba29a181f639f3d20e3e24ff546f5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:43:10 2002 +0000
Add syslog wrapper
commit efa59f7cf4d416c8416866baeaa72cba7e936568
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:40:09 2002 +0000
Add syslog() wrapper
commit 8822481d7b11db72d5400717d6b491b5f36bcb1f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:29:07 2002 +0000
Rename log_message to log
commit cc603e2765f17555ecdc2b74c27ebf96e6691bf6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:25:38 2002 +0000
New logging system to replace syslog() calls with a generic function.
commit 131327a729216de8ae86da0c3c4d65d409741b7b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:04:46 2002 +0000
Remove debug_lvl
commit e3c51b61caabc1a55772f7a52e75aab642c200ed
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:02:48 2002 +0000
Update copyright info
commit 9e8468f54aa5ecdb8b63c60449791427b59a474d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 13 10:02:16 2002 +0000
Remove debug level declaration
commit 9f2c50e159caea1884c6a7aaa33f8098539ae0f5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 12 08:25:01 2002 +0000
Adding even more stuff from the CABAL branch.
commit 191dcd5add0afba8b5d3aaa1e188c562c621712e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 11 20:18:02 2002 +0000
Also compile in pokey/
commit 39e93f473d34d6cdf6f4a7f0390a3b50cbd7b564
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 11 20:17:33 2002 +0000
Write src/pokey/Makefile
commit c351b9e25b9f7b168a47fd8e6b60c66377e1824c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 11 14:27:35 2002 +0000
Pokey interface definition
commit 17b308f0f0879c01f6864265af2e63595e965993
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 11 14:23:56 2002 +0000
Main pokey interface files.
commit b5b38381c643632aa88c677236cace8c60e8344e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 16:11:48 2002 +0000
Last bits (hopefully)
commit 77dd7b55801a3c7c2c6221664204ffdd7b83836a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 15:51:26 2002 +0000
More...
commit 58c1df4028429ed6de4dad9455e3c92928450ffe
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 15:48:54 2002 +0000
More updates
commit 86dc60b9808d3aac70eccda80607a91ffd2e5292
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 15:32:14 2002 +0000
Ok, I forgot these ;)
commit af23dfa5efb82b35eb00b94bda56390c9e2aac6f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 15:28:45 2002 +0000
Updating HEAD branch #5; Last files from CABAL.
commit 462ab530e546f5732dfd51134751da6f6910d679
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 15:26:01 2002 +0000
Updating HEAD branch #4; Merging CABAL -> HEAD.
commit e64ef59df44d39c76c00dee22841bbcce7c24e47
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 15:07:27 2002 +0000
Updating HEAD branch #3; more obsolete files removed.
commit db59cbfa47aa152bcfa807754189aa18f28cb569
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 14:58:14 2002 +0000
Updating HEAD branch #2; removing debian/ dir.
commit 50f2afec7e6dab3d809fc1b82820d1069205b69b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 9 14:54:37 2002 +0000
Updating HEAD branch #1; removing obsolete files.
commit e69d2258032362c85c5936a5c137c70227e59332
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 9 11:44:47 2002 +0000
Remarks about 1.0pre7 release.
commit f2a3fcbdda250e5982c3ef36808568f996f8fff1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 9 11:43:45 2002 +0000
Updated dutch translation.
commit b1322d244ff24e900f2298b8aa775d825c8ab00b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 9 11:43:29 2002 +0000
masklength is better known as prefixlength
commit 5df8a8cb3f4a0d2290f6677b44bbcaaf27a60bbc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 9 11:42:48 2002 +0000
masklength is better known as prefixlength.
commit 630dd023b990e076fdab890ff90783dc1ac7c13f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 8 13:27:09 2002 +0000
Automake forgets about depcomp, remind it.
commit ad6b1203490699ecc708290b2af1a45e134a5e20
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 5 09:11:38 2002 +0000
Fix maskcheck() and maskcmp().
commit d8c249008a0b2abd44e652ed70e69b3dbc05b9d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 1 21:28:39 2002 +0000
check_rsa() is broken, I don't know why, just remove it for now.
commit 438419734ebee38dc3f7390e5c8ae8e6ca2cb6cf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 1 21:28:05 2002 +0000
Don't check_network_activity() if select() is interrupted by a signal.
commit 3d8a373bb3a788efffc555122b9d0569b96c5944
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 19:43:50 2002 +0000
Make configure --help output look nicer.
commit 9a03e7fa3d52ea062b4a3ff88b5d87ee95d24772
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 16:26:26 2002 +0000
Update with information about the pre6 release.
commit 33d3bad87d5f3e00e3ed81b75bca2ef21fd6e983
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 16:00:49 2002 +0000
Update dutch translation.
commit 0fe3dc38ed0527a5cfda9218114c8ee10422086b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 16:00:38 2002 +0000
Fix format strings.
commit 420f46acb0551a290b3263e39347b694286b2fa4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 15:47:06 2002 +0000
Remove symlink to device.c when doing a make dist.
commit a5d8be8b1a9978d58c251d1020bb730bb1dc8ea1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 15:35:07 2002 +0000
Recent automake uses $(AMTAR) instead of $(TAR)
commit c6d2f6c620beae387e8f9fc995ed7c8e8a5bc3dc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 15:26:44 2002 +0000
Remove cruft.
commit efd29fde85481e080a676f2ba780a528a90a9925
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 15:26:29 2002 +0000
Small updates.
commit 5eba1e1f6feadb3f7efb1261bd65e1e9e40b7f2b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 15:01:37 2002 +0000
Limit the amount of packets in a queue to 8.
commit 61cb593e670107ca3041f582c5486c243d5eda9e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 15:01:16 2002 +0000
Extend list_t with the number of elements in the list.
commit 0e7136027ce05bfeca977f2f64f3b228ea4fda87
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Mar 27 14:02:36 2002 +0000
Merge do_prune() with build_fdset(). Probably fixes the invalid filedescriptor error.
commit e2238047d39eacc69da5732937021c38171ec7b9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 26 13:19:56 2002 +0000
Small correction.
commit 7d07df71f9b82afdcf23494867bb8899198a6223
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 26 12:00:38 2002 +0000
Fix execute_script().
commit 2de5e0eef911b9ff723d562ef9c62d833f3cdc45
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 25 15:51:58 2002 +0000
Send REQ_KEY only once until ANS_KEY has arrived.
commit a0c1696515fabd2183da7d8d83fd68410d2ec834
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 25 15:12:09 2002 +0000
Tell a little bit more about security.
commit 89a2f761a6d8ae4912c2dd2e9178589001487ef5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 25 15:01:32 2002 +0000
Updated documentation.
commit 33d8747021d57c5827c6a755739756f95c7527c8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 25 13:54:49 2002 +0000
Set myself->status.reachable.
commit 2749b997df33749f13d05e294db0e1e327e81d12
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 17:14:01 2002 +0000
Configuration variables were still handled case sensitively.
commit c73bdd6bc8e213b7e27848b97307228c01570a1d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 17:08:38 2002 +0000
OpenBSD tun device uses address family number instead of Ethernet type.
commit 8379c14b7f7a9b1400dd3776fc21dc9ccddd991d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 16:50:58 2002 +0000
Respect type field.
commit ad4f5cbc5fbce23893b7d42669ba907f18cc8ff4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 16:40:14 2002 +0000
Updated dutch translation.
commit 4252ae83a43ea81382ce71ba614e2d1655f2e189
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 16:36:56 2002 +0000
Set $INTERFACE correctly when using ethertap while compiled with tun/tap support.
commit d699f3079c658e05f928c358d110d1d27849ea71
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 16:28:27 2002 +0000
Execute hosts/name-up when a node becomes reachable, and hosts/name-down
when it becomes unreachable.
commit 6ad5dd1a9adb1c1322ceb44d6f0fd160229e72ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 24 16:22:59 2002 +0000
Don't try to execute scripts unless they exist.
commit 594d5b5d15551bd802c43926c7cb8863b7531654
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 23 20:21:10 2002 +0000
Reset retry timeout when receiving the first PONG, not right after receiving the ACK.
commit cbd8133ab4a2ea8a0c46224a5f1ae79e92819e5f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 23 20:13:56 2002 +0000
Don't run graph algorithms if no edge is deleted in terminate_connection().
commit 6aee1ad021092d37538e15da22367789a4d4a763
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 23 20:12:29 2002 +0000
free() request strings when deleting past requests from the tree.
commit ccea26e0044ea59a9722385c9d69b1bc703e884f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Mar 23 20:01:05 2002 +0000
send_ack() was broken.
commit 3c5655f59e85d312d11fa04489123e604920f95b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 22 13:31:18 2002 +0000
Fix compiler warnings, strictly use long int and %lx for options.
commit d6b70ed6f8b7ed65f64193fcfcdb6c8f4625e03c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 22 12:41:54 2002 +0000
Fix add_edge_h().
commit 52e7699273a3009fe4d91e608522401076922785
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 22 11:43:48 2002 +0000
- Added support for jumbograms.
- Remove tcpaddress from edges, it is not used at all.
- Last bits of code to prevent looping requests.
commit 9da5390666ad532825d820b3554da3f39d3bc511
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 21 23:11:53 2002 +0000
Put a break on requests that run around in circles.
commit f48f8f4fedba365ceea30e1133bf1c560e9a522a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 19 22:48:25 2002 +0000
Updated SSSP algorithm to automatically detect indirect links (if a node uses
different addresses for connections to other nodes).
commit 5a88a27742d305be48498a297b90ee3fbdd935bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 19 00:08:34 2002 +0000
Updated dutch translation.
commit 5c2d74de86d1acb3774a20357ad815d000f8a7f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 19 00:08:23 2002 +0000
Don't use s6_addr[16|32] anymore.
commit 9d99a789c38e8a1694537e427e8d4313c948b02b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 19 00:07:09 2002 +0000
Cleanup.
commit 305505f5ec4bb738f175cd897fa409f08d2971a3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 18 22:47:20 2002 +0000
Remember sockaddrs of listening sockets, use appropriate one when sending
UDP packets.
commit 106fc2b769a635142bf5f9233a2f03e3a0f26b7f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 18 14:39:37 2002 +0000
Fix #define s6_addr32.
commit 813c369a8faca94fc38bc66afafad063fa00f928
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 18 14:19:02 2002 +0000
#define s6_addr32, needed for FreeBSD.
commit b2579385de427c3c03d28520d3a93bd5f9bc9488
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 17 16:08:39 2002 +0000
Only unmap IPv6 addresses.
commit 8b84c44175fedb81ca38107e0067ddea750add00
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 17 15:59:29 2002 +0000
Unmap v4mapped sockaddrs.
commit 07e37f8da03fa315be39623e62d8acba617aa226
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 15 15:50:14 2002 +0000
Typo.
commit e0dee537705cdbd005f6ab1fbef5ac71dc8411c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 15 15:40:40 2002 +0000
Different way of detecting neighbor solicitation requests.
commit 0e93f0aa02274481c16fc9f30b795d4f063bd1c3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 15 15:08:21 2002 +0000
Oops, don't forget to actually put the checksum in the response packet.
commit e1de9ca990ea638c7e297c5335be415e44c250c1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 15 14:41:57 2002 +0000
Neighbor solicitation requests now work (I think).
commit 4b3aef9e6992ca78f1b17b179a3051d3fec0473d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 16:30:15 2002 +0000
Revert changes to Kruskal's algo.
commit f219f156cf13fd30369d7cd4632c406ffd6ff628
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 14:25:04 2002 +0000
Put #ifdef NEIGHBORSOL around corresponding code.
commit ecad9e9289162faec7b678be54178d22876b5d90
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 14:20:44 2002 +0000
Remove silly cache thingy.
commit d6c2c4f2b7a94ef6a4db0de134d015bc8d21ffb1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 14:19:51 2002 +0000
Packet sequence number/authentication warnings only if debug_lvl >= 5.
commit 2e7db2a6936a77baa0a81eb566674bd76d204951
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 12 13:42:23 2002 +0000
Simplified implementation of Kruskal's minimum spanning tree algorithm.
commit d2e0ed533c8aa3c6ab538d87e004108c631cb0be
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 11 13:56:00 2002 +0000
New strategy: forward icmp6 neighbor solicitations to intended target.
commit 46fa10cec7b6bf26773f5e86e7b8118d9075e807
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 11 13:14:53 2002 +0000
Try to reply to neighbor solicitation requests.
commit c2713ba7a5ff12e270d66a5d3188a3640873830e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 11 11:45:12 2002 +0000
prune_connections() before build_fdset().
commit 4fda4560bbdd41e217ce0e1a90ba98c79e4f3519
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 11 11:23:04 2002 +0000
Cleanups, spelling fixes, allow symbol names for signals (-k option),
don't remove pidfile if other tincd is still running.
commit 5ffeb13d65313d5a191a605690a4f8fdf1604b48
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 10 16:09:15 2002 +0000
Don't retry to make outgoing connections when exitting.
commit 3cbe67a8de1da7bd042474de4d16cb4f7e9822ab
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 10 15:40:27 2002 +0000
Small fixes to improve portability.
commit 9de7470bfdabacec5f3769bf5cfa97ef4e481ba0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 10 14:07:08 2002 +0000
Autodetect $MAKE/gmake/make.
commit 0c34478cc03167208c84f3d6d2ed6e53172b4711
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 10 14:05:35 2002 +0000
po/POTFILES and po/Makefile should not be generated by configure.
commit 024ab44d98883d78cefe2c622cec9831c7f19c13
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 10 14:04:48 2002 +0000
Fix forwarding of IPv6 packets.
commit 0c16add71c6432c882c6d8f538a4b2db0026ec24
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 15:14:29 2002 +0000
Check if BindToDevice and PriorityInheritance are supported.
commit 7d5741859e681e6b0d0e32b978da6f309c456729
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 14:33:48 2002 +0000
Woops.
commit ab90fa9bd1a653a330be7ef11293000721a0e7b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 14:25:10 2002 +0000
Document and clean up MAC address expiry.
commit 14979f835df4214a7c2510852f7ffedc9e08c2c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 14:09:31 2002 +0000
- Global time_t now, so that we don't have to call time() too often.
- MAC addresses expire after a time configurable by MACExpire (default 600
seconds)
commit 7496ecc45ab6205bcce4e576c23b9afb52004e39
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 13:38:15 2002 +0000
Updated dutch translation.
commit 0c879b8eeed3477b0f1cdd2f232e67e38bd9bce6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 13:38:02 2002 +0000
Updated documentation.
commit f93b1334e087dd7af1b87f475b2d398fdd4d56ab
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 13:18:54 2002 +0000
Create/bind TCP and UDP listening sockets in pairs.
commit c2b738e7b51fbec2b11fbbf030b9a5a36df55fc4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 12:26:56 2002 +0000
If "PriorityInheritance = yes" is specified in tinc.conf, the value of the
TOS field of the tunneled packets will be passed on to the UDP packets tinc
sends out.
commit 80ea653e8d8050878380fbc1446571cbaf578297
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 12:25:58 2002 +0000
Fix listening sockets.
commit 7f58ed7685f9fcd5271359a8c896670a835e1f95
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 1 11:18:34 2002 +0000
Make BindToInterface work.
commit 17bc5220c332fdd083fd47fc600010f85171adc7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 27 22:37:55 2002 +0000
Fix send_request() bug.
commit 50403909b6bf6536924d4693bb1f32c248f17fda
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 26 23:26:41 2002 +0000
Allow multiple listening sockets.
commit 2ac7be0d51a112108dc6c2b1c6f46da022f72f40
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 26 22:47:51 2002 +0000
Tweaking IPv6 support.
commit 23fda5688e8a109f8a50511538b14e4fbe4f738c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 22:37:38 2002 +0000
- Change SA_LEN to SALEN, former one is already defined on some platforms.
- Use SALEN everywhere appropriate.
commit dbc5b5bb5eb3096ad930aa6b590deaba2a103dfc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 22:15:32 2002 +0000
- Use gai_strerror() where appropriate
- Clear hints before using them with getaddrinfo()
- Use sa_len on platforms that support them
commit 28cc9a6488f78c72152251f6fa2ee84d417223e8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 19:31:15 2002 +0000
Preserve inpkt->len, needed for broadcasts.
commit c6d01588312bec7691e72b42cf20c59ffe2749c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 19:25:09 2002 +0000
Protocol now also exchanges cipher/digest/maclength/compression for the
meta connection.
commit 626d5956d2bb0660ba315fba77da6cec9776fd3b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 17:16:15 2002 +0000
Cache results of lookup_subnet_...().
commit e8e69460a7090aaf6ecda8970d3060695de81b00
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 17:15:33 2002 +0000
Fix maskcmp() and maskcpy().
commit ed509312906625acee4007da6262de3898846888
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 16:04:59 2002 +0000
Forward packets in router mode.
commit 8c91fac31570594b6249d632cefe768f33c54b19
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 16:04:39 2002 +0000
Use AF_UNSPEC for listening sockets if AddressFamily = any.
commit 76f01453dfa157b0070751b1025e55a1e36ebdca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Feb 20 16:04:07 2002 +0000
Fix segfault when receiving HUP signal.
commit c2b9c06062d36bde859b630b99a08c7b7428e721
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 18 16:25:19 2002 +0000
- Non-blocking connect()s.
- Socket handling revamped to use sockaddr_t.
- tinc can now tunnel over IPv6.
- Handle all addresses and subnets in network byte order.
Only convert them when they need to be printed.
- IPv6 subnets bigger than /128 now work.
- Use %s and strerror(errno) instead of %m.
commit fc674eaae14ed2e07abc0df1285b1bd70e0d27cc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 12 14:42:37 2002 +0000
Add check for NetBSD.
commit 2fb8a62edef7cb0988e44f92c3948cde6f34875e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 12 14:40:12 2002 +0000
Added device.c for NetBSD, actually a copy of the OpenBSD one.
commit f64b41a73b3b432aae17ba990414e0be2f61ce62
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 12 14:36:45 2002 +0000
Get rid of sys/signal.h.
commit dd611fb4f91b9b17c20c458694d2765b22814c5f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 12 14:29:00 2002 +0000
Don't use sa_sigaction (which NetBSD doesn't like) at all if we don't use siginfo.
commit d9a62c6354d1e2ad78ee8c610518ae9f9ab012d1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 11 15:59:18 2002 +0000
Added support for packet compression, thanks to Mark Glines.
Add "Compression = <level>" to the host config files, where level can be
0 (off), or any integer between 1 (fast) and 9 (best).
commit 94b171b3051b999e619ae19e1c9c29d356606788
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 11 14:20:46 2002 +0000
Small fix.
commit 1708997bc8ab55122f9de9cc8b81397d3a003ea9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 11 14:20:21 2002 +0000
- If no PrivateKeyFile is specified, /etc/tinc/netname/rsa_key.priv is assumed.
- Check RSA key before using it.
commit 1c34ba7fb8580949f3bd3a0d804747bbaea28e36
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 11 12:33:01 2002 +0000
Sensible defaults for $INTERFACE.
commit 24cc2a9065a4e962fb05addac47322930099a4b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 11 10:16:18 2002 +0000
Last bits of the merger.
commit 5bf4b88666ecafe190e8ed71d6c14c9de8d16e1f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 11 10:05:58 2002 +0000
Forgot to merge new files from pre5.
commit f0aa9641e82fb6e09c1e485366d14dddaa7f7c36
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 10 21:57:54 2002 +0000
Merging of the entire pre5 branch.
commit c2752b961c9262386b940c2c053b9909bee22859
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 22:41:38 2001 +0000
Conversion to struct addrinfo is almost complete for this file.
commit 4f47da5b87ef7da608c7e44026122f3d95deb2eb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 22:40:26 2001 +0000
Don't include netutl.h.
commit a59bbc72317c9cd97243a9cbf49db01ff249eb1e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 22:31:41 2001 +0000
Fixed silly typo: "np" instead of "no"
commit bf664c054fdabc30679367a752a27bb769655e4d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 22:31:15 2001 +0000
get_config_subnet needs to be fixed.
commit 9b2b3747340173590b8f6f5fbdd060b42985f026
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 17:40:50 2001 +0000
route_ipv4 and route_ipv6 replaced by route_ip.
commit a4938b22e7502579ce44cac42410111db11256eb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 17:39:59 2001 +0000
Don't include netutl.h.
commit ccda709f8243949a3c0ffcc6133d8d8fc5125f2e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 17:39:38 2001 +0000
lookup_node_udp changed.
commit 836766d4c5bc47682ab69c57337157c879517670
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 17:38:39 2001 +0000
First part of rewriting things to use struct addrinfo.
commit 2ec5b5f8621d9fb91181ab155084daa1bb2d1a54
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 17:37:08 2001 +0000
Added dropin replacements for get*info and helper functions.
commit aabe59f6305cdd46220e95d8927a1636d4b4819d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 16:16:33 2001 +0000
Added HAVE_STRUCT_ADDRINFO
commit 251f87c842b62cf770129d8a953fb06ef5d0e466
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 15:56:44 2001 +0000
(re)added port to struct node_t
commit 6cf744e4b29cfe3b135b6553851816802ba3d8a8
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:22:02 2001 +0000
Don't include netutl.h.
commit a79252af4383b8cd71cf0d13f1ae040d518517bf
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:21:22 2001 +0000
Obsoleted.
commit 331d9402e892b4baa9cadbbb364073ae10b58d99
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:16:28 2001 +0000
Don't compile/link netutl.c.
commit f95e6ca8f6976d7a15f4623e25c85e1c7f82c04b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:14:20 2001 +0000
get_config_{ip,port} removed.
commit 31db57bb4a00f5ca3743b89f8bb2fbd39919bf28
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:13:34 2001 +0000
Changed to use struct addrinfo where needed.
commit f1b20b3ded5b360e426e094cf79df3bf97f350b4
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:10:54 2001 +0000
Obsoleted all IP<x> types in favor of struct addrinfo
commit fb6dc0b0890ebae2471e00e7a3e1d86c1fc3d646
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:08:38 2001 +0000
Removed definitions of ipv4_t, ipv6_t, port_t
commit 3ef15f2554d1819d6c7d2573dac6039f2e76b638
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:02:17 2001 +0000
Changed lookup_connection to use struct addrinfo
commit 74e1299fb58025f7506c7e2608c353a76f98d8df
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 12:01:48 2001 +0000
Changed prototype for lookup_connection to use struct addrinfo
commit 51b72b75f254c956b62be9dfca642145b199415f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 00:23:28 2001 +0000
Use struct addrinfo in connection_t to hold all host data such as IP
address and port
commit 72395f989cb44132d7c756c91b3a6d8ba63517e5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 16 00:13:08 2001 +0000
Deprecated get_config_ip and get_config_port
commit 93cd0e33defba46f8e51d9a98a94599ceb0d521c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 15 23:49:46 2001 +0000
Check for struct addrinfo
commit b16bf68a6dc27b364cb76156a7be0208594f1e94
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 15 23:28:58 2001 +0000
Credit OpenSSH
commit 18269cfbe831902b97a6171ba0346fd323583e48
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 15 23:26:27 2001 +0000
Check for getnameinfo, gai_strerror, freeaddrinfo
commit ae11e7c3d71893c5200b12682839538a52df37b8
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 15 23:05:34 2001 +0000
Check for getaddrinfo
commit e06415e3d9d08cd33c5983a2c49c4101377160c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 5 19:09:08 2001 +0000
More fixes for Solaris.
commit 25a804c94ef0dbc4e5582ea6d8459d5f9a3fe06c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 5 19:06:07 2001 +0000
Various fixes needed for Solaris.
commit b2d5002ff1ccd44fbf3a94e4c41909ab6141f3bb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 4 23:48:27 2001 +0000
Correctly check if subnet owner exists.
commit ede6671c1354eeab86936efda32f6cdb3b3fd8d5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 4 23:29:50 2001 +0000
Be liberal in what you accept: allow unknown edges to be deleted.
commit cf0e133e191cb40954bf5b6ee0a579442fe4b60b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 3 22:53:02 2001 +0000
*** empty log message ***
commit e5047d2835f0828a9c334cc3d928c2322abfefb7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 3 21:22:02 2001 +0000
Several bugfixes.
commit 8910cbd67e13450e93816ecafa0cc5be5e4c2378
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 3 21:21:04 2001 +0000
Use PEM functions as suggested by OpenSSL docs.
commit 8e74c5bee48f2ef363193044d5309a65e91c70d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 31 20:37:54 2001 +0000
Some very small fixes
commit ffb88ff6410f33de92db108bd1e0c3a915368214
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 31 20:22:52 2001 +0000
Avoid connecting to another node twice, and check name of outgoing connections.
commit 6d333ad680465c26953ad4c8ca9140e27da868c5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 31 20:07:17 2001 +0000
Show cfg->variable instead of cfg->value when complaining about wrong type.
commit 54b756f7dfb71c5622b7738fd449e126da959864
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 31 20:02:06 2001 +0000
Don't forget to read public RSA key when making an outgoing connection.
commit c0a3f67a5d66088aaf526f1461986f9e86d5dd1f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 31 12:50:24 2001 +0000
- Small fixes to graph algorithms
- More control over tap device, ability to set interface name to something
other than the netname.
- Export NETNAME, DEVICE and INTERFACE environment variables to scripts.
commit 2165931c62f0433fd97bd3ac6aefea3627218946
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 30 16:34:32 2001 +0000
More updates to protocol handlers and reimplemented terminate_connection().
commit 87ad5c97a9a73a65050ad7adce34503f856d8665
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 30 12:59:12 2001 +0000
Various fixes, tinc is now somewhat capable of actually working again.
commit cc9473d8c6467e9eaa82fe8a639d8edba232ee76
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 29 13:14:57 2001 +0000
Working version of Kruskal's algorithm. The running time is very bad though.
commit b6298e2c082035b8238ea08673ced15d0fb7b89a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 28 22:42:49 2001 +0000
- More changes needed for Kruskal's algorithm
- Implemented a breadth-first search algorithm as a cheap substitution for a
single-source shortest path algorithm.
commit 66067cc9c1347fb2de35660d531fdd4be8aede6a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 28 10:16:18 2001 +0000
- More s/vertex/edge/g
- Implementation of Kruskal's minimum spanning tree algorithm.
commit 94497336efc1cc60561575e74d420e9e8e8c657e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 28 08:41:19 2001 +0000
What was I thinking? s/vertex/edge/g.
commit b98d9787fdde54f33dcdb376e1e018cd418aff8d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 27 15:19:13 2001 +0000
Various small fixes to make tinc runnable again.
commit ac066bb057dcb187bf91670793ba5e6ca456e052
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 27 13:13:35 2001 +0000
Make sure everything links.
commit 82e383710980534d38bb9a8ef22f20677cd85861
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 27 12:13:17 2001 +0000
Big bad commit:
- Transition to new node/vertex/connection structures
- Use new configuration handling everywhere
- Linux tun/tap device handling cleanup
- Start of IPv6 support in route.c
It compiles, but it won't link.
commit 1935c44a1e8ab7c31c836f90215e3c5b5f8dd776
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 13 13:53:07 2001 +0000
Support new files (node/vertex/device.[ch]) and OpenBSD.
commit 26e517dd37e995fe9db518f7ebeff023fc73ff1b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 12 15:52:03 2001 +0000
Forgot the tun specific stuff.
commit ad61c20f42d2bee5cc7976bec4370cf4747b42c3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 12 15:49:11 2001 +0000
Added OpenBSD tun device handling. Untested though.
commit 0c6321a67f92981d3adbaf4f5c2b9867c7968964
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 12 15:38:35 2001 +0000
Forgot to remove some old #ifdef stuff.
commit 6014c7e6374089bfccea7467c2c7f4b23fefa265
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 12 15:33:21 2001 +0000
Solaris tun device handling cleaned up a bit and added.
commit 623c7ee0308aede8eada552d6ae33710ae24d176
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 12 15:22:59 2001 +0000
Added FreeBSD tap device handling.
commit ec34f25228d7a0007ce6bcb1e97f263868e9129d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 12 15:16:03 2001 +0000
- Split tap device stuff out of net.[ch]
- Each OS gets it's own device.c to get rid of evil #ifdefs.
- Cleaned up Linux ethertap and tun/tap handling.
commit 0bbace18e96cd6fc32dfa23ffd55f73ff96e8c6f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 10 20:35:10 2001 +0000
More updates to new node/vertex/connection combo.
commit ea607d2d9292d3969f9d164b432dc64a33c2dade
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 10 20:34:27 2001 +0000
Revamp configuration handling:
- Store everything in AVL trees (fast lookup)
- No need for hazahaza anymore
- Parse values when needed
- This simplifies a lot of config variable lookups.
commit 5904806dc80830d4eddca857a41db2fc25598201
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 10 09:42:29 2001 +0000
Removed everything from connection.c that has already been moved to node.c and
vertex.c.
commit ec0c16b9b63f361b11a757ee1641d562e4811f93
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 10 08:49:47 2001 +0000
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a
node, vertex and connection part.
commit 75e1ae3a287642ca4281792c94ecd07332f39c08
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Tue Oct 9 19:41:56 2001 +0000
make is not always GNU make.
commit f22b9417510cca258785f8958c8dfed90e26d81b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 19:37:10 2001 +0000
Small corrections.
commit 49a2cd806c73cff1ab6a712a996c7f7d4e1f32c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 9 19:30:30 2001 +0000
Started implementing doc/CONNECTIVITY.
commit 5926c82b9a29031a8c619432869d1549b51b62a0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 15:47:30 2001 +0000
Updated dutch translation.
commit fcc3ded75fe9f831aeb8678ee5e3926bf4168906
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 15:37:14 2001 +0000
Fix bug when dropping an old connection in favour of a new one from the
same host.
commit 1ef90a87fd9fd53c25a43455ffaac5274a63dc08
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 13:37:30 2001 +0000
- Use ping timeout mechanism to close connections that don't authenticate
in time.
- Fix potential segmentation fault in check_dead_connections().
commit ce9fd32c04adf83cbaf668ee42a29575ba256002
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 11:59:08 2001 +0000
Fix bug where tinc would crash because of a portscan or a connection from a
tinc daemon with a different version.
commit 21027b1d5702c331b1ebb262bb149c75be1f24b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 8 11:47:55 2001 +0000
- Renamed lastbutonehop to prevhop.
- Added connection_t *via to connection_t, this keeps record of where
to send UDP packets to.
commit 18d1233c40a5705e9123edd6f4c6764a5178003b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 25 13:39:11 2001 +0000
Fill in next- and lastbutonehop for myself.
commit ec100a58b44e412a3d2606e5213af9ec5f30235b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 25 13:35:45 2001 +0000
Try next connectto instead of the same over and over.
commit 4d3de3b6a9b55bc783c649ff33e5415b0c7b5f25
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 24 14:16:29 2001 +0000
Show next- and lastbutonehop when dumping connectionlist to syslog.
commit 24a2c7e51a0b080c4bdb55f697b3f0458ebc3fb1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 24 14:12:00 2001 +0000
Not only keep track of nexthop, but also of lastbutonehop. If destination cl
wants indirectdata, send it to the lastbutonehop instead, unless it too has
requested so, and so on.
commit 154733927af0b27cdadb83f03b845301ce8bfbfd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 24 13:31:15 2001 +0000
- Try old TUN/TAP ioctl() request if the one from if_tun.h fails.
- Be more verbose about the kind of tap device used.
commit 950c934e0bda28e5952d699d6008ee783d81982b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Sep 5 18:38:09 2001 +0000
Killing tincd with SIGINT causes it to toggle between the current
debug level and level 5. Useful to debug a running tincd.
commit a54ec980e047d13ecff7f1f337aa2665072febfd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 1 12:46:49 2001 +0000
config_t* is a const parameter in get_config_val().
commit 68e23b1c9e69b2a218b3be821ad1ba3b3b6a64f2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 1 12:36:53 2001 +0000
Optional signal number for -k option.
commit 8ed27d40f358581d021319cc26313c9f6ddf9a71
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 1 12:36:06 2001 +0000
Revised reconnection mechanism, always try out all ConnectTo lines.
commit ef1facc60709e9474197aa3fde9d517dfd96dc87
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Sep 1 12:02:39 2001 +0000
Remove IndirectData support for now, new implementation will be added
later.
commit 8b5e4211304aaa5d39bc95f04398bd5ecaa887d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 28 20:52:39 2001 +0000
Fix signed comparison bug in lookup_subnet_ipv4().
commit e1184ad15d6b2e7d58bdcb4489026dd0a35b4e5f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 17 18:14:04 2001 +0000
Don't send DEL_HOSTs when !status.meta
commit 30d22474ccc8da9a5685a90e0b2304ec627475af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 24 20:14:30 2001 +0000
Explicitly log which type of tunnel device is used.
commit 7e86cf91e3399905e19882bcf2d5677d7986aca5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 24 20:13:42 2001 +0000
The val variable in a config_t is never used as a long.
commit 43923d2b106bfbe9300cc8e364cf098444cd649e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 24 20:04:22 2001 +0000
Write public key to rsa_key.pub instead of rsa_key.priv (if not host
configuration file is found).
commit 44e9d6a2872fac55f7eb701ba576ed9f39a22e08
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 24 20:03:40 2001 +0000
Don't use %m in fprintf().
commit cbd03caece25d45015a4526b94b04a34ab87b0f2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jul 24 08:51:36 2001 +0000
More on edges.
commit 3cd238f4e338f257ff61d58a9979b54344ee462f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jul 23 22:06:22 2001 +0000
Discuss how sending ADD_EDGEs would be better than sending ADD_HOSTs.
commit 5333cada0dfc4dfc3be728e6c78d8d42dc2ace52
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 17:41:52 2001 +0000
Written down a possible solution.
commit 995ab86fce506e9fabcf5a9ead7d43b30f12ab09
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 15:25:13 2001 +0000
Correctie.
commit d7b4de0e73baf664964f6daaf63526606b6a890b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 14:58:18 2001 +0000
Small update.
commit 71b9041f484128219f81cbf4f22a4e11388f879d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 14:46:11 2001 +0000
Described problem in more detail.
commit c1a98cd37ea20f6020487b2a5586e6de432398e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 22 14:04:38 2001 +0000
Started writing a document about how daemons connect to each other.
commit fcbe215d64d7e2f3b159fff6422d750417877ac4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 20:21:25 2001 +0000
Woohoo! tinc now compiles, runs and actually *works* on Solaris!
Tested on a SparcStation 20MP running Solaris 7. (Thanks, jiggel!)
commit 533ee1206fb6433a1f0e616db999b3655addfaf2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:46:34 2001 +0000
Always close all sockets in terminate_connection().
commit acb853205d6d582d919c59879393b301ad4f4fde
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 21 15:34:18 2001 +0000
Updated terminate_connection() so you can choose if DEL_HOSTs should be
sent or not.
commit 12f6b80429bc05a828051d72cc46f173e4657180
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 20:25:10 2001 +0000
Added purge_tree for connection_t's which are no longer in the connection,
active or id trees, but which may still be referenced. This tree is flushed
when it is safe, this replaces purge_connection_tree().
Also lots of bugfixes related to the new trees.
commit 37ed4265fa73d4c06c74362514d78c92029b2f05
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jul 20 13:54:19 2001 +0000
Remove all unnecessary status.meta and status.active checks.
commit 5e2ded68bfc7b3a1bfa600c1ce46144eb50e57a2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jul 19 12:29:40 2001 +0000
Correctly use the active_tree.
commit 319e0cb48eb00565a11c85b901f54141f8160334
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 18:07:31 2001 +0000
Split connection list into two lists:
- one list to handle all incoming/outgoing TCP connections
- another list to handle all UDP connections
This will prevent race conditions.
commit b3074590b184c141419cf4926820dc0d78380535
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 15 14:21:12 2001 +0000
Correct inclusion of standard if_tun.h header file.
commit 5dc4ade0b9c127a3c144d9c59894bf13527fe060
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 4 08:43:32 2001 +0000
Don't load table of verbose OpenSSL errormessages.
commit 1e2bdc2b6d28c76c63fc9fd36169b90fa0994388
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jul 4 08:41:36 2001 +0000
- Always use <openssl/include.h> instead of just <include.h>
- Check if RAND_pseudo_bytes() exists, otherwise just use RAND_bytes()
commit 6bd93e4c064578b545cb6dcaa28fffb229c929ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 1 21:42:13 2001 +0000
Check for all potential duplicate entries in the id tree.
commit 9645cabc8e8364ed4df187fab8065b0991afa6af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 1 09:21:14 2001 +0000
Fix compiler warning.
commit 6365d0627b9b1e9a31371ec891db0d2cfb4d6ed4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 1 09:21:01 2001 +0000
Fix printf format bug.
commit 33d6de0cd5c05cbf37211924a45e4231fec3a416
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 1 09:06:17 2001 +0000
More items marked as done.
commit a111593a082ff1df26f54168ab00f83ab3a1ab49
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 15:38:40 2001 +0000
Dutch translation updated.
commit 748dabdbe93f7439ed7eddf491a556279250e7ac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 15:33:18 2001 +0000
Update of RedHat build scripts.
commit 343c8fb6388ffd4f5c41cebd666aa8a045b20bdd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 15:32:26 2001 +0000
It appears that autogen.sh doesn't like es.po if it isn't mentioned in
the makefile/configure scripts.
commit 9391efe4e88077723840a7c085388ba2765ca17c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 14:15:46 2001 +0000
Check for dlopen in standard libraries first (needed for DEC OSF).
commit c9591bd1de1abcfe10459bd8c8cdd81a7b441ec0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 13:09:55 2001 +0000
Fix gcc 3.0 warnings.
commit 402b85c48284a06fbfc56aca102b33be3a4260b0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 13:09:32 2001 +0000
Log error if two hosts connect with same IP/port tuple.
commit 0d3bd912acdb00dc0a8015e337f981c942aa21bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 11:09:13 2001 +0000
Also remove po/Makefile.in.in, which is generated by autogen.sh.
commit 67c16924c10b25d37957843a69d993b934dd1776
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 11:03:27 2001 +0000
es.po revived.
commit 5d3450357482176ce92ed4832ec944519d197744
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 10:30:18 2001 +0000
Execute tinc-down BEFORE tap device is closed. This is a. more symmetric
(tinc-up is started after tap device is opened) and b. is needed for
tun/tap device, where the interface does not exist anymore after the
device file is closed.
commit 6666acd0012c82c0bb4d1abae87332cec3dda77a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 10:27:57 2001 +0000
Don't build Spanish translation.
commit 77f635e871060f63c3e62fcf879d184326c690a4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 10:27:33 2001 +0000
ABOUT-NLS is created by autogen.sh.
commit 333be8fbb8790237577761e580126a6d757a46e4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 29 10:23:46 2001 +0000
Spanish translation removed. Nobody maintains it, and it is severely
outdated.
commit 3503ba995012f658f087a196dad0cb9fd45eff3b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Jun 26 22:00:57 2001 +0000
Small fix to make it compile again
commit 7fc068fe5421f7ec556b0b7db6f814e18b3326a4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 21 18:28:52 2001 +0000
Reinstated search for if_tun.h in kernel source tree, because apparently
/usr/include/linux does not always have the same contents as the include
files from the currently running kernel.
commit 9e96840da810437c45af1c4b139578f7d74d65db
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 21 16:37:47 2001 +0000
Remove #warnings I used for debugging stuff.
commit b1e97ece9c495ac67e54b8c2675b1eacc645eb1c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 21 16:37:05 2001 +0000
Check for and add -ldl.
commit 04ec0b82ab9c6a2662300a9257a5aff1c4dd56e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 21 16:16:32 2001 +0000
- Solaris compile fixes
- Set mymac to broadcast MAC so that ifconfig hw ether <...> is really not
needed anymore.
- Forwarding of indirect packets when in switch mode (because the kernel
will not do it for us then).
commit 353a9230bb70b70028f2dc6c651a28e30b13dc63
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jun 20 21:32:40 2001 +0000
Don't include the debian/ dir in a release
commit 9a0a50cd3cf2570b39e00edf1a92123acbac41b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 9 10:00:34 2001 +0000
Woops - big bug in send_key_changed fixed.
commit ba918dce287788aaf6a90b3c7a9f349b197068d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 8 18:02:10 2001 +0000
Only reset seconds_till_retry when we activate the outgoing connection.
commit c5c02a0861bf540e07fe64704cb97aae29c4cacf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 7 07:51:04 2001 +0000
Changed drastically because it didn't work correctly:
- Don't cache the --with-openssl-* option arguments
- Only search for openssl/*.h, the openssl include files include other
files only from an openssl/ directory too
- Set CPPFLAGS before AC_CHECK_HEADERS
commit 053e78654097cf353aa59b4d34e608726edd5dad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 7 07:48:11 2001 +0000
Save configure cache more often.
commit 96ef7becdd71fc63c3489e3696117c1f137eade5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 6 19:12:38 2001 +0000
Fixes to make switching work between hosts that have no meta-connection.
commit ce6c8e6d089abac81520c517185c6ef81b09f051
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 6 19:11:16 2001 +0000
Log and warn about duplicate subnet_add()'s for the same subnet.
commit 9cd9b0392388e24ade19a43206221081b61806e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 19:45:47 2001 +0000
Add missing? counting of total_socket_in.
commit 7bd7f5b4363f222340e5c058c243d31c576fba88
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 19:39:54 2001 +0000
You can now put an option "Mode" in tinc.conf, and choose from:
- Mode = router (default, work like tinc has always worked)
- Mode = switch (work like a switch)
- Mode = hub (work like a hub, broadcasting everything)
commit edd6734faa37d043b8a2cc75b125db3b1c2130fa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 18:07:14 2001 +0000
Fix bug where lookup_subnet_ipv4() could go into an infinite loop.
commit fa376fbd4e5151ae43e86441a1e99073eeaf46a5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 16:31:59 2001 +0000
- This oneliner removes the need for ifconfig tap? hw ether fe:fd:0:0:0:0
commit 7a736d47b264065371f35cd9da64485d798cbc80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 16:15:48 2001 +0000
Updated dutch translation.
commit 92924e8482f000eb33130ce9feadc08450ff349d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 16:13:41 2001 +0000
Changed some stuff to allow correct generation of po/Makefile after a
make cvs-clean.
commit 4f9dad0972ac0f665a1b6050b059bd52f93e6221
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 5 16:09:55 2001 +0000
- tinc can now act as a switch or a hub too (as opposed to a router only)
- cleaner initialisation of "UNKNOWN" and "MYSELF" names
commit 428482d86f860d1fb09de722c1b6576ec2eef1ce
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 4 11:14:35 2001 +0000
Added proxy-arp support. No more ifconfig -arp needed. Works like a charm
under FreeBSD now :).
commit 0a3c8cefd4a154948799baaaa246cf0eba050eff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 1 08:02:09 2001 +0000
Fix subnet_lookup() for overlapping subnets. Needs rethinking.
commit 7db1b999c82611d6c68a5d79b4754db19669d5c6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 28 08:56:57 2001 +0000
Make sure Solaris is happy too.
commit 65247c063b36a76dd68156fe17b017c7460d982f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 28 08:21:43 2001 +0000
Small fixes to allow correct compilation under FreeBSD (tested with 4.3)
commit 4e959ee40542733e647c36831c1fc87ed8098233
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat May 26 09:35:28 2001 +0000
Don't distribute autogen.sh in a release
commit 514f8f579d5c0608aee8ca4a43d7414ecee5c11c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat May 26 09:35:00 2001 +0000
Changed version number to 1.0-cvs
commit 20c2b62b1802390c0f5a1757641a0a1cea8103a8
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat May 26 09:34:11 2001 +0000
New make target: `make release'
commit 8d307c2fbf2c20eb53909f74c81e03db838fb55e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 18:57:37 2001 +0000
Fix sample configuration to show keys in PEM format and correct tapdevice.
commit e12d41f39d8dd1cd30058d08effd2e5b66cdd4fd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 13:24:34 2001 +0000
Documents are merged. Now we only need to check the ports and the TCPonly
and IndirectData options.
commit f0c64a3dac3b0469ea05fa5d44a1e7bdbfa64900
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 12:45:37 2001 +0000
Merged PROTOCOL, NETWORK and SECURITY2 with the texinfo manual.
commit fcf869cd4250a240ea8d443f70fa373e4fbacf07
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 11:54:28 2001 +0000
TCPonly now works (in a relatively clean way too).
commit a5e2ae6b2b2e1629cf05bb2a57df75f13c0f120a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 10:08:11 2001 +0000
With recent kernels the tun device file is located in /dev/net.
commit 6e09c2a99c8ac3c1391f4f2eee16d6c235c10e90
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 10:06:13 2001 +0000
Small corrections to the manuals.
commit 4dee76522e177dcb4af5d6d844a5f3b74070e4b7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 25 08:36:11 2001 +0000
Small fixes:
- Fix compiler warnings (one was a real (but harmless) bug)
- Don't send PING packets if there is UDP traffic
- Correctly terminate strings containing salt for PING/PONG packets
commit bfc5d6014e3c1563f7b6a2f10698e9ba23ba3e96
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 24 21:52:26 2001 +0000
Only send key_changed if it was previously requested.
commit 1a248fd5bd5aa24fa0f6a2c395f05dd569f0898d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 24 21:32:30 2001 +0000
All features for 1.0 are implemented now, we just have to check the
FreeBSD and Solaris ports and merge some docs.
commit 58893f0875369aafff8481825af271683c975a2a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 24 21:30:36 2001 +0000
Since this is incompatible with some earlier versions, PROT_CURRENT is
increased.
commit d1b597758eab68bb80d97855f25cb6dda55eeb0b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 24 21:29:09 2001 +0000
Add randomness to PING/PONG packets to prevent crypto attacks on quiet
tunnels.
commit 4493b0650bd487990ca9d2802496ad0ee7c06247
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 24 20:40:13 2001 +0000
Changed URL from kernelnotes.org to linuxdoc.org.
commit 3360c6270bcc19a8b3d81da185266fc33b5c5421
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu May 24 20:24:12 2001 +0000
More revisions to the documentation:
- Removed cruft
- Reordered some sections to make it more logical for the beginner
- Added small examples and hints about configuration files
commit 6f7f8659a2048fd6d616f4286ccdd0e661084493
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 19 15:50:51 2001 +0000
- Make sure correct information is supplied for both old kernels (with
ethertap) and for new kernels (with TUN/TAP driver).
- Revised example configuration and made it conform to latest (CVS) version of
tinc.
commit e4f3d93ec62871d1ae11b460627aef0da1b23cd2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 7 19:08:46 2001 +0000
- s/ip_t/ipv4_t/g
- Add "salt" to the beginning of UDP packets. Replaces length field which
is not useful anyway.
commit a26081467c197cc6b26a0c36c4508361b242fc85
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri May 4 18:45:02 2001 +0000
Correctly cycle through ConnectTo variables.
commit 80b4a851a6b62cbbf503c2225f93305966f058c0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 13 10:30:04 2001 +0000
Depend on new ssl package and install alias for universal TUN/TAP module.
commit 156ec676525ed789364b7a77926dd0717d0cf5d7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 13 21:33:31 2001 +0000
Check indirectdata option before forwarding certain requests.
commit c426e981eeaed3fa4801221720ee8f74d40e9223
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 13 21:32:24 2001 +0000
Ignore alarm signals if we do not need to respond to them.
commit b413257e10ae0645da43583dd8f84a1f74df5bd7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Mar 13 09:55:14 2001 +0000
Fixed bug in setup_signals() that would make tinc die when unexpected
signals were caught.
commit f1a082823c48d00171b814f7e14e07e6dd4632fb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 12 23:58:19 2001 +0000
Fixed a race condition triggered by receive_meta() and the new
authentication scheme.
commit f4887b981f109fc4264f50170b2d12c4033bf5e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 4 14:00:24 2001 +0000
Added a description of what is going on in net.c and route.c, and how
packets flow through tinc.
commit 9d5c9bf6ba74e4e8bbd12b97fdda6c665155fec6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 4 13:59:53 2001 +0000
Updated translation.
commit 34f9e6cf2d6d2b81eb63f9f28963b447a2157740
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 4 13:59:32 2001 +0000
- route.c is now used to determine destination
- flags are removed, since they were not used at all. Use options instead.
- indirectdata works now, tcponly almost...
- made functions that don't return useful information void
commit d2a54597e029f9d4f7bd29837be1be33909d78b1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Mar 2 11:25:56 2001 +0000
Added explaination of our key exchange using RSA encryption.
commit 125c4978812cffa5154ce5378a276f43f78417d8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 1 21:32:04 2001 +0000
Various small fixes.
commit 099cc867c1a0831add7f1b4046f22ad6bfa5a1ef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 27 16:50:29 2001 +0000
Removed compiler warning.
commit 4fa12eb85d72f039df5004abc201f01f5573c2e4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 27 16:37:31 2001 +0000
Removed lots of compiler warnings.
commit 173d606514d82fc5ae7895a178238d0abcaf6606
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 27 16:17:04 2001 +0000
- Fixed Interface option (untested)
- Removed error handling for non-critical socket options
- Added TCP_NODELAY and IPTOS_LOWDELAY options for meta sockets.
commit fb4ba9b265666d9949b03209a3ff52ff1263226b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Feb 27 16:15:14 2001 +0000
Authentication done
commit 24fa68585923d2b52718390f3f38d1aaacef12f0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 27 15:33:39 2001 +0000
Don't forget to reconnect if outgoing connection fails during
authentication.
commit 34b7a876c3583f7a34585cff6a694bc9e35cdc87
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Feb 26 11:37:20 2001 +0000
- Make sure METAKEY is smaller than the modulus of the RSA key
- Get symmetric key from the least significant bytes of the RSA message
commit 4b0ad4d97abd3643c44f45841d52f3000a34ba60
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 20:17:46 2001 +0000
Added process.c to the translated files.
commit 82455be966027a087a2ac23e3464594c81d7b111
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 19:09:45 2001 +0000
Implemented new authentication scheme from doc/SECURITY2.
commit 54881faf6fdbf04fb5ee56b7809439fbc50c65cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 16:34:19 2001 +0000
Encrypt network packets in CBC mode instead of CFB mode.
(This breaks compatibility with all previous versions!)
commit 9de5787574b21e94c80ddc60def2b3e514aff755
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 16:04:00 2001 +0000
Copy packets before putting them in the queue.
commit 38adc479a44b64afcb220cd757f77ab105cb9bcd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 15:34:50 2001 +0000
Free node->data and node, not node->data twice.
commit e250d64300cea2a83059866e7cbabcb33684160e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 14:51:42 2001 +0000
Add missing \n.
commit 153fc35e57c0104aa4ea9103bcdbca3665e4934c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 25 11:09:29 2001 +0000
Corrected check for errors after read() calls.
commit 0b0c2a372ff5d11f73af172e07a93b2656374a42
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Tue Feb 20 21:53:18 2001 +0000
Important bugfix in avl_insert_before() and avl_insert_after()
commit 11f8465dd9a4f81b43a31f1cb6a7fc2d76bb7838
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Feb 18 02:13:26 2001 +0000
tinc_TUNTAP now substitutes the values outside the AC_CACHE_CHECK
block. configure should now correctly set HAVE_TUNTAP.
commit bb0870498037565209e24fbb2ffa07b815350a0b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 13 09:54:29 2001 +0000
Added description of the proposed new authentication scheme.
commit cebb6efeb0f39bf05ca7836b7a393c8385b49335
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Feb 11 11:55:28 2001 +0000
More files to ignore in CVS
commit 603781831f251d2e8111e8282d8e624b8e40b175
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 11 11:50:09 2001 +0000
- Updated CVS_CREATED to remove intl/ directory and some other
autogenerated files.
- Checked if all INCLUDES/LIBS/etc directives inherit the global variables.
commit 88dfdc9dbac3f5d0aa70b77509b4a87513433987
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 11 11:46:14 2001 +0000
Ignore file for src/
commit ef0fc4f687fc25e97551e589941d6a2a2d8ade42
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Feb 11 11:44:32 2001 +0000
Added .cvsignore files to get rid of warnings and prevent autogenerated
files from being added accidentaly.
commit f1cb3d8fa5f69840f353ca5a62f363dad47eb46f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 6 10:42:27 2001 +0000
Removed another local definition of the variable "errno"
commit 0f715887c617723e4b450083f8b77641f8b62e80
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 6 10:13:44 2001 +0000
Updated dutch translation.
commit 4bc394a3e29f2f90434bbbfc9f23d5587398471b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 6 10:13:22 2001 +0000
Fix memory leak in avl_insert() if item was already inserted.
commit f777c1807d663eaef3e36c395094451214886898
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Feb 6 10:12:51 2001 +0000
FreeBSD compile fixes (thanks to XeF4)
commit bb4457d6caf6e424aeaf9b09222d4e62cab939da
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Jan 18 13:02:34 2001 +0000
Unpack sample-config.tar.gz when installing
commit fe61e1ffef186aa509a50be3be83955fe1cbb514
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Jan 18 13:01:42 2001 +0000
Distribute the sample config as a .tar.gz
commit a73ec9caa45bda7738376a610030c8ba9b934445
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Jan 18 13:00:57 2001 +0000
Fixed some errors
commit b33c5f6640e63cc4cd35285367bcb2827b732229
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 16:24:24 2001 +0000
First try to create a graphical frontend for tinc configuration
commit 6bc77a7710adcbc33331c45e1b6adf7089a42075
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:48:44 2001 +0000
Get the PO files up to date with the current source
commit 664f7e5c0b9056d88e2b63b3626ea33c4894387b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:47:39 2001 +0000
Get the Debian changelog up to date
commit 1d898e00a964ef922617683a1d29ff24e56ed8ff
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:40:46 2001 +0000
Merged documentation with various updates I had lying around
commit 457c6fa7b63a7f2971314d8d63af71c880ec6f53
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:34:08 2001 +0000
Second draft of the release notes
commit b236ddb1df16f8eb025d485b75153c4f25f4afc6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:31:56 2001 +0000
Change version to 1.0pre4
commit a893b05cb017c04871c2faf4099f104985f4ad75
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:30:32 2001 +0000
Set Architecture to `any'
commit 54e19d34663cfe4af05e9e1dac94f76e39858f18
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jan 17 01:30:05 2001 +0000
Fix error reporting of read_config
commit a56df1e06be3f47a775919e564c147687e961b5d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 13 16:36:23 2001 +0000
- Allow ASN1 style keys to be in the config files.
Note: tinc ignores private key in the main config file, tinc.conf,
because it should really be in a separate file.
- When generating new keys, check if name is known and by default append
the public key to the host configuration file (otherwise rsa_key.pub).
commit 44c85ab07ed07165b80140da4e2910ca51fa8887
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 13 14:56:46 2001 +0000
- Copy entire sample-config directory to /etc/tinc/example upon installing.
commit b195e8815f0abb2c5527119221886b524d719019
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 13 14:38:18 2001 +0000
Added sample configuration directory.
commit d646f4e094b63720f97bfd37bb3489bd9d6231a0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jan 11 11:19:08 2001 +0000
- Only send out DEL_HOSTs for hosts with a meta connection
commit c8beaf35ee923c209ee23bedcb3dc892d2c2dae3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 8 21:32:30 2001 +0000
- Cleaned up subnet_t
commit e5e1c20a99b0d72792f28e9a075a9f4a7e8b2c95
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 8 21:32:00 2001 +0000
- Sign was wrong in search_closest_smaller/greater
commit 11f3e9d138daf6b726631cc124b14d66dfa4d1f7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jan 8 20:35:30 2001 +0000
- Squashed another nasty bug.
commit 447a43d63960802a7a29201c512246be11eb9c94
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 20:19:35 2001 +0000
- Added indirectdata and tcponly functionality.
commit 7cd2baedc6027ef6a5b941342bc6d3931d7220ba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 20:19:08 2001 +0000
- Fixed IPv6 subnet lookup routine.
commit d3f889c8076dff9c00ebfe1459cb36425f8da41d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 17:09:07 2001 +0000
- It's 2001, all copyright notices are updated.
commit 96b6f958bc733c3963dd164caacd42513be47a86
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 17:08:03 2001 +0000
- Description of protocol and authentication updated.
commit 7109526c6789c73a18bbe6b228ca35f0374c8d36
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 15:27:30 2001 +0000
- Added header file for route.c. The routing routines in it are not used
yet, but have a look at the source for the ideas behind it.
commit 07a08f5539f441e66946d1db1711dc584f8621c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 15:25:49 2001 +0000
- Reinstated a queue for outgoing packets.
commit 049ff67817e0db5afbba30930531d8ea3f7f2d18
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jan 7 15:24:52 2001 +0000
- Changed list routines to give it the same look'n'feel as the rbl and
avl tree library.
commit 8b4bc5b3a7e31c198c001610c99c2993e1612376
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 20:43:03 2001 +0000
- Typo.
commit 3d7289cf743f89cab4c71815482a4837a21f6703
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 20:02:21 2001 +0000
- Updated texinfo manual.
commit 0d99ae59bd7c640d396ce978045f0911567fb9bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 18:44:55 2001 +0000
- Updated manual pages.
commit 90bf1b21fa7e94d73719da0593e7c0356d05e18f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 18:21:17 2001 +0000
- Changed license of AVL tree library to GPL.
commit f7bb205022e02c02c02733cd43544c231373115d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 18:03:41 2001 +0000
- Check and follow symlinks in is_safe_path
- By default write keys to tinc config directory
- Small fix in protocol.c
commit 1398edec37336853bfca6ea3dcca7c402f102ea2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jan 6 16:51:14 2001 +0000
- Updated dutch translation.
commit e924096f62655d711cd2d114a8d1ef0fecbb593b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 23:53:53 2001 +0000
- Let user choose whether keys are in the config files or separate
- Use AVL trees instead of RBL trees
- Fixed a lot of annoying subtle bugs! Thanks to gdb...
commit 052fbc0bdf36e0dbe2a0867ce770d426c9a44841
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 23:51:41 2001 +0000
- Doubled size of trace buffer for easier debugging.
commit 77509da76c61b881c9967bfb7cdafeaf6b56eb6d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jan 5 23:50:56 2001 +0000
- AVL tree routines: faster than RBL, and also more stable.
commit e1707f7739f450c729e26b921e459d5da07602f9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Dec 22 21:34:24 2000 +0000
- Don't even think about using sscanf with %as anymore
- Allow keys to be inside the config files or in a seperate file
- Small fixes
commit ecae72de94222302aa326888f70cfacdbd775b23
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 22 17:15:26 2000 +0000
Added lint target, requires lclint.
commit c5fac35c6ce9b9fcc47508810d69aeab83d08c25
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 22 17:10:25 2000 +0000
Forget router.c
commit 37544990e96fe5ea161e644f6417f505d666cd00
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 22 16:59:16 2000 +0000
Include autogen.sh (needed for the Debian package).
commit 8a4daf4ea7758270a47a358f43ad97a64eb1c3ff
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 22 16:54:56 2000 +0000
Various small changes.
commit e469fca4d78e9d23698fe1e6b29b232198cc499e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Dec 6 13:33:49 2000 +0000
Re-introduced MyVirtualIP and VpnMask, as dummy options.
commit e50e4a54d6b40b988041a7e9bfdfbf708657f3a5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Dec 5 09:04:32 2000 +0000
Give a warning about having to re-create the keys
commit 4610d98c04641fce65747e07d65cbdd03fb6fe30
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Dec 5 09:03:41 2000 +0000
Ported it back to /bin/sh.
commit 1e38dcc3fa6c0da2fdb21f83a588338fa8a41818
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Dec 5 09:03:19 2000 +0000
Install a file in /etc/modutils/tinc, containing all necessary aliases
and options for kernel modules.
commit 6327f32f43dc9109fad9952fd50a23876d0acaf0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Dec 5 08:59:30 2000 +0000
Tiny bits of code beautifying
commit 9267bed9f516244b00d5c86c8dae44b7eb78a96c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Dec 5 08:56:44 2000 +0000
Oops. I did some VERY wrong things with readline(). Fixed now.
commit 6ddc9109d7313503895227c7876309b36681393d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Dec 5 08:54:22 2000 +0000
Massive long awaited documentation update. It's not finished yet,
most notably the example configuration is still old.
commit bc22ee16e6903d2caf9d22afa85020d1e3e10b56
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Dec 3 12:23:06 2000 +0000
Option -d accepts an argument to set the debug level immediately.
commit 01d23601a273d128ebfd13c2ffa10892e9b13094
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Dec 3 12:22:19 2000 +0000
Sort configuration directives
commit d6b77e18b58ad8f9bcd9b60864b95cd2a74482c5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Dec 3 12:21:20 2000 +0000
Added documentation merger
commit e985f6d3cdbebdeb17333bbd3d3c20d4618128cf
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 1 13:46:26 2000 +0000
Include COPYING.README in the distribution.
commit 94192b3db10fe51ce45fa569ec068423a4491b0b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 1 13:45:46 2000 +0000
Stated that distributing executables linked with OpenSSL is permitted
provided that all other requirements of the GPL are complied with.
commit 52575a573c1d87ee125a54a2e0b4044698904cae
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 1 12:38:42 2000 +0000
Use buffer instead of line in read_config_file(), line may be assigned
NULL, so buffer always holds the pointer to the allocated space.
commit ab33c1aa6081f07333bf1de00e4036dd2b4628a6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Dec 1 12:36:36 2000 +0000
readline() accepts two extra parameters, buf and buflen, to avoid
mallocing and freeing for every line that is read.
commit 6c56a8416eded8f19076a619a27ad7b153dd91f3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 23:44:07 2000 +0000
Tagged `Storing private key in separate file' as done.
commit 8fe83e98da043e930a88ddd6b2de6c14aa791335
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 23:39:55 2000 +0000
All full stops have two spaces after them. (Silly commit, I know.)
commit a0f7af3ed79c55d9680cbb0a569b3c8987581d43
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 23:18:21 2000 +0000
New function read_rsa_public_key();
In net.c/setup_myself deleted old code to read the public key (which
is now implicitly read in together with the private key).
commit 28deaeac14d619efb9830d03fd61dc7cca70a701
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 22:48:48 2000 +0000
Avoid printing duplicate messages from read_rsa_keys
commit 2293304748f7e4e9a18ee848b8264bdecebae37f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 22:33:16 2000 +0000
Better error checking when reading the RSA private key.
commit bf4e969899bb6cdeb05570d96a567c2833ac83bd
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 22:32:14 2000 +0000
In readline(): initialise the line to zero length;
In read_config_file(): Test for EOF, and print the variable name that
caused an error.
commit 113198d9c0b3be9904057673cfed165406803f86
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 21:11:03 2000 +0000
The file is safe if it doesn't exist.
commit 09260b43d1ff037c22f86c82a6af830e9a6d6ae5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 20:08:41 2000 +0000
Read the PEM file pointed to by the configuration directive
PrivateKey. This means thatt he meaning of this variable has changed,
it no longer should contain the private key directly.
WARNING: This code is untested.
commit 8ccb1ede92fbd55481fa2317c2450bb9dd94a180
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 30 00:24:13 2000 +0000
Implemented is_safe_path, and extended ask_and_safe_open.
is_safe_path needs more work before it is useable.
commit 75e3c296b4fa1eb02df2f5f84a1280e791f88603
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 15:22:04 2000 +0000
Updated Dutch translation
commit d36da1948abdd27e9d0740c2baceb0bd155c18c6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 14:30:07 2000 +0000
Also free the pointer returned by readline().
commit 9e55426d72fd77fda891edd0023dab2f9909639e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 14:27:24 2000 +0000
Use readline() in read_config_file() instead of fgets.
commit 8ea23d9ec3f2fe0c113eac5caafb7c2bd03f3016
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 14:23:08 2000 +0000
xstrdup now takes a const pointer as an argument.
commit 54ef13bf75a7a1e787716ce395ffe847fa74673f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 14:24:40 2000 +0000
Implemented a readline() function that will read an entire line into a
dynamically allocated buffer;
Ask for a file name in ask_and_safe_open().
commit 9175d2048382c617a639fd3d437a9e06baa66d0f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 01:37:50 2000 +0000
Added a check for a scanf that knows about %as.
commit 1ca04711aeab615161746c6bbb5d137388c73263
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 29 00:33:15 2000 +0000
Check for get_current_dir_name. There is a replacement function in
dropin.c.
commit c94f7637427f4c89d56c41fe4c75f2970b664a63
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Nov 28 23:23:41 2000 +0000
dropin.c/h contain a set of drop-in replacements for non-standard C
library functions (read: GNU extensions).
commit 3ff76eb10acc55b6f269c1075de6bbaa5bc83516
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Nov 28 23:12:57 2000 +0000
Save RSA public and private keys to a separate file, instead of
wanting to copy them into a configuration file.
commit 4c502b005bfd24821e817c134e8a442a5f4606de
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Nov 28 08:59:27 2000 +0000
Use sigaction to set signal handlers, the previous commit (1.1.2.16)
already contained a large portion of what should have gone in this
one.
commit e44dc004b3d1ce8f857971f479c917931eda7091
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 27 20:52:55 2000 +0000
Sort items to either 1.0 or future release goals.
commit 699f3b4c93482055c0832c9a6b76dc0294967003
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Nov 26 22:46:53 2000 +0000
Check for the function strsignal, and define it to "" if it is not
available.
commit 67a4abda707b28b9c77cb35ff1e800e6a5b0991c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Nov 26 22:42:34 2000 +0000
Give an error message if daemon() failed.
commit 702e55306dfebe5c6f9a6587ed029c3bc3efbe8f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Nov 26 22:32:52 2000 +0000
Updated Spanish translation, provided by Enrique Zanardi.
commit 1eedf54681d4556c6874f7baee8e810cab867756
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 25 13:33:33 2000 +0000
- Use only one socket for all UDP traffic (for compatibility)
- Write pidfile again after detaching
- Check OS (for handling FreeBSD/Solaris tun/tap stuff)
commit 0806605ce383b7e89fa26eda56f8a5f3bbed9dd3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 24 23:30:50 2000 +0000
- Added daemon() replacement.
commit cfb828784ebbcf4b3e40eb9bb351b6ed10a84b35
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 24 23:14:52 2000 +0000
- Added Armijn to the list
commit cf49b2c0647554613874cce495e4a7937a9f7863
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 24 23:13:07 2000 +0000
Another big & bad commit:
- Added some extra search functions to rbl routines
- Fix subnet_lookup()
- Reorder some syslog messages to make more sense
- daemon() is back
- Don't let scripts execute in parallel (gives race conditions, and
anyway something MIGHT just be configured which is necessary for further
execution of tinc itself)
- Accidently merged check_child() with execute_script().
- Small fixes
commit 97c54ffb35312caf38034952b9ed2733f7e374f9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 16:52:57 2000 +0000
Add default tinc-up and tinc-down scripts for a Debian system. These
do not yet work, it's just old code from init.d.
commit b42c9abafdc102db0641f3d444bdb30fbc29140a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:15:20 2000 +0000
Call autogen.sh instead of configure alone; and make cvs-clean instead
of distclean. This way you can just cvs checkout && dpkg-buildpackage
in one go.
commit edb9b4cad09855a9bb3c57c5d4b1b174fde1de6c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:13:51 2000 +0000
Explain how to tell configure where OpenSSL lives.
commit 4cb4a7d298d560593f84d974bf77d0ee8a911a50
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:13:06 2000 +0000
Set errno to 0 before trying to kill the other process.
commit ef88db63120503a8c9d34d86073795c99dedc3a9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:12:31 2000 +0000
Alter CFLAGS, somehow INCLUDES doesn't propagate properly. Still
doesn't work exactly like it should, but getting there.
commit b17822840150f5ba8cfb8e5a44fc10d66bd15a97
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:04:49 2000 +0000
Set CFLAGS to -O2 -Wall when running configure
commit eb36b0c1ef7b5ed8ff59c3b41cbb361ed37d5f01
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:00:32 2000 +0000
Use cvs2cl instead of rcs2log to generate the ChangeLog.
commit 2f37f2bd8ab6b89eb6b6c2b4bdd6ffe449b1aa98
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 14:03:13 2000 +0000
Set localstatedir to /var
commit 31aa4298463498cbb755db747e901e4269cd1ef6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 13:33:48 2000 +0000
Do not attempt to retreive ChangeLog information only from the CABAL
tag, it doesn't work anyway.
commit f2dd7bb42c1f4bfa708f542e430f4a56fd43e74f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 13:32:26 2000 +0000
Do not check for the daemon() system call
commit b0ff879e7c68edd447328f3d806c1ad9e336fece
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 24 12:44:39 2000 +0000
Do not use the C library's daemon() call.
commit cebcf78b9a24f70902009bea23514e55d84b096a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 23 09:30:33 2000 +0000
- Don't link with -ldl anymore
- Let's not use bash' built-in pwd function anymore... it does not follow
symlinks.
commit 7aa7895629d72391eccfcb23f3cb6290a9e3abc3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 23:09:38 2000 +0000
- #include <stdlib.h> instead of <malloc.h>
commit dac256505e1af78505c9f905bd55c11d4b87345c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 22:18:03 2000 +0000
- Fixed all (except 2) compiler warnings gcc -Wall gave.
commit 6f373e690236334d8f8333710b61f97ccad54bf1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 22:05:37 2000 +0000
- More porting to FreeBSD and Solaris.
commit 5971e352dae2cf189f1cbdeacffa4ccdd1e98304
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 20:25:27 2000 +0000
- Work with the correct key buffer in ans_key_h
commit a07602c4fddfca9894f1d738959ae359695f5bf9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 19:55:53 2000 +0000
- No more %as.
commit 394ed3fb174bb629bfb4b441fe58842562f955de
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 19:14:09 2000 +0000
- Write pidfile AFTER detaching...
- Minor cleanups
commit f8b4a000d008082e5c7e511a49318b8dea8fd08d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 22 18:54:08 2000 +0000
- Cleaned up and checked for some more NULL pointers in rbl.c
- Two connection lists: one for incoming connections, sorted on ip/port,
one for connections whose identity we know, sorted on id ofcourse...
commit 785684f0ec5c9250788b4b32c0eab3f358c9db61
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 22 17:49:16 2000 +0000
Declare fd.
commit e42255ae1374fe65e92de72de4508a84bdb91fa1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 22 17:48:15 2000 +0000
Add more checks to ensure that filedescriptors are right in
_execute_script().
commit 2ed68134047a19e708c2a2af32c58968835a7043
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 22 16:19:07 2000 +0000
Honor the --localstatedir option to configure, instead of hardcoded /var.
commit 9e9e1925b901dff87518f0e1534a33e48eab8303
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 21 09:13:59 2000 +0000
- Check for NULL tree->delete callback
- Add xstrdup() function
commit da9a1e8084a9b73306bdbc541ee8af938c3e7754
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 20 23:29:47 2000 +0000
- More fixes.
commit 3a6200c1e39b61b249db3d1f9bcffa77351863bd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 20 22:13:14 2000 +0000
- Various small fixes.
commit 06afd357b0cf4aab778b1ccabbd1be61a9500d10
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 20 19:56:01 2000 +0000
Get rid of all libtool references at once. libtool was only used by
libblowfish, which was superseded by openssl.
commit 1857b3c97c261dda9978a67d07b315bb3ca68841
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 20 19:41:13 2000 +0000
- Proper initialization of rbltree structures.
commit 408ca91766088b6c2d38e198b0692bf394b41248
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Nov 20 19:12:17 2000 +0000
- Integrate rbl trees into tinc.
commit 9024e01ce649b89d304a4aa5b1d6ef0b56b5a12c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 20 18:06:17 2000 +0000
Also include process.h
commit 3cc063d23a6e3a23fd01f03b0bc99825c2b13e16
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 20 18:05:34 2000 +0000
More function and header checks
commit 59aa15d3d1db4e948113f202dd2183f4bb23970d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 20 18:02:15 2000 +0000
Added this release
commit 8f273f0ee265c75dd8eea65b2f1cd60a79691cd6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 19 22:12:46 2000 +0000
- Small fixes
commit cc7c078774db955cece9b263022e6c1ca955fc10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 19 11:05:59 2000 +0000
- Deletion also works now.
commit 3526f1e151b7a189f075d88c9d88cacaece31d02
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Nov 19 02:04:29 2000 +0000
- Fixed a lot of small things. Tested everything except deletions.
commit 4f68e5b6133480478edba0959cb87d4eb149a8e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 18 23:22:44 2000 +0000
- Fix tree head/tail upon insertion
commit 880cd6f1a94ef76ebebc5bd96dd26d62e3d829f4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 18 23:21:01 2000 +0000
- Implemented deletions
- Added rbl_foreach() function
commit 00e5d572621ad5f0263999dbfbfcb11e023bf48b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 18 18:14:57 2000 +0000
- Fixed searching
- Insertion implemented
commit 7fcc0c6415488ed6ce0089a67ab7cfdd5d0d83ca
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 17 10:03:02 2000 +0000
- Removed stray @INCLUDE@ (how did that get there?)
- Use 0 instead of FALSE
commit 44cbd13e5248880b074b5068df14a4634204a1d3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Nov 17 00:56:49 2000 +0000
- Simplified do_detach
commit 2626c641aa714a8d776f1bb16340586d935aa6b1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 16 22:13:09 2000 +0000
Use proper prototypes.
commit 5d1145f2c4b3b8261ca0aa0e89a2daf321640f0b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 16 22:12:23 2000 +0000
Move more functions from tincd.c into process.c.
commit 485f7a5043a4b3345bd02e5063502603550b4c76
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 16 22:11:40 2000 +0000
Delete struct ifr
commit 30f34015ee11bbe1106c07e381288a702f12dac5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 16 18:06:39 2000 +0000
New function: xmalloc_and_zero, which initialises the allocated memory
to all zeroes.
commit 2764532ea72200d0a27ad2d79e6e299c00c62404
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 16 17:54:29 2000 +0000
Move all process-related functions into process.c.
commit aa755206da4bcce3261ecd5dbfa41570a0155c73
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Nov 16 09:18:38 2000 +0000
- Added balanced tree management stuff as well. (It is not finished yet.)
commit 7f87c3d9134612041d56180ea7fc3e6c37991f6b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 15 22:07:36 2000 +0000
Keep a list of running children, and in each loop in main_loop(),
check if one has exited.
commit d9ce5a7f3f5eddb193b6a9b5974c7c49eac41ea1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 15 22:04:48 2000 +0000
List management and manipulation routines.
commit e118ba0a648000c48d6a401c9b9249a844d6dbcf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 15 13:33:27 2000 +0000
Porting to FreeBSD:
- Reorganized and added some #includes
commit 596e248bc588323cc7ee751286dbcaf677b5c653
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 15 01:28:21 2000 +0000
Let the output from an executed script in execute_script() go to
syslog, with proper error detection.
commit bb2495e569fb161b42efd633eb1c471b8222b1fb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 15 01:06:13 2000 +0000
Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during
configure.
commit 6fb4a5b6be5628ece9b391b46e7858fdf5957a80
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 15 01:02:30 2000 +0000
Also check for sha.h.
commit 8eb60d0ccde2f1de6fd917db7300e537f271783e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Nov 15 00:57:26 2000 +0000
Also check for rand.h and err.h. If any of these files does not
exist, try the next alternative path.
commit c5c8e99afd3fae3868f20b5c7a4f8754498b39ad
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Nov 14 23:18:19 2000 +0000
Get rid of the annoying empty line
commit c467ee02d3ef8bed7ec2cc52cb1527ec60cdc93a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Nov 14 23:02:08 2000 +0000
Oops, small error.
commit 9ddb37cee0f754ef88a55f692a508010fe18c782
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Nov 14 22:57:19 2000 +0000
Better checks for OpenSSL. I think it can now detect almost all conceivable installations.
commit 72c3776d6ac103fa25d216c42847ecba3a4f58e5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 13 22:29:22 2000 +0000
Identify version as 1.0pre4-cvs
commit 5344832be1126967ff340cf6bd270a377bb8e487
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Nov 13 22:01:27 2000 +0000
Add a check for openssl that accepts explicit file locations.
commit 5b74909ea070fbd482340dc42193e33366a9dddb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 9 21:33:18 2000 +0000
Add prototype for destroy_queue
commit 6e27618708233998db7e5886ed9afaa21bb9d938
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 9 21:29:58 2000 +0000
Updates, updates
commit a91eae538d9cff8aed399a175c0bbc7d744cd22a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 9 20:59:35 2000 +0000
Bop version number to 1.0pre3-1
commit e65a93053cca3f8aebf63094cf160835c3108e25
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 9 20:42:16 2000 +0000
Wrapped text to 70 (72?) columns for easy reading
commit 4310b17be9cefcc1814ddef471e4c5cd8f9f867e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 9 20:41:13 2000 +0000
Final release notes added, also edited release notes for 1.0pre2 to what the announcement on the mailing list looked like.
commit 16847ea255fa8a7c0ed922af80a2f36b7bdf4b3b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 8 20:52:37 2000 +0000
- Make checkpoint tracing a compile time option (off by default)
commit 55d7b5a2bb1df6f55f0a93e9cfed77c1da337588
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 8 18:05:06 2000 +0000
- Add Jamie :)
commit 5055e1dedc9fe984c497448c1b2ffc4afdf18aa3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 8 17:56:34 2000 +0000
- Applied Jamie Brigg's patch (close sockets after error)
commit 74326df7adc514798565df0a8719421adbb5fef3
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 8 00:20:06 2000 +0000
- Fixed --config
- Show warning when both netname and config directory are given.
commit f8f1007bf469d44480d95d0d78ddc156d00e059f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Nov 8 00:10:50 2000 +0000
Porting to SunOS 5.8:
- More #includes Linux doesn't seem to need
- Don't do unsetenv() on SunOS
- Use a replacement asprintf() in case the OS doesn't support it
It now compiles properly under SunOS.
commit 56bd0864e4c5680fee59af48228b1ec3fb97b57b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 7 22:33:33 2000 +0000
Porting to SunOS 5.8:
- Include all header files necessary
- Check for flock() function
commit 7d0f82bd4b7044a5151835e25e830fd28dfaaebd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 7 22:02:14 2000 +0000
- Open UDP connection for all known hosts. Comments please.
commit f95cc86d0c14ca4c47e5459af4bb6d1170baa9f5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Nov 7 21:43:28 2000 +0000
Changed execution of tinc-up:
- Do not free() strings that have been putenv()d, see man page of the
latter.
- Do not set IFNAME anymore, it appears that the ioctl to get the name of
the interface does not work at all. Since it is set to NETNAME in case
of tun/tap and it is known beforehand in case of ethertap, there is no
need for it anyway... (though it would've simplified things).
commit efc3a2a466937da942afc84dde080ba8b1731140
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Nov 5 02:19:58 2000 +0000
Build-Depends on gettext
commit 698191fd2f512f3618e2d60592fcd57cd750b965
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 22:57:33 2000 +0000
- Prepended config_ to all configuration option names, because it confused
everything (including myself).
- Use connection oriented UDP sockets for both incoming and outgoing
packets.
commit afc05797077641baa33b024ffeaafd6cad3ff7a7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 20:44:28 2000 +0000
- Simplified ping mechanism.
commit 2191d894bfd615e8fa7857d031ea630edc12a854
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 17:29:45 2000 +0000
Build-depends on libtool
commit 5019dd879177b5ab9413e5c0aa72a15d0e585acf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 17:09:10 2000 +0000
- Check for packets that are looping back.
commit 20dd5aff4d2898d8b59f371671cc110b870fa09c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 17:04:17 2000 +0000
Updated Dutch translation
commit 3f177e9bf02b6121055414a2cc7fd3f4cff01cba
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 17:01:55 2000 +0000
Add route.c to the list of source files.
commit ac47586552710425417ed80878f8f853c313b421
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 16:54:21 2000 +0000
- Forward keys in hex notation, not as binary data.
commit 3f8f067e8b559366b9b41dee6a4312702c82042f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 16:39:19 2000 +0000
- Don't forget to set packet cipher for added hosts.
commit 433858d410c1fedf8d2a5f2b4ecd7c980dd79dd2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 15:34:07 2000 +0000
- connlist.c added to translation
commit 15246df85d6171c92478541a835effb96d6085c4
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 15:32:05 2000 +0000
In execute_script:
- add an environment variable NETNAME.
- chdir to the configuration directory before execing the script.
commit 69618c01385eb7226cd6eab0918d1f30b0ed6c66
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 15:18:58 2000 +0000
Do not include the passphrases directory
commit 417f36a07990ff9bc7de7d4e63e57146bef0dd75
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 15:17:02 2000 +0000
- Removed manpage for no longer existing genauth.
commit 3d7189a444fe3efed58dc93a071129007041aebf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 14:52:40 2000 +0000
- Resolve scriptname after fork()
commit d38772ebc42f5ad1d946ee89d955f5d43bb2fe8c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 14:16:46 2000 +0000
Use putenv() instead of clumsy do-it-yourself in execute_script.
commit f83803c1bf6557d5af93982e7cd987e151eba401
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Nov 4 13:25:15 2000 +0000
Small change to the way the environment is copied.
commit ed0bf283e37642f9f7673f664713a16d916bd70f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 11:49:58 2000 +0000
- Removed even more warnings.
commit dc699f8b1265deb7606d553e36326527dbd29746
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Nov 4 10:37:27 2000 +0000
- Removed unused MAC strip/add functions.
commit 5065ea32c32e27478d93c00a1bba0c812b7a2b8c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 3 22:35:12 2000 +0000
Warnings removal pass: always include config.h first; add a few
prototypes in the header files.
This also fixes a few lint errors/warnings.
commit 73aa7fbf7e1b623398d1bc1493f567ce4d846f22
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 3 22:33:16 2000 +0000
Run the scripts tinc-up and tinc-down from a separate function, which
sets the environment as it should be and checks for errors.
commit 4ad1e382d6f10acf94ce59d85b80925cee7553a6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Nov 3 22:31:55 2000 +0000
Save the environment on startup.
commit 7612c6da3890ce5a0730e4dfde9d5ba07bdbf5b3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 23:02:49 2000 +0000
Minor cosmetic change.
commit 6a10e42f734e8bec9848a11e73bc2a8211a9f401
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 22:51:16 2000 +0000
- If necessary, patch po/Makefile.in from po-Makefile.in.in.diff to
get DESTDIR installation (required to get locales installed
correctly).
- Use dh_perl to get accurate perl dependencies.
commit ef12849c1a03b3aaf85dd46786d6631f66b104bd
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 22:11:18 2000 +0000
Oops, and include doc-base.tinc (new file).
commit 5672ddd6cb9116420a1904f7741fdbed89c2ec54
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 22:10:09 2000 +0000
Don't include shlibs, as it no longer exists.
commit 013fcb0e9f9c0222f4f63ddf42a2f25bfc4a5546
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 22:05:36 2000 +0000
Changed a few messages wrt. system calls; updated and changed the Dutch translation a bit.
commit c444305c0bb965aa515a503406844ceeb483c285
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:43:03 2000 +0000
Mention fileutils, add a pointer to THANKS for more details
commit 84c842def74c5d0e9c4a69e4f584fe9eb66eb728
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:41:53 2000 +0000
Change wsl to Wessel's name and email address in the ChangeLog creation
commit 5b6815751e581bedd64bfc63aea5b42c746bbceb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:40:33 2000 +0000
More exhaustive list of changes - perhaps it can be worded differently?
commit e954fc8f0c731e7116fd27f38c176b83cca519f7
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:39:57 2000 +0000
Changed `I' to `We' - small change, lots of difference :)
commit 3db3a41667f90ce74bfd0197fc867cc71a087e50
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:38:55 2000 +0000
Only check for linux/if_tun.h once
commit 1b11bcb0128ca65580cbf28ffb16078c81e6d678
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:34:45 2000 +0000
Added a perl example to turn an IP address into a MAC address.
commit cadf81fe67aed424504758865c2ea2bb263c76fb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 21:26:51 2000 +0000
Do not include $(top_srcdir)/cipher, it does no longer exist.
commit fd32d771a84765281ea4ab8a5d9dbf5cebfa2911
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 20:29:03 2000 +0000
- Synchronized changelog with the package's changelog.
- Changed maintainer email address.
- New file doc-base.tinc.
- Better Build-Depends and Depends lines.
commit a13d9c9da7434154b33e666c2236844011b87d46
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Nov 2 20:25:35 2000 +0000
This file is no longer needed.
commit 59528ec892e8b9a599f2b39bf432a3d842e963fe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 31 16:22:49 2000 +0000
Removed config file parsing and interface setup. This will be handled by
the tinc-up and tinc-down scripts from now on.
commit af565d00220b7536b9987c48e2a71459b45027b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 31 16:10:17 2000 +0000
- Update.
commit b4c1d4e2d3287acd7ca438455c64e50a2828ad24
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 30 10:19:06 2000 +0000
- Fixed some spelling mistakes and terminology here and there.
commit 4811afa073c871f2a52dfd5139bd0171046365eb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 30 00:22:54 2000 +0000
- Small cleanups
- Updated dutch translation
- Updated man pages
commit b7d4d4c17712e0bb9ee8bd497a2f525b79d5f40d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 22:55:15 2000 +0000
- Finishing touch: encrypt the meta connections
commit ec12269355f7979fdc0783dc15d109832f1e83cd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 22:10:44 2000 +0000
- Use CFB mode for encrypting packets: it works and we don't need padding.
commit cea3d8f3056d3c6aaaef473443240b8470c8ea2d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 10:39:08 2000 +0000
- Small fixes
- Do proper key exchange
- Encrypt packets - it works, but there is something wrong with the MAC
header after decryption...
commit 8fa9bc017d89b53798903df3fa98311067d4de90
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 09:19:27 2000 +0000
- Removed old encr stuff
commit a26d371d0df3bee1bdc6e9d7046e949ee29e6de7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 02:07:41 2000 +0000
- Updated dutch translation.
- Shutdown properly.
commit e8391bd49975aa29fa62d6ae1d2d2ee398e0eb3e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 01:27:23 2000 +0000
- Moved connlist stuff to the proper header file.
commit 2689690dc37c384c4a022d03ab80f2cfb7fb9553
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 01:08:09 2000 +0000
- Enforce correct order of authentication requests
commit 3b9802a542f1fa439321d3386763ec33989194b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 00:46:43 2000 +0000
- Hit people who can't figure out subnet address/mask pairs with a
(clue)bat.
commit 7398002ade1397bd857953f009f4aed65ffc9218
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 00:24:31 2000 +0000
- Fixed ans_key_h
- Removed tapsubnet configuration option.
commit 35932fe6c8cb481eb687f98424776ce429570c21
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 29 00:02:20 2000 +0000
- Very big cleanup.
commit db21f015161aac244ec5600c4d0ff685549892c2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 28 21:52:22 2000 +0000
- Override destination ethernet address on incoming packets with
FE:FD:00:00:00:00
commit 8738c007b15eea024bc4ca6ee0f972b2f5bf259f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 28 21:25:21 2000 +0000
- Fixed offsets when reading/writing from/to tap device
commit f25868fd2b58bc0b350a5cfaf342480f28f804cf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 28 21:05:20 2000 +0000
- Lots of small fixes
- Exchange subnets on acknowledgement of connection
- Do proper lookup when incoming packets from tap
- off-by-a small number-error when reading/sending tap packets
commit ba6b8005ebe3a53877590c242ff581dc5dee5eae
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Oct 28 19:34:53 2000 +0000
Skip the check for Linux kernel sources
commit d47d5932a3bbc4940aa6453ebfe617ef330783c8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 28 16:41:40 2000 +0000
- Updated subnet list handling. Subnets are added to two lists now, the
owner's list and a global list. It is all fucked up but it probably
works anyway, good enough for pre3 :).
commit 9c2f805255fa36b05e8fe9391f639581d938b653
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Oct 24 15:46:18 2000 +0000
- Lots of little stuff modified
- Succesfully reads in subnets from host config file now and adds them to
the list.
commit 60401d99b18ae01d91ca65faf8d2b32fac2b4474
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Oct 23 21:56:56 2000 +0000
Oops, echelon change committed to cabal... :)
commit c46e84837d1c84a8590e0e3507227670368884a7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 23 13:52:54 2000 +0000
- route.c will contain the routing logic.
commit 76d794eaf7c1664a47f4d0080fcd80e4a551740b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Oct 22 13:47:41 2000 +0000
read_server_config: Check for result of read_config_file.
commit 56d8e862409ae91c63a27968b01a48a94aafb205
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Oct 22 13:37:15 2000 +0000
Include linux/sockios.h and net/if.h anyway, regardless of the value of HAVE_TUNTAP.
commit 52b842f8076d507d3a6ea07045d085ae21d1aa10
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 21 11:52:08 2000 +0000
- Fixed all debug levels.
- Seed PRNG before generating a challenge
- Strange thing in challenge decryption: it fails if first bit is set!?
commit 73f7efddd723b25c1477ec1139dc7211307ff660
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 20 19:46:58 2000 +0000
- Removed last reference to genauth from Makefile.am
- Tinc spawns tinc-up and tinc-down scripts which can be used to configure
the network device. The environment variable IFNAME is set to the name
of the interface.
commit fba19c30c92d39e74f5fd5594053793b036f30f4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 20 16:49:20 2000 +0000
- Made Makefile.am stub for doc/es/
- Merged genauth into tincd
- Updated dutch translation
commit 97ec5685b92ea727fe8f8b4bb8cf289a20f8580b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Oct 20 16:44:32 2000 +0000
Generalized list and hash handling functions
commit 699e159a7a1711034f1d16d68ad1974a82e12dfc
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Oct 20 16:43:13 2000 +0000
New function: xalloc_and_zero()
commit 4059151732afb7d8fb52121d80e54f2ee325d30e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Oct 20 16:42:22 2000 +0000
Add all the new files to the sources list for the utility library
commit 9f64499e40a95a8c05c82924219517aa017fc411
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Oct 20 15:34:38 2000 +0000
- tinc now really does public/private key encryption! It even works, whee!
commit 71f05ff8956cb2e62181fcef763709b0de8faa68
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Oct 19 20:56:49 2000 +0000
Generalized error handling functions
commit 95f4e8620ef8e2cdec1cc3b2ccb8cc8e3ce94e40
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Oct 19 20:39:04 2000 +0000
Add check for the syslog function
commit 430e14162918864f9f18aad0ec0badc1ccc3e01f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Oct 19 17:29:22 2000 +0000
Changed changelog
commit d5fd1344e668da0bc8536e798f347041d5377843
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Oct 19 14:42:00 2000 +0000
- Seed the PRNG using /dev/random before generating the keys.
commit 30df5e95dbe585c6076d743d3771a42ad7c78590
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Oct 18 20:12:10 2000 +0000
Bring head revision up to date with cabal (try #3)
commit 571cfb5846c710a0a3cdbdddce8936f6b34f1cf1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Oct 18 19:44:11 2000 +0000
Get the head revision up to date with cabal
commit e75315dae609f32041ca5ed939fd2a1b69d32d3e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Oct 17 10:15:20 2000 +0000
Don't declare cp_file and cp_line in xmalloc()
commit 31c543ad0fa1d19667a03a9bd183c668def23da0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Oct 17 10:14:25 2000 +0000
Process subdir es/
commit 20301888b7a0a206119d2cfc48ccf1a667bb4add
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 16 19:04:47 2000 +0000
- More fixing. Tinc daemons can now even create activated connections.
commit bb3d18d56fa0dd2bc5146d0a0044b6ef0880bdb4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Oct 16 16:33:30 2000 +0000
- Fixing little things
- Two tinc daemons can connect to eachother now (but they disconnect right
after the ACKs).
commit 6e32b870ee127555888a115163922362c99009f9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Oct 16 11:35:10 2000 +0000
Output doc/es/Makefile
commit baeac83bf465a47d46082e1de40ea14dcf1d39af
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 15 20:30:39 2000 +0000
Corrected #ifdefs for tun/tap support.
commit 782171fd2c59b7cc5568d2d4b33ce041834710ec
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Oct 15 20:21:27 2000 +0000
Really #include the if_tun.h files now
commit 8a54c51238672abd7a72c1dbdc7d17b9956a0d35
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Oct 15 20:13:55 2000 +0000
Linearized checks for if_tun.h
commit e5130495d7d4083d58ab76c26001aa27f5fc13db
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Oct 15 19:53:15 2000 +0000
Wrap the tun/tap code in #ifdef HAVE_TUNTAP
commit 3b455b8f318528206b08121f5ce93d16e4ea01df
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Oct 15 17:26:31 2000 +0000
Add checks for the presence of the universal tun/tap device driver.
commit 85adeef21275633b78a234b2660cbe3bc9dd2c33
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 15 00:59:37 2000 +0000
- The daemon actually runs now (somewhat)
- Added support for tun/tap driver (autodetect!)
- More sophisticated checkpoint functionality
- Updated dutch translation
commit 97ce045189e330e121873d1b4be1959c60062cbb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Oct 14 22:22:06 2000 +0000
Add CVS id lines
commit 2e159d0139e77041ad82e96bf0abef6aaf64a258
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Oct 14 22:17:29 2000 +0000
Fix `Requirements'-section for GMP and OpenSSL libraries.
commit 1d5bb49f261b4346b5a440ae6bbf58fe391ea46e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Oct 14 22:00:09 2000 +0000
Update Depends lines to reflect the dependencies on OpenSSL
commit e9635ae38e0e2e3eb92568a1e234f8348856dd69
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Oct 14 17:04:16 2000 +0000
- Second fixing-things pass: it even links now.
- Lots of FIXME comments added to the source code.
commit 6a8c2e346e6125e58aab428e6730c18a949abe12
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Oct 13 23:34:56 2000 +0000
Don't look for GMP header files
commit f18e30dab3c208fd353af11e365791035534f444
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Oct 13 23:30:11 2000 +0000
Updated new requirements, pointers to the manual
commit a96f2f0fc8a02593d4cda5976df3c76fc5c99eae
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Oct 13 23:29:35 2000 +0000
Link with OpenSSL, forget libGMP
commit 183a8edd22ba4bc682392c73ae02fc9e121eda68
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 11 22:01:02 2000 +0000
- Fixing-things pass: every source file compiles into an object file now,
but linking tincd does not work yet (must link with openssl libs and
define some missing functions).
commit 6e39481d8f2406e60b5e329ace08b5a005d5cc43
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 11 13:42:52 2000 +0000
- Generalized config file parsing to support multiple configuration trees.
commit 451e9e3e7a968151de541de68603a01f0922b415
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 11 12:07:27 2000 +0000
- Changed genauth to produce rsa keypairs instead of random passphrases.
commit 950fb8e916b0e248dcaa72c96859acd6046683aa
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 11 10:35:17 2000 +0000
Big and bad commit of my current tree...
- Added seperate file for connection list handling
- Updating everything to use connlist, meta and subnet files
- Removed dependency on libgmp
- Lots of other stuff...
commit 73d0dcfcc1019ee745a422982b4e3ede9d59dd91
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Oct 4 15:09:57 2000 +0000
Removing cipher directory (all will be covered by OpenSSL).
commit 2228b16159a7aff64e6559ee1635716154e67fe6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Oct 1 03:21:49 2000 +0000
- Added subnet handling code
- Other small changes to header files
commit 676b1c0ea111406eb94a74ae12878dfd5ad9f56d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Sep 27 20:32:29 2000 +0000
Many updates, parts rewritten, added, shuffled around.
commit c78a204f06182f50b0812c8e4fef6163e82097bf
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Sep 26 14:06:11 2000 +0000
- Added meta.c which contains functions to send, receive and broadcast
metadata. It will also handle encryption and decryption, and possibly
compression and checksumming.
- Moved request dispatcher to protocol.c.
commit 2c412009e5805f04c650889b19fcb38531f2aa50
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 25 20:08:50 2000 +0000
- Very detailed example of the authentication phase.
commit 361690b18c1f5464db7b9cef235c648784780dfb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 22 16:20:07 2000 +0000
- Removed options "string" stuff. It was a bad idea...
- free() everything that is allocated.
commit 5afc1e98f436c4a2ed5da4b64293275b09632c79
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Sep 22 15:06:28 2000 +0000
- Severe code reduction and simplification of challenge requests
- "Finished" [add|del]_subnet_h
- Added lots of sanity checks to [add|del]_host_h
commit 5d0b3516d5e8a46ca2268bdb32657b72295501ec
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 17 21:42:05 2000 +0000
- Updated authentication scheme.
- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
commit 84f210edd9e72a65ca8b034a0d3bbc12e506c580
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 17 20:11:59 2000 +0000
- Included authentication scheme from protocol.c
- Added a few comments about the symmetric cipher.
commit 2863134a4113b7805a662f45a21a1be0ae9606cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 17 19:57:39 2000 +0000
Added document about the used cryptographic algorithms and the reasons
behind them. Feel very free to comment on this!
commit 33a5b4547141c11b5128d9f4863fcf6cf8e33452
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 17 10:28:57 2000 +0000
Added Spanish translation of the docs by Matias Carrasco
commit 7f3ab38c222809b15da2fe8dd655d35432eaafe0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Sep 15 12:58:40 2000 +0000
Second round of fixes
commit ed397b6ac676329b237e219c806143cccf456b3c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Sep 14 21:51:21 2000 +0000
First round of needed fixes after the overhaul
commit 296171d115614d61480d896cd77898f5393c191d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Sep 14 14:34:38 2000 +0000
New directive: Name.
commit d335c6d0d7328fd86154dc60b22deb7953ab0228
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Sep 14 14:32:34 2000 +0000
Added some structures and types that are needed for the overhaul.
commit c04c84c98055c6b9e9e7890d3992648a3b715a1a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Sep 14 11:54:51 2000 +0000
- Lots of small changes.
commit cd6695df82c55454a3f5b644f5c20a8ed31e7c97
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Sep 11 11:40:46 2000 +0000
Better checks for SunOS libraries
commit 9c75350ac6c14886195b6d368af2f118fd5d60e0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Sep 11 10:05:35 2000 +0000
- Fixed modulo in keylength check
- Updated header file to reflect new protocol code
commit 76b5f255c6cb0c5dfb5a870c371ec6f7c7879bb2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 10 23:11:37 2000 +0000
- Some key exchange stuff. (Last commit before going to bed.)
commit 675ed08a71ec28d8ae99e10e993d5c7cb717f017
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 10 22:49:46 2000 +0000
- Lots of functions added for the new protocol.
commit 9926dae4646a96ee647a2ca7d728e91600dd1cca
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 10 21:57:11 2000 +0000
Add Guus' name and shift out old protocol requests
commit 74157d3f4501f4d1ec913a986b7167d2b847e41e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 10 18:37:46 2000 +0000
Correct filenames for passphrases given in the example
commit 6b9ec9ed1e818d5e50dda4418ffb4d02c898bcba
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 10 16:15:35 2000 +0000
- Added more function skeletons for the new protocol.
commit 28cc30159565a7eda4f66215a5994d84b46b47ad
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Sep 10 15:18:03 2000 +0000
- New protocol. Will break everything else for now.
commit 7884d3ecaf78006b3f288d99f10ef541fc97087e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 10 15:16:07 2000 +0000
Support for -lsocket and -lnsl on SunOS
commit 14554e6f421e881b01be20879e9279545f375154
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 10 15:15:38 2000 +0000
Include openssl/blowfish.h
commit 45ea3ca432a031ff1b8072d934709aadaae12534
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 10 15:07:41 2000 +0000
Updated text, removed protocol flowchart
commit ae17572e6b94c6e7a2123ddeb45bf66d389ac7a0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Sep 10 15:05:45 2000 +0000
Link with OpenSSL crypto libraries instead of own blowfish library
commit 4dde583bc91985c3ff19ac1d1f1bc791b50658ff
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Sep 6 11:49:05 2000 +0000
- Use strerror() instead of sys_errlist[] for increased portability
(Needed for SunOS)
commit 66e535a729dd5a9e45600ab74dc19c2b4062ee96
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Aug 27 11:05:47 2000 +0000
Changed CVSROOT path in `make ChangeLog'
commit 39e159fbe6bbffb3229542258f956fc412bd871c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 22 14:55:04 2000 +0000
Fix rules (thanks to Laurence)
commit 47992fe59f4c1b4116e4872d59251b143edc6763
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Aug 21 20:35:47 2000 +0000
Added a rule to create an rpm
commit d9af4f32330a495789d8eecdabbbb49928f074a7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Aug 21 12:50:15 2000 +0000
Updated tinc.conf manual.
commit 94a32c4b2d2ff5d4bb1376fe5ec96c6dec55f630
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Aug 20 23:08:17 2000 +0000
Also chomp $VPNMASK
commit 861e808fef1f6796d837215f9ad135fb4cb50f5c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Aug 20 23:07:18 2000 +0000
(Quoting Laurence Lane:)
The prefix is correctly set for /usr, but is
overridden with the current make install. DESTDIR is the clean way to
relocate the installation into the debian/tmp build dir.
commit d3f41b803bf3c38910f24f1f268f182466723149
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 18 14:45:38 2000 +0000
Updated the manual:
- incorporated comments from Stefan Hartsuiker
- updated configuration variables section
- added some text about key types
commit 5c78e158d414595ab32399645678a43bb4469be6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Aug 18 11:17:09 2000 +0000
Commented on some size calculations.
commit d2c062a0a440d2871939b4ffdc2dbb137a4d45e7
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 17 17:22:01 2000 +0000
Ran update-po and updated dutch translation.
commit 3831f51a53088bfcc1d148fd54b3083afe7fde32
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Aug 17 16:51:08 2000 +0000
Fixed all sprintf() spl01ts.
commit 9acd4379f705edc8b736e21b9011434e63f7dd95
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 9 14:02:16 2000 +0000
- Added two extra configuration options, Interface and InterfaceIP, to
bind the listen socket to a network device or a specific IP.
commit f6d79366b3efaef0a458717aac5e6754630dd434
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Aug 9 09:34:21 2000 +0000
- Reinstated O_NONBLOCK for meta socket
- Set SO_KEEPALIVE on meta socket
commit 3cfc9424f255c26f2a7775b6fa059f1e3e47a76e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 17:07:48 2000 +0000
- Moved TCP packet reception to meta handler: less kludgy and less buggy!
commit e092d15be17db1d69c37f2aba46c66e03631c099
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 14:54:57 2000 +0000
- Added date/time of build and protocol number to --version output.
commit ff87f385c3a81499eff6b848aed8548cf6e5132e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 13:47:57 2000 +0000
Removed calling add_queue for tcponly packets.
commit ac73c72488dd8b33464fac1f392e89df48f7a23b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Aug 8 08:48:50 2000 +0000
Fixed PACKET read loop.
commit b6997b0050e78a2f2e517beba3ff01d9232b3d1f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Aug 7 16:27:29 2000 +0000
- Lots o' buglets fixed (-Wall helps)
- Made TCPonly work :)
commit fdc6a2f106315cd9ed22943d8c0bd279631e66b4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Aug 7 14:52:16 2000 +0000
- Added experimental hackish tunneling-over-TCP support.
Just use TCPonly = true in the configuration file.
commit 42455e97a057fb4386f9d8fb2f8963b2ec6ddf24
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 2 13:40:57 2000 +0000
- Fixed typo.
commit b1ecbf977722ec473fc8007acd39eb0de581de1a
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 2 13:36:18 2000 +0000
- Delayed address resolving for ConnectTo lines in configuration file to
allow DynDNS to work without restarting tincd.
commit 6642ec2ea4e97a2fb3e737653ab1b9351ac759e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 2 12:48:04 2000 +0000
- Updated THANKS file
commit e0de803c7e80621600409a0c760241a3d97617bd
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jul 2 12:41:03 2000 +0000
Include the Spanish translation in the distribution/build process.
commit 721d85f77277813345bdb63a610e984cec996613
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jul 2 12:35:28 2000 +0000
- Added Spanish translation from Enrique Zanardi.
commit e821a22876d15c921a4c1fbc0f792d83e90916f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 1 14:40:56 2000 +0000
- Forgot to mention ourselves in the tincd manual page! :)
commit 09f4ec190119298187cec09dd5049af8fd8bad94
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 1 14:32:24 2000 +0000
- Updated PROTOCOL (a bit)
- Included a real tincd.8 describing the options, signals, debug levels
and files used by tincd.
commit d3ea434b3684093d6d160b8077c1f51a50ac7f61
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Jul 1 10:39:28 2000 +0000
Autogenerated by gettextize.
commit 1b28f88808b9ac3193cf9a0db7a81a89eed8b4ef
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jul 1 07:49:21 2000 +0000
- Removed a single unused bit from status_bits_t.
commit 7fdc881b86fe379216f09dd5703bb88d398c87a8
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Sat Jul 1 07:29:32 2000 +0000
Added architecture section, made a start with the kernel section.
ToDo: install tinc myself to see if everything is as I say =)
commit 8ec648abf438bb5fcfe84e3a1c6a31192dc32b2e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 30 22:38:58 2000 +0000
- Added documentation for the protocols (most important the meta protocol)
used by tinc.
commit ce72275a4342ff4e21d21bb740ee88dca1ddb5f1
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 21:16:52 2000 +0000
Grrr, recommit
commit bbbdda255d6e7a8730906a1b6c2bfdd2ce1b94cf
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 21:11:34 2000 +0000
This file is now only in the CABAL revision.
commit 28a140668f892873b01afe104d21db4adb8fd8c7
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 21:09:32 2000 +0000
More about keys
commit 1a1ebefd572c18d6af187750847b024ce07551ae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 30 21:03:51 2000 +0000
- Made tinc even more silent if no -d flag is given at all.
commit 79ad21c392e56cad2556e7693b9639d8e2346a59
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 20:57:30 2000 +0000
Added extra bit about keys.
commit 8309e9b869c25677d674f5cecb8b7ac5469d1758
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 20:50:47 2000 +0000
File added to CABAL (hopefully)
commit 5cd0f940c7334959534d3ab4e1f3c7cac67ee38a
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 20:42:07 2000 +0000
added bit on config file, split up sections, added Id: tag
commit 6f5aac4e39cd6fb2fb76c0121de3f3782f72f18e
Author: Wessel Dankers <wsl@tinc-vpn.org>
Date: Fri Jun 30 20:16:15 2000 +0000
Initial revision. Lots of loose ends, not usable yet.
commit c5737583c8a5d099a71174e1eb997e0972ae03e9
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 30 12:41:06 2000 +0000
- Instead of logging an error when remote end closes the connection,
we print a nice message if appropiate debug level is set.
- If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists
are really messed up. We restart, and hope our problems go away.
commit 24874d0806bac5d75663ea9de67a71171bfc97b6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 30 11:45:16 2000 +0000
- Removed segfault bug in conf.c (must have been there for ages!)
- Made main_loop() signal proof
- #defined MAXTIMEOUT (15 minutes)
- If something really really bad happens, close all connections, wait
for MAXTIMEOUT seconds, and then restart tinc
commit 0f9ad1f047efec53590dc43f07d225e5f20456cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 29 19:47:04 2000 +0000
- Fixed memory leak.
- Implemented SIGHUP configuration file reloading.
- Other small changes.
commit 18c85caac36f7236454deef11b9eba74328dbd96
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 29 17:09:08 2000 +0000
- New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
improve connection list consistency, ensures the tree property, and
allows for recovery from situations where track of connections is lost.
commit e8e7379311ca3bf6e1fdd7d0f477a43e510e2317
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 29 13:04:15 2000 +0000
- Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
connection now has two hostnames: real_hostname (replacing the old),
and vpn_hostname. In those places where hostnames really aren't usefull
IP_ADDR_S has been replaced by %d.%d.%d.%d.
commit e0ddb638d1fb7abf19969ac887f3b7a2bd8225c1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 29 07:11:23 2000 +0000
- Updated Dutch translation.
commit 0a155580a3d55633bbc3a1e7dcbe8906f41913be
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jun 28 21:06:40 2000 +0000
Oops, and mention Guus too.
commit f2c9e7f3bbada3fbfe80f622ebc06540afb60c21
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Jun 28 21:01:45 2000 +0000
Removed Free Software Foundation copyright, because Guus Sliepen contributed significantly.
commit 3df9b89204626afdd514d5b7323801af76a5cd26
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 28 14:34:40 2000 +0000
- Added log message when SIGCHLD is received ("thanks" to Ivo van Dong)
commit 8c6c60adf3d5942c6368bafe9a4d4377ffad1abe
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 28 13:41:02 2000 +0000
- Fixed a message in nl.po
- Woops, we forgot to send our connection list to our uplink when we
connect to it... Fixed.
commit 63c5192d570e2ba5952b4e5a807e4ab4d6fdad76
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 28 11:39:40 2000 +0000
- Fixed missing " in nl.po
commit ea40d3f1a05e9edf4ccfb77f4e9e0f8355e94a83
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 28 11:38:01 2000 +0000
- Fixed some spelling errors.
- Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de
tijd gebracht.
commit dba2995db73313b1c0a56ce13395dac0bc7571a5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Jun 28 10:11:10 2000 +0000
- Extra check op EINTR bij inlezen requests
commit 4ee53e7dac93d1edad8664edffdfaf142438b85d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 27 21:05:07 2000 +0000
- Fixes a silly little insignificant buglet.
commit 070ad08118a33755835b31174e2b04e84f75556e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 27 20:55:12 2000 +0000
- Purge old connections that are ADD_HOSTed.
commit 4aeaea5e590fbd38aebbfacf2672304d04ba4ad1
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 27 20:10:48 2000 +0000
- Improved handling of errors on connection attempts.
commit 45a28b1e893d4da9d7977945a35ec6a8e4554830
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 27 15:08:58 2000 +0000
- Fixed indirectdata=no problem
- Added support for multiple ConnectTo lines in tinc.conf.
commit 4faed1b8546563def6a426c563cec2a26d927eda
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Jun 27 12:58:04 2000 +0000
- Fixed KEY_CHANGED notification. A lot of notify_others() calls were
wrong (first two arguments swapped). Should probably be doublechecked.
- Don't retry to connect to hosts with different protocol versions.
commit 04cb206298df033d254ca007205d13f9a670c402
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 26 20:30:21 2000 +0000
- Moved all connection messages to debug level 1, without -d's only the
startup message will be logged.
- Fixed DEL_HOST rebound.
commit 783c8298610d5670f6e118f49bd3d1fdfa61ae1d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 26 19:39:34 2000 +0000
- Indirectdata finally REALLY REALLY works now!
- More precise debug messages
commit b3681ebf6c255daf082ed254282cbf493af8fa93
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 26 17:20:58 2000 +0000
Fixes some hostlookups. Fixes indirectdata for real now (hopefully).
commit 03af6d8c8056d0b7006f7d8fb19bb33d303ac8f9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 25 20:52:29 2000 +0000
Version 1.0pre3.
commit a473ece8a0d83be5f7992888a6a3ff938dc4fb72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 25 16:39:17 2000 +0000
- More verbose connection list
- Added "myself" as hostname when logging indirect ADD_HOSTs
commit f1f901112e44beaecd3037dae27407ea83edd86e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 25 16:20:27 2000 +0000
Hostlookup() is actually being called now.
commit 54079bdf03e74c686f556f86082b9d14b5be227c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 25 16:01:12 2000 +0000
Hostnames are back!
commit e4b586ed070908f866a450292f9759004e6affa8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 25 15:45:09 2000 +0000
- Log possible spoofing attacks.
- Don't broadcast DEL_HOSTs for hosts that haven't been activated yet.
- If a host sends a TERMREQ, deactivate them.
commit 9a1103a7be86de3da5548fd6446e6e4fe554cc08
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 25 15:42:40 2000 +0000
Changed version number to 1.0pre3.
commit d8d2b83350e890adae9c9cede6e21ea4169abe00
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 25 15:42:40 2000 +0000
Changed version number to 1.0pre3.
commit 7648bc606596851942dd6437ddaa93f53ab20f09
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 25 15:22:16 2000 +0000
Added CVS Id tags to header files.
commit 7f7e158aae8df5c65211bcfa82516e7c243cdd2e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Jun 25 15:16:12 2000 +0000
Large cleanup:
- Removed hostname lookup (it blocks, and you can always do it yourself)
- Reorganized debug levels (after hints from Axel M<>ller):
0 Startup message and errors
1 Connection logging
2 Meta protocol information
3 Verbose meta protocol (includes copy of transmitted requests)
4 Packet information (logs transmission/errors of UDP packets)
5 Verbose packet information (every single byte, not implemented yet
to protect ourselves from filling up /var/log directories)
- Made log messages more consistent
commit 3c54a513b0c0a3acac60e03403ab4abfa0688c62
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 24 12:35:42 2000 +0000
If we have "indirectdata" flag set, we only send data to our uplink.
commit d8e2f7104c3203edbf23d2349656c765a4310dee
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 23 19:27:03 2000 +0000
First step for implementation of the "indirectdata" directive. This should
allow _leaf_ tincds to be behind firewalls.
The protocol has changed and is INCOMPATIBLE with previous versions. The
PROT_CURRENT value has been incremented.
commit 33c3a25a66251606cbf20d3bd5b392d8837116e3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Jun 17 20:55:54 2000 +0000
Configuration directive `IndirectData'.
commit 1c8adb5e1f12894fc9a478fbf29678fb662e03ab
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Jun 17 20:30:44 2000 +0000
Merge changes from 1.6-1.8.
commit 0d167e1f5d8778674a9a77b2256050e3afe2896e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 17 08:30:45 2000 +0000
Added another semicolon for bash2 compliance (thanks to Jamie Briggs)
commit 00f316810aa808368cdff620b1a1efdd1fcade20
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Jun 16 05:44:26 2000 +0000
Applied patch from Jamie Briggs for bash2 conformance.
commit ef294a69678bc7cba6d2ee0be96f683249672222
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Jun 6 10:24:33 2000 +0000
Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries.
commit 66e98068051bc52fa064650710260f89c09f8cfd
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 4 12:14:31 2000 +0000
These files are created by gettextize (run by autogen.sh) (should have known that).
commit d1d4a524dee9d75b067ac8e25770557cf22f4afe
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Jun 4 11:50:46 2000 +0000
Check for __gmpz_powm for libgmp3.
commit 377c4df245ceb8c19cabfe6d7a7c76841c07ba52
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Jun 3 23:32:03 2000 +0000
Don't touch VPNMASK if it's defined, otherwise use $MSK.
commit 9193aee8159ce53b349557ba1ad8ed23111042bb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat Jun 3 08:27:16 2000 +0000
Removed items in TODO list that are already implemented. Only two items
left.
commit 5796d2f5b7310fa8841f76bbc7bbcf2385d960c3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri Jun 2 17:30:33 2000 +0000
Alphabetized the list, added Lubom<6F>r Bulej, removed Sander Smeenk and Tijs van Bakel, put merits after all names.
commit 18b3084d2525c59f62b75346fa657ccce6459712
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Jun 1 20:21:27 2000 +0000
Debian init.d script automatically sets tap device's MTU to 1448 now.
commit 77be52422d8c28735f787b1c233b4cec73d4db56
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 31 18:23:06 2000 +0000
Miscellaneous copyright updates.
commit 8cb4bb619d777022a55255c5fa17a1a55a270ff3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 31 18:21:27 2000 +0000
Handle locale settings.
commit f20df109a638ac3a86efa70fac39e1dae8e87208
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 31 18:19:33 2000 +0000
Version 1.0pre2-1.
commit 4ae74c50b7faadf31086bc61af0f8158a465e521
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 31 18:18:21 2000 +0000
Updated Dutch translation.
commit 7037286586151e28b7c5f1fe09dd6c5faca18cdc
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 31 18:17:45 2000 +0000
Tell about /etc/tinc/nets.boot.
commit 65a9eedb05387b8cf77dbbbc56347b44a28de624
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 31 18:17:27 2000 +0000
Include news for 1.0pre2.
commit 17fa07510ad74d0f96f9700538d32eb8e7b2a0ce
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 30 21:36:16 2000 +0000
Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients.
commit e7f22d2f5f0a5fcd52da7512ab734b0ba52c623f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 30 12:38:15 2000 +0000
In terminate_connection, only send a notification to hosts that are directly connected to us. (DEL_HOST gets forwarded automatically.)
commit 2fdda8e4fa6c6ace5f7e9421f0644a3ffec388c9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 30 12:31:41 2000 +0000
When a connection is terminated, all hosts that are still connected get notified of the lost connections.
commit f826301889e1fa1a22770919f0385c3ca04c740a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 30 11:18:12 2000 +0000
Added new configuration directive `Hostnames', which controls the resolving of IP addresses to hostnames.
commit a7ad161d2b115b6a2a69c5dc8ddd33008d3562d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 29 23:40:05 2000 +0000
Only activate a connection upon receiving it's public key if it's an
incoming connection. When it's outgoing, we need to receive an ack first.
commit 5654e156a31d05ac3026790f7749d0401b2eaabc
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 22:27:15 2000 +0000
Updated changes list for version 1.0pre2.
commit a822c7466aa91a819c498336f91c63d224c3af11
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 22:20:04 2000 +0000
Bounds check for request id (between 0 and 255).
commit 0f2cf48d304e20abb9b3cded2aaa693828c9d412
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 22:15:38 2000 +0000
Dutch translation of tinc.
commit 386a62ff57f283b415fd757a8c4645b24c3bd3bb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 21:40:51 2000 +0000
Define LOCALEDIR in CFLAGS.
commit 4cd009f774e4c50cdacc06d351cac19ca3247b6b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 21:40:20 2000 +0000
Include GNU gettext checks.
commit 5814939c9d0e801bdbed6c96092fd90b6dcd859c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 21:38:02 2000 +0000
Update acconfig.h to include values for gettext inclusion.
commit b200b0d812763563dbe09e5da116c55e45f89e4f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 21:36:28 2000 +0000
Include system.h and ABOUT-NLS.
commit b9ea0633c7243de552d581f4486902c67aefd695
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 21:04:55 2000 +0000
Include intl/ directory in the list of subdirs.
commit 9fd02ffcb0cacf3de26e876de5f30510bff137a3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 29 21:01:26 2000 +0000
Internationalization of tinc.
commit 61e71ab74ad9b5edb044b84ccf1111a33eb468cb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 27 20:23:01 2000 +0000
Terminate a connection on any error. Furthermore, disallow del_host,
add_host and other important requests until remote host has properly
authenticated itself.
commit cc01b18bc6d0bfb12e6770fc0a007c278f355d9e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 27 19:44:04 2000 +0000
Made tinc persistent. If no outgoing connection can be established right
after the start of the daemon, it won't quit anymore but will retry in 5
minutes. Also, 5 minutes is now the maximum time to wait for a retry.
commit 028659bfbf164cb7a72831506896e291010b251f
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 27 19:23:20 2000 +0000
Fixed typos. When terminating a connection, it's status is not only set to
remove=1 but also active=0.
commit e4ff969a9868ecc25a85daab620f97227de8d493
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 27 19:04:12 2000 +0000
Fix for a DoS attack:
A remote user could telnet to the tinc daemon and type only this line:
61 6 00000000/00000000:28f
This would deny any packets to be sent to other tinc networks (except
for to the hosts that run tincd's themselves). Solution is to skip
hosts in lookup_conn() that have not been activated yet.
Fixed potential conn_list table corruption:
If a new connection is accepted but a connection with the same subnet
would already exist in the connection list, the OLD connection is
terminated.
commit 4d71de15e8abd137702a5dc04a743d246c3f1110
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat May 27 13:21:20 2000 +0000
Documentation updates. Removed all references to configuration variable
"AllowConnect", since it is NOT used in tinc. Added information about
"VpnMask". Elaborated a bit about "private" and "virtual" networks.
commit 85e3c1f2716c622ca8cada83d833703bf8a3ecc6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 26 11:25:59 2000 +0000
Updated by Lubomir Bulej and Mads Kiilerich: it uses /etc/tinc/nets.boot and the VpnMask directive in the config files.
commit 3a6ffe6895b681377a9553c01e3777f499b90d4a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 21 23:01:28 2000 +0000
Create an empty /etc/tinc/nets.boot.
commit b9a86ec70ed4ffe5009c4979454f0d99c8559b45
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 21 22:40:41 2000 +0000
Use /etc/tinc/example as a base directory for an example. /etc/tinc/example/README points to /usr/share/doc/tinc/README.Debian.
commit 63847abdfdad03a69bfd967929336e113cdeb09e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 21 22:38:01 2000 +0000
Add an example of using VpnMask.
commit 2469acc0900edeb8f1e3263fbf58bf74639c1b12
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 21 22:27:31 2000 +0000
When VpnMask is not present in the config file, silently use $MSK as vpnmask.
commit 73b3e7ce03cacb644a8101610933b221fdf432d6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 21 22:21:38 2000 +0000
Fixed last typo. Init.d now uses ifconfig command to set both the tap's IP
address as well as the correct route. Furthermore, if no VpnMask is given,
a default of 255.255.0.0 is chosen and a warning issued.
commit 2ad4f1cc5b6013be2deee82b0cb3f731adb51616
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 21 22:08:21 2000 +0000
Typo.
commit e25fc3a3dc4bc407bd0645fb9891ac127a83f468
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 21 22:04:56 2000 +0000
VpnMask truely works now.
commit 9ec4decec17f95cc7d5be66cc18bb040cce84d47
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 19 01:17:32 2000 +0000
Mask the vpn net with the vpn netmask, route would give an error if the netmask didn't match the net.
commit 20e404ab5716b06b53a4a5443f8098f227770907
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 19 00:58:01 2000 +0000
Fixed typo.
commit 44af1094be90878bd6fc09c40882cf2463046908
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 19 00:33:44 2000 +0000
Updated copyright notice.
commit 01352f4c525862f05988ed8687f26210c5ba10a2
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 19 00:15:37 2000 +0000
Errors will not terminate the script or result in a nonzero exit code.
commit 4ef2a8cfdb13c7eb2d811fc8c9f04df8970293c5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 19 00:14:34 2000 +0000
Include postinst in the distribution.
commit 59ca017df4c9d0f7861693b4d2ec4b7dc8c98b1e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 19 00:09:20 2000 +0000
Find networks in instead of .
commit 0354962c9885f04801d8469214c172cc012cdcec
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 18 23:33:44 2000 +0000
Don't distribute the file files.
commit b56705e18ceec9234578d7ac12939f7c59cff066
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 18 23:28:51 2000 +0000
Version 1.0pre2-0.3
commit cbf6efb617f45ffc608fe5f61d09abdd85f444ad
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 18 23:18:54 2000 +0000
Create a default /etc/tinc/nets.boot after installation, containing all directories under /etc/tinc by default.
commit e7d583adfaa50370d20f4cfe88ba5b6da399911d
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 18 23:09:31 2000 +0000
Read /etc/tinc/nets.boot to find the networks that have to be started.
commit 8d4ab991b8c35382c9cd46dd65af873d9d08f63f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 17 23:13:51 2000 +0000
This file is generated with dpkg-buildpackage.
commit ffc79bcd20b2b8085c906a446318817808bc36ae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 16 16:07:15 2000 +0000
TODO file reinstated:
- Append your name to items if you're working on them.
- Remove them if you fixed the problem/implemented that feature.
- Add any (suspected) bugs.
commit cdab82d6fb7d7d32194cb2162a814fbc89b7db4c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 16 14:34:44 2000 +0000
Use the new VpnMask directive to add a route to the rest of the VPN.
commit 85963f4c857abc2d9a4c5a3245cc11257140b9a6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 16 13:09:15 2000 +0000
Stub for VpnMask config directive.
commit 30aff5ea2aebcfc0e97e60e73ed3edc2363634a0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 16 13:03:32 2000 +0000
Look if the tap devices exist before bluntly remaking them.
commit 0761eed64c4d6d2b8e9fa6a335ccdca8ea4b95db
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue May 16 07:56:05 2000 +0000
*** empty log message ***
commit 0a2e2b0c8d20baf22b550f735b1fe63b0a1d377a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 15 19:48:46 2000 +0000
Depend on perl5.
commit 7e817fcf0fdd25aae58259930006c61048b017cd
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 15 18:28:45 2000 +0000
Unlimited length in the config file, thanks to Cris van Pelt.
commit b18af982af810ff4c050891ad2026960c43620a0
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 15 17:15:52 2000 +0000
Exit with zero status if is empty.
commit 4711a87922c84241e9bb312755d7b943ea8ae4b6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 15 15:54:37 2000 +0000
Updated to newer version.
commit a0c4e7fe6d46988f3fb1100ef00db7b747c86f72
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 15 09:41:34 2000 +0000
Test for existence of configured tinc networks. This will also make
first install of tinc possible without errors.
commit 265bda08cd00feebb68243d4079854916b03638e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 23:03:37 2000 +0000
.deb version number 1.0pre2-0.4.
commit 7a450d704b5a242f8bf9129af60593c90c63df5a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 23:00:44 2000 +0000
tincd->tinc
Delete libblowfish.y not be in the .deb.
commit 7fbfa990fcd38b8241281ce6f1a4e2992239986f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 22:59:47 2000 +0000
Mention both upstream authors.
commit f7b04ea142623a43413f74e19b1b6a9a247647ff
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 22:59:19 2000 +0000
Add description, better dependancies.
commit 9f07fe55dc4930920b9a5909d7057ca7bc16bad9
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 22:58:47 2000 +0000
Add initscript, tincd->tinc.
commit df10baa50c3b421b03ac9eeaed4a4a19a47f611e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 21:18:10 2000 +0000
Inserted useful content.
commit 6c722da77cc9185e48e22818ef88f2a88cf2efc7
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 21:14:23 2000 +0000
Add shlibs control file for the blowfish library.
commit 803f908078e87f433727a3ddf2d61734e1ed9233
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 21:07:16 2000 +0000
Give IP address instead of hex number when connecting tcp socket failed.
commit 4b1a1c2123626b50bd1a5382867986260440e9e7
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 21:04:53 2000 +0000
Changed version to 1.0pre2.
commit ca900d388b996c629f0c87c7a62efb52bd219065
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 20:58:34 2000 +0000
Version 1.0pre1-0.1.
commit 7d433ebd7610e0ff7e7b4c59979c446c0a1dfd03
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 20:56:41 2000 +0000
Add check for mpz_powm in libgmp3.
commit de09916eadd4c558937d1a6367f5319ca26ed07c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun May 14 13:50:10 2000 +0000
Only print an error with send_termreq if debug_lvl is 2 or more.
commit 9d023b1f2e7750f4a0e506c0f61498a44c0b95a8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 14 13:06:52 2000 +0000
Fixed typos.
commit e20e143f1e99bdc0a7d92e97da1bd0dc40e8a83b
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 14 13:02:20 2000 +0000
Changed ping behaviour (backwards compatible). If we don't have any data
to send, we don't need to check if the connection is still alive.
Furthermore, if we receive any kind of data from the other end, we know
it's alive, so we don't need to check it either. So, PING requests are
only sent if we send packets but there is no response.
commit ee96ccabbbf0180d5631d3c22838456f28ee9c15
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 14 12:22:42 2000 +0000
Cleanups.
commit 8caa1b9d750bb7467d1c3330780b05ac2bbf9883
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun May 14 11:39:18 2000 +0000
Proxymode removed.
commit 269067bb22e8f80deb43d3ac903f4e0d67af63d2
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat May 13 00:54:27 2000 +0000
Perl version of the system startup script.
commit 12adf1af548b7d2f2baa4be16d2df956048b7855
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 12 13:31:00 2000 +0000
Deleted the protocol description.
commit d0ba34ccae02d07051bc3f7012a6c116cfb3b653
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 8 18:44:15 2000 +0000
Added new config variable "ProxyMode". If enabled, all outgoing packets
are sent to the uplink (ConnectTo), which will have to forward them for
us (kernel should do that). This is for people behind firewalls.
commit 92387475ace9b06af39987c71ac563cf29427009
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Fri May 5 10:48:54 2000 +0000
Added semicolons required by bash2 (Mads Kiilerich).
commit bce2179fe350bf34cde0caab97f72c0930539840
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 4 23:26:24 2000 +0000
Copied most of the code from the redhat script.
commit 74b0cbecce5194dc5c594cc4e2aa3e97c14ea6c1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 4 23:17:02 2000 +0000
Include sys/types.h.
commit 2f7e532d703bbf6997ae04658379df0b0d844f62
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 4 23:16:43 2000 +0000
Don't link in libdl.
commit d4ef7ea0e79ee0d2b7063893f7af5ece886d838b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 4 00:01:05 2000 +0000
Check for the existance of libdl.
commit 87ccd613cab1947878ef60e3c927f717df089233
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 4 00:00:50 2000 +0000
More for getopt support.
commit 6182664859383a86a47846cafdc1f6fcd73b5a76
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu May 4 00:00:06 2000 +0000
Include stdio.h for fprintf.
commit 88a8826cf72297a784d597ba5a2b47058e1faf72
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 3 23:47:06 2000 +0000
getopt_long() support for platforms that don't have it.
commit 3d218a31145cf6a4c625ed287cdf3f99e4fd9a03
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 3 23:00:38 2000 +0000
Don't use error.h or error(), put #error in front of cpp errors.
commit a083b1cf305f3d241f2f4b36968a5b1ed9117612
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 3 18:02:15 2000 +0000
Squashed gcc warning.
commit 78532475238b23eb52ac88d905fbf966d97a79d2
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 3 17:59:07 2000 +0000
Fixes typo and UDP network byte order.
commit 505b5ec2cd9d6cf3dc655284a8c4041ce8527a07
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed May 3 15:37:32 2000 +0000
Outgoing packets now use network byte order in header.
commit 2bc7a0c92831802eec167ad193515962a63690dd
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed May 3 15:01:54 2000 +0000
Fix a typo, better handling of the info document. (from Mads Kiilerich)
commit 89610e3fbada1dee79769b8146a500c8357fd81d
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 2 10:16:50 2000 +0000
Replaced sprintf() by safer snprintf(), removed possible buffer overflow
by one byte.
commit aeccaca829842910b4a5c8a5fa61e1738492bea6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 2 09:55:34 2000 +0000
Previous fix fixed. Meta protocol should be really flawless from now on!
commit 989d7edc07fd407e7f7838b45986f4e37359ef97
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue May 2 09:10:33 2000 +0000
Fixed small mistake that would prevent forwarding requests.
commit 069c146656b8f952e465492c53ab5b514e959565
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 1 22:00:02 2000 +0000
Mentioned new metaprotocol.
commit bd0325655867b1dff740d52d0505773bba0606a6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 1 21:47:12 2000 +0000
More tincd->tinc updates.
commit a9247e6f2c57bda9dc62ed050f41048847109e83
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 1 21:31:59 2000 +0000
Fixed meta protocol.
commit 9ea27f76fab3663c9c83a7fe7de95f74cbfd59be
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 1 21:31:17 2000 +0000
Committed by Mads Kiilerich.
commit a92604fa5dffef589fc3042c5ae09ae8878e8cff
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 1 19:17:09 2000 +0000
Updates by Mads Kiilerich.
commit ca6abd41ea0cdf2ca6491c3945fb3c62fd40ab98
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon May 1 18:07:12 2000 +0000
Meta protocol overhaul. Tinc is now incompatible with previous versions,
furthermore this version does NOT work yet because of a problem with
sending keys (these should be converted to base36 or something like that).
It is possible to telnet to the tinc daemon now and type some commands
by hand though :).
commit 3219be5770716bdb0c8b6e9e4c674a447c5085f2
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon May 1 16:28:28 2000 +0000
Committed by Lubom<6F>r Bulej.
commit 33cfdf43f4309c17d6df811b3c5d0af3a1c8679f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 20:48:48 2000 +0000
Key forwarding, write one byte extra.
commit 75d351eaf1264cfb7aa47166469e8ec722712a89
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 19:49:49 2000 +0000
Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility.
commit b4290c3f4360f3cf01bb44957da0d8a20eac75f3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 19:03:00 2000 +0000
Send one less byte from an ANS_KEY request.
commit d878230ebef5f1a14a23c266dc425666d9e805eb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 18:57:16 2000 +0000
Read one less byte from an ANS_KEY request.
commit 789a4c4f400de31d43b9c5f349f1de417443074a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 16:34:31 2000 +0000
Removed debug messages.
commit eb1c9814e6b2a5206be1fadf19e0dc779690a69e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 16:31:23 2000 +0000
Read public keys the right way (tm).
commit ca73b722cbad5a08ec9bb5026ed5129da9a24bd8
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 16:11:05 2000 +0000
New way of handling the meta protocol.
commit cd12345032e8547a50a1f7450814364f39f0c4ec
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 13:23:53 2000 +0000
Replaced check for status.active by status.dataopen in check_network_activity.
commit 4b076ee87fcf8aaf1d9a2bd3c27524b4e3840167
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 01:16:51 2000 +0000
Initially, the vpn_mask of a connection is 255.255.255.255 to avoid confusion with lookup_conn.
commit 1c007c0627ad5e71b8218fcb086240970e955c87
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Apr 30 01:15:47 2000 +0000
Got rid of the nasty hacks... and replaced it by another one.
commit c02745991422ac3d8097b126e8b256a9b33ad24b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 29 20:39:36 2000 +0000
Filled up the protocol structs with unused bytes.
commit d3e8e8ca54928e48400584d8a70c42bbf4ae6aeb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 29 20:38:23 2000 +0000
Added `deb' target.
commit 4dbf7022a25e678969856a38501318db4d420936
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sat Apr 29 13:56:06 2000 +0000
More updates wrt. the change from tincd->tinc.
commit 23715510149179089952eef0a2d6f87571ac0e7e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri Apr 28 11:33:25 2000 +0000
Oops! Reference to write_n() removed and changed into neat write() call.
commit bb8fff92e1bc594a085c2cbd12b215d334695feb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 27 20:57:18 2000 +0000
Removed write_n() function.
commit 4fec0cc45774ba313d1823cc64c3afdda3204a2e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 27 13:47:51 2000 +0000
Default config file name is tinc.conf, and pidfile is tinc.pid.
commit eebb708cb29a121ea8d58bb6ca6caf41dea3c3b4
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 27 00:07:17 2000 +0000
Updated version number to 1.0.
commit 5797d3fcb1ff56ad3ff577f7eb988b70f9d4d709
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 27 00:01:00 2000 +0000
Filled in the details, license from libblowfish copied.
commit a3ccc15ac0979c4103f98e740b525634e8e17a0a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Apr 26 23:56:22 2000 +0000
Version to 1.0pre1;
Create Makefile and build in debian/.
commit d928703db1c4aa6caa6e4fbb0894037b10dce820
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Apr 26 23:23:01 2000 +0000
Omit TODO.
commit d0ea9c8ff287e879e531af9f1b52529421c0512f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Apr 26 22:42:15 2000 +0000
Add an entry to dir.
commit e5a7291543d41d435cc0fae56e52dc62a119a225
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Apr 26 22:01:01 2000 +0000
The make command is in /usr/bin.
commit 44f9449888344866406c75b178eff83b392b3530
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 26 17:42:55 2000 +0000
Cleanups:
- Changed recv/send calls into read/write calls for streams
- Made all sizeof() functions use a variable name instead of type
commit fca84d8a7d116c62423faf88e841daf1bee714e1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Apr 26 14:54:43 2000 +0000
From Mads Kiilerich.
commit 8efe4874dabdfdf03a747ea98cf38b11cb591ef5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 25 22:15:28 2000 +0000
Converted every &variable[0] to variable.
commit 643d8712eb2f82bde21f206306cdb6491eee7e08
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 22:00:49 2000 +0000
Debug level tweaking.
commit 468f1d2efcce53937b7f5e0540269ae18f29ebac
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 25 20:50:59 2000 +0000
When trying to talk to a host that is in the netmask of a tinc server but
not the tinc server itself, and no keys have been exchanged yet, the key
request would be directed to the host instead of the server. Fixed.
commit 6461a4b607f5e422b5809acb772e4bfe810b5570
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 20:42:54 2000 +0000
*** empty log message ***
commit dad90e82d3c7af95820b1c04903bed7074e2b175
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 25 20:17:44 2000 +0000
Fixed typo and removed some unnecessary variables.
commit 5b7242285795f5143770b663055b87ebb5dd15b8
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 25 20:10:37 2000 +0000
Packet queues fixed. They caused the trouble when resending keys.
commit 04db888b1a94a7d63fdf9800cfd722aa9c16cd26
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 19:23:23 2000 +0000
Create a ChangeLog file, automake requires it.
commit c78b76c53f516cf944ee738fad3e7d4607f282ab
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 19:21:19 2000 +0000
*** empty log message ***
commit 45b275e2542b4e8e7deac9e5e9eeddacfdbce90f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 19:11:02 2000 +0000
Initial CVS.
commit 3a3356865267ff4c1e4f7d73f6d1486952d641b5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue Apr 25 18:57:23 2000 +0000
Added checkpoints to beginning and ending of every function.
commit b6bdb9079a9e80b77443efe6c8b6da19e57e8505
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 17:38:54 2000 +0000
Remove ChangeLog with a `make cvs-clean'.
commit ca373c61944a7bd2fe26faf081edea136104d326
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 17:35:45 2000 +0000
Don't include TODO in the dist.
commit e1e590fe9a8c5c767933c68979418911f36d3a89
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 15:08:10 2000 +0000
Propagate CFLAGS from configure to gcc.
commit 8a90de94a1b0e6cdaf51559d44f04a75d5f9ab0e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 15:07:21 2000 +0000
Delete all the files that are created by autogen.sh on a `make cvs-clean'.
commit 24ee68b683de9937e917898075c62ff5f43ee46a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 10:40:08 2000 +0000
Spelling fixes.
commit 4d85552c5bf134ada1d1083ec86dabbe41497c4a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 10:27:44 2000 +0000
Contributed by Mads Kiilerich.
commit 94921d6e57e01b378ab8b1d8ea9cf3da9511fbef
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 10:22:26 2000 +0000
Generate this Makefile.am from Makefile.am.in.
commit 8c2b6537d32720b38554815181009c3098423414
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 09:43:50 2000 +0000
*** empty log message ***
commit 03fa76dbf9965cc174eebe8a152307b8fbb63079
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 09:42:52 2000 +0000
Added Mads Kiilerich, removed Guus Sliepen.
commit 7c665712d69d5a502d4c2f098ad85df3b17bfb92
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:45:34 2000 +0000
Changes largely from Mads Kiilerich.
Removed section about encryption.
commit ce98ee1ed4121fbbf5d0e13e158511064ced6b16
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:26:35 2000 +0000
Remove test for GNOME.
commit 6c99feb3e3cf6d69bcf52ae87b6c64ddbf3ffca5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:25:18 2000 +0000
Use `make ChangeLog' to create this file from the CVS logs.
commit f9eef5210dbc9c0fe54637cc4c3c0be134a51409
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:23:31 2000 +0000
Don't define HAVE_NAMESPACES and HAVE_STL.
commit ea9d2f379a170077f93569a957c713452768d0a4
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:22:01 2000 +0000
Remove check for bigendianness.
commit 18b204d17a054e991d90b7c4047ea106df64cdaf
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:15:28 2000 +0000
This file is obsolete, most of the ideas are already in echelon.
commit 62d5384ee01ae818906f2f8ba1456372a13a2420
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 01:10:38 2000 +0000
s/Gnome/tinc/g
commit f0101589959496593db672c6a35704ea5fb33238
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 00:50:48 2000 +0000
The shell script autogen.sh can create all these removed files, but be
sure to have autoconf, automake, libtool and more installed.
commit 6990a7455521665d3b67518e3f2297968108190b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 25 00:11:33 2000 +0000
Don't try to create cipher/idea/Makefile.
commit cfecc82c9a3f5e8c4648eec058da2c6427cd76af
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 24 21:12:32 2000 +0000
Don't include idea/idea.h.
commit 63540ceff5c7bb7c76d96a4cef4ba803ce915ce1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 24 21:10:33 2000 +0000
Don't compile in `idea'.
commit 74315f4218ba50cc5ba32b6ecc8e8afa2b5cd704
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 24 20:57:22 2000 +0000
These files are not needed in release 1.0.
commit 16d581be68bb52c08569e34e8a6b87f66b87e8ee
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 24 09:39:50 2000 +0000
Bug found! Wrong pointer was used for handling multiple ADD_HOST requests
at once. (See line 606.)
commit f6802d349d946090bf9d1b6c761077c80065afa5
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 24 08:32:57 2000 +0000
Added extra checks for desynchronized connection lists. Hopefully this will
fix those strange segmentation faults.
commit 10749179127c681ce040fcf612038174b2bd474a
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 20 22:50:48 2000 +0000
Added cvs-clean.
commit c92701fcf007b67725d82a23ffaef3e6e5c2b0e1
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 20 19:14:09 2000 +0000
Keep make dist(dir) happy.
commit 7db17968fc84127212ebba0fbccec1e75ced2bdc
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 20:44:29 2000 +0000
A short notice from Mads Kiilerich.
commit 2c5a555d7aefcf5699c68cb5d5f00f604b2542c7
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 20:43:24 2000 +0000
Submitted changes by Mads Kiilerich.
commit 375b668dbc1e0268b49ea12901da72bbf5247ce5
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 20:30:20 2000 +0000
Include genauth.8 in the distribution.
commit 57d8c30e4cbecea3b4216e4e650c4c0a3e160ed2
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 20:26:49 2000 +0000
Include the directory redhat in the build process.
commit 0b02ebc4d98182cf79c670e7e556ac7f4f859b75
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 16:04:10 2000 +0000
Address for bugreports changed to tinc@nl.linux.org.
commit 8770211c84cfb69f71bd204926593900d74ab579
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 15:59:42 2000 +0000
Updated manpages.
commit 8cdb84951019feb6d4954cd11eb9663c5b9ce363
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 15:59:22 2000 +0000
New manpage for genauth.
commit d11cfcec74e25ee2b88acea62ca5ef973ab7204b
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Apr 18 15:09:11 2000 +0000
Submitted by Mads Kiilerich.
commit 93287d2b2c77d4b9e3f85f36ef4f9230fe3bf9b3
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 17 17:04:33 2000 +0000
Default passphrase length of 1024, added -h/--help options.
commit 9c2ac77594d83a810c53faf6979e0b76006ecd0e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 17 16:59:42 2000 +0000
Check if stdout is a terminal, if so, print a verbose message.
commit c9246896901ff1ebad91ac399a4ea79fad941f75
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 17 16:52:58 2000 +0000
Check for an illegal length of passphrase in read_passphrase().
commit baebae274913d912d76ba1d545f337dfb945fc5c
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 17 16:23:29 2000 +0000
Pass the requested size from xmalloc() and xrealloc() on to xalloc_fail_func()
commit 210a92cae90deb5b4a410b1b7d5c625c5c5f2ffb
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Apr 17 15:38:47 2000 +0000
Only one round of reading bits out of urandom;
Reading `bytes' bytes out of it;
Print a newline after completion.
commit 5b44b91eb408d76af646b031da2364a769b44771
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Wed Apr 12 16:22:39 2000 +0000
Moved to version number 1.0.
commit 18e044bde3b508c991910218989b4bacc3a4934e
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Thu Apr 6 18:28:29 2000 +0000
New option -D, don't detach.
commit 523c80c4e35b7ff8ad94b41a6071dbe2b8ff6ec7
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Mar 28 19:16:27 2000 +0000
Ignore SIGCHLD.
commit f2076e3e7031ac8ad87eb6aab0cea40f379dd0c6
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Tue Mar 28 19:09:52 2000 +0000
Kill the parent after any error conditions in detach().
commit 98de35c742498878a27fb29becd3b7154525a60f
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Mar 27 22:59:16 2000 +0000
Upon regeneration, free the old encryption key `securely\' by overwriting it.
commit b50523dc44bbb32f03d24573e195c071cbff3fc4
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Mon Mar 27 22:30:27 2000 +0000
Get rid of the message `zxnrbl\'.
commit 1243156a5e03a666b36bc4400f1402243a85c9a7
Author: Ivo Timmermans <ivo@lychnis.net>
Date: Sun Mar 26 00:33:07 2000 +0000
2019-08-26 11:44:50 +00:00
2019-08-26 11:44:53 +00:00
Initial revision