lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Debian changes 1.0.19-1

Browse source 
tinc (1.0.19-1) unstable; urgency=low

  * New upstream release.
  * Bump debian/compat so tinc gets built with hardening flags.
  * Allow tinc-pidfile in /etc/network/interfaces.
This commit is contained in:
Guus Sliepen 2012-06-25 20:29:22 +02:00
commit 06acdce080
42 changed files with 1580 additions and 689 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

144
ChangeLog
View file

@ -1,3 +1,147 @@
commit 00e71ece25070dc919f9bc0696e4ff3a387360d0
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 19:45:51 2012 +0200
Releasing 1.0.19.
commit 236b0ba4ebba01e22e382e79897100338a039bbb
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 19:03:54 2012 +0200
Fix crash when using Broadcast = direct.
commit 0a84f9cb8f52f2d2b4f03a5ad5ef9dfcd3509033
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 19:01:51 2012 +0200
Fix compiler warnings.
commit 62ee9b776d45af41c8b040ad86e50ba8f6f8e6c4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 15:01:42 2012 +0200
#include <winsock2.h> on Windows.
MinGW complained about it not being included.
commit c0af4c37d2046ffb3e07dd62f266a4fb99ea5614
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Jun 25 15:00:24 2012 +0200
Small fixes in proxy code.
commit 42a8158b1dca6ee4ec1707176199cc36c26da7af
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: Fri May 4 16:41:47 2012 +0400
add (errnum) in front of windows error messages
On localized, non-English versions of windows, it is
common to have two active charsets -- for console applications
and for GUI applications, together with localized error messages
returned by windows. But two charsets are rarely compatible,
so sending the same byte sequence to console and to windows
event log makes one or another to be unreadable. So at least
include the error number, this way it will be possible to
lookup the actual error test using external ways.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
commit 5c0dd104f94519c3cb50e9ca44227656c5adc7ae
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 19 15:56:08 2012 +0200
Document new proxy types.
commit 5ae19cb0bb8dd6be1e9bcd560bb051f496a373ec
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 19 15:18:31 2012 +0200
Add support for proxying through an external command.
Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.
commit fb5588856fa4dd6f140c72f7360302fe85b20c75
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Apr 19 14:10:54 2012 +0200
Add support for SOCKS 5 proxies.
This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.
commit b58d95eb29662bce4388f95dbc5762b9e2999806
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Wed Apr 18 23:19:40 2012 +0200
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.
commit 84531fb6e621959e06519fdbb7f2a8f7578f66bd
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Apr 16 01:57:25 2012 +0200
Allow broadcast packets to be sent directly instead of via the MST.
When the "Broadcast = direct" option is used, broadcast packets are not sent
and forwarded via the Minimum Spanning Tree to all nodes, but are sent directly
to all nodes that can be reached in one hop.
One use for this is to allow running ad-hoc routing protocols, such as OLSR, on
top of tinc.
commit 535a55100bb77f107c85361e9f72a194e92bc8bc
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu Mar 29 16:45:25 2012 +0100
Allow environment variables to be used for Name.
When the Name starts with a $, the rest will be interpreted as the name of an
environment variable containing the real Name. When Name is $HOST, but this
environment variable does not exist, gethostname() will be used to set the
Name. In both cases, illegal characters will be converted to underscores.
commit 89f4574e0b1553c8e5dcbfc275e829a759b697f6
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 26 14:46:09 2012 +0100
Add support for systemd style socket activation.
If the LISTEN_FDS environment variable is set and tinc is run in the
foreground, tinc will use filedescriptors 3 to 3 + LISTEN_FDS for its listening
TCP sockets. For now, tinc will create matching listening UDP sockets itself.
There is no dependency on systemd or on libsystemd-daemon.
commit cc6aee784659bfbd21eb8d414e00a8f1a801cac4
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Mon Mar 26 14:45:20 2012 +0100
Remove newline from log message.
commit 16e6769feef21a5bf58f6022d990452987bb5efb
Author: Anthony G. Basile <basile@opensource.dyc.edu>
Date: Mon Mar 26 06:29:40 2012 -0400
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
The current configure.in file does not correctly make use of these
macros. The resulting configure file will therefore enable an item
even if --disable-FEATURE is given. This patch restores the intended
behavior.
commit b23681dddb8987571f04d46fc14f0ba012a7929c
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 22:54:36 2012 +0100
Support :: in IPv6 Subnets.
commit 482c6119a7ae80f320e5b519ef2e785e04a77b8e
Author: Guus Sliepen <guus@tinc-vpn.org>
Date: Sun Mar 25 15:32:26 2012 +0100

40
Makefile.in
View file

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# Makefile.in generated by automake 1.11.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -15,6 +15,23 @@
@SET_MAKE@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -37,8 +54,7 @@ subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
THANKS config.guess config.sub depcomp install-sh missing \
mkinstalldirs
THANKS config.guess config.sub depcomp install-sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
@ -47,7 +63,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ -60,6 +76,11 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
install-pdf-recursive install-ps-recursive install-recursive \
installcheck-recursive installdirs-recursive pdf-recursive \
ps-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
@ -434,13 +455,10 @@ distdir: $(DISTFILES)
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \

11
NEWS
View file

@ -1,3 +1,14 @@
Version 1.0.19 June 25 2012
* Allow :: notation in IPv6 Subnets.
* Add support for systemd style socket activation.
* Allow environment variables to be used for the Name option.
* Add basic support for SOCKS proxies, HTTP proxies, and proxying through an
external command.
Version 1.0.18 March 25 2012
* Fixed IPv6 in switch mode by turning off DecrementTTL by default.

4
README
View file

@ -1,4 +1,4 @@
This is the README file for tinc version 1.0.18. Installation
This is the README file for tinc version 1.0.19. Installation
instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2012 by:
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
Compatibility
-------------
Version 1.0.18 is compatible with 1.0pre8, 1.0 and later, but not with older
Version 1.0.19 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc.

1
THANKS
View file

@ -3,6 +3,7 @@ We would like to thank the following people for their contributions to tinc:
* Alexander Reil and Gemeinde Berg
* Allesandro Gatti
* Andreas van Cranenburgh
* Anthony G. Basile
* Armijn Hemel
* Brandon Black
* Cris van Pelt

10
aclocal.m4 vendored
View file

@ -1,4 +1,4 @@
# generated automatically by aclocal 1.11.3 -*- Autoconf -*-
# generated automatically by aclocal 1.11.5 -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
@ -14,8 +14,8 @@
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],,
[m4_warning([this file was generated for autoconf 2.68.
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
[m4_warning([this file was generated for autoconf 2.69.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically `autoreconf'.])])
@ -38,7 +38,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.11'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.11.3], [],
m4_if([$1], [1.11.5], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@ -54,7 +54,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.11.3])dnl
[AM_AUTOMAKE_VERSION([1.11.5])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])

11
config.sub vendored
View file

@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011, 2012 Free Software Foundation, Inc.
timestamp='2012-02-10'
timestamp='2012-04-18'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@ -225,6 +225,12 @@ case $os in
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-lynx*178)
os=-lynxos178
;;
-lynx*5)
os=-lynxos5
;;
-lynx*)
os=-lynxos
;;
@ -1537,6 +1543,9 @@ case $basic_machine in
c4x-* | tic4x-*)
os=-coff
;;
hexagon-*)
os=-elf
;;
tic54x-*)
os=-coff
;;

302
configure vendored
View file

@ -1,11 +1,9 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68.
# Generated by GNU Autoconf 2.69.
#
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
# Foundation, Inc.
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
@ -134,6 +132,31 @@ export LANGUAGE
# CDPATH.
(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# Use a proper internal environment variable to ensure we don't fall
# into an infinite loop, continuously re-executing ourselves.
if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
_as_can_reexec=no; export _as_can_reexec;
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
case $- in # ((((
*v*x* | *x*v* ) as_opts=-vx ;;
*v* ) as_opts=-v ;;
*x* ) as_opts=-x ;;
* ) as_opts= ;;
esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
as_fn_exit 255
fi
# We don't want this to propagate to other subprocesses.
{ _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
@ -167,7 +190,8 @@ if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
else
exitcode=1; echo positional parameters were not saved.
fi
test x\$exitcode = x0 || exit 1"
test x\$exitcode = x0 || exit 1
test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
@ -212,21 +236,25 @@ IFS=$as_save_IFS
if test "x$CONFIG_SHELL" != x; then :
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
export CONFIG_SHELL
case $- in # ((((
*v*x* | *x*v* ) as_opts=-vx ;;
*v* ) as_opts=-v ;;
*x* ) as_opts=-x ;;
* ) as_opts= ;;
esac
exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
export CONFIG_SHELL
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
case $- in # ((((
*v*x* | *x*v* ) as_opts=-vx ;;
*v* ) as_opts=-v ;;
*x* ) as_opts=-x ;;
* ) as_opts= ;;
esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
exit 255
fi
if test x$as_have_required = xno; then :
@ -328,6 +356,14 @@ $as_echo X"$as_dir" |
} # as_fn_mkdir_p
# as_fn_executable_p FILE
# -----------------------
# Test if FILE is an executable regular file.
as_fn_executable_p ()
{
test -f "$1" && test -x "$1"
} # as_fn_executable_p
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
@ -449,6 +485,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
chmod +x "$as_me.lineno" ||
{ $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
# If we had to re-execute with $CONFIG_SHELL, we're ensured to have
# already done that, so ensure we don't try to do so again and fall
# in an infinite loop. This has already happened in practice.
_as_can_reexec=no; export _as_can_reexec
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensitive to this).
@ -483,16 +523,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
# In both cases, we have to default to `cp -p'.
# In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
as_ln_s='cp -p'
as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@ -504,28 +544,8 @@ else
as_mkdir_p=false
fi
if test -x / >/dev/null 2>&1; then
as_test_x='test -x'
else
if ls -dL / >/dev/null 2>&1; then
as_ls_L_option=L
else
as_ls_L_option=
fi
as_test_x='
eval sh -c '\''
if test -d "$1"; then
test -d "$1/.";
else
case $1 in #(
-*)set "./$1";;
esac;
case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
???[sx]*):;;*)false;;esac;fi
'\'' sh
'
fi
as_executable_p=$as_test_x
as_test_x='test -x'
as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@ -1191,8 +1211,6 @@ target=$target_alias
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
$as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used" >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
@ -1358,18 +1376,18 @@ Optional Features:
(and sometimes confusing) to the casual installer
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-uml enable support for User Mode Linux
--enable-vde enable support for Virtual Distributed Ethernet
--enable-tunemu enable support for the tunemu driver
--disable-uml enable support for User Mode Linux
--disable-vde enable support for Virtual Distributed Ethernet
--disable-tunemu enable support for the tunemu driver
--disable-zlib disable zlib compression support
--disable-lzo disable lzo compression support
--enable-jumbograms enable support for jumbograms (packets up to 9000
--disable-jumbograms enable support for jumbograms (packets up to 9000
bytes)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-windows2000 compile with support for Windows 2000. This disables
--without-windows2000 compile with support for Windows 2000. This disables
support for tunneling over existing IPv6 networks.
--with-zlib=DIR zlib base directory, or:
--with-zlib-include=DIR zlib headers directory
@ -1460,9 +1478,9 @@ test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
configure
generated by GNU Autoconf 2.68
generated by GNU Autoconf 2.69
Copyright (C) 2010 Free Software Foundation, Inc.
Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@ -1789,7 +1807,7 @@ $as_echo "$ac_try_echo"; } >&5
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
$as_test_x conftest$ac_exeext
test -x conftest$ac_exeext
}; then :
ac_retval=0
else
@ -1925,7 +1943,7 @@ This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by $as_me, which was
generated by GNU Autoconf 2.68. Invocation command line was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2341,7 +2359,7 @@ case $as_dir/ in #((
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
@ -2510,7 +2528,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2550,7 +2568,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2601,7 +2619,7 @@ do
test -z "$as_dir" && as_dir=.
for ac_prog in mkdir gmkdir; do
for ac_exec_ext in '' $ac_executable_extensions; do
{ test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
'mkdir (GNU coreutils) '* | \
'mkdir (coreutils) '* | \
@ -2654,7 +2672,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_AWK="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2740,7 +2758,7 @@ fi
# Define the identity of the package.
PACKAGE=tinc
VERSION=1.0.18
VERSION=1.0.19
cat >>confdefs.h <<_ACEOF
@ -2894,7 +2912,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2934,7 +2952,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2987,7 +3005,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3028,7 +3046,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
@ -3086,7 +3104,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3130,7 +3148,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3576,8 +3594,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
struct stat;
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@ -3945,7 +3962,7 @@ do
for ac_prog in grep ggrep; do
for ac_exec_ext in '' $ac_executable_extensions; do
ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
{ test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
case `"$ac_path_GREP" --version 2>&1` in
@ -4011,7 +4028,7 @@ do
for ac_prog in egrep; do
for ac_exec_ext in '' $ac_executable_extensions; do
ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
{ test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
case `"$ac_path_EGREP" --version 2>&1` in
@ -4218,8 +4235,8 @@ else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
# define __EXTENSIONS__ 1
$ac_includes_default
# define __EXTENSIONS__ 1
$ac_includes_default
int
main ()
{
@ -4400,7 +4417,7 @@ main ()
return 0;
}
_ACEOF
for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99
do
CC="$ac_save_CC $ac_arg"
if ac_fn_c_try_compile "$LINENO"; then :
@ -4597,7 +4614,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -4637,7 +4654,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -4817,18 +4834,26 @@ esac
# Check whether --enable-uml was given.
if test "${enable_uml+set}" = set; then :
enableval=$enable_uml;
enableval=$enable_uml; if test "x$enable_uml" = "xyes"; then :
$as_echo "#define ENABLE_UML 1" >>confdefs.h
uml=true
uml=true
else
uml=false
fi
else
uml=false
fi
# Check whether --enable-vde was given.
if test "${enable_vde+set}" = set; then :
enableval=$enable_vde; for ac_header in libvdeplug_dyn.h
enableval=$enable_vde; if test "x$enable_vde" = "xyes"; then :
for ac_header in libvdeplug_dyn.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "libvdeplug_dyn.h" "ac_cv_header_libvdeplug_dyn_h" "$ac_includes_default"
if test "x$ac_cv_header_libvdeplug_dyn_h" = xyes; then :
@ -4845,19 +4870,32 @@ done
$as_echo "#define ENABLE_VDE 1" >>confdefs.h
vde=true
vde=true
else
vde=false
fi
else
vde=false
fi
# Check whether --enable-tunemu was given.
if test "${enable_tunemu+set}" = set; then :
enableval=$enable_tunemu;
enableval=$enable_tunemu; if test "x$enable_tunemu" = "xyes"; then :
$as_echo "#define ENABLE_TUNEMU 1" >>confdefs.h
tunemu=true
tunemu=true
else
tunemu=false
fi
else
tunemu=false
fi
@ -4865,9 +4903,12 @@ fi
# Check whether --with-windows2000 was given.
if test "${with_windows2000+set}" = set; then :
withval=$with_windows2000;
withval=$with_windows2000; if test "x$with_windows2000" = "xyes"; then :
$as_echo "#define WITH_WINDOWS2000 1" >>confdefs.h
fi
fi
@ -5174,11 +5215,11 @@ else
int
main ()
{
/* FIXME: Include the comments suggested by Paul. */
#ifndef __cplusplus
/* Ultrix mips cc rejects this. */
/* Ultrix mips cc rejects this sort of thing. */
typedef int charset[2];
const charset cs;
const charset cs = { 0, 0 };
/* SunOS 4.1.1 cc rejects this. */
char const *const *pcpcc;
char **ppc;
@ -5195,8 +5236,9 @@ main ()
++pcpcc;
ppc = (char**) pcpcc;
pcpcc = (char const *const *) ppc;
{ /* SCO 3.2v4 cc rejects this. */
char *t;
{ /* SCO 3.2v4 cc rejects this sort of thing. */
char tx;
char *t = &tx;
char const *s = 0 ? (char *) 0 : (char const *) 0;
*t++ = 0;
@ -5212,10 +5254,10 @@ main ()
iptr p = 0;
++p;
}
{ /* AIX XL C 1.02.0.0 rejects this saying
{ /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
"k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
struct s { int j; const int *ap[3]; };
struct s *b; b->j = 5;
struct s { int j; const int *ap[3]; } bx;
struct s *b = &bx; b->j = 5;
}
{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
const int foo = 10;
@ -5774,23 +5816,20 @@ else
/* end confdefs.h. */
$ac_includes_default
int
find_stack_direction ()
find_stack_direction (int *addr, int depth)
{
static char *addr = 0;
auto char dummy;
if (addr == 0)
{
addr = &dummy;
return find_stack_direction ();
}
else
return (&dummy > addr) ? 1 : -1;
int dir, dummy = 0;
if (! addr)
addr = &dummy;
*addr = addr < &dummy ? 1 : addr == &dummy ? 0 : -1;
dir = depth ? find_stack_direction (addr, depth - 1) : 0;
return dir + dummy;
}
int
main ()
main (int argc, char **argv)
{
return find_stack_direction () < 0;
return find_stack_direction (0, argc + !argv + 20) < 0;
}
_ACEOF
if ac_fn_c_try_run "$LINENO"; then :
@ -6690,9 +6729,12 @@ fi
# Check whether --enable-jumbograms was given.
if test "${enable_jumbograms+set}" = set; then :
enableval=$enable_jumbograms;
enableval=$enable_jumbograms; if test "x$enable_jumbograms" = "xyes"; then :
$as_echo "#define ENABLE_JUMBOGRAMS 1" >>confdefs.h
fi
fi
@ -7141,16 +7183,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
# In both cases, we have to default to `cp -p'.
# In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
as_ln_s='cp -p'
as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@ -7210,28 +7252,16 @@ else
as_mkdir_p=false
fi
if test -x / >/dev/null 2>&1; then
as_test_x='test -x'
else
if ls -dL / >/dev/null 2>&1; then
as_ls_L_option=L
else
as_ls_L_option=
fi
as_test_x='
eval sh -c '\''
if test -d "$1"; then
test -d "$1/.";
else
case $1 in #(
-*)set "./$1";;
esac;
case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
???[sx]*):;;*)false;;esac;fi
'\'' sh
'
fi
as_executable_p=$as_test_x
# as_fn_executable_p FILE
# -----------------------
# Test if FILE is an executable regular file.
as_fn_executable_p ()
{
test -f "$1" && test -x "$1"
} # as_fn_executable_p
as_test_x='test -x'
as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@ -7253,7 +7283,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# values after options handling.
ac_log="
This file was extended by $as_me, which was
generated by GNU Autoconf 2.68. Invocation command line was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@ -7319,10 +7349,10 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
config.status
configured by $0, generated by GNU Autoconf 2.68,
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
Copyright (C) 2010 Free Software Foundation, Inc.
Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@ -7413,7 +7443,7 @@ fi
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
shift
\$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL='$SHELL'

52
configure.in
View file

@ -3,7 +3,7 @@ dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
AC_INIT
AC_CONFIG_SRCDIR([src/tincd.c])
AM_INIT_AUTOMAKE(tinc, 1.0.18)
AM_INIT_AUTOMAKE(tinc, 1.0.19)
AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE
@ -73,30 +73,44 @@ case $host_os in
esac
AC_ARG_ENABLE(uml,
AS_HELP_STRING([--enable-uml], [enable support for User Mode Linux]),
[ AC_DEFINE(ENABLE_UML, 1, [Support for UML])
uml=true
]
AS_HELP_STRING([--disable-uml], [enable support for User Mode Linux]),
[ AS_IF([test "x$enable_uml" = "xyes"],
[ AC_DEFINE(ENABLE_UML, 1, [Support for UML])
uml=true
],
[uml=false])
],
[uml=false]
)
AC_ARG_ENABLE(vde,
AS_HELP_STRING([--enable-vde], [enable support for Virtual Distributed Ethernet]),
[ AC_CHECK_HEADERS(libvdeplug_dyn.h, [], [AC_MSG_ERROR([VDE plug header files not found.]); break])
AC_DEFINE(ENABLE_VDE, 1, [Support for VDE])
vde=true
]
AS_HELP_STRING([--disable-vde], [enable support for Virtual Distributed Ethernet]),
[ AS_IF([test "x$enable_vde" = "xyes"],
[ AC_CHECK_HEADERS(libvdeplug_dyn.h, [], [AC_MSG_ERROR([VDE plug header files not found.]); break])
AC_DEFINE(ENABLE_VDE, 1, [Support for VDE])
vde=true
],
[vde=false])
],
[vde=false]
)
AC_ARG_ENABLE(tunemu,
AS_HELP_STRING([--enable-tunemu], [enable support for the tunemu driver]),
[ AC_DEFINE(ENABLE_TUNEMU, 1, [Support for tunemu])
tunemu=true
]
AS_HELP_STRING([--disable-tunemu], [enable support for the tunemu driver]),
[ AS_IF([test "x$enable_tunemu" = "xyes"],
[ AC_DEFINE(ENABLE_TUNEMU, 1, [Support for tunemu])
tunemu=true
],
[tunemu=false])
],
[tunemu=false]
)
AC_ARG_WITH(windows2000,
AS_HELP_STRING([--with-windows2000], [compile with support for Windows 2000. This disables support for tunneling over existing IPv6 networks.]),
[AC_DEFINE(WITH_WINDOWS2000, 1, [Compile with support for Windows 2000])]
AS_HELP_STRING([--without-windows2000], [compile with support for Windows 2000. This disables support for tunneling over existing IPv6 networks.]),
[ AS_IF([test "x$with_windows2000" = "xyes"],
[AC_DEFINE(WITH_WINDOWS2000, 1, [Compile with support for Windows 2000])])
]
)
AM_CONDITIONAL(UML, test "$uml" = true)
@ -176,8 +190,10 @@ tinc_OPENSSL
dnl Check if support for jumbograms is requested
AC_ARG_ENABLE(jumbograms,
AS_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]),
[ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ]
AS_HELP_STRING([--disable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]),
[ AS_IF([test "x$enable_jumbograms" = "xyes"],
[ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ])
]
)
AC_SUBST(INCLUDES)

8
debian/README.Debian vendored
View file

@ -20,6 +20,7 @@ tinc-config <directory>
tinc-debug <level>
tinc-mlock yes
tinc-logfile <filename>
tinc-pidfile <filename>
tinc-chroot yes
tinc-user <username>
@ -32,10 +33,11 @@ iface vpn inet static
tinc-debug 1
tinc-mlock yes
tinc-user nobody
tinc-pidfile /tmp/tinc.pid
This will start a tinc daemon that reads its configuration from
/etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user
nobody, and creates a network interface called "vpn". Ifup then sets the
address and netmask on that interface.
nobody, writes the PID to /tmp/tinc.pid, and creates a network interface called
"vpn". Ifup then sets the address and netmask on that interface.
-- Guus Sliepen <guus@debian.org>, Fri, 24 June 2011, 18:10:53 +0200
-- Guus Sliepen <guus@debian.org>, Fri, 25 June 2012, 20:28:35 +0200

8
debian/changelog vendored
View file

@ -1,3 +1,11 @@
tinc (1.0.19-1) unstable; urgency=low
* New upstream release.
* Bump debian/compat so tinc gets built with hardening flags.
* Allow tinc-pidfile in /etc/network/interfaces.
-- Guus Sliepen <guus@debian.org> Mon, 25 Jun 2012 20:29:22 +0200
tinc (1.0.18-1) unstable; urgency=low
* New upstream release.

2
debian/compat vendored
View file

@ -1 +1 @@
7
9

2
debian/control vendored
View file

@ -3,7 +3,7 @@ Section: net
Priority: optional
Maintainer: Guus Sliepen <guus@debian.org>
Standards-Version: 3.9.3
Build-Depends: libssl-dev, debhelper (>= 7.0.50~), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
Homepage: http://www.tinc-vpn.org/
Package: tinc

1
debian/tinc.if-pre-up vendored
View file

@ -14,6 +14,7 @@ set -e
[ -n "$IF_TINC_DEBUG" ] && EXTRA="$EXTRA -d$IF_TINC_DEBUG"
[ -n "$IF_TINC_MLOCK" ] && EXTRA="$EXTRA --mlock"
[ -n "$IF_TINC_LOGFILE" ] && EXTRA="$EXTRA --logfile=$IF_TINC_LOGFILE"
[ -n "$IF_TINC_PIDFILE" ] && EXTRA="$EXTRA --logfile=$IF_TINC_PIDFILE"
[ -n "$IF_TINC_CHROOT" ] && EXTRA="$EXTRA --chroot"
[ -n "$IF_TINC_USER" ] && EXTRA="$EXTRA --user=$IF_TINC_USER"

2
debian/tinc.if-up vendored
View file

@ -5,4 +5,4 @@ set -e
[ "$METHOD" = loopback ] && exit 0
[ -n "$IF_TINC_NET" ] && exit 0
invoke-rc.d tinc alarm
invoke-rc.d tinc alarm || exit 0

124
depcomp
View file

@ -1,10 +1,10 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2011-12-04.11; # UTC
scriptversion=2012-03-27.16; # UTC
# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010,
# 2011 Free Software Foundation, Inc.
# 2011, 2012 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -28,7 +28,7 @@ scriptversion=2011-12-04.11; # UTC
case $1 in
'')
echo "$0: No command. Try \`$0 --help' for more information." 1>&2
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
@ -40,8 +40,8 @@ as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by `PROGRAMS ARGS'.
object Object file output by `PROGRAMS ARGS'.
source Source file read by 'PROGRAMS ARGS'.
object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputting dependencies.
@ -57,6 +57,12 @@ EOF
;;
esac
# A tabulation character.
tab=' '
# A newline character.
nl='
'
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
@ -102,6 +108,12 @@ if test "$depmode" = msvc7msys; then
depmode=msvc7
fi
if test "$depmode" = xlc; then
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations.
gccflag=-qmakedep=gcc,-MF
depmode=gcc
fi
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
@ -156,15 +168,14 @@ gcc)
## The second -e expression handles DOS-style file names with drive letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the `deleted header file' problem.
## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
tr ' ' '
' < "$tmpdepfile" |
## Some versions of gcc put a space before the `:'. On the theory
tr ' ' "$nl" < "$tmpdepfile" |
## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
## well. hp depmode also adds that space, but also prefixes the VPATH
## to the object. Take care to not repeat it in the output.
@ -203,18 +214,15 @@ sgi)
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like `#:fec' to the end of the
# the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
tr ' ' '
' < "$tmpdepfile" \
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
tr '
' ' ' >> "$depfile"
tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
tr ' ' '
' < "$tmpdepfile" \
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
@ -226,10 +234,17 @@ sgi)
rm -f "$tmpdepfile"
;;
xlc)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts `$object:' at the
# current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
@ -259,12 +274,11 @@ aix)
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
# Each line is of the form `foo.o: dependent.h'.
# Each line is of the form 'foo.o: dependent.h'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
# '$object: dependent.h' and one to simply 'dependent.h:'.
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
# That's a tab and a space in the [].
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
@ -275,23 +289,26 @@ aix)
;;
icc)
# Intel's C compiler understands `-MD -MF file'. However on
# icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'.
# However on
# $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
# which is wrong. We want:
# which is wrong. We want
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
# sub/foo.h:
# ICC 7.1 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using \ :
# and will wrap long lines using '\':
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
# tcc 0.9.26 (FIXME still under development at the moment of writing)
# will emit a similar output, but also prepend the continuation lines
# with horizontal tabulation characters.
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
@ -300,15 +317,21 @@ icc)
exit $stat
fi
rm -f "$depfile"
# Each line is of the form `foo.o: dependent.h',
# or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
# Each line is of the form 'foo.o: dependent.h',
# or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
sed -e 's/$/ :/' >> "$depfile"
# '$object: dependent.h' and one to simply 'dependent.h:'.
sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \
< "$tmpdepfile" > "$depfile"
sed '
s/[ '"$tab"'][ '"$tab"']*/ /g
s/^ *//
s/ *\\*$//
s/^[^:]*: *//
/^$/d
/:$/d
s/$/ :/
' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
@ -344,7 +367,7 @@ hp2)
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
# Add `dependent.h:' lines.
# Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
@ -359,9 +382,9 @@ hp2)
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in `foo.d' instead, so we check for that too.
# dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
@ -407,8 +430,7 @@ tru64)
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
# That's a tab and a space in the [].
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
@ -443,11 +465,11 @@ msvc7)
p
}' | $cygpath_u | sort -u | sed -n '
s/ /\\ /g
s/\(.*\)/ \1 \\/p
s/\(.*\)/'"$tab"'\1 \\/p
s/.\(.*\) \\/\1:/
H
$ {
s/.*/ /
s/.*/'"$tab"'/
G
p
}' >> "$depfile"
@ -478,7 +500,7 @@ dashmstdout)
shift
fi
# Remove `-o $object'.
# Remove '-o $object'.
IFS=" "
for arg
do
@ -498,15 +520,14 @@ dashmstdout)
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for `:'
# Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
tr ' ' '
' < "$tmpdepfile" | \
tr ' ' "$nl" < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@ -562,8 +583,7 @@ makedepend)
# makedepend may prepend the VPATH from the source file name to the object.
# No need to regex-escape $object, excess matching of '.' is harmless.
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
sed '1,2d' "$tmpdepfile" | tr ' ' '
' | \
sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@ -583,7 +603,7 @@ cpp)
shift
fi
# Remove `-o $object'.
# Remove '-o $object'.
IFS=" "
for arg
do
@ -652,8 +672,8 @@ msvisualcpp)
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
echo " " >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;

97
doc/Makefile.in
View file

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# Makefile.in generated by automake 1.11.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -15,6 +15,23 @@
@SET_MAKE@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -40,7 +57,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ -58,6 +75,11 @@ TEXI2PDF = $(TEXI2DVI) --pdf --batch
MAKEINFOHTML = $(MAKEINFO) --html
AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS)
DVIPS = dvips
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__installdirs = "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man5dir)" \
"$(DESTDIR)$(man8dir)"
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
@ -306,9 +328,7 @@ uninstall-html-am:
uninstall-info-am:
@$(PRE_UNINSTALL)
@if test -d '$(DESTDIR)$(infodir)' && \
(install-info --version && \
install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
@if test -d '$(DESTDIR)$(infodir)' && $(am__can_run_installinfo); then \
list='$(INFO_DEPS)'; \
for file in $$list; do \
relfile=`echo "$$file" | sed 's|^.*/||'`; \
@ -381,11 +401,18 @@ maintainer-clean-aminfo:
done
install-man5: $(man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
@list=''; test -n "$(man5dir)" || exit 0; \
{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
@list1=''; \
list2='$(man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.5[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@ -417,11 +444,18 @@ uninstall-man5:
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
install-man8: $(man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
@list=''; test -n "$(man8dir)" || exit 0; \
{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
@list1=''; \
list2='$(man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.8[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@ -568,8 +602,11 @@ install-dvi: install-dvi-am
install-dvi-am: $(DVIS)
@$(NORMAL_INSTALL)
test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)"
@list='$(DVIS)'; test -n "$(dvidir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(dvidir)'"; \
$(MKDIR_P) "$(DESTDIR)$(dvidir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
@ -584,8 +621,11 @@ install-html: install-html-am
install-html-am: $(HTMLS)
@$(NORMAL_INSTALL)
test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)"
@list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)'"; \
$(MKDIR_P) "$(DESTDIR)$(htmldir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
$(am__strip_dir) \
@ -608,9 +648,12 @@ install-info: install-info-am
install-info-am: $(INFO_DEPS)
@$(NORMAL_INSTALL)
test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(infodir)'"; \
$(MKDIR_P) "$(DESTDIR)$(infodir)" || exit 1; \
fi; \
for file in $$list; do \
case $$file in \
$(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
@ -628,13 +671,7 @@ install-info-am: $(INFO_DEPS)
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done
@$(POST_INSTALL)
@am__run_installinfo=yes; \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) am__run_installinfo=no;; \
*) (install-info --version) >/dev/null 2>&1 \
|| am__run_installinfo=no;; \
esac; \
if test $$am__run_installinfo = yes; then \
@if $(am__can_run_installinfo); then \
list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
for file in $$list; do \
relfile=`echo "$$file" | sed 's|^.*/||'`; \
@ -648,8 +685,11 @@ install-pdf: install-pdf-am
install-pdf-am: $(PDFS)
@$(NORMAL_INSTALL)
test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)"
@list='$(PDFS)'; test -n "$(pdfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(pdfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(pdfdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
@ -661,8 +701,11 @@ install-ps: install-ps-am
install-ps-am: $(PSS)
@$(NORMAL_INSTALL)
test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)"
@list='$(PSS)'; test -n "$(psdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(psdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(psdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \

BIN
doc/sample-config.tar.gz
View file

Binary file not shown.

198
doc/texinfo.tex
View file

@ -3,11 +3,11 @@
% Load plain if necessary, i.e., if running under initex.
\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
%
\def\texinfoversion{2012-01-03.09}
\def\texinfoversion{2012-03-11.15}
%
% Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
% 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
% 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
%
% This texinfo.tex file is free software: you can redistribute it and/or
% modify it under the terms of the GNU General Public License as
@ -887,7 +887,7 @@ where each line of input produces a line of output.}
\def\popthisfilestack{\errthisfilestackempty}
\def\errthisfilestackempty{\errmessage{Internal error:
the stack of filenames is empty.}}
%
\def\thisfile{}
% @center line
@ -895,36 +895,46 @@ where each line of input produces a line of output.}
%
\parseargdef\center{%
\ifhmode
\let\next\centerH
\let\centersub\centerH
\else
\let\next\centerV
\let\centersub\centerV
\fi
\next{\hfil \ignorespaces#1\unskip \hfil}%
\centersub{\hfil \ignorespaces#1\unskip \hfil}%
\let\centersub\relax % don't let the definition persist, just in case
}
\def\centerH#1{%
{%
\hfil\break
\advance\hsize by -\leftskip
\advance\hsize by -\rightskip
\line{#1}%
\break
}%
\def\centerH#1{{%
\hfil\break
\advance\hsize by -\leftskip
\advance\hsize by -\rightskip
\line{#1}%
\break
}}
%
\newcount\centerpenalty
\def\centerV#1{%
% The idea here is the same as in \startdefun, \cartouche, etc.: if
% @center is the first thing after a section heading, we need to wipe
% out the negative parskip inserted by \sectionheading, but still
% prevent a page break here.
\centerpenalty = \lastpenalty
\ifnum\centerpenalty>10000 \vskip\parskip \fi
\ifnum\centerpenalty>9999 \penalty\centerpenalty \fi
\line{\kern\leftskip #1\kern\rightskip}%
}
\def\centerV#1{\line{\kern\leftskip #1\kern\rightskip}}
% @sp n outputs n lines of vertical space
%
\parseargdef\sp{\vskip #1\baselineskip}
% @comment ...line which is ignored...
% @c is the same as @comment
% @ignore ... @end ignore is another way to write a comment
%
\def\comment{\begingroup \catcode`\^^M=\other%
\catcode`\@=\other \catcode`\{=\other \catcode`\}=\other%
\commentxxx}
{\catcode`\^^M=\other \gdef\commentxxx#1^^M{\endgroup}}
%
\let\c=\comment
% @paragraphindent NCHARS
@ -1173,8 +1183,8 @@ output) for that.)}
%
% #1 is image name, #2 width (might be empty/whitespace), #3 height (ditto).
\def\dopdfimage#1#2#3{%
\def\imagewidth{#2}\setbox0 = \hbox{\ignorespaces #2}%
\def\imageheight{#3}\setbox2 = \hbox{\ignorespaces #3}%
\def\pdfimagewidth{#2}\setbox0 = \hbox{\ignorespaces #2}%
\def\pdfimageheight{#3}\setbox2 = \hbox{\ignorespaces #3}%
%
% pdftex (and the PDF format) support .pdf, .png, .jpg (among
% others). Let's try in that order, PDF first since if
@ -1212,8 +1222,8 @@ output) for that.)}
\else
\immediate\pdfximage
\fi
\ifdim \wd0 >0pt width \imagewidth \fi
\ifdim \wd2 >0pt height \imageheight \fi
\ifdim \wd0 >0pt width \pdfimagewidth \fi
\ifdim \wd2 >0pt height \pdfimageheight \fi
\ifnum\pdftexversion<13
#1.\pdfimgext
\else
@ -1362,7 +1372,13 @@ output) for that.)}
\fi
\fi
\nextsp}
\def\getfilename#1{\filenamelength=0\expandafter\skipspaces#1|\relax}
\def\getfilename#1{%
\filenamelength=0
% If we don't expand the argument now, \skipspaces will get
% snagged on things like "@value{foo}".
\edef\temp{#1}%
\expandafter\skipspaces\temp|\relax
}
\ifnum\pdftexversion < 14
\let \startlink \pdfannotlink
\else
@ -2842,8 +2858,8 @@ end
%
\def\outfmtnametex{tex}
%
\def\inlinefmt#1{\doinlinefmt #1,\finish}
\def\doinlinefmt#1,#2,\finish{%
\long\def\inlinefmt#1{\doinlinefmt #1,\finish}
\long\def\doinlinefmt#1,#2,\finish{%
\def\inlinefmtname{#1}%
\ifx\inlinefmtname\outfmtnametex \ignorespaces #2\fi
}
@ -2855,8 +2871,8 @@ end
% well use a command to get a left brace too. We could re-use the
% delimiter character idea from \verb, but it seems like overkill.
%
\def\inlineraw{\tex \doinlineraw}
\def\doinlineraw#1{\doinlinerawtwo #1,\finish}
\long\def\inlineraw{\tex \doinlineraw}
\long\def\doinlineraw#1{\doinlinerawtwo #1,\finish}
\def\doinlinerawtwo#1,#2,\finish{%
\def\inlinerawname{#1}%
\ifx\inlinerawname\outfmtnametex \ignorespaces #2\fi
@ -4732,10 +4748,9 @@ end
%
% ..., ready, GO:
%
\def\safewhatsit#1{%
\ifhmode
\def\safewhatsit#1{\ifhmode
#1%
\else
\else
% \lastskip and \lastpenalty cannot both be nonzero simultaneously.
\whatsitskip = \lastskip
\edef\lastskipmacro{\the\lastskip}%
@ -4759,7 +4774,6 @@ end
% to re-insert the same penalty (values >10000 are used for various
% signals); since we just inserted a non-discardable item, any
% following glue (such as a \parskip) would be a breakpoint. For example:
%
% @deffn deffn-whatever
% @vindex index-whatever
% Description.
@ -4772,8 +4786,7 @@ end
% (the whatsit from the \write), so we must insert a \nobreak.
\nobreak\vskip\whatsitskip
\fi
\fi
}
\fi}
% The index entry written in the file actually looks like
% \entry {sortstring}{page}{topic}
@ -5876,14 +5889,15 @@ end
%
% We'll almost certainly start a paragraph next, so don't let that
% glue accumulate. (Not a breakpoint because it's preceded by a
% discardable item.)
% discardable item.) However, when a paragraph is not started next
% (\startdefun, \cartouche, \center, etc.), this needs to be wiped out
% or the negative glue will cause weirdly wrong output, typically
% obscuring the section heading with something else.
\vskip-\parskip
%
% This is purely so the last item on the list is a known \penalty >
% 10000. This is so \startdefun can avoid allowing breakpoints after
% section headings. Otherwise, it would insert a valid breakpoint between:
% @section sec-whatever
% @deffn def-whatever
% This is so the last item on the main vertical list is a known
% \penalty > 10000, so \startdefun, etc., can recognize the situation
% and do the needful.
\penalty 10001
}
@ -6303,7 +6317,7 @@ end
% If this cartouche directly follows a sectioning command, we need the
% \parskip glue (backspaced over by default) or the cartouche can
% collide with the section heading.
\ifnum\lastpenalty>10000 \vskip\parskip \fi
\ifnum\lastpenalty>10000 \vskip\parskip \penalty\lastpenalty \fi
%
\vbox\bgroup
\baselineskip=0pt\parskip=0pt\lineskip=0pt
@ -7802,26 +7816,36 @@ end
\def\pxref#1{\putwordsee{} \xrefX[#1,,,,,,,]}
\def\xref#1{\putwordSee{} \xrefX[#1,,,,,,,]}
\def\ref#1{\xrefX[#1,,,,,,,]}
%
\newbox\topbox
\newbox\printedrefnamebox
\newbox\printedmanualbox
%
\def\xrefX[#1,#2,#3,#4,#5,#6]{\begingroup
\unsepspaces
\def\printedmanual{\ignorespaces #5}%
%
\def\printedrefname{\ignorespaces #3}%
\setbox1=\hbox{\printedmanual\unskip}%
\setbox0=\hbox{\printedrefname\unskip}%
\ifdim \wd0 = 0pt
\setbox\printedrefnamebox = \hbox{\printedrefname\unskip}%
%
\def\printedmanual{\ignorespaces #5}%
\setbox\printedmanualbox = \hbox{\printedmanual\unskip}%
%
% If the printed reference name (arg #3) was not explicitly given in
% the @xref, figure out what we want to use.
\ifdim \wd\printedrefnamebox = 0pt
% No printed node name was explicitly given.
\expandafter\ifx\csname SETxref-automatic-section-title\endcsname \relax
% Use the node name inside the square brackets.
% Not auto section-title: use node name inside the square brackets.
\def\printedrefname{\ignorespaces #1}%
\else
% Use the actual chapter/section title appear inside
% the square brackets. Use the real section title if we have it.
\ifdim \wd1 > 0pt
% It is in another manual, so we don't have it.
% Auto section-title: use chapter/section title inside
% the square brackets if we have it.
\ifdim \wd\printedmanualbox > 0pt
% It is in another manual, so we don't have it; use node name.
\def\printedrefname{\ignorespaces #1}%
\else
\ifhavexrefs
% We know the real title if we have the xref values.
% We (should) know the real title if we have the xref values.
\def\printedrefname{\refx{#1-title}{}}%
\else
% Otherwise just copy the Info node name.
@ -7835,6 +7859,7 @@ end
\ifpdf
{\indexnofonts
\turnoffactive
\makevalueexpandable
% This expands tokens, so do it after making catcode changes, so _
% etc. don't get their TeX definitions.
\getfilename{#4}%
@ -7867,7 +7892,7 @@ end
\iffloat\Xthisreftitle
% If the user specified the print name (third arg) to the ref,
% print it instead of our usual "Figure 1.2".
\ifdim\wd0 = 0pt
\ifdim\wd\printedrefnamebox = 0pt
\refx{#1-snt}{}%
\else
\printedrefname
@ -7875,21 +7900,46 @@ end
%
% if the user also gave the printed manual name (fifth arg), append
% "in MANUALNAME".
\ifdim \wd1 > 0pt
\ifdim \wd\printedmanualbox > 0pt
\space \putwordin{} \cite{\printedmanual}%
\fi
\else
% node/anchor (non-float) references.
%
% If we use \unhbox0 and \unhbox1 to print the node names, TeX does not
% insert empty discretionaries after hyphens, which means that it will
% not find a line break at a hyphen in a node names. Since some manuals
% are best written with fairly long node names, containing hyphens, this
% is a loss. Therefore, we give the text of the node name again, so it
% is as if TeX is seeing it for the first time.
\ifdim \wd1 > 0pt
\putwordSection{} ``\printedrefname'' \putwordin{} \cite{\printedmanual}%
%
% If we use \unhbox to print the node names, TeX does not insert
% empty discretionaries after hyphens, which means that it will not
% find a line break at a hyphen in a node names. Since some manuals
% are best written with fairly long node names, containing hyphens,
% this is a loss. Therefore, we give the text of the node name
% again, so it is as if TeX is seeing it for the first time.
%
% Cross-manual reference. Only include the "Section ``foo'' in" if
% the foo is neither missing or Top. Thus, @xref{,,,foo,The Foo Manual}
% outputs simply "see The Foo Manual".
\ifdim \wd\printedmanualbox > 0pt
% What is the 7sp about? The idea is that we also want to omit
% the Section part if we would be printing "Top", since they are
% clearly trying to refer to the whole manual. But, this being
% TeX, we can't easily compare strings while ignoring the possible
% spaces before and after in the input. By adding the arbitrary
% 7sp, we make it much less likely that a real node name would
% happen to have the same width as "Top" (e.g., in a monospaced font).
% I hope it will never happen in practice.
%
% For the same basic reason, we retypeset the "Top" at every
% reference, since the current font is indeterminate.
%
\setbox\topbox = \hbox{Top\kern7sp}%
\setbox2 = \hbox{\ignorespaces \printedrefname \unskip \kern7sp}%
\ifdim \wd2 > 7sp
\ifdim \wd2 = \wd\topbox \else
\putwordSection{} ``\printedrefname'' \putwordin{}\space
\fi
\fi
\cite{\printedmanual}%
\else
% Reference in this manual.
%
% _ (for example) has to be the character _ for the purposes of the
% control sequence corresponding to the node, but it has to expand
% into the usual \leavevmode...\vrule stuff for purposes of
@ -7901,7 +7951,7 @@ end
\setbox2 = \hbox{\ignorespaces \refx{#1-snt}{}}%
\ifdim \wd2 > 0pt \refx{#1-snt}\space\fi
}%
% output the `[mynode]' via a macro so it can be overridden.
% output the `[mynode]' via the macro below so it can be overridden.
\xrefprintnodename\printedrefname
%
% But we always want a comma and a space:
@ -8281,7 +8331,7 @@ end
it from ftp://tug.org/tex/epsf.tex.}
%
\def\image#1{%
\ifx\epsfbox\thisiundefined
\ifx\epsfbox\thisisundefined
\ifwarnednoepsf \else
\errhelp = \noepsfhelp
\errmessage{epsf.tex not found, images will be ignored}%
@ -8305,6 +8355,13 @@ end
% If the image is by itself, center it.
\ifvmode
\imagevmodetrue
\else \ifx\centersub\centerV
% for @center @image, we need a vbox so we can have our vertical space
\imagevmodetrue
\vbox\bgroup % vbox has better behavior than vtop herev
\fi\fi
%
\ifimagevmode
\nobreak\medskip
% Usually we'll have text after the image which will insert
% \parskip glue, so insert it here too to equalize the space
@ -8314,9 +8371,13 @@ end
\fi
%
% Leave vertical mode so that indentation from an enclosing
% environment such as @quotation is respected. On the other hand, if
% it's at the top level, we don't want the normal paragraph indentation.
\noindent
% environment such as @quotation is respected.
% However, if we're at the top level, we don't want the
% normal paragraph indentation.
% On the other hand, if we are in the case of @center @image, we don't
% want to start a paragraph, which will create a hsize-width box and
% eradicate the centering.
\ifx\centersub\centerV\else \noindent \fi
%
% Output the image.
\ifpdf
@ -8328,7 +8389,10 @@ end
\epsfbox{#1.eps}%
\fi
%
\ifimagevmode \medskip \fi % space after the standalone image
\ifimagevmode
\medskip % space after a standalone image
\fi
\ifx\centersub\centerV \egroup \fi
\endgroup}

72
doc/tinc.conf.5.in
View file

@ -159,8 +159,25 @@ It is possible to bind only to a single interface with this variable.
.Pp
This option may not work on all platforms.
.It Va Broadcast Li = yes | no Po yes Pc Bq experimental
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
.It Va Broadcast Li = no | mst | direct Po mst Pc Bq experimental
This option selects the way broadcast packets are sent to other daemons.
NOTE: all nodes in a VPN must use the same
.Va Broadcast
mode, otherwise routing loops can form.
.Bl -tag -width indent
.It no
Broadcast packets are never sent to other nodes.
.It mst
Broadcast packets are sent and forwarded via the VPN's Minimum Spanning Tree.
This ensures broadcast packets reach all nodes.
.It direct
Broadcast packets are sent directly to all nodes that can be reached directly.
Broadcast packets received from other nodes are never forwarded.
If the IndirectData option is also set, broadcast packets will only be sent to nodes which we have a meta connection to.
.El
.It Va ConnectTo Li = Ar name
Specifies which other tinc daemon to connect to on startup.
@ -394,6 +411,19 @@ while no routing table is managed.
.It Va Name Li = Ar name Bq required
This is the name which identifies this tinc daemon.
It must be unique for the virtual private network this daemon will connect to.
The Name may only consist of alphanumeric and underscore characters.
If
.Va Name
starts with a
.Li $ ,
then the contents of the environment variable that follows will be used.
In that case, invalid characters will be converted to underscores.
If
.Va Name
is
.Li $HOST ,
but no such environment variable exist, the hostname will be read using the gethostnname() system call.
.It Va PingInterval Li = Ar seconds Pq 60
The number of seconds of inactivity that
@ -426,8 +456,41 @@ specified in the configuration file.
When this option is used the priority of the tincd process will be adjusted.
Increasing the priority may help to reduce latency and packet loss on the VPN.
.It Va Proxy Li = socks4 | socks5 | http | exec Ar ... Bq experimental
Use a proxy when making outgoing connections.
The following proxy types are currently supported:
.Bl -tag -width indent
.It socks4 Ar address Ar port Op Ar username
Connects to the proxy using the SOCKS version 4 protocol.
Optionally, a
.Ar username
can be supplied which will be passed on to the proxy server.
Only IPv4 connections can be proxied using SOCKS 4.
.It socks5 Ar address Ar port Op Ar username Ar password
Connect to the proxy using the SOCKS version 5 protocol.
If a
.Ar username
and
.Ar password
are given, basic username/password authentication will be used,
otherwise no authentication will be used.
.It http Ar address Ar port
Connects to the proxy and sends a HTTP CONNECT request.
.It exec Ar command
Executes the given
.Ar command
which should set up the outgoing connection.
The environment variables
.Ev NAME ,
.Ev NODE ,
.Ev REMOTEADDRES
and
.Ev REMOTEPORT
are available.
.El
.It Va ReplayWindow Li = Ar bytes Pq 16
This is the size of the replay tracking window for each remote node, in bytes.
vhis is the size of the replay tracking window for each remote node, in bytes.
The window is a bitfield which tracks 1 packet per bit, so for example
the default setting of 16 will track up to 128 packets in the window. In high
bandwidth scenarios, setting this to a higher value can reduce packet loss from
@ -564,12 +627,11 @@ variables can be specified.
Subnets can either be single MAC, IPv4 or IPv6 addresses,
in which case a subnet consisting of only that single address is assumed,
or they can be a IPv4 or IPv6 network address with a prefixlength.
Shorthand notations are not supported.
For example, IPv4 subnets must be in a form like 192.168.1.0/24,
where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask.
Note that subnets like 192.168.1.1/24 are invalid!
Read a networking HOWTO/FAQ/guide if you don't understand this.
IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
IPv6 subnets are notated like fec0:0:0:1::/64.
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
.Pp

210
doc/tinc.info
View file

@ -5,7 +5,7 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.17, a Virtual Private
This is the info manual for tinc version 1.0.19, a Virtual Private
Network daemon.
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
@ -705,9 +705,25 @@ BindToInterface = <INTERFACE> [experimental]
This option may not work on all platforms.
Broadcast = <yes | no> (yes) [experimental]
When disabled, tinc will drop all broadcast and multicast packets,
in both router and switch mode.
Broadcast = <no | mst | direct> (mst) [experimental]
This option selects the way broadcast packets are sent to other
daemons. _NOTE: all nodes in a VPN must use the same Broadcast
mode, otherwise routing loops can form._
no
Broadcast packets are never sent to other nodes.
mst
Broadcast packets are sent and forwarded via the VPN's
Minimum Spanning Tree. This ensures broadcast packets reach
all nodes.
direct
Broadcast packets are sent directly to all nodes that can be
reached directly. Broadcast packets received from other
nodes are never forwarded. If the IndirectData option is
also set, broadcast packets will only be sent to nodes which
we have a meta connection to.
ConnectTo = <NAME>
Specifies which other tinc daemon to connect to on startup.
@ -909,6 +925,12 @@ Name = <NAME> [required]
consist only of alfanumeric and underscore characters (a-z, A-Z,
0-9 and _).
If Name starts with a $, then the contents of the environment
variable that follows will be used. In that case, invalid
characters will be converted to underscores. If Name is $HOST,
but no such environment variable exist, the hostname will be read
using the gethostnname() system call.
PingInterval = <SECONDS> (60)
The number of seconds of inactivity that tinc will wait before
sending a probe to the other end.
@ -943,6 +965,29 @@ ProcessPriority = <low|normal|high>
adjusted. Increasing the priority may help to reduce latency and
packet loss on the VPN.
Proxy = socks4 | socks4 | http | exec ... [experimental]
Use a proxy when making outgoing connections. The following proxy
types are currently supported:
socks4 <ADDRESS> <PORT> [<USERNAME>]
Connects to the proxy using the SOCKS version 4 protocol.
Optionally, a USERNAME can be supplied which will be passed
on to the proxy server.
socks4 <ADDRESS> <PORT> [<USERNAME> <PASSWORD>]
Connect to the proxy using the SOCKS version 5 protocol. If
a USERNAME and PASSWORD are given, basic username/password
authentication will be used, otherwise no authentication will
be used.
http <ADDRESS> <PORT>
Connects to the proxy and sends a HTTP CONNECT request.
exec <COMMAND>
Executes the given command which should set up the outgoing
connection. The environment variables `NAME', `NODE',
`REMOTEADDRES' and `REMOTEPORT' are available.
ReplayWindow = <bytes> (16)
This is the size of the replay tracking window for each remote
node, in bytes. The window is a bitfield which tracks 1 packet
@ -1061,13 +1106,12 @@ Subnet = <ADDRESS[/PREFIXLENGTH[#WEIGHT]]>
Subnets can either be single MAC, IPv4 or IPv6 addresses, in which
case a subnet consisting of only that single address is assumed,
or they can be a IPv4 or IPv6 network address with a prefixlength.
Shorthand notations are not supported. For example, IPv4 subnets
must be in a form like 192.168.1.0/24, where 192.168.1.0 is the
network address and 24 is the number of bits set in the netmask.
Note that subnets like 192.168.1.1/24 are invalid! Read a
networking HOWTO/FAQ/guide if you don't understand this. IPv6
subnets are notated like fec0:0:0:1:0:0:0:0/64. MAC addresses are
notated like 0:1a:2b:3c:4d:5e.
For example, IPv4 subnets must be in a form like 192.168.1.0/24,
where 192.168.1.0 is the network address and 24 is the number of
bits set in the netmask. Note that subnets like 192.168.1.1/24
are invalid! Read a networking HOWTO/FAQ/guide if you don't
understand this. IPv6 subnets are notated like fec0:0:0:1::/64.
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
Prefixlength is the number of bits set to 1 in the netmask part;
for example: netmask 255.255.255.0 would become /24, 255.255.252.0
@ -2386,7 +2430,7 @@ Concept Index
* CHALLENGE: Authentication protocol.
(line 10)
* CIDR notation: Host configuration variables.
(line 92)
(line 91)
* Cipher: Host configuration variables.
(line 12)
* ClampMSS: Host configuration variables.
@ -2398,74 +2442,78 @@ Concept Index
(line 24)
* connection: The connection. (line 6)
* ConnectTo: Main configuration variables.
(line 37)
(line 53)
* daemon: Running tinc. (line 11)
* data-protocol: The meta-connection. (line 18)
* debug level: Runtime options. (line 17)
* debug levels: Debug levels. (line 6)
* DecrementTTL: Main configuration variables.
(line 48)
(line 64)
* DEL_EDGE: The meta-protocol. (line 47)
* DEL_SUBNET: The meta-protocol. (line 47)
* DEVICE: Scripts. (line 55)
* Device: Main configuration variables.
(line 57)
(line 73)
* device files: Device files. (line 6)
* DeviceType: Main configuration variables.
(line 64)
(line 80)
* Digest: Host configuration variables.
(line 29)
* DirectOnly: Main configuration variables.
(line 129)
(line 145)
* dummy: Main configuration variables.
(line 71)
(line 87)
* encapsulating: The UDP tunnel. (line 30)
* encryption: Encryption of network packets.
(line 6)
* environment variables: Scripts. (line 43)
* example: Example configuration.
(line 6)
* exec: Main configuration variables.
(line 311)
* Forwarding: Main configuration variables.
(line 136)
(line 152)
* frame type: The UDP tunnel. (line 6)
* GraphDumpFile: Main configuration variables.
(line 156)
(line 172)
* Hostnames: Main configuration variables.
(line 164)
(line 180)
* http: Main configuration variables.
(line 308)
* hub: Main configuration variables.
(line 216)
(line 232)
* ID: Authentication protocol.
(line 10)
* IndirectData: Host configuration variables.
(line 34)
* INTERFACE: Scripts. (line 58)
* Interface: Main configuration variables.
(line 174)
(line 190)
* IRC: Contact information. (line 9)
* key generation: Generating keypairs. (line 6)
* KEY_CHANGED: The meta-protocol. (line 64)
* KeyExpire: Main configuration variables.
(line 221)
(line 237)
* libraries: Libraries. (line 6)
* license: OpenSSL. (line 36)
* LocalDiscovery: Main configuration variables.
(line 182)
(line 198)
* lzo: lzo. (line 6)
* MACExpire: Main configuration variables.
(line 227)
(line 243)
* MACLength: Host configuration variables.
(line 42)
* meta-protocol: The meta-connection. (line 18)
* META_KEY: Authentication protocol.
(line 10)
* Mode: Main configuration variables.
(line 193)
(line 209)
* multicast: Main configuration variables.
(line 83)
(line 99)
* multiple networks: Multiple networks. (line 6)
* NAME: Scripts. (line 52)
* Name: Main configuration variables.
(line 232)
(line 248)
* netmask: Network interfaces. (line 34)
* NETNAME: Scripts. (line 49)
* netname: Multiple networks. (line 6)
@ -2478,9 +2526,9 @@ Concept Index
(line 67)
* PING: The meta-protocol. (line 89)
* PingInterval: Main configuration variables.
(line 237)
(line 259)
* PingTimeout: Main configuration variables.
(line 241)
(line 263)
* platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables.
(line 47)
@ -2491,49 +2539,55 @@ Concept Index
(line 55)
* port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables.
(line 247)
(line 269)
* private: Virtual Private Networks.
(line 10)
* PrivateKey: Main configuration variables.
(line 252)
(line 274)
* PrivateKeyFile: Main configuration variables.
(line 258)
(line 280)
* ProcessPriority: Main configuration variables.
(line 266)
(line 288)
* Proxy: Main configuration variables.
(line 293)
* PublicKey: Host configuration variables.
(line 59)
* PublicKeyFile: Host configuration variables.
(line 62)
* raw_socket: Main configuration variables.
(line 76)
(line 92)
* release: Supported platforms. (line 14)
* REMOTEADDRESS: Scripts. (line 67)
* REMOTEPORT: Scripts. (line 70)
* ReplayWindow: Main configuration variables.
(line 271)
(line 316)
* REQ_KEY: The meta-protocol. (line 64)
* requirements: Libraries. (line 6)
* router: Main configuration variables.
(line 196)
(line 212)
* runtime options: Runtime options. (line 9)
* scalability: tinc. (line 19)
* scripts: Scripts. (line 6)
* server: How connections work.
(line 18)
* signals: Signals. (line 6)
* socks4: Main configuration variables.
(line 297)
* socks5: Main configuration variables.
(line 302)
* StrictSubnets: Main configuration variables.
(line 282)
(line 327)
* SUBNET: Scripts. (line 74)
* Subnet: Host configuration variables.
(line 74)
* Subnet weight: Host configuration variables.
(line 97)
(line 96)
* SVPN: Security. (line 11)
* switch: Main configuration variables.
(line 205)
(line 221)
* TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables.
(line 104)
(line 103)
* TINC: Security. (line 6)
* tinc: Introduction. (line 6)
* tinc-down: Scripts. (line 18)
@ -2542,24 +2596,24 @@ Concept Index
* tincd: tinc. (line 14)
* traditional VPNs: tinc. (line 19)
* tunifhead: Main configuration variables.
(line 118)
(line 134)
* TunnelServer: Main configuration variables.
(line 287)
(line 332)
* tunnohead: Main configuration variables.
(line 112)
(line 128)
* UDP <1>: Encryption of network packets.
(line 12)
* UDP: The UDP tunnel. (line 30)
* UDPRcvBuf: Main configuration variables.
(line 294)
(line 339)
* UDPSndBuf: Main configuration variables.
(line 299)
(line 344)
* UML: Main configuration variables.
(line 94)
(line 110)
* Universal tun/tap: Configuration of Linux kernels.
(line 6)
* VDE: Main configuration variables.
(line 99)
(line 115)
* virtual: Virtual Private Networks.
(line 18)
* virtual network device: The UDP tunnel. (line 6)
@ -2605,34 +2659,34 @@ Node: Multiple networks21169
Node: How connections work22595
Node: Configuration files23817
Node: Main configuration variables25204
Node: Host configuration variables39057
Node: Scripts44468
Node: How to configure47238
Node: Generating keypairs48501
Node: Network interfaces49000
Node: Example configuration50848
Node: Running tinc56171
Node: Runtime options56761
Node: Signals60061
Node: Debug levels61253
Node: Solving problems62189
Node: Error messages63741
Node: Sending bug reports67754
Node: Technical information68706
Node: The connection68937
Node: The UDP tunnel69249
Node: The meta-connection72310
Node: The meta-protocol73779
Node: Security78788
Node: Authentication protocol79918
Node: Encryption of network packets84922
Node: Security issues86295
Node: Platform specific information87912
Node: Interface configuration88140
Node: Routes90593
Node: About us92509
Node: Contact information92684
Node: Authors93088
Node: Concept Index93493
Node: Host configuration variables40987
Node: Scripts46347
Node: How to configure49117
Node: Generating keypairs50380
Node: Network interfaces50879
Node: Example configuration52727
Node: Running tinc58050
Node: Runtime options58640
Node: Signals61940
Node: Debug levels63132
Node: Solving problems64068
Node: Error messages65620
Node: Sending bug reports69633
Node: Technical information70585
Node: The connection70816
Node: The UDP tunnel71128
Node: The meta-connection74189
Node: The meta-protocol75658
Node: Security80667
Node: Authentication protocol81797
Node: Encryption of network packets86801
Node: Security issues88174
Node: Platform specific information89791
Node: Interface configuration90019
Node: Routes92472
Node: About us94388
Node: Contact information94563
Node: Authors94967
Node: Concept Index95372

End Tag Table

54
doc/tinc.texi
View file

@ -778,8 +778,23 @@ variable.
This option may not work on all platforms.
@cindex Broadcast
@item Broadcast = <yes | no> (yes) [experimental]
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
@item Broadcast = <no | mst | direct> (mst) [experimental]
This option selects the way broadcast packets are sent to other daemons.
@emph{NOTE: all nodes in a VPN must use the same Broadcast mode, otherwise routing loops can form.}
@table @asis
@item no
Broadcast packets are never sent to other nodes.
@item mst
Broadcast packets are sent and forwarded via the VPN's Minimum Spanning Tree.
This ensures broadcast packets reach all nodes.
@item direct
Broadcast packets are sent directly to all nodes that can be reached directly.
Broadcast packets received from other nodes are never forwarded.
If the IndirectData option is also set, broadcast packets will only be sent to nodes which we have a meta connection to.
@end table
@cindex ConnectTo
@item ConnectTo = <@var{name}>
@ -993,6 +1008,11 @@ This only has effect when Mode is set to "switch".
This is a symbolic name for this connection.
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
If Name starts with a $, then the contents of the environment variable that follows will be used.
In that case, invalid characters will be converted to underscores.
If Name is $HOST, but no such environment variable exist,
the hostname will be read using the gethostnname() system call.
@cindex PingInterval
@item PingInterval = <@var{seconds}> (60)
The number of seconds of inactivity that tinc will wait before sending a
@ -1030,6 +1050,33 @@ specified in the configuration file.
When this option is used the priority of the tincd process will be adjusted.
Increasing the priority may help to reduce latency and packet loss on the VPN.
@cindex Proxy
@item Proxy = socks4 | socks4 | http | exec @var{...} [experimental]
Use a proxy when making outgoing connections.
The following proxy types are currently supported:
@table @asis
@cindex socks4
@item socks4 <@var{address}> <@var{port}> [<@var{username}>]
Connects to the proxy using the SOCKS version 4 protocol.
Optionally, a @var{username} can be supplied which will be passed on to the proxy server.
@cindex socks5
@item socks4 <@var{address}> <@var{port}> [<@var{username}> <@var{password}>]
Connect to the proxy using the SOCKS version 5 protocol.
If a @var{username} and @var{password} are given, basic username/password authentication will be used,
otherwise no authentication will be used.
@cindex http
@item http <@var{address}> <@var{port}>
Connects to the proxy and sends a HTTP CONNECT request.
@cindex exec
@item exec <@var{command}>
Executes the given command which should set up the outgoing connection.
The environment variables @env{NAME}, @env{NODE}, @env{REMOTEADDRES} and @env{REMOTEPORT} are available.
@end table
@cindex ReplayWindow
@item ReplayWindow = <bytes> (16)
This is the size of the replay tracking window for each remote node, in bytes.
@ -1162,12 +1209,11 @@ Multiple subnet lines can be specified for each daemon.
Subnets can either be single MAC, IPv4 or IPv6 addresses,
in which case a subnet consisting of only that single address is assumed,
or they can be a IPv4 or IPv6 network address with a prefixlength.
Shorthand notations are not supported.
For example, IPv4 subnets must be in a form like 192.168.1.0/24,
where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask.
Note that subnets like 192.168.1.1/24 are invalid!
Read a networking HOWTO/FAQ/guide if you don't understand this.
IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
IPv6 subnets are notated like fec0:0:0:1::/64.
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
@cindex CIDR notation

1
have.h
View file

@ -41,6 +41,7 @@
#ifdef HAVE_MINGW
#include <w32api.h>
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#endif

26
lib/Makefile.in
View file

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# Makefile.in generated by automake 1.11.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -17,6 +17,23 @@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -44,7 +61,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ -67,6 +84,11 @@ CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
SOURCES = $(libvpn_a_SOURCES)
DIST_SOURCES = $(libvpn_a_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
HEADERS = $(noinst_HEADERS)
ETAGS = etags
CTAGS = ctags

12
lib/utils.c
View file

@ -53,15 +53,17 @@ void bin2hex(char *src, char *dst, int length) {
#endif
const char *winerror(int err) {
static char buf[1024], *newline;
static char buf[1024], *ptr;
ptr = buf + sprintf(buf, "(%d) ", err);
if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, sizeof(buf), NULL)) {
strncpy(buf, "(unable to format errormessage)", sizeof(buf));
NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), ptr, sizeof(buf) - (ptr - buf), NULL)) {
strcpy(ptr, "(unable to format errormessage)");
};
if((newline = strchr(buf, '\r')))
*newline = '\0';
if((ptr = strchr(buf, '\r')))
*ptr = '\0';
return buf;
}

26
m4/Makefile.in
View file

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# Makefile.in generated by automake 1.11.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -15,6 +15,23 @@
@SET_MAKE@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -41,12 +58,17 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@

162
mkinstalldirs
View file

@ -1,162 +0,0 @@
#! /bin/sh
# mkinstalldirs --- make directory hierarchy
scriptversion=2009-04-28.21; # UTC
# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
# Created: 1993-05-16
# Public domain.
#
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
IFS=" "" $nl"
errstatus=0
dirmode=
usage="\
Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
Create each directory DIR (with mode MODE, if specified), including all
leading file name components.
Report bugs to <bug-automake@gnu.org>."
# process command line arguments
while test $# -gt 0 ; do
case $1 in
-h | --help | --h*) # -h for help
echo "$usage"
exit $?
;;
-m) # -m PERM arg
shift
test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
dirmode=$1
shift
;;
--version)
echo "$0 $scriptversion"
exit $?
;;
--) # stop option processing
shift
break
;;
-*) # unknown option
echo "$usage" 1>&2
exit 1
;;
*) # first non-opt arg
break
;;
esac
done
for file
do
if test -d "$file"; then
shift
else
break
fi
done
case $# in
0) exit 0 ;;
esac
# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and
# mkdir -p a/c at the same time, both will detect that a is missing,
# one will create a, then the other will try to create a and die with
# a "File exists" error. This is a problem when calling mkinstalldirs
# from a parallel make. We use --version in the probe to restrict
# ourselves to GNU mkdir, which is thread-safe.
case $dirmode in
'')
if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
echo "mkdir -p -- $*"
exec mkdir -p -- "$@"
else
# On NextStep and OpenStep, the `mkdir' command does not
# recognize any option. It will interpret all options as
# directories to create, and then abort because `.' already
# exists.
test -d ./-p && rmdir ./-p
test -d ./--version && rmdir ./--version
fi
;;
*)
if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
test ! -d ./--version; then
echo "mkdir -m $dirmode -p -- $*"
exec mkdir -m "$dirmode" -p -- "$@"
else
# Clean up after NextStep and OpenStep mkdir.
for d in ./-m ./-p ./--version "./$dirmode";
do
test -d $d && rmdir $d
done
fi
;;
esac
for file
do
case $file in
/*) pathcomp=/ ;;
*) pathcomp= ;;
esac
oIFS=$IFS
IFS=/
set fnord $file
shift
IFS=$oIFS
for d
do
test "x$d" = x && continue
pathcomp=$pathcomp$d
case $pathcomp in
-*) pathcomp=./$pathcomp ;;
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp"
mkdir "$pathcomp" || lasterr=$?
if test ! -d "$pathcomp"; then
errstatus=$lasterr
else
if test ! -z "$dirmode"; then
echo "chmod $dirmode $pathcomp"
lasterr=
chmod "$dirmode" "$pathcomp" || lasterr=$?
if test ! -z "$lasterr"; then
errstatus=$lasterr
fi
fi
fi
fi
pathcomp=$pathcomp/
done
done
exit $errstatus
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

31
src/Makefile.in
View file

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# Makefile.in generated by automake 1.11.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@ -17,6 +17,23 @@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
esac; \
test $$am__dry = yes; \
}
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -49,7 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ -88,6 +105,11 @@ CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
SOURCES = $(tincd_SOURCES) $(nodist_tincd_SOURCES)
DIST_SOURCES = $(am__tincd_SOURCES_DIST)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
HEADERS = $(noinst_HEADERS)
ETAGS = etags
CTAGS = ctags
@ -244,8 +266,11 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
install-sbinPROGRAMS: $(sbin_PROGRAMS)
@$(NORMAL_INSTALL)
test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
while read p p1; do if test -f $$p; \

2
src/linux/device.c
View file

@ -210,7 +210,7 @@ static bool write_packet(vpn_packet_t *packet) {
}
break;
case DEVICE_TYPE_ETHERTAP:
*(short int *)(packet->data - 2) = packet->len;
memcpy(packet->data - 2, &packet->len, 2);
if(write(device_fd, packet->data - 2, packet->len + 2) < 0) {
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device,

2
src/logger.c
View file

@ -75,7 +75,7 @@ void reopenlogger() {
fflush(logfile);
FILE *newfile = fopen(logfilename, "a");
if(!newfile) {
logger(LOG_ERR, "Unable to reopen log file %s: %s\n", logfilename, strerror(errno));
logger(LOG_ERR, "Unable to reopen log file %s: %s", logfilename, strerror(errno));
return;
}
fclose(logfile);

10
src/meta.c
View file

@ -177,7 +177,15 @@ bool receive_meta(connection_t *c) {
if(c->tcplen) {
if(c->tcplen <= c->buflen) {
receive_tcppacket(c, c->buffer, c->tcplen);
if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
logger(LOG_DEBUG, "Proxy request granted");
} else {
logger(LOG_ERR, "Proxy request rejected");
return false;
}
} else
receive_tcppacket(c, c->buffer, c->tcplen);
c->buflen -= c->tcplen;
lenin -= c->tcplen - oldlen;

15
src/net.h
View file

@ -122,6 +122,20 @@ extern time_t now;
extern int contradicting_add_edge;
extern int contradicting_del_edge;
extern char *proxyhost;
extern char *proxyport;
extern char *proxyuser;
extern char *proxypass;
typedef enum proxytype_t {
PROXY_NONE = 0,
PROXY_SOCKS4,
PROXY_SOCKS4A,
PROXY_SOCKS5,
PROXY_HTTP,
PROXY_EXEC,
} proxytype_t;
extern proxytype_t proxytype;
extern volatile bool running;
/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
@ -138,6 +152,7 @@ extern int setup_vpn_in_socket(const sockaddr_t *);
extern void send_packet(const struct node_t *, vpn_packet_t *);
extern void receive_tcppacket(struct connection_t *, const char *, int);
extern void broadcast_packet(const struct node_t *, vpn_packet_t *);
extern char *get_name(void);
extern bool setup_network(void);
extern void setup_outgoing_connection(struct outgoing_t *);
extern void try_outgoing_connections(void);

48
src/net_packet.c
View file

@ -584,24 +584,50 @@ void send_packet(const node_t *n, vpn_packet_t *packet) {
void broadcast_packet(const node_t *from, vpn_packet_t *packet) {
avl_node_t *node;
connection_t *c;
node_t *n;
// Always give ourself a copy of the packet.
if(from != myself)
send_packet(myself, packet);
// In TunnelServer mode, do not forward broadcast packets.
// The MST might not be valid and create loops.
if(tunnelserver || broadcast_mode == BMODE_NONE)
return;
ifdebug(TRAFFIC) logger(LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
packet->len, from->name, from->hostname);
if(from != myself) {
send_packet(myself, packet);
switch(broadcast_mode) {
// In MST mode, broadcast packets travel via the Minimum Spanning Tree.
// This guarantees all nodes receive the broadcast packet, and
// usually distributes the sending of broadcast packets over all nodes.
case BMODE_MST:
for(node = connection_tree->head; node; node = node->next) {
c = node->data;
// In TunnelServer mode, do not forward broadcast packets.
// The MST might not be valid and create loops.
if(tunnelserver)
return;
}
if(c->status.active && c->status.mst && c != from->nexthop->connection)
send_packet(c->node, packet);
}
break;
for(node = connection_tree->head; node; node = node->next) {
c = node->data;
// In direct mode, we send copies to each node we know of.
// However, this only reaches nodes that can be reached in a single hop.
// We don't have enough information to forward broadcast packets in this case.
case BMODE_DIRECT:
if(from != myself)
break;
if(c->status.active && c->status.mst && c != from->nexthop->connection)
send_packet(c->node, packet);
for(node = node_udp_tree->head; node; node = node->next) {
n = node->data;
if(n->status.reachable && ((n->via == myself && n->nexthop == n) || n->via == n))
send_packet(n, packet);
}
break;
default:
break;
}
}

265
src/net_setup.c
View file

@ -47,6 +47,12 @@
char *myport;
devops_t devops;
char *proxyhost;
char *proxyport;
char *proxyuser;
char *proxypass;
proxytype_t proxytype;
bool read_rsa_public_key(connection_t *c) {
FILE *fp;
char *fname;
@ -269,6 +275,44 @@ void load_all_subnets(void) {
closedir(dir);
}
char *get_name(void) {
char *name = NULL;
get_config_string(lookup_config(config_tree, "Name"), &name);
if(!name)
return NULL;
if(*name == '$') {
char *envname = getenv(name + 1);
if(!envname) {
if(strcmp(name + 1, "HOST")) {
fprintf(stderr, "Invalid Name: environment variable %s does not exist\n", name + 1);
return false;
}
envname = alloca(32);
if(gethostname(envname, 32)) {
fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
return false;
}
envname[31] = 0;
}
free(name);
name = xstrdup(envname);
for(char *c = name; *c; c++)
if(!isalnum(*c))
*c = '_';
}
if(!check_id(name)) {
logger(LOG_ERR, "Invalid name for myself!");
free(name);
return false;
}
return name;
}
/*
Configure node_t myself and set up the local sockets (listen only)
*/
@ -278,6 +322,8 @@ static bool setup_myself(void) {
char *name, *hostname, *mode, *afname, *cipher, *digest, *type;
char *fname = NULL;
char *address = NULL;
char *proxy = NULL;
char *space;
char *envp[5];
struct addrinfo *ai, *aip, hint = {0};
bool choice;
@ -293,17 +339,11 @@ static bool setup_myself(void) {
myself->connection->options = 0;
myself->connection->protocol_version = PROT_CURRENT;
if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */
if(!(name = get_name())) {
logger(LOG_ERR, "Name for tinc daemon required!");
return false;
}
if(!check_id(name)) {
logger(LOG_ERR, "Invalid name for myself!");
free(name);
return false;
}
myself->name = name;
myself->connection->name = xstrdup(name);
xasprintf(&fname, "%s/hosts/%s", confbase, name);
@ -327,6 +367,68 @@ static bool setup_myself(void) {
sockaddr2str(&sa, NULL, &myport);
}
get_config_string(lookup_config(config_tree, "Proxy"), &proxy);
if(proxy) {
if((space = strchr(proxy, ' ')))
*space++ = 0;
if(!strcasecmp(proxy, "none")) {
proxytype = PROXY_NONE;
} else if(!strcasecmp(proxy, "socks4")) {
proxytype = PROXY_SOCKS4;
} else if(!strcasecmp(proxy, "socks4a")) {
proxytype = PROXY_SOCKS4A;
} else if(!strcasecmp(proxy, "socks5")) {
proxytype = PROXY_SOCKS5;
} else if(!strcasecmp(proxy, "http")) {
proxytype = PROXY_HTTP;
} else if(!strcasecmp(proxy, "exec")) {
proxytype = PROXY_EXEC;
} else {
logger(LOG_ERR, "Unknown proxy type %s!", proxy);
return false;
}
switch(proxytype) {
case PROXY_NONE:
default:
break;
case PROXY_EXEC:
if(!space || !*space) {
logger(LOG_ERR, "Argument expected for proxy type exec!");
return false;
}
proxyhost = xstrdup(space);
break;
case PROXY_SOCKS4:
case PROXY_SOCKS4A:
case PROXY_SOCKS5:
case PROXY_HTTP:
proxyhost = space;
if(space && (space = strchr(space, ' ')))
*space++ = 0, proxyport = space;
if(space && (space = strchr(space, ' ')))
*space++ = 0, proxyuser = space;
if(space && (space = strchr(space, ' ')))
*space++ = 0, proxypass = space;
if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
logger(LOG_ERR, "Host and port argument expected for proxy!");
return false;
}
proxyhost = xstrdup(proxyhost);
proxyport = xstrdup(proxyport);
if(proxyuser && *proxyuser)
proxyuser = xstrdup(proxyuser);
if(proxypass && *proxypass)
proxypass = xstrdup(proxypass);
break;
}
free(proxy);
}
/* Read in all the subnets specified in the host configuration file */
cfg = lookup_config(config_tree, "Subnet");
@ -397,7 +499,19 @@ static bool setup_myself(void) {
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl);
get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast);
if(get_config_string(lookup_config(config_tree, "Broadcast"), &mode)) {
if(!strcasecmp(mode, "no"))
broadcast_mode = BMODE_NONE;
else if(!strcasecmp(mode, "yes") || !strcasecmp(mode, "mst"))
broadcast_mode = BMODE_MST;
else if(!strcasecmp(mode, "direct"))
broadcast_mode = BMODE_DIRECT;
else {
logger(LOG_ERR, "Invalid broadcast mode!");
return false;
}
free(mode);
}
#if !defined(SOL_IP) || !defined(IP_TOS)
if(priorityinheritance)
@ -581,71 +695,112 @@ static bool setup_myself(void) {
/* Open sockets */
listen_sockets = 0;
cfg = lookup_config(config_tree, "BindToAddress");
if(!do_detach && getenv("LISTEN_FDS")) {
sockaddr_t sa;
socklen_t salen;
do {
get_config_string(cfg, &address);
if(cfg)
cfg = lookup_config_next(config_tree, cfg);
listen_sockets = atoi(getenv("LISTEN_FDS"));
#ifdef HAVE_UNSETENV
unsetenv("LISTEN_FDS");
#endif
char *port = myport;
if(address) {
char *space = strchr(address, ' ');
if(space) {
*space++ = 0;
port = space;
}
if(!strcmp(address, "*"))
*address = 0;
}
hint.ai_family = addressfamily;
hint.ai_socktype = SOCK_STREAM;
hint.ai_protocol = IPPROTO_TCP;
hint.ai_flags = AI_PASSIVE;
err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
free(address);
if(err || !ai) {
logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo",
gai_strerror(err));
if(listen_sockets > MAXSOCKETS) {
logger(LOG_ERR, "Too many listening sockets");
return false;
}
for(aip = ai; aip; aip = aip->ai_next) {
if(listen_sockets >= MAXSOCKETS) {
logger(LOG_ERR, "Too many listening sockets");
for(i = 0; i < listen_sockets; i++) {
salen = sizeof sa;
if(getsockname(i + 3, &sa.sa, &salen) < 0) {
logger(LOG_ERR, "Could not get address of listen fd %d: %s", i + 3, sockstrerror(errno));
return false;
}
listen_socket[listen_sockets].tcp =
setup_listen_socket((sockaddr_t *) aip->ai_addr);
listen_socket[i].tcp = i + 3;
if(listen_socket[listen_sockets].tcp < 0)
continue;
#ifdef FD_CLOEXEC
fcntl(i + 3, F_SETFD, FD_CLOEXEC);
#endif
listen_socket[listen_sockets].udp =
setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
if(listen_socket[listen_sockets].udp < 0)
continue;
listen_socket[i].udp = setup_vpn_in_socket(&sa);
if(listen_socket[i].udp < 0)
return false;
ifdebug(CONNECTIONS) {
hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
hostname = sockaddr2hostname(&sa);
logger(LOG_NOTICE, "Listening on %s", hostname);
free(hostname);
}
memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
listen_sockets++;
memcpy(&listen_socket[i].sa, &sa, salen);
}
} else {
listen_sockets = 0;
cfg = lookup_config(config_tree, "BindToAddress");
freeaddrinfo(ai);
} while(cfg);
do {
get_config_string(cfg, &address);
if(cfg)
cfg = lookup_config_next(config_tree, cfg);
char *port = myport;
if(address) {
char *space = strchr(address, ' ');
if(space) {
*space++ = 0;
port = space;
}
if(!strcmp(address, "*"))
*address = 0;
}
hint.ai_family = addressfamily;
hint.ai_socktype = SOCK_STREAM;
hint.ai_protocol = IPPROTO_TCP;
hint.ai_flags = AI_PASSIVE;
err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
free(address);
if(err || !ai) {
logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo",
gai_strerror(err));
return false;
}
for(aip = ai; aip; aip = aip->ai_next) {
if(listen_sockets >= MAXSOCKETS) {
logger(LOG_ERR, "Too many listening sockets");
return false;
}
listen_socket[listen_sockets].tcp =
setup_listen_socket((sockaddr_t *) aip->ai_addr);
if(listen_socket[listen_sockets].tcp < 0)
continue;
listen_socket[listen_sockets].udp =
setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
if(listen_socket[listen_sockets].udp < 0)
continue;
ifdebug(CONNECTIONS) {
hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr);
logger(LOG_NOTICE, "Listening on %s", hostname);
free(hostname);
}
memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen);
listen_sockets++;
}
freeaddrinfo(ai);
} while(cfg);
}
if(listen_sockets)
logger(LOG_NOTICE, "Ready");

96
src/net_socket.c
View file

@ -294,15 +294,65 @@ void retry_outgoing(outgoing_t *outgoing) {
void finish_connecting(connection_t *c) {
ifdebug(CONNECTIONS) logger(LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
configure_tcp(c);
if(proxytype != PROXY_EXEC)
configure_tcp(c);
c->last_ping_time = now;
send_id(c);
}
static void do_outgoing_pipe(connection_t *c, char *command) {
#ifndef HAVE_MINGW
int fd[2];
if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
logger(LOG_ERR, "Could not create socketpair: %s\n", strerror(errno));
return;
}
if(fork()) {
c->socket = fd[0];
close(fd[1]);
logger(LOG_DEBUG, "Using proxy %s", command);
return;
}
close(0);
close(1);
close(fd[0]);
dup2(fd[1], 0);
dup2(fd[1], 1);
close(fd[1]);
// Other filedescriptors should be closed automatically by CLOEXEC
char *host = NULL;
char *port = NULL;
sockaddr2str(&c->address, &host, &port);
setenv("REMOTEADDRESS", host, true);
setenv("REMOTEPORT", port, true);
setenv("NODE", c->name, true);
setenv("NAME", myself->name, true);
if(netname)
setenv("NETNAME", netname, true);
int result = system(command);
if(result < 0)
logger(LOG_ERR, "Could not execute %s: %s\n", command, strerror(errno));
else if(result)
logger(LOG_ERR, "%s exited with non-zero status %d", command, result);
exit(result);
#else
logger(LOG_ERR, "Proxy type exec not supported on this platform!");
return;
#endif
}
void do_outgoing_connection(connection_t *c) {
char *address, *port, *space;
struct addrinfo *proxyai = NULL;
int result;
if(!c->outgoing) {
@ -358,32 +408,48 @@ begin:
ifdebug(CONNECTIONS) logger(LOG_INFO, "Trying to connect to %s (%s)", c->name,
c->hostname);
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
#ifdef FD_CLOEXEC
fcntl(c->socket, F_SETFD, FD_CLOEXEC);
#endif
if(!proxytype) {
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
configure_tcp(c);
} else if(proxytype == PROXY_EXEC) {
do_outgoing_pipe(c, proxyhost);
} else {
proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
if(!proxyai)
goto begin;
ifdebug(CONNECTIONS) logger(LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
}
if(c->socket == -1) {
ifdebug(CONNECTIONS) logger(LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno));
goto begin;
}
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
int option = 1;
if(c->address.sa.sa_family == AF_INET6)
setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
#ifdef FD_CLOEXEC
fcntl(c->socket, F_SETFD, FD_CLOEXEC);
#endif
bind_to_interface(c->socket);
if(proxytype != PROXY_EXEC) {
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
int option = 1;
if(c->address.sa.sa_family == AF_INET6)
setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
#endif
/* Optimize TCP settings */
configure_tcp(c);
bind_to_interface(c->socket);
}
/* Connect */
result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
if(!proxytype) {
result = connect(c->socket, &c->address.sa, SALEN(c->address.sa));
} else if(proxytype == PROXY_EXEC) {
result = 0;
} else {
result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
freeaddrinfo(proxyai);
}
if(result == -1) {
if(sockinprogress(sockerrno)) {

6
src/netutl.c
View file

@ -83,8 +83,10 @@ void sockaddr2str(const sockaddr_t *sa, char **addrstr, char **portstr) {
int err;
if(sa->sa.sa_family == AF_UNKNOWN) {
*addrstr = xstrdup(sa->unknown.address);
*portstr = xstrdup(sa->unknown.port);
if(addrstr)
*addrstr = xstrdup(sa->unknown.address);
if(portstr)
*portstr = xstrdup(sa->unknown.port);
return;
}

16
src/protocol.c
View file

@ -68,7 +68,7 @@ bool check_id(const char *id) {
bool send_request(connection_t *c, const char *format, ...) {
va_list args;
char buffer[MAXBUFSIZE];
int len, request;
int len, request = 0;
/* Use vsnprintf instead of vxasprintf: faster, no memory
fragmentation, cleanup is automatic, and there is a limit on the
@ -125,6 +125,20 @@ void forward_request(connection_t *from) {
bool receive_request(connection_t *c) {
int request;
if(proxytype == PROXY_HTTP && c->allow_request == ID) {
if(!c->buffer[0] || c->buffer[0] == '\r')
return true;
if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) {
if(!strncmp(c->buffer + 9, "200", 3)) {
logger(LOG_DEBUG, "Proxy request granted");
return true;
} else {
logger(LOG_DEBUG, "Proxy request rejected: %s", c->buffer + 9);
return false;
}
}
}
if(sscanf(c->buffer, "%d", &request) == 1) {
if((request < 0) || (request >= LAST) || !request_handlers[request]) {
ifdebug(META)

91
src/protocol_auth.c
View file

@ -31,6 +31,7 @@
#include "edge.h"
#include "graph.h"
#include "logger.h"
#include "meta.h"
#include "net.h"
#include "netutl.h"
#include "node.h"
@ -38,7 +39,97 @@
#include "utils.h"
#include "xalloc.h"
static bool send_proxyrequest(connection_t *c) {
switch(proxytype) {
case PROXY_HTTP: {
char *host;
char *port;
sockaddr2str(&c->address, &host, &port);
send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
free(host);
free(port);
return true;
}
case PROXY_SOCKS4: {
if(c->address.sa.sa_family != AF_INET) {
logger(LOG_ERR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!");
return false;
}
char s4req[9 + (proxyuser ? strlen(proxyuser) : 0)];
s4req[0] = 4;
s4req[1] = 1;
memcpy(s4req + 2, &c->address.in.sin_port, 2);
memcpy(s4req + 4, &c->address.in.sin_addr, 4);
if(proxyuser)
strcpy(s4req + 8, proxyuser);
s4req[sizeof s4req - 1] = 0;
c->tcplen = 8;
return send_meta(c, s4req, sizeof s4req);
}
case PROXY_SOCKS5: {
int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16);
c->tcplen = 2;
if(proxypass)
len += 3 + strlen(proxyuser) + strlen(proxypass);
char s5req[len];
int i = 0;
s5req[i++] = 5;
s5req[i++] = 1;
if(proxypass) {
s5req[i++] = 2;
s5req[i++] = 1;
s5req[i++] = strlen(proxyuser);
strcpy(s5req + i, proxyuser);
i += strlen(proxyuser);
s5req[i++] = strlen(proxypass);
strcpy(s5req + i, proxypass);
i += strlen(proxypass);
c->tcplen += 2;
} else {
s5req[i++] = 0;
}
s5req[i++] = 5;
s5req[i++] = 1;
s5req[i++] = 0;
if(c->address.sa.sa_family == AF_INET) {
s5req[i++] = 1;
memcpy(s5req + i, &c->address.in.sin_addr, 4);
i += 4;
memcpy(s5req + i, &c->address.in.sin_port, 2);
i += 2;
c->tcplen += 10;
} else if(c->address.sa.sa_family == AF_INET6) {
s5req[i++] = 3;
memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
i += 16;
memcpy(s5req + i, &c->address.in6.sin6_port, 2);
i += 2;
c->tcplen += 22;
} else {
logger(LOG_ERR, "Address family %hx not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
return false;
}
if(i > len)
abort();
return send_meta(c, s5req, sizeof s5req);
}
case PROXY_SOCKS4A:
logger(LOG_ERR, "Proxy type not implemented yet");
return false;
case PROXY_EXEC:
return true;
default:
logger(LOG_ERR, "Unknown proxy type");
return false;
}
}
bool send_id(connection_t *c) {
if(proxytype)
if(!send_proxyrequest(c))
return false;
return send_request(c, "%d %s %d", ID, myself->connection->name,
myself->connection->protocol_version);
}

9
src/route.c
View file

@ -34,12 +34,12 @@
rmode_t routing_mode = RMODE_ROUTER;
fmode_t forwarding_mode = FMODE_INTERNAL;
bmode_t broadcast_mode = BMODE_MST;
bool decrement_ttl = false;
bool directonly = false;
bool priorityinheritance = false;
int macexpire = 600;
bool overwrite_mac = false;
bool broadcast = true;
mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}};
/* Sizes of various headers */
@ -430,7 +430,7 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) {
if(!checklength(source, packet, ether_size + ip_size))
return;
if(broadcast && (((packet->data[30] & 0xf0) == 0xe0) || (
if(broadcast_mode && (((packet->data[30] & 0xf0) == 0xe0) || (
packet->data[30] == 255 &&
packet->data[31] == 255 &&
packet->data[32] == 255 &&
@ -727,7 +727,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) {
return;
}
if(broadcast && packet->data[38] == 255)
if(broadcast_mode && packet->data[38] == 255)
broadcast_packet(source, packet);
else
route_ipv6_unicast(source, packet);
@ -817,8 +817,7 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
subnet = lookup_subnet_mac(NULL, &dest);
if(!subnet) {
if(broadcast)
broadcast_packet(source, packet);
broadcast_packet(source, packet);
return;
}

8
src/route.h
View file

@ -36,12 +36,18 @@ typedef enum fmode_t {
FMODE_KERNEL,
} fmode_t;
typedef enum bmode_t {
BMODE_NONE = 0,
BMODE_MST,
BMODE_DIRECT,
} bmode_t;
extern rmode_t routing_mode;
extern fmode_t forwarding_mode;
extern bmode_t broadcast_mode;
extern bool decrement_ttl;
extern bool directonly;
extern bool overwrite_mac;
extern bool broadcast;
extern bool priorityinheritance;
extern int macexpire;

72
src/subnet.c
View file

@ -268,6 +268,78 @@ bool str2net(subnet_t *subnet, const char *subnetstr) {
return true;
}
// IPv6 short form
if(strstr(subnetstr, "::")) {
const char *p;
char *q;
int colons = 0;
// Count number of colons
for(p = subnetstr; *p; p++)
if(*p == ':')
colons++;
if(colons > 7)
return false;
// Scan numbers before the double colon
p = subnetstr;
for(i = 0; i < colons; i++) {
if(*p == ':')
break;
x[i] = strtoul(p, &q, 0x10);
if(!q || p == q || *q != ':')
return false;
p = ++q;
}
p++;
colons -= i;
if(!i) {
p++;
colons--;
}
if(!*p || *p == '/' || *p == '#')
colons--;
// Fill in the blanks
for(; i < 8 - colons; i++)
x[i] = 0;
// Scan the remaining numbers
for(; i < 8; i++) {
x[i] = strtoul(p, &q, 0x10);
if(!q || p == q)
return false;
if(i == 7) {
p = q;
break;
}
if(*q != ':')
return false;
p = ++q;
}
l = 128;
if(*p == '/')
sscanf(p, "/%d#%d", &l, &weight);
else if(*p == '#')
sscanf(p, "#%d", &weight);
if(l < 0 || l > 128)
return false;
subnet->type = SUBNET_IPV6;
subnet->net.ipv6.prefixlength = l;
subnet->weight = weight;
for(i = 0; i < 8; i++)
subnet->net.ipv6.address.x[i] = htons(x[i]);
return true;
}
return false;
}

18
src/tincd.c
View file

@ -337,16 +337,9 @@ static void indicator(int a, int b, void *p) {
static bool keygen(int bits) {
RSA *rsa_key;
FILE *f;
char *name = NULL;
char *name = get_name();
char *filename;
get_config_string(lookup_config(config_tree, "Name"), &name);
if(name && !check_id(name)) {
fprintf(stderr, "Invalid name for myself!\n");
return false;
}
fprintf(stderr, "Generating %d bits keys:\n", bits);
rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
@ -386,8 +379,7 @@ static bool keygen(int bits) {
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
free(filename);
if(name)
free(name);
free(name);
return true;
}
@ -539,6 +531,12 @@ int main(int argc, char **argv) {
g_argv = argv;
if(getenv("LISTEN_PID") && atoi(getenv("LISTEN_PID")) == getpid())
do_detach = false;
#ifdef HAVE_UNSETENV
unsetenv("LISTEN_PID");
#endif
init_configuration(&config_tree);
/* Slllluuuuuuurrrrp! */