Import Debian changes 1.0.26-1
tinc (1.0.26-1) unstable; urgency=medium * New upstream release. * Use the contents, not the presence, of the pidfile to check that tincd is shut down properly. Closes: #774682 * Bump Standards-Version.
This commit is contained in:
commit
088ed763df
35 changed files with 677 additions and 1427 deletions
2
COPYING
2
COPYING
|
@ -1,4 +1,4 @@
|
||||||
Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen and others.
|
Copyright (C) 1998-2015 Ivo Timmermans, Guus Sliepen and others.
|
||||||
See the AUTHORS file for a complete list.
|
See the AUTHORS file for a complete list.
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify it under
|
This program is free software; you can redistribute it and/or modify it under
|
||||||
|
|
104
ChangeLog
104
ChangeLog
|
@ -1,20 +1,64 @@
|
||||||
|
Version 1.0.26 July 05 2015
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (14):
|
||||||
|
Use VittGam's real name.
|
||||||
|
Attribution for Saverio Proto.
|
||||||
|
Always call res_init() before getaddrinfo().
|
||||||
|
Fix --logfile without a filename on Windows.
|
||||||
|
Never call putenv() with data on the stack.
|
||||||
|
Return non-zero exit code when encountering configuration errors during startup.
|
||||||
|
Fix autoconf check for function attributes.
|
||||||
|
Fix spelling of FORTIFY_SOURCE.
|
||||||
|
Update copyright notices.
|
||||||
|
Attribution for various contributors.
|
||||||
|
Only check for -fno-strict-overflow if -fwrapv does not work.
|
||||||
|
Fix unputenv() on Windows.
|
||||||
|
Don't try to call res_init() if ./configure told us it doesn't exist.
|
||||||
|
Releasing 1.0.26.
|
||||||
|
|
||||||
|
Jo-Philipp Wich (1):
|
||||||
|
fix musl compatibility
|
||||||
|
|
||||||
|
Version 1.0.25 December 22 2014
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (7):
|
||||||
|
Fix date of last NEWS entry.
|
||||||
|
Remember ToS/Diffserv priority for each socket individually.
|
||||||
|
Attribution for various contributors.
|
||||||
|
Automatically choose a tap device on Mac OS X when using switch Mode.
|
||||||
|
Update documentation for Mac OS X.
|
||||||
|
Check whether res_init() really lives in libresolv.
|
||||||
|
Releasing 1.0.25.
|
||||||
|
|
||||||
|
Borg (3):
|
||||||
|
Fixed scripts calling under Win32.
|
||||||
|
Get MAC of TAP device.
|
||||||
|
Fixed tinc-up script calling on Win32.
|
||||||
|
|
||||||
|
Alexis Hildebrandt (1):
|
||||||
|
Add support to link against libresolv Mac OS X
|
||||||
|
|
||||||
|
Baptiste Jonglez (1):
|
||||||
|
Use the description from the 1.1 man page for the IndirectData option
|
||||||
|
|
||||||
|
David Pflug (1):
|
||||||
|
Update README.android
|
||||||
|
|
||||||
|
Jochen Voss (1):
|
||||||
|
Fix some typos in the manual.
|
||||||
|
|
||||||
|
Tomislav Čohar (1):
|
||||||
|
Configure minimum reconnect timeouts.
|
||||||
|
|
||||||
|
VittGam (1):
|
||||||
|
Support ToS/DiffServ priority handling for IPv6 meta and UDP connections.
|
||||||
|
|
||||||
Version 1.0.24 May 11 2014
|
Version 1.0.24 May 11 2014
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
Guus Sliepen (26):
|
Guus Sliepen (13):
|
||||||
Mention in the manual that multiple Address staments are allowed.
|
|
||||||
If no Port is specified, set myport to actual port of first listening socket.
|
|
||||||
Enable compiler hardening flags by default.
|
|
||||||
Update support for Solaris.
|
|
||||||
Include <limits.h> for PATH_MAX.
|
|
||||||
Stricter check for raw socket support.
|
|
||||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
|
||||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
|
||||||
Don't enable -fstack-protector-all.
|
|
||||||
Remove or lower the priority of some debug messages.
|
|
||||||
Clarify StrictSubnets.
|
|
||||||
Attribution for various contributors.
|
|
||||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
|
||||||
Remove useless variable 'hard' from try_harder().
|
Remove useless variable 'hard' from try_harder().
|
||||||
Merge pull request #14 from luckyhacky/master
|
Merge pull request #14 from luckyhacky/master
|
||||||
Add an autoconf check for res_init().
|
Add an autoconf check for res_init().
|
||||||
|
@ -34,22 +78,40 @@ Steffan Karger (3):
|
||||||
Use cryptographically strong random when generating keys.
|
Use cryptographically strong random when generating keys.
|
||||||
Check RAND_bytes() return value, fail when getting random fails.
|
Check RAND_bytes() return value, fail when getting random fails.
|
||||||
|
|
||||||
Florent Clairambault (2):
|
|
||||||
Adding "conf.d" configuration dir support.
|
|
||||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
|
||||||
|
|
||||||
Armin Fisslthaler (1):
|
Armin Fisslthaler (1):
|
||||||
reload /etc/resolv.conf in SIGALRM handler
|
reload /etc/resolv.conf in SIGALRM handler
|
||||||
|
|
||||||
Loic Dachary (1):
|
Loic Dachary (1):
|
||||||
fix documentation typo
|
fix documentation typo
|
||||||
|
|
||||||
Vilbrekin (1):
|
|
||||||
Update android build instructions. Disable PIE as this is not supported on some devices.
|
|
||||||
|
|
||||||
luckyhacky (1):
|
luckyhacky (1):
|
||||||
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||||
|
|
||||||
|
refs/tags/1.0.23-android-1 March 11 2014
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (13):
|
||||||
|
Mention in the manual that multiple Address staments are allowed.
|
||||||
|
If no Port is specified, set myport to actual port of first listening socket.
|
||||||
|
Enable compiler hardening flags by default.
|
||||||
|
Update support for Solaris.
|
||||||
|
Include <limits.h> for PATH_MAX.
|
||||||
|
Stricter check for raw socket support.
|
||||||
|
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||||
|
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||||
|
Don't enable -fstack-protector-all.
|
||||||
|
Remove or lower the priority of some debug messages.
|
||||||
|
Clarify StrictSubnets.
|
||||||
|
Attribution for various contributors.
|
||||||
|
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||||
|
|
||||||
|
Florent Clairambault (2):
|
||||||
|
Adding "conf.d" configuration dir support.
|
||||||
|
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||||
|
|
||||||
|
Vilbrekin (1):
|
||||||
|
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||||
|
|
||||||
Version 1.0.23 October 19 2013
|
Version 1.0.23 October 19 2013
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
27
NEWS
27
NEWS
|
@ -1,4 +1,29 @@
|
||||||
Version 1.0.24 May 11 2013
|
Version 1.0.26 July 5 2015
|
||||||
|
|
||||||
|
* Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
|
||||||
|
|
||||||
|
* Fixed --logfile without a filename on Windows.
|
||||||
|
|
||||||
|
* Ensure tinc can be compiled when using musl libc.
|
||||||
|
|
||||||
|
Thanks to Jo-Philipp Wich for his contribution to this version of tinc.
|
||||||
|
|
||||||
|
Version 1.0.25 December 22 2014
|
||||||
|
|
||||||
|
* Documentation updates.
|
||||||
|
|
||||||
|
* Support linking against -lresolv on Mac OS X.
|
||||||
|
|
||||||
|
* Fix scripts on Windows when using the ScriptsInterpreter option.
|
||||||
|
|
||||||
|
* Allow a minimum reconnect timeout to be specified.
|
||||||
|
|
||||||
|
* Support PriorityInheritance on IPv6 sockets.
|
||||||
|
|
||||||
|
Thanks to David Pflug, Baptiste Jonglez, Alexis Hildebrandt, Borg, Jochen Voss,
|
||||||
|
Tomislav Čohar and VittGam for their contributions to this version of tinc.
|
||||||
|
|
||||||
|
Version 1.0.24 May 11 2014
|
||||||
|
|
||||||
* Various compiler hardening flags are enabled by default.
|
* Various compiler hardening flags are enabled by default.
|
||||||
|
|
||||||
|
|
6
README
6
README
|
@ -1,7 +1,7 @@
|
||||||
This is the README file for tinc version 1.0.24. Installation
|
This is the README file for tinc version 1.0.26. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2014 by:
|
tinc is Copyright (C) 1998-2015 by:
|
||||||
|
|
||||||
Ivo Timmermans,
|
Ivo Timmermans,
|
||||||
Guus Sliepen <guus@tinc-vpn.org>,
|
Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Version 1.0.24 is compatible with 1.0pre8, 1.0 and later, but not with older
|
Version 1.0.26 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||||
versions of tinc.
|
versions of tinc.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -6,11 +6,12 @@ tar xfj android-ndk-r9d-linux-x86.tar.bz2
|
||||||
./android-ndk-r9d/build/tools/make-standalone-toolchain.sh --platform=android-5 --install-dir=/tmp/my-android-toolchain
|
./android-ndk-r9d/build/tools/make-standalone-toolchain.sh --platform=android-5 --install-dir=/tmp/my-android-toolchain
|
||||||
|
|
||||||
- Download and cross-compile openSSL for ARM:
|
- Download and cross-compile openSSL for ARM:
|
||||||
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
|
wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz
|
||||||
tar xfz openssl-1.0.1g.tar.gz
|
tar xfz openssl-1.0.1h.tar.gz
|
||||||
cd openssl-1.0.1g
|
cd openssl-1.0.1h
|
||||||
./Configure dist
|
./Configure dist
|
||||||
make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib
|
make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib
|
||||||
|
cd -
|
||||||
|
|
||||||
- Clone and cross-compile tinc:
|
- Clone and cross-compile tinc:
|
||||||
git clone git://tinc-vpn.org/tinc
|
git clone git://tinc-vpn.org/tinc
|
||||||
|
|
17
THANKS
17
THANKS
|
@ -1,14 +1,18 @@
|
||||||
We would like to thank the following people for their contributions to tinc:
|
We would like to thank the following people for their contributions to tinc:
|
||||||
|
|
||||||
* Alexander Reil and Gemeinde Berg
|
* Alexander Reil and Gemeinde Berg
|
||||||
|
* Alexis Hildebrandt
|
||||||
* Allesandro Gatti
|
* Allesandro Gatti
|
||||||
* Andreas van Cranenburgh
|
* Andreas van Cranenburgh
|
||||||
* Anthony G. Basile
|
* Anthony G. Basile
|
||||||
* Armin Fisslthaler
|
* Armin Fisslthaler
|
||||||
* Armijn Hemel
|
* Armijn Hemel
|
||||||
|
* Baptiste Jonglez
|
||||||
|
* Borg
|
||||||
* Brandon Black
|
* Brandon Black
|
||||||
* Cris van Pelt
|
* Cris van Pelt
|
||||||
* Darius Jahandarie
|
* Darius Jahandarie
|
||||||
|
* David Pflug
|
||||||
* Delf Eldkraft
|
* Delf Eldkraft
|
||||||
* dnk
|
* dnk
|
||||||
* Enrique Zanardi
|
* Enrique Zanardi
|
||||||
|
@ -22,9 +26,13 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* James MacLean
|
* James MacLean
|
||||||
* Jamie Briggs
|
* Jamie Briggs
|
||||||
* Jason Harper
|
* Jason Harper
|
||||||
|
* Jason Livesay
|
||||||
* Jelle de Jong
|
* Jelle de Jong
|
||||||
|
* Jeroen Domburg
|
||||||
* Jeroen Ubbink
|
* Jeroen Ubbink
|
||||||
* Jerome Etienne
|
* Jerome Etienne
|
||||||
|
* Jo-Philipp Wich
|
||||||
|
* Jochen Voss
|
||||||
* Julien Muchembled
|
* Julien Muchembled
|
||||||
* Lavrans Laading
|
* Lavrans Laading
|
||||||
* Loïc Dachary
|
* Loïc Dachary
|
||||||
|
@ -50,15 +58,24 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Philipp Babel
|
* Philipp Babel
|
||||||
* Robert van der Meulen
|
* Robert van der Meulen
|
||||||
* Rumko
|
* Rumko
|
||||||
|
* Sam Bryan
|
||||||
|
* Saverio Proto
|
||||||
* Scott Lamb
|
* Scott Lamb
|
||||||
* Steffan Karger
|
* Steffan Karger
|
||||||
* Sven-Haegar Koch
|
* Sven-Haegar Koch
|
||||||
* Teemu Kiviniemi
|
* Teemu Kiviniemi
|
||||||
|
* Thomas Tsiakalakis
|
||||||
* Timothy Redaelli
|
* Timothy Redaelli
|
||||||
|
* Tomasz Fortuna
|
||||||
|
* Tomislav Čohar
|
||||||
|
* Tommy Arnkværn
|
||||||
* Tonnerre Lombard
|
* Tonnerre Lombard
|
||||||
* Vil Brekin
|
* Vil Brekin
|
||||||
|
* Vittorio Gambaletta
|
||||||
* Wessel Dankers
|
* Wessel Dankers
|
||||||
|
* William McArthur
|
||||||
* Wouter van Heyst
|
* Wouter van Heyst
|
||||||
|
* 戴 鸣
|
||||||
|
|
||||||
And everyone we forgot (if we did, please let us know). Thank you!
|
And everyone we forgot (if we did, please let us know). Thank you!
|
||||||
|
|
||||||
|
|
7
aclocal.m4
vendored
7
aclocal.m4
vendored
|
@ -103,10 +103,9 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||||
# configured tree to be moved without reconfiguration.
|
# configured tree to be moved without reconfiguration.
|
||||||
|
|
||||||
AC_DEFUN([AM_AUX_DIR_EXPAND],
|
AC_DEFUN([AM_AUX_DIR_EXPAND],
|
||||||
[dnl Rely on autoconf to set up CDPATH properly.
|
[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
|
||||||
AC_PREREQ([2.50])dnl
|
# Expand $ac_aux_dir to an absolute path.
|
||||||
# expand $ac_aux_dir to an absolute path
|
am_aux_dir=`cd "$ac_aux_dir" && pwd`
|
||||||
am_aux_dir=`cd $ac_aux_dir && pwd`
|
|
||||||
])
|
])
|
||||||
|
|
||||||
# AM_CONDITIONAL -*- Autoconf -*-
|
# AM_CONDITIONAL -*- Autoconf -*-
|
||||||
|
|
174
config.guess
vendored
174
config.guess
vendored
|
@ -1,8 +1,8 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Attempt to guess a canonical system name.
|
# Attempt to guess a canonical system name.
|
||||||
# Copyright 1992-2013 Free Software Foundation, Inc.
|
# Copyright 1992-2014 Free Software Foundation, Inc.
|
||||||
|
|
||||||
timestamp='2013-06-10'
|
timestamp='2014-03-23'
|
||||||
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
# under the terms of the GNU General Public License as published by
|
# under the terms of the GNU General Public License as published by
|
||||||
|
@ -50,7 +50,7 @@ version="\
|
||||||
GNU config.guess ($timestamp)
|
GNU config.guess ($timestamp)
|
||||||
|
|
||||||
Originally written by Per Bothner.
|
Originally written by Per Bothner.
|
||||||
Copyright 1992-2013 Free Software Foundation, Inc.
|
Copyright 1992-2014 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||||
|
@ -149,7 +149,7 @@ Linux|GNU|GNU/*)
|
||||||
LIBC=gnu
|
LIBC=gnu
|
||||||
#endif
|
#endif
|
||||||
EOF
|
EOF
|
||||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
|
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
@ -826,7 +826,7 @@ EOF
|
||||||
*:MINGW*:*)
|
*:MINGW*:*)
|
||||||
echo ${UNAME_MACHINE}-pc-mingw32
|
echo ${UNAME_MACHINE}-pc-mingw32
|
||||||
exit ;;
|
exit ;;
|
||||||
i*:MSYS*:*)
|
*:MSYS*:*)
|
||||||
echo ${UNAME_MACHINE}-pc-msys
|
echo ${UNAME_MACHINE}-pc-msys
|
||||||
exit ;;
|
exit ;;
|
||||||
i*:windows32*:*)
|
i*:windows32*:*)
|
||||||
|
@ -969,10 +969,10 @@ EOF
|
||||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
|
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
|
||||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
|
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
|
||||||
;;
|
;;
|
||||||
or1k:Linux:*:*)
|
openrisc*:Linux:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
echo or1k-unknown-linux-${LIBC}
|
||||||
exit ;;
|
exit ;;
|
||||||
or32:Linux:*:*)
|
or32:Linux:*:* | or1k*:Linux:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||||
exit ;;
|
exit ;;
|
||||||
padre:Linux:*:*)
|
padre:Linux:*:*)
|
||||||
|
@ -1260,6 +1260,7 @@ EOF
|
||||||
if test "$UNAME_PROCESSOR" = unknown ; then
|
if test "$UNAME_PROCESSOR" = unknown ; then
|
||||||
UNAME_PROCESSOR=powerpc
|
UNAME_PROCESSOR=powerpc
|
||||||
fi
|
fi
|
||||||
|
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
|
||||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||||
|
@ -1271,6 +1272,15 @@ EOF
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
elif test "$UNAME_PROCESSOR" = i386 ; then
|
||||||
|
# Avoid executing cc on OS X 10.9, as it ships with a stub
|
||||||
|
# that puts up a graphical alert prompting to install
|
||||||
|
# developer tools. Any system running Mac OS X 10.7 or
|
||||||
|
# later (Darwin 11 and later) is required to have a 64-bit
|
||||||
|
# processor. This is not true of the ARM version of Darwin
|
||||||
|
# that Apple uses in portable devices.
|
||||||
|
UNAME_PROCESSOR=x86_64
|
||||||
|
fi
|
||||||
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
|
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||||
|
@ -1361,154 +1371,6 @@ EOF
|
||||||
exit ;;
|
exit ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
eval $set_cc_for_build
|
|
||||||
cat >$dummy.c <<EOF
|
|
||||||
#ifdef _SEQUENT_
|
|
||||||
# include <sys/types.h>
|
|
||||||
# include <sys/utsname.h>
|
|
||||||
#endif
|
|
||||||
main ()
|
|
||||||
{
|
|
||||||
#if defined (sony)
|
|
||||||
#if defined (MIPSEB)
|
|
||||||
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
|
|
||||||
I don't know.... */
|
|
||||||
printf ("mips-sony-bsd\n"); exit (0);
|
|
||||||
#else
|
|
||||||
#include <sys/param.h>
|
|
||||||
printf ("m68k-sony-newsos%s\n",
|
|
||||||
#ifdef NEWSOS4
|
|
||||||
"4"
|
|
||||||
#else
|
|
||||||
""
|
|
||||||
#endif
|
|
||||||
); exit (0);
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (__arm) && defined (__acorn) && defined (__unix)
|
|
||||||
printf ("arm-acorn-riscix\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (hp300) && !defined (hpux)
|
|
||||||
printf ("m68k-hp-bsd\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (NeXT)
|
|
||||||
#if !defined (__ARCHITECTURE__)
|
|
||||||
#define __ARCHITECTURE__ "m68k"
|
|
||||||
#endif
|
|
||||||
int version;
|
|
||||||
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
|
|
||||||
if (version < 4)
|
|
||||||
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
|
|
||||||
else
|
|
||||||
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
|
|
||||||
exit (0);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (MULTIMAX) || defined (n16)
|
|
||||||
#if defined (UMAXV)
|
|
||||||
printf ("ns32k-encore-sysv\n"); exit (0);
|
|
||||||
#else
|
|
||||||
#if defined (CMU)
|
|
||||||
printf ("ns32k-encore-mach\n"); exit (0);
|
|
||||||
#else
|
|
||||||
printf ("ns32k-encore-bsd\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (__386BSD__)
|
|
||||||
printf ("i386-pc-bsd\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (sequent)
|
|
||||||
#if defined (i386)
|
|
||||||
printf ("i386-sequent-dynix\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
#if defined (ns32000)
|
|
||||||
printf ("ns32k-sequent-dynix\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (_SEQUENT_)
|
|
||||||
struct utsname un;
|
|
||||||
|
|
||||||
uname(&un);
|
|
||||||
|
|
||||||
if (strncmp(un.version, "V2", 2) == 0) {
|
|
||||||
printf ("i386-sequent-ptx2\n"); exit (0);
|
|
||||||
}
|
|
||||||
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
|
|
||||||
printf ("i386-sequent-ptx1\n"); exit (0);
|
|
||||||
}
|
|
||||||
printf ("i386-sequent-ptx\n"); exit (0);
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (vax)
|
|
||||||
# if !defined (ultrix)
|
|
||||||
# include <sys/param.h>
|
|
||||||
# if defined (BSD)
|
|
||||||
# if BSD == 43
|
|
||||||
printf ("vax-dec-bsd4.3\n"); exit (0);
|
|
||||||
# else
|
|
||||||
# if BSD == 199006
|
|
||||||
printf ("vax-dec-bsd4.3reno\n"); exit (0);
|
|
||||||
# else
|
|
||||||
printf ("vax-dec-bsd\n"); exit (0);
|
|
||||||
# endif
|
|
||||||
# endif
|
|
||||||
# else
|
|
||||||
printf ("vax-dec-bsd\n"); exit (0);
|
|
||||||
# endif
|
|
||||||
# else
|
|
||||||
printf ("vax-dec-ultrix\n"); exit (0);
|
|
||||||
# endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined (alliant) && defined (i860)
|
|
||||||
printf ("i860-alliant-bsd\n"); exit (0);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
exit (1);
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
|
|
||||||
{ echo "$SYSTEM_NAME"; exit; }
|
|
||||||
|
|
||||||
# Apollos put the system type in the environment.
|
|
||||||
|
|
||||||
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
|
|
||||||
|
|
||||||
# Convex versions that predate uname can use getsysinfo(1)
|
|
||||||
|
|
||||||
if [ -x /usr/convex/getsysinfo ]
|
|
||||||
then
|
|
||||||
case `getsysinfo -f cpu_type` in
|
|
||||||
c1*)
|
|
||||||
echo c1-convex-bsd
|
|
||||||
exit ;;
|
|
||||||
c2*)
|
|
||||||
if getsysinfo -f scalar_acc
|
|
||||||
then echo c32-convex-bsd
|
|
||||||
else echo c2-convex-bsd
|
|
||||||
fi
|
|
||||||
exit ;;
|
|
||||||
c34*)
|
|
||||||
echo c34-convex-bsd
|
|
||||||
exit ;;
|
|
||||||
c38*)
|
|
||||||
echo c38-convex-bsd
|
|
||||||
exit ;;
|
|
||||||
c4*)
|
|
||||||
echo c4-convex-bsd
|
|
||||||
exit ;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat >&2 <<EOF
|
cat >&2 <<EOF
|
||||||
$0: unable to guess system type
|
$0: unable to guess system type
|
||||||
|
|
||||||
|
|
|
@ -89,6 +89,9 @@
|
||||||
/* Define to 1 if you have the `nsl' library (-lnsl). */
|
/* Define to 1 if you have the `nsl' library (-lnsl). */
|
||||||
#undef HAVE_LIBNSL
|
#undef HAVE_LIBNSL
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `resolv' library (-lresolv). */
|
||||||
|
#undef HAVE_LIBRESOLV
|
||||||
|
|
||||||
/* Define to 1 if you have the `socket' library (-lsocket). */
|
/* Define to 1 if you have the `socket' library (-lsocket). */
|
||||||
#undef HAVE_LIBSOCKET
|
#undef HAVE_LIBSOCKET
|
||||||
|
|
||||||
|
|
30
config.sub
vendored
30
config.sub
vendored
|
@ -1,8 +1,8 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Configuration validation subroutine script.
|
# Configuration validation subroutine script.
|
||||||
# Copyright 1992-2013 Free Software Foundation, Inc.
|
# Copyright 1992-2014 Free Software Foundation, Inc.
|
||||||
|
|
||||||
timestamp='2013-08-10'
|
timestamp='2014-09-11'
|
||||||
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
# under the terms of the GNU General Public License as published by
|
# under the terms of the GNU General Public License as published by
|
||||||
|
@ -68,7 +68,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||||
version="\
|
version="\
|
||||||
GNU config.sub ($timestamp)
|
GNU config.sub ($timestamp)
|
||||||
|
|
||||||
Copyright 1992-2013 Free Software Foundation, Inc.
|
Copyright 1992-2014 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||||
|
@ -265,6 +265,7 @@ case $basic_machine in
|
||||||
| hexagon \
|
| hexagon \
|
||||||
| i370 | i860 | i960 | ia64 \
|
| i370 | i860 | i960 | ia64 \
|
||||||
| ip2k | iq2000 \
|
| ip2k | iq2000 \
|
||||||
|
| k1om \
|
||||||
| le32 | le64 \
|
| le32 | le64 \
|
||||||
| lm32 \
|
| lm32 \
|
||||||
| m32c | m32r | m32rle | m68000 | m68k | m88k \
|
| m32c | m32r | m32rle | m68000 | m68k | m88k \
|
||||||
|
@ -282,8 +283,10 @@ case $basic_machine in
|
||||||
| mips64vr5900 | mips64vr5900el \
|
| mips64vr5900 | mips64vr5900el \
|
||||||
| mipsisa32 | mipsisa32el \
|
| mipsisa32 | mipsisa32el \
|
||||||
| mipsisa32r2 | mipsisa32r2el \
|
| mipsisa32r2 | mipsisa32r2el \
|
||||||
|
| mipsisa32r6 | mipsisa32r6el \
|
||||||
| mipsisa64 | mipsisa64el \
|
| mipsisa64 | mipsisa64el \
|
||||||
| mipsisa64r2 | mipsisa64r2el \
|
| mipsisa64r2 | mipsisa64r2el \
|
||||||
|
| mipsisa64r6 | mipsisa64r6el \
|
||||||
| mipsisa64sb1 | mipsisa64sb1el \
|
| mipsisa64sb1 | mipsisa64sb1el \
|
||||||
| mipsisa64sr71k | mipsisa64sr71kel \
|
| mipsisa64sr71k | mipsisa64sr71kel \
|
||||||
| mipsr5900 | mipsr5900el \
|
| mipsr5900 | mipsr5900el \
|
||||||
|
@ -295,11 +298,11 @@ case $basic_machine in
|
||||||
| nds32 | nds32le | nds32be \
|
| nds32 | nds32le | nds32be \
|
||||||
| nios | nios2 | nios2eb | nios2el \
|
| nios | nios2 | nios2eb | nios2el \
|
||||||
| ns16k | ns32k \
|
| ns16k | ns32k \
|
||||||
| open8 \
|
| open8 | or1k | or1knd | or32 \
|
||||||
| or1k | or32 \
|
|
||||||
| pdp10 | pdp11 | pj | pjl \
|
| pdp10 | pdp11 | pj | pjl \
|
||||||
| powerpc | powerpc64 | powerpc64le | powerpcle \
|
| powerpc | powerpc64 | powerpc64le | powerpcle \
|
||||||
| pyramid \
|
| pyramid \
|
||||||
|
| riscv32 | riscv64 \
|
||||||
| rl78 | rx \
|
| rl78 | rx \
|
||||||
| score \
|
| score \
|
||||||
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
|
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
|
||||||
|
@ -324,7 +327,7 @@ case $basic_machine in
|
||||||
c6x)
|
c6x)
|
||||||
basic_machine=tic6x-unknown
|
basic_machine=tic6x-unknown
|
||||||
;;
|
;;
|
||||||
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
|
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
|
||||||
basic_machine=$basic_machine-unknown
|
basic_machine=$basic_machine-unknown
|
||||||
os=-none
|
os=-none
|
||||||
;;
|
;;
|
||||||
|
@ -381,6 +384,7 @@ case $basic_machine in
|
||||||
| hexagon-* \
|
| hexagon-* \
|
||||||
| i*86-* | i860-* | i960-* | ia64-* \
|
| i*86-* | i860-* | i960-* | ia64-* \
|
||||||
| ip2k-* | iq2000-* \
|
| ip2k-* | iq2000-* \
|
||||||
|
| k1om-* \
|
||||||
| le32-* | le64-* \
|
| le32-* | le64-* \
|
||||||
| lm32-* \
|
| lm32-* \
|
||||||
| m32c-* | m32r-* | m32rle-* \
|
| m32c-* | m32r-* | m32rle-* \
|
||||||
|
@ -400,8 +404,10 @@ case $basic_machine in
|
||||||
| mips64vr5900-* | mips64vr5900el-* \
|
| mips64vr5900-* | mips64vr5900el-* \
|
||||||
| mipsisa32-* | mipsisa32el-* \
|
| mipsisa32-* | mipsisa32el-* \
|
||||||
| mipsisa32r2-* | mipsisa32r2el-* \
|
| mipsisa32r2-* | mipsisa32r2el-* \
|
||||||
|
| mipsisa32r6-* | mipsisa32r6el-* \
|
||||||
| mipsisa64-* | mipsisa64el-* \
|
| mipsisa64-* | mipsisa64el-* \
|
||||||
| mipsisa64r2-* | mipsisa64r2el-* \
|
| mipsisa64r2-* | mipsisa64r2el-* \
|
||||||
|
| mipsisa64r6-* | mipsisa64r6el-* \
|
||||||
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
||||||
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
||||||
| mipsr5900-* | mipsr5900el-* \
|
| mipsr5900-* | mipsr5900el-* \
|
||||||
|
@ -413,6 +419,7 @@ case $basic_machine in
|
||||||
| nios-* | nios2-* | nios2eb-* | nios2el-* \
|
| nios-* | nios2-* | nios2eb-* | nios2el-* \
|
||||||
| none-* | np1-* | ns16k-* | ns32k-* \
|
| none-* | np1-* | ns16k-* | ns32k-* \
|
||||||
| open8-* \
|
| open8-* \
|
||||||
|
| or1k*-* \
|
||||||
| orion-* \
|
| orion-* \
|
||||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
|
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
|
||||||
|
@ -822,6 +829,10 @@ case $basic_machine in
|
||||||
basic_machine=powerpc-unknown
|
basic_machine=powerpc-unknown
|
||||||
os=-morphos
|
os=-morphos
|
||||||
;;
|
;;
|
||||||
|
moxiebox)
|
||||||
|
basic_machine=moxie-unknown
|
||||||
|
os=-moxiebox
|
||||||
|
;;
|
||||||
msdos)
|
msdos)
|
||||||
basic_machine=i386-pc
|
basic_machine=i386-pc
|
||||||
os=-msdos
|
os=-msdos
|
||||||
|
@ -1367,14 +1378,14 @@ case $os in
|
||||||
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||||
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
|
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
|
||||||
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
|
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
|
||||||
| -uxpv* | -beos* | -mpeix* | -udk* \
|
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
|
||||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||||
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
|
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
|
||||||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
|
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
|
||||||
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
|
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
|
||||||
# Remember, each alternative MUST END IN *, to match a version number.
|
# Remember, each alternative MUST END IN *, to match a version number.
|
||||||
;;
|
;;
|
||||||
-qnx*)
|
-qnx*)
|
||||||
|
@ -1592,9 +1603,6 @@ case $basic_machine in
|
||||||
mips*-*)
|
mips*-*)
|
||||||
os=-elf
|
os=-elf
|
||||||
;;
|
;;
|
||||||
or1k-*)
|
|
||||||
os=-elf
|
|
||||||
;;
|
|
||||||
or32-*)
|
or32-*)
|
||||||
os=-coff
|
os=-coff
|
||||||
;;
|
;;
|
||||||
|
|
146
configure
vendored
146
configure
vendored
|
@ -1,6 +1,6 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.24.
|
# Generated by GNU Autoconf 2.69 for tinc 1.0.26.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
||||||
|
@ -577,8 +577,8 @@ MAKEFLAGS=
|
||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='tinc'
|
PACKAGE_NAME='tinc'
|
||||||
PACKAGE_TARNAME='tinc'
|
PACKAGE_TARNAME='tinc'
|
||||||
PACKAGE_VERSION='1.0.24'
|
PACKAGE_VERSION='1.0.26'
|
||||||
PACKAGE_STRING='tinc 1.0.24'
|
PACKAGE_STRING='tinc 1.0.26'
|
||||||
PACKAGE_BUGREPORT=''
|
PACKAGE_BUGREPORT=''
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
|
@ -1308,7 +1308,7 @@ if test "$ac_init_help" = "long"; then
|
||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures tinc 1.0.24 to adapt to many kinds of systems.
|
\`configure' configures tinc 1.0.26 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
|
@ -1378,7 +1378,7 @@ fi
|
||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of tinc 1.0.24:";;
|
short | recursive ) echo "Configuration of tinc 1.0.26:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
|
@ -1497,7 +1497,7 @@ fi
|
||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
tinc configure 1.0.24
|
tinc configure 1.0.26
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
|
@ -1962,7 +1962,7 @@ cat >config.log <<_ACEOF
|
||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by tinc $as_me 1.0.24, which was
|
It was created by tinc $as_me 1.0.26, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
|
@ -2512,8 +2512,8 @@ test "$program_suffix" != NONE &&
|
||||||
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
|
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
|
||||||
program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
|
program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
|
||||||
|
|
||||||
# expand $ac_aux_dir to an absolute path
|
# Expand $ac_aux_dir to an absolute path.
|
||||||
am_aux_dir=`cd $ac_aux_dir && pwd`
|
am_aux_dir=`cd "$ac_aux_dir" && pwd`
|
||||||
|
|
||||||
if test x"${MISSING+set}" != xset; then
|
if test x"${MISSING+set}" != xset; then
|
||||||
case $am_aux_dir in
|
case $am_aux_dir in
|
||||||
|
@ -2826,7 +2826,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE='tinc'
|
PACKAGE='tinc'
|
||||||
VERSION='1.0.24'
|
VERSION='1.0.26'
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
@ -5185,42 +5185,7 @@ fi
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___DFORTIFY_SOURCE_2" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___DFORTIFY_SOURCE_2" >&5
|
||||||
$as_echo "$ax_cv_check_cflags___DFORTIFY_SOURCE_2" >&6; }
|
$as_echo "$ax_cv_check_cflags___DFORTIFY_SOURCE_2" >&6; }
|
||||||
if test x"$ax_cv_check_cflags___DFORTIFY_SOURCE_2" = xyes; then :
|
if test x"$ax_cv_check_cflags___DFORTIFY_SOURCE_2" = xyes; then :
|
||||||
CPPFLAGS="$CPPFLAGS -DFORITFY_SOURCE=2"
|
CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"
|
||||||
else
|
|
||||||
:
|
|
||||||
fi
|
|
||||||
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-strict-overflow" >&5
|
|
||||||
$as_echo_n "checking whether C compiler accepts -fno-strict-overflow... " >&6; }
|
|
||||||
if ${ax_cv_check_cflags___fno_strict_overflow+:} false; then :
|
|
||||||
$as_echo_n "(cached) " >&6
|
|
||||||
else
|
|
||||||
|
|
||||||
ax_check_save_flags=$CFLAGS
|
|
||||||
CFLAGS="$CFLAGS -fno-strict-overflow"
|
|
||||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
||||||
/* end confdefs.h. */
|
|
||||||
|
|
||||||
int
|
|
||||||
main ()
|
|
||||||
{
|
|
||||||
|
|
||||||
;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
_ACEOF
|
|
||||||
if ac_fn_c_try_compile "$LINENO"; then :
|
|
||||||
ax_cv_check_cflags___fno_strict_overflow=yes
|
|
||||||
else
|
|
||||||
ax_cv_check_cflags___fno_strict_overflow=no
|
|
||||||
fi
|
|
||||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
|
||||||
CFLAGS=$ax_check_save_flags
|
|
||||||
fi
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_strict_overflow" >&5
|
|
||||||
$as_echo "$ax_cv_check_cflags___fno_strict_overflow" >&6; }
|
|
||||||
if test x"$ax_cv_check_cflags___fno_strict_overflow" = xyes; then :
|
|
||||||
CPPFLAGS="$CPPFLAGS -fno-strict-overflow"
|
|
||||||
else
|
else
|
||||||
:
|
:
|
||||||
fi
|
fi
|
||||||
|
@ -5256,8 +5221,42 @@ fi
|
||||||
$as_echo "$ax_cv_check_cflags___fwrapv" >&6; }
|
$as_echo "$ax_cv_check_cflags___fwrapv" >&6; }
|
||||||
if test x"$ax_cv_check_cflags___fwrapv" = xyes; then :
|
if test x"$ax_cv_check_cflags___fwrapv" = xyes; then :
|
||||||
CPPFLAGS="$CPPFLAGS -fwrapv"
|
CPPFLAGS="$CPPFLAGS -fwrapv"
|
||||||
|
else
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-strict-overflow" >&5
|
||||||
|
$as_echo_n "checking whether C compiler accepts -fno-strict-overflow... " >&6; }
|
||||||
|
if ${ax_cv_check_cflags___fno_strict_overflow+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$CFLAGS
|
||||||
|
CFLAGS="$CFLAGS -fno-strict-overflow"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
ax_cv_check_cflags___fno_strict_overflow=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_cflags___fno_strict_overflow=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||||
|
CFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_strict_overflow" >&5
|
||||||
|
$as_echo "$ax_cv_check_cflags___fno_strict_overflow" >&6; }
|
||||||
|
if test x"$ax_cv_check_cflags___fno_strict_overflow" = xyes; then :
|
||||||
|
CPPFLAGS="$CPPFLAGS -fno-strict-overflow"
|
||||||
else
|
else
|
||||||
:
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $host_os in
|
case $host_os in
|
||||||
|
@ -5877,8 +5876,8 @@ else
|
||||||
CFLAGS="$CFLAGS -Wall -Werror"
|
CFLAGS="$CFLAGS -Wall -Werror"
|
||||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
/* end confdefs.h. */
|
/* end confdefs.h. */
|
||||||
void test(void) __attribute__ ((__malloc__));
|
void *test(void) __attribute__ ((__malloc__));
|
||||||
void test(void) { return; }
|
void *test(void) { return (void *)0; }
|
||||||
|
|
||||||
_ACEOF
|
_ACEOF
|
||||||
if ac_fn_c_try_compile "$LINENO"; then :
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
@ -6275,6 +6274,53 @@ fi
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
#define HAVE_DECL_RES_INIT $ac_have_decl
|
#define HAVE_DECL_RES_INIT $ac_have_decl
|
||||||
_ACEOF
|
_ACEOF
|
||||||
|
if test $ac_have_decl = 1; then :
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_init in -lresolv" >&5
|
||||||
|
$as_echo_n "checking for res_init in -lresolv... " >&6; }
|
||||||
|
if ${ac_cv_lib_resolv_res_init+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
ac_check_lib_save_LIBS=$LIBS
|
||||||
|
LIBS="-lresolv $LIBS"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
/* Override any GCC internal prototype to avoid an error.
|
||||||
|
Use char because int might match the return type of a GCC
|
||||||
|
builtin and then its argument prototype would still apply. */
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C"
|
||||||
|
#endif
|
||||||
|
char res_init ();
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
return res_init ();
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ac_cv_lib_resolv_res_init=yes
|
||||||
|
else
|
||||||
|
ac_cv_lib_resolv_res_init=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LIBS=$ac_check_lib_save_LIBS
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_init" >&5
|
||||||
|
$as_echo "$ac_cv_lib_resolv_res_init" >&6; }
|
||||||
|
if test "x$ac_cv_lib_resolv_res_init" = xyes; then :
|
||||||
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
#define HAVE_LIBRESOLV 1
|
||||||
|
_ACEOF
|
||||||
|
|
||||||
|
LIBS="-lresolv $LIBS"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
cat >confcache <<\_ACEOF
|
cat >confcache <<\_ACEOF
|
||||||
|
@ -7396,7 +7442,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by tinc $as_me 1.0.24, which was
|
This file was extended by tinc $as_me 1.0.26, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
|
@ -7462,7 +7508,7 @@ _ACEOF
|
||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
tinc config.status 1.0.24
|
tinc config.status 1.0.26
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
|
10
configure.ac
10
configure.ac
|
@ -1,7 +1,7 @@
|
||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
|
|
||||||
AC_PREREQ(2.61)
|
AC_PREREQ(2.61)
|
||||||
AC_INIT([tinc], [1.0.24])
|
AC_INIT([tinc], [1.0.26])
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc -Wall])
|
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc -Wall])
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
|
@ -134,9 +134,9 @@ dnl No -fstack-protector-all because it doesn't work on all platforms or archite
|
||||||
|
|
||||||
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
|
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
|
||||||
AS_IF([test "x$enable_hardening" != "xno"],
|
AS_IF([test "x$enable_hardening" != "xno"],
|
||||||
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORITFY_SOURCE=2"])
|
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"])
|
||||||
AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CPPFLAGS="$CPPFLAGS -fno-strict-overflow"])
|
AX_CHECK_COMPILE_FLAG([-fwrapv], [CPPFLAGS="$CPPFLAGS -fwrapv"],
|
||||||
AX_CHECK_COMPILE_FLAG([-fwrapv], [CPPFLAGS="$CPPFLAGS -fwrapv"])
|
AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CPPFLAGS="$CPPFLAGS -fno-strict-overflow"]))
|
||||||
case $host_os in
|
case $host_os in
|
||||||
*mingw*)
|
*mingw*)
|
||||||
AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"])
|
AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"])
|
||||||
|
@ -202,7 +202,7 @@ AC_CHECK_DECLS([freeaddrinfo, gai_strerror, getaddrinfo, getnameinfo],
|
||||||
[], [], [#include "src/have.h"]
|
[], [], [#include "src/have.h"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_CHECK_DECLS([res_init], [], [], [
|
AC_CHECK_DECLS([res_init], [AC_CHECK_LIB(resolv, res_init)], [], [
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
#include <resolv.h>
|
#include <resolv.h>
|
||||||
])
|
])
|
||||||
|
|
18
debian/changelog
vendored
18
debian/changelog
vendored
|
@ -1,17 +1,11 @@
|
||||||
tinc (1.0.24-2.1+deb8u1) jessie-security; urgency=medium
|
tinc (1.0.26-1) unstable; urgency=medium
|
||||||
|
|
||||||
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
|
* New upstream release.
|
||||||
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
|
* Use the contents, not the presence, of the pidfile to check that tincd is
|
||||||
|
shut down properly. Closes: #774682
|
||||||
|
* Bump Standards-Version.
|
||||||
|
|
||||||
-- Guus Sliepen <guus@debian.org> Mon, 08 Oct 2018 20:14:24 +0200
|
-- Guus Sliepen <guus@debian.org> Sun, 05 Jul 2015 17:23:08 +0200
|
||||||
|
|
||||||
tinc (1.0.24-2.1) unstable; urgency=medium
|
|
||||||
|
|
||||||
* NMU after getting go ahead from guus on #tinc
|
|
||||||
* Add a -dbg package which contains the debugging symbols for tinc
|
|
||||||
Thanks hark@puscii.nl (Closes: #752561)
|
|
||||||
|
|
||||||
-- Micah Anderson <micah@debian.org> Tue, 24 Jun 2014 14:01:47 -0400
|
|
||||||
|
|
||||||
tinc (1.0.24-2) unstable; urgency=medium
|
tinc (1.0.24-2) unstable; urgency=medium
|
||||||
|
|
||||||
|
|
15
debian/control
vendored
15
debian/control
vendored
|
@ -2,7 +2,7 @@ Source: tinc
|
||||||
Section: net
|
Section: net
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Guus Sliepen <guus@debian.org>
|
Maintainer: Guus Sliepen <guus@debian.org>
|
||||||
Standards-Version: 3.9.5
|
Standards-Version: 3.9.6
|
||||||
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
|
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
|
||||||
Homepage: http://www.tinc-vpn.org/
|
Homepage: http://www.tinc-vpn.org/
|
||||||
|
|
||||||
|
@ -14,16 +14,3 @@ Description: Virtual Private Network daemon
|
||||||
(VPN). One daemon can handle multiple connections, so you can
|
(VPN). One daemon can handle multiple connections, so you can
|
||||||
create an entire (moderately sized) VPN with only one daemon per
|
create an entire (moderately sized) VPN with only one daemon per
|
||||||
participating computer.
|
participating computer.
|
||||||
|
|
||||||
Package: tinc-dbg
|
|
||||||
Architecture: any
|
|
||||||
Section: debug
|
|
||||||
Priority: extra
|
|
||||||
Depends: ${shlibs:Depends}, ${misc:Depends}, tinc (= ${binary:Version})
|
|
||||||
Description: debugging symbols for tinc
|
|
||||||
tinc is a daemon with which you can create a virtual private network
|
|
||||||
(VPN). One daemon can handle multiple connections, so you can
|
|
||||||
create an entire (moderately sized) VPN with only one daemon per
|
|
||||||
participating computer.
|
|
||||||
.
|
|
||||||
This package contains the debugging symbols for tinc.
|
|
||||||
|
|
840
debian/patches/security-fixes
vendored
840
debian/patches/security-fixes
vendored
|
@ -1,840 +0,0 @@
|
||||||
diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
|
|
||||||
index 0548628f..a2a635fb 100644
|
|
||||||
--- a/doc/tinc.conf.5.in
|
|
||||||
+++ b/doc/tinc.conf.5.in
|
|
||||||
@@ -464,7 +464,7 @@ Multiple
|
|
||||||
.Va Address
|
|
||||||
variables can be specified, in which case each address will be tried until a working
|
|
||||||
connection has been established.
|
|
||||||
-.It Va Cipher Li = Ar cipher Pq blowfish
|
|
||||||
+.It Va Cipher Li = Ar cipher Pq aes-256-cbc
|
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
|
||||||
Any cipher supported by OpenSSL is recognised.
|
|
||||||
Furthermore, specifying
|
|
||||||
@@ -479,7 +479,7 @@ Fragmentation Needed or Packet too Big messages are dropped by firewalls.
|
|
||||||
This option sets the level of compression used for UDP packets.
|
|
||||||
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
|
||||||
10 (fast lzo) and 11 (best lzo).
|
|
||||||
-.It Va Digest Li = Ar digest Pq sha1
|
|
||||||
+.It Va Digest Li = Ar digest Pq sha256
|
|
||||||
The digest algorithm used to authenticate UDP packets.
|
|
||||||
Any digest supported by OpenSSL is recognised.
|
|
||||||
Furthermore, specifying
|
|
||||||
diff --git a/doc/tinc.texi b/doc/tinc.texi
|
|
||||||
index 85790028..6e422cfe 100644
|
|
||||||
--- a/doc/tinc.texi
|
|
||||||
+++ b/doc/tinc.texi
|
|
||||||
@@ -1143,7 +1143,7 @@ Multiple Address variables can be specified, in which case each address will be
|
|
||||||
tried until a working connection has been established.
|
|
||||||
|
|
||||||
@cindex Cipher
|
|
||||||
-@item Cipher = <@var{cipher}> (blowfish)
|
|
||||||
+@item Cipher = <@var{cipher}> (aes-256-cbc)
|
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
|
||||||
Any cipher supported by OpenSSL is recognized.
|
|
||||||
Furthermore, specifying "none" will turn off packet encryption.
|
|
||||||
@@ -1162,7 +1162,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
|
||||||
10 (fast lzo) and 11 (best lzo).
|
|
||||||
|
|
||||||
@cindex Digest
|
|
||||||
-@item Digest = <@var{digest}> (sha1)
|
|
||||||
+@item Digest = <@var{digest}> (sha256)
|
|
||||||
The digest algorithm used to authenticate UDP packets.
|
|
||||||
Any digest supported by OpenSSL is recognized.
|
|
||||||
Furthermore, specifying "none" will turn off packet authentication.
|
|
||||||
diff --git a/m4/openssl.m4 b/m4/openssl.m4
|
|
||||||
index 254ea4ff..77b3a4a8 100644
|
|
||||||
--- a/m4/openssl.m4
|
|
||||||
+++ b/m4/openssl.m4
|
|
||||||
@@ -45,12 +45,14 @@ AC_DEFUN([tinc_OPENSSL],
|
|
||||||
[AC_MSG_ERROR([OpenSSL libraries not found.])]
|
|
||||||
)
|
|
||||||
|
|
||||||
- AC_CHECK_FUNCS([RAND_pseudo_bytes EVP_EncryptInit_ex], ,
|
|
||||||
- [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break],
|
|
||||||
+ AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
|
|
||||||
+ [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
|
|
||||||
)
|
|
||||||
|
|
||||||
- AC_CHECK_DECL([OpenSSL_add_all_algorithms], ,
|
|
||||||
- [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break],
|
|
||||||
+ AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], ,
|
|
||||||
+ [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
|
|
||||||
[#include <openssl/evp.h>]
|
|
||||||
)
|
|
||||||
+
|
|
||||||
+ AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include <openssl/rsa.h>])
|
|
||||||
])
|
|
||||||
diff --git a/src/connection.h b/src/connection.h
|
|
||||||
index 877601fe..9e4dc663 100644
|
|
||||||
--- a/src/connection.h
|
|
||||||
+++ b/src/connection.h
|
|
||||||
@@ -41,7 +41,9 @@ typedef struct connection_status_t {
|
|
||||||
unsigned int encryptout:1; /* 1 if we can encrypt outgoing traffic */
|
|
||||||
unsigned int decryptin:1; /* 1 if we have to decrypt incoming traffic */
|
|
||||||
unsigned int mst:1; /* 1 if this connection is part of a minimum spanning tree */
|
|
||||||
- unsigned int unused:23;
|
|
||||||
+ unsigned int proxy_passed:1; /* 1 if we are connecting via a proxy and we have finished talking with it */
|
|
||||||
+ unsigned int tarpit:1; /* 1 if the connection should be added to the tarpit */
|
|
||||||
+ unsigned int unused:21;
|
|
||||||
} connection_status_t;
|
|
||||||
|
|
||||||
#include "edge.h"
|
|
||||||
diff --git a/src/net.c b/src/net.c
|
|
||||||
index 8d0a0cf4..4e53d920 100644
|
|
||||||
--- a/src/net.c
|
|
||||||
+++ b/src/net.c
|
|
||||||
@@ -166,6 +166,22 @@ static int build_fdset(fd_set *readset, fd_set *writeset) {
|
|
||||||
return max;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Put a misbehaving connection in the tarpit */
|
|
||||||
+void tarpit(int fd) {
|
|
||||||
+ static int pits[10] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
|
|
||||||
+ static int next_pit = 0;
|
|
||||||
+
|
|
||||||
+ if(pits[next_pit] != -1) {
|
|
||||||
+ closesocket(pits[next_pit]);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ pits[next_pit++] = fd;
|
|
||||||
+
|
|
||||||
+ if(next_pit >= sizeof pits / sizeof pits[0]) {
|
|
||||||
+ next_pit = 0;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
Terminate a connection:
|
|
||||||
- Close the socket
|
|
||||||
@@ -186,8 +202,13 @@ void terminate_connection(connection_t *c, bool report) {
|
|
||||||
if(c->node)
|
|
||||||
c->node->connection = NULL;
|
|
||||||
|
|
||||||
- if(c->socket)
|
|
||||||
- closesocket(c->socket);
|
|
||||||
+ if(c->socket) {
|
|
||||||
+ if(c->status.tarpit) {
|
|
||||||
+ tarpit(c->socket);
|
|
||||||
+ } else {
|
|
||||||
+ closesocket(c->socket);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if(c->edge) {
|
|
||||||
if(!c->node) {
|
|
||||||
@@ -274,6 +295,7 @@ static void check_dead_connections(void) {
|
|
||||||
closesocket(c->socket);
|
|
||||||
do_outgoing_connection(c);
|
|
||||||
} else {
|
|
||||||
+ c->status.tarpit = true;
|
|
||||||
terminate_connection(c, false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -353,6 +375,7 @@ static void check_network_activity(fd_set * readset, fd_set * writeset) {
|
|
||||||
|
|
||||||
if(FD_ISSET(c->socket, readset)) {
|
|
||||||
if(!receive_meta(c)) {
|
|
||||||
+ c->status.tarpit = true;
|
|
||||||
terminate_connection(c, c->status.active);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
diff --git a/src/net.h b/src/net.h
|
|
||||||
index 2b50c5a2..5ae8d344 100644
|
|
||||||
--- a/src/net.h
|
|
||||||
+++ b/src/net.h
|
|
||||||
@@ -163,6 +163,7 @@ extern void flush_queue(struct node_t *);
|
|
||||||
extern bool read_rsa_public_key(struct connection_t *);
|
|
||||||
extern void send_mtu_probe(struct node_t *);
|
|
||||||
extern void load_all_subnets(void);
|
|
||||||
+extern void tarpit(int fd);
|
|
||||||
|
|
||||||
#ifndef HAVE_MINGW
|
|
||||||
#define closesocket(s) close(s)
|
|
||||||
diff --git a/src/net_packet.c b/src/net_packet.c
|
|
||||||
index d11d58ad..5d7c212d 100644
|
|
||||||
--- a/src/net_packet.c
|
|
||||||
+++ b/src/net_packet.c
|
|
||||||
@@ -145,7 +145,7 @@ void send_mtu_probe(node_t *n) {
|
|
||||||
len = 64;
|
|
||||||
|
|
||||||
memset(packet.data, 0, 14);
|
|
||||||
- RAND_pseudo_bytes(packet.data + 14, len - 14);
|
|
||||||
+ RAND_bytes(packet.data + 14, len - 14);
|
|
||||||
packet.len = len;
|
|
||||||
if(i >= 4 && n->mtuprobes <= 10)
|
|
||||||
packet.priority = -1;
|
|
||||||
@@ -314,10 +314,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|
||||||
if(n->incipher) {
|
|
||||||
outpkt = pkt[nextpkt++];
|
|
||||||
|
|
||||||
- if(!EVP_DecryptInit_ex(&n->inctx, NULL, NULL, NULL, NULL)
|
|
||||||
- || !EVP_DecryptUpdate(&n->inctx, (unsigned char *) &outpkt->seqno, &outlen,
|
|
||||||
+ if(!EVP_DecryptInit_ex(n->inctx, NULL, NULL, NULL, NULL)
|
|
||||||
+ || !EVP_DecryptUpdate(n->inctx, (unsigned char *) &outpkt->seqno, &outlen,
|
|
||||||
(unsigned char *) &inpkt->seqno, inpkt->len)
|
|
||||||
- || !EVP_DecryptFinal_ex(&n->inctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
|
||||||
+ || !EVP_DecryptFinal_ex(n->inctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Error decrypting packet from %s (%s): %s",
|
|
||||||
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return;
|
|
||||||
@@ -482,10 +482,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
|
||||||
if(n->outcipher) {
|
|
||||||
outpkt = pkt[nextpkt++];
|
|
||||||
|
|
||||||
- if(!EVP_EncryptInit_ex(&n->outctx, NULL, NULL, NULL, NULL)
|
|
||||||
- || !EVP_EncryptUpdate(&n->outctx, (unsigned char *) &outpkt->seqno, &outlen,
|
|
||||||
+ if(!EVP_EncryptInit_ex(n->outctx, NULL, NULL, NULL, NULL)
|
|
||||||
+ || !EVP_EncryptUpdate(n->outctx, (unsigned char *) &outpkt->seqno, &outlen,
|
|
||||||
(unsigned char *) &inpkt->seqno, inpkt->len)
|
|
||||||
- || !EVP_EncryptFinal_ex(&n->outctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
|
||||||
+ || !EVP_EncryptFinal_ex(n->outctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
|
||||||
ifdebug(TRAFFIC) logger(LOG_ERR, "Error while encrypting packet to %s (%s): %s",
|
|
||||||
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
goto end;
|
|
||||||
diff --git a/src/net_setup.c b/src/net_setup.c
|
|
||||||
index fa4e9867..ea2a3b78 100644
|
|
||||||
--- a/src/net_setup.c
|
|
||||||
+++ b/src/net_setup.c
|
|
||||||
@@ -53,11 +53,22 @@ char *proxyuser;
|
|
||||||
char *proxypass;
|
|
||||||
proxytype_t proxytype;
|
|
||||||
|
|
||||||
+#ifndef HAVE_RSA_SET0_KEY
|
|
||||||
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
|
|
||||||
+ BN_free(r->n); r->n = n;
|
|
||||||
+ BN_free(r->e); r->e = e;
|
|
||||||
+ BN_free(r->d); r->d = d;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
bool read_rsa_public_key(connection_t *c) {
|
|
||||||
FILE *fp;
|
|
||||||
char *pubname;
|
|
||||||
char *hcfname;
|
|
||||||
char *key;
|
|
||||||
+ BIGNUM *n = NULL;
|
|
||||||
+ BIGNUM *e = NULL;
|
|
||||||
|
|
||||||
if(!c->rsa_key) {
|
|
||||||
c->rsa_key = RSA_new();
|
|
||||||
@@ -67,12 +78,19 @@ bool read_rsa_public_key(connection_t *c) {
|
|
||||||
/* First, check for simple PublicKey statement */
|
|
||||||
|
|
||||||
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
|
|
||||||
- if(BN_hex2bn(&c->rsa_key->n, key) != strlen(key)) {
|
|
||||||
+ if(BN_hex2bn(&n, key) != strlen(key)) {
|
|
||||||
+ free(key);
|
|
||||||
logger(LOG_ERR, "Invalid PublicKey for %s!", c->name);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
- BN_hex2bn(&c->rsa_key->e, "FFFF");
|
|
||||||
free(key);
|
|
||||||
+ BN_hex2bn(&e, "FFFF");
|
|
||||||
+ if(!n || !e || RSA_set0_key(c->rsa_key, n, e, NULL) != 1) {
|
|
||||||
+ BN_free(e);
|
|
||||||
+ BN_free(n);
|
|
||||||
+ logger(LOG_ERR, "RSA_set0_key() failed with PublicKey for %s!", c->name);
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -163,27 +181,39 @@ bool read_rsa_public_key(connection_t *c) {
|
|
||||||
static bool read_rsa_private_key(void) {
|
|
||||||
FILE *fp;
|
|
||||||
char *fname, *key, *pubkey;
|
|
||||||
+ BIGNUM *n = NULL;
|
|
||||||
+ BIGNUM *e = NULL;
|
|
||||||
+ BIGNUM *d = NULL;
|
|
||||||
|
|
||||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
|
||||||
myself->connection->rsa_key = RSA_new();
|
|
||||||
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
|
||||||
- if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
|
|
||||||
+ if(BN_hex2bn(&d, key) != strlen(key)) {
|
|
||||||
logger(LOG_ERR, "Invalid PrivateKey for myself!");
|
|
||||||
free(key);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
free(key);
|
|
||||||
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
|
||||||
+ BN_free(d);
|
|
||||||
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
- if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
|
|
||||||
- logger(LOG_ERR, "Invalid PublicKey for myself!");
|
|
||||||
+ if(BN_hex2bn(&n, pubkey) != strlen(pubkey)) {
|
|
||||||
free(pubkey);
|
|
||||||
+ BN_free(d);
|
|
||||||
+ logger(LOG_ERR, "Invalid PublicKey for myself!");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
free(pubkey);
|
|
||||||
- BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
|
||||||
+ BN_hex2bn(&e, "FFFF");
|
|
||||||
+ if(!n || !e || !d || RSA_set0_key(myself->connection->rsa_key, n, e, d) != 1) {
|
|
||||||
+ BN_free(d);
|
|
||||||
+ BN_free(e);
|
|
||||||
+ BN_free(n);
|
|
||||||
+ logger(LOG_ERR, "RSA_set0_key() failed with PrivateKey for myself!");
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -608,14 +638,25 @@ static bool setup_myself(void) {
|
|
||||||
}
|
|
||||||
free(cipher);
|
|
||||||
} else
|
|
||||||
- myself->incipher = EVP_bf_cbc();
|
|
||||||
+ myself->incipher = EVP_aes_256_cbc();
|
|
||||||
|
|
||||||
if(myself->incipher)
|
|
||||||
- myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
|
|
||||||
+ myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
|
|
||||||
else
|
|
||||||
myself->inkeylength = 1;
|
|
||||||
|
|
||||||
- myself->connection->outcipher = EVP_bf_ofb();
|
|
||||||
+ /* We need to use a stream mode for the meta protocol. Use AES for this,
|
|
||||||
+ but try to match the key size with the one from the cipher selected
|
|
||||||
+ by Cipher.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ int keylen = EVP_CIPHER_key_length(myself->incipher);
|
|
||||||
+ if(keylen <= 16)
|
|
||||||
+ myself->connection->outcipher = EVP_aes_128_cfb();
|
|
||||||
+ else if(keylen <= 24)
|
|
||||||
+ myself->connection->outcipher = EVP_aes_192_cfb();
|
|
||||||
+ else
|
|
||||||
+ myself->connection->outcipher = EVP_aes_256_cfb();
|
|
||||||
|
|
||||||
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
|
|
||||||
keylifetime = 3600;
|
|
||||||
@@ -639,13 +680,13 @@ static bool setup_myself(void) {
|
|
||||||
|
|
||||||
free(digest);
|
|
||||||
} else
|
|
||||||
- myself->indigest = EVP_sha1();
|
|
||||||
+ myself->indigest = EVP_sha256();
|
|
||||||
|
|
||||||
- myself->connection->outdigest = EVP_sha1();
|
|
||||||
+ myself->connection->outdigest = EVP_sha256();
|
|
||||||
|
|
||||||
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
|
|
||||||
if(myself->indigest) {
|
|
||||||
- if(myself->inmaclength > myself->indigest->md_size) {
|
|
||||||
+ if(myself->inmaclength > EVP_MD_size(myself->indigest)) {
|
|
||||||
logger(LOG_ERR, "MAC length exceeds size of digest!");
|
|
||||||
return false;
|
|
||||||
} else if(myself->inmaclength < 0) {
|
|
||||||
diff --git a/src/net_socket.c b/src/net_socket.c
|
|
||||||
index 9a67bb3c..479b595d 100644
|
|
||||||
--- a/src/net_socket.c
|
|
||||||
+++ b/src/net_socket.c
|
|
||||||
@@ -513,6 +513,9 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
|
|
||||||
new connection
|
|
||||||
*/
|
|
||||||
bool handle_new_meta_connection(int sock) {
|
|
||||||
+ static const int max_accept_burst = 10;
|
|
||||||
+ static int last_accept_burst;
|
|
||||||
+ static int last_accept_time;
|
|
||||||
connection_t *c;
|
|
||||||
sockaddr_t sa;
|
|
||||||
int fd;
|
|
||||||
@@ -525,6 +528,22 @@ bool handle_new_meta_connection(int sock) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if(last_accept_time == now) {
|
|
||||||
+ last_accept_burst++;
|
|
||||||
+
|
|
||||||
+ if(last_accept_burst >= max_accept_burst) {
|
|
||||||
+ if(last_accept_burst == max_accept_burst) {
|
|
||||||
+ ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ tarpit(fd);
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ last_accept_burst = 0;
|
|
||||||
+ last_accept_time = now;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
sockaddrunmap(&sa);
|
|
||||||
|
|
||||||
c = new_connection();
|
|
||||||
@@ -546,7 +565,6 @@ bool handle_new_meta_connection(int sock) {
|
|
||||||
connection_add(c);
|
|
||||||
|
|
||||||
c->allow_request = ID;
|
|
||||||
- send_id(c);
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
diff --git a/src/node.c b/src/node.c
|
|
||||||
index cf70f838..19f37306 100644
|
|
||||||
--- a/src/node.c
|
|
||||||
+++ b/src/node.c
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/*
|
|
||||||
node.c -- node tree management
|
|
||||||
- Copyright (C) 2001-2011 Guus Sliepen <guus@tinc-vpn.org>,
|
|
||||||
+ Copyright (C) 2001-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
|
||||||
2001-2005 Ivo Timmermans
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
@@ -57,8 +57,10 @@ node_t *new_node(void) {
|
|
||||||
if(replaywin) n->late = xmalloc_and_zero(replaywin);
|
|
||||||
n->subnet_tree = new_subnet_tree();
|
|
||||||
n->edge_tree = new_edge_tree();
|
|
||||||
- EVP_CIPHER_CTX_init(&n->inctx);
|
|
||||||
- EVP_CIPHER_CTX_init(&n->outctx);
|
|
||||||
+ n->inctx = EVP_CIPHER_CTX_new();
|
|
||||||
+ n->outctx = EVP_CIPHER_CTX_new();
|
|
||||||
+ if(!n->inctx || !n->outctx)
|
|
||||||
+ abort();
|
|
||||||
n->mtu = MTU;
|
|
||||||
n->maxmtu = MTU;
|
|
||||||
|
|
||||||
@@ -80,8 +82,8 @@ void free_node(node_t *n) {
|
|
||||||
|
|
||||||
sockaddrfree(&n->address);
|
|
||||||
|
|
||||||
- EVP_CIPHER_CTX_cleanup(&n->inctx);
|
|
||||||
- EVP_CIPHER_CTX_cleanup(&n->outctx);
|
|
||||||
+ EVP_CIPHER_CTX_free(n->outctx);
|
|
||||||
+ EVP_CIPHER_CTX_free(n->inctx);
|
|
||||||
|
|
||||||
if(n->mtuevent)
|
|
||||||
event_del(n->mtuevent);
|
|
||||||
@@ -172,8 +174,8 @@ void dump_nodes(void) {
|
|
||||||
for(node = node_tree->head; node; node = node->next) {
|
|
||||||
n = node->data;
|
|
||||||
logger(LOG_DEBUG, " %s at %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s pmtu %d (min %d max %d)",
|
|
||||||
- n->name, n->hostname, n->outcipher ? n->outcipher->nid : 0,
|
|
||||||
- n->outdigest ? n->outdigest->type : 0, n->outmaclength, n->outcompression,
|
|
||||||
+ n->name, n->hostname, n->outcipher ? EVP_CIPHER_nid(n->outcipher) : 0,
|
|
||||||
+ n->outdigest ? EVP_MD_type(n->outdigest) : 0, n->outmaclength, n->outcompression,
|
|
||||||
n->options, bitfield_to_int(&n->status, sizeof n->status), n->nexthop ? n->nexthop->name : "-",
|
|
||||||
n->via ? n->via->name : "-", n->mtu, n->minmtu, n->maxmtu);
|
|
||||||
}
|
|
||||||
diff --git a/src/node.h b/src/node.h
|
|
||||||
index f9ef3c15..c83610e8 100644
|
|
||||||
--- a/src/node.h
|
|
||||||
+++ b/src/node.h
|
|
||||||
@@ -50,12 +50,12 @@ typedef struct node_t {
|
|
||||||
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
|
||||||
char *inkey; /* Cipher key and iv */
|
|
||||||
int inkeylength; /* Cipher key and iv length */
|
|
||||||
- EVP_CIPHER_CTX inctx; /* Cipher context */
|
|
||||||
+ EVP_CIPHER_CTX *inctx; /* Cipher context */
|
|
||||||
|
|
||||||
const EVP_CIPHER *outcipher; /* Cipher type for UDP packets sent to him*/
|
|
||||||
char *outkey; /* Cipher key and iv */
|
|
||||||
int outkeylength; /* Cipher key and iv length */
|
|
||||||
- EVP_CIPHER_CTX outctx; /* Cipher context */
|
|
||||||
+ EVP_CIPHER_CTX *outctx; /* Cipher context */
|
|
||||||
|
|
||||||
const EVP_MD *indigest; /* Digest type for MAC of packets received from him */
|
|
||||||
int inmaclength; /* Length of MAC */
|
|
||||||
diff --git a/src/protocol_auth.c b/src/protocol_auth.c
|
|
||||||
index 971341f7..5834fcdf 100644
|
|
||||||
--- a/src/protocol_auth.c
|
|
||||||
+++ b/src/protocol_auth.c
|
|
||||||
@@ -145,7 +145,7 @@ bool id_h(connection_t *c) {
|
|
||||||
|
|
||||||
/* Check if identity is a valid name */
|
|
||||||
|
|
||||||
- if(!check_id(name)) {
|
|
||||||
+ if(!check_id(name) || !strcmp(name, myself->name)) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ID", c->name,
|
|
||||||
c->hostname, "invalid name");
|
|
||||||
return false;
|
|
||||||
@@ -177,6 +177,11 @@ bool id_h(connection_t *c) {
|
|
||||||
if(!c->config_tree)
|
|
||||||
init_configuration(&c->config_tree);
|
|
||||||
c->allow_request = ACK;
|
|
||||||
+
|
|
||||||
+ if(!c->outgoing) {
|
|
||||||
+ send_id(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return send_ack(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -196,6 +201,10 @@ bool id_h(connection_t *c) {
|
|
||||||
|
|
||||||
c->allow_request = METAKEY;
|
|
||||||
|
|
||||||
+ if(!c->outgoing) {
|
|
||||||
+ send_id(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return send_metakey(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -210,8 +219,11 @@ bool send_metakey(connection_t *c) {
|
|
||||||
|
|
||||||
c->outkey = xrealloc(c->outkey, len);
|
|
||||||
|
|
||||||
- if(!c->outctx)
|
|
||||||
- c->outctx = xmalloc_and_zero(sizeof(*c->outctx));
|
|
||||||
+ if(!c->outctx) {
|
|
||||||
+ c->outctx = EVP_CIPHER_CTX_new();
|
|
||||||
+ if(!c->outctx)
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* Copy random data to the buffer */
|
|
||||||
|
|
||||||
@@ -262,17 +274,17 @@ bool send_metakey(connection_t *c) {
|
|
||||||
/* Send the meta key */
|
|
||||||
|
|
||||||
x = send_request(c, "%d %d %d %d %d %s", METAKEY,
|
|
||||||
- c->outcipher ? c->outcipher->nid : 0,
|
|
||||||
- c->outdigest ? c->outdigest->type : 0, c->outmaclength,
|
|
||||||
+ c->outcipher ? EVP_CIPHER_nid(c->outcipher) : 0,
|
|
||||||
+ c->outdigest ? EVP_MD_type(c->outdigest) : 0, c->outmaclength,
|
|
||||||
c->outcompression, buffer);
|
|
||||||
|
|
||||||
/* Further outgoing requests are encrypted with the key we just generated */
|
|
||||||
|
|
||||||
if(c->outcipher) {
|
|
||||||
if(!EVP_EncryptInit(c->outctx, c->outcipher,
|
|
||||||
- (unsigned char *)c->outkey + len - c->outcipher->key_len,
|
|
||||||
- (unsigned char *)c->outkey + len - c->outcipher->key_len -
|
|
||||||
- c->outcipher->iv_len)) {
|
|
||||||
+ (unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher),
|
|
||||||
+ (unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher) -
|
|
||||||
+ EVP_CIPHER_iv_length(c->outcipher))) {
|
|
||||||
logger(LOG_ERR, "Error during initialisation of cipher for %s (%s): %s",
|
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return false;
|
|
||||||
@@ -308,8 +320,11 @@ bool metakey_h(connection_t *c) {
|
|
||||||
|
|
||||||
c->inkey = xrealloc(c->inkey, len);
|
|
||||||
|
|
||||||
- if(!c->inctx)
|
|
||||||
- c->inctx = xmalloc_and_zero(sizeof(*c->inctx));
|
|
||||||
+ if(!c->inctx) {
|
|
||||||
+ c->inctx = EVP_CIPHER_CTX_new();
|
|
||||||
+ if(!c->inctx)
|
|
||||||
+ abort();
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* Convert the challenge from hexadecimal back to binary */
|
|
||||||
|
|
||||||
@@ -345,9 +360,9 @@ bool metakey_h(connection_t *c) {
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!EVP_DecryptInit(c->inctx, c->incipher,
|
|
||||||
- (unsigned char *)c->inkey + len - c->incipher->key_len,
|
|
||||||
- (unsigned char *)c->inkey + len - c->incipher->key_len -
|
|
||||||
- c->incipher->iv_len)) {
|
|
||||||
+ (unsigned char *)c->inkey + len - EVP_CIPHER_key_length(c->incipher),
|
|
||||||
+ (unsigned char *)c->inkey + len - EVP_CIPHER_key_length(c->incipher) -
|
|
||||||
+ EVP_CIPHER_iv_length(c->incipher))) {
|
|
||||||
logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
|
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return false;
|
|
||||||
@@ -355,7 +370,8 @@ bool metakey_h(connection_t *c) {
|
|
||||||
|
|
||||||
c->status.decryptin = true;
|
|
||||||
} else {
|
|
||||||
- c->incipher = NULL;
|
|
||||||
+ logger(LOG_ERR, "%s (%s) uses null cipher!", c->name, c->hostname);
|
|
||||||
+ return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
c->inmaclength = maclength;
|
|
||||||
@@ -368,12 +384,13 @@ bool metakey_h(connection_t *c) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) {
|
|
||||||
+ if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) {
|
|
||||||
logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
- c->indigest = NULL;
|
|
||||||
+ logger(LOG_ERR, "%s (%s) uses null digest!", c->name, c->hostname);
|
|
||||||
+ return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
c->incompression = compression;
|
|
||||||
@@ -447,27 +464,38 @@ bool challenge_h(connection_t *c) {
|
|
||||||
|
|
||||||
/* Rest is done by send_chal_reply() */
|
|
||||||
|
|
||||||
- return send_chal_reply(c);
|
|
||||||
+ if(c->outgoing) {
|
|
||||||
+ return send_chal_reply(c);
|
|
||||||
+ } else {
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
bool send_chal_reply(connection_t *c) {
|
|
||||||
char hash[EVP_MAX_MD_SIZE * 2 + 1];
|
|
||||||
- EVP_MD_CTX ctx;
|
|
||||||
+ EVP_MD_CTX *ctx;
|
|
||||||
|
|
||||||
/* Calculate the hash from the challenge we received */
|
|
||||||
|
|
||||||
- if(!EVP_DigestInit(&ctx, c->indigest)
|
|
||||||
- || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|
|
||||||
- || !EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL)) {
|
|
||||||
+ ctx = EVP_MD_CTX_create();
|
|
||||||
+ if(!ctx)
|
|
||||||
+ abort();
|
|
||||||
+
|
|
||||||
+ if(!EVP_DigestInit(ctx, c->indigest)
|
|
||||||
+ || !EVP_DigestUpdate(ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|
|
||||||
+ || !EVP_DigestFinal(ctx, (unsigned char *)hash, NULL)) {
|
|
||||||
+ EVP_MD_CTX_destroy(ctx);
|
|
||||||
logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",
|
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ EVP_MD_CTX_destroy(ctx);
|
|
||||||
+
|
|
||||||
/* Convert the hash to a hexadecimal formatted string */
|
|
||||||
|
|
||||||
- bin2hex(hash, hash, c->indigest->md_size);
|
|
||||||
- hash[c->indigest->md_size * 2] = '\0';
|
|
||||||
+ bin2hex(hash, hash, EVP_MD_size(c->indigest));
|
|
||||||
+ hash[EVP_MD_size(c->indigest) * 2] = '\0';
|
|
||||||
|
|
||||||
/* Send the reply */
|
|
||||||
|
|
||||||
@@ -477,7 +505,7 @@ bool send_chal_reply(connection_t *c) {
|
|
||||||
bool chal_reply_h(connection_t *c) {
|
|
||||||
char hishash[MAX_STRING_SIZE];
|
|
||||||
char myhash[EVP_MAX_MD_SIZE];
|
|
||||||
- EVP_MD_CTX ctx;
|
|
||||||
+ EVP_MD_CTX *ctx;
|
|
||||||
|
|
||||||
if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
|
|
||||||
@@ -487,7 +515,7 @@ bool chal_reply_h(connection_t *c) {
|
|
||||||
|
|
||||||
/* Check if the length of the hash is all right */
|
|
||||||
|
|
||||||
- if(strlen(hishash) != c->outdigest->md_size * 2) {
|
|
||||||
+ if(strlen(hishash) != EVP_MD_size(c->outdigest) * 2) {
|
|
||||||
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
|
||||||
c->hostname, "wrong challenge reply length");
|
|
||||||
return false;
|
|
||||||
@@ -495,24 +523,31 @@ bool chal_reply_h(connection_t *c) {
|
|
||||||
|
|
||||||
/* Convert the hash to binary format */
|
|
||||||
|
|
||||||
- if(!hex2bin(hishash, hishash, c->outdigest->md_size)) {
|
|
||||||
+ if(!hex2bin(hishash, hishash, EVP_MD_size(c->outdigest))) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Calculate the hash from the challenge we sent */
|
|
||||||
|
|
||||||
- if(!EVP_DigestInit(&ctx, c->outdigest)
|
|
||||||
- || !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
|
|
||||||
- || !EVP_DigestFinal(&ctx, (unsigned char *)myhash, NULL)) {
|
|
||||||
+ ctx = EVP_MD_CTX_create();
|
|
||||||
+ if(!ctx)
|
|
||||||
+ abort();
|
|
||||||
+
|
|
||||||
+ if(!EVP_DigestInit(ctx, c->outdigest)
|
|
||||||
+ || !EVP_DigestUpdate(ctx, c->hischallenge, RSA_size(c->rsa_key))
|
|
||||||
+ || !EVP_DigestFinal(ctx, (unsigned char *)myhash, NULL)) {
|
|
||||||
+ EVP_MD_CTX_destroy(ctx);
|
|
||||||
logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",
|
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ EVP_MD_CTX_destroy(ctx);
|
|
||||||
+
|
|
||||||
/* Verify the incoming hash with the calculated hash */
|
|
||||||
|
|
||||||
- if(memcmp(hishash, myhash, c->outdigest->md_size)) {
|
|
||||||
+ if(memcmp(hishash, myhash, EVP_MD_size(c->outdigest))) {
|
|
||||||
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
|
||||||
c->hostname, "wrong challenge reply");
|
|
||||||
|
|
||||||
@@ -531,6 +566,10 @@ bool chal_reply_h(connection_t *c) {
|
|
||||||
|
|
||||||
c->allow_request = ACK;
|
|
||||||
|
|
||||||
+ if(!c->outgoing) {
|
|
||||||
+ send_chal_reply(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return send_ack(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/src/protocol_edge.c b/src/protocol_edge.c
|
|
||||||
index 3dfff05e..fa57494e 100644
|
|
||||||
--- a/src/protocol_edge.c
|
|
||||||
+++ b/src/protocol_edge.c
|
|
||||||
@@ -70,7 +70,7 @@ bool add_edge_h(connection_t *c) {
|
|
||||||
|
|
||||||
/* Check if names are valid */
|
|
||||||
|
|
||||||
- if(!check_id(from_name) || !check_id(to_name)) {
|
|
||||||
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ADD_EDGE", c->name,
|
|
||||||
c->hostname, "invalid name");
|
|
||||||
return false;
|
|
||||||
@@ -181,7 +181,7 @@ bool del_edge_h(connection_t *c) {
|
|
||||||
|
|
||||||
/* Check if names are valid */
|
|
||||||
|
|
||||||
- if(!check_id(from_name) || !check_id(to_name)) {
|
|
||||||
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "DEL_EDGE", c->name,
|
|
||||||
c->hostname, "invalid name");
|
|
||||||
return false;
|
|
||||||
diff --git a/src/protocol_key.c b/src/protocol_key.c
|
|
||||||
index 301ead5d..1b96597f 100644
|
|
||||||
--- a/src/protocol_key.c
|
|
||||||
+++ b/src/protocol_key.c
|
|
||||||
@@ -164,7 +164,7 @@ bool send_ans_key(node_t *to) {
|
|
||||||
}
|
|
||||||
|
|
||||||
if(to->incipher)
|
|
||||||
- EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
|
|
||||||
+ EVP_DecryptInit_ex(to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + EVP_CIPHER_key_length(to->incipher));
|
|
||||||
|
|
||||||
// Reset sequence number and late packet window
|
|
||||||
mykeyused = true;
|
|
||||||
@@ -178,8 +178,8 @@ bool send_ans_key(node_t *to) {
|
|
||||||
|
|
||||||
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
|
||||||
myself->name, to->name, key,
|
|
||||||
- to->incipher ? to->incipher->nid : 0,
|
|
||||||
- to->indigest ? to->indigest->type : 0, to->inmaclength,
|
|
||||||
+ to->incipher ? EVP_CIPHER_nid(to->incipher) : 0,
|
|
||||||
+ to->indigest ? EVP_MD_type(to->indigest) : 0, to->inmaclength,
|
|
||||||
to->incompression);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -268,12 +268,17 @@ bool ans_key_h(connection_t *c) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
|
|
||||||
+ if(from->outkeylength != EVP_CIPHER_key_length(from->outcipher) + EVP_CIPHER_iv_length(from->outcipher)) {
|
|
||||||
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
|
||||||
from->hostname);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
+ if(from->outkeylength != 1) {
|
|
||||||
+ logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
from->outcipher = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -288,7 +293,7 @@ bool ans_key_h(connection_t *c) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
|
|
||||||
+ if(from->outmaclength > EVP_MD_size(from->outdigest) || from->outmaclength < 0) {
|
|
||||||
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
|
||||||
from->name, from->hostname);
|
|
||||||
return true;
|
|
||||||
@@ -305,7 +310,7 @@ bool ans_key_h(connection_t *c) {
|
|
||||||
from->outcompression = compression;
|
|
||||||
|
|
||||||
if(from->outcipher)
|
|
||||||
- if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
|
|
||||||
+ if(!EVP_EncryptInit_ex(from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + EVP_CIPHER_key_length(from->outcipher))) {
|
|
||||||
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
|
||||||
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
return true;
|
|
||||||
diff --git a/src/tincd.c b/src/tincd.c
|
|
||||||
index b6a6c29c..19f2e174 100644
|
|
||||||
--- a/src/tincd.c
|
|
||||||
+++ b/src/tincd.c
|
|
||||||
@@ -330,7 +330,7 @@ static bool parse_options(int argc, char **argv) {
|
|
||||||
|
|
||||||
/* This function prettyprints the key generation process */
|
|
||||||
|
|
||||||
-static void indicator(int a, int b, void *p) {
|
|
||||||
+static int indicator(int a, int b, BN_GENCB *cb) {
|
|
||||||
switch (a) {
|
|
||||||
case 0:
|
|
||||||
fprintf(stderr, ".");
|
|
||||||
@@ -362,19 +362,48 @@ static void indicator(int a, int b, void *p) {
|
|
||||||
default:
|
|
||||||
fprintf(stderr, "?");
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#ifndef HAVE_BN_GENCB_NEW
|
|
||||||
+BN_GENCB *BN_GENCB_new(void) {
|
|
||||||
+ return xmalloc_and_zero(sizeof(BN_GENCB));
|
|
||||||
}
|
|
||||||
|
|
||||||
+void BN_GENCB_free(BN_GENCB *cb) {
|
|
||||||
+ free(cb);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
Generate a public/private RSA keypair, and ask for a file to store
|
|
||||||
them in.
|
|
||||||
*/
|
|
||||||
static bool keygen(int bits) {
|
|
||||||
+ BIGNUM *e = NULL;
|
|
||||||
RSA *rsa_key;
|
|
||||||
FILE *f;
|
|
||||||
char *pubname, *privname;
|
|
||||||
+ BN_GENCB *cb;
|
|
||||||
+ int result;
|
|
||||||
|
|
||||||
fprintf(stderr, "Generating %d bits keys:\n", bits);
|
|
||||||
- rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
|
|
||||||
+
|
|
||||||
+ cb = BN_GENCB_new();
|
|
||||||
+ if(!cb)
|
|
||||||
+ abort();
|
|
||||||
+ BN_GENCB_set(cb, indicator, NULL);
|
|
||||||
+
|
|
||||||
+ rsa_key = RSA_new();
|
|
||||||
+ BN_hex2bn(&e, "10001");
|
|
||||||
+ if(!rsa_key || !e)
|
|
||||||
+ abort();
|
|
||||||
+
|
|
||||||
+ result = RSA_generate_key_ex(rsa_key, bits, e, cb);
|
|
||||||
+
|
|
||||||
+ BN_free(e);
|
|
||||||
+ BN_GENCB_free(cb);
|
|
||||||
|
|
||||||
if(!rsa_key) {
|
|
||||||
fprintf(stderr, "Error during key generation!\n");
|
|
||||||
@@ -697,7 +726,11 @@ end:
|
|
||||||
EVP_cleanup();
|
|
||||||
ENGINE_cleanup();
|
|
||||||
CRYPTO_cleanup_all_ex_data();
|
|
||||||
+#ifdef HAVE_ERR_REMOVE_STATE
|
|
||||||
+ // OpenSSL claims this function was deprecated in 1.0.0,
|
|
||||||
+ // but valgrind's leak detector shows you still need to call it to make sure OpenSSL cleans up properly.
|
|
||||||
ERR_remove_state(0);
|
|
||||||
+#endif
|
|
||||||
ERR_free_strings();
|
|
||||||
|
|
||||||
exit_configuration(&config_tree);
|
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
|
@ -1 +0,0 @@
|
||||||
security-fixes
|
|
6
debian/rules
vendored
6
debian/rules
vendored
|
@ -12,15 +12,11 @@
|
||||||
%:
|
%:
|
||||||
dh $@ --parallel
|
dh $@ --parallel
|
||||||
|
|
||||||
.PHONY: override_dh_strip
|
|
||||||
override_dh_strip:
|
|
||||||
dh_strip --dbg-package=tinc-dbg
|
|
||||||
|
|
||||||
override_dh_auto_configure:
|
override_dh_auto_configure:
|
||||||
dh_auto_configure -- --enable-uml --enable-vde
|
dh_auto_configure -- --enable-uml --enable-vde
|
||||||
|
|
||||||
override_dh_auto_install:
|
override_dh_auto_install:
|
||||||
dh_auto_install --destdir=debian/tinc -- install-html
|
dh_auto_install -- install-html
|
||||||
# Remove info dir file
|
# Remove info dir file
|
||||||
rm -f debian/tinc/usr/share/info/dir
|
rm -f debian/tinc/usr/share/info/dir
|
||||||
|
|
||||||
|
|
6
debian/tinc.if-post-down
vendored
6
debian/tinc.if-post-down
vendored
|
@ -12,7 +12,11 @@ if [ "$IF_TINC_NET" ] ; then
|
||||||
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
||||||
sleep 0.1
|
sleep 0.1
|
||||||
i=0;
|
i=0;
|
||||||
while [ -f "$IF_TINC_PIDFILE" ] ; do
|
while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
||||||
|
if [ ! -e "/proc/$pid" ] ; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
if [ $i = '30' ] ; then
|
if [ $i = '30' ] ; then
|
||||||
echo 'Failed to stop tinc daemon!'
|
echo 'Failed to stop tinc daemon!'
|
||||||
exit 1
|
exit 1
|
||||||
|
|
15
debian/tinc.if-pre-up
vendored
15
debian/tinc.if-pre-up
vendored
|
@ -45,7 +45,20 @@ test -n "$LIMITS" && setlimits $LIMITS
|
||||||
|
|
||||||
sleep 0.1
|
sleep 0.1
|
||||||
i=0;
|
i=0;
|
||||||
while [ ! -f "$IF_TINC_PIDFILE" ] ; do
|
while [ ! -f $IF_TINC_PIDFILE ] ; do
|
||||||
|
if [ $i = '30' ] ; then
|
||||||
|
echo 'Failed to start tinc daemon!'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
sleep 0.1
|
||||||
|
i=$(($i+1))
|
||||||
|
done
|
||||||
|
|
||||||
|
while read pid rest < $IF_TINC_PIDFILE ; do
|
||||||
|
if [ -e "/proc/$pid" ] ; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
if [ $i = '30' ] ; then
|
if [ $i = '30' ] ; then
|
||||||
echo 'Failed to start tinc daemon!'
|
echo 'Failed to start tinc daemon!'
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -486,12 +486,9 @@ Furthermore, specifying
|
||||||
.Qq none
|
.Qq none
|
||||||
will turn off packet authentication.
|
will turn off packet authentication.
|
||||||
.It Va IndirectData Li = yes | no Pq no
|
.It Va IndirectData Li = yes | no Pq no
|
||||||
This option specifies whether other tinc daemons besides the one you specified with
|
When set to yes, only nodes which already have a meta connection to you
|
||||||
.Va ConnectTo
|
will try to establish direct communication with you.
|
||||||
can make a direct connection to you.
|
It is best to leave this option out or set it to no.
|
||||||
This is especially useful if you are behind a firewall
|
|
||||||
and it is impossible to make a connection from the outside to your tinc daemon.
|
|
||||||
Otherwise, it is best to leave this option out or set it to no.
|
|
||||||
.It Va MACLength Li = Ar length Pq 4
|
.It Va MACLength Li = Ar length Pq 4
|
||||||
The length of the message authentication code used to authenticate UDP packets.
|
The length of the message authentication code used to authenticate UDP packets.
|
||||||
Can be anything from
|
Can be anything from
|
||||||
|
|
281
doc/tinc.info
281
doc/tinc.info
|
@ -5,7 +5,7 @@ START-INFO-DIR-ENTRY
|
||||||
* tinc: (tinc). The tinc Manual.
|
* tinc: (tinc). The tinc Manual.
|
||||||
END-INFO-DIR-ENTRY
|
END-INFO-DIR-ENTRY
|
||||||
|
|
||||||
This is the info manual for tinc version 1.0.23, a Virtual Private
|
This is the info manual for tinc version 1.0.25, a Virtual Private
|
||||||
Network daemon.
|
Network daemon.
|
||||||
|
|
||||||
Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen
|
Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen
|
||||||
|
@ -139,7 +139,7 @@ File: tinc.info, Node: Supported platforms, Prev: tinc, Up: Introduction
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD,
|
Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD,
|
||||||
MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin
|
Mac OS X (Darwin), Solaris, and Windows (both natively and in a Cygwin
|
||||||
environment), with various hardware architectures. These are some of
|
environment), with various hardware architectures. These are some of
|
||||||
the platforms that are supported by the universal tun/tap device driver
|
the platforms that are supported by the universal tun/tap device driver
|
||||||
or other virtual network device drivers. Without such a driver, tinc
|
or other virtual network device drivers. Without such a driver, tinc
|
||||||
|
@ -176,7 +176,7 @@ File: tinc.info, Node: Configuring the kernel, Next: Libraries, Up: Preparati
|
||||||
* Configuration of OpenBSD kernels::
|
* Configuration of OpenBSD kernels::
|
||||||
* Configuration of NetBSD kernels::
|
* Configuration of NetBSD kernels::
|
||||||
* Configuration of Solaris kernels::
|
* Configuration of Solaris kernels::
|
||||||
* Configuration of Darwin (MacOS/X) kernels::
|
* Configuration of Darwin (Mac OS X) kernels::
|
||||||
* Configuration of Windows::
|
* Configuration of Windows::
|
||||||
|
|
||||||
|
|
||||||
|
@ -238,7 +238,7 @@ default kernel configuration.
|
||||||
Tunneling IPv6 may not work on NetBSD's tun device.
|
Tunneling IPv6 may not work on NetBSD's tun device.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Solaris kernels, Next: Configuration of Darwin (MacOS/X) kernels, Prev: Configuration of NetBSD kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Solaris kernels, Next: Configuration of Darwin (Mac OS X) kernels, Prev: Configuration of NetBSD kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.5 Configuration of Solaris kernels
|
2.1.5 Configuration of Solaris kernels
|
||||||
--------------------------------------
|
--------------------------------------
|
||||||
|
@ -251,23 +251,18 @@ sparc64 architectures, precompiled versions can be found at
|
||||||
header file is missing, install it from the source package.
|
header file is missing, install it from the source package.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Darwin (MacOS/X) kernels, Next: Configuration of Windows, Prev: Configuration of Solaris kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Darwin (Mac OS X) kernels, Next: Configuration of Windows, Prev: Configuration of Solaris kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.6 Configuration of Darwin (MacOS/X) kernels
|
2.1.6 Configuration of Darwin (Mac OS X) kernels
|
||||||
-----------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
Tinc on Darwin relies on a tunnel driver for its data acquisition from
|
Tinc on Darwin relies on a tunnel driver for its data acquisition from
|
||||||
the kernel. Tinc supports either the driver from
|
the kernel. Tinc supports either the driver from
|
||||||
<http://tuntaposx.sourceforge.net/>, which supports both tun and tap
|
<http://tuntaposx.sourceforge.net/>, which supports both tun and tap
|
||||||
style devices, and also the driver from from
|
style devices.
|
||||||
<http://chrisp.de/en/projects/tunnel.html>. The former driver is
|
|
||||||
recommended. The tunnel driver must be loaded before starting tinc with
|
|
||||||
the following command:
|
|
||||||
|
|
||||||
kmodload tunnel
|
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin (MacOS/X) kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin (Mac OS X) kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.7 Configuration of Windows
|
2.1.7 Configuration of Windows
|
||||||
------------------------------
|
------------------------------
|
||||||
|
@ -304,7 +299,7 @@ File: tinc.info, Node: OpenSSL, Next: zlib, Up: Libraries
|
||||||
For all cryptography-related functions, tinc uses the functions provided
|
For all cryptography-related functions, tinc uses the functions provided
|
||||||
by the OpenSSL library.
|
by the OpenSSL library.
|
||||||
|
|
||||||
If this library is not installed, you wil get an error when
|
If this library is not installed, you will get an error when
|
||||||
configuring tinc for build. Support for running tinc with other
|
configuring tinc for build. Support for running tinc with other
|
||||||
cryptographic libraries installed _may_ be added in the future.
|
cryptographic libraries installed _may_ be added in the future.
|
||||||
|
|
||||||
|
@ -360,7 +355,7 @@ File: tinc.info, Node: zlib, Next: lzo, Prev: OpenSSL, Up: Libraries
|
||||||
For the optional compression of UDP packets, tinc uses the functions
|
For the optional compression of UDP packets, tinc uses the functions
|
||||||
provided by the zlib library.
|
provided by the zlib library.
|
||||||
|
|
||||||
If this library is not installed, you wil get an error when running
|
If this library is not installed, you will get an error when running
|
||||||
the configure script. You can either install the zlib library, or
|
the configure script. You can either install the zlib library, or
|
||||||
disable support for zlib compression by using the "-disable-zlib" option
|
disable support for zlib compression by using the "-disable-zlib" option
|
||||||
when running the configure script. Note that if you disable support for
|
when running the configure script. Note that if you disable support for
|
||||||
|
@ -385,7 +380,7 @@ File: tinc.info, Node: lzo, Prev: zlib, Up: Libraries
|
||||||
|
|
||||||
Another form of compression is offered using the LZO library.
|
Another form of compression is offered using the LZO library.
|
||||||
|
|
||||||
If this library is not installed, you wil get an error when running
|
If this library is not installed, you will get an error when running
|
||||||
the configure script. You can either install the LZO library, or
|
the configure script. You can either install the LZO library, or
|
||||||
disable support for LZO compression by using the "-disable-lzo" option
|
disable support for LZO compression by using the "-disable-lzo" option
|
||||||
when running the configure script. Note that if you disable support for
|
when running the configure script. Note that if you disable support for
|
||||||
|
@ -445,25 +440,26 @@ your distribution will tell you how to do that.
|
||||||
|
|
||||||
* Menu:
|
* Menu:
|
||||||
|
|
||||||
* Darwin (MacOS/X) build environment::
|
* Darwin (Mac OS X) build environment::
|
||||||
* Cygwin (Windows) build environment::
|
* Cygwin (Windows) build environment::
|
||||||
* MinGW (Windows) build environment::
|
* MinGW (Windows) build environment::
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Darwin (MacOS/X) build environment, Next: Cygwin (Windows) build environment, Up: Building and installing tinc
|
File: tinc.info, Node: Darwin (Mac OS X) build environment, Next: Cygwin (Windows) build environment, Up: Building and installing tinc
|
||||||
|
|
||||||
3.1.1 Darwin (MacOS/X) build environment
|
3.1.1 Darwin (Mac OS X) build environment
|
||||||
----------------------------------------
|
-----------------------------------------
|
||||||
|
|
||||||
In order to build tinc on Darwin, you need to install the MacOS/X
|
In order to build tinc on Darwin, you need to install the Mac OS X
|
||||||
Developer Tools from <http://developer.apple.com/tools/macosxtools.html>
|
Developer Tools from <http://developer.apple.com/tools/macosxtools.html>
|
||||||
and a recent version of Fink from <http://www.finkproject.org/>.
|
and preferably a recent version of Fink from
|
||||||
|
<http://www.finkproject.org/>.
|
||||||
|
|
||||||
After installation use fink to download and install the following
|
After installation use fink to download and install the following
|
||||||
packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Windows) build environment, Prev: Darwin (MacOS/X) build environment, Up: Building and installing tinc
|
File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Windows) build environment, Prev: Darwin (Mac OS X) build environment, Up: Building and installing tinc
|
||||||
|
|
||||||
3.1.2 Cygwin (Windows) build environment
|
3.1.2 Cygwin (Windows) build environment
|
||||||
----------------------------------------
|
----------------------------------------
|
||||||
|
@ -596,9 +592,9 @@ assign a NETNAME to your VPN. It is not required if you only run one
|
||||||
tinc daemon, it doesn't even have to be the same on all the sites of
|
tinc daemon, it doesn't even have to be the same on all the sites of
|
||||||
your VPN, but it is recommended that you choose one anyway.
|
your VPN, but it is recommended that you choose one anyway.
|
||||||
|
|
||||||
We will asume you use a netname throughout this document. This means
|
We will assume you use a netname throughout this document. This
|
||||||
that you call tincd with the -n argument, which will assign a netname to
|
means that you call tincd with the -n argument, which will assign a
|
||||||
this daemon.
|
netname to this daemon.
|
||||||
|
|
||||||
The effect of this is that the daemon will set its configuration root
|
The effect of this is that the daemon will set its configuration root
|
||||||
to '/etc/tinc/NETNAME/', where NETNAME is your argument to the -n
|
to '/etc/tinc/NETNAME/', where NETNAME is your argument to the -n
|
||||||
|
@ -626,7 +622,7 @@ in the configuration file tinc.conf. If it sees one or more 'ConnectTo'
|
||||||
values pointing to other tinc daemons in that file, it will try to
|
values pointing to other tinc daemons in that file, it will try to
|
||||||
connect to those other daemons. Whether this succeeds or not and
|
connect to those other daemons. Whether this succeeds or not and
|
||||||
whether 'ConnectTo' is specified or not, tinc will listen for incoming
|
whether 'ConnectTo' is specified or not, tinc will listen for incoming
|
||||||
connection from other deamons. If you did specify a 'ConnectTo' value
|
connection from other daemons. If you did specify a 'ConnectTo' value
|
||||||
and the other side is not responding, tinc will keep retrying. This
|
and the other side is not responding, tinc will keep retrying. This
|
||||||
means that once started, tinc will stay running until you tell it to
|
means that once started, tinc will stay running until you tell it to
|
||||||
stop, and failures to connect to other tinc daemons will not stop your
|
stop, and failures to connect to other tinc daemons will not stop your
|
||||||
|
@ -649,7 +645,7 @@ The actual configuration of the daemon is done in the file
|
||||||
'/etc/tinc/NETNAME/tinc.conf' and at least one other file in the
|
'/etc/tinc/NETNAME/tinc.conf' and at least one other file in the
|
||||||
directory '/etc/tinc/NETNAME/hosts/'.
|
directory '/etc/tinc/NETNAME/hosts/'.
|
||||||
|
|
||||||
An optionnal directory '/etc/tinc/NETNAME/conf.d' can be added from
|
An optional directory '/etc/tinc/NETNAME/conf.d' can be added from
|
||||||
which any .conf file will be read.
|
which any .conf file will be read.
|
||||||
|
|
||||||
These file consists of comments (lines started with a #) or
|
These file consists of comments (lines started with a #) or
|
||||||
|
@ -755,10 +751,9 @@ DecrementTTL = <yes | no> (no) [experimental]
|
||||||
|
|
||||||
Device = <DEVICE> ('/dev/tap0', '/dev/net/tun' or other depending on platform)
|
Device = <DEVICE> ('/dev/tap0', '/dev/net/tun' or other depending on platform)
|
||||||
The virtual network device to use. Tinc will automatically detect
|
The virtual network device to use. Tinc will automatically detect
|
||||||
what kind of device it is. Note that you can only use one device
|
what kind of device it is. Under Windows, use INTERFACE instead of
|
||||||
per daemon. Under Windows, use INTERFACE instead of DEVICE. Note
|
DEVICE. Note that you can only use one device per daemon. See
|
||||||
that you can only use one device per daemon. See also *note Device
|
also *note Device files::.
|
||||||
files::.
|
|
||||||
|
|
||||||
DeviceType = <TYPE> (platform dependent)
|
DeviceType = <TYPE> (platform dependent)
|
||||||
The type of the virtual network device. Tinc will normally
|
The type of the virtual network device. Tinc will normally
|
||||||
|
@ -937,7 +932,7 @@ Mode = <router|switch|hub> (router)
|
||||||
|
|
||||||
Name = <NAME> [required]
|
Name = <NAME> [required]
|
||||||
This is a symbolic name for this connection. The name should
|
This is a symbolic name for this connection. The name should
|
||||||
consist only of alfanumeric and underscore characters (a-z, A-Z,
|
consist only of alphanumeric and underscore characters (a-z, A-Z,
|
||||||
0-9 and _).
|
0-9 and _).
|
||||||
|
|
||||||
If Name starts with a $, then the contents of the environment
|
If Name starts with a $, then the contents of the environment
|
||||||
|
@ -964,7 +959,7 @@ PriorityInheritance = <yes|no> (no) [experimental]
|
||||||
PrivateKey = <KEY> [obsolete]
|
PrivateKey = <KEY> [obsolete]
|
||||||
This is the RSA private key for tinc. However, for safety reasons
|
This is the RSA private key for tinc. However, for safety reasons
|
||||||
it is advised to store private keys of any kind in separate files.
|
it is advised to store private keys of any kind in separate files.
|
||||||
This prevents accidental eavesdropping if you are editting the
|
This prevents accidental eavesdropping if you are editing the
|
||||||
configuration file.
|
configuration file.
|
||||||
|
|
||||||
PrivateKeyFile = <PATH> ('/etc/tinc/NETNAME/rsa_key.priv')
|
PrivateKeyFile = <PATH> ('/etc/tinc/NETNAME/rsa_key.priv')
|
||||||
|
@ -1114,9 +1109,9 @@ PublicKeyFile = <PATH> [obsolete]
|
||||||
Subnet = <ADDRESS[/PREFIXLENGTH[#WEIGHT]]>
|
Subnet = <ADDRESS[/PREFIXLENGTH[#WEIGHT]]>
|
||||||
The subnet which this tinc daemon will serve. Tinc tries to look
|
The subnet which this tinc daemon will serve. Tinc tries to look
|
||||||
up which other daemon it should send a packet to by searching the
|
up which other daemon it should send a packet to by searching the
|
||||||
appropiate subnet. If the packet matches a subnet, it will be sent
|
appropriate subnet. If the packet matches a subnet, it will be
|
||||||
to the daemon who has this subnet in his host configuration file.
|
sent to the daemon who has this subnet in his host configuration
|
||||||
Multiple subnet lines can be specified for each daemon.
|
file. Multiple subnet lines can be specified for each daemon.
|
||||||
|
|
||||||
Subnets can either be single MAC, IPv4 or IPv6 addresses, in which
|
Subnets can either be single MAC, IPv4 or IPv6 addresses, in which
|
||||||
case a subnet consisting of only that single address is assumed, or
|
case a subnet consisting of only that single address is assumed, or
|
||||||
|
@ -1186,11 +1181,11 @@ scripts should have the extension .bat.
|
||||||
This script is started when any host becomes unreachable.
|
This script is started when any host becomes unreachable.
|
||||||
|
|
||||||
'/etc/tinc/NETNAME/subnet-up'
|
'/etc/tinc/NETNAME/subnet-up'
|
||||||
This script is started when a Subnet becomes reachable. The Subnet
|
This script is started when a subnet becomes reachable. The Subnet
|
||||||
and the node it belongs to are passed in environment variables.
|
and the node it belongs to are passed in environment variables.
|
||||||
|
|
||||||
'/etc/tinc/NETNAME/subnet-down'
|
'/etc/tinc/NETNAME/subnet-down'
|
||||||
This script is started when a Subnet becomes unreachable.
|
This script is started when a subnet becomes unreachable.
|
||||||
|
|
||||||
The scripts are started without command line arguments, but can make
|
The scripts are started without command line arguments, but can make
|
||||||
use of certain environment variables. Under UNIX like operating systems
|
use of certain environment variables. Under UNIX like operating systems
|
||||||
|
@ -1252,7 +1247,7 @@ Step 2. Creating your host configuration file
|
||||||
.............................................
|
.............................................
|
||||||
|
|
||||||
If you added a line containing 'Name = yourname' in the main
|
If you added a line containing 'Name = yourname' in the main
|
||||||
configuarion file, you will need to create a host configuration file
|
configuration file, you will need to create a host configuration file
|
||||||
'/etc/tinc/NETNAME/hosts/yourname'. Adapt the following example to
|
'/etc/tinc/NETNAME/hosts/yourname'. Adapt the following example to
|
||||||
create a host configuration file:
|
create a host configuration file:
|
||||||
|
|
||||||
|
@ -1880,7 +1875,7 @@ packets, and 'tap' style, which are Ethernet devices and handle complete
|
||||||
Ethernet frames.
|
Ethernet frames.
|
||||||
|
|
||||||
So when tinc reads an Ethernet frame from the device, it determines
|
So when tinc reads an Ethernet frame from the device, it determines
|
||||||
its type. When tinc is in it's default routing mode, it can handle IPv4
|
its type. When tinc is in its default routing mode, it can handle IPv4
|
||||||
and IPv6 packets. Depending on the Subnet lines, it will send the
|
and IPv6 packets. Depending on the Subnet lines, it will send the
|
||||||
packets off to their destination IP address. In the 'switch' and 'hub'
|
packets off to their destination IP address. In the 'switch' and 'hub'
|
||||||
mode, tinc will use broadcasts and MAC address discovery to deduce the
|
mode, tinc will use broadcasts and MAC address discovery to deduce the
|
||||||
|
@ -1909,8 +1904,8 @@ the decrypted information to its own virtual network device.
|
||||||
tunnel), there is no problem for the kernel to accept a packet.
|
tunnel), there is no problem for the kernel to accept a packet.
|
||||||
However, if it is a 'tap' device (this is the only available type on
|
However, if it is a 'tap' device (this is the only available type on
|
||||||
FreeBSD), the destination MAC address must match that of the virtual
|
FreeBSD), the destination MAC address must match that of the virtual
|
||||||
network interface. If tinc is in it's default routing mode, ARP does
|
network interface. If tinc is in its default routing mode, ARP does not
|
||||||
not work, so the correct destination MAC can not be known by the sending
|
work, so the correct destination MAC can not be known by the sending
|
||||||
host. Tinc solves this by letting the receiving end detect the MAC
|
host. Tinc solves this by letting the receiving end detect the MAC
|
||||||
address of its own virtual network interface and overwriting the
|
address of its own virtual network interface and overwriting the
|
||||||
destination MAC address of the received packet.
|
destination MAC address of the received packet.
|
||||||
|
@ -2296,7 +2291,7 @@ FreeBSD 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
||||||
OpenBSD 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
OpenBSD 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
||||||
NetBSD 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
NetBSD 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
||||||
Solaris 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
Solaris 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
||||||
Darwin (MacOS/X) 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
Darwin (Mac OS X) 'ifconfig' INTERFACE ADDRESS 'netmask' NETMASK
|
||||||
Windows 'netsh interface ip set address' INTERFACE 'static' ADDRESS NETMASK
|
Windows 'netsh interface ip set address' INTERFACE 'static' ADDRESS NETMASK
|
||||||
|
|
||||||
For IPv6 addresses:
|
For IPv6 addresses:
|
||||||
|
@ -2307,7 +2302,7 @@ OpenBSD 'ifconfig' INTERFACE 'inet6' ADDRESS 'prefixlen' PREFIXLENGTH
|
||||||
NetBSD 'ifconfig' INTERFACE 'inet6' ADDRESS 'prefixlen' PREFIXLENGTH
|
NetBSD 'ifconfig' INTERFACE 'inet6' ADDRESS 'prefixlen' PREFIXLENGTH
|
||||||
Solaris 'ifconfig' INTERFACE 'inet6 plumb up'
|
Solaris 'ifconfig' INTERFACE 'inet6 plumb up'
|
||||||
'ifconfig' INTERFACE 'inet6 addif' ADDRESS ADDRESS
|
'ifconfig' INTERFACE 'inet6 addif' ADDRESS ADDRESS
|
||||||
Darwin (MacOS/X) 'ifconfig' INTERFACE 'inet6' ADDRESS 'prefixlen' PREFIXLENGTH
|
Darwin (Mac OS X) 'ifconfig' INTERFACE 'inet6' ADDRESS 'prefixlen' PREFIXLENGTH
|
||||||
Windows 'netsh interface ipv6 add address' INTERFACE 'static' ADDRESS/PREFIXLENGTH
|
Windows 'netsh interface ipv6 add address' INTERFACE 'static' ADDRESS/PREFIXLENGTH
|
||||||
|
|
||||||
On some platforms, when running tinc in switch mode, the VPN
|
On some platforms, when running tinc in switch mode, the VPN
|
||||||
|
@ -2344,7 +2339,7 @@ FreeBSD 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS
|
||||||
OpenBSD 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS
|
OpenBSD 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS
|
||||||
NetBSD 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS
|
NetBSD 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS
|
||||||
Solaris 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS '-interface'
|
Solaris 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS '-interface'
|
||||||
Darwin (MacOS/X) 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS
|
Darwin (Mac OS X) 'route add' NETWORK_ADDRESS'/'PREFIXLENGTH '-interface' INTERFACE
|
||||||
Windows 'netsh routing ip add persistentroute' NETWORK_ADDRESS NETMASK INTERFACE
|
Windows 'netsh routing ip add persistentroute' NETWORK_ADDRESS NETMASK INTERFACE
|
||||||
LOCAL_ADDRESS
|
LOCAL_ADDRESS
|
||||||
|
|
||||||
|
@ -2356,7 +2351,7 @@ FreeBSD 'route add -inet6' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRE
|
||||||
OpenBSD 'route add -inet6' NETWORK_ADDRESS LOCAL_ADDRESS '-prefixlen' PREFIXLENGTH
|
OpenBSD 'route add -inet6' NETWORK_ADDRESS LOCAL_ADDRESS '-prefixlen' PREFIXLENGTH
|
||||||
NetBSD 'route add -inet6' NETWORK_ADDRESS LOCAL_ADDRESS '-prefixlen' PREFIXLENGTH
|
NetBSD 'route add -inet6' NETWORK_ADDRESS LOCAL_ADDRESS '-prefixlen' PREFIXLENGTH
|
||||||
Solaris 'route add -inet6' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS '-interface'
|
Solaris 'route add -inet6' NETWORK_ADDRESS'/'PREFIXLENGTH LOCAL_ADDRESS '-interface'
|
||||||
Darwin (MacOS/X) ?
|
Darwin (Mac OS X) 'route add -inet6' NETWORK_ADDRESS'/'PREFIXLENGTH '-interface' INTERFACE
|
||||||
Windows 'netsh interface ipv6 add route' NETWORK ADDRESS/PREFIXLENGTH INTERFACE
|
Windows 'netsh interface ipv6 add route' NETWORK ADDRESS/PREFIXLENGTH INTERFACE
|
||||||
|
|
||||||
|
|
||||||
|
@ -2457,13 +2452,13 @@ Concept Index
|
||||||
* DEVICE: Scripts. (line 53)
|
* DEVICE: Scripts. (line 53)
|
||||||
* device files: Device files. (line 6)
|
* device files: Device files. (line 6)
|
||||||
* DeviceType: Main configuration variables.
|
* DeviceType: Main configuration variables.
|
||||||
(line 80)
|
(line 79)
|
||||||
* Digest: Host configuration variables.
|
* Digest: Host configuration variables.
|
||||||
(line 31)
|
(line 31)
|
||||||
* DirectOnly: Main configuration variables.
|
* DirectOnly: Main configuration variables.
|
||||||
(line 145)
|
(line 144)
|
||||||
* dummy: Main configuration variables.
|
* dummy: Main configuration variables.
|
||||||
(line 87)
|
(line 86)
|
||||||
* encapsulating: The UDP tunnel. (line 30)
|
* encapsulating: The UDP tunnel. (line 30)
|
||||||
* encryption: Encryption of network packets.
|
* encryption: Encryption of network packets.
|
||||||
(line 6)
|
(line 6)
|
||||||
|
@ -2471,53 +2466,53 @@ Concept Index
|
||||||
* example: Example configuration.
|
* example: Example configuration.
|
||||||
(line 6)
|
(line 6)
|
||||||
* exec: Main configuration variables.
|
* exec: Main configuration variables.
|
||||||
(line 315)
|
(line 314)
|
||||||
* Forwarding: Main configuration variables.
|
* Forwarding: Main configuration variables.
|
||||||
(line 152)
|
(line 151)
|
||||||
* frame type: The UDP tunnel. (line 6)
|
* frame type: The UDP tunnel. (line 6)
|
||||||
* GraphDumpFile: Main configuration variables.
|
* GraphDumpFile: Main configuration variables.
|
||||||
(line 172)
|
(line 171)
|
||||||
* Hostnames: Main configuration variables.
|
* Hostnames: Main configuration variables.
|
||||||
(line 180)
|
(line 179)
|
||||||
* http: Main configuration variables.
|
* http: Main configuration variables.
|
||||||
(line 312)
|
(line 311)
|
||||||
* hub: Main configuration variables.
|
* hub: Main configuration variables.
|
||||||
(line 250)
|
(line 249)
|
||||||
* ID: Authentication protocol.
|
* ID: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* IffOneQueue: Main configuration variables.
|
* IffOneQueue: Main configuration variables.
|
||||||
(line 191)
|
(line 190)
|
||||||
* IndirectData: Host configuration variables.
|
* IndirectData: Host configuration variables.
|
||||||
(line 36)
|
(line 36)
|
||||||
* Interface: Main configuration variables.
|
* Interface: Main configuration variables.
|
||||||
(line 194)
|
(line 193)
|
||||||
* INTERFACE: Scripts. (line 56)
|
* INTERFACE: Scripts. (line 56)
|
||||||
* IRC: Contact information. (line 9)
|
* IRC: Contact information. (line 9)
|
||||||
* key generation: Generating keypairs. (line 6)
|
* key generation: Generating keypairs. (line 6)
|
||||||
* KeyExpire: Main configuration variables.
|
* KeyExpire: Main configuration variables.
|
||||||
(line 202)
|
(line 201)
|
||||||
* KEY_CHANGED: The meta-protocol. (line 63)
|
* KEY_CHANGED: The meta-protocol. (line 63)
|
||||||
* libraries: Libraries. (line 6)
|
* libraries: Libraries. (line 6)
|
||||||
* license: OpenSSL. (line 35)
|
* license: OpenSSL. (line 35)
|
||||||
* LocalDiscovery: Main configuration variables.
|
* LocalDiscovery: Main configuration variables.
|
||||||
(line 208)
|
(line 207)
|
||||||
* lzo: lzo. (line 6)
|
* lzo: lzo. (line 6)
|
||||||
* MACExpire: Main configuration variables.
|
* MACExpire: Main configuration variables.
|
||||||
(line 219)
|
(line 218)
|
||||||
* MACLength: Host configuration variables.
|
* MACLength: Host configuration variables.
|
||||||
(line 44)
|
(line 44)
|
||||||
* MaxTimeout: Main configuration variables.
|
* MaxTimeout: Main configuration variables.
|
||||||
(line 224)
|
(line 223)
|
||||||
* meta-protocol: The meta-connection. (line 18)
|
* meta-protocol: The meta-connection. (line 18)
|
||||||
* META_KEY: Authentication protocol.
|
* META_KEY: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* Mode: Main configuration variables.
|
* Mode: Main configuration variables.
|
||||||
(line 228)
|
(line 227)
|
||||||
* multicast: Main configuration variables.
|
* multicast: Main configuration variables.
|
||||||
(line 99)
|
(line 98)
|
||||||
* multiple networks: Multiple networks. (line 6)
|
* multiple networks: Multiple networks. (line 6)
|
||||||
* Name: Main configuration variables.
|
* Name: Main configuration variables.
|
||||||
(line 255)
|
(line 254)
|
||||||
* NAME: Scripts. (line 50)
|
* NAME: Scripts. (line 50)
|
||||||
* netmask: Network interfaces. (line 33)
|
* netmask: Network interfaces. (line 33)
|
||||||
* netname: Multiple networks. (line 6)
|
* netname: Multiple networks. (line 6)
|
||||||
|
@ -2531,9 +2526,9 @@ Concept Index
|
||||||
(line 69)
|
(line 69)
|
||||||
* PING: The meta-protocol. (line 88)
|
* PING: The meta-protocol. (line 88)
|
||||||
* PingInterval: Main configuration variables.
|
* PingInterval: Main configuration variables.
|
||||||
(line 266)
|
(line 265)
|
||||||
* PingTimeout: Main configuration variables.
|
* PingTimeout: Main configuration variables.
|
||||||
(line 270)
|
(line 269)
|
||||||
* platforms: Supported platforms. (line 6)
|
* platforms: Supported platforms. (line 6)
|
||||||
* PMTU: Host configuration variables.
|
* PMTU: Host configuration variables.
|
||||||
(line 49)
|
(line 49)
|
||||||
|
@ -2544,32 +2539,32 @@ Concept Index
|
||||||
(line 57)
|
(line 57)
|
||||||
* port numbers: Other files. (line 17)
|
* port numbers: Other files. (line 17)
|
||||||
* PriorityInheritance: Main configuration variables.
|
* PriorityInheritance: Main configuration variables.
|
||||||
(line 276)
|
(line 275)
|
||||||
* private: Virtual Private Networks.
|
* private: Virtual Private Networks.
|
||||||
(line 10)
|
(line 10)
|
||||||
* PrivateKey: Main configuration variables.
|
* PrivateKey: Main configuration variables.
|
||||||
(line 281)
|
(line 280)
|
||||||
* PrivateKeyFile: Main configuration variables.
|
* PrivateKeyFile: Main configuration variables.
|
||||||
(line 287)
|
(line 286)
|
||||||
* ProcessPriority: Main configuration variables.
|
* ProcessPriority: Main configuration variables.
|
||||||
(line 292)
|
(line 291)
|
||||||
* Proxy: Main configuration variables.
|
* Proxy: Main configuration variables.
|
||||||
(line 297)
|
(line 296)
|
||||||
* PublicKey: Host configuration variables.
|
* PublicKey: Host configuration variables.
|
||||||
(line 61)
|
(line 61)
|
||||||
* PublicKeyFile: Host configuration variables.
|
* PublicKeyFile: Host configuration variables.
|
||||||
(line 64)
|
(line 64)
|
||||||
* raw_socket: Main configuration variables.
|
* raw_socket: Main configuration variables.
|
||||||
(line 92)
|
(line 91)
|
||||||
* release: Supported platforms. (line 14)
|
* release: Supported platforms. (line 14)
|
||||||
* REMOTEADDRESS: Scripts. (line 65)
|
* REMOTEADDRESS: Scripts. (line 65)
|
||||||
* REMOTEPORT: Scripts. (line 68)
|
* REMOTEPORT: Scripts. (line 68)
|
||||||
* ReplayWindow: Main configuration variables.
|
* ReplayWindow: Main configuration variables.
|
||||||
(line 320)
|
(line 319)
|
||||||
* requirements: Libraries. (line 6)
|
* requirements: Libraries. (line 6)
|
||||||
* REQ_KEY: The meta-protocol. (line 63)
|
* REQ_KEY: The meta-protocol. (line 63)
|
||||||
* router: Main configuration variables.
|
* router: Main configuration variables.
|
||||||
(line 231)
|
(line 230)
|
||||||
* runtime options: Runtime options. (line 9)
|
* runtime options: Runtime options. (line 9)
|
||||||
* scalability: tinc. (line 19)
|
* scalability: tinc. (line 19)
|
||||||
* scripts: Scripts. (line 6)
|
* scripts: Scripts. (line 6)
|
||||||
|
@ -2577,11 +2572,11 @@ Concept Index
|
||||||
(line 18)
|
(line 18)
|
||||||
* signals: Signals. (line 6)
|
* signals: Signals. (line 6)
|
||||||
* socks4: Main configuration variables.
|
* socks4: Main configuration variables.
|
||||||
(line 301)
|
(line 300)
|
||||||
* socks5: Main configuration variables.
|
* socks5: Main configuration variables.
|
||||||
(line 306)
|
(line 305)
|
||||||
* StrictSubnets: Main configuration variables.
|
* StrictSubnets: Main configuration variables.
|
||||||
(line 331)
|
(line 330)
|
||||||
* Subnet: Host configuration variables.
|
* Subnet: Host configuration variables.
|
||||||
(line 76)
|
(line 76)
|
||||||
* SUBNET: Scripts. (line 72)
|
* SUBNET: Scripts. (line 72)
|
||||||
|
@ -2589,7 +2584,7 @@ Concept Index
|
||||||
(line 98)
|
(line 98)
|
||||||
* SVPN: Security. (line 11)
|
* SVPN: Security. (line 11)
|
||||||
* switch: Main configuration variables.
|
* switch: Main configuration variables.
|
||||||
(line 239)
|
(line 238)
|
||||||
* TCP: The meta-connection. (line 10)
|
* TCP: The meta-connection. (line 10)
|
||||||
* TCPonly: Host configuration variables.
|
* TCPonly: Host configuration variables.
|
||||||
(line 105)
|
(line 105)
|
||||||
|
@ -2601,24 +2596,24 @@ Concept Index
|
||||||
* tincd: tinc. (line 14)
|
* tincd: tinc. (line 14)
|
||||||
* traditional VPNs: tinc. (line 19)
|
* traditional VPNs: tinc. (line 19)
|
||||||
* tunifhead: Main configuration variables.
|
* tunifhead: Main configuration variables.
|
||||||
(line 134)
|
(line 133)
|
||||||
* TunnelServer: Main configuration variables.
|
* TunnelServer: Main configuration variables.
|
||||||
(line 338)
|
(line 337)
|
||||||
* tunnohead: Main configuration variables.
|
* tunnohead: Main configuration variables.
|
||||||
(line 128)
|
(line 127)
|
||||||
* UDP: The UDP tunnel. (line 30)
|
* UDP: The UDP tunnel. (line 30)
|
||||||
* UDP <1>: Encryption of network packets.
|
* UDP <1>: Encryption of network packets.
|
||||||
(line 12)
|
(line 12)
|
||||||
* UDPRcvBuf: Main configuration variables.
|
* UDPRcvBuf: Main configuration variables.
|
||||||
(line 345)
|
(line 344)
|
||||||
* UDPSndBuf: Main configuration variables.
|
* UDPSndBuf: Main configuration variables.
|
||||||
(line 350)
|
(line 349)
|
||||||
* UML: Main configuration variables.
|
* UML: Main configuration variables.
|
||||||
(line 110)
|
(line 109)
|
||||||
* Universal tun/tap: Configuration of Linux kernels.
|
* Universal tun/tap: Configuration of Linux kernels.
|
||||||
(line 6)
|
(line 6)
|
||||||
* VDE: Main configuration variables.
|
* VDE: Main configuration variables.
|
||||||
(line 115)
|
(line 114)
|
||||||
* virtual: Virtual Private Networks.
|
* virtual: Virtual Private Networks.
|
||||||
(line 18)
|
(line 18)
|
||||||
* virtual network device: The UDP tunnel. (line 6)
|
* virtual network device: The UDP tunnel. (line 6)
|
||||||
|
@ -2637,61 +2632,61 @@ Node: Introduction1105
|
||||||
Node: Virtual Private Networks1915
|
Node: Virtual Private Networks1915
|
||||||
Node: tinc3639
|
Node: tinc3639
|
||||||
Node: Supported platforms5166
|
Node: Supported platforms5166
|
||||||
Node: Preparations5865
|
Node: Preparations5866
|
||||||
Node: Configuring the kernel6121
|
Node: Configuring the kernel6122
|
||||||
Node: Configuration of Linux kernels6530
|
Node: Configuration of Linux kernels6532
|
||||||
Node: Configuration of FreeBSD kernels7385
|
Node: Configuration of FreeBSD kernels7387
|
||||||
Node: Configuration of OpenBSD kernels7850
|
Node: Configuration of OpenBSD kernels7852
|
||||||
Node: Configuration of NetBSD kernels8458
|
Node: Configuration of NetBSD kernels8460
|
||||||
Node: Configuration of Solaris kernels8863
|
Node: Configuration of Solaris kernels8865
|
||||||
Node: Configuration of Darwin (MacOS/X) kernels9524
|
Node: Configuration of Darwin (Mac OS X) kernels9527
|
||||||
Node: Configuration of Windows10213
|
Node: Configuration of Windows10005
|
||||||
Node: Libraries10726
|
Node: Libraries10519
|
||||||
Node: OpenSSL11114
|
Node: OpenSSL10907
|
||||||
Node: zlib13401
|
Node: zlib13195
|
||||||
Node: lzo14428
|
Node: lzo14223
|
||||||
Node: Installation15409
|
Node: Installation15205
|
||||||
Node: Building and installing tinc16424
|
Node: Building and installing tinc16220
|
||||||
Node: Darwin (MacOS/X) build environment17083
|
Node: Darwin (Mac OS X) build environment16880
|
||||||
Node: Cygwin (Windows) build environment17650
|
Node: Cygwin (Windows) build environment17462
|
||||||
Node: MinGW (Windows) build environment18237
|
Node: MinGW (Windows) build environment18050
|
||||||
Node: System files18761
|
Node: System files18574
|
||||||
Node: Device files19026
|
Node: Device files18839
|
||||||
Node: Other files19442
|
Node: Other files19255
|
||||||
Node: Configuration20055
|
Node: Configuration19868
|
||||||
Node: Configuration introduction20366
|
Node: Configuration introduction20179
|
||||||
Node: Multiple networks21634
|
Node: Multiple networks21447
|
||||||
Node: How connections work23059
|
Node: How connections work22873
|
||||||
Node: Configuration files24281
|
Node: Configuration files24095
|
||||||
Node: Main configuration variables25776
|
Node: Main configuration variables25589
|
||||||
Node: Host configuration variables41870
|
Node: Host configuration variables41628
|
||||||
Node: Scripts47371
|
Node: Scripts47131
|
||||||
Node: How to configure50134
|
Node: How to configure49894
|
||||||
Node: Generating keypairs51391
|
Node: Generating keypairs51152
|
||||||
Node: Network interfaces51890
|
Node: Network interfaces51651
|
||||||
Node: Example configuration53738
|
Node: Example configuration53499
|
||||||
Node: Running tinc59063
|
Node: Running tinc58824
|
||||||
Node: Runtime options59653
|
Node: Runtime options59414
|
||||||
Node: Signals62955
|
Node: Signals62716
|
||||||
Node: Debug levels64146
|
Node: Debug levels63907
|
||||||
Node: Solving problems65082
|
Node: Solving problems64843
|
||||||
Node: Error messages66634
|
Node: Error messages66395
|
||||||
Node: Sending bug reports70643
|
Node: Sending bug reports70404
|
||||||
Node: Technical information71590
|
Node: Technical information71351
|
||||||
Node: The connection71821
|
Node: The connection71582
|
||||||
Node: The UDP tunnel72133
|
Node: The UDP tunnel71894
|
||||||
Node: The meta-connection75196
|
Node: The meta-connection74955
|
||||||
Node: The meta-protocol76665
|
Node: The meta-protocol76424
|
||||||
Node: Security81682
|
Node: Security81441
|
||||||
Node: Authentication protocol82815
|
Node: Authentication protocol82574
|
||||||
Node: Encryption of network packets87832
|
Node: Encryption of network packets87619
|
||||||
Node: Security issues89208
|
Node: Security issues88995
|
||||||
Node: Platform specific information90835
|
Node: Platform specific information90622
|
||||||
Node: Interface configuration91063
|
Node: Interface configuration90850
|
||||||
Node: Routes93516
|
Node: Routes93321
|
||||||
Node: About us95433
|
Node: About us95335
|
||||||
Node: Contact information95608
|
Node: Contact information95510
|
||||||
Node: Authors96012
|
Node: Authors95914
|
||||||
Node: Concept Index96417
|
Node: Concept Index96319
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
|
@ -176,7 +176,7 @@ available too.
|
||||||
@section Supported platforms
|
@section Supported platforms
|
||||||
|
|
||||||
@cindex platforms
|
@cindex platforms
|
||||||
Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment),
|
Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment),
|
||||||
with various hardware architectures. These are some of the platforms
|
with various hardware architectures. These are some of the platforms
|
||||||
that are supported by the universal tun/tap device driver or other virtual network device drivers.
|
that are supported by the universal tun/tap device driver or other virtual network device drivers.
|
||||||
Without such a driver, tinc will most
|
Without such a driver, tinc will most
|
||||||
|
@ -224,7 +224,7 @@ support tinc.
|
||||||
* Configuration of OpenBSD kernels::
|
* Configuration of OpenBSD kernels::
|
||||||
* Configuration of NetBSD kernels::
|
* Configuration of NetBSD kernels::
|
||||||
* Configuration of Solaris kernels::
|
* Configuration of Solaris kernels::
|
||||||
* Configuration of Darwin (MacOS/X) kernels::
|
* Configuration of Darwin (Mac OS X) kernels::
|
||||||
* Configuration of Windows::
|
* Configuration of Windows::
|
||||||
@end menu
|
@end menu
|
||||||
|
|
||||||
|
@ -298,19 +298,12 @@ If the @file{net/if_tun.h} header file is missing, install it from the source pa
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node Configuration of Darwin (MacOS/X) kernels
|
@node Configuration of Darwin (Mac OS X) kernels
|
||||||
@subsection Configuration of Darwin (MacOS/X) kernels
|
@subsection Configuration of Darwin (Mac OS X) kernels
|
||||||
|
|
||||||
Tinc on Darwin relies on a tunnel driver for its data acquisition from the kernel.
|
Tinc on Darwin relies on a tunnel driver for its data acquisition from the kernel.
|
||||||
Tinc supports either the driver from @uref{http://tuntaposx.sourceforge.net/},
|
Tinc supports either the driver from @uref{http://tuntaposx.sourceforge.net/},
|
||||||
which supports both tun and tap style devices,
|
which supports both tun and tap style devices.
|
||||||
and also the driver from from @uref{http://chrisp.de/en/projects/tunnel.html}.
|
|
||||||
The former driver is recommended.
|
|
||||||
The tunnel driver must be loaded before starting tinc with the following command:
|
|
||||||
|
|
||||||
@example
|
|
||||||
kmodload tunnel
|
|
||||||
@end example
|
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
|
@ -349,7 +342,7 @@ having them installed, configure will give you an error message, and stop.
|
||||||
For all cryptography-related functions, tinc uses the functions provided
|
For all cryptography-related functions, tinc uses the functions provided
|
||||||
by the OpenSSL library.
|
by the OpenSSL library.
|
||||||
|
|
||||||
If this library is not installed, you wil get an error when configuring
|
If this library is not installed, you will get an error when configuring
|
||||||
tinc for build. Support for running tinc with other cryptographic libraries
|
tinc for build. Support for running tinc with other cryptographic libraries
|
||||||
installed @emph{may} be added in the future.
|
installed @emph{may} be added in the future.
|
||||||
|
|
||||||
|
@ -413,7 +406,7 @@ Markus F.X.J. Oberhumer
|
||||||
For the optional compression of UDP packets, tinc uses the functions provided
|
For the optional compression of UDP packets, tinc uses the functions provided
|
||||||
by the zlib library.
|
by the zlib library.
|
||||||
|
|
||||||
If this library is not installed, you wil get an error when running the
|
If this library is not installed, you will get an error when running the
|
||||||
configure script. You can either install the zlib library, or disable support
|
configure script. You can either install the zlib library, or disable support
|
||||||
for zlib compression by using the "--disable-zlib" option when running the
|
for zlib compression by using the "--disable-zlib" option when running the
|
||||||
configure script. Note that if you disable support for zlib, the resulting
|
configure script. Note that if you disable support for zlib, the resulting
|
||||||
|
@ -437,7 +430,7 @@ default).
|
||||||
@cindex lzo
|
@cindex lzo
|
||||||
Another form of compression is offered using the LZO library.
|
Another form of compression is offered using the LZO library.
|
||||||
|
|
||||||
If this library is not installed, you wil get an error when running the
|
If this library is not installed, you will get an error when running the
|
||||||
configure script. You can either install the LZO library, or disable support
|
configure script. You can either install the LZO library, or disable support
|
||||||
for LZO compression by using the "--disable-lzo" option when running the
|
for LZO compression by using the "--disable-lzo" option when running the
|
||||||
configure script. Note that if you disable support for LZO, the resulting
|
configure script. Note that if you disable support for LZO, the resulting
|
||||||
|
@ -503,19 +496,19 @@ you can use the package management tools of that distribution to install tinc.
|
||||||
The documentation that comes along with your distribution will tell you how to do that.
|
The documentation that comes along with your distribution will tell you how to do that.
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
* Darwin (MacOS/X) build environment::
|
* Darwin (Mac OS X) build environment::
|
||||||
* Cygwin (Windows) build environment::
|
* Cygwin (Windows) build environment::
|
||||||
* MinGW (Windows) build environment::
|
* MinGW (Windows) build environment::
|
||||||
@end menu
|
@end menu
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node Darwin (MacOS/X) build environment
|
@node Darwin (Mac OS X) build environment
|
||||||
@subsection Darwin (MacOS/X) build environment
|
@subsection Darwin (Mac OS X) build environment
|
||||||
|
|
||||||
In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools
|
In order to build tinc on Darwin, you need to install the Mac OS X Developer Tools
|
||||||
from @uref{http://developer.apple.com/tools/macosxtools.html} and
|
from @uref{http://developer.apple.com/tools/macosxtools.html} and
|
||||||
a recent version of Fink from @uref{http://www.finkproject.org/}.
|
preferably a recent version of Fink from @uref{http://www.finkproject.org/}.
|
||||||
|
|
||||||
After installation use fink to download and install the following packages:
|
After installation use fink to download and install the following packages:
|
||||||
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
||||||
|
@ -666,7 +659,7 @@ It is not required if you only run one tinc daemon,
|
||||||
it doesn't even have to be the same on all the sites of your VPN,
|
it doesn't even have to be the same on all the sites of your VPN,
|
||||||
but it is recommended that you choose one anyway.
|
but it is recommended that you choose one anyway.
|
||||||
|
|
||||||
We will asume you use a netname throughout this document.
|
We will assume you use a netname throughout this document.
|
||||||
This means that you call tincd with the -n argument,
|
This means that you call tincd with the -n argument,
|
||||||
which will assign a netname to this daemon.
|
which will assign a netname to this daemon.
|
||||||
|
|
||||||
|
@ -694,7 +687,7 @@ reads in the configuration file tinc.conf.
|
||||||
If it sees one or more `ConnectTo' values pointing to other tinc daemons in that file,
|
If it sees one or more `ConnectTo' values pointing to other tinc daemons in that file,
|
||||||
it will try to connect to those other daemons.
|
it will try to connect to those other daemons.
|
||||||
Whether this succeeds or not and whether `ConnectTo' is specified or not,
|
Whether this succeeds or not and whether `ConnectTo' is specified or not,
|
||||||
tinc will listen for incoming connection from other deamons.
|
tinc will listen for incoming connection from other daemons.
|
||||||
If you did specify a `ConnectTo' value and the other side is not responding,
|
If you did specify a `ConnectTo' value and the other side is not responding,
|
||||||
tinc will keep retrying.
|
tinc will keep retrying.
|
||||||
This means that once started, tinc will stay running until you tell it to stop,
|
This means that once started, tinc will stay running until you tell it to stop,
|
||||||
|
@ -718,7 +711,7 @@ The actual configuration of the daemon is done in the file
|
||||||
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf} and at least one other file in the directory
|
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf} and at least one other file in the directory
|
||||||
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/}.
|
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/}.
|
||||||
|
|
||||||
An optionnal directory @file{@value{sysconfdir}/tinc/@var{netname}/conf.d} can be added from which
|
An optional directory @file{@value{sysconfdir}/tinc/@var{netname}/conf.d} can be added from which
|
||||||
any .conf file will be read.
|
any .conf file will be read.
|
||||||
|
|
||||||
These file consists of comments (lines started with a #) or assignments
|
These file consists of comments (lines started with a #) or assignments
|
||||||
|
@ -829,7 +822,6 @@ Do not use this option if you use switch mode and want to use IPv6.
|
||||||
@item Device = <@var{device}> (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform)
|
@item Device = <@var{device}> (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform)
|
||||||
The virtual network device to use.
|
The virtual network device to use.
|
||||||
Tinc will automatically detect what kind of device it is.
|
Tinc will automatically detect what kind of device it is.
|
||||||
Note that you can only use one device per daemon.
|
|
||||||
Under Windows, use @var{Interface} instead of @var{Device}.
|
Under Windows, use @var{Interface} instead of @var{Device}.
|
||||||
Note that you can only use one device per daemon.
|
Note that you can only use one device per daemon.
|
||||||
See also @ref{Device files}.
|
See also @ref{Device files}.
|
||||||
|
@ -1022,7 +1014,7 @@ while no routing table is managed.
|
||||||
@cindex Name
|
@cindex Name
|
||||||
@item Name = <@var{name}> [required]
|
@item Name = <@var{name}> [required]
|
||||||
This is a symbolic name for this connection.
|
This is a symbolic name for this connection.
|
||||||
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
|
The name should consist only of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _).
|
||||||
|
|
||||||
If Name starts with a $, then the contents of the environment variable that follows will be used.
|
If Name starts with a $, then the contents of the environment variable that follows will be used.
|
||||||
In that case, invalid characters will be converted to underscores.
|
In that case, invalid characters will be converted to underscores.
|
||||||
|
@ -1049,7 +1041,7 @@ will be inherited by the UDP packets that are sent out.
|
||||||
@item PrivateKey = <@var{key}> [obsolete]
|
@item PrivateKey = <@var{key}> [obsolete]
|
||||||
This is the RSA private key for tinc. However, for safety reasons it is
|
This is the RSA private key for tinc. However, for safety reasons it is
|
||||||
advised to store private keys of any kind in separate files. This prevents
|
advised to store private keys of any kind in separate files. This prevents
|
||||||
accidental eavesdropping if you are editting the configuration file.
|
accidental eavesdropping if you are editing the configuration file.
|
||||||
|
|
||||||
@cindex PrivateKeyFile
|
@cindex PrivateKeyFile
|
||||||
@item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv})
|
@item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv})
|
||||||
|
@ -1216,7 +1208,7 @@ connection with that host.
|
||||||
@cindex Subnet
|
@cindex Subnet
|
||||||
@item Subnet = <@var{address}[/@var{prefixlength}[#@var{weight}]]>
|
@item Subnet = <@var{address}[/@var{prefixlength}[#@var{weight}]]>
|
||||||
The subnet which this tinc daemon will serve.
|
The subnet which this tinc daemon will serve.
|
||||||
Tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet.
|
Tinc tries to look up which other daemon it should send a packet to by searching the appropriate subnet.
|
||||||
If the packet matches a subnet,
|
If the packet matches a subnet,
|
||||||
it will be sent to the daemon who has this subnet in his host configuration file.
|
it will be sent to the daemon who has this subnet in his host configuration file.
|
||||||
Multiple subnet lines can be specified for each daemon.
|
Multiple subnet lines can be specified for each daemon.
|
||||||
|
@ -1293,11 +1285,11 @@ This script is started when any host becomes reachable.
|
||||||
This script is started when any host becomes unreachable.
|
This script is started when any host becomes unreachable.
|
||||||
|
|
||||||
@item @value{sysconfdir}/tinc/@var{netname}/subnet-up
|
@item @value{sysconfdir}/tinc/@var{netname}/subnet-up
|
||||||
This script is started when a Subnet becomes reachable.
|
This script is started when a subnet becomes reachable.
|
||||||
The Subnet and the node it belongs to are passed in environment variables.
|
The Subnet and the node it belongs to are passed in environment variables.
|
||||||
|
|
||||||
@item @value{sysconfdir}/tinc/@var{netname}/subnet-down
|
@item @value{sysconfdir}/tinc/@var{netname}/subnet-down
|
||||||
This script is started when a Subnet becomes unreachable.
|
This script is started when a subnet becomes unreachable.
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
@cindex environment variables
|
@cindex environment variables
|
||||||
|
@ -1368,7 +1360,7 @@ add `ConnectTo' values.
|
||||||
|
|
||||||
@subsubheading Step 2. Creating your host configuration file
|
@subsubheading Step 2. Creating your host configuration file
|
||||||
|
|
||||||
If you added a line containing `Name = yourname' in the main configuarion file,
|
If you added a line containing `Name = yourname' in the main configuration file,
|
||||||
you will need to create a host configuration file @file{@value{sysconfdir}/tinc/@var{netname}/hosts/yourname}.
|
you will need to create a host configuration file @file{@value{sysconfdir}/tinc/@var{netname}/hosts/yourname}.
|
||||||
Adapt the following example to create a host configuration file:
|
Adapt the following example to create a host configuration file:
|
||||||
|
|
||||||
|
@ -2022,7 +2014,7 @@ There are two possible types of virtual network devices:
|
||||||
and `tap' style, which are Ethernet devices and handle complete Ethernet frames.
|
and `tap' style, which are Ethernet devices and handle complete Ethernet frames.
|
||||||
|
|
||||||
So when tinc reads an Ethernet frame from the device, it determines its
|
So when tinc reads an Ethernet frame from the device, it determines its
|
||||||
type. When tinc is in it's default routing mode, it can handle IPv4 and IPv6
|
type. When tinc is in its default routing mode, it can handle IPv4 and IPv6
|
||||||
packets. Depending on the Subnet lines, it will send the packets off to their destination IP address.
|
packets. Depending on the Subnet lines, it will send the packets off to their destination IP address.
|
||||||
In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery
|
In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery
|
||||||
to deduce the destination of the packets.
|
to deduce the destination of the packets.
|
||||||
|
@ -2053,7 +2045,7 @@ If the virtual network device is a `tun' device (a point-to-point tunnel),
|
||||||
there is no problem for the kernel to accept a packet.
|
there is no problem for the kernel to accept a packet.
|
||||||
However, if it is a `tap' device (this is the only available type on FreeBSD),
|
However, if it is a `tap' device (this is the only available type on FreeBSD),
|
||||||
the destination MAC address must match that of the virtual network interface.
|
the destination MAC address must match that of the virtual network interface.
|
||||||
If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC
|
If tinc is in its default routing mode, ARP does not work, so the correct destination MAC
|
||||||
can not be known by the sending host.
|
can not be known by the sending host.
|
||||||
Tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface
|
Tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface
|
||||||
and overwriting the destination MAC address of the received packet.
|
and overwriting the destination MAC address of the received packet.
|
||||||
|
@ -2446,7 +2438,7 @@ netmask should be such that it encompasses the entire VPN.
|
||||||
|
|
||||||
For IPv4 addresses:
|
For IPv4 addresses:
|
||||||
|
|
||||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
@multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||||
@item Linux
|
@item Linux
|
||||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||||
@item Linux iproute2
|
@item Linux iproute2
|
||||||
|
@ -2459,7 +2451,7 @@ For IPv4 addresses:
|
||||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||||
@item Solaris
|
@item Solaris
|
||||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||||
@item Darwin (MacOS/X)
|
@item Darwin (Mac OS X)
|
||||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||||
@item Windows
|
@item Windows
|
||||||
@tab @code{netsh interface ip set address} @var{interface} @code{static} @var{address} @var{netmask}
|
@tab @code{netsh interface ip set address} @var{interface} @code{static} @var{address} @var{netmask}
|
||||||
|
@ -2467,7 +2459,7 @@ For IPv4 addresses:
|
||||||
|
|
||||||
For IPv6 addresses:
|
For IPv6 addresses:
|
||||||
|
|
||||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
@multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||||
@item Linux
|
@item Linux
|
||||||
@tab @code{ifconfig} @var{interface} @code{add} @var{address}@code{/}@var{prefixlength}
|
@tab @code{ifconfig} @var{interface} @code{add} @var{address}@code{/}@var{prefixlength}
|
||||||
@item FreeBSD
|
@item FreeBSD
|
||||||
|
@ -2480,7 +2472,7 @@ For IPv6 addresses:
|
||||||
@tab @code{ifconfig} @var{interface} @code{inet6 plumb up}
|
@tab @code{ifconfig} @var{interface} @code{inet6 plumb up}
|
||||||
@item
|
@item
|
||||||
@tab @code{ifconfig} @var{interface} @code{inet6 addif} @var{address} @var{address}
|
@tab @code{ifconfig} @var{interface} @code{inet6 addif} @var{address} @var{address}
|
||||||
@item Darwin (MacOS/X)
|
@item Darwin (Mac OS X)
|
||||||
@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
|
@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
|
||||||
@item Windows
|
@item Windows
|
||||||
@tab @code{netsh interface ipv6 add address} @var{interface} @code{static} @var{address}/@var{prefixlength}
|
@tab @code{netsh interface ipv6 add address} @var{interface} @code{static} @var{address}/@var{prefixlength}
|
||||||
|
@ -2488,7 +2480,7 @@ For IPv6 addresses:
|
||||||
|
|
||||||
On some platforms, when running tinc in switch mode, the VPN interface must be set to tap mode with an ifconfig command:
|
On some platforms, when running tinc in switch mode, the VPN interface must be set to tap mode with an ifconfig command:
|
||||||
|
|
||||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
@multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||||
@item OpenBSD
|
@item OpenBSD
|
||||||
@tab @code{ifconfig} @var{interface} @code{link0}
|
@tab @code{ifconfig} @var{interface} @code{link0}
|
||||||
@end multitable
|
@end multitable
|
||||||
|
@ -2498,7 +2490,7 @@ continue to exist even if tinc quit, although this is normally not required.
|
||||||
It can be useful to set up a tun/tap interface owned by a non-root user, so
|
It can be useful to set up a tun/tap interface owned by a non-root user, so
|
||||||
tinc can be started without needing any root privileges at all.
|
tinc can be started without needing any root privileges at all.
|
||||||
|
|
||||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
@multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||||
@item Linux
|
@item Linux
|
||||||
@tab @code{ip tuntap add dev} @var{interface} @code{mode} @var{tun|tap} @code{user} @var{username}
|
@tab @code{ip tuntap add dev} @var{interface} @code{mode} @var{tun|tap} @code{user} @var{username}
|
||||||
@end multitable
|
@end multitable
|
||||||
|
@ -2516,7 +2508,7 @@ support this.
|
||||||
|
|
||||||
Adding routes to IPv4 subnets:
|
Adding routes to IPv4 subnets:
|
||||||
|
|
||||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
@multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||||
@item Linux
|
@item Linux
|
||||||
@tab @code{route add -net} @var{network_address} @code{netmask} @var{netmask} @var{interface}
|
@tab @code{route add -net} @var{network_address} @code{netmask} @var{netmask} @var{interface}
|
||||||
@item Linux iproute2
|
@item Linux iproute2
|
||||||
|
@ -2529,15 +2521,15 @@ Adding routes to IPv4 subnets:
|
||||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
||||||
@item Solaris
|
@item Solaris
|
||||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
|
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
|
||||||
@item Darwin (MacOS/X)
|
@item Darwin (Mac OS X)
|
||||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @code{-interface} @var{interface}
|
||||||
@item Windows
|
@item Windows
|
||||||
@tab @code{netsh routing ip add persistentroute} @var{network_address} @var{netmask} @var{interface} @var{local_address}
|
@tab @code{netsh routing ip add persistentroute} @var{network_address} @var{netmask} @var{interface} @var{local_address}
|
||||||
@end multitable
|
@end multitable
|
||||||
|
|
||||||
Adding routes to IPv6 subnets:
|
Adding routes to IPv6 subnets:
|
||||||
|
|
||||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
@multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||||
@item Linux
|
@item Linux
|
||||||
@tab @code{route add -A inet6} @var{network_address}@code{/}@var{prefixlength} @var{interface}
|
@tab @code{route add -A inet6} @var{network_address}@code{/}@var{prefixlength} @var{interface}
|
||||||
@item Linux iproute2
|
@item Linux iproute2
|
||||||
|
@ -2550,8 +2542,8 @@ Adding routes to IPv6 subnets:
|
||||||
@tab @code{route add -inet6} @var{network_address} @var{local_address} @code{-prefixlen} @var{prefixlength}
|
@tab @code{route add -inet6} @var{network_address} @var{local_address} @code{-prefixlen} @var{prefixlength}
|
||||||
@item Solaris
|
@item Solaris
|
||||||
@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
|
@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
|
||||||
@item Darwin (MacOS/X)
|
@item Darwin (Mac OS X)
|
||||||
@tab ?
|
@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @code{-interface} @var{interface}
|
||||||
@item Windows
|
@item Windows
|
||||||
@tab @code{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface}
|
@tab @code{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface}
|
||||||
@end multitable
|
@end multitable
|
||||||
|
|
|
@ -9,8 +9,8 @@ AC_DEFUN([tinc_ATTRIBUTE],
|
||||||
CFLAGS="$CFLAGS -Wall -Werror"
|
CFLAGS="$CFLAGS -Wall -Werror"
|
||||||
AC_COMPILE_IFELSE(
|
AC_COMPILE_IFELSE(
|
||||||
[AC_LANG_SOURCE(
|
[AC_LANG_SOURCE(
|
||||||
[void test(void) __attribute__ (($1));
|
[void *test(void) __attribute__ (($1));
|
||||||
void test(void) { return; }
|
void *test(void) { return (void *)0; }
|
||||||
],
|
],
|
||||||
)],
|
)],
|
||||||
[tinc_cv_attribute_$1=yes],
|
[tinc_cv_attribute_$1=yes],
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction BSD tun/tap device
|
device.c -- Interaction BSD tun/tap device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define DEFAULT_TUN_DEVICE "/dev/tun0"
|
#define DEFAULT_TUN_DEVICE "/dev/tun0"
|
||||||
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD)
|
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD) || defined(HAVE_DARWIN)
|
||||||
#define DEFAULT_TAP_DEVICE "/dev/tap0"
|
#define DEFAULT_TAP_DEVICE "/dev/tap0"
|
||||||
#else
|
#else
|
||||||
#define DEFAULT_TAP_DEVICE "/dev/tun0"
|
#define DEFAULT_TAP_DEVICE "/dev/tun0"
|
||||||
|
|
|
@ -38,6 +38,7 @@ extern avl_tree_t *config_tree;
|
||||||
extern int pinginterval;
|
extern int pinginterval;
|
||||||
extern int pingtimeout;
|
extern int pingtimeout;
|
||||||
extern int maxtimeout;
|
extern int maxtimeout;
|
||||||
|
extern int mintimeout;
|
||||||
extern bool bypass_security;
|
extern bool bypass_security;
|
||||||
extern char *confbase;
|
extern char *confbase;
|
||||||
extern char *netname;
|
extern char *netname;
|
||||||
|
|
17
src/have.h
17
src/have.h
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
have.h -- include headers which are known to exist
|
have.h -- include headers which are known to exist
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2003-2014 Guus Sliepen <guus@tinc-vpn.org>
|
2003-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -196,4 +196,19 @@
|
||||||
#include <netinet/if_ether.h>
|
#include <netinet/if_ether.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_ARPA_NAMESER_H
|
||||||
|
#include <arpa/nameser.h>
|
||||||
|
#ifdef STATUS
|
||||||
|
#undef STATUS
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_RESOLV_H
|
||||||
|
#include <resolv.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_LINUX_IF_TUN_H
|
||||||
|
#include <linux/if_tun.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* __TINC_SYSTEM_H__ */
|
#endif /* __TINC_SYSTEM_H__ */
|
||||||
|
|
|
@ -134,6 +134,9 @@ static bool setup_device(void) {
|
||||||
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(overwrite_mac && !ioctl(device_fd, SIOCGIFHWADDR, &ifr))
|
||||||
|
memcpy(mymac.x, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
|
||||||
|
|
||||||
logger(LOG_INFO, "%s is a %s", device, device_info);
|
logger(LOG_INFO, "%s is a %s", device, device_info);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
13
src/net.c
13
src/net.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net.c -- most of the network code
|
net.c -- most of the network code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2011 Loïc Grenié <loic.grenie@gmail.com>
|
2011 Loïc Grenié <loic.grenie@gmail.com>
|
||||||
|
|
||||||
|
@ -41,14 +41,6 @@
|
||||||
#include "subnet.h"
|
#include "subnet.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
||||||
#ifdef HAVE_ARPA_NAMESER_H
|
|
||||||
#include <arpa/nameser.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_RESOLV_H
|
|
||||||
#include <resolv.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
bool do_purge = false;
|
bool do_purge = false;
|
||||||
volatile bool running = false;
|
volatile bool running = false;
|
||||||
#ifdef HAVE_PSELECT
|
#ifdef HAVE_PSELECT
|
||||||
|
@ -508,9 +500,6 @@ int main_loop(void) {
|
||||||
avl_node_t *node;
|
avl_node_t *node;
|
||||||
logger(LOG_INFO, "Flushing event queue");
|
logger(LOG_INFO, "Flushing event queue");
|
||||||
expire_events();
|
expire_events();
|
||||||
#if HAVE_DECL_RES_INIT
|
|
||||||
res_init();
|
|
||||||
#endif
|
|
||||||
for(node = connection_tree->head; node; node = node->next) {
|
for(node = connection_tree->head; node; node = node->next) {
|
||||||
connection_t *c = node->data;
|
connection_t *c = node->data;
|
||||||
if(c->status.active)
|
if(c->status.active)
|
||||||
|
|
|
@ -87,6 +87,7 @@ typedef struct listen_socket_t {
|
||||||
int tcp;
|
int tcp;
|
||||||
int udp;
|
int udp;
|
||||||
sockaddr_t sa;
|
sockaddr_t sa;
|
||||||
|
int priority;
|
||||||
} listen_socket_t;
|
} listen_socket_t;
|
||||||
|
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
|
|
|
@ -415,9 +415,6 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
||||||
vpn_packet_t *outpkt;
|
vpn_packet_t *outpkt;
|
||||||
int origlen;
|
int origlen;
|
||||||
int outlen, outpad;
|
int outlen, outpad;
|
||||||
#if defined(SOL_IP) && defined(IP_TOS)
|
|
||||||
static int priority = 0;
|
|
||||||
#endif
|
|
||||||
int origpriority;
|
int origpriority;
|
||||||
|
|
||||||
if(!n->status.reachable) {
|
if(!n->status.reachable) {
|
||||||
|
@ -549,15 +546,27 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
||||||
sock = n->sock;
|
sock = n->sock;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(priorityinheritance && origpriority != listen_socket[n->sock].priority) {
|
||||||
|
listen_socket[n->sock].priority = origpriority;
|
||||||
|
switch(listen_socket[n->sock].sa.sa.sa_family) {
|
||||||
#if defined(SOL_IP) && defined(IP_TOS)
|
#if defined(SOL_IP) && defined(IP_TOS)
|
||||||
if(priorityinheritance && origpriority != priority
|
case AF_INET:
|
||||||
&& listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
|
||||||
priority = origpriority;
|
if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &origpriority, sizeof(origpriority))) /* SO_PRIORITY doesn't seem to work */
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
|
|
||||||
if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
|
|
||||||
logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
|
logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
|
||||||
}
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
|
||||||
|
case AF_INET6:
|
||||||
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
|
||||||
|
if(setsockopt(listen_socket[n->sock].udp, IPPROTO_IPV6, IPV6_TCLASS, &origpriority, sizeof(origpriority)))
|
||||||
|
logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
|
if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
|
||||||
if(sockmsgsize(sockerrno)) {
|
if(sockmsgsize(sockerrno)) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -539,7 +539,12 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
#if !defined(SOL_IP) || !defined(IP_TOS)
|
#if !defined(SOL_IP) || !defined(IP_TOS)
|
||||||
if(priorityinheritance)
|
if(priorityinheritance)
|
||||||
logger(LOG_WARNING, "%s not supported on this platform", "PriorityInheritance");
|
logger(LOG_WARNING, "%s not supported on this platform for IPv4 connection", "PriorityInheritance");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !defined(IPPROTO_IPV6) || !defined(IPV6_TCLASS)
|
||||||
|
if(priorityinheritance)
|
||||||
|
logger(LOG_WARNING, "%s not supported on this platform for IPv6 connection", "PriorityInheritance");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
|
if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
|
||||||
|
@ -553,6 +558,18 @@ static bool setup_myself(void) {
|
||||||
} else
|
} else
|
||||||
maxtimeout = 900;
|
maxtimeout = 900;
|
||||||
|
|
||||||
|
if(get_config_int(lookup_config(config_tree, "MinTimeout"), &mintimeout)) {
|
||||||
|
if(mintimeout < 0) {
|
||||||
|
logger(LOG_ERR, "Bogus minimum timeout!");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if(mintimeout > maxtimeout) {
|
||||||
|
logger(LOG_WARNING, "Minimum timeout (%d s) cannot be larger than maximum timeout (%d s). Correcting !", mintimeout, maxtimeout );
|
||||||
|
mintimeout=maxtimeout;
|
||||||
|
}
|
||||||
|
} else
|
||||||
|
mintimeout = 0;
|
||||||
|
|
||||||
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
|
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
|
||||||
if(udp_rcvbuf <= 0) {
|
if(udp_rcvbuf <= 0) {
|
||||||
logger(LOG_ERR, "UDPRcvBuf cannot be negative!");
|
logger(LOG_ERR, "UDPRcvBuf cannot be negative!");
|
||||||
|
@ -713,6 +730,12 @@ static bool setup_myself(void) {
|
||||||
xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
|
xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
|
||||||
xasprintf(&envp[3], "NAME=%s", myself->name);
|
xasprintf(&envp[3], "NAME=%s", myself->name);
|
||||||
|
|
||||||
|
#ifdef HAVE_MINGW
|
||||||
|
Sleep(1000);
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_CYGWIN
|
||||||
|
sleep(1);
|
||||||
|
#endif
|
||||||
execute_script("tinc-up", envp);
|
execute_script("tinc-up", envp);
|
||||||
|
|
||||||
for(i = 0; i < 4; i++)
|
for(i = 0; i < 4; i++)
|
||||||
|
@ -790,6 +813,10 @@ static bool setup_myself(void) {
|
||||||
hint.ai_protocol = IPPROTO_TCP;
|
hint.ai_protocol = IPPROTO_TCP;
|
||||||
hint.ai_flags = AI_PASSIVE;
|
hint.ai_flags = AI_PASSIVE;
|
||||||
|
|
||||||
|
#if HAVE_DECL_RES_INIT
|
||||||
|
// ensure glibc reloads /etc/resolv.conf.
|
||||||
|
res_init();
|
||||||
|
#endif
|
||||||
err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
|
err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
|
||||||
free(address);
|
free(address);
|
||||||
|
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int addressfamily = AF_UNSPEC;
|
int addressfamily = AF_UNSPEC;
|
||||||
|
int mintimeout = 0;
|
||||||
int maxtimeout = 900;
|
int maxtimeout = 900;
|
||||||
int seconds_till_retry = 5;
|
int seconds_till_retry = 5;
|
||||||
int udp_rcvbuf = 0;
|
int udp_rcvbuf = 0;
|
||||||
|
@ -77,6 +78,11 @@ static void configure_tcp(connection_t *c) {
|
||||||
option = IPTOS_LOWDELAY;
|
option = IPTOS_LOWDELAY;
|
||||||
setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof(option));
|
setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof(option));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
|
||||||
|
option = IPTOS_LOWDELAY;
|
||||||
|
setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool bind_to_interface(int sd) {
|
static bool bind_to_interface(int sd) {
|
||||||
|
@ -273,6 +279,9 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
||||||
void retry_outgoing(outgoing_t *outgoing) {
|
void retry_outgoing(outgoing_t *outgoing) {
|
||||||
outgoing->timeout += 5;
|
outgoing->timeout += 5;
|
||||||
|
|
||||||
|
if(outgoing->timeout < mintimeout)
|
||||||
|
outgoing->timeout = mintimeout;
|
||||||
|
|
||||||
if(outgoing->timeout > maxtimeout)
|
if(outgoing->timeout > maxtimeout)
|
||||||
outgoing->timeout = maxtimeout;
|
outgoing->timeout = maxtimeout;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
netutl.c -- some supporting network utility code
|
netutl.c -- some supporting network utility code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -39,6 +39,10 @@ struct addrinfo *str2addrinfo(const char *address, const char *service, int sock
|
||||||
hint.ai_family = addressfamily;
|
hint.ai_family = addressfamily;
|
||||||
hint.ai_socktype = socktype;
|
hint.ai_socktype = socktype;
|
||||||
|
|
||||||
|
#if HAVE_DECL_RES_INIT
|
||||||
|
// ensure glibc reloads /etc/resolv.conf.
|
||||||
|
res_init();
|
||||||
|
#endif
|
||||||
err = getaddrinfo(address, service, &hint, &ai);
|
err = getaddrinfo(address, service, &hint, &ai);
|
||||||
|
|
||||||
if(err) {
|
if(err) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
process.c -- process management functions
|
process.c -- process management functions
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -347,16 +347,58 @@ bool detach(void) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_PUTENV
|
||||||
|
void unputenv(char *p) {
|
||||||
|
char *e = strchr(p, '=');
|
||||||
|
if(!e)
|
||||||
|
return;
|
||||||
|
int len = e - p;
|
||||||
|
#ifndef HAVE_UNSETENV
|
||||||
|
#ifdef HAVE_MINGW
|
||||||
|
// Windows requires putenv("FOO=") to unset %FOO%
|
||||||
|
len++;
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
char var[len + 1];
|
||||||
|
memcpy(var, p, len);
|
||||||
|
var[len] = 0;
|
||||||
|
#ifdef HAVE_UNSETENV
|
||||||
|
unsetenv(var);
|
||||||
|
#else
|
||||||
|
// We must keep what we putenv() around in memory.
|
||||||
|
// To do this without memory leaks, keep things in a list and reuse if possible.
|
||||||
|
static list_t list = {};
|
||||||
|
for(list_node_t *node = list.head; node; node = node->next) {
|
||||||
|
char *data = node->data;
|
||||||
|
if(!strcmp(data, var)) {
|
||||||
|
putenv(data);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
char *data = xstrdup(var);
|
||||||
|
list_insert_tail(&list, data);
|
||||||
|
putenv(data);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
void putenv(const char *p) {}
|
||||||
|
void unputenv(const char *p) {}
|
||||||
|
#endif
|
||||||
|
|
||||||
bool execute_script(const char *name, char **envp) {
|
bool execute_script(const char *name, char **envp) {
|
||||||
#ifdef HAVE_SYSTEM
|
#ifdef HAVE_SYSTEM
|
||||||
int status, len;
|
|
||||||
char *scriptname;
|
char *scriptname;
|
||||||
int i;
|
|
||||||
char *interpreter = NULL;
|
char *interpreter = NULL;
|
||||||
|
config_t *cfg_interpreter;
|
||||||
|
int status, len, i;
|
||||||
|
|
||||||
|
cfg_interpreter = lookup_config(config_tree, "ScriptsInterpreter");
|
||||||
#ifndef HAVE_MINGW
|
#ifndef HAVE_MINGW
|
||||||
len = xasprintf(&scriptname, "\"%s/%s\"", confbase, name);
|
len = xasprintf(&scriptname, "\"%s/%s\"", confbase, name);
|
||||||
#else
|
#else
|
||||||
|
if(cfg_interpreter)
|
||||||
|
len = xasprintf(&scriptname, "\"%s/%s\"", confbase, name);
|
||||||
|
else
|
||||||
len = xasprintf(&scriptname, "\"%s/%s.bat\"", confbase, name);
|
len = xasprintf(&scriptname, "\"%s/%s.bat\"", confbase, name);
|
||||||
#endif
|
#endif
|
||||||
if(len < 0)
|
if(len < 0)
|
||||||
|
@ -365,14 +407,13 @@ bool execute_script(const char *name, char **envp) {
|
||||||
scriptname[len - 1] = '\0';
|
scriptname[len - 1] = '\0';
|
||||||
|
|
||||||
/* First check if there is a script */
|
/* First check if there is a script */
|
||||||
|
|
||||||
if(access(scriptname + 1, F_OK)) {
|
if(access(scriptname + 1, F_OK)) {
|
||||||
free(scriptname);
|
free(scriptname);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Custom scripts interpreter
|
// Custom scripts interpreter
|
||||||
if(get_config_string(lookup_config(config_tree, "ScriptsInterpreter"), &interpreter)) {
|
if(get_config_string(cfg_interpreter, &interpreter)) {
|
||||||
// Force custom scripts interpreter allowing execution of scripts on android without execution flag (such as on /sdcard)
|
// Force custom scripts interpreter allowing execution of scripts on android without execution flag (such as on /sdcard)
|
||||||
free(scriptname);
|
free(scriptname);
|
||||||
len = xasprintf(&scriptname, "%s \"%s/%s\"", interpreter, confbase, name);
|
len = xasprintf(&scriptname, "%s \"%s/%s\"", interpreter, confbase, name);
|
||||||
|
@ -383,12 +424,10 @@ bool execute_script(const char *name, char **envp) {
|
||||||
|
|
||||||
ifdebug(STATUS) logger(LOG_INFO, "Executing script %s", name);
|
ifdebug(STATUS) logger(LOG_INFO, "Executing script %s", name);
|
||||||
|
|
||||||
#ifdef HAVE_PUTENV
|
|
||||||
/* Set environment */
|
/* Set environment */
|
||||||
|
|
||||||
for(i = 0; envp[i]; i++)
|
for(i = 0; envp[i]; i++)
|
||||||
putenv(envp[i]);
|
putenv(envp[i]);
|
||||||
#endif
|
|
||||||
|
|
||||||
scriptname[len - 1] = '\"';
|
scriptname[len - 1] = '\"';
|
||||||
status = system(scriptname);
|
status = system(scriptname);
|
||||||
|
@ -397,15 +436,8 @@ bool execute_script(const char *name, char **envp) {
|
||||||
|
|
||||||
/* Unset environment */
|
/* Unset environment */
|
||||||
|
|
||||||
for(i = 0; envp[i]; i++) {
|
for(i = 0; envp[i]; i++)
|
||||||
char *e = strchr(envp[i], '=');
|
unputenv(envp[i]);
|
||||||
if(e) {
|
|
||||||
char p[e - envp[i] + 1];
|
|
||||||
strncpy(p, envp[i], e - envp[i]);
|
|
||||||
p[e - envp[i]] = '\0';
|
|
||||||
putenv(p);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(status != -1) {
|
if(status != -1) {
|
||||||
#ifdef WEXITSTATUS
|
#ifdef WEXITSTATUS
|
||||||
|
|
10
src/tincd.c
10
src/tincd.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
tincd.c -- the main file for tincd
|
tincd.c -- the main file for tincd
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2008 Max Rijevski <maksuf@gmail.com>
|
2008 Max Rijevski <maksuf@gmail.com>
|
||||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||||
2010 Julien Muchembled <jm@jmuchemb.eu>
|
2010 Julien Muchembled <jm@jmuchemb.eu>
|
||||||
|
@ -97,7 +97,7 @@ char *pidfilename = NULL; /* pid file location */
|
||||||
char *logfilename = NULL; /* log file location */
|
char *logfilename = NULL; /* log file location */
|
||||||
char **g_argv; /* a copy of the cmdline arguments */
|
char **g_argv; /* a copy of the cmdline arguments */
|
||||||
|
|
||||||
static int status;
|
static int status = 1;
|
||||||
|
|
||||||
static struct option const long_options[] = {
|
static struct option const long_options[] = {
|
||||||
{"config", required_argument, NULL, 'c'},
|
{"config", required_argument, NULL, 'c'},
|
||||||
|
@ -438,14 +438,14 @@ static void make_names(void) {
|
||||||
#ifdef HAVE_MINGW
|
#ifdef HAVE_MINGW
|
||||||
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
||||||
if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
|
if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
|
||||||
if(!logfilename)
|
|
||||||
xasprintf(&logfilename, "%s/log/%s.log", identname);
|
|
||||||
if(!confbase) {
|
if(!confbase) {
|
||||||
if(netname)
|
if(netname)
|
||||||
xasprintf(&confbase, "%s/%s", installdir, netname);
|
xasprintf(&confbase, "%s/%s", installdir, netname);
|
||||||
else
|
else
|
||||||
xasprintf(&confbase, "%s", installdir);
|
xasprintf(&confbase, "%s", installdir);
|
||||||
}
|
}
|
||||||
|
if(!logfilename)
|
||||||
|
xasprintf(&logfilename, "%s/tinc.log", confbase);
|
||||||
}
|
}
|
||||||
RegCloseKey(key);
|
RegCloseKey(key);
|
||||||
if(*installdir)
|
if(*installdir)
|
||||||
|
@ -549,7 +549,7 @@ int main(int argc, char **argv) {
|
||||||
if(show_version) {
|
if(show_version) {
|
||||||
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
||||||
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
||||||
printf("Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen and others.\n"
|
printf("Copyright (C) 1998-2015 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||||
"See the AUTHORS file for a complete list.\n\n"
|
"See the AUTHORS file for a complete list.\n\n"
|
||||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||||
"and you are welcome to redistribute it under certain conditions;\n"
|
"and you are welcome to redistribute it under certain conditions;\n"
|
||||||
|
|
Loading…
Reference in a new issue