Import Debian changes 1.1~pre6-1
tinc (1.1~pre6-1) experimental; urgency=low * New upstream release.
This commit is contained in:
commit
2127705d53
53 changed files with 3856 additions and 14921 deletions
25
NEWS
25
NEWS
|
@ -1,3 +1,28 @@
|
|||
Version 1.1pre6 February 20 2013
|
||||
|
||||
* Fixed tincd exitting immediately on Windows.
|
||||
|
||||
* Detect PMTU increases.
|
||||
|
||||
* Fixed crashes when using a SOCKS5 proxy.
|
||||
|
||||
* Fixed control connection when using a proxy.
|
||||
|
||||
Version 1.1pre5 January 20 2013
|
||||
|
||||
* Fixed long delays and possible hangs on Windows.
|
||||
|
||||
* Fixed support for the tunemu device on iOS, the UML and VDE devices.
|
||||
|
||||
* Small improvements to the documentation and error messages.
|
||||
|
||||
* Fixed broadcast packets not reaching the whole VPN.
|
||||
|
||||
* Tincctl now connects via a UNIX socket to the tincd on platforms that
|
||||
support this.
|
||||
|
||||
* The PriorityInheritance option now also works in switch mode.
|
||||
|
||||
Version 1.1pre4 December 5 2012
|
||||
|
||||
* Added the "AutoConnect" option which will let tinc automatically select
|
||||
|
|
8
README
8
README
|
@ -1,7 +1,7 @@
|
|||
This is the README file for tinc version 1.1pre4. Installation
|
||||
This is the README file for tinc version 1.1pre6. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright (C) 1998-2012 by:
|
||||
tinc is Copyright (C) 1998-2013 by:
|
||||
|
||||
Ivo Timmermans,
|
||||
Guus Sliepen <guus@tinc-vpn.org>,
|
||||
|
@ -36,11 +36,11 @@ at your own risk.
|
|||
Compatibility
|
||||
-------------
|
||||
|
||||
Version 1.1pre4 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
Version 1.1pre6 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
versions of tinc.
|
||||
|
||||
When the ExperimentalProtocol option is used, tinc is still compatible with
|
||||
1.0.X and 1.1pre4 itself, but not with any other 1.1preX version.
|
||||
1.0.X and 1.1pre6 itself, but not with any other 1.1preX version.
|
||||
|
||||
|
||||
Requirements
|
||||
|
|
2
THANKS
2
THANKS
|
@ -6,7 +6,9 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Anthony G. Basile
|
||||
* Armijn Hemel
|
||||
* Brandon Black
|
||||
* Cheng LI
|
||||
* Cris van Pelt
|
||||
* Darius Jahandarie
|
||||
* Delf Eldkraft
|
||||
* dnk
|
||||
* Enrique Zanardi
|
||||
|
|
2
configure
vendored
2
configure
vendored
|
@ -4095,7 +4095,7 @@ fi
|
|||
|
||||
# Define the identity of the package.
|
||||
PACKAGE=tinc
|
||||
VERSION=1.1pre4
|
||||
VERSION=1.1pre6
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
|
|
|
@ -4,7 +4,7 @@ AC_PREREQ(2.61)
|
|||
AC_INIT
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AC_GNU_SOURCE
|
||||
AM_INIT_AUTOMAKE(tinc, 1.1pre4)
|
||||
AM_INIT_AUTOMAKE(tinc, 1.1pre6)
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
AM_MAINTAINER_MODE
|
||||
|
||||
|
|
6
debian/changelog
vendored
6
debian/changelog
vendored
|
@ -1,3 +1,9 @@
|
|||
tinc (1.1~pre6-1) experimental; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 20 Feb 2013 16:53:33 +0100
|
||||
|
||||
tinc (1.1~pre4-1) experimental; urgency=low
|
||||
|
||||
[ Gian Piero ]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.Dd 2012-09-27
|
||||
.Dd 2013-01-14
|
||||
.Dt TINC.CONF 5
|
||||
.\" Manual page created by:
|
||||
.\" Ivo Timmermans
|
||||
|
@ -343,7 +343,7 @@ This option selects the way packets are routed to other daemons.
|
|||
In this mode
|
||||
.Va Subnet
|
||||
variables in the host configuration files will be used to form a routing table.
|
||||
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||
Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||
.Pp
|
||||
This is the default mode, and unless you really know you need another mode, don't change it.
|
||||
.It switch
|
||||
|
@ -361,7 +361,7 @@ while no routing table is managed.
|
|||
.It Va Name Li = Ar name Bq required
|
||||
This is the name which identifies this tinc daemon.
|
||||
It must be unique for the virtual private network this daemon will connect to.
|
||||
The Name may only consist of alphanumeric and underscore characters.
|
||||
The Name may only consist of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
|
||||
If
|
||||
.Va Name
|
||||
starts with a
|
||||
|
@ -372,7 +372,7 @@ If
|
|||
.Va Name
|
||||
is
|
||||
.Li $HOST ,
|
||||
but no such environment variable exist, the hostname will be read using the gethostnname() system call.
|
||||
but no such environment variable exist, the hostname will be read using the gethostname() system call.
|
||||
.It Va PingInterval Li = Ar seconds Pq 60
|
||||
The number of seconds of inactivity that
|
||||
.Nm tinc
|
||||
|
@ -428,7 +428,7 @@ and
|
|||
are available.
|
||||
.El
|
||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||
vhis is the size of the replay tracking window for each remote node, in bytes.
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
|
@ -497,12 +497,9 @@ Furthermore, specifying
|
|||
.Qq none
|
||||
will turn off packet authentication.
|
||||
.It Va IndirectData Li = yes | no Pq no
|
||||
This option specifies whether other tinc daemons besides the one you specified with
|
||||
.Va ConnectTo
|
||||
can make a direct connection to you.
|
||||
This is especially useful if you are behind a firewall
|
||||
and it is impossible to make a connection from the outside to your tinc daemon.
|
||||
Otherwise, it is best to leave this option out or set it to no.
|
||||
When set to yes, other nodes which do not already have a meta connection to you
|
||||
will not try to establish direct communication with you.
|
||||
It is best to leave this option out or set it to no.
|
||||
.It Va MACLength Li = Ar length Pq 4
|
||||
The length of the message authentication code used to authenticate UDP packets.
|
||||
Can be anything from
|
||||
|
|
177
doc/tinc.info
177
doc/tinc.info
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
|||
* tinc: (tinc). The tinc Manual.
|
||||
END-INFO-DIR-ENTRY
|
||||
|
||||
This is the info manual for tinc version 1.1pre4, a Virtual Private
|
||||
This is the info manual for tinc version 1.1pre5, a Virtual Private
|
||||
Network daemon.
|
||||
|
||||
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
|
||||
Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
|
||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
|
@ -989,9 +989,8 @@ Mode = <router|switch|hub> (router)
|
|||
|
||||
router
|
||||
In this mode Subnet variables in the host configuration files
|
||||
will be used to form a routing table. Only unicast packets
|
||||
of routable protocols (IPv4 and IPv6) are supported in this
|
||||
mode.
|
||||
will be used to form a routing table. Only packets of
|
||||
routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||
|
||||
This is the default mode, and unless you really know you need
|
||||
another mode, don't change it.
|
||||
|
@ -1026,13 +1025,13 @@ MACExpire = <SECONDS> (600)
|
|||
Name = <NAME> [required]
|
||||
This is a symbolic name for this connection. The name should
|
||||
consist only of alfanumeric and underscore characters (a-z, A-Z,
|
||||
0-9 and _).
|
||||
0-9 and _), and is case sensitive.
|
||||
|
||||
If Name starts with a $, then the contents of the environment
|
||||
variable that follows will be used. In that case, invalid
|
||||
characters will be converted to underscores. If Name is $HOST,
|
||||
but no such environment variable exist, the hostname will be read
|
||||
using the gethostnname() system call.
|
||||
using the gethostname() system call.
|
||||
|
||||
PingInterval = <SECONDS> (60)
|
||||
The number of seconds of inactivity that tinc will wait before
|
||||
|
@ -1157,12 +1156,9 @@ Digest = <DIGEST> (sha1)
|
|||
"none" will turn off packet authentication.
|
||||
|
||||
IndirectData = <yes|no> (no)
|
||||
This option specifies whether other tinc daemons besides the one
|
||||
you specified with ConnectTo can make a direct connection to you.
|
||||
This is especially useful if you are behind a firewall and it is
|
||||
impossible to make a connection from the outside to your tinc
|
||||
daemon. Otherwise, it is best to leave this option out or set it
|
||||
to no.
|
||||
When set to yes, other nodes which do not already have a meta
|
||||
connection to you will not try to establish direct communication
|
||||
with you. It is best to leave this option out or set it to no.
|
||||
|
||||
MACLength = <BYTES> (4)
|
||||
The length of the message authentication code used to authenticate
|
||||
|
@ -1412,10 +1408,11 @@ copy&paste the email:
|
|||
|
||||
If you are the owner of bar yourself, and you have SSH access to
|
||||
that computer, you can also swap the host configuration files using the
|
||||
following commands:
|
||||
following command:
|
||||
|
||||
tincctl -n NETNAME export | ssh bar.example.org tincctl -n NETNAME import
|
||||
ssh bar.example.org tincctl -n NETNAME export | tincctl -n NETNAME import
|
||||
tincctl -n NETNAME export \
|
||||
| ssh bar.example.org tincctl -n NETNAME exchange \
|
||||
| tincctl -n NETNAME import
|
||||
|
||||
You should repeat this for all nodes you ConnectTo, or which
|
||||
ConnectTo you. However, remember that you do not need to ConnectTo all
|
||||
|
@ -1722,6 +1719,8 @@ command line options.
|
|||
shared private keys to be written to the system swap
|
||||
files/partitions.
|
||||
|
||||
This option is not supported on all platforms.
|
||||
|
||||
`--logfile[=FILE]'
|
||||
Write log entries to a file instead of to the system logging
|
||||
facility. If FILE is omitted, the default is
|
||||
|
@ -1744,11 +1743,15 @@ command line options.
|
|||
or host-up), unless it's setup to be runnable inside chroot
|
||||
environment.
|
||||
|
||||
This option is not supported on all platforms.
|
||||
|
||||
`-U, --user=USER'
|
||||
Switch to the given USER after initialization, at the same time as
|
||||
chroot is performed (see -chroot above). With this option tinc
|
||||
drops privileges, for added security.
|
||||
|
||||
This option is not supported on all platforms.
|
||||
|
||||
`--help'
|
||||
Display a short reminder of these runtime options and terminate.
|
||||
|
||||
|
@ -2077,9 +2080,15 @@ File: tinc.info, Node: tincctl commands, Next: tincctl examples, Prev: tincct
|
|||
Export all host configuration files to standard output.
|
||||
|
||||
`import [--force]'
|
||||
Import host configuration file(s) from standard input. Already
|
||||
existing host configuration files are not overwritten unless the
|
||||
option -force is used.
|
||||
Import host configuration file(s) generated by the tincctl export
|
||||
command from standard input. Already existing host configuration
|
||||
files are not overwritten unless the option -force is used.
|
||||
|
||||
`exchange [--force]'
|
||||
The same as export followed by import.
|
||||
|
||||
`exchange-all [--force]'
|
||||
The same as export-all followed by import.
|
||||
|
||||
`start [tincd options]'
|
||||
Start `tincd', optionally with the given extra options.
|
||||
|
@ -2840,7 +2849,7 @@ Concept Index
|
|||
* CHALLENGE: Authentication protocol.
|
||||
(line 10)
|
||||
* CIDR notation: Host configuration variables.
|
||||
(line 91)
|
||||
(line 88)
|
||||
* Cipher: Host configuration variables.
|
||||
(line 12)
|
||||
* ClampMSS: Host configuration variables.
|
||||
|
@ -2882,7 +2891,7 @@ Concept Index
|
|||
* example: Example configuration.
|
||||
(line 6)
|
||||
* exec: Main configuration variables.
|
||||
(line 322)
|
||||
(line 321)
|
||||
* ExperimentalProtocol: Main configuration variables.
|
||||
(line 164)
|
||||
* Forwarding: Main configuration variables.
|
||||
|
@ -2891,9 +2900,9 @@ Concept Index
|
|||
* Hostnames: Main configuration variables.
|
||||
(line 193)
|
||||
* http: Main configuration variables.
|
||||
(line 319)
|
||||
(line 318)
|
||||
* hub: Main configuration variables.
|
||||
(line 246)
|
||||
(line 245)
|
||||
* ID: Authentication protocol.
|
||||
(line 10)
|
||||
* IndirectData: Host configuration variables.
|
||||
|
@ -2904,7 +2913,7 @@ Concept Index
|
|||
* IRC: Contact information. (line 9)
|
||||
* KEY_CHANGED: The meta-protocol. (line 64)
|
||||
* KeyExpire: Main configuration variables.
|
||||
(line 251)
|
||||
(line 250)
|
||||
* libcurses: libcurses. (line 6)
|
||||
* libraries: Libraries. (line 6)
|
||||
* libreadline: libreadline. (line 6)
|
||||
|
@ -2913,9 +2922,9 @@ Concept Index
|
|||
(line 212)
|
||||
* lzo: lzo. (line 6)
|
||||
* MACExpire: Main configuration variables.
|
||||
(line 257)
|
||||
(line 256)
|
||||
* MACLength: Host configuration variables.
|
||||
(line 42)
|
||||
(line 39)
|
||||
* meta-protocol: The meta-connection. (line 18)
|
||||
* META_KEY: Authentication protocol.
|
||||
(line 10)
|
||||
|
@ -2926,7 +2935,7 @@ Concept Index
|
|||
* multiple networks: Multiple networks. (line 6)
|
||||
* NAME: Scripts. (line 52)
|
||||
* Name: Main configuration variables.
|
||||
(line 262)
|
||||
(line 261)
|
||||
* netmask: Network interfaces. (line 39)
|
||||
* NETNAME <1>: tincctl environment variables.
|
||||
(line 6)
|
||||
|
@ -2938,44 +2947,44 @@ Concept Index
|
|||
* OpenSSL: OpenSSL. (line 6)
|
||||
* options: Runtime options. (line 9)
|
||||
* PEM format: Host configuration variables.
|
||||
(line 67)
|
||||
(line 64)
|
||||
* PING: The meta-protocol. (line 89)
|
||||
* PingInterval: Main configuration variables.
|
||||
(line 273)
|
||||
(line 272)
|
||||
* PingTimeout: Main configuration variables.
|
||||
(line 277)
|
||||
(line 276)
|
||||
* platforms: Supported platforms. (line 6)
|
||||
* PMTU: Host configuration variables.
|
||||
(line 47)
|
||||
(line 44)
|
||||
* PMTUDiscovery: Host configuration variables.
|
||||
(line 50)
|
||||
(line 47)
|
||||
* PONG: The meta-protocol. (line 89)
|
||||
* Port: Host configuration variables.
|
||||
(line 55)
|
||||
(line 52)
|
||||
* port numbers: Other files. (line 17)
|
||||
* PriorityInheritance: Main configuration variables.
|
||||
(line 283)
|
||||
(line 282)
|
||||
* private: Virtual Private Networks.
|
||||
(line 10)
|
||||
* PrivateKey: Main configuration variables.
|
||||
(line 288)
|
||||
(line 287)
|
||||
* PrivateKeyFile: Main configuration variables.
|
||||
(line 294)
|
||||
(line 293)
|
||||
* ProcessPriority: Main configuration variables.
|
||||
(line 299)
|
||||
(line 298)
|
||||
* Proxy: Main configuration variables.
|
||||
(line 304)
|
||||
(line 303)
|
||||
* PublicKey: Host configuration variables.
|
||||
(line 59)
|
||||
(line 56)
|
||||
* PublicKeyFile: Host configuration variables.
|
||||
(line 62)
|
||||
(line 59)
|
||||
* raw_socket: Main configuration variables.
|
||||
(line 100)
|
||||
* release: Supported platforms. (line 14)
|
||||
* REMOTEADDRESS: Scripts. (line 67)
|
||||
* REMOTEPORT: Scripts. (line 70)
|
||||
* ReplayWindow: Main configuration variables.
|
||||
(line 327)
|
||||
(line 326)
|
||||
* REQ_KEY: The meta-protocol. (line 64)
|
||||
* requirements: Libraries. (line 6)
|
||||
* router: Main configuration variables.
|
||||
|
@ -2987,20 +2996,20 @@ Concept Index
|
|||
(line 18)
|
||||
* signals: Signals. (line 6)
|
||||
* socks4: Main configuration variables.
|
||||
(line 308)
|
||||
(line 307)
|
||||
* socks5: Main configuration variables.
|
||||
(line 313)
|
||||
(line 312)
|
||||
* StrictSubnets: Main configuration variables.
|
||||
(line 338)
|
||||
(line 337)
|
||||
* SUBNET: Scripts. (line 74)
|
||||
* Subnet: Host configuration variables.
|
||||
(line 74)
|
||||
(line 71)
|
||||
* SVPN: Security. (line 11)
|
||||
* switch: Main configuration variables.
|
||||
(line 235)
|
||||
(line 234)
|
||||
* TCP: The meta-connection. (line 10)
|
||||
* TCPonly: Host configuration variables.
|
||||
(line 103)
|
||||
(line 100)
|
||||
* TINC: Security. (line 6)
|
||||
* tinc: Introduction. (line 6)
|
||||
* tinc-down: Scripts. (line 18)
|
||||
|
@ -3011,16 +3020,16 @@ Concept Index
|
|||
* tunifhead: Main configuration variables.
|
||||
(line 142)
|
||||
* TunnelServer: Main configuration variables.
|
||||
(line 343)
|
||||
(line 342)
|
||||
* tunnohead: Main configuration variables.
|
||||
(line 136)
|
||||
* UDP <1>: Encryption of network packets.
|
||||
(line 12)
|
||||
* UDP: The UDP tunnel. (line 30)
|
||||
* UDPRcvBuf: Main configuration variables.
|
||||
(line 350)
|
||||
(line 349)
|
||||
* UDPSndBuf: Main configuration variables.
|
||||
(line 355)
|
||||
(line 354)
|
||||
* UML: Main configuration variables.
|
||||
(line 118)
|
||||
* Universal tun/tap: Configuration of Linux kernels.
|
||||
|
@ -3073,39 +3082,39 @@ Node: Multiple networks23835
|
|||
Node: How connections work25215
|
||||
Node: Configuration files27788
|
||||
Node: Main configuration variables29321
|
||||
Node: Host configuration variables45731
|
||||
Node: Scripts50961
|
||||
Node: How to configure53640
|
||||
Node: Network interfaces58258
|
||||
Node: Example configuration60659
|
||||
Node: Running tinc65811
|
||||
Node: Runtime options66404
|
||||
Node: Signals69108
|
||||
Node: Debug levels69958
|
||||
Node: Solving problems70894
|
||||
Node: Error messages72324
|
||||
Node: Sending bug reports76646
|
||||
Node: Controlling tinc77598
|
||||
Node: tincctl runtime options77995
|
||||
Node: tincctl environment variables78694
|
||||
Node: tincctl commands79038
|
||||
Node: tincctl examples83343
|
||||
Node: tincctl top83948
|
||||
Node: Technical information85546
|
||||
Node: The connection85781
|
||||
Node: The UDP tunnel86093
|
||||
Node: The meta-connection89154
|
||||
Node: The meta-protocol90623
|
||||
Node: Security95632
|
||||
Node: Authentication protocol96762
|
||||
Node: Encryption of network packets101766
|
||||
Node: Security issues103139
|
||||
Node: Platform specific information104756
|
||||
Node: Interface configuration104984
|
||||
Node: Routes107437
|
||||
Node: About us109353
|
||||
Node: Contact information109528
|
||||
Node: Authors109932
|
||||
Node: Concept Index110337
|
||||
Node: Host configuration variables45735
|
||||
Node: Scripts50810
|
||||
Node: How to configure53489
|
||||
Node: Network interfaces58079
|
||||
Node: Example configuration60480
|
||||
Node: Running tinc65632
|
||||
Node: Runtime options66225
|
||||
Node: Signals69088
|
||||
Node: Debug levels69938
|
||||
Node: Solving problems70874
|
||||
Node: Error messages72304
|
||||
Node: Sending bug reports76626
|
||||
Node: Controlling tinc77578
|
||||
Node: tincctl runtime options77975
|
||||
Node: tincctl environment variables78674
|
||||
Node: tincctl commands79018
|
||||
Node: tincctl examples83503
|
||||
Node: tincctl top84108
|
||||
Node: Technical information85706
|
||||
Node: The connection85941
|
||||
Node: The UDP tunnel86253
|
||||
Node: The meta-connection89314
|
||||
Node: The meta-protocol90783
|
||||
Node: Security95792
|
||||
Node: Authentication protocol96922
|
||||
Node: Encryption of network packets101926
|
||||
Node: Security issues103299
|
||||
Node: Platform specific information104916
|
||||
Node: Interface configuration105144
|
||||
Node: Routes107597
|
||||
Node: About us109513
|
||||
Node: Contact information109688
|
||||
Node: Authors110092
|
||||
Node: Concept Index110497
|
||||
|
||||
End Tag Table
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2012 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2013 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2012 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2013 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -1063,7 +1063,7 @@ This option selects the way packets are routed to other daemons.
|
|||
@item router
|
||||
In this mode Subnet
|
||||
variables in the host configuration files will be used to form a routing table.
|
||||
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||
Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||
|
||||
This is the default mode, and unless you really know you need another mode, don't change it.
|
||||
|
||||
|
@ -1098,12 +1098,12 @@ This only has effect when Mode is set to "switch".
|
|||
@cindex Name
|
||||
@item Name = <@var{name}> [required]
|
||||
This is a symbolic name for this connection.
|
||||
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
|
||||
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
|
||||
|
||||
If Name starts with a $, then the contents of the environment variable that follows will be used.
|
||||
In that case, invalid characters will be converted to underscores.
|
||||
If Name is $HOST, but no such environment variable exist,
|
||||
the hostname will be read using the gethostnname() system call.
|
||||
the hostname will be read using the gethostname() system call.
|
||||
|
||||
@cindex PingInterval
|
||||
@item PingInterval = <@var{seconds}> (60)
|
||||
|
@ -1242,11 +1242,9 @@ Furthermore, specifying "none" will turn off packet authentication.
|
|||
|
||||
@cindex IndirectData
|
||||
@item IndirectData = <yes|no> (no)
|
||||
This option specifies whether other tinc daemons besides the one you
|
||||
specified with ConnectTo can make a direct connection to you. This is
|
||||
especially useful if you are behind a firewall and it is impossible to
|
||||
make a connection from the outside to your tinc daemon. Otherwise, it
|
||||
is best to leave this option out or set it to no.
|
||||
When set to yes, other nodes which do not already have a meta connection to you
|
||||
will not try to establish direct communication with you.
|
||||
It is best to leave this option out or set it to no.
|
||||
|
||||
@cindex MACLength
|
||||
@item MACLength = <@var{bytes}> (4)
|
||||
|
@ -1515,11 +1513,12 @@ tincctl -n @var{netname} import
|
|||
@end example
|
||||
|
||||
If you are the owner of bar yourself, and you have SSH access to that computer,
|
||||
you can also swap the host configuration files using the following commands:
|
||||
you can also swap the host configuration files using the following command:
|
||||
|
||||
@example
|
||||
tincctl -n @var{netname} export | ssh bar.example.org tincctl -n @var{netname} import
|
||||
ssh bar.example.org tincctl -n @var{netname} export | tincctl -n @var{netname} import
|
||||
tincctl -n @var{netname} export \
|
||||
| ssh bar.example.org tincctl -n @var{netname} exchange \
|
||||
| tincctl -n @var{netname} import
|
||||
@end example
|
||||
|
||||
You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
|
||||
|
@ -1849,6 +1848,8 @@ This option can be used more than once to specify multiple configuration variabl
|
|||
Lock tinc into main memory.
|
||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||
|
||||
This option is not supported on all platforms.
|
||||
|
||||
@item --logfile[=@var{file}]
|
||||
Write log entries to a file instead of to the system logging facility.
|
||||
If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
|
||||
|
@ -1869,11 +1870,14 @@ Note that this option alone does not do any good without -U/--user, below.
|
|||
Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
|
||||
unless it's setup to be runnable inside chroot environment.
|
||||
|
||||
This option is not supported on all platforms.
|
||||
@item -U, --user=@var{user}
|
||||
Switch to the given @var{user} after initialization, at the same time as
|
||||
chroot is performed (see --chroot above). With this option tinc drops
|
||||
privileges, for added security.
|
||||
|
||||
This option is not supported on all platforms.
|
||||
|
||||
@item --help
|
||||
Display a short reminder of these runtime options and terminate.
|
||||
|
||||
|
@ -2196,9 +2200,15 @@ Export the host configuration file of the local node to standard output.
|
|||
Export all host configuration files to standard output.
|
||||
|
||||
@item import [--force]
|
||||
Import host configuration file(s) from standard input.
|
||||
Import host configuration file(s) generated by the tincctl export command from standard input.
|
||||
Already existing host configuration files are not overwritten unless the option --force is used.
|
||||
|
||||
@item exchange [--force]
|
||||
The same as export followed by import.
|
||||
|
||||
@item exchange-all [--force]
|
||||
The same as export-all followed by import.
|
||||
|
||||
@item start [tincd options]
|
||||
Start @samp{tincd}, optionally with the given extra options.
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.Dd 2012-10-14
|
||||
.Dd 2013-01-15
|
||||
.Dt TINCCTL 8
|
||||
.\" Manual page created by:
|
||||
.\" Scott Lamb
|
||||
|
@ -80,10 +80,16 @@ Export the host configuration file of the local node to standard output.
|
|||
.It export-all
|
||||
Export all host configuration files to standard output.
|
||||
.It import Op Fl -force
|
||||
Import host configuration file(s) from standard input.
|
||||
Import host configuration data generated by the
|
||||
.Nm
|
||||
export command from standard input.
|
||||
Already existing host configuration files are not overwritten unless the option
|
||||
.Fl -force
|
||||
is used.
|
||||
.It exchange Op Fl -force
|
||||
The same as export followed by import.
|
||||
.It exchange-all Op Fl -force
|
||||
The same as export-all followed by import.
|
||||
.It start Op tincd options
|
||||
Start
|
||||
.Xr tincd 8 ,
|
||||
|
@ -206,7 +212,7 @@ Fractional seconds are honored.
|
|||
Intervals lower than 0.1 seconds are not allowed.
|
||||
.It Ic c
|
||||
Toggle between displaying current traffic rates (in packets and bytes per second)
|
||||
and cummulative traffic (total packets and bytes since the tinc daemon started).
|
||||
and cumulative traffic (total packets and bytes since the tinc daemon started).
|
||||
.It Ic n
|
||||
Sort the list of nodes by name.
|
||||
.It Ic i
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.Dd 2012-02-22
|
||||
.Dd 2013-01-14
|
||||
.Dt TINCD 8
|
||||
.\" Manual page created by:
|
||||
.\" Ivo Timmermans
|
||||
|
@ -81,6 +81,7 @@ This option can be used more than once to specify multiple configuration variabl
|
|||
.It Fl L, -mlock
|
||||
Lock tinc into main memory.
|
||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||
This option is not supported on all platforms.
|
||||
.It Fl -logfile Ns Op = Ns Ar FILE
|
||||
Write log entries to a file instead of to the system logging facility.
|
||||
If
|
||||
|
@ -104,10 +105,12 @@ Only useful for debugging.
|
|||
With this option tinc chroots into the directory where network
|
||||
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
||||
or to the directory specified with -c option) after initialization.
|
||||
This option is not supported on all platforms.
|
||||
.It Fl U, -user Ns = Ns Ar USER
|
||||
setuid to the specified
|
||||
.Ar USER
|
||||
after initialization.
|
||||
This option is not supported on all platforms.
|
||||
.It Fl -help
|
||||
Display short list of options.
|
||||
.It Fl -version
|
||||
|
|
21
gui/tinc-gui
21
gui/tinc-gui
|
@ -111,11 +111,28 @@ class VPN:
|
|||
piddir = '/var/run/'
|
||||
|
||||
def connect(self):
|
||||
# read the pidfile
|
||||
f = open(self.pidfile)
|
||||
info = string.split(f.readline())
|
||||
f.close()
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((info[2], int(info[4])))
|
||||
|
||||
# check if there is a UNIX socket as well
|
||||
if self.pidfile.endswith(".pid"):
|
||||
unixfile = self.pidfile.replace(".pid", ".socket");
|
||||
else:
|
||||
unixfile = self.pidfile + ".socket";
|
||||
|
||||
if os.path.exists(unixfile):
|
||||
# use it if it exists
|
||||
print(unixfile + " exists!");
|
||||
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
s.connect(unixfile)
|
||||
else:
|
||||
# otherwise connect via TCP
|
||||
print(unixfile + " does not exist.");
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((info[2], int(info[4])))
|
||||
|
||||
self.sf = s.makefile()
|
||||
s.close()
|
||||
hello = string.split(self.sf.readline())
|
||||
|
|
|
@ -9,7 +9,7 @@ tincd_SOURCES = \
|
|||
buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
|
||||
net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
|
||||
protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \
|
||||
dummy_device.c raw_socket_device.c multicast_device.c
|
||||
dummy_device.c raw_socket_device.c multicast_device.c names.c
|
||||
|
||||
if UML
|
||||
tincd_SOURCES += uml_device.c
|
||||
|
@ -24,7 +24,7 @@ nodist_tincd_SOURCES = \
|
|||
|
||||
tincctl_SOURCES = \
|
||||
utils.c getopt.c getopt1.c dropin.c \
|
||||
info.c list.c subnet_parse.c tincctl.c top.c
|
||||
info.c list.c subnet_parse.c tincctl.c top.c names.c
|
||||
|
||||
nodist_tincctl_SOURCES = \
|
||||
ecdsagen.c rsagen.c
|
||||
|
@ -46,7 +46,7 @@ INCLUDES = @INCLUDES@ -I$(top_builddir)
|
|||
noinst_HEADERS = \
|
||||
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
|
||||
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
|
||||
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
|
||||
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
|
||||
|
||||
nodist_noinst_HEADERS = \
|
||||
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
|
||||
|
|
|
@ -82,7 +82,7 @@ sptps_test_LDADD = $(LDADD)
|
|||
am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \
|
||||
getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \
|
||||
list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \
|
||||
top.$(OBJEXT)
|
||||
top.$(OBJEXT) names.$(OBJEXT)
|
||||
nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT)
|
||||
tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS)
|
||||
am__DEPENDENCIES_1 =
|
||||
|
@ -95,7 +95,8 @@ am__tincd_SOURCES_DIST = utils.c getopt.c getopt1.c list.c \
|
|||
protocol_edge.c protocol_misc.c protocol_key.c \
|
||||
protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \
|
||||
event.c tincd.c dummy_device.c raw_socket_device.c \
|
||||
multicast_device.c uml_device.c vde_device.c bsd/tunemu.c
|
||||
multicast_device.c names.c uml_device.c vde_device.c \
|
||||
bsd/tunemu.c
|
||||
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
|
||||
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
|
||||
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
|
||||
|
@ -113,8 +114,8 @@ am_tincd_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT) \
|
|||
route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \
|
||||
subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \
|
||||
dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \
|
||||
multicast_device.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
|
||||
$(am__objects_3)
|
||||
multicast_device.$(OBJEXT) names.$(OBJEXT) $(am__objects_1) \
|
||||
$(am__objects_2) $(am__objects_3)
|
||||
nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \
|
||||
crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \
|
||||
digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT)
|
||||
|
@ -252,14 +253,14 @@ tincd_SOURCES = utils.c getopt.c getopt1.c list.c splay_tree.c \
|
|||
process.c protocol.c protocol_auth.c protocol_edge.c \
|
||||
protocol_misc.c protocol_key.c protocol_subnet.c route.c \
|
||||
sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \
|
||||
raw_socket_device.c multicast_device.c $(am__append_1) \
|
||||
raw_socket_device.c multicast_device.c names.c $(am__append_1) \
|
||||
$(am__append_2) $(am__append_3)
|
||||
nodist_tincd_SOURCES = \
|
||||
device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c
|
||||
|
||||
tincctl_SOURCES = \
|
||||
utils.c getopt.c getopt1.c dropin.c \
|
||||
info.c list.c subnet_parse.c tincctl.c top.c
|
||||
info.c list.c subnet_parse.c tincctl.c top.c names.c
|
||||
|
||||
nodist_tincctl_SOURCES = \
|
||||
ecdsagen.c rsagen.c
|
||||
|
@ -273,7 +274,7 @@ DEFAULT_INCLUDES =
|
|||
noinst_HEADERS = \
|
||||
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
|
||||
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
|
||||
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
|
||||
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
|
||||
|
||||
nodist_noinst_HEADERS = \
|
||||
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
|
||||
|
@ -395,6 +396,7 @@ distclean-compile:
|
|||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/names.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction BSD tun/tap device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -24,12 +24,13 @@
|
|||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "route.h"
|
||||
#include "utils.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
#include "bsd/tunemu.h"
|
||||
#endif
|
||||
|
||||
|
@ -44,7 +45,7 @@ typedef enum device_type {
|
|||
DEVICE_TYPE_TUN,
|
||||
DEVICE_TYPE_TUNIFHEAD,
|
||||
DEVICE_TYPE_TAP,
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
DEVICE_TYPE_TUNEMU,
|
||||
#endif
|
||||
} device_type_t;
|
||||
|
@ -55,7 +56,7 @@ char *iface = NULL;
|
|||
static char *device_info = NULL;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
#if defined(TUNEMU)
|
||||
#if defined(ENABLE_TUNEMU)
|
||||
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
|
||||
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
||||
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||
|
@ -79,7 +80,7 @@ static bool setup_device(void) {
|
|||
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
||||
if(!strcasecmp(type, "tun"))
|
||||
/* use default */;
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
else if(!strcasecmp(type, "tunemu"))
|
||||
device_type = DEVICE_TYPE_TUNEMU;
|
||||
#endif
|
||||
|
@ -99,7 +100,7 @@ static bool setup_device(void) {
|
|||
}
|
||||
|
||||
switch(device_type) {
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU: {
|
||||
char dynamic_name[256] = "";
|
||||
device_fd = tunemu_open(dynamic_name);
|
||||
|
@ -176,7 +177,7 @@ static bool setup_device(void) {
|
|||
|
||||
#endif
|
||||
break;
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
device_info = "BSD tunemu device";
|
||||
break;
|
||||
|
@ -190,7 +191,7 @@ static bool setup_device(void) {
|
|||
|
||||
static void close_device(void) {
|
||||
switch(device_type) {
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
tunemu_close(device_fd);
|
||||
break;
|
||||
|
@ -208,7 +209,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
|
||||
switch(device_type) {
|
||||
case DEVICE_TYPE_TUN:
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
if(device_type == DEVICE_TYPE_TUNEMU)
|
||||
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
|
||||
|
@ -347,7 +348,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
|||
}
|
||||
break;
|
||||
|
||||
#ifdef HAVE_TUNEMU
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||
|
|
386
src/bsd/device.c.orig
Normal file
386
src/bsd/device.c.orig
Normal file
|
@ -0,0 +1,386 @@
|
|||
/*
|
||||
device.c -- Interaction BSD tun/tap device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "net.h"
|
||||
#include "route.h"
|
||||
#include "utils.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
#ifdef ENABLE_TUNEMU
|
||||
#include "bsd/tunemu.h"
|
||||
#endif
|
||||
|
||||
#define DEFAULT_TUN_DEVICE "/dev/tun0"
|
||||
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD)
|
||||
#define DEFAULT_TAP_DEVICE "/dev/tap0"
|
||||
#else
|
||||
#define DEFAULT_TAP_DEVICE "/dev/tun0"
|
||||
#endif
|
||||
|
||||
typedef enum device_type {
|
||||
DEVICE_TYPE_TUN,
|
||||
DEVICE_TYPE_TUNIFHEAD,
|
||||
DEVICE_TYPE_TAP,
|
||||
#ifdef ENABLE_TUNEMU
|
||||
DEVICE_TYPE_TUNEMU,
|
||||
#endif
|
||||
} device_type_t;
|
||||
|
||||
int device_fd = -1;
|
||||
char *device = NULL;
|
||||
char *iface = NULL;
|
||||
static char *device_info = NULL;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
#if defined(ENABLE_TUNEMU)
|
||||
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
|
||||
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
||||
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||
#else
|
||||
static device_type_t device_type = DEVICE_TYPE_TUN;
|
||||
#endif
|
||||
|
||||
static bool setup_device(void) {
|
||||
char *type;
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
|
||||
if(routing_mode == RMODE_ROUTER)
|
||||
device = xstrdup(DEFAULT_TUN_DEVICE);
|
||||
else
|
||||
device = xstrdup(DEFAULT_TAP_DEVICE);
|
||||
}
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
||||
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
||||
if(!strcasecmp(type, "tun"))
|
||||
<<<<<<< HEAD
|
||||
/* use default */;
|
||||
#ifdef HAVE_TUNEMU
|
||||
=======
|
||||
/* use default */;
|
||||
#ifdef ENABLE_TUNEMU
|
||||
>>>>>>> 2a3e343... Fix support for tunemu on iOS devices.
|
||||
else if(!strcasecmp(type, "tunemu"))
|
||||
device_type = DEVICE_TYPE_TUNEMU;
|
||||
#endif
|
||||
else if(!strcasecmp(type, "tunnohead"))
|
||||
device_type = DEVICE_TYPE_TUN;
|
||||
else if(!strcasecmp(type, "tunifhead"))
|
||||
device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||
else if(!strcasecmp(type, "tap"))
|
||||
device_type = DEVICE_TYPE_TAP;
|
||||
else {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown device type %s!", type);
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
|
||||
device_type = DEVICE_TYPE_TAP;
|
||||
}
|
||||
|
||||
switch(device_type) {
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU: {
|
||||
char dynamic_name[256] = "";
|
||||
device_fd = tunemu_open(dynamic_name);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
device_fd = open(device, O_RDWR | O_NONBLOCK);
|
||||
}
|
||||
|
||||
if(device_fd < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
|
||||
switch(device_type) {
|
||||
default:
|
||||
device_type = DEVICE_TYPE_TUN;
|
||||
case DEVICE_TYPE_TUN:
|
||||
#ifdef TUNSIFHEAD
|
||||
{
|
||||
const int zero = 0;
|
||||
if(ioctl(device_fd, TUNSIFHEAD, &zero, sizeof zero) == -1) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
|
||||
{
|
||||
const int mode = IFF_BROADCAST | IFF_MULTICAST;
|
||||
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
|
||||
}
|
||||
#endif
|
||||
|
||||
device_info = "Generic BSD tun device";
|
||||
break;
|
||||
case DEVICE_TYPE_TUNIFHEAD:
|
||||
#ifdef TUNSIFHEAD
|
||||
{
|
||||
const int one = 1;
|
||||
if(ioctl(device_fd, TUNSIFHEAD, &one, sizeof one) == -1) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
|
||||
{
|
||||
const int mode = IFF_BROADCAST | IFF_MULTICAST;
|
||||
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
|
||||
}
|
||||
#endif
|
||||
|
||||
device_info = "Generic BSD tun device";
|
||||
break;
|
||||
case DEVICE_TYPE_TAP:
|
||||
if(routing_mode == RMODE_ROUTER)
|
||||
overwrite_mac = true;
|
||||
device_info = "Generic BSD tap device";
|
||||
#ifdef TAPGIFNAME
|
||||
{
|
||||
struct ifreq ifr;
|
||||
if(ioctl(device_fd, TAPGIFNAME, (void*)&ifr) == 0) {
|
||||
if(iface)
|
||||
free(iface);
|
||||
iface = xstrdup(ifr.ifr_name);
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
break;
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
device_info = "BSD tunemu device";
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
|
||||
logger(DEBUG_ALWAYS, LOG_INFO, "%s is a %s", device, device_info);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void close_device(void) {
|
||||
switch(device_type) {
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
tunemu_close(device_fd);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
close(device_fd);
|
||||
}
|
||||
|
||||
free(device);
|
||||
free(iface);
|
||||
}
|
||||
|
||||
static bool read_packet(vpn_packet_t *packet) {
|
||||
int inlen;
|
||||
|
||||
switch(device_type) {
|
||||
case DEVICE_TYPE_TUN:
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
if(device_type == DEVICE_TYPE_TUNEMU)
|
||||
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
|
||||
else
|
||||
#endif
|
||||
inlen = read(device_fd, packet->data + 14, MTU - 14);
|
||||
|
||||
if(inlen <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
switch(packet->data[14] >> 4) {
|
||||
case 4:
|
||||
packet->data[12] = 0x08;
|
||||
packet->data[13] = 0x00;
|
||||
break;
|
||||
case 6:
|
||||
packet->data[12] = 0x86;
|
||||
packet->data[13] = 0xDD;
|
||||
break;
|
||||
default:
|
||||
logger(DEBUG_TRAFFIC, LOG_ERR,
|
||||
"Unknown IP version %d while reading packet from %s %s",
|
||||
packet->data[14] >> 4, device_info, device);
|
||||
return false;
|
||||
}
|
||||
|
||||
memset(packet->data, 0, 12);
|
||||
packet->len = inlen + 14;
|
||||
break;
|
||||
|
||||
case DEVICE_TYPE_TUNIFHEAD: {
|
||||
u_int32_t type;
|
||||
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, MTU - 14}};
|
||||
|
||||
if((inlen = readv(device_fd, vector, 2)) <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (ntohl(type)) {
|
||||
case AF_INET:
|
||||
packet->data[12] = 0x08;
|
||||
packet->data[13] = 0x00;
|
||||
break;
|
||||
|
||||
case AF_INET6:
|
||||
packet->data[12] = 0x86;
|
||||
packet->data[13] = 0xDD;
|
||||
break;
|
||||
|
||||
default:
|
||||
logger(DEBUG_TRAFFIC, LOG_ERR,
|
||||
"Unknown address family %x while reading packet from %s %s",
|
||||
ntohl(type), device_info, device);
|
||||
return false;
|
||||
}
|
||||
|
||||
memset(packet->data, 0, 12);
|
||||
packet->len = inlen + 10;
|
||||
break;
|
||||
}
|
||||
|
||||
case DEVICE_TYPE_TAP:
|
||||
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
packet->len = inlen;
|
||||
break;
|
||||
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
||||
device_total_in += packet->len;
|
||||
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s",
|
||||
packet->len, device_info);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool write_packet(vpn_packet_t *packet) {
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||
packet->len, device_info);
|
||||
|
||||
switch(device_type) {
|
||||
case DEVICE_TYPE_TUN:
|
||||
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
|
||||
case DEVICE_TYPE_TUNIFHEAD: {
|
||||
u_int32_t type;
|
||||
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, packet->len - 14}};
|
||||
int af;
|
||||
|
||||
af = (packet->data[12] << 8) + packet->data[13];
|
||||
|
||||
switch (af) {
|
||||
case 0x0800:
|
||||
type = htonl(AF_INET);
|
||||
break;
|
||||
case 0x86DD:
|
||||
type = htonl(AF_INET6);
|
||||
break;
|
||||
default:
|
||||
logger(DEBUG_TRAFFIC, LOG_ERR,
|
||||
"Unknown address family %x while writing packet to %s %s",
|
||||
af, device_info, device);
|
||||
return false;
|
||||
}
|
||||
|
||||
if(writev(device_fd, vector, 2) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
|
||||
strerror(errno));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
case DEVICE_TYPE_TAP:
|
||||
if(write(device_fd, packet->data, packet->len) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
|
||||
#ifdef ENABLE_TUNEMU
|
||||
case DEVICE_TYPE_TUNEMU:
|
||||
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
||||
device_total_out += packet->len;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void dump_device_stats(void) {
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
||||
const devops_t os_devops = {
|
||||
.setup = setup_device,
|
||||
.close = close_device,
|
||||
.read = read_packet,
|
||||
.write = write_packet,
|
||||
.dump_stats = dump_device_stats,
|
||||
};
|
|
@ -2,7 +2,7 @@
|
|||
conf.c -- configuration code
|
||||
Copyright (C) 1998 Robert van der Meulen
|
||||
1998-2005 Ivo Timmermans
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
||||
2000 Cris van Pelt
|
||||
|
||||
|
@ -28,6 +28,7 @@
|
|||
#include "conf.h"
|
||||
#include "list.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "netutl.h" /* for str2address */
|
||||
#include "protocol.h"
|
||||
#include "utils.h" /* for cp */
|
||||
|
@ -37,11 +38,8 @@ splay_tree_t *config_tree;
|
|||
|
||||
int pinginterval = 0; /* seconds between pings */
|
||||
int pingtimeout = 0; /* seconds to wait for response */
|
||||
char *confbase = NULL; /* directory in which all config files are */
|
||||
char *netname = NULL; /* name of the vpn network */
|
||||
list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
|
||||
|
||||
|
||||
static int config_compare(const config_t *a, const config_t *b) {
|
||||
int result;
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
conf.h -- header for conf.c
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -39,8 +39,6 @@ extern int pinginterval;
|
|||
extern int pingtimeout;
|
||||
extern int maxtimeout;
|
||||
extern bool bypass_security;
|
||||
extern char *confbase;
|
||||
extern char *netname;
|
||||
extern list_t *cmdline_conf;
|
||||
|
||||
extern void init_configuration(splay_tree_t **);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
control.c -- Control socket handling.
|
||||
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -25,6 +25,7 @@
|
|||
#include "graph.h"
|
||||
#include "logger.h"
|
||||
#include "meta.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "netutl.h"
|
||||
#include "protocol.h"
|
||||
|
@ -33,7 +34,6 @@
|
|||
#include "xalloc.h"
|
||||
|
||||
char controlcookie[65];
|
||||
extern char *pidfilename;
|
||||
|
||||
static bool control_return(connection_t *c, int type, int error) {
|
||||
return send_request(c, "%d %d %d", CONTROL, type, error);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Windows tap driver in a Cygwin environment
|
||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -26,6 +26,7 @@
|
|||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "route.h"
|
||||
#include "utils.h"
|
||||
|
|
10
src/dropin.c
10
src/dropin.c
|
@ -158,8 +158,18 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
|
|||
|
||||
#ifndef HAVE_GETTIMEOFDAY
|
||||
int gettimeofday(struct timeval *tv, void *tz) {
|
||||
#ifdef HAVE_MINGW
|
||||
FILETIME ft;
|
||||
GetSystemTimeAsFileTime(&ft);
|
||||
uint64_t lt = (uint64_t)ft.dwLowDateTime | ((uint64_t)ft.dwHighDateTime << 32);
|
||||
lt -= 116444736000000000ULL;
|
||||
tv->tv_sec = lt / 10000000;
|
||||
tv->tv_usec = (lt / 10) % 1000000;
|
||||
#else
|
||||
#warning No high resolution time source!
|
||||
tv->tv_sec = time(NULL);
|
||||
tv->tv_usec = 0;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -58,7 +58,7 @@ extern int usleep(long long usec);
|
|||
#define timersub(a, b, r) do {\
|
||||
(r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\
|
||||
(r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\
|
||||
if((r)->tv_usec < 1000000)\
|
||||
if((r)->tv_usec < 0)\
|
||||
(r)->tv_sec--, (r)->tv_usec += 1000000;\
|
||||
} while (0)
|
||||
#endif
|
||||
|
|
10
src/event.c
10
src/event.c
|
@ -52,13 +52,8 @@ static int timeout_compare(const timeout_t *a, const timeout_t *b) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int signal_compare(const signal_t *a, const signal_t *b) {
|
||||
return a->signum - b->signum;
|
||||
}
|
||||
|
||||
static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare};
|
||||
static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare};
|
||||
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
|
||||
|
||||
void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) {
|
||||
if(io->cb)
|
||||
|
@ -130,8 +125,13 @@ void timeout_del(timeout_t *timeout) {
|
|||
}
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
static int signal_compare(const signal_t *a, const signal_t *b) {
|
||||
return a->signum - b->signum;
|
||||
}
|
||||
|
||||
static io_t signalio;
|
||||
static int pipefd[2] = {-1, -1};
|
||||
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
|
||||
|
||||
static void signal_handler(int signum) {
|
||||
unsigned char num = signum;
|
||||
|
|
30
src/graph.c
30
src/graph.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
graph.c -- graph algorithms
|
||||
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -51,6 +51,7 @@
|
|||
#include "graph.h"
|
||||
#include "list.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "netutl.h"
|
||||
#include "node.h"
|
||||
#include "process.h"
|
||||
|
@ -61,7 +62,7 @@
|
|||
#include "graph.h"
|
||||
|
||||
/* Implementation of Kruskal's algorithm.
|
||||
Running time: O(E)
|
||||
Running time: O(EN)
|
||||
Please note that sorting on weight is already done by add_edge().
|
||||
*/
|
||||
|
||||
|
@ -78,11 +79,24 @@ static void mst_kruskal(void) {
|
|||
for splay_each(node_t, n, node_tree)
|
||||
n->status.visited = false;
|
||||
|
||||
/* Add safe edges */
|
||||
/* Starting point */
|
||||
|
||||
for splay_each(edge_t, e, edge_weight_tree) {
|
||||
if(!e->reverse || (e->from->status.visited && e->to->status.visited))
|
||||
if(e->from->status.reachable) {
|
||||
e->from->status.visited = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* Add safe edges */
|
||||
|
||||
bool skipped = false;
|
||||
|
||||
for splay_each(edge_t, e, edge_weight_tree) {
|
||||
if(!e->reverse || (e->from->status.visited == e->to->status.visited)) {
|
||||
skipped = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
e->from->status.visited = true;
|
||||
e->to->status.visited = true;
|
||||
|
@ -93,8 +107,12 @@ static void mst_kruskal(void) {
|
|||
if(e->reverse->connection)
|
||||
e->reverse->connection->status.mst = true;
|
||||
|
||||
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name,
|
||||
e->to->name, e->weight);
|
||||
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight);
|
||||
|
||||
if(skipped) {
|
||||
skipped = false;
|
||||
next = edge_weight_tree->head;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
12
src/info.c
12
src/info.c
|
@ -58,11 +58,15 @@ static int info_node(int fd, const char *item) {
|
|||
int code, req, cipher, digest, maclength, compression, distance;
|
||||
short int pmtu, minmtu, maxmtu;
|
||||
unsigned int options;
|
||||
union {
|
||||
node_status_t bits;
|
||||
uint32_t raw;
|
||||
} status_union;
|
||||
node_status_t status;
|
||||
long int last_state_change;
|
||||
|
||||
while(recvline(fd, line, sizeof line)) {
|
||||
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, (unsigned *)&status, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
|
||||
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
|
||||
|
||||
if(n == 2)
|
||||
break;
|
||||
|
@ -92,8 +96,12 @@ static int info_node(int fd, const char *item) {
|
|||
printf("Address: %s port %s\n", host, port);
|
||||
|
||||
char timestr[32] = "never";
|
||||
time_t lsc_time = last_state_change;
|
||||
|
||||
if(last_state_change)
|
||||
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&last_state_change));
|
||||
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&lsc_time));
|
||||
|
||||
status = status_union.bits;
|
||||
|
||||
if(status.reachable)
|
||||
printf("Online since: %s\n", timestr);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Linux ethertap and tun/tap device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -26,6 +26,7 @@
|
|||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "route.h"
|
||||
#include "utils.h"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
logger.c -- logging code
|
||||
Copyright (C) 2004-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2004-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -22,6 +22,7 @@
|
|||
|
||||
#include "conf.h"
|
||||
#include "meta.h"
|
||||
#include "names.h"
|
||||
#include "logger.h"
|
||||
#include "connection.h"
|
||||
#include "control_common.h"
|
||||
|
@ -30,7 +31,6 @@
|
|||
debug_t debug_level = DEBUG_NOTHING;
|
||||
static logmode_t logmode = LOGMODE_STDERR;
|
||||
static pid_t logpid;
|
||||
extern char *logfilename;
|
||||
static FILE *logfile = NULL;
|
||||
#ifdef HAVE_MINGW
|
||||
static HANDLE loghandle = NULL;
|
||||
|
|
43
src/meta.c
43
src/meta.c
|
@ -185,21 +185,50 @@ bool receive_meta(connection_t *c) {
|
|||
|
||||
if(c->tcplen) {
|
||||
char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
|
||||
if(tcpbuffer) {
|
||||
if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
|
||||
if(!tcpbuffer)
|
||||
break;
|
||||
|
||||
if(!c->node) {
|
||||
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
|
||||
if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
|
||||
} else {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
|
||||
return false;
|
||||
}
|
||||
} else
|
||||
receive_tcppacket(c, tcpbuffer, c->tcplen);
|
||||
c->tcplen = 0;
|
||||
continue;
|
||||
} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
|
||||
if(tcpbuffer[0] != 5) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
|
||||
return false;
|
||||
}
|
||||
if(tcpbuffer[1] == (char)0xff) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
|
||||
return false;
|
||||
}
|
||||
if(tcpbuffer[2] != 5) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
|
||||
return false;
|
||||
}
|
||||
if(tcpbuffer[3] == 0) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
|
||||
} else {
|
||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
|
||||
abort();
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
if(c->allow_request == ALL) {
|
||||
receive_tcppacket(c, tcpbuffer, c->tcplen);
|
||||
} else {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
c->tcplen = 0;
|
||||
}
|
||||
|
||||
/* Otherwise we are waiting for a request */
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Windows tap driver in a MinGW environment
|
||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -26,6 +26,7 @@
|
|||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "route.h"
|
||||
#include "utils.h"
|
||||
|
@ -46,7 +47,7 @@ extern char *myport;
|
|||
|
||||
static DWORD WINAPI tapreader(void *bla) {
|
||||
int status;
|
||||
long len;
|
||||
DWORD len;
|
||||
OVERLAPPED overlapped;
|
||||
vpn_packet_t packet;
|
||||
|
||||
|
@ -61,7 +62,7 @@ static DWORD WINAPI tapreader(void *bla) {
|
|||
overlapped.OffsetHigh = 0;
|
||||
ResetEvent(overlapped.hEvent);
|
||||
|
||||
status = ReadFile(device_handle, packet.data, MTU, &len, &overlapped);
|
||||
status = ReadFile(device_handle, (void *)packet.data, MTU, &len, &overlapped);
|
||||
|
||||
if(!status) {
|
||||
if(GetLastError() == ERROR_IO_PENDING) {
|
||||
|
@ -91,7 +92,7 @@ static bool setup_device(void) {
|
|||
char adapterid[1024];
|
||||
char adaptername[1024];
|
||||
char tapname[1024];
|
||||
long len;
|
||||
DWORD len;
|
||||
unsigned long status;
|
||||
|
||||
bool found = false;
|
||||
|
@ -122,7 +123,7 @@ static bool setup_device(void) {
|
|||
continue;
|
||||
|
||||
len = sizeof adaptername;
|
||||
err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
|
||||
err = RegQueryValueEx(key2, "Name", 0, 0, (LPBYTE)adaptername, &len);
|
||||
|
||||
RegCloseKey(key2);
|
||||
|
||||
|
@ -222,7 +223,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
}
|
||||
|
||||
static bool write_packet(vpn_packet_t *packet) {
|
||||
long outlen;
|
||||
DWORD outlen;
|
||||
OVERLAPPED overlapped = {0};
|
||||
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||
|
|
|
@ -165,7 +165,7 @@ static void close_device(void) {
|
|||
static bool read_packet(vpn_packet_t *packet) {
|
||||
int lenin;
|
||||
|
||||
if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) {
|
||||
if((lenin = recv(device_fd, (void *)packet->data, MTU, 0)) <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
|
@ -191,7 +191,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
|||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||
packet->len, device_info);
|
||||
|
||||
if(sendto(device_fd, packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||
if(sendto(device_fd, (void *)packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
|
||||
strerror(errno));
|
||||
return false;
|
||||
|
|
106
src/names.c
Normal file
106
src/names.c
Normal file
|
@ -0,0 +1,106 @@
|
|||
/*
|
||||
names.c -- generate commonly used (file)names
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include "logger.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
char *netname = NULL;
|
||||
char *confdir = NULL; /* base configuration directory */
|
||||
char *confbase = NULL; /* base configuration directory for this instance of tinc */
|
||||
char *identname = NULL; /* program name for syslog */
|
||||
char *unixsocketname = NULL; /* UNIX socket location */
|
||||
char *logfilename = NULL; /* log file location */
|
||||
char *pidfilename = NULL;
|
||||
char *program_name = NULL;
|
||||
|
||||
/*
|
||||
Set all files and paths according to netname
|
||||
*/
|
||||
void make_names(void) {
|
||||
#ifdef HAVE_MINGW
|
||||
HKEY key;
|
||||
char installdir[1024] = "";
|
||||
DWORD len = sizeof installdir;
|
||||
#endif
|
||||
|
||||
if(netname)
|
||||
xasprintf(&identname, "tinc.%s", netname);
|
||||
else
|
||||
identname = xstrdup("tinc");
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
||||
if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
|
||||
confdir = xstrdup(installdir);
|
||||
if(!logfilename)
|
||||
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", installdir, identname);
|
||||
if(!confbase) {
|
||||
if(netname)
|
||||
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
|
||||
else
|
||||
xasprintf(&confbase, "%s", installdir);
|
||||
}
|
||||
if(!pidfilename)
|
||||
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
|
||||
}
|
||||
RegCloseKey(key);
|
||||
}
|
||||
#endif
|
||||
if(!confdir)
|
||||
confdir = xstrdup(CONFDIR SLASH "tinc");
|
||||
|
||||
if(!logfilename)
|
||||
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
|
||||
|
||||
if(!pidfilename)
|
||||
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
|
||||
|
||||
if(!unixsocketname) {
|
||||
int len = strlen(pidfilename);
|
||||
unixsocketname = xmalloc(len + 8);
|
||||
strcpy(unixsocketname, pidfilename);
|
||||
if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
|
||||
strcpy(unixsocketname + len - 4, ".socket");
|
||||
else
|
||||
strcpy(unixsocketname + len, ".socket");
|
||||
}
|
||||
|
||||
if(netname) {
|
||||
if(!confbase)
|
||||
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
|
||||
else
|
||||
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
|
||||
} else {
|
||||
if(!confbase)
|
||||
xasprintf(&confbase, CONFDIR SLASH "tinc");
|
||||
}
|
||||
}
|
||||
|
||||
void free_names(void) {
|
||||
free(identname);
|
||||
free(netname);
|
||||
free(unixsocketname);
|
||||
free(pidfilename);
|
||||
free(logfilename);
|
||||
free(confbase);
|
||||
free(confdir);
|
||||
}
|
36
src/names.h
Normal file
36
src/names.h
Normal file
|
@ -0,0 +1,36 @@
|
|||
/*
|
||||
names.h -- header for names.c
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __TINC_NAMES_H__
|
||||
#define __TINC_NAMES_H__
|
||||
|
||||
extern char *confdir;
|
||||
extern char *confbase;
|
||||
extern char *netname;
|
||||
extern char *identname;
|
||||
extern char *unixsocketname;
|
||||
extern char *logfilename;
|
||||
extern char *pidfilename;
|
||||
extern char *program_name;
|
||||
|
||||
extern void make_names(void);
|
||||
extern void free_names(void);
|
||||
|
||||
#endif /* __TINC_NAMES_H__ */
|
24
src/net.c
24
src/net.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net.c -- most of the network code
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2011 Loïc Grenié <loic.grenie@gmail.com>
|
||||
|
||||
|
@ -29,6 +29,7 @@
|
|||
#include "graph.h"
|
||||
#include "logger.h"
|
||||
#include "meta.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "netutl.h"
|
||||
#include "process.h"
|
||||
|
@ -280,29 +281,13 @@ static void periodic_handler(void *data) {
|
|||
}
|
||||
|
||||
void handle_meta_connection_data(connection_t *c) {
|
||||
int result;
|
||||
socklen_t len = sizeof result;
|
||||
|
||||
if(c->status.connecting) {
|
||||
c->status.connecting = false;
|
||||
|
||||
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len);
|
||||
|
||||
if(!result)
|
||||
finish_connecting(c);
|
||||
else {
|
||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
|
||||
terminate_connection(c, false);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (!receive_meta(c)) {
|
||||
terminate_connection(c, c->status.active);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
static void sigterm_handler(void *data) {
|
||||
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
|
||||
event_exit();
|
||||
|
@ -318,6 +303,7 @@ static void sigalrm_handler(void *data) {
|
|||
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
|
||||
retry();
|
||||
}
|
||||
#endif
|
||||
|
||||
int reload_configuration(void) {
|
||||
char *fname;
|
||||
|
@ -451,11 +437,13 @@ int main_loop(void) {
|
|||
signal_t sighup = {0};
|
||||
signal_t sigterm = {0};
|
||||
signal_t sigquit = {0};
|
||||
signal_t sigint = {0};
|
||||
signal_t sigalrm = {0};
|
||||
|
||||
signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
|
||||
signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
|
||||
signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
|
||||
signal_add(&sigint, sigterm_handler, &sigint, SIGINT);
|
||||
signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net.h -- header for net.c
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -128,6 +128,7 @@ extern bool localdiscovery;
|
|||
|
||||
extern listen_socket_t listen_socket[MAXSOCKETS];
|
||||
extern int listen_sockets;
|
||||
extern io_t unix_socket;
|
||||
extern int keylifetime;
|
||||
extern int udp_rcvbuf;
|
||||
extern int udp_sndbuf;
|
||||
|
@ -164,6 +165,7 @@ extern void handle_incoming_vpn_data(void *, int);
|
|||
extern void finish_connecting(struct connection_t *);
|
||||
extern bool do_outgoing_connection(struct outgoing_t *);
|
||||
extern void handle_new_meta_connection(void *, int);
|
||||
extern void handle_new_unix_connection(void *, int);
|
||||
extern int setup_listen_socket(const sockaddr_t *);
|
||||
extern int setup_vpn_in_socket(const sockaddr_t *);
|
||||
extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_packet.c -- Handles in- and outgoing VPN packets
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -22,12 +22,6 @@
|
|||
|
||||
#include "system.h"
|
||||
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#ifdef HAVE_ZLIB
|
||||
#include <zlib.h>
|
||||
#endif
|
||||
|
@ -70,11 +64,15 @@ bool localdiscovery = false;
|
|||
mtuprobes == 32: send 1 burst, sleep pingtimeout second
|
||||
mtuprobes == 33: no response from other side, restart PMTU discovery process
|
||||
|
||||
Probes are sent in batches of three, with random sizes between the lower and
|
||||
upper boundaries for the MTU thus far discovered.
|
||||
Probes are sent in batches of at least three, with random sizes between the
|
||||
lower and upper boundaries for the MTU thus far discovered.
|
||||
|
||||
In case local discovery is enabled, a fourth packet is added to each batch,
|
||||
After the initial discovery, a fourth packet is added to each batch with a
|
||||
size larger than the currently known PMTU, to test if the PMTU has increased.
|
||||
|
||||
In case local discovery is enabled, another packet is added to each batch,
|
||||
which will be broadcast to the local network.
|
||||
|
||||
*/
|
||||
|
||||
static void send_mtu_probe_handler(void *data) {
|
||||
|
@ -125,13 +123,18 @@ static void send_mtu_probe_handler(void *data) {
|
|||
timeout = pingtimeout;
|
||||
}
|
||||
|
||||
for(int i = 0; i < 3 + localdiscovery; i++) {
|
||||
for(int i = 0; i < 4 + localdiscovery; i++) {
|
||||
int len;
|
||||
|
||||
if(n->maxmtu <= n->minmtu)
|
||||
if(i == 0) {
|
||||
if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
|
||||
continue;
|
||||
len = n->maxmtu + 8;
|
||||
} else if(n->maxmtu <= n->minmtu) {
|
||||
len = n->maxmtu;
|
||||
else
|
||||
} else {
|
||||
len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
|
||||
}
|
||||
|
||||
if(len < 64)
|
||||
len = 64;
|
||||
|
@ -140,7 +143,7 @@ static void send_mtu_probe_handler(void *data) {
|
|||
memset(packet.data, 0, 14);
|
||||
randomize(packet.data + 14, len - 14);
|
||||
packet.len = len;
|
||||
if(i >= 3 && n->mtuprobes <= 10)
|
||||
if(i >= 4 && n->mtuprobes <= 10)
|
||||
packet.priority = -1;
|
||||
else
|
||||
packet.priority = 0;
|
||||
|
@ -150,6 +153,21 @@ static void send_mtu_probe_handler(void *data) {
|
|||
send_udppacket(n, &packet);
|
||||
}
|
||||
|
||||
n->probe_counter = 0;
|
||||
gettimeofday(&n->probe_time, NULL);
|
||||
|
||||
/* Calculate the packet loss of incoming traffic by comparing the rate of
|
||||
packets received to the rate with which the sequence number has increased.
|
||||
*/
|
||||
|
||||
if(n->received > n->prev_received)
|
||||
n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
|
||||
else
|
||||
n->packetloss = n->received_seqno <= n->prev_received_seqno;
|
||||
|
||||
n->prev_received_seqno = n->received_seqno;
|
||||
n->prev_received = n->received;
|
||||
|
||||
end:
|
||||
timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
|
||||
}
|
||||
|
@ -184,6 +202,13 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
|||
/* If we haven't established the PMTU yet, restart the discovery process. */
|
||||
|
||||
if(n->mtuprobes > 30) {
|
||||
if (len == n->maxmtu + 8) {
|
||||
logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
|
||||
n->maxmtu = MTU;
|
||||
n->mtuprobes = 10;
|
||||
return;
|
||||
}
|
||||
|
||||
if(n->minmtu)
|
||||
n->mtuprobes = 30;
|
||||
else
|
||||
|
@ -196,6 +221,25 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
|||
len = n->maxmtu;
|
||||
if(n->minmtu < len)
|
||||
n->minmtu = len;
|
||||
|
||||
/* Calculate RTT and bandwidth.
|
||||
The RTT is the time between the MTU probe burst was sent and the first
|
||||
reply is received. The bandwidth is measured using the time between the
|
||||
arrival of the first and third probe reply.
|
||||
*/
|
||||
|
||||
struct timeval now, diff;
|
||||
gettimeofday(&now, NULL);
|
||||
timersub(&now, &n->probe_time, &diff);
|
||||
n->probe_counter++;
|
||||
|
||||
if(n->probe_counter == 1) {
|
||||
n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
|
||||
n->probe_time = now;
|
||||
} else if(n->probe_counter == 3) {
|
||||
n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -365,6 +409,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
if(inpkt->seqno > n->received_seqno)
|
||||
n->received_seqno = inpkt->seqno;
|
||||
|
||||
n->received++;
|
||||
|
||||
if(n->received_seqno > MAX_SEQNO)
|
||||
regenerate_key();
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_setup.c -- Setup.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -31,6 +31,7 @@
|
|||
#include "ecdsa.h"
|
||||
#include "graph.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "netutl.h"
|
||||
#include "process.h"
|
||||
|
@ -807,6 +808,37 @@ static bool setup_myself(void) {
|
|||
|
||||
/* Open sockets */
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if(unix_fd < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
struct sockaddr_un sa;
|
||||
sa.sun_family = AF_UNIX;
|
||||
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
|
||||
|
||||
if(connect(unix_fd, (struct sockaddr *)&sa, sizeof sa) >= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
|
||||
return false;
|
||||
}
|
||||
|
||||
unlink(unixsocketname);
|
||||
|
||||
if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
if(listen(unix_fd, 3) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
|
||||
#endif
|
||||
|
||||
if(!do_detach && getenv("LISTEN_FDS")) {
|
||||
sockaddr_t sa;
|
||||
socklen_t salen;
|
||||
|
@ -991,6 +1023,11 @@ void close_network_connections(void) {
|
|||
close(listen_socket[i].udp.fd);
|
||||
}
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
io_del(&unix_socket);
|
||||
close(unix_socket.fd);
|
||||
#endif
|
||||
|
||||
char *envp[5];
|
||||
xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
|
||||
xasprintf(&envp[1], "DEVICE=%s", device ? : "");
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_socket.c -- Handle various kinds of sockets.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2009 Florian Forster <octo@verplant.org>
|
||||
|
||||
|
@ -24,9 +24,11 @@
|
|||
|
||||
#include "conf.h"
|
||||
#include "connection.h"
|
||||
#include "control_common.h"
|
||||
#include "list.h"
|
||||
#include "logger.h"
|
||||
#include "meta.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "netutl.h"
|
||||
#include "protocol.h"
|
||||
|
@ -46,6 +48,9 @@ int udp_sndbuf = 0;
|
|||
|
||||
listen_socket_t listen_socket[MAXSOCKETS];
|
||||
int listen_sockets;
|
||||
#ifndef HAVE_MINGW
|
||||
io_t unix_socket;
|
||||
#endif
|
||||
list_t *outgoing_list = NULL;
|
||||
|
||||
/* Setup sockets */
|
||||
|
@ -289,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
|
|||
void finish_connecting(connection_t *c) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
|
||||
|
||||
if(proxytype != PROXY_EXEC)
|
||||
configure_tcp(c);
|
||||
|
||||
c->last_ping_time = time(NULL);
|
||||
c->status.connecting = false;
|
||||
|
||||
|
@ -368,10 +370,28 @@ static void handle_meta_write(connection_t *c) {
|
|||
}
|
||||
|
||||
static void handle_meta_io(void *data, int flags) {
|
||||
connection_t *c = data;
|
||||
|
||||
if(c->status.connecting) {
|
||||
c->status.connecting = false;
|
||||
|
||||
int result;
|
||||
socklen_t len = sizeof result;
|
||||
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len);
|
||||
|
||||
if(!result)
|
||||
finish_connecting(c);
|
||||
else {
|
||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
|
||||
terminate_connection(c, false);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if(flags & IO_WRITE)
|
||||
handle_meta_write(data);
|
||||
handle_meta_write(c);
|
||||
else
|
||||
handle_meta_connection_data(data);
|
||||
handle_meta_connection_data(c);
|
||||
}
|
||||
|
||||
bool do_outgoing_connection(outgoing_t *outgoing) {
|
||||
|
@ -436,6 +456,7 @@ begin:
|
|||
}
|
||||
logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
|
||||
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
|
||||
configure_tcp(c);
|
||||
}
|
||||
|
||||
if(c->socket == -1) {
|
||||
|
@ -488,7 +509,7 @@ begin:
|
|||
|
||||
connection_add(c);
|
||||
|
||||
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
|
||||
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -561,6 +582,45 @@ void handle_new_meta_connection(void *data, int flags) {
|
|||
send_id(c);
|
||||
}
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
/*
|
||||
accept a new UNIX socket connection
|
||||
*/
|
||||
void handle_new_unix_connection(void *data, int flags) {
|
||||
io_t *io = data;
|
||||
connection_t *c;
|
||||
sockaddr_t sa;
|
||||
int fd;
|
||||
socklen_t len = sizeof sa;
|
||||
|
||||
fd = accept(io->fd, &sa.sa, &len);
|
||||
|
||||
if(fd < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
|
||||
return;
|
||||
}
|
||||
|
||||
sockaddrunmap(&sa);
|
||||
|
||||
c = new_connection();
|
||||
c->name = xstrdup("<control>");
|
||||
c->address = sa;
|
||||
c->hostname = xstrdup("localhost port unix");
|
||||
c->socket = fd;
|
||||
c->last_ping_time = time(NULL);
|
||||
|
||||
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
|
||||
|
||||
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
|
||||
|
||||
connection_add(c);
|
||||
|
||||
c->allow_request = ID;
|
||||
|
||||
send_id(c);
|
||||
}
|
||||
#endif
|
||||
|
||||
static void free_outgoing(outgoing_t *outgoing) {
|
||||
timeout_del(&outgoing->ev);
|
||||
|
||||
|
|
10
src/node.h
10
src/node.h
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
node.h -- header for node.c
|
||||
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -77,6 +77,9 @@ typedef struct node_t {
|
|||
|
||||
uint32_t sent_seqno; /* Sequence number last sent to this node */
|
||||
uint32_t received_seqno; /* Sequence number last received from this node */
|
||||
uint32_t received; /* Total valid packets received from this node */
|
||||
uint32_t prev_received_seqno;
|
||||
uint32_t prev_received;
|
||||
uint32_t farfuture; /* Packets in a row that have arrived from the far future */
|
||||
unsigned char* late; /* Bitfield marking late packets */
|
||||
|
||||
|
@ -85,6 +88,11 @@ typedef struct node_t {
|
|||
length_t maxmtu; /* Probed maximum MTU */
|
||||
int mtuprobes; /* Number of probes */
|
||||
timeout_t mtutimeout; /* Probe event */
|
||||
struct timeval probe_time; /* Time the last probe was sent or received */
|
||||
int probe_counter; /* Number of probes received since last burst was sent */
|
||||
float rtt; /* Last measured round trip time */
|
||||
float bandwidth; /* Last measured bandwidth */
|
||||
float packetloss; /* Last measured packet loss rate */
|
||||
|
||||
uint64_t in_packets;
|
||||
uint64_t in_bytes;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
process.c -- process management functions
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -27,6 +27,7 @@
|
|||
#include "edge.h"
|
||||
#include "event.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "node.h"
|
||||
#include "process.h"
|
||||
|
@ -38,17 +39,12 @@
|
|||
bool do_detach = true;
|
||||
bool sigalrm = false;
|
||||
|
||||
extern char *identname;
|
||||
extern char **g_argv;
|
||||
extern bool use_logfile;
|
||||
|
||||
/* Some functions the less gifted operating systems might lack... */
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
extern char *identname;
|
||||
extern char *program_name;
|
||||
extern char **g_argv;
|
||||
|
||||
static SC_HANDLE manager = NULL;
|
||||
static SC_HANDLE service = NULL;
|
||||
static SERVICE_STATUS status = {0};
|
||||
|
@ -263,8 +259,8 @@ bool execute_script(const char *name, char **envp) {
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef WEXITSTATUS
|
||||
if(status != -1) {
|
||||
#ifdef WEXITSTATUS
|
||||
if(WIFEXITED(status)) { /* Child exited by itself */
|
||||
if(WEXITSTATUS(status)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d",
|
||||
|
@ -279,11 +275,11 @@ bool execute_script(const char *name, char **envp) {
|
|||
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name);
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -111,7 +111,7 @@ void forward_request(connection_t *from, const char *request) {
|
|||
}
|
||||
|
||||
bool receive_request(connection_t *c, const char *request) {
|
||||
if(proxytype == PROXY_HTTP && c->allow_request == ID) {
|
||||
if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
|
||||
if(!request[0] || request[0] == '\r')
|
||||
return true;
|
||||
if(!strncasecmp(request, "HTTP/1.1 ", 9)) {
|
||||
|
|
|
@ -139,7 +139,7 @@ bool send_id(connection_t *c) {
|
|||
minor = myself->connection->protocol_minor;
|
||||
}
|
||||
|
||||
if(proxytype)
|
||||
if(proxytype && c->outgoing)
|
||||
if(!send_proxyrequest(c))
|
||||
return false;
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
protocol_key.c -- handle the meta-protocol, key exchange
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -278,6 +278,7 @@ bool send_ans_key(node_t *to) {
|
|||
// Reset sequence number and late packet window
|
||||
mykeyused = true;
|
||||
to->received_seqno = 0;
|
||||
to->received = 0;
|
||||
if(replaywin) memset(to->late, 0, replaywin);
|
||||
|
||||
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
route.c -- routing
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -835,6 +835,11 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
|||
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
|
||||
return;
|
||||
|
||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||
|
||||
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
|
||||
packet->priority = packet->data[15];
|
||||
|
||||
// Handle packets larger than PMTU
|
||||
|
||||
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||
|
@ -844,7 +849,6 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
|||
|
||||
if(via && packet->len > via->mtu && via != myself) {
|
||||
logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||
length_t ethlen = 14;
|
||||
|
||||
if(type == ETH_P_8021Q) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Solaris tun device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -28,6 +28,7 @@
|
|||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "utils.h"
|
||||
#include "xalloc.h"
|
||||
|
|
29
src/sptps.c
29
src/sptps.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
sptps.c -- Simple Peer-to-Peer Security
|
||||
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2010 Brandon L. Black <blblack@gmail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -439,6 +439,17 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
|
|||
return receive_handshake(s, data + 5, len - 5);
|
||||
}
|
||||
|
||||
// Check HMAC.
|
||||
uint16_t netlen = htons(len - 21);
|
||||
|
||||
char buffer[len + 23];
|
||||
|
||||
memcpy(buffer, &netlen, 2);
|
||||
memcpy(buffer + 2, data, len);
|
||||
|
||||
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
|
||||
return error(s, EIO, "Invalid HMAC");
|
||||
|
||||
// Replay protection using a sliding window of configurable size.
|
||||
// s->inseqno is expected sequence number
|
||||
// seqno is received sequence number
|
||||
|
@ -473,19 +484,13 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
|
|||
if(seqno > s->inseqno)
|
||||
s->inseqno = seqno + 1;
|
||||
|
||||
uint16_t netlen = htons(len - 21);
|
||||
|
||||
char buffer[len + 23];
|
||||
|
||||
memcpy(buffer, &netlen, 2);
|
||||
memcpy(buffer + 2, data, len);
|
||||
if(!s->inseqno)
|
||||
s->received = 0;
|
||||
else
|
||||
s->received++;
|
||||
|
||||
// Decrypt.
|
||||
memcpy(&seqno, buffer + 2, 4);
|
||||
|
||||
// Check HMAC and decrypt.
|
||||
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
|
||||
return error(s, EIO, "Invalid HMAC");
|
||||
|
||||
cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
|
||||
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
|
||||
return false;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
sptps.h -- Simple Peer-to-Peer Security
|
||||
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -56,6 +56,7 @@ typedef struct sptps {
|
|||
cipher_t incipher;
|
||||
digest_t indigest;
|
||||
uint32_t inseqno;
|
||||
uint32_t received;
|
||||
unsigned int replaywin;
|
||||
unsigned int farfuture;
|
||||
char *late;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
subnet.c -- handle subnet lookups and lists
|
||||
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -25,6 +25,7 @@
|
|||
#include "device.h"
|
||||
#include "hash.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "netutl.h"
|
||||
#include "node.h"
|
||||
|
|
216
src/tincctl.c
216
src/tincctl.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
tincctl.c -- Controlling a running tincd
|
||||
Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -31,6 +31,7 @@
|
|||
#include "control_common.h"
|
||||
#include "ecdsagen.h"
|
||||
#include "info.h"
|
||||
#include "names.h"
|
||||
#include "rsagen.h"
|
||||
#include "utils.h"
|
||||
#include "tincctl.h"
|
||||
|
@ -40,10 +41,6 @@
|
|||
#define mkdir(a, b) mkdir(a)
|
||||
#endif
|
||||
|
||||
|
||||
/* The name this program was run with. */
|
||||
static char *program_name = NULL;
|
||||
|
||||
static char **orig_argv;
|
||||
static int orig_argc;
|
||||
|
||||
|
@ -54,12 +51,7 @@ static bool show_help = false;
|
|||
static bool show_version = false;
|
||||
|
||||
static char *name = NULL;
|
||||
static char *identname = NULL; /* program name for syslog */
|
||||
static char *pidfilename = NULL; /* pid file location */
|
||||
static char *confdir = NULL;
|
||||
static char controlcookie[1025];
|
||||
char *netname = NULL;
|
||||
char *confbase = NULL;
|
||||
static char *tinc_conf = NULL;
|
||||
static char *hosts_dir = NULL;
|
||||
struct timeval now;
|
||||
|
@ -107,10 +99,9 @@ static void version(void) {
|
|||
}
|
||||
|
||||
static void usage(bool status) {
|
||||
if(status)
|
||||
fprintf(stderr, "Try `%s --help\' for more information.\n",
|
||||
program_name);
|
||||
else {
|
||||
if(status) {
|
||||
fprintf(stderr, "Try `%s --help\' for more information.\n", program_name);
|
||||
} else {
|
||||
printf("Usage: %s [options] command\n\n", program_name);
|
||||
printf("Valid options are:\n"
|
||||
" -c, --config=DIR Read configuration options from DIR.\n"
|
||||
|
@ -153,6 +144,8 @@ static void usage(bool status) {
|
|||
" export Export host configuration of local node to standard output\n"
|
||||
" export-all Export all host configuration files to standard output\n"
|
||||
" import [--force] Import host configuration file(s) from standard input\n"
|
||||
" exchange [--force] Same as export followed by import\n"
|
||||
" exchange-all [--force] Same as export-all followed by import\n"
|
||||
"\n");
|
||||
printf("Report bugs to tinc@tinc-vpn.org.\n");
|
||||
}
|
||||
|
@ -453,62 +446,6 @@ static bool rsa_keygen(int bits, bool ask) {
|
|||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
Set all files and paths according to netname
|
||||
*/
|
||||
static void make_names(void) {
|
||||
#ifdef HAVE_MINGW
|
||||
HKEY key;
|
||||
char installdir[1024] = "";
|
||||
long len = sizeof installdir;
|
||||
#endif
|
||||
|
||||
if(netname)
|
||||
xasprintf(&identname, "tinc.%s", netname);
|
||||
else
|
||||
identname = xstrdup("tinc");
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
||||
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
|
||||
if(!confbase) {
|
||||
if(netname)
|
||||
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
|
||||
else
|
||||
xasprintf(&confbase, "%s", installdir);
|
||||
}
|
||||
}
|
||||
if(!pidfilename)
|
||||
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
|
||||
RegCloseKey(key);
|
||||
}
|
||||
|
||||
if(!*installdir) {
|
||||
#endif
|
||||
confdir = xstrdup(CONFDIR);
|
||||
|
||||
if(!pidfilename)
|
||||
xasprintf(&pidfilename, "%s" SLASH "run" SLASH "%s.pid", LOCALSTATEDIR, identname);
|
||||
|
||||
if(netname) {
|
||||
if(!confbase)
|
||||
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
|
||||
else
|
||||
fprintf(stderr, "Both netname and configuration directory given, using the latter...\n");
|
||||
} else {
|
||||
if(!confbase)
|
||||
xasprintf(&confbase, CONFDIR SLASH "tinc");
|
||||
}
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
} else
|
||||
confdir = xstrdup(installdir);
|
||||
#endif
|
||||
|
||||
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
|
||||
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
|
||||
}
|
||||
|
||||
static char buffer[4096];
|
||||
static size_t blen = 0;
|
||||
|
||||
|
@ -729,6 +666,26 @@ static bool connect_tincd(bool verbose) {
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
struct sockaddr_un sa;
|
||||
sa.sun_family = AF_UNIX;
|
||||
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
|
||||
|
||||
fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if(fd < 0) {
|
||||
if(verbose)
|
||||
fprintf(stderr, "Cannot create UNIX socket: %s\n", sockstrerror(sockerrno));
|
||||
return false;
|
||||
}
|
||||
|
||||
if(connect(fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
|
||||
if(verbose)
|
||||
fprintf(stderr, "Cannot connect to UNIX socket %s: %s\n", unixsocketname, sockstrerror(sockerrno));
|
||||
close(fd);
|
||||
fd = -1;
|
||||
return false;
|
||||
}
|
||||
#else
|
||||
struct addrinfo hints = {
|
||||
.ai_family = AF_UNSPEC,
|
||||
.ai_socktype = SOCK_STREAM,
|
||||
|
@ -769,6 +726,7 @@ static bool connect_tincd(bool verbose) {
|
|||
}
|
||||
|
||||
freeaddrinfo(res);
|
||||
#endif
|
||||
|
||||
char data[4096];
|
||||
int version;
|
||||
|
@ -854,6 +812,11 @@ static int cmd_start(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_stop(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
if(!connect_tincd(true)) {
|
||||
if(pid) {
|
||||
|
@ -871,16 +834,10 @@ static int cmd_stop(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
sendline(fd, "%d %d", CONTROL, REQ_STOP);
|
||||
if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_STOP || result) {
|
||||
fprintf(stderr, "Could not stop tinc daemon.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Wait for tincd to close the connection...
|
||||
fd_set r;
|
||||
FD_ZERO(&r);
|
||||
FD_SET(fd, &r);
|
||||
select(fd + 1, &r, NULL, NULL, NULL);
|
||||
while(recvline(fd, line, sizeof line)) {
|
||||
// Wait for tincd to close the connection...
|
||||
}
|
||||
#else
|
||||
if(!remove_service())
|
||||
return 1;
|
||||
|
@ -898,6 +855,11 @@ static int cmd_restart(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_reload(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!connect_tincd(true))
|
||||
return 1;
|
||||
|
||||
|
@ -1070,6 +1032,11 @@ static int cmd_dump(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_purge(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!connect_tincd(true))
|
||||
return 1;
|
||||
|
||||
|
@ -1105,6 +1072,11 @@ static int cmd_debug(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_retry(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!connect_tincd(true))
|
||||
return 1;
|
||||
|
||||
|
@ -1164,6 +1136,11 @@ static int cmd_disconnect(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_top(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CURSES
|
||||
if(!connect_tincd(true))
|
||||
return 1;
|
||||
|
@ -1177,6 +1154,11 @@ static int cmd_top(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_pcap(int argc, char *argv[]) {
|
||||
if(argc > 2) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!connect_tincd(true))
|
||||
return 1;
|
||||
|
||||
|
@ -1185,6 +1167,11 @@ static int cmd_pcap(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_log(int argc, char *argv[]) {
|
||||
if(argc > 2) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!connect_tincd(true))
|
||||
return 1;
|
||||
|
||||
|
@ -1193,6 +1180,11 @@ static int cmd_log(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_pid(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!connect_tincd(true) && !pid)
|
||||
return 1;
|
||||
|
||||
|
@ -1613,7 +1605,10 @@ static int cmd_init(int argc, char *argv[]) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
if(argc < 2) {
|
||||
if(argc > 2) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
} else if(argc < 2) {
|
||||
if(tty) {
|
||||
char buf[1024];
|
||||
fprintf(stdout, "Enter the Name you want your tinc node to have: ");
|
||||
|
@ -1692,14 +1687,29 @@ static int cmd_init(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_generate_keys(int argc, char *argv[]) {
|
||||
if(argc > 2) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
|
||||
}
|
||||
|
||||
static int cmd_generate_rsa_keys(int argc, char *argv[]) {
|
||||
if(argc > 2) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
|
||||
}
|
||||
|
||||
static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
return !ecdsa_keygen(true);
|
||||
}
|
||||
|
||||
|
@ -1709,6 +1719,11 @@ static int cmd_help(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
static int cmd_version(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
version();
|
||||
return 0;
|
||||
}
|
||||
|
@ -1811,14 +1826,29 @@ static int export(const char *name, FILE *out) {
|
|||
}
|
||||
|
||||
static int cmd_export(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
char *name = get_my_name();
|
||||
if(!name)
|
||||
return 1;
|
||||
|
||||
return export(name, stdout);
|
||||
int result = export(name, stdout);
|
||||
if(!tty)
|
||||
fclose(stdout);
|
||||
|
||||
free(name);
|
||||
return result;
|
||||
}
|
||||
|
||||
static int cmd_export_all(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
DIR *dir = opendir(hosts_dir);
|
||||
if(!dir) {
|
||||
fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
|
||||
|
@ -1842,21 +1872,30 @@ static int cmd_export_all(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
closedir(dir);
|
||||
if(!tty)
|
||||
fclose(stdout);
|
||||
return result;
|
||||
}
|
||||
|
||||
static int cmd_import(int argc, char *argv[]) {
|
||||
if(argc > 1) {
|
||||
fprintf(stderr, "Too many arguments!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
FILE *in = stdin;
|
||||
FILE *out = NULL;
|
||||
|
||||
char buf[4096];
|
||||
char name[4096];
|
||||
char *filename;
|
||||
char *filename = NULL;
|
||||
int count = 0;
|
||||
bool firstline = true;
|
||||
|
||||
while(fgets(buf, sizeof buf, in)) {
|
||||
if(sscanf(buf, "Name = %s", name) == 1) {
|
||||
firstline = false;
|
||||
|
||||
if(!check_id(name)) {
|
||||
fprintf(stderr, "Invalid Name in input!\n");
|
||||
return 1;
|
||||
|
@ -1881,7 +1920,6 @@ static int cmd_import(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
count++;
|
||||
firstline = false;
|
||||
continue;
|
||||
} else if(firstline) {
|
||||
fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
|
||||
|
@ -1912,6 +1950,14 @@ static int cmd_import(int argc, char *argv[]) {
|
|||
}
|
||||
}
|
||||
|
||||
static int cmd_exchange(int argc, char *argv[]) {
|
||||
return cmd_export(argc, argv) ?: cmd_import(argc, argv);
|
||||
}
|
||||
|
||||
static int cmd_exchange_all(int argc, char *argv[]) {
|
||||
return cmd_export_all(argc, argv) ?: cmd_import(argc, argv);
|
||||
}
|
||||
|
||||
static const struct {
|
||||
const char *command;
|
||||
int (*function)(int argc, char *argv[]);
|
||||
|
@ -1942,6 +1988,8 @@ static const struct {
|
|||
{"export", cmd_export},
|
||||
{"export-all", cmd_export_all},
|
||||
{"import", cmd_import},
|
||||
{"exchange", cmd_exchange},
|
||||
{"exchange-all", cmd_exchange_all},
|
||||
{NULL, NULL},
|
||||
};
|
||||
|
||||
|
@ -2189,6 +2237,8 @@ int main(int argc, char *argv[]) {
|
|||
return 1;
|
||||
|
||||
make_names();
|
||||
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
|
||||
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
|
||||
|
||||
if(show_version) {
|
||||
version();
|
||||
|
|
106
src/tincd.c
106
src/tincd.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
tincd.c -- the main file for tincd
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2008 Max Rijevski <maksuf@gmail.com>
|
||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||
2010 Julien Muchembled <jm@jmuchemb.eu>
|
||||
|
@ -33,12 +33,6 @@
|
|||
#include <sys/mman.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#ifdef HAVE_LZO
|
||||
#include LZO1X_H
|
||||
#endif
|
||||
|
@ -56,6 +50,7 @@
|
|||
#include "crypto.h"
|
||||
#include "device.h"
|
||||
#include "logger.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "netutl.h"
|
||||
#include "process.h"
|
||||
|
@ -63,9 +58,6 @@
|
|||
#include "utils.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
/* The name this program was run with. */
|
||||
char *program_name = NULL;
|
||||
|
||||
/* If nonzero, display usage information and exit. */
|
||||
static bool show_help = false;
|
||||
|
||||
|
@ -75,21 +67,22 @@ static bool show_version = false;
|
|||
/* If nonzero, use null ciphers and skip all key exchanges. */
|
||||
bool bypass_security = false;
|
||||
|
||||
#ifdef HAVE_MLOCKALL
|
||||
/* If nonzero, disable swapping for this process. */
|
||||
static bool do_mlock = false;
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
/* If nonzero, chroot to netdir after startup. */
|
||||
static bool do_chroot = false;
|
||||
|
||||
/* If !NULL, do setuid to given user after startup */
|
||||
static const char *switchuser = NULL;
|
||||
#endif
|
||||
|
||||
/* If nonzero, write log entries to a separate file. */
|
||||
bool use_logfile = false;
|
||||
|
||||
char *identname = NULL; /* program name for syslog */
|
||||
char *logfilename = NULL; /* log file location */
|
||||
char *pidfilename = NULL;
|
||||
char **g_argv; /* a copy of the cmdline arguments */
|
||||
|
||||
static int status = 1;
|
||||
|
@ -127,13 +120,18 @@ static void usage(bool status) {
|
|||
" -D, --no-detach Don't fork and detach.\n"
|
||||
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
|
||||
" -n, --net=NETNAME Connect to net NETNAME.\n"
|
||||
#ifdef HAVE_MLOCKALL
|
||||
" -L, --mlock Lock tinc into main memory.\n"
|
||||
#endif
|
||||
" --logfile[=FILENAME] Write log entries to a logfile.\n"
|
||||
" --pidfile=FILENAME Write PID and control socket cookie to FILENAME.\n"
|
||||
" --bypass-security Disables meta protocol security, for debugging.\n"
|
||||
" -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n"
|
||||
#ifndef HAVE_MINGW
|
||||
" -R, --chroot chroot to NET dir at startup.\n"
|
||||
" -U, --user=USER setuid to given USER at startup.\n" " --help Display this help and exit.\n"
|
||||
" -U, --user=USER setuid to given USER at startup.\n"
|
||||
#endif
|
||||
" --help Display this help and exit.\n"
|
||||
" --version Output version information and exit.\n\n");
|
||||
printf("Report bugs to tinc@tinc-vpn.org.\n");
|
||||
}
|
||||
|
@ -162,7 +160,7 @@ static bool parse_options(int argc, char **argv) {
|
|||
|
||||
case 'L': /* no detach */
|
||||
#ifndef HAVE_MLOCKALL
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "mlockall()");
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
|
||||
return false;
|
||||
#else
|
||||
do_mlock = true;
|
||||
|
@ -187,6 +185,12 @@ static bool parse_options(int argc, char **argv) {
|
|||
list_insert_tail(cmdline_conf, cfg);
|
||||
break;
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
case 'R':
|
||||
case 'U':
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
|
||||
return false;
|
||||
#else
|
||||
case 'R': /* chroot to NETNAME dir */
|
||||
do_chroot = true;
|
||||
break;
|
||||
|
@ -194,6 +198,7 @@ static bool parse_options(int argc, char **argv) {
|
|||
case 'U': /* setuid to USER */
|
||||
switchuser = optarg;
|
||||
break;
|
||||
#endif
|
||||
|
||||
case 1: /* show help */
|
||||
show_help = true;
|
||||
|
@ -244,77 +249,8 @@ static bool parse_options(int argc, char **argv) {
|
|||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
Set all files and paths according to netname
|
||||
*/
|
||||
static void make_names(void) {
|
||||
#ifdef HAVE_MINGW
|
||||
HKEY key;
|
||||
char installdir[1024] = "";
|
||||
long len = sizeof installdir;
|
||||
#endif
|
||||
|
||||
if(netname)
|
||||
xasprintf(&identname, "tinc.%s", netname);
|
||||
else
|
||||
identname = xstrdup("tinc");
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
||||
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
|
||||
if(!logfilename)
|
||||
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", identname);
|
||||
if(!confbase) {
|
||||
if(netname)
|
||||
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
|
||||
else
|
||||
xasprintf(&confbase, "%s", installdir);
|
||||
}
|
||||
if(!pidfilename)
|
||||
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
|
||||
}
|
||||
RegCloseKey(key);
|
||||
if(*installdir)
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
if(!logfilename)
|
||||
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
|
||||
|
||||
if(!pidfilename)
|
||||
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
|
||||
|
||||
if(netname) {
|
||||
if(!confbase)
|
||||
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
|
||||
else
|
||||
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
|
||||
} else {
|
||||
if(!confbase)
|
||||
xasprintf(&confbase, CONFDIR SLASH "tinc");
|
||||
}
|
||||
}
|
||||
|
||||
static void free_names(void) {
|
||||
if (identname) free(identname);
|
||||
if (netname) free(netname);
|
||||
if (pidfilename) free(pidfilename);
|
||||
if (logfilename) free(logfilename);
|
||||
if (confbase) free(confbase);
|
||||
}
|
||||
|
||||
static bool drop_privs(void) {
|
||||
#ifdef HAVE_MINGW
|
||||
if (switchuser) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-U");
|
||||
return false;
|
||||
}
|
||||
if (do_chroot) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-R");
|
||||
return false;
|
||||
}
|
||||
#else
|
||||
#ifndef HAVE_MINGW
|
||||
uid_t uid = 0;
|
||||
if (switchuser) {
|
||||
struct passwd *pw = getpwnam(switchuser);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
top.c -- Show real-time statistics from a running tincd
|
||||
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -25,6 +25,7 @@
|
|||
|
||||
#include "control_common.h"
|
||||
#include "list.h"
|
||||
#include "names.h"
|
||||
#include "tincctl.h"
|
||||
#include "top.h"
|
||||
#include "xalloc.h"
|
||||
|
@ -65,10 +66,6 @@ static float bscale = 1;
|
|||
static const char *punit = "pkts";
|
||||
static float pscale = 1;
|
||||
|
||||
#ifndef timersub
|
||||
#define timersub(a, b, c) do {(c)->tv_sec = (a)->tv_sec - (b)->tv_sec; (c)->tv_usec = (a)->tv_usec = (b)->tv_usec;} while(0)
|
||||
#endif
|
||||
|
||||
static void update(int fd) {
|
||||
sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC);
|
||||
gettimeofday(&cur, NULL);
|
||||
|
@ -229,7 +226,7 @@ static void redraw(void) {
|
|||
attrset(A_DIM);
|
||||
|
||||
if(cumulative)
|
||||
mvprintw(row, 0, "%-16s %10"PRIu64" %10.0f %10"PRIu64" %10.0f",
|
||||
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
|
||||
node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale);
|
||||
else
|
||||
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- UML network socket
|
||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -24,6 +24,7 @@
|
|||
|
||||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "logger.h"
|
||||
#include "utils.h"
|
||||
|
@ -37,9 +38,6 @@ static int write_fd = -1;
|
|||
static int state = 0;
|
||||
static char *device_info;
|
||||
|
||||
extern char *identname;
|
||||
extern volatile bool running;
|
||||
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
|
@ -73,7 +71,7 @@ static bool setup_device(void) {
|
|||
|
||||
if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -85,13 +83,13 @@ static bool setup_device(void) {
|
|||
|
||||
if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -103,7 +101,7 @@ static bool setup_device(void) {
|
|||
|
||||
if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -116,7 +114,7 @@ static bool setup_device(void) {
|
|||
|
||||
if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -199,7 +197,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
|
||||
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -215,20 +213,20 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s",
|
||||
request.magic, request.version, request.type, device_info, device);
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
if(connect(write_fd, &request.sock, sizeof request.sock) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -245,7 +243,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
if((inlen = read(data_fd, packet->data, MTU)) <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -278,7 +276,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
|||
if(write(write_fd, packet->data, packet->len) < 0) {
|
||||
if(errno != EINTR && errno != EAGAIN) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
device.c -- VDE plug
|
||||
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -23,6 +23,7 @@
|
|||
|
||||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "names.h"
|
||||
#include "net.h"
|
||||
#include "logger.h"
|
||||
#include "utils.h"
|
||||
|
@ -35,9 +36,6 @@ static int port = 0;
|
|||
static char *group = NULL;
|
||||
static char *device_info;
|
||||
|
||||
extern char *identname;
|
||||
extern volatile bool running;
|
||||
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
|
@ -102,7 +100,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0);
|
||||
if(lenin <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -117,7 +115,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
|||
if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
|
||||
if(errno != EINTR && errno != EAGAIN) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||
running = false;
|
||||
event_exit();
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
Loading…
Reference in a new issue