Import Upstream version 1.1~pre6
This commit is contained in:
parent
ff64081061
commit
26033edb96
52 changed files with 3850 additions and 14921 deletions
25
NEWS
25
NEWS
|
@ -1,3 +1,28 @@
|
||||||
|
Version 1.1pre6 February 20 2013
|
||||||
|
|
||||||
|
* Fixed tincd exitting immediately on Windows.
|
||||||
|
|
||||||
|
* Detect PMTU increases.
|
||||||
|
|
||||||
|
* Fixed crashes when using a SOCKS5 proxy.
|
||||||
|
|
||||||
|
* Fixed control connection when using a proxy.
|
||||||
|
|
||||||
|
Version 1.1pre5 January 20 2013
|
||||||
|
|
||||||
|
* Fixed long delays and possible hangs on Windows.
|
||||||
|
|
||||||
|
* Fixed support for the tunemu device on iOS, the UML and VDE devices.
|
||||||
|
|
||||||
|
* Small improvements to the documentation and error messages.
|
||||||
|
|
||||||
|
* Fixed broadcast packets not reaching the whole VPN.
|
||||||
|
|
||||||
|
* Tincctl now connects via a UNIX socket to the tincd on platforms that
|
||||||
|
support this.
|
||||||
|
|
||||||
|
* The PriorityInheritance option now also works in switch mode.
|
||||||
|
|
||||||
Version 1.1pre4 December 5 2012
|
Version 1.1pre4 December 5 2012
|
||||||
|
|
||||||
* Added the "AutoConnect" option which will let tinc automatically select
|
* Added the "AutoConnect" option which will let tinc automatically select
|
||||||
|
|
8
README
8
README
|
@ -1,7 +1,7 @@
|
||||||
This is the README file for tinc version 1.1pre4. Installation
|
This is the README file for tinc version 1.1pre6. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2012 by:
|
tinc is Copyright (C) 1998-2013 by:
|
||||||
|
|
||||||
Ivo Timmermans,
|
Ivo Timmermans,
|
||||||
Guus Sliepen <guus@tinc-vpn.org>,
|
Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
|
@ -36,11 +36,11 @@ at your own risk.
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Version 1.1pre4 is compatible with 1.0pre8, 1.0 and later, but not with older
|
Version 1.1pre6 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||||
versions of tinc.
|
versions of tinc.
|
||||||
|
|
||||||
When the ExperimentalProtocol option is used, tinc is still compatible with
|
When the ExperimentalProtocol option is used, tinc is still compatible with
|
||||||
1.0.X and 1.1pre4 itself, but not with any other 1.1preX version.
|
1.0.X and 1.1pre6 itself, but not with any other 1.1preX version.
|
||||||
|
|
||||||
|
|
||||||
Requirements
|
Requirements
|
||||||
|
|
2
THANKS
2
THANKS
|
@ -6,7 +6,9 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Anthony G. Basile
|
* Anthony G. Basile
|
||||||
* Armijn Hemel
|
* Armijn Hemel
|
||||||
* Brandon Black
|
* Brandon Black
|
||||||
|
* Cheng LI
|
||||||
* Cris van Pelt
|
* Cris van Pelt
|
||||||
|
* Darius Jahandarie
|
||||||
* Delf Eldkraft
|
* Delf Eldkraft
|
||||||
* dnk
|
* dnk
|
||||||
* Enrique Zanardi
|
* Enrique Zanardi
|
||||||
|
|
2
configure
vendored
2
configure
vendored
|
@ -4095,7 +4095,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE=tinc
|
PACKAGE=tinc
|
||||||
VERSION=1.1pre4
|
VERSION=1.1pre6
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
|
|
@ -4,7 +4,7 @@ AC_PREREQ(2.61)
|
||||||
AC_INIT
|
AC_INIT
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AC_GNU_SOURCE
|
AC_GNU_SOURCE
|
||||||
AM_INIT_AUTOMAKE(tinc, 1.1pre4)
|
AM_INIT_AUTOMAKE(tinc, 1.1pre6)
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
AM_MAINTAINER_MODE
|
AM_MAINTAINER_MODE
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.Dd 2012-09-27
|
.Dd 2013-01-14
|
||||||
.Dt TINC.CONF 5
|
.Dt TINC.CONF 5
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Ivo Timmermans
|
.\" Ivo Timmermans
|
||||||
|
@ -343,7 +343,7 @@ This option selects the way packets are routed to other daemons.
|
||||||
In this mode
|
In this mode
|
||||||
.Va Subnet
|
.Va Subnet
|
||||||
variables in the host configuration files will be used to form a routing table.
|
variables in the host configuration files will be used to form a routing table.
|
||||||
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||||
.Pp
|
.Pp
|
||||||
This is the default mode, and unless you really know you need another mode, don't change it.
|
This is the default mode, and unless you really know you need another mode, don't change it.
|
||||||
.It switch
|
.It switch
|
||||||
|
@ -361,7 +361,7 @@ while no routing table is managed.
|
||||||
.It Va Name Li = Ar name Bq required
|
.It Va Name Li = Ar name Bq required
|
||||||
This is the name which identifies this tinc daemon.
|
This is the name which identifies this tinc daemon.
|
||||||
It must be unique for the virtual private network this daemon will connect to.
|
It must be unique for the virtual private network this daemon will connect to.
|
||||||
The Name may only consist of alphanumeric and underscore characters.
|
The Name may only consist of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
|
||||||
If
|
If
|
||||||
.Va Name
|
.Va Name
|
||||||
starts with a
|
starts with a
|
||||||
|
@ -372,7 +372,7 @@ If
|
||||||
.Va Name
|
.Va Name
|
||||||
is
|
is
|
||||||
.Li $HOST ,
|
.Li $HOST ,
|
||||||
but no such environment variable exist, the hostname will be read using the gethostnname() system call.
|
but no such environment variable exist, the hostname will be read using the gethostname() system call.
|
||||||
.It Va PingInterval Li = Ar seconds Pq 60
|
.It Va PingInterval Li = Ar seconds Pq 60
|
||||||
The number of seconds of inactivity that
|
The number of seconds of inactivity that
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
|
@ -428,7 +428,7 @@ and
|
||||||
are available.
|
are available.
|
||||||
.El
|
.El
|
||||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||||
vhis is the size of the replay tracking window for each remote node, in bytes.
|
This is the size of the replay tracking window for each remote node, in bytes.
|
||||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||||
the default setting of 16 will track up to 128 packets in the window. In high
|
the default setting of 16 will track up to 128 packets in the window. In high
|
||||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||||
|
@ -497,12 +497,9 @@ Furthermore, specifying
|
||||||
.Qq none
|
.Qq none
|
||||||
will turn off packet authentication.
|
will turn off packet authentication.
|
||||||
.It Va IndirectData Li = yes | no Pq no
|
.It Va IndirectData Li = yes | no Pq no
|
||||||
This option specifies whether other tinc daemons besides the one you specified with
|
When set to yes, other nodes which do not already have a meta connection to you
|
||||||
.Va ConnectTo
|
will not try to establish direct communication with you.
|
||||||
can make a direct connection to you.
|
It is best to leave this option out or set it to no.
|
||||||
This is especially useful if you are behind a firewall
|
|
||||||
and it is impossible to make a connection from the outside to your tinc daemon.
|
|
||||||
Otherwise, it is best to leave this option out or set it to no.
|
|
||||||
.It Va MACLength Li = Ar length Pq 4
|
.It Va MACLength Li = Ar length Pq 4
|
||||||
The length of the message authentication code used to authenticate UDP packets.
|
The length of the message authentication code used to authenticate UDP packets.
|
||||||
Can be anything from
|
Can be anything from
|
||||||
|
|
177
doc/tinc.info
177
doc/tinc.info
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
||||||
* tinc: (tinc). The tinc Manual.
|
* tinc: (tinc). The tinc Manual.
|
||||||
END-INFO-DIR-ENTRY
|
END-INFO-DIR-ENTRY
|
||||||
|
|
||||||
This is the info manual for tinc version 1.1pre4, a Virtual Private
|
This is the info manual for tinc version 1.1pre5, a Virtual Private
|
||||||
Network daemon.
|
Network daemon.
|
||||||
|
|
||||||
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
|
Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
|
||||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||||
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
Permission is granted to make and distribute verbatim copies of this
|
||||||
|
@ -989,9 +989,8 @@ Mode = <router|switch|hub> (router)
|
||||||
|
|
||||||
router
|
router
|
||||||
In this mode Subnet variables in the host configuration files
|
In this mode Subnet variables in the host configuration files
|
||||||
will be used to form a routing table. Only unicast packets
|
will be used to form a routing table. Only packets of
|
||||||
of routable protocols (IPv4 and IPv6) are supported in this
|
routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||||
mode.
|
|
||||||
|
|
||||||
This is the default mode, and unless you really know you need
|
This is the default mode, and unless you really know you need
|
||||||
another mode, don't change it.
|
another mode, don't change it.
|
||||||
|
@ -1026,13 +1025,13 @@ MACExpire = <SECONDS> (600)
|
||||||
Name = <NAME> [required]
|
Name = <NAME> [required]
|
||||||
This is a symbolic name for this connection. The name should
|
This is a symbolic name for this connection. The name should
|
||||||
consist only of alfanumeric and underscore characters (a-z, A-Z,
|
consist only of alfanumeric and underscore characters (a-z, A-Z,
|
||||||
0-9 and _).
|
0-9 and _), and is case sensitive.
|
||||||
|
|
||||||
If Name starts with a $, then the contents of the environment
|
If Name starts with a $, then the contents of the environment
|
||||||
variable that follows will be used. In that case, invalid
|
variable that follows will be used. In that case, invalid
|
||||||
characters will be converted to underscores. If Name is $HOST,
|
characters will be converted to underscores. If Name is $HOST,
|
||||||
but no such environment variable exist, the hostname will be read
|
but no such environment variable exist, the hostname will be read
|
||||||
using the gethostnname() system call.
|
using the gethostname() system call.
|
||||||
|
|
||||||
PingInterval = <SECONDS> (60)
|
PingInterval = <SECONDS> (60)
|
||||||
The number of seconds of inactivity that tinc will wait before
|
The number of seconds of inactivity that tinc will wait before
|
||||||
|
@ -1157,12 +1156,9 @@ Digest = <DIGEST> (sha1)
|
||||||
"none" will turn off packet authentication.
|
"none" will turn off packet authentication.
|
||||||
|
|
||||||
IndirectData = <yes|no> (no)
|
IndirectData = <yes|no> (no)
|
||||||
This option specifies whether other tinc daemons besides the one
|
When set to yes, other nodes which do not already have a meta
|
||||||
you specified with ConnectTo can make a direct connection to you.
|
connection to you will not try to establish direct communication
|
||||||
This is especially useful if you are behind a firewall and it is
|
with you. It is best to leave this option out or set it to no.
|
||||||
impossible to make a connection from the outside to your tinc
|
|
||||||
daemon. Otherwise, it is best to leave this option out or set it
|
|
||||||
to no.
|
|
||||||
|
|
||||||
MACLength = <BYTES> (4)
|
MACLength = <BYTES> (4)
|
||||||
The length of the message authentication code used to authenticate
|
The length of the message authentication code used to authenticate
|
||||||
|
@ -1412,10 +1408,11 @@ copy&paste the email:
|
||||||
|
|
||||||
If you are the owner of bar yourself, and you have SSH access to
|
If you are the owner of bar yourself, and you have SSH access to
|
||||||
that computer, you can also swap the host configuration files using the
|
that computer, you can also swap the host configuration files using the
|
||||||
following commands:
|
following command:
|
||||||
|
|
||||||
tincctl -n NETNAME export | ssh bar.example.org tincctl -n NETNAME import
|
tincctl -n NETNAME export \
|
||||||
ssh bar.example.org tincctl -n NETNAME export | tincctl -n NETNAME import
|
| ssh bar.example.org tincctl -n NETNAME exchange \
|
||||||
|
| tincctl -n NETNAME import
|
||||||
|
|
||||||
You should repeat this for all nodes you ConnectTo, or which
|
You should repeat this for all nodes you ConnectTo, or which
|
||||||
ConnectTo you. However, remember that you do not need to ConnectTo all
|
ConnectTo you. However, remember that you do not need to ConnectTo all
|
||||||
|
@ -1722,6 +1719,8 @@ command line options.
|
||||||
shared private keys to be written to the system swap
|
shared private keys to be written to the system swap
|
||||||
files/partitions.
|
files/partitions.
|
||||||
|
|
||||||
|
This option is not supported on all platforms.
|
||||||
|
|
||||||
`--logfile[=FILE]'
|
`--logfile[=FILE]'
|
||||||
Write log entries to a file instead of to the system logging
|
Write log entries to a file instead of to the system logging
|
||||||
facility. If FILE is omitted, the default is
|
facility. If FILE is omitted, the default is
|
||||||
|
@ -1744,11 +1743,15 @@ command line options.
|
||||||
or host-up), unless it's setup to be runnable inside chroot
|
or host-up), unless it's setup to be runnable inside chroot
|
||||||
environment.
|
environment.
|
||||||
|
|
||||||
|
This option is not supported on all platforms.
|
||||||
|
|
||||||
`-U, --user=USER'
|
`-U, --user=USER'
|
||||||
Switch to the given USER after initialization, at the same time as
|
Switch to the given USER after initialization, at the same time as
|
||||||
chroot is performed (see -chroot above). With this option tinc
|
chroot is performed (see -chroot above). With this option tinc
|
||||||
drops privileges, for added security.
|
drops privileges, for added security.
|
||||||
|
|
||||||
|
This option is not supported on all platforms.
|
||||||
|
|
||||||
`--help'
|
`--help'
|
||||||
Display a short reminder of these runtime options and terminate.
|
Display a short reminder of these runtime options and terminate.
|
||||||
|
|
||||||
|
@ -2077,9 +2080,15 @@ File: tinc.info, Node: tincctl commands, Next: tincctl examples, Prev: tincct
|
||||||
Export all host configuration files to standard output.
|
Export all host configuration files to standard output.
|
||||||
|
|
||||||
`import [--force]'
|
`import [--force]'
|
||||||
Import host configuration file(s) from standard input. Already
|
Import host configuration file(s) generated by the tincctl export
|
||||||
existing host configuration files are not overwritten unless the
|
command from standard input. Already existing host configuration
|
||||||
option -force is used.
|
files are not overwritten unless the option -force is used.
|
||||||
|
|
||||||
|
`exchange [--force]'
|
||||||
|
The same as export followed by import.
|
||||||
|
|
||||||
|
`exchange-all [--force]'
|
||||||
|
The same as export-all followed by import.
|
||||||
|
|
||||||
`start [tincd options]'
|
`start [tincd options]'
|
||||||
Start `tincd', optionally with the given extra options.
|
Start `tincd', optionally with the given extra options.
|
||||||
|
@ -2840,7 +2849,7 @@ Concept Index
|
||||||
* CHALLENGE: Authentication protocol.
|
* CHALLENGE: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* CIDR notation: Host configuration variables.
|
* CIDR notation: Host configuration variables.
|
||||||
(line 91)
|
(line 88)
|
||||||
* Cipher: Host configuration variables.
|
* Cipher: Host configuration variables.
|
||||||
(line 12)
|
(line 12)
|
||||||
* ClampMSS: Host configuration variables.
|
* ClampMSS: Host configuration variables.
|
||||||
|
@ -2882,7 +2891,7 @@ Concept Index
|
||||||
* example: Example configuration.
|
* example: Example configuration.
|
||||||
(line 6)
|
(line 6)
|
||||||
* exec: Main configuration variables.
|
* exec: Main configuration variables.
|
||||||
(line 322)
|
(line 321)
|
||||||
* ExperimentalProtocol: Main configuration variables.
|
* ExperimentalProtocol: Main configuration variables.
|
||||||
(line 164)
|
(line 164)
|
||||||
* Forwarding: Main configuration variables.
|
* Forwarding: Main configuration variables.
|
||||||
|
@ -2891,9 +2900,9 @@ Concept Index
|
||||||
* Hostnames: Main configuration variables.
|
* Hostnames: Main configuration variables.
|
||||||
(line 193)
|
(line 193)
|
||||||
* http: Main configuration variables.
|
* http: Main configuration variables.
|
||||||
(line 319)
|
(line 318)
|
||||||
* hub: Main configuration variables.
|
* hub: Main configuration variables.
|
||||||
(line 246)
|
(line 245)
|
||||||
* ID: Authentication protocol.
|
* ID: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* IndirectData: Host configuration variables.
|
* IndirectData: Host configuration variables.
|
||||||
|
@ -2904,7 +2913,7 @@ Concept Index
|
||||||
* IRC: Contact information. (line 9)
|
* IRC: Contact information. (line 9)
|
||||||
* KEY_CHANGED: The meta-protocol. (line 64)
|
* KEY_CHANGED: The meta-protocol. (line 64)
|
||||||
* KeyExpire: Main configuration variables.
|
* KeyExpire: Main configuration variables.
|
||||||
(line 251)
|
(line 250)
|
||||||
* libcurses: libcurses. (line 6)
|
* libcurses: libcurses. (line 6)
|
||||||
* libraries: Libraries. (line 6)
|
* libraries: Libraries. (line 6)
|
||||||
* libreadline: libreadline. (line 6)
|
* libreadline: libreadline. (line 6)
|
||||||
|
@ -2913,9 +2922,9 @@ Concept Index
|
||||||
(line 212)
|
(line 212)
|
||||||
* lzo: lzo. (line 6)
|
* lzo: lzo. (line 6)
|
||||||
* MACExpire: Main configuration variables.
|
* MACExpire: Main configuration variables.
|
||||||
(line 257)
|
(line 256)
|
||||||
* MACLength: Host configuration variables.
|
* MACLength: Host configuration variables.
|
||||||
(line 42)
|
(line 39)
|
||||||
* meta-protocol: The meta-connection. (line 18)
|
* meta-protocol: The meta-connection. (line 18)
|
||||||
* META_KEY: Authentication protocol.
|
* META_KEY: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
|
@ -2926,7 +2935,7 @@ Concept Index
|
||||||
* multiple networks: Multiple networks. (line 6)
|
* multiple networks: Multiple networks. (line 6)
|
||||||
* NAME: Scripts. (line 52)
|
* NAME: Scripts. (line 52)
|
||||||
* Name: Main configuration variables.
|
* Name: Main configuration variables.
|
||||||
(line 262)
|
(line 261)
|
||||||
* netmask: Network interfaces. (line 39)
|
* netmask: Network interfaces. (line 39)
|
||||||
* NETNAME <1>: tincctl environment variables.
|
* NETNAME <1>: tincctl environment variables.
|
||||||
(line 6)
|
(line 6)
|
||||||
|
@ -2938,44 +2947,44 @@ Concept Index
|
||||||
* OpenSSL: OpenSSL. (line 6)
|
* OpenSSL: OpenSSL. (line 6)
|
||||||
* options: Runtime options. (line 9)
|
* options: Runtime options. (line 9)
|
||||||
* PEM format: Host configuration variables.
|
* PEM format: Host configuration variables.
|
||||||
(line 67)
|
(line 64)
|
||||||
* PING: The meta-protocol. (line 89)
|
* PING: The meta-protocol. (line 89)
|
||||||
* PingInterval: Main configuration variables.
|
* PingInterval: Main configuration variables.
|
||||||
(line 273)
|
(line 272)
|
||||||
* PingTimeout: Main configuration variables.
|
* PingTimeout: Main configuration variables.
|
||||||
(line 277)
|
(line 276)
|
||||||
* platforms: Supported platforms. (line 6)
|
* platforms: Supported platforms. (line 6)
|
||||||
* PMTU: Host configuration variables.
|
* PMTU: Host configuration variables.
|
||||||
(line 47)
|
(line 44)
|
||||||
* PMTUDiscovery: Host configuration variables.
|
* PMTUDiscovery: Host configuration variables.
|
||||||
(line 50)
|
(line 47)
|
||||||
* PONG: The meta-protocol. (line 89)
|
* PONG: The meta-protocol. (line 89)
|
||||||
* Port: Host configuration variables.
|
* Port: Host configuration variables.
|
||||||
(line 55)
|
(line 52)
|
||||||
* port numbers: Other files. (line 17)
|
* port numbers: Other files. (line 17)
|
||||||
* PriorityInheritance: Main configuration variables.
|
* PriorityInheritance: Main configuration variables.
|
||||||
(line 283)
|
(line 282)
|
||||||
* private: Virtual Private Networks.
|
* private: Virtual Private Networks.
|
||||||
(line 10)
|
(line 10)
|
||||||
* PrivateKey: Main configuration variables.
|
* PrivateKey: Main configuration variables.
|
||||||
(line 288)
|
(line 287)
|
||||||
* PrivateKeyFile: Main configuration variables.
|
* PrivateKeyFile: Main configuration variables.
|
||||||
(line 294)
|
(line 293)
|
||||||
* ProcessPriority: Main configuration variables.
|
* ProcessPriority: Main configuration variables.
|
||||||
(line 299)
|
(line 298)
|
||||||
* Proxy: Main configuration variables.
|
* Proxy: Main configuration variables.
|
||||||
(line 304)
|
(line 303)
|
||||||
* PublicKey: Host configuration variables.
|
* PublicKey: Host configuration variables.
|
||||||
(line 59)
|
(line 56)
|
||||||
* PublicKeyFile: Host configuration variables.
|
* PublicKeyFile: Host configuration variables.
|
||||||
(line 62)
|
(line 59)
|
||||||
* raw_socket: Main configuration variables.
|
* raw_socket: Main configuration variables.
|
||||||
(line 100)
|
(line 100)
|
||||||
* release: Supported platforms. (line 14)
|
* release: Supported platforms. (line 14)
|
||||||
* REMOTEADDRESS: Scripts. (line 67)
|
* REMOTEADDRESS: Scripts. (line 67)
|
||||||
* REMOTEPORT: Scripts. (line 70)
|
* REMOTEPORT: Scripts. (line 70)
|
||||||
* ReplayWindow: Main configuration variables.
|
* ReplayWindow: Main configuration variables.
|
||||||
(line 327)
|
(line 326)
|
||||||
* REQ_KEY: The meta-protocol. (line 64)
|
* REQ_KEY: The meta-protocol. (line 64)
|
||||||
* requirements: Libraries. (line 6)
|
* requirements: Libraries. (line 6)
|
||||||
* router: Main configuration variables.
|
* router: Main configuration variables.
|
||||||
|
@ -2987,20 +2996,20 @@ Concept Index
|
||||||
(line 18)
|
(line 18)
|
||||||
* signals: Signals. (line 6)
|
* signals: Signals. (line 6)
|
||||||
* socks4: Main configuration variables.
|
* socks4: Main configuration variables.
|
||||||
(line 308)
|
(line 307)
|
||||||
* socks5: Main configuration variables.
|
* socks5: Main configuration variables.
|
||||||
(line 313)
|
(line 312)
|
||||||
* StrictSubnets: Main configuration variables.
|
* StrictSubnets: Main configuration variables.
|
||||||
(line 338)
|
(line 337)
|
||||||
* SUBNET: Scripts. (line 74)
|
* SUBNET: Scripts. (line 74)
|
||||||
* Subnet: Host configuration variables.
|
* Subnet: Host configuration variables.
|
||||||
(line 74)
|
(line 71)
|
||||||
* SVPN: Security. (line 11)
|
* SVPN: Security. (line 11)
|
||||||
* switch: Main configuration variables.
|
* switch: Main configuration variables.
|
||||||
(line 235)
|
(line 234)
|
||||||
* TCP: The meta-connection. (line 10)
|
* TCP: The meta-connection. (line 10)
|
||||||
* TCPonly: Host configuration variables.
|
* TCPonly: Host configuration variables.
|
||||||
(line 103)
|
(line 100)
|
||||||
* TINC: Security. (line 6)
|
* TINC: Security. (line 6)
|
||||||
* tinc: Introduction. (line 6)
|
* tinc: Introduction. (line 6)
|
||||||
* tinc-down: Scripts. (line 18)
|
* tinc-down: Scripts. (line 18)
|
||||||
|
@ -3011,16 +3020,16 @@ Concept Index
|
||||||
* tunifhead: Main configuration variables.
|
* tunifhead: Main configuration variables.
|
||||||
(line 142)
|
(line 142)
|
||||||
* TunnelServer: Main configuration variables.
|
* TunnelServer: Main configuration variables.
|
||||||
(line 343)
|
(line 342)
|
||||||
* tunnohead: Main configuration variables.
|
* tunnohead: Main configuration variables.
|
||||||
(line 136)
|
(line 136)
|
||||||
* UDP <1>: Encryption of network packets.
|
* UDP <1>: Encryption of network packets.
|
||||||
(line 12)
|
(line 12)
|
||||||
* UDP: The UDP tunnel. (line 30)
|
* UDP: The UDP tunnel. (line 30)
|
||||||
* UDPRcvBuf: Main configuration variables.
|
* UDPRcvBuf: Main configuration variables.
|
||||||
(line 350)
|
(line 349)
|
||||||
* UDPSndBuf: Main configuration variables.
|
* UDPSndBuf: Main configuration variables.
|
||||||
(line 355)
|
(line 354)
|
||||||
* UML: Main configuration variables.
|
* UML: Main configuration variables.
|
||||||
(line 118)
|
(line 118)
|
||||||
* Universal tun/tap: Configuration of Linux kernels.
|
* Universal tun/tap: Configuration of Linux kernels.
|
||||||
|
@ -3073,39 +3082,39 @@ Node: Multiple networks23835
|
||||||
Node: How connections work25215
|
Node: How connections work25215
|
||||||
Node: Configuration files27788
|
Node: Configuration files27788
|
||||||
Node: Main configuration variables29321
|
Node: Main configuration variables29321
|
||||||
Node: Host configuration variables45731
|
Node: Host configuration variables45735
|
||||||
Node: Scripts50961
|
Node: Scripts50810
|
||||||
Node: How to configure53640
|
Node: How to configure53489
|
||||||
Node: Network interfaces58258
|
Node: Network interfaces58079
|
||||||
Node: Example configuration60659
|
Node: Example configuration60480
|
||||||
Node: Running tinc65811
|
Node: Running tinc65632
|
||||||
Node: Runtime options66404
|
Node: Runtime options66225
|
||||||
Node: Signals69108
|
Node: Signals69088
|
||||||
Node: Debug levels69958
|
Node: Debug levels69938
|
||||||
Node: Solving problems70894
|
Node: Solving problems70874
|
||||||
Node: Error messages72324
|
Node: Error messages72304
|
||||||
Node: Sending bug reports76646
|
Node: Sending bug reports76626
|
||||||
Node: Controlling tinc77598
|
Node: Controlling tinc77578
|
||||||
Node: tincctl runtime options77995
|
Node: tincctl runtime options77975
|
||||||
Node: tincctl environment variables78694
|
Node: tincctl environment variables78674
|
||||||
Node: tincctl commands79038
|
Node: tincctl commands79018
|
||||||
Node: tincctl examples83343
|
Node: tincctl examples83503
|
||||||
Node: tincctl top83948
|
Node: tincctl top84108
|
||||||
Node: Technical information85546
|
Node: Technical information85706
|
||||||
Node: The connection85781
|
Node: The connection85941
|
||||||
Node: The UDP tunnel86093
|
Node: The UDP tunnel86253
|
||||||
Node: The meta-connection89154
|
Node: The meta-connection89314
|
||||||
Node: The meta-protocol90623
|
Node: The meta-protocol90783
|
||||||
Node: Security95632
|
Node: Security95792
|
||||||
Node: Authentication protocol96762
|
Node: Authentication protocol96922
|
||||||
Node: Encryption of network packets101766
|
Node: Encryption of network packets101926
|
||||||
Node: Security issues103139
|
Node: Security issues103299
|
||||||
Node: Platform specific information104756
|
Node: Platform specific information104916
|
||||||
Node: Interface configuration104984
|
Node: Interface configuration105144
|
||||||
Node: Routes107437
|
Node: Routes107597
|
||||||
Node: About us109353
|
Node: About us109513
|
||||||
Node: Contact information109528
|
Node: Contact information109688
|
||||||
Node: Authors109932
|
Node: Authors110092
|
||||||
Node: Concept Index110337
|
Node: Concept Index110497
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2012 Ivo Timmermans,
|
Copyright @copyright{} 1998-2013 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
||||||
@vskip 0pt plus 1filll
|
@vskip 0pt plus 1filll
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2012 Ivo Timmermans,
|
Copyright @copyright{} 1998-2013 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -1063,7 +1063,7 @@ This option selects the way packets are routed to other daemons.
|
||||||
@item router
|
@item router
|
||||||
In this mode Subnet
|
In this mode Subnet
|
||||||
variables in the host configuration files will be used to form a routing table.
|
variables in the host configuration files will be used to form a routing table.
|
||||||
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||||
|
|
||||||
This is the default mode, and unless you really know you need another mode, don't change it.
|
This is the default mode, and unless you really know you need another mode, don't change it.
|
||||||
|
|
||||||
|
@ -1098,12 +1098,12 @@ This only has effect when Mode is set to "switch".
|
||||||
@cindex Name
|
@cindex Name
|
||||||
@item Name = <@var{name}> [required]
|
@item Name = <@var{name}> [required]
|
||||||
This is a symbolic name for this connection.
|
This is a symbolic name for this connection.
|
||||||
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
|
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
|
||||||
|
|
||||||
If Name starts with a $, then the contents of the environment variable that follows will be used.
|
If Name starts with a $, then the contents of the environment variable that follows will be used.
|
||||||
In that case, invalid characters will be converted to underscores.
|
In that case, invalid characters will be converted to underscores.
|
||||||
If Name is $HOST, but no such environment variable exist,
|
If Name is $HOST, but no such environment variable exist,
|
||||||
the hostname will be read using the gethostnname() system call.
|
the hostname will be read using the gethostname() system call.
|
||||||
|
|
||||||
@cindex PingInterval
|
@cindex PingInterval
|
||||||
@item PingInterval = <@var{seconds}> (60)
|
@item PingInterval = <@var{seconds}> (60)
|
||||||
|
@ -1242,11 +1242,9 @@ Furthermore, specifying "none" will turn off packet authentication.
|
||||||
|
|
||||||
@cindex IndirectData
|
@cindex IndirectData
|
||||||
@item IndirectData = <yes|no> (no)
|
@item IndirectData = <yes|no> (no)
|
||||||
This option specifies whether other tinc daemons besides the one you
|
When set to yes, other nodes which do not already have a meta connection to you
|
||||||
specified with ConnectTo can make a direct connection to you. This is
|
will not try to establish direct communication with you.
|
||||||
especially useful if you are behind a firewall and it is impossible to
|
It is best to leave this option out or set it to no.
|
||||||
make a connection from the outside to your tinc daemon. Otherwise, it
|
|
||||||
is best to leave this option out or set it to no.
|
|
||||||
|
|
||||||
@cindex MACLength
|
@cindex MACLength
|
||||||
@item MACLength = <@var{bytes}> (4)
|
@item MACLength = <@var{bytes}> (4)
|
||||||
|
@ -1515,11 +1513,12 @@ tincctl -n @var{netname} import
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
If you are the owner of bar yourself, and you have SSH access to that computer,
|
If you are the owner of bar yourself, and you have SSH access to that computer,
|
||||||
you can also swap the host configuration files using the following commands:
|
you can also swap the host configuration files using the following command:
|
||||||
|
|
||||||
@example
|
@example
|
||||||
tincctl -n @var{netname} export | ssh bar.example.org tincctl -n @var{netname} import
|
tincctl -n @var{netname} export \
|
||||||
ssh bar.example.org tincctl -n @var{netname} export | tincctl -n @var{netname} import
|
| ssh bar.example.org tincctl -n @var{netname} exchange \
|
||||||
|
| tincctl -n @var{netname} import
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
|
You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
|
||||||
|
@ -1849,6 +1848,8 @@ This option can be used more than once to specify multiple configuration variabl
|
||||||
Lock tinc into main memory.
|
Lock tinc into main memory.
|
||||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||||
|
|
||||||
|
This option is not supported on all platforms.
|
||||||
|
|
||||||
@item --logfile[=@var{file}]
|
@item --logfile[=@var{file}]
|
||||||
Write log entries to a file instead of to the system logging facility.
|
Write log entries to a file instead of to the system logging facility.
|
||||||
If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
|
If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
|
||||||
|
@ -1869,11 +1870,14 @@ Note that this option alone does not do any good without -U/--user, below.
|
||||||
Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
|
Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
|
||||||
unless it's setup to be runnable inside chroot environment.
|
unless it's setup to be runnable inside chroot environment.
|
||||||
|
|
||||||
|
This option is not supported on all platforms.
|
||||||
@item -U, --user=@var{user}
|
@item -U, --user=@var{user}
|
||||||
Switch to the given @var{user} after initialization, at the same time as
|
Switch to the given @var{user} after initialization, at the same time as
|
||||||
chroot is performed (see --chroot above). With this option tinc drops
|
chroot is performed (see --chroot above). With this option tinc drops
|
||||||
privileges, for added security.
|
privileges, for added security.
|
||||||
|
|
||||||
|
This option is not supported on all platforms.
|
||||||
|
|
||||||
@item --help
|
@item --help
|
||||||
Display a short reminder of these runtime options and terminate.
|
Display a short reminder of these runtime options and terminate.
|
||||||
|
|
||||||
|
@ -2196,9 +2200,15 @@ Export the host configuration file of the local node to standard output.
|
||||||
Export all host configuration files to standard output.
|
Export all host configuration files to standard output.
|
||||||
|
|
||||||
@item import [--force]
|
@item import [--force]
|
||||||
Import host configuration file(s) from standard input.
|
Import host configuration file(s) generated by the tincctl export command from standard input.
|
||||||
Already existing host configuration files are not overwritten unless the option --force is used.
|
Already existing host configuration files are not overwritten unless the option --force is used.
|
||||||
|
|
||||||
|
@item exchange [--force]
|
||||||
|
The same as export followed by import.
|
||||||
|
|
||||||
|
@item exchange-all [--force]
|
||||||
|
The same as export-all followed by import.
|
||||||
|
|
||||||
@item start [tincd options]
|
@item start [tincd options]
|
||||||
Start @samp{tincd}, optionally with the given extra options.
|
Start @samp{tincd}, optionally with the given extra options.
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.Dd 2012-10-14
|
.Dd 2013-01-15
|
||||||
.Dt TINCCTL 8
|
.Dt TINCCTL 8
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Scott Lamb
|
.\" Scott Lamb
|
||||||
|
@ -80,10 +80,16 @@ Export the host configuration file of the local node to standard output.
|
||||||
.It export-all
|
.It export-all
|
||||||
Export all host configuration files to standard output.
|
Export all host configuration files to standard output.
|
||||||
.It import Op Fl -force
|
.It import Op Fl -force
|
||||||
Import host configuration file(s) from standard input.
|
Import host configuration data generated by the
|
||||||
|
.Nm
|
||||||
|
export command from standard input.
|
||||||
Already existing host configuration files are not overwritten unless the option
|
Already existing host configuration files are not overwritten unless the option
|
||||||
.Fl -force
|
.Fl -force
|
||||||
is used.
|
is used.
|
||||||
|
.It exchange Op Fl -force
|
||||||
|
The same as export followed by import.
|
||||||
|
.It exchange-all Op Fl -force
|
||||||
|
The same as export-all followed by import.
|
||||||
.It start Op tincd options
|
.It start Op tincd options
|
||||||
Start
|
Start
|
||||||
.Xr tincd 8 ,
|
.Xr tincd 8 ,
|
||||||
|
@ -206,7 +212,7 @@ Fractional seconds are honored.
|
||||||
Intervals lower than 0.1 seconds are not allowed.
|
Intervals lower than 0.1 seconds are not allowed.
|
||||||
.It Ic c
|
.It Ic c
|
||||||
Toggle between displaying current traffic rates (in packets and bytes per second)
|
Toggle between displaying current traffic rates (in packets and bytes per second)
|
||||||
and cummulative traffic (total packets and bytes since the tinc daemon started).
|
and cumulative traffic (total packets and bytes since the tinc daemon started).
|
||||||
.It Ic n
|
.It Ic n
|
||||||
Sort the list of nodes by name.
|
Sort the list of nodes by name.
|
||||||
.It Ic i
|
.It Ic i
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.Dd 2012-02-22
|
.Dd 2013-01-14
|
||||||
.Dt TINCD 8
|
.Dt TINCD 8
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Ivo Timmermans
|
.\" Ivo Timmermans
|
||||||
|
@ -81,6 +81,7 @@ This option can be used more than once to specify multiple configuration variabl
|
||||||
.It Fl L, -mlock
|
.It Fl L, -mlock
|
||||||
Lock tinc into main memory.
|
Lock tinc into main memory.
|
||||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||||
|
This option is not supported on all platforms.
|
||||||
.It Fl -logfile Ns Op = Ns Ar FILE
|
.It Fl -logfile Ns Op = Ns Ar FILE
|
||||||
Write log entries to a file instead of to the system logging facility.
|
Write log entries to a file instead of to the system logging facility.
|
||||||
If
|
If
|
||||||
|
@ -104,10 +105,12 @@ Only useful for debugging.
|
||||||
With this option tinc chroots into the directory where network
|
With this option tinc chroots into the directory where network
|
||||||
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
||||||
or to the directory specified with -c option) after initialization.
|
or to the directory specified with -c option) after initialization.
|
||||||
|
This option is not supported on all platforms.
|
||||||
.It Fl U, -user Ns = Ns Ar USER
|
.It Fl U, -user Ns = Ns Ar USER
|
||||||
setuid to the specified
|
setuid to the specified
|
||||||
.Ar USER
|
.Ar USER
|
||||||
after initialization.
|
after initialization.
|
||||||
|
This option is not supported on all platforms.
|
||||||
.It Fl -help
|
.It Fl -help
|
||||||
Display short list of options.
|
Display short list of options.
|
||||||
.It Fl -version
|
.It Fl -version
|
||||||
|
|
17
gui/tinc-gui
17
gui/tinc-gui
|
@ -111,11 +111,28 @@ class VPN:
|
||||||
piddir = '/var/run/'
|
piddir = '/var/run/'
|
||||||
|
|
||||||
def connect(self):
|
def connect(self):
|
||||||
|
# read the pidfile
|
||||||
f = open(self.pidfile)
|
f = open(self.pidfile)
|
||||||
info = string.split(f.readline())
|
info = string.split(f.readline())
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
|
# check if there is a UNIX socket as well
|
||||||
|
if self.pidfile.endswith(".pid"):
|
||||||
|
unixfile = self.pidfile.replace(".pid", ".socket");
|
||||||
|
else:
|
||||||
|
unixfile = self.pidfile + ".socket";
|
||||||
|
|
||||||
|
if os.path.exists(unixfile):
|
||||||
|
# use it if it exists
|
||||||
|
print(unixfile + " exists!");
|
||||||
|
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||||
|
s.connect(unixfile)
|
||||||
|
else:
|
||||||
|
# otherwise connect via TCP
|
||||||
|
print(unixfile + " does not exist.");
|
||||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
s.connect((info[2], int(info[4])))
|
s.connect((info[2], int(info[4])))
|
||||||
|
|
||||||
self.sf = s.makefile()
|
self.sf = s.makefile()
|
||||||
s.close()
|
s.close()
|
||||||
hello = string.split(self.sf.readline())
|
hello = string.split(self.sf.readline())
|
||||||
|
|
|
@ -9,7 +9,7 @@ tincd_SOURCES = \
|
||||||
buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
|
buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
|
||||||
net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
|
net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
|
||||||
protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \
|
protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \
|
||||||
dummy_device.c raw_socket_device.c multicast_device.c
|
dummy_device.c raw_socket_device.c multicast_device.c names.c
|
||||||
|
|
||||||
if UML
|
if UML
|
||||||
tincd_SOURCES += uml_device.c
|
tincd_SOURCES += uml_device.c
|
||||||
|
@ -24,7 +24,7 @@ nodist_tincd_SOURCES = \
|
||||||
|
|
||||||
tincctl_SOURCES = \
|
tincctl_SOURCES = \
|
||||||
utils.c getopt.c getopt1.c dropin.c \
|
utils.c getopt.c getopt1.c dropin.c \
|
||||||
info.c list.c subnet_parse.c tincctl.c top.c
|
info.c list.c subnet_parse.c tincctl.c top.c names.c
|
||||||
|
|
||||||
nodist_tincctl_SOURCES = \
|
nodist_tincctl_SOURCES = \
|
||||||
ecdsagen.c rsagen.c
|
ecdsagen.c rsagen.c
|
||||||
|
@ -46,7 +46,7 @@ INCLUDES = @INCLUDES@ -I$(top_builddir)
|
||||||
noinst_HEADERS = \
|
noinst_HEADERS = \
|
||||||
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
|
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
|
||||||
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
|
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
|
||||||
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
|
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
|
||||||
|
|
||||||
nodist_noinst_HEADERS = \
|
nodist_noinst_HEADERS = \
|
||||||
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
|
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
|
||||||
|
|
|
@ -82,7 +82,7 @@ sptps_test_LDADD = $(LDADD)
|
||||||
am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \
|
am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \
|
||||||
getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \
|
getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \
|
||||||
list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \
|
list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \
|
||||||
top.$(OBJEXT)
|
top.$(OBJEXT) names.$(OBJEXT)
|
||||||
nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT)
|
nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT)
|
||||||
tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS)
|
tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS)
|
||||||
am__DEPENDENCIES_1 =
|
am__DEPENDENCIES_1 =
|
||||||
|
@ -95,7 +95,8 @@ am__tincd_SOURCES_DIST = utils.c getopt.c getopt1.c list.c \
|
||||||
protocol_edge.c protocol_misc.c protocol_key.c \
|
protocol_edge.c protocol_misc.c protocol_key.c \
|
||||||
protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \
|
protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \
|
||||||
event.c tincd.c dummy_device.c raw_socket_device.c \
|
event.c tincd.c dummy_device.c raw_socket_device.c \
|
||||||
multicast_device.c uml_device.c vde_device.c bsd/tunemu.c
|
multicast_device.c names.c uml_device.c vde_device.c \
|
||||||
|
bsd/tunemu.c
|
||||||
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
|
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
|
||||||
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
|
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
|
||||||
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
|
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
|
||||||
|
@ -113,8 +114,8 @@ am_tincd_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT) \
|
||||||
route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \
|
route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \
|
||||||
subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \
|
subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \
|
||||||
dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \
|
dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \
|
||||||
multicast_device.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
|
multicast_device.$(OBJEXT) names.$(OBJEXT) $(am__objects_1) \
|
||||||
$(am__objects_3)
|
$(am__objects_2) $(am__objects_3)
|
||||||
nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \
|
nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \
|
||||||
crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \
|
crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \
|
||||||
digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT)
|
digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT)
|
||||||
|
@ -252,14 +253,14 @@ tincd_SOURCES = utils.c getopt.c getopt1.c list.c splay_tree.c \
|
||||||
process.c protocol.c protocol_auth.c protocol_edge.c \
|
process.c protocol.c protocol_auth.c protocol_edge.c \
|
||||||
protocol_misc.c protocol_key.c protocol_subnet.c route.c \
|
protocol_misc.c protocol_key.c protocol_subnet.c route.c \
|
||||||
sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \
|
sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \
|
||||||
raw_socket_device.c multicast_device.c $(am__append_1) \
|
raw_socket_device.c multicast_device.c names.c $(am__append_1) \
|
||||||
$(am__append_2) $(am__append_3)
|
$(am__append_2) $(am__append_3)
|
||||||
nodist_tincd_SOURCES = \
|
nodist_tincd_SOURCES = \
|
||||||
device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c
|
device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c
|
||||||
|
|
||||||
tincctl_SOURCES = \
|
tincctl_SOURCES = \
|
||||||
utils.c getopt.c getopt1.c dropin.c \
|
utils.c getopt.c getopt1.c dropin.c \
|
||||||
info.c list.c subnet_parse.c tincctl.c top.c
|
info.c list.c subnet_parse.c tincctl.c top.c names.c
|
||||||
|
|
||||||
nodist_tincctl_SOURCES = \
|
nodist_tincctl_SOURCES = \
|
||||||
ecdsagen.c rsagen.c
|
ecdsagen.c rsagen.c
|
||||||
|
@ -273,7 +274,7 @@ DEFAULT_INCLUDES =
|
||||||
noinst_HEADERS = \
|
noinst_HEADERS = \
|
||||||
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
|
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
|
||||||
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
|
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
|
||||||
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
|
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
|
||||||
|
|
||||||
nodist_noinst_HEADERS = \
|
nodist_noinst_HEADERS = \
|
||||||
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
|
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
|
||||||
|
@ -395,6 +396,7 @@ distclean-compile:
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@
|
||||||
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/names.Po@am__quote@
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction BSD tun/tap device
|
device.c -- Interaction BSD tun/tap device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -24,12 +24,13 @@
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "route.h"
|
#include "route.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
#include "bsd/tunemu.h"
|
#include "bsd/tunemu.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -44,7 +45,7 @@ typedef enum device_type {
|
||||||
DEVICE_TYPE_TUN,
|
DEVICE_TYPE_TUN,
|
||||||
DEVICE_TYPE_TUNIFHEAD,
|
DEVICE_TYPE_TUNIFHEAD,
|
||||||
DEVICE_TYPE_TAP,
|
DEVICE_TYPE_TAP,
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
DEVICE_TYPE_TUNEMU,
|
DEVICE_TYPE_TUNEMU,
|
||||||
#endif
|
#endif
|
||||||
} device_type_t;
|
} device_type_t;
|
||||||
|
@ -55,7 +56,7 @@ char *iface = NULL;
|
||||||
static char *device_info = NULL;
|
static char *device_info = NULL;
|
||||||
static uint64_t device_total_in = 0;
|
static uint64_t device_total_in = 0;
|
||||||
static uint64_t device_total_out = 0;
|
static uint64_t device_total_out = 0;
|
||||||
#if defined(TUNEMU)
|
#if defined(ENABLE_TUNEMU)
|
||||||
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
|
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
|
||||||
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
||||||
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||||
|
@ -79,7 +80,7 @@ static bool setup_device(void) {
|
||||||
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
||||||
if(!strcasecmp(type, "tun"))
|
if(!strcasecmp(type, "tun"))
|
||||||
/* use default */;
|
/* use default */;
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
else if(!strcasecmp(type, "tunemu"))
|
else if(!strcasecmp(type, "tunemu"))
|
||||||
device_type = DEVICE_TYPE_TUNEMU;
|
device_type = DEVICE_TYPE_TUNEMU;
|
||||||
#endif
|
#endif
|
||||||
|
@ -99,7 +100,7 @@ static bool setup_device(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
switch(device_type) {
|
switch(device_type) {
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
case DEVICE_TYPE_TUNEMU: {
|
case DEVICE_TYPE_TUNEMU: {
|
||||||
char dynamic_name[256] = "";
|
char dynamic_name[256] = "";
|
||||||
device_fd = tunemu_open(dynamic_name);
|
device_fd = tunemu_open(dynamic_name);
|
||||||
|
@ -176,7 +177,7 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
case DEVICE_TYPE_TUNEMU:
|
case DEVICE_TYPE_TUNEMU:
|
||||||
device_info = "BSD tunemu device";
|
device_info = "BSD tunemu device";
|
||||||
break;
|
break;
|
||||||
|
@ -190,7 +191,7 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
static void close_device(void) {
|
static void close_device(void) {
|
||||||
switch(device_type) {
|
switch(device_type) {
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
case DEVICE_TYPE_TUNEMU:
|
case DEVICE_TYPE_TUNEMU:
|
||||||
tunemu_close(device_fd);
|
tunemu_close(device_fd);
|
||||||
break;
|
break;
|
||||||
|
@ -208,7 +209,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
|
|
||||||
switch(device_type) {
|
switch(device_type) {
|
||||||
case DEVICE_TYPE_TUN:
|
case DEVICE_TYPE_TUN:
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
case DEVICE_TYPE_TUNEMU:
|
case DEVICE_TYPE_TUNEMU:
|
||||||
if(device_type == DEVICE_TYPE_TUNEMU)
|
if(device_type == DEVICE_TYPE_TUNEMU)
|
||||||
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
|
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
|
||||||
|
@ -347,7 +348,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef HAVE_TUNEMU
|
#ifdef ENABLE_TUNEMU
|
||||||
case DEVICE_TYPE_TUNEMU:
|
case DEVICE_TYPE_TUNEMU:
|
||||||
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||||
|
|
386
src/bsd/device.c.orig
Normal file
386
src/bsd/device.c.orig
Normal file
|
@ -0,0 +1,386 @@
|
||||||
|
/*
|
||||||
|
device.c -- Interaction BSD tun/tap device
|
||||||
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
|
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along
|
||||||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "system.h"
|
||||||
|
|
||||||
|
#include "conf.h"
|
||||||
|
#include "device.h"
|
||||||
|
#include "logger.h"
|
||||||
|
#include "net.h"
|
||||||
|
#include "route.h"
|
||||||
|
#include "utils.h"
|
||||||
|
#include "xalloc.h"
|
||||||
|
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
#include "bsd/tunemu.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define DEFAULT_TUN_DEVICE "/dev/tun0"
|
||||||
|
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD)
|
||||||
|
#define DEFAULT_TAP_DEVICE "/dev/tap0"
|
||||||
|
#else
|
||||||
|
#define DEFAULT_TAP_DEVICE "/dev/tun0"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
typedef enum device_type {
|
||||||
|
DEVICE_TYPE_TUN,
|
||||||
|
DEVICE_TYPE_TUNIFHEAD,
|
||||||
|
DEVICE_TYPE_TAP,
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
DEVICE_TYPE_TUNEMU,
|
||||||
|
#endif
|
||||||
|
} device_type_t;
|
||||||
|
|
||||||
|
int device_fd = -1;
|
||||||
|
char *device = NULL;
|
||||||
|
char *iface = NULL;
|
||||||
|
static char *device_info = NULL;
|
||||||
|
static uint64_t device_total_in = 0;
|
||||||
|
static uint64_t device_total_out = 0;
|
||||||
|
#if defined(ENABLE_TUNEMU)
|
||||||
|
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
|
||||||
|
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
||||||
|
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||||
|
#else
|
||||||
|
static device_type_t device_type = DEVICE_TYPE_TUN;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static bool setup_device(void) {
|
||||||
|
char *type;
|
||||||
|
|
||||||
|
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
|
||||||
|
if(routing_mode == RMODE_ROUTER)
|
||||||
|
device = xstrdup(DEFAULT_TUN_DEVICE);
|
||||||
|
else
|
||||||
|
device = xstrdup(DEFAULT_TAP_DEVICE);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
||||||
|
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||||
|
|
||||||
|
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
||||||
|
if(!strcasecmp(type, "tun"))
|
||||||
|
<<<<<<< HEAD
|
||||||
|
/* use default */;
|
||||||
|
#ifdef HAVE_TUNEMU
|
||||||
|
=======
|
||||||
|
/* use default */;
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
>>>>>>> 2a3e343... Fix support for tunemu on iOS devices.
|
||||||
|
else if(!strcasecmp(type, "tunemu"))
|
||||||
|
device_type = DEVICE_TYPE_TUNEMU;
|
||||||
|
#endif
|
||||||
|
else if(!strcasecmp(type, "tunnohead"))
|
||||||
|
device_type = DEVICE_TYPE_TUN;
|
||||||
|
else if(!strcasecmp(type, "tunifhead"))
|
||||||
|
device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||||
|
else if(!strcasecmp(type, "tap"))
|
||||||
|
device_type = DEVICE_TYPE_TAP;
|
||||||
|
else {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown device type %s!", type);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
|
||||||
|
device_type = DEVICE_TYPE_TAP;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(device_type) {
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
case DEVICE_TYPE_TUNEMU: {
|
||||||
|
char dynamic_name[256] = "";
|
||||||
|
device_fd = tunemu_open(dynamic_name);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
device_fd = open(device, O_RDWR | O_NONBLOCK);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device_fd < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef FD_CLOEXEC
|
||||||
|
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
switch(device_type) {
|
||||||
|
default:
|
||||||
|
device_type = DEVICE_TYPE_TUN;
|
||||||
|
case DEVICE_TYPE_TUN:
|
||||||
|
#ifdef TUNSIFHEAD
|
||||||
|
{
|
||||||
|
const int zero = 0;
|
||||||
|
if(ioctl(device_fd, TUNSIFHEAD, &zero, sizeof zero) == -1) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
|
||||||
|
{
|
||||||
|
const int mode = IFF_BROADCAST | IFF_MULTICAST;
|
||||||
|
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
device_info = "Generic BSD tun device";
|
||||||
|
break;
|
||||||
|
case DEVICE_TYPE_TUNIFHEAD:
|
||||||
|
#ifdef TUNSIFHEAD
|
||||||
|
{
|
||||||
|
const int one = 1;
|
||||||
|
if(ioctl(device_fd, TUNSIFHEAD, &one, sizeof one) == -1) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
|
||||||
|
{
|
||||||
|
const int mode = IFF_BROADCAST | IFF_MULTICAST;
|
||||||
|
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
device_info = "Generic BSD tun device";
|
||||||
|
break;
|
||||||
|
case DEVICE_TYPE_TAP:
|
||||||
|
if(routing_mode == RMODE_ROUTER)
|
||||||
|
overwrite_mac = true;
|
||||||
|
device_info = "Generic BSD tap device";
|
||||||
|
#ifdef TAPGIFNAME
|
||||||
|
{
|
||||||
|
struct ifreq ifr;
|
||||||
|
if(ioctl(device_fd, TAPGIFNAME, (void*)&ifr) == 0) {
|
||||||
|
if(iface)
|
||||||
|
free(iface);
|
||||||
|
iface = xstrdup(ifr.ifr_name);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
case DEVICE_TYPE_TUNEMU:
|
||||||
|
device_info = "BSD tunemu device";
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
logger(DEBUG_ALWAYS, LOG_INFO, "%s is a %s", device, device_info);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void close_device(void) {
|
||||||
|
switch(device_type) {
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
case DEVICE_TYPE_TUNEMU:
|
||||||
|
tunemu_close(device_fd);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
close(device_fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
free(device);
|
||||||
|
free(iface);
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool read_packet(vpn_packet_t *packet) {
|
||||||
|
int inlen;
|
||||||
|
|
||||||
|
switch(device_type) {
|
||||||
|
case DEVICE_TYPE_TUN:
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
case DEVICE_TYPE_TUNEMU:
|
||||||
|
if(device_type == DEVICE_TYPE_TUNEMU)
|
||||||
|
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
inlen = read(device_fd, packet->data + 14, MTU - 14);
|
||||||
|
|
||||||
|
if(inlen <= 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||||
|
device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(packet->data[14] >> 4) {
|
||||||
|
case 4:
|
||||||
|
packet->data[12] = 0x08;
|
||||||
|
packet->data[13] = 0x00;
|
||||||
|
break;
|
||||||
|
case 6:
|
||||||
|
packet->data[12] = 0x86;
|
||||||
|
packet->data[13] = 0xDD;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_ERR,
|
||||||
|
"Unknown IP version %d while reading packet from %s %s",
|
||||||
|
packet->data[14] >> 4, device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(packet->data, 0, 12);
|
||||||
|
packet->len = inlen + 14;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case DEVICE_TYPE_TUNIFHEAD: {
|
||||||
|
u_int32_t type;
|
||||||
|
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, MTU - 14}};
|
||||||
|
|
||||||
|
if((inlen = readv(device_fd, vector, 2)) <= 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||||
|
device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (ntohl(type)) {
|
||||||
|
case AF_INET:
|
||||||
|
packet->data[12] = 0x08;
|
||||||
|
packet->data[13] = 0x00;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case AF_INET6:
|
||||||
|
packet->data[12] = 0x86;
|
||||||
|
packet->data[13] = 0xDD;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_ERR,
|
||||||
|
"Unknown address family %x while reading packet from %s %s",
|
||||||
|
ntohl(type), device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(packet->data, 0, 12);
|
||||||
|
packet->len = inlen + 10;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
case DEVICE_TYPE_TAP:
|
||||||
|
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||||
|
device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
packet->len = inlen;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
device_total_in += packet->len;
|
||||||
|
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s",
|
||||||
|
packet->len, device_info);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool write_packet(vpn_packet_t *packet) {
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||||
|
packet->len, device_info);
|
||||||
|
|
||||||
|
switch(device_type) {
|
||||||
|
case DEVICE_TYPE_TUN:
|
||||||
|
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||||
|
device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case DEVICE_TYPE_TUNIFHEAD: {
|
||||||
|
u_int32_t type;
|
||||||
|
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, packet->len - 14}};
|
||||||
|
int af;
|
||||||
|
|
||||||
|
af = (packet->data[12] << 8) + packet->data[13];
|
||||||
|
|
||||||
|
switch (af) {
|
||||||
|
case 0x0800:
|
||||||
|
type = htonl(AF_INET);
|
||||||
|
break;
|
||||||
|
case 0x86DD:
|
||||||
|
type = htonl(AF_INET6);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_ERR,
|
||||||
|
"Unknown address family %x while writing packet to %s %s",
|
||||||
|
af, device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(writev(device_fd, vector, 2) < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
|
||||||
|
strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
case DEVICE_TYPE_TAP:
|
||||||
|
if(write(device_fd, packet->data, packet->len) < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||||
|
device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
#ifdef ENABLE_TUNEMU
|
||||||
|
case DEVICE_TYPE_TUNEMU:
|
||||||
|
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
|
||||||
|
device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
default:
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
device_total_out += packet->len;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void dump_device_stats(void) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||||
|
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||||
|
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||||
|
}
|
||||||
|
|
||||||
|
const devops_t os_devops = {
|
||||||
|
.setup = setup_device,
|
||||||
|
.close = close_device,
|
||||||
|
.read = read_packet,
|
||||||
|
.write = write_packet,
|
||||||
|
.dump_stats = dump_device_stats,
|
||||||
|
};
|
|
@ -2,7 +2,7 @@
|
||||||
conf.c -- configuration code
|
conf.c -- configuration code
|
||||||
Copyright (C) 1998 Robert van der Meulen
|
Copyright (C) 1998 Robert van der Meulen
|
||||||
1998-2005 Ivo Timmermans
|
1998-2005 Ivo Timmermans
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
||||||
2000 Cris van Pelt
|
2000 Cris van Pelt
|
||||||
|
|
||||||
|
@ -28,6 +28,7 @@
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "list.h"
|
#include "list.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "netutl.h" /* for str2address */
|
#include "netutl.h" /* for str2address */
|
||||||
#include "protocol.h"
|
#include "protocol.h"
|
||||||
#include "utils.h" /* for cp */
|
#include "utils.h" /* for cp */
|
||||||
|
@ -37,11 +38,8 @@ splay_tree_t *config_tree;
|
||||||
|
|
||||||
int pinginterval = 0; /* seconds between pings */
|
int pinginterval = 0; /* seconds between pings */
|
||||||
int pingtimeout = 0; /* seconds to wait for response */
|
int pingtimeout = 0; /* seconds to wait for response */
|
||||||
char *confbase = NULL; /* directory in which all config files are */
|
|
||||||
char *netname = NULL; /* name of the vpn network */
|
|
||||||
list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
|
list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
|
||||||
|
|
||||||
|
|
||||||
static int config_compare(const config_t *a, const config_t *b) {
|
static int config_compare(const config_t *a, const config_t *b) {
|
||||||
int result;
|
int result;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
conf.h -- header for conf.c
|
conf.h -- header for conf.c
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -39,8 +39,6 @@ extern int pinginterval;
|
||||||
extern int pingtimeout;
|
extern int pingtimeout;
|
||||||
extern int maxtimeout;
|
extern int maxtimeout;
|
||||||
extern bool bypass_security;
|
extern bool bypass_security;
|
||||||
extern char *confbase;
|
|
||||||
extern char *netname;
|
|
||||||
extern list_t *cmdline_conf;
|
extern list_t *cmdline_conf;
|
||||||
|
|
||||||
extern void init_configuration(splay_tree_t **);
|
extern void init_configuration(splay_tree_t **);
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
control.c -- Control socket handling.
|
control.c -- Control socket handling.
|
||||||
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -25,6 +25,7 @@
|
||||||
#include "graph.h"
|
#include "graph.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
#include "meta.h"
|
#include "meta.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "protocol.h"
|
#include "protocol.h"
|
||||||
|
@ -33,7 +34,6 @@
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
||||||
char controlcookie[65];
|
char controlcookie[65];
|
||||||
extern char *pidfilename;
|
|
||||||
|
|
||||||
static bool control_return(connection_t *c, int type, int error) {
|
static bool control_return(connection_t *c, int type, int error) {
|
||||||
return send_request(c, "%d %d %d", CONTROL, type, error);
|
return send_request(c, "%d %d %d", CONTROL, type, error);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Windows tap driver in a Cygwin environment
|
device.c -- Interaction with Windows tap driver in a Cygwin environment
|
||||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -26,6 +26,7 @@
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "route.h"
|
#include "route.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
10
src/dropin.c
10
src/dropin.c
|
@ -158,8 +158,18 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
|
||||||
|
|
||||||
#ifndef HAVE_GETTIMEOFDAY
|
#ifndef HAVE_GETTIMEOFDAY
|
||||||
int gettimeofday(struct timeval *tv, void *tz) {
|
int gettimeofday(struct timeval *tv, void *tz) {
|
||||||
|
#ifdef HAVE_MINGW
|
||||||
|
FILETIME ft;
|
||||||
|
GetSystemTimeAsFileTime(&ft);
|
||||||
|
uint64_t lt = (uint64_t)ft.dwLowDateTime | ((uint64_t)ft.dwHighDateTime << 32);
|
||||||
|
lt -= 116444736000000000ULL;
|
||||||
|
tv->tv_sec = lt / 10000000;
|
||||||
|
tv->tv_usec = (lt / 10) % 1000000;
|
||||||
|
#else
|
||||||
|
#warning No high resolution time source!
|
||||||
tv->tv_sec = time(NULL);
|
tv->tv_sec = time(NULL);
|
||||||
tv->tv_usec = 0;
|
tv->tv_usec = 0;
|
||||||
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -58,7 +58,7 @@ extern int usleep(long long usec);
|
||||||
#define timersub(a, b, r) do {\
|
#define timersub(a, b, r) do {\
|
||||||
(r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\
|
(r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\
|
||||||
(r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\
|
(r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\
|
||||||
if((r)->tv_usec < 1000000)\
|
if((r)->tv_usec < 0)\
|
||||||
(r)->tv_sec--, (r)->tv_usec += 1000000;\
|
(r)->tv_sec--, (r)->tv_usec += 1000000;\
|
||||||
} while (0)
|
} while (0)
|
||||||
#endif
|
#endif
|
||||||
|
|
10
src/event.c
10
src/event.c
|
@ -52,13 +52,8 @@ static int timeout_compare(const timeout_t *a, const timeout_t *b) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int signal_compare(const signal_t *a, const signal_t *b) {
|
|
||||||
return a->signum - b->signum;
|
|
||||||
}
|
|
||||||
|
|
||||||
static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare};
|
static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare};
|
||||||
static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare};
|
static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare};
|
||||||
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
|
|
||||||
|
|
||||||
void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) {
|
void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) {
|
||||||
if(io->cb)
|
if(io->cb)
|
||||||
|
@ -130,8 +125,13 @@ void timeout_del(timeout_t *timeout) {
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef HAVE_MINGW
|
#ifndef HAVE_MINGW
|
||||||
|
static int signal_compare(const signal_t *a, const signal_t *b) {
|
||||||
|
return a->signum - b->signum;
|
||||||
|
}
|
||||||
|
|
||||||
static io_t signalio;
|
static io_t signalio;
|
||||||
static int pipefd[2] = {-1, -1};
|
static int pipefd[2] = {-1, -1};
|
||||||
|
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
|
||||||
|
|
||||||
static void signal_handler(int signum) {
|
static void signal_handler(int signum) {
|
||||||
unsigned char num = signum;
|
unsigned char num = signum;
|
||||||
|
|
30
src/graph.c
30
src/graph.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
graph.c -- graph algorithms
|
graph.c -- graph algorithms
|
||||||
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -51,6 +51,7 @@
|
||||||
#include "graph.h"
|
#include "graph.h"
|
||||||
#include "list.h"
|
#include "list.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "node.h"
|
#include "node.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
@ -61,7 +62,7 @@
|
||||||
#include "graph.h"
|
#include "graph.h"
|
||||||
|
|
||||||
/* Implementation of Kruskal's algorithm.
|
/* Implementation of Kruskal's algorithm.
|
||||||
Running time: O(E)
|
Running time: O(EN)
|
||||||
Please note that sorting on weight is already done by add_edge().
|
Please note that sorting on weight is already done by add_edge().
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -78,11 +79,24 @@ static void mst_kruskal(void) {
|
||||||
for splay_each(node_t, n, node_tree)
|
for splay_each(node_t, n, node_tree)
|
||||||
n->status.visited = false;
|
n->status.visited = false;
|
||||||
|
|
||||||
/* Add safe edges */
|
/* Starting point */
|
||||||
|
|
||||||
for splay_each(edge_t, e, edge_weight_tree) {
|
for splay_each(edge_t, e, edge_weight_tree) {
|
||||||
if(!e->reverse || (e->from->status.visited && e->to->status.visited))
|
if(e->from->status.reachable) {
|
||||||
|
e->from->status.visited = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Add safe edges */
|
||||||
|
|
||||||
|
bool skipped = false;
|
||||||
|
|
||||||
|
for splay_each(edge_t, e, edge_weight_tree) {
|
||||||
|
if(!e->reverse || (e->from->status.visited == e->to->status.visited)) {
|
||||||
|
skipped = true;
|
||||||
continue;
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
e->from->status.visited = true;
|
e->from->status.visited = true;
|
||||||
e->to->status.visited = true;
|
e->to->status.visited = true;
|
||||||
|
@ -93,8 +107,12 @@ static void mst_kruskal(void) {
|
||||||
if(e->reverse->connection)
|
if(e->reverse->connection)
|
||||||
e->reverse->connection->status.mst = true;
|
e->reverse->connection->status.mst = true;
|
||||||
|
|
||||||
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name,
|
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight);
|
||||||
e->to->name, e->weight);
|
|
||||||
|
if(skipped) {
|
||||||
|
skipped = false;
|
||||||
|
next = edge_weight_tree->head;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
12
src/info.c
12
src/info.c
|
@ -58,11 +58,15 @@ static int info_node(int fd, const char *item) {
|
||||||
int code, req, cipher, digest, maclength, compression, distance;
|
int code, req, cipher, digest, maclength, compression, distance;
|
||||||
short int pmtu, minmtu, maxmtu;
|
short int pmtu, minmtu, maxmtu;
|
||||||
unsigned int options;
|
unsigned int options;
|
||||||
|
union {
|
||||||
|
node_status_t bits;
|
||||||
|
uint32_t raw;
|
||||||
|
} status_union;
|
||||||
node_status_t status;
|
node_status_t status;
|
||||||
long int last_state_change;
|
long int last_state_change;
|
||||||
|
|
||||||
while(recvline(fd, line, sizeof line)) {
|
while(recvline(fd, line, sizeof line)) {
|
||||||
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, (unsigned *)&status, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
|
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
|
||||||
|
|
||||||
if(n == 2)
|
if(n == 2)
|
||||||
break;
|
break;
|
||||||
|
@ -92,8 +96,12 @@ static int info_node(int fd, const char *item) {
|
||||||
printf("Address: %s port %s\n", host, port);
|
printf("Address: %s port %s\n", host, port);
|
||||||
|
|
||||||
char timestr[32] = "never";
|
char timestr[32] = "never";
|
||||||
|
time_t lsc_time = last_state_change;
|
||||||
|
|
||||||
if(last_state_change)
|
if(last_state_change)
|
||||||
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&last_state_change));
|
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&lsc_time));
|
||||||
|
|
||||||
|
status = status_union.bits;
|
||||||
|
|
||||||
if(status.reachable)
|
if(status.reachable)
|
||||||
printf("Online since: %s\n", timestr);
|
printf("Online since: %s\n", timestr);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Linux ethertap and tun/tap device
|
device.c -- Interaction with Linux ethertap and tun/tap device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -26,6 +26,7 @@
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "route.h"
|
#include "route.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
logger.c -- logging code
|
logger.c -- logging code
|
||||||
Copyright (C) 2004-2012 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2004-2005 Ivo Timmermans
|
2004-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -22,6 +22,7 @@
|
||||||
|
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "meta.h"
|
#include "meta.h"
|
||||||
|
#include "names.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
#include "connection.h"
|
#include "connection.h"
|
||||||
#include "control_common.h"
|
#include "control_common.h"
|
||||||
|
@ -30,7 +31,6 @@
|
||||||
debug_t debug_level = DEBUG_NOTHING;
|
debug_t debug_level = DEBUG_NOTHING;
|
||||||
static logmode_t logmode = LOGMODE_STDERR;
|
static logmode_t logmode = LOGMODE_STDERR;
|
||||||
static pid_t logpid;
|
static pid_t logpid;
|
||||||
extern char *logfilename;
|
|
||||||
static FILE *logfile = NULL;
|
static FILE *logfile = NULL;
|
||||||
#ifdef HAVE_MINGW
|
#ifdef HAVE_MINGW
|
||||||
static HANDLE loghandle = NULL;
|
static HANDLE loghandle = NULL;
|
||||||
|
|
45
src/meta.c
45
src/meta.c
|
@ -185,21 +185,50 @@ bool receive_meta(connection_t *c) {
|
||||||
|
|
||||||
if(c->tcplen) {
|
if(c->tcplen) {
|
||||||
char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
|
char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
|
||||||
if(tcpbuffer) {
|
if(!tcpbuffer)
|
||||||
if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
|
break;
|
||||||
|
|
||||||
|
if(!c->node) {
|
||||||
|
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
|
||||||
if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
|
if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
|
||||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
|
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
|
||||||
} else {
|
} else {
|
||||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
|
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} else
|
} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
|
||||||
receive_tcppacket(c, tcpbuffer, c->tcplen);
|
if(tcpbuffer[0] != 5) {
|
||||||
c->tcplen = 0;
|
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
|
||||||
continue;
|
return false;
|
||||||
} else {
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
if(tcpbuffer[1] == (char)0xff) {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if(tcpbuffer[2] != 5) {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if(tcpbuffer[3] == 0) {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
|
||||||
|
} else {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if(c->allow_request == ALL) {
|
||||||
|
receive_tcppacket(c, tcpbuffer, c->tcplen);
|
||||||
|
} else {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
c->tcplen = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Otherwise we are waiting for a request */
|
/* Otherwise we are waiting for a request */
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Windows tap driver in a MinGW environment
|
device.c -- Interaction with Windows tap driver in a MinGW environment
|
||||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -26,6 +26,7 @@
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "route.h"
|
#include "route.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
@ -46,7 +47,7 @@ extern char *myport;
|
||||||
|
|
||||||
static DWORD WINAPI tapreader(void *bla) {
|
static DWORD WINAPI tapreader(void *bla) {
|
||||||
int status;
|
int status;
|
||||||
long len;
|
DWORD len;
|
||||||
OVERLAPPED overlapped;
|
OVERLAPPED overlapped;
|
||||||
vpn_packet_t packet;
|
vpn_packet_t packet;
|
||||||
|
|
||||||
|
@ -61,7 +62,7 @@ static DWORD WINAPI tapreader(void *bla) {
|
||||||
overlapped.OffsetHigh = 0;
|
overlapped.OffsetHigh = 0;
|
||||||
ResetEvent(overlapped.hEvent);
|
ResetEvent(overlapped.hEvent);
|
||||||
|
|
||||||
status = ReadFile(device_handle, packet.data, MTU, &len, &overlapped);
|
status = ReadFile(device_handle, (void *)packet.data, MTU, &len, &overlapped);
|
||||||
|
|
||||||
if(!status) {
|
if(!status) {
|
||||||
if(GetLastError() == ERROR_IO_PENDING) {
|
if(GetLastError() == ERROR_IO_PENDING) {
|
||||||
|
@ -91,7 +92,7 @@ static bool setup_device(void) {
|
||||||
char adapterid[1024];
|
char adapterid[1024];
|
||||||
char adaptername[1024];
|
char adaptername[1024];
|
||||||
char tapname[1024];
|
char tapname[1024];
|
||||||
long len;
|
DWORD len;
|
||||||
unsigned long status;
|
unsigned long status;
|
||||||
|
|
||||||
bool found = false;
|
bool found = false;
|
||||||
|
@ -122,7 +123,7 @@ static bool setup_device(void) {
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
len = sizeof adaptername;
|
len = sizeof adaptername;
|
||||||
err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
|
err = RegQueryValueEx(key2, "Name", 0, 0, (LPBYTE)adaptername, &len);
|
||||||
|
|
||||||
RegCloseKey(key2);
|
RegCloseKey(key2);
|
||||||
|
|
||||||
|
@ -222,7 +223,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool write_packet(vpn_packet_t *packet) {
|
static bool write_packet(vpn_packet_t *packet) {
|
||||||
long outlen;
|
DWORD outlen;
|
||||||
OVERLAPPED overlapped = {0};
|
OVERLAPPED overlapped = {0};
|
||||||
|
|
||||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||||
|
|
|
@ -165,7 +165,7 @@ static void close_device(void) {
|
||||||
static bool read_packet(vpn_packet_t *packet) {
|
static bool read_packet(vpn_packet_t *packet) {
|
||||||
int lenin;
|
int lenin;
|
||||||
|
|
||||||
if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) {
|
if((lenin = recv(device_fd, (void *)packet->data, MTU, 0)) <= 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||||
device, strerror(errno));
|
device, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
|
@ -191,7 +191,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
||||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||||
packet->len, device_info);
|
packet->len, device_info);
|
||||||
|
|
||||||
if(sendto(device_fd, packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
|
if(sendto(device_fd, (void *)packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
|
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
|
|
106
src/names.c
Normal file
106
src/names.c
Normal file
|
@ -0,0 +1,106 @@
|
||||||
|
/*
|
||||||
|
names.c -- generate commonly used (file)names
|
||||||
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along
|
||||||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "system.h"
|
||||||
|
|
||||||
|
#include "logger.h"
|
||||||
|
#include "xalloc.h"
|
||||||
|
|
||||||
|
char *netname = NULL;
|
||||||
|
char *confdir = NULL; /* base configuration directory */
|
||||||
|
char *confbase = NULL; /* base configuration directory for this instance of tinc */
|
||||||
|
char *identname = NULL; /* program name for syslog */
|
||||||
|
char *unixsocketname = NULL; /* UNIX socket location */
|
||||||
|
char *logfilename = NULL; /* log file location */
|
||||||
|
char *pidfilename = NULL;
|
||||||
|
char *program_name = NULL;
|
||||||
|
|
||||||
|
/*
|
||||||
|
Set all files and paths according to netname
|
||||||
|
*/
|
||||||
|
void make_names(void) {
|
||||||
|
#ifdef HAVE_MINGW
|
||||||
|
HKEY key;
|
||||||
|
char installdir[1024] = "";
|
||||||
|
DWORD len = sizeof installdir;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if(netname)
|
||||||
|
xasprintf(&identname, "tinc.%s", netname);
|
||||||
|
else
|
||||||
|
identname = xstrdup("tinc");
|
||||||
|
|
||||||
|
#ifdef HAVE_MINGW
|
||||||
|
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
||||||
|
if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
|
||||||
|
confdir = xstrdup(installdir);
|
||||||
|
if(!logfilename)
|
||||||
|
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", installdir, identname);
|
||||||
|
if(!confbase) {
|
||||||
|
if(netname)
|
||||||
|
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
|
||||||
|
else
|
||||||
|
xasprintf(&confbase, "%s", installdir);
|
||||||
|
}
|
||||||
|
if(!pidfilename)
|
||||||
|
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
|
||||||
|
}
|
||||||
|
RegCloseKey(key);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
if(!confdir)
|
||||||
|
confdir = xstrdup(CONFDIR SLASH "tinc");
|
||||||
|
|
||||||
|
if(!logfilename)
|
||||||
|
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
|
||||||
|
|
||||||
|
if(!pidfilename)
|
||||||
|
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
|
||||||
|
|
||||||
|
if(!unixsocketname) {
|
||||||
|
int len = strlen(pidfilename);
|
||||||
|
unixsocketname = xmalloc(len + 8);
|
||||||
|
strcpy(unixsocketname, pidfilename);
|
||||||
|
if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
|
||||||
|
strcpy(unixsocketname + len - 4, ".socket");
|
||||||
|
else
|
||||||
|
strcpy(unixsocketname + len, ".socket");
|
||||||
|
}
|
||||||
|
|
||||||
|
if(netname) {
|
||||||
|
if(!confbase)
|
||||||
|
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
|
||||||
|
else
|
||||||
|
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
|
||||||
|
} else {
|
||||||
|
if(!confbase)
|
||||||
|
xasprintf(&confbase, CONFDIR SLASH "tinc");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void free_names(void) {
|
||||||
|
free(identname);
|
||||||
|
free(netname);
|
||||||
|
free(unixsocketname);
|
||||||
|
free(pidfilename);
|
||||||
|
free(logfilename);
|
||||||
|
free(confbase);
|
||||||
|
free(confdir);
|
||||||
|
}
|
36
src/names.h
Normal file
36
src/names.h
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
/*
|
||||||
|
names.h -- header for names.c
|
||||||
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along
|
||||||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef __TINC_NAMES_H__
|
||||||
|
#define __TINC_NAMES_H__
|
||||||
|
|
||||||
|
extern char *confdir;
|
||||||
|
extern char *confbase;
|
||||||
|
extern char *netname;
|
||||||
|
extern char *identname;
|
||||||
|
extern char *unixsocketname;
|
||||||
|
extern char *logfilename;
|
||||||
|
extern char *pidfilename;
|
||||||
|
extern char *program_name;
|
||||||
|
|
||||||
|
extern void make_names(void);
|
||||||
|
extern void free_names(void);
|
||||||
|
|
||||||
|
#endif /* __TINC_NAMES_H__ */
|
24
src/net.c
24
src/net.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net.c -- most of the network code
|
net.c -- most of the network code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2011 Loïc Grenié <loic.grenie@gmail.com>
|
2011 Loïc Grenié <loic.grenie@gmail.com>
|
||||||
|
|
||||||
|
@ -29,6 +29,7 @@
|
||||||
#include "graph.h"
|
#include "graph.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
#include "meta.h"
|
#include "meta.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
@ -280,29 +281,13 @@ static void periodic_handler(void *data) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void handle_meta_connection_data(connection_t *c) {
|
void handle_meta_connection_data(connection_t *c) {
|
||||||
int result;
|
|
||||||
socklen_t len = sizeof result;
|
|
||||||
|
|
||||||
if(c->status.connecting) {
|
|
||||||
c->status.connecting = false;
|
|
||||||
|
|
||||||
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len);
|
|
||||||
|
|
||||||
if(!result)
|
|
||||||
finish_connecting(c);
|
|
||||||
else {
|
|
||||||
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
|
|
||||||
terminate_connection(c, false);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!receive_meta(c)) {
|
if (!receive_meta(c)) {
|
||||||
terminate_connection(c, c->status.active);
|
terminate_connection(c, c->status.active);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
static void sigterm_handler(void *data) {
|
static void sigterm_handler(void *data) {
|
||||||
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
|
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
|
||||||
event_exit();
|
event_exit();
|
||||||
|
@ -318,6 +303,7 @@ static void sigalrm_handler(void *data) {
|
||||||
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
|
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
|
||||||
retry();
|
retry();
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int reload_configuration(void) {
|
int reload_configuration(void) {
|
||||||
char *fname;
|
char *fname;
|
||||||
|
@ -451,11 +437,13 @@ int main_loop(void) {
|
||||||
signal_t sighup = {0};
|
signal_t sighup = {0};
|
||||||
signal_t sigterm = {0};
|
signal_t sigterm = {0};
|
||||||
signal_t sigquit = {0};
|
signal_t sigquit = {0};
|
||||||
|
signal_t sigint = {0};
|
||||||
signal_t sigalrm = {0};
|
signal_t sigalrm = {0};
|
||||||
|
|
||||||
signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
|
signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
|
||||||
signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
|
signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
|
||||||
signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
|
signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
|
||||||
|
signal_add(&sigint, sigterm_handler, &sigint, SIGINT);
|
||||||
signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
|
signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net.h -- header for net.c
|
net.h -- header for net.c
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -128,6 +128,7 @@ extern bool localdiscovery;
|
||||||
|
|
||||||
extern listen_socket_t listen_socket[MAXSOCKETS];
|
extern listen_socket_t listen_socket[MAXSOCKETS];
|
||||||
extern int listen_sockets;
|
extern int listen_sockets;
|
||||||
|
extern io_t unix_socket;
|
||||||
extern int keylifetime;
|
extern int keylifetime;
|
||||||
extern int udp_rcvbuf;
|
extern int udp_rcvbuf;
|
||||||
extern int udp_sndbuf;
|
extern int udp_sndbuf;
|
||||||
|
@ -164,6 +165,7 @@ extern void handle_incoming_vpn_data(void *, int);
|
||||||
extern void finish_connecting(struct connection_t *);
|
extern void finish_connecting(struct connection_t *);
|
||||||
extern bool do_outgoing_connection(struct outgoing_t *);
|
extern bool do_outgoing_connection(struct outgoing_t *);
|
||||||
extern void handle_new_meta_connection(void *, int);
|
extern void handle_new_meta_connection(void *, int);
|
||||||
|
extern void handle_new_unix_connection(void *, int);
|
||||||
extern int setup_listen_socket(const sockaddr_t *);
|
extern int setup_listen_socket(const sockaddr_t *);
|
||||||
extern int setup_vpn_in_socket(const sockaddr_t *);
|
extern int setup_vpn_in_socket(const sockaddr_t *);
|
||||||
extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len);
|
extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_packet.c -- Handles in- and outgoing VPN packets
|
net_packet.c -- Handles in- and outgoing VPN packets
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -22,12 +22,6 @@
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
#include <openssl/err.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <openssl/pem.h>
|
|
||||||
#include <openssl/hmac.h>
|
|
||||||
|
|
||||||
#ifdef HAVE_ZLIB
|
#ifdef HAVE_ZLIB
|
||||||
#include <zlib.h>
|
#include <zlib.h>
|
||||||
#endif
|
#endif
|
||||||
|
@ -70,11 +64,15 @@ bool localdiscovery = false;
|
||||||
mtuprobes == 32: send 1 burst, sleep pingtimeout second
|
mtuprobes == 32: send 1 burst, sleep pingtimeout second
|
||||||
mtuprobes == 33: no response from other side, restart PMTU discovery process
|
mtuprobes == 33: no response from other side, restart PMTU discovery process
|
||||||
|
|
||||||
Probes are sent in batches of three, with random sizes between the lower and
|
Probes are sent in batches of at least three, with random sizes between the
|
||||||
upper boundaries for the MTU thus far discovered.
|
lower and upper boundaries for the MTU thus far discovered.
|
||||||
|
|
||||||
In case local discovery is enabled, a fourth packet is added to each batch,
|
After the initial discovery, a fourth packet is added to each batch with a
|
||||||
|
size larger than the currently known PMTU, to test if the PMTU has increased.
|
||||||
|
|
||||||
|
In case local discovery is enabled, another packet is added to each batch,
|
||||||
which will be broadcast to the local network.
|
which will be broadcast to the local network.
|
||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static void send_mtu_probe_handler(void *data) {
|
static void send_mtu_probe_handler(void *data) {
|
||||||
|
@ -125,13 +123,18 @@ static void send_mtu_probe_handler(void *data) {
|
||||||
timeout = pingtimeout;
|
timeout = pingtimeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
for(int i = 0; i < 3 + localdiscovery; i++) {
|
for(int i = 0; i < 4 + localdiscovery; i++) {
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
if(n->maxmtu <= n->minmtu)
|
if(i == 0) {
|
||||||
|
if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
|
||||||
|
continue;
|
||||||
|
len = n->maxmtu + 8;
|
||||||
|
} else if(n->maxmtu <= n->minmtu) {
|
||||||
len = n->maxmtu;
|
len = n->maxmtu;
|
||||||
else
|
} else {
|
||||||
len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
|
len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
|
||||||
|
}
|
||||||
|
|
||||||
if(len < 64)
|
if(len < 64)
|
||||||
len = 64;
|
len = 64;
|
||||||
|
@ -140,7 +143,7 @@ static void send_mtu_probe_handler(void *data) {
|
||||||
memset(packet.data, 0, 14);
|
memset(packet.data, 0, 14);
|
||||||
randomize(packet.data + 14, len - 14);
|
randomize(packet.data + 14, len - 14);
|
||||||
packet.len = len;
|
packet.len = len;
|
||||||
if(i >= 3 && n->mtuprobes <= 10)
|
if(i >= 4 && n->mtuprobes <= 10)
|
||||||
packet.priority = -1;
|
packet.priority = -1;
|
||||||
else
|
else
|
||||||
packet.priority = 0;
|
packet.priority = 0;
|
||||||
|
@ -150,6 +153,21 @@ static void send_mtu_probe_handler(void *data) {
|
||||||
send_udppacket(n, &packet);
|
send_udppacket(n, &packet);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
n->probe_counter = 0;
|
||||||
|
gettimeofday(&n->probe_time, NULL);
|
||||||
|
|
||||||
|
/* Calculate the packet loss of incoming traffic by comparing the rate of
|
||||||
|
packets received to the rate with which the sequence number has increased.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if(n->received > n->prev_received)
|
||||||
|
n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
|
||||||
|
else
|
||||||
|
n->packetloss = n->received_seqno <= n->prev_received_seqno;
|
||||||
|
|
||||||
|
n->prev_received_seqno = n->received_seqno;
|
||||||
|
n->prev_received = n->received;
|
||||||
|
|
||||||
end:
|
end:
|
||||||
timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
|
timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
|
||||||
}
|
}
|
||||||
|
@ -184,6 +202,13 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
||||||
/* If we haven't established the PMTU yet, restart the discovery process. */
|
/* If we haven't established the PMTU yet, restart the discovery process. */
|
||||||
|
|
||||||
if(n->mtuprobes > 30) {
|
if(n->mtuprobes > 30) {
|
||||||
|
if (len == n->maxmtu + 8) {
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
|
||||||
|
n->maxmtu = MTU;
|
||||||
|
n->mtuprobes = 10;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if(n->minmtu)
|
if(n->minmtu)
|
||||||
n->mtuprobes = 30;
|
n->mtuprobes = 30;
|
||||||
else
|
else
|
||||||
|
@ -196,6 +221,25 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
||||||
len = n->maxmtu;
|
len = n->maxmtu;
|
||||||
if(n->minmtu < len)
|
if(n->minmtu < len)
|
||||||
n->minmtu = len;
|
n->minmtu = len;
|
||||||
|
|
||||||
|
/* Calculate RTT and bandwidth.
|
||||||
|
The RTT is the time between the MTU probe burst was sent and the first
|
||||||
|
reply is received. The bandwidth is measured using the time between the
|
||||||
|
arrival of the first and third probe reply.
|
||||||
|
*/
|
||||||
|
|
||||||
|
struct timeval now, diff;
|
||||||
|
gettimeofday(&now, NULL);
|
||||||
|
timersub(&now, &n->probe_time, &diff);
|
||||||
|
n->probe_counter++;
|
||||||
|
|
||||||
|
if(n->probe_counter == 1) {
|
||||||
|
n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
|
||||||
|
n->probe_time = now;
|
||||||
|
} else if(n->probe_counter == 3) {
|
||||||
|
n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
|
||||||
|
logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -365,6 +409,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
||||||
if(inpkt->seqno > n->received_seqno)
|
if(inpkt->seqno > n->received_seqno)
|
||||||
n->received_seqno = inpkt->seqno;
|
n->received_seqno = inpkt->seqno;
|
||||||
|
|
||||||
|
n->received++;
|
||||||
|
|
||||||
if(n->received_seqno > MAX_SEQNO)
|
if(n->received_seqno > MAX_SEQNO)
|
||||||
regenerate_key();
|
regenerate_key();
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -31,6 +31,7 @@
|
||||||
#include "ecdsa.h"
|
#include "ecdsa.h"
|
||||||
#include "graph.h"
|
#include "graph.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
@ -807,6 +808,37 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
/* Open sockets */
|
/* Open sockets */
|
||||||
|
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
|
int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
|
if(unix_fd < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct sockaddr_un sa;
|
||||||
|
sa.sun_family = AF_UNIX;
|
||||||
|
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
|
||||||
|
|
||||||
|
if(connect(unix_fd, (struct sockaddr *)&sa, sizeof sa) >= 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
unlink(unixsocketname);
|
||||||
|
|
||||||
|
if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(listen(unix_fd, 3) < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
|
||||||
|
#endif
|
||||||
|
|
||||||
if(!do_detach && getenv("LISTEN_FDS")) {
|
if(!do_detach && getenv("LISTEN_FDS")) {
|
||||||
sockaddr_t sa;
|
sockaddr_t sa;
|
||||||
socklen_t salen;
|
socklen_t salen;
|
||||||
|
@ -991,6 +1023,11 @@ void close_network_connections(void) {
|
||||||
close(listen_socket[i].udp.fd);
|
close(listen_socket[i].udp.fd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
|
io_del(&unix_socket);
|
||||||
|
close(unix_socket.fd);
|
||||||
|
#endif
|
||||||
|
|
||||||
char *envp[5];
|
char *envp[5];
|
||||||
xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
|
xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
|
||||||
xasprintf(&envp[1], "DEVICE=%s", device ? : "");
|
xasprintf(&envp[1], "DEVICE=%s", device ? : "");
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_socket.c -- Handle various kinds of sockets.
|
net_socket.c -- Handle various kinds of sockets.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2009 Florian Forster <octo@verplant.org>
|
2009 Florian Forster <octo@verplant.org>
|
||||||
|
|
||||||
|
@ -24,9 +24,11 @@
|
||||||
|
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "connection.h"
|
#include "connection.h"
|
||||||
|
#include "control_common.h"
|
||||||
#include "list.h"
|
#include "list.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
#include "meta.h"
|
#include "meta.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "protocol.h"
|
#include "protocol.h"
|
||||||
|
@ -46,6 +48,9 @@ int udp_sndbuf = 0;
|
||||||
|
|
||||||
listen_socket_t listen_socket[MAXSOCKETS];
|
listen_socket_t listen_socket[MAXSOCKETS];
|
||||||
int listen_sockets;
|
int listen_sockets;
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
|
io_t unix_socket;
|
||||||
|
#endif
|
||||||
list_t *outgoing_list = NULL;
|
list_t *outgoing_list = NULL;
|
||||||
|
|
||||||
/* Setup sockets */
|
/* Setup sockets */
|
||||||
|
@ -289,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
|
||||||
void finish_connecting(connection_t *c) {
|
void finish_connecting(connection_t *c) {
|
||||||
logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
|
logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
|
||||||
|
|
||||||
if(proxytype != PROXY_EXEC)
|
|
||||||
configure_tcp(c);
|
|
||||||
|
|
||||||
c->last_ping_time = time(NULL);
|
c->last_ping_time = time(NULL);
|
||||||
c->status.connecting = false;
|
c->status.connecting = false;
|
||||||
|
|
||||||
|
@ -368,10 +370,28 @@ static void handle_meta_write(connection_t *c) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_meta_io(void *data, int flags) {
|
static void handle_meta_io(void *data, int flags) {
|
||||||
|
connection_t *c = data;
|
||||||
|
|
||||||
|
if(c->status.connecting) {
|
||||||
|
c->status.connecting = false;
|
||||||
|
|
||||||
|
int result;
|
||||||
|
socklen_t len = sizeof result;
|
||||||
|
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len);
|
||||||
|
|
||||||
|
if(!result)
|
||||||
|
finish_connecting(c);
|
||||||
|
else {
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
|
||||||
|
terminate_connection(c, false);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(flags & IO_WRITE)
|
if(flags & IO_WRITE)
|
||||||
handle_meta_write(data);
|
handle_meta_write(c);
|
||||||
else
|
else
|
||||||
handle_meta_connection_data(data);
|
handle_meta_connection_data(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool do_outgoing_connection(outgoing_t *outgoing) {
|
bool do_outgoing_connection(outgoing_t *outgoing) {
|
||||||
|
@ -436,6 +456,7 @@ begin:
|
||||||
}
|
}
|
||||||
logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
|
logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
|
||||||
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
|
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
|
||||||
|
configure_tcp(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(c->socket == -1) {
|
if(c->socket == -1) {
|
||||||
|
@ -488,7 +509,7 @@ begin:
|
||||||
|
|
||||||
connection_add(c);
|
connection_add(c);
|
||||||
|
|
||||||
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
|
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -561,6 +582,45 @@ void handle_new_meta_connection(void *data, int flags) {
|
||||||
send_id(c);
|
send_id(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
|
/*
|
||||||
|
accept a new UNIX socket connection
|
||||||
|
*/
|
||||||
|
void handle_new_unix_connection(void *data, int flags) {
|
||||||
|
io_t *io = data;
|
||||||
|
connection_t *c;
|
||||||
|
sockaddr_t sa;
|
||||||
|
int fd;
|
||||||
|
socklen_t len = sizeof sa;
|
||||||
|
|
||||||
|
fd = accept(io->fd, &sa.sa, &len);
|
||||||
|
|
||||||
|
if(fd < 0) {
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
sockaddrunmap(&sa);
|
||||||
|
|
||||||
|
c = new_connection();
|
||||||
|
c->name = xstrdup("<control>");
|
||||||
|
c->address = sa;
|
||||||
|
c->hostname = xstrdup("localhost port unix");
|
||||||
|
c->socket = fd;
|
||||||
|
c->last_ping_time = time(NULL);
|
||||||
|
|
||||||
|
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
|
||||||
|
|
||||||
|
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
|
||||||
|
|
||||||
|
connection_add(c);
|
||||||
|
|
||||||
|
c->allow_request = ID;
|
||||||
|
|
||||||
|
send_id(c);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static void free_outgoing(outgoing_t *outgoing) {
|
static void free_outgoing(outgoing_t *outgoing) {
|
||||||
timeout_del(&outgoing->ev);
|
timeout_del(&outgoing->ev);
|
||||||
|
|
||||||
|
|
10
src/node.h
10
src/node.h
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
node.h -- header for node.c
|
node.h -- header for node.c
|
||||||
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -77,6 +77,9 @@ typedef struct node_t {
|
||||||
|
|
||||||
uint32_t sent_seqno; /* Sequence number last sent to this node */
|
uint32_t sent_seqno; /* Sequence number last sent to this node */
|
||||||
uint32_t received_seqno; /* Sequence number last received from this node */
|
uint32_t received_seqno; /* Sequence number last received from this node */
|
||||||
|
uint32_t received; /* Total valid packets received from this node */
|
||||||
|
uint32_t prev_received_seqno;
|
||||||
|
uint32_t prev_received;
|
||||||
uint32_t farfuture; /* Packets in a row that have arrived from the far future */
|
uint32_t farfuture; /* Packets in a row that have arrived from the far future */
|
||||||
unsigned char* late; /* Bitfield marking late packets */
|
unsigned char* late; /* Bitfield marking late packets */
|
||||||
|
|
||||||
|
@ -85,6 +88,11 @@ typedef struct node_t {
|
||||||
length_t maxmtu; /* Probed maximum MTU */
|
length_t maxmtu; /* Probed maximum MTU */
|
||||||
int mtuprobes; /* Number of probes */
|
int mtuprobes; /* Number of probes */
|
||||||
timeout_t mtutimeout; /* Probe event */
|
timeout_t mtutimeout; /* Probe event */
|
||||||
|
struct timeval probe_time; /* Time the last probe was sent or received */
|
||||||
|
int probe_counter; /* Number of probes received since last burst was sent */
|
||||||
|
float rtt; /* Last measured round trip time */
|
||||||
|
float bandwidth; /* Last measured bandwidth */
|
||||||
|
float packetloss; /* Last measured packet loss rate */
|
||||||
|
|
||||||
uint64_t in_packets;
|
uint64_t in_packets;
|
||||||
uint64_t in_bytes;
|
uint64_t in_bytes;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
process.c -- process management functions
|
process.c -- process management functions
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -27,6 +27,7 @@
|
||||||
#include "edge.h"
|
#include "edge.h"
|
||||||
#include "event.h"
|
#include "event.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "node.h"
|
#include "node.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
@ -38,17 +39,12 @@
|
||||||
bool do_detach = true;
|
bool do_detach = true;
|
||||||
bool sigalrm = false;
|
bool sigalrm = false;
|
||||||
|
|
||||||
extern char *identname;
|
|
||||||
extern char **g_argv;
|
extern char **g_argv;
|
||||||
extern bool use_logfile;
|
extern bool use_logfile;
|
||||||
|
|
||||||
/* Some functions the less gifted operating systems might lack... */
|
/* Some functions the less gifted operating systems might lack... */
|
||||||
|
|
||||||
#ifdef HAVE_MINGW
|
#ifdef HAVE_MINGW
|
||||||
extern char *identname;
|
|
||||||
extern char *program_name;
|
|
||||||
extern char **g_argv;
|
|
||||||
|
|
||||||
static SC_HANDLE manager = NULL;
|
static SC_HANDLE manager = NULL;
|
||||||
static SC_HANDLE service = NULL;
|
static SC_HANDLE service = NULL;
|
||||||
static SERVICE_STATUS status = {0};
|
static SERVICE_STATUS status = {0};
|
||||||
|
@ -263,8 +259,8 @@ bool execute_script(const char *name, char **envp) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WEXITSTATUS
|
|
||||||
if(status != -1) {
|
if(status != -1) {
|
||||||
|
#ifdef WEXITSTATUS
|
||||||
if(WIFEXITED(status)) { /* Child exited by itself */
|
if(WIFEXITED(status)) { /* Child exited by itself */
|
||||||
if(WEXITSTATUS(status)) {
|
if(WEXITSTATUS(status)) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d",
|
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d",
|
||||||
|
@ -279,11 +275,11 @@ bool execute_script(const char *name, char **envp) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name);
|
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
} else {
|
} else {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,7 +111,7 @@ void forward_request(connection_t *from, const char *request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool receive_request(connection_t *c, const char *request) {
|
bool receive_request(connection_t *c, const char *request) {
|
||||||
if(proxytype == PROXY_HTTP && c->allow_request == ID) {
|
if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
|
||||||
if(!request[0] || request[0] == '\r')
|
if(!request[0] || request[0] == '\r')
|
||||||
return true;
|
return true;
|
||||||
if(!strncasecmp(request, "HTTP/1.1 ", 9)) {
|
if(!strncasecmp(request, "HTTP/1.1 ", 9)) {
|
||||||
|
|
|
@ -139,7 +139,7 @@ bool send_id(connection_t *c) {
|
||||||
minor = myself->connection->protocol_minor;
|
minor = myself->connection->protocol_minor;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(proxytype)
|
if(proxytype && c->outgoing)
|
||||||
if(!send_proxyrequest(c))
|
if(!send_proxyrequest(c))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_key.c -- handle the meta-protocol, key exchange
|
protocol_key.c -- handle the meta-protocol, key exchange
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -278,6 +278,7 @@ bool send_ans_key(node_t *to) {
|
||||||
// Reset sequence number and late packet window
|
// Reset sequence number and late packet window
|
||||||
mykeyused = true;
|
mykeyused = true;
|
||||||
to->received_seqno = 0;
|
to->received_seqno = 0;
|
||||||
|
to->received = 0;
|
||||||
if(replaywin) memset(to->late, 0, replaywin);
|
if(replaywin) memset(to->late, 0, replaywin);
|
||||||
|
|
||||||
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
route.c -- routing
|
route.c -- routing
|
||||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -835,6 +835,11 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
|
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||||
|
|
||||||
|
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
|
||||||
|
packet->priority = packet->data[15];
|
||||||
|
|
||||||
// Handle packets larger than PMTU
|
// Handle packets larger than PMTU
|
||||||
|
|
||||||
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
@ -844,7 +849,6 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
|
|
||||||
if(via && packet->len > via->mtu && via != myself) {
|
if(via && packet->len > via->mtu && via != myself) {
|
||||||
logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
|
||||||
length_t ethlen = 14;
|
length_t ethlen = 14;
|
||||||
|
|
||||||
if(type == ETH_P_8021Q) {
|
if(type == ETH_P_8021Q) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Solaris tun device
|
device.c -- Interaction with Solaris tun device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -28,6 +28,7 @@
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
29
src/sptps.c
29
src/sptps.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
sptps.c -- Simple Peer-to-Peer Security
|
sptps.c -- Simple Peer-to-Peer Security
|
||||||
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2010 Brandon L. Black <blblack@gmail.com>
|
2010 Brandon L. Black <blblack@gmail.com>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -439,6 +439,17 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
|
||||||
return receive_handshake(s, data + 5, len - 5);
|
return receive_handshake(s, data + 5, len - 5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check HMAC.
|
||||||
|
uint16_t netlen = htons(len - 21);
|
||||||
|
|
||||||
|
char buffer[len + 23];
|
||||||
|
|
||||||
|
memcpy(buffer, &netlen, 2);
|
||||||
|
memcpy(buffer + 2, data, len);
|
||||||
|
|
||||||
|
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
|
||||||
|
return error(s, EIO, "Invalid HMAC");
|
||||||
|
|
||||||
// Replay protection using a sliding window of configurable size.
|
// Replay protection using a sliding window of configurable size.
|
||||||
// s->inseqno is expected sequence number
|
// s->inseqno is expected sequence number
|
||||||
// seqno is received sequence number
|
// seqno is received sequence number
|
||||||
|
@ -473,19 +484,13 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
|
||||||
if(seqno > s->inseqno)
|
if(seqno > s->inseqno)
|
||||||
s->inseqno = seqno + 1;
|
s->inseqno = seqno + 1;
|
||||||
|
|
||||||
uint16_t netlen = htons(len - 21);
|
if(!s->inseqno)
|
||||||
|
s->received = 0;
|
||||||
char buffer[len + 23];
|
else
|
||||||
|
s->received++;
|
||||||
memcpy(buffer, &netlen, 2);
|
|
||||||
memcpy(buffer + 2, data, len);
|
|
||||||
|
|
||||||
|
// Decrypt.
|
||||||
memcpy(&seqno, buffer + 2, 4);
|
memcpy(&seqno, buffer + 2, 4);
|
||||||
|
|
||||||
// Check HMAC and decrypt.
|
|
||||||
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
|
|
||||||
return error(s, EIO, "Invalid HMAC");
|
|
||||||
|
|
||||||
cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
|
cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
|
||||||
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
|
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
sptps.h -- Simple Peer-to-Peer Security
|
sptps.h -- Simple Peer-to-Peer Security
|
||||||
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -56,6 +56,7 @@ typedef struct sptps {
|
||||||
cipher_t incipher;
|
cipher_t incipher;
|
||||||
digest_t indigest;
|
digest_t indigest;
|
||||||
uint32_t inseqno;
|
uint32_t inseqno;
|
||||||
|
uint32_t received;
|
||||||
unsigned int replaywin;
|
unsigned int replaywin;
|
||||||
unsigned int farfuture;
|
unsigned int farfuture;
|
||||||
char *late;
|
char *late;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
subnet.c -- handle subnet lookups and lists
|
subnet.c -- handle subnet lookups and lists
|
||||||
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -25,6 +25,7 @@
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "hash.h"
|
#include "hash.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "node.h"
|
#include "node.h"
|
||||||
|
|
214
src/tincctl.c
214
src/tincctl.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
tincctl.c -- Controlling a running tincd
|
tincctl.c -- Controlling a running tincd
|
||||||
Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -31,6 +31,7 @@
|
||||||
#include "control_common.h"
|
#include "control_common.h"
|
||||||
#include "ecdsagen.h"
|
#include "ecdsagen.h"
|
||||||
#include "info.h"
|
#include "info.h"
|
||||||
|
#include "names.h"
|
||||||
#include "rsagen.h"
|
#include "rsagen.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "tincctl.h"
|
#include "tincctl.h"
|
||||||
|
@ -40,10 +41,6 @@
|
||||||
#define mkdir(a, b) mkdir(a)
|
#define mkdir(a, b) mkdir(a)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* The name this program was run with. */
|
|
||||||
static char *program_name = NULL;
|
|
||||||
|
|
||||||
static char **orig_argv;
|
static char **orig_argv;
|
||||||
static int orig_argc;
|
static int orig_argc;
|
||||||
|
|
||||||
|
@ -54,12 +51,7 @@ static bool show_help = false;
|
||||||
static bool show_version = false;
|
static bool show_version = false;
|
||||||
|
|
||||||
static char *name = NULL;
|
static char *name = NULL;
|
||||||
static char *identname = NULL; /* program name for syslog */
|
|
||||||
static char *pidfilename = NULL; /* pid file location */
|
|
||||||
static char *confdir = NULL;
|
|
||||||
static char controlcookie[1025];
|
static char controlcookie[1025];
|
||||||
char *netname = NULL;
|
|
||||||
char *confbase = NULL;
|
|
||||||
static char *tinc_conf = NULL;
|
static char *tinc_conf = NULL;
|
||||||
static char *hosts_dir = NULL;
|
static char *hosts_dir = NULL;
|
||||||
struct timeval now;
|
struct timeval now;
|
||||||
|
@ -107,10 +99,9 @@ static void version(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void usage(bool status) {
|
static void usage(bool status) {
|
||||||
if(status)
|
if(status) {
|
||||||
fprintf(stderr, "Try `%s --help\' for more information.\n",
|
fprintf(stderr, "Try `%s --help\' for more information.\n", program_name);
|
||||||
program_name);
|
} else {
|
||||||
else {
|
|
||||||
printf("Usage: %s [options] command\n\n", program_name);
|
printf("Usage: %s [options] command\n\n", program_name);
|
||||||
printf("Valid options are:\n"
|
printf("Valid options are:\n"
|
||||||
" -c, --config=DIR Read configuration options from DIR.\n"
|
" -c, --config=DIR Read configuration options from DIR.\n"
|
||||||
|
@ -153,6 +144,8 @@ static void usage(bool status) {
|
||||||
" export Export host configuration of local node to standard output\n"
|
" export Export host configuration of local node to standard output\n"
|
||||||
" export-all Export all host configuration files to standard output\n"
|
" export-all Export all host configuration files to standard output\n"
|
||||||
" import [--force] Import host configuration file(s) from standard input\n"
|
" import [--force] Import host configuration file(s) from standard input\n"
|
||||||
|
" exchange [--force] Same as export followed by import\n"
|
||||||
|
" exchange-all [--force] Same as export-all followed by import\n"
|
||||||
"\n");
|
"\n");
|
||||||
printf("Report bugs to tinc@tinc-vpn.org.\n");
|
printf("Report bugs to tinc@tinc-vpn.org.\n");
|
||||||
}
|
}
|
||||||
|
@ -453,62 +446,6 @@ static bool rsa_keygen(int bits, bool ask) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
Set all files and paths according to netname
|
|
||||||
*/
|
|
||||||
static void make_names(void) {
|
|
||||||
#ifdef HAVE_MINGW
|
|
||||||
HKEY key;
|
|
||||||
char installdir[1024] = "";
|
|
||||||
long len = sizeof installdir;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(netname)
|
|
||||||
xasprintf(&identname, "tinc.%s", netname);
|
|
||||||
else
|
|
||||||
identname = xstrdup("tinc");
|
|
||||||
|
|
||||||
#ifdef HAVE_MINGW
|
|
||||||
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
|
||||||
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
|
|
||||||
if(!confbase) {
|
|
||||||
if(netname)
|
|
||||||
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
|
|
||||||
else
|
|
||||||
xasprintf(&confbase, "%s", installdir);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(!pidfilename)
|
|
||||||
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
|
|
||||||
RegCloseKey(key);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!*installdir) {
|
|
||||||
#endif
|
|
||||||
confdir = xstrdup(CONFDIR);
|
|
||||||
|
|
||||||
if(!pidfilename)
|
|
||||||
xasprintf(&pidfilename, "%s" SLASH "run" SLASH "%s.pid", LOCALSTATEDIR, identname);
|
|
||||||
|
|
||||||
if(netname) {
|
|
||||||
if(!confbase)
|
|
||||||
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
|
|
||||||
else
|
|
||||||
fprintf(stderr, "Both netname and configuration directory given, using the latter...\n");
|
|
||||||
} else {
|
|
||||||
if(!confbase)
|
|
||||||
xasprintf(&confbase, CONFDIR SLASH "tinc");
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef HAVE_MINGW
|
|
||||||
} else
|
|
||||||
confdir = xstrdup(installdir);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
|
|
||||||
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
|
|
||||||
}
|
|
||||||
|
|
||||||
static char buffer[4096];
|
static char buffer[4096];
|
||||||
static size_t blen = 0;
|
static size_t blen = 0;
|
||||||
|
|
||||||
|
@ -729,6 +666,26 @@ static bool connect_tincd(bool verbose) {
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
|
struct sockaddr_un sa;
|
||||||
|
sa.sun_family = AF_UNIX;
|
||||||
|
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
|
||||||
|
|
||||||
|
fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
|
if(fd < 0) {
|
||||||
|
if(verbose)
|
||||||
|
fprintf(stderr, "Cannot create UNIX socket: %s\n", sockstrerror(sockerrno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(connect(fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
|
||||||
|
if(verbose)
|
||||||
|
fprintf(stderr, "Cannot connect to UNIX socket %s: %s\n", unixsocketname, sockstrerror(sockerrno));
|
||||||
|
close(fd);
|
||||||
|
fd = -1;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
#else
|
||||||
struct addrinfo hints = {
|
struct addrinfo hints = {
|
||||||
.ai_family = AF_UNSPEC,
|
.ai_family = AF_UNSPEC,
|
||||||
.ai_socktype = SOCK_STREAM,
|
.ai_socktype = SOCK_STREAM,
|
||||||
|
@ -769,6 +726,7 @@ static bool connect_tincd(bool verbose) {
|
||||||
}
|
}
|
||||||
|
|
||||||
freeaddrinfo(res);
|
freeaddrinfo(res);
|
||||||
|
#endif
|
||||||
|
|
||||||
char data[4096];
|
char data[4096];
|
||||||
int version;
|
int version;
|
||||||
|
@ -854,6 +812,11 @@ static int cmd_start(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_stop(int argc, char *argv[]) {
|
static int cmd_stop(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef HAVE_MINGW
|
#ifndef HAVE_MINGW
|
||||||
if(!connect_tincd(true)) {
|
if(!connect_tincd(true)) {
|
||||||
if(pid) {
|
if(pid) {
|
||||||
|
@ -871,16 +834,10 @@ static int cmd_stop(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
sendline(fd, "%d %d", CONTROL, REQ_STOP);
|
sendline(fd, "%d %d", CONTROL, REQ_STOP);
|
||||||
if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_STOP || result) {
|
|
||||||
fprintf(stderr, "Could not stop tinc daemon.\n");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
while(recvline(fd, line, sizeof line)) {
|
||||||
// Wait for tincd to close the connection...
|
// Wait for tincd to close the connection...
|
||||||
fd_set r;
|
}
|
||||||
FD_ZERO(&r);
|
|
||||||
FD_SET(fd, &r);
|
|
||||||
select(fd + 1, &r, NULL, NULL, NULL);
|
|
||||||
#else
|
#else
|
||||||
if(!remove_service())
|
if(!remove_service())
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -898,6 +855,11 @@ static int cmd_restart(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_reload(int argc, char *argv[]) {
|
static int cmd_reload(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(!connect_tincd(true))
|
if(!connect_tincd(true))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
@ -1070,6 +1032,11 @@ static int cmd_dump(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_purge(int argc, char *argv[]) {
|
static int cmd_purge(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(!connect_tincd(true))
|
if(!connect_tincd(true))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
@ -1105,6 +1072,11 @@ static int cmd_debug(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_retry(int argc, char *argv[]) {
|
static int cmd_retry(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(!connect_tincd(true))
|
if(!connect_tincd(true))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
@ -1164,6 +1136,11 @@ static int cmd_disconnect(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_top(int argc, char *argv[]) {
|
static int cmd_top(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef HAVE_CURSES
|
#ifdef HAVE_CURSES
|
||||||
if(!connect_tincd(true))
|
if(!connect_tincd(true))
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -1177,6 +1154,11 @@ static int cmd_top(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_pcap(int argc, char *argv[]) {
|
static int cmd_pcap(int argc, char *argv[]) {
|
||||||
|
if(argc > 2) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(!connect_tincd(true))
|
if(!connect_tincd(true))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
@ -1185,6 +1167,11 @@ static int cmd_pcap(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_log(int argc, char *argv[]) {
|
static int cmd_log(int argc, char *argv[]) {
|
||||||
|
if(argc > 2) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(!connect_tincd(true))
|
if(!connect_tincd(true))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
@ -1193,6 +1180,11 @@ static int cmd_log(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_pid(int argc, char *argv[]) {
|
static int cmd_pid(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(!connect_tincd(true) && !pid)
|
if(!connect_tincd(true) && !pid)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
@ -1613,7 +1605,10 @@ static int cmd_init(int argc, char *argv[]) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(argc < 2) {
|
if(argc > 2) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
} else if(argc < 2) {
|
||||||
if(tty) {
|
if(tty) {
|
||||||
char buf[1024];
|
char buf[1024];
|
||||||
fprintf(stdout, "Enter the Name you want your tinc node to have: ");
|
fprintf(stdout, "Enter the Name you want your tinc node to have: ");
|
||||||
|
@ -1692,14 +1687,29 @@ static int cmd_init(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_generate_keys(int argc, char *argv[]) {
|
static int cmd_generate_keys(int argc, char *argv[]) {
|
||||||
|
if(argc > 2) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
|
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_generate_rsa_keys(int argc, char *argv[]) {
|
static int cmd_generate_rsa_keys(int argc, char *argv[]) {
|
||||||
|
if(argc > 2) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
|
return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
|
static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
return !ecdsa_keygen(true);
|
return !ecdsa_keygen(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1709,6 +1719,11 @@ static int cmd_help(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_version(int argc, char *argv[]) {
|
static int cmd_version(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
version();
|
version();
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -1811,14 +1826,29 @@ static int export(const char *name, FILE *out) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_export(int argc, char *argv[]) {
|
static int cmd_export(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
char *name = get_my_name();
|
char *name = get_my_name();
|
||||||
if(!name)
|
if(!name)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
return export(name, stdout);
|
int result = export(name, stdout);
|
||||||
|
if(!tty)
|
||||||
|
fclose(stdout);
|
||||||
|
|
||||||
|
free(name);
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_export_all(int argc, char *argv[]) {
|
static int cmd_export_all(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
DIR *dir = opendir(hosts_dir);
|
DIR *dir = opendir(hosts_dir);
|
||||||
if(!dir) {
|
if(!dir) {
|
||||||
fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
|
fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
|
||||||
|
@ -1842,21 +1872,30 @@ static int cmd_export_all(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
closedir(dir);
|
closedir(dir);
|
||||||
|
if(!tty)
|
||||||
|
fclose(stdout);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cmd_import(int argc, char *argv[]) {
|
static int cmd_import(int argc, char *argv[]) {
|
||||||
|
if(argc > 1) {
|
||||||
|
fprintf(stderr, "Too many arguments!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
FILE *in = stdin;
|
FILE *in = stdin;
|
||||||
FILE *out = NULL;
|
FILE *out = NULL;
|
||||||
|
|
||||||
char buf[4096];
|
char buf[4096];
|
||||||
char name[4096];
|
char name[4096];
|
||||||
char *filename;
|
char *filename = NULL;
|
||||||
int count = 0;
|
int count = 0;
|
||||||
bool firstline = true;
|
bool firstline = true;
|
||||||
|
|
||||||
while(fgets(buf, sizeof buf, in)) {
|
while(fgets(buf, sizeof buf, in)) {
|
||||||
if(sscanf(buf, "Name = %s", name) == 1) {
|
if(sscanf(buf, "Name = %s", name) == 1) {
|
||||||
|
firstline = false;
|
||||||
|
|
||||||
if(!check_id(name)) {
|
if(!check_id(name)) {
|
||||||
fprintf(stderr, "Invalid Name in input!\n");
|
fprintf(stderr, "Invalid Name in input!\n");
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -1881,7 +1920,6 @@ static int cmd_import(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
count++;
|
count++;
|
||||||
firstline = false;
|
|
||||||
continue;
|
continue;
|
||||||
} else if(firstline) {
|
} else if(firstline) {
|
||||||
fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
|
fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
|
||||||
|
@ -1912,6 +1950,14 @@ static int cmd_import(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int cmd_exchange(int argc, char *argv[]) {
|
||||||
|
return cmd_export(argc, argv) ?: cmd_import(argc, argv);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int cmd_exchange_all(int argc, char *argv[]) {
|
||||||
|
return cmd_export_all(argc, argv) ?: cmd_import(argc, argv);
|
||||||
|
}
|
||||||
|
|
||||||
static const struct {
|
static const struct {
|
||||||
const char *command;
|
const char *command;
|
||||||
int (*function)(int argc, char *argv[]);
|
int (*function)(int argc, char *argv[]);
|
||||||
|
@ -1942,6 +1988,8 @@ static const struct {
|
||||||
{"export", cmd_export},
|
{"export", cmd_export},
|
||||||
{"export-all", cmd_export_all},
|
{"export-all", cmd_export_all},
|
||||||
{"import", cmd_import},
|
{"import", cmd_import},
|
||||||
|
{"exchange", cmd_exchange},
|
||||||
|
{"exchange-all", cmd_exchange_all},
|
||||||
{NULL, NULL},
|
{NULL, NULL},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -2189,6 +2237,8 @@ int main(int argc, char *argv[]) {
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
make_names();
|
make_names();
|
||||||
|
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
|
||||||
|
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
|
||||||
|
|
||||||
if(show_version) {
|
if(show_version) {
|
||||||
version();
|
version();
|
||||||
|
|
106
src/tincd.c
106
src/tincd.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
tincd.c -- the main file for tincd
|
tincd.c -- the main file for tincd
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2008 Max Rijevski <maksuf@gmail.com>
|
2008 Max Rijevski <maksuf@gmail.com>
|
||||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||||
2010 Julien Muchembled <jm@jmuchemb.eu>
|
2010 Julien Muchembled <jm@jmuchemb.eu>
|
||||||
|
@ -33,12 +33,6 @@
|
||||||
#include <sys/mman.h>
|
#include <sys/mman.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
#include <openssl/rsa.h>
|
|
||||||
#include <openssl/pem.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <openssl/engine.h>
|
|
||||||
|
|
||||||
#ifdef HAVE_LZO
|
#ifdef HAVE_LZO
|
||||||
#include LZO1X_H
|
#include LZO1X_H
|
||||||
#endif
|
#endif
|
||||||
|
@ -56,6 +50,7 @@
|
||||||
#include "crypto.h"
|
#include "crypto.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
@ -63,9 +58,6 @@
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
||||||
/* The name this program was run with. */
|
|
||||||
char *program_name = NULL;
|
|
||||||
|
|
||||||
/* If nonzero, display usage information and exit. */
|
/* If nonzero, display usage information and exit. */
|
||||||
static bool show_help = false;
|
static bool show_help = false;
|
||||||
|
|
||||||
|
@ -75,21 +67,22 @@ static bool show_version = false;
|
||||||
/* If nonzero, use null ciphers and skip all key exchanges. */
|
/* If nonzero, use null ciphers and skip all key exchanges. */
|
||||||
bool bypass_security = false;
|
bool bypass_security = false;
|
||||||
|
|
||||||
|
#ifdef HAVE_MLOCKALL
|
||||||
/* If nonzero, disable swapping for this process. */
|
/* If nonzero, disable swapping for this process. */
|
||||||
static bool do_mlock = false;
|
static bool do_mlock = false;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
/* If nonzero, chroot to netdir after startup. */
|
/* If nonzero, chroot to netdir after startup. */
|
||||||
static bool do_chroot = false;
|
static bool do_chroot = false;
|
||||||
|
|
||||||
/* If !NULL, do setuid to given user after startup */
|
/* If !NULL, do setuid to given user after startup */
|
||||||
static const char *switchuser = NULL;
|
static const char *switchuser = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* If nonzero, write log entries to a separate file. */
|
/* If nonzero, write log entries to a separate file. */
|
||||||
bool use_logfile = false;
|
bool use_logfile = false;
|
||||||
|
|
||||||
char *identname = NULL; /* program name for syslog */
|
|
||||||
char *logfilename = NULL; /* log file location */
|
|
||||||
char *pidfilename = NULL;
|
|
||||||
char **g_argv; /* a copy of the cmdline arguments */
|
char **g_argv; /* a copy of the cmdline arguments */
|
||||||
|
|
||||||
static int status = 1;
|
static int status = 1;
|
||||||
|
@ -127,13 +120,18 @@ static void usage(bool status) {
|
||||||
" -D, --no-detach Don't fork and detach.\n"
|
" -D, --no-detach Don't fork and detach.\n"
|
||||||
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
|
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
|
||||||
" -n, --net=NETNAME Connect to net NETNAME.\n"
|
" -n, --net=NETNAME Connect to net NETNAME.\n"
|
||||||
|
#ifdef HAVE_MLOCKALL
|
||||||
" -L, --mlock Lock tinc into main memory.\n"
|
" -L, --mlock Lock tinc into main memory.\n"
|
||||||
|
#endif
|
||||||
" --logfile[=FILENAME] Write log entries to a logfile.\n"
|
" --logfile[=FILENAME] Write log entries to a logfile.\n"
|
||||||
" --pidfile=FILENAME Write PID and control socket cookie to FILENAME.\n"
|
" --pidfile=FILENAME Write PID and control socket cookie to FILENAME.\n"
|
||||||
" --bypass-security Disables meta protocol security, for debugging.\n"
|
" --bypass-security Disables meta protocol security, for debugging.\n"
|
||||||
" -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n"
|
" -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n"
|
||||||
|
#ifndef HAVE_MINGW
|
||||||
" -R, --chroot chroot to NET dir at startup.\n"
|
" -R, --chroot chroot to NET dir at startup.\n"
|
||||||
" -U, --user=USER setuid to given USER at startup.\n" " --help Display this help and exit.\n"
|
" -U, --user=USER setuid to given USER at startup.\n"
|
||||||
|
#endif
|
||||||
|
" --help Display this help and exit.\n"
|
||||||
" --version Output version information and exit.\n\n");
|
" --version Output version information and exit.\n\n");
|
||||||
printf("Report bugs to tinc@tinc-vpn.org.\n");
|
printf("Report bugs to tinc@tinc-vpn.org.\n");
|
||||||
}
|
}
|
||||||
|
@ -162,7 +160,7 @@ static bool parse_options(int argc, char **argv) {
|
||||||
|
|
||||||
case 'L': /* no detach */
|
case 'L': /* no detach */
|
||||||
#ifndef HAVE_MLOCKALL
|
#ifndef HAVE_MLOCKALL
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "mlockall()");
|
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
|
||||||
return false;
|
return false;
|
||||||
#else
|
#else
|
||||||
do_mlock = true;
|
do_mlock = true;
|
||||||
|
@ -187,6 +185,12 @@ static bool parse_options(int argc, char **argv) {
|
||||||
list_insert_tail(cmdline_conf, cfg);
|
list_insert_tail(cmdline_conf, cfg);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
#ifdef HAVE_MINGW
|
||||||
|
case 'R':
|
||||||
|
case 'U':
|
||||||
|
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
|
||||||
|
return false;
|
||||||
|
#else
|
||||||
case 'R': /* chroot to NETNAME dir */
|
case 'R': /* chroot to NETNAME dir */
|
||||||
do_chroot = true;
|
do_chroot = true;
|
||||||
break;
|
break;
|
||||||
|
@ -194,6 +198,7 @@ static bool parse_options(int argc, char **argv) {
|
||||||
case 'U': /* setuid to USER */
|
case 'U': /* setuid to USER */
|
||||||
switchuser = optarg;
|
switchuser = optarg;
|
||||||
break;
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
case 1: /* show help */
|
case 1: /* show help */
|
||||||
show_help = true;
|
show_help = true;
|
||||||
|
@ -244,77 +249,8 @@ static bool parse_options(int argc, char **argv) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
Set all files and paths according to netname
|
|
||||||
*/
|
|
||||||
static void make_names(void) {
|
|
||||||
#ifdef HAVE_MINGW
|
|
||||||
HKEY key;
|
|
||||||
char installdir[1024] = "";
|
|
||||||
long len = sizeof installdir;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(netname)
|
|
||||||
xasprintf(&identname, "tinc.%s", netname);
|
|
||||||
else
|
|
||||||
identname = xstrdup("tinc");
|
|
||||||
|
|
||||||
#ifdef HAVE_MINGW
|
|
||||||
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
|
|
||||||
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
|
|
||||||
if(!logfilename)
|
|
||||||
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", identname);
|
|
||||||
if(!confbase) {
|
|
||||||
if(netname)
|
|
||||||
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
|
|
||||||
else
|
|
||||||
xasprintf(&confbase, "%s", installdir);
|
|
||||||
}
|
|
||||||
if(!pidfilename)
|
|
||||||
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
|
|
||||||
}
|
|
||||||
RegCloseKey(key);
|
|
||||||
if(*installdir)
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(!logfilename)
|
|
||||||
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
|
|
||||||
|
|
||||||
if(!pidfilename)
|
|
||||||
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
|
|
||||||
|
|
||||||
if(netname) {
|
|
||||||
if(!confbase)
|
|
||||||
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
|
|
||||||
else
|
|
||||||
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
|
|
||||||
} else {
|
|
||||||
if(!confbase)
|
|
||||||
xasprintf(&confbase, CONFDIR SLASH "tinc");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static void free_names(void) {
|
|
||||||
if (identname) free(identname);
|
|
||||||
if (netname) free(netname);
|
|
||||||
if (pidfilename) free(pidfilename);
|
|
||||||
if (logfilename) free(logfilename);
|
|
||||||
if (confbase) free(confbase);
|
|
||||||
}
|
|
||||||
|
|
||||||
static bool drop_privs(void) {
|
static bool drop_privs(void) {
|
||||||
#ifdef HAVE_MINGW
|
#ifndef HAVE_MINGW
|
||||||
if (switchuser) {
|
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-U");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (do_chroot) {
|
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-R");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
uid_t uid = 0;
|
uid_t uid = 0;
|
||||||
if (switchuser) {
|
if (switchuser) {
|
||||||
struct passwd *pw = getpwnam(switchuser);
|
struct passwd *pw = getpwnam(switchuser);
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
top.c -- Show real-time statistics from a running tincd
|
top.c -- Show real-time statistics from a running tincd
|
||||||
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -25,6 +25,7 @@
|
||||||
|
|
||||||
#include "control_common.h"
|
#include "control_common.h"
|
||||||
#include "list.h"
|
#include "list.h"
|
||||||
|
#include "names.h"
|
||||||
#include "tincctl.h"
|
#include "tincctl.h"
|
||||||
#include "top.h"
|
#include "top.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
@ -65,10 +66,6 @@ static float bscale = 1;
|
||||||
static const char *punit = "pkts";
|
static const char *punit = "pkts";
|
||||||
static float pscale = 1;
|
static float pscale = 1;
|
||||||
|
|
||||||
#ifndef timersub
|
|
||||||
#define timersub(a, b, c) do {(c)->tv_sec = (a)->tv_sec - (b)->tv_sec; (c)->tv_usec = (a)->tv_usec = (b)->tv_usec;} while(0)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static void update(int fd) {
|
static void update(int fd) {
|
||||||
sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC);
|
sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC);
|
||||||
gettimeofday(&cur, NULL);
|
gettimeofday(&cur, NULL);
|
||||||
|
@ -229,7 +226,7 @@ static void redraw(void) {
|
||||||
attrset(A_DIM);
|
attrset(A_DIM);
|
||||||
|
|
||||||
if(cumulative)
|
if(cumulative)
|
||||||
mvprintw(row, 0, "%-16s %10"PRIu64" %10.0f %10"PRIu64" %10.0f",
|
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
|
||||||
node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale);
|
node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale);
|
||||||
else
|
else
|
||||||
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
|
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- UML network socket
|
device.c -- UML network socket
|
||||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -24,6 +24,7 @@
|
||||||
|
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
@ -37,9 +38,6 @@ static int write_fd = -1;
|
||||||
static int state = 0;
|
static int state = 0;
|
||||||
static char *device_info;
|
static char *device_info;
|
||||||
|
|
||||||
extern char *identname;
|
|
||||||
extern volatile bool running;
|
|
||||||
|
|
||||||
static uint64_t device_total_in = 0;
|
static uint64_t device_total_in = 0;
|
||||||
static uint64_t device_total_out = 0;
|
static uint64_t device_total_out = 0;
|
||||||
|
|
||||||
|
@ -73,7 +71,7 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
|
if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,13 +83,13 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
|
if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
|
if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -103,7 +101,7 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
|
if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -116,7 +114,7 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) {
|
if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -199,7 +197,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
|
|
||||||
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
|
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -215,20 +213,20 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) {
|
if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info,
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info,
|
||||||
device, strerror(errno));
|
device, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) {
|
if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s",
|
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s",
|
||||||
request.magic, request.version, request.type, device_info, device);
|
request.magic, request.version, request.type, device_info, device);
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(connect(write_fd, &request.sock, sizeof request.sock) < 0) {
|
if(connect(write_fd, &request.sock, sizeof request.sock) < 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,7 +243,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
if((inlen = read(data_fd, packet->data, MTU)) <= 0) {
|
if((inlen = read(data_fd, packet->data, MTU)) <= 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||||
device, strerror(errno));
|
device, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -278,7 +276,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
||||||
if(write(write_fd, packet->data, packet->len) < 0) {
|
if(write(write_fd, packet->data, packet->len) < 0) {
|
||||||
if(errno != EINTR && errno != EAGAIN) {
|
if(errno != EINTR && errno != EAGAIN) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
device.c -- VDE plug
|
device.c -- VDE plug
|
||||||
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -23,6 +23,7 @@
|
||||||
|
|
||||||
#include "conf.h"
|
#include "conf.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
|
#include "names.h"
|
||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "logger.h"
|
#include "logger.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
@ -35,9 +36,6 @@ static int port = 0;
|
||||||
static char *group = NULL;
|
static char *group = NULL;
|
||||||
static char *device_info;
|
static char *device_info;
|
||||||
|
|
||||||
extern char *identname;
|
|
||||||
extern volatile bool running;
|
|
||||||
|
|
||||||
static uint64_t device_total_in = 0;
|
static uint64_t device_total_in = 0;
|
||||||
static uint64_t device_total_out = 0;
|
static uint64_t device_total_out = 0;
|
||||||
|
|
||||||
|
@ -102,7 +100,7 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0);
|
int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0);
|
||||||
if(lenin <= 0) {
|
if(lenin <= 0) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -117,7 +115,7 @@ static bool write_packet(vpn_packet_t *packet) {
|
||||||
if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
|
if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
|
||||||
if(errno != EINTR && errno != EAGAIN) {
|
if(errno != EINTR && errno != EAGAIN) {
|
||||||
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||||
running = false;
|
event_exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in a new issue