Import Upstream version 1.1~pre6

This commit is contained in:
Guus Sliepen 2019-08-26 13:44:50 +02:00
parent ff64081061
commit 26033edb96
52 changed files with 3850 additions and 14921 deletions

17082
ChangeLog

File diff suppressed because it is too large Load diff

25
NEWS
View file

@ -1,3 +1,28 @@
Version 1.1pre6 February 20 2013
* Fixed tincd exitting immediately on Windows.
* Detect PMTU increases.
* Fixed crashes when using a SOCKS5 proxy.
* Fixed control connection when using a proxy.
Version 1.1pre5 January 20 2013
* Fixed long delays and possible hangs on Windows.
* Fixed support for the tunemu device on iOS, the UML and VDE devices.
* Small improvements to the documentation and error messages.
* Fixed broadcast packets not reaching the whole VPN.
* Tincctl now connects via a UNIX socket to the tincd on platforms that
support this.
* The PriorityInheritance option now also works in switch mode.
Version 1.1pre4 December 5 2012 Version 1.1pre4 December 5 2012
* Added the "AutoConnect" option which will let tinc automatically select * Added the "AutoConnect" option which will let tinc automatically select

8
README
View file

@ -1,7 +1,7 @@
This is the README file for tinc version 1.1pre4. Installation This is the README file for tinc version 1.1pre6. Installation
instructions may be found in the INSTALL file. instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2012 by: tinc is Copyright (C) 1998-2013 by:
Ivo Timmermans, Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>, Guus Sliepen <guus@tinc-vpn.org>,
@ -36,11 +36,11 @@ at your own risk.
Compatibility Compatibility
------------- -------------
Version 1.1pre4 is compatible with 1.0pre8, 1.0 and later, but not with older Version 1.1pre6 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc. versions of tinc.
When the ExperimentalProtocol option is used, tinc is still compatible with When the ExperimentalProtocol option is used, tinc is still compatible with
1.0.X and 1.1pre4 itself, but not with any other 1.1preX version. 1.0.X and 1.1pre6 itself, but not with any other 1.1preX version.
Requirements Requirements

2
THANKS
View file

@ -6,7 +6,9 @@ We would like to thank the following people for their contributions to tinc:
* Anthony G. Basile * Anthony G. Basile
* Armijn Hemel * Armijn Hemel
* Brandon Black * Brandon Black
* Cheng LI
* Cris van Pelt * Cris van Pelt
* Darius Jahandarie
* Delf Eldkraft * Delf Eldkraft
* dnk * dnk
* Enrique Zanardi * Enrique Zanardi

2
configure vendored
View file

@ -4095,7 +4095,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE=tinc PACKAGE=tinc
VERSION=1.1pre4 VERSION=1.1pre6
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF

View file

@ -4,7 +4,7 @@ AC_PREREQ(2.61)
AC_INIT AC_INIT
AC_CONFIG_SRCDIR([src/tincd.c]) AC_CONFIG_SRCDIR([src/tincd.c])
AC_GNU_SOURCE AC_GNU_SOURCE
AM_INIT_AUTOMAKE(tinc, 1.1pre4) AM_INIT_AUTOMAKE(tinc, 1.1pre6)
AC_CONFIG_HEADERS([config.h]) AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE AM_MAINTAINER_MODE

View file

@ -1,4 +1,4 @@
.Dd 2012-09-27 .Dd 2013-01-14
.Dt TINC.CONF 5 .Dt TINC.CONF 5
.\" Manual page created by: .\" Manual page created by:
.\" Ivo Timmermans .\" Ivo Timmermans
@ -343,7 +343,7 @@ This option selects the way packets are routed to other daemons.
In this mode In this mode
.Va Subnet .Va Subnet
variables in the host configuration files will be used to form a routing table. variables in the host configuration files will be used to form a routing table.
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
.Pp .Pp
This is the default mode, and unless you really know you need another mode, don't change it. This is the default mode, and unless you really know you need another mode, don't change it.
.It switch .It switch
@ -361,7 +361,7 @@ while no routing table is managed.
.It Va Name Li = Ar name Bq required .It Va Name Li = Ar name Bq required
This is the name which identifies this tinc daemon. This is the name which identifies this tinc daemon.
It must be unique for the virtual private network this daemon will connect to. It must be unique for the virtual private network this daemon will connect to.
The Name may only consist of alphanumeric and underscore characters. The Name may only consist of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
If If
.Va Name .Va Name
starts with a starts with a
@ -372,7 +372,7 @@ If
.Va Name .Va Name
is is
.Li $HOST , .Li $HOST ,
but no such environment variable exist, the hostname will be read using the gethostnname() system call. but no such environment variable exist, the hostname will be read using the gethostname() system call.
.It Va PingInterval Li = Ar seconds Pq 60 .It Va PingInterval Li = Ar seconds Pq 60
The number of seconds of inactivity that The number of seconds of inactivity that
.Nm tinc .Nm tinc
@ -428,7 +428,7 @@ and
are available. are available.
.El .El
.It Va ReplayWindow Li = Ar bytes Pq 16 .It Va ReplayWindow Li = Ar bytes Pq 16
vhis is the size of the replay tracking window for each remote node, in bytes. This is the size of the replay tracking window for each remote node, in bytes.
The window is a bitfield which tracks 1 packet per bit, so for example The window is a bitfield which tracks 1 packet per bit, so for example
the default setting of 16 will track up to 128 packets in the window. In high the default setting of 16 will track up to 128 packets in the window. In high
bandwidth scenarios, setting this to a higher value can reduce packet loss from bandwidth scenarios, setting this to a higher value can reduce packet loss from
@ -497,12 +497,9 @@ Furthermore, specifying
.Qq none .Qq none
will turn off packet authentication. will turn off packet authentication.
.It Va IndirectData Li = yes | no Pq no .It Va IndirectData Li = yes | no Pq no
This option specifies whether other tinc daemons besides the one you specified with When set to yes, other nodes which do not already have a meta connection to you
.Va ConnectTo will not try to establish direct communication with you.
can make a direct connection to you. It is best to leave this option out or set it to no.
This is especially useful if you are behind a firewall
and it is impossible to make a connection from the outside to your tinc daemon.
Otherwise, it is best to leave this option out or set it to no.
.It Va MACLength Li = Ar length Pq 4 .It Va MACLength Li = Ar length Pq 4
The length of the message authentication code used to authenticate UDP packets. The length of the message authentication code used to authenticate UDP packets.
Can be anything from Can be anything from

View file

@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual. * tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.1pre4, a Virtual Private This is the info manual for tinc version 1.1pre5, a Virtual Private
Network daemon. Network daemon.
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>. <guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this Permission is granted to make and distribute verbatim copies of this
@ -989,9 +989,8 @@ Mode = <router|switch|hub> (router)
router router
In this mode Subnet variables in the host configuration files In this mode Subnet variables in the host configuration files
will be used to form a routing table. Only unicast packets will be used to form a routing table. Only packets of
of routable protocols (IPv4 and IPv6) are supported in this routable protocols (IPv4 and IPv6) are supported in this mode.
mode.
This is the default mode, and unless you really know you need This is the default mode, and unless you really know you need
another mode, don't change it. another mode, don't change it.
@ -1026,13 +1025,13 @@ MACExpire = <SECONDS> (600)
Name = <NAME> [required] Name = <NAME> [required]
This is a symbolic name for this connection. The name should This is a symbolic name for this connection. The name should
consist only of alfanumeric and underscore characters (a-z, A-Z, consist only of alfanumeric and underscore characters (a-z, A-Z,
0-9 and _). 0-9 and _), and is case sensitive.
If Name starts with a $, then the contents of the environment If Name starts with a $, then the contents of the environment
variable that follows will be used. In that case, invalid variable that follows will be used. In that case, invalid
characters will be converted to underscores. If Name is $HOST, characters will be converted to underscores. If Name is $HOST,
but no such environment variable exist, the hostname will be read but no such environment variable exist, the hostname will be read
using the gethostnname() system call. using the gethostname() system call.
PingInterval = <SECONDS> (60) PingInterval = <SECONDS> (60)
The number of seconds of inactivity that tinc will wait before The number of seconds of inactivity that tinc will wait before
@ -1157,12 +1156,9 @@ Digest = <DIGEST> (sha1)
"none" will turn off packet authentication. "none" will turn off packet authentication.
IndirectData = <yes|no> (no) IndirectData = <yes|no> (no)
This option specifies whether other tinc daemons besides the one When set to yes, other nodes which do not already have a meta
you specified with ConnectTo can make a direct connection to you. connection to you will not try to establish direct communication
This is especially useful if you are behind a firewall and it is with you. It is best to leave this option out or set it to no.
impossible to make a connection from the outside to your tinc
daemon. Otherwise, it is best to leave this option out or set it
to no.
MACLength = <BYTES> (4) MACLength = <BYTES> (4)
The length of the message authentication code used to authenticate The length of the message authentication code used to authenticate
@ -1412,10 +1408,11 @@ copy&paste the email:
If you are the owner of bar yourself, and you have SSH access to If you are the owner of bar yourself, and you have SSH access to
that computer, you can also swap the host configuration files using the that computer, you can also swap the host configuration files using the
following commands: following command:
tincctl -n NETNAME export | ssh bar.example.org tincctl -n NETNAME import tincctl -n NETNAME export \
ssh bar.example.org tincctl -n NETNAME export | tincctl -n NETNAME import | ssh bar.example.org tincctl -n NETNAME exchange \
| tincctl -n NETNAME import
You should repeat this for all nodes you ConnectTo, or which You should repeat this for all nodes you ConnectTo, or which
ConnectTo you. However, remember that you do not need to ConnectTo all ConnectTo you. However, remember that you do not need to ConnectTo all
@ -1722,6 +1719,8 @@ command line options.
shared private keys to be written to the system swap shared private keys to be written to the system swap
files/partitions. files/partitions.
This option is not supported on all platforms.
`--logfile[=FILE]' `--logfile[=FILE]'
Write log entries to a file instead of to the system logging Write log entries to a file instead of to the system logging
facility. If FILE is omitted, the default is facility. If FILE is omitted, the default is
@ -1744,11 +1743,15 @@ command line options.
or host-up), unless it's setup to be runnable inside chroot or host-up), unless it's setup to be runnable inside chroot
environment. environment.
This option is not supported on all platforms.
`-U, --user=USER' `-U, --user=USER'
Switch to the given USER after initialization, at the same time as Switch to the given USER after initialization, at the same time as
chroot is performed (see -chroot above). With this option tinc chroot is performed (see -chroot above). With this option tinc
drops privileges, for added security. drops privileges, for added security.
This option is not supported on all platforms.
`--help' `--help'
Display a short reminder of these runtime options and terminate. Display a short reminder of these runtime options and terminate.
@ -2077,9 +2080,15 @@ File: tinc.info, Node: tincctl commands, Next: tincctl examples, Prev: tincct
Export all host configuration files to standard output. Export all host configuration files to standard output.
`import [--force]' `import [--force]'
Import host configuration file(s) from standard input. Already Import host configuration file(s) generated by the tincctl export
existing host configuration files are not overwritten unless the command from standard input. Already existing host configuration
option -force is used. files are not overwritten unless the option -force is used.
`exchange [--force]'
The same as export followed by import.
`exchange-all [--force]'
The same as export-all followed by import.
`start [tincd options]' `start [tincd options]'
Start `tincd', optionally with the given extra options. Start `tincd', optionally with the given extra options.
@ -2840,7 +2849,7 @@ Concept Index
* CHALLENGE: Authentication protocol. * CHALLENGE: Authentication protocol.
(line 10) (line 10)
* CIDR notation: Host configuration variables. * CIDR notation: Host configuration variables.
(line 91) (line 88)
* Cipher: Host configuration variables. * Cipher: Host configuration variables.
(line 12) (line 12)
* ClampMSS: Host configuration variables. * ClampMSS: Host configuration variables.
@ -2882,7 +2891,7 @@ Concept Index
* example: Example configuration. * example: Example configuration.
(line 6) (line 6)
* exec: Main configuration variables. * exec: Main configuration variables.
(line 322) (line 321)
* ExperimentalProtocol: Main configuration variables. * ExperimentalProtocol: Main configuration variables.
(line 164) (line 164)
* Forwarding: Main configuration variables. * Forwarding: Main configuration variables.
@ -2891,9 +2900,9 @@ Concept Index
* Hostnames: Main configuration variables. * Hostnames: Main configuration variables.
(line 193) (line 193)
* http: Main configuration variables. * http: Main configuration variables.
(line 319) (line 318)
* hub: Main configuration variables. * hub: Main configuration variables.
(line 246) (line 245)
* ID: Authentication protocol. * ID: Authentication protocol.
(line 10) (line 10)
* IndirectData: Host configuration variables. * IndirectData: Host configuration variables.
@ -2904,7 +2913,7 @@ Concept Index
* IRC: Contact information. (line 9) * IRC: Contact information. (line 9)
* KEY_CHANGED: The meta-protocol. (line 64) * KEY_CHANGED: The meta-protocol. (line 64)
* KeyExpire: Main configuration variables. * KeyExpire: Main configuration variables.
(line 251) (line 250)
* libcurses: libcurses. (line 6) * libcurses: libcurses. (line 6)
* libraries: Libraries. (line 6) * libraries: Libraries. (line 6)
* libreadline: libreadline. (line 6) * libreadline: libreadline. (line 6)
@ -2913,9 +2922,9 @@ Concept Index
(line 212) (line 212)
* lzo: lzo. (line 6) * lzo: lzo. (line 6)
* MACExpire: Main configuration variables. * MACExpire: Main configuration variables.
(line 257) (line 256)
* MACLength: Host configuration variables. * MACLength: Host configuration variables.
(line 42) (line 39)
* meta-protocol: The meta-connection. (line 18) * meta-protocol: The meta-connection. (line 18)
* META_KEY: Authentication protocol. * META_KEY: Authentication protocol.
(line 10) (line 10)
@ -2926,7 +2935,7 @@ Concept Index
* multiple networks: Multiple networks. (line 6) * multiple networks: Multiple networks. (line 6)
* NAME: Scripts. (line 52) * NAME: Scripts. (line 52)
* Name: Main configuration variables. * Name: Main configuration variables.
(line 262) (line 261)
* netmask: Network interfaces. (line 39) * netmask: Network interfaces. (line 39)
* NETNAME <1>: tincctl environment variables. * NETNAME <1>: tincctl environment variables.
(line 6) (line 6)
@ -2938,44 +2947,44 @@ Concept Index
* OpenSSL: OpenSSL. (line 6) * OpenSSL: OpenSSL. (line 6)
* options: Runtime options. (line 9) * options: Runtime options. (line 9)
* PEM format: Host configuration variables. * PEM format: Host configuration variables.
(line 67) (line 64)
* PING: The meta-protocol. (line 89) * PING: The meta-protocol. (line 89)
* PingInterval: Main configuration variables. * PingInterval: Main configuration variables.
(line 273) (line 272)
* PingTimeout: Main configuration variables. * PingTimeout: Main configuration variables.
(line 277) (line 276)
* platforms: Supported platforms. (line 6) * platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables. * PMTU: Host configuration variables.
(line 47) (line 44)
* PMTUDiscovery: Host configuration variables. * PMTUDiscovery: Host configuration variables.
(line 50) (line 47)
* PONG: The meta-protocol. (line 89) * PONG: The meta-protocol. (line 89)
* Port: Host configuration variables. * Port: Host configuration variables.
(line 55) (line 52)
* port numbers: Other files. (line 17) * port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables. * PriorityInheritance: Main configuration variables.
(line 283) (line 282)
* private: Virtual Private Networks. * private: Virtual Private Networks.
(line 10) (line 10)
* PrivateKey: Main configuration variables. * PrivateKey: Main configuration variables.
(line 288) (line 287)
* PrivateKeyFile: Main configuration variables. * PrivateKeyFile: Main configuration variables.
(line 294) (line 293)
* ProcessPriority: Main configuration variables. * ProcessPriority: Main configuration variables.
(line 299) (line 298)
* Proxy: Main configuration variables. * Proxy: Main configuration variables.
(line 304) (line 303)
* PublicKey: Host configuration variables. * PublicKey: Host configuration variables.
(line 59) (line 56)
* PublicKeyFile: Host configuration variables. * PublicKeyFile: Host configuration variables.
(line 62) (line 59)
* raw_socket: Main configuration variables. * raw_socket: Main configuration variables.
(line 100) (line 100)
* release: Supported platforms. (line 14) * release: Supported platforms. (line 14)
* REMOTEADDRESS: Scripts. (line 67) * REMOTEADDRESS: Scripts. (line 67)
* REMOTEPORT: Scripts. (line 70) * REMOTEPORT: Scripts. (line 70)
* ReplayWindow: Main configuration variables. * ReplayWindow: Main configuration variables.
(line 327) (line 326)
* REQ_KEY: The meta-protocol. (line 64) * REQ_KEY: The meta-protocol. (line 64)
* requirements: Libraries. (line 6) * requirements: Libraries. (line 6)
* router: Main configuration variables. * router: Main configuration variables.
@ -2987,20 +2996,20 @@ Concept Index
(line 18) (line 18)
* signals: Signals. (line 6) * signals: Signals. (line 6)
* socks4: Main configuration variables. * socks4: Main configuration variables.
(line 308) (line 307)
* socks5: Main configuration variables. * socks5: Main configuration variables.
(line 313) (line 312)
* StrictSubnets: Main configuration variables. * StrictSubnets: Main configuration variables.
(line 338) (line 337)
* SUBNET: Scripts. (line 74) * SUBNET: Scripts. (line 74)
* Subnet: Host configuration variables. * Subnet: Host configuration variables.
(line 74) (line 71)
* SVPN: Security. (line 11) * SVPN: Security. (line 11)
* switch: Main configuration variables. * switch: Main configuration variables.
(line 235) (line 234)
* TCP: The meta-connection. (line 10) * TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables. * TCPonly: Host configuration variables.
(line 103) (line 100)
* TINC: Security. (line 6) * TINC: Security. (line 6)
* tinc: Introduction. (line 6) * tinc: Introduction. (line 6)
* tinc-down: Scripts. (line 18) * tinc-down: Scripts. (line 18)
@ -3011,16 +3020,16 @@ Concept Index
* tunifhead: Main configuration variables. * tunifhead: Main configuration variables.
(line 142) (line 142)
* TunnelServer: Main configuration variables. * TunnelServer: Main configuration variables.
(line 343) (line 342)
* tunnohead: Main configuration variables. * tunnohead: Main configuration variables.
(line 136) (line 136)
* UDP <1>: Encryption of network packets. * UDP <1>: Encryption of network packets.
(line 12) (line 12)
* UDP: The UDP tunnel. (line 30) * UDP: The UDP tunnel. (line 30)
* UDPRcvBuf: Main configuration variables. * UDPRcvBuf: Main configuration variables.
(line 350) (line 349)
* UDPSndBuf: Main configuration variables. * UDPSndBuf: Main configuration variables.
(line 355) (line 354)
* UML: Main configuration variables. * UML: Main configuration variables.
(line 118) (line 118)
* Universal tun/tap: Configuration of Linux kernels. * Universal tun/tap: Configuration of Linux kernels.
@ -3073,39 +3082,39 @@ Node: Multiple networks23835
Node: How connections work25215 Node: How connections work25215
Node: Configuration files27788 Node: Configuration files27788
Node: Main configuration variables29321 Node: Main configuration variables29321
Node: Host configuration variables45731 Node: Host configuration variables45735
Node: Scripts50961 Node: Scripts50810
Node: How to configure53640 Node: How to configure53489
Node: Network interfaces58258 Node: Network interfaces58079
Node: Example configuration60659 Node: Example configuration60480
Node: Running tinc65811 Node: Running tinc65632
Node: Runtime options66404 Node: Runtime options66225
Node: Signals69108 Node: Signals69088
Node: Debug levels69958 Node: Debug levels69938
Node: Solving problems70894 Node: Solving problems70874
Node: Error messages72324 Node: Error messages72304
Node: Sending bug reports76646 Node: Sending bug reports76626
Node: Controlling tinc77598 Node: Controlling tinc77578
Node: tincctl runtime options77995 Node: tincctl runtime options77975
Node: tincctl environment variables78694 Node: tincctl environment variables78674
Node: tincctl commands79038 Node: tincctl commands79018
Node: tincctl examples83343 Node: tincctl examples83503
Node: tincctl top83948 Node: tincctl top84108
Node: Technical information85546 Node: Technical information85706
Node: The connection85781 Node: The connection85941
Node: The UDP tunnel86093 Node: The UDP tunnel86253
Node: The meta-connection89154 Node: The meta-connection89314
Node: The meta-protocol90623 Node: The meta-protocol90783
Node: Security95632 Node: Security95792
Node: Authentication protocol96762 Node: Authentication protocol96922
Node: Encryption of network packets101766 Node: Encryption of network packets101926
Node: Security issues103139 Node: Security issues103299
Node: Platform specific information104756 Node: Platform specific information104916
Node: Interface configuration104984 Node: Interface configuration105144
Node: Routes107437 Node: Routes107597
Node: About us109353 Node: About us109513
Node: Contact information109528 Node: Contact information109688
Node: Authors109932 Node: Authors110092
Node: Concept Index110337 Node: Concept Index110497
 
End Tag Table End Tag Table

View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2012 Ivo Timmermans, Copyright @copyright{} 1998-2013 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>. Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll @vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2012 Ivo Timmermans, Copyright @copyright{} 1998-2013 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>. Wessel Dankers <wsl@@tinc-vpn.org>.
@ -1063,7 +1063,7 @@ This option selects the way packets are routed to other daemons.
@item router @item router
In this mode Subnet In this mode Subnet
variables in the host configuration files will be used to form a routing table. variables in the host configuration files will be used to form a routing table.
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
This is the default mode, and unless you really know you need another mode, don't change it. This is the default mode, and unless you really know you need another mode, don't change it.
@ -1098,12 +1098,12 @@ This only has effect when Mode is set to "switch".
@cindex Name @cindex Name
@item Name = <@var{name}> [required] @item Name = <@var{name}> [required]
This is a symbolic name for this connection. This is a symbolic name for this connection.
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _). The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
If Name starts with a $, then the contents of the environment variable that follows will be used. If Name starts with a $, then the contents of the environment variable that follows will be used.
In that case, invalid characters will be converted to underscores. In that case, invalid characters will be converted to underscores.
If Name is $HOST, but no such environment variable exist, If Name is $HOST, but no such environment variable exist,
the hostname will be read using the gethostnname() system call. the hostname will be read using the gethostname() system call.
@cindex PingInterval @cindex PingInterval
@item PingInterval = <@var{seconds}> (60) @item PingInterval = <@var{seconds}> (60)
@ -1242,11 +1242,9 @@ Furthermore, specifying "none" will turn off packet authentication.
@cindex IndirectData @cindex IndirectData
@item IndirectData = <yes|no> (no) @item IndirectData = <yes|no> (no)
This option specifies whether other tinc daemons besides the one you When set to yes, other nodes which do not already have a meta connection to you
specified with ConnectTo can make a direct connection to you. This is will not try to establish direct communication with you.
especially useful if you are behind a firewall and it is impossible to It is best to leave this option out or set it to no.
make a connection from the outside to your tinc daemon. Otherwise, it
is best to leave this option out or set it to no.
@cindex MACLength @cindex MACLength
@item MACLength = <@var{bytes}> (4) @item MACLength = <@var{bytes}> (4)
@ -1515,11 +1513,12 @@ tincctl -n @var{netname} import
@end example @end example
If you are the owner of bar yourself, and you have SSH access to that computer, If you are the owner of bar yourself, and you have SSH access to that computer,
you can also swap the host configuration files using the following commands: you can also swap the host configuration files using the following command:
@example @example
tincctl -n @var{netname} export | ssh bar.example.org tincctl -n @var{netname} import tincctl -n @var{netname} export \
ssh bar.example.org tincctl -n @var{netname} export | tincctl -n @var{netname} import | ssh bar.example.org tincctl -n @var{netname} exchange \
| tincctl -n @var{netname} import
@end example @end example
You should repeat this for all nodes you ConnectTo, or which ConnectTo you. You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
@ -1849,6 +1848,8 @@ This option can be used more than once to specify multiple configuration variabl
Lock tinc into main memory. Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
This option is not supported on all platforms.
@item --logfile[=@var{file}] @item --logfile[=@var{file}]
Write log entries to a file instead of to the system logging facility. Write log entries to a file instead of to the system logging facility.
If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}. If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
@ -1869,11 +1870,14 @@ Note that this option alone does not do any good without -U/--user, below.
Note also that tinc can't run scripts anymore (such as tinc-down or host-up), Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
unless it's setup to be runnable inside chroot environment. unless it's setup to be runnable inside chroot environment.
This option is not supported on all platforms.
@item -U, --user=@var{user} @item -U, --user=@var{user}
Switch to the given @var{user} after initialization, at the same time as Switch to the given @var{user} after initialization, at the same time as
chroot is performed (see --chroot above). With this option tinc drops chroot is performed (see --chroot above). With this option tinc drops
privileges, for added security. privileges, for added security.
This option is not supported on all platforms.
@item --help @item --help
Display a short reminder of these runtime options and terminate. Display a short reminder of these runtime options and terminate.
@ -2196,9 +2200,15 @@ Export the host configuration file of the local node to standard output.
Export all host configuration files to standard output. Export all host configuration files to standard output.
@item import [--force] @item import [--force]
Import host configuration file(s) from standard input. Import host configuration file(s) generated by the tincctl export command from standard input.
Already existing host configuration files are not overwritten unless the option --force is used. Already existing host configuration files are not overwritten unless the option --force is used.
@item exchange [--force]
The same as export followed by import.
@item exchange-all [--force]
The same as export-all followed by import.
@item start [tincd options] @item start [tincd options]
Start @samp{tincd}, optionally with the given extra options. Start @samp{tincd}, optionally with the given extra options.

View file

@ -1,4 +1,4 @@
.Dd 2012-10-14 .Dd 2013-01-15
.Dt TINCCTL 8 .Dt TINCCTL 8
.\" Manual page created by: .\" Manual page created by:
.\" Scott Lamb .\" Scott Lamb
@ -80,10 +80,16 @@ Export the host configuration file of the local node to standard output.
.It export-all .It export-all
Export all host configuration files to standard output. Export all host configuration files to standard output.
.It import Op Fl -force .It import Op Fl -force
Import host configuration file(s) from standard input. Import host configuration data generated by the
.Nm
export command from standard input.
Already existing host configuration files are not overwritten unless the option Already existing host configuration files are not overwritten unless the option
.Fl -force .Fl -force
is used. is used.
.It exchange Op Fl -force
The same as export followed by import.
.It exchange-all Op Fl -force
The same as export-all followed by import.
.It start Op tincd options .It start Op tincd options
Start Start
.Xr tincd 8 , .Xr tincd 8 ,
@ -206,7 +212,7 @@ Fractional seconds are honored.
Intervals lower than 0.1 seconds are not allowed. Intervals lower than 0.1 seconds are not allowed.
.It Ic c .It Ic c
Toggle between displaying current traffic rates (in packets and bytes per second) Toggle between displaying current traffic rates (in packets and bytes per second)
and cummulative traffic (total packets and bytes since the tinc daemon started). and cumulative traffic (total packets and bytes since the tinc daemon started).
.It Ic n .It Ic n
Sort the list of nodes by name. Sort the list of nodes by name.
.It Ic i .It Ic i

View file

@ -1,4 +1,4 @@
.Dd 2012-02-22 .Dd 2013-01-14
.Dt TINCD 8 .Dt TINCD 8
.\" Manual page created by: .\" Manual page created by:
.\" Ivo Timmermans .\" Ivo Timmermans
@ -81,6 +81,7 @@ This option can be used more than once to specify multiple configuration variabl
.It Fl L, -mlock .It Fl L, -mlock
Lock tinc into main memory. Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
This option is not supported on all platforms.
.It Fl -logfile Ns Op = Ns Ar FILE .It Fl -logfile Ns Op = Ns Ar FILE
Write log entries to a file instead of to the system logging facility. Write log entries to a file instead of to the system logging facility.
If If
@ -104,10 +105,12 @@ Only useful for debugging.
With this option tinc chroots into the directory where network With this option tinc chroots into the directory where network
config is located (@sysconfdir@/tinc/NETNAME if -n option is used, config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
or to the directory specified with -c option) after initialization. or to the directory specified with -c option) after initialization.
This option is not supported on all platforms.
.It Fl U, -user Ns = Ns Ar USER .It Fl U, -user Ns = Ns Ar USER
setuid to the specified setuid to the specified
.Ar USER .Ar USER
after initialization. after initialization.
This option is not supported on all platforms.
.It Fl -help .It Fl -help
Display short list of options. Display short list of options.
.It Fl -version .It Fl -version

View file

@ -111,11 +111,28 @@ class VPN:
piddir = '/var/run/' piddir = '/var/run/'
def connect(self): def connect(self):
# read the pidfile
f = open(self.pidfile) f = open(self.pidfile)
info = string.split(f.readline()) info = string.split(f.readline())
f.close() f.close()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((info[2], int(info[4]))) # check if there is a UNIX socket as well
if self.pidfile.endswith(".pid"):
unixfile = self.pidfile.replace(".pid", ".socket");
else:
unixfile = self.pidfile + ".socket";
if os.path.exists(unixfile):
# use it if it exists
print(unixfile + " exists!");
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
s.connect(unixfile)
else:
# otherwise connect via TCP
print(unixfile + " does not exist.");
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((info[2], int(info[4])))
self.sf = s.makefile() self.sf = s.makefile()
s.close() s.close()
hello = string.split(self.sf.readline()) hello = string.split(self.sf.readline())

View file

@ -9,7 +9,7 @@ tincd_SOURCES = \
buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \ buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \ protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \
dummy_device.c raw_socket_device.c multicast_device.c dummy_device.c raw_socket_device.c multicast_device.c names.c
if UML if UML
tincd_SOURCES += uml_device.c tincd_SOURCES += uml_device.c
@ -24,7 +24,7 @@ nodist_tincd_SOURCES = \
tincctl_SOURCES = \ tincctl_SOURCES = \
utils.c getopt.c getopt1.c dropin.c \ utils.c getopt.c getopt1.c dropin.c \
info.c list.c subnet_parse.c tincctl.c top.c info.c list.c subnet_parse.c tincctl.c top.c names.c
nodist_tincctl_SOURCES = \ nodist_tincctl_SOURCES = \
ecdsagen.c rsagen.c ecdsagen.c rsagen.c
@ -46,7 +46,7 @@ INCLUDES = @INCLUDES@ -I$(top_builddir)
noinst_HEADERS = \ noinst_HEADERS = \
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \ xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \ buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
nodist_noinst_HEADERS = \ nodist_noinst_HEADERS = \
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h

View file

@ -82,7 +82,7 @@ sptps_test_LDADD = $(LDADD)
am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \ am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \
getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \ getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \
list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \ list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \
top.$(OBJEXT) top.$(OBJEXT) names.$(OBJEXT)
nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT) nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT)
tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS) tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS)
am__DEPENDENCIES_1 = am__DEPENDENCIES_1 =
@ -95,7 +95,8 @@ am__tincd_SOURCES_DIST = utils.c getopt.c getopt1.c list.c \
protocol_edge.c protocol_misc.c protocol_key.c \ protocol_edge.c protocol_misc.c protocol_key.c \
protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \ protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \
event.c tincd.c dummy_device.c raw_socket_device.c \ event.c tincd.c dummy_device.c raw_socket_device.c \
multicast_device.c uml_device.c vde_device.c bsd/tunemu.c multicast_device.c names.c uml_device.c vde_device.c \
bsd/tunemu.c
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT) @UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT) @VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT) @TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
@ -113,8 +114,8 @@ am_tincd_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT) \
route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \ route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \
subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \ subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \
dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \ dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \
multicast_device.$(OBJEXT) $(am__objects_1) $(am__objects_2) \ multicast_device.$(OBJEXT) names.$(OBJEXT) $(am__objects_1) \
$(am__objects_3) $(am__objects_2) $(am__objects_3)
nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \ nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \
crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \ crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \
digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT) digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT)
@ -252,14 +253,14 @@ tincd_SOURCES = utils.c getopt.c getopt1.c list.c splay_tree.c \
process.c protocol.c protocol_auth.c protocol_edge.c \ process.c protocol.c protocol_auth.c protocol_edge.c \
protocol_misc.c protocol_key.c protocol_subnet.c route.c \ protocol_misc.c protocol_key.c protocol_subnet.c route.c \
sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \ sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \
raw_socket_device.c multicast_device.c $(am__append_1) \ raw_socket_device.c multicast_device.c names.c $(am__append_1) \
$(am__append_2) $(am__append_3) $(am__append_2) $(am__append_3)
nodist_tincd_SOURCES = \ nodist_tincd_SOURCES = \
device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c
tincctl_SOURCES = \ tincctl_SOURCES = \
utils.c getopt.c getopt1.c dropin.c \ utils.c getopt.c getopt1.c dropin.c \
info.c list.c subnet_parse.c tincctl.c top.c info.c list.c subnet_parse.c tincctl.c top.c names.c
nodist_tincctl_SOURCES = \ nodist_tincctl_SOURCES = \
ecdsagen.c rsagen.c ecdsagen.c rsagen.c
@ -273,7 +274,7 @@ DEFAULT_INCLUDES =
noinst_HEADERS = \ noinst_HEADERS = \
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \ xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \ buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
nodist_noinst_HEADERS = \ nodist_noinst_HEADERS = \
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
@ -395,6 +396,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/names.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction BSD tun/tap device device.c -- Interaction BSD tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans, Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org> 2001-2013 Guus Sliepen <guus@tinc-vpn.org>
2009 Grzegorz Dymarek <gregd72002@googlemail.com> 2009 Grzegorz Dymarek <gregd72002@googlemail.com>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -24,12 +24,13 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "route.h" #include "route.h"
#include "utils.h" #include "utils.h"
#include "xalloc.h" #include "xalloc.h"
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
#include "bsd/tunemu.h" #include "bsd/tunemu.h"
#endif #endif
@ -44,7 +45,7 @@ typedef enum device_type {
DEVICE_TYPE_TUN, DEVICE_TYPE_TUN,
DEVICE_TYPE_TUNIFHEAD, DEVICE_TYPE_TUNIFHEAD,
DEVICE_TYPE_TAP, DEVICE_TYPE_TAP,
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
DEVICE_TYPE_TUNEMU, DEVICE_TYPE_TUNEMU,
#endif #endif
} device_type_t; } device_type_t;
@ -55,7 +56,7 @@ char *iface = NULL;
static char *device_info = NULL; static char *device_info = NULL;
static uint64_t device_total_in = 0; static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0; static uint64_t device_total_out = 0;
#if defined(TUNEMU) #if defined(ENABLE_TUNEMU)
static device_type_t device_type = DEVICE_TYPE_TUNEMU; static device_type_t device_type = DEVICE_TYPE_TUNEMU;
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY) #elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD; static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
@ -79,7 +80,7 @@ static bool setup_device(void) {
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) { if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
if(!strcasecmp(type, "tun")) if(!strcasecmp(type, "tun"))
/* use default */; /* use default */;
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
else if(!strcasecmp(type, "tunemu")) else if(!strcasecmp(type, "tunemu"))
device_type = DEVICE_TYPE_TUNEMU; device_type = DEVICE_TYPE_TUNEMU;
#endif #endif
@ -99,7 +100,7 @@ static bool setup_device(void) {
} }
switch(device_type) { switch(device_type) {
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: { case DEVICE_TYPE_TUNEMU: {
char dynamic_name[256] = ""; char dynamic_name[256] = "";
device_fd = tunemu_open(dynamic_name); device_fd = tunemu_open(dynamic_name);
@ -176,7 +177,7 @@ static bool setup_device(void) {
#endif #endif
break; break;
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: case DEVICE_TYPE_TUNEMU:
device_info = "BSD tunemu device"; device_info = "BSD tunemu device";
break; break;
@ -190,7 +191,7 @@ static bool setup_device(void) {
static void close_device(void) { static void close_device(void) {
switch(device_type) { switch(device_type) {
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: case DEVICE_TYPE_TUNEMU:
tunemu_close(device_fd); tunemu_close(device_fd);
break; break;
@ -208,7 +209,7 @@ static bool read_packet(vpn_packet_t *packet) {
switch(device_type) { switch(device_type) {
case DEVICE_TYPE_TUN: case DEVICE_TYPE_TUN:
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: case DEVICE_TYPE_TUNEMU:
if(device_type == DEVICE_TYPE_TUNEMU) if(device_type == DEVICE_TYPE_TUNEMU)
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14); inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
@ -347,7 +348,7 @@ static bool write_packet(vpn_packet_t *packet) {
} }
break; break;
#ifdef HAVE_TUNEMU #ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: case DEVICE_TYPE_TUNEMU:
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) { if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,

386
src/bsd/device.c.orig Normal file
View file

@ -0,0 +1,386 @@
/*
device.c -- Interaction BSD tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "net.h"
#include "route.h"
#include "utils.h"
#include "xalloc.h"
#ifdef ENABLE_TUNEMU
#include "bsd/tunemu.h"
#endif
#define DEFAULT_TUN_DEVICE "/dev/tun0"
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD)
#define DEFAULT_TAP_DEVICE "/dev/tap0"
#else
#define DEFAULT_TAP_DEVICE "/dev/tun0"
#endif
typedef enum device_type {
DEVICE_TYPE_TUN,
DEVICE_TYPE_TUNIFHEAD,
DEVICE_TYPE_TAP,
#ifdef ENABLE_TUNEMU
DEVICE_TYPE_TUNEMU,
#endif
} device_type_t;
int device_fd = -1;
char *device = NULL;
char *iface = NULL;
static char *device_info = NULL;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
#if defined(ENABLE_TUNEMU)
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
#else
static device_type_t device_type = DEVICE_TYPE_TUN;
#endif
static bool setup_device(void) {
char *type;
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
if(routing_mode == RMODE_ROUTER)
device = xstrdup(DEFAULT_TUN_DEVICE);
else
device = xstrdup(DEFAULT_TAP_DEVICE);
}
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
if(!strcasecmp(type, "tun"))
<<<<<<< HEAD
/* use default */;
#ifdef HAVE_TUNEMU
=======
/* use default */;
#ifdef ENABLE_TUNEMU
>>>>>>> 2a3e343... Fix support for tunemu on iOS devices.
else if(!strcasecmp(type, "tunemu"))
device_type = DEVICE_TYPE_TUNEMU;
#endif
else if(!strcasecmp(type, "tunnohead"))
device_type = DEVICE_TYPE_TUN;
else if(!strcasecmp(type, "tunifhead"))
device_type = DEVICE_TYPE_TUNIFHEAD;
else if(!strcasecmp(type, "tap"))
device_type = DEVICE_TYPE_TAP;
else {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown device type %s!", type);
return false;
}
} else {
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
device_type = DEVICE_TYPE_TAP;
}
switch(device_type) {
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: {
char dynamic_name[256] = "";
device_fd = tunemu_open(dynamic_name);
}
break;
#endif
default:
device_fd = open(device, O_RDWR | O_NONBLOCK);
}
if(device_fd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", device, strerror(errno));
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
switch(device_type) {
default:
device_type = DEVICE_TYPE_TUN;
case DEVICE_TYPE_TUN:
#ifdef TUNSIFHEAD
{
const int zero = 0;
if(ioctl(device_fd, TUNSIFHEAD, &zero, sizeof zero) == -1) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
return false;
}
}
#endif
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
{
const int mode = IFF_BROADCAST | IFF_MULTICAST;
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
}
#endif
device_info = "Generic BSD tun device";
break;
case DEVICE_TYPE_TUNIFHEAD:
#ifdef TUNSIFHEAD
{
const int one = 1;
if(ioctl(device_fd, TUNSIFHEAD, &one, sizeof one) == -1) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
return false;
}
}
#endif
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
{
const int mode = IFF_BROADCAST | IFF_MULTICAST;
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
}
#endif
device_info = "Generic BSD tun device";
break;
case DEVICE_TYPE_TAP:
if(routing_mode == RMODE_ROUTER)
overwrite_mac = true;
device_info = "Generic BSD tap device";
#ifdef TAPGIFNAME
{
struct ifreq ifr;
if(ioctl(device_fd, TAPGIFNAME, (void*)&ifr) == 0) {
if(iface)
free(iface);
iface = xstrdup(ifr.ifr_name);
}
}
#endif
break;
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
device_info = "BSD tunemu device";
break;
#endif
}
logger(DEBUG_ALWAYS, LOG_INFO, "%s is a %s", device, device_info);
return true;
}
static void close_device(void) {
switch(device_type) {
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
tunemu_close(device_fd);
break;
#endif
default:
close(device_fd);
}
free(device);
free(iface);
}
static bool read_packet(vpn_packet_t *packet) {
int inlen;
switch(device_type) {
case DEVICE_TYPE_TUN:
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
if(device_type == DEVICE_TYPE_TUNEMU)
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
else
#endif
inlen = read(device_fd, packet->data + 14, MTU - 14);
if(inlen <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
switch(packet->data[14] >> 4) {
case 4:
packet->data[12] = 0x08;
packet->data[13] = 0x00;
break;
case 6:
packet->data[12] = 0x86;
packet->data[13] = 0xDD;
break;
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown IP version %d while reading packet from %s %s",
packet->data[14] >> 4, device_info, device);
return false;
}
memset(packet->data, 0, 12);
packet->len = inlen + 14;
break;
case DEVICE_TYPE_TUNIFHEAD: {
u_int32_t type;
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, MTU - 14}};
if((inlen = readv(device_fd, vector, 2)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
switch (ntohl(type)) {
case AF_INET:
packet->data[12] = 0x08;
packet->data[13] = 0x00;
break;
case AF_INET6:
packet->data[12] = 0x86;
packet->data[13] = 0xDD;
break;
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown address family %x while reading packet from %s %s",
ntohl(type), device_info, device);
return false;
}
memset(packet->data, 0, 12);
packet->len = inlen + 10;
break;
}
case DEVICE_TYPE_TAP:
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
packet->len = inlen;
break;
default:
return false;
}
device_total_in += packet->len;
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s",
packet->len, device_info);
return true;
}
static bool write_packet(vpn_packet_t *packet) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
switch(device_type) {
case DEVICE_TYPE_TUN:
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
device, strerror(errno));
return false;
}
break;
case DEVICE_TYPE_TUNIFHEAD: {
u_int32_t type;
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, packet->len - 14}};
int af;
af = (packet->data[12] << 8) + packet->data[13];
switch (af) {
case 0x0800:
type = htonl(AF_INET);
break;
case 0x86DD:
type = htonl(AF_INET6);
break;
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown address family %x while writing packet to %s %s",
af, device_info, device);
return false;
}
if(writev(device_fd, vector, 2) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
strerror(errno));
return false;
}
break;
}
case DEVICE_TYPE_TAP:
if(write(device_fd, packet->data, packet->len) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
device, strerror(errno));
return false;
}
break;
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
device, strerror(errno));
return false;
}
break;
#endif
default:
return false;
}
device_total_out += packet->len;
return true;
}
static void dump_device_stats(void) {
logger(DEBUG_ALWAYS, LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

View file

@ -2,7 +2,7 @@
conf.c -- configuration code conf.c -- configuration code
Copyright (C) 1998 Robert van der Meulen Copyright (C) 1998 Robert van der Meulen
1998-2005 Ivo Timmermans 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2010-2011 Julien Muchembled <jm@jmuchemb.eu> 2010-2011 Julien Muchembled <jm@jmuchemb.eu>
2000 Cris van Pelt 2000 Cris van Pelt
@ -28,6 +28,7 @@
#include "conf.h" #include "conf.h"
#include "list.h" #include "list.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "netutl.h" /* for str2address */ #include "netutl.h" /* for str2address */
#include "protocol.h" #include "protocol.h"
#include "utils.h" /* for cp */ #include "utils.h" /* for cp */
@ -37,11 +38,8 @@ splay_tree_t *config_tree;
int pinginterval = 0; /* seconds between pings */ int pinginterval = 0; /* seconds between pings */
int pingtimeout = 0; /* seconds to wait for response */ int pingtimeout = 0; /* seconds to wait for response */
char *confbase = NULL; /* directory in which all config files are */
char *netname = NULL; /* name of the vpn network */
list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */ list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
static int config_compare(const config_t *a, const config_t *b) { static int config_compare(const config_t *a, const config_t *b) {
int result; int result;

View file

@ -1,7 +1,7 @@
/* /*
conf.h -- header for conf.c conf.h -- header for conf.c
Copyright (C) 1998-2005 Ivo Timmermans Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -39,8 +39,6 @@ extern int pinginterval;
extern int pingtimeout; extern int pingtimeout;
extern int maxtimeout; extern int maxtimeout;
extern bool bypass_security; extern bool bypass_security;
extern char *confbase;
extern char *netname;
extern list_t *cmdline_conf; extern list_t *cmdline_conf;
extern void init_configuration(splay_tree_t **); extern void init_configuration(splay_tree_t **);

View file

@ -1,6 +1,6 @@
/* /*
control.c -- Control socket handling. control.c -- Control socket handling.
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org> Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
#include "graph.h" #include "graph.h"
#include "logger.h" #include "logger.h"
#include "meta.h" #include "meta.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "protocol.h" #include "protocol.h"
@ -33,7 +34,6 @@
#include "xalloc.h" #include "xalloc.h"
char controlcookie[65]; char controlcookie[65];
extern char *pidfilename;
static bool control_return(connection_t *c, int type, int error) { static bool control_return(connection_t *c, int type, int error) {
return send_request(c, "%d %d %d", CONTROL, type, error); return send_request(c, "%d %d %d", CONTROL, type, error);

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction with Windows tap driver in a Cygwin environment device.c -- Interaction with Windows tap driver in a Cygwin environment
Copyright (C) 2002-2005 Ivo Timmermans, Copyright (C) 2002-2005 Ivo Timmermans,
2002-2012 Guus Sliepen <guus@tinc-vpn.org> 2002-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "route.h" #include "route.h"
#include "utils.h" #include "utils.h"

View file

@ -158,8 +158,18 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
#ifndef HAVE_GETTIMEOFDAY #ifndef HAVE_GETTIMEOFDAY
int gettimeofday(struct timeval *tv, void *tz) { int gettimeofday(struct timeval *tv, void *tz) {
#ifdef HAVE_MINGW
FILETIME ft;
GetSystemTimeAsFileTime(&ft);
uint64_t lt = (uint64_t)ft.dwLowDateTime | ((uint64_t)ft.dwHighDateTime << 32);
lt -= 116444736000000000ULL;
tv->tv_sec = lt / 10000000;
tv->tv_usec = (lt / 10) % 1000000;
#else
#warning No high resolution time source!
tv->tv_sec = time(NULL); tv->tv_sec = time(NULL);
tv->tv_usec = 0; tv->tv_usec = 0;
#endif
return 0; return 0;
} }
#endif #endif

View file

@ -58,7 +58,7 @@ extern int usleep(long long usec);
#define timersub(a, b, r) do {\ #define timersub(a, b, r) do {\
(r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\ (r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\
(r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\ (r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\
if((r)->tv_usec < 1000000)\ if((r)->tv_usec < 0)\
(r)->tv_sec--, (r)->tv_usec += 1000000;\ (r)->tv_sec--, (r)->tv_usec += 1000000;\
} while (0) } while (0)
#endif #endif

View file

@ -52,13 +52,8 @@ static int timeout_compare(const timeout_t *a, const timeout_t *b) {
return 0; return 0;
} }
static int signal_compare(const signal_t *a, const signal_t *b) {
return a->signum - b->signum;
}
static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare}; static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare};
static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare}; static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare};
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) { void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) {
if(io->cb) if(io->cb)
@ -130,8 +125,13 @@ void timeout_del(timeout_t *timeout) {
} }
#ifndef HAVE_MINGW #ifndef HAVE_MINGW
static int signal_compare(const signal_t *a, const signal_t *b) {
return a->signum - b->signum;
}
static io_t signalio; static io_t signalio;
static int pipefd[2] = {-1, -1}; static int pipefd[2] = {-1, -1};
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
static void signal_handler(int signum) { static void signal_handler(int signum) {
unsigned char num = signum; unsigned char num = signum;

View file

@ -1,6 +1,6 @@
/* /*
graph.c -- graph algorithms graph.c -- graph algorithms
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans 2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -51,6 +51,7 @@
#include "graph.h" #include "graph.h"
#include "list.h" #include "list.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "netutl.h" #include "netutl.h"
#include "node.h" #include "node.h"
#include "process.h" #include "process.h"
@ -61,7 +62,7 @@
#include "graph.h" #include "graph.h"
/* Implementation of Kruskal's algorithm. /* Implementation of Kruskal's algorithm.
Running time: O(E) Running time: O(EN)
Please note that sorting on weight is already done by add_edge(). Please note that sorting on weight is already done by add_edge().
*/ */
@ -78,11 +79,24 @@ static void mst_kruskal(void) {
for splay_each(node_t, n, node_tree) for splay_each(node_t, n, node_tree)
n->status.visited = false; n->status.visited = false;
/* Add safe edges */ /* Starting point */
for splay_each(edge_t, e, edge_weight_tree) { for splay_each(edge_t, e, edge_weight_tree) {
if(!e->reverse || (e->from->status.visited && e->to->status.visited)) if(e->from->status.reachable) {
e->from->status.visited = true;
break;
}
}
/* Add safe edges */
bool skipped = false;
for splay_each(edge_t, e, edge_weight_tree) {
if(!e->reverse || (e->from->status.visited == e->to->status.visited)) {
skipped = true;
continue; continue;
}
e->from->status.visited = true; e->from->status.visited = true;
e->to->status.visited = true; e->to->status.visited = true;
@ -93,8 +107,12 @@ static void mst_kruskal(void) {
if(e->reverse->connection) if(e->reverse->connection)
e->reverse->connection->status.mst = true; e->reverse->connection->status.mst = true;
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight);
e->to->name, e->weight);
if(skipped) {
skipped = false;
next = edge_weight_tree->head;
}
} }
} }

View file

@ -58,11 +58,15 @@ static int info_node(int fd, const char *item) {
int code, req, cipher, digest, maclength, compression, distance; int code, req, cipher, digest, maclength, compression, distance;
short int pmtu, minmtu, maxmtu; short int pmtu, minmtu, maxmtu;
unsigned int options; unsigned int options;
union {
node_status_t bits;
uint32_t raw;
} status_union;
node_status_t status; node_status_t status;
long int last_state_change; long int last_state_change;
while(recvline(fd, line, sizeof line)) { while(recvline(fd, line, sizeof line)) {
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, (unsigned *)&status, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change); int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
if(n == 2) if(n == 2)
break; break;
@ -92,8 +96,12 @@ static int info_node(int fd, const char *item) {
printf("Address: %s port %s\n", host, port); printf("Address: %s port %s\n", host, port);
char timestr[32] = "never"; char timestr[32] = "never";
time_t lsc_time = last_state_change;
if(last_state_change) if(last_state_change)
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&last_state_change)); strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&lsc_time));
status = status_union.bits;
if(status.reachable) if(status.reachable)
printf("Online since: %s\n", timestr); printf("Online since: %s\n", timestr);

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction with Linux ethertap and tun/tap device device.c -- Interaction with Linux ethertap and tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans, Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org> 2001-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "route.h" #include "route.h"
#include "utils.h" #include "utils.h"

View file

@ -1,6 +1,6 @@
/* /*
logger.c -- logging code logger.c -- logging code
Copyright (C) 2004-2012 Guus Sliepen <guus@tinc-vpn.org> Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
2004-2005 Ivo Timmermans 2004-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -22,6 +22,7 @@
#include "conf.h" #include "conf.h"
#include "meta.h" #include "meta.h"
#include "names.h"
#include "logger.h" #include "logger.h"
#include "connection.h" #include "connection.h"
#include "control_common.h" #include "control_common.h"
@ -30,7 +31,6 @@
debug_t debug_level = DEBUG_NOTHING; debug_t debug_level = DEBUG_NOTHING;
static logmode_t logmode = LOGMODE_STDERR; static logmode_t logmode = LOGMODE_STDERR;
static pid_t logpid; static pid_t logpid;
extern char *logfilename;
static FILE *logfile = NULL; static FILE *logfile = NULL;
#ifdef HAVE_MINGW #ifdef HAVE_MINGW
static HANDLE loghandle = NULL; static HANDLE loghandle = NULL;

View file

@ -185,21 +185,50 @@ bool receive_meta(connection_t *c) {
if(c->tcplen) { if(c->tcplen) {
char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen); char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
if(tcpbuffer) { if(!tcpbuffer)
if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) { break;
if(!c->node) {
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) { if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted"); logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
} else { } else {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected"); logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
return false; return false;
} }
} else } else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
receive_tcppacket(c, tcpbuffer, c->tcplen); if(tcpbuffer[0] != 5) {
c->tcplen = 0; logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
continue; return false;
}
if(tcpbuffer[1] == (char)0xff) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
return false;
}
if(tcpbuffer[2] != 5) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
return false;
}
if(tcpbuffer[3] == 0) {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
} else {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
return false;
}
} else {
logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
abort();
}
} else { } else {
break; if(c->allow_request == ALL) {
receive_tcppacket(c, tcpbuffer, c->tcplen);
} else {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
return false;
}
} }
c->tcplen = 0;
} }
/* Otherwise we are waiting for a request */ /* Otherwise we are waiting for a request */

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction with Windows tap driver in a MinGW environment device.c -- Interaction with Windows tap driver in a MinGW environment
Copyright (C) 2002-2005 Ivo Timmermans, Copyright (C) 2002-2005 Ivo Timmermans,
2002-2012 Guus Sliepen <guus@tinc-vpn.org> 2002-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "route.h" #include "route.h"
#include "utils.h" #include "utils.h"
@ -46,7 +47,7 @@ extern char *myport;
static DWORD WINAPI tapreader(void *bla) { static DWORD WINAPI tapreader(void *bla) {
int status; int status;
long len; DWORD len;
OVERLAPPED overlapped; OVERLAPPED overlapped;
vpn_packet_t packet; vpn_packet_t packet;
@ -61,7 +62,7 @@ static DWORD WINAPI tapreader(void *bla) {
overlapped.OffsetHigh = 0; overlapped.OffsetHigh = 0;
ResetEvent(overlapped.hEvent); ResetEvent(overlapped.hEvent);
status = ReadFile(device_handle, packet.data, MTU, &len, &overlapped); status = ReadFile(device_handle, (void *)packet.data, MTU, &len, &overlapped);
if(!status) { if(!status) {
if(GetLastError() == ERROR_IO_PENDING) { if(GetLastError() == ERROR_IO_PENDING) {
@ -91,7 +92,7 @@ static bool setup_device(void) {
char adapterid[1024]; char adapterid[1024];
char adaptername[1024]; char adaptername[1024];
char tapname[1024]; char tapname[1024];
long len; DWORD len;
unsigned long status; unsigned long status;
bool found = false; bool found = false;
@ -122,7 +123,7 @@ static bool setup_device(void) {
continue; continue;
len = sizeof adaptername; len = sizeof adaptername;
err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); err = RegQueryValueEx(key2, "Name", 0, 0, (LPBYTE)adaptername, &len);
RegCloseKey(key2); RegCloseKey(key2);
@ -222,7 +223,7 @@ static bool read_packet(vpn_packet_t *packet) {
} }
static bool write_packet(vpn_packet_t *packet) { static bool write_packet(vpn_packet_t *packet) {
long outlen; DWORD outlen;
OVERLAPPED overlapped = {0}; OVERLAPPED overlapped = {0};
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",

View file

@ -165,7 +165,7 @@ static void close_device(void) {
static bool read_packet(vpn_packet_t *packet) { static bool read_packet(vpn_packet_t *packet) {
int lenin; int lenin;
if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) { if((lenin = recv(device_fd, (void *)packet->data, MTU, 0)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno)); device, strerror(errno));
return false; return false;
@ -191,7 +191,7 @@ static bool write_packet(vpn_packet_t *packet) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s", logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info); packet->len, device_info);
if(sendto(device_fd, packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) { if(sendto(device_fd, (void *)packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
strerror(errno)); strerror(errno));
return false; return false;

106
src/names.c Normal file
View file

@ -0,0 +1,106 @@
/*
names.c -- generate commonly used (file)names
Copyright (C) 1998-2005 Ivo Timmermans
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "logger.h"
#include "xalloc.h"
char *netname = NULL;
char *confdir = NULL; /* base configuration directory */
char *confbase = NULL; /* base configuration directory for this instance of tinc */
char *identname = NULL; /* program name for syslog */
char *unixsocketname = NULL; /* UNIX socket location */
char *logfilename = NULL; /* log file location */
char *pidfilename = NULL;
char *program_name = NULL;
/*
Set all files and paths according to netname
*/
void make_names(void) {
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
DWORD len = sizeof installdir;
#endif
if(netname)
xasprintf(&identname, "tinc.%s", netname);
else
identname = xstrdup("tinc");
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
confdir = xstrdup(installdir);
if(!logfilename)
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", installdir, identname);
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
}
RegCloseKey(key);
}
#endif
if(!confdir)
confdir = xstrdup(CONFDIR SLASH "tinc");
if(!logfilename)
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
if(!pidfilename)
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
if(!unixsocketname) {
int len = strlen(pidfilename);
unixsocketname = xmalloc(len + 8);
strcpy(unixsocketname, pidfilename);
if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
strcpy(unixsocketname + len - 4, ".socket");
else
strcpy(unixsocketname + len, ".socket");
}
if(netname) {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
else
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
} else {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc");
}
}
void free_names(void) {
free(identname);
free(netname);
free(unixsocketname);
free(pidfilename);
free(logfilename);
free(confbase);
free(confdir);
}

36
src/names.h Normal file
View file

@ -0,0 +1,36 @@
/*
names.h -- header for names.c
Copyright (C) 1998-2005 Ivo Timmermans
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef __TINC_NAMES_H__
#define __TINC_NAMES_H__
extern char *confdir;
extern char *confbase;
extern char *netname;
extern char *identname;
extern char *unixsocketname;
extern char *logfilename;
extern char *pidfilename;
extern char *program_name;
extern void make_names(void);
extern void free_names(void);
#endif /* __TINC_NAMES_H__ */

View file

@ -1,7 +1,7 @@
/* /*
net.c -- most of the network code net.c -- most of the network code
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
2011 Loïc Grenié <loic.grenie@gmail.com> 2011 Loïc Grenié <loic.grenie@gmail.com>
@ -29,6 +29,7 @@
#include "graph.h" #include "graph.h"
#include "logger.h" #include "logger.h"
#include "meta.h" #include "meta.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "process.h" #include "process.h"
@ -280,29 +281,13 @@ static void periodic_handler(void *data) {
} }
void handle_meta_connection_data(connection_t *c) { void handle_meta_connection_data(connection_t *c) {
int result;
socklen_t len = sizeof result;
if(c->status.connecting) {
c->status.connecting = false;
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len);
if(!result)
finish_connecting(c);
else {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
terminate_connection(c, false);
return;
}
}
if (!receive_meta(c)) { if (!receive_meta(c)) {
terminate_connection(c, c->status.active); terminate_connection(c, c->status.active);
return; return;
} }
} }
#ifndef HAVE_MINGW
static void sigterm_handler(void *data) { static void sigterm_handler(void *data) {
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum)); logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
event_exit(); event_exit();
@ -318,6 +303,7 @@ static void sigalrm_handler(void *data) {
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum)); logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
retry(); retry();
} }
#endif
int reload_configuration(void) { int reload_configuration(void) {
char *fname; char *fname;
@ -451,11 +437,13 @@ int main_loop(void) {
signal_t sighup = {0}; signal_t sighup = {0};
signal_t sigterm = {0}; signal_t sigterm = {0};
signal_t sigquit = {0}; signal_t sigquit = {0};
signal_t sigint = {0};
signal_t sigalrm = {0}; signal_t sigalrm = {0};
signal_add(&sighup, sighup_handler, &sighup, SIGHUP); signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM); signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT); signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
signal_add(&sigint, sigterm_handler, &sigint, SIGINT);
signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM); signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
#endif #endif

View file

@ -1,7 +1,7 @@
/* /*
net.h -- header for net.c net.h -- header for net.c
Copyright (C) 1998-2005 Ivo Timmermans Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -128,6 +128,7 @@ extern bool localdiscovery;
extern listen_socket_t listen_socket[MAXSOCKETS]; extern listen_socket_t listen_socket[MAXSOCKETS];
extern int listen_sockets; extern int listen_sockets;
extern io_t unix_socket;
extern int keylifetime; extern int keylifetime;
extern int udp_rcvbuf; extern int udp_rcvbuf;
extern int udp_sndbuf; extern int udp_sndbuf;
@ -164,6 +165,7 @@ extern void handle_incoming_vpn_data(void *, int);
extern void finish_connecting(struct connection_t *); extern void finish_connecting(struct connection_t *);
extern bool do_outgoing_connection(struct outgoing_t *); extern bool do_outgoing_connection(struct outgoing_t *);
extern void handle_new_meta_connection(void *, int); extern void handle_new_meta_connection(void *, int);
extern void handle_new_unix_connection(void *, int);
extern int setup_listen_socket(const sockaddr_t *); extern int setup_listen_socket(const sockaddr_t *);
extern int setup_vpn_in_socket(const sockaddr_t *); extern int setup_vpn_in_socket(const sockaddr_t *);
extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len); extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len);

View file

@ -1,7 +1,7 @@
/* /*
net_packet.c -- Handles in- and outgoing VPN packets net_packet.c -- Handles in- and outgoing VPN packets
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2010 Timothy Redaelli <timothy@redaelli.eu> 2010 Timothy Redaelli <timothy@redaelli.eu>
2010 Brandon Black <blblack@gmail.com> 2010 Brandon Black <blblack@gmail.com>
@ -22,12 +22,6 @@
#include "system.h" #include "system.h"
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
#include <zlib.h> #include <zlib.h>
#endif #endif
@ -70,11 +64,15 @@ bool localdiscovery = false;
mtuprobes == 32: send 1 burst, sleep pingtimeout second mtuprobes == 32: send 1 burst, sleep pingtimeout second
mtuprobes == 33: no response from other side, restart PMTU discovery process mtuprobes == 33: no response from other side, restart PMTU discovery process
Probes are sent in batches of three, with random sizes between the lower and Probes are sent in batches of at least three, with random sizes between the
upper boundaries for the MTU thus far discovered. lower and upper boundaries for the MTU thus far discovered.
In case local discovery is enabled, a fourth packet is added to each batch, After the initial discovery, a fourth packet is added to each batch with a
size larger than the currently known PMTU, to test if the PMTU has increased.
In case local discovery is enabled, another packet is added to each batch,
which will be broadcast to the local network. which will be broadcast to the local network.
*/ */
static void send_mtu_probe_handler(void *data) { static void send_mtu_probe_handler(void *data) {
@ -125,13 +123,18 @@ static void send_mtu_probe_handler(void *data) {
timeout = pingtimeout; timeout = pingtimeout;
} }
for(int i = 0; i < 3 + localdiscovery; i++) { for(int i = 0; i < 4 + localdiscovery; i++) {
int len; int len;
if(n->maxmtu <= n->minmtu) if(i == 0) {
if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
continue;
len = n->maxmtu + 8;
} else if(n->maxmtu <= n->minmtu) {
len = n->maxmtu; len = n->maxmtu;
else } else {
len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu); len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
}
if(len < 64) if(len < 64)
len = 64; len = 64;
@ -140,7 +143,7 @@ static void send_mtu_probe_handler(void *data) {
memset(packet.data, 0, 14); memset(packet.data, 0, 14);
randomize(packet.data + 14, len - 14); randomize(packet.data + 14, len - 14);
packet.len = len; packet.len = len;
if(i >= 3 && n->mtuprobes <= 10) if(i >= 4 && n->mtuprobes <= 10)
packet.priority = -1; packet.priority = -1;
else else
packet.priority = 0; packet.priority = 0;
@ -150,6 +153,21 @@ static void send_mtu_probe_handler(void *data) {
send_udppacket(n, &packet); send_udppacket(n, &packet);
} }
n->probe_counter = 0;
gettimeofday(&n->probe_time, NULL);
/* Calculate the packet loss of incoming traffic by comparing the rate of
packets received to the rate with which the sequence number has increased.
*/
if(n->received > n->prev_received)
n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
else
n->packetloss = n->received_seqno <= n->prev_received_seqno;
n->prev_received_seqno = n->received_seqno;
n->prev_received = n->received;
end: end:
timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000}); timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
} }
@ -184,6 +202,13 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
/* If we haven't established the PMTU yet, restart the discovery process. */ /* If we haven't established the PMTU yet, restart the discovery process. */
if(n->mtuprobes > 30) { if(n->mtuprobes > 30) {
if (len == n->maxmtu + 8) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
n->maxmtu = MTU;
n->mtuprobes = 10;
return;
}
if(n->minmtu) if(n->minmtu)
n->mtuprobes = 30; n->mtuprobes = 30;
else else
@ -196,6 +221,25 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
len = n->maxmtu; len = n->maxmtu;
if(n->minmtu < len) if(n->minmtu < len)
n->minmtu = len; n->minmtu = len;
/* Calculate RTT and bandwidth.
The RTT is the time between the MTU probe burst was sent and the first
reply is received. The bandwidth is measured using the time between the
arrival of the first and third probe reply.
*/
struct timeval now, diff;
gettimeofday(&now, NULL);
timersub(&now, &n->probe_time, &diff);
n->probe_counter++;
if(n->probe_counter == 1) {
n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
n->probe_time = now;
} else if(n->probe_counter == 3) {
n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
}
} }
} }
@ -365,6 +409,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
if(inpkt->seqno > n->received_seqno) if(inpkt->seqno > n->received_seqno)
n->received_seqno = inpkt->seqno; n->received_seqno = inpkt->seqno;
n->received++;
if(n->received_seqno > MAX_SEQNO) if(n->received_seqno > MAX_SEQNO)
regenerate_key(); regenerate_key();

View file

@ -1,7 +1,7 @@
/* /*
net_setup.c -- Setup. net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com> 2010 Brandon Black <blblack@gmail.com>
@ -31,6 +31,7 @@
#include "ecdsa.h" #include "ecdsa.h"
#include "graph.h" #include "graph.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "process.h" #include "process.h"
@ -807,6 +808,37 @@ static bool setup_myself(void) {
/* Open sockets */ /* Open sockets */
#ifndef HAVE_MINGW
int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
if(unix_fd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
return false;
}
struct sockaddr_un sa;
sa.sun_family = AF_UNIX;
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
if(connect(unix_fd, (struct sockaddr *)&sa, sizeof sa) >= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
return false;
}
unlink(unixsocketname);
if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
return false;
}
if(listen(unix_fd, 3) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
return false;
}
io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
#endif
if(!do_detach && getenv("LISTEN_FDS")) { if(!do_detach && getenv("LISTEN_FDS")) {
sockaddr_t sa; sockaddr_t sa;
socklen_t salen; socklen_t salen;
@ -991,6 +1023,11 @@ void close_network_connections(void) {
close(listen_socket[i].udp.fd); close(listen_socket[i].udp.fd);
} }
#ifndef HAVE_MINGW
io_del(&unix_socket);
close(unix_socket.fd);
#endif
char *envp[5]; char *envp[5];
xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : "");

View file

@ -1,7 +1,7 @@
/* /*
net_socket.c -- Handle various kinds of sockets. net_socket.c -- Handle various kinds of sockets.
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
2009 Florian Forster <octo@verplant.org> 2009 Florian Forster <octo@verplant.org>
@ -24,9 +24,11 @@
#include "conf.h" #include "conf.h"
#include "connection.h" #include "connection.h"
#include "control_common.h"
#include "list.h" #include "list.h"
#include "logger.h" #include "logger.h"
#include "meta.h" #include "meta.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "protocol.h" #include "protocol.h"
@ -46,6 +48,9 @@ int udp_sndbuf = 0;
listen_socket_t listen_socket[MAXSOCKETS]; listen_socket_t listen_socket[MAXSOCKETS];
int listen_sockets; int listen_sockets;
#ifndef HAVE_MINGW
io_t unix_socket;
#endif
list_t *outgoing_list = NULL; list_t *outgoing_list = NULL;
/* Setup sockets */ /* Setup sockets */
@ -289,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
void finish_connecting(connection_t *c) { void finish_connecting(connection_t *c) {
logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname); logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
if(proxytype != PROXY_EXEC)
configure_tcp(c);
c->last_ping_time = time(NULL); c->last_ping_time = time(NULL);
c->status.connecting = false; c->status.connecting = false;
@ -368,10 +370,28 @@ static void handle_meta_write(connection_t *c) {
} }
static void handle_meta_io(void *data, int flags) { static void handle_meta_io(void *data, int flags) {
connection_t *c = data;
if(c->status.connecting) {
c->status.connecting = false;
int result;
socklen_t len = sizeof result;
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len);
if(!result)
finish_connecting(c);
else {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
terminate_connection(c, false);
return;
}
}
if(flags & IO_WRITE) if(flags & IO_WRITE)
handle_meta_write(data); handle_meta_write(c);
else else
handle_meta_connection_data(data); handle_meta_connection_data(c);
} }
bool do_outgoing_connection(outgoing_t *outgoing) { bool do_outgoing_connection(outgoing_t *outgoing) {
@ -436,6 +456,7 @@ begin:
} }
logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport); logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP); c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
configure_tcp(c);
} }
if(c->socket == -1) { if(c->socket == -1) {
@ -488,7 +509,7 @@ begin:
connection_add(c); connection_add(c);
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ); io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE);
return true; return true;
} }
@ -561,6 +582,45 @@ void handle_new_meta_connection(void *data, int flags) {
send_id(c); send_id(c);
} }
#ifndef HAVE_MINGW
/*
accept a new UNIX socket connection
*/
void handle_new_unix_connection(void *data, int flags) {
io_t *io = data;
connection_t *c;
sockaddr_t sa;
int fd;
socklen_t len = sizeof sa;
fd = accept(io->fd, &sa.sa, &len);
if(fd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
return;
}
sockaddrunmap(&sa);
c = new_connection();
c->name = xstrdup("<control>");
c->address = sa;
c->hostname = xstrdup("localhost port unix");
c->socket = fd;
c->last_ping_time = time(NULL);
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
connection_add(c);
c->allow_request = ID;
send_id(c);
}
#endif
static void free_outgoing(outgoing_t *outgoing) { static void free_outgoing(outgoing_t *outgoing) {
timeout_del(&outgoing->ev); timeout_del(&outgoing->ev);

View file

@ -1,6 +1,6 @@
/* /*
node.h -- header for node.c node.h -- header for node.c
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans 2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -77,6 +77,9 @@ typedef struct node_t {
uint32_t sent_seqno; /* Sequence number last sent to this node */ uint32_t sent_seqno; /* Sequence number last sent to this node */
uint32_t received_seqno; /* Sequence number last received from this node */ uint32_t received_seqno; /* Sequence number last received from this node */
uint32_t received; /* Total valid packets received from this node */
uint32_t prev_received_seqno;
uint32_t prev_received;
uint32_t farfuture; /* Packets in a row that have arrived from the far future */ uint32_t farfuture; /* Packets in a row that have arrived from the far future */
unsigned char* late; /* Bitfield marking late packets */ unsigned char* late; /* Bitfield marking late packets */
@ -85,6 +88,11 @@ typedef struct node_t {
length_t maxmtu; /* Probed maximum MTU */ length_t maxmtu; /* Probed maximum MTU */
int mtuprobes; /* Number of probes */ int mtuprobes; /* Number of probes */
timeout_t mtutimeout; /* Probe event */ timeout_t mtutimeout; /* Probe event */
struct timeval probe_time; /* Time the last probe was sent or received */
int probe_counter; /* Number of probes received since last burst was sent */
float rtt; /* Last measured round trip time */
float bandwidth; /* Last measured bandwidth */
float packetloss; /* Last measured packet loss rate */
uint64_t in_packets; uint64_t in_packets;
uint64_t in_bytes; uint64_t in_bytes;

View file

@ -1,7 +1,7 @@
/* /*
process.c -- process management functions process.c -- process management functions
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -27,6 +27,7 @@
#include "edge.h" #include "edge.h"
#include "event.h" #include "event.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "node.h" #include "node.h"
#include "process.h" #include "process.h"
@ -38,17 +39,12 @@
bool do_detach = true; bool do_detach = true;
bool sigalrm = false; bool sigalrm = false;
extern char *identname;
extern char **g_argv; extern char **g_argv;
extern bool use_logfile; extern bool use_logfile;
/* Some functions the less gifted operating systems might lack... */ /* Some functions the less gifted operating systems might lack... */
#ifdef HAVE_MINGW #ifdef HAVE_MINGW
extern char *identname;
extern char *program_name;
extern char **g_argv;
static SC_HANDLE manager = NULL; static SC_HANDLE manager = NULL;
static SC_HANDLE service = NULL; static SC_HANDLE service = NULL;
static SERVICE_STATUS status = {0}; static SERVICE_STATUS status = {0};
@ -263,8 +259,8 @@ bool execute_script(const char *name, char **envp) {
} }
} }
#ifdef WEXITSTATUS
if(status != -1) { if(status != -1) {
#ifdef WEXITSTATUS
if(WIFEXITED(status)) { /* Child exited by itself */ if(WIFEXITED(status)) { /* Child exited by itself */
if(WEXITSTATUS(status)) { if(WEXITSTATUS(status)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d", logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d",
@ -279,11 +275,11 @@ bool execute_script(const char *name, char **envp) {
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name); logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name);
return false; return false;
} }
#endif
} else { } else {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
return false; return false;
} }
#endif
#endif #endif
return true; return true;
} }

View file

@ -111,7 +111,7 @@ void forward_request(connection_t *from, const char *request) {
} }
bool receive_request(connection_t *c, const char *request) { bool receive_request(connection_t *c, const char *request) {
if(proxytype == PROXY_HTTP && c->allow_request == ID) { if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
if(!request[0] || request[0] == '\r') if(!request[0] || request[0] == '\r')
return true; return true;
if(!strncasecmp(request, "HTTP/1.1 ", 9)) { if(!strncasecmp(request, "HTTP/1.1 ", 9)) {

View file

@ -139,7 +139,7 @@ bool send_id(connection_t *c) {
minor = myself->connection->protocol_minor; minor = myself->connection->protocol_minor;
} }
if(proxytype) if(proxytype && c->outgoing)
if(!send_proxyrequest(c)) if(!send_proxyrequest(c))
return false; return false;

View file

@ -1,7 +1,7 @@
/* /*
protocol_key.c -- handle the meta-protocol, key exchange protocol_key.c -- handle the meta-protocol, key exchange
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -278,6 +278,7 @@ bool send_ans_key(node_t *to) {
// Reset sequence number and late packet window // Reset sequence number and late packet window
mykeyused = true; mykeyused = true;
to->received_seqno = 0; to->received_seqno = 0;
to->received = 0;
if(replaywin) memset(to->late, 0, replaywin); if(replaywin) memset(to->late, 0, replaywin);
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,

View file

@ -1,7 +1,7 @@
/* /*
route.c -- routing route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans, Copyright (C) 2000-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -835,6 +835,11 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
return; return;
uint16_t type = packet->data[12] << 8 | packet->data[13];
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
packet->priority = packet->data[15];
// Handle packets larger than PMTU // Handle packets larger than PMTU
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
@ -844,7 +849,6 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
if(via && packet->len > via->mtu && via != myself) { if(via && packet->len > via->mtu && via != myself) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
uint16_t type = packet->data[12] << 8 | packet->data[13];
length_t ethlen = 14; length_t ethlen = 14;
if(type == ETH_P_8021Q) { if(type == ETH_P_8021Q) {

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction with Solaris tun device device.c -- Interaction with Solaris tun device
Copyright (C) 2001-2005 Ivo Timmermans, Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org> 2001-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -28,6 +28,7 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "utils.h" #include "utils.h"
#include "xalloc.h" #include "xalloc.h"

View file

@ -1,6 +1,6 @@
/* /*
sptps.c -- Simple Peer-to-Peer Security sptps.c -- Simple Peer-to-Peer Security
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
2010 Brandon L. Black <blblack@gmail.com> 2010 Brandon L. Black <blblack@gmail.com>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -439,6 +439,17 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
return receive_handshake(s, data + 5, len - 5); return receive_handshake(s, data + 5, len - 5);
} }
// Check HMAC.
uint16_t netlen = htons(len - 21);
char buffer[len + 23];
memcpy(buffer, &netlen, 2);
memcpy(buffer + 2, data, len);
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
return error(s, EIO, "Invalid HMAC");
// Replay protection using a sliding window of configurable size. // Replay protection using a sliding window of configurable size.
// s->inseqno is expected sequence number // s->inseqno is expected sequence number
// seqno is received sequence number // seqno is received sequence number
@ -473,19 +484,13 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
if(seqno > s->inseqno) if(seqno > s->inseqno)
s->inseqno = seqno + 1; s->inseqno = seqno + 1;
uint16_t netlen = htons(len - 21); if(!s->inseqno)
s->received = 0;
char buffer[len + 23]; else
s->received++;
memcpy(buffer, &netlen, 2);
memcpy(buffer + 2, data, len);
// Decrypt.
memcpy(&seqno, buffer + 2, 4); memcpy(&seqno, buffer + 2, 4);
// Check HMAC and decrypt.
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
return error(s, EIO, "Invalid HMAC");
cipher_set_counter(&s->incipher, &seqno, sizeof seqno); cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6)) if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
return false; return false;

View file

@ -1,6 +1,6 @@
/* /*
sptps.h -- Simple Peer-to-Peer Security sptps.h -- Simple Peer-to-Peer Security
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -56,6 +56,7 @@ typedef struct sptps {
cipher_t incipher; cipher_t incipher;
digest_t indigest; digest_t indigest;
uint32_t inseqno; uint32_t inseqno;
uint32_t received;
unsigned int replaywin; unsigned int replaywin;
unsigned int farfuture; unsigned int farfuture;
char *late; char *late;

View file

@ -1,6 +1,6 @@
/* /*
subnet.c -- handle subnet lookups and lists subnet.c -- handle subnet lookups and lists
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans 2000-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -25,6 +25,7 @@
#include "device.h" #include "device.h"
#include "hash.h" #include "hash.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "node.h" #include "node.h"

View file

@ -1,6 +1,6 @@
/* /*
tincctl.c -- Controlling a running tincd tincctl.c -- Controlling a running tincd
Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org> Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -31,6 +31,7 @@
#include "control_common.h" #include "control_common.h"
#include "ecdsagen.h" #include "ecdsagen.h"
#include "info.h" #include "info.h"
#include "names.h"
#include "rsagen.h" #include "rsagen.h"
#include "utils.h" #include "utils.h"
#include "tincctl.h" #include "tincctl.h"
@ -40,10 +41,6 @@
#define mkdir(a, b) mkdir(a) #define mkdir(a, b) mkdir(a)
#endif #endif
/* The name this program was run with. */
static char *program_name = NULL;
static char **orig_argv; static char **orig_argv;
static int orig_argc; static int orig_argc;
@ -54,12 +51,7 @@ static bool show_help = false;
static bool show_version = false; static bool show_version = false;
static char *name = NULL; static char *name = NULL;
static char *identname = NULL; /* program name for syslog */
static char *pidfilename = NULL; /* pid file location */
static char *confdir = NULL;
static char controlcookie[1025]; static char controlcookie[1025];
char *netname = NULL;
char *confbase = NULL;
static char *tinc_conf = NULL; static char *tinc_conf = NULL;
static char *hosts_dir = NULL; static char *hosts_dir = NULL;
struct timeval now; struct timeval now;
@ -107,10 +99,9 @@ static void version(void) {
} }
static void usage(bool status) { static void usage(bool status) {
if(status) if(status) {
fprintf(stderr, "Try `%s --help\' for more information.\n", fprintf(stderr, "Try `%s --help\' for more information.\n", program_name);
program_name); } else {
else {
printf("Usage: %s [options] command\n\n", program_name); printf("Usage: %s [options] command\n\n", program_name);
printf("Valid options are:\n" printf("Valid options are:\n"
" -c, --config=DIR Read configuration options from DIR.\n" " -c, --config=DIR Read configuration options from DIR.\n"
@ -153,6 +144,8 @@ static void usage(bool status) {
" export Export host configuration of local node to standard output\n" " export Export host configuration of local node to standard output\n"
" export-all Export all host configuration files to standard output\n" " export-all Export all host configuration files to standard output\n"
" import [--force] Import host configuration file(s) from standard input\n" " import [--force] Import host configuration file(s) from standard input\n"
" exchange [--force] Same as export followed by import\n"
" exchange-all [--force] Same as export-all followed by import\n"
"\n"); "\n");
printf("Report bugs to tinc@tinc-vpn.org.\n"); printf("Report bugs to tinc@tinc-vpn.org.\n");
} }
@ -453,62 +446,6 @@ static bool rsa_keygen(int bits, bool ask) {
return true; return true;
} }
/*
Set all files and paths according to netname
*/
static void make_names(void) {
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
long len = sizeof installdir;
#endif
if(netname)
xasprintf(&identname, "tinc.%s", netname);
else
identname = xstrdup("tinc");
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
}
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
RegCloseKey(key);
}
if(!*installdir) {
#endif
confdir = xstrdup(CONFDIR);
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "run" SLASH "%s.pid", LOCALSTATEDIR, identname);
if(netname) {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
else
fprintf(stderr, "Both netname and configuration directory given, using the latter...\n");
} else {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc");
}
#ifdef HAVE_MINGW
} else
confdir = xstrdup(installdir);
#endif
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
}
static char buffer[4096]; static char buffer[4096];
static size_t blen = 0; static size_t blen = 0;
@ -729,6 +666,26 @@ static bool connect_tincd(bool verbose) {
} }
#endif #endif
#ifndef HAVE_MINGW
struct sockaddr_un sa;
sa.sun_family = AF_UNIX;
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if(fd < 0) {
if(verbose)
fprintf(stderr, "Cannot create UNIX socket: %s\n", sockstrerror(sockerrno));
return false;
}
if(connect(fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
if(verbose)
fprintf(stderr, "Cannot connect to UNIX socket %s: %s\n", unixsocketname, sockstrerror(sockerrno));
close(fd);
fd = -1;
return false;
}
#else
struct addrinfo hints = { struct addrinfo hints = {
.ai_family = AF_UNSPEC, .ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM, .ai_socktype = SOCK_STREAM,
@ -769,6 +726,7 @@ static bool connect_tincd(bool verbose) {
} }
freeaddrinfo(res); freeaddrinfo(res);
#endif
char data[4096]; char data[4096];
int version; int version;
@ -854,6 +812,11 @@ static int cmd_start(int argc, char *argv[]) {
} }
static int cmd_stop(int argc, char *argv[]) { static int cmd_stop(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
#ifndef HAVE_MINGW #ifndef HAVE_MINGW
if(!connect_tincd(true)) { if(!connect_tincd(true)) {
if(pid) { if(pid) {
@ -871,16 +834,10 @@ static int cmd_stop(int argc, char *argv[]) {
} }
sendline(fd, "%d %d", CONTROL, REQ_STOP); sendline(fd, "%d %d", CONTROL, REQ_STOP);
if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_STOP || result) {
fprintf(stderr, "Could not stop tinc daemon.\n");
return 1;
}
// Wait for tincd to close the connection... while(recvline(fd, line, sizeof line)) {
fd_set r; // Wait for tincd to close the connection...
FD_ZERO(&r); }
FD_SET(fd, &r);
select(fd + 1, &r, NULL, NULL, NULL);
#else #else
if(!remove_service()) if(!remove_service())
return 1; return 1;
@ -898,6 +855,11 @@ static int cmd_restart(int argc, char *argv[]) {
} }
static int cmd_reload(int argc, char *argv[]) { static int cmd_reload(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true)) if(!connect_tincd(true))
return 1; return 1;
@ -1070,6 +1032,11 @@ static int cmd_dump(int argc, char *argv[]) {
} }
static int cmd_purge(int argc, char *argv[]) { static int cmd_purge(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true)) if(!connect_tincd(true))
return 1; return 1;
@ -1105,6 +1072,11 @@ static int cmd_debug(int argc, char *argv[]) {
} }
static int cmd_retry(int argc, char *argv[]) { static int cmd_retry(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true)) if(!connect_tincd(true))
return 1; return 1;
@ -1164,6 +1136,11 @@ static int cmd_disconnect(int argc, char *argv[]) {
} }
static int cmd_top(int argc, char *argv[]) { static int cmd_top(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
#ifdef HAVE_CURSES #ifdef HAVE_CURSES
if(!connect_tincd(true)) if(!connect_tincd(true))
return 1; return 1;
@ -1177,6 +1154,11 @@ static int cmd_top(int argc, char *argv[]) {
} }
static int cmd_pcap(int argc, char *argv[]) { static int cmd_pcap(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true)) if(!connect_tincd(true))
return 1; return 1;
@ -1185,6 +1167,11 @@ static int cmd_pcap(int argc, char *argv[]) {
} }
static int cmd_log(int argc, char *argv[]) { static int cmd_log(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true)) if(!connect_tincd(true))
return 1; return 1;
@ -1193,6 +1180,11 @@ static int cmd_log(int argc, char *argv[]) {
} }
static int cmd_pid(int argc, char *argv[]) { static int cmd_pid(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true) && !pid) if(!connect_tincd(true) && !pid)
return 1; return 1;
@ -1613,7 +1605,10 @@ static int cmd_init(int argc, char *argv[]) {
return 1; return 1;
} }
if(argc < 2) { if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
} else if(argc < 2) {
if(tty) { if(tty) {
char buf[1024]; char buf[1024];
fprintf(stdout, "Enter the Name you want your tinc node to have: "); fprintf(stdout, "Enter the Name you want your tinc node to have: ");
@ -1692,14 +1687,29 @@ static int cmd_init(int argc, char *argv[]) {
} }
static int cmd_generate_keys(int argc, char *argv[]) { static int cmd_generate_keys(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true)); return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
} }
static int cmd_generate_rsa_keys(int argc, char *argv[]) { static int cmd_generate_rsa_keys(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true); return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
} }
static int cmd_generate_ecdsa_keys(int argc, char *argv[]) { static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
return !ecdsa_keygen(true); return !ecdsa_keygen(true);
} }
@ -1709,6 +1719,11 @@ static int cmd_help(int argc, char *argv[]) {
} }
static int cmd_version(int argc, char *argv[]) { static int cmd_version(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
version(); version();
return 0; return 0;
} }
@ -1811,14 +1826,29 @@ static int export(const char *name, FILE *out) {
} }
static int cmd_export(int argc, char *argv[]) { static int cmd_export(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
char *name = get_my_name(); char *name = get_my_name();
if(!name) if(!name)
return 1; return 1;
return export(name, stdout); int result = export(name, stdout);
if(!tty)
fclose(stdout);
free(name);
return result;
} }
static int cmd_export_all(int argc, char *argv[]) { static int cmd_export_all(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
DIR *dir = opendir(hosts_dir); DIR *dir = opendir(hosts_dir);
if(!dir) { if(!dir) {
fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno)); fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
@ -1842,21 +1872,30 @@ static int cmd_export_all(int argc, char *argv[]) {
} }
closedir(dir); closedir(dir);
if(!tty)
fclose(stdout);
return result; return result;
} }
static int cmd_import(int argc, char *argv[]) { static int cmd_import(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
FILE *in = stdin; FILE *in = stdin;
FILE *out = NULL; FILE *out = NULL;
char buf[4096]; char buf[4096];
char name[4096]; char name[4096];
char *filename; char *filename = NULL;
int count = 0; int count = 0;
bool firstline = true; bool firstline = true;
while(fgets(buf, sizeof buf, in)) { while(fgets(buf, sizeof buf, in)) {
if(sscanf(buf, "Name = %s", name) == 1) { if(sscanf(buf, "Name = %s", name) == 1) {
firstline = false;
if(!check_id(name)) { if(!check_id(name)) {
fprintf(stderr, "Invalid Name in input!\n"); fprintf(stderr, "Invalid Name in input!\n");
return 1; return 1;
@ -1881,7 +1920,6 @@ static int cmd_import(int argc, char *argv[]) {
} }
count++; count++;
firstline = false;
continue; continue;
} else if(firstline) { } else if(firstline) {
fprintf(stderr, "Junk at the beginning of the input, ignoring.\n"); fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
@ -1912,6 +1950,14 @@ static int cmd_import(int argc, char *argv[]) {
} }
} }
static int cmd_exchange(int argc, char *argv[]) {
return cmd_export(argc, argv) ?: cmd_import(argc, argv);
}
static int cmd_exchange_all(int argc, char *argv[]) {
return cmd_export_all(argc, argv) ?: cmd_import(argc, argv);
}
static const struct { static const struct {
const char *command; const char *command;
int (*function)(int argc, char *argv[]); int (*function)(int argc, char *argv[]);
@ -1942,6 +1988,8 @@ static const struct {
{"export", cmd_export}, {"export", cmd_export},
{"export-all", cmd_export_all}, {"export-all", cmd_export_all},
{"import", cmd_import}, {"import", cmd_import},
{"exchange", cmd_exchange},
{"exchange-all", cmd_exchange_all},
{NULL, NULL}, {NULL, NULL},
}; };
@ -2189,6 +2237,8 @@ int main(int argc, char *argv[]) {
return 1; return 1;
make_names(); make_names();
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
if(show_version) { if(show_version) {
version(); version();

View file

@ -1,7 +1,7 @@
/* /*
tincd.c -- the main file for tincd tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com> 2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru> 2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu> 2010 Julien Muchembled <jm@jmuchemb.eu>
@ -33,12 +33,6 @@
#include <sys/mman.h> #include <sys/mman.h>
#endif #endif
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#ifdef HAVE_LZO #ifdef HAVE_LZO
#include LZO1X_H #include LZO1X_H
#endif #endif
@ -56,6 +50,7 @@
#include "crypto.h" #include "crypto.h"
#include "device.h" #include "device.h"
#include "logger.h" #include "logger.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "process.h" #include "process.h"
@ -63,9 +58,6 @@
#include "utils.h" #include "utils.h"
#include "xalloc.h" #include "xalloc.h"
/* The name this program was run with. */
char *program_name = NULL;
/* If nonzero, display usage information and exit. */ /* If nonzero, display usage information and exit. */
static bool show_help = false; static bool show_help = false;
@ -75,21 +67,22 @@ static bool show_version = false;
/* If nonzero, use null ciphers and skip all key exchanges. */ /* If nonzero, use null ciphers and skip all key exchanges. */
bool bypass_security = false; bool bypass_security = false;
#ifdef HAVE_MLOCKALL
/* If nonzero, disable swapping for this process. */ /* If nonzero, disable swapping for this process. */
static bool do_mlock = false; static bool do_mlock = false;
#endif
#ifndef HAVE_MINGW
/* If nonzero, chroot to netdir after startup. */ /* If nonzero, chroot to netdir after startup. */
static bool do_chroot = false; static bool do_chroot = false;
/* If !NULL, do setuid to given user after startup */ /* If !NULL, do setuid to given user after startup */
static const char *switchuser = NULL; static const char *switchuser = NULL;
#endif
/* If nonzero, write log entries to a separate file. */ /* If nonzero, write log entries to a separate file. */
bool use_logfile = false; bool use_logfile = false;
char *identname = NULL; /* program name for syslog */
char *logfilename = NULL; /* log file location */
char *pidfilename = NULL;
char **g_argv; /* a copy of the cmdline arguments */ char **g_argv; /* a copy of the cmdline arguments */
static int status = 1; static int status = 1;
@ -127,13 +120,18 @@ static void usage(bool status) {
" -D, --no-detach Don't fork and detach.\n" " -D, --no-detach Don't fork and detach.\n"
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
" -n, --net=NETNAME Connect to net NETNAME.\n" " -n, --net=NETNAME Connect to net NETNAME.\n"
#ifdef HAVE_MLOCKALL
" -L, --mlock Lock tinc into main memory.\n" " -L, --mlock Lock tinc into main memory.\n"
#endif
" --logfile[=FILENAME] Write log entries to a logfile.\n" " --logfile[=FILENAME] Write log entries to a logfile.\n"
" --pidfile=FILENAME Write PID and control socket cookie to FILENAME.\n" " --pidfile=FILENAME Write PID and control socket cookie to FILENAME.\n"
" --bypass-security Disables meta protocol security, for debugging.\n" " --bypass-security Disables meta protocol security, for debugging.\n"
" -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n" " -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n"
#ifndef HAVE_MINGW
" -R, --chroot chroot to NET dir at startup.\n" " -R, --chroot chroot to NET dir at startup.\n"
" -U, --user=USER setuid to given USER at startup.\n" " --help Display this help and exit.\n" " -U, --user=USER setuid to given USER at startup.\n"
#endif
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n"); " --version Output version information and exit.\n\n");
printf("Report bugs to tinc@tinc-vpn.org.\n"); printf("Report bugs to tinc@tinc-vpn.org.\n");
} }
@ -162,7 +160,7 @@ static bool parse_options(int argc, char **argv) {
case 'L': /* no detach */ case 'L': /* no detach */
#ifndef HAVE_MLOCKALL #ifndef HAVE_MLOCKALL
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "mlockall()"); logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
return false; return false;
#else #else
do_mlock = true; do_mlock = true;
@ -187,6 +185,12 @@ static bool parse_options(int argc, char **argv) {
list_insert_tail(cmdline_conf, cfg); list_insert_tail(cmdline_conf, cfg);
break; break;
#ifdef HAVE_MINGW
case 'R':
case 'U':
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
return false;
#else
case 'R': /* chroot to NETNAME dir */ case 'R': /* chroot to NETNAME dir */
do_chroot = true; do_chroot = true;
break; break;
@ -194,6 +198,7 @@ static bool parse_options(int argc, char **argv) {
case 'U': /* setuid to USER */ case 'U': /* setuid to USER */
switchuser = optarg; switchuser = optarg;
break; break;
#endif
case 1: /* show help */ case 1: /* show help */
show_help = true; show_help = true;
@ -244,77 +249,8 @@ static bool parse_options(int argc, char **argv) {
return true; return true;
} }
/*
Set all files and paths according to netname
*/
static void make_names(void) {
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
long len = sizeof installdir;
#endif
if(netname)
xasprintf(&identname, "tinc.%s", netname);
else
identname = xstrdup("tinc");
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
if(!logfilename)
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", identname);
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
}
RegCloseKey(key);
if(*installdir)
return;
}
#endif
if(!logfilename)
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
if(!pidfilename)
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
if(netname) {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
else
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
} else {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc");
}
}
static void free_names(void) {
if (identname) free(identname);
if (netname) free(netname);
if (pidfilename) free(pidfilename);
if (logfilename) free(logfilename);
if (confbase) free(confbase);
}
static bool drop_privs(void) { static bool drop_privs(void) {
#ifdef HAVE_MINGW #ifndef HAVE_MINGW
if (switchuser) {
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-U");
return false;
}
if (do_chroot) {
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-R");
return false;
}
#else
uid_t uid = 0; uid_t uid = 0;
if (switchuser) { if (switchuser) {
struct passwd *pw = getpwnam(switchuser); struct passwd *pw = getpwnam(switchuser);

View file

@ -1,6 +1,6 @@
/* /*
top.c -- Show real-time statistics from a running tincd top.c -- Show real-time statistics from a running tincd
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org> Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
#include "control_common.h" #include "control_common.h"
#include "list.h" #include "list.h"
#include "names.h"
#include "tincctl.h" #include "tincctl.h"
#include "top.h" #include "top.h"
#include "xalloc.h" #include "xalloc.h"
@ -65,10 +66,6 @@ static float bscale = 1;
static const char *punit = "pkts"; static const char *punit = "pkts";
static float pscale = 1; static float pscale = 1;
#ifndef timersub
#define timersub(a, b, c) do {(c)->tv_sec = (a)->tv_sec - (b)->tv_sec; (c)->tv_usec = (a)->tv_usec = (b)->tv_usec;} while(0)
#endif
static void update(int fd) { static void update(int fd) {
sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC); sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC);
gettimeofday(&cur, NULL); gettimeofday(&cur, NULL);
@ -229,7 +226,7 @@ static void redraw(void) {
attrset(A_DIM); attrset(A_DIM);
if(cumulative) if(cumulative)
mvprintw(row, 0, "%-16s %10"PRIu64" %10.0f %10"PRIu64" %10.0f", mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale); node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale);
else else
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f", mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",

View file

@ -1,7 +1,7 @@
/* /*
device.c -- UML network socket device.c -- UML network socket
Copyright (C) 2002-2005 Ivo Timmermans, Copyright (C) 2002-2005 Ivo Timmermans,
2002-2012 Guus Sliepen <guus@tinc-vpn.org> 2002-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "logger.h" #include "logger.h"
#include "utils.h" #include "utils.h"
@ -37,9 +38,6 @@ static int write_fd = -1;
static int state = 0; static int state = 0;
static char *device_info; static char *device_info;
extern char *identname;
extern volatile bool running;
static uint64_t device_total_in = 0; static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0; static uint64_t device_total_out = 0;
@ -73,7 +71,7 @@ static bool setup_device(void) {
if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) { if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -85,13 +83,13 @@ static bool setup_device(void) {
if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) { if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false; event_exit();
return false; return false;
} }
if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) { if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -103,7 +101,7 @@ static bool setup_device(void) {
if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) { if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -116,7 +114,7 @@ static bool setup_device(void) {
if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) { if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -199,7 +197,7 @@ static bool read_packet(vpn_packet_t *packet) {
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) { if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -215,20 +213,20 @@ static bool read_packet(vpn_packet_t *packet) {
if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) { if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info, logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info,
device, strerror(errno)); device, strerror(errno));
running = false; event_exit();
return false; return false;
} }
if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) { if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s", logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s",
request.magic, request.version, request.type, device_info, device); request.magic, request.version, request.type, device_info, device);
running = false; event_exit();
return false; return false;
} }
if(connect(write_fd, &request.sock, sizeof request.sock) < 0) { if(connect(write_fd, &request.sock, sizeof request.sock) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -245,7 +243,7 @@ static bool read_packet(vpn_packet_t *packet) {
if((inlen = read(data_fd, packet->data, MTU)) <= 0) { if((inlen = read(data_fd, packet->data, MTU)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno)); device, strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -278,7 +276,7 @@ static bool write_packet(vpn_packet_t *packet) {
if(write(write_fd, packet->data, packet->len) < 0) { if(write(write_fd, packet->data, packet->len) < 0) {
if(errno != EINTR && errno != EAGAIN) { if(errno != EINTR && errno != EAGAIN) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
running = false; event_exit();
} }
return false; return false;

View file

@ -1,6 +1,6 @@
/* /*
device.c -- VDE plug device.c -- VDE plug
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org> Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -23,6 +23,7 @@
#include "conf.h" #include "conf.h"
#include "device.h" #include "device.h"
#include "names.h"
#include "net.h" #include "net.h"
#include "logger.h" #include "logger.h"
#include "utils.h" #include "utils.h"
@ -35,9 +36,6 @@ static int port = 0;
static char *group = NULL; static char *group = NULL;
static char *device_info; static char *device_info;
extern char *identname;
extern volatile bool running;
static uint64_t device_total_in = 0; static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0; static uint64_t device_total_out = 0;
@ -102,7 +100,7 @@ static bool read_packet(vpn_packet_t *packet) {
int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0); int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0);
if(lenin <= 0) { if(lenin <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
running = false; event_exit();
return false; return false;
} }
@ -117,7 +115,7 @@ static bool write_packet(vpn_packet_t *packet) {
if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) { if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
if(errno != EINTR && errno != EAGAIN) { if(errno != EINTR && errno != EAGAIN) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
running = false; event_exit();
} }
return false; return false;