Import Upstream version 1.1~pre6

2019-08-26 13:44:50 +02:00 · 2019-08-26 13:44:50 +02:00 · 26033edb96
commit 26033edb96
parent ff64081061
52 changed files with 3850 additions and 14921 deletions
--- a/17082
+++ b/17082
--- a/25
+++ b/25
@ -1,3 +1,28 @@
 Version 1.1pre6              February 20 2013
 * Fixed tincd exitting immediately on Windows.
 * Detect PMTU increases.
 * Fixed crashes when using a SOCKS5 proxy.
 * Fixed control connection when using a proxy.
 Version 1.1pre5              January 20 2013
 * Fixed long delays and possible hangs on Windows.
 * Fixed support for the tunemu device on iOS, the UML and VDE devices.
 * Small improvements to the documentation and error messages.
 * Fixed broadcast packets not reaching the whole VPN.
 * Tincctl now connects via a UNIX socket to the tincd on platforms that
   support this.
 * The PriorityInheritance option now also works in switch mode.
 Version 1.1pre4              December  5 2012
 * Added the "AutoConnect" option which will let tinc automatically select
--- a/8
+++ b/8
@ -1,7 +1,7 @@
-This is the README file for tinc version 1.1pre4. Installation
+This is the README file for tinc version 1.1pre6. Installation
 instructions may be found in the INSTALL file.
-tinc is Copyright (C) 1998-2012 by:
+tinc is Copyright (C) 1998-2013 by:
 Ivo Timmermans,
 Guus Sliepen <guus@tinc-vpn.org>,
@ -36,11 +36,11 @@ at your own risk.
 Compatibility
 -------------
-Version 1.1pre4 is compatible with 1.0pre8, 1.0 and later, but not with older
+Version 1.1pre6 is compatible with 1.0pre8, 1.0 and later, but not with older
 versions of tinc.
 When the ExperimentalProtocol option is used, tinc is still compatible with
-1.0.X and 1.1pre4 itself, but not with any other 1.1preX version.
+1.0.X and 1.1pre6 itself, but not with any other 1.1preX version.
 Requirements
--- a/2
+++ b/2
@ -6,7 +6,9 @@ We would like to thank the following people for their contributions to tinc:
 * Anthony G. Basile
 * Armijn Hemel
 * Brandon Black
 * Cheng LI
 * Cris van Pelt
 * Darius Jahandarie
 * Delf Eldkraft
 * dnk
 * Enrique Zanardi
--- a/2
+++ b/2
@ -4095,7 +4095,7 @@ fi
 # Define the identity of the package.
 PACKAGE=tinc
- VERSION=1.1pre4
+ VERSION=1.1pre6
 cat >>confdefs.h <<_ACEOF
--- a/configure.in
+++ b/configure.in
@ -4,7 +4,7 @@ AC_PREREQ(2.61)
 AC_INIT
 AC_CONFIG_SRCDIR([src/tincd.c])
 AC_GNU_SOURCE
-AM_INIT_AUTOMAKE(tinc, 1.1pre4)
+AM_INIT_AUTOMAKE(tinc, 1.1pre6)
 AC_CONFIG_HEADERS([config.h])
 AM_MAINTAINER_MODE
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@ -1,4 +1,4 @@
-.Dd 2012-09-27
+.Dd 2013-01-14
 .Dt TINC.CONF 5
 .\" Manual page created by:
 .\" Ivo Timmermans
@ -343,7 +343,7 @@ This option selects the way packets are routed to other daemons.
 In this mode
 .Va Subnet
 variables in the host configuration files will be used to form a routing table.
-Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
+Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
 .Pp
 This is the default mode, and unless you really know you need another mode, don't change it.
 .It switch
@ -361,7 +361,7 @@ while no routing table is managed.
 .It Va Name Li = Ar name Bq required
 This is the name which identifies this tinc daemon.
 It must be unique for the virtual private network this daemon will connect to.
-The Name may only consist of alphanumeric and underscore characters.
+The Name may only consist of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
 If 
 .Va Name
 starts with a
@ -372,7 +372,7 @@ If
 .Va Name
 is
 .Li $HOST ,
-but no such environment variable exist, the hostname will be read using the gethostnname() system call.
+but no such environment variable exist, the hostname will be read using the gethostname() system call.
 .It Va PingInterval Li = Ar seconds Pq 60
 The number of seconds of inactivity that
 .Nm tinc
@ -428,7 +428,7 @@ and
 are available.
 .El
 .It Va ReplayWindow Li = Ar bytes Pq 16
-vhis is the size of the replay tracking window for each remote node, in bytes.
+This is the size of the replay tracking window for each remote node, in bytes.
 The window is a bitfield which tracks 1 packet per bit, so for example
 the default setting of 16 will track up to 128 packets in the window.  In high
 bandwidth scenarios, setting this to a higher value can reduce packet loss from
@ -497,12 +497,9 @@ Furthermore, specifying
 .Qq none
 will turn off packet authentication.
 .It Va IndirectData Li = yes | no Pq no
-This option specifies whether other tinc daemons besides the one you specified with
+When set to yes, other nodes which do not already have a meta connection to you
-.Va ConnectTo
+will not try to establish direct communication with you.
-can make a direct connection to you.
+It is best to leave this option out or set it to no.
 This is especially useful if you are behind a firewall
 and it is impossible to make a connection from the outside to your tinc daemon.
 Otherwise, it is best to leave this option out or set it to no.
 .It Va MACLength Li = Ar length Pq 4
 The length of the message authentication code used to authenticate UDP packets.
 Can be anything from
--- a/doc/tinc.info
+++ b/doc/tinc.info
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
 * tinc: (tinc).              The tinc Manual.
 END-INFO-DIR-ENTRY
-   This is the info manual for tinc version 1.1pre4, a Virtual Private
+   This is the info manual for tinc version 1.1pre5, a Virtual Private
 Network daemon.
-   Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
+   Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
 <guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
   Permission is granted to make and distribute verbatim copies of this
@ -989,9 +989,8 @@ Mode = <router|switch|hub> (router)
    router
          In this mode Subnet variables in the host configuration files
-          will be used to form a routing table.  Only unicast packets
+          will be used to form a routing table.  Only packets of
-          of routable protocols (IPv4 and IPv6) are supported in this
+          routable protocols (IPv4 and IPv6) are supported in this mode.
          mode.
          This is the default mode, and unless you really know you need
          another mode, don't change it.
@ -1026,13 +1025,13 @@ MACExpire = <SECONDS> (600)
 Name = <NAME> [required]
     This is a symbolic name for this connection.  The name should
     consist only of alfanumeric and underscore characters (a-z, A-Z,
-     0-9 and _).
+     0-9 and _), and is case sensitive.
     If Name starts with a $, then the contents of the environment
     variable that follows will be used.  In that case, invalid
     characters will be converted to underscores.  If Name is $HOST,
     but no such environment variable exist, the hostname will be read
-     using the gethostnname() system call.
+     using the gethostname() system call.
 PingInterval = <SECONDS> (60)
     The number of seconds of inactivity that tinc will wait before
@ -1157,12 +1156,9 @@ Digest = <DIGEST> (sha1)
     "none" will turn off packet authentication.
 IndirectData = <yes|no> (no)
-     This option specifies whether other tinc daemons besides the one
+     When set to yes, other nodes which do not already have a meta
-     you specified with ConnectTo can make a direct connection to you.
+     connection to you will not try to establish direct communication
-     This is especially useful if you are behind a firewall and it is
+     with you.  It is best to leave this option out or set it to no.
     impossible to make a connection from the outside to your tinc
     daemon.  Otherwise, it is best to leave this option out or set it
     to no.
 MACLength = <BYTES> (4)
     The length of the message authentication code used to authenticate
@ -1412,10 +1408,11 @@ copy&paste the email:
   If you are the owner of bar yourself, and you have SSH access to
 that computer, you can also swap the host configuration files using the
-following commands:
+following command:
-     tincctl -n NETNAME export | ssh bar.example.org tincctl -n NETNAME import
+     tincctl -n NETNAME export \
-     ssh bar.example.org tincctl -n NETNAME export | tincctl -n NETNAME import
+         | ssh bar.example.org tincctl -n NETNAME exchange \
         | tincctl -n NETNAME import
   You should repeat this for all nodes you ConnectTo, or which
 ConnectTo you.  However, remember that you do not need to ConnectTo all
@ -1722,6 +1719,8 @@ command line options.
     shared private keys to be written to the system swap
     files/partitions.
     This option is not supported on all platforms.
 `--logfile[=FILE]'
     Write log entries to a file instead of to the system logging
     facility.  If FILE is omitted, the default is
@ -1744,11 +1743,15 @@ command line options.
     or host-up), unless it's setup to be runnable inside chroot
     environment.
     This option is not supported on all platforms.
 `-U, --user=USER'
     Switch to the given USER after initialization, at the same time as
     chroot is performed (see -chroot above).  With this option tinc
     drops privileges, for added security.
     This option is not supported on all platforms.
 `--help'
     Display a short reminder of these runtime options and terminate.
@ -2077,9 +2080,15 @@ File: tinc.info,  Node: tincctl commands,  Next: tincctl examples,  Prev: tincct
     Export all host configuration files to standard output.
 `import [--force]'
-     Import host configuration file(s) from standard input.  Already
+     Import host configuration file(s) generated by the tincctl export
-     existing host configuration files are not overwritten unless the
+     command from standard input.  Already existing host configuration
-     option -force is used.
+     files are not overwritten unless the option -force is used.
 `exchange [--force]'
     The same as export followed by import.
 `exchange-all [--force]'
     The same as export-all followed by import.
 `start [tincd options]'
     Start `tincd', optionally with the given extra options.
@ -2840,7 +2849,7 @@ Concept Index
 * CHALLENGE:                             Authentication protocol.
                                                              (line  10)
 * CIDR notation:                         Host configuration variables.
-                                                              (line  91)
+                                                              (line  88)
 * Cipher:                                Host configuration variables.
                                                              (line  12)
 * ClampMSS:                              Host configuration variables.
@ -2882,7 +2891,7 @@ Concept Index
 * example:                               Example configuration.
                                                              (line   6)
 * exec:                                  Main configuration variables.
-                                                              (line 322)
+                                                              (line 321)
 * ExperimentalProtocol:                  Main configuration variables.
                                                              (line 164)
 * Forwarding:                            Main configuration variables.
@ -2891,9 +2900,9 @@ Concept Index
 * Hostnames:                             Main configuration variables.
                                                              (line 193)
 * http:                                  Main configuration variables.
-                                                              (line 319)
+                                                              (line 318)
 * hub:                                   Main configuration variables.
-                                                              (line 246)
+                                                              (line 245)
 * ID:                                    Authentication protocol.
                                                              (line  10)
 * IndirectData:                          Host configuration variables.
@ -2904,7 +2913,7 @@ Concept Index
 * IRC:                                   Contact information. (line   9)
 * KEY_CHANGED:                           The meta-protocol.   (line  64)
 * KeyExpire:                             Main configuration variables.
-                                                              (line 251)
+                                                              (line 250)
 * libcurses:                             libcurses.           (line   6)
 * libraries:                             Libraries.           (line   6)
 * libreadline:                           libreadline.         (line   6)
@ -2913,9 +2922,9 @@ Concept Index
                                                              (line 212)
 * lzo:                                   lzo.                 (line   6)
 * MACExpire:                             Main configuration variables.
-                                                              (line 257)
+                                                              (line 256)
 * MACLength:                             Host configuration variables.
-                                                              (line  42)
+                                                              (line  39)
 * meta-protocol:                         The meta-connection. (line  18)
 * META_KEY:                              Authentication protocol.
                                                              (line  10)
@ -2926,7 +2935,7 @@ Concept Index
 * multiple networks:                     Multiple networks.   (line   6)
 * NAME:                                  Scripts.             (line  52)
 * Name:                                  Main configuration variables.
-                                                              (line 262)
+                                                              (line 261)
 * netmask:                               Network interfaces.  (line  39)
 * NETNAME <1>:                           tincctl environment variables.
                                                              (line   6)
@ -2938,44 +2947,44 @@ Concept Index
 * OpenSSL:                               OpenSSL.             (line   6)
 * options:                               Runtime options.     (line   9)
 * PEM format:                            Host configuration variables.
-                                                              (line  67)
+                                                              (line  64)
 * PING:                                  The meta-protocol.   (line  89)
 * PingInterval:                          Main configuration variables.
-                                                              (line 273)
+                                                              (line 272)
 * PingTimeout:                           Main configuration variables.
-                                                              (line 277)
+                                                              (line 276)
 * platforms:                             Supported platforms. (line   6)
 * PMTU:                                  Host configuration variables.
-                                                              (line  47)
+                                                              (line  44)
 * PMTUDiscovery:                         Host configuration variables.
-                                                              (line  50)
+                                                              (line  47)
 * PONG:                                  The meta-protocol.   (line  89)
 * Port:                                  Host configuration variables.
-                                                              (line  55)
+                                                              (line  52)
 * port numbers:                          Other files.         (line  17)
 * PriorityInheritance:                   Main configuration variables.
-                                                              (line 283)
+                                                              (line 282)
 * private:                               Virtual Private Networks.
                                                              (line  10)
 * PrivateKey:                            Main configuration variables.
-                                                              (line 288)
+                                                              (line 287)
 * PrivateKeyFile:                        Main configuration variables.
-                                                              (line 294)
+                                                              (line 293)
 * ProcessPriority:                       Main configuration variables.
-                                                              (line 299)
+                                                              (line 298)
 * Proxy:                                 Main configuration variables.
-                                                              (line 304)
+                                                              (line 303)
 * PublicKey:                             Host configuration variables.
-                                                              (line  59)
+                                                              (line  56)
 * PublicKeyFile:                         Host configuration variables.
-                                                              (line  62)
+                                                              (line  59)
 * raw_socket:                            Main configuration variables.
                                                              (line 100)
 * release:                               Supported platforms. (line  14)
 * REMOTEADDRESS:                         Scripts.             (line  67)
 * REMOTEPORT:                            Scripts.             (line  70)
 * ReplayWindow:                          Main configuration variables.
-                                                              (line 327)
+                                                              (line 326)
 * REQ_KEY:                               The meta-protocol.   (line  64)
 * requirements:                          Libraries.           (line   6)
 * router:                                Main configuration variables.
@ -2987,20 +2996,20 @@ Concept Index
                                                              (line  18)
 * signals:                               Signals.             (line   6)
 * socks4:                                Main configuration variables.
-                                                              (line 308)
+                                                              (line 307)
 * socks5:                                Main configuration variables.
-                                                              (line 313)
+                                                              (line 312)
 * StrictSubnets:                         Main configuration variables.
-                                                              (line 338)
+                                                              (line 337)
 * SUBNET:                                Scripts.             (line  74)
 * Subnet:                                Host configuration variables.
-                                                              (line  74)
+                                                              (line  71)
 * SVPN:                                  Security.            (line  11)
 * switch:                                Main configuration variables.
-                                                              (line 235)
+                                                              (line 234)
 * TCP:                                   The meta-connection. (line  10)
 * TCPonly:                               Host configuration variables.
-                                                              (line 103)
+                                                              (line 100)
 * TINC:                                  Security.            (line   6)
 * tinc:                                  Introduction.        (line   6)
 * tinc-down:                             Scripts.             (line  18)
@ -3011,16 +3020,16 @@ Concept Index
 * tunifhead:                             Main configuration variables.
                                                              (line 142)
 * TunnelServer:                          Main configuration variables.
-                                                              (line 343)
+                                                              (line 342)
 * tunnohead:                             Main configuration variables.
                                                              (line 136)
 * UDP <1>:                               Encryption of network packets.
                                                              (line  12)
 * UDP:                                   The UDP tunnel.      (line  30)
 * UDPRcvBuf:                             Main configuration variables.
-                                                              (line 350)
+                                                              (line 349)
 * UDPSndBuf:                             Main configuration variables.
-                                                              (line 355)
+                                                              (line 354)
 * UML:                                   Main configuration variables.
                                                              (line 118)
 * Universal tun/tap:                     Configuration of Linux kernels.
@ -3073,39 +3082,39 @@ Node: Multiple networks23835
 Node: How connections work25215
 Node: Configuration files27788
 Node: Main configuration variables29321
-Node: Host configuration variables45731
+Node: Host configuration variables45735
-Node: Scripts50961
+Node: Scripts50810
-Node: How to configure53640
+Node: How to configure53489
-Node: Network interfaces58258
+Node: Network interfaces58079
-Node: Example configuration60659
+Node: Example configuration60480
-Node: Running tinc65811
+Node: Running tinc65632
-Node: Runtime options66404
+Node: Runtime options66225
-Node: Signals69108
+Node: Signals69088
-Node: Debug levels69958
+Node: Debug levels69938
-Node: Solving problems70894
+Node: Solving problems70874
-Node: Error messages72324
+Node: Error messages72304
-Node: Sending bug reports76646
+Node: Sending bug reports76626
-Node: Controlling tinc77598
+Node: Controlling tinc77578
-Node: tincctl runtime options77995
+Node: tincctl runtime options77975
-Node: tincctl environment variables78694
+Node: tincctl environment variables78674
-Node: tincctl commands79038
+Node: tincctl commands79018
-Node: tincctl examples83343
+Node: tincctl examples83503
-Node: tincctl top83948
+Node: tincctl top84108
-Node: Technical information85546
+Node: Technical information85706
-Node: The connection85781
+Node: The connection85941
-Node: The UDP tunnel86093
+Node: The UDP tunnel86253
-Node: The meta-connection89154
+Node: The meta-connection89314
-Node: The meta-protocol90623
+Node: The meta-protocol90783
-Node: Security95632
+Node: Security95792
-Node: Authentication protocol96762
+Node: Authentication protocol96922
-Node: Encryption of network packets101766
+Node: Encryption of network packets101926
-Node: Security issues103139
+Node: Security issues103299
-Node: Platform specific information104756
+Node: Platform specific information104916
-Node: Interface configuration104984
+Node: Interface configuration105144
-Node: Routes107437
+Node: Routes107597
-Node: About us109353
+Node: About us109513
-Node: Contact information109528
+Node: Contact information109688
-Node: Authors109932
+Node: Authors110092
-Node: Concept Index110337
+Node: Concept Index110497
 End Tag Table
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@ -15,7 +15,7 @@
 This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
-Copyright @copyright{} 1998-2012 Ivo Timmermans,
+Copyright @copyright{} 1998-2013 Ivo Timmermans,
 Guus Sliepen <guus@@tinc-vpn.org> and
 Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll
 This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
-Copyright @copyright{} 1998-2012 Ivo Timmermans,
+Copyright @copyright{} 1998-2013 Ivo Timmermans,
 Guus Sliepen <guus@@tinc-vpn.org> and
 Wessel Dankers <wsl@@tinc-vpn.org>.
@ -1063,7 +1063,7 @@ This option selects the way packets are routed to other daemons.
@item router
 In this mode Subnet
 variables in the host configuration files will be used to form a routing table.
-Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
+Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
 This is the default mode, and unless you really know you need another mode, don't change it.
@ -1098,12 +1098,12 @@ This only has effect when Mode is set to "switch".
@cindex Name
@item Name = <@var{name}> [required]
 This is a symbolic name for this connection.
-The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
+The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
 If Name starts with a $, then the contents of the environment variable that follows will be used.
 In that case, invalid characters will be converted to underscores.
 If Name is $HOST, but no such environment variable exist,
-the hostname will be read using the gethostnname() system call.
+the hostname will be read using the gethostname() system call.
@cindex PingInterval
@item PingInterval = <@var{seconds}> (60)
@ -1242,11 +1242,9 @@ Furthermore, specifying "none" will turn off packet authentication.
@cindex IndirectData
@item IndirectData = <yes|no> (no)
-This option specifies whether other tinc daemons besides the one you
+When set to yes, other nodes which do not already have a meta connection to you
-specified with ConnectTo can make a direct connection to you.  This is
+will not try to establish direct communication with you.
-especially useful if you are behind a firewall and it is impossible to
+It is best to leave this option out or set it to no.
 make a connection from the outside to your tinc daemon.  Otherwise, it
 is best to leave this option out or set it to no.
@cindex MACLength
@item MACLength = <@var{bytes}> (4)
@ -1515,11 +1513,12 @@ tincctl -n @var{netname} import
@end example
 If you are the owner of bar yourself, and you have SSH access to that computer,
-you can also swap the host configuration files using the following commands:
+you can also swap the host configuration files using the following command:
@example
-tincctl -n @var{netname} export | ssh bar.example.org tincctl -n @var{netname} import
+tincctl -n @var{netname} export \
-ssh bar.example.org tincctl -n @var{netname} export | tincctl -n @var{netname} import
+    | ssh bar.example.org tincctl -n @var{netname} exchange \
    | tincctl -n @var{netname} import
@end example
 You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
@ -1849,6 +1848,8 @@ This option can be used more than once to specify multiple configuration variabl
 Lock tinc into main memory.
 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
 This option is not supported on all platforms.
@item --logfile[=@var{file}]
 Write log entries to a file instead of to the system logging facility.
 If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
@ -1869,11 +1870,14 @@ Note that this option alone does not do any good without -U/--user, below.
 Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
 unless it's setup to be runnable inside chroot environment.
 This option is not supported on all platforms.
@item -U, --user=@var{user}
 Switch to the given @var{user} after initialization, at the same time as
 chroot is performed (see --chroot above).  With this option tinc drops
 privileges, for added security.
 This option is not supported on all platforms.
@item --help
 Display a short reminder of these runtime options and terminate.
@ -2196,9 +2200,15 @@ Export the host configuration file of the local node to standard output.
 Export all host configuration files to standard output.
@item import [--force]
-Import host configuration file(s) from standard input.
+Import host configuration file(s) generated by the tincctl export command from standard input.
 Already existing host configuration files are not overwritten unless the option --force is used.
@item exchange [--force]
 The same as export followed by import.
@item exchange-all [--force]
 The same as export-all followed by import.
@item start [tincd options]
 Start @samp{tincd}, optionally with the given extra options.
--- a/doc/tincctl.8.in
+++ b/doc/tincctl.8.in
@ -1,4 +1,4 @@
-.Dd 2012-10-14
+.Dd 2013-01-15
 .Dt TINCCTL 8
 .\" Manual page created by:
 .\" Scott Lamb
@ -80,10 +80,16 @@ Export the host configuration file of the local node to standard output.
 .It export-all
 Export all host configuration files to standard output.
 .It import Op Fl -force
-Import host configuration file(s) from standard input.
+Import host configuration data generated by the
 .Nm
 export command from standard input.
 Already existing host configuration files are not overwritten unless the option
 .Fl -force
 is used.
 .It exchange Op Fl -force
 The same as export followed by import.
 .It exchange-all Op Fl -force
 The same as export-all followed by import.
 .It start Op tincd options
 Start
 .Xr tincd 8 ,
@ -206,7 +212,7 @@ Fractional seconds are honored.
 Intervals lower than 0.1 seconds are not allowed.
 .It Ic c
 Toggle between displaying current traffic rates (in packets and bytes per second)
-and cummulative traffic (total packets and bytes since the tinc daemon started).
+and cumulative traffic (total packets and bytes since the tinc daemon started).
 .It Ic n
 Sort the list of nodes by name.
 .It Ic i
--- a/doc/tincd.8.in
+++ b/doc/tincd.8.in
@ -1,4 +1,4 @@
-.Dd 2012-02-22
+.Dd 2013-01-14
 .Dt TINCD 8
 .\" Manual page created by:
 .\" Ivo Timmermans
@ -81,6 +81,7 @@ This option can be used more than once to specify multiple configuration variabl
 .It Fl L, -mlock
 Lock tinc into main memory.
 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
 This option is not supported on all platforms.
 .It Fl -logfile Ns Op = Ns Ar FILE
 Write log entries to a file instead of to the system logging facility.
 If
@ -104,10 +105,12 @@ Only useful for debugging.
 With this option tinc chroots into the directory where network
 config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
 or to the directory specified with -c option) after initialization.
 This option is not supported on all platforms.
 .It Fl U, -user Ns = Ns Ar USER
 setuid to the specified
 .Ar USER
 after initialization.
 This option is not supported on all platforms.
 .It Fl -help
 Display short list of options.
 .It Fl -version
--- a/gui/tinc-gui
+++ b/gui/tinc-gui
@ -111,11 +111,28 @@ class VPN:
 	piddir = '/var/run/'
 	def connect(self):
 		# read the pidfile
 		f = open(self.pidfile)
 		info = string.split(f.readline())
 		f.close()
-		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
-		s.connect((info[2], int(info[4])))
+		# check if there is a UNIX socket as well
 		if self.pidfile.endswith(".pid"):
 			unixfile = self.pidfile.replace(".pid", ".socket");
 		else:
 			unixfile = self.pidfile + ".socket";
 		if os.path.exists(unixfile):
 			# use it if it exists
 			print(unixfile + " exists!");
 			s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 			s.connect(unixfile)
 		else:
 			# otherwise connect via TCP
 			print(unixfile + " does not exist.");
 			s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 			s.connect((info[2], int(info[4])))
 		self.sf = s.makefile()
 		s.close()
 		hello = string.split(self.sf.readline())
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -9,7 +9,7 @@ tincd_SOURCES = \
 	buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
 	net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
 	protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \
-	dummy_device.c raw_socket_device.c multicast_device.c
+	dummy_device.c raw_socket_device.c multicast_device.c names.c
 if UML
 tincd_SOURCES += uml_device.c
@ -24,7 +24,7 @@ nodist_tincd_SOURCES = \
 tincctl_SOURCES = \
 	utils.c getopt.c getopt1.c dropin.c \
-	info.c list.c subnet_parse.c tincctl.c top.c
+	info.c list.c subnet_parse.c tincctl.c top.c names.c
 nodist_tincctl_SOURCES = \
 	ecdsagen.c rsagen.c
@ -46,7 +46,7 @@ INCLUDES = @INCLUDES@ -I$(top_builddir)
 noinst_HEADERS = \
 	xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
 	buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
-	protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
+	protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
 nodist_noinst_HEADERS = \
 	cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -82,7 +82,7 @@ sptps_test_LDADD = $(LDADD)
 am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \
 	getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \
 	list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \
-	top.$(OBJEXT)
+	top.$(OBJEXT) names.$(OBJEXT)
 nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT)
 tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS)
 am__DEPENDENCIES_1 =
@ -95,7 +95,8 @@ am__tincd_SOURCES_DIST = utils.c getopt.c getopt1.c list.c \
 	protocol_edge.c protocol_misc.c protocol_key.c \
 	protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \
 	event.c tincd.c dummy_device.c raw_socket_device.c \
-	multicast_device.c uml_device.c vde_device.c bsd/tunemu.c
+	multicast_device.c names.c uml_device.c vde_device.c \
 	bsd/tunemu.c
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
@ -113,8 +114,8 @@ am_tincd_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT) \
 	route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \
 	subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \
 	dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \
-	multicast_device.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
+	multicast_device.$(OBJEXT) names.$(OBJEXT) $(am__objects_1) \
-	$(am__objects_3)
+	$(am__objects_2) $(am__objects_3)
 nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \
 	crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \
 	digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT)
@ -252,14 +253,14 @@ tincd_SOURCES = utils.c getopt.c getopt1.c list.c splay_tree.c \
 	process.c protocol.c protocol_auth.c protocol_edge.c \
 	protocol_misc.c protocol_key.c protocol_subnet.c route.c \
 	sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \
-	raw_socket_device.c multicast_device.c $(am__append_1) \
+	raw_socket_device.c multicast_device.c names.c $(am__append_1) \
 	$(am__append_2) $(am__append_3)
 nodist_tincd_SOURCES = \
 	device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c
 tincctl_SOURCES = \
 	utils.c getopt.c getopt1.c dropin.c \
-	info.c list.c subnet_parse.c tincctl.c top.c
+	info.c list.c subnet_parse.c tincctl.c top.c names.c
 nodist_tincctl_SOURCES = \
 	ecdsagen.c rsagen.c
@ -273,7 +274,7 @@ DEFAULT_INCLUDES =
 noinst_HEADERS = \
 	xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
 	buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
-	protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
+	protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
 nodist_noinst_HEADERS = \
 	cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
@ -395,6 +396,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/names.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@
--- a/src/bsd/device.c
+++ b/src/bsd/device.c
@ -1,7 +1,7 @@
 /*
    device.c -- Interaction BSD tun/tap device
    Copyright (C) 2001-2005 Ivo Timmermans,
-                  2001-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2001-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2009      Grzegorz Dymarek <gregd72002@googlemail.com>
    This program is free software; you can redistribute it and/or modify
@ -24,12 +24,13 @@
 #include "conf.h"
 #include "device.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "route.h"
 #include "utils.h"
 #include "xalloc.h"
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 #include "bsd/tunemu.h"
 #endif
@ -44,7 +45,7 @@ typedef enum device_type {
 	DEVICE_TYPE_TUN,
 	DEVICE_TYPE_TUNIFHEAD,
 	DEVICE_TYPE_TAP,
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 	DEVICE_TYPE_TUNEMU,
 #endif
 } device_type_t;
@ -55,7 +56,7 @@ char *iface = NULL;
 static char *device_info = NULL;
 static uint64_t device_total_in = 0;
 static uint64_t device_total_out = 0;
-#if defined(TUNEMU)
+#if defined(ENABLE_TUNEMU)
 static device_type_t device_type = DEVICE_TYPE_TUNEMU;
 #elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
 static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
@ -79,7 +80,7 @@ static bool setup_device(void) {
 	if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
 		if(!strcasecmp(type, "tun"))
 			/* use default */;
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 		else if(!strcasecmp(type, "tunemu"))
 			device_type = DEVICE_TYPE_TUNEMU;
 #endif
@ -99,7 +100,7 @@ static bool setup_device(void) {
 	}
 	switch(device_type) {
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU: {
 			char dynamic_name[256] = "";
 			device_fd = tunemu_open(dynamic_name);
@ -176,7 +177,7 @@ static bool setup_device(void) {
 #endif
 			break;
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			device_info = "BSD tunemu device";
 			break;
@ -190,7 +191,7 @@ static bool setup_device(void) {
 static void close_device(void) {
 	switch(device_type) {
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			tunemu_close(device_fd);
 			break;
@ -208,7 +209,7 @@ static bool read_packet(vpn_packet_t *packet) {
 	switch(device_type) {
 		case DEVICE_TYPE_TUN:
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			if(device_type == DEVICE_TYPE_TUNEMU)
 				inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
@ -347,7 +348,7 @@ static bool write_packet(vpn_packet_t *packet) {
 			}
 			break;
-#ifdef HAVE_TUNEMU
+#ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
--- a/src/bsd/device.c.orig
+++ b/src/bsd/device.c.orig
@ -0,0 +1,386 @@
 /*
    device.c -- Interaction BSD tun/tap device
    Copyright (C) 2001-2005 Ivo Timmermans,
                  2001-2012 Guus Sliepen <guus@tinc-vpn.org>
                  2009      Grzegorz Dymarek <gregd72002@googlemail.com>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "system.h"
 #include "conf.h"
 #include "device.h"
 #include "logger.h"
 #include "net.h"
 #include "route.h"
 #include "utils.h"
 #include "xalloc.h"
 #ifdef ENABLE_TUNEMU
 #include "bsd/tunemu.h"
 #endif
 #define DEFAULT_TUN_DEVICE "/dev/tun0"
 #if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD)
 #define DEFAULT_TAP_DEVICE "/dev/tap0"
 #else
 #define DEFAULT_TAP_DEVICE "/dev/tun0"
 #endif
 typedef enum device_type {
 	DEVICE_TYPE_TUN,
 	DEVICE_TYPE_TUNIFHEAD,
 	DEVICE_TYPE_TAP,
 #ifdef ENABLE_TUNEMU
 	DEVICE_TYPE_TUNEMU,
 #endif
 } device_type_t;
 int device_fd = -1;
 char *device = NULL;
 char *iface = NULL;
 static char *device_info = NULL;
 static uint64_t device_total_in = 0;
 static uint64_t device_total_out = 0;
 #if defined(ENABLE_TUNEMU)
 static device_type_t device_type = DEVICE_TYPE_TUNEMU;
 #elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
 static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
 #else
 static device_type_t device_type = DEVICE_TYPE_TUN;
 #endif
 static bool setup_device(void) {
 	char *type;
 	if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
 		if(routing_mode == RMODE_ROUTER)
 			device = xstrdup(DEFAULT_TUN_DEVICE);
 		else
 			device = xstrdup(DEFAULT_TAP_DEVICE);
 	}
 	if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
 		iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
 	if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
 		if(!strcasecmp(type, "tun"))
 <<<<<<< HEAD
 			/* use default */;
 #ifdef HAVE_TUNEMU
 =======
 			/* use default */;	
 #ifdef ENABLE_TUNEMU
 >>>>>>> 2a3e343... Fix support for tunemu on iOS devices.
 		else if(!strcasecmp(type, "tunemu"))
 			device_type = DEVICE_TYPE_TUNEMU;
 #endif
 		else if(!strcasecmp(type, "tunnohead"))
 			device_type = DEVICE_TYPE_TUN;
 		else if(!strcasecmp(type, "tunifhead"))
 			device_type = DEVICE_TYPE_TUNIFHEAD;
 		else if(!strcasecmp(type, "tap"))
 			device_type = DEVICE_TYPE_TAP;
 		else {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Unknown device type %s!", type);
 			return false;
 		}
 	} else {
 		if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
 			device_type = DEVICE_TYPE_TAP;
 	}
 	switch(device_type) {
 #ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU: {
 			char dynamic_name[256] = "";
 			device_fd = tunemu_open(dynamic_name);
 		}
 			break;
 #endif
 		default:
 			device_fd = open(device, O_RDWR | O_NONBLOCK);
 	}
 	if(device_fd < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", device, strerror(errno));
 		return false;
 	}
 #ifdef FD_CLOEXEC
 	fcntl(device_fd, F_SETFD, FD_CLOEXEC);
 #endif
 	switch(device_type) {
 		default:
 			device_type = DEVICE_TYPE_TUN;
 		case DEVICE_TYPE_TUN:
 #ifdef TUNSIFHEAD
 		{
 			const int zero = 0;
 			if(ioctl(device_fd, TUNSIFHEAD, &zero, sizeof zero) == -1) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
 				return false;
 			}
 		}
 #endif
 #if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
 		{
 			const int mode = IFF_BROADCAST | IFF_MULTICAST;
 			ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
 		}
 #endif
 			device_info = "Generic BSD tun device";
 			break;
 		case DEVICE_TYPE_TUNIFHEAD:
 #ifdef TUNSIFHEAD
 		{
 			const int one = 1;
 			if(ioctl(device_fd, TUNSIFHEAD, &one, sizeof one) == -1) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
 				return false;
 			}
 		}
 #endif
 #if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
 		{
 				const int mode = IFF_BROADCAST | IFF_MULTICAST;
 				ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
 		}
 #endif
 			device_info = "Generic BSD tun device";
 			break;
 		case DEVICE_TYPE_TAP:
 			if(routing_mode == RMODE_ROUTER)
 				overwrite_mac = true;
 			device_info = "Generic BSD tap device";
 #ifdef TAPGIFNAME
 			{
 				struct ifreq ifr;
 				if(ioctl(device_fd, TAPGIFNAME, (void*)&ifr) == 0) {
 					if(iface)
 						free(iface);
 					iface = xstrdup(ifr.ifr_name);
 				}
 			}
 #endif
 			break;
 #ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			device_info = "BSD tunemu device";
 			break;
 #endif
 	}
 	logger(DEBUG_ALWAYS, LOG_INFO, "%s is a %s", device, device_info);
 	return true;
 }
 static void close_device(void) {
 	switch(device_type) {
 #ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			tunemu_close(device_fd);
 			break;
 #endif
 		default:
 			close(device_fd);
 	}
 	free(device);
 	free(iface);
 }
 static bool read_packet(vpn_packet_t *packet) {
 	int inlen;
 	switch(device_type) {
 		case DEVICE_TYPE_TUN:
 #ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			if(device_type == DEVICE_TYPE_TUNEMU)
 				inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
 			else
 #endif
 				inlen = read(device_fd, packet->data + 14, MTU - 14);
 			if(inlen <= 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
 					   device, strerror(errno));
 				return false;
 			}
 			switch(packet->data[14] >> 4) {
 				case 4:
 					packet->data[12] = 0x08;
 					packet->data[13] = 0x00;
 					break;
 				case 6:
 					packet->data[12] = 0x86;
 					packet->data[13] = 0xDD;
 					break;
 				default:
 					logger(DEBUG_TRAFFIC, LOG_ERR,
 							   "Unknown IP version %d while reading packet from %s %s",
 							   packet->data[14] >> 4, device_info, device);
 					return false;
 			}
 			memset(packet->data, 0, 12);
 			packet->len = inlen + 14;
 			break;
 		case DEVICE_TYPE_TUNIFHEAD: {
 			u_int32_t type;
 			struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, MTU - 14}};
 			if((inlen = readv(device_fd, vector, 2)) <= 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
 					   device, strerror(errno));
 				return false;
 			}
 			switch (ntohl(type)) {
 				case AF_INET:
 					packet->data[12] = 0x08;
 					packet->data[13] = 0x00;
 					break;
 				case AF_INET6:
 					packet->data[12] = 0x86;
 					packet->data[13] = 0xDD;
 					break;
 				default:
 					logger(DEBUG_TRAFFIC, LOG_ERR,
 							   "Unknown address family %x while reading packet from %s %s",
 							   ntohl(type), device_info, device);
 					return false;
 			}
 			memset(packet->data, 0, 12);
 			packet->len = inlen + 10;
 			break;
 		}
 		case DEVICE_TYPE_TAP:
 			if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
 					   device, strerror(errno));
 				return false;
 			}
 			packet->len = inlen;
 			break;
 		default:
 			return false;
 	}
 	device_total_in += packet->len;
 	logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s",
 			   packet->len, device_info);
 	return true;
 }
 static bool write_packet(vpn_packet_t *packet) {
 	logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
 			   packet->len, device_info);
 	switch(device_type) {
 		case DEVICE_TYPE_TUN:
 			if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
 					   device, strerror(errno));
 				return false;
 			}
 			break;
 		case DEVICE_TYPE_TUNIFHEAD: {
 			u_int32_t type;
 			struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, packet->len - 14}};
 			int af;
 			af = (packet->data[12] << 8) + packet->data[13];
 			switch (af) {
 				case 0x0800:
 					type = htonl(AF_INET);
 					break;
 				case 0x86DD:
 					type = htonl(AF_INET6);
 					break;
 				default:
 					logger(DEBUG_TRAFFIC, LOG_ERR,
 							   "Unknown address family %x while writing packet to %s %s",
 							   af, device_info, device);
 					return false;
 			}
 			if(writev(device_fd, vector, 2) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
 					   strerror(errno));
 				return false;
 			}
 			break;
 		}
 		case DEVICE_TYPE_TAP:
 			if(write(device_fd, packet->data, packet->len) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
 					   device, strerror(errno));
 				return false;
 			}
 			break;
 #ifdef ENABLE_TUNEMU
 		case DEVICE_TYPE_TUNEMU:
 			if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
 					   device, strerror(errno));
 				return false;
 			}
 			break;
 #endif
 		default:
 			return false;
 	}
 	device_total_out += packet->len;
 	return true;
 }
 static void dump_device_stats(void) {
 	logger(DEBUG_ALWAYS, LOG_DEBUG, "Statistics for %s %s:", device_info, device);
 	logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes in:  %10"PRIu64, device_total_in);
 	logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
 }
 const devops_t os_devops = {
 	.setup = setup_device,
 	.close = close_device,
 	.read = read_packet,
 	.write = write_packet,
 	.dump_stats = dump_device_stats,
 };
--- a/src/conf.c
+++ b/src/conf.c
@ -2,7 +2,7 @@
    conf.c -- configuration code
    Copyright (C) 1998 Robert van der Meulen
                  1998-2005 Ivo Timmermans
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2010-2011 Julien Muchembled <jm@jmuchemb.eu>
                  2000 Cris van Pelt
@ -28,6 +28,7 @@
 #include "conf.h"
 #include "list.h"
 #include "logger.h"
 #include "names.h"
 #include "netutl.h"             /* for str2address */
 #include "protocol.h"
 #include "utils.h"              /* for cp */
@ -37,11 +38,8 @@ splay_tree_t *config_tree;
 int pinginterval = 0;           /* seconds between pings */
 int pingtimeout = 0;            /* seconds to wait for response */
 char *confbase = NULL;          /* directory in which all config files are */
 char *netname = NULL;           /* name of the vpn network */
 list_t *cmdline_conf = NULL;    /* global/host configuration values given at the command line */
 static int config_compare(const config_t *a, const config_t *b) {
 	int result;
--- a/src/conf.h
+++ b/src/conf.h
@ -1,7 +1,7 @@
 /*
    conf.h -- header for conf.c
    Copyright (C) 1998-2005 Ivo Timmermans
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -39,8 +39,6 @@ extern int pinginterval;
 extern int pingtimeout;
 extern int maxtimeout;
 extern bool bypass_security;
 extern char *confbase;
 extern char *netname;
 extern list_t *cmdline_conf;
 extern void init_configuration(splay_tree_t **);
--- a/src/control.c
+++ b/src/control.c
@ -1,6 +1,6 @@
 /*
    control.c -- Control socket handling.
-    Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
 #include "graph.h"
 #include "logger.h"
 #include "meta.h"
 #include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "protocol.h"
@ -33,7 +34,6 @@
 #include "xalloc.h"
 char controlcookie[65];
 extern char *pidfilename;
 static bool control_return(connection_t *c, int type, int error) {
 	return send_request(c, "%d %d %d", CONTROL, type, error);
--- a/src/cygwin/device.c
+++ b/src/cygwin/device.c
@ -1,7 +1,7 @@
 /*
    device.c -- Interaction with Windows tap driver in a Cygwin environment
    Copyright (C) 2002-2005 Ivo Timmermans,
-                  2002-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2002-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
 #include "conf.h"
 #include "device.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "route.h"
 #include "utils.h"
--- a/src/dropin.c
+++ b/src/dropin.c
@ -158,8 +158,18 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
 #ifndef HAVE_GETTIMEOFDAY
 int gettimeofday(struct timeval *tv, void *tz) {
 #ifdef HAVE_MINGW
 	FILETIME ft;
 	GetSystemTimeAsFileTime(&ft);
 	uint64_t lt = (uint64_t)ft.dwLowDateTime | ((uint64_t)ft.dwHighDateTime << 32);
 	lt -= 116444736000000000ULL;
 	tv->tv_sec = lt / 10000000;
 	tv->tv_usec = (lt / 10) % 1000000;
 #else
 #warning No high resolution time source!
 	tv->tv_sec = time(NULL);
 	tv->tv_usec = 0;
 #endif
 	return 0;
 }
 #endif
--- a/src/dropin.h
+++ b/src/dropin.h
@ -58,7 +58,7 @@ extern int usleep(long long usec);
 #define timersub(a, b, r) do {\
 	(r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\
 	(r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\
-	if((r)->tv_usec < 1000000)\
+	if((r)->tv_usec < 0)\
 		(r)->tv_sec--, (r)->tv_usec += 1000000;\
 } while (0)
 #endif
--- a/src/event.c
+++ b/src/event.c
@ -52,13 +52,8 @@ static int timeout_compare(const timeout_t *a, const timeout_t *b) {
 	return 0;
 }
 static int signal_compare(const signal_t *a, const signal_t *b) {
 	return a->signum - b->signum;
 }
 static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare};
 static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare};
 static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
 void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) {
 	if(io->cb)
@ -130,8 +125,13 @@ void timeout_del(timeout_t *timeout) {
 }
 #ifndef HAVE_MINGW
 static int signal_compare(const signal_t *a, const signal_t *b) {
 	return a->signum - b->signum;
 }
 static io_t signalio;
 static int pipefd[2] = {-1, -1};
 static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
 static void signal_handler(int signum) {
 	unsigned char num = signum;
--- a/src/graph.c
+++ b/src/graph.c
@ -1,6 +1,6 @@
 /*
    graph.c -- graph algorithms
-    Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
                  2001-2005 Ivo Timmermans
    This program is free software; you can redistribute it and/or modify
@ -51,6 +51,7 @@
 #include "graph.h"
 #include "list.h"
 #include "logger.h"
 #include "names.h"
 #include "netutl.h"
 #include "node.h"
 #include "process.h"
@ -61,7 +62,7 @@
 #include "graph.h"
 /* Implementation of Kruskal's algorithm.
-   Running time: O(E)
+   Running time: O(EN)
   Please note that sorting on weight is already done by add_edge().
 */
@ -78,11 +79,24 @@ static void mst_kruskal(void) {
 	for splay_each(node_t, n, node_tree)
 		n->status.visited = false;
-	/* Add safe edges */
+	/* Starting point */
 	for splay_each(edge_t, e, edge_weight_tree) {
-		if(!e->reverse || (e->from->status.visited && e->to->status.visited))
+		if(e->from->status.reachable) {
 			e->from->status.visited = true;
 			break;
 		}
 	}
 	/* Add safe edges */
 	bool skipped = false;
 	for splay_each(edge_t, e, edge_weight_tree) {
 		if(!e->reverse || (e->from->status.visited == e->to->status.visited)) {
 			skipped = true;
 			continue;
 		}
 		e->from->status.visited = true;
 		e->to->status.visited = true;
@ -93,8 +107,12 @@ static void mst_kruskal(void) {
 		if(e->reverse->connection)
 			e->reverse->connection->status.mst = true;
-		logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name,
+		logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight);
-				   e->to->name, e->weight);
+
 		if(skipped) {
 			skipped = false;
 			next = edge_weight_tree->head;
 		}
 	}
 }
--- a/src/info.c
+++ b/src/info.c
@ -58,11 +58,15 @@ static int info_node(int fd, const char *item) {
 	int code, req, cipher, digest, maclength, compression, distance;
 	short int pmtu, minmtu, maxmtu;
 	unsigned int options;
 	union {
 		node_status_t bits;
 		uint32_t raw;
 	} status_union;
 	node_status_t status;
 	long int last_state_change;
 	while(recvline(fd, line, sizeof line)) {
-		int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, (unsigned *)&status, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
+		int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
 		if(n == 2)
 			break;
@ -92,8 +96,12 @@ static int info_node(int fd, const char *item) {
 	printf("Address:      %s port %s\n", host, port);
 	char timestr[32] = "never";
 	time_t lsc_time = last_state_change;
 	if(last_state_change)
-		strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&last_state_change));
+		strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&lsc_time));
 	status = status_union.bits;
 	if(status.reachable)
 		printf("Online since: %s\n", timestr);
--- a/src/linux/device.c
+++ b/src/linux/device.c
@ -1,7 +1,7 @@
 /*
    device.c -- Interaction with Linux ethertap and tun/tap device
    Copyright (C) 2001-2005 Ivo Timmermans,
-                  2001-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2001-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
 #include "conf.h"
 #include "device.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "route.h"
 #include "utils.h"
--- a/src/logger.c
+++ b/src/logger.c
@ -1,6 +1,6 @@
 /*
    logger.c -- logging code
-    Copyright (C) 2004-2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2004-2005 Ivo Timmermans
    This program is free software; you can redistribute it and/or modify
@ -22,6 +22,7 @@
 #include "conf.h"
 #include "meta.h"
 #include "names.h"
 #include "logger.h"
 #include "connection.h"
 #include "control_common.h"
@ -30,7 +31,6 @@
 debug_t debug_level = DEBUG_NOTHING;
 static logmode_t logmode = LOGMODE_STDERR;
 static pid_t logpid;
 extern char *logfilename;
 static FILE *logfile = NULL;
 #ifdef HAVE_MINGW
 static HANDLE loghandle = NULL;
--- a/src/meta.c
+++ b/src/meta.c
@ -185,21 +185,50 @@ bool receive_meta(connection_t *c) {
 			if(c->tcplen) {
 				char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
-				if(tcpbuffer) {
+				if(!tcpbuffer)
-					if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
+					break;
 				if(!c->node) {
 					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
 						if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
 							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
 						} else {
 							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
 							return false;
 						}
-					} else
+					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
-						receive_tcppacket(c, tcpbuffer, c->tcplen);
+						if(tcpbuffer[0] != 5) {
-					c->tcplen = 0;
+							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
-					continue;
+							return false;
 						}
 						if(tcpbuffer[1] == (char)0xff) {
 							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
 							return false;
 						}
 						if(tcpbuffer[2] != 5) {
 							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
 							return false;
 						}
 						if(tcpbuffer[3] == 0) {
 							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
 						} else {
 							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
 							return false;
 						}
 					} else {
 						logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
 						abort();
 					}
 				} else {
-					break;
+					if(c->allow_request == ALL) {
 						receive_tcppacket(c, tcpbuffer, c->tcplen);
 					} else {
 						logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
 						return false;
 					}
 				}
 				c->tcplen = 0;
 			}
 			/* Otherwise we are waiting for a request */
--- a/src/mingw/device.c
+++ b/src/mingw/device.c
@ -1,7 +1,7 @@
 /*
    device.c -- Interaction with Windows tap driver in a MinGW environment
    Copyright (C) 2002-2005 Ivo Timmermans,
-                  2002-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2002-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
 #include "conf.h"
 #include "device.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "route.h"
 #include "utils.h"
@ -46,7 +47,7 @@ extern char *myport;
 static DWORD WINAPI tapreader(void *bla) {
 	int status;
-	long len;
+	DWORD len;
 	OVERLAPPED overlapped;
 	vpn_packet_t packet;
@ -61,7 +62,7 @@ static DWORD WINAPI tapreader(void *bla) {
 		overlapped.OffsetHigh = 0;
 		ResetEvent(overlapped.hEvent);
-		status = ReadFile(device_handle, packet.data, MTU, &len, &overlapped);
+		status = ReadFile(device_handle, (void *)packet.data, MTU, &len, &overlapped);
 		if(!status) {
 			if(GetLastError() == ERROR_IO_PENDING) {
@ -91,7 +92,7 @@ static bool setup_device(void) {
 	char adapterid[1024];
 	char adaptername[1024];
 	char tapname[1024];
-	long len;
+	DWORD len;
 	unsigned long status;
 	bool found = false;
@ -122,7 +123,7 @@ static bool setup_device(void) {
 			continue;
 		len = sizeof adaptername;
-		err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
+		err = RegQueryValueEx(key2, "Name", 0, 0, (LPBYTE)adaptername, &len);
 		RegCloseKey(key2);
@ -222,7 +223,7 @@ static bool read_packet(vpn_packet_t *packet) {
 }
 static bool write_packet(vpn_packet_t *packet) {
-	long outlen;
+	DWORD outlen;
 	OVERLAPPED overlapped = {0};
 	logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
--- a/src/multicast_device.c
+++ b/src/multicast_device.c
@ -165,7 +165,7 @@ static void close_device(void) {
 static bool read_packet(vpn_packet_t *packet) {
 	int lenin;
-	if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) {
+	if((lenin = recv(device_fd, (void *)packet->data, MTU, 0)) <= 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
 			   device, strerror(errno));
 		return false;
@ -191,7 +191,7 @@ static bool write_packet(vpn_packet_t *packet) {
 	logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
 			   packet->len, device_info);
-	if(sendto(device_fd, packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
+	if(sendto(device_fd, (void *)packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
 			   strerror(errno));
 		return false;
--- a/src/names.c
+++ b/src/names.c
@ -0,0 +1,106 @@
 /*
    names.c -- generate commonly used (file)names
    Copyright (C) 1998-2005 Ivo Timmermans
                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "system.h"
 #include "logger.h"
 #include "xalloc.h"
 char *netname = NULL;
 char *confdir = NULL;           /* base configuration directory */
 char *confbase = NULL;          /* base configuration directory for this instance of tinc */
 char *identname = NULL;         /* program name for syslog */
 char *unixsocketname = NULL;    /* UNIX socket location */
 char *logfilename = NULL;       /* log file location */
 char *pidfilename = NULL;
 char *program_name = NULL;
 /*
  Set all files and paths according to netname
 */
 void make_names(void) {
 #ifdef HAVE_MINGW
 	HKEY key;
 	char installdir[1024] = "";
 	DWORD len = sizeof installdir;
 #endif
 	if(netname)
 		xasprintf(&identname, "tinc.%s", netname);
 	else
 		identname = xstrdup("tinc");
 #ifdef HAVE_MINGW
 	if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
 		if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
 			confdir = xstrdup(installdir);
 			if(!logfilename)
 				xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", installdir, identname);
 			if(!confbase) {
 				if(netname)
 					xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
 				else
 					xasprintf(&confbase, "%s", installdir);
 			}
 			if(!pidfilename)
 				xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
 		}
 		RegCloseKey(key);
 	}
 #endif
 	if(!confdir)
 		confdir = xstrdup(CONFDIR SLASH "tinc");
 	if(!logfilename)
 		xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
 	if(!pidfilename)
 		xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
 	if(!unixsocketname) {
 		int len = strlen(pidfilename);
 		unixsocketname = xmalloc(len + 8);
 		strcpy(unixsocketname, pidfilename);
 		if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
 			strcpy(unixsocketname + len - 4, ".socket");
 		else
 			strcpy(unixsocketname + len, ".socket");
 	}
 	if(netname) {
 		if(!confbase)
 			xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
 		else
 			logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
 	} else {
 		if(!confbase)
 			xasprintf(&confbase, CONFDIR SLASH "tinc");
 	}
 }
 void free_names(void) {
 	free(identname);
 	free(netname);
 	free(unixsocketname);
 	free(pidfilename);
 	free(logfilename);
 	free(confbase);
 	free(confdir);
 }
--- a/src/names.h
+++ b/src/names.h
@ -0,0 +1,36 @@
 /*
    names.h -- header for names.c
    Copyright (C) 1998-2005 Ivo Timmermans
                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #ifndef __TINC_NAMES_H__
 #define __TINC_NAMES_H__
 extern char *confdir;
 extern char *confbase;
 extern char *netname;
 extern char *identname;
 extern char *unixsocketname;
 extern char *logfilename;
 extern char *pidfilename;
 extern char *program_name;
 extern void make_names(void);
 extern void free_names(void);
 #endif /* __TINC_NAMES_H__ */
--- a/src/net.c
+++ b/src/net.c
@ -1,7 +1,7 @@
 /*
    net.c -- most of the network code
    Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2006      Scott Lamb <slamb@slamb.org>
                  2011      Loïc Grenié <loic.grenie@gmail.com>
@ -29,6 +29,7 @@
 #include "graph.h"
 #include "logger.h"
 #include "meta.h"
 #include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "process.h"
@ -280,29 +281,13 @@ static void periodic_handler(void *data) {
 }
 void handle_meta_connection_data(connection_t *c) {
 	int result;
 	socklen_t len = sizeof result;
 	if(c->status.connecting) {
 		c->status.connecting = false;
 		getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len);
 		if(!result)
 			finish_connecting(c);
 		else {
 			logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
 			terminate_connection(c, false);
 			return;
 		}
 	}
 	if (!receive_meta(c)) {
 		terminate_connection(c, c->status.active);
 		return;
 	}
 }
 #ifndef HAVE_MINGW
 static void sigterm_handler(void *data) {
 	logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
 	event_exit();
@ -318,6 +303,7 @@ static void sigalrm_handler(void *data) {
 	logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
 	retry();
 }
 #endif
 int reload_configuration(void) {
 	char *fname;
@ -451,11 +437,13 @@ int main_loop(void) {
 	signal_t sighup = {0};
 	signal_t sigterm = {0};
 	signal_t sigquit = {0};
 	signal_t sigint = {0};
 	signal_t sigalrm = {0};
 	signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
 	signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
 	signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
 	signal_add(&sigint, sigterm_handler, &sigint, SIGINT);
 	signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
 #endif
--- a/src/net.h
+++ b/src/net.h
@ -1,7 +1,7 @@
 /*
    net.h -- header for net.c
    Copyright (C) 1998-2005 Ivo Timmermans
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -128,6 +128,7 @@ extern bool localdiscovery;
 extern listen_socket_t listen_socket[MAXSOCKETS];
 extern int listen_sockets;
 extern io_t unix_socket;
 extern int keylifetime;
 extern int udp_rcvbuf;
 extern int udp_sndbuf;
@ -164,6 +165,7 @@ extern void handle_incoming_vpn_data(void *, int);
 extern void finish_connecting(struct connection_t *);
 extern bool do_outgoing_connection(struct outgoing_t *);
 extern void handle_new_meta_connection(void *, int);
 extern void handle_new_unix_connection(void *, int);
 extern int setup_listen_socket(const sockaddr_t *);
 extern int setup_vpn_in_socket(const sockaddr_t *);
 extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len);
--- a/src/net_packet.c
+++ b/src/net_packet.c
@ -1,7 +1,7 @@
 /*
    net_packet.c -- Handles in- and outgoing VPN packets
    Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2010      Timothy Redaelli <timothy@redaelli.eu>
                  2010      Brandon Black <blblack@gmail.com>
@ -22,12 +22,6 @@
 #include "system.h"
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
 #ifdef HAVE_ZLIB
 #include <zlib.h>
 #endif
@ -70,11 +64,15 @@ bool localdiscovery = false;
   mtuprobes ==    32: send 1 burst, sleep pingtimeout second
   mtuprobes ==    33: no response from other side, restart PMTU discovery process
-   Probes are sent in batches of three, with random sizes between the lower and
+   Probes are sent in batches of at least three, with random sizes between the
-   upper boundaries for the MTU thus far discovered.
+   lower and upper boundaries for the MTU thus far discovered.
-   In case local discovery is enabled, a fourth packet is added to each batch,
+   After the initial discovery, a fourth packet is added to each batch with a
   size larger than the currently known PMTU, to test if the PMTU has increased.
   In case local discovery is enabled, another packet is added to each batch,
   which will be broadcast to the local network.
 */
 static void send_mtu_probe_handler(void *data) {
@ -125,13 +123,18 @@ static void send_mtu_probe_handler(void *data) {
 		timeout = pingtimeout;
 	}
-	for(int i = 0; i < 3 + localdiscovery; i++) {
+	for(int i = 0; i < 4 + localdiscovery; i++) {
 		int len;
-		if(n->maxmtu <= n->minmtu)
+		if(i == 0) {
 			if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
 				continue;
 			len = n->maxmtu + 8;
 		} else if(n->maxmtu <= n->minmtu) {
 			len = n->maxmtu;
-		else
+		} else {
 			len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
 		}
 		if(len < 64)
 			len = 64;
@ -140,7 +143,7 @@ static void send_mtu_probe_handler(void *data) {
 		memset(packet.data, 0, 14);
 		randomize(packet.data + 14, len - 14);
 		packet.len = len;
-		if(i >= 3 && n->mtuprobes <= 10)
+		if(i >= 4 && n->mtuprobes <= 10)
 			packet.priority = -1;
 		else
 			packet.priority = 0;
@ -150,6 +153,21 @@ static void send_mtu_probe_handler(void *data) {
 		send_udppacket(n, &packet);
 	}
 	n->probe_counter = 0;
 	gettimeofday(&n->probe_time, NULL);
 	/* Calculate the packet loss of incoming traffic by comparing the rate of
 	   packets received to the rate with which the sequence number has increased.
 	 */
 	if(n->received > n->prev_received)
 		n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
 	else
 		n->packetloss = n->received_seqno <= n->prev_received_seqno;
 	n->prev_received_seqno = n->received_seqno;
 	n->prev_received = n->received;
 end:
 	timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
 }
@ -184,6 +202,13 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
 		/* If we haven't established the PMTU yet, restart the discovery process. */
 		if(n->mtuprobes > 30) {
 			if (len == n->maxmtu + 8) {
 				logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
 				n->maxmtu = MTU;
 				n->mtuprobes = 10;
 				return;
 			}
 			if(n->minmtu)
 				n->mtuprobes = 30;
 			else
@ -196,6 +221,25 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
 			len = n->maxmtu;
 		if(n->minmtu < len)
 			n->minmtu = len;
 		/* Calculate RTT and bandwidth.
 		   The RTT is the time between the MTU probe burst was sent and the first
 		   reply is received. The bandwidth is measured using the time between the
 		   arrival of the first and third probe reply.
 		 */
 		struct timeval now, diff;
 		gettimeofday(&now, NULL);
 		timersub(&now, &n->probe_time, &diff);
 		n->probe_counter++;
 		if(n->probe_counter == 1) {
 			n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
 			n->probe_time = now;
 		} else if(n->probe_counter == 3) {
 			n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
 			logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
 		}
 	}
 }
@ -365,6 +409,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 	if(inpkt->seqno > n->received_seqno)
 		n->received_seqno = inpkt->seqno;
 	n->received++;
 	if(n->received_seqno > MAX_SEQNO)
 		regenerate_key();
--- a/src/net_setup.c
+++ b/src/net_setup.c
@ -1,7 +1,7 @@
 /*
    net_setup.c -- Setup.
    Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2006      Scott Lamb <slamb@slamb.org>
                  2010      Brandon Black <blblack@gmail.com>
@ -31,6 +31,7 @@
 #include "ecdsa.h"
 #include "graph.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "process.h"
@ -807,6 +808,37 @@ static bool setup_myself(void) {
 	/* Open sockets */
 #ifndef HAVE_MINGW
 	int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if(unix_fd < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
 		return false;
 	}
 	struct sockaddr_un sa;
 	sa.sun_family = AF_UNIX;
 	strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
 	if(connect(unix_fd, (struct sockaddr *)&sa, sizeof sa) >= 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
 		return false;
 	}
 	unlink(unixsocketname);
 	if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
 		return false;
 	}
 	if(listen(unix_fd, 3) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
 		return false;
 	}
 	io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
 #endif
 	if(!do_detach && getenv("LISTEN_FDS")) {
 		sockaddr_t sa;
 		socklen_t salen;
@ -991,6 +1023,11 @@ void close_network_connections(void) {
 		close(listen_socket[i].udp.fd);
 	}
 #ifndef HAVE_MINGW
 	io_del(&unix_socket);
 	close(unix_socket.fd);
 #endif
 	char *envp[5];
 	xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
 	xasprintf(&envp[1], "DEVICE=%s", device ? : "");
--- a/src/net_socket.c
+++ b/src/net_socket.c
@ -1,7 +1,7 @@
 /*
    net_socket.c -- Handle various kinds of sockets.
    Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2006      Scott Lamb <slamb@slamb.org>
                  2009      Florian Forster <octo@verplant.org>
@ -24,9 +24,11 @@
 #include "conf.h"
 #include "connection.h"
 #include "control_common.h"
 #include "list.h"
 #include "logger.h"
 #include "meta.h"
 #include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "protocol.h"
@ -46,6 +48,9 @@ int udp_sndbuf = 0;
 listen_socket_t listen_socket[MAXSOCKETS];
 int listen_sockets;
 #ifndef HAVE_MINGW
 io_t unix_socket;
 #endif
 list_t *outgoing_list = NULL;
 /* Setup sockets */
@ -289,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
 void finish_connecting(connection_t *c) {
 	logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
 	if(proxytype != PROXY_EXEC)
 		configure_tcp(c);
 	c->last_ping_time = time(NULL);
 	c->status.connecting = false;
@ -368,10 +370,28 @@ static void handle_meta_write(connection_t *c) {
 }
 static void handle_meta_io(void *data, int flags) {
 	connection_t *c = data;
 	if(c->status.connecting) {
 		c->status.connecting = false;
 		int result;
 		socklen_t len = sizeof result;
 		getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len);
 		if(!result)
 			finish_connecting(c);
 		else {
 			logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
 			terminate_connection(c, false);
 			return;
 		}
 	}
 	if(flags & IO_WRITE)
-		handle_meta_write(data);
+		handle_meta_write(c);
 	else
-		handle_meta_connection_data(data);
+		handle_meta_connection_data(c);
 }
 bool do_outgoing_connection(outgoing_t *outgoing) {
@ -436,6 +456,7 @@ begin:
 		}
 		logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
 		c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
 		configure_tcp(c);
 	}
 	if(c->socket == -1) {
@ -488,7 +509,7 @@ begin:
 	connection_add(c);
-	io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
+	io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE);
 	return true;
 }
@ -561,6 +582,45 @@ void handle_new_meta_connection(void *data, int flags) {
 	send_id(c);
 }
 #ifndef HAVE_MINGW
 /*
  accept a new UNIX socket connection
 */
 void handle_new_unix_connection(void *data, int flags) {
 	io_t *io = data;
 	connection_t *c;
 	sockaddr_t sa;
 	int fd;
 	socklen_t len = sizeof sa;
 	fd = accept(io->fd, &sa.sa, &len);
 	if(fd < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
 		return;
 	}
 	sockaddrunmap(&sa);
 	c = new_connection();
 	c->name = xstrdup("<control>");
 	c->address = sa;
 	c->hostname = xstrdup("localhost port unix");
 	c->socket = fd;
 	c->last_ping_time = time(NULL);
 	logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
 	io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
 	connection_add(c);
 	c->allow_request = ID;
 	send_id(c);
 }
 #endif
 static void free_outgoing(outgoing_t *outgoing) {
 	timeout_del(&outgoing->ev);
--- a/src/node.h
+++ b/src/node.h
@ -1,6 +1,6 @@
 /*
    node.h -- header for node.c
-    Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
                  2001-2005 Ivo Timmermans
    This program is free software; you can redistribute it and/or modify
@ -77,6 +77,9 @@ typedef struct node_t {
 	uint32_t sent_seqno;                    /* Sequence number last sent to this node */
 	uint32_t received_seqno;                /* Sequence number last received from this node */
 	uint32_t received;                      /* Total valid packets received from this node */
 	uint32_t prev_received_seqno;
 	uint32_t prev_received;
 	uint32_t farfuture;                     /* Packets in a row that have arrived from the far future */
 	unsigned char* late;                    /* Bitfield marking late packets */
@ -85,6 +88,11 @@ typedef struct node_t {
 	length_t maxmtu;                        /* Probed maximum MTU */
 	int mtuprobes;                          /* Number of probes */
 	timeout_t mtutimeout;                   /* Probe event */
 	struct timeval probe_time;              /* Time the last probe was sent or received */
 	int probe_counter;                      /* Number of probes received since last burst was sent */
 	float rtt;                              /* Last measured round trip time */
 	float bandwidth;                        /* Last measured bandwidth */
 	float packetloss;                       /* Last measured packet loss rate */
 	uint64_t in_packets;
 	uint64_t in_bytes;
--- a/src/process.c
+++ b/src/process.c
@ -1,7 +1,7 @@
 /*
    process.c -- process management functions
    Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -27,6 +27,7 @@
 #include "edge.h"
 #include "event.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "node.h"
 #include "process.h"
@ -38,17 +39,12 @@
 bool do_detach = true;
 bool sigalrm = false;
 extern char *identname;
 extern char **g_argv;
 extern bool use_logfile;
 /* Some functions the less gifted operating systems might lack... */
 #ifdef HAVE_MINGW
 extern char *identname;
 extern char *program_name;
 extern char **g_argv;
 static SC_HANDLE manager = NULL;
 static SC_HANDLE service = NULL;
 static SERVICE_STATUS status = {0};
@ -263,8 +259,8 @@ bool execute_script(const char *name, char **envp) {
 		}
 	}
 #ifdef WEXITSTATUS
 	if(status != -1) {
 #ifdef WEXITSTATUS
 		if(WIFEXITED(status)) {          /* Child exited by itself */
 			if(WEXITSTATUS(status)) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d",
@ -279,11 +275,11 @@ bool execute_script(const char *name, char **envp) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name);
 			return false;
 		}
 #endif
 	} else {
 		logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
 		return false;
 	}
 #endif
 #endif
 	return true;
 }
--- a/src/protocol.c
+++ b/src/protocol.c
@ -111,7 +111,7 @@ void forward_request(connection_t *from, const char *request) {
 }
 bool receive_request(connection_t *c, const char *request) {
-	if(proxytype == PROXY_HTTP && c->allow_request == ID) {
+	if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
 		if(!request[0] || request[0] == '\r')
 			return true;
 		if(!strncasecmp(request, "HTTP/1.1 ", 9)) {
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@ -139,7 +139,7 @@ bool send_id(connection_t *c) {
 			minor = myself->connection->protocol_minor;
 	}
-	if(proxytype)
+	if(proxytype && c->outgoing)
 		if(!send_proxyrequest(c))
 			return false;
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@ -1,7 +1,7 @@
 /*
    protocol_key.c -- handle the meta-protocol, key exchange
    Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -278,6 +278,7 @@ bool send_ans_key(node_t *to) {
 	// Reset sequence number and late packet window
 	mykeyused = true;
 	to->received_seqno = 0;
 	to->received = 0;
 	if(replaywin) memset(to->late, 0, replaywin);
 	return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
--- a/src/route.c
+++ b/src/route.c
@ -1,7 +1,7 @@
 /*
    route.c -- routing
    Copyright (C) 2000-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -835,6 +835,11 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
 	if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
 		return;
 	uint16_t type = packet->data[12] << 8 | packet->data[13];
 	if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
 		packet->priority = packet->data[15];
 	// Handle packets larger than PMTU
 	node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
@ -844,7 +849,6 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
 	if(via && packet->len > via->mtu && via != myself) {
 		logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
 		uint16_t type = packet->data[12] << 8 | packet->data[13];
 		length_t ethlen = 14;
 		if(type == ETH_P_8021Q) {
--- a/src/solaris/device.c
+++ b/src/solaris/device.c
@ -1,7 +1,7 @@
 /*
    device.c -- Interaction with Solaris tun device
    Copyright (C) 2001-2005 Ivo Timmermans,
-                  2001-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2001-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -28,6 +28,7 @@
 #include "conf.h"
 #include "device.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "utils.h"
 #include "xalloc.h"
--- a/src/sptps.c
+++ b/src/sptps.c
@ -1,6 +1,6 @@
 /*
    sptps.c -- Simple Peer-to-Peer Security
-    Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
                  2010      Brandon L. Black <blblack@gmail.com>
    This program is free software; you can redistribute it and/or modify
@ -439,6 +439,17 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 		return receive_handshake(s, data + 5, len - 5);
 	}
 	// Check HMAC.
 	uint16_t netlen = htons(len - 21);
 	char buffer[len + 23];
 	memcpy(buffer, &netlen, 2);
 	memcpy(buffer + 2, data, len);
 	if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
 		return error(s, EIO, "Invalid HMAC");
 	// Replay protection using a sliding window of configurable size.
 	// s->inseqno is expected sequence number
 	// seqno is received sequence number
@ -473,19 +484,13 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 	if(seqno > s->inseqno)
 		s->inseqno = seqno + 1;
-	uint16_t netlen = htons(len - 21);
+	if(!s->inseqno)
-
+		s->received = 0;
-	char buffer[len + 23];
+	else
-
+		s->received++;
 	memcpy(buffer, &netlen, 2);
 	memcpy(buffer + 2, data, len);
 	// Decrypt.
 	memcpy(&seqno, buffer + 2, 4);
 	// Check HMAC and decrypt.
 	if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
 		return error(s, EIO, "Invalid HMAC");
 	cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
 	if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
 		return false;
--- a/src/sptps.h
+++ b/src/sptps.h
@ -1,6 +1,6 @@
 /*
    sptps.h -- Simple Peer-to-Peer Security
-    Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -56,6 +56,7 @@ typedef struct sptps {
 	cipher_t incipher;
 	digest_t indigest;
 	uint32_t inseqno;
 	uint32_t received;
 	unsigned int replaywin;
 	unsigned int farfuture;
 	char *late;
--- a/src/subnet.c
+++ b/src/subnet.c
@ -1,6 +1,6 @@
 /*
    subnet.c -- handle subnet lookups and lists
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
                  2000-2005 Ivo Timmermans
    This program is free software; you can redistribute it and/or modify
@ -25,6 +25,7 @@
 #include "device.h"
 #include "hash.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "node.h"
--- a/src/tincctl.c
+++ b/src/tincctl.c
@ -1,6 +1,6 @@
 /*
    tincctl.c -- Controlling a running tincd
-    Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -31,6 +31,7 @@
 #include "control_common.h"
 #include "ecdsagen.h"
 #include "info.h"
 #include "names.h"
 #include "rsagen.h"
 #include "utils.h"
 #include "tincctl.h"
@ -40,10 +41,6 @@
 #define mkdir(a, b) mkdir(a)
 #endif
 /* The name this program was run with. */
 static char *program_name = NULL;
 static char **orig_argv;
 static int orig_argc;
@ -54,12 +51,7 @@ static bool show_help = false;
 static bool show_version = false;
 static char *name = NULL;
 static char *identname = NULL;          /* program name for syslog */
 static char *pidfilename = NULL;        /* pid file location */
 static char *confdir = NULL;
 static char controlcookie[1025];
 char *netname = NULL;
 char *confbase = NULL;
 static char *tinc_conf = NULL;
 static char *hosts_dir = NULL;
 struct timeval now;
@ -107,10 +99,9 @@ static void version(void) {
 }
 static void usage(bool status) {
-	if(status)
+	if(status) {
-		fprintf(stderr, "Try `%s --help\' for more information.\n",
+		fprintf(stderr, "Try `%s --help\' for more information.\n", program_name);
-				program_name);
+	} else {
 	else {
 		printf("Usage: %s [options] command\n\n", program_name);
 		printf("Valid options are:\n"
 				"  -c, --config=DIR        Read configuration options from DIR.\n"
@ -153,6 +144,8 @@ static void usage(bool status) {
 				"  export                     Export host configuration of local node to standard output\n"
 				"  export-all                 Export all host configuration files to standard output\n"
 				"  import [--force]           Import host configuration file(s) from standard input\n"
 				"  exchange [--force]         Same as export followed by import\n"
 				"  exchange-all [--force]     Same as export-all followed by import\n"
 				"\n");
 		printf("Report bugs to tinc@tinc-vpn.org.\n");
 	}
@ -453,62 +446,6 @@ static bool rsa_keygen(int bits, bool ask) {
 	return true;
 }
 /*
  Set all files and paths according to netname
 */
 static void make_names(void) {
 #ifdef HAVE_MINGW
 	HKEY key;
 	char installdir[1024] = "";
 	long len = sizeof installdir;
 #endif
 	if(netname)
 		xasprintf(&identname, "tinc.%s", netname);
 	else
 		identname = xstrdup("tinc");
 #ifdef HAVE_MINGW
 	if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
 		if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
 			if(!confbase) {
 				if(netname)
 					xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
 				else
 					xasprintf(&confbase, "%s", installdir);
 			}
 		}
 		if(!pidfilename)
 			xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
 		RegCloseKey(key);
 	}
 	if(!*installdir) {
 #endif
 	confdir = xstrdup(CONFDIR);
 	if(!pidfilename)
 		xasprintf(&pidfilename, "%s" SLASH "run" SLASH "%s.pid", LOCALSTATEDIR, identname);
 	if(netname) {
 		if(!confbase)
 			xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
 		else
 			fprintf(stderr, "Both netname and configuration directory given, using the latter...\n");
 	} else {
 		if(!confbase)
 			xasprintf(&confbase, CONFDIR SLASH "tinc");
 	}
 #ifdef HAVE_MINGW
 	} else
 		confdir = xstrdup(installdir);
 #endif
 	xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
 	xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
 }
 static char buffer[4096];
 static size_t blen = 0;
@ -729,6 +666,26 @@ static bool connect_tincd(bool verbose) {
 	}
 #endif
 #ifndef HAVE_MINGW
 	struct sockaddr_un sa;
 	sa.sun_family = AF_UNIX;
 	strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
 	fd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if(fd < 0) {
 		if(verbose)
 			fprintf(stderr, "Cannot create UNIX socket: %s\n", sockstrerror(sockerrno));
 		return false;
 	}
 	if(connect(fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
 		if(verbose)
 			fprintf(stderr, "Cannot connect to UNIX socket %s: %s\n", unixsocketname, sockstrerror(sockerrno));
 		close(fd);
 		fd = -1;
 		return false;
 	}
 #else
 	struct addrinfo hints = {
 		.ai_family = AF_UNSPEC,
 		.ai_socktype = SOCK_STREAM,
@ -769,6 +726,7 @@ static bool connect_tincd(bool verbose) {
 	}
 	freeaddrinfo(res);
 #endif
 	char data[4096];
 	int version;
@ -854,6 +812,11 @@ static int cmd_start(int argc, char *argv[]) {
 }
 static int cmd_stop(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 #ifndef HAVE_MINGW
 	if(!connect_tincd(true)) {
 		if(pid) {
@ -871,16 +834,10 @@ static int cmd_stop(int argc, char *argv[]) {
 	}
 	sendline(fd, "%d %d", CONTROL, REQ_STOP);
 	if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_STOP || result) {
 		fprintf(stderr, "Could not stop tinc daemon.\n");
 		return 1;
 	}
-	// Wait for tincd to close the connection...
+	while(recvline(fd, line, sizeof line)) {
-	fd_set r;
+		// Wait for tincd to close the connection...
-	FD_ZERO(&r);
+	}
 	FD_SET(fd, &r);
 	select(fd + 1, &r, NULL, NULL, NULL);
 #else
 	if(!remove_service())
 		return 1;
@ -898,6 +855,11 @@ static int cmd_restart(int argc, char *argv[]) {
 }
 static int cmd_reload(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	if(!connect_tincd(true))
 		return 1;
@ -1070,6 +1032,11 @@ static int cmd_dump(int argc, char *argv[]) {
 }
 static int cmd_purge(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	if(!connect_tincd(true))
 		return 1;
@ -1105,6 +1072,11 @@ static int cmd_debug(int argc, char *argv[]) {
 }
 static int cmd_retry(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	if(!connect_tincd(true))
 		return 1;
@ -1164,6 +1136,11 @@ static int cmd_disconnect(int argc, char *argv[]) {
 }
 static int cmd_top(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 #ifdef HAVE_CURSES
 	if(!connect_tincd(true))
 		return 1;
@ -1177,6 +1154,11 @@ static int cmd_top(int argc, char *argv[]) {
 }
 static int cmd_pcap(int argc, char *argv[]) {
 	if(argc > 2) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	if(!connect_tincd(true))
 		return 1;
@ -1185,6 +1167,11 @@ static int cmd_pcap(int argc, char *argv[]) {
 }
 static int cmd_log(int argc, char *argv[]) {
 	if(argc > 2) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	if(!connect_tincd(true))
 		return 1;
@ -1193,6 +1180,11 @@ static int cmd_log(int argc, char *argv[]) {
 }
 static int cmd_pid(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	if(!connect_tincd(true) && !pid)
 		return 1;
@ -1613,7 +1605,10 @@ static int cmd_init(int argc, char *argv[]) {
 		return 1;
 	}
-	if(argc < 2) {
+	if(argc > 2) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	} else if(argc < 2) {
 		if(tty) {
 			char buf[1024];
 			fprintf(stdout, "Enter the Name you want your tinc node to have: ");
@ -1692,14 +1687,29 @@ static int cmd_init(int argc, char *argv[]) {
 }
 static int cmd_generate_keys(int argc, char *argv[]) {
 	if(argc > 2) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
 }
 static int cmd_generate_rsa_keys(int argc, char *argv[]) {
 	if(argc > 2) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
 }
 static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	return !ecdsa_keygen(true);
 }
@ -1709,6 +1719,11 @@ static int cmd_help(int argc, char *argv[]) {
 }
 static int cmd_version(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	version();
 	return 0;
 }
@ -1811,14 +1826,29 @@ static int export(const char *name, FILE *out) {
 }
 static int cmd_export(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	char *name = get_my_name();
 	if(!name)
 		return 1;
-	return export(name, stdout);
+	int result = export(name, stdout);
 	if(!tty)
 		fclose(stdout);
 	free(name);
 	return result;
 }
 static int cmd_export_all(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	DIR *dir = opendir(hosts_dir);
 	if(!dir) {
 		fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
@ -1842,21 +1872,30 @@ static int cmd_export_all(int argc, char *argv[]) {
 	}
 	closedir(dir);
 	if(!tty)
 		fclose(stdout);
 	return result;
 }
 static int cmd_import(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
 	}
 	FILE *in = stdin;
 	FILE *out = NULL;
 	char buf[4096];
 	char name[4096];
-	char *filename;
+	char *filename = NULL;
 	int count = 0;
 	bool firstline = true;
 	while(fgets(buf, sizeof buf, in)) {
 		if(sscanf(buf, "Name = %s", name) == 1) {
 			firstline = false;
 			if(!check_id(name)) {
 				fprintf(stderr, "Invalid Name in input!\n");
 				return 1;
@ -1881,7 +1920,6 @@ static int cmd_import(int argc, char *argv[]) {
 			}
 			count++;
 			firstline = false;
 			continue;
 		} else if(firstline) {
 			fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
@ -1912,6 +1950,14 @@ static int cmd_import(int argc, char *argv[]) {
 	}
 }
 static int cmd_exchange(int argc, char *argv[]) {
 	return cmd_export(argc, argv) ?: cmd_import(argc, argv);
 }
 static int cmd_exchange_all(int argc, char *argv[]) {
 	return cmd_export_all(argc, argv) ?: cmd_import(argc, argv);
 }
 static const struct {
 	const char *command;
 	int (*function)(int argc, char *argv[]);
@ -1942,6 +1988,8 @@ static const struct {
 	{"export", cmd_export},
 	{"export-all", cmd_export_all},
 	{"import", cmd_import},
 	{"exchange", cmd_exchange},
 	{"exchange-all", cmd_exchange_all},
 	{NULL, NULL},
 };
@ -2189,6 +2237,8 @@ int main(int argc, char *argv[]) {
 		return 1;
 	make_names();
 	xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
 	xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
 	if(show_version) {
 		version();
--- a/src/tincd.c
+++ b/src/tincd.c
@ -1,7 +1,7 @@
 /*
    tincd.c -- the main file for tincd
    Copyright (C) 1998-2005 Ivo Timmermans
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                  2008      Max Rijevski <maksuf@gmail.com>
                  2009      Michael Tokarev <mjt@tls.msk.ru>
                  2010      Julien Muchembled <jm@jmuchemb.eu>
@ -33,12 +33,6 @@
 #include <sys/mman.h>
 #endif
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 #ifdef HAVE_LZO
 #include LZO1X_H
 #endif
@ -56,6 +50,7 @@
 #include "crypto.h"
 #include "device.h"
 #include "logger.h"
 #include "names.h"
 #include "net.h"
 #include "netutl.h"
 #include "process.h"
@ -63,9 +58,6 @@
 #include "utils.h"
 #include "xalloc.h"
 /* The name this program was run with. */
 char *program_name = NULL;
 /* If nonzero, display usage information and exit. */
 static bool show_help = false;
@ -75,21 +67,22 @@ static bool show_version = false;
 /* If nonzero, use null ciphers and skip all key exchanges. */
 bool bypass_security = false;
 #ifdef HAVE_MLOCKALL
 /* If nonzero, disable swapping for this process. */
 static bool do_mlock = false;
 #endif
 #ifndef HAVE_MINGW
 /* If nonzero, chroot to netdir after startup. */
 static bool do_chroot = false;
 /* If !NULL, do setuid to given user after startup */
 static const char *switchuser = NULL;
 #endif
 /* If nonzero, write log entries to a separate file. */
 bool use_logfile = false;
 char *identname = NULL;         /* program name for syslog */
 char *logfilename = NULL;       /* log file location */
 char *pidfilename = NULL;
 char **g_argv;                  /* a copy of the cmdline arguments */
 static int status = 1;
@ -127,13 +120,18 @@ static void usage(bool status) {
 				"  -D, --no-detach               Don't fork and detach.\n"
 				"  -d, --debug[=LEVEL]           Increase debug level or set it to LEVEL.\n"
 				"  -n, --net=NETNAME             Connect to net NETNAME.\n"
 #ifdef HAVE_MLOCKALL
 				"  -L, --mlock                   Lock tinc into main memory.\n"
 #endif
 				"      --logfile[=FILENAME]      Write log entries to a logfile.\n"
 				"      --pidfile=FILENAME        Write PID and control socket cookie to FILENAME.\n"
 				"      --bypass-security         Disables meta protocol security, for debugging.\n"
 				"  -o, --option[HOST.]KEY=VALUE  Set global/host configuration value.\n"
 #ifndef HAVE_MINGW
 				"  -R, --chroot                  chroot to NET dir at startup.\n"
-				"  -U, --user=USER               setuid to given USER at startup.\n"                            "      --help                    Display this help and exit.\n"
+				"  -U, --user=USER               setuid to given USER at startup.\n"
 #endif
 				"      --help                    Display this help and exit.\n"
 				"      --version                 Output version information and exit.\n\n");
 		printf("Report bugs to tinc@tinc-vpn.org.\n");
 	}
@ -162,7 +160,7 @@ static bool parse_options(int argc, char **argv) {
 			case 'L': /* no detach */
 #ifndef HAVE_MLOCKALL
-				logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "mlockall()");
+				logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
 				return false;
 #else
 				do_mlock = true;
@ -187,6 +185,12 @@ static bool parse_options(int argc, char **argv) {
 				list_insert_tail(cmdline_conf, cfg);
 				break;
 #ifdef HAVE_MINGW
 			case 'R':
 			case 'U':
 				logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
 				return false;
 #else
 			case 'R': /* chroot to NETNAME dir */
 				do_chroot = true;
 				break;
@ -194,6 +198,7 @@ static bool parse_options(int argc, char **argv) {
 			case 'U': /* setuid to USER */
 				switchuser = optarg;
 				break;
 #endif
 			case 1:   /* show help */
 				show_help = true;
@ -244,77 +249,8 @@ static bool parse_options(int argc, char **argv) {
 	return true;
 }
 /*
  Set all files and paths according to netname
 */
 static void make_names(void) {
 #ifdef HAVE_MINGW
 	HKEY key;
 	char installdir[1024] = "";
 	long len = sizeof installdir;
 #endif
 	if(netname)
 		xasprintf(&identname, "tinc.%s", netname);
 	else
 		identname = xstrdup("tinc");
 #ifdef HAVE_MINGW
 	if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
 		if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
 			if(!logfilename)
 				xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", identname);
 			if(!confbase) {
 				if(netname)
 					xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
 				else
 					xasprintf(&confbase, "%s", installdir);
 			}
 			if(!pidfilename)
 				xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
 		}
 		RegCloseKey(key);
 		if(*installdir)
 			return;
 	}
 #endif
 	if(!logfilename)
 		xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
 	if(!pidfilename)
 		xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
 	if(netname) {
 		if(!confbase)
 			xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
 		else
 			logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
 	} else {
 		if(!confbase)
 			xasprintf(&confbase, CONFDIR SLASH "tinc");
 	}
 }
 static void free_names(void) {
 	if (identname) free(identname);
 	if (netname) free(netname);
 	if (pidfilename) free(pidfilename);
 	if (logfilename) free(logfilename);
 	if (confbase) free(confbase);
 }
 static bool drop_privs(void) {
-#ifdef HAVE_MINGW
+#ifndef HAVE_MINGW
 	if (switchuser) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-U");
 		return false;
 	}
 	if (do_chroot) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-R");
 		return false;
 	}
 #else
 	uid_t uid = 0;
 	if (switchuser) {
 		struct passwd *pw = getpwnam(switchuser);
--- a/src/top.c
+++ b/src/top.c
@ -1,6 +1,6 @@
 /*
    top.c -- Show real-time statistics from a running tincd
-    Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
 #include "control_common.h"
 #include "list.h"
 #include "names.h"
 #include "tincctl.h"
 #include "top.h"
 #include "xalloc.h"
@ -65,10 +66,6 @@ static float bscale = 1;
 static const char *punit = "pkts";
 static float pscale = 1;
 #ifndef timersub
 #define timersub(a, b, c) do {(c)->tv_sec = (a)->tv_sec - (b)->tv_sec; (c)->tv_usec = (a)->tv_usec = (b)->tv_usec;} while(0)
 #endif
 static void update(int fd) {
 	sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC);
 	gettimeofday(&cur, NULL);
@ -229,7 +226,7 @@ static void redraw(void) {
 			attrset(A_DIM);
 		if(cumulative)
-			mvprintw(row, 0, "%-16s %10"PRIu64" %10.0f %10"PRIu64" %10.0f",
+			mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
 					node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale);
 		else
 			mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
--- a/src/uml_device.c
+++ b/src/uml_device.c
@ -1,7 +1,7 @@
 /*
    device.c -- UML network socket
    Copyright (C) 2002-2005 Ivo Timmermans,
-                  2002-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2002-2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@
 #include "conf.h"
 #include "device.h"
 #include "names.h"
 #include "net.h"
 #include "logger.h"
 #include "utils.h"
@ -37,9 +38,6 @@ static int write_fd = -1;
 static int state = 0;
 static char *device_info;
 extern char *identname;
 extern volatile bool running;
 static uint64_t device_total_in = 0;
 static uint64_t device_total_out = 0;
@ -73,7 +71,7 @@ static bool setup_device(void) {
 	if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno));
-		running = false;
+		event_exit();
 		return false;
 	}
@ -85,13 +83,13 @@ static bool setup_device(void) {
 	if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
-		running = false;
+		event_exit();
 		return false;
 	}
 	if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno));
-		running = false;
+		event_exit();
 		return false;
 	}
@ -103,7 +101,7 @@ static bool setup_device(void) {
 	if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
-		running = false;
+		event_exit();
 		return false;
 	}
@ -116,7 +114,7 @@ static bool setup_device(void) {
 	if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno));
-		running = false;
+		event_exit();
 		return false;
 	}
@ -199,7 +197,7 @@ static bool read_packet(vpn_packet_t *packet) {
 			if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
-				running = false;
+				event_exit();
 				return false;
 			}
@ -215,20 +213,20 @@ static bool read_packet(vpn_packet_t *packet) {
 			if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info,
 					   device, strerror(errno));
-				running = false;
+				event_exit();
 				return false;
 			}
 			if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s",
 						request.magic, request.version, request.type, device_info, device);
-				running = false;
+				event_exit();
 				return false;
 			}
 			if(connect(write_fd, &request.sock, sizeof request.sock) < 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno));
-				running = false;
+				event_exit();
 				return false;
 			}
@ -245,7 +243,7 @@ static bool read_packet(vpn_packet_t *packet) {
 			if((inlen = read(data_fd, packet->data, MTU)) <= 0) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
 					   device, strerror(errno));
-				running = false;
+				event_exit();
 				return false;
 			}
@ -278,7 +276,7 @@ static bool write_packet(vpn_packet_t *packet) {
 	if(write(write_fd, packet->data, packet->len) < 0) {
 		if(errno != EINTR && errno != EAGAIN) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
-			running = false;
+			event_exit();
 		}
 		return false;
--- a/src/vde_device.c
+++ b/src/vde_device.c
@ -1,6 +1,6 @@
 /*
    device.c -- VDE plug
-    Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -23,6 +23,7 @@
 #include "conf.h"
 #include "device.h"
 #include "names.h"
 #include "net.h"
 #include "logger.h"
 #include "utils.h"
@ -35,9 +36,6 @@ static int port = 0;
 static char *group = NULL;
 static char *device_info;
 extern char *identname;
 extern volatile bool running;
 static uint64_t device_total_in = 0;
 static uint64_t device_total_out = 0;
@ -102,7 +100,7 @@ static bool read_packet(vpn_packet_t *packet) {
 	int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0);
 	if(lenin <= 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
-		running = false;
+		event_exit();
 		return false;
 	}
@ -117,7 +115,7 @@ static bool write_packet(vpn_packet_t *packet) {
 	if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
 		if(errno != EINTR && errno != EAGAIN) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
-			running = false;
+			event_exit();
 		}
 		return false;