lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.1~pre6

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:50 +02:00
parent ff64081061
commit 26033edb96
52 changed files with 3850 additions and 14921 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17082
ChangeLog
View file

File diff suppressed because it is too large Load diff

25
NEWS
View file

@ -1,3 +1,28 @@
Version 1.1pre6 February 20 2013
* Fixed tincd exitting immediately on Windows.
* Detect PMTU increases.
* Fixed crashes when using a SOCKS5 proxy.
* Fixed control connection when using a proxy.
Version 1.1pre5 January 20 2013
* Fixed long delays and possible hangs on Windows.
* Fixed support for the tunemu device on iOS, the UML and VDE devices.
* Small improvements to the documentation and error messages.
* Fixed broadcast packets not reaching the whole VPN.
* Tincctl now connects via a UNIX socket to the tincd on platforms that
support this.
* The PriorityInheritance option now also works in switch mode.
Version 1.1pre4 December 5 2012
* Added the "AutoConnect" option which will let tinc automatically select

8
README
View file

@ -1,7 +1,7 @@
This is the README file for tinc version 1.1pre4. Installation
This is the README file for tinc version 1.1pre6. Installation
instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2012 by:
tinc is Copyright (C) 1998-2013 by:
Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>,
@ -36,11 +36,11 @@ at your own risk.
Compatibility
-------------
Version 1.1pre4 is compatible with 1.0pre8, 1.0 and later, but not with older
Version 1.1pre6 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc.
When the ExperimentalProtocol option is used, tinc is still compatible with
1.0.X and 1.1pre4 itself, but not with any other 1.1preX version.
1.0.X and 1.1pre6 itself, but not with any other 1.1preX version.
Requirements

2
THANKS
View file

@ -6,7 +6,9 @@ We would like to thank the following people for their contributions to tinc:
* Anthony G. Basile
* Armijn Hemel
* Brandon Black
* Cheng LI
* Cris van Pelt
* Darius Jahandarie
* Delf Eldkraft
* dnk
* Enrique Zanardi

2
configure vendored
View file

@ -4095,7 +4095,7 @@ fi
# Define the identity of the package.
PACKAGE=tinc
VERSION=1.1pre4
VERSION=1.1pre6
cat >>confdefs.h <<_ACEOF

2
configure.in
View file

@ -4,7 +4,7 @@ AC_PREREQ(2.61)
AC_INIT
AC_CONFIG_SRCDIR([src/tincd.c])
AC_GNU_SOURCE
AM_INIT_AUTOMAKE(tinc, 1.1pre4)
AM_INIT_AUTOMAKE(tinc, 1.1pre6)
AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE

19
doc/tinc.conf.5.in
View file

@ -1,4 +1,4 @@
.Dd 2012-09-27
.Dd 2013-01-14
.Dt TINC.CONF 5
.\" Manual page created by:
.\" Ivo Timmermans
@ -343,7 +343,7 @@ This option selects the way packets are routed to other daemons.
In this mode
.Va Subnet
variables in the host configuration files will be used to form a routing table.
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
.Pp
This is the default mode, and unless you really know you need another mode, don't change it.
.It switch
@ -361,7 +361,7 @@ while no routing table is managed.
.It Va Name Li = Ar name Bq required
This is the name which identifies this tinc daemon.
It must be unique for the virtual private network this daemon will connect to.
The Name may only consist of alphanumeric and underscore characters.
The Name may only consist of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
If
.Va Name
starts with a
@ -372,7 +372,7 @@ If
.Va Name
is
.Li $HOST ,
but no such environment variable exist, the hostname will be read using the gethostnname() system call.
but no such environment variable exist, the hostname will be read using the gethostname() system call.
.It Va PingInterval Li = Ar seconds Pq 60
The number of seconds of inactivity that
.Nm tinc
@ -428,7 +428,7 @@ and
are available.
.El
.It Va ReplayWindow Li = Ar bytes Pq 16
vhis is the size of the replay tracking window for each remote node, in bytes.
This is the size of the replay tracking window for each remote node, in bytes.
The window is a bitfield which tracks 1 packet per bit, so for example
the default setting of 16 will track up to 128 packets in the window. In high
bandwidth scenarios, setting this to a higher value can reduce packet loss from
@ -497,12 +497,9 @@ Furthermore, specifying
.Qq none
will turn off packet authentication.
.It Va IndirectData Li = yes | no Pq no
This option specifies whether other tinc daemons besides the one you specified with
.Va ConnectTo
can make a direct connection to you.
This is especially useful if you are behind a firewall
and it is impossible to make a connection from the outside to your tinc daemon.
Otherwise, it is best to leave this option out or set it to no.
When set to yes, other nodes which do not already have a meta connection to you
will not try to establish direct communication with you.
It is best to leave this option out or set it to no.
.It Va MACLength Li = Ar length Pq 4
The length of the message authentication code used to authenticate UDP packets.
Can be anything from

177
doc/tinc.info
View file

@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.1pre4, a Virtual Private
This is the info manual for tinc version 1.1pre5, a Virtual Private
Network daemon.
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this
@ -989,9 +989,8 @@ Mode = <router|switch|hub> (router)
router
In this mode Subnet variables in the host configuration files
will be used to form a routing table. Only unicast packets
of routable protocols (IPv4 and IPv6) are supported in this
mode.
will be used to form a routing table. Only packets of
routable protocols (IPv4 and IPv6) are supported in this mode.
This is the default mode, and unless you really know you need
another mode, don't change it.
@ -1026,13 +1025,13 @@ MACExpire = <SECONDS> (600)
Name = <NAME> [required]
This is a symbolic name for this connection. The name should
consist only of alfanumeric and underscore characters (a-z, A-Z,
0-9 and _).
0-9 and _), and is case sensitive.
If Name starts with a $, then the contents of the environment
variable that follows will be used. In that case, invalid
characters will be converted to underscores. If Name is $HOST,
but no such environment variable exist, the hostname will be read
using the gethostnname() system call.
using the gethostname() system call.
PingInterval = <SECONDS> (60)
The number of seconds of inactivity that tinc will wait before
@ -1157,12 +1156,9 @@ Digest = <DIGEST> (sha1)
"none" will turn off packet authentication.
IndirectData = <yes|no> (no)
This option specifies whether other tinc daemons besides the one
you specified with ConnectTo can make a direct connection to you.
This is especially useful if you are behind a firewall and it is
impossible to make a connection from the outside to your tinc
daemon. Otherwise, it is best to leave this option out or set it
to no.
When set to yes, other nodes which do not already have a meta
connection to you will not try to establish direct communication
with you. It is best to leave this option out or set it to no.
MACLength = <BYTES> (4)
The length of the message authentication code used to authenticate
@ -1412,10 +1408,11 @@ copy&paste the email:
If you are the owner of bar yourself, and you have SSH access to
that computer, you can also swap the host configuration files using the
following commands:
following command:
tincctl -n NETNAME export | ssh bar.example.org tincctl -n NETNAME import
ssh bar.example.org tincctl -n NETNAME export | tincctl -n NETNAME import
tincctl -n NETNAME export \
| ssh bar.example.org tincctl -n NETNAME exchange \
| tincctl -n NETNAME import
You should repeat this for all nodes you ConnectTo, or which
ConnectTo you. However, remember that you do not need to ConnectTo all
@ -1722,6 +1719,8 @@ command line options.
shared private keys to be written to the system swap
files/partitions.
This option is not supported on all platforms.
`--logfile[=FILE]'
Write log entries to a file instead of to the system logging
facility. If FILE is omitted, the default is
@ -1744,11 +1743,15 @@ command line options.
or host-up), unless it's setup to be runnable inside chroot
environment.
This option is not supported on all platforms.
`-U, --user=USER'
Switch to the given USER after initialization, at the same time as
chroot is performed (see -chroot above). With this option tinc
drops privileges, for added security.
This option is not supported on all platforms.
`--help'
Display a short reminder of these runtime options and terminate.
@ -2077,9 +2080,15 @@ File: tinc.info, Node: tincctl commands, Next: tincctl examples, Prev: tincct
Export all host configuration files to standard output.
`import [--force]'
Import host configuration file(s) from standard input. Already
existing host configuration files are not overwritten unless the
option -force is used.
Import host configuration file(s) generated by the tincctl export
command from standard input. Already existing host configuration
files are not overwritten unless the option -force is used.
`exchange [--force]'
The same as export followed by import.
`exchange-all [--force]'
The same as export-all followed by import.
`start [tincd options]'
Start `tincd', optionally with the given extra options.
@ -2840,7 +2849,7 @@ Concept Index
* CHALLENGE: Authentication protocol.
(line 10)
* CIDR notation: Host configuration variables.
(line 91)
(line 88)
* Cipher: Host configuration variables.
(line 12)
* ClampMSS: Host configuration variables.
@ -2882,7 +2891,7 @@ Concept Index
* example: Example configuration.
(line 6)
* exec: Main configuration variables.
(line 322)
(line 321)
* ExperimentalProtocol: Main configuration variables.
(line 164)
* Forwarding: Main configuration variables.
@ -2891,9 +2900,9 @@ Concept Index
* Hostnames: Main configuration variables.
(line 193)
* http: Main configuration variables.
(line 319)
(line 318)
* hub: Main configuration variables.
(line 246)
(line 245)
* ID: Authentication protocol.
(line 10)
* IndirectData: Host configuration variables.
@ -2904,7 +2913,7 @@ Concept Index
* IRC: Contact information. (line 9)
* KEY_CHANGED: The meta-protocol. (line 64)
* KeyExpire: Main configuration variables.
(line 251)
(line 250)
* libcurses: libcurses. (line 6)
* libraries: Libraries. (line 6)
* libreadline: libreadline. (line 6)
@ -2913,9 +2922,9 @@ Concept Index
(line 212)
* lzo: lzo. (line 6)
* MACExpire: Main configuration variables.
(line 257)
(line 256)
* MACLength: Host configuration variables.
(line 42)
(line 39)
* meta-protocol: The meta-connection. (line 18)
* META_KEY: Authentication protocol.
(line 10)
@ -2926,7 +2935,7 @@ Concept Index
* multiple networks: Multiple networks. (line 6)
* NAME: Scripts. (line 52)
* Name: Main configuration variables.
(line 262)
(line 261)
* netmask: Network interfaces. (line 39)
* NETNAME <1>: tincctl environment variables.
(line 6)
@ -2938,44 +2947,44 @@ Concept Index
* OpenSSL: OpenSSL. (line 6)
* options: Runtime options. (line 9)
* PEM format: Host configuration variables.
(line 67)
(line 64)
* PING: The meta-protocol. (line 89)
* PingInterval: Main configuration variables.
(line 273)
(line 272)
* PingTimeout: Main configuration variables.
(line 277)
(line 276)
* platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables.
(line 47)
(line 44)
* PMTUDiscovery: Host configuration variables.
(line 50)
(line 47)
* PONG: The meta-protocol. (line 89)
* Port: Host configuration variables.
(line 55)
(line 52)
* port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables.
(line 283)
(line 282)
* private: Virtual Private Networks.
(line 10)
* PrivateKey: Main configuration variables.
(line 288)
(line 287)
* PrivateKeyFile: Main configuration variables.
(line 294)
(line 293)
* ProcessPriority: Main configuration variables.
(line 299)
(line 298)
* Proxy: Main configuration variables.
(line 304)
(line 303)
* PublicKey: Host configuration variables.
(line 59)
(line 56)
* PublicKeyFile: Host configuration variables.
(line 62)
(line 59)
* raw_socket: Main configuration variables.
(line 100)
* release: Supported platforms. (line 14)
* REMOTEADDRESS: Scripts. (line 67)
* REMOTEPORT: Scripts. (line 70)
* ReplayWindow: Main configuration variables.
(line 327)
(line 326)
* REQ_KEY: The meta-protocol. (line 64)
* requirements: Libraries. (line 6)
* router: Main configuration variables.
@ -2987,20 +2996,20 @@ Concept Index
(line 18)
* signals: Signals. (line 6)
* socks4: Main configuration variables.
(line 308)
(line 307)
* socks5: Main configuration variables.
(line 313)
(line 312)
* StrictSubnets: Main configuration variables.
(line 338)
(line 337)
* SUBNET: Scripts. (line 74)
* Subnet: Host configuration variables.
(line 74)
(line 71)
* SVPN: Security. (line 11)
* switch: Main configuration variables.
(line 235)
(line 234)
* TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables.
(line 103)
(line 100)
* TINC: Security. (line 6)
* tinc: Introduction. (line 6)
* tinc-down: Scripts. (line 18)
@ -3011,16 +3020,16 @@ Concept Index
* tunifhead: Main configuration variables.
(line 142)
* TunnelServer: Main configuration variables.
(line 343)
(line 342)
* tunnohead: Main configuration variables.
(line 136)
* UDP <1>: Encryption of network packets.
(line 12)
* UDP: The UDP tunnel. (line 30)
* UDPRcvBuf: Main configuration variables.
(line 350)
(line 349)
* UDPSndBuf: Main configuration variables.
(line 355)
(line 354)
* UML: Main configuration variables.
(line 118)
* Universal tun/tap: Configuration of Linux kernels.
@ -3073,39 +3082,39 @@ Node: Multiple networks23835
Node: How connections work25215
Node: Configuration files27788
Node: Main configuration variables29321
Node: Host configuration variables45731
Node: Scripts50961
Node: How to configure53640
Node: Network interfaces58258
Node: Example configuration60659
Node: Running tinc65811
Node: Runtime options66404
Node: Signals69108
Node: Debug levels69958
Node: Solving problems70894
Node: Error messages72324
Node: Sending bug reports76646
Node: Controlling tinc77598
Node: tincctl runtime options77995
Node: tincctl environment variables78694
Node: tincctl commands79038
Node: tincctl examples83343
Node: tincctl top83948
Node: Technical information85546
Node: The connection85781
Node: The UDP tunnel86093
Node: The meta-connection89154
Node: The meta-protocol90623
Node: Security95632
Node: Authentication protocol96762
Node: Encryption of network packets101766
Node: Security issues103139
Node: Platform specific information104756
Node: Interface configuration104984
Node: Routes107437
Node: About us109353
Node: Contact information109528
Node: Authors109932
Node: Concept Index110337
Node: Host configuration variables45735
Node: Scripts50810
Node: How to configure53489
Node: Network interfaces58079
Node: Example configuration60480
Node: Running tinc65632
Node: Runtime options66225
Node: Signals69088
Node: Debug levels69938
Node: Solving problems70874
Node: Error messages72304
Node: Sending bug reports76626
Node: Controlling tinc77578
Node: tincctl runtime options77975
Node: tincctl environment variables78674
Node: tincctl commands79018
Node: tincctl examples83503
Node: tincctl top84108
Node: Technical information85706
Node: The connection85941
Node: The UDP tunnel86253
Node: The meta-connection89314
Node: The meta-protocol90783
Node: Security95792
Node: Authentication protocol96922
Node: Encryption of network packets101926
Node: Security issues103299
Node: Platform specific information104916
Node: Interface configuration105144
Node: Routes107597
Node: About us109513
Node: Contact information109688
Node: Authors110092
Node: Concept Index110497

End Tag Table

38
doc/tinc.texi
View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2012 Ivo Timmermans,
Copyright @copyright{} 1998-2013 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2012 Ivo Timmermans,
Copyright @copyright{} 1998-2013 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -1063,7 +1063,7 @@ This option selects the way packets are routed to other daemons.
@item router
In this mode Subnet
variables in the host configuration files will be used to form a routing table.
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
Only packets of routable protocols (IPv4 and IPv6) are supported in this mode.
This is the default mode, and unless you really know you need another mode, don't change it.
@ -1098,12 +1098,12 @@ This only has effect when Mode is set to "switch".
@cindex Name
@item Name = <@var{name}> [required]
This is a symbolic name for this connection.
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
If Name starts with a $, then the contents of the environment variable that follows will be used.
In that case, invalid characters will be converted to underscores.
If Name is $HOST, but no such environment variable exist,
the hostname will be read using the gethostnname() system call.
the hostname will be read using the gethostname() system call.
@cindex PingInterval
@item PingInterval = <@var{seconds}> (60)
@ -1242,11 +1242,9 @@ Furthermore, specifying "none" will turn off packet authentication.
@cindex IndirectData
@item IndirectData = <yes|no> (no)
This option specifies whether other tinc daemons besides the one you
specified with ConnectTo can make a direct connection to you. This is
especially useful if you are behind a firewall and it is impossible to
make a connection from the outside to your tinc daemon. Otherwise, it
is best to leave this option out or set it to no.
When set to yes, other nodes which do not already have a meta connection to you
will not try to establish direct communication with you.
It is best to leave this option out or set it to no.
@cindex MACLength
@item MACLength = <@var{bytes}> (4)
@ -1515,11 +1513,12 @@ tincctl -n @var{netname} import
@end example
If you are the owner of bar yourself, and you have SSH access to that computer,
you can also swap the host configuration files using the following commands:
you can also swap the host configuration files using the following command:
@example
tincctl -n @var{netname} export | ssh bar.example.org tincctl -n @var{netname} import
ssh bar.example.org tincctl -n @var{netname} export | tincctl -n @var{netname} import
tincctl -n @var{netname} export \
| ssh bar.example.org tincctl -n @var{netname} exchange \
| tincctl -n @var{netname} import
@end example
You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
@ -1849,6 +1848,8 @@ This option can be used more than once to specify multiple configuration variabl
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
This option is not supported on all platforms.
@item --logfile[=@var{file}]
Write log entries to a file instead of to the system logging facility.
If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
@ -1869,11 +1870,14 @@ Note that this option alone does not do any good without -U/--user, below.
Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
unless it's setup to be runnable inside chroot environment.
This option is not supported on all platforms.
@item -U, --user=@var{user}
Switch to the given @var{user} after initialization, at the same time as
chroot is performed (see --chroot above). With this option tinc drops
privileges, for added security.
This option is not supported on all platforms.
@item --help
Display a short reminder of these runtime options and terminate.
@ -2196,9 +2200,15 @@ Export the host configuration file of the local node to standard output.
Export all host configuration files to standard output.
@item import [--force]
Import host configuration file(s) from standard input.
Import host configuration file(s) generated by the tincctl export command from standard input.
Already existing host configuration files are not overwritten unless the option --force is used.
@item exchange [--force]
The same as export followed by import.
@item exchange-all [--force]
The same as export-all followed by import.
@item start [tincd options]
Start @samp{tincd}, optionally with the given extra options.

12
doc/tincctl.8.in
View file

@ -1,4 +1,4 @@
.Dd 2012-10-14
.Dd 2013-01-15
.Dt TINCCTL 8
.\" Manual page created by:
.\" Scott Lamb
@ -80,10 +80,16 @@ Export the host configuration file of the local node to standard output.
.It export-all
Export all host configuration files to standard output.
.It import Op Fl -force
Import host configuration file(s) from standard input.
Import host configuration data generated by the
.Nm
export command from standard input.
Already existing host configuration files are not overwritten unless the option
.Fl -force
is used.
.It exchange Op Fl -force
The same as export followed by import.
.It exchange-all Op Fl -force
The same as export-all followed by import.
.It start Op tincd options
Start
.Xr tincd 8 ,
@ -206,7 +212,7 @@ Fractional seconds are honored.
Intervals lower than 0.1 seconds are not allowed.
.It Ic c
Toggle between displaying current traffic rates (in packets and bytes per second)
and cummulative traffic (total packets and bytes since the tinc daemon started).
and cumulative traffic (total packets and bytes since the tinc daemon started).
.It Ic n
Sort the list of nodes by name.
.It Ic i

5
doc/tincd.8.in
View file

@ -1,4 +1,4 @@
.Dd 2012-02-22
.Dd 2013-01-14
.Dt TINCD 8
.\" Manual page created by:
.\" Ivo Timmermans
@ -81,6 +81,7 @@ This option can be used more than once to specify multiple configuration variabl
.It Fl L, -mlock
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
This option is not supported on all platforms.
.It Fl -logfile Ns Op = Ns Ar FILE
Write log entries to a file instead of to the system logging facility.
If
@ -104,10 +105,12 @@ Only useful for debugging.
With this option tinc chroots into the directory where network
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
or to the directory specified with -c option) after initialization.
This option is not supported on all platforms.
.It Fl U, -user Ns = Ns Ar USER
setuid to the specified
.Ar USER
after initialization.
This option is not supported on all platforms.
.It Fl -help
Display short list of options.
.It Fl -version

21
gui/tinc-gui
View file

@ -111,11 +111,28 @@ class VPN:
piddir = '/var/run/'
def connect(self):
# read the pidfile
f = open(self.pidfile)
info = string.split(f.readline())
f.close()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((info[2], int(info[4])))
# check if there is a UNIX socket as well
if self.pidfile.endswith(".pid"):
unixfile = self.pidfile.replace(".pid", ".socket");
else:
unixfile = self.pidfile + ".socket";
if os.path.exists(unixfile):
# use it if it exists
print(unixfile + " exists!");
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
s.connect(unixfile)
else:
# otherwise connect via TCP
print(unixfile + " does not exist.");
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((info[2], int(info[4])))
self.sf = s.makefile()
s.close()
hello = string.split(self.sf.readline())

6
src/Makefile.am
View file

@ -9,7 +9,7 @@ tincd_SOURCES = \
buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
protocol_key.c protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c event.c tincd.c \
dummy_device.c raw_socket_device.c multicast_device.c
dummy_device.c raw_socket_device.c multicast_device.c names.c
if UML
tincd_SOURCES += uml_device.c
@ -24,7 +24,7 @@ nodist_tincd_SOURCES = \
tincctl_SOURCES = \
utils.c getopt.c getopt1.c dropin.c \
info.c list.c subnet_parse.c tincctl.c top.c
info.c list.c subnet_parse.c tincctl.c top.c names.c
nodist_tincctl_SOURCES = \
ecdsagen.c rsagen.c
@ -46,7 +46,7 @@ INCLUDES = @INCLUDES@ -I$(top_builddir)
noinst_HEADERS = \
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
nodist_noinst_HEADERS = \
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h

16
src/Makefile.in
View file

@ -82,7 +82,7 @@ sptps_test_LDADD = $(LDADD)
am_tincctl_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) \
getopt1.$(OBJEXT) dropin.$(OBJEXT) info.$(OBJEXT) \
list.$(OBJEXT) subnet_parse.$(OBJEXT) tincctl.$(OBJEXT) \
top.$(OBJEXT)
top.$(OBJEXT) names.$(OBJEXT)
nodist_tincctl_OBJECTS = ecdsagen.$(OBJEXT) rsagen.$(OBJEXT)
tincctl_OBJECTS = $(am_tincctl_OBJECTS) $(nodist_tincctl_OBJECTS)
am__DEPENDENCIES_1 =
@ -95,7 +95,8 @@ am__tincd_SOURCES_DIST = utils.c getopt.c getopt1.c list.c \
protocol_edge.c protocol_misc.c protocol_key.c \
protocol_subnet.c route.c sptps.c subnet.c subnet_parse.c \
event.c tincd.c dummy_device.c raw_socket_device.c \
multicast_device.c uml_device.c vde_device.c bsd/tunemu.c
multicast_device.c names.c uml_device.c vde_device.c \
bsd/tunemu.c
@UML_TRUE@am__objects_1 = uml_device.$(OBJEXT)
@VDE_TRUE@am__objects_2 = vde_device.$(OBJEXT)
@TUNEMU_TRUE@am__objects_3 = tunemu.$(OBJEXT)
@ -113,8 +114,8 @@ am_tincd_OBJECTS = utils.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT) \
route.$(OBJEXT) sptps.$(OBJEXT) subnet.$(OBJEXT) \
subnet_parse.$(OBJEXT) event.$(OBJEXT) tincd.$(OBJEXT) \
dummy_device.$(OBJEXT) raw_socket_device.$(OBJEXT) \
multicast_device.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
$(am__objects_3)
multicast_device.$(OBJEXT) names.$(OBJEXT) $(am__objects_1) \
$(am__objects_2) $(am__objects_3)
nodist_tincd_OBJECTS = device.$(OBJEXT) cipher.$(OBJEXT) \
crypto.$(OBJEXT) ecdh.$(OBJEXT) ecdsa.$(OBJEXT) \
digest.$(OBJEXT) prf.$(OBJEXT) rsa.$(OBJEXT)
@ -252,14 +253,14 @@ tincd_SOURCES = utils.c getopt.c getopt1.c list.c splay_tree.c \
process.c protocol.c protocol_auth.c protocol_edge.c \
protocol_misc.c protocol_key.c protocol_subnet.c route.c \
sptps.c subnet.c subnet_parse.c event.c tincd.c dummy_device.c \
raw_socket_device.c multicast_device.c $(am__append_1) \
raw_socket_device.c multicast_device.c names.c $(am__append_1) \
$(am__append_2) $(am__append_3)
nodist_tincd_SOURCES = \
device.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c rsa.c
tincctl_SOURCES = \
utils.c getopt.c getopt1.c dropin.c \
info.c list.c subnet_parse.c tincctl.c top.c
info.c list.c subnet_parse.c tincctl.c top.c names.c
nodist_tincctl_SOURCES = \
ecdsagen.c rsagen.c
@ -273,7 +274,7 @@ DEFAULT_INCLUDES =
noinst_HEADERS = \
xalloc.h utils.h getopt.h list.h splay_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h ipv6.h ipv4.h ethernet.h \
buffer.h conf.h connection.h control.h control_common.h device.h edge.h graph.h info.h logger.h meta.h net.h netutl.h node.h process.h \
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h
protocol.h route.h subnet.h sptps.h tincctl.h top.h bsd/tunemu.h hash.h event.h names.h
nodist_noinst_HEADERS = \
cipher.h crypto.h ecdh.h ecdsa.h digest.h prf.h rsa.h ecdsagen.h rsagen.h
@ -395,6 +396,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logger.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/meta.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multicast_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/names.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_packet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net_setup.Po@am__quote@

21
src/bsd/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction BSD tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
This program is free software; you can redistribute it and/or modify
@ -24,12 +24,13 @@
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "route.h"
#include "utils.h"
#include "xalloc.h"
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
#include "bsd/tunemu.h"
#endif
@ -44,7 +45,7 @@ typedef enum device_type {
DEVICE_TYPE_TUN,
DEVICE_TYPE_TUNIFHEAD,
DEVICE_TYPE_TAP,
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
DEVICE_TYPE_TUNEMU,
#endif
} device_type_t;
@ -55,7 +56,7 @@ char *iface = NULL;
static char *device_info = NULL;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
#if defined(TUNEMU)
#if defined(ENABLE_TUNEMU)
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
@ -79,7 +80,7 @@ static bool setup_device(void) {
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
if(!strcasecmp(type, "tun"))
/* use default */;
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
else if(!strcasecmp(type, "tunemu"))
device_type = DEVICE_TYPE_TUNEMU;
#endif
@ -99,7 +100,7 @@ static bool setup_device(void) {
}
switch(device_type) {
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: {
char dynamic_name[256] = "";
device_fd = tunemu_open(dynamic_name);
@ -176,7 +177,7 @@ static bool setup_device(void) {
#endif
break;
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
device_info = "BSD tunemu device";
break;
@ -190,7 +191,7 @@ static bool setup_device(void) {
static void close_device(void) {
switch(device_type) {
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
tunemu_close(device_fd);
break;
@ -208,7 +209,7 @@ static bool read_packet(vpn_packet_t *packet) {
switch(device_type) {
case DEVICE_TYPE_TUN:
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
if(device_type == DEVICE_TYPE_TUNEMU)
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
@ -347,7 +348,7 @@ static bool write_packet(vpn_packet_t *packet) {
}
break;
#ifdef HAVE_TUNEMU
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,

386
src/bsd/device.c.orig Normal file
View file

@ -0,0 +1,386 @@
/*
device.c -- Interaction BSD tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "net.h"
#include "route.h"
#include "utils.h"
#include "xalloc.h"
#ifdef ENABLE_TUNEMU
#include "bsd/tunemu.h"
#endif
#define DEFAULT_TUN_DEVICE "/dev/tun0"
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD)
#define DEFAULT_TAP_DEVICE "/dev/tap0"
#else
#define DEFAULT_TAP_DEVICE "/dev/tun0"
#endif
typedef enum device_type {
DEVICE_TYPE_TUN,
DEVICE_TYPE_TUNIFHEAD,
DEVICE_TYPE_TAP,
#ifdef ENABLE_TUNEMU
DEVICE_TYPE_TUNEMU,
#endif
} device_type_t;
int device_fd = -1;
char *device = NULL;
char *iface = NULL;
static char *device_info = NULL;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
#if defined(ENABLE_TUNEMU)
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
#else
static device_type_t device_type = DEVICE_TYPE_TUN;
#endif
static bool setup_device(void) {
char *type;
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
if(routing_mode == RMODE_ROUTER)
device = xstrdup(DEFAULT_TUN_DEVICE);
else
device = xstrdup(DEFAULT_TAP_DEVICE);
}
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
if(!strcasecmp(type, "tun"))
<<<<<<< HEAD
/* use default */;
#ifdef HAVE_TUNEMU
=======
/* use default */;
#ifdef ENABLE_TUNEMU
>>>>>>> 2a3e343... Fix support for tunemu on iOS devices.
else if(!strcasecmp(type, "tunemu"))
device_type = DEVICE_TYPE_TUNEMU;
#endif
else if(!strcasecmp(type, "tunnohead"))
device_type = DEVICE_TYPE_TUN;
else if(!strcasecmp(type, "tunifhead"))
device_type = DEVICE_TYPE_TUNIFHEAD;
else if(!strcasecmp(type, "tap"))
device_type = DEVICE_TYPE_TAP;
else {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown device type %s!", type);
return false;
}
} else {
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
device_type = DEVICE_TYPE_TAP;
}
switch(device_type) {
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: {
char dynamic_name[256] = "";
device_fd = tunemu_open(dynamic_name);
}
break;
#endif
default:
device_fd = open(device, O_RDWR | O_NONBLOCK);
}
if(device_fd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", device, strerror(errno));
return false;
}
#ifdef FD_CLOEXEC
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif
switch(device_type) {
default:
device_type = DEVICE_TYPE_TUN;
case DEVICE_TYPE_TUN:
#ifdef TUNSIFHEAD
{
const int zero = 0;
if(ioctl(device_fd, TUNSIFHEAD, &zero, sizeof zero) == -1) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
return false;
}
}
#endif
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
{
const int mode = IFF_BROADCAST | IFF_MULTICAST;
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
}
#endif
device_info = "Generic BSD tun device";
break;
case DEVICE_TYPE_TUNIFHEAD:
#ifdef TUNSIFHEAD
{
const int one = 1;
if(ioctl(device_fd, TUNSIFHEAD, &one, sizeof one) == -1) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "ioctl", strerror(errno));
return false;
}
}
#endif
#if defined(TUNSIFMODE) && defined(IFF_BROADCAST) && defined(IFF_MULTICAST)
{
const int mode = IFF_BROADCAST | IFF_MULTICAST;
ioctl(device_fd, TUNSIFMODE, &mode, sizeof mode);
}
#endif
device_info = "Generic BSD tun device";
break;
case DEVICE_TYPE_TAP:
if(routing_mode == RMODE_ROUTER)
overwrite_mac = true;
device_info = "Generic BSD tap device";
#ifdef TAPGIFNAME
{
struct ifreq ifr;
if(ioctl(device_fd, TAPGIFNAME, (void*)&ifr) == 0) {
if(iface)
free(iface);
iface = xstrdup(ifr.ifr_name);
}
}
#endif
break;
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
device_info = "BSD tunemu device";
break;
#endif
}
logger(DEBUG_ALWAYS, LOG_INFO, "%s is a %s", device, device_info);
return true;
}
static void close_device(void) {
switch(device_type) {
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
tunemu_close(device_fd);
break;
#endif
default:
close(device_fd);
}
free(device);
free(iface);
}
static bool read_packet(vpn_packet_t *packet) {
int inlen;
switch(device_type) {
case DEVICE_TYPE_TUN:
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
if(device_type == DEVICE_TYPE_TUNEMU)
inlen = tunemu_read(device_fd, packet->data + 14, MTU - 14);
else
#endif
inlen = read(device_fd, packet->data + 14, MTU - 14);
if(inlen <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
switch(packet->data[14] >> 4) {
case 4:
packet->data[12] = 0x08;
packet->data[13] = 0x00;
break;
case 6:
packet->data[12] = 0x86;
packet->data[13] = 0xDD;
break;
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown IP version %d while reading packet from %s %s",
packet->data[14] >> 4, device_info, device);
return false;
}
memset(packet->data, 0, 12);
packet->len = inlen + 14;
break;
case DEVICE_TYPE_TUNIFHEAD: {
u_int32_t type;
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, MTU - 14}};
if((inlen = readv(device_fd, vector, 2)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
switch (ntohl(type)) {
case AF_INET:
packet->data[12] = 0x08;
packet->data[13] = 0x00;
break;
case AF_INET6:
packet->data[12] = 0x86;
packet->data[13] = 0xDD;
break;
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown address family %x while reading packet from %s %s",
ntohl(type), device_info, device);
return false;
}
memset(packet->data, 0, 12);
packet->len = inlen + 10;
break;
}
case DEVICE_TYPE_TAP:
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
packet->len = inlen;
break;
default:
return false;
}
device_total_in += packet->len;
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s",
packet->len, device_info);
return true;
}
static bool write_packet(vpn_packet_t *packet) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
switch(device_type) {
case DEVICE_TYPE_TUN:
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
device, strerror(errno));
return false;
}
break;
case DEVICE_TYPE_TUNIFHEAD: {
u_int32_t type;
struct iovec vector[2] = {{&type, sizeof type}, {packet->data + 14, packet->len - 14}};
int af;
af = (packet->data[12] << 8) + packet->data[13];
switch (af) {
case 0x0800:
type = htonl(AF_INET);
break;
case 0x86DD:
type = htonl(AF_INET6);
break;
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown address family %x while writing packet to %s %s",
af, device_info, device);
return false;
}
if(writev(device_fd, vector, 2) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
strerror(errno));
return false;
}
break;
}
case DEVICE_TYPE_TAP:
if(write(device_fd, packet->data, packet->len) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
device, strerror(errno));
return false;
}
break;
#ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU:
if(tunemu_write(device_fd, packet->data + 14, packet->len - 14) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info,
device, strerror(errno));
return false;
}
break;
#endif
default:
return false;
}
device_total_out += packet->len;
return true;
}
static void dump_device_stats(void) {
logger(DEBUG_ALWAYS, LOG_DEBUG, "Statistics for %s %s:", device_info, device);
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
logger(DEBUG_ALWAYS, LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
}
const devops_t os_devops = {
.setup = setup_device,
.close = close_device,
.read = read_packet,
.write = write_packet,
.dump_stats = dump_device_stats,
};

6
src/conf.c
View file

@ -2,7 +2,7 @@
conf.c -- configuration code
Copyright (C) 1998 Robert van der Meulen
1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
2000 Cris van Pelt
@ -28,6 +28,7 @@
#include "conf.h"
#include "list.h"
#include "logger.h"
#include "names.h"
#include "netutl.h" /* for str2address */
#include "protocol.h"
#include "utils.h" /* for cp */
@ -37,11 +38,8 @@ splay_tree_t *config_tree;
int pinginterval = 0; /* seconds between pings */
int pingtimeout = 0; /* seconds to wait for response */
char *confbase = NULL; /* directory in which all config files are */
char *netname = NULL; /* name of the vpn network */
list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
static int config_compare(const config_t *a, const config_t *b) {
int result;

4
src/conf.h
View file

@ -1,7 +1,7 @@
/*
conf.h -- header for conf.c
Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -39,8 +39,6 @@ extern int pinginterval;
extern int pingtimeout;
extern int maxtimeout;
extern bool bypass_security;
extern char *confbase;
extern char *netname;
extern list_t *cmdline_conf;
extern void init_configuration(splay_tree_t **);

4
src/control.c
View file

@ -1,6 +1,6 @@
/*
control.c -- Control socket handling.
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
#include "graph.h"
#include "logger.h"
#include "meta.h"
#include "names.h"
#include "net.h"
#include "netutl.h"
#include "protocol.h"
@ -33,7 +34,6 @@
#include "xalloc.h"
char controlcookie[65];
extern char *pidfilename;
static bool control_return(connection_t *c, int type, int error) {
return send_request(c, "%d %d %d", CONTROL, type, error);

3
src/cygwin/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Windows tap driver in a Cygwin environment
Copyright (C) 2002-2005 Ivo Timmermans,
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "route.h"
#include "utils.h"

10
src/dropin.c
View file

@ -158,8 +158,18 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
#ifndef HAVE_GETTIMEOFDAY
int gettimeofday(struct timeval *tv, void *tz) {
#ifdef HAVE_MINGW
FILETIME ft;
GetSystemTimeAsFileTime(&ft);
uint64_t lt = (uint64_t)ft.dwLowDateTime | ((uint64_t)ft.dwHighDateTime << 32);
lt -= 116444736000000000ULL;
tv->tv_sec = lt / 10000000;
tv->tv_usec = (lt / 10) % 1000000;
#else
#warning No high resolution time source!
tv->tv_sec = time(NULL);
tv->tv_usec = 0;
#endif
return 0;
}
#endif

2
src/dropin.h
View file

@ -58,7 +58,7 @@ extern int usleep(long long usec);
#define timersub(a, b, r) do {\
(r)->tv_sec = (a)->tv_sec - (b)->tv_sec;\
(r)->tv_usec = (a)->tv_usec - (b)->tv_usec;\
if((r)->tv_usec < 1000000)\
if((r)->tv_usec < 0)\
(r)->tv_sec--, (r)->tv_usec += 1000000;\
} while (0)
#endif

10
src/event.c
View file

@ -52,13 +52,8 @@ static int timeout_compare(const timeout_t *a, const timeout_t *b) {
return 0;
}
static int signal_compare(const signal_t *a, const signal_t *b) {
return a->signum - b->signum;
}
static splay_tree_t io_tree = {.compare = (splay_compare_t)io_compare};
static splay_tree_t timeout_tree = {.compare = (splay_compare_t)timeout_compare};
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
void io_add(io_t *io, io_cb_t cb, void *data, int fd, int flags) {
if(io->cb)
@ -130,8 +125,13 @@ void timeout_del(timeout_t *timeout) {
}
#ifndef HAVE_MINGW
static int signal_compare(const signal_t *a, const signal_t *b) {
return a->signum - b->signum;
}
static io_t signalio;
static int pipefd[2] = {-1, -1};
static splay_tree_t signal_tree = {.compare = (splay_compare_t)signal_compare};
static void signal_handler(int signum) {
unsigned char num = signum;

30
src/graph.c
View file

@ -1,6 +1,6 @@
/*
graph.c -- graph algorithms
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -51,6 +51,7 @@
#include "graph.h"
#include "list.h"
#include "logger.h"
#include "names.h"
#include "netutl.h"
#include "node.h"
#include "process.h"
@ -61,7 +62,7 @@
#include "graph.h"
/* Implementation of Kruskal's algorithm.
Running time: O(E)
Running time: O(EN)
Please note that sorting on weight is already done by add_edge().
*/
@ -78,11 +79,24 @@ static void mst_kruskal(void) {
for splay_each(node_t, n, node_tree)
n->status.visited = false;
/* Add safe edges */
/* Starting point */
for splay_each(edge_t, e, edge_weight_tree) {
if(!e->reverse || (e->from->status.visited && e->to->status.visited))
if(e->from->status.reachable) {
e->from->status.visited = true;
break;
}
}
/* Add safe edges */
bool skipped = false;
for splay_each(edge_t, e, edge_weight_tree) {
if(!e->reverse || (e->from->status.visited == e->to->status.visited)) {
skipped = true;
continue;
}
e->from->status.visited = true;
e->to->status.visited = true;
@ -93,8 +107,12 @@ static void mst_kruskal(void) {
if(e->reverse->connection)
e->reverse->connection->status.mst = true;
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name,
e->to->name, e->weight);
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight);
if(skipped) {
skipped = false;
next = edge_weight_tree->head;
}
}
}

12
src/info.c
View file

@ -58,11 +58,15 @@ static int info_node(int fd, const char *item) {
int code, req, cipher, digest, maclength, compression, distance;
short int pmtu, minmtu, maxmtu;
unsigned int options;
union {
node_status_t bits;
uint32_t raw;
} status_union;
node_status_t status;
long int last_state_change;
while(recvline(fd, line, sizeof line)) {
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, (unsigned *)&status, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
int n = sscanf(line, "%d %d %s %s port %s %d %d %d %d %x %"PRIx32" %s %s %d %hd %hd %hd %ld", &code, &req, node, host, port, &cipher, &digest, &maclength, &compression, &options, &status_union.raw, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
if(n == 2)
break;
@ -92,8 +96,12 @@ static int info_node(int fd, const char *item) {
printf("Address: %s port %s\n", host, port);
char timestr[32] = "never";
time_t lsc_time = last_state_change;
if(last_state_change)
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&last_state_change));
strftime(timestr, sizeof timestr, "%Y-%m-%d %H:%M:%S", localtime(&lsc_time));
status = status_union.bits;
if(status.reachable)
printf("Online since: %s\n", timestr);

3
src/linux/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Linux ethertap and tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "route.h"
#include "utils.h"

4
src/logger.c
View file

@ -1,6 +1,6 @@
/*
logger.c -- logging code
Copyright (C) 2004-2012 Guus Sliepen <guus@tinc-vpn.org>
Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
2004-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -22,6 +22,7 @@
#include "conf.h"
#include "meta.h"
#include "names.h"
#include "logger.h"
#include "connection.h"
#include "control_common.h"
@ -30,7 +31,6 @@
debug_t debug_level = DEBUG_NOTHING;
static logmode_t logmode = LOGMODE_STDERR;
static pid_t logpid;
extern char *logfilename;
static FILE *logfile = NULL;
#ifdef HAVE_MINGW
static HANDLE loghandle = NULL;

43
src/meta.c
View file

@ -185,21 +185,50 @@ bool receive_meta(connection_t *c) {
if(c->tcplen) {
char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
if(tcpbuffer) {
if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
if(!tcpbuffer)
break;
if(!c->node) {
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
} else {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
return false;
}
} else
receive_tcppacket(c, tcpbuffer, c->tcplen);
c->tcplen = 0;
continue;
} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
if(tcpbuffer[0] != 5) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
return false;
}
if(tcpbuffer[1] == (char)0xff) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
return false;
}
if(tcpbuffer[2] != 5) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
return false;
}
if(tcpbuffer[3] == 0) {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
} else {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
return false;
}
} else {
logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
abort();
}
} else {
break;
if(c->allow_request == ALL) {
receive_tcppacket(c, tcpbuffer, c->tcplen);
} else {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
return false;
}
}
c->tcplen = 0;
}
/* Otherwise we are waiting for a request */

13
src/mingw/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Windows tap driver in a MinGW environment
Copyright (C) 2002-2005 Ivo Timmermans,
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "route.h"
#include "utils.h"
@ -46,7 +47,7 @@ extern char *myport;
static DWORD WINAPI tapreader(void *bla) {
int status;
long len;
DWORD len;
OVERLAPPED overlapped;
vpn_packet_t packet;
@ -61,7 +62,7 @@ static DWORD WINAPI tapreader(void *bla) {
overlapped.OffsetHigh = 0;
ResetEvent(overlapped.hEvent);
status = ReadFile(device_handle, packet.data, MTU, &len, &overlapped);
status = ReadFile(device_handle, (void *)packet.data, MTU, &len, &overlapped);
if(!status) {
if(GetLastError() == ERROR_IO_PENDING) {
@ -91,7 +92,7 @@ static bool setup_device(void) {
char adapterid[1024];
char adaptername[1024];
char tapname[1024];
long len;
DWORD len;
unsigned long status;
bool found = false;
@ -122,7 +123,7 @@ static bool setup_device(void) {
continue;
len = sizeof adaptername;
err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
err = RegQueryValueEx(key2, "Name", 0, 0, (LPBYTE)adaptername, &len);
RegCloseKey(key2);
@ -222,7 +223,7 @@ static bool read_packet(vpn_packet_t *packet) {
}
static bool write_packet(vpn_packet_t *packet) {
long outlen;
DWORD outlen;
OVERLAPPED overlapped = {0};
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",

4
src/multicast_device.c
View file

@ -165,7 +165,7 @@ static void close_device(void) {
static bool read_packet(vpn_packet_t *packet) {
int lenin;
if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) {
if((lenin = recv(device_fd, (void *)packet->data, MTU, 0)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
@ -191,7 +191,7 @@ static bool write_packet(vpn_packet_t *packet) {
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info);
if(sendto(device_fd, packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
if(sendto(device_fd, (void *)packet->data, packet->len, 0, ai->ai_addr, ai->ai_addrlen) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
strerror(errno));
return false;

106
src/names.c Normal file
View file

@ -0,0 +1,106 @@
/*
names.c -- generate commonly used (file)names
Copyright (C) 1998-2005 Ivo Timmermans
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "logger.h"
#include "xalloc.h"
char *netname = NULL;
char *confdir = NULL; /* base configuration directory */
char *confbase = NULL; /* base configuration directory for this instance of tinc */
char *identname = NULL; /* program name for syslog */
char *unixsocketname = NULL; /* UNIX socket location */
char *logfilename = NULL; /* log file location */
char *pidfilename = NULL;
char *program_name = NULL;
/*
Set all files and paths according to netname
*/
void make_names(void) {
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
DWORD len = sizeof installdir;
#endif
if(netname)
xasprintf(&identname, "tinc.%s", netname);
else
identname = xstrdup("tinc");
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
confdir = xstrdup(installdir);
if(!logfilename)
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", installdir, identname);
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
}
RegCloseKey(key);
}
#endif
if(!confdir)
confdir = xstrdup(CONFDIR SLASH "tinc");
if(!logfilename)
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
if(!pidfilename)
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
if(!unixsocketname) {
int len = strlen(pidfilename);
unixsocketname = xmalloc(len + 8);
strcpy(unixsocketname, pidfilename);
if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
strcpy(unixsocketname + len - 4, ".socket");
else
strcpy(unixsocketname + len, ".socket");
}
if(netname) {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
else
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
} else {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc");
}
}
void free_names(void) {
free(identname);
free(netname);
free(unixsocketname);
free(pidfilename);
free(logfilename);
free(confbase);
free(confdir);
}

36
src/names.h Normal file
View file

@ -0,0 +1,36 @@
/*
names.h -- header for names.c
Copyright (C) 1998-2005 Ivo Timmermans
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef __TINC_NAMES_H__
#define __TINC_NAMES_H__
extern char *confdir;
extern char *confbase;
extern char *netname;
extern char *identname;
extern char *unixsocketname;
extern char *logfilename;
extern char *pidfilename;
extern char *program_name;
extern void make_names(void);
extern void free_names(void);
#endif /* __TINC_NAMES_H__ */

24
src/net.c
View file

@ -1,7 +1,7 @@
/*
net.c -- most of the network code
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2011 Loïc Grenié <loic.grenie@gmail.com>
@ -29,6 +29,7 @@
#include "graph.h"
#include "logger.h"
#include "meta.h"
#include "names.h"
#include "net.h"
#include "netutl.h"
#include "process.h"
@ -280,29 +281,13 @@ static void periodic_handler(void *data) {
}
void handle_meta_connection_data(connection_t *c) {
int result;
socklen_t len = sizeof result;
if(c->status.connecting) {
c->status.connecting = false;
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len);
if(!result)
finish_connecting(c);
else {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
terminate_connection(c, false);
return;
}
}
if (!receive_meta(c)) {
terminate_connection(c, c->status.active);
return;
}
}
#ifndef HAVE_MINGW
static void sigterm_handler(void *data) {
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
event_exit();
@ -318,6 +303,7 @@ static void sigalrm_handler(void *data) {
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got %s signal", strsignal(((signal_t *)data)->signum));
retry();
}
#endif
int reload_configuration(void) {
char *fname;
@ -451,11 +437,13 @@ int main_loop(void) {
signal_t sighup = {0};
signal_t sigterm = {0};
signal_t sigquit = {0};
signal_t sigint = {0};
signal_t sigalrm = {0};
signal_add(&sighup, sighup_handler, &sighup, SIGHUP);
signal_add(&sigterm, sigterm_handler, &sigterm, SIGTERM);
signal_add(&sigquit, sigterm_handler, &sigquit, SIGQUIT);
signal_add(&sigint, sigterm_handler, &sigint, SIGINT);
signal_add(&sigalrm, sigalrm_handler, &sigalrm, SIGALRM);
#endif

4
src/net.h
View file

@ -1,7 +1,7 @@
/*
net.h -- header for net.c
Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -128,6 +128,7 @@ extern bool localdiscovery;
extern listen_socket_t listen_socket[MAXSOCKETS];
extern int listen_sockets;
extern io_t unix_socket;
extern int keylifetime;
extern int udp_rcvbuf;
extern int udp_sndbuf;
@ -164,6 +165,7 @@ extern void handle_incoming_vpn_data(void *, int);
extern void finish_connecting(struct connection_t *);
extern bool do_outgoing_connection(struct outgoing_t *);
extern void handle_new_meta_connection(void *, int);
extern void handle_new_unix_connection(void *, int);
extern int setup_listen_socket(const sockaddr_t *);
extern int setup_vpn_in_socket(const sockaddr_t *);
extern bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len);

74
src/net_packet.c
View file

@ -1,7 +1,7 @@
/*
net_packet.c -- Handles in- and outgoing VPN packets
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2010 Timothy Redaelli <timothy@redaelli.eu>
2010 Brandon Black <blblack@gmail.com>
@ -22,12 +22,6 @@
#include "system.h"
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#ifdef HAVE_ZLIB
#include <zlib.h>
#endif
@ -70,11 +64,15 @@ bool localdiscovery = false;
mtuprobes == 32: send 1 burst, sleep pingtimeout second
mtuprobes == 33: no response from other side, restart PMTU discovery process
Probes are sent in batches of three, with random sizes between the lower and
upper boundaries for the MTU thus far discovered.
Probes are sent in batches of at least three, with random sizes between the
lower and upper boundaries for the MTU thus far discovered.
In case local discovery is enabled, a fourth packet is added to each batch,
After the initial discovery, a fourth packet is added to each batch with a
size larger than the currently known PMTU, to test if the PMTU has increased.
In case local discovery is enabled, another packet is added to each batch,
which will be broadcast to the local network.
*/
static void send_mtu_probe_handler(void *data) {
@ -125,13 +123,18 @@ static void send_mtu_probe_handler(void *data) {
timeout = pingtimeout;
}
for(int i = 0; i < 3 + localdiscovery; i++) {
for(int i = 0; i < 4 + localdiscovery; i++) {
int len;
if(n->maxmtu <= n->minmtu)
if(i == 0) {
if(n->mtuprobes < 30 || n->maxmtu + 8 >= MTU)
continue;
len = n->maxmtu + 8;
} else if(n->maxmtu <= n->minmtu) {
len = n->maxmtu;
else
} else {
len = n->minmtu + 1 + rand() % (n->maxmtu - n->minmtu);
}
if(len < 64)
len = 64;
@ -140,7 +143,7 @@ static void send_mtu_probe_handler(void *data) {
memset(packet.data, 0, 14);
randomize(packet.data + 14, len - 14);
packet.len = len;
if(i >= 3 && n->mtuprobes <= 10)
if(i >= 4 && n->mtuprobes <= 10)
packet.priority = -1;
else
packet.priority = 0;
@ -150,6 +153,21 @@ static void send_mtu_probe_handler(void *data) {
send_udppacket(n, &packet);
}
n->probe_counter = 0;
gettimeofday(&n->probe_time, NULL);
/* Calculate the packet loss of incoming traffic by comparing the rate of
packets received to the rate with which the sequence number has increased.
*/
if(n->received > n->prev_received)
n->packetloss = 1.0 - (n->received - n->prev_received) / (float)(n->received_seqno - n->prev_received_seqno);
else
n->packetloss = n->received_seqno <= n->prev_received_seqno;
n->prev_received_seqno = n->received_seqno;
n->prev_received = n->received;
end:
timeout_set(&n->mtutimeout, &(struct timeval){timeout, rand() % 100000});
}
@ -184,6 +202,13 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
/* If we haven't established the PMTU yet, restart the discovery process. */
if(n->mtuprobes > 30) {
if (len == n->maxmtu + 8) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
n->maxmtu = MTU;
n->mtuprobes = 10;
return;
}
if(n->minmtu)
n->mtuprobes = 30;
else
@ -196,6 +221,25 @@ static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
len = n->maxmtu;
if(n->minmtu < len)
n->minmtu = len;
/* Calculate RTT and bandwidth.
The RTT is the time between the MTU probe burst was sent and the first
reply is received. The bandwidth is measured using the time between the
arrival of the first and third probe reply.
*/
struct timeval now, diff;
gettimeofday(&now, NULL);
timersub(&now, &n->probe_time, &diff);
n->probe_counter++;
if(n->probe_counter == 1) {
n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
n->probe_time = now;
} else if(n->probe_counter == 3) {
n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
}
}
}
@ -365,6 +409,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
if(inpkt->seqno > n->received_seqno)
n->received_seqno = inpkt->seqno;
n->received++;
if(n->received_seqno > MAX_SEQNO)
regenerate_key();

39
src/net_setup.c
View file

@ -1,7 +1,7 @@
/*
net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com>
@ -31,6 +31,7 @@
#include "ecdsa.h"
#include "graph.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "netutl.h"
#include "process.h"
@ -807,6 +808,37 @@ static bool setup_myself(void) {
/* Open sockets */
#ifndef HAVE_MINGW
int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
if(unix_fd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
return false;
}
struct sockaddr_un sa;
sa.sun_family = AF_UNIX;
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
if(connect(unix_fd, (struct sockaddr *)&sa, sizeof sa) >= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
return false;
}
unlink(unixsocketname);
if(bind(unix_fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
return false;
}
if(listen(unix_fd, 3) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
return false;
}
io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
#endif
if(!do_detach && getenv("LISTEN_FDS")) {
sockaddr_t sa;
socklen_t salen;
@ -991,6 +1023,11 @@ void close_network_connections(void) {
close(listen_socket[i].udp.fd);
}
#ifndef HAVE_MINGW
io_del(&unix_socket);
close(unix_socket.fd);
#endif
char *envp[5];
xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
xasprintf(&envp[1], "DEVICE=%s", device ? : "");

74
src/net_socket.c
View file

@ -1,7 +1,7 @@
/*
net_socket.c -- Handle various kinds of sockets.
Copyright (C) 1998-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2009 Florian Forster <octo@verplant.org>
@ -24,9 +24,11 @@
#include "conf.h"
#include "connection.h"
#include "control_common.h"
#include "list.h"
#include "logger.h"
#include "meta.h"
#include "names.h"
#include "net.h"
#include "netutl.h"
#include "protocol.h"
@ -46,6 +48,9 @@ int udp_sndbuf = 0;
listen_socket_t listen_socket[MAXSOCKETS];
int listen_sockets;
#ifndef HAVE_MINGW
io_t unix_socket;
#endif
list_t *outgoing_list = NULL;
/* Setup sockets */
@ -289,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
void finish_connecting(connection_t *c) {
logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
if(proxytype != PROXY_EXEC)
configure_tcp(c);
c->last_ping_time = time(NULL);
c->status.connecting = false;
@ -368,10 +370,28 @@ static void handle_meta_write(connection_t *c) {
}
static void handle_meta_io(void *data, int flags) {
connection_t *c = data;
if(c->status.connecting) {
c->status.connecting = false;
int result;
socklen_t len = sizeof result;
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len);
if(!result)
finish_connecting(c);
else {
logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result));
terminate_connection(c, false);
return;
}
}
if(flags & IO_WRITE)
handle_meta_write(data);
handle_meta_write(c);
else
handle_meta_connection_data(data);
handle_meta_connection_data(c);
}
bool do_outgoing_connection(outgoing_t *outgoing) {
@ -436,6 +456,7 @@ begin:
}
logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
configure_tcp(c);
}
if(c->socket == -1) {
@ -488,7 +509,7 @@ begin:
connection_add(c);
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE);
return true;
}
@ -561,6 +582,45 @@ void handle_new_meta_connection(void *data, int flags) {
send_id(c);
}
#ifndef HAVE_MINGW
/*
accept a new UNIX socket connection
*/
void handle_new_unix_connection(void *data, int flags) {
io_t *io = data;
connection_t *c;
sockaddr_t sa;
int fd;
socklen_t len = sizeof sa;
fd = accept(io->fd, &sa.sa, &len);
if(fd < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Accepting a new connection failed: %s", sockstrerror(sockerrno));
return;
}
sockaddrunmap(&sa);
c = new_connection();
c->name = xstrdup("<control>");
c->address = sa;
c->hostname = xstrdup("localhost port unix");
c->socket = fd;
c->last_ping_time = time(NULL);
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname);
io_add(&c->io, handle_meta_io, c, c->socket, IO_READ);
connection_add(c);
c->allow_request = ID;
send_id(c);
}
#endif
static void free_outgoing(outgoing_t *outgoing) {
timeout_del(&outgoing->ev);

10
src/node.h
View file

@ -1,6 +1,6 @@
/*
node.h -- header for node.c
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
2001-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -77,6 +77,9 @@ typedef struct node_t {
uint32_t sent_seqno; /* Sequence number last sent to this node */
uint32_t received_seqno; /* Sequence number last received from this node */
uint32_t received; /* Total valid packets received from this node */
uint32_t prev_received_seqno;
uint32_t prev_received;
uint32_t farfuture; /* Packets in a row that have arrived from the far future */
unsigned char* late; /* Bitfield marking late packets */
@ -85,6 +88,11 @@ typedef struct node_t {
length_t maxmtu; /* Probed maximum MTU */
int mtuprobes; /* Number of probes */
timeout_t mtutimeout; /* Probe event */
struct timeval probe_time; /* Time the last probe was sent or received */
int probe_counter; /* Number of probes received since last burst was sent */
float rtt; /* Last measured round trip time */
float bandwidth; /* Last measured bandwidth */
float packetloss; /* Last measured packet loss rate */
uint64_t in_packets;
uint64_t in_bytes;

12
src/process.c
View file

@ -1,7 +1,7 @@
/*
process.c -- process management functions
Copyright (C) 1999-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -27,6 +27,7 @@
#include "edge.h"
#include "event.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "node.h"
#include "process.h"
@ -38,17 +39,12 @@
bool do_detach = true;
bool sigalrm = false;
extern char *identname;
extern char **g_argv;
extern bool use_logfile;
/* Some functions the less gifted operating systems might lack... */
#ifdef HAVE_MINGW
extern char *identname;
extern char *program_name;
extern char **g_argv;
static SC_HANDLE manager = NULL;
static SC_HANDLE service = NULL;
static SERVICE_STATUS status = {0};
@ -263,8 +259,8 @@ bool execute_script(const char *name, char **envp) {
}
}
#ifdef WEXITSTATUS
if(status != -1) {
#ifdef WEXITSTATUS
if(WIFEXITED(status)) { /* Child exited by itself */
if(WEXITSTATUS(status)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s exited with non-zero status %d",
@ -279,11 +275,11 @@ bool execute_script(const char *name, char **envp) {
logger(DEBUG_ALWAYS, LOG_ERR, "Script %s terminated abnormally", name);
return false;
}
#endif
} else {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
return false;
}
#endif
#endif
return true;
}

2
src/protocol.c
View file

@ -111,7 +111,7 @@ void forward_request(connection_t *from, const char *request) {
}
bool receive_request(connection_t *c, const char *request) {
if(proxytype == PROXY_HTTP && c->allow_request == ID) {
if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
if(!request[0] || request[0] == '\r')
return true;
if(!strncasecmp(request, "HTTP/1.1 ", 9)) {

2
src/protocol_auth.c
View file

@ -139,7 +139,7 @@ bool send_id(connection_t *c) {
minor = myself->connection->protocol_minor;
}
if(proxytype)
if(proxytype && c->outgoing)
if(!send_proxyrequest(c))
return false;

3
src/protocol_key.c
View file

@ -1,7 +1,7 @@
/*
protocol_key.c -- handle the meta-protocol, key exchange
Copyright (C) 1999-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -278,6 +278,7 @@ bool send_ans_key(node_t *to) {
// Reset sequence number and late packet window
mykeyused = true;
to->received_seqno = 0;
to->received = 0;
if(replaywin) memset(to->late, 0, replaywin);
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,

8
src/route.c
View file

@ -1,7 +1,7 @@
/*
route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -835,6 +835,11 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
return;
uint16_t type = packet->data[12] << 8 | packet->data[13];
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
packet->priority = packet->data[15];
// Handle packets larger than PMTU
node_t *via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
@ -844,7 +849,6 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
if(via && packet->len > via->mtu && via != myself) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
uint16_t type = packet->data[12] << 8 | packet->data[13];
length_t ethlen = 14;
if(type == ETH_P_8021Q) {

3
src/solaris/device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- Interaction with Solaris tun device
Copyright (C) 2001-2005 Ivo Timmermans,
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -28,6 +28,7 @@
#include "conf.h"
#include "device.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "utils.h"
#include "xalloc.h"

29
src/sptps.c
View file

@ -1,6 +1,6 @@
/*
sptps.c -- Simple Peer-to-Peer Security
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
2010 Brandon L. Black <blblack@gmail.com>
This program is free software; you can redistribute it and/or modify
@ -439,6 +439,17 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
return receive_handshake(s, data + 5, len - 5);
}
// Check HMAC.
uint16_t netlen = htons(len - 21);
char buffer[len + 23];
memcpy(buffer, &netlen, 2);
memcpy(buffer + 2, data, len);
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
return error(s, EIO, "Invalid HMAC");
// Replay protection using a sliding window of configurable size.
// s->inseqno is expected sequence number
// seqno is received sequence number
@ -473,19 +484,13 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
if(seqno > s->inseqno)
s->inseqno = seqno + 1;
uint16_t netlen = htons(len - 21);
char buffer[len + 23];
memcpy(buffer, &netlen, 2);
memcpy(buffer + 2, data, len);
if(!s->inseqno)
s->received = 0;
else
s->received++;
// Decrypt.
memcpy(&seqno, buffer + 2, 4);
// Check HMAC and decrypt.
if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
return error(s, EIO, "Invalid HMAC");
cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
return false;

3
src/sptps.h
View file

@ -1,6 +1,6 @@
/*
sptps.h -- Simple Peer-to-Peer Security
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -56,6 +56,7 @@ typedef struct sptps {
cipher_t incipher;
digest_t indigest;
uint32_t inseqno;
uint32_t received;
unsigned int replaywin;
unsigned int farfuture;
char *late;

3
src/subnet.c
View file

@ -1,6 +1,6 @@
/*
subnet.c -- handle subnet lookups and lists
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans
This program is free software; you can redistribute it and/or modify
@ -25,6 +25,7 @@
#include "device.h"
#include "hash.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "netutl.h"
#include "node.h"

216
src/tincctl.c
View file

@ -1,6 +1,6 @@
/*
tincctl.c -- Controlling a running tincd
Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -31,6 +31,7 @@
#include "control_common.h"
#include "ecdsagen.h"
#include "info.h"
#include "names.h"
#include "rsagen.h"
#include "utils.h"
#include "tincctl.h"
@ -40,10 +41,6 @@
#define mkdir(a, b) mkdir(a)
#endif
/* The name this program was run with. */
static char *program_name = NULL;
static char **orig_argv;
static int orig_argc;
@ -54,12 +51,7 @@ static bool show_help = false;
static bool show_version = false;
static char *name = NULL;
static char *identname = NULL; /* program name for syslog */
static char *pidfilename = NULL; /* pid file location */
static char *confdir = NULL;
static char controlcookie[1025];
char *netname = NULL;
char *confbase = NULL;
static char *tinc_conf = NULL;
static char *hosts_dir = NULL;
struct timeval now;
@ -107,10 +99,9 @@ static void version(void) {
}
static void usage(bool status) {
if(status)
fprintf(stderr, "Try `%s --help\' for more information.\n",
program_name);
else {
if(status) {
fprintf(stderr, "Try `%s --help\' for more information.\n", program_name);
} else {
printf("Usage: %s [options] command\n\n", program_name);
printf("Valid options are:\n"
" -c, --config=DIR Read configuration options from DIR.\n"
@ -153,6 +144,8 @@ static void usage(bool status) {
" export Export host configuration of local node to standard output\n"
" export-all Export all host configuration files to standard output\n"
" import [--force] Import host configuration file(s) from standard input\n"
" exchange [--force] Same as export followed by import\n"
" exchange-all [--force] Same as export-all followed by import\n"
"\n");
printf("Report bugs to tinc@tinc-vpn.org.\n");
}
@ -453,62 +446,6 @@ static bool rsa_keygen(int bits, bool ask) {
return true;
}
/*
Set all files and paths according to netname
*/
static void make_names(void) {
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
long len = sizeof installdir;
#endif
if(netname)
xasprintf(&identname, "tinc.%s", netname);
else
identname = xstrdup("tinc");
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
}
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
RegCloseKey(key);
}
if(!*installdir) {
#endif
confdir = xstrdup(CONFDIR);
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "run" SLASH "%s.pid", LOCALSTATEDIR, identname);
if(netname) {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
else
fprintf(stderr, "Both netname and configuration directory given, using the latter...\n");
} else {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc");
}
#ifdef HAVE_MINGW
} else
confdir = xstrdup(installdir);
#endif
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
}
static char buffer[4096];
static size_t blen = 0;
@ -729,6 +666,26 @@ static bool connect_tincd(bool verbose) {
}
#endif
#ifndef HAVE_MINGW
struct sockaddr_un sa;
sa.sun_family = AF_UNIX;
strncpy(sa.sun_path, unixsocketname, sizeof sa.sun_path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if(fd < 0) {
if(verbose)
fprintf(stderr, "Cannot create UNIX socket: %s\n", sockstrerror(sockerrno));
return false;
}
if(connect(fd, (struct sockaddr *)&sa, sizeof sa) < 0) {
if(verbose)
fprintf(stderr, "Cannot connect to UNIX socket %s: %s\n", unixsocketname, sockstrerror(sockerrno));
close(fd);
fd = -1;
return false;
}
#else
struct addrinfo hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
@ -769,6 +726,7 @@ static bool connect_tincd(bool verbose) {
}
freeaddrinfo(res);
#endif
char data[4096];
int version;
@ -854,6 +812,11 @@ static int cmd_start(int argc, char *argv[]) {
}
static int cmd_stop(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
#ifndef HAVE_MINGW
if(!connect_tincd(true)) {
if(pid) {
@ -871,16 +834,10 @@ static int cmd_stop(int argc, char *argv[]) {
}
sendline(fd, "%d %d", CONTROL, REQ_STOP);
if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_STOP || result) {
fprintf(stderr, "Could not stop tinc daemon.\n");
return 1;
}
// Wait for tincd to close the connection...
fd_set r;
FD_ZERO(&r);
FD_SET(fd, &r);
select(fd + 1, &r, NULL, NULL, NULL);
while(recvline(fd, line, sizeof line)) {
// Wait for tincd to close the connection...
}
#else
if(!remove_service())
return 1;
@ -898,6 +855,11 @@ static int cmd_restart(int argc, char *argv[]) {
}
static int cmd_reload(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true))
return 1;
@ -1070,6 +1032,11 @@ static int cmd_dump(int argc, char *argv[]) {
}
static int cmd_purge(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true))
return 1;
@ -1105,6 +1072,11 @@ static int cmd_debug(int argc, char *argv[]) {
}
static int cmd_retry(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true))
return 1;
@ -1164,6 +1136,11 @@ static int cmd_disconnect(int argc, char *argv[]) {
}
static int cmd_top(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
#ifdef HAVE_CURSES
if(!connect_tincd(true))
return 1;
@ -1177,6 +1154,11 @@ static int cmd_top(int argc, char *argv[]) {
}
static int cmd_pcap(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true))
return 1;
@ -1185,6 +1167,11 @@ static int cmd_pcap(int argc, char *argv[]) {
}
static int cmd_log(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true))
return 1;
@ -1193,6 +1180,11 @@ static int cmd_log(int argc, char *argv[]) {
}
static int cmd_pid(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
if(!connect_tincd(true) && !pid)
return 1;
@ -1613,7 +1605,10 @@ static int cmd_init(int argc, char *argv[]) {
return 1;
}
if(argc < 2) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
} else if(argc < 2) {
if(tty) {
char buf[1024];
fprintf(stdout, "Enter the Name you want your tinc node to have: ");
@ -1692,14 +1687,29 @@ static int cmd_init(int argc, char *argv[]) {
}
static int cmd_generate_keys(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
}
static int cmd_generate_rsa_keys(int argc, char *argv[]) {
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
}
static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
return !ecdsa_keygen(true);
}
@ -1709,6 +1719,11 @@ static int cmd_help(int argc, char *argv[]) {
}
static int cmd_version(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
version();
return 0;
}
@ -1811,14 +1826,29 @@ static int export(const char *name, FILE *out) {
}
static int cmd_export(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
char *name = get_my_name();
if(!name)
return 1;
return export(name, stdout);
int result = export(name, stdout);
if(!tty)
fclose(stdout);
free(name);
return result;
}
static int cmd_export_all(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
DIR *dir = opendir(hosts_dir);
if(!dir) {
fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
@ -1842,21 +1872,30 @@ static int cmd_export_all(int argc, char *argv[]) {
}
closedir(dir);
if(!tty)
fclose(stdout);
return result;
}
static int cmd_import(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
FILE *in = stdin;
FILE *out = NULL;
char buf[4096];
char name[4096];
char *filename;
char *filename = NULL;
int count = 0;
bool firstline = true;
while(fgets(buf, sizeof buf, in)) {
if(sscanf(buf, "Name = %s", name) == 1) {
firstline = false;
if(!check_id(name)) {
fprintf(stderr, "Invalid Name in input!\n");
return 1;
@ -1881,7 +1920,6 @@ static int cmd_import(int argc, char *argv[]) {
}
count++;
firstline = false;
continue;
} else if(firstline) {
fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
@ -1912,6 +1950,14 @@ static int cmd_import(int argc, char *argv[]) {
}
}
static int cmd_exchange(int argc, char *argv[]) {
return cmd_export(argc, argv) ?: cmd_import(argc, argv);
}
static int cmd_exchange_all(int argc, char *argv[]) {
return cmd_export_all(argc, argv) ?: cmd_import(argc, argv);
}
static const struct {
const char *command;
int (*function)(int argc, char *argv[]);
@ -1942,6 +1988,8 @@ static const struct {
{"export", cmd_export},
{"export-all", cmd_export_all},
{"import", cmd_import},
{"exchange", cmd_exchange},
{"exchange-all", cmd_exchange_all},
{NULL, NULL},
};
@ -2189,6 +2237,8 @@ int main(int argc, char *argv[]) {
return 1;
make_names();
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
if(show_version) {
version();

106
src/tincd.c
View file

@ -1,7 +1,7 @@
/*
tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu>
@ -33,12 +33,6 @@
#include <sys/mman.h>
#endif
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#ifdef HAVE_LZO
#include LZO1X_H
#endif
@ -56,6 +50,7 @@
#include "crypto.h"
#include "device.h"
#include "logger.h"
#include "names.h"
#include "net.h"
#include "netutl.h"
#include "process.h"
@ -63,9 +58,6 @@
#include "utils.h"
#include "xalloc.h"
/* The name this program was run with. */
char *program_name = NULL;
/* If nonzero, display usage information and exit. */
static bool show_help = false;
@ -75,21 +67,22 @@ static bool show_version = false;
/* If nonzero, use null ciphers and skip all key exchanges. */
bool bypass_security = false;
#ifdef HAVE_MLOCKALL
/* If nonzero, disable swapping for this process. */
static bool do_mlock = false;
#endif
#ifndef HAVE_MINGW
/* If nonzero, chroot to netdir after startup. */
static bool do_chroot = false;
/* If !NULL, do setuid to given user after startup */
static const char *switchuser = NULL;
#endif
/* If nonzero, write log entries to a separate file. */
bool use_logfile = false;
char *identname = NULL; /* program name for syslog */
char *logfilename = NULL; /* log file location */
char *pidfilename = NULL;
char **g_argv; /* a copy of the cmdline arguments */
static int status = 1;
@ -127,13 +120,18 @@ static void usage(bool status) {
" -D, --no-detach Don't fork and detach.\n"
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
" -n, --net=NETNAME Connect to net NETNAME.\n"
#ifdef HAVE_MLOCKALL
" -L, --mlock Lock tinc into main memory.\n"
#endif
" --logfile[=FILENAME] Write log entries to a logfile.\n"
" --pidfile=FILENAME Write PID and control socket cookie to FILENAME.\n"
" --bypass-security Disables meta protocol security, for debugging.\n"
" -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n"
#ifndef HAVE_MINGW
" -R, --chroot chroot to NET dir at startup.\n"
" -U, --user=USER setuid to given USER at startup.\n" " --help Display this help and exit.\n"
" -U, --user=USER setuid to given USER at startup.\n"
#endif
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n");
printf("Report bugs to tinc@tinc-vpn.org.\n");
}
@ -162,7 +160,7 @@ static bool parse_options(int argc, char **argv) {
case 'L': /* no detach */
#ifndef HAVE_MLOCKALL
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "mlockall()");
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
return false;
#else
do_mlock = true;
@ -187,6 +185,12 @@ static bool parse_options(int argc, char **argv) {
list_insert_tail(cmdline_conf, cfg);
break;
#ifdef HAVE_MINGW
case 'R':
case 'U':
logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
return false;
#else
case 'R': /* chroot to NETNAME dir */
do_chroot = true;
break;
@ -194,6 +198,7 @@ static bool parse_options(int argc, char **argv) {
case 'U': /* setuid to USER */
switchuser = optarg;
break;
#endif
case 1: /* show help */
show_help = true;
@ -244,77 +249,8 @@ static bool parse_options(int argc, char **argv) {
return true;
}
/*
Set all files and paths according to netname
*/
static void make_names(void) {
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
long len = sizeof installdir;
#endif
if(netname)
xasprintf(&identname, "tinc.%s", netname);
else
identname = xstrdup("tinc");
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
if(!logfilename)
xasprintf(&logfilename, "%s" SLASH "log" SLASH "%s.log", identname);
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s" SLASH "%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
if(!pidfilename)
xasprintf(&pidfilename, "%s" SLASH "pid", confbase);
}
RegCloseKey(key);
if(*installdir)
return;
}
#endif
if(!logfilename)
xasprintf(&logfilename, LOCALSTATEDIR SLASH "log" SLASH "%s.log", identname);
if(!pidfilename)
xasprintf(&pidfilename, LOCALSTATEDIR SLASH "run" SLASH "%s.pid", identname);
if(netname) {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc" SLASH "%s", netname);
else
logger(DEBUG_ALWAYS, LOG_INFO, "Both netname and configuration directory given, using the latter...");
} else {
if(!confbase)
xasprintf(&confbase, CONFDIR SLASH "tinc");
}
}
static void free_names(void) {
if (identname) free(identname);
if (netname) free(netname);
if (pidfilename) free(pidfilename);
if (logfilename) free(logfilename);
if (confbase) free(confbase);
}
static bool drop_privs(void) {
#ifdef HAVE_MINGW
if (switchuser) {
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-U");
return false;
}
if (do_chroot) {
logger(DEBUG_ALWAYS, LOG_ERR, "%s not supported on this platform", "-R");
return false;
}
#else
#ifndef HAVE_MINGW
uid_t uid = 0;
if (switchuser) {
struct passwd *pw = getpwnam(switchuser);

9
src/top.c
View file

@ -1,6 +1,6 @@
/*
top.c -- Show real-time statistics from a running tincd
Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>
Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -25,6 +25,7 @@
#include "control_common.h"
#include "list.h"
#include "names.h"
#include "tincctl.h"
#include "top.h"
#include "xalloc.h"
@ -65,10 +66,6 @@ static float bscale = 1;
static const char *punit = "pkts";
static float pscale = 1;
#ifndef timersub
#define timersub(a, b, c) do {(c)->tv_sec = (a)->tv_sec - (b)->tv_sec; (c)->tv_usec = (a)->tv_usec = (b)->tv_usec;} while(0)
#endif
static void update(int fd) {
sendline(fd, "%d %d", CONTROL, REQ_DUMP_TRAFFIC);
gettimeofday(&cur, NULL);
@ -229,7 +226,7 @@ static void redraw(void) {
attrset(A_DIM);
if(cumulative)
mvprintw(row, 0, "%-16s %10"PRIu64" %10.0f %10"PRIu64" %10.0f",
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",
node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale);
else
mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f",

28
src/uml_device.c
View file

@ -1,7 +1,7 @@
/*
device.c -- UML network socket
Copyright (C) 2002-2005 Ivo Timmermans,
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@
#include "conf.h"
#include "device.h"
#include "names.h"
#include "net.h"
#include "logger.h"
#include "utils.h"
@ -37,9 +38,6 @@ static int write_fd = -1;
static int state = 0;
static char *device_info;
extern char *identname;
extern volatile bool running;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
@ -73,7 +71,7 @@ static bool setup_device(void) {
if((write_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open write %s: %s", device_info, strerror(errno));
running = false;
event_exit();
return false;
}
@ -85,13 +83,13 @@ static bool setup_device(void) {
if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false;
event_exit();
return false;
}
if((data_fd = socket(PF_UNIX, SOCK_DGRAM, 0)) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open data %s: %s", device_info, strerror(errno));
running = false;
event_exit();
return false;
}
@ -103,7 +101,7 @@ static bool setup_device(void) {
if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false;
event_exit();
return false;
}
@ -116,7 +114,7 @@ static bool setup_device(void) {
if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof data_sun) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind data %s: %s", device_info, strerror(errno));
running = false;
event_exit();
return false;
}
@ -199,7 +197,7 @@ static bool read_packet(vpn_packet_t *packet) {
if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno));
running = false;
event_exit();
return false;
}
@ -215,20 +213,20 @@ static bool read_packet(vpn_packet_t *packet) {
if((inlen = read(request_fd, &request, sizeof request)) != sizeof request) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading request from %s %s: %s", device_info,
device, strerror(errno));
running = false;
event_exit();
return false;
}
if(request.magic != 0xfeedface || request.version != 3 || request.type != REQ_NEW_CONTROL) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown magic %x, version %d, request type %d from %s %s",
request.magic, request.version, request.type, device_info, device);
running = false;
event_exit();
return false;
}
if(connect(write_fd, &request.sock, sizeof request.sock) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind write %s: %s", device_info, strerror(errno));
running = false;
event_exit();
return false;
}
@ -245,7 +243,7 @@ static bool read_packet(vpn_packet_t *packet) {
if((inlen = read(data_fd, packet->data, MTU)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
running = false;
event_exit();
return false;
}
@ -278,7 +276,7 @@ static bool write_packet(vpn_packet_t *packet) {
if(write(write_fd, packet->data, packet->len) < 0) {
if(errno != EINTR && errno != EAGAIN) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
running = false;
event_exit();
}
return false;

10
src/vde_device.c
View file

@ -1,6 +1,6 @@
/*
device.c -- VDE plug
Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -23,6 +23,7 @@
#include "conf.h"
#include "device.h"
#include "names.h"
#include "net.h"
#include "logger.h"
#include "utils.h"
@ -35,9 +36,6 @@ static int port = 0;
static char *group = NULL;
static char *device_info;
extern char *identname;
extern volatile bool running;
static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0;
@ -102,7 +100,7 @@ static bool read_packet(vpn_packet_t *packet) {
int lenin = (ssize_t)plug.vde_recv(conn, packet->data, MTU, 0);
if(lenin <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
running = false;
event_exit();
return false;
}
@ -117,7 +115,7 @@ static bool write_packet(vpn_packet_t *packet) {
if((ssize_t)plug.vde_send(conn, packet->data, packet->len, 0) < 0) {
if(errno != EINTR && errno != EAGAIN) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
running = false;
event_exit();
}
return false;