Import Debian changes 1.0.29-1
tinc (1.0.29-1) unstable; urgency=medium * New upstream release. * Bump debian/compat.
This commit is contained in:
commit
502cecde93
44 changed files with 907 additions and 400 deletions
68
ChangeLog
68
ChangeLog
|
@ -1,11 +1,30 @@
|
||||||
|
Version 1.0.29 October 09 2016
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (11):
|
||||||
|
Preserve IPv6 scope_id in edges.
|
||||||
|
Ensure compatibility with OpenSSL 1.1.0.
|
||||||
|
Add -Wall to CFLAGS.
|
||||||
|
Check return value of RSA_generate_key_ex().
|
||||||
|
Force nul-termination of strings after vsnprintf().
|
||||||
|
Log warnings about dropped packets only with debug level 5 or higher.
|
||||||
|
Add a copy of ax_append_flag.m4.
|
||||||
|
Add ax_require_defined.m4.
|
||||||
|
Fix possibly unitialized variable.
|
||||||
|
Fix compiler warnings about format string errors on BSD.
|
||||||
|
Releasing 1.0.29.
|
||||||
|
|
||||||
Version 1.0.28 April 10 2016
|
Version 1.0.28 April 10 2016
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
Guus Sliepen (5):
|
Guus Sliepen (8):
|
||||||
Fix compiling bsd/device.c on systems without utun.
|
Fix compiling bsd/device.c on systems without utun.
|
||||||
Really remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
|
Really remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
|
||||||
Add systemd service files.
|
Add systemd service files.
|
||||||
Update .gitignore.
|
Update .gitignore.
|
||||||
|
Ensure the service files are in the tarball.
|
||||||
|
Explicitly mention that LibreSSL can be used as well.
|
||||||
|
Update links in the documentation.
|
||||||
Releasing 1.0.28.
|
Releasing 1.0.28.
|
||||||
|
|
||||||
Version 1.0.27 April 10 2016
|
Version 1.0.27 April 10 2016
|
||||||
|
@ -118,7 +137,20 @@ VittGam (1):
|
||||||
Version 1.0.24 May 11 2014
|
Version 1.0.24 May 11 2014
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
Guus Sliepen (13):
|
Guus Sliepen (26):
|
||||||
|
Mention in the manual that multiple Address staments are allowed.
|
||||||
|
If no Port is specified, set myport to actual port of first listening socket.
|
||||||
|
Enable compiler hardening flags by default.
|
||||||
|
Update support for Solaris.
|
||||||
|
Include <limits.h> for PATH_MAX.
|
||||||
|
Stricter check for raw socket support.
|
||||||
|
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||||
|
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||||
|
Don't enable -fstack-protector-all.
|
||||||
|
Remove or lower the priority of some debug messages.
|
||||||
|
Clarify StrictSubnets.
|
||||||
|
Attribution for various contributors.
|
||||||
|
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||||
Remove useless variable 'hard' from try_harder().
|
Remove useless variable 'hard' from try_harder().
|
||||||
Merge pull request #14 from luckyhacky/master
|
Merge pull request #14 from luckyhacky/master
|
||||||
Add an autoconf check for res_init().
|
Add an autoconf check for res_init().
|
||||||
|
@ -138,40 +170,22 @@ Steffan Karger (3):
|
||||||
Use cryptographically strong random when generating keys.
|
Use cryptographically strong random when generating keys.
|
||||||
Check RAND_bytes() return value, fail when getting random fails.
|
Check RAND_bytes() return value, fail when getting random fails.
|
||||||
|
|
||||||
|
Florent Clairambault (2):
|
||||||
|
Adding "conf.d" configuration dir support.
|
||||||
|
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||||
|
|
||||||
Armin Fisslthaler (1):
|
Armin Fisslthaler (1):
|
||||||
reload /etc/resolv.conf in SIGALRM handler
|
reload /etc/resolv.conf in SIGALRM handler
|
||||||
|
|
||||||
Loic Dachary (1):
|
Loic Dachary (1):
|
||||||
fix documentation typo
|
fix documentation typo
|
||||||
|
|
||||||
luckyhacky (1):
|
|
||||||
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
|
||||||
|
|
||||||
refs/tags/1.0.23-android-1 March 11 2014
|
|
||||||
------------------------------------------------------------------------
|
|
||||||
|
|
||||||
Guus Sliepen (13):
|
|
||||||
Mention in the manual that multiple Address staments are allowed.
|
|
||||||
If no Port is specified, set myport to actual port of first listening socket.
|
|
||||||
Enable compiler hardening flags by default.
|
|
||||||
Update support for Solaris.
|
|
||||||
Include <limits.h> for PATH_MAX.
|
|
||||||
Stricter check for raw socket support.
|
|
||||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
|
||||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
|
||||||
Don't enable -fstack-protector-all.
|
|
||||||
Remove or lower the priority of some debug messages.
|
|
||||||
Clarify StrictSubnets.
|
|
||||||
Attribution for various contributors.
|
|
||||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
|
||||||
|
|
||||||
Florent Clairambault (2):
|
|
||||||
Adding "conf.d" configuration dir support.
|
|
||||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
|
||||||
|
|
||||||
Vilbrekin (1):
|
Vilbrekin (1):
|
||||||
Update android build instructions. Disable PIE as this is not supported on some devices.
|
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||||
|
|
||||||
|
luckyhacky (1):
|
||||||
|
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||||
|
|
||||||
Version 1.0.23 October 19 2013
|
Version 1.0.23 October 19 2013
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
|
@ -90,8 +90,11 @@ host_triplet = @host@
|
||||||
subdir = .
|
subdir = .
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
$(top_srcdir)/configure.ac
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
|
10
NEWS
10
NEWS
|
@ -1,3 +1,13 @@
|
||||||
|
Version 1.0.29 October 9 2016
|
||||||
|
|
||||||
|
* Fix UDP communication with peers with link-local IPv6 addresses.
|
||||||
|
|
||||||
|
* Ensure compatibility with OpenSSL 1.1.0.
|
||||||
|
|
||||||
|
* Ensure autoreconf can be run without requiring autoconf-archive.
|
||||||
|
|
||||||
|
* Log warnings about dropped packets only at debug level 5.
|
||||||
|
|
||||||
Version 1.0.28 April 10 2016
|
Version 1.0.28 April 10 2016
|
||||||
|
|
||||||
* Fix compilation on BSD platforms.
|
* Fix compilation on BSD platforms.
|
||||||
|
|
4
README
4
README
|
@ -1,4 +1,4 @@
|
||||||
This is the README file for tinc version 1.0.28. Installation
|
This is the README file for tinc version 1.0.29. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2016 by:
|
tinc is Copyright (C) 1998-2016 by:
|
||||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Version 1.0.28 is compatible with 1.0pre8, 1.0 and later, but not with older
|
Version 1.0.29 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||||
versions of tinc.
|
versions of tinc.
|
||||||
|
|
||||||
|
|
||||||
|
|
3
aclocal.m4
vendored
3
aclocal.m4
vendored
|
@ -1463,8 +1463,11 @@ AC_SUBST([am__untar])
|
||||||
]) # _AM_PROG_TAR
|
]) # _AM_PROG_TAR
|
||||||
|
|
||||||
m4_include([m4/attribute.m4])
|
m4_include([m4/attribute.m4])
|
||||||
|
m4_include([m4/ax_append_flag.m4])
|
||||||
|
m4_include([m4/ax_cflags_warn_all.m4])
|
||||||
m4_include([m4/ax_check_compile_flag.m4])
|
m4_include([m4/ax_check_compile_flag.m4])
|
||||||
m4_include([m4/ax_check_link_flag.m4])
|
m4_include([m4/ax_check_link_flag.m4])
|
||||||
|
m4_include([m4/ax_require_defined.m4])
|
||||||
m4_include([m4/lzo.m4])
|
m4_include([m4/lzo.m4])
|
||||||
m4_include([m4/openssl.m4])
|
m4_include([m4/openssl.m4])
|
||||||
m4_include([m4/zlib.m4])
|
m4_include([m4/zlib.m4])
|
||||||
|
|
111
config.guess
vendored
111
config.guess
vendored
|
@ -1,8 +1,8 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Attempt to guess a canonical system name.
|
# Attempt to guess a canonical system name.
|
||||||
# Copyright 1992-2015 Free Software Foundation, Inc.
|
# Copyright 1992-2016 Free Software Foundation, Inc.
|
||||||
|
|
||||||
timestamp='2015-08-20'
|
timestamp='2016-04-02'
|
||||||
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
# under the terms of the GNU General Public License as published by
|
# under the terms of the GNU General Public License as published by
|
||||||
|
@ -27,7 +27,7 @@ timestamp='2015-08-20'
|
||||||
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
|
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
|
||||||
#
|
#
|
||||||
# You can get the latest version of this script from:
|
# You can get the latest version of this script from:
|
||||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
|
||||||
#
|
#
|
||||||
# Please send patches to <config-patches@gnu.org>.
|
# Please send patches to <config-patches@gnu.org>.
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ version="\
|
||||||
GNU config.guess ($timestamp)
|
GNU config.guess ($timestamp)
|
||||||
|
|
||||||
Originally written by Per Bothner.
|
Originally written by Per Bothner.
|
||||||
Copyright 1992-2015 Free Software Foundation, Inc.
|
Copyright 1992-2016 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||||
|
@ -237,6 +237,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||||
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
|
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
*:LibertyBSD:*:*)
|
||||||
|
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
|
||||||
|
echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
|
||||||
|
exit ;;
|
||||||
*:ekkoBSD:*:*)
|
*:ekkoBSD:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
|
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
@ -268,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||||
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
|
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
|
||||||
case "$ALPHA_CPU_TYPE" in
|
case "$ALPHA_CPU_TYPE" in
|
||||||
"EV4 (21064)")
|
"EV4 (21064)")
|
||||||
UNAME_MACHINE="alpha" ;;
|
UNAME_MACHINE=alpha ;;
|
||||||
"EV4.5 (21064)")
|
"EV4.5 (21064)")
|
||||||
UNAME_MACHINE="alpha" ;;
|
UNAME_MACHINE=alpha ;;
|
||||||
"LCA4 (21066/21068)")
|
"LCA4 (21066/21068)")
|
||||||
UNAME_MACHINE="alpha" ;;
|
UNAME_MACHINE=alpha ;;
|
||||||
"EV5 (21164)")
|
"EV5 (21164)")
|
||||||
UNAME_MACHINE="alphaev5" ;;
|
UNAME_MACHINE=alphaev5 ;;
|
||||||
"EV5.6 (21164A)")
|
"EV5.6 (21164A)")
|
||||||
UNAME_MACHINE="alphaev56" ;;
|
UNAME_MACHINE=alphaev56 ;;
|
||||||
"EV5.6 (21164PC)")
|
"EV5.6 (21164PC)")
|
||||||
UNAME_MACHINE="alphapca56" ;;
|
UNAME_MACHINE=alphapca56 ;;
|
||||||
"EV5.7 (21164PC)")
|
"EV5.7 (21164PC)")
|
||||||
UNAME_MACHINE="alphapca57" ;;
|
UNAME_MACHINE=alphapca57 ;;
|
||||||
"EV6 (21264)")
|
"EV6 (21264)")
|
||||||
UNAME_MACHINE="alphaev6" ;;
|
UNAME_MACHINE=alphaev6 ;;
|
||||||
"EV6.7 (21264A)")
|
"EV6.7 (21264A)")
|
||||||
UNAME_MACHINE="alphaev67" ;;
|
UNAME_MACHINE=alphaev67 ;;
|
||||||
"EV6.8CB (21264C)")
|
"EV6.8CB (21264C)")
|
||||||
UNAME_MACHINE="alphaev68" ;;
|
UNAME_MACHINE=alphaev68 ;;
|
||||||
"EV6.8AL (21264B)")
|
"EV6.8AL (21264B)")
|
||||||
UNAME_MACHINE="alphaev68" ;;
|
UNAME_MACHINE=alphaev68 ;;
|
||||||
"EV6.8CX (21264D)")
|
"EV6.8CX (21264D)")
|
||||||
UNAME_MACHINE="alphaev68" ;;
|
UNAME_MACHINE=alphaev68 ;;
|
||||||
"EV6.9A (21264/EV69A)")
|
"EV6.9A (21264/EV69A)")
|
||||||
UNAME_MACHINE="alphaev69" ;;
|
UNAME_MACHINE=alphaev69 ;;
|
||||||
"EV7 (21364)")
|
"EV7 (21364)")
|
||||||
UNAME_MACHINE="alphaev7" ;;
|
UNAME_MACHINE=alphaev7 ;;
|
||||||
"EV7.9 (21364A)")
|
"EV7.9 (21364A)")
|
||||||
UNAME_MACHINE="alphaev79" ;;
|
UNAME_MACHINE=alphaev79 ;;
|
||||||
esac
|
esac
|
||||||
# A Pn.n version is a patched version.
|
# A Pn.n version is a patched version.
|
||||||
# A Vn.n version is a released version.
|
# A Vn.n version is a released version.
|
||||||
# A Tn.n version is a released field test version.
|
# A Tn.n version is a released field test version.
|
||||||
# A Xn.n version is an unreleased experimental baselevel.
|
# A Xn.n version is an unreleased experimental baselevel.
|
||||||
# 1.2 uses "1.2" for uname -r.
|
# 1.2 uses "1.2" for uname -r.
|
||||||
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
|
||||||
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
|
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
|
||||||
exitcode=$?
|
exitcode=$?
|
||||||
trap '' 0
|
trap '' 0
|
||||||
|
@ -376,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||||
exit ;;
|
exit ;;
|
||||||
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
|
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
|
||||||
eval $set_cc_for_build
|
eval $set_cc_for_build
|
||||||
SUN_ARCH="i386"
|
SUN_ARCH=i386
|
||||||
# If there is a compiler, see if it is configured for 64-bit objects.
|
# If there is a compiler, see if it is configured for 64-bit objects.
|
||||||
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
|
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
|
||||||
# This test works for both compilers.
|
# This test works for both compilers.
|
||||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
|
||||||
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
|
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||||
grep IS_64BIT_ARCH >/dev/null
|
grep IS_64BIT_ARCH >/dev/null
|
||||||
then
|
then
|
||||||
SUN_ARCH="x86_64"
|
SUN_ARCH=x86_64
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||||
|
@ -410,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||||
exit ;;
|
exit ;;
|
||||||
sun*:*:4.2BSD:*)
|
sun*:*:4.2BSD:*)
|
||||||
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
|
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
|
||||||
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
|
test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
|
||||||
case "`/bin/arch`" in
|
case "`/bin/arch`" in
|
||||||
sun3)
|
sun3)
|
||||||
echo m68k-sun-sunos${UNAME_RELEASE}
|
echo m68k-sun-sunos${UNAME_RELEASE}
|
||||||
|
@ -635,13 +639,13 @@ EOF
|
||||||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||||
case "${sc_cpu_version}" in
|
case "${sc_cpu_version}" in
|
||||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
|
||||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
|
||||||
532) # CPU_PA_RISC2_0
|
532) # CPU_PA_RISC2_0
|
||||||
case "${sc_kernel_bits}" in
|
case "${sc_kernel_bits}" in
|
||||||
32) HP_ARCH="hppa2.0n" ;;
|
32) HP_ARCH=hppa2.0n ;;
|
||||||
64) HP_ARCH="hppa2.0w" ;;
|
64) HP_ARCH=hppa2.0w ;;
|
||||||
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
|
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
|
||||||
esac ;;
|
esac ;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
@ -680,11 +684,11 @@ EOF
|
||||||
exit (0);
|
exit (0);
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
(CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||||
fi ;;
|
fi ;;
|
||||||
esac
|
esac
|
||||||
if [ ${HP_ARCH} = "hppa2.0w" ]
|
if [ ${HP_ARCH} = hppa2.0w ]
|
||||||
then
|
then
|
||||||
eval $set_cc_for_build
|
eval $set_cc_for_build
|
||||||
|
|
||||||
|
@ -697,12 +701,12 @@ EOF
|
||||||
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
|
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
|
||||||
# => hppa64-hp-hpux11.23
|
# => hppa64-hp-hpux11.23
|
||||||
|
|
||||||
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
|
if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
|
||||||
grep -q __LP64__
|
grep -q __LP64__
|
||||||
then
|
then
|
||||||
HP_ARCH="hppa2.0w"
|
HP_ARCH=hppa2.0w
|
||||||
else
|
else
|
||||||
HP_ARCH="hppa64"
|
HP_ARCH=hppa64
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
|
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
|
||||||
|
@ -807,14 +811,14 @@ EOF
|
||||||
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||||
exit ;;
|
exit ;;
|
||||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||||
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
|
||||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
|
||||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||||
exit ;;
|
exit ;;
|
||||||
5000:UNIX_System_V:4.*:*)
|
5000:UNIX_System_V:4.*:*)
|
||||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
|
||||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
|
||||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||||
exit ;;
|
exit ;;
|
||||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||||
|
@ -896,7 +900,7 @@ EOF
|
||||||
exit ;;
|
exit ;;
|
||||||
*:GNU/*:*:*)
|
*:GNU/*:*:*)
|
||||||
# other systems with GNU libc and userland
|
# other systems with GNU libc and userland
|
||||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
|
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
|
||||||
exit ;;
|
exit ;;
|
||||||
i*86:Minix:*:*)
|
i*86:Minix:*:*)
|
||||||
echo ${UNAME_MACHINE}-pc-minix
|
echo ${UNAME_MACHINE}-pc-minix
|
||||||
|
@ -919,7 +923,7 @@ EOF
|
||||||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||||
esac
|
esac
|
||||||
objdump --private-headers /bin/sh | grep -q ld.so.1
|
objdump --private-headers /bin/sh | grep -q ld.so.1
|
||||||
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
|
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||||
exit ;;
|
exit ;;
|
||||||
arc:Linux:*:* | arceb:Linux:*:*)
|
arc:Linux:*:* | arceb:Linux:*:*)
|
||||||
|
@ -965,6 +969,9 @@ EOF
|
||||||
ia64:Linux:*:*)
|
ia64:Linux:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
k1om:Linux:*:*)
|
||||||
|
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||||
|
exit ;;
|
||||||
m32r*:Linux:*:*)
|
m32r*:Linux:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
@ -1120,7 +1127,7 @@ EOF
|
||||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||||
# the processor, so we play safe by assuming i586.
|
# the processor, so we play safe by assuming i586.
|
||||||
# Note: whatever this is, it MUST be the same as what config.sub
|
# Note: whatever this is, it MUST be the same as what config.sub
|
||||||
# prints for the "djgpp" host, or else GDB configury will decide that
|
# prints for the "djgpp" host, or else GDB configure will decide that
|
||||||
# this is a cross-build.
|
# this is a cross-build.
|
||||||
echo i586-pc-msdosdjgpp
|
echo i586-pc-msdosdjgpp
|
||||||
exit ;;
|
exit ;;
|
||||||
|
@ -1269,6 +1276,9 @@ EOF
|
||||||
SX-8R:SUPER-UX:*:*)
|
SX-8R:SUPER-UX:*:*)
|
||||||
echo sx8r-nec-superux${UNAME_RELEASE}
|
echo sx8r-nec-superux${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
SX-ACE:SUPER-UX:*:*)
|
||||||
|
echo sxace-nec-superux${UNAME_RELEASE}
|
||||||
|
exit ;;
|
||||||
Power*:Rhapsody:*:*)
|
Power*:Rhapsody:*:*)
|
||||||
echo powerpc-apple-rhapsody${UNAME_RELEASE}
|
echo powerpc-apple-rhapsody${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
@ -1282,9 +1292,9 @@ EOF
|
||||||
UNAME_PROCESSOR=powerpc
|
UNAME_PROCESSOR=powerpc
|
||||||
fi
|
fi
|
||||||
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
|
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
|
||||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
|
||||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||||
grep IS_64BIT_ARCH >/dev/null
|
grep IS_64BIT_ARCH >/dev/null
|
||||||
then
|
then
|
||||||
case $UNAME_PROCESSOR in
|
case $UNAME_PROCESSOR in
|
||||||
|
@ -1306,7 +1316,7 @@ EOF
|
||||||
exit ;;
|
exit ;;
|
||||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||||
UNAME_PROCESSOR=`uname -p`
|
UNAME_PROCESSOR=`uname -p`
|
||||||
if test "$UNAME_PROCESSOR" = "x86"; then
|
if test "$UNAME_PROCESSOR" = x86; then
|
||||||
UNAME_PROCESSOR=i386
|
UNAME_PROCESSOR=i386
|
||||||
UNAME_MACHINE=pc
|
UNAME_MACHINE=pc
|
||||||
fi
|
fi
|
||||||
|
@ -1337,7 +1347,7 @@ EOF
|
||||||
# "uname -m" is not consistent, so use $cputype instead. 386
|
# "uname -m" is not consistent, so use $cputype instead. 386
|
||||||
# is converted to i386 for consistency with other x86
|
# is converted to i386 for consistency with other x86
|
||||||
# operating systems.
|
# operating systems.
|
||||||
if test "$cputype" = "386"; then
|
if test "$cputype" = 386; then
|
||||||
UNAME_MACHINE=i386
|
UNAME_MACHINE=i386
|
||||||
else
|
else
|
||||||
UNAME_MACHINE="$cputype"
|
UNAME_MACHINE="$cputype"
|
||||||
|
@ -1379,7 +1389,7 @@ EOF
|
||||||
echo i386-pc-xenix
|
echo i386-pc-xenix
|
||||||
exit ;;
|
exit ;;
|
||||||
i*86:skyos:*:*)
|
i*86:skyos:*:*)
|
||||||
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
|
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
|
||||||
exit ;;
|
exit ;;
|
||||||
i*86:rdos:*:*)
|
i*86:rdos:*:*)
|
||||||
echo ${UNAME_MACHINE}-pc-rdos
|
echo ${UNAME_MACHINE}-pc-rdos
|
||||||
|
@ -1390,6 +1400,9 @@ EOF
|
||||||
x86_64:VMkernel:*:*)
|
x86_64:VMkernel:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-esx
|
echo ${UNAME_MACHINE}-unknown-esx
|
||||||
exit ;;
|
exit ;;
|
||||||
|
amd64:Isilon\ OneFS:*:*)
|
||||||
|
echo x86_64-unknown-onefs
|
||||||
|
exit ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
cat >&2 <<EOF
|
cat >&2 <<EOF
|
||||||
|
@ -1399,9 +1412,9 @@ This script, last modified $timestamp, has failed to recognize
|
||||||
the operating system you are using. It is advised that you
|
the operating system you are using. It is advised that you
|
||||||
download the most up to date version of the config scripts from
|
download the most up to date version of the config scripts from
|
||||||
|
|
||||||
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
|
||||||
and
|
and
|
||||||
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
|
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
|
||||||
|
|
||||||
If the version you run ($0) is already up to date, please
|
If the version you run ($0) is already up to date, please
|
||||||
send the following data and any information you think might be
|
send the following data and any information you think might be
|
||||||
|
|
16
config.h.in
16
config.h.in
|
@ -21,6 +21,9 @@
|
||||||
/* Define to 1 if you have the `asprintf' function. */
|
/* Define to 1 if you have the `asprintf' function. */
|
||||||
#undef HAVE_ASPRINTF
|
#undef HAVE_ASPRINTF
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `BN_GENCB_new' function. */
|
||||||
|
#undef HAVE_BN_GENCB_NEW
|
||||||
|
|
||||||
/* Unknown BSD variant */
|
/* Unknown BSD variant */
|
||||||
#undef HAVE_BSD
|
#undef HAVE_BSD
|
||||||
|
|
||||||
|
@ -62,6 +65,12 @@
|
||||||
/* DragonFly */
|
/* DragonFly */
|
||||||
#undef HAVE_DRAGONFLY
|
#undef HAVE_DRAGONFLY
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `ERR_remove_state' function. */
|
||||||
|
#undef HAVE_ERR_REMOVE_STATE
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
|
||||||
|
#undef HAVE_EVP_CIPHER_CTX_NEW
|
||||||
|
|
||||||
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
|
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
|
||||||
#undef HAVE_EVP_ENCRYPTINIT_EX
|
#undef HAVE_EVP_ENCRYPTINIT_EX
|
||||||
|
|
||||||
|
@ -233,12 +242,15 @@
|
||||||
/* Define to 1 if you have the `random' function. */
|
/* Define to 1 if you have the `random' function. */
|
||||||
#undef HAVE_RANDOM
|
#undef HAVE_RANDOM
|
||||||
|
|
||||||
/* Define to 1 if you have the `RAND_pseudo_bytes' function. */
|
/* Define to 1 if you have the `RAND_bytes' function. */
|
||||||
#undef HAVE_RAND_PSEUDO_BYTES
|
#undef HAVE_RAND_BYTES
|
||||||
|
|
||||||
/* Define to 1 if you have the <resolv.h> header file. */
|
/* Define to 1 if you have the <resolv.h> header file. */
|
||||||
#undef HAVE_RESOLV_H
|
#undef HAVE_RESOLV_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `RSA_set0_key' function. */
|
||||||
|
#undef HAVE_RSA_SET0_KEY
|
||||||
|
|
||||||
/* Define to 1 if you have the `select' function. */
|
/* Define to 1 if you have the `select' function. */
|
||||||
#undef HAVE_SELECT
|
#undef HAVE_SELECT
|
||||||
|
|
||||||
|
|
18
config.sub
vendored
18
config.sub
vendored
|
@ -1,8 +1,8 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Configuration validation subroutine script.
|
# Configuration validation subroutine script.
|
||||||
# Copyright 1992-2015 Free Software Foundation, Inc.
|
# Copyright 1992-2016 Free Software Foundation, Inc.
|
||||||
|
|
||||||
timestamp='2015-08-20'
|
timestamp='2016-03-30'
|
||||||
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
# under the terms of the GNU General Public License as published by
|
# under the terms of the GNU General Public License as published by
|
||||||
|
@ -33,7 +33,7 @@ timestamp='2015-08-20'
|
||||||
# Otherwise, we print the canonical config type on stdout and succeed.
|
# Otherwise, we print the canonical config type on stdout and succeed.
|
||||||
|
|
||||||
# You can get the latest version of this script from:
|
# You can get the latest version of this script from:
|
||||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
|
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
|
||||||
|
|
||||||
# This file is supposed to be the same for all GNU packages
|
# This file is supposed to be the same for all GNU packages
|
||||||
# and recognize all the CPU types, system types and aliases
|
# and recognize all the CPU types, system types and aliases
|
||||||
|
@ -53,8 +53,7 @@ timestamp='2015-08-20'
|
||||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||||
|
|
||||||
usage="\
|
usage="\
|
||||||
Usage: $0 [OPTION] CPU-MFR-OPSYS
|
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
|
||||||
$0 [OPTION] ALIAS
|
|
||||||
|
|
||||||
Canonicalize a configuration name.
|
Canonicalize a configuration name.
|
||||||
|
|
||||||
|
@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||||
version="\
|
version="\
|
||||||
GNU config.sub ($timestamp)
|
GNU config.sub ($timestamp)
|
||||||
|
|
||||||
Copyright 1992-2015 Free Software Foundation, Inc.
|
Copyright 1992-2016 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||||
|
@ -1383,7 +1382,7 @@ case $os in
|
||||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
|
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
|
||||||
| -bitrig* | -openbsd* | -solidbsd* \
|
| -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
|
||||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||||
|
@ -1399,7 +1398,8 @@ case $os in
|
||||||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
|
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
|
||||||
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
|
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
|
||||||
|
| -onefs* | -tirtos*)
|
||||||
# Remember, each alternative MUST END IN *, to match a version number.
|
# Remember, each alternative MUST END IN *, to match a version number.
|
||||||
;;
|
;;
|
||||||
-qnx*)
|
-qnx*)
|
||||||
|
@ -1531,6 +1531,8 @@ case $os in
|
||||||
;;
|
;;
|
||||||
-nacl*)
|
-nacl*)
|
||||||
;;
|
;;
|
||||||
|
-ios)
|
||||||
|
;;
|
||||||
-none)
|
-none)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
124
configure
vendored
124
configure
vendored
|
@ -1,6 +1,6 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.28.
|
# Generated by GNU Autoconf 2.69 for tinc 1.0.29.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
||||||
|
@ -577,8 +577,8 @@ MAKEFLAGS=
|
||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='tinc'
|
PACKAGE_NAME='tinc'
|
||||||
PACKAGE_TARNAME='tinc'
|
PACKAGE_TARNAME='tinc'
|
||||||
PACKAGE_VERSION='1.0.28'
|
PACKAGE_VERSION='1.0.29'
|
||||||
PACKAGE_STRING='tinc 1.0.28'
|
PACKAGE_STRING='tinc 1.0.29'
|
||||||
PACKAGE_BUGREPORT=''
|
PACKAGE_BUGREPORT=''
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
|
@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
|
||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures tinc 1.0.28 to adapt to many kinds of systems.
|
\`configure' configures tinc 1.0.29 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
|
@ -1402,7 +1402,7 @@ fi
|
||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of tinc 1.0.28:";;
|
short | recursive ) echo "Configuration of tinc 1.0.29:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
|
@ -1441,11 +1441,11 @@ Optional Packages:
|
||||||
--with-lzo=DIR lzo base directory, or:
|
--with-lzo=DIR lzo base directory, or:
|
||||||
--with-lzo-include=DIR lzo headers directory
|
--with-lzo-include=DIR lzo headers directory
|
||||||
--with-lzo-lib=DIR lzo library directory
|
--with-lzo-lib=DIR lzo library directory
|
||||||
--with-openssl=DIR OpenSSL base directory, or:
|
--with-openssl=DIR LibreSSL/OpenSSL base directory, or:
|
||||||
--with-openssl-include=DIR
|
--with-openssl-include=DIR
|
||||||
OpenSSL headers directory (without trailing
|
LibreSSL/OpenSSL headers directory (without trailing
|
||||||
/openssl)
|
/openssl)
|
||||||
--with-openssl-lib=DIR OpenSSL library directory
|
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
|
||||||
|
|
||||||
Some influential environment variables:
|
Some influential environment variables:
|
||||||
CC C compiler command
|
CC C compiler command
|
||||||
|
@ -1528,7 +1528,7 @@ fi
|
||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
tinc configure 1.0.28
|
tinc configure 1.0.29
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
|
@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF
|
||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by tinc $as_me 1.0.28, which was
|
It was created by tinc $as_me 1.0.29, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
|
@ -2857,7 +2857,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE='tinc'
|
PACKAGE='tinc'
|
||||||
VERSION='1.0.28'
|
VERSION='1.0.29'
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
@ -5376,6 +5376,79 @@ if test -d /sw/lib ; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
ac_ext=c
|
||||||
|
ac_cpp='$CPP $CPPFLAGS'
|
||||||
|
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
|
||||||
|
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
|
||||||
|
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking CFLAGS for maximum warnings" >&5
|
||||||
|
$as_echo_n "checking CFLAGS for maximum warnings... " >&6; }
|
||||||
|
if ${ac_cv_cflags_warn_all+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
ac_cv_cflags_warn_all="no, unknown"
|
||||||
|
ac_save_CFLAGS="$CFLAGS"
|
||||||
|
for ac_arg in "-warn all % -warn all" "-pedantic % -Wall" "-xstrconst % -v" "-std1 % -verbose -w0 -warnprotos" "-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" "-ansi -ansiE % -fullwarn" "+ESlit % +w1" "-Xc % -pvctl,fullmsg" "-h conform % -h msglevel 2" #
|
||||||
|
do CFLAGS="$ac_save_CFLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
ac_cv_cflags_warn_all=`echo $ac_arg | sed -e 's,.*% *,,'` ; break
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||||
|
done
|
||||||
|
CFLAGS="$ac_save_CFLAGS"
|
||||||
|
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cflags_warn_all" >&5
|
||||||
|
$as_echo "$ac_cv_cflags_warn_all" >&6; }
|
||||||
|
|
||||||
|
|
||||||
|
case ".$ac_cv_cflags_warn_all" in
|
||||||
|
.ok|.ok,*) ;;
|
||||||
|
.|.no|.no,*) ;;
|
||||||
|
*) if ${CFLAGS+:} false; then :
|
||||||
|
case " $CFLAGS " in
|
||||||
|
*" $ac_cv_cflags_warn_all "*)
|
||||||
|
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$ac_cv_cflags_warn_all"; } >&5
|
||||||
|
(: CFLAGS already contains $ac_cv_cflags_warn_all) 2>&5
|
||||||
|
ac_status=$?
|
||||||
|
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||||
|
test $ac_status = 0; }
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS \$ac_cv_cflags_warn_all\""; } >&5
|
||||||
|
(: CFLAGS="$CFLAGS $ac_cv_cflags_warn_all") 2>&5
|
||||||
|
ac_status=$?
|
||||||
|
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||||
|
test $ac_status = 0; }
|
||||||
|
CFLAGS="$CFLAGS $ac_cv_cflags_warn_all"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
CFLAGS="$ac_cv_cflags_warn_all"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
ac_ext=c
|
||||||
|
ac_cpp='$CPP $CPPFLAGS'
|
||||||
|
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
|
||||||
|
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
|
||||||
|
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Check whether --enable-hardening was given.
|
# Check whether --enable-hardening was given.
|
||||||
if test "${enable_hardening+set}" = set; then :
|
if test "${enable_hardening+set}" = set; then :
|
||||||
enableval=$enable_hardening;
|
enableval=$enable_hardening;
|
||||||
|
@ -6981,7 +7054,7 @@ $as_echo "$ac_cv_lib_dl_dlopen" >&6; }
|
||||||
if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
|
if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
|
||||||
LIBS="$LIBS -ldl"
|
LIBS="$LIBS -ldl"
|
||||||
else
|
else
|
||||||
as_fn_error $? "OpenSSL depends on libdl." "$LINENO" 5; break
|
as_fn_error $? "LibreSSL/OpenSSL depends on libdl." "$LINENO" 5; break
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -7029,7 +7102,7 @@ if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
|
||||||
_ACEOF
|
_ACEOF
|
||||||
|
|
||||||
else
|
else
|
||||||
as_fn_error $? "OpenSSL header files not found." "$LINENO" 5; break
|
as_fn_error $? "LibreSSL/OpenSSL header files not found." "$LINENO" 5; break
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -7075,12 +7148,12 @@ $as_echo "$ac_cv_lib_crypto_EVP_EncryptInit_ex" >&6; }
|
||||||
if test "x$ac_cv_lib_crypto_EVP_EncryptInit_ex" = xyes; then :
|
if test "x$ac_cv_lib_crypto_EVP_EncryptInit_ex" = xyes; then :
|
||||||
LIBS="-lcrypto $LIBS"
|
LIBS="-lcrypto $LIBS"
|
||||||
else
|
else
|
||||||
as_fn_error $? "OpenSSL libraries not found." "$LINENO" 5
|
as_fn_error $? "LibreSSL/OpenSSL libraries not found." "$LINENO" 5
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
for ac_func in RAND_pseudo_bytes EVP_EncryptInit_ex
|
for ac_func in RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new
|
||||||
do :
|
do :
|
||||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||||
|
@ -7090,7 +7163,7 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
|
||||||
_ACEOF
|
_ACEOF
|
||||||
|
|
||||||
else
|
else
|
||||||
as_fn_error $? "Missing OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -7101,10 +7174,23 @@ done
|
||||||
if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then :
|
if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then :
|
||||||
|
|
||||||
else
|
else
|
||||||
as_fn_error $? "Missing OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
for ac_func in BN_GENCB_new ERR_remove_state RSA_set0_key
|
||||||
|
do :
|
||||||
|
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||||
|
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||||
|
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
|
||||||
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
|
||||||
|
_ACEOF
|
||||||
|
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Check whether --enable-jumbograms was given.
|
# Check whether --enable-jumbograms was given.
|
||||||
if test "${enable_jumbograms+set}" = set; then :
|
if test "${enable_jumbograms+set}" = set; then :
|
||||||
|
@ -7695,7 +7781,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by tinc $as_me 1.0.28, which was
|
This file was extended by tinc $as_me 1.0.29, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
|
@ -7761,7 +7847,7 @@ _ACEOF
|
||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
tinc config.status 1.0.28
|
tinc config.status 1.0.29
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
|
|
||||||
AC_PREREQ(2.61)
|
AC_PREREQ(2.61)
|
||||||
AC_INIT([tinc], [1.0.28])
|
AC_INIT([tinc], [1.0.29])
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
|
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
|
@ -152,6 +152,8 @@ fi
|
||||||
dnl Compiler hardening flags
|
dnl Compiler hardening flags
|
||||||
dnl No -fstack-protector-all because it doesn't work on all platforms or architectures.
|
dnl No -fstack-protector-all because it doesn't work on all platforms or architectures.
|
||||||
|
|
||||||
|
AX_CFLAGS_WARN_ALL(CFLAGS)
|
||||||
|
|
||||||
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
|
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
|
||||||
AS_IF([test "x$enable_hardening" != "xno"],
|
AS_IF([test "x$enable_hardening" != "xno"],
|
||||||
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"])
|
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"])
|
||||||
|
|
7
debian/changelog
vendored
7
debian/changelog
vendored
|
@ -1,3 +1,10 @@
|
||||||
|
tinc (1.0.29-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* New upstream release.
|
||||||
|
* Bump debian/compat.
|
||||||
|
|
||||||
|
-- Guus Sliepen <guus@debian.org> Mon, 10 Oct 2016 22:30:25 +0200
|
||||||
|
|
||||||
tinc (1.0.28-1) unstable; urgency=medium
|
tinc (1.0.28-1) unstable; urgency=medium
|
||||||
|
|
||||||
* New upstream release.
|
* New upstream release.
|
||||||
|
|
2
debian/compat
vendored
2
debian/compat
vendored
|
@ -1 +1 @@
|
||||||
9
|
10
|
||||||
|
|
2
debian/rules
vendored
2
debian/rules
vendored
|
@ -1,7 +1,7 @@
|
||||||
#!/usr/bin/make -f
|
#!/usr/bin/make -f
|
||||||
|
|
||||||
%:
|
%:
|
||||||
dh $@ --parallel --with systemd
|
dh $@
|
||||||
|
|
||||||
override_dh_auto_configure:
|
override_dh_auto_configure:
|
||||||
dh_auto_configure -- --enable-uml --enable-vde --with-systemdsystemunitdir=/lib/systemd/system
|
dh_auto_configure -- --enable-uml --enable-vde --with-systemdsystemunitdir=/lib/systemd/system
|
||||||
|
|
32
debian/tinc.if-post-down
vendored
32
debian/tinc.if-post-down
vendored
|
@ -2,17 +2,28 @@
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ "$IF_TINC_NET" ] ; then
|
if [ "$METHOD" = loopback -o -z "$IF_TINC_NET" ]; then
|
||||||
EXTRA=""
|
exit 0
|
||||||
if [ -n "$IF_TINC_PIDFILE" ]; then
|
fi
|
||||||
|
|
||||||
|
# Determine location of the PID file
|
||||||
|
|
||||||
|
EXTRA=""
|
||||||
|
if [ -n "$IF_TINC_PIDFILE" ]; then
|
||||||
EXTRA="--pidfile=$IF_TINC_PIDFILE"
|
EXTRA="--pidfile=$IF_TINC_PIDFILE"
|
||||||
else
|
else
|
||||||
IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid
|
IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid
|
||||||
fi
|
fi
|
||||||
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
|
||||||
sleep 0.1
|
# Stop the tinc daemon
|
||||||
i=0;
|
|
||||||
while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
||||||
|
|
||||||
|
# Wait for it to shut down properly
|
||||||
|
|
||||||
|
sleep 0.1
|
||||||
|
i=0;
|
||||||
|
while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
||||||
if [ ! -e "/proc/$pid" ] ; then
|
if [ ! -e "/proc/$pid" ] ; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -23,7 +34,6 @@ if [ "$IF_TINC_NET" ] ; then
|
||||||
fi
|
fi
|
||||||
sleep 0.1
|
sleep 0.1
|
||||||
i=$(($i+1))
|
i=$(($i+1))
|
||||||
done
|
done
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
2
debian/tinc.if-pre-up
vendored
2
debian/tinc.if-pre-up
vendored
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ -z "$IF_TINC_NET" ]; then
|
if [ "$METHOD" = loopback -o -z "$IF_TINC_NET" ]; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -91,8 +91,11 @@ host_triplet = @host@
|
||||||
subdir = distro
|
subdir = distro
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
$(top_srcdir)/configure.ac
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
|
|
@ -89,8 +89,11 @@ host_triplet = @host@
|
||||||
subdir = doc
|
subdir = doc
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
$(top_srcdir)/configure.ac
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
|
|
@ -470,7 +470,7 @@ variables can be specified, in which case each address will be tried until a wor
|
||||||
connection has been established.
|
connection has been established.
|
||||||
.It Va Cipher Li = Ar cipher Pq blowfish
|
.It Va Cipher Li = Ar cipher Pq blowfish
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
The symmetric cipher algorithm used to encrypt UDP packets.
|
||||||
Any cipher supported by OpenSSL is recognised.
|
Any cipher supported by LibreSSL or OpenSSL is recognised.
|
||||||
Furthermore, specifying
|
Furthermore, specifying
|
||||||
.Qq none
|
.Qq none
|
||||||
will turn off packet encryption.
|
will turn off packet encryption.
|
||||||
|
@ -485,7 +485,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
||||||
10 (fast lzo) and 11 (best lzo).
|
10 (fast lzo) and 11 (best lzo).
|
||||||
.It Va Digest Li = Ar digest Pq sha1
|
.It Va Digest Li = Ar digest Pq sha1
|
||||||
The digest algorithm used to authenticate UDP packets.
|
The digest algorithm used to authenticate UDP packets.
|
||||||
Any digest supported by OpenSSL is recognised.
|
Any digest supported by LibreSSL or OpenSSL is recognised.
|
||||||
Furthermore, specifying
|
Furthermore, specifying
|
||||||
.Qq none
|
.Qq none
|
||||||
will turn off packet authentication.
|
will turn off packet authentication.
|
||||||
|
@ -657,7 +657,7 @@ its connection to the virtual network device.
|
||||||
.El
|
.El
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr tincd 8 ,
|
.Xr tincd 8 ,
|
||||||
.Pa http://www.tinc-vpn.org/ ,
|
.Pa https://www.tinc-vpn.org/ ,
|
||||||
.Pa http://www.tldp.org/LDP/nag2/ .
|
.Pa http://www.tldp.org/LDP/nag2/ .
|
||||||
.Pp
|
.Pp
|
||||||
The full documentation for
|
The full documentation for
|
||||||
|
|
231
doc/tinc.info
231
doc/tinc.info
|
@ -147,7 +147,7 @@ will most likely compile and run, but it will not be able to send or
|
||||||
receive data packets.
|
receive data packets.
|
||||||
|
|
||||||
For an up to date list of supported platforms, please check the list
|
For an up to date list of supported platforms, please check the list
|
||||||
on our website: <http://www.tinc-vpn.org/platforms/>.
|
on our website: <https://www.tinc-vpn.org/platforms/>.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Preparations, Next: Installation, Prev: Introduction, Up: Top
|
File: tinc.info, Node: Preparations, Next: Installation, Prev: Introduction, Up: Top
|
||||||
|
@ -219,12 +219,8 @@ File: tinc.info, Node: Configuration of OpenBSD kernels, Next: Configuration o
|
||||||
2.1.3 Configuration of OpenBSD kernels
|
2.1.3 Configuration of OpenBSD kernels
|
||||||
--------------------------------------
|
--------------------------------------
|
||||||
|
|
||||||
For OpenBSD version 2.9 and higher, the tun driver is included in the
|
Recent versions of OpenBSD come with both tun and tap devices enabled in
|
||||||
default kernel configuration. There is also a kernel patch from
|
the default kernel configuration.
|
||||||
<http://diehard.n-r-g.com/stuff/openbsd/> which adds a tap device to
|
|
||||||
OpenBSD which should work with tinc, but with recent versions of
|
|
||||||
OpenBSD, a tun device can act as a tap device by setting the link0
|
|
||||||
option with ifconfig.
|
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of NetBSD kernels, Next: Configuration of Solaris kernels, Prev: Configuration of OpenBSD kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of NetBSD kernels, Next: Configuration of Solaris kernels, Prev: Configuration of OpenBSD kernels, Up: Configuring the kernel
|
||||||
|
@ -247,7 +243,7 @@ For Solaris 8 (SunOS 5.8) and higher, the tun driver may or may not be
|
||||||
included in the default kernel configuration. If it isn't, the source
|
included in the default kernel configuration. If it isn't, the source
|
||||||
can be downloaded from <http://vtun.sourceforge.net/tun/>. For x86 and
|
can be downloaded from <http://vtun.sourceforge.net/tun/>. For x86 and
|
||||||
sparc64 architectures, precompiled versions can be found at
|
sparc64 architectures, precompiled versions can be found at
|
||||||
<http://www.monkey.org/~dugsong/fragroute/>. If the 'net/if_tun.h'
|
<https://www.monkey.org/~dugsong/fragroute/>. If the 'net/if_tun.h'
|
||||||
header file is missing, install it from the source package.
|
header file is missing, install it from the source package.
|
||||||
|
|
||||||
|
|
||||||
|
@ -274,7 +270,8 @@ File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin
|
||||||
------------------------------
|
------------------------------
|
||||||
|
|
||||||
You will need to install the latest TAP-Win32 driver from OpenVPN. You
|
You will need to install the latest TAP-Win32 driver from OpenVPN. You
|
||||||
can download it from <http://openvpn.sourceforge.net>. Using the
|
can download it from
|
||||||
|
<https://openvpn.net/index.php/open-source/downloads.html>. Using the
|
||||||
Network Connections control panel, configure the TAP-Win32 network
|
Network Connections control panel, configure the TAP-Win32 network
|
||||||
interface in the same way as you would do from the tinc-up script, as
|
interface in the same way as you would do from the tinc-up script, as
|
||||||
explained in the rest of the documentation.
|
explained in the rest of the documentation.
|
||||||
|
@ -285,25 +282,25 @@ File: tinc.info, Node: Libraries, Prev: Configuring the kernel, Up: Preparati
|
||||||
2.2 Libraries
|
2.2 Libraries
|
||||||
=============
|
=============
|
||||||
|
|
||||||
Before you can configure or build tinc, you need to have the OpenSSL,
|
Before you can configure or build tinc, you need to have the LibreSSL or
|
||||||
zlib and lzo libraries installed on your system. If you try to
|
OpenSSL, zlib and lzo libraries installed on your system. If you try to
|
||||||
configure tinc without having them installed, configure will give you an
|
configure tinc without having them installed, configure will give you an
|
||||||
error message, and stop.
|
error message, and stop.
|
||||||
|
|
||||||
* Menu:
|
* Menu:
|
||||||
|
|
||||||
* OpenSSL::
|
* LibreSSL/OpenSSL::
|
||||||
* zlib::
|
* zlib::
|
||||||
* lzo::
|
* lzo::
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: OpenSSL, Next: zlib, Up: Libraries
|
File: tinc.info, Node: LibreSSL/OpenSSL, Next: zlib, Up: Libraries
|
||||||
|
|
||||||
2.2.1 OpenSSL
|
2.2.1 LibreSSL/OpenSSL
|
||||||
-------------
|
----------------------
|
||||||
|
|
||||||
For all cryptography-related functions, tinc uses the functions provided
|
For all cryptography-related functions, tinc uses the functions provided
|
||||||
by the OpenSSL library.
|
by the LibreSSL or the OpenSSL library.
|
||||||
|
|
||||||
If this library is not installed, you will get an error when
|
If this library is not installed, you will get an error when
|
||||||
configuring tinc for build. Support for running tinc with other
|
configuring tinc for build. Support for running tinc with other
|
||||||
|
@ -313,19 +310,22 @@ cryptographic libraries installed _may_ be added in the future.
|
||||||
if available. Make sure you install the development AND runtime
|
if available. Make sure you install the development AND runtime
|
||||||
versions of this package.
|
versions of this package.
|
||||||
|
|
||||||
If you have to install OpenSSL manually, you can get the source code
|
If your operating system comes neither with LibreSSL or OpenSSL, you
|
||||||
from <http://www.openssl.org/>. Instructions on how to configure, build
|
have to install one manually. It is recommended that you get the latest
|
||||||
and install this package are included within the package. Please make
|
version of LibreSSL from <http://www.libressl.org/>. Instructions on
|
||||||
sure you build development and runtime libraries (which is the default).
|
how to configure, build and install this package are included within the
|
||||||
|
package. Please make sure you build development and runtime libraries
|
||||||
|
(which is the default).
|
||||||
|
|
||||||
If you installed the OpenSSL libraries from source, it may be
|
If you installed the LibreSSL or OpenSSL libraries from source, it
|
||||||
necessary to let configure know where they are, by passing configure one
|
may be necessary to let configure know where they are, by passing
|
||||||
of the -with-openssl-* parameters.
|
configure one of the -with-openssl-* parameters. Note that you even
|
||||||
|
have to use -with-openssl-* if you are using LibreSSL.
|
||||||
|
|
||||||
--with-openssl=DIR OpenSSL library and headers prefix
|
--with-openssl=DIR LibreSSL/OpenSSL library and headers prefix
|
||||||
--with-openssl-include=DIR OpenSSL headers directory
|
--with-openssl-include=DIR LibreSSL/OpenSSL headers directory
|
||||||
(Default is OPENSSL_DIR/include)
|
(Default is OPENSSL_DIR/include)
|
||||||
--with-openssl-lib=DIR OpenSSL library directory
|
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
|
||||||
(Default is OPENSSL_DIR/lib)
|
(Default is OPENSSL_DIR/lib)
|
||||||
|
|
||||||
License
|
License
|
||||||
|
@ -334,7 +334,7 @@ License
|
||||||
The complete source code of tinc is covered by the GNU GPL version 2.
|
The complete source code of tinc is covered by the GNU GPL version 2.
|
||||||
Since the license under which OpenSSL is distributed is not directly
|
Since the license under which OpenSSL is distributed is not directly
|
||||||
compatible with the terms of the GNU GPL
|
compatible with the terms of the GNU GPL
|
||||||
<http://www.openssl.org/support/faq.html#LEGAL2>, we include an
|
<https://www.openssl.org/support/faq.html#LEGAL2>, we include an
|
||||||
exemption to the GPL (see also the file COPYING.README) to allow
|
exemption to the GPL (see also the file COPYING.README) to allow
|
||||||
everyone to create a statically or dynamically linked executable:
|
everyone to create a statically or dynamically linked executable:
|
||||||
|
|
||||||
|
@ -347,13 +347,13 @@ everyone to create a statically or dynamically linked executable:
|
||||||
also present the following exemption:
|
also present the following exemption:
|
||||||
|
|
||||||
Hereby I grant a special exception to the tinc VPN project
|
Hereby I grant a special exception to the tinc VPN project
|
||||||
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL
|
(https://www.tinc-vpn.org/) to link the LZO library with the
|
||||||
library (http://www.openssl.org).
|
OpenSSL library (https://www.openssl.org).
|
||||||
|
|
||||||
Markus F.X.J. Oberhumer
|
Markus F.X.J. Oberhumer
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: zlib, Next: lzo, Prev: OpenSSL, Up: Libraries
|
File: tinc.info, Node: zlib, Next: lzo, Prev: LibreSSL/OpenSSL, Up: Libraries
|
||||||
|
|
||||||
2.2.2 zlib
|
2.2.2 zlib
|
||||||
----------
|
----------
|
||||||
|
@ -373,10 +373,9 @@ if available. Make sure you install the development AND runtime
|
||||||
versions of this package.
|
versions of this package.
|
||||||
|
|
||||||
If you have to install zlib manually, you can get the source code
|
If you have to install zlib manually, you can get the source code
|
||||||
from <http://www.gzip.org/zlib/>. Instructions on how to configure,
|
from <http://www.zlib.net/>. Instructions on how to configure, build
|
||||||
build and install this package are included within the package. Please
|
and install this package are included within the package. Please make
|
||||||
make sure you build development and runtime libraries (which is the
|
sure you build development and runtime libraries (which is the default).
|
||||||
default).
|
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: lzo, Prev: zlib, Up: Libraries
|
File: tinc.info, Node: lzo, Prev: zlib, Up: Libraries
|
||||||
|
@ -398,7 +397,7 @@ if available. Make sure you install the development AND runtime
|
||||||
versions of this package.
|
versions of this package.
|
||||||
|
|
||||||
If you have to install lzo manually, you can get the source code from
|
If you have to install lzo manually, you can get the source code from
|
||||||
<http://www.oberhumer.com/opensource/lzo/>. Instructions on how to
|
<https://www.oberhumer.com/opensource/lzo/>. Instructions on how to
|
||||||
configure, build and install this package are included within the
|
configure, build and install this package are included within the
|
||||||
package. Please make sure you build development and runtime libraries
|
package. Please make sure you build development and runtime libraries
|
||||||
(which is the default).
|
(which is the default).
|
||||||
|
@ -416,9 +415,7 @@ startup scripts and sample configurations.
|
||||||
If you cannot use one of the precompiled packages, or you want to
|
If you cannot use one of the precompiled packages, or you want to
|
||||||
compile tinc for yourself, you can use the source. The source is
|
compile tinc for yourself, you can use the source. The source is
|
||||||
distributed under the GNU General Public License (GPL). Download the
|
distributed under the GNU General Public License (GPL). Download the
|
||||||
source from the download page (http://www.tinc-vpn.org/download/), which
|
source from the download page (https://www.tinc-vpn.org/download/).
|
||||||
has the checksums of these files listed; you may wish to check these
|
|
||||||
with md5sum before continuing.
|
|
||||||
|
|
||||||
Tinc comes in a convenient autoconf/automake package, which you can
|
Tinc comes in a convenient autoconf/automake package, which you can
|
||||||
just treat the same as any other package. Which is just untar it, type
|
just treat the same as any other package. Which is just untar it, type
|
||||||
|
@ -456,13 +453,13 @@ File: tinc.info, Node: Darwin (Mac OS X) build environment, Next: Cygwin (Wind
|
||||||
3.1.1 Darwin (Mac OS X) build environment
|
3.1.1 Darwin (Mac OS X) build environment
|
||||||
-----------------------------------------
|
-----------------------------------------
|
||||||
|
|
||||||
In order to build tinc on Darwin, you need to install the Mac OS X
|
In order to build tinc on Darwin, you need to install Xcode from
|
||||||
Developer Tools from <http://developer.apple.com/tools/macosxtools.html>
|
<https://developer.apple.com/xcode/>. It might also help to install a
|
||||||
and preferably a recent version of Fink from
|
recent version of Fink from <http://www.finkproject.org/>.
|
||||||
<http://www.finkproject.org/>.
|
|
||||||
|
|
||||||
After installation use fink to download and install the following
|
You need to download and install LibreSSL (or OpenSSL) and LZO,
|
||||||
packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
either directly from their websites (see *note Libraries::) or using
|
||||||
|
Fink.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Windows) build environment, Prev: Darwin (Mac OS X) build environment, Up: Building and installing tinc
|
File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Windows) build environment, Prev: Darwin (Mac OS X) build environment, Up: Building and installing tinc
|
||||||
|
@ -471,7 +468,7 @@ File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Window
|
||||||
----------------------------------------
|
----------------------------------------
|
||||||
|
|
||||||
If Cygwin hasn't already been installed, install it directly from
|
If Cygwin hasn't already been installed, install it directly from
|
||||||
<http://www.cygwin.com/>.
|
<https://www.cygwin.com/>.
|
||||||
|
|
||||||
When tinc is compiled in a Cygwin environment, it can only be run in
|
When tinc is compiled in a Cygwin environment, it can only be run in
|
||||||
this environment, but all programs, including those started outside the
|
this environment, but all programs, including those started outside the
|
||||||
|
@ -485,7 +482,8 @@ File: tinc.info, Node: MinGW (Windows) build environment, Prev: Cygwin (Window
|
||||||
---------------------------------------
|
---------------------------------------
|
||||||
|
|
||||||
You will need to install the MinGW environment from
|
You will need to install the MinGW environment from
|
||||||
<http://www.mingw.org>.
|
<http://www.mingw.org>. You also need to download and install LibreSSL
|
||||||
|
(or OpenSSL) and LZO.
|
||||||
|
|
||||||
When tinc is compiled using MinGW it runs natively under Windows, it
|
When tinc is compiled using MinGW it runs natively under Windows, it
|
||||||
is not necessary to keep MinGW installed.
|
is not necessary to keep MinGW installed.
|
||||||
|
@ -1057,9 +1055,9 @@ Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
|
||||||
|
|
||||||
Cipher = <CIPHER> (blowfish)
|
Cipher = <CIPHER> (blowfish)
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
||||||
cipher supported by OpenSSL is recognized. Furthermore, specifying
|
cipher supported by LibreSSL or OpenSSL is recognized.
|
||||||
"none" will turn off packet encryption. It is best to use only
|
Furthermore, specifying "none" will turn off packet encryption. It
|
||||||
those ciphers which support CBC mode.
|
is best to use only those ciphers which support CBC mode.
|
||||||
|
|
||||||
ClampMSS = <yes|no> (yes)
|
ClampMSS = <yes|no> (yes)
|
||||||
This option specifies whether tinc should clamp the maximum segment
|
This option specifies whether tinc should clamp the maximum segment
|
||||||
|
@ -1074,8 +1072,8 @@ Compression = <LEVEL> (0)
|
||||||
|
|
||||||
Digest = <DIGEST> (sha1)
|
Digest = <DIGEST> (sha1)
|
||||||
The digest algorithm used to authenticate UDP packets. Any digest
|
The digest algorithm used to authenticate UDP packets. Any digest
|
||||||
supported by OpenSSL is recognized. Furthermore, specifying "none"
|
supported by LibreSSL or OpenSSL is recognized. Furthermore,
|
||||||
will turn off packet authentication.
|
specifying "none" will turn off packet authentication.
|
||||||
|
|
||||||
IndirectData = <yes|no> (no)
|
IndirectData = <yes|no> (no)
|
||||||
This option specifies whether other tinc daemons besides the one
|
This option specifies whether other tinc daemons besides the one
|
||||||
|
@ -1137,7 +1135,7 @@ Subnet = <ADDRESS[/PREFIXLENGTH[#WEIGHT]]>
|
||||||
Prefixlength is the number of bits set to 1 in the netmask part;
|
Prefixlength is the number of bits set to 1 in the netmask part;
|
||||||
for example: netmask 255.255.255.0 would become /24, 255.255.252.0
|
for example: netmask 255.255.255.0 would become /24, 255.255.252.0
|
||||||
becomes /22. This conforms to standard CIDR notation as described
|
becomes /22. This conforms to standard CIDR notation as described
|
||||||
in RFC1519 (http://www.ietf.org/rfc/rfc1519.txt)
|
in RFC1519 (https://www.ietf.org/rfc/rfc1519.txt)
|
||||||
|
|
||||||
A Subnet can be given a weight to indicate its priority over
|
A Subnet can be given a weight to indicate its priority over
|
||||||
identical Subnets owned by different nodes. The default weight is
|
identical Subnets owned by different nodes. The default weight is
|
||||||
|
@ -2098,7 +2096,7 @@ intercept. The encryption algorithm and message authentication
|
||||||
algorithm can be changed in the configuration. The length of the
|
algorithm can be changed in the configuration. The length of the
|
||||||
message authentication codes is also adjustable. The length of the key
|
message authentication codes is also adjustable. The length of the key
|
||||||
for the encryption algorithm is always the default length used by
|
for the encryption algorithm is always the default length used by
|
||||||
OpenSSL.
|
LibreSSL/OpenSSL.
|
||||||
|
|
||||||
* Menu:
|
* Menu:
|
||||||
|
|
||||||
|
@ -2256,8 +2254,8 @@ In August 2000, we discovered the existence of a security hole in all
|
||||||
versions of tinc up to and including 1.0pre2. This had to do with the
|
versions of tinc up to and including 1.0pre2. This had to do with the
|
||||||
way we exchanged keys. Since then, we have been working on a new
|
way we exchanged keys. Since then, we have been working on a new
|
||||||
authentication scheme to make tinc as secure as possible. The current
|
authentication scheme to make tinc as secure as possible. The current
|
||||||
version uses the OpenSSL library and uses strong authentication with RSA
|
version uses the LibreSSL or OpenSSL library and uses strong
|
||||||
keys.
|
authentication with RSA keys.
|
||||||
|
|
||||||
On the 29th of December 2001, Jerome Etienne posted a security
|
On the 29th of December 2001, Jerome Etienne posted a security
|
||||||
analysis of tinc 1.0pre4. Due to a lack of sequence numbers and a
|
analysis of tinc 1.0pre4. Due to a lack of sequence numbers and a
|
||||||
|
@ -2393,12 +2391,12 @@ File: tinc.info, Node: Contact information, Next: Authors, Up: About us
|
||||||
8.1 Contact information
|
8.1 Contact information
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
Tinc's website is at <http://www.tinc-vpn.org/>, this server is located
|
Tinc's website is at <https://www.tinc-vpn.org/>, this server is located
|
||||||
in the Netherlands.
|
in the Netherlands.
|
||||||
|
|
||||||
We have an IRC channel on the FreeNode and OFTC IRC networks.
|
We have an IRC channel on the FreeNode and OFTC IRC networks.
|
||||||
Connect to irc.freenode.net (http://www.freenode.net/) or irc.oftc.net
|
Connect to irc.freenode.net (https://freenode.net/) or irc.oftc.net
|
||||||
(http://www.oftc.net/) and join channel #tinc.
|
(https://www.oftc.net/) and join channel #tinc.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Authors, Prev: Contact information, Up: About us
|
File: tinc.info, Node: Authors, Prev: Contact information, Up: About us
|
||||||
|
@ -2515,7 +2513,8 @@ Concept Index
|
||||||
(line 206)
|
(line 206)
|
||||||
* KEY_CHANGED: The meta-protocol. (line 63)
|
* KEY_CHANGED: The meta-protocol. (line 63)
|
||||||
* libraries: Libraries. (line 6)
|
* libraries: Libraries. (line 6)
|
||||||
* license: OpenSSL. (line 35)
|
* LibreSSL: LibreSSL/OpenSSL. (line 6)
|
||||||
|
* license: LibreSSL/OpenSSL. (line 38)
|
||||||
* LocalDiscovery: Main configuration variables.
|
* LocalDiscovery: Main configuration variables.
|
||||||
(line 212)
|
(line 212)
|
||||||
* lzo: lzo. (line 6)
|
* lzo: lzo. (line 6)
|
||||||
|
@ -2542,7 +2541,7 @@ Concept Index
|
||||||
* Network Administrators Guide: Configuration introduction.
|
* Network Administrators Guide: Configuration introduction.
|
||||||
(line 15)
|
(line 15)
|
||||||
* NODE: Scripts. (line 71)
|
* NODE: Scripts. (line 71)
|
||||||
* OpenSSL: OpenSSL. (line 6)
|
* OpenSSL: LibreSSL/OpenSSL. (line 6)
|
||||||
* options: Runtime options. (line 9)
|
* options: Runtime options. (line 9)
|
||||||
* PEM format: Host configuration variables.
|
* PEM format: Host configuration variables.
|
||||||
(line 69)
|
(line 69)
|
||||||
|
@ -2656,61 +2655,61 @@ Node: Introduction1105
|
||||||
Node: Virtual Private Networks1915
|
Node: Virtual Private Networks1915
|
||||||
Node: tinc3639
|
Node: tinc3639
|
||||||
Node: Supported platforms5166
|
Node: Supported platforms5166
|
||||||
Node: Preparations5866
|
Node: Preparations5867
|
||||||
Node: Configuring the kernel6122
|
Node: Configuring the kernel6123
|
||||||
Node: Configuration of Linux kernels6532
|
Node: Configuration of Linux kernels6533
|
||||||
Node: Configuration of FreeBSD kernels7387
|
Node: Configuration of FreeBSD kernels7388
|
||||||
Node: Configuration of OpenBSD kernels7852
|
Node: Configuration of OpenBSD kernels7853
|
||||||
Node: Configuration of NetBSD kernels8460
|
Node: Configuration of NetBSD kernels8210
|
||||||
Node: Configuration of Solaris kernels8865
|
Node: Configuration of Solaris kernels8615
|
||||||
Node: Configuration of Darwin (Mac OS X) kernels9527
|
Node: Configuration of Darwin (Mac OS X) kernels9278
|
||||||
Node: Configuration of Windows10346
|
Node: Configuration of Windows10097
|
||||||
Node: Libraries10860
|
Node: Libraries10637
|
||||||
Node: OpenSSL11248
|
Node: LibreSSL/OpenSSL11046
|
||||||
Node: zlib13536
|
Node: zlib13588
|
||||||
Node: lzo14564
|
Node: lzo14620
|
||||||
Node: Installation15546
|
Node: Installation15603
|
||||||
Node: Building and installing tinc16561
|
Node: Building and installing tinc16513
|
||||||
Node: Darwin (Mac OS X) build environment17221
|
Node: Darwin (Mac OS X) build environment17173
|
||||||
Node: Cygwin (Windows) build environment17803
|
Node: Cygwin (Windows) build environment17738
|
||||||
Node: MinGW (Windows) build environment18391
|
Node: MinGW (Windows) build environment18327
|
||||||
Node: System files18915
|
Node: System files18921
|
||||||
Node: Device files19180
|
Node: Device files19186
|
||||||
Node: Other files19596
|
Node: Other files19602
|
||||||
Node: Configuration20209
|
Node: Configuration20215
|
||||||
Node: Configuration introduction20520
|
Node: Configuration introduction20526
|
||||||
Node: Multiple networks21788
|
Node: Multiple networks21794
|
||||||
Node: How connections work23214
|
Node: How connections work23220
|
||||||
Node: Configuration files24436
|
Node: Configuration files24442
|
||||||
Node: Main configuration variables25930
|
Node: Main configuration variables25936
|
||||||
Node: Host configuration variables42187
|
Node: Host configuration variables42193
|
||||||
Node: Scripts47690
|
Node: Scripts47720
|
||||||
Node: How to configure50956
|
Node: How to configure50986
|
||||||
Node: Generating keypairs52214
|
Node: Generating keypairs52244
|
||||||
Node: Network interfaces52713
|
Node: Network interfaces52743
|
||||||
Node: Example configuration54561
|
Node: Example configuration54591
|
||||||
Node: Running tinc59886
|
Node: Running tinc59916
|
||||||
Node: Runtime options60476
|
Node: Runtime options60506
|
||||||
Node: Signals63778
|
Node: Signals63808
|
||||||
Node: Debug levels64969
|
Node: Debug levels64999
|
||||||
Node: Solving problems65905
|
Node: Solving problems65935
|
||||||
Node: Error messages67457
|
Node: Error messages67487
|
||||||
Node: Sending bug reports71466
|
Node: Sending bug reports71496
|
||||||
Node: Technical information72413
|
Node: Technical information72443
|
||||||
Node: The connection72644
|
Node: The connection72674
|
||||||
Node: The UDP tunnel72956
|
Node: The UDP tunnel72986
|
||||||
Node: The meta-connection76017
|
Node: The meta-connection76047
|
||||||
Node: The meta-protocol77486
|
Node: The meta-protocol77516
|
||||||
Node: Security82503
|
Node: Security82533
|
||||||
Node: Authentication protocol83636
|
Node: Authentication protocol83675
|
||||||
Node: Encryption of network packets88681
|
Node: Encryption of network packets88720
|
||||||
Node: Security issues90057
|
Node: Security issues90096
|
||||||
Node: Platform specific information91684
|
Node: Platform specific information91735
|
||||||
Node: Interface configuration91912
|
Node: Interface configuration91963
|
||||||
Node: Routes94383
|
Node: Routes94434
|
||||||
Node: About us96397
|
Node: About us96448
|
||||||
Node: Contact information96572
|
Node: Contact information96623
|
||||||
Node: Authors96976
|
Node: Authors97026
|
||||||
Node: Concept Index97381
|
Node: Concept Index97431
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
|
@ -186,7 +186,7 @@ packets.
|
||||||
@cindex release
|
@cindex release
|
||||||
For an up to date list of supported platforms, please check the list on
|
For an up to date list of supported platforms, please check the list on
|
||||||
our website:
|
our website:
|
||||||
@uref{http://www.tinc-vpn.org/platforms/}.
|
@uref{https://www.tinc-vpn.org/platforms/}.
|
||||||
|
|
||||||
@c
|
@c
|
||||||
@c
|
@c
|
||||||
|
@ -268,12 +268,7 @@ The tap driver can be loaded with @code{kldload if_tap}, or by adding @code{if_t
|
||||||
@node Configuration of OpenBSD kernels
|
@node Configuration of OpenBSD kernels
|
||||||
@subsection Configuration of OpenBSD kernels
|
@subsection Configuration of OpenBSD kernels
|
||||||
|
|
||||||
For OpenBSD version 2.9 and higher,
|
Recent versions of OpenBSD come with both tun and tap devices enabled in the default kernel configuration.
|
||||||
the tun driver is included in the default kernel configuration.
|
|
||||||
There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/}
|
|
||||||
which adds a tap device to OpenBSD which should work with tinc,
|
|
||||||
but with recent versions of OpenBSD,
|
|
||||||
a tun device can act as a tap device by setting the link0 option with ifconfig.
|
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
|
@ -293,7 +288,7 @@ Tunneling IPv6 may not work on NetBSD's tun device.
|
||||||
For Solaris 8 (SunOS 5.8) and higher,
|
For Solaris 8 (SunOS 5.8) and higher,
|
||||||
the tun driver may or may not be included in the default kernel configuration.
|
the tun driver may or may not be included in the default kernel configuration.
|
||||||
If it isn't, the source can be downloaded from @uref{http://vtun.sourceforge.net/tun/}.
|
If it isn't, the source can be downloaded from @uref{http://vtun.sourceforge.net/tun/}.
|
||||||
For x86 and sparc64 architectures, precompiled versions can be found at @uref{http://www.monkey.org/~dugsong/fragroute/}.
|
For x86 and sparc64 architectures, precompiled versions can be found at @uref{https://www.monkey.org/~dugsong/fragroute/}.
|
||||||
If the @file{net/if_tun.h} header file is missing, install it from the source package.
|
If the @file{net/if_tun.h} header file is missing, install it from the source package.
|
||||||
|
|
||||||
|
|
||||||
|
@ -317,7 +312,7 @@ You can also omit the number, in which case the first free number will be chosen
|
||||||
@subsection Configuration of Windows
|
@subsection Configuration of Windows
|
||||||
|
|
||||||
You will need to install the latest TAP-Win32 driver from OpenVPN.
|
You will need to install the latest TAP-Win32 driver from OpenVPN.
|
||||||
You can download it from @uref{http://openvpn.sourceforge.net}.
|
You can download it from @uref{https://openvpn.net/index.php/open-source/downloads.html}.
|
||||||
Using the Network Connections control panel,
|
Using the Network Connections control panel,
|
||||||
configure the TAP-Win32 network interface in the same way as you would do from the tinc-up script,
|
configure the TAP-Win32 network interface in the same way as you would do from the tinc-up script,
|
||||||
as explained in the rest of the documentation.
|
as explained in the rest of the documentation.
|
||||||
|
@ -329,24 +324,25 @@ as explained in the rest of the documentation.
|
||||||
|
|
||||||
@cindex requirements
|
@cindex requirements
|
||||||
@cindex libraries
|
@cindex libraries
|
||||||
Before you can configure or build tinc, you need to have the OpenSSL,
|
Before you can configure or build tinc, you need to have the LibreSSL or OpenSSL,
|
||||||
zlib and lzo libraries installed on your system. If you try to configure tinc without
|
zlib and lzo libraries installed on your system. If you try to configure tinc without
|
||||||
having them installed, configure will give you an error message, and stop.
|
having them installed, configure will give you an error message, and stop.
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
* OpenSSL::
|
* LibreSSL/OpenSSL::
|
||||||
* zlib::
|
* zlib::
|
||||||
* lzo::
|
* lzo::
|
||||||
@end menu
|
@end menu
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node OpenSSL
|
@node LibreSSL/OpenSSL
|
||||||
@subsection OpenSSL
|
@subsection LibreSSL/OpenSSL
|
||||||
|
|
||||||
|
@cindex LibreSSL
|
||||||
@cindex OpenSSL
|
@cindex OpenSSL
|
||||||
For all cryptography-related functions, tinc uses the functions provided
|
For all cryptography-related functions, tinc uses the functions provided
|
||||||
by the OpenSSL library.
|
by the LibreSSL or the OpenSSL library.
|
||||||
|
|
||||||
If this library is not installed, you will get an error when configuring
|
If this library is not installed, you will get an error when configuring
|
||||||
tinc for build. Support for running tinc with other cryptographic libraries
|
tinc for build. Support for running tinc with other cryptographic libraries
|
||||||
|
@ -356,21 +352,23 @@ You can use your operating system's package manager to install this if
|
||||||
available. Make sure you install the development AND runtime versions
|
available. Make sure you install the development AND runtime versions
|
||||||
of this package.
|
of this package.
|
||||||
|
|
||||||
If you have to install OpenSSL manually, you can get the source code
|
If your operating system comes neither with LibreSSL or OpenSSL, you have to
|
||||||
from @url{http://www.openssl.org/}. Instructions on how to configure,
|
install one manually. It is recommended that you get the latest version of
|
||||||
build and install this package are included within the package. Please
|
LibreSSL from @url{http://www.libressl.org/}. Instructions on how to
|
||||||
make sure you build development and runtime libraries (which is the
|
configure, build and install this package are included within the package.
|
||||||
|
Please make sure you build development and runtime libraries (which is the
|
||||||
default).
|
default).
|
||||||
|
|
||||||
If you installed the OpenSSL libraries from source, it may be necessary
|
If you installed the LibreSSL or OpenSSL libraries from source, it may be necessary
|
||||||
to let configure know where they are, by passing configure one of the
|
to let configure know where they are, by passing configure one of the
|
||||||
--with-openssl-* parameters.
|
--with-openssl-* parameters. Note that you even have to use --with-openssl-* if you
|
||||||
|
are using LibreSSL.
|
||||||
|
|
||||||
@example
|
@example
|
||||||
--with-openssl=DIR OpenSSL library and headers prefix
|
--with-openssl=DIR LibreSSL/OpenSSL library and headers prefix
|
||||||
--with-openssl-include=DIR OpenSSL headers directory
|
--with-openssl-include=DIR LibreSSL/OpenSSL headers directory
|
||||||
(Default is OPENSSL_DIR/include)
|
(Default is OPENSSL_DIR/include)
|
||||||
--with-openssl-lib=DIR OpenSSL library directory
|
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
|
||||||
(Default is OPENSSL_DIR/lib)
|
(Default is OPENSSL_DIR/lib)
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
|
@ -381,7 +379,7 @@ to let configure know where they are, by passing configure one of the
|
||||||
The complete source code of tinc is covered by the GNU GPL version 2.
|
The complete source code of tinc is covered by the GNU GPL version 2.
|
||||||
Since the license under which OpenSSL is distributed is not directly
|
Since the license under which OpenSSL is distributed is not directly
|
||||||
compatible with the terms of the GNU GPL
|
compatible with the terms of the GNU GPL
|
||||||
@uref{http://www.openssl.org/support/faq.html#LEGAL2}, we
|
@uref{https://www.openssl.org/support/faq.html#LEGAL2}, we
|
||||||
include an exemption to the GPL (see also the file COPYING.README) to allow
|
include an exemption to the GPL (see also the file COPYING.README) to allow
|
||||||
everyone to create a statically or dynamically linked executable:
|
everyone to create a statically or dynamically linked executable:
|
||||||
|
|
||||||
|
@ -397,8 +395,8 @@ we also present the following exemption:
|
||||||
|
|
||||||
@quotation
|
@quotation
|
||||||
Hereby I grant a special exception to the tinc VPN project
|
Hereby I grant a special exception to the tinc VPN project
|
||||||
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
(https://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
||||||
(http://www.openssl.org).
|
(https://www.openssl.org).
|
||||||
|
|
||||||
Markus F.X.J. Oberhumer
|
Markus F.X.J. Oberhumer
|
||||||
@end quotation
|
@end quotation
|
||||||
|
@ -423,7 +421,7 @@ available. Make sure you install the development AND runtime versions
|
||||||
of this package.
|
of this package.
|
||||||
|
|
||||||
If you have to install zlib manually, you can get the source code
|
If you have to install zlib manually, you can get the source code
|
||||||
from @url{http://www.gzip.org/zlib/}. Instructions on how to configure,
|
from @url{http://www.zlib.net/}. Instructions on how to configure,
|
||||||
build and install this package are included within the package. Please
|
build and install this package are included within the package. Please
|
||||||
make sure you build development and runtime libraries (which is the
|
make sure you build development and runtime libraries (which is the
|
||||||
default).
|
default).
|
||||||
|
@ -447,7 +445,7 @@ available. Make sure you install the development AND runtime versions
|
||||||
of this package.
|
of this package.
|
||||||
|
|
||||||
If you have to install lzo manually, you can get the source code
|
If you have to install lzo manually, you can get the source code
|
||||||
from @url{http://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure,
|
from @url{https://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure,
|
||||||
build and install this package are included within the package. Please
|
build and install this package are included within the package. Please
|
||||||
make sure you build development and runtime libraries (which is the
|
make sure you build development and runtime libraries (which is the
|
||||||
default).
|
default).
|
||||||
|
@ -473,9 +471,7 @@ system startup scripts and sample configurations.
|
||||||
If you cannot use one of the precompiled packages, or you want to compile tinc
|
If you cannot use one of the precompiled packages, or you want to compile tinc
|
||||||
for yourself, you can use the source. The source is distributed under
|
for yourself, you can use the source. The source is distributed under
|
||||||
the GNU General Public License (GPL). Download the source from the
|
the GNU General Public License (GPL). Download the source from the
|
||||||
@uref{http://www.tinc-vpn.org/download/, download page}, which has
|
@uref{https://www.tinc-vpn.org/download/, download page}.
|
||||||
the checksums of these files listed; you may wish to check these with
|
|
||||||
md5sum before continuing.
|
|
||||||
|
|
||||||
Tinc comes in a convenient autoconf/automake package, which you can just
|
Tinc comes in a convenient autoconf/automake package, which you can just
|
||||||
treat the same as any other package. Which is just untar it, type
|
treat the same as any other package. Which is just untar it, type
|
||||||
|
@ -512,19 +508,18 @@ The documentation that comes along with your distribution will tell you how to d
|
||||||
@node Darwin (Mac OS X) build environment
|
@node Darwin (Mac OS X) build environment
|
||||||
@subsection Darwin (Mac OS X) build environment
|
@subsection Darwin (Mac OS X) build environment
|
||||||
|
|
||||||
In order to build tinc on Darwin, you need to install the Mac OS X Developer Tools
|
In order to build tinc on Darwin, you need to install Xcode from @uref{https://developer.apple.com/xcode/}.
|
||||||
from @uref{http://developer.apple.com/tools/macosxtools.html} and
|
It might also help to install a recent version of Fink from @uref{http://www.finkproject.org/}.
|
||||||
preferably a recent version of Fink from @uref{http://www.finkproject.org/}.
|
|
||||||
|
|
||||||
After installation use fink to download and install the following packages:
|
You need to download and install LibreSSL (or OpenSSL) and LZO,
|
||||||
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
either directly from their websites (see @ref{Libraries}) or using Fink.
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node Cygwin (Windows) build environment
|
@node Cygwin (Windows) build environment
|
||||||
@subsection Cygwin (Windows) build environment
|
@subsection Cygwin (Windows) build environment
|
||||||
|
|
||||||
If Cygwin hasn't already been installed, install it directly from
|
If Cygwin hasn't already been installed, install it directly from
|
||||||
@uref{http://www.cygwin.com/}.
|
@uref{https://www.cygwin.com/}.
|
||||||
|
|
||||||
When tinc is compiled in a Cygwin environment, it can only be run in this environment,
|
When tinc is compiled in a Cygwin environment, it can only be run in this environment,
|
||||||
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
|
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
|
||||||
|
@ -535,6 +530,7 @@ It will also support all features.
|
||||||
@subsection MinGW (Windows) build environment
|
@subsection MinGW (Windows) build environment
|
||||||
|
|
||||||
You will need to install the MinGW environment from @uref{http://www.mingw.org}.
|
You will need to install the MinGW environment from @uref{http://www.mingw.org}.
|
||||||
|
You also need to download and install LibreSSL (or OpenSSL) and LZO.
|
||||||
|
|
||||||
When tinc is compiled using MinGW it runs natively under Windows,
|
When tinc is compiled using MinGW it runs natively under Windows,
|
||||||
it is not necessary to keep MinGW installed.
|
it is not necessary to keep MinGW installed.
|
||||||
|
@ -1149,7 +1145,7 @@ tried until a working connection has been established.
|
||||||
@cindex Cipher
|
@cindex Cipher
|
||||||
@item Cipher = <@var{cipher}> (blowfish)
|
@item Cipher = <@var{cipher}> (blowfish)
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
The symmetric cipher algorithm used to encrypt UDP packets.
|
||||||
Any cipher supported by OpenSSL is recognized.
|
Any cipher supported by LibreSSL or OpenSSL is recognized.
|
||||||
Furthermore, specifying "none" will turn off packet encryption.
|
Furthermore, specifying "none" will turn off packet encryption.
|
||||||
It is best to use only those ciphers which support CBC mode.
|
It is best to use only those ciphers which support CBC mode.
|
||||||
|
|
||||||
|
@ -1168,7 +1164,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
||||||
@cindex Digest
|
@cindex Digest
|
||||||
@item Digest = <@var{digest}> (sha1)
|
@item Digest = <@var{digest}> (sha1)
|
||||||
The digest algorithm used to authenticate UDP packets.
|
The digest algorithm used to authenticate UDP packets.
|
||||||
Any digest supported by OpenSSL is recognized.
|
Any digest supported by LibreSSL or OpenSSL is recognized.
|
||||||
Furthermore, specifying "none" will turn off packet authentication.
|
Furthermore, specifying "none" will turn off packet authentication.
|
||||||
|
|
||||||
@cindex IndirectData
|
@cindex IndirectData
|
||||||
|
@ -1239,7 +1235,7 @@ MAC addresses are notated like 0:1a:2b:3c:4d:5e.
|
||||||
Prefixlength is the number of bits set to 1 in the netmask part; for
|
Prefixlength is the number of bits set to 1 in the netmask part; for
|
||||||
example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes
|
example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes
|
||||||
/22. This conforms to standard CIDR notation as described in
|
/22. This conforms to standard CIDR notation as described in
|
||||||
@uref{http://www.ietf.org/rfc/rfc1519.txt, RFC1519}
|
@uref{https://www.ietf.org/rfc/rfc1519.txt, RFC1519}
|
||||||
|
|
||||||
@cindex Subnet weight
|
@cindex Subnet weight
|
||||||
A Subnet can be given a weight to indicate its priority over identical Subnets
|
A Subnet can be given a weight to indicate its priority over identical Subnets
|
||||||
|
@ -2254,7 +2250,7 @@ eavesdroppers cannot get and cannot change any information at all from the
|
||||||
packets they can intercept. The encryption algorithm and message authentication
|
packets they can intercept. The encryption algorithm and message authentication
|
||||||
algorithm can be changed in the configuration. The length of the message
|
algorithm can be changed in the configuration. The length of the message
|
||||||
authentication codes is also adjustable. The length of the key for the
|
authentication codes is also adjustable. The length of the key for the
|
||||||
encryption algorithm is always the default length used by OpenSSL.
|
encryption algorithm is always the default length used by LibreSSL/OpenSSL.
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
* Authentication protocol::
|
* Authentication protocol::
|
||||||
|
@ -2413,7 +2409,7 @@ the MACLength configuration variable.
|
||||||
In August 2000, we discovered the existence of a security hole in all versions
|
In August 2000, we discovered the existence of a security hole in all versions
|
||||||
of tinc up to and including 1.0pre2. This had to do with the way we exchanged
|
of tinc up to and including 1.0pre2. This had to do with the way we exchanged
|
||||||
keys. Since then, we have been working on a new authentication scheme to make
|
keys. Since then, we have been working on a new authentication scheme to make
|
||||||
tinc as secure as possible. The current version uses the OpenSSL library and
|
tinc as secure as possible. The current version uses the LibreSSL or OpenSSL library and
|
||||||
uses strong authentication with RSA keys.
|
uses strong authentication with RSA keys.
|
||||||
|
|
||||||
On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
|
On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
|
||||||
|
@ -2586,14 +2582,14 @@ Adding routes to IPv6 subnets:
|
||||||
@section Contact information
|
@section Contact information
|
||||||
|
|
||||||
@cindex website
|
@cindex website
|
||||||
Tinc's website is at @url{http://www.tinc-vpn.org/},
|
Tinc's website is at @url{https://www.tinc-vpn.org/},
|
||||||
this server is located in the Netherlands.
|
this server is located in the Netherlands.
|
||||||
|
|
||||||
@cindex IRC
|
@cindex IRC
|
||||||
We have an IRC channel on the FreeNode and OFTC IRC networks. Connect to
|
We have an IRC channel on the FreeNode and OFTC IRC networks. Connect to
|
||||||
@uref{http://www.freenode.net/, irc.freenode.net}
|
@uref{https://freenode.net/, irc.freenode.net}
|
||||||
or
|
or
|
||||||
@uref{http://www.oftc.net/, irc.oftc.net}
|
@uref{https://www.oftc.net/, irc.oftc.net}
|
||||||
and join channel #tinc.
|
and join channel #tinc.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -207,7 +207,7 @@ If you find any bugs, report them to tinc@tinc-vpn.org.
|
||||||
A lot, especially security auditing.
|
A lot, especially security auditing.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr tinc.conf 5 ,
|
.Xr tinc.conf 5 ,
|
||||||
.Pa http://www.tinc-vpn.org/ ,
|
.Pa https://www.tinc-vpn.org/ ,
|
||||||
.Pa http://www.cabal.org/ .
|
.Pa http://www.cabal.org/ .
|
||||||
.Pp
|
.Pp
|
||||||
The full documentation for tinc is maintained as a Texinfo manual.
|
The full documentation for tinc is maintained as a Texinfo manual.
|
||||||
|
|
|
@ -90,8 +90,11 @@ host_triplet = @host@
|
||||||
subdir = m4
|
subdir = m4
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
$(top_srcdir)/configure.ac
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
|
69
m4/ax_append_flag.m4
Normal file
69
m4/ax_append_flag.m4
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
# ===========================================================================
|
||||||
|
# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
|
||||||
|
# ===========================================================================
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
#
|
||||||
|
# AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
#
|
||||||
|
# FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
|
||||||
|
# added in between.
|
||||||
|
#
|
||||||
|
# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
|
||||||
|
# CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains
|
||||||
|
# FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly
|
||||||
|
# FLAG.
|
||||||
|
#
|
||||||
|
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
#
|
||||||
|
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
|
||||||
|
# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by the
|
||||||
|
# Free Software Foundation, either version 3 of the License, or (at your
|
||||||
|
# option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful, but
|
||||||
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||||
|
# Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# As a special exception, the respective Autoconf Macro's copyright owner
|
||||||
|
# gives unlimited permission to copy, distribute and modify the configure
|
||||||
|
# scripts that are the output of Autoconf when processing the Macro. You
|
||||||
|
# need not follow the terms of the GNU General Public License when using
|
||||||
|
# or distributing such scripts, even though portions of the text of the
|
||||||
|
# Macro appear in them. The GNU General Public License (GPL) does govern
|
||||||
|
# all other use of the material that constitutes the Autoconf Macro.
|
||||||
|
#
|
||||||
|
# This special exception to the GPL applies to versions of the Autoconf
|
||||||
|
# Macro released by the Autoconf Archive. When you make and distribute a
|
||||||
|
# modified version of the Autoconf Macro, you may extend this special
|
||||||
|
# exception to the GPL to apply to your modified version as well.
|
||||||
|
|
||||||
|
#serial 2
|
||||||
|
|
||||||
|
AC_DEFUN([AX_APPEND_FLAG],
|
||||||
|
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
|
||||||
|
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl
|
||||||
|
AS_VAR_SET_IF(FLAGS,
|
||||||
|
[case " AS_VAR_GET(FLAGS) " in
|
||||||
|
*" $1 "*)
|
||||||
|
AC_RUN_LOG([: FLAGS already contains $1])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
AC_RUN_LOG([: FLAGS="$FLAGS $1"])
|
||||||
|
AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"])
|
||||||
|
;;
|
||||||
|
esac],
|
||||||
|
[AS_VAR_SET(FLAGS,["$1"])])
|
||||||
|
AS_VAR_POPDEF([FLAGS])dnl
|
||||||
|
])dnl AX_APPEND_FLAG
|
122
m4/ax_cflags_warn_all.m4
Normal file
122
m4/ax_cflags_warn_all.m4
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
# ===========================================================================
|
||||||
|
# http://www.gnu.org/software/autoconf-archive/ax_cflags_warn_all.html
|
||||||
|
# ===========================================================================
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
#
|
||||||
|
# AX_CFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
|
||||||
|
# AX_CXXFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
|
||||||
|
# AX_FCFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
#
|
||||||
|
# Try to find a compiler option that enables most reasonable warnings.
|
||||||
|
#
|
||||||
|
# For the GNU compiler it will be -Wall (and -ansi -pedantic) The result
|
||||||
|
# is added to the shellvar being CFLAGS, CXXFLAGS, or FCFLAGS by default.
|
||||||
|
#
|
||||||
|
# Currently this macro knows about the GCC, Solaris, Digital Unix, AIX,
|
||||||
|
# HP-UX, IRIX, NEC SX-5 (Super-UX 10), Cray J90 (Unicos 10.0.0.8), and
|
||||||
|
# Intel compilers. For a given compiler, the Fortran flags are much more
|
||||||
|
# experimental than their C equivalents.
|
||||||
|
#
|
||||||
|
# - $1 shell-variable-to-add-to : CFLAGS, CXXFLAGS, or FCFLAGS
|
||||||
|
# - $2 add-value-if-not-found : nothing
|
||||||
|
# - $3 action-if-found : add value to shellvariable
|
||||||
|
# - $4 action-if-not-found : nothing
|
||||||
|
#
|
||||||
|
# NOTE: These macros depend on AX_APPEND_FLAG.
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
#
|
||||||
|
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
|
||||||
|
# Copyright (c) 2010 Rhys Ulerich <rhys.ulerich@gmail.com>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by the
|
||||||
|
# Free Software Foundation; either version 3 of the License, or (at your
|
||||||
|
# option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful, but
|
||||||
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||||
|
# Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# As a special exception, the respective Autoconf Macro's copyright owner
|
||||||
|
# gives unlimited permission to copy, distribute and modify the configure
|
||||||
|
# scripts that are the output of Autoconf when processing the Macro. You
|
||||||
|
# need not follow the terms of the GNU General Public License when using
|
||||||
|
# or distributing such scripts, even though portions of the text of the
|
||||||
|
# Macro appear in them. The GNU General Public License (GPL) does govern
|
||||||
|
# all other use of the material that constitutes the Autoconf Macro.
|
||||||
|
#
|
||||||
|
# This special exception to the GPL applies to versions of the Autoconf
|
||||||
|
# Macro released by the Autoconf Archive. When you make and distribute a
|
||||||
|
# modified version of the Autoconf Macro, you may extend this special
|
||||||
|
# exception to the GPL to apply to your modified version as well.
|
||||||
|
|
||||||
|
#serial 15
|
||||||
|
|
||||||
|
AC_DEFUN([AX_FLAGS_WARN_ALL],[dnl
|
||||||
|
AS_VAR_PUSHDEF([FLAGS],[_AC_LANG_PREFIX[]FLAGS])dnl
|
||||||
|
AS_VAR_PUSHDEF([VAR],[ac_cv_[]_AC_LANG_ABBREV[]flags_warn_all])dnl
|
||||||
|
AC_CACHE_CHECK([m4_ifval($1,$1,FLAGS) for maximum warnings],
|
||||||
|
VAR,[VAR="no, unknown"
|
||||||
|
ac_save_[]FLAGS="$[]FLAGS"
|
||||||
|
for ac_arg dnl
|
||||||
|
in "-warn all % -warn all" dnl Intel
|
||||||
|
"-pedantic % -Wall" dnl GCC
|
||||||
|
"-xstrconst % -v" dnl Solaris C
|
||||||
|
"-std1 % -verbose -w0 -warnprotos" dnl Digital Unix
|
||||||
|
"-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" dnl AIX
|
||||||
|
"-ansi -ansiE % -fullwarn" dnl IRIX
|
||||||
|
"+ESlit % +w1" dnl HP-UX C
|
||||||
|
"-Xc % -pvctl[,]fullmsg" dnl NEC SX-5 (Super-UX 10)
|
||||||
|
"-h conform % -h msglevel 2" dnl Cray C (Unicos)
|
||||||
|
#
|
||||||
|
do FLAGS="$ac_save_[]FLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
|
||||||
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
|
||||||
|
[VAR=`echo $ac_arg | sed -e 's,.*% *,,'` ; break])
|
||||||
|
done
|
||||||
|
FLAGS="$ac_save_[]FLAGS"
|
||||||
|
])
|
||||||
|
AS_VAR_POPDEF([FLAGS])dnl
|
||||||
|
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
|
||||||
|
case ".$VAR" in
|
||||||
|
.ok|.ok,*) m4_ifvaln($3,$3) ;;
|
||||||
|
.|.no|.no,*) m4_default($4,[m4_ifval($2,[AX_APPEND_FLAG([$2], [$1])])]) ;;
|
||||||
|
*) m4_default($3,[AX_APPEND_FLAG([$VAR], [$1])]) ;;
|
||||||
|
esac
|
||||||
|
AS_VAR_POPDEF([VAR])dnl
|
||||||
|
])dnl AX_FLAGS_WARN_ALL
|
||||||
|
dnl implementation tactics:
|
||||||
|
dnl the for-argument contains a list of options. The first part of
|
||||||
|
dnl these does only exist to detect the compiler - usually it is
|
||||||
|
dnl a global option to enable -ansi or -extrawarnings. All other
|
||||||
|
dnl compilers will fail about it. That was needed since a lot of
|
||||||
|
dnl compilers will give false positives for some option-syntax
|
||||||
|
dnl like -Woption or -Xoption as they think of it is a pass-through
|
||||||
|
dnl to later compile stages or something. The "%" is used as a
|
||||||
|
dnl delimiter. A non-option comment can be given after "%%" marks
|
||||||
|
dnl which will be shown but not added to the respective C/CXXFLAGS.
|
||||||
|
|
||||||
|
AC_DEFUN([AX_CFLAGS_WARN_ALL],[dnl
|
||||||
|
AC_LANG_PUSH([C])
|
||||||
|
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
|
||||||
|
AC_LANG_POP([C])
|
||||||
|
])
|
||||||
|
|
||||||
|
AC_DEFUN([AX_CXXFLAGS_WARN_ALL],[dnl
|
||||||
|
AC_LANG_PUSH([C++])
|
||||||
|
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
|
||||||
|
AC_LANG_POP([C++])
|
||||||
|
])
|
||||||
|
|
||||||
|
AC_DEFUN([AX_FCFLAGS_WARN_ALL],[dnl
|
||||||
|
AC_LANG_PUSH([Fortran])
|
||||||
|
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
|
||||||
|
AC_LANG_POP([Fortran])
|
||||||
|
])
|
37
m4/ax_require_defined.m4
Normal file
37
m4/ax_require_defined.m4
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# ===========================================================================
|
||||||
|
# http://www.gnu.org/software/autoconf-archive/ax_require_defined.html
|
||||||
|
# ===========================================================================
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
#
|
||||||
|
# AX_REQUIRE_DEFINED(MACRO)
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
#
|
||||||
|
# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
|
||||||
|
# been defined and thus are available for use. This avoids random issues
|
||||||
|
# where a macro isn't expanded. Instead the configure script emits a
|
||||||
|
# non-fatal:
|
||||||
|
#
|
||||||
|
# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
|
||||||
|
#
|
||||||
|
# It's like AC_REQUIRE except it doesn't expand the required macro.
|
||||||
|
#
|
||||||
|
# Here's an example:
|
||||||
|
#
|
||||||
|
# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
#
|
||||||
|
# Copyright (c) 2014 Mike Frysinger <vapier@gentoo.org>
|
||||||
|
#
|
||||||
|
# Copying and distribution of this file, with or without modification, are
|
||||||
|
# permitted in any medium without royalty provided the copyright notice
|
||||||
|
# and this notice are preserved. This file is offered as-is, without any
|
||||||
|
# warranty.
|
||||||
|
|
||||||
|
#serial 1
|
||||||
|
|
||||||
|
AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
|
||||||
|
m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
|
||||||
|
])dnl AX_REQUIRE_DEFINED
|
|
@ -1,4 +1,4 @@
|
||||||
dnl Check to find the OpenSSL headers/libraries
|
dnl Check to find the LibreSSL/OpenSSL headers/libraries
|
||||||
|
|
||||||
AC_DEFUN([tinc_OPENSSL],
|
AC_DEFUN([tinc_OPENSSL],
|
||||||
[
|
[
|
||||||
|
@ -10,47 +10,49 @@ AC_DEFUN([tinc_OPENSSL],
|
||||||
[],
|
[],
|
||||||
[AC_CHECK_LIB(dl, dlopen,
|
[AC_CHECK_LIB(dl, dlopen,
|
||||||
[LIBS="$LIBS -ldl"],
|
[LIBS="$LIBS -ldl"],
|
||||||
[AC_MSG_ERROR([OpenSSL depends on libdl.]); break]
|
[AC_MSG_ERROR([LibreSSL/OpenSSL depends on libdl.]); break]
|
||||||
)]
|
)]
|
||||||
)
|
)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
AC_ARG_WITH(openssl,
|
AC_ARG_WITH(openssl,
|
||||||
AS_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]),
|
AS_HELP_STRING([--with-openssl=DIR], [LibreSSL/OpenSSL base directory, or:]),
|
||||||
[openssl="$withval"
|
[openssl="$withval"
|
||||||
CPPFLAGS="$CPPFLAGS -I$withval/include"
|
CPPFLAGS="$CPPFLAGS -I$withval/include"
|
||||||
LDFLAGS="$LDFLAGS -L$withval/lib"]
|
LDFLAGS="$LDFLAGS -L$withval/lib"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_ARG_WITH(openssl-include,
|
AC_ARG_WITH(openssl-include,
|
||||||
AS_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]),
|
AS_HELP_STRING([--with-openssl-include=DIR], [LibreSSL/OpenSSL headers directory (without trailing /openssl)]),
|
||||||
[openssl_include="$withval"
|
[openssl_include="$withval"
|
||||||
CPPFLAGS="$CPPFLAGS -I$withval"]
|
CPPFLAGS="$CPPFLAGS -I$withval"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_ARG_WITH(openssl-lib,
|
AC_ARG_WITH(openssl-lib,
|
||||||
AS_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]),
|
AS_HELP_STRING([--with-openssl-lib=DIR], [LibreSSL/OpenSSL library directory]),
|
||||||
[openssl_lib="$withval"
|
[openssl_lib="$withval"
|
||||||
LDFLAGS="$LDFLAGS -L$withval"]
|
LDFLAGS="$LDFLAGS -L$withval"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h,
|
AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h,
|
||||||
[],
|
[],
|
||||||
[AC_MSG_ERROR([OpenSSL header files not found.]); break]
|
[AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
|
AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
|
||||||
[LIBS="-lcrypto $LIBS"],
|
[LIBS="-lcrypto $LIBS"],
|
||||||
[AC_MSG_ERROR([OpenSSL libraries not found.])]
|
[AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_CHECK_FUNCS([RAND_pseudo_bytes EVP_EncryptInit_ex], ,
|
AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
|
||||||
[AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break],
|
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_CHECK_DECL([OpenSSL_add_all_algorithms], ,
|
AC_CHECK_DECL([OpenSSL_add_all_algorithms], ,
|
||||||
[AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break],
|
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
|
||||||
[#include <openssl/evp.h>]
|
[#include <openssl/evp.h>]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include <openssl/rsa.h>])
|
||||||
])
|
])
|
||||||
|
|
|
@ -105,8 +105,11 @@ sbin_PROGRAMS = tincd$(EXEEXT)
|
||||||
subdir = src
|
subdir = src
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||||
|
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
$(top_srcdir)/configure.ac
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
the code. Mail me if you found a bug.
|
the code. Mail me if you found a bug.
|
||||||
|
|
||||||
Cleaned up and incorporated some of the ideas from the red-black tree
|
Cleaned up and incorporated some of the ideas from the red-black tree
|
||||||
library for inclusion into tinc (http://www.tinc-vpn.org/) by
|
library for inclusion into tinc (https://www.tinc-vpn.org/) by
|
||||||
Guus Sliepen <guus@tinc-vpn.org>.
|
Guus Sliepen <guus@tinc-vpn.org>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
the code. Mail me if you found a bug.
|
the code. Mail me if you found a bug.
|
||||||
|
|
||||||
Cleaned up and incorporated some of the ideas from the red-black tree
|
Cleaned up and incorporated some of the ideas from the red-black tree
|
||||||
library for inclusion into tinc (http://www.tinc-vpn.org/) by
|
library for inclusion into tinc (https://www.tinc-vpn.org/) by
|
||||||
Guus Sliepen <guus@tinc-vpn.org>.
|
Guus Sliepen <guus@tinc-vpn.org>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
|
@ -198,18 +198,19 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
// Guess what the corresponding interface is called
|
// Guess what the corresponding interface is called
|
||||||
|
|
||||||
char *realname;
|
char *realname = NULL;
|
||||||
|
|
||||||
#if defined(HAVE_FDEVNAME)
|
#if defined(HAVE_FDEVNAME)
|
||||||
realname = fdevname(device_fd) ? : device;
|
realname = fdevname(device_fd);
|
||||||
#elif defined(HAVE_DEVNAME)
|
#elif defined(HAVE_DEVNAME)
|
||||||
struct stat buf;
|
struct stat buf;
|
||||||
if(!fstat(device_fd, &buf))
|
if(!fstat(device_fd, &buf))
|
||||||
realname = devname(buf.st_rdev, S_IFCHR) ? : device;
|
realname = devname(buf.st_rdev, S_IFCHR);
|
||||||
#else
|
|
||||||
realname = device;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if(!realname)
|
||||||
|
realname = device;
|
||||||
|
|
||||||
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
||||||
iface = xstrdup(strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname);
|
iface = xstrdup(strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname);
|
||||||
else if(strcmp(iface, strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname))
|
else if(strcmp(iface, strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname))
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
dropin.c -- a set of drop-in replacements for libc functions
|
dropin.c -- a set of drop-in replacements for libc functions
|
||||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -140,6 +140,7 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
|
||||||
|
|
||||||
va_copy(aq, ap);
|
va_copy(aq, ap);
|
||||||
status = vsnprintf(*buf, len, fmt, aq);
|
status = vsnprintf(*buf, len, fmt, aq);
|
||||||
|
buf[len - 1] = 0;
|
||||||
va_end(aq);
|
va_end(aq);
|
||||||
|
|
||||||
if(status >= 0)
|
if(status >= 0)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
logger.c -- logging code
|
logger.c -- logging code
|
||||||
Copyright (C) 2004-2006 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2004-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2004-2005 Ivo Timmermans
|
2004-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -109,6 +109,7 @@ void logger(int priority, const char *format, ...) {
|
||||||
char message[4096];
|
char message[4096];
|
||||||
const char *messages[] = {message};
|
const char *messages[] = {message};
|
||||||
vsnprintf(message, sizeof(message), format, ap);
|
vsnprintf(message, sizeof(message), format, ap);
|
||||||
|
message[sizeof message - 1] = 0;
|
||||||
ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL);
|
ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -246,7 +246,7 @@ static void check_dead_connections(void) {
|
||||||
if(c->status.active) {
|
if(c->status.active) {
|
||||||
if(c->status.pinged) {
|
if(c->status.pinged) {
|
||||||
ifdebug(CONNECTIONS) logger(LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds",
|
ifdebug(CONNECTIONS) logger(LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds",
|
||||||
c->name, c->hostname, (long)now - c->last_ping_time);
|
c->name, c->hostname, (long)(now - c->last_ping_time));
|
||||||
c->status.timeout = true;
|
c->status.timeout = true;
|
||||||
terminate_connection(c, true);
|
terminate_connection(c, true);
|
||||||
} else if(c->last_ping_time + pinginterval <= now) {
|
} else if(c->last_ping_time + pinginterval <= now) {
|
||||||
|
@ -275,7 +275,7 @@ static void check_dead_connections(void) {
|
||||||
if(c->status.active) {
|
if(c->status.active) {
|
||||||
ifdebug(CONNECTIONS) logger(LOG_INFO,
|
ifdebug(CONNECTIONS) logger(LOG_INFO,
|
||||||
"%s (%s) could not flush for %ld seconds (%d bytes remaining)",
|
"%s (%s) could not flush for %ld seconds (%d bytes remaining)",
|
||||||
c->name, c->hostname, (long)now - c->last_flushed_time, c->outbuflen);
|
c->name, c->hostname, (long)(now - c->last_flushed_time), c->outbuflen);
|
||||||
c->status.timeout = true;
|
c->status.timeout = true;
|
||||||
terminate_connection(c, true);
|
terminate_connection(c, true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_packet.c -- Handles in- and outgoing VPN packets
|
net_packet.c -- Handles in- and outgoing VPN packets
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -145,7 +145,7 @@ void send_mtu_probe(node_t *n) {
|
||||||
len = 64;
|
len = 64;
|
||||||
|
|
||||||
memset(packet.data, 0, 14);
|
memset(packet.data, 0, 14);
|
||||||
RAND_pseudo_bytes(packet.data + 14, len - 14);
|
RAND_bytes(packet.data + 14, len - 14);
|
||||||
packet.len = len;
|
packet.len = len;
|
||||||
if(i >= 4 && n->mtuprobes <= 10)
|
if(i >= 4 && n->mtuprobes <= 10)
|
||||||
packet.priority = -1;
|
packet.priority = -1;
|
||||||
|
@ -314,10 +314,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
||||||
if(n->incipher) {
|
if(n->incipher) {
|
||||||
outpkt = pkt[nextpkt++];
|
outpkt = pkt[nextpkt++];
|
||||||
|
|
||||||
if(!EVP_DecryptInit_ex(&n->inctx, NULL, NULL, NULL, NULL)
|
if(!EVP_DecryptInit_ex(n->inctx, NULL, NULL, NULL, NULL)
|
||||||
|| !EVP_DecryptUpdate(&n->inctx, (unsigned char *) &outpkt->seqno, &outlen,
|
|| !EVP_DecryptUpdate(n->inctx, (unsigned char *) &outpkt->seqno, &outlen,
|
||||||
(unsigned char *) &inpkt->seqno, inpkt->len)
|
(unsigned char *) &inpkt->seqno, inpkt->len)
|
||||||
|| !EVP_DecryptFinal_ex(&n->inctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
|| !EVP_DecryptFinal_ex(n->inctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Error decrypting packet from %s (%s): %s",
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Error decrypting packet from %s (%s): %s",
|
||||||
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return;
|
return;
|
||||||
|
@ -336,16 +336,16 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
||||||
if(inpkt->seqno != n->received_seqno + 1) {
|
if(inpkt->seqno != n->received_seqno + 1) {
|
||||||
if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
|
if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
|
||||||
if(n->farfuture++ < replaywin >> 2) {
|
if(n->farfuture++ < replaywin >> 2) {
|
||||||
logger(LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
|
ifdebug(TRAFFIC) logger(LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
|
||||||
n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
|
n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
ifdebug(TRAFFIC) logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||||
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
||||||
memset(n->late, 0, replaywin);
|
memset(n->late, 0, replaywin);
|
||||||
} else if (inpkt->seqno <= n->received_seqno) {
|
} else if (inpkt->seqno <= n->received_seqno) {
|
||||||
if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
|
if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
|
||||||
logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
ifdebug(TRAFFIC) logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||||
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -479,10 +479,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
||||||
if(n->outcipher) {
|
if(n->outcipher) {
|
||||||
outpkt = pkt[nextpkt++];
|
outpkt = pkt[nextpkt++];
|
||||||
|
|
||||||
if(!EVP_EncryptInit_ex(&n->outctx, NULL, NULL, NULL, NULL)
|
if(!EVP_EncryptInit_ex(n->outctx, NULL, NULL, NULL, NULL)
|
||||||
|| !EVP_EncryptUpdate(&n->outctx, (unsigned char *) &outpkt->seqno, &outlen,
|
|| !EVP_EncryptUpdate(n->outctx, (unsigned char *) &outpkt->seqno, &outlen,
|
||||||
(unsigned char *) &inpkt->seqno, inpkt->len)
|
(unsigned char *) &inpkt->seqno, inpkt->len)
|
||||||
|| !EVP_EncryptFinal_ex(&n->outctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
|| !EVP_EncryptFinal_ex(n->outctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_ERR, "Error while encrypting packet to %s (%s): %s",
|
ifdebug(TRAFFIC) logger(LOG_ERR, "Error while encrypting packet to %s (%s): %s",
|
||||||
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
goto end;
|
goto end;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -48,11 +48,22 @@
|
||||||
char *myport;
|
char *myport;
|
||||||
devops_t devops;
|
devops_t devops;
|
||||||
|
|
||||||
|
#ifndef HAVE_RSA_SET0_KEY
|
||||||
|
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
|
||||||
|
BN_free(r->n); r->n = n;
|
||||||
|
BN_free(r->e); r->e = e;
|
||||||
|
BN_free(r->d); r->d = d;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
bool read_rsa_public_key(connection_t *c) {
|
bool read_rsa_public_key(connection_t *c) {
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
char *pubname;
|
char *pubname;
|
||||||
char *hcfname;
|
char *hcfname;
|
||||||
char *key;
|
char *key;
|
||||||
|
BIGNUM *n = NULL;
|
||||||
|
BIGNUM *e = NULL;
|
||||||
|
|
||||||
if(!c->rsa_key) {
|
if(!c->rsa_key) {
|
||||||
c->rsa_key = RSA_new();
|
c->rsa_key = RSA_new();
|
||||||
|
@ -62,12 +73,19 @@ bool read_rsa_public_key(connection_t *c) {
|
||||||
/* First, check for simple PublicKey statement */
|
/* First, check for simple PublicKey statement */
|
||||||
|
|
||||||
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
|
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
|
||||||
if(BN_hex2bn(&c->rsa_key->n, key) != strlen(key)) {
|
if(BN_hex2bn(&n, key) != strlen(key)) {
|
||||||
|
free(key);
|
||||||
logger(LOG_ERR, "Invalid PublicKey for %s!", c->name);
|
logger(LOG_ERR, "Invalid PublicKey for %s!", c->name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
BN_hex2bn(&c->rsa_key->e, "FFFF");
|
|
||||||
free(key);
|
free(key);
|
||||||
|
BN_hex2bn(&e, "FFFF");
|
||||||
|
if(!n || !e || RSA_set0_key(c->rsa_key, n, e, NULL) != 1) {
|
||||||
|
BN_free(e);
|
||||||
|
BN_free(n);
|
||||||
|
logger(LOG_ERR, "RSA_set0_key() failed with PublicKey for %s!", c->name);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -158,27 +176,39 @@ bool read_rsa_public_key(connection_t *c) {
|
||||||
static bool read_rsa_private_key(void) {
|
static bool read_rsa_private_key(void) {
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
char *fname, *key, *pubkey;
|
char *fname, *key, *pubkey;
|
||||||
|
BIGNUM *n = NULL;
|
||||||
|
BIGNUM *e = NULL;
|
||||||
|
BIGNUM *d = NULL;
|
||||||
|
|
||||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
||||||
myself->connection->rsa_key = RSA_new();
|
myself->connection->rsa_key = RSA_new();
|
||||||
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
||||||
if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
|
if(BN_hex2bn(&d, key) != strlen(key)) {
|
||||||
logger(LOG_ERR, "Invalid PrivateKey for myself!");
|
logger(LOG_ERR, "Invalid PrivateKey for myself!");
|
||||||
free(key);
|
free(key);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
free(key);
|
free(key);
|
||||||
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
||||||
|
BN_free(d);
|
||||||
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
|
if(BN_hex2bn(&n, pubkey) != strlen(pubkey)) {
|
||||||
logger(LOG_ERR, "Invalid PublicKey for myself!");
|
|
||||||
free(pubkey);
|
free(pubkey);
|
||||||
|
BN_free(d);
|
||||||
|
logger(LOG_ERR, "Invalid PublicKey for myself!");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
free(pubkey);
|
free(pubkey);
|
||||||
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
BN_hex2bn(&e, "FFFF");
|
||||||
|
if(!n || !e || !d || RSA_set0_key(myself->connection->rsa_key, n, e, d) != 1) {
|
||||||
|
BN_free(d);
|
||||||
|
BN_free(e);
|
||||||
|
BN_free(n);
|
||||||
|
logger(LOG_ERR, "RSA_set0_key() failed with PrivateKey for myself!");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -623,7 +653,7 @@ static bool setup_myself(void) {
|
||||||
myself->incipher = EVP_bf_cbc();
|
myself->incipher = EVP_bf_cbc();
|
||||||
|
|
||||||
if(myself->incipher)
|
if(myself->incipher)
|
||||||
myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
|
myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
|
||||||
else
|
else
|
||||||
myself->inkeylength = 1;
|
myself->inkeylength = 1;
|
||||||
|
|
||||||
|
@ -657,7 +687,7 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
|
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
|
||||||
if(myself->indigest) {
|
if(myself->indigest) {
|
||||||
if(myself->inmaclength > myself->indigest->md_size) {
|
if(myself->inmaclength > EVP_MD_size(myself->indigest)) {
|
||||||
logger(LOG_ERR, "MAC length exceeds size of digest!");
|
logger(LOG_ERR, "MAC length exceeds size of digest!");
|
||||||
return false;
|
return false;
|
||||||
} else if(myself->inmaclength < 0) {
|
} else if(myself->inmaclength < 0) {
|
||||||
|
|
21
src/netutl.c
21
src/netutl.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
netutl.c -- some supporting network utility code
|
netutl.c -- some supporting network utility code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -231,6 +231,25 @@ void sockaddrunmap(sockaddr_t *sa) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void sockaddr_setport(sockaddr_t *sa, const char *port) {
|
||||||
|
uint16_t portnum = htons(atoi(port));
|
||||||
|
if(!portnum)
|
||||||
|
return;
|
||||||
|
switch(sa->sa.sa_family) {
|
||||||
|
case AF_INET:
|
||||||
|
sa->in.sin_port = portnum;
|
||||||
|
break;
|
||||||
|
case AF_INET6:
|
||||||
|
sa->in6.sin6_port = portnum;
|
||||||
|
break;
|
||||||
|
case AF_UNKNOWN:
|
||||||
|
free(sa->unknown.port);
|
||||||
|
sa->unknown.port = xstrdup(port);
|
||||||
|
default:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Subnet mask handling */
|
/* Subnet mask handling */
|
||||||
|
|
||||||
int maskcmp(const void *va, const void *vb, int masklen) {
|
int maskcmp(const void *va, const void *vb, int masklen) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
netutl.h -- header file for netutl.c
|
netutl.h -- header file for netutl.c
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -34,6 +34,7 @@ extern int sockaddrcmp_noport(const sockaddr_t *, const sockaddr_t *);
|
||||||
extern void sockaddrunmap(sockaddr_t *);
|
extern void sockaddrunmap(sockaddr_t *);
|
||||||
extern void sockaddrfree(sockaddr_t *);
|
extern void sockaddrfree(sockaddr_t *);
|
||||||
extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *);
|
extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *);
|
||||||
|
extern void sockaddr_setport(sockaddr_t *, const char *);
|
||||||
extern int maskcmp(const void *, const void *, int);
|
extern int maskcmp(const void *, const void *, int);
|
||||||
extern void maskcpy(void *, const void *, int, int);
|
extern void maskcpy(void *, const void *, int, int);
|
||||||
extern void mask(void *, int, int);
|
extern void mask(void *, int, int);
|
||||||
|
|
16
src/node.c
16
src/node.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
node.c -- node tree management
|
node.c -- node tree management
|
||||||
Copyright (C) 2001-2011 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -57,8 +57,10 @@ node_t *new_node(void) {
|
||||||
if(replaywin) n->late = xmalloc_and_zero(replaywin);
|
if(replaywin) n->late = xmalloc_and_zero(replaywin);
|
||||||
n->subnet_tree = new_subnet_tree();
|
n->subnet_tree = new_subnet_tree();
|
||||||
n->edge_tree = new_edge_tree();
|
n->edge_tree = new_edge_tree();
|
||||||
EVP_CIPHER_CTX_init(&n->inctx);
|
n->inctx = EVP_CIPHER_CTX_new();
|
||||||
EVP_CIPHER_CTX_init(&n->outctx);
|
n->outctx = EVP_CIPHER_CTX_new();
|
||||||
|
if(!n->inctx || !n->outctx)
|
||||||
|
abort();
|
||||||
n->mtu = MTU;
|
n->mtu = MTU;
|
||||||
n->maxmtu = MTU;
|
n->maxmtu = MTU;
|
||||||
|
|
||||||
|
@ -80,8 +82,8 @@ void free_node(node_t *n) {
|
||||||
|
|
||||||
sockaddrfree(&n->address);
|
sockaddrfree(&n->address);
|
||||||
|
|
||||||
EVP_CIPHER_CTX_cleanup(&n->inctx);
|
EVP_CIPHER_CTX_free(n->outctx);
|
||||||
EVP_CIPHER_CTX_cleanup(&n->outctx);
|
EVP_CIPHER_CTX_free(n->inctx);
|
||||||
|
|
||||||
if(n->mtuevent)
|
if(n->mtuevent)
|
||||||
event_del(n->mtuevent);
|
event_del(n->mtuevent);
|
||||||
|
@ -172,8 +174,8 @@ void dump_nodes(void) {
|
||||||
for(node = node_tree->head; node; node = node->next) {
|
for(node = node_tree->head; node; node = node->next) {
|
||||||
n = node->data;
|
n = node->data;
|
||||||
logger(LOG_DEBUG, " %s at %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s pmtu %d (min %d max %d)",
|
logger(LOG_DEBUG, " %s at %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s pmtu %d (min %d max %d)",
|
||||||
n->name, n->hostname, n->outcipher ? n->outcipher->nid : 0,
|
n->name, n->hostname, n->outcipher ? EVP_CIPHER_nid(n->outcipher) : 0,
|
||||||
n->outdigest ? n->outdigest->type : 0, n->outmaclength, n->outcompression,
|
n->outdigest ? EVP_MD_type(n->outdigest) : 0, n->outmaclength, n->outcompression,
|
||||||
n->options, bitfield_to_int(&n->status, sizeof n->status), n->nexthop ? n->nexthop->name : "-",
|
n->options, bitfield_to_int(&n->status, sizeof n->status), n->nexthop ? n->nexthop->name : "-",
|
||||||
n->via ? n->via->name : "-", n->mtu, n->minmtu, n->maxmtu);
|
n->via ? n->via->name : "-", n->mtu, n->minmtu, n->maxmtu);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
node.h -- header for node.c
|
node.h -- header for node.c
|
||||||
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -50,12 +50,12 @@ typedef struct node_t {
|
||||||
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
||||||
char *inkey; /* Cipher key and iv */
|
char *inkey; /* Cipher key and iv */
|
||||||
int inkeylength; /* Cipher key and iv length */
|
int inkeylength; /* Cipher key and iv length */
|
||||||
EVP_CIPHER_CTX inctx; /* Cipher context */
|
EVP_CIPHER_CTX *inctx; /* Cipher context */
|
||||||
|
|
||||||
const EVP_CIPHER *outcipher; /* Cipher type for UDP packets sent to him*/
|
const EVP_CIPHER *outcipher; /* Cipher type for UDP packets sent to him*/
|
||||||
char *outkey; /* Cipher key and iv */
|
char *outkey; /* Cipher key and iv */
|
||||||
int outkeylength; /* Cipher key and iv length */
|
int outkeylength; /* Cipher key and iv length */
|
||||||
EVP_CIPHER_CTX outctx; /* Cipher context */
|
EVP_CIPHER_CTX *outctx; /* Cipher context */
|
||||||
|
|
||||||
const EVP_MD *indigest; /* Digest type for MAC of packets received from him */
|
const EVP_MD *indigest; /* Digest type for MAC of packets received from him */
|
||||||
int inmaclength; /* Length of MAC */
|
int inmaclength; /* Length of MAC */
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol.c -- handle the meta-protocol, basic functions
|
protocol.c -- handle the meta-protocol, basic functions
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -75,10 +75,11 @@ bool send_request(connection_t *c, const char *format, ...) {
|
||||||
input buffer anyway */
|
input buffer anyway */
|
||||||
|
|
||||||
va_start(args, format);
|
va_start(args, format);
|
||||||
len = vsnprintf(buffer, MAXBUFSIZE, format, args);
|
len = vsnprintf(buffer, sizeof buffer, format, args);
|
||||||
|
buffer[sizeof buffer - 1] = 0;
|
||||||
va_end(args);
|
va_end(args);
|
||||||
|
|
||||||
if(len < 0 || len > MAXBUFSIZE - 1) {
|
if(len < 0 || len > sizeof buffer - 1) {
|
||||||
logger(LOG_ERR, "Output buffer overflow while sending request to %s (%s)",
|
logger(LOG_ERR, "Output buffer overflow while sending request to %s (%s)",
|
||||||
c->name, c->hostname);
|
c->name, c->hostname);
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_auth.c -- handle the meta-protocol, authentication
|
protocol_auth.c -- handle the meta-protocol, authentication
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -125,8 +125,11 @@ bool send_metakey(connection_t *c) {
|
||||||
|
|
||||||
c->outkey = xrealloc(c->outkey, len);
|
c->outkey = xrealloc(c->outkey, len);
|
||||||
|
|
||||||
|
if(!c->outctx) {
|
||||||
|
c->outctx = EVP_CIPHER_CTX_new();
|
||||||
if(!c->outctx)
|
if(!c->outctx)
|
||||||
c->outctx = xmalloc_and_zero(sizeof(*c->outctx));
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
/* Copy random data to the buffer */
|
/* Copy random data to the buffer */
|
||||||
|
|
||||||
|
@ -177,17 +180,17 @@ bool send_metakey(connection_t *c) {
|
||||||
/* Send the meta key */
|
/* Send the meta key */
|
||||||
|
|
||||||
x = send_request(c, "%d %d %d %d %d %s", METAKEY,
|
x = send_request(c, "%d %d %d %d %d %s", METAKEY,
|
||||||
c->outcipher ? c->outcipher->nid : 0,
|
c->outcipher ? EVP_CIPHER_nid(c->outcipher) : 0,
|
||||||
c->outdigest ? c->outdigest->type : 0, c->outmaclength,
|
c->outdigest ? EVP_MD_type(c->outdigest) : 0, c->outmaclength,
|
||||||
c->outcompression, buffer);
|
c->outcompression, buffer);
|
||||||
|
|
||||||
/* Further outgoing requests are encrypted with the key we just generated */
|
/* Further outgoing requests are encrypted with the key we just generated */
|
||||||
|
|
||||||
if(c->outcipher) {
|
if(c->outcipher) {
|
||||||
if(!EVP_EncryptInit(c->outctx, c->outcipher,
|
if(!EVP_EncryptInit(c->outctx, c->outcipher,
|
||||||
(unsigned char *)c->outkey + len - c->outcipher->key_len,
|
(unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher),
|
||||||
(unsigned char *)c->outkey + len - c->outcipher->key_len -
|
(unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher) -
|
||||||
c->outcipher->iv_len)) {
|
EVP_CIPHER_iv_length(c->outcipher))) {
|
||||||
logger(LOG_ERR, "Error during initialisation of cipher for %s (%s): %s",
|
logger(LOG_ERR, "Error during initialisation of cipher for %s (%s): %s",
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return false;
|
return false;
|
||||||
|
@ -223,8 +226,11 @@ bool metakey_h(connection_t *c) {
|
||||||
|
|
||||||
c->inkey = xrealloc(c->inkey, len);
|
c->inkey = xrealloc(c->inkey, len);
|
||||||
|
|
||||||
|
if(!c->inctx) {
|
||||||
|
c->inctx = EVP_CIPHER_CTX_new();
|
||||||
if(!c->inctx)
|
if(!c->inctx)
|
||||||
c->inctx = xmalloc_and_zero(sizeof(*c->inctx));
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
/* Convert the challenge from hexadecimal back to binary */
|
/* Convert the challenge from hexadecimal back to binary */
|
||||||
|
|
||||||
|
@ -260,9 +266,9 @@ bool metakey_h(connection_t *c) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!EVP_DecryptInit(c->inctx, c->incipher,
|
if(!EVP_DecryptInit(c->inctx, c->incipher,
|
||||||
(unsigned char *)c->inkey + len - c->incipher->key_len,
|
(unsigned char *)c->inkey + len - EVP_CIPHER_key_length(c->incipher),
|
||||||
(unsigned char *)c->inkey + len - c->incipher->key_len -
|
(unsigned char *)c->inkey + len - EVP_CIPHER_key_length(c->incipher) -
|
||||||
c->incipher->iv_len)) {
|
EVP_CIPHER_iv_length(c->incipher))) {
|
||||||
logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
|
logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return false;
|
return false;
|
||||||
|
@ -283,7 +289,7 @@ bool metakey_h(connection_t *c) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) {
|
if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) {
|
||||||
logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
|
logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -367,22 +373,29 @@ bool challenge_h(connection_t *c) {
|
||||||
|
|
||||||
bool send_chal_reply(connection_t *c) {
|
bool send_chal_reply(connection_t *c) {
|
||||||
char hash[EVP_MAX_MD_SIZE * 2 + 1];
|
char hash[EVP_MAX_MD_SIZE * 2 + 1];
|
||||||
EVP_MD_CTX ctx;
|
EVP_MD_CTX *ctx;
|
||||||
|
|
||||||
/* Calculate the hash from the challenge we received */
|
/* Calculate the hash from the challenge we received */
|
||||||
|
|
||||||
if(!EVP_DigestInit(&ctx, c->indigest)
|
ctx = EVP_MD_CTX_create();
|
||||||
|| !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|
if(!ctx)
|
||||||
|| !EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL)) {
|
abort();
|
||||||
|
|
||||||
|
if(!EVP_DigestInit(ctx, c->indigest)
|
||||||
|
|| !EVP_DigestUpdate(ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|
||||||
|
|| !EVP_DigestFinal(ctx, (unsigned char *)hash, NULL)) {
|
||||||
|
EVP_MD_CTX_destroy(ctx);
|
||||||
logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",
|
logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EVP_MD_CTX_destroy(ctx);
|
||||||
|
|
||||||
/* Convert the hash to a hexadecimal formatted string */
|
/* Convert the hash to a hexadecimal formatted string */
|
||||||
|
|
||||||
bin2hex(hash, hash, c->indigest->md_size);
|
bin2hex(hash, hash, EVP_MD_size(c->indigest));
|
||||||
hash[c->indigest->md_size * 2] = '\0';
|
hash[EVP_MD_size(c->indigest) * 2] = '\0';
|
||||||
|
|
||||||
/* Send the reply */
|
/* Send the reply */
|
||||||
|
|
||||||
|
@ -392,7 +405,7 @@ bool send_chal_reply(connection_t *c) {
|
||||||
bool chal_reply_h(connection_t *c) {
|
bool chal_reply_h(connection_t *c) {
|
||||||
char hishash[MAX_STRING_SIZE];
|
char hishash[MAX_STRING_SIZE];
|
||||||
char myhash[EVP_MAX_MD_SIZE];
|
char myhash[EVP_MAX_MD_SIZE];
|
||||||
EVP_MD_CTX ctx;
|
EVP_MD_CTX *ctx;
|
||||||
|
|
||||||
if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) {
|
if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) {
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
|
logger(LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
|
||||||
|
@ -402,7 +415,7 @@ bool chal_reply_h(connection_t *c) {
|
||||||
|
|
||||||
/* Check if the length of the hash is all right */
|
/* Check if the length of the hash is all right */
|
||||||
|
|
||||||
if(strlen(hishash) != c->outdigest->md_size * 2) {
|
if(strlen(hishash) != EVP_MD_size(c->outdigest) * 2) {
|
||||||
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
||||||
c->hostname, "wrong challenge reply length");
|
c->hostname, "wrong challenge reply length");
|
||||||
return false;
|
return false;
|
||||||
|
@ -410,24 +423,31 @@ bool chal_reply_h(connection_t *c) {
|
||||||
|
|
||||||
/* Convert the hash to binary format */
|
/* Convert the hash to binary format */
|
||||||
|
|
||||||
if(!hex2bin(hishash, hishash, c->outdigest->md_size)) {
|
if(!hex2bin(hishash, hishash, EVP_MD_size(c->outdigest))) {
|
||||||
logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
|
logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Calculate the hash from the challenge we sent */
|
/* Calculate the hash from the challenge we sent */
|
||||||
|
|
||||||
if(!EVP_DigestInit(&ctx, c->outdigest)
|
ctx = EVP_MD_CTX_create();
|
||||||
|| !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
|
if(!ctx)
|
||||||
|| !EVP_DigestFinal(&ctx, (unsigned char *)myhash, NULL)) {
|
abort();
|
||||||
|
|
||||||
|
if(!EVP_DigestInit(ctx, c->outdigest)
|
||||||
|
|| !EVP_DigestUpdate(ctx, c->hischallenge, RSA_size(c->rsa_key))
|
||||||
|
|| !EVP_DigestFinal(ctx, (unsigned char *)myhash, NULL)) {
|
||||||
|
EVP_MD_CTX_destroy(ctx);
|
||||||
logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",
|
logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",
|
||||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EVP_MD_CTX_destroy(ctx);
|
||||||
|
|
||||||
/* Verify the incoming hash with the calculated hash */
|
/* Verify the incoming hash with the calculated hash */
|
||||||
|
|
||||||
if(memcmp(hishash, myhash, c->outdigest->md_size)) {
|
if(memcmp(hishash, myhash, EVP_MD_size(c->outdigest))) {
|
||||||
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
||||||
c->hostname, "wrong challenge reply");
|
c->hostname, "wrong challenge reply");
|
||||||
|
|
||||||
|
@ -516,7 +536,6 @@ static void send_everything(connection_t *c) {
|
||||||
|
|
||||||
bool ack_h(connection_t *c) {
|
bool ack_h(connection_t *c) {
|
||||||
char hisport[MAX_STRING_SIZE];
|
char hisport[MAX_STRING_SIZE];
|
||||||
char *hisaddress;
|
|
||||||
int weight, mtu;
|
int weight, mtu;
|
||||||
uint32_t options;
|
uint32_t options;
|
||||||
node_t *n;
|
node_t *n;
|
||||||
|
@ -585,9 +604,8 @@ bool ack_h(connection_t *c) {
|
||||||
c->edge = new_edge();
|
c->edge = new_edge();
|
||||||
c->edge->from = myself;
|
c->edge->from = myself;
|
||||||
c->edge->to = n;
|
c->edge->to = n;
|
||||||
sockaddr2str(&c->address, &hisaddress, NULL);
|
sockaddrcpy(&c->edge->address, &c->address);
|
||||||
c->edge->address = str2sockaddr(hisaddress, hisport);
|
sockaddr_setport(&c->edge->address, hisport);
|
||||||
free(hisaddress);
|
|
||||||
c->edge->weight = (weight + c->estimated_weight) / 2;
|
c->edge->weight = (weight + c->estimated_weight) / 2;
|
||||||
c->edge->connection = c;
|
c->edge->connection = c;
|
||||||
c->edge->options = c->options;
|
c->edge->options = c->options;
|
||||||
|
|
|
@ -164,7 +164,7 @@ bool send_ans_key(node_t *to) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(to->incipher)
|
if(to->incipher)
|
||||||
EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
|
EVP_DecryptInit_ex(to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + EVP_CIPHER_key_length(to->incipher));
|
||||||
|
|
||||||
// Reset sequence number and late packet window
|
// Reset sequence number and late packet window
|
||||||
mykeyused = true;
|
mykeyused = true;
|
||||||
|
@ -178,8 +178,8 @@ bool send_ans_key(node_t *to) {
|
||||||
|
|
||||||
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
||||||
myself->name, to->name, key,
|
myself->name, to->name, key,
|
||||||
to->incipher ? to->incipher->nid : 0,
|
to->incipher ? EVP_CIPHER_nid(to->incipher) : 0,
|
||||||
to->indigest ? to->indigest->type : 0, to->inmaclength,
|
to->indigest ? EVP_MD_type(to->indigest) : 0, to->inmaclength,
|
||||||
to->incompression);
|
to->incompression);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -268,7 +268,7 @@ bool ans_key_h(connection_t *c) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
|
if(from->outkeylength != EVP_CIPHER_key_length(from->outcipher) + EVP_CIPHER_iv_length(from->outcipher)) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
||||||
from->hostname);
|
from->hostname);
|
||||||
return true;
|
return true;
|
||||||
|
@ -288,7 +288,7 @@ bool ans_key_h(connection_t *c) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
|
if(from->outmaclength > EVP_MD_size(from->outdigest) || from->outmaclength < 0) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
||||||
from->name, from->hostname);
|
from->name, from->hostname);
|
||||||
return true;
|
return true;
|
||||||
|
@ -305,7 +305,7 @@ bool ans_key_h(connection_t *c) {
|
||||||
from->outcompression = compression;
|
from->outcompression = compression;
|
||||||
|
|
||||||
if(from->outcipher)
|
if(from->outcipher)
|
||||||
if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
|
if(!EVP_EncryptInit_ex(from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + EVP_CIPHER_key_length(from->outcipher))) {
|
||||||
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
||||||
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return true;
|
return true;
|
||||||
|
|
39
src/tincd.c
39
src/tincd.c
|
@ -336,7 +336,7 @@ static bool parse_options(int argc, char **argv) {
|
||||||
|
|
||||||
/* This function prettyprints the key generation process */
|
/* This function prettyprints the key generation process */
|
||||||
|
|
||||||
static void indicator(int a, int b, void *p) {
|
static int indicator(int a, int b, BN_GENCB *cb) {
|
||||||
switch (a) {
|
switch (a) {
|
||||||
case 0:
|
case 0:
|
||||||
fprintf(stderr, ".");
|
fprintf(stderr, ".");
|
||||||
|
@ -368,21 +368,50 @@ static void indicator(int a, int b, void *p) {
|
||||||
default:
|
default:
|
||||||
fprintf(stderr, "?");
|
fprintf(stderr, "?");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_BN_GENCB_NEW
|
||||||
|
BN_GENCB *BN_GENCB_new(void) {
|
||||||
|
return xmalloc_and_zero(sizeof(BN_GENCB));
|
||||||
|
}
|
||||||
|
|
||||||
|
void BN_GENCB_free(BN_GENCB *cb) {
|
||||||
|
free(cb);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Generate a public/private RSA keypair, and ask for a file to store
|
Generate a public/private RSA keypair, and ask for a file to store
|
||||||
them in.
|
them in.
|
||||||
*/
|
*/
|
||||||
static bool keygen(int bits) {
|
static bool keygen(int bits) {
|
||||||
|
BIGNUM *e = NULL;
|
||||||
RSA *rsa_key;
|
RSA *rsa_key;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
char *pubname, *privname;
|
char *pubname, *privname;
|
||||||
|
BN_GENCB *cb;
|
||||||
|
int result;
|
||||||
|
|
||||||
fprintf(stderr, "Generating %d bits keys:\n", bits);
|
fprintf(stderr, "Generating %d bits keys:\n", bits);
|
||||||
rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
|
|
||||||
|
|
||||||
if(!rsa_key) {
|
cb = BN_GENCB_new();
|
||||||
|
if(!cb)
|
||||||
|
abort();
|
||||||
|
BN_GENCB_set(cb, indicator, NULL);
|
||||||
|
|
||||||
|
rsa_key = RSA_new();
|
||||||
|
BN_hex2bn(&e, "10001");
|
||||||
|
if(!rsa_key || !e)
|
||||||
|
abort();
|
||||||
|
|
||||||
|
result = RSA_generate_key_ex(rsa_key, bits, e, cb);
|
||||||
|
|
||||||
|
BN_free(e);
|
||||||
|
BN_GENCB_free(cb);
|
||||||
|
|
||||||
|
if(!result) {
|
||||||
fprintf(stderr, "Error during key generation!\n");
|
fprintf(stderr, "Error during key generation!\n");
|
||||||
return false;
|
return false;
|
||||||
} else
|
} else
|
||||||
|
@ -702,7 +731,11 @@ end:
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
ENGINE_cleanup();
|
ENGINE_cleanup();
|
||||||
CRYPTO_cleanup_all_ex_data();
|
CRYPTO_cleanup_all_ex_data();
|
||||||
|
#ifdef HAVE_ERR_REMOVE_STATE
|
||||||
|
// OpenSSL claims this function was deprecated in 1.0.0,
|
||||||
|
// but valgrind's leak detector shows you still need to call it to make sure OpenSSL cleans up properly.
|
||||||
ERR_remove_state(0);
|
ERR_remove_state(0);
|
||||||
|
#endif
|
||||||
ERR_free_strings();
|
ERR_free_strings();
|
||||||
|
|
||||||
exit_configuration(&config_tree);
|
exit_configuration(&config_tree);
|
||||||
|
|
|
@ -155,6 +155,7 @@ int xvasprintf(char **strp, const char *fmt, va_list ap) {
|
||||||
int result = vsnprintf(buf, sizeof buf, fmt, ap);
|
int result = vsnprintf(buf, sizeof buf, fmt, ap);
|
||||||
if(result < 0)
|
if(result < 0)
|
||||||
exit(xalloc_exit_failure);
|
exit(xalloc_exit_failure);
|
||||||
|
buf[sizeof buf - 1] = 0;
|
||||||
*strp = xstrdup(buf);
|
*strp = xstrdup(buf);
|
||||||
#else
|
#else
|
||||||
int result = vasprintf(strp, fmt, ap);
|
int result = vasprintf(strp, fmt, ap);
|
||||||
|
|
Loading…
Reference in a new issue