Import Debian changes 1.0.32-1
tinc (1.0.32-1) unstable; urgency=medium * New upstream release. * Add a note to new nets.boot files that it is not used with systemd. Closes: #841052 * In the post-down script, read the pid file only once. Closes: #832784 * Explicitly use /bin/sleep from coreutils. Closes: #772379 * Bump Standards-Version.
This commit is contained in:
commit
ac78971aab
32 changed files with 446 additions and 571 deletions
68
ChangeLog
68
ChangeLog
|
@ -1,3 +1,24 @@
|
|||
Version 1.0.32 September 02 2017
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (13):
|
||||
Don't dereference myself->incipher if it's NULL.
|
||||
Merge remote-tracking branch 'VittGam/master'
|
||||
Use /dev/udp instead of /dev/ip on Solaris.
|
||||
Use getmsg()/putmsg() instead of read()/write() on Solaris.
|
||||
Fix Solaris DeviceType = tap in router Mode.
|
||||
Bind outgoing TCP sockets.
|
||||
Move logging of "would block" messages to debug level 4.
|
||||
Set KillMode=mixed in the systemd service file.
|
||||
Don't forget about outgoing connections on host file read errors.
|
||||
Fix Proxy = exec.
|
||||
Set status.proxy_passed early for Proxy = exec.
|
||||
Don't try to bind Proxy = exec sockets to an address.
|
||||
Releasing 1.0.32.
|
||||
|
||||
Vittorio Gambaletta (VittGam) (1):
|
||||
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
|
||||
|
||||
Version 1.0.31 January 15 2017
|
||||
------------------------------------------------------------------------
|
||||
|
||||
|
@ -162,20 +183,7 @@ VittGam (1):
|
|||
Version 1.0.24 May 11 2014
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (26):
|
||||
Mention in the manual that multiple Address staments are allowed.
|
||||
If no Port is specified, set myport to actual port of first listening socket.
|
||||
Enable compiler hardening flags by default.
|
||||
Update support for Solaris.
|
||||
Include <limits.h> for PATH_MAX.
|
||||
Stricter check for raw socket support.
|
||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||
Don't enable -fstack-protector-all.
|
||||
Remove or lower the priority of some debug messages.
|
||||
Clarify StrictSubnets.
|
||||
Attribution for various contributors.
|
||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||
Guus Sliepen (13):
|
||||
Remove useless variable 'hard' from try_harder().
|
||||
Merge pull request #14 from luckyhacky/master
|
||||
Add an autoconf check for res_init().
|
||||
|
@ -195,22 +203,40 @@ Steffan Karger (3):
|
|||
Use cryptographically strong random when generating keys.
|
||||
Check RAND_bytes() return value, fail when getting random fails.
|
||||
|
||||
Florent Clairambault (2):
|
||||
Adding "conf.d" configuration dir support.
|
||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||
|
||||
Armin Fisslthaler (1):
|
||||
reload /etc/resolv.conf in SIGALRM handler
|
||||
|
||||
Loic Dachary (1):
|
||||
fix documentation typo
|
||||
|
||||
Vilbrekin (1):
|
||||
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||
|
||||
luckyhacky (1):
|
||||
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||
|
||||
refs/tags/1.0.23-android-1 March 11 2014
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (13):
|
||||
Mention in the manual that multiple Address staments are allowed.
|
||||
If no Port is specified, set myport to actual port of first listening socket.
|
||||
Enable compiler hardening flags by default.
|
||||
Update support for Solaris.
|
||||
Include <limits.h> for PATH_MAX.
|
||||
Stricter check for raw socket support.
|
||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||
Don't enable -fstack-protector-all.
|
||||
Remove or lower the priority of some debug messages.
|
||||
Clarify StrictSubnets.
|
||||
Attribution for various contributors.
|
||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||
|
||||
Florent Clairambault (2):
|
||||
Adding "conf.d" configuration dir support.
|
||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||
|
||||
Vilbrekin (1):
|
||||
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||
|
||||
Version 1.0.23 October 19 2013
|
||||
------------------------------------------------------------------------
|
||||
|
||||
|
|
316
INSTALL
316
INSTALL
|
@ -1,8 +1,8 @@
|
|||
Installation Instructions
|
||||
*************************
|
||||
|
||||
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
|
||||
Inc.
|
||||
Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
|
||||
Foundation, Inc.
|
||||
|
||||
Copying and distribution of this file, with or without modification,
|
||||
are permitted in any medium without royalty provided the copyright
|
||||
|
@ -12,97 +12,96 @@ without warranty of any kind.
|
|||
Basic Installation
|
||||
==================
|
||||
|
||||
Briefly, the shell command `./configure && make && make install'
|
||||
Briefly, the shell command './configure && make && make install'
|
||||
should configure, build, and install this package. The following
|
||||
more-detailed instructions are generic; see the `README' file for
|
||||
more-detailed instructions are generic; see the 'README' file for
|
||||
instructions specific to this package. Some packages provide this
|
||||
`INSTALL' file but do not implement all of the features documented
|
||||
'INSTALL' file but do not implement all of the features documented
|
||||
below. The lack of an optional feature in a given package is not
|
||||
necessarily a bug. More recommendations for GNU packages can be found
|
||||
in *note Makefile Conventions: (standards)Makefile Conventions.
|
||||
|
||||
The `configure' shell script attempts to guess correct values for
|
||||
The 'configure' shell script attempts to guess correct values for
|
||||
various system-dependent variables used during compilation. It uses
|
||||
those values to create a `Makefile' in each directory of the package.
|
||||
It may also create one or more `.h' files containing system-dependent
|
||||
definitions. Finally, it creates a shell script `config.status' that
|
||||
those values to create a 'Makefile' in each directory of the package.
|
||||
It may also create one or more '.h' files containing system-dependent
|
||||
definitions. Finally, it creates a shell script 'config.status' that
|
||||
you can run in the future to recreate the current configuration, and a
|
||||
file `config.log' containing compiler output (useful mainly for
|
||||
debugging `configure').
|
||||
file 'config.log' containing compiler output (useful mainly for
|
||||
debugging 'configure').
|
||||
|
||||
It can also use an optional file (typically called `config.cache'
|
||||
and enabled with `--cache-file=config.cache' or simply `-C') that saves
|
||||
the results of its tests to speed up reconfiguring. Caching is
|
||||
disabled by default to prevent problems with accidental use of stale
|
||||
cache files.
|
||||
It can also use an optional file (typically called 'config.cache' and
|
||||
enabled with '--cache-file=config.cache' or simply '-C') that saves the
|
||||
results of its tests to speed up reconfiguring. Caching is disabled by
|
||||
default to prevent problems with accidental use of stale cache files.
|
||||
|
||||
If you need to do unusual things to compile the package, please try
|
||||
to figure out how `configure' could check whether to do them, and mail
|
||||
diffs or instructions to the address given in the `README' so they can
|
||||
to figure out how 'configure' could check whether to do them, and mail
|
||||
diffs or instructions to the address given in the 'README' so they can
|
||||
be considered for the next release. If you are using the cache, and at
|
||||
some point `config.cache' contains results you don't want to keep, you
|
||||
some point 'config.cache' contains results you don't want to keep, you
|
||||
may remove or edit it.
|
||||
|
||||
The file `configure.ac' (or `configure.in') is used to create
|
||||
`configure' by a program called `autoconf'. You need `configure.ac' if
|
||||
you want to change it or regenerate `configure' using a newer version
|
||||
of `autoconf'.
|
||||
The file 'configure.ac' (or 'configure.in') is used to create
|
||||
'configure' by a program called 'autoconf'. You need 'configure.ac' if
|
||||
you want to change it or regenerate 'configure' using a newer version of
|
||||
'autoconf'.
|
||||
|
||||
The simplest way to compile this package is:
|
||||
|
||||
1. `cd' to the directory containing the package's source code and type
|
||||
`./configure' to configure the package for your system.
|
||||
1. 'cd' to the directory containing the package's source code and type
|
||||
'./configure' to configure the package for your system.
|
||||
|
||||
Running `configure' might take a while. While running, it prints
|
||||
Running 'configure' might take a while. While running, it prints
|
||||
some messages telling which features it is checking for.
|
||||
|
||||
2. Type `make' to compile the package.
|
||||
2. Type 'make' to compile the package.
|
||||
|
||||
3. Optionally, type `make check' to run any self-tests that come with
|
||||
3. Optionally, type 'make check' to run any self-tests that come with
|
||||
the package, generally using the just-built uninstalled binaries.
|
||||
|
||||
4. Type `make install' to install the programs and any data files and
|
||||
4. Type 'make install' to install the programs and any data files and
|
||||
documentation. When installing into a prefix owned by root, it is
|
||||
recommended that the package be configured and built as a regular
|
||||
user, and only the `make install' phase executed with root
|
||||
user, and only the 'make install' phase executed with root
|
||||
privileges.
|
||||
|
||||
5. Optionally, type `make installcheck' to repeat any self-tests, but
|
||||
5. Optionally, type 'make installcheck' to repeat any self-tests, but
|
||||
this time using the binaries in their final installed location.
|
||||
This target does not install anything. Running this target as a
|
||||
regular user, particularly if the prior `make install' required
|
||||
regular user, particularly if the prior 'make install' required
|
||||
root privileges, verifies that the installation completed
|
||||
correctly.
|
||||
|
||||
6. You can remove the program binaries and object files from the
|
||||
source code directory by typing `make clean'. To also remove the
|
||||
files that `configure' created (so you can compile the package for
|
||||
a different kind of computer), type `make distclean'. There is
|
||||
also a `make maintainer-clean' target, but that is intended mainly
|
||||
source code directory by typing 'make clean'. To also remove the
|
||||
files that 'configure' created (so you can compile the package for
|
||||
a different kind of computer), type 'make distclean'. There is
|
||||
also a 'make maintainer-clean' target, but that is intended mainly
|
||||
for the package's developers. If you use it, you may have to get
|
||||
all sorts of other programs in order to regenerate files that came
|
||||
with the distribution.
|
||||
|
||||
7. Often, you can also type `make uninstall' to remove the installed
|
||||
7. Often, you can also type 'make uninstall' to remove the installed
|
||||
files again. In practice, not all packages have tested that
|
||||
uninstallation works correctly, even though it is required by the
|
||||
GNU Coding Standards.
|
||||
|
||||
8. Some packages, particularly those that use Automake, provide `make
|
||||
8. Some packages, particularly those that use Automake, provide 'make
|
||||
distcheck', which can by used by developers to test that all other
|
||||
targets like `make install' and `make uninstall' work correctly.
|
||||
targets like 'make install' and 'make uninstall' work correctly.
|
||||
This target is generally not run by end users.
|
||||
|
||||
Compilers and Options
|
||||
=====================
|
||||
|
||||
Some systems require unusual options for compilation or linking that
|
||||
the `configure' script does not know about. Run `./configure --help'
|
||||
the 'configure' script does not know about. Run './configure --help'
|
||||
for details on some of the pertinent environment variables.
|
||||
|
||||
You can give `configure' initial values for configuration parameters
|
||||
by setting variables in the command line or in the environment. Here
|
||||
is an example:
|
||||
You can give 'configure' initial values for configuration parameters
|
||||
by setting variables in the command line or in the environment. Here is
|
||||
an example:
|
||||
|
||||
./configure CC=c99 CFLAGS=-g LIBS=-lposix
|
||||
|
||||
|
@ -113,21 +112,21 @@ Compiling For Multiple Architectures
|
|||
|
||||
You can compile the package for more than one kind of computer at the
|
||||
same time, by placing the object files for each architecture in their
|
||||
own directory. To do this, you can use GNU `make'. `cd' to the
|
||||
own directory. To do this, you can use GNU 'make'. 'cd' to the
|
||||
directory where you want the object files and executables to go and run
|
||||
the `configure' script. `configure' automatically checks for the
|
||||
source code in the directory that `configure' is in and in `..'. This
|
||||
is known as a "VPATH" build.
|
||||
the 'configure' script. 'configure' automatically checks for the source
|
||||
code in the directory that 'configure' is in and in '..'. This is known
|
||||
as a "VPATH" build.
|
||||
|
||||
With a non-GNU `make', it is safer to compile the package for one
|
||||
With a non-GNU 'make', it is safer to compile the package for one
|
||||
architecture at a time in the source code directory. After you have
|
||||
installed the package for one architecture, use `make distclean' before
|
||||
installed the package for one architecture, use 'make distclean' before
|
||||
reconfiguring for another architecture.
|
||||
|
||||
On MacOS X 10.5 and later systems, you can create libraries and
|
||||
executables that work on multiple system types--known as "fat" or
|
||||
"universal" binaries--by specifying multiple `-arch' options to the
|
||||
compiler but only a single `-arch' option to the preprocessor. Like
|
||||
"universal" binaries--by specifying multiple '-arch' options to the
|
||||
compiler but only a single '-arch' option to the preprocessor. Like
|
||||
this:
|
||||
|
||||
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
||||
|
@ -136,105 +135,104 @@ this:
|
|||
|
||||
This is not guaranteed to produce working output in all cases, you
|
||||
may have to build one architecture at a time and combine the results
|
||||
using the `lipo' tool if you have problems.
|
||||
using the 'lipo' tool if you have problems.
|
||||
|
||||
Installation Names
|
||||
==================
|
||||
|
||||
By default, `make install' installs the package's commands under
|
||||
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
||||
can specify an installation prefix other than `/usr/local' by giving
|
||||
`configure' the option `--prefix=PREFIX', where PREFIX must be an
|
||||
By default, 'make install' installs the package's commands under
|
||||
'/usr/local/bin', include files under '/usr/local/include', etc. You
|
||||
can specify an installation prefix other than '/usr/local' by giving
|
||||
'configure' the option '--prefix=PREFIX', where PREFIX must be an
|
||||
absolute file name.
|
||||
|
||||
You can specify separate installation prefixes for
|
||||
architecture-specific files and architecture-independent files. If you
|
||||
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
|
||||
pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
|
||||
PREFIX as the prefix for installing programs and libraries.
|
||||
Documentation and other data files still use the regular prefix.
|
||||
|
||||
In addition, if you use an unusual directory layout you can give
|
||||
options like `--bindir=DIR' to specify different values for particular
|
||||
kinds of files. Run `configure --help' for a list of the directories
|
||||
you can set and what kinds of files go in them. In general, the
|
||||
default for these options is expressed in terms of `${prefix}', so that
|
||||
specifying just `--prefix' will affect all of the other directory
|
||||
options like '--bindir=DIR' to specify different values for particular
|
||||
kinds of files. Run 'configure --help' for a list of the directories
|
||||
you can set and what kinds of files go in them. In general, the default
|
||||
for these options is expressed in terms of '${prefix}', so that
|
||||
specifying just '--prefix' will affect all of the other directory
|
||||
specifications that were not explicitly provided.
|
||||
|
||||
The most portable way to affect installation locations is to pass the
|
||||
correct locations to `configure'; however, many packages provide one or
|
||||
correct locations to 'configure'; however, many packages provide one or
|
||||
both of the following shortcuts of passing variable assignments to the
|
||||
`make install' command line to change installation locations without
|
||||
'make install' command line to change installation locations without
|
||||
having to reconfigure or recompile.
|
||||
|
||||
The first method involves providing an override variable for each
|
||||
affected directory. For example, `make install
|
||||
affected directory. For example, 'make install
|
||||
prefix=/alternate/directory' will choose an alternate location for all
|
||||
directory configuration variables that were expressed in terms of
|
||||
`${prefix}'. Any directories that were specified during `configure',
|
||||
but not in terms of `${prefix}', must each be overridden at install
|
||||
time for the entire installation to be relocated. The approach of
|
||||
makefile variable overrides for each directory variable is required by
|
||||
the GNU Coding Standards, and ideally causes no recompilation.
|
||||
However, some platforms have known limitations with the semantics of
|
||||
shared libraries that end up requiring recompilation when using this
|
||||
method, particularly noticeable in packages that use GNU Libtool.
|
||||
'${prefix}'. Any directories that were specified during 'configure',
|
||||
but not in terms of '${prefix}', must each be overridden at install time
|
||||
for the entire installation to be relocated. The approach of makefile
|
||||
variable overrides for each directory variable is required by the GNU
|
||||
Coding Standards, and ideally causes no recompilation. However, some
|
||||
platforms have known limitations with the semantics of shared libraries
|
||||
that end up requiring recompilation when using this method, particularly
|
||||
noticeable in packages that use GNU Libtool.
|
||||
|
||||
The second method involves providing the `DESTDIR' variable. For
|
||||
example, `make install DESTDIR=/alternate/directory' will prepend
|
||||
`/alternate/directory' before all installation names. The approach of
|
||||
`DESTDIR' overrides is not required by the GNU Coding Standards, and
|
||||
The second method involves providing the 'DESTDIR' variable. For
|
||||
example, 'make install DESTDIR=/alternate/directory' will prepend
|
||||
'/alternate/directory' before all installation names. The approach of
|
||||
'DESTDIR' overrides is not required by the GNU Coding Standards, and
|
||||
does not work on platforms that have drive letters. On the other hand,
|
||||
it does better at avoiding recompilation issues, and works well even
|
||||
when some directory options were not specified in terms of `${prefix}'
|
||||
at `configure' time.
|
||||
when some directory options were not specified in terms of '${prefix}'
|
||||
at 'configure' time.
|
||||
|
||||
Optional Features
|
||||
=================
|
||||
|
||||
If the package supports it, you can cause programs to be installed
|
||||
with an extra prefix or suffix on their names by giving `configure' the
|
||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
||||
with an extra prefix or suffix on their names by giving 'configure' the
|
||||
option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
|
||||
|
||||
Some packages pay attention to `--enable-FEATURE' options to
|
||||
`configure', where FEATURE indicates an optional part of the package.
|
||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
||||
is something like `gnu-as' or `x' (for the X Window System). The
|
||||
`README' should mention any `--enable-' and `--with-' options that the
|
||||
Some packages pay attention to '--enable-FEATURE' options to
|
||||
'configure', where FEATURE indicates an optional part of the package.
|
||||
They may also pay attention to '--with-PACKAGE' options, where PACKAGE
|
||||
is something like 'gnu-as' or 'x' (for the X Window System). The
|
||||
'README' should mention any '--enable-' and '--with-' options that the
|
||||
package recognizes.
|
||||
|
||||
For packages that use the X Window System, `configure' can usually
|
||||
For packages that use the X Window System, 'configure' can usually
|
||||
find the X include and library files automatically, but if it doesn't,
|
||||
you can use the `configure' options `--x-includes=DIR' and
|
||||
`--x-libraries=DIR' to specify their locations.
|
||||
you can use the 'configure' options '--x-includes=DIR' and
|
||||
'--x-libraries=DIR' to specify their locations.
|
||||
|
||||
Some packages offer the ability to configure how verbose the
|
||||
execution of `make' will be. For these packages, running `./configure
|
||||
execution of 'make' will be. For these packages, running './configure
|
||||
--enable-silent-rules' sets the default to minimal output, which can be
|
||||
overridden with `make V=1'; while running `./configure
|
||||
overridden with 'make V=1'; while running './configure
|
||||
--disable-silent-rules' sets the default to verbose, which can be
|
||||
overridden with `make V=0'.
|
||||
overridden with 'make V=0'.
|
||||
|
||||
Particular systems
|
||||
==================
|
||||
|
||||
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
|
||||
CC is not installed, it is recommended to use the following options in
|
||||
On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
|
||||
is not installed, it is recommended to use the following options in
|
||||
order to use an ANSI C compiler:
|
||||
|
||||
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
|
||||
|
||||
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
|
||||
|
||||
HP-UX `make' updates targets which have the same time stamps as
|
||||
their prerequisites, which makes it generally unusable when shipped
|
||||
generated files such as `configure' are involved. Use GNU `make'
|
||||
instead.
|
||||
HP-UX 'make' updates targets which have the same time stamps as their
|
||||
prerequisites, which makes it generally unusable when shipped generated
|
||||
files such as 'configure' are involved. Use GNU 'make' instead.
|
||||
|
||||
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
|
||||
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
|
||||
a workaround. If GNU CC is not installed, it is therefore recommended
|
||||
to try
|
||||
parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
|
||||
workaround. If GNU CC is not installed, it is therefore recommended to
|
||||
try
|
||||
|
||||
./configure CC="cc"
|
||||
|
||||
|
@ -242,26 +240,26 @@ and if that doesn't work, try
|
|||
|
||||
./configure CC="cc -nodtk"
|
||||
|
||||
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
|
||||
On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
|
||||
directory contains several dysfunctional programs; working variants of
|
||||
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
|
||||
in your `PATH', put it _after_ `/usr/bin'.
|
||||
these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
|
||||
in your 'PATH', put it _after_ '/usr/bin'.
|
||||
|
||||
On Haiku, software installed for all users goes in `/boot/common',
|
||||
not `/usr/local'. It is recommended to use the following options:
|
||||
On Haiku, software installed for all users goes in '/boot/common',
|
||||
not '/usr/local'. It is recommended to use the following options:
|
||||
|
||||
./configure --prefix=/boot/common
|
||||
|
||||
Specifying the System Type
|
||||
==========================
|
||||
|
||||
There may be some features `configure' cannot figure out
|
||||
There may be some features 'configure' cannot figure out
|
||||
automatically, but needs to determine by the type of machine the package
|
||||
will run on. Usually, assuming the package is built to be run on the
|
||||
_same_ architectures, `configure' can figure that out, but if it prints
|
||||
_same_ architectures, 'configure' can figure that out, but if it prints
|
||||
a message saying it cannot guess the machine type, give it the
|
||||
`--build=TYPE' option. TYPE can either be a short name for the system
|
||||
type, such as `sun4', or a canonical name which has the form:
|
||||
'--build=TYPE' option. TYPE can either be a short name for the system
|
||||
type, such as 'sun4', or a canonical name which has the form:
|
||||
|
||||
CPU-COMPANY-SYSTEM
|
||||
|
||||
|
@ -270,101 +268,101 @@ where SYSTEM can have one of these forms:
|
|||
OS
|
||||
KERNEL-OS
|
||||
|
||||
See the file `config.sub' for the possible values of each field. If
|
||||
`config.sub' isn't included in this package, then this package doesn't
|
||||
See the file 'config.sub' for the possible values of each field. If
|
||||
'config.sub' isn't included in this package, then this package doesn't
|
||||
need to know the machine type.
|
||||
|
||||
If you are _building_ compiler tools for cross-compiling, you should
|
||||
use the option `--target=TYPE' to select the type of system they will
|
||||
use the option '--target=TYPE' to select the type of system they will
|
||||
produce code for.
|
||||
|
||||
If you want to _use_ a cross compiler, that generates code for a
|
||||
platform different from the build platform, you should specify the
|
||||
"host" platform (i.e., that on which the generated programs will
|
||||
eventually be run) with `--host=TYPE'.
|
||||
eventually be run) with '--host=TYPE'.
|
||||
|
||||
Sharing Defaults
|
||||
================
|
||||
|
||||
If you want to set default values for `configure' scripts to share,
|
||||
you can create a site shell script called `config.site' that gives
|
||||
default values for variables like `CC', `cache_file', and `prefix'.
|
||||
`configure' looks for `PREFIX/share/config.site' if it exists, then
|
||||
`PREFIX/etc/config.site' if it exists. Or, you can set the
|
||||
`CONFIG_SITE' environment variable to the location of the site script.
|
||||
A warning: not all `configure' scripts look for a site script.
|
||||
If you want to set default values for 'configure' scripts to share,
|
||||
you can create a site shell script called 'config.site' that gives
|
||||
default values for variables like 'CC', 'cache_file', and 'prefix'.
|
||||
'configure' looks for 'PREFIX/share/config.site' if it exists, then
|
||||
'PREFIX/etc/config.site' if it exists. Or, you can set the
|
||||
'CONFIG_SITE' environment variable to the location of the site script.
|
||||
A warning: not all 'configure' scripts look for a site script.
|
||||
|
||||
Defining Variables
|
||||
==================
|
||||
|
||||
Variables not defined in a site shell script can be set in the
|
||||
environment passed to `configure'. However, some packages may run
|
||||
environment passed to 'configure'. However, some packages may run
|
||||
configure again during the build, and the customized values of these
|
||||
variables may be lost. In order to avoid this problem, you should set
|
||||
them in the `configure' command line, using `VAR=value'. For example:
|
||||
them in the 'configure' command line, using 'VAR=value'. For example:
|
||||
|
||||
./configure CC=/usr/local2/bin/gcc
|
||||
|
||||
causes the specified `gcc' to be used as the C compiler (unless it is
|
||||
causes the specified 'gcc' to be used as the C compiler (unless it is
|
||||
overridden in the site shell script).
|
||||
|
||||
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
|
||||
an Autoconf limitation. Until the limitation is lifted, you can use
|
||||
this workaround:
|
||||
Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
|
||||
Autoconf limitation. Until the limitation is lifted, you can use this
|
||||
workaround:
|
||||
|
||||
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
|
||||
|
||||
`configure' Invocation
|
||||
'configure' Invocation
|
||||
======================
|
||||
|
||||
`configure' recognizes the following options to control how it
|
||||
'configure' recognizes the following options to control how it
|
||||
operates.
|
||||
|
||||
`--help'
|
||||
`-h'
|
||||
Print a summary of all of the options to `configure', and exit.
|
||||
'--help'
|
||||
'-h'
|
||||
Print a summary of all of the options to 'configure', and exit.
|
||||
|
||||
`--help=short'
|
||||
`--help=recursive'
|
||||
'--help=short'
|
||||
'--help=recursive'
|
||||
Print a summary of the options unique to this package's
|
||||
`configure', and exit. The `short' variant lists options used
|
||||
only in the top level, while the `recursive' variant lists options
|
||||
also present in any nested packages.
|
||||
'configure', and exit. The 'short' variant lists options used only
|
||||
in the top level, while the 'recursive' variant lists options also
|
||||
present in any nested packages.
|
||||
|
||||
`--version'
|
||||
`-V'
|
||||
Print the version of Autoconf used to generate the `configure'
|
||||
'--version'
|
||||
'-V'
|
||||
Print the version of Autoconf used to generate the 'configure'
|
||||
script, and exit.
|
||||
|
||||
`--cache-file=FILE'
|
||||
'--cache-file=FILE'
|
||||
Enable the cache: use and save the results of the tests in FILE,
|
||||
traditionally `config.cache'. FILE defaults to `/dev/null' to
|
||||
traditionally 'config.cache'. FILE defaults to '/dev/null' to
|
||||
disable caching.
|
||||
|
||||
`--config-cache'
|
||||
`-C'
|
||||
Alias for `--cache-file=config.cache'.
|
||||
'--config-cache'
|
||||
'-C'
|
||||
Alias for '--cache-file=config.cache'.
|
||||
|
||||
`--quiet'
|
||||
`--silent'
|
||||
`-q'
|
||||
'--quiet'
|
||||
'--silent'
|
||||
'-q'
|
||||
Do not print messages saying which checks are being made. To
|
||||
suppress all normal output, redirect it to `/dev/null' (any error
|
||||
suppress all normal output, redirect it to '/dev/null' (any error
|
||||
messages will still be shown).
|
||||
|
||||
`--srcdir=DIR'
|
||||
'--srcdir=DIR'
|
||||
Look for the package's source code in directory DIR. Usually
|
||||
`configure' can determine that directory automatically.
|
||||
'configure' can determine that directory automatically.
|
||||
|
||||
`--prefix=DIR'
|
||||
Use DIR as the installation prefix. *note Installation Names::
|
||||
for more details, including other options available for fine-tuning
|
||||
the installation locations.
|
||||
'--prefix=DIR'
|
||||
Use DIR as the installation prefix. *note Installation Names:: for
|
||||
more details, including other options available for fine-tuning the
|
||||
installation locations.
|
||||
|
||||
`--no-create'
|
||||
`-n'
|
||||
'--no-create'
|
||||
'-n'
|
||||
Run the configure checks, but stop before creating any output
|
||||
files.
|
||||
|
||||
`configure' also accepts some other, not widely useful, options. Run
|
||||
`configure --help' for more details.
|
||||
'configure' also accepts some other, not widely useful, options. Run
|
||||
'configure --help' for more details.
|
||||
|
|
12
Makefile.in
12
Makefile.in
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -544,7 +544,7 @@ distdir: $(DISTFILES)
|
|||
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
||||
|| chmod -R a+r "$(distdir)"
|
||||
dist-gzip: distdir
|
||||
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
|
||||
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-bzip2: distdir
|
||||
|
@ -570,7 +570,7 @@ dist-shar: distdir
|
|||
@echo WARNING: "Support for shar distribution archives is" \
|
||||
"deprecated." >&2
|
||||
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
||||
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
|
||||
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-zip: distdir
|
||||
|
@ -588,7 +588,7 @@ dist dist-all:
|
|||
distcheck: dist
|
||||
case '$(DIST_ARCHIVES)' in \
|
||||
*.tar.gz*) \
|
||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||
*.tar.bz2*) \
|
||||
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||
*.tar.lz*) \
|
||||
|
@ -598,7 +598,7 @@ distcheck: dist
|
|||
*.tar.Z*) \
|
||||
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
||||
*.shar.gz*) \
|
||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
|
||||
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
|
||||
*.zip*) \
|
||||
unzip $(distdir).zip ;;\
|
||||
esac
|
||||
|
|
10
NEWS
10
NEWS
|
@ -1,3 +1,13 @@
|
|||
Version 1.0.32 September 2 2017
|
||||
|
||||
* Fix segmentation fault when using Cipher = none.
|
||||
* Fix Proxy = exec.
|
||||
* Support PriorityInheritance for IPv6 packets.
|
||||
* Fixes for Solaris tun/tap support.
|
||||
* Bind outgoing TCP sockets when ListenAddress is used.
|
||||
|
||||
Thanks to Vittorio Gambaletta for his contribution to this version of tinc.
|
||||
|
||||
Version 1.0.31 January 15 2017
|
||||
|
||||
* Remove ExecStop in tinc@.service.
|
||||
|
|
2
README
2
README
|
@ -1,4 +1,4 @@
|
|||
This is the README file for tinc version 1.0.31. Installation
|
||||
This is the README file for tinc version 1.0.32. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright (C) 1998-2017 by:
|
||||
|
|
2
THANKS
2
THANKS
|
@ -22,9 +22,11 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Flynn Marquardt
|
||||
* Gary Kessler and Claudia Gonzalez
|
||||
* Grzegorz Dymarek
|
||||
* Gusariev Oleksandr
|
||||
* Hans Bayle
|
||||
* Harvest
|
||||
* Ivo van Dong
|
||||
* Ivo Smits
|
||||
* James Cook
|
||||
* James MacLean
|
||||
* Jamie Briggs
|
||||
|
|
46
aclocal.m4
vendored
46
aclocal.m4
vendored
|
@ -1,6 +1,6 @@
|
|||
# generated automatically by aclocal 1.15 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -296,7 +296,7 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
|
|||
AS_VAR_IF([$1], [""], [$5], [$4])dnl
|
||||
])dnl PKG_CHECK_VAR
|
||||
|
||||
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2002-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -311,7 +311,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
|||
[am__api_version='1.15'
|
||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||
dnl require some minimum version. Point them to the right macro.
|
||||
m4_if([$1], [1.15], [],
|
||||
m4_if([$1], [1.15.1], [],
|
||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||
])
|
||||
|
||||
|
@ -327,14 +327,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
|||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||
[AM_AUTOMAKE_VERSION([1.15])dnl
|
||||
[AM_AUTOMAKE_VERSION([1.15.1])dnl
|
||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||
|
||||
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -386,7 +386,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
|
|||
|
||||
# AM_CONDITIONAL -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -417,7 +417,7 @@ AC_CONFIG_COMMANDS_PRE(
|
|||
Usually this means the macro was only invoked conditionally.]])
|
||||
fi])])
|
||||
|
||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -608,7 +608,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
|
|||
|
||||
# Generate code to set up dependency tracking. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -684,7 +684,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
|
|||
|
||||
# Do all the work for Automake. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -881,7 +881,7 @@ for _am_header in $config_headers :; do
|
|||
done
|
||||
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
|
||||
|
||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -902,7 +902,7 @@ if test x"${install_sh+set}" != xset; then
|
|||
fi
|
||||
AC_SUBST([install_sh])])
|
||||
|
||||
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2003-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -924,7 +924,7 @@ AC_SUBST([am__leading_dot])])
|
|||
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
|
||||
# From Jim Meyering
|
||||
|
||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -959,7 +959,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
|
|||
|
||||
# Check to see how 'make' treats includes. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1009,7 +1009,7 @@ rm -f confinc confmf
|
|||
|
||||
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1048,7 +1048,7 @@ fi
|
|||
|
||||
# Helper functions for option handling. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1077,7 +1077,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
|
|||
AC_DEFUN([_AM_IF_OPTION],
|
||||
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
|
||||
|
||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1124,7 +1124,7 @@ AC_LANG_POP([C])])
|
|||
# For backward compatibility.
|
||||
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
|
||||
|
||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1143,7 +1143,7 @@ AC_DEFUN([AM_RUN_LOG],
|
|||
|
||||
# Check to make sure that the build environment is sane. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1224,7 +1224,7 @@ AC_CONFIG_COMMANDS_PRE(
|
|||
rm -f conftest.file
|
||||
])
|
||||
|
||||
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2009-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1284,7 +1284,7 @@ AC_SUBST([AM_BACKSLASH])dnl
|
|||
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
|
||||
])
|
||||
|
||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1312,7 +1312,7 @@ fi
|
|||
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
|
||||
AC_SUBST([INSTALL_STRIP_PROGRAM])])
|
||||
|
||||
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2006-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1331,7 +1331,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
|
|||
|
||||
# Check how to create a tarball. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2004-2017 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
20
configure
vendored
20
configure
vendored
|
@ -1,6 +1,6 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.31.
|
||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.32.
|
||||
#
|
||||
#
|
||||
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
||||
|
@ -577,8 +577,8 @@ MAKEFLAGS=
|
|||
# Identity of this package.
|
||||
PACKAGE_NAME='tinc'
|
||||
PACKAGE_TARNAME='tinc'
|
||||
PACKAGE_VERSION='1.0.31'
|
||||
PACKAGE_STRING='tinc 1.0.31'
|
||||
PACKAGE_VERSION='1.0.32'
|
||||
PACKAGE_STRING='tinc 1.0.32'
|
||||
PACKAGE_BUGREPORT=''
|
||||
PACKAGE_URL=''
|
||||
|
||||
|
@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
|
|||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures tinc 1.0.31 to adapt to many kinds of systems.
|
||||
\`configure' configures tinc 1.0.32 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
|
@ -1402,7 +1402,7 @@ fi
|
|||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of tinc 1.0.31:";;
|
||||
short | recursive ) echo "Configuration of tinc 1.0.32:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
|
@ -1528,7 +1528,7 @@ fi
|
|||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
tinc configure 1.0.31
|
||||
tinc configure 1.0.32
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
|
@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF
|
|||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by tinc $as_me 1.0.31, which was
|
||||
It was created by tinc $as_me 1.0.32, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
@ -2857,7 +2857,7 @@ fi
|
|||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='tinc'
|
||||
VERSION='1.0.31'
|
||||
VERSION='1.0.32'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
|
@ -7807,7 +7807,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by tinc $as_me 1.0.31, which was
|
||||
This file was extended by tinc $as_me 1.0.32, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
|
@ -7873,7 +7873,7 @@ _ACEOF
|
|||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
tinc config.status 1.0.31
|
||||
tinc config.status 1.0.32
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
dnl Process this file with autoconf to produce a configure script.
|
||||
|
||||
AC_PREREQ(2.61)
|
||||
AC_INIT([tinc], [1.0.31])
|
||||
AC_INIT([tinc], [1.0.32])
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
|
|
12
debian/changelog
vendored
12
debian/changelog
vendored
|
@ -1,9 +1,13 @@
|
|||
tinc (1.0.31-1+deb9u1) stretch-security; urgency=high
|
||||
tinc (1.0.32-1) unstable; urgency=medium
|
||||
|
||||
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
|
||||
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
|
||||
* New upstream release.
|
||||
* Add a note to new nets.boot files that it is not used with systemd.
|
||||
Closes: #841052
|
||||
* In the post-down script, read the pid file only once. Closes: #832784
|
||||
* Explicitly use /bin/sleep from coreutils. Closes: #772379
|
||||
* Bump Standards-Version.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sat, 22 Sep 2018 17:35:50 +0200
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 05 Sep 2017 20:23:36 +0200
|
||||
|
||||
tinc (1.0.31-1) unstable; urgency=medium
|
||||
|
||||
|
|
2
debian/control
vendored
2
debian/control
vendored
|
@ -2,7 +2,7 @@ Source: tinc
|
|||
Section: net
|
||||
Priority: optional
|
||||
Maintainer: Guus Sliepen <guus@debian.org>
|
||||
Standards-Version: 3.9.8
|
||||
Standards-Version: 4.0.0
|
||||
Build-Depends: libssl-dev, debhelper (>= 10), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd
|
||||
Homepage: http://www.tinc-vpn.org/
|
||||
|
||||
|
|
234
debian/patches/security-fixes
vendored
234
debian/patches/security-fixes
vendored
|
@ -1,234 +0,0 @@
|
|||
--- a/src/connection.h
|
||||
+++ b/src/connection.h
|
||||
@@ -42,7 +42,8 @@
|
||||
unsigned int decryptin:1; /* 1 if we have to decrypt incoming traffic */
|
||||
unsigned int mst:1; /* 1 if this connection is part of a minimum spanning tree */
|
||||
unsigned int proxy_passed:1; /* 1 if we are connecting via a proxy and we have finished talking with it */
|
||||
- unsigned int unused:22;
|
||||
+ unsigned int tarpit:1; /* 1 if the connection should be added to the tarpit */
|
||||
+ unsigned int unused:21;
|
||||
} connection_status_t;
|
||||
|
||||
#include "edge.h"
|
||||
--- a/src/net.c
|
||||
+++ b/src/net.c
|
||||
@@ -158,6 +158,22 @@
|
||||
return max;
|
||||
}
|
||||
|
||||
+/* Put a misbehaving connection in the tarpit */
|
||||
+void tarpit(int fd) {
|
||||
+ static int pits[10] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
|
||||
+ static int next_pit = 0;
|
||||
+
|
||||
+ if(pits[next_pit] != -1) {
|
||||
+ closesocket(pits[next_pit]);
|
||||
+ }
|
||||
+
|
||||
+ pits[next_pit++] = fd;
|
||||
+
|
||||
+ if(next_pit >= sizeof pits / sizeof pits[0]) {
|
||||
+ next_pit = 0;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/*
|
||||
Terminate a connection:
|
||||
- Close the socket
|
||||
@@ -178,8 +194,13 @@
|
||||
if(c->node)
|
||||
c->node->connection = NULL;
|
||||
|
||||
- if(c->socket)
|
||||
- closesocket(c->socket);
|
||||
+ if(c->socket) {
|
||||
+ if(c->status.tarpit) {
|
||||
+ tarpit(c->socket);
|
||||
+ } else {
|
||||
+ closesocket(c->socket);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if(c->edge) {
|
||||
if(!c->node) {
|
||||
@@ -266,6 +287,7 @@
|
||||
closesocket(c->socket);
|
||||
do_outgoing_connection(c);
|
||||
} else {
|
||||
+ c->status.tarpit = true;
|
||||
terminate_connection(c, false);
|
||||
}
|
||||
}
|
||||
@@ -345,6 +367,7 @@
|
||||
|
||||
if(FD_ISSET(c->socket, readset)) {
|
||||
if(!receive_meta(c)) {
|
||||
+ c->status.tarpit = true;
|
||||
terminate_connection(c, c->status.active);
|
||||
continue;
|
||||
}
|
||||
--- a/src/net.h
|
||||
+++ b/src/net.h
|
||||
@@ -150,6 +150,7 @@
|
||||
extern bool read_rsa_public_key(struct connection_t *);
|
||||
extern void send_mtu_probe(struct node_t *);
|
||||
extern void load_all_subnets(void);
|
||||
+extern void tarpit(int fd);
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
#define closesocket(s) close(s)
|
||||
--- a/src/net_socket.c
|
||||
+++ b/src/net_socket.c
|
||||
@@ -552,6 +552,9 @@
|
||||
new connection
|
||||
*/
|
||||
bool handle_new_meta_connection(int sock) {
|
||||
+ static const int max_accept_burst = 10;
|
||||
+ static int last_accept_burst;
|
||||
+ static int last_accept_time;
|
||||
connection_t *c;
|
||||
sockaddr_t sa;
|
||||
int fd;
|
||||
@@ -564,6 +567,22 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
+ if(last_accept_time == now) {
|
||||
+ last_accept_burst++;
|
||||
+
|
||||
+ if(last_accept_burst >= max_accept_burst) {
|
||||
+ if(last_accept_burst == max_accept_burst) {
|
||||
+ ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections");
|
||||
+ }
|
||||
+
|
||||
+ tarpit(fd);
|
||||
+ return false;
|
||||
+ }
|
||||
+ } else {
|
||||
+ last_accept_burst = 0;
|
||||
+ last_accept_time = now;
|
||||
+ }
|
||||
+
|
||||
sockaddrunmap(&sa);
|
||||
|
||||
c = new_connection();
|
||||
@@ -585,7 +604,6 @@
|
||||
connection_add(c);
|
||||
|
||||
c->allow_request = ID;
|
||||
- send_id(c);
|
||||
|
||||
return true;
|
||||
}
|
||||
--- a/src/protocol_auth.c
|
||||
+++ b/src/protocol_auth.c
|
||||
@@ -59,7 +59,7 @@
|
||||
|
||||
/* Check if identity is a valid name */
|
||||
|
||||
- if(!check_id(name)) {
|
||||
+ if(!check_id(name) || !strcmp(name, myself->name)) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ID", c->name,
|
||||
c->hostname, "invalid name");
|
||||
return false;
|
||||
@@ -91,6 +91,11 @@
|
||||
if(!c->config_tree)
|
||||
init_configuration(&c->config_tree);
|
||||
c->allow_request = ACK;
|
||||
+
|
||||
+ if(!c->outgoing) {
|
||||
+ send_id(c);
|
||||
+ }
|
||||
+
|
||||
return send_ack(c);
|
||||
}
|
||||
|
||||
@@ -110,6 +115,10 @@
|
||||
|
||||
c->allow_request = METAKEY;
|
||||
|
||||
+ if(!c->outgoing) {
|
||||
+ send_id(c);
|
||||
+ }
|
||||
+
|
||||
return send_metakey(c);
|
||||
}
|
||||
|
||||
@@ -292,7 +301,8 @@
|
||||
c->inbudget = byte_budget(c->incipher);
|
||||
c->status.decryptin = true;
|
||||
} else {
|
||||
- c->incipher = NULL;
|
||||
+ logger(LOG_ERR, "%s (%s) uses null cipher!", c->name, c->hostname);
|
||||
+ return false;
|
||||
}
|
||||
|
||||
c->inmaclength = maclength;
|
||||
@@ -310,7 +320,8 @@
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
- c->indigest = NULL;
|
||||
+ logger(LOG_ERR, "%s (%s) uses null digest!", c->name, c->hostname);
|
||||
+ return false;
|
||||
}
|
||||
|
||||
c->incompression = compression;
|
||||
@@ -384,7 +395,11 @@
|
||||
|
||||
/* Rest is done by send_chal_reply() */
|
||||
|
||||
- return send_chal_reply(c);
|
||||
+ if(c->outgoing) {
|
||||
+ return send_chal_reply(c);
|
||||
+ } else {
|
||||
+ return true;
|
||||
+ }
|
||||
}
|
||||
|
||||
bool send_chal_reply(connection_t *c) {
|
||||
@@ -482,6 +497,10 @@
|
||||
|
||||
c->allow_request = ACK;
|
||||
|
||||
+ if(!c->outgoing) {
|
||||
+ send_chal_reply(c);
|
||||
+ }
|
||||
+
|
||||
return send_ack(c);
|
||||
}
|
||||
|
||||
--- a/src/protocol_edge.c
|
||||
+++ b/src/protocol_edge.c
|
||||
@@ -70,7 +70,7 @@
|
||||
|
||||
/* Check if names are valid */
|
||||
|
||||
- if(!check_id(from_name) || !check_id(to_name)) {
|
||||
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ADD_EDGE", c->name,
|
||||
c->hostname, "invalid name");
|
||||
return false;
|
||||
@@ -192,7 +192,7 @@
|
||||
|
||||
/* Check if names are valid */
|
||||
|
||||
- if(!check_id(from_name) || !check_id(to_name)) {
|
||||
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "DEL_EDGE", c->name,
|
||||
c->hostname, "invalid name");
|
||||
return false;
|
||||
--- a/src/protocol_key.c
|
||||
+++ b/src/protocol_key.c
|
||||
@@ -274,6 +274,11 @@
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
+ if(from->outkeylength != 1) {
|
||||
+ logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
from->outcipher = NULL;
|
||||
}
|
||||
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
|
@ -1 +0,0 @@
|
|||
security-fixes
|
3
debian/postinst
vendored
3
debian/postinst
vendored
|
@ -14,7 +14,8 @@ case "$1" in
|
|||
fi; fi
|
||||
|
||||
if [ ! -e $NETSFILE ] ; then
|
||||
echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE
|
||||
echo "## This file contains all names of the networks to be started on system startup when using sysvinit." > $NETSFILE
|
||||
echo "## If you are using systemd, use systemctl enable tinc@netname to enable individual networks." >> $NETSFILE
|
||||
fi
|
||||
;;
|
||||
|
||||
|
|
8
debian/tinc.if-post-down
vendored
8
debian/tinc.if-post-down
vendored
|
@ -17,13 +17,15 @@ fi
|
|||
|
||||
# Stop the tinc daemon
|
||||
|
||||
read pid rest < $IF_TINC_PIDFILE 2>/dev/null
|
||||
|
||||
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
||||
|
||||
# Wait for it to shut down properly
|
||||
|
||||
sleep 0.1
|
||||
/bin/sleep 0.1
|
||||
i=0;
|
||||
while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
||||
while [ -f $IF_TINC_PIDFILE ] ; do
|
||||
if [ ! -e "/proc/$pid" ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
@ -32,7 +34,7 @@ while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
|||
echo 'Failed to stop tinc daemon!'
|
||||
exit 1
|
||||
fi
|
||||
sleep 0.1
|
||||
/bin/sleep 0.1
|
||||
i=$(($i+1))
|
||||
done
|
||||
|
||||
|
|
6
debian/tinc.if-pre-up
vendored
6
debian/tinc.if-pre-up
vendored
|
@ -43,14 +43,14 @@ test -n "$LIMITS" && setlimits $LIMITS
|
|||
|
||||
# Wait for it to come up properly
|
||||
|
||||
sleep 0.1
|
||||
/bin/sleep 0.1
|
||||
i=0;
|
||||
while [ ! -f $IF_TINC_PIDFILE ] ; do
|
||||
if [ $i = '30' ] ; then
|
||||
echo 'Failed to start tinc daemon!'
|
||||
exit 1
|
||||
fi
|
||||
sleep 0.1
|
||||
/bin/sleep 0.1
|
||||
i=$(($i+1))
|
||||
done
|
||||
|
||||
|
@ -63,7 +63,7 @@ while read pid rest < $IF_TINC_PIDFILE ; do
|
|||
echo 'Failed to start tinc daemon!'
|
||||
exit 1
|
||||
fi
|
||||
sleep 0.1
|
||||
/bin/sleep 0.1
|
||||
i=$(($i+1))
|
||||
done
|
||||
|
||||
|
|
6
debian/tinc.init
vendored
6
debian/tinc.init
vendored
|
@ -82,7 +82,7 @@ stop() {
|
|||
$DAEMON -n $1 -k || return
|
||||
|
||||
i=0;
|
||||
sleep 0.5
|
||||
/bin/sleep 0.5
|
||||
|
||||
# Wait for the pidfile to disappear
|
||||
while [ -f /var/run/tinc.$1.pid ]; do
|
||||
|
@ -91,14 +91,14 @@ stop() {
|
|||
|
||||
if [ $i = '10' ] ; then
|
||||
# It's still alive, kill it again and give up
|
||||
$DAEMON -n $1 -k && sleep 0.5
|
||||
$DAEMON -n $1 -k && /bin/sleep 0.5
|
||||
break
|
||||
else
|
||||
echo -n "."
|
||||
i=$(($i+1))
|
||||
fi
|
||||
|
||||
sleep 0.5
|
||||
/bin/sleep 0.5
|
||||
done
|
||||
}
|
||||
|
||||
|
|
6
depcomp
6
depcomp
|
@ -1,9 +1,9 @@
|
|||
#! /bin/sh
|
||||
# depcomp - compile a program generating dependencies as side-effects
|
||||
|
||||
scriptversion=2013-05-30.07; # UTC
|
||||
scriptversion=2016-01-11.22; # UTC
|
||||
|
||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
|
@ -786,6 +786,6 @@ exit 0
|
|||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "scriptversion="
|
||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||
# time-stamp-time-zone: "UTC"
|
||||
# time-stamp-time-zone: "UTC0"
|
||||
# time-stamp-end: "; # UTC"
|
||||
# End:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
|
@ -8,6 +8,7 @@ Type=simple
|
|||
WorkingDirectory=/etc/tinc/%i
|
||||
ExecStart=/usr/sbin/tincd -n %i -D
|
||||
ExecReload=/usr/sbin/tincd -n %i -kHUP
|
||||
KillMode=mixed
|
||||
TimeoutStopSec=5
|
||||
Restart=always
|
||||
RestartSec=60
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
Binary file not shown.
128
doc/tinc.info
128
doc/tinc.info
|
@ -1,11 +1,11 @@
|
|||
This is tinc.info, produced by makeinfo version 6.3 from tinc.texi.
|
||||
This is tinc.info, produced by makeinfo version 6.4.90 from tinc.texi.
|
||||
|
||||
INFO-DIR-SECTION Networking tools
|
||||
START-INFO-DIR-ENTRY
|
||||
* tinc: (tinc). The tinc Manual.
|
||||
END-INFO-DIR-ENTRY
|
||||
|
||||
This is the info manual for tinc version 1.0.29, a Virtual Private
|
||||
This is the info manual for tinc version 1.0.31, a Virtual Private
|
||||
Network daemon.
|
||||
|
||||
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen
|
||||
|
@ -981,7 +981,7 @@ ProcessPriority = <low|normal|high>
|
|||
adjusted. Increasing the priority may help to reduce latency and
|
||||
packet loss on the VPN.
|
||||
|
||||
Proxy = socks4 | socks5 | http | exec ... [experimental]
|
||||
Proxy = socks4 | socks5 | http | exec ... [experimental]
|
||||
Use a proxy when making outgoing connections. The following proxy
|
||||
types are currently supported:
|
||||
|
||||
|
@ -2650,66 +2650,66 @@ Concept Index
|
|||
|
||||
|
||||
Tag Table:
|
||||
Node: Top806
|
||||
Node: Introduction1105
|
||||
Node: Virtual Private Networks1915
|
||||
Node: tinc3639
|
||||
Node: Supported platforms5166
|
||||
Node: Preparations5867
|
||||
Node: Configuring the kernel6123
|
||||
Node: Configuration of Linux kernels6533
|
||||
Node: Configuration of FreeBSD kernels7388
|
||||
Node: Configuration of OpenBSD kernels7853
|
||||
Node: Configuration of NetBSD kernels8210
|
||||
Node: Configuration of Solaris kernels8615
|
||||
Node: Configuration of Darwin (Mac OS X) kernels9278
|
||||
Node: Configuration of Windows10097
|
||||
Node: Libraries10637
|
||||
Node: LibreSSL/OpenSSL11046
|
||||
Node: zlib13588
|
||||
Node: lzo14620
|
||||
Node: Installation15603
|
||||
Node: Building and installing tinc16513
|
||||
Node: Darwin (Mac OS X) build environment17173
|
||||
Node: Cygwin (Windows) build environment17738
|
||||
Node: MinGW (Windows) build environment18327
|
||||
Node: System files18921
|
||||
Node: Device files19186
|
||||
Node: Other files19602
|
||||
Node: Configuration20215
|
||||
Node: Configuration introduction20526
|
||||
Node: Multiple networks21794
|
||||
Node: How connections work23220
|
||||
Node: Configuration files24442
|
||||
Node: Main configuration variables25936
|
||||
Node: Host configuration variables42193
|
||||
Node: Scripts47725
|
||||
Node: How to configure50991
|
||||
Node: Generating keypairs52249
|
||||
Node: Network interfaces52748
|
||||
Node: Example configuration54596
|
||||
Node: Running tinc59921
|
||||
Node: Runtime options60511
|
||||
Node: Signals63813
|
||||
Node: Debug levels65004
|
||||
Node: Solving problems65940
|
||||
Node: Error messages67492
|
||||
Node: Sending bug reports71501
|
||||
Node: Technical information72448
|
||||
Node: The connection72679
|
||||
Node: The UDP tunnel72991
|
||||
Node: The meta-connection76052
|
||||
Node: The meta-protocol77521
|
||||
Node: Security82538
|
||||
Node: Authentication protocol83680
|
||||
Node: Encryption of network packets88725
|
||||
Node: Security issues90101
|
||||
Node: Platform specific information91740
|
||||
Node: Interface configuration91968
|
||||
Node: Routes94439
|
||||
Node: About us96453
|
||||
Node: Contact information96628
|
||||
Node: Authors97031
|
||||
Node: Concept Index97436
|
||||
Node: Top809
|
||||
Node: Introduction1108
|
||||
Node: Virtual Private Networks1918
|
||||
Node: tinc3642
|
||||
Node: Supported platforms5169
|
||||
Node: Preparations5870
|
||||
Node: Configuring the kernel6126
|
||||
Node: Configuration of Linux kernels6536
|
||||
Node: Configuration of FreeBSD kernels7391
|
||||
Node: Configuration of OpenBSD kernels7856
|
||||
Node: Configuration of NetBSD kernels8213
|
||||
Node: Configuration of Solaris kernels8618
|
||||
Node: Configuration of Darwin (Mac OS X) kernels9281
|
||||
Node: Configuration of Windows10100
|
||||
Node: Libraries10640
|
||||
Node: LibreSSL/OpenSSL11049
|
||||
Node: zlib13591
|
||||
Node: lzo14623
|
||||
Node: Installation15606
|
||||
Node: Building and installing tinc16516
|
||||
Node: Darwin (Mac OS X) build environment17176
|
||||
Node: Cygwin (Windows) build environment17741
|
||||
Node: MinGW (Windows) build environment18330
|
||||
Node: System files18924
|
||||
Node: Device files19189
|
||||
Node: Other files19605
|
||||
Node: Configuration20218
|
||||
Node: Configuration introduction20529
|
||||
Node: Multiple networks21797
|
||||
Node: How connections work23223
|
||||
Node: Configuration files24445
|
||||
Node: Main configuration variables25939
|
||||
Node: Host configuration variables42195
|
||||
Node: Scripts47727
|
||||
Node: How to configure50993
|
||||
Node: Generating keypairs52251
|
||||
Node: Network interfaces52750
|
||||
Node: Example configuration54598
|
||||
Node: Running tinc59923
|
||||
Node: Runtime options60513
|
||||
Node: Signals63815
|
||||
Node: Debug levels65006
|
||||
Node: Solving problems65942
|
||||
Node: Error messages67494
|
||||
Node: Sending bug reports71503
|
||||
Node: Technical information72450
|
||||
Node: The connection72681
|
||||
Node: The UDP tunnel72993
|
||||
Node: The meta-connection76054
|
||||
Node: The meta-protocol77523
|
||||
Node: Security82540
|
||||
Node: Authentication protocol83682
|
||||
Node: Encryption of network packets88727
|
||||
Node: Security issues90103
|
||||
Node: Platform specific information91742
|
||||
Node: Interface configuration91970
|
||||
Node: Routes94441
|
||||
Node: About us96455
|
||||
Node: Contact information96630
|
||||
Node: Authors97033
|
||||
Node: Concept Index97438
|
||||
|
||||
End Tag Table
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2016 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2017 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2016 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2017 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
meta.c -- handle the meta communication
|
||||
Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
|
||||
|
@ -104,7 +104,7 @@ bool flush_meta(connection_t *c) {
|
|||
} else if(errno == EINTR) {
|
||||
continue;
|
||||
} else if(sockwouldblock(sockerrno)) {
|
||||
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
|
||||
ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
|
||||
c->outbuflen, c->name, c->hostname);
|
||||
return true;
|
||||
} else {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_setup.c -- Setup.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -660,9 +660,12 @@ static bool setup_myself(void) {
|
|||
/* We need to use a stream mode for the meta protocol. Use AES for this,
|
||||
but try to match the key size with the one from the cipher selected
|
||||
by Cipher.
|
||||
|
||||
If Cipher is set to none, still use a low level of encryption for the
|
||||
meta protocol.
|
||||
*/
|
||||
|
||||
int keylen = EVP_CIPHER_key_length(myself->incipher);
|
||||
int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0;
|
||||
if(keylen <= 16)
|
||||
myself->connection->outcipher = EVP_aes_128_cfb();
|
||||
else if(keylen <= 24)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_socket.c -- Handle various kinds of sockets.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2009 Florian Forster <octo@verplant.org>
|
||||
|
||||
|
@ -442,6 +442,7 @@ connect:
|
|||
if(!proxytype) {
|
||||
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
|
||||
} else if(proxytype == PROXY_EXEC) {
|
||||
c->status.proxy_passed = true;
|
||||
do_outgoing_pipe(c, proxyhost);
|
||||
} else {
|
||||
proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
|
||||
|
@ -471,6 +472,33 @@ connect:
|
|||
#endif
|
||||
|
||||
bind_to_interface(c->socket);
|
||||
|
||||
int b = -1;
|
||||
|
||||
for(int i = 0; i < listen_sockets; i++) {
|
||||
if(listen_socket[i].sa.sa.sa_family == c->address.sa.sa_family) {
|
||||
if(b == -1) {
|
||||
b = i;
|
||||
} else {
|
||||
b = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(b != -1) {
|
||||
sockaddr_t sa = listen_socket[b].sa;
|
||||
if(sa.sa.sa_family == AF_INET)
|
||||
sa.in.sin_port = 0;
|
||||
else if(sa.sa.sa_family == AF_INET6)
|
||||
sa.in6.sin6_port = 0;
|
||||
|
||||
if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
|
||||
char *addrstr = sockaddr2hostname(&sa);
|
||||
logger(LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
|
||||
free(addrstr);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Connect */
|
||||
|
@ -529,13 +557,20 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
|
|||
c->outcompression = myself->connection->outcompression;
|
||||
|
||||
init_configuration(&c->config_tree);
|
||||
read_connection_config(c);
|
||||
if(!read_connection_config(c)) {
|
||||
free_connection(c);
|
||||
outgoing->timeout = maxtimeout;
|
||||
retry_outgoing(outgoing);
|
||||
return;
|
||||
}
|
||||
|
||||
outgoing->cfg = lookup_config(c->config_tree, "Address");
|
||||
|
||||
if(!outgoing->cfg) {
|
||||
logger(LOG_ERR, "No address specified for %s", c->name);
|
||||
free_connection(c);
|
||||
outgoing->timeout = maxtimeout;
|
||||
retry_outgoing(outgoing);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
proxy.c -- Proxy handling functions.
|
||||
Copyright (C) 2015-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2015-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -174,7 +174,7 @@ bool send_proxyrequest(connection_t *c) {
|
|||
}
|
||||
|
||||
case PROXY_EXEC:
|
||||
return true;
|
||||
abort();
|
||||
|
||||
default:
|
||||
logger(LOG_ERR, "Unknown proxy type");
|
||||
|
|
15
src/route.c
15
src/route.c
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
route.c -- routing
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2015 Vittorio Gambaletta
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2015-2016 Vittorio Gambaletta
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -675,6 +675,9 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
|
|||
if(!do_decrement_ttl(source, packet))
|
||||
return;
|
||||
|
||||
if(priorityinheritance)
|
||||
packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
|
||||
|
||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||
|
||||
if(via == source) {
|
||||
|
@ -963,8 +966,12 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
|||
|
||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||
|
||||
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
|
||||
packet->priority = packet->data[15];
|
||||
if(priorityinheritance) {
|
||||
if(type == ETH_P_IP && packet->len >= ether_size + ip_size)
|
||||
packet->priority = packet->data[15];
|
||||
else if(type == ETH_P_IPV6 && packet->len >= ether_size + ip6_size)
|
||||
packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
|
||||
}
|
||||
|
||||
// Handle packets larger than PMTU
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
device.c -- Interaction with Solaris tun device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||
2001-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -24,6 +24,7 @@
|
|||
|
||||
#include <sys/stropts.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <stropts.h>
|
||||
|
||||
#include "../conf.h"
|
||||
#include "../device.h"
|
||||
|
@ -40,6 +41,7 @@
|
|||
|
||||
#define DEFAULT_TUN_DEVICE "/dev/tun"
|
||||
#define DEFAULT_TAP_DEVICE "/dev/tap"
|
||||
#define IP_DEVICE "/dev/udp"
|
||||
|
||||
static enum {
|
||||
DEVICE_TYPE_TUN,
|
||||
|
@ -85,10 +87,13 @@ static bool setup_device(void) {
|
|||
else
|
||||
device_info = "Solaris tap device";
|
||||
|
||||
if(device_type == DEVICE_TYPE_TAP && routing_mode == RMODE_ROUTER)
|
||||
overwrite_mac = true;
|
||||
|
||||
/* The following is black magic copied from OpenVPN. */
|
||||
|
||||
if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) {
|
||||
logger(LOG_ERR, "Could not open %s: %s\n", "/dev/ip", strerror(errno));
|
||||
if((ip_fd = open(IP_DEVICE, O_RDWR, 0)) < 0) {
|
||||
logger(LOG_ERR, "Could not open %s: %s\n", IP_DEVICE, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -205,7 +210,7 @@ static bool setup_device(void) {
|
|||
|
||||
/* Push arp module to ip_fd */
|
||||
if(ioctl(ip_fd, I_PUSH, "arp") < 0) {
|
||||
logger(LOG_ERR, "Could not push ARP module onto %s!", "/dev/ip");
|
||||
logger(LOG_ERR, "Could not push ARP module onto %s!", IP_DEVICE);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -297,11 +302,16 @@ static void close_device(void) {
|
|||
}
|
||||
|
||||
static bool read_packet(vpn_packet_t *packet) {
|
||||
int inlen;
|
||||
int result;
|
||||
struct strbuf sbuf;
|
||||
int f = 0;
|
||||
|
||||
switch(device_type) {
|
||||
case DEVICE_TYPE_TUN:
|
||||
if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) {
|
||||
sbuf.maxlen = MTU - 14;
|
||||
sbuf.buf = (char *)packet->data + 14;
|
||||
|
||||
if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
|
||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
@ -321,16 +331,19 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
}
|
||||
|
||||
memset(packet->data, 0, 12);
|
||||
packet->len = inlen + 14;
|
||||
packet->len = sbuf.len + 14;
|
||||
break;
|
||||
|
||||
case DEVICE_TYPE_TAP:
|
||||
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
|
||||
sbuf.maxlen = MTU;
|
||||
sbuf.buf = (char *)packet->data;
|
||||
|
||||
if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
|
||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
packet->len = inlen + 14;
|
||||
packet->len = sbuf.len;
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -347,16 +360,24 @@ static bool read_packet(vpn_packet_t *packet) {
|
|||
static bool write_packet(vpn_packet_t *packet) {
|
||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info);
|
||||
|
||||
struct strbuf sbuf;
|
||||
|
||||
switch(device_type) {
|
||||
case DEVICE_TYPE_TUN:
|
||||
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||
sbuf.len = packet->len - 14;
|
||||
sbuf.buf = (char *)packet->data + 14;
|
||||
|
||||
if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
|
||||
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
|
||||
case DEVICE_TYPE_TAP:
|
||||
if(write(device_fd, packet->data, packet->len) < 0) {
|
||||
sbuf.len = packet->len;
|
||||
sbuf.buf = (char *)packet->data;
|
||||
|
||||
if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
|
||||
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue