Import Debian changes 1.0.32-1

tinc (1.0.32-1) unstable; urgency=medium

  * New upstream release.
  * Add a note to new nets.boot files that it is not used with systemd.
    Closes: #841052
  * In the post-down script, read the pid file only once. Closes: #832784
  * Explicitly use /bin/sleep from coreutils. Closes: #772379
  * Bump Standards-Version.
This commit is contained in:
Guus Sliepen 2017-09-05 20:23:36 +02:00
commit ac78971aab
32 changed files with 446 additions and 571 deletions

View file

@ -1,3 +1,24 @@
Version 1.0.32 September 02 2017
------------------------------------------------------------------------
Guus Sliepen (13):
Don't dereference myself->incipher if it's NULL.
Merge remote-tracking branch 'VittGam/master'
Use /dev/udp instead of /dev/ip on Solaris.
Use getmsg()/putmsg() instead of read()/write() on Solaris.
Fix Solaris DeviceType = tap in router Mode.
Bind outgoing TCP sockets.
Move logging of "would block" messages to debug level 4.
Set KillMode=mixed in the systemd service file.
Don't forget about outgoing connections on host file read errors.
Fix Proxy = exec.
Set status.proxy_passed early for Proxy = exec.
Don't try to bind Proxy = exec sockets to an address.
Releasing 1.0.32.
Vittorio Gambaletta (VittGam) (1):
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Version 1.0.31 January 15 2017 Version 1.0.31 January 15 2017
------------------------------------------------------------------------ ------------------------------------------------------------------------
@ -162,20 +183,7 @@ VittGam (1):
Version 1.0.24 May 11 2014 Version 1.0.24 May 11 2014
------------------------------------------------------------------------ ------------------------------------------------------------------------
Guus Sliepen (26): Guus Sliepen (13):
Mention in the manual that multiple Address staments are allowed.
If no Port is specified, set myport to actual port of first listening socket.
Enable compiler hardening flags by default.
Update support for Solaris.
Include <limits.h> for PATH_MAX.
Stricter check for raw socket support.
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
Don't enable -fstack-protector-all.
Remove or lower the priority of some debug messages.
Clarify StrictSubnets.
Attribution for various contributors.
Handle errors from TAP-Win32/64 adapter in a better way.
Remove useless variable 'hard' from try_harder(). Remove useless variable 'hard' from try_harder().
Merge pull request #14 from luckyhacky/master Merge pull request #14 from luckyhacky/master
Add an autoconf check for res_init(). Add an autoconf check for res_init().
@ -195,22 +203,40 @@ Steffan Karger (3):
Use cryptographically strong random when generating keys. Use cryptographically strong random when generating keys.
Check RAND_bytes() return value, fail when getting random fails. Check RAND_bytes() return value, fail when getting random fails.
Florent Clairambault (2):
Adding "conf.d" configuration dir support.
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
Armin Fisslthaler (1): Armin Fisslthaler (1):
reload /etc/resolv.conf in SIGALRM handler reload /etc/resolv.conf in SIGALRM handler
Loic Dachary (1): Loic Dachary (1):
fix documentation typo fix documentation typo
Vilbrekin (1):
Update android build instructions. Disable PIE as this is not supported on some devices.
luckyhacky (1): luckyhacky (1):
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
refs/tags/1.0.23-android-1 March 11 2014
------------------------------------------------------------------------
Guus Sliepen (13):
Mention in the manual that multiple Address staments are allowed.
If no Port is specified, set myport to actual port of first listening socket.
Enable compiler hardening flags by default.
Update support for Solaris.
Include <limits.h> for PATH_MAX.
Stricter check for raw socket support.
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
Don't enable -fstack-protector-all.
Remove or lower the priority of some debug messages.
Clarify StrictSubnets.
Attribution for various contributors.
Handle errors from TAP-Win32/64 adapter in a better way.
Florent Clairambault (2):
Adding "conf.d" configuration dir support.
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
Vilbrekin (1):
Update android build instructions. Disable PIE as this is not supported on some devices.
Version 1.0.23 October 19 2013 Version 1.0.23 October 19 2013
------------------------------------------------------------------------ ------------------------------------------------------------------------

316
INSTALL
View file

@ -1,8 +1,8 @@
Installation Instructions Installation Instructions
************************* *************************
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
Inc. Foundation, Inc.
Copying and distribution of this file, with or without modification, Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright are permitted in any medium without royalty provided the copyright
@ -12,97 +12,96 @@ without warranty of any kind.
Basic Installation Basic Installation
================== ==================
Briefly, the shell command `./configure && make && make install' Briefly, the shell command './configure && make && make install'
should configure, build, and install this package. The following should configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for more-detailed instructions are generic; see the 'README' file for
instructions specific to this package. Some packages provide this instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented 'INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions. in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for The 'configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package. those values to create a 'Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent It may also create one or more '.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that definitions. Finally, it creates a shell script 'config.status' that
you can run in the future to recreate the current configuration, and a you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for file 'config.log' containing compiler output (useful mainly for
debugging `configure'). debugging 'configure').
It can also use an optional file (typically called `config.cache' It can also use an optional file (typically called 'config.cache' and
and enabled with `--cache-file=config.cache' or simply `-C') that saves enabled with '--cache-file=config.cache' or simply '-C') that saves the
the results of its tests to speed up reconfiguring. Caching is results of its tests to speed up reconfiguring. Caching is disabled by
disabled by default to prevent problems with accidental use of stale default to prevent problems with accidental use of stale cache files.
cache files.
If you need to do unusual things to compile the package, please try If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail to figure out how 'configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can diffs or instructions to the address given in the 'README' so they can
be considered for the next release. If you are using the cache, and at be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you some point 'config.cache' contains results you don't want to keep, you
may remove or edit it. may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create The file 'configure.ac' (or 'configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if 'configure' by a program called 'autoconf'. You need 'configure.ac' if
you want to change it or regenerate `configure' using a newer version you want to change it or regenerate 'configure' using a newer version of
of `autoconf'. 'autoconf'.
The simplest way to compile this package is: The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type 1. 'cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. './configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints Running 'configure' might take a while. While running, it prints
some messages telling which features it is checking for. some messages telling which features it is checking for.
2. Type `make' to compile the package. 2. Type 'make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with 3. Optionally, type 'make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries. the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and 4. Type 'make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root user, and only the 'make install' phase executed with root
privileges. privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but 5. Optionally, type 'make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location. this time using the binaries in their final installed location.
This target does not install anything. Running this target as a This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required regular user, particularly if the prior 'make install' required
root privileges, verifies that the installation completed root privileges, verifies that the installation completed
correctly. correctly.
6. You can remove the program binaries and object files from the 6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the source code directory by typing 'make clean'. To also remove the
files that `configure' created (so you can compile the package for files that 'configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is a different kind of computer), type 'make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly also a 'make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came all sorts of other programs in order to regenerate files that came
with the distribution. with the distribution.
7. Often, you can also type `make uninstall' to remove the installed 7. Often, you can also type 'make uninstall' to remove the installed
files again. In practice, not all packages have tested that files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the uninstallation works correctly, even though it is required by the
GNU Coding Standards. GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make 8. Some packages, particularly those that use Automake, provide 'make
distcheck', which can by used by developers to test that all other distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly. targets like 'make install' and 'make uninstall' work correctly.
This target is generally not run by end users. This target is generally not run by end users.
Compilers and Options Compilers and Options
===================== =====================
Some systems require unusual options for compilation or linking that Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help' the 'configure' script does not know about. Run './configure --help'
for details on some of the pertinent environment variables. for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters You can give 'configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here by setting variables in the command line or in the environment. Here is
is an example: an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix ./configure CC=c99 CFLAGS=-g LIBS=-lposix
@ -113,21 +112,21 @@ Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the own directory. To do this, you can use GNU 'make'. 'cd' to the
directory where you want the object files and executables to go and run directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the the 'configure' script. 'configure' automatically checks for the source
source code in the directory that `configure' is in and in `..'. This code in the directory that 'configure' is in and in '..'. This is known
is known as a "VPATH" build. as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one With a non-GNU 'make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before installed the package for one architecture, use 'make distclean' before
reconfiguring for another architecture. reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the "universal" binaries--by specifying multiple '-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like compiler but only a single '-arch' option to the preprocessor. Like
this: this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
@ -136,105 +135,104 @@ this:
This is not guaranteed to produce working output in all cases, you This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems. using the 'lipo' tool if you have problems.
Installation Names Installation Names
================== ==================
By default, `make install' installs the package's commands under By default, 'make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You '/usr/local/bin', include files under '/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving can specify an installation prefix other than '/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an 'configure' the option '--prefix=PREFIX', where PREFIX must be an
absolute file name. absolute file name.
You can specify separate installation prefixes for You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
PREFIX as the prefix for installing programs and libraries. PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix. Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular options like '--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories kinds of files. Run 'configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the you can set and what kinds of files go in them. In general, the default
default for these options is expressed in terms of `${prefix}', so that for these options is expressed in terms of '${prefix}', so that
specifying just `--prefix' will affect all of the other directory specifying just '--prefix' will affect all of the other directory
specifications that were not explicitly provided. specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or correct locations to 'configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without 'make install' command line to change installation locations without
having to reconfigure or recompile. having to reconfigure or recompile.
The first method involves providing an override variable for each The first method involves providing an override variable for each
affected directory. For example, `make install affected directory. For example, 'make install
prefix=/alternate/directory' will choose an alternate location for all prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure', '${prefix}'. Any directories that were specified during 'configure',
but not in terms of `${prefix}', must each be overridden at install but not in terms of '${prefix}', must each be overridden at install time
time for the entire installation to be relocated. The approach of for the entire installation to be relocated. The approach of makefile
makefile variable overrides for each directory variable is required by variable overrides for each directory variable is required by the GNU
the GNU Coding Standards, and ideally causes no recompilation. Coding Standards, and ideally causes no recompilation. However, some
However, some platforms have known limitations with the semantics of platforms have known limitations with the semantics of shared libraries
shared libraries that end up requiring recompilation when using this that end up requiring recompilation when using this method, particularly
method, particularly noticeable in packages that use GNU Libtool. noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For The second method involves providing the 'DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend example, 'make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of '/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and 'DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand, does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}' when some directory options were not specified in terms of '${prefix}'
at `configure' time. at 'configure' time.
Optional Features Optional Features
================= =================
If the package supports it, you can cause programs to be installed If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the with an extra prefix or suffix on their names by giving 'configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to Some packages pay attention to '--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package. 'configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE They may also pay attention to '--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The is something like 'gnu-as' or 'x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the 'README' should mention any '--enable-' and '--with-' options that the
package recognizes. package recognizes.
For packages that use the X Window System, `configure' can usually For packages that use the X Window System, 'configure' can usually
find the X include and library files automatically, but if it doesn't, find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and you can use the 'configure' options '--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations. '--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure execution of 'make' will be. For these packages, running './configure
--enable-silent-rules' sets the default to minimal output, which can be --enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure overridden with 'make V=1'; while running './configure
--disable-silent-rules' sets the default to verbose, which can be --disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'. overridden with 'make V=0'.
Particular systems Particular systems
================== ==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
CC is not installed, it is recommended to use the following options in is not installed, it is recommended to use the following options in
order to use an ANSI C compiler: order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500" ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX. and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as HP-UX 'make' updates targets which have the same time stamps as their
their prerequisites, which makes it generally unusable when shipped prerequisites, which makes it generally unusable when shipped generated
generated files such as `configure' are involved. Use GNU `make' files such as 'configure' are involved. Use GNU 'make' instead.
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
a workaround. If GNU CC is not installed, it is therefore recommended workaround. If GNU CC is not installed, it is therefore recommended to
to try try
./configure CC="cc" ./configure CC="cc"
@ -242,26 +240,26 @@ and if that doesn't work, try
./configure CC="cc -nodtk" ./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
directory contains several dysfunctional programs; working variants of directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb' these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'. in your 'PATH', put it _after_ '/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common', On Haiku, software installed for all users goes in '/boot/common',
not `/usr/local'. It is recommended to use the following options: not '/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common ./configure --prefix=/boot/common
Specifying the System Type Specifying the System Type
========================== ==========================
There may be some features `configure' cannot figure out There may be some features 'configure' cannot figure out
automatically, but needs to determine by the type of machine the package automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints _same_ architectures, 'configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system '--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form: type, such as 'sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM CPU-COMPANY-SYSTEM
@ -270,101 +268,101 @@ where SYSTEM can have one of these forms:
OS OS
KERNEL-OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If See the file 'config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't 'config.sub' isn't included in this package, then this package doesn't
need to know the machine type. need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will use the option '--target=TYPE' to select the type of system they will
produce code for. produce code for.
If you want to _use_ a cross compiler, that generates code for a If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will "host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'. eventually be run) with '--host=TYPE'.
Sharing Defaults Sharing Defaults
================ ================
If you want to set default values for `configure' scripts to share, If you want to set default values for 'configure' scripts to share,
you can create a site shell script called `config.site' that gives you can create a site shell script called 'config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'. default values for variables like 'CC', 'cache_file', and 'prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then 'configure' looks for 'PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the 'PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script. 'CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script. A warning: not all 'configure' scripts look for a site script.
Defining Variables Defining Variables
================== ==================
Variables not defined in a site shell script can be set in the Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run environment passed to 'configure'. However, some packages may run
configure again during the build, and the customized values of these configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example: them in the 'configure' command line, using 'VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc ./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is causes the specified 'gcc' to be used as the C compiler (unless it is
overridden in the site shell script). overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
an Autoconf limitation. Until the limitation is lifted, you can use Autoconf limitation. Until the limitation is lifted, you can use this
this workaround: workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation 'configure' Invocation
====================== ======================
`configure' recognizes the following options to control how it 'configure' recognizes the following options to control how it
operates. operates.
`--help' '--help'
`-h' '-h'
Print a summary of all of the options to `configure', and exit. Print a summary of all of the options to 'configure', and exit.
`--help=short' '--help=short'
`--help=recursive' '--help=recursive'
Print a summary of the options unique to this package's Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used 'configure', and exit. The 'short' variant lists options used only
only in the top level, while the `recursive' variant lists options in the top level, while the 'recursive' variant lists options also
also present in any nested packages. present in any nested packages.
`--version' '--version'
`-V' '-V'
Print the version of Autoconf used to generate the `configure' Print the version of Autoconf used to generate the 'configure'
script, and exit. script, and exit.
`--cache-file=FILE' '--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE, Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to traditionally 'config.cache'. FILE defaults to '/dev/null' to
disable caching. disable caching.
`--config-cache' '--config-cache'
`-C' '-C'
Alias for `--cache-file=config.cache'. Alias for '--cache-file=config.cache'.
`--quiet' '--quiet'
`--silent' '--silent'
`-q' '-q'
Do not print messages saying which checks are being made. To Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error suppress all normal output, redirect it to '/dev/null' (any error
messages will still be shown). messages will still be shown).
`--srcdir=DIR' '--srcdir=DIR'
Look for the package's source code in directory DIR. Usually Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically. 'configure' can determine that directory automatically.
`--prefix=DIR' '--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names:: Use DIR as the installation prefix. *note Installation Names:: for
for more details, including other options available for fine-tuning more details, including other options available for fine-tuning the
the installation locations. installation locations.
`--no-create' '--no-create'
`-n' '-n'
Run the configure checks, but stop before creating any output Run the configure checks, but stop before creating any output
files. files.
`configure' also accepts some other, not widely useful, options. Run 'configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details. 'configure --help' for more details.

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -544,7 +544,7 @@ distdir: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)" || chmod -R a+r "$(distdir)"
dist-gzip: distdir dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
$(am__post_remove_distdir) $(am__post_remove_distdir)
dist-bzip2: distdir dist-bzip2: distdir
@ -570,7 +570,7 @@ dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \ @echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2 "deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir) $(am__post_remove_distdir)
dist-zip: distdir dist-zip: distdir
@ -588,7 +588,7 @@ dist dist-all:
distcheck: dist distcheck: dist
case '$(DIST_ARCHIVES)' in \ case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \ *.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \ *.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \ *.tar.lz*) \
@ -598,7 +598,7 @@ distcheck: dist
*.tar.Z*) \ *.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \ *.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \ *.zip*) \
unzip $(distdir).zip ;;\ unzip $(distdir).zip ;;\
esac esac

10
NEWS
View file

@ -1,3 +1,13 @@
Version 1.0.32 September 2 2017
* Fix segmentation fault when using Cipher = none.
* Fix Proxy = exec.
* Support PriorityInheritance for IPv6 packets.
* Fixes for Solaris tun/tap support.
* Bind outgoing TCP sockets when ListenAddress is used.
Thanks to Vittorio Gambaletta for his contribution to this version of tinc.
Version 1.0.31 January 15 2017 Version 1.0.31 January 15 2017
* Remove ExecStop in tinc@.service. * Remove ExecStop in tinc@.service.

2
README
View file

@ -1,4 +1,4 @@
This is the README file for tinc version 1.0.31. Installation This is the README file for tinc version 1.0.32. Installation
instructions may be found in the INSTALL file. instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2017 by: tinc is Copyright (C) 1998-2017 by:

2
THANKS
View file

@ -22,9 +22,11 @@ We would like to thank the following people for their contributions to tinc:
* Flynn Marquardt * Flynn Marquardt
* Gary Kessler and Claudia Gonzalez * Gary Kessler and Claudia Gonzalez
* Grzegorz Dymarek * Grzegorz Dymarek
* Gusariev Oleksandr
* Hans Bayle * Hans Bayle
* Harvest * Harvest
* Ivo van Dong * Ivo van Dong
* Ivo Smits
* James Cook * James Cook
* James MacLean * James MacLean
* Jamie Briggs * Jamie Briggs

46
aclocal.m4 vendored
View file

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*- # generated automatically by aclocal 1.15.1 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Copyright (C) 1996-2017 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -296,7 +296,7 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR ])dnl PKG_CHECK_VAR
# Copyright (C) 2002-2014 Free Software Foundation, Inc. # Copyright (C) 2002-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -311,7 +311,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.15' [am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro. dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.15], [], m4_if([$1], [1.15.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
]) ])
@ -327,14 +327,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.15])dnl [AM_AUTOMAKE_VERSION([1.15.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION], m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*- # AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc. # Copyright (C) 2001-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -386,7 +386,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*- # AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc. # Copyright (C) 1997-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -417,7 +417,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]]) Usually this means the macro was only invoked conditionally.]])
fi])]) fi])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Copyright (C) 1999-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -608,7 +608,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*- # Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Copyright (C) 1999-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -684,7 +684,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*- # Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Copyright (C) 1996-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -881,7 +881,7 @@ for _am_header in $config_headers :; do
done done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2014 Free Software Foundation, Inc. # Copyright (C) 2001-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -902,7 +902,7 @@ if test x"${install_sh+set}" != xset; then
fi fi
AC_SUBST([install_sh])]) AC_SUBST([install_sh])])
# Copyright (C) 2003-2014 Free Software Foundation, Inc. # Copyright (C) 2003-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -924,7 +924,7 @@ AC_SUBST([am__leading_dot])])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering # From Jim Meyering
# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Copyright (C) 1996-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -959,7 +959,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
# Check to see how 'make' treats includes. -*- Autoconf -*- # Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc. # Copyright (C) 2001-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1009,7 +1009,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc. # Copyright (C) 1997-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1048,7 +1048,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*- # Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc. # Copyright (C) 2001-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1077,7 +1077,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION], AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Copyright (C) 1999-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1124,7 +1124,7 @@ AC_LANG_POP([C])])
# For backward compatibility. # For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2014 Free Software Foundation, Inc. # Copyright (C) 2001-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1143,7 +1143,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*- # Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Copyright (C) 1996-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1224,7 +1224,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file rm -f conftest.file
]) ])
# Copyright (C) 2009-2014 Free Software Foundation, Inc. # Copyright (C) 2009-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1284,7 +1284,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
]) ])
# Copyright (C) 2001-2014 Free Software Foundation, Inc. # Copyright (C) 2001-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1312,7 +1312,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])]) AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2014 Free Software Foundation, Inc. # Copyright (C) 2006-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -1331,7 +1331,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*- # Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2014 Free Software Foundation, Inc. # Copyright (C) 2004-2017 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,

20
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for tinc 1.0.31. # Generated by GNU Autoconf 2.69 for tinc 1.0.32.
# #
# #
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -577,8 +577,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='tinc' PACKAGE_NAME='tinc'
PACKAGE_TARNAME='tinc' PACKAGE_TARNAME='tinc'
PACKAGE_VERSION='1.0.31' PACKAGE_VERSION='1.0.32'
PACKAGE_STRING='tinc 1.0.31' PACKAGE_STRING='tinc 1.0.32'
PACKAGE_BUGREPORT='' PACKAGE_BUGREPORT=''
PACKAGE_URL='' PACKAGE_URL=''
@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures tinc 1.0.31 to adapt to many kinds of systems. \`configure' configures tinc 1.0.32 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1402,7 +1402,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of tinc 1.0.31:";; short | recursive ) echo "Configuration of tinc 1.0.32:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
@ -1528,7 +1528,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
tinc configure 1.0.31 tinc configure 1.0.32
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by tinc $as_me 1.0.31, which was It was created by tinc $as_me 1.0.32, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
@ -2857,7 +2857,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE='tinc' PACKAGE='tinc'
VERSION='1.0.31' VERSION='1.0.32'
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
@ -7807,7 +7807,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by tinc $as_me 1.0.31, which was This file was extended by tinc $as_me 1.0.32, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
@ -7873,7 +7873,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
tinc config.status 1.0.31 tinc config.status 1.0.32
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"

View file

@ -1,7 +1,7 @@
dnl Process this file with autoconf to produce a configure script. dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61) AC_PREREQ(2.61)
AC_INIT([tinc], [1.0.31]) AC_INIT([tinc], [1.0.32])
AC_CONFIG_SRCDIR([src/tincd.c]) AC_CONFIG_SRCDIR([src/tincd.c])
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall]) AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
AC_CONFIG_HEADERS([config.h]) AC_CONFIG_HEADERS([config.h])

12
debian/changelog vendored
View file

@ -1,9 +1,13 @@
tinc (1.0.31-1+deb9u1) stretch-security; urgency=high tinc (1.0.32-1) unstable; urgency=medium
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * New upstream release.
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). * Add a note to new nets.boot files that it is not used with systemd.
Closes: #841052
* In the post-down script, read the pid file only once. Closes: #832784
* Explicitly use /bin/sleep from coreutils. Closes: #772379
* Bump Standards-Version.
-- Guus Sliepen <guus@debian.org> Sat, 22 Sep 2018 17:35:50 +0200 -- Guus Sliepen <guus@debian.org> Tue, 05 Sep 2017 20:23:36 +0200
tinc (1.0.31-1) unstable; urgency=medium tinc (1.0.31-1) unstable; urgency=medium

2
debian/control vendored
View file

@ -2,7 +2,7 @@ Source: tinc
Section: net Section: net
Priority: optional Priority: optional
Maintainer: Guus Sliepen <guus@debian.org> Maintainer: Guus Sliepen <guus@debian.org>
Standards-Version: 3.9.8 Standards-Version: 4.0.0
Build-Depends: libssl-dev, debhelper (>= 10), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd Build-Depends: libssl-dev, debhelper (>= 10), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd
Homepage: http://www.tinc-vpn.org/ Homepage: http://www.tinc-vpn.org/

View file

@ -1,234 +0,0 @@
--- a/src/connection.h
+++ b/src/connection.h
@@ -42,7 +42,8 @@
unsigned int decryptin:1; /* 1 if we have to decrypt incoming traffic */
unsigned int mst:1; /* 1 if this connection is part of a minimum spanning tree */
unsigned int proxy_passed:1; /* 1 if we are connecting via a proxy and we have finished talking with it */
- unsigned int unused:22;
+ unsigned int tarpit:1; /* 1 if the connection should be added to the tarpit */
+ unsigned int unused:21;
} connection_status_t;
#include "edge.h"
--- a/src/net.c
+++ b/src/net.c
@@ -158,6 +158,22 @@
return max;
}
+/* Put a misbehaving connection in the tarpit */
+void tarpit(int fd) {
+ static int pits[10] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
+ static int next_pit = 0;
+
+ if(pits[next_pit] != -1) {
+ closesocket(pits[next_pit]);
+ }
+
+ pits[next_pit++] = fd;
+
+ if(next_pit >= sizeof pits / sizeof pits[0]) {
+ next_pit = 0;
+ }
+}
+
/*
Terminate a connection:
- Close the socket
@@ -178,8 +194,13 @@
if(c->node)
c->node->connection = NULL;
- if(c->socket)
- closesocket(c->socket);
+ if(c->socket) {
+ if(c->status.tarpit) {
+ tarpit(c->socket);
+ } else {
+ closesocket(c->socket);
+ }
+ }
if(c->edge) {
if(!c->node) {
@@ -266,6 +287,7 @@
closesocket(c->socket);
do_outgoing_connection(c);
} else {
+ c->status.tarpit = true;
terminate_connection(c, false);
}
}
@@ -345,6 +367,7 @@
if(FD_ISSET(c->socket, readset)) {
if(!receive_meta(c)) {
+ c->status.tarpit = true;
terminate_connection(c, c->status.active);
continue;
}
--- a/src/net.h
+++ b/src/net.h
@@ -150,6 +150,7 @@
extern bool read_rsa_public_key(struct connection_t *);
extern void send_mtu_probe(struct node_t *);
extern void load_all_subnets(void);
+extern void tarpit(int fd);
#ifndef HAVE_MINGW
#define closesocket(s) close(s)
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -552,6 +552,9 @@
new connection
*/
bool handle_new_meta_connection(int sock) {
+ static const int max_accept_burst = 10;
+ static int last_accept_burst;
+ static int last_accept_time;
connection_t *c;
sockaddr_t sa;
int fd;
@@ -564,6 +567,22 @@
return false;
}
+ if(last_accept_time == now) {
+ last_accept_burst++;
+
+ if(last_accept_burst >= max_accept_burst) {
+ if(last_accept_burst == max_accept_burst) {
+ ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections");
+ }
+
+ tarpit(fd);
+ return false;
+ }
+ } else {
+ last_accept_burst = 0;
+ last_accept_time = now;
+ }
+
sockaddrunmap(&sa);
c = new_connection();
@@ -585,7 +604,6 @@
connection_add(c);
c->allow_request = ID;
- send_id(c);
return true;
}
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -59,7 +59,7 @@
/* Check if identity is a valid name */
- if(!check_id(name)) {
+ if(!check_id(name) || !strcmp(name, myself->name)) {
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ID", c->name,
c->hostname, "invalid name");
return false;
@@ -91,6 +91,11 @@
if(!c->config_tree)
init_configuration(&c->config_tree);
c->allow_request = ACK;
+
+ if(!c->outgoing) {
+ send_id(c);
+ }
+
return send_ack(c);
}
@@ -110,6 +115,10 @@
c->allow_request = METAKEY;
+ if(!c->outgoing) {
+ send_id(c);
+ }
+
return send_metakey(c);
}
@@ -292,7 +301,8 @@
c->inbudget = byte_budget(c->incipher);
c->status.decryptin = true;
} else {
- c->incipher = NULL;
+ logger(LOG_ERR, "%s (%s) uses null cipher!", c->name, c->hostname);
+ return false;
}
c->inmaclength = maclength;
@@ -310,7 +320,8 @@
return false;
}
} else {
- c->indigest = NULL;
+ logger(LOG_ERR, "%s (%s) uses null digest!", c->name, c->hostname);
+ return false;
}
c->incompression = compression;
@@ -384,7 +395,11 @@
/* Rest is done by send_chal_reply() */
- return send_chal_reply(c);
+ if(c->outgoing) {
+ return send_chal_reply(c);
+ } else {
+ return true;
+ }
}
bool send_chal_reply(connection_t *c) {
@@ -482,6 +497,10 @@
c->allow_request = ACK;
+ if(!c->outgoing) {
+ send_chal_reply(c);
+ }
+
return send_ack(c);
}
--- a/src/protocol_edge.c
+++ b/src/protocol_edge.c
@@ -70,7 +70,7 @@
/* Check if names are valid */
- if(!check_id(from_name) || !check_id(to_name)) {
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ADD_EDGE", c->name,
c->hostname, "invalid name");
return false;
@@ -192,7 +192,7 @@
/* Check if names are valid */
- if(!check_id(from_name) || !check_id(to_name)) {
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "DEL_EDGE", c->name,
c->hostname, "invalid name");
return false;
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -274,6 +274,11 @@
return true;
}
} else {
+ if(from->outkeylength != 1) {
+ logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+ return true;
+ }
+
from->outcipher = NULL;
}

View file

@ -1 +0,0 @@
security-fixes

3
debian/postinst vendored
View file

@ -14,7 +14,8 @@ case "$1" in
fi; fi fi; fi
if [ ! -e $NETSFILE ] ; then if [ ! -e $NETSFILE ] ; then
echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE echo "## This file contains all names of the networks to be started on system startup when using sysvinit." > $NETSFILE
echo "## If you are using systemd, use systemctl enable tinc@netname to enable individual networks." >> $NETSFILE
fi fi
;; ;;

View file

@ -17,13 +17,15 @@ fi
# Stop the tinc daemon # Stop the tinc daemon
read pid rest < $IF_TINC_PIDFILE 2>/dev/null
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA /usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
# Wait for it to shut down properly # Wait for it to shut down properly
sleep 0.1 /bin/sleep 0.1
i=0; i=0;
while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do while [ -f $IF_TINC_PIDFILE ] ; do
if [ ! -e "/proc/$pid" ] ; then if [ ! -e "/proc/$pid" ] ; then
exit 0 exit 0
fi fi
@ -32,7 +34,7 @@ while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
echo 'Failed to stop tinc daemon!' echo 'Failed to stop tinc daemon!'
exit 1 exit 1
fi fi
sleep 0.1 /bin/sleep 0.1
i=$(($i+1)) i=$(($i+1))
done done

View file

@ -43,14 +43,14 @@ test -n "$LIMITS" && setlimits $LIMITS
# Wait for it to come up properly # Wait for it to come up properly
sleep 0.1 /bin/sleep 0.1
i=0; i=0;
while [ ! -f $IF_TINC_PIDFILE ] ; do while [ ! -f $IF_TINC_PIDFILE ] ; do
if [ $i = '30' ] ; then if [ $i = '30' ] ; then
echo 'Failed to start tinc daemon!' echo 'Failed to start tinc daemon!'
exit 1 exit 1
fi fi
sleep 0.1 /bin/sleep 0.1
i=$(($i+1)) i=$(($i+1))
done done
@ -63,7 +63,7 @@ while read pid rest < $IF_TINC_PIDFILE ; do
echo 'Failed to start tinc daemon!' echo 'Failed to start tinc daemon!'
exit 1 exit 1
fi fi
sleep 0.1 /bin/sleep 0.1
i=$(($i+1)) i=$(($i+1))
done done

6
debian/tinc.init vendored
View file

@ -82,7 +82,7 @@ stop() {
$DAEMON -n $1 -k || return $DAEMON -n $1 -k || return
i=0; i=0;
sleep 0.5 /bin/sleep 0.5
# Wait for the pidfile to disappear # Wait for the pidfile to disappear
while [ -f /var/run/tinc.$1.pid ]; do while [ -f /var/run/tinc.$1.pid ]; do
@ -91,14 +91,14 @@ stop() {
if [ $i = '10' ] ; then if [ $i = '10' ] ; then
# It's still alive, kill it again and give up # It's still alive, kill it again and give up
$DAEMON -n $1 -k && sleep 0.5 $DAEMON -n $1 -k && /bin/sleep 0.5
break break
else else
echo -n "." echo -n "."
i=$(($i+1)) i=$(($i+1))
fi fi
sleep 0.5 /bin/sleep 0.5
done done
} }

View file

@ -1,9 +1,9 @@
#! /bin/sh #! /bin/sh
# depcomp - compile a program generating dependencies as side-effects # depcomp - compile a program generating dependencies as side-effects
scriptversion=2013-05-30.07; # UTC scriptversion=2016-01-11.22; # UTC
# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Copyright (C) 1999-2017 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -786,6 +786,6 @@ exit 0
# eval: (add-hook 'write-file-hooks 'time-stamp) # eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion=" # time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC" # time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC" # time-stamp-end: "; # UTC"
# End: # End:

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,

View file

@ -8,6 +8,7 @@ Type=simple
WorkingDirectory=/etc/tinc/%i WorkingDirectory=/etc/tinc/%i
ExecStart=/usr/sbin/tincd -n %i -D ExecStart=/usr/sbin/tincd -n %i -D
ExecReload=/usr/sbin/tincd -n %i -kHUP ExecReload=/usr/sbin/tincd -n %i -kHUP
KillMode=mixed
TimeoutStopSec=5 TimeoutStopSec=5
Restart=always Restart=always
RestartSec=60 RestartSec=60

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,

Binary file not shown.

View file

@ -1,11 +1,11 @@
This is tinc.info, produced by makeinfo version 6.3 from tinc.texi. This is tinc.info, produced by makeinfo version 6.4.90 from tinc.texi.
INFO-DIR-SECTION Networking tools INFO-DIR-SECTION Networking tools
START-INFO-DIR-ENTRY START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual. * tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.29, a Virtual Private This is the info manual for tinc version 1.0.31, a Virtual Private
Network daemon. Network daemon.
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen
@ -981,7 +981,7 @@ ProcessPriority = <low|normal|high>
adjusted. Increasing the priority may help to reduce latency and adjusted. Increasing the priority may help to reduce latency and
packet loss on the VPN. packet loss on the VPN.
Proxy = socks4 | socks5 | http | exec ... [experimental] Proxy = socks4 | socks5 | http | exec ... [experimental]
Use a proxy when making outgoing connections. The following proxy Use a proxy when making outgoing connections. The following proxy
types are currently supported: types are currently supported:
@ -2650,66 +2650,66 @@ Concept Index
 
Tag Table: Tag Table:
Node: Top806 Node: Top809
Node: Introduction1105 Node: Introduction1108
Node: Virtual Private Networks1915 Node: Virtual Private Networks1918
Node: tinc3639 Node: tinc3642
Node: Supported platforms5166 Node: Supported platforms5169
Node: Preparations5867 Node: Preparations5870
Node: Configuring the kernel6123 Node: Configuring the kernel6126
Node: Configuration of Linux kernels6533 Node: Configuration of Linux kernels6536
Node: Configuration of FreeBSD kernels7388 Node: Configuration of FreeBSD kernels7391
Node: Configuration of OpenBSD kernels7853 Node: Configuration of OpenBSD kernels7856
Node: Configuration of NetBSD kernels8210 Node: Configuration of NetBSD kernels8213
Node: Configuration of Solaris kernels8615 Node: Configuration of Solaris kernels8618
Node: Configuration of Darwin (Mac OS X) kernels9278 Node: Configuration of Darwin (Mac OS X) kernels9281
Node: Configuration of Windows10097 Node: Configuration of Windows10100
Node: Libraries10637 Node: Libraries10640
Node: LibreSSL/OpenSSL11046 Node: LibreSSL/OpenSSL11049
Node: zlib13588 Node: zlib13591
Node: lzo14620 Node: lzo14623
Node: Installation15603 Node: Installation15606
Node: Building and installing tinc16513 Node: Building and installing tinc16516
Node: Darwin (Mac OS X) build environment17173 Node: Darwin (Mac OS X) build environment17176
Node: Cygwin (Windows) build environment17738 Node: Cygwin (Windows) build environment17741
Node: MinGW (Windows) build environment18327 Node: MinGW (Windows) build environment18330
Node: System files18921 Node: System files18924
Node: Device files19186 Node: Device files19189
Node: Other files19602 Node: Other files19605
Node: Configuration20215 Node: Configuration20218
Node: Configuration introduction20526 Node: Configuration introduction20529
Node: Multiple networks21794 Node: Multiple networks21797
Node: How connections work23220 Node: How connections work23223
Node: Configuration files24442 Node: Configuration files24445
Node: Main configuration variables25936 Node: Main configuration variables25939
Node: Host configuration variables42193 Node: Host configuration variables42195
Node: Scripts47725 Node: Scripts47727
Node: How to configure50991 Node: How to configure50993
Node: Generating keypairs52249 Node: Generating keypairs52251
Node: Network interfaces52748 Node: Network interfaces52750
Node: Example configuration54596 Node: Example configuration54598
Node: Running tinc59921 Node: Running tinc59923
Node: Runtime options60511 Node: Runtime options60513
Node: Signals63813 Node: Signals63815
Node: Debug levels65004 Node: Debug levels65006
Node: Solving problems65940 Node: Solving problems65942
Node: Error messages67492 Node: Error messages67494
Node: Sending bug reports71501 Node: Sending bug reports71503
Node: Technical information72448 Node: Technical information72450
Node: The connection72679 Node: The connection72681
Node: The UDP tunnel72991 Node: The UDP tunnel72993
Node: The meta-connection76052 Node: The meta-connection76054
Node: The meta-protocol77521 Node: The meta-protocol77523
Node: Security82538 Node: Security82540
Node: Authentication protocol83680 Node: Authentication protocol83682
Node: Encryption of network packets88725 Node: Encryption of network packets88727
Node: Security issues90101 Node: Security issues90103
Node: Platform specific information91740 Node: Platform specific information91742
Node: Interface configuration91968 Node: Interface configuration91970
Node: Routes94439 Node: Routes94441
Node: About us96453 Node: About us96455
Node: Contact information96628 Node: Contact information96630
Node: Authors97031 Node: Authors97033
Node: Concept Index97436 Node: Concept Index97438
 
End Tag Table End Tag Table

View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2016 Ivo Timmermans, Copyright @copyright{} 1998-2017 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>. Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll @vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2016 Ivo Timmermans, Copyright @copyright{} 1998-2017 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>. Wessel Dankers <wsl@@tinc-vpn.org>.

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am. # Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc. # Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,

View file

@ -1,6 +1,6 @@
/* /*
meta.c -- handle the meta communication meta.c -- handle the meta communication
Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans 2000-2005 Ivo Timmermans
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
@ -104,7 +104,7 @@ bool flush_meta(connection_t *c) {
} else if(errno == EINTR) { } else if(errno == EINTR) {
continue; continue;
} else if(sockwouldblock(sockerrno)) { } else if(sockwouldblock(sockerrno)) {
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
c->outbuflen, c->name, c->hostname); c->outbuflen, c->name, c->hostname);
return true; return true;
} else { } else {

View file

@ -1,7 +1,7 @@
/* /*
net_setup.c -- Setup. net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2016 Guus Sliepen <guus@tinc-vpn.org> 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com> 2010 Brandon Black <blblack@gmail.com>
@ -660,9 +660,12 @@ static bool setup_myself(void) {
/* We need to use a stream mode for the meta protocol. Use AES for this, /* We need to use a stream mode for the meta protocol. Use AES for this,
but try to match the key size with the one from the cipher selected but try to match the key size with the one from the cipher selected
by Cipher. by Cipher.
If Cipher is set to none, still use a low level of encryption for the
meta protocol.
*/ */
int keylen = EVP_CIPHER_key_length(myself->incipher); int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0;
if(keylen <= 16) if(keylen <= 16)
myself->connection->outcipher = EVP_aes_128_cfb(); myself->connection->outcipher = EVP_aes_128_cfb();
else if(keylen <= 24) else if(keylen <= 24)

View file

@ -1,7 +1,7 @@
/* /*
net_socket.c -- Handle various kinds of sockets. net_socket.c -- Handle various kinds of sockets.
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2015 Guus Sliepen <guus@tinc-vpn.org> 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
2009 Florian Forster <octo@verplant.org> 2009 Florian Forster <octo@verplant.org>
@ -442,6 +442,7 @@ connect:
if(!proxytype) { if(!proxytype) {
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
} else if(proxytype == PROXY_EXEC) { } else if(proxytype == PROXY_EXEC) {
c->status.proxy_passed = true;
do_outgoing_pipe(c, proxyhost); do_outgoing_pipe(c, proxyhost);
} else { } else {
proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM); proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
@ -471,6 +472,33 @@ connect:
#endif #endif
bind_to_interface(c->socket); bind_to_interface(c->socket);
int b = -1;
for(int i = 0; i < listen_sockets; i++) {
if(listen_socket[i].sa.sa.sa_family == c->address.sa.sa_family) {
if(b == -1) {
b = i;
} else {
b = -1;
break;
}
}
}
if(b != -1) {
sockaddr_t sa = listen_socket[b].sa;
if(sa.sa.sa_family == AF_INET)
sa.in.sin_port = 0;
else if(sa.sa.sa_family == AF_INET6)
sa.in6.sin6_port = 0;
if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
char *addrstr = sockaddr2hostname(&sa);
logger(LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
free(addrstr);
}
}
} }
/* Connect */ /* Connect */
@ -529,13 +557,20 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
c->outcompression = myself->connection->outcompression; c->outcompression = myself->connection->outcompression;
init_configuration(&c->config_tree); init_configuration(&c->config_tree);
read_connection_config(c); if(!read_connection_config(c)) {
free_connection(c);
outgoing->timeout = maxtimeout;
retry_outgoing(outgoing);
return;
}
outgoing->cfg = lookup_config(c->config_tree, "Address"); outgoing->cfg = lookup_config(c->config_tree, "Address");
if(!outgoing->cfg) { if(!outgoing->cfg) {
logger(LOG_ERR, "No address specified for %s", c->name); logger(LOG_ERR, "No address specified for %s", c->name);
free_connection(c); free_connection(c);
outgoing->timeout = maxtimeout;
retry_outgoing(outgoing);
return; return;
} }

View file

@ -1,6 +1,6 @@
/* /*
proxy.c -- Proxy handling functions. proxy.c -- Proxy handling functions.
Copyright (C) 2015-2016 Guus Sliepen <guus@tinc-vpn.org> Copyright (C) 2015-2017 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -174,7 +174,7 @@ bool send_proxyrequest(connection_t *c) {
} }
case PROXY_EXEC: case PROXY_EXEC:
return true; abort();
default: default:
logger(LOG_ERR, "Unknown proxy type"); logger(LOG_ERR, "Unknown proxy type");

View file

@ -1,8 +1,8 @@
/* /*
route.c -- routing route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans, Copyright (C) 2000-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
2015 Vittorio Gambaletta 2015-2016 Vittorio Gambaletta
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -675,6 +675,9 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
if(!do_decrement_ttl(source, packet)) if(!do_decrement_ttl(source, packet))
return; return;
if(priorityinheritance)
packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
if(via == source) { if(via == source) {
@ -963,8 +966,12 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
uint16_t type = packet->data[12] << 8 | packet->data[13]; uint16_t type = packet->data[12] << 8 | packet->data[13];
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size) if(priorityinheritance) {
if(type == ETH_P_IP && packet->len >= ether_size + ip_size)
packet->priority = packet->data[15]; packet->priority = packet->data[15];
else if(type == ETH_P_IPV6 && packet->len >= ether_size + ip6_size)
packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
}
// Handle packets larger than PMTU // Handle packets larger than PMTU

View file

@ -2,7 +2,7 @@
device.c -- Interaction with Solaris tun device device.c -- Interaction with Solaris tun device
Copyright (C) 2001-2005 Ivo Timmermans, Copyright (C) 2001-2005 Ivo Timmermans,
2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
2001-2014 Guus Sliepen <guus@tinc-vpn.org> 2001-2017 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@
#include <sys/stropts.h> #include <sys/stropts.h>
#include <sys/sockio.h> #include <sys/sockio.h>
#include <stropts.h>
#include "../conf.h" #include "../conf.h"
#include "../device.h" #include "../device.h"
@ -40,6 +41,7 @@
#define DEFAULT_TUN_DEVICE "/dev/tun" #define DEFAULT_TUN_DEVICE "/dev/tun"
#define DEFAULT_TAP_DEVICE "/dev/tap" #define DEFAULT_TAP_DEVICE "/dev/tap"
#define IP_DEVICE "/dev/udp"
static enum { static enum {
DEVICE_TYPE_TUN, DEVICE_TYPE_TUN,
@ -85,10 +87,13 @@ static bool setup_device(void) {
else else
device_info = "Solaris tap device"; device_info = "Solaris tap device";
if(device_type == DEVICE_TYPE_TAP && routing_mode == RMODE_ROUTER)
overwrite_mac = true;
/* The following is black magic copied from OpenVPN. */ /* The following is black magic copied from OpenVPN. */
if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { if((ip_fd = open(IP_DEVICE, O_RDWR, 0)) < 0) {
logger(LOG_ERR, "Could not open %s: %s\n", "/dev/ip", strerror(errno)); logger(LOG_ERR, "Could not open %s: %s\n", IP_DEVICE, strerror(errno));
return false; return false;
} }
@ -205,7 +210,7 @@ static bool setup_device(void) {
/* Push arp module to ip_fd */ /* Push arp module to ip_fd */
if(ioctl(ip_fd, I_PUSH, "arp") < 0) { if(ioctl(ip_fd, I_PUSH, "arp") < 0) {
logger(LOG_ERR, "Could not push ARP module onto %s!", "/dev/ip"); logger(LOG_ERR, "Could not push ARP module onto %s!", IP_DEVICE);
return false; return false;
} }
@ -297,11 +302,16 @@ static void close_device(void) {
} }
static bool read_packet(vpn_packet_t *packet) { static bool read_packet(vpn_packet_t *packet) {
int inlen; int result;
struct strbuf sbuf;
int f = 0;
switch(device_type) { switch(device_type) {
case DEVICE_TYPE_TUN: case DEVICE_TYPE_TUN:
if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { sbuf.maxlen = MTU - 14;
sbuf.buf = (char *)packet->data + 14;
if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
return false; return false;
} }
@ -321,16 +331,19 @@ static bool read_packet(vpn_packet_t *packet) {
} }
memset(packet->data, 0, 12); memset(packet->data, 0, 12);
packet->len = inlen + 14; packet->len = sbuf.len + 14;
break; break;
case DEVICE_TYPE_TAP: case DEVICE_TYPE_TAP:
if((inlen = read(device_fd, packet->data, MTU)) <= 0) { sbuf.maxlen = MTU;
sbuf.buf = (char *)packet->data;
if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
return false; return false;
} }
packet->len = inlen + 14; packet->len = sbuf.len;
break; break;
default: default:
@ -347,16 +360,24 @@ static bool read_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) { static bool write_packet(vpn_packet_t *packet) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info);
struct strbuf sbuf;
switch(device_type) { switch(device_type) {
case DEVICE_TYPE_TUN: case DEVICE_TYPE_TUN:
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { sbuf.len = packet->len - 14;
sbuf.buf = (char *)packet->data + 14;
if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
return false; return false;
} }
break; break;
case DEVICE_TYPE_TAP: case DEVICE_TYPE_TAP:
if(write(device_fd, packet->data, packet->len) < 0) { sbuf.len = packet->len;
sbuf.buf = (char *)packet->data;
if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
return false; return false;
} }