Import Debian changes 1.0.32-1
tinc (1.0.32-1) unstable; urgency=medium * New upstream release. * Add a note to new nets.boot files that it is not used with systemd. Closes: #841052 * In the post-down script, read the pid file only once. Closes: #832784 * Explicitly use /bin/sleep from coreutils. Closes: #772379 * Bump Standards-Version.
This commit is contained in:
commit
ac78971aab
32 changed files with 446 additions and 571 deletions
68
ChangeLog
68
ChangeLog
|
@ -1,3 +1,24 @@
|
||||||
|
Version 1.0.32 September 02 2017
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (13):
|
||||||
|
Don't dereference myself->incipher if it's NULL.
|
||||||
|
Merge remote-tracking branch 'VittGam/master'
|
||||||
|
Use /dev/udp instead of /dev/ip on Solaris.
|
||||||
|
Use getmsg()/putmsg() instead of read()/write() on Solaris.
|
||||||
|
Fix Solaris DeviceType = tap in router Mode.
|
||||||
|
Bind outgoing TCP sockets.
|
||||||
|
Move logging of "would block" messages to debug level 4.
|
||||||
|
Set KillMode=mixed in the systemd service file.
|
||||||
|
Don't forget about outgoing connections on host file read errors.
|
||||||
|
Fix Proxy = exec.
|
||||||
|
Set status.proxy_passed early for Proxy = exec.
|
||||||
|
Don't try to bind Proxy = exec sockets to an address.
|
||||||
|
Releasing 1.0.32.
|
||||||
|
|
||||||
|
Vittorio Gambaletta (VittGam) (1):
|
||||||
|
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
|
||||||
|
|
||||||
Version 1.0.31 January 15 2017
|
Version 1.0.31 January 15 2017
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
@ -162,20 +183,7 @@ VittGam (1):
|
||||||
Version 1.0.24 May 11 2014
|
Version 1.0.24 May 11 2014
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
Guus Sliepen (26):
|
Guus Sliepen (13):
|
||||||
Mention in the manual that multiple Address staments are allowed.
|
|
||||||
If no Port is specified, set myport to actual port of first listening socket.
|
|
||||||
Enable compiler hardening flags by default.
|
|
||||||
Update support for Solaris.
|
|
||||||
Include <limits.h> for PATH_MAX.
|
|
||||||
Stricter check for raw socket support.
|
|
||||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
|
||||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
|
||||||
Don't enable -fstack-protector-all.
|
|
||||||
Remove or lower the priority of some debug messages.
|
|
||||||
Clarify StrictSubnets.
|
|
||||||
Attribution for various contributors.
|
|
||||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
|
||||||
Remove useless variable 'hard' from try_harder().
|
Remove useless variable 'hard' from try_harder().
|
||||||
Merge pull request #14 from luckyhacky/master
|
Merge pull request #14 from luckyhacky/master
|
||||||
Add an autoconf check for res_init().
|
Add an autoconf check for res_init().
|
||||||
|
@ -195,22 +203,40 @@ Steffan Karger (3):
|
||||||
Use cryptographically strong random when generating keys.
|
Use cryptographically strong random when generating keys.
|
||||||
Check RAND_bytes() return value, fail when getting random fails.
|
Check RAND_bytes() return value, fail when getting random fails.
|
||||||
|
|
||||||
Florent Clairambault (2):
|
|
||||||
Adding "conf.d" configuration dir support.
|
|
||||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
|
||||||
|
|
||||||
Armin Fisslthaler (1):
|
Armin Fisslthaler (1):
|
||||||
reload /etc/resolv.conf in SIGALRM handler
|
reload /etc/resolv.conf in SIGALRM handler
|
||||||
|
|
||||||
Loic Dachary (1):
|
Loic Dachary (1):
|
||||||
fix documentation typo
|
fix documentation typo
|
||||||
|
|
||||||
Vilbrekin (1):
|
|
||||||
Update android build instructions. Disable PIE as this is not supported on some devices.
|
|
||||||
|
|
||||||
luckyhacky (1):
|
luckyhacky (1):
|
||||||
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||||
|
|
||||||
|
refs/tags/1.0.23-android-1 March 11 2014
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (13):
|
||||||
|
Mention in the manual that multiple Address staments are allowed.
|
||||||
|
If no Port is specified, set myport to actual port of first listening socket.
|
||||||
|
Enable compiler hardening flags by default.
|
||||||
|
Update support for Solaris.
|
||||||
|
Include <limits.h> for PATH_MAX.
|
||||||
|
Stricter check for raw socket support.
|
||||||
|
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||||
|
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||||
|
Don't enable -fstack-protector-all.
|
||||||
|
Remove or lower the priority of some debug messages.
|
||||||
|
Clarify StrictSubnets.
|
||||||
|
Attribution for various contributors.
|
||||||
|
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||||
|
|
||||||
|
Florent Clairambault (2):
|
||||||
|
Adding "conf.d" configuration dir support.
|
||||||
|
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||||
|
|
||||||
|
Vilbrekin (1):
|
||||||
|
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||||
|
|
||||||
Version 1.0.23 October 19 2013
|
Version 1.0.23 October 19 2013
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
316
INSTALL
316
INSTALL
|
@ -1,8 +1,8 @@
|
||||||
Installation Instructions
|
Installation Instructions
|
||||||
*************************
|
*************************
|
||||||
|
|
||||||
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
|
Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
|
||||||
Inc.
|
Foundation, Inc.
|
||||||
|
|
||||||
Copying and distribution of this file, with or without modification,
|
Copying and distribution of this file, with or without modification,
|
||||||
are permitted in any medium without royalty provided the copyright
|
are permitted in any medium without royalty provided the copyright
|
||||||
|
@ -12,97 +12,96 @@ without warranty of any kind.
|
||||||
Basic Installation
|
Basic Installation
|
||||||
==================
|
==================
|
||||||
|
|
||||||
Briefly, the shell command `./configure && make && make install'
|
Briefly, the shell command './configure && make && make install'
|
||||||
should configure, build, and install this package. The following
|
should configure, build, and install this package. The following
|
||||||
more-detailed instructions are generic; see the `README' file for
|
more-detailed instructions are generic; see the 'README' file for
|
||||||
instructions specific to this package. Some packages provide this
|
instructions specific to this package. Some packages provide this
|
||||||
`INSTALL' file but do not implement all of the features documented
|
'INSTALL' file but do not implement all of the features documented
|
||||||
below. The lack of an optional feature in a given package is not
|
below. The lack of an optional feature in a given package is not
|
||||||
necessarily a bug. More recommendations for GNU packages can be found
|
necessarily a bug. More recommendations for GNU packages can be found
|
||||||
in *note Makefile Conventions: (standards)Makefile Conventions.
|
in *note Makefile Conventions: (standards)Makefile Conventions.
|
||||||
|
|
||||||
The `configure' shell script attempts to guess correct values for
|
The 'configure' shell script attempts to guess correct values for
|
||||||
various system-dependent variables used during compilation. It uses
|
various system-dependent variables used during compilation. It uses
|
||||||
those values to create a `Makefile' in each directory of the package.
|
those values to create a 'Makefile' in each directory of the package.
|
||||||
It may also create one or more `.h' files containing system-dependent
|
It may also create one or more '.h' files containing system-dependent
|
||||||
definitions. Finally, it creates a shell script `config.status' that
|
definitions. Finally, it creates a shell script 'config.status' that
|
||||||
you can run in the future to recreate the current configuration, and a
|
you can run in the future to recreate the current configuration, and a
|
||||||
file `config.log' containing compiler output (useful mainly for
|
file 'config.log' containing compiler output (useful mainly for
|
||||||
debugging `configure').
|
debugging 'configure').
|
||||||
|
|
||||||
It can also use an optional file (typically called `config.cache'
|
It can also use an optional file (typically called 'config.cache' and
|
||||||
and enabled with `--cache-file=config.cache' or simply `-C') that saves
|
enabled with '--cache-file=config.cache' or simply '-C') that saves the
|
||||||
the results of its tests to speed up reconfiguring. Caching is
|
results of its tests to speed up reconfiguring. Caching is disabled by
|
||||||
disabled by default to prevent problems with accidental use of stale
|
default to prevent problems with accidental use of stale cache files.
|
||||||
cache files.
|
|
||||||
|
|
||||||
If you need to do unusual things to compile the package, please try
|
If you need to do unusual things to compile the package, please try
|
||||||
to figure out how `configure' could check whether to do them, and mail
|
to figure out how 'configure' could check whether to do them, and mail
|
||||||
diffs or instructions to the address given in the `README' so they can
|
diffs or instructions to the address given in the 'README' so they can
|
||||||
be considered for the next release. If you are using the cache, and at
|
be considered for the next release. If you are using the cache, and at
|
||||||
some point `config.cache' contains results you don't want to keep, you
|
some point 'config.cache' contains results you don't want to keep, you
|
||||||
may remove or edit it.
|
may remove or edit it.
|
||||||
|
|
||||||
The file `configure.ac' (or `configure.in') is used to create
|
The file 'configure.ac' (or 'configure.in') is used to create
|
||||||
`configure' by a program called `autoconf'. You need `configure.ac' if
|
'configure' by a program called 'autoconf'. You need 'configure.ac' if
|
||||||
you want to change it or regenerate `configure' using a newer version
|
you want to change it or regenerate 'configure' using a newer version of
|
||||||
of `autoconf'.
|
'autoconf'.
|
||||||
|
|
||||||
The simplest way to compile this package is:
|
The simplest way to compile this package is:
|
||||||
|
|
||||||
1. `cd' to the directory containing the package's source code and type
|
1. 'cd' to the directory containing the package's source code and type
|
||||||
`./configure' to configure the package for your system.
|
'./configure' to configure the package for your system.
|
||||||
|
|
||||||
Running `configure' might take a while. While running, it prints
|
Running 'configure' might take a while. While running, it prints
|
||||||
some messages telling which features it is checking for.
|
some messages telling which features it is checking for.
|
||||||
|
|
||||||
2. Type `make' to compile the package.
|
2. Type 'make' to compile the package.
|
||||||
|
|
||||||
3. Optionally, type `make check' to run any self-tests that come with
|
3. Optionally, type 'make check' to run any self-tests that come with
|
||||||
the package, generally using the just-built uninstalled binaries.
|
the package, generally using the just-built uninstalled binaries.
|
||||||
|
|
||||||
4. Type `make install' to install the programs and any data files and
|
4. Type 'make install' to install the programs and any data files and
|
||||||
documentation. When installing into a prefix owned by root, it is
|
documentation. When installing into a prefix owned by root, it is
|
||||||
recommended that the package be configured and built as a regular
|
recommended that the package be configured and built as a regular
|
||||||
user, and only the `make install' phase executed with root
|
user, and only the 'make install' phase executed with root
|
||||||
privileges.
|
privileges.
|
||||||
|
|
||||||
5. Optionally, type `make installcheck' to repeat any self-tests, but
|
5. Optionally, type 'make installcheck' to repeat any self-tests, but
|
||||||
this time using the binaries in their final installed location.
|
this time using the binaries in their final installed location.
|
||||||
This target does not install anything. Running this target as a
|
This target does not install anything. Running this target as a
|
||||||
regular user, particularly if the prior `make install' required
|
regular user, particularly if the prior 'make install' required
|
||||||
root privileges, verifies that the installation completed
|
root privileges, verifies that the installation completed
|
||||||
correctly.
|
correctly.
|
||||||
|
|
||||||
6. You can remove the program binaries and object files from the
|
6. You can remove the program binaries and object files from the
|
||||||
source code directory by typing `make clean'. To also remove the
|
source code directory by typing 'make clean'. To also remove the
|
||||||
files that `configure' created (so you can compile the package for
|
files that 'configure' created (so you can compile the package for
|
||||||
a different kind of computer), type `make distclean'. There is
|
a different kind of computer), type 'make distclean'. There is
|
||||||
also a `make maintainer-clean' target, but that is intended mainly
|
also a 'make maintainer-clean' target, but that is intended mainly
|
||||||
for the package's developers. If you use it, you may have to get
|
for the package's developers. If you use it, you may have to get
|
||||||
all sorts of other programs in order to regenerate files that came
|
all sorts of other programs in order to regenerate files that came
|
||||||
with the distribution.
|
with the distribution.
|
||||||
|
|
||||||
7. Often, you can also type `make uninstall' to remove the installed
|
7. Often, you can also type 'make uninstall' to remove the installed
|
||||||
files again. In practice, not all packages have tested that
|
files again. In practice, not all packages have tested that
|
||||||
uninstallation works correctly, even though it is required by the
|
uninstallation works correctly, even though it is required by the
|
||||||
GNU Coding Standards.
|
GNU Coding Standards.
|
||||||
|
|
||||||
8. Some packages, particularly those that use Automake, provide `make
|
8. Some packages, particularly those that use Automake, provide 'make
|
||||||
distcheck', which can by used by developers to test that all other
|
distcheck', which can by used by developers to test that all other
|
||||||
targets like `make install' and `make uninstall' work correctly.
|
targets like 'make install' and 'make uninstall' work correctly.
|
||||||
This target is generally not run by end users.
|
This target is generally not run by end users.
|
||||||
|
|
||||||
Compilers and Options
|
Compilers and Options
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
Some systems require unusual options for compilation or linking that
|
Some systems require unusual options for compilation or linking that
|
||||||
the `configure' script does not know about. Run `./configure --help'
|
the 'configure' script does not know about. Run './configure --help'
|
||||||
for details on some of the pertinent environment variables.
|
for details on some of the pertinent environment variables.
|
||||||
|
|
||||||
You can give `configure' initial values for configuration parameters
|
You can give 'configure' initial values for configuration parameters
|
||||||
by setting variables in the command line or in the environment. Here
|
by setting variables in the command line or in the environment. Here is
|
||||||
is an example:
|
an example:
|
||||||
|
|
||||||
./configure CC=c99 CFLAGS=-g LIBS=-lposix
|
./configure CC=c99 CFLAGS=-g LIBS=-lposix
|
||||||
|
|
||||||
|
@ -113,21 +112,21 @@ Compiling For Multiple Architectures
|
||||||
|
|
||||||
You can compile the package for more than one kind of computer at the
|
You can compile the package for more than one kind of computer at the
|
||||||
same time, by placing the object files for each architecture in their
|
same time, by placing the object files for each architecture in their
|
||||||
own directory. To do this, you can use GNU `make'. `cd' to the
|
own directory. To do this, you can use GNU 'make'. 'cd' to the
|
||||||
directory where you want the object files and executables to go and run
|
directory where you want the object files and executables to go and run
|
||||||
the `configure' script. `configure' automatically checks for the
|
the 'configure' script. 'configure' automatically checks for the source
|
||||||
source code in the directory that `configure' is in and in `..'. This
|
code in the directory that 'configure' is in and in '..'. This is known
|
||||||
is known as a "VPATH" build.
|
as a "VPATH" build.
|
||||||
|
|
||||||
With a non-GNU `make', it is safer to compile the package for one
|
With a non-GNU 'make', it is safer to compile the package for one
|
||||||
architecture at a time in the source code directory. After you have
|
architecture at a time in the source code directory. After you have
|
||||||
installed the package for one architecture, use `make distclean' before
|
installed the package for one architecture, use 'make distclean' before
|
||||||
reconfiguring for another architecture.
|
reconfiguring for another architecture.
|
||||||
|
|
||||||
On MacOS X 10.5 and later systems, you can create libraries and
|
On MacOS X 10.5 and later systems, you can create libraries and
|
||||||
executables that work on multiple system types--known as "fat" or
|
executables that work on multiple system types--known as "fat" or
|
||||||
"universal" binaries--by specifying multiple `-arch' options to the
|
"universal" binaries--by specifying multiple '-arch' options to the
|
||||||
compiler but only a single `-arch' option to the preprocessor. Like
|
compiler but only a single '-arch' option to the preprocessor. Like
|
||||||
this:
|
this:
|
||||||
|
|
||||||
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
||||||
|
@ -136,105 +135,104 @@ this:
|
||||||
|
|
||||||
This is not guaranteed to produce working output in all cases, you
|
This is not guaranteed to produce working output in all cases, you
|
||||||
may have to build one architecture at a time and combine the results
|
may have to build one architecture at a time and combine the results
|
||||||
using the `lipo' tool if you have problems.
|
using the 'lipo' tool if you have problems.
|
||||||
|
|
||||||
Installation Names
|
Installation Names
|
||||||
==================
|
==================
|
||||||
|
|
||||||
By default, `make install' installs the package's commands under
|
By default, 'make install' installs the package's commands under
|
||||||
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
'/usr/local/bin', include files under '/usr/local/include', etc. You
|
||||||
can specify an installation prefix other than `/usr/local' by giving
|
can specify an installation prefix other than '/usr/local' by giving
|
||||||
`configure' the option `--prefix=PREFIX', where PREFIX must be an
|
'configure' the option '--prefix=PREFIX', where PREFIX must be an
|
||||||
absolute file name.
|
absolute file name.
|
||||||
|
|
||||||
You can specify separate installation prefixes for
|
You can specify separate installation prefixes for
|
||||||
architecture-specific files and architecture-independent files. If you
|
architecture-specific files and architecture-independent files. If you
|
||||||
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
|
pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
|
||||||
PREFIX as the prefix for installing programs and libraries.
|
PREFIX as the prefix for installing programs and libraries.
|
||||||
Documentation and other data files still use the regular prefix.
|
Documentation and other data files still use the regular prefix.
|
||||||
|
|
||||||
In addition, if you use an unusual directory layout you can give
|
In addition, if you use an unusual directory layout you can give
|
||||||
options like `--bindir=DIR' to specify different values for particular
|
options like '--bindir=DIR' to specify different values for particular
|
||||||
kinds of files. Run `configure --help' for a list of the directories
|
kinds of files. Run 'configure --help' for a list of the directories
|
||||||
you can set and what kinds of files go in them. In general, the
|
you can set and what kinds of files go in them. In general, the default
|
||||||
default for these options is expressed in terms of `${prefix}', so that
|
for these options is expressed in terms of '${prefix}', so that
|
||||||
specifying just `--prefix' will affect all of the other directory
|
specifying just '--prefix' will affect all of the other directory
|
||||||
specifications that were not explicitly provided.
|
specifications that were not explicitly provided.
|
||||||
|
|
||||||
The most portable way to affect installation locations is to pass the
|
The most portable way to affect installation locations is to pass the
|
||||||
correct locations to `configure'; however, many packages provide one or
|
correct locations to 'configure'; however, many packages provide one or
|
||||||
both of the following shortcuts of passing variable assignments to the
|
both of the following shortcuts of passing variable assignments to the
|
||||||
`make install' command line to change installation locations without
|
'make install' command line to change installation locations without
|
||||||
having to reconfigure or recompile.
|
having to reconfigure or recompile.
|
||||||
|
|
||||||
The first method involves providing an override variable for each
|
The first method involves providing an override variable for each
|
||||||
affected directory. For example, `make install
|
affected directory. For example, 'make install
|
||||||
prefix=/alternate/directory' will choose an alternate location for all
|
prefix=/alternate/directory' will choose an alternate location for all
|
||||||
directory configuration variables that were expressed in terms of
|
directory configuration variables that were expressed in terms of
|
||||||
`${prefix}'. Any directories that were specified during `configure',
|
'${prefix}'. Any directories that were specified during 'configure',
|
||||||
but not in terms of `${prefix}', must each be overridden at install
|
but not in terms of '${prefix}', must each be overridden at install time
|
||||||
time for the entire installation to be relocated. The approach of
|
for the entire installation to be relocated. The approach of makefile
|
||||||
makefile variable overrides for each directory variable is required by
|
variable overrides for each directory variable is required by the GNU
|
||||||
the GNU Coding Standards, and ideally causes no recompilation.
|
Coding Standards, and ideally causes no recompilation. However, some
|
||||||
However, some platforms have known limitations with the semantics of
|
platforms have known limitations with the semantics of shared libraries
|
||||||
shared libraries that end up requiring recompilation when using this
|
that end up requiring recompilation when using this method, particularly
|
||||||
method, particularly noticeable in packages that use GNU Libtool.
|
noticeable in packages that use GNU Libtool.
|
||||||
|
|
||||||
The second method involves providing the `DESTDIR' variable. For
|
The second method involves providing the 'DESTDIR' variable. For
|
||||||
example, `make install DESTDIR=/alternate/directory' will prepend
|
example, 'make install DESTDIR=/alternate/directory' will prepend
|
||||||
`/alternate/directory' before all installation names. The approach of
|
'/alternate/directory' before all installation names. The approach of
|
||||||
`DESTDIR' overrides is not required by the GNU Coding Standards, and
|
'DESTDIR' overrides is not required by the GNU Coding Standards, and
|
||||||
does not work on platforms that have drive letters. On the other hand,
|
does not work on platforms that have drive letters. On the other hand,
|
||||||
it does better at avoiding recompilation issues, and works well even
|
it does better at avoiding recompilation issues, and works well even
|
||||||
when some directory options were not specified in terms of `${prefix}'
|
when some directory options were not specified in terms of '${prefix}'
|
||||||
at `configure' time.
|
at 'configure' time.
|
||||||
|
|
||||||
Optional Features
|
Optional Features
|
||||||
=================
|
=================
|
||||||
|
|
||||||
If the package supports it, you can cause programs to be installed
|
If the package supports it, you can cause programs to be installed
|
||||||
with an extra prefix or suffix on their names by giving `configure' the
|
with an extra prefix or suffix on their names by giving 'configure' the
|
||||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
|
||||||
|
|
||||||
Some packages pay attention to `--enable-FEATURE' options to
|
Some packages pay attention to '--enable-FEATURE' options to
|
||||||
`configure', where FEATURE indicates an optional part of the package.
|
'configure', where FEATURE indicates an optional part of the package.
|
||||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
They may also pay attention to '--with-PACKAGE' options, where PACKAGE
|
||||||
is something like `gnu-as' or `x' (for the X Window System). The
|
is something like 'gnu-as' or 'x' (for the X Window System). The
|
||||||
`README' should mention any `--enable-' and `--with-' options that the
|
'README' should mention any '--enable-' and '--with-' options that the
|
||||||
package recognizes.
|
package recognizes.
|
||||||
|
|
||||||
For packages that use the X Window System, `configure' can usually
|
For packages that use the X Window System, 'configure' can usually
|
||||||
find the X include and library files automatically, but if it doesn't,
|
find the X include and library files automatically, but if it doesn't,
|
||||||
you can use the `configure' options `--x-includes=DIR' and
|
you can use the 'configure' options '--x-includes=DIR' and
|
||||||
`--x-libraries=DIR' to specify their locations.
|
'--x-libraries=DIR' to specify their locations.
|
||||||
|
|
||||||
Some packages offer the ability to configure how verbose the
|
Some packages offer the ability to configure how verbose the
|
||||||
execution of `make' will be. For these packages, running `./configure
|
execution of 'make' will be. For these packages, running './configure
|
||||||
--enable-silent-rules' sets the default to minimal output, which can be
|
--enable-silent-rules' sets the default to minimal output, which can be
|
||||||
overridden with `make V=1'; while running `./configure
|
overridden with 'make V=1'; while running './configure
|
||||||
--disable-silent-rules' sets the default to verbose, which can be
|
--disable-silent-rules' sets the default to verbose, which can be
|
||||||
overridden with `make V=0'.
|
overridden with 'make V=0'.
|
||||||
|
|
||||||
Particular systems
|
Particular systems
|
||||||
==================
|
==================
|
||||||
|
|
||||||
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
|
On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
|
||||||
CC is not installed, it is recommended to use the following options in
|
is not installed, it is recommended to use the following options in
|
||||||
order to use an ANSI C compiler:
|
order to use an ANSI C compiler:
|
||||||
|
|
||||||
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
|
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
|
||||||
|
|
||||||
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
|
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
|
||||||
|
|
||||||
HP-UX `make' updates targets which have the same time stamps as
|
HP-UX 'make' updates targets which have the same time stamps as their
|
||||||
their prerequisites, which makes it generally unusable when shipped
|
prerequisites, which makes it generally unusable when shipped generated
|
||||||
generated files such as `configure' are involved. Use GNU `make'
|
files such as 'configure' are involved. Use GNU 'make' instead.
|
||||||
instead.
|
|
||||||
|
|
||||||
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
|
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
|
||||||
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
|
parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
|
||||||
a workaround. If GNU CC is not installed, it is therefore recommended
|
workaround. If GNU CC is not installed, it is therefore recommended to
|
||||||
to try
|
try
|
||||||
|
|
||||||
./configure CC="cc"
|
./configure CC="cc"
|
||||||
|
|
||||||
|
@ -242,26 +240,26 @@ and if that doesn't work, try
|
||||||
|
|
||||||
./configure CC="cc -nodtk"
|
./configure CC="cc -nodtk"
|
||||||
|
|
||||||
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
|
On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
|
||||||
directory contains several dysfunctional programs; working variants of
|
directory contains several dysfunctional programs; working variants of
|
||||||
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
|
these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
|
||||||
in your `PATH', put it _after_ `/usr/bin'.
|
in your 'PATH', put it _after_ '/usr/bin'.
|
||||||
|
|
||||||
On Haiku, software installed for all users goes in `/boot/common',
|
On Haiku, software installed for all users goes in '/boot/common',
|
||||||
not `/usr/local'. It is recommended to use the following options:
|
not '/usr/local'. It is recommended to use the following options:
|
||||||
|
|
||||||
./configure --prefix=/boot/common
|
./configure --prefix=/boot/common
|
||||||
|
|
||||||
Specifying the System Type
|
Specifying the System Type
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
There may be some features `configure' cannot figure out
|
There may be some features 'configure' cannot figure out
|
||||||
automatically, but needs to determine by the type of machine the package
|
automatically, but needs to determine by the type of machine the package
|
||||||
will run on. Usually, assuming the package is built to be run on the
|
will run on. Usually, assuming the package is built to be run on the
|
||||||
_same_ architectures, `configure' can figure that out, but if it prints
|
_same_ architectures, 'configure' can figure that out, but if it prints
|
||||||
a message saying it cannot guess the machine type, give it the
|
a message saying it cannot guess the machine type, give it the
|
||||||
`--build=TYPE' option. TYPE can either be a short name for the system
|
'--build=TYPE' option. TYPE can either be a short name for the system
|
||||||
type, such as `sun4', or a canonical name which has the form:
|
type, such as 'sun4', or a canonical name which has the form:
|
||||||
|
|
||||||
CPU-COMPANY-SYSTEM
|
CPU-COMPANY-SYSTEM
|
||||||
|
|
||||||
|
@ -270,101 +268,101 @@ where SYSTEM can have one of these forms:
|
||||||
OS
|
OS
|
||||||
KERNEL-OS
|
KERNEL-OS
|
||||||
|
|
||||||
See the file `config.sub' for the possible values of each field. If
|
See the file 'config.sub' for the possible values of each field. If
|
||||||
`config.sub' isn't included in this package, then this package doesn't
|
'config.sub' isn't included in this package, then this package doesn't
|
||||||
need to know the machine type.
|
need to know the machine type.
|
||||||
|
|
||||||
If you are _building_ compiler tools for cross-compiling, you should
|
If you are _building_ compiler tools for cross-compiling, you should
|
||||||
use the option `--target=TYPE' to select the type of system they will
|
use the option '--target=TYPE' to select the type of system they will
|
||||||
produce code for.
|
produce code for.
|
||||||
|
|
||||||
If you want to _use_ a cross compiler, that generates code for a
|
If you want to _use_ a cross compiler, that generates code for a
|
||||||
platform different from the build platform, you should specify the
|
platform different from the build platform, you should specify the
|
||||||
"host" platform (i.e., that on which the generated programs will
|
"host" platform (i.e., that on which the generated programs will
|
||||||
eventually be run) with `--host=TYPE'.
|
eventually be run) with '--host=TYPE'.
|
||||||
|
|
||||||
Sharing Defaults
|
Sharing Defaults
|
||||||
================
|
================
|
||||||
|
|
||||||
If you want to set default values for `configure' scripts to share,
|
If you want to set default values for 'configure' scripts to share,
|
||||||
you can create a site shell script called `config.site' that gives
|
you can create a site shell script called 'config.site' that gives
|
||||||
default values for variables like `CC', `cache_file', and `prefix'.
|
default values for variables like 'CC', 'cache_file', and 'prefix'.
|
||||||
`configure' looks for `PREFIX/share/config.site' if it exists, then
|
'configure' looks for 'PREFIX/share/config.site' if it exists, then
|
||||||
`PREFIX/etc/config.site' if it exists. Or, you can set the
|
'PREFIX/etc/config.site' if it exists. Or, you can set the
|
||||||
`CONFIG_SITE' environment variable to the location of the site script.
|
'CONFIG_SITE' environment variable to the location of the site script.
|
||||||
A warning: not all `configure' scripts look for a site script.
|
A warning: not all 'configure' scripts look for a site script.
|
||||||
|
|
||||||
Defining Variables
|
Defining Variables
|
||||||
==================
|
==================
|
||||||
|
|
||||||
Variables not defined in a site shell script can be set in the
|
Variables not defined in a site shell script can be set in the
|
||||||
environment passed to `configure'. However, some packages may run
|
environment passed to 'configure'. However, some packages may run
|
||||||
configure again during the build, and the customized values of these
|
configure again during the build, and the customized values of these
|
||||||
variables may be lost. In order to avoid this problem, you should set
|
variables may be lost. In order to avoid this problem, you should set
|
||||||
them in the `configure' command line, using `VAR=value'. For example:
|
them in the 'configure' command line, using 'VAR=value'. For example:
|
||||||
|
|
||||||
./configure CC=/usr/local2/bin/gcc
|
./configure CC=/usr/local2/bin/gcc
|
||||||
|
|
||||||
causes the specified `gcc' to be used as the C compiler (unless it is
|
causes the specified 'gcc' to be used as the C compiler (unless it is
|
||||||
overridden in the site shell script).
|
overridden in the site shell script).
|
||||||
|
|
||||||
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
|
Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
|
||||||
an Autoconf limitation. Until the limitation is lifted, you can use
|
Autoconf limitation. Until the limitation is lifted, you can use this
|
||||||
this workaround:
|
workaround:
|
||||||
|
|
||||||
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
|
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
|
||||||
|
|
||||||
`configure' Invocation
|
'configure' Invocation
|
||||||
======================
|
======================
|
||||||
|
|
||||||
`configure' recognizes the following options to control how it
|
'configure' recognizes the following options to control how it
|
||||||
operates.
|
operates.
|
||||||
|
|
||||||
`--help'
|
'--help'
|
||||||
`-h'
|
'-h'
|
||||||
Print a summary of all of the options to `configure', and exit.
|
Print a summary of all of the options to 'configure', and exit.
|
||||||
|
|
||||||
`--help=short'
|
'--help=short'
|
||||||
`--help=recursive'
|
'--help=recursive'
|
||||||
Print a summary of the options unique to this package's
|
Print a summary of the options unique to this package's
|
||||||
`configure', and exit. The `short' variant lists options used
|
'configure', and exit. The 'short' variant lists options used only
|
||||||
only in the top level, while the `recursive' variant lists options
|
in the top level, while the 'recursive' variant lists options also
|
||||||
also present in any nested packages.
|
present in any nested packages.
|
||||||
|
|
||||||
`--version'
|
'--version'
|
||||||
`-V'
|
'-V'
|
||||||
Print the version of Autoconf used to generate the `configure'
|
Print the version of Autoconf used to generate the 'configure'
|
||||||
script, and exit.
|
script, and exit.
|
||||||
|
|
||||||
`--cache-file=FILE'
|
'--cache-file=FILE'
|
||||||
Enable the cache: use and save the results of the tests in FILE,
|
Enable the cache: use and save the results of the tests in FILE,
|
||||||
traditionally `config.cache'. FILE defaults to `/dev/null' to
|
traditionally 'config.cache'. FILE defaults to '/dev/null' to
|
||||||
disable caching.
|
disable caching.
|
||||||
|
|
||||||
`--config-cache'
|
'--config-cache'
|
||||||
`-C'
|
'-C'
|
||||||
Alias for `--cache-file=config.cache'.
|
Alias for '--cache-file=config.cache'.
|
||||||
|
|
||||||
`--quiet'
|
'--quiet'
|
||||||
`--silent'
|
'--silent'
|
||||||
`-q'
|
'-q'
|
||||||
Do not print messages saying which checks are being made. To
|
Do not print messages saying which checks are being made. To
|
||||||
suppress all normal output, redirect it to `/dev/null' (any error
|
suppress all normal output, redirect it to '/dev/null' (any error
|
||||||
messages will still be shown).
|
messages will still be shown).
|
||||||
|
|
||||||
`--srcdir=DIR'
|
'--srcdir=DIR'
|
||||||
Look for the package's source code in directory DIR. Usually
|
Look for the package's source code in directory DIR. Usually
|
||||||
`configure' can determine that directory automatically.
|
'configure' can determine that directory automatically.
|
||||||
|
|
||||||
`--prefix=DIR'
|
'--prefix=DIR'
|
||||||
Use DIR as the installation prefix. *note Installation Names::
|
Use DIR as the installation prefix. *note Installation Names:: for
|
||||||
for more details, including other options available for fine-tuning
|
more details, including other options available for fine-tuning the
|
||||||
the installation locations.
|
installation locations.
|
||||||
|
|
||||||
`--no-create'
|
'--no-create'
|
||||||
`-n'
|
'-n'
|
||||||
Run the configure checks, but stop before creating any output
|
Run the configure checks, but stop before creating any output
|
||||||
files.
|
files.
|
||||||
|
|
||||||
`configure' also accepts some other, not widely useful, options. Run
|
'configure' also accepts some other, not widely useful, options. Run
|
||||||
`configure --help' for more details.
|
'configure --help' for more details.
|
||||||
|
|
12
Makefile.in
12
Makefile.in
|
@ -1,7 +1,7 @@
|
||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -544,7 +544,7 @@ distdir: $(DISTFILES)
|
||||||
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
||||||
|| chmod -R a+r "$(distdir)"
|
|| chmod -R a+r "$(distdir)"
|
||||||
dist-gzip: distdir
|
dist-gzip: distdir
|
||||||
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
|
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
|
||||||
$(am__post_remove_distdir)
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
dist-bzip2: distdir
|
dist-bzip2: distdir
|
||||||
|
@ -570,7 +570,7 @@ dist-shar: distdir
|
||||||
@echo WARNING: "Support for shar distribution archives is" \
|
@echo WARNING: "Support for shar distribution archives is" \
|
||||||
"deprecated." >&2
|
"deprecated." >&2
|
||||||
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
||||||
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
|
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
|
||||||
$(am__post_remove_distdir)
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
dist-zip: distdir
|
dist-zip: distdir
|
||||||
|
@ -588,7 +588,7 @@ dist dist-all:
|
||||||
distcheck: dist
|
distcheck: dist
|
||||||
case '$(DIST_ARCHIVES)' in \
|
case '$(DIST_ARCHIVES)' in \
|
||||||
*.tar.gz*) \
|
*.tar.gz*) \
|
||||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
|
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||||
*.tar.bz2*) \
|
*.tar.bz2*) \
|
||||||
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||||
*.tar.lz*) \
|
*.tar.lz*) \
|
||||||
|
@ -598,7 +598,7 @@ distcheck: dist
|
||||||
*.tar.Z*) \
|
*.tar.Z*) \
|
||||||
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
||||||
*.shar.gz*) \
|
*.shar.gz*) \
|
||||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
|
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
|
||||||
*.zip*) \
|
*.zip*) \
|
||||||
unzip $(distdir).zip ;;\
|
unzip $(distdir).zip ;;\
|
||||||
esac
|
esac
|
||||||
|
|
10
NEWS
10
NEWS
|
@ -1,3 +1,13 @@
|
||||||
|
Version 1.0.32 September 2 2017
|
||||||
|
|
||||||
|
* Fix segmentation fault when using Cipher = none.
|
||||||
|
* Fix Proxy = exec.
|
||||||
|
* Support PriorityInheritance for IPv6 packets.
|
||||||
|
* Fixes for Solaris tun/tap support.
|
||||||
|
* Bind outgoing TCP sockets when ListenAddress is used.
|
||||||
|
|
||||||
|
Thanks to Vittorio Gambaletta for his contribution to this version of tinc.
|
||||||
|
|
||||||
Version 1.0.31 January 15 2017
|
Version 1.0.31 January 15 2017
|
||||||
|
|
||||||
* Remove ExecStop in tinc@.service.
|
* Remove ExecStop in tinc@.service.
|
||||||
|
|
2
README
2
README
|
@ -1,4 +1,4 @@
|
||||||
This is the README file for tinc version 1.0.31. Installation
|
This is the README file for tinc version 1.0.32. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2017 by:
|
tinc is Copyright (C) 1998-2017 by:
|
||||||
|
|
2
THANKS
2
THANKS
|
@ -22,9 +22,11 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Flynn Marquardt
|
* Flynn Marquardt
|
||||||
* Gary Kessler and Claudia Gonzalez
|
* Gary Kessler and Claudia Gonzalez
|
||||||
* Grzegorz Dymarek
|
* Grzegorz Dymarek
|
||||||
|
* Gusariev Oleksandr
|
||||||
* Hans Bayle
|
* Hans Bayle
|
||||||
* Harvest
|
* Harvest
|
||||||
* Ivo van Dong
|
* Ivo van Dong
|
||||||
|
* Ivo Smits
|
||||||
* James Cook
|
* James Cook
|
||||||
* James MacLean
|
* James MacLean
|
||||||
* Jamie Briggs
|
* Jamie Briggs
|
||||||
|
|
46
aclocal.m4
vendored
46
aclocal.m4
vendored
|
@ -1,6 +1,6 @@
|
||||||
# generated automatically by aclocal 1.15 -*- Autoconf -*-
|
# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -296,7 +296,7 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
|
||||||
AS_VAR_IF([$1], [""], [$5], [$4])dnl
|
AS_VAR_IF([$1], [""], [$5], [$4])dnl
|
||||||
])dnl PKG_CHECK_VAR
|
])dnl PKG_CHECK_VAR
|
||||||
|
|
||||||
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2002-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -311,7 +311,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
||||||
[am__api_version='1.15'
|
[am__api_version='1.15'
|
||||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||||
dnl require some minimum version. Point them to the right macro.
|
dnl require some minimum version. Point them to the right macro.
|
||||||
m4_if([$1], [1.15], [],
|
m4_if([$1], [1.15.1], [],
|
||||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -327,14 +327,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
||||||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||||
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
||||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||||
[AM_AUTOMAKE_VERSION([1.15])dnl
|
[AM_AUTOMAKE_VERSION([1.15.1])dnl
|
||||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||||
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||||
|
|
||||||
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
|
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -386,7 +386,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
|
||||||
|
|
||||||
# AM_CONDITIONAL -*- Autoconf -*-
|
# AM_CONDITIONAL -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -417,7 +417,7 @@ AC_CONFIG_COMMANDS_PRE(
|
||||||
Usually this means the macro was only invoked conditionally.]])
|
Usually this means the macro was only invoked conditionally.]])
|
||||||
fi])])
|
fi])])
|
||||||
|
|
||||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -608,7 +608,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
|
||||||
|
|
||||||
# Generate code to set up dependency tracking. -*- Autoconf -*-
|
# Generate code to set up dependency tracking. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -684,7 +684,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
|
||||||
|
|
||||||
# Do all the work for Automake. -*- Autoconf -*-
|
# Do all the work for Automake. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -881,7 +881,7 @@ for _am_header in $config_headers :; do
|
||||||
done
|
done
|
||||||
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
|
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
|
||||||
|
|
||||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -902,7 +902,7 @@ if test x"${install_sh+set}" != xset; then
|
||||||
fi
|
fi
|
||||||
AC_SUBST([install_sh])])
|
AC_SUBST([install_sh])])
|
||||||
|
|
||||||
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2003-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -924,7 +924,7 @@ AC_SUBST([am__leading_dot])])
|
||||||
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
|
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
|
||||||
# From Jim Meyering
|
# From Jim Meyering
|
||||||
|
|
||||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -959,7 +959,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
|
||||||
|
|
||||||
# Check to see how 'make' treats includes. -*- Autoconf -*-
|
# Check to see how 'make' treats includes. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1009,7 +1009,7 @@ rm -f confinc confmf
|
||||||
|
|
||||||
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
|
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1048,7 +1048,7 @@ fi
|
||||||
|
|
||||||
# Helper functions for option handling. -*- Autoconf -*-
|
# Helper functions for option handling. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1077,7 +1077,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
|
||||||
AC_DEFUN([_AM_IF_OPTION],
|
AC_DEFUN([_AM_IF_OPTION],
|
||||||
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
|
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
|
||||||
|
|
||||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1124,7 +1124,7 @@ AC_LANG_POP([C])])
|
||||||
# For backward compatibility.
|
# For backward compatibility.
|
||||||
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
|
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
|
||||||
|
|
||||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1143,7 +1143,7 @@ AC_DEFUN([AM_RUN_LOG],
|
||||||
|
|
||||||
# Check to make sure that the build environment is sane. -*- Autoconf -*-
|
# Check to make sure that the build environment is sane. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1224,7 +1224,7 @@ AC_CONFIG_COMMANDS_PRE(
|
||||||
rm -f conftest.file
|
rm -f conftest.file
|
||||||
])
|
])
|
||||||
|
|
||||||
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2009-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1284,7 +1284,7 @@ AC_SUBST([AM_BACKSLASH])dnl
|
||||||
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
|
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
|
||||||
])
|
])
|
||||||
|
|
||||||
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1312,7 +1312,7 @@ fi
|
||||||
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
|
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
|
||||||
AC_SUBST([INSTALL_STRIP_PROGRAM])])
|
AC_SUBST([INSTALL_STRIP_PROGRAM])])
|
||||||
|
|
||||||
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2006-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -1331,7 +1331,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
|
||||||
|
|
||||||
# Check how to create a tarball. -*- Autoconf -*-
|
# Check how to create a tarball. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
|
# Copyright (C) 2004-2017 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
|
20
configure
vendored
20
configure
vendored
|
@ -1,6 +1,6 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.31.
|
# Generated by GNU Autoconf 2.69 for tinc 1.0.32.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
||||||
|
@ -577,8 +577,8 @@ MAKEFLAGS=
|
||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='tinc'
|
PACKAGE_NAME='tinc'
|
||||||
PACKAGE_TARNAME='tinc'
|
PACKAGE_TARNAME='tinc'
|
||||||
PACKAGE_VERSION='1.0.31'
|
PACKAGE_VERSION='1.0.32'
|
||||||
PACKAGE_STRING='tinc 1.0.31'
|
PACKAGE_STRING='tinc 1.0.32'
|
||||||
PACKAGE_BUGREPORT=''
|
PACKAGE_BUGREPORT=''
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
|
@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
|
||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures tinc 1.0.31 to adapt to many kinds of systems.
|
\`configure' configures tinc 1.0.32 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
|
@ -1402,7 +1402,7 @@ fi
|
||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of tinc 1.0.31:";;
|
short | recursive ) echo "Configuration of tinc 1.0.32:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
|
@ -1528,7 +1528,7 @@ fi
|
||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
tinc configure 1.0.31
|
tinc configure 1.0.32
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
|
@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF
|
||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by tinc $as_me 1.0.31, which was
|
It was created by tinc $as_me 1.0.32, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
|
@ -2857,7 +2857,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE='tinc'
|
PACKAGE='tinc'
|
||||||
VERSION='1.0.31'
|
VERSION='1.0.32'
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
@ -7807,7 +7807,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by tinc $as_me 1.0.31, which was
|
This file was extended by tinc $as_me 1.0.32, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
|
@ -7873,7 +7873,7 @@ _ACEOF
|
||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
tinc config.status 1.0.31
|
tinc config.status 1.0.32
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
|
|
||||||
AC_PREREQ(2.61)
|
AC_PREREQ(2.61)
|
||||||
AC_INIT([tinc], [1.0.31])
|
AC_INIT([tinc], [1.0.32])
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
|
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
|
|
12
debian/changelog
vendored
12
debian/changelog
vendored
|
@ -1,9 +1,13 @@
|
||||||
tinc (1.0.31-1+deb9u1) stretch-security; urgency=high
|
tinc (1.0.32-1) unstable; urgency=medium
|
||||||
|
|
||||||
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
|
* New upstream release.
|
||||||
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
|
* Add a note to new nets.boot files that it is not used with systemd.
|
||||||
|
Closes: #841052
|
||||||
|
* In the post-down script, read the pid file only once. Closes: #832784
|
||||||
|
* Explicitly use /bin/sleep from coreutils. Closes: #772379
|
||||||
|
* Bump Standards-Version.
|
||||||
|
|
||||||
-- Guus Sliepen <guus@debian.org> Sat, 22 Sep 2018 17:35:50 +0200
|
-- Guus Sliepen <guus@debian.org> Tue, 05 Sep 2017 20:23:36 +0200
|
||||||
|
|
||||||
tinc (1.0.31-1) unstable; urgency=medium
|
tinc (1.0.31-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
|
2
debian/control
vendored
2
debian/control
vendored
|
@ -2,7 +2,7 @@ Source: tinc
|
||||||
Section: net
|
Section: net
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Guus Sliepen <guus@debian.org>
|
Maintainer: Guus Sliepen <guus@debian.org>
|
||||||
Standards-Version: 3.9.8
|
Standards-Version: 4.0.0
|
||||||
Build-Depends: libssl-dev, debhelper (>= 10), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd
|
Build-Depends: libssl-dev, debhelper (>= 10), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd
|
||||||
Homepage: http://www.tinc-vpn.org/
|
Homepage: http://www.tinc-vpn.org/
|
||||||
|
|
||||||
|
|
234
debian/patches/security-fixes
vendored
234
debian/patches/security-fixes
vendored
|
@ -1,234 +0,0 @@
|
||||||
--- a/src/connection.h
|
|
||||||
+++ b/src/connection.h
|
|
||||||
@@ -42,7 +42,8 @@
|
|
||||||
unsigned int decryptin:1; /* 1 if we have to decrypt incoming traffic */
|
|
||||||
unsigned int mst:1; /* 1 if this connection is part of a minimum spanning tree */
|
|
||||||
unsigned int proxy_passed:1; /* 1 if we are connecting via a proxy and we have finished talking with it */
|
|
||||||
- unsigned int unused:22;
|
|
||||||
+ unsigned int tarpit:1; /* 1 if the connection should be added to the tarpit */
|
|
||||||
+ unsigned int unused:21;
|
|
||||||
} connection_status_t;
|
|
||||||
|
|
||||||
#include "edge.h"
|
|
||||||
--- a/src/net.c
|
|
||||||
+++ b/src/net.c
|
|
||||||
@@ -158,6 +158,22 @@
|
|
||||||
return max;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Put a misbehaving connection in the tarpit */
|
|
||||||
+void tarpit(int fd) {
|
|
||||||
+ static int pits[10] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
|
|
||||||
+ static int next_pit = 0;
|
|
||||||
+
|
|
||||||
+ if(pits[next_pit] != -1) {
|
|
||||||
+ closesocket(pits[next_pit]);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ pits[next_pit++] = fd;
|
|
||||||
+
|
|
||||||
+ if(next_pit >= sizeof pits / sizeof pits[0]) {
|
|
||||||
+ next_pit = 0;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
Terminate a connection:
|
|
||||||
- Close the socket
|
|
||||||
@@ -178,8 +194,13 @@
|
|
||||||
if(c->node)
|
|
||||||
c->node->connection = NULL;
|
|
||||||
|
|
||||||
- if(c->socket)
|
|
||||||
- closesocket(c->socket);
|
|
||||||
+ if(c->socket) {
|
|
||||||
+ if(c->status.tarpit) {
|
|
||||||
+ tarpit(c->socket);
|
|
||||||
+ } else {
|
|
||||||
+ closesocket(c->socket);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if(c->edge) {
|
|
||||||
if(!c->node) {
|
|
||||||
@@ -266,6 +287,7 @@
|
|
||||||
closesocket(c->socket);
|
|
||||||
do_outgoing_connection(c);
|
|
||||||
} else {
|
|
||||||
+ c->status.tarpit = true;
|
|
||||||
terminate_connection(c, false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -345,6 +367,7 @@
|
|
||||||
|
|
||||||
if(FD_ISSET(c->socket, readset)) {
|
|
||||||
if(!receive_meta(c)) {
|
|
||||||
+ c->status.tarpit = true;
|
|
||||||
terminate_connection(c, c->status.active);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
--- a/src/net.h
|
|
||||||
+++ b/src/net.h
|
|
||||||
@@ -150,6 +150,7 @@
|
|
||||||
extern bool read_rsa_public_key(struct connection_t *);
|
|
||||||
extern void send_mtu_probe(struct node_t *);
|
|
||||||
extern void load_all_subnets(void);
|
|
||||||
+extern void tarpit(int fd);
|
|
||||||
|
|
||||||
#ifndef HAVE_MINGW
|
|
||||||
#define closesocket(s) close(s)
|
|
||||||
--- a/src/net_socket.c
|
|
||||||
+++ b/src/net_socket.c
|
|
||||||
@@ -552,6 +552,9 @@
|
|
||||||
new connection
|
|
||||||
*/
|
|
||||||
bool handle_new_meta_connection(int sock) {
|
|
||||||
+ static const int max_accept_burst = 10;
|
|
||||||
+ static int last_accept_burst;
|
|
||||||
+ static int last_accept_time;
|
|
||||||
connection_t *c;
|
|
||||||
sockaddr_t sa;
|
|
||||||
int fd;
|
|
||||||
@@ -564,6 +567,22 @@
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if(last_accept_time == now) {
|
|
||||||
+ last_accept_burst++;
|
|
||||||
+
|
|
||||||
+ if(last_accept_burst >= max_accept_burst) {
|
|
||||||
+ if(last_accept_burst == max_accept_burst) {
|
|
||||||
+ ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ tarpit(fd);
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ last_accept_burst = 0;
|
|
||||||
+ last_accept_time = now;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
sockaddrunmap(&sa);
|
|
||||||
|
|
||||||
c = new_connection();
|
|
||||||
@@ -585,7 +604,6 @@
|
|
||||||
connection_add(c);
|
|
||||||
|
|
||||||
c->allow_request = ID;
|
|
||||||
- send_id(c);
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
--- a/src/protocol_auth.c
|
|
||||||
+++ b/src/protocol_auth.c
|
|
||||||
@@ -59,7 +59,7 @@
|
|
||||||
|
|
||||||
/* Check if identity is a valid name */
|
|
||||||
|
|
||||||
- if(!check_id(name)) {
|
|
||||||
+ if(!check_id(name) || !strcmp(name, myself->name)) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ID", c->name,
|
|
||||||
c->hostname, "invalid name");
|
|
||||||
return false;
|
|
||||||
@@ -91,6 +91,11 @@
|
|
||||||
if(!c->config_tree)
|
|
||||||
init_configuration(&c->config_tree);
|
|
||||||
c->allow_request = ACK;
|
|
||||||
+
|
|
||||||
+ if(!c->outgoing) {
|
|
||||||
+ send_id(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return send_ack(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -110,6 +115,10 @@
|
|
||||||
|
|
||||||
c->allow_request = METAKEY;
|
|
||||||
|
|
||||||
+ if(!c->outgoing) {
|
|
||||||
+ send_id(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return send_metakey(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -292,7 +301,8 @@
|
|
||||||
c->inbudget = byte_budget(c->incipher);
|
|
||||||
c->status.decryptin = true;
|
|
||||||
} else {
|
|
||||||
- c->incipher = NULL;
|
|
||||||
+ logger(LOG_ERR, "%s (%s) uses null cipher!", c->name, c->hostname);
|
|
||||||
+ return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
c->inmaclength = maclength;
|
|
||||||
@@ -310,7 +320,8 @@
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
- c->indigest = NULL;
|
|
||||||
+ logger(LOG_ERR, "%s (%s) uses null digest!", c->name, c->hostname);
|
|
||||||
+ return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
c->incompression = compression;
|
|
||||||
@@ -384,7 +395,11 @@
|
|
||||||
|
|
||||||
/* Rest is done by send_chal_reply() */
|
|
||||||
|
|
||||||
- return send_chal_reply(c);
|
|
||||||
+ if(c->outgoing) {
|
|
||||||
+ return send_chal_reply(c);
|
|
||||||
+ } else {
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
bool send_chal_reply(connection_t *c) {
|
|
||||||
@@ -482,6 +497,10 @@
|
|
||||||
|
|
||||||
c->allow_request = ACK;
|
|
||||||
|
|
||||||
+ if(!c->outgoing) {
|
|
||||||
+ send_chal_reply(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return send_ack(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
--- a/src/protocol_edge.c
|
|
||||||
+++ b/src/protocol_edge.c
|
|
||||||
@@ -70,7 +70,7 @@
|
|
||||||
|
|
||||||
/* Check if names are valid */
|
|
||||||
|
|
||||||
- if(!check_id(from_name) || !check_id(to_name)) {
|
|
||||||
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ADD_EDGE", c->name,
|
|
||||||
c->hostname, "invalid name");
|
|
||||||
return false;
|
|
||||||
@@ -192,7 +192,7 @@
|
|
||||||
|
|
||||||
/* Check if names are valid */
|
|
||||||
|
|
||||||
- if(!check_id(from_name) || !check_id(to_name)) {
|
|
||||||
+ if(!check_id(from_name) || !check_id(to_name) || !strcmp(from_name, to_name)) {
|
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "DEL_EDGE", c->name,
|
|
||||||
c->hostname, "invalid name");
|
|
||||||
return false;
|
|
||||||
--- a/src/protocol_key.c
|
|
||||||
+++ b/src/protocol_key.c
|
|
||||||
@@ -274,6 +274,11 @@
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
+ if(from->outkeylength != 1) {
|
|
||||||
+ logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
from->outcipher = NULL;
|
|
||||||
}
|
|
||||||
|
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
|
@ -1 +0,0 @@
|
||||||
security-fixes
|
|
3
debian/postinst
vendored
3
debian/postinst
vendored
|
@ -14,7 +14,8 @@ case "$1" in
|
||||||
fi; fi
|
fi; fi
|
||||||
|
|
||||||
if [ ! -e $NETSFILE ] ; then
|
if [ ! -e $NETSFILE ] ; then
|
||||||
echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE
|
echo "## This file contains all names of the networks to be started on system startup when using sysvinit." > $NETSFILE
|
||||||
|
echo "## If you are using systemd, use systemctl enable tinc@netname to enable individual networks." >> $NETSFILE
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
|
8
debian/tinc.if-post-down
vendored
8
debian/tinc.if-post-down
vendored
|
@ -17,13 +17,15 @@ fi
|
||||||
|
|
||||||
# Stop the tinc daemon
|
# Stop the tinc daemon
|
||||||
|
|
||||||
|
read pid rest < $IF_TINC_PIDFILE 2>/dev/null
|
||||||
|
|
||||||
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
/usr/sbin/tincd -n "$IF_TINC_NET" -k $EXTRA
|
||||||
|
|
||||||
# Wait for it to shut down properly
|
# Wait for it to shut down properly
|
||||||
|
|
||||||
sleep 0.1
|
/bin/sleep 0.1
|
||||||
i=0;
|
i=0;
|
||||||
while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
while [ -f $IF_TINC_PIDFILE ] ; do
|
||||||
if [ ! -e "/proc/$pid" ] ; then
|
if [ ! -e "/proc/$pid" ] ; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -32,7 +34,7 @@ while [ -f $IF_TINC_PIDFILE ] && read pid rest < $IF_TINC_PIDFILE ; do
|
||||||
echo 'Failed to stop tinc daemon!'
|
echo 'Failed to stop tinc daemon!'
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sleep 0.1
|
/bin/sleep 0.1
|
||||||
i=$(($i+1))
|
i=$(($i+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
6
debian/tinc.if-pre-up
vendored
6
debian/tinc.if-pre-up
vendored
|
@ -43,14 +43,14 @@ test -n "$LIMITS" && setlimits $LIMITS
|
||||||
|
|
||||||
# Wait for it to come up properly
|
# Wait for it to come up properly
|
||||||
|
|
||||||
sleep 0.1
|
/bin/sleep 0.1
|
||||||
i=0;
|
i=0;
|
||||||
while [ ! -f $IF_TINC_PIDFILE ] ; do
|
while [ ! -f $IF_TINC_PIDFILE ] ; do
|
||||||
if [ $i = '30' ] ; then
|
if [ $i = '30' ] ; then
|
||||||
echo 'Failed to start tinc daemon!'
|
echo 'Failed to start tinc daemon!'
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sleep 0.1
|
/bin/sleep 0.1
|
||||||
i=$(($i+1))
|
i=$(($i+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ while read pid rest < $IF_TINC_PIDFILE ; do
|
||||||
echo 'Failed to start tinc daemon!'
|
echo 'Failed to start tinc daemon!'
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sleep 0.1
|
/bin/sleep 0.1
|
||||||
i=$(($i+1))
|
i=$(($i+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
6
debian/tinc.init
vendored
6
debian/tinc.init
vendored
|
@ -82,7 +82,7 @@ stop() {
|
||||||
$DAEMON -n $1 -k || return
|
$DAEMON -n $1 -k || return
|
||||||
|
|
||||||
i=0;
|
i=0;
|
||||||
sleep 0.5
|
/bin/sleep 0.5
|
||||||
|
|
||||||
# Wait for the pidfile to disappear
|
# Wait for the pidfile to disappear
|
||||||
while [ -f /var/run/tinc.$1.pid ]; do
|
while [ -f /var/run/tinc.$1.pid ]; do
|
||||||
|
@ -91,14 +91,14 @@ stop() {
|
||||||
|
|
||||||
if [ $i = '10' ] ; then
|
if [ $i = '10' ] ; then
|
||||||
# It's still alive, kill it again and give up
|
# It's still alive, kill it again and give up
|
||||||
$DAEMON -n $1 -k && sleep 0.5
|
$DAEMON -n $1 -k && /bin/sleep 0.5
|
||||||
break
|
break
|
||||||
else
|
else
|
||||||
echo -n "."
|
echo -n "."
|
||||||
i=$(($i+1))
|
i=$(($i+1))
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sleep 0.5
|
/bin/sleep 0.5
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
6
depcomp
6
depcomp
|
@ -1,9 +1,9 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# depcomp - compile a program generating dependencies as side-effects
|
# depcomp - compile a program generating dependencies as side-effects
|
||||||
|
|
||||||
scriptversion=2013-05-30.07; # UTC
|
scriptversion=2016-01-11.22; # UTC
|
||||||
|
|
||||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
# This program is free software; you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
@ -786,6 +786,6 @@ exit 0
|
||||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||||
# time-stamp-start: "scriptversion="
|
# time-stamp-start: "scriptversion="
|
||||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||||
# time-stamp-time-zone: "UTC"
|
# time-stamp-time-zone: "UTC0"
|
||||||
# time-stamp-end: "; # UTC"
|
# time-stamp-end: "; # UTC"
|
||||||
# End:
|
# End:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
|
|
@ -8,6 +8,7 @@ Type=simple
|
||||||
WorkingDirectory=/etc/tinc/%i
|
WorkingDirectory=/etc/tinc/%i
|
||||||
ExecStart=/usr/sbin/tincd -n %i -D
|
ExecStart=/usr/sbin/tincd -n %i -D
|
||||||
ExecReload=/usr/sbin/tincd -n %i -kHUP
|
ExecReload=/usr/sbin/tincd -n %i -kHUP
|
||||||
|
KillMode=mixed
|
||||||
TimeoutStopSec=5
|
TimeoutStopSec=5
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=60
|
RestartSec=60
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
|
Binary file not shown.
128
doc/tinc.info
128
doc/tinc.info
|
@ -1,11 +1,11 @@
|
||||||
This is tinc.info, produced by makeinfo version 6.3 from tinc.texi.
|
This is tinc.info, produced by makeinfo version 6.4.90 from tinc.texi.
|
||||||
|
|
||||||
INFO-DIR-SECTION Networking tools
|
INFO-DIR-SECTION Networking tools
|
||||||
START-INFO-DIR-ENTRY
|
START-INFO-DIR-ENTRY
|
||||||
* tinc: (tinc). The tinc Manual.
|
* tinc: (tinc). The tinc Manual.
|
||||||
END-INFO-DIR-ENTRY
|
END-INFO-DIR-ENTRY
|
||||||
|
|
||||||
This is the info manual for tinc version 1.0.29, a Virtual Private
|
This is the info manual for tinc version 1.0.31, a Virtual Private
|
||||||
Network daemon.
|
Network daemon.
|
||||||
|
|
||||||
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen
|
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen
|
||||||
|
@ -981,7 +981,7 @@ ProcessPriority = <low|normal|high>
|
||||||
adjusted. Increasing the priority may help to reduce latency and
|
adjusted. Increasing the priority may help to reduce latency and
|
||||||
packet loss on the VPN.
|
packet loss on the VPN.
|
||||||
|
|
||||||
Proxy = socks4 | socks5 | http | exec ... [experimental]
|
Proxy = socks4 | socks5 | http | exec ... [experimental]
|
||||||
Use a proxy when making outgoing connections. The following proxy
|
Use a proxy when making outgoing connections. The following proxy
|
||||||
types are currently supported:
|
types are currently supported:
|
||||||
|
|
||||||
|
@ -2650,66 +2650,66 @@ Concept Index
|
||||||
|
|
||||||
|
|
||||||
Tag Table:
|
Tag Table:
|
||||||
Node: Top806
|
Node: Top809
|
||||||
Node: Introduction1105
|
Node: Introduction1108
|
||||||
Node: Virtual Private Networks1915
|
Node: Virtual Private Networks1918
|
||||||
Node: tinc3639
|
Node: tinc3642
|
||||||
Node: Supported platforms5166
|
Node: Supported platforms5169
|
||||||
Node: Preparations5867
|
Node: Preparations5870
|
||||||
Node: Configuring the kernel6123
|
Node: Configuring the kernel6126
|
||||||
Node: Configuration of Linux kernels6533
|
Node: Configuration of Linux kernels6536
|
||||||
Node: Configuration of FreeBSD kernels7388
|
Node: Configuration of FreeBSD kernels7391
|
||||||
Node: Configuration of OpenBSD kernels7853
|
Node: Configuration of OpenBSD kernels7856
|
||||||
Node: Configuration of NetBSD kernels8210
|
Node: Configuration of NetBSD kernels8213
|
||||||
Node: Configuration of Solaris kernels8615
|
Node: Configuration of Solaris kernels8618
|
||||||
Node: Configuration of Darwin (Mac OS X) kernels9278
|
Node: Configuration of Darwin (Mac OS X) kernels9281
|
||||||
Node: Configuration of Windows10097
|
Node: Configuration of Windows10100
|
||||||
Node: Libraries10637
|
Node: Libraries10640
|
||||||
Node: LibreSSL/OpenSSL11046
|
Node: LibreSSL/OpenSSL11049
|
||||||
Node: zlib13588
|
Node: zlib13591
|
||||||
Node: lzo14620
|
Node: lzo14623
|
||||||
Node: Installation15603
|
Node: Installation15606
|
||||||
Node: Building and installing tinc16513
|
Node: Building and installing tinc16516
|
||||||
Node: Darwin (Mac OS X) build environment17173
|
Node: Darwin (Mac OS X) build environment17176
|
||||||
Node: Cygwin (Windows) build environment17738
|
Node: Cygwin (Windows) build environment17741
|
||||||
Node: MinGW (Windows) build environment18327
|
Node: MinGW (Windows) build environment18330
|
||||||
Node: System files18921
|
Node: System files18924
|
||||||
Node: Device files19186
|
Node: Device files19189
|
||||||
Node: Other files19602
|
Node: Other files19605
|
||||||
Node: Configuration20215
|
Node: Configuration20218
|
||||||
Node: Configuration introduction20526
|
Node: Configuration introduction20529
|
||||||
Node: Multiple networks21794
|
Node: Multiple networks21797
|
||||||
Node: How connections work23220
|
Node: How connections work23223
|
||||||
Node: Configuration files24442
|
Node: Configuration files24445
|
||||||
Node: Main configuration variables25936
|
Node: Main configuration variables25939
|
||||||
Node: Host configuration variables42193
|
Node: Host configuration variables42195
|
||||||
Node: Scripts47725
|
Node: Scripts47727
|
||||||
Node: How to configure50991
|
Node: How to configure50993
|
||||||
Node: Generating keypairs52249
|
Node: Generating keypairs52251
|
||||||
Node: Network interfaces52748
|
Node: Network interfaces52750
|
||||||
Node: Example configuration54596
|
Node: Example configuration54598
|
||||||
Node: Running tinc59921
|
Node: Running tinc59923
|
||||||
Node: Runtime options60511
|
Node: Runtime options60513
|
||||||
Node: Signals63813
|
Node: Signals63815
|
||||||
Node: Debug levels65004
|
Node: Debug levels65006
|
||||||
Node: Solving problems65940
|
Node: Solving problems65942
|
||||||
Node: Error messages67492
|
Node: Error messages67494
|
||||||
Node: Sending bug reports71501
|
Node: Sending bug reports71503
|
||||||
Node: Technical information72448
|
Node: Technical information72450
|
||||||
Node: The connection72679
|
Node: The connection72681
|
||||||
Node: The UDP tunnel72991
|
Node: The UDP tunnel72993
|
||||||
Node: The meta-connection76052
|
Node: The meta-connection76054
|
||||||
Node: The meta-protocol77521
|
Node: The meta-protocol77523
|
||||||
Node: Security82538
|
Node: Security82540
|
||||||
Node: Authentication protocol83680
|
Node: Authentication protocol83682
|
||||||
Node: Encryption of network packets88725
|
Node: Encryption of network packets88727
|
||||||
Node: Security issues90101
|
Node: Security issues90103
|
||||||
Node: Platform specific information91740
|
Node: Platform specific information91742
|
||||||
Node: Interface configuration91968
|
Node: Interface configuration91970
|
||||||
Node: Routes94439
|
Node: Routes94441
|
||||||
Node: About us96453
|
Node: About us96455
|
||||||
Node: Contact information96628
|
Node: Contact information96630
|
||||||
Node: Authors97031
|
Node: Authors97033
|
||||||
Node: Concept Index97436
|
Node: Concept Index97438
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2016 Ivo Timmermans,
|
Copyright @copyright{} 1998-2017 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
||||||
@vskip 0pt plus 1filll
|
@vskip 0pt plus 1filll
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2016 Ivo Timmermans,
|
Copyright @copyright{} 1998-2017 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
meta.c -- handle the meta communication
|
meta.c -- handle the meta communication
|
||||||
Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
|
|
||||||
|
@ -104,7 +104,7 @@ bool flush_meta(connection_t *c) {
|
||||||
} else if(errno == EINTR) {
|
} else if(errno == EINTR) {
|
||||||
continue;
|
continue;
|
||||||
} else if(sockwouldblock(sockerrno)) {
|
} else if(sockwouldblock(sockerrno)) {
|
||||||
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
|
ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
|
||||||
c->outbuflen, c->name, c->hostname);
|
c->outbuflen, c->name, c->hostname);
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -660,9 +660,12 @@ static bool setup_myself(void) {
|
||||||
/* We need to use a stream mode for the meta protocol. Use AES for this,
|
/* We need to use a stream mode for the meta protocol. Use AES for this,
|
||||||
but try to match the key size with the one from the cipher selected
|
but try to match the key size with the one from the cipher selected
|
||||||
by Cipher.
|
by Cipher.
|
||||||
|
|
||||||
|
If Cipher is set to none, still use a low level of encryption for the
|
||||||
|
meta protocol.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int keylen = EVP_CIPHER_key_length(myself->incipher);
|
int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0;
|
||||||
if(keylen <= 16)
|
if(keylen <= 16)
|
||||||
myself->connection->outcipher = EVP_aes_128_cfb();
|
myself->connection->outcipher = EVP_aes_128_cfb();
|
||||||
else if(keylen <= 24)
|
else if(keylen <= 24)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_socket.c -- Handle various kinds of sockets.
|
net_socket.c -- Handle various kinds of sockets.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2009 Florian Forster <octo@verplant.org>
|
2009 Florian Forster <octo@verplant.org>
|
||||||
|
|
||||||
|
@ -442,6 +442,7 @@ connect:
|
||||||
if(!proxytype) {
|
if(!proxytype) {
|
||||||
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
|
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
|
||||||
} else if(proxytype == PROXY_EXEC) {
|
} else if(proxytype == PROXY_EXEC) {
|
||||||
|
c->status.proxy_passed = true;
|
||||||
do_outgoing_pipe(c, proxyhost);
|
do_outgoing_pipe(c, proxyhost);
|
||||||
} else {
|
} else {
|
||||||
proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
|
proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
|
||||||
|
@ -471,6 +472,33 @@ connect:
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
bind_to_interface(c->socket);
|
bind_to_interface(c->socket);
|
||||||
|
|
||||||
|
int b = -1;
|
||||||
|
|
||||||
|
for(int i = 0; i < listen_sockets; i++) {
|
||||||
|
if(listen_socket[i].sa.sa.sa_family == c->address.sa.sa_family) {
|
||||||
|
if(b == -1) {
|
||||||
|
b = i;
|
||||||
|
} else {
|
||||||
|
b = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(b != -1) {
|
||||||
|
sockaddr_t sa = listen_socket[b].sa;
|
||||||
|
if(sa.sa.sa_family == AF_INET)
|
||||||
|
sa.in.sin_port = 0;
|
||||||
|
else if(sa.sa.sa_family == AF_INET6)
|
||||||
|
sa.in6.sin6_port = 0;
|
||||||
|
|
||||||
|
if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
|
||||||
|
char *addrstr = sockaddr2hostname(&sa);
|
||||||
|
logger(LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
|
||||||
|
free(addrstr);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Connect */
|
/* Connect */
|
||||||
|
@ -529,13 +557,20 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
|
||||||
c->outcompression = myself->connection->outcompression;
|
c->outcompression = myself->connection->outcompression;
|
||||||
|
|
||||||
init_configuration(&c->config_tree);
|
init_configuration(&c->config_tree);
|
||||||
read_connection_config(c);
|
if(!read_connection_config(c)) {
|
||||||
|
free_connection(c);
|
||||||
|
outgoing->timeout = maxtimeout;
|
||||||
|
retry_outgoing(outgoing);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
outgoing->cfg = lookup_config(c->config_tree, "Address");
|
outgoing->cfg = lookup_config(c->config_tree, "Address");
|
||||||
|
|
||||||
if(!outgoing->cfg) {
|
if(!outgoing->cfg) {
|
||||||
logger(LOG_ERR, "No address specified for %s", c->name);
|
logger(LOG_ERR, "No address specified for %s", c->name);
|
||||||
free_connection(c);
|
free_connection(c);
|
||||||
|
outgoing->timeout = maxtimeout;
|
||||||
|
retry_outgoing(outgoing);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
proxy.c -- Proxy handling functions.
|
proxy.c -- Proxy handling functions.
|
||||||
Copyright (C) 2015-2016 Guus Sliepen <guus@tinc-vpn.org>
|
Copyright (C) 2015-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -174,7 +174,7 @@ bool send_proxyrequest(connection_t *c) {
|
||||||
}
|
}
|
||||||
|
|
||||||
case PROXY_EXEC:
|
case PROXY_EXEC:
|
||||||
return true;
|
abort();
|
||||||
|
|
||||||
default:
|
default:
|
||||||
logger(LOG_ERR, "Unknown proxy type");
|
logger(LOG_ERR, "Unknown proxy type");
|
||||||
|
|
15
src/route.c
15
src/route.c
|
@ -1,8 +1,8 @@
|
||||||
/*
|
/*
|
||||||
route.c -- routing
|
route.c -- routing
|
||||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||||
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2015 Vittorio Gambaletta
|
2015-2016 Vittorio Gambaletta
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -675,6 +675,9 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
|
||||||
if(!do_decrement_ttl(source, packet))
|
if(!do_decrement_ttl(source, packet))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
if(priorityinheritance)
|
||||||
|
packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
|
||||||
|
|
||||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
|
||||||
if(via == source) {
|
if(via == source) {
|
||||||
|
@ -963,8 +966,12 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
|
|
||||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||||
|
|
||||||
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
|
if(priorityinheritance) {
|
||||||
packet->priority = packet->data[15];
|
if(type == ETH_P_IP && packet->len >= ether_size + ip_size)
|
||||||
|
packet->priority = packet->data[15];
|
||||||
|
else if(type == ETH_P_IPV6 && packet->len >= ether_size + ip6_size)
|
||||||
|
packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
|
||||||
|
}
|
||||||
|
|
||||||
// Handle packets larger than PMTU
|
// Handle packets larger than PMTU
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
device.c -- Interaction with Solaris tun device
|
device.c -- Interaction with Solaris tun device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||||
2001-2014 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -24,6 +24,7 @@
|
||||||
|
|
||||||
#include <sys/stropts.h>
|
#include <sys/stropts.h>
|
||||||
#include <sys/sockio.h>
|
#include <sys/sockio.h>
|
||||||
|
#include <stropts.h>
|
||||||
|
|
||||||
#include "../conf.h"
|
#include "../conf.h"
|
||||||
#include "../device.h"
|
#include "../device.h"
|
||||||
|
@ -40,6 +41,7 @@
|
||||||
|
|
||||||
#define DEFAULT_TUN_DEVICE "/dev/tun"
|
#define DEFAULT_TUN_DEVICE "/dev/tun"
|
||||||
#define DEFAULT_TAP_DEVICE "/dev/tap"
|
#define DEFAULT_TAP_DEVICE "/dev/tap"
|
||||||
|
#define IP_DEVICE "/dev/udp"
|
||||||
|
|
||||||
static enum {
|
static enum {
|
||||||
DEVICE_TYPE_TUN,
|
DEVICE_TYPE_TUN,
|
||||||
|
@ -85,10 +87,13 @@ static bool setup_device(void) {
|
||||||
else
|
else
|
||||||
device_info = "Solaris tap device";
|
device_info = "Solaris tap device";
|
||||||
|
|
||||||
|
if(device_type == DEVICE_TYPE_TAP && routing_mode == RMODE_ROUTER)
|
||||||
|
overwrite_mac = true;
|
||||||
|
|
||||||
/* The following is black magic copied from OpenVPN. */
|
/* The following is black magic copied from OpenVPN. */
|
||||||
|
|
||||||
if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) {
|
if((ip_fd = open(IP_DEVICE, O_RDWR, 0)) < 0) {
|
||||||
logger(LOG_ERR, "Could not open %s: %s\n", "/dev/ip", strerror(errno));
|
logger(LOG_ERR, "Could not open %s: %s\n", IP_DEVICE, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -205,7 +210,7 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
/* Push arp module to ip_fd */
|
/* Push arp module to ip_fd */
|
||||||
if(ioctl(ip_fd, I_PUSH, "arp") < 0) {
|
if(ioctl(ip_fd, I_PUSH, "arp") < 0) {
|
||||||
logger(LOG_ERR, "Could not push ARP module onto %s!", "/dev/ip");
|
logger(LOG_ERR, "Could not push ARP module onto %s!", IP_DEVICE);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -297,11 +302,16 @@ static void close_device(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool read_packet(vpn_packet_t *packet) {
|
static bool read_packet(vpn_packet_t *packet) {
|
||||||
int inlen;
|
int result;
|
||||||
|
struct strbuf sbuf;
|
||||||
|
int f = 0;
|
||||||
|
|
||||||
switch(device_type) {
|
switch(device_type) {
|
||||||
case DEVICE_TYPE_TUN:
|
case DEVICE_TYPE_TUN:
|
||||||
if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) {
|
sbuf.maxlen = MTU - 14;
|
||||||
|
sbuf.buf = (char *)packet->data + 14;
|
||||||
|
|
||||||
|
if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
|
||||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -321,16 +331,19 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(packet->data, 0, 12);
|
memset(packet->data, 0, 12);
|
||||||
packet->len = inlen + 14;
|
packet->len = sbuf.len + 14;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DEVICE_TYPE_TAP:
|
case DEVICE_TYPE_TAP:
|
||||||
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
|
sbuf.maxlen = MTU;
|
||||||
|
sbuf.buf = (char *)packet->data;
|
||||||
|
|
||||||
|
if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
|
||||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet->len = inlen + 14;
|
packet->len = sbuf.len;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -347,16 +360,24 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
static bool write_packet(vpn_packet_t *packet) {
|
static bool write_packet(vpn_packet_t *packet) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info);
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info);
|
||||||
|
|
||||||
|
struct strbuf sbuf;
|
||||||
|
|
||||||
switch(device_type) {
|
switch(device_type) {
|
||||||
case DEVICE_TYPE_TUN:
|
case DEVICE_TYPE_TUN:
|
||||||
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
sbuf.len = packet->len - 14;
|
||||||
|
sbuf.buf = (char *)packet->data + 14;
|
||||||
|
|
||||||
|
if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
|
||||||
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DEVICE_TYPE_TAP:
|
case DEVICE_TYPE_TAP:
|
||||||
if(write(device_fd, packet->data, packet->len) < 0) {
|
sbuf.len = packet->len;
|
||||||
|
sbuf.buf = (char *)packet->data;
|
||||||
|
|
||||||
|
if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
|
||||||
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue