Import Debian changes 1.0.27-1

tinc (1.0.27-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version.
  * Add native systemd unit files.
  * Automatically convert networks listed in nets.boot to systemd service
    instances on upgrade.
This commit is contained in:
Guus Sliepen 2016-04-10 01:39:16 +02:00
commit c167efd01b
52 changed files with 1811 additions and 958 deletions

View file

@ -1,4 +1,4 @@
Copyright (C) 1998-2015 Ivo Timmermans, Guus Sliepen and others. Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.
See the AUTHORS file for a complete list. See the AUTHORS file for a complete list.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under

View file

@ -1,3 +1,53 @@
Version 1.0.27 April 10 2016
------------------------------------------------------------------------
Guus Sliepen (26):
Add missing AM_PROG_CC_C_O to configure.ac.
Attribution for various contributors.
Update "now" after connect() when making outgoing connections.
Add ability to use proxies to connect to hostnames when there is no nameserver.
Only add a reflexive address when we're sure it's working.
Fix compatibility with TAP-Win32 9.0.0.21 and later.
Fix warnings from the Clang Static Analyzer.
Improve performance of edge updates.
Clarify that scripts are called synchronously.
Small fixes for the documentation.
Add warnings for bad combinations of Device and Interface.
Fix forwarding of edge updates.
Don't compile getopt*.c if the system provides getopt_long().
Update .gitignore.
Update THANKS.
Use iface instead of interface.
Update copyright notices.
Remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
Cast 0xff to char before comparing it to another char.
Get rid of a warning when compiling tinc using MinGW.
Every BSD flavor has a tap device nowadays.
Use devname() if available to support devfs cloning on BSD.
Use SIOCGIFADDR on BSDs that support it.
Enable silent builds by default.
Add support for OS X utun interfaces.
Releasing 1.0.27.
Vittorio Gambaletta (VittGam) (6):
Fix DecrementTTL option.
Fix source IP address for ICMP unreachable packets generated by tinc.
Try to reply with node address only when decrementing the TTL.
Fix DecrementTTL option for packets destined to the local node.
s/broadcast_packet_helper/route_broadcast/
Remove forward declaration for do_decrement_ttl.
LunarShaddow (3):
fix typo
re-arrange include sequence to avoid a mingw introduced bug.
Proofing README.
Florian Weik (1):
Fix NAME variable in subnet-* scripts for local subnets.
Nathan Stratton Treadway (1):
Fix invalid checksum generation.
Version 1.0.26 July 05 2015 Version 1.0.26 July 05 2015
------------------------------------------------------------------------ ------------------------------------------------------------------------

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am. # Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc. # Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -14,7 +14,17 @@
@SET_MAKE@ @SET_MAKE@
VPATH = @srcdir@ VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \ am__make_running_with_option = \
case $${target_option-} in \ case $${target_option-} in \
?) ;; \ ?) ;; \
@ -78,11 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@ build_triplet = @build@
host_triplet = @host@ host_triplet = @host@
subdir = . subdir = .
DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \
$(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/configure $(am__configure_deps) \
$(srcdir)/config.h.in COPYING THANKS compile config.guess \
config.sub depcomp install-sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \
@ -91,6 +96,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/configure.ac $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4) $(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d mkinstalldirs = $(install_sh) -d
@ -154,6 +161,9 @@ ETAGS = etags
CTAGS = ctags CTAGS = ctags
CSCOPE = cscope CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS) DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in AUTHORS \
COPYING ChangeLog INSTALL NEWS README THANKS compile \
config.guess config.sub depcomp install-sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION) distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir) top_distdir = $(distdir)
@ -284,6 +294,7 @@ pdfdir = @pdfdir@
prefix = @prefix@ prefix = @prefix@
program_transform_name = @program_transform_name@ program_transform_name = @program_transform_name@
psdir = @psdir@ psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@ srcdir = @srcdir@
@ -315,7 +326,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
$(am__cd) $(top_srcdir) && \ $(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile $(AUTOMAKE) --gnu Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \ @case '$?' in \
*config.status*) \ *config.status*) \
@ -543,15 +553,15 @@ dist-xz: distdir
$(am__post_remove_distdir) $(am__post_remove_distdir)
dist-tarZ: distdir dist-tarZ: distdir
@echo WARNING: "Support for shar distribution archives is" \ @echo WARNING: "Support for distribution archives compressed with" \
"deprecated." >&2 "legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir) $(am__post_remove_distdir)
dist-shar: distdir dist-shar: distdir
@echo WARNING: "Support for distribution archives compressed with" \ @echo WARNING: "Support for shar distribution archives is" \
"legacy program 'compress' is deprecated." >&2 "deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__post_remove_distdir) $(am__post_remove_distdir)
@ -587,17 +597,17 @@ distcheck: dist
esac esac
chmod -R a-w $(distdir) chmod -R a-w $(distdir)
chmod u+w $(distdir) chmod u+w $(distdir)
mkdir $(distdir)/_build $(distdir)/_inst mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
chmod a-w $(distdir) chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \ test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \ && am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \ && $(am__cd) $(distdir)/_build/sub \
&& ../configure \ && ../../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=.. --prefix="$$dc_install_base" \ --srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) check \
@ -772,6 +782,8 @@ uninstall-am:
mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-am
.PRECIOUS: Makefile
ChangeLog: ChangeLog:
git log > ChangeLog git log > ChangeLog

21
NEWS
View file

@ -1,3 +1,24 @@
Version 1.0.27 April 10 2016
* When using Proxy, let the proxy resolve hostnames if tinc can't.
* Fixes and improvements of the DecrementTTL option.
* Fixed the $NAME variable in subnet-up/down scripts for the local Subnets.
* Fixed potentially wrong checksum generation when clamping the MSS.
* Properly choose between the system's or our own copy of getopt.
* Fixed compiling tinc for Cygwin with MinGW installed.
* Added support for OS X utun interfaces.
* Documentation updates and minor fixes.
Thanks to Vittorio Gambaletta, LunarShaddow, Florian Weik and Nathan Stratton
Treadway for their contributions to this version of tinc.
Version 1.0.26 July 5 2015 Version 1.0.26 July 5 2015
* Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup. * Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.

18
README
View file

@ -1,7 +1,7 @@
This is the README file for tinc version 1.0.26. Installation This is the README file for tinc version 1.0.27. Installation
instructions may be found in the INSTALL file. instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2015 by: tinc is Copyright (C) 1998-2016 by:
Ivo Timmermans, Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>, Guus Sliepen <guus@tinc-vpn.org>,
@ -42,7 +42,7 @@ issues are being addressed in the tinc 1.1 branch.
Cryptography is a hard thing to get right. We cannot make any Cryptography is a hard thing to get right. We cannot make any
guarantees. Time, review and feedback are the only things that can guarantees. Time, review and feedback are the only things that can
prove the security of any cryptographic product. If you wish to review prove the security of any cryptographic product. If you wish to review
tinc or give us feedback, you are stronly encouraged to do so. tinc or give us feedback, you are strongly encouraged to do so.
Changes to configuration file format since 1.0pre5 Changes to configuration file format since 1.0pre5
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
Compatibility Compatibility
------------- -------------
Version 1.0.26 is compatible with 1.0pre8, 1.0 and later, but not with older Version 1.0.27 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc. versions of tinc.
@ -106,14 +106,14 @@ Linux, FreeBSD and Windows.
The algorithms used for encryption and generating message authentication codes The algorithms used for encryption and generating message authentication codes
can now be changed in the configuration files. All cipher and digest algorithms can now be changed in the configuration files. All cipher and digest algorithms
supported by OpenSSL can be used. Useful ciphers are "blowfish" (default), supported by OpenSSL can be used. Useful ciphers are "blowfish" (default),
"bf-ofb", "des", "des3", etcetera. Useful digests are "sha1" (default), "md5", "bf-ofb", "des", "des3", et cetera. Useful digests are "sha1" (default), "md5",
etcetera. et cetera.
Support for routing IPv6 packets has been added. Just add Subnet lines with Support for routing IPv6 packets has been added. Just add Subnet lines with
IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from
the iproute package) to give the virtual network interface corresponding IPv6 the iproute package) to give the virtual network interface corresponding IPv6
addresses. tinc does not provide autoconfiguration for IPv6 hosts, if you need addresses. tinc does not provide autoconfiguration for IPv6 hosts. Consider
it use radvd or zebra. using radvd or zebra if you need it.
It is also possible to make tunnels to other tinc daemons over IPv6 networks, It is also possible to make tunnels to other tinc daemons over IPv6 networks,
if the operating system supports IPv6. tinc will automatically use both IPv6 if the operating system supports IPv6. tinc will automatically use both IPv6
@ -121,7 +121,7 @@ and IPv4 when available, but this can be changed by adding the option
"AddressFamily = ipv4" or "AddressFamily = ipv6" to the tinc.conf file. "AddressFamily = ipv4" or "AddressFamily = ipv6" to the tinc.conf file.
Normally, when started tinc will detach and run in the background. In a native Normally, when started tinc will detach and run in the background. In a native
Windows environment this means tinc will intall itself as a service, which will Windows environment this means tinc will install itself as a service, which will
restart after reboots. To prevent tinc from detaching or running as a service, restart after reboots. To prevent tinc from detaching or running as a service,
use the -D option. use the -D option.

7
THANKS
View file

@ -17,10 +17,12 @@ We would like to thank the following people for their contributions to tinc:
* dnk * dnk
* Enrique Zanardi * Enrique Zanardi
* Florent Clairambault * Florent Clairambault
* Florian Weik
* Flynn Marquardt * Flynn Marquardt
* Gary Kessler and Claudia Gonzalez * Gary Kessler and Claudia Gonzalez
* Grzegorz Dymarek * Grzegorz Dymarek
* Hans Bayle * Hans Bayle
* Harvest
* Ivo van Dong * Ivo van Dong
* James Cook * James Cook
* James MacLean * James MacLean
@ -38,6 +40,7 @@ We would like to thank the following people for their contributions to tinc:
* Loïc Dachary * Loïc Dachary
* Loïc Grenié * Loïc Grenié
* Lubomír Bulej * Lubomír Bulej
* LunarShaddow
* Mads Kiilerich * Mads Kiilerich
* Marc A. Lehmann * Marc A. Lehmann
* Mark Glines * Mark Glines
@ -52,16 +55,19 @@ We would like to thank the following people for their contributions to tinc:
* Mesar Hameed * Mesar Hameed
* Michael Tokarev * Michael Tokarev
* Miles Nordin * Miles Nordin
* Nathan Stratton Treadway
* Nick Hibma * Nick Hibma
* Nick Patavalis * Nick Patavalis
* Paul Littlefield * Paul Littlefield
* Philipp Babel * Philipp Babel
* Rhosyn Celyn
* Robert van der Meulen * Robert van der Meulen
* Rumko * Rumko
* Sam Bryan * Sam Bryan
* Saverio Proto * Saverio Proto
* Scott Lamb * Scott Lamb
* Steffan Karger * Steffan Karger
* Stig Fagrell
* Sven-Haegar Koch * Sven-Haegar Koch
* Teemu Kiviniemi * Teemu Kiviniemi
* Thomas Tsiakalakis * Thomas Tsiakalakis
@ -70,6 +76,7 @@ We would like to thank the following people for their contributions to tinc:
* Tomislav Čohar * Tomislav Čohar
* Tommy Arnkværn * Tommy Arnkværn
* Tonnerre Lombard * Tonnerre Lombard
* Ulrich Seifert
* Vil Brekin * Vil Brekin
* Vittorio Gambaletta * Vittorio Gambaletta
* Wessel Dankers * Wessel Dankers

View file

@ -3,7 +3,7 @@
scriptversion=2012-10-14.11; # UTC scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc. # Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>. # Written by Tom Tromey <tromey@cygnus.com>.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify

47
config.guess vendored
View file

@ -1,8 +1,8 @@
#! /bin/sh #! /bin/sh
# Attempt to guess a canonical system name. # Attempt to guess a canonical system name.
# Copyright 1992-2014 Free Software Foundation, Inc. # Copyright 1992-2015 Free Software Foundation, Inc.
timestamp='2014-03-23' timestamp='2015-08-20'
# This file is free software; you can redistribute it and/or modify it # This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by # under the terms of the GNU General Public License as published by
@ -24,12 +24,12 @@ timestamp='2014-03-23'
# program. This Exception is an additional permission under section 7 # program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3"). # of the GNU General Public License, version 3 ("GPLv3").
# #
# Originally written by Per Bothner. # Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
# #
# You can get the latest version of this script from: # You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
# #
# Please send patches with a ChangeLog entry to config-patches@gnu.org. # Please send patches to <config-patches@gnu.org>.
me=`echo "$0" | sed -e 's,.*/,,'` me=`echo "$0" | sed -e 's,.*/,,'`
@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp) GNU config.guess ($timestamp)
Originally written by Per Bothner. Originally written by Per Bothner.
Copyright 1992-2014 Free Software Foundation, Inc. Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -168,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# Note: NetBSD doesn't particularly care about the vendor # Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown". # portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch" sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || echo unknown)` /sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || \
echo unknown)`
case "${UNAME_MACHINE_ARCH}" in case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;; armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;; arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;; sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;; sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;; sh5el) machine=sh5le-unknown ;;
earmv*)
arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
machine=${arch}${endian}-unknown
;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac esac
# The Operating System including object format, if it has switched # The Operating System including object format, if it has switched
# to ELF recently, or will in the future. # to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in case "${UNAME_MACHINE_ARCH}" in
arm*|i386|m68k|ns32k|sh3*|sparc|vax) arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__ | grep -q __ELF__
@ -197,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
os=netbsd os=netbsd
;; ;;
esac esac
# Determine ABI tags.
case "${UNAME_MACHINE_ARCH}" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
;;
esac
# The OS release # The OS release
# Debian GNU/NetBSD machines have a different userland, and # Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need # thus, need a distinct triplet. However, they do not need
@ -207,13 +221,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
release='-gnu' release='-gnu'
;; ;;
*) *)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;; ;;
esac esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form: # contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}" echo "${machine}-${os}${release}${abi}"
exit ;; exit ;;
*:Bitrig:*:*) *:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
@ -235,6 +249,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:MirBSD:*:*) *:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;; exit ;;
*:Sortix:*:*)
echo ${UNAME_MACHINE}-unknown-sortix
exit ;;
alpha:OSF1:*:*) alpha:OSF1:*:*)
case $UNAME_RELEASE in case $UNAME_RELEASE in
*4.0) *4.0)
@ -579,8 +596,9 @@ EOF
else else
IBM_ARCH=powerpc IBM_ARCH=powerpc
fi fi
if [ -x /usr/bin/oslevel ] ; then if [ -x /usr/bin/lslpp ] ; then
IBM_REV=`/usr/bin/oslevel` IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi fi
@ -932,6 +950,9 @@ EOF
crisv32:Linux:*:*) crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC} echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;; exit ;;
e2k:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
frv:Linux:*:*) frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC} echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;; exit ;;
@ -1020,7 +1041,7 @@ EOF
echo ${UNAME_MACHINE}-dec-linux-${LIBC} echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;; exit ;;
x86_64:Linux:*:*) x86_64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC} echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;; exit ;;
xtensa*:Linux:*:*) xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC} echo ${UNAME_MACHINE}-unknown-linux-${LIBC}

View file

@ -53,6 +53,9 @@
don't. */ don't. */
#undef HAVE_DECL_RES_INIT #undef HAVE_DECL_RES_INIT
/* Define to 1 if you have the `devname' function. */
#undef HAVE_DEVNAME
/* Define to 1 if you have the <dirent.h> header file. */ /* Define to 1 if you have the <dirent.h> header file. */
#undef HAVE_DIRENT_H #undef HAVE_DIRENT_H
@ -65,6 +68,9 @@
/* Define to 1 if you have the `fchmod' function. */ /* Define to 1 if you have the `fchmod' function. */
#undef HAVE_FCHMOD #undef HAVE_FCHMOD
/* Define to 1 if you have the `fdevname' function. */
#undef HAVE_FDEVNAME
/* Define to 1 if you have the `flock' function. */ /* Define to 1 if you have the `flock' function. */
#undef HAVE_FLOCK #undef HAVE_FLOCK
@ -77,6 +83,12 @@
/* Define to 1 if you have the `ftime' function. */ /* Define to 1 if you have the `ftime' function. */
#undef HAVE_FTIME #undef HAVE_FTIME
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
/* getopt_long() */
#undef HAVE_GETOPT_LONG
/* Define to 1 if you have the `gettimeofday' function. */ /* Define to 1 if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY #undef HAVE_GETTIMEOFDAY
@ -179,6 +191,9 @@
/* Define to 1 if you have the <net/if_types.h> header file. */ /* Define to 1 if you have the <net/if_types.h> header file. */
#undef HAVE_NET_IF_TYPES_H #undef HAVE_NET_IF_TYPES_H
/* Define to 1 if you have the <net/if_utun.h> header file. */
#undef HAVE_NET_IF_UTUN_H
/* Define to 1 if you have the <net/tap/if_tap.h> header file. */ /* Define to 1 if you have the <net/tap/if_tap.h> header file. */
#undef HAVE_NET_TAP_IF_TAP_H #undef HAVE_NET_TAP_IF_TAP_H

36
config.sub vendored
View file

@ -1,8 +1,8 @@
#! /bin/sh #! /bin/sh
# Configuration validation subroutine script. # Configuration validation subroutine script.
# Copyright 1992-2014 Free Software Foundation, Inc. # Copyright 1992-2015 Free Software Foundation, Inc.
timestamp='2014-09-11' timestamp='2015-08-20'
# This file is free software; you can redistribute it and/or modify it # This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by # under the terms of the GNU General Public License as published by
@ -25,7 +25,7 @@ timestamp='2014-09-11'
# of the GNU General Public License, version 3 ("GPLv3"). # of the GNU General Public License, version 3 ("GPLv3").
# Please send patches with a ChangeLog entry to config-patches@gnu.org. # Please send patches to <config-patches@gnu.org>.
# #
# Configuration subroutine to validate and canonicalize a configuration type. # Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument. # Supply the specified configuration type as an argument.
@ -68,7 +68,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\ version="\
GNU config.sub ($timestamp) GNU config.sub ($timestamp)
Copyright 1992-2014 Free Software Foundation, Inc. Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -117,7 +117,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \ kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*) storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os os=-$maybe_os
@ -255,12 +255,13 @@ case $basic_machine in
| arc | arceb \ | arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \ | avr | avr32 \
| ba \
| be32 | be64 \ | be32 | be64 \
| bfin \ | bfin \
| c4x | c8051 | clipper \ | c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \ | d10v | d30v | dlx | dsp16xx \
| epiphany \ | e2k | epiphany \
| fido | fr30 | frv \ | fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \ | hexagon \
| i370 | i860 | i960 | ia64 \ | i370 | i860 | i960 | ia64 \
@ -305,7 +306,7 @@ case $basic_machine in
| riscv32 | riscv64 \ | riscv32 | riscv64 \
| rl78 | rx \ | rl78 | rx \
| score \ | score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \ | sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@ -313,6 +314,7 @@ case $basic_machine in
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \ | ubicom32 \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| visium \
| we32k \ | we32k \
| x86 | xc16x | xstormy16 | xtensa \ | x86 | xc16x | xstormy16 | xtensa \
| z8k | z80) | z8k | z80)
@ -327,6 +329,9 @@ case $basic_machine in
c6x) c6x)
basic_machine=tic6x-unknown basic_machine=tic6x-unknown
;; ;;
leon|leon[3-9])
basic_machine=sparc-$basic_machine
;;
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
basic_machine=$basic_machine-unknown basic_machine=$basic_machine-unknown
os=-none os=-none
@ -372,12 +377,13 @@ case $basic_machine in
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \ | avr-* | avr32-* \
| ba-* \
| be32-* | be64-* \ | be32-* | be64-* \
| bfin-* | bs2000-* \ | bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \ | c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \ | d10v-* | d30v-* | dlx-* \
| elxsi-* \ | e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \ | h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
@ -424,12 +430,13 @@ case $basic_machine in
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \ | pyramid-* \
| riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \ | rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \ | sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \ | tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \ | tile*-* \
@ -437,6 +444,7 @@ case $basic_machine in
| ubicom32-* \ | ubicom32-* \
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \ | vax-* \
| visium-* \
| we32k-* \ | we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \ | xstormy16-* | xtensa*-* \
@ -513,6 +521,9 @@ case $basic_machine in
basic_machine=i386-pc basic_machine=i386-pc
os=-aros os=-aros
;; ;;
asmjs)
basic_machine=asmjs-unknown
;;
aux) aux)
basic_machine=m68k-apple basic_machine=m68k-apple
os=-aux os=-aux
@ -774,6 +785,9 @@ case $basic_machine in
basic_machine=m68k-isi basic_machine=m68k-isi
os=-sysv os=-sysv
;; ;;
leon-*|leon[3-9]-*)
basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
;;
m68knommu) m68knommu)
basic_machine=m68k-unknown basic_machine=m68k-unknown
os=-linux os=-linux
@ -1365,7 +1379,7 @@ case $os in
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* | -plan9* \ | -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \ | -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \

91
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for tinc 1.0.26. # Generated by GNU Autoconf 2.69 for tinc 1.0.27.
# #
# #
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -577,8 +577,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='tinc' PACKAGE_NAME='tinc'
PACKAGE_TARNAME='tinc' PACKAGE_TARNAME='tinc'
PACKAGE_VERSION='1.0.26' PACKAGE_VERSION='1.0.27'
PACKAGE_STRING='tinc 1.0.26' PACKAGE_STRING='tinc 1.0.27'
PACKAGE_BUGREPORT='' PACKAGE_BUGREPORT=''
PACKAGE_URL='' PACKAGE_URL=''
@ -623,6 +623,8 @@ ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE am__EXEEXT_TRUE
LTLIBOBJS LTLIBOBJS
LIBOBJS LIBOBJS
GETOPT_FALSE
GETOPT_TRUE
TUNEMU_FALSE TUNEMU_FALSE
TUNEMU_TRUE TUNEMU_TRUE
VDE_FALSE VDE_FALSE
@ -1308,7 +1310,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures tinc 1.0.26 to adapt to many kinds of systems. \`configure' configures tinc 1.0.27 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1378,7 +1380,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of tinc 1.0.26:";; short | recursive ) echo "Configuration of tinc 1.0.27:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
@ -1497,7 +1499,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
tinc configure 1.0.26 tinc configure 1.0.27
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
@ -1962,7 +1964,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by tinc $as_me 1.0.26, which was It was created by tinc $as_me 1.0.27, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
@ -2826,7 +2828,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE='tinc' PACKAGE='tinc'
VERSION='1.0.26' VERSION='1.0.27'
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
@ -2944,6 +2946,45 @@ fi
MAINT=$MAINTAINER_MODE_TRUE MAINT=$MAINTAINER_MODE_TRUE
# Check whether --enable-silent-rules was given.
if test "${enable_silent_rules+set}" = set; then :
enableval=$enable_silent_rules;
fi
case $enable_silent_rules in # (((
yes) AM_DEFAULT_VERBOSITY=0;;
no) AM_DEFAULT_VERBOSITY=1;;
*) AM_DEFAULT_VERBOSITY=0;;
esac
am_make=${MAKE-make}
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
if ${am_cv_make_support_nested_variables+:} false; then :
$as_echo_n "(cached) " >&6
else
if $as_echo 'TRUE=$(BAR$(V))
BAR0=false
BAR1=true
V=1
am__doit:
@$(TRUE)
.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
am_cv_make_support_nested_variables=yes
else
am_cv_make_support_nested_variables=no
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
$as_echo "$am_cv_make_support_nested_variables" >&6; }
if test $am_cv_make_support_nested_variables = yes; then
AM_V='$(V)'
AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
else
AM_V=$AM_DEFAULT_VERBOSITY
AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
fi
AM_BACKSLASH='\'
# Enable GNU extensions. # Enable GNU extensions.
# Define this here, not in acconfig's @TOP@ section, since definitions # Define this here, not in acconfig's @TOP@ section, since definitions
@ -4768,6 +4809,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# Make sure we can run config.sub. # Make sure we can run config.sub.
$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
@ -5598,7 +5641,7 @@ $as_echo "#define STDC_HEADERS 1" >>confdefs.h
fi fi
for ac_header in stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h arpa/nameser.h dirent.h for ac_header in stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h arpa/nameser.h dirent.h getopt.h
do : do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@ -5611,7 +5654,7 @@ fi
done done
for ac_header in net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h for ac_header in net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_utun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h
do : do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include \"src/have.h\" ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include \"src/have.h\"
@ -6089,7 +6132,7 @@ cat >>confdefs.h <<_ACEOF
_ACEOF _ACEOF
for ac_func in asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall pselect putenv random select strdup strerror strsignal strtol system unsetenv usleep vsyslog writev for ac_func in asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall pselect putenv random select strdup strerror strsignal strtol system unsetenv usleep vsyslog writev devname fdevname
do : do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -6102,6 +6145,24 @@ fi
done done
ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long"
if test "x$ac_cv_func_getopt_long" = xyes; then :
getopt=true;
$as_echo "#define HAVE_GETOPT_LONG 1" >>confdefs.h
else
getopt=false
fi
if test "$getopt" = true; then
GETOPT_TRUE=
GETOPT_FALSE='#'
else
GETOPT_TRUE='#'
GETOPT_FALSE=
fi
ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket"
if test "x$ac_cv_func_socket" = xyes; then : if test "x$ac_cv_func_socket" = xyes; then :
@ -7045,6 +7106,10 @@ if test -z "${TUNEMU_TRUE}" && test -z "${TUNEMU_FALSE}"; then
as_fn_error $? "conditional \"TUNEMU\" was never defined. as_fn_error $? "conditional \"TUNEMU\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5 Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi fi
if test -z "${GETOPT_TRUE}" && test -z "${GETOPT_FALSE}"; then
as_fn_error $? "conditional \"GETOPT\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
: "${CONFIG_STATUS=./config.status}" : "${CONFIG_STATUS=./config.status}"
ac_write_fail=0 ac_write_fail=0
@ -7442,7 +7507,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by tinc $as_me 1.0.26, which was This file was extended by tinc $as_me 1.0.27, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
@ -7508,7 +7573,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
tinc config.status 1.0.26 tinc config.status 1.0.27
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"

View file

@ -1,11 +1,12 @@
dnl Process this file with autoconf to produce a configure script. dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61) AC_PREREQ(2.61)
AC_INIT([tinc], [1.0.26]) AC_INIT([tinc], [1.0.27])
AC_CONFIG_SRCDIR([src/tincd.c]) AC_CONFIG_SRCDIR([src/tincd.c])
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc -Wall]) AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
AC_CONFIG_HEADERS([config.h]) AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE AM_MAINTAINER_MODE
AM_SILENT_RULES([yes])
# Enable GNU extensions. # Enable GNU extensions.
# Define this here, not in acconfig's @TOP@ section, since definitions # Define this here, not in acconfig's @TOP@ section, since definitions
@ -18,6 +19,8 @@ AC_PROG_CC_C99
AC_PROG_CPP AC_PROG_CPP
AC_PROG_INSTALL AC_PROG_INSTALL
AM_PROG_CC_C_O
dnl Check and set OS dnl Check and set OS
AC_CANONICAL_HOST AC_CANONICAL_HOST
@ -158,8 +161,8 @@ dnl Checks for header files.
dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies. dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
AC_HEADER_STDC AC_HEADER_STDC
AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h arpa/nameser.h dirent.h]) AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h arpa/nameser.h dirent.h getopt.h])
AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h], AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_utun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h],
[], [], [#include "src/have.h"] [], [], [#include "src/have.h"]
) )
AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h resolv.h], AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h resolv.h],
@ -185,10 +188,13 @@ AC_CHECK_TYPES([socklen_t, struct ether_header, struct arphdr, struct ether_arp,
dnl Checks for library functions. dnl Checks for library functions.
AC_TYPE_SIGNAL AC_TYPE_SIGNAL
AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall pselect putenv random select strdup strerror strsignal strtol system unsetenv usleep vsyslog writev], AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall pselect putenv random select strdup strerror strsignal strtol system unsetenv usleep vsyslog writev devname fdevname],
[], [], [#include "src/have.h"] [], [], [#include "src/have.h"]
) )
AC_CHECK_FUNC(getopt_long, [getopt=true; AC_DEFINE(HAVE_GETOPT_LONG, 1, [getopt_long()])], [getopt=false])
AM_CONDITIONAL(GETOPT, test "$getopt" = true)
dnl Support for SunOS dnl Support for SunOS
AC_CHECK_FUNC(socket, [], [ AC_CHECK_FUNC(socket, [], [

14
debian/NEWS vendored Normal file
View file

@ -0,0 +1,14 @@
tinc (1.0.27-1) unstable; urgency=medium
This package now provides native systemd service files, allowing multiple
instances of tinc to be managed. Existing networks listed in
/etc/tinc/nets.boot will be converted to service instances once during this
upgrade. Afterwards, you can enable and disable networks using:
systemctl enable tinc@<netname>
systemctl disable tinc@<netname>
If you do not have systemd installed, the SysV init script will continue to
work as usual. For more information, see README.Debian.
-- Guus Sliepen <guus@debian.org> Sun, 10 Apr 2016 01:33:55 +0200

59
debian/README.Debian vendored
View file

@ -1,17 +1,54 @@
tinc for Debian tinc for Debian
---------------------- ---------------
The manual for tinc is also available as info pages, type `info tinc' The manual for tinc is also available as info pages, type `info tinc'
to read it. to read it.
The system startup script for tinc, /etc/init.d/tinc, uses the file There are several ways in which tinc may be automatically started at boot:
/etc/tinc/nets.boot to find out which networks have to be started.
Alternatively, you can create a stanza in /etc/network/interfaces, and add a Systemd
line with "tinc-net <netname>". This will cause a tincd to be started which -------
uses the configuration from /etc/tinc/<netname>. You can use an inet static
(with address and netmask options) or inet dhcp stanza, in which case the ifup Since 1.0.27-1, the tinc package comes with native systemd service files.
will configure the VPN interface and you do not need to have a tinc-up script. To enable and start a net, call:
systemctl enable tinc@<netname>
systemctl start tinc@<netname>
This will cause a tincd to be started which uses the configuration from
/etc/tinc/<netname>, and also makes sure that it will be started next time your
system boots.
Apart from controlling individual instances, you can also start/stop/reload all
enabled instances simultaneously by omitting @<netname>, for example:
systemctl reload tinc
Note that when you have systemd installed on your system, the file
/etc/tinc/nets.boot will not be used anymore to automatically start tinc
daemons. If the variable EXTRA is defined in /etc/default/tinc, it will be
passed on to tinc. The variable LIMITS is however not used.
The service files that come with this package start tinc unconditionally.
However, tinc does support socket activation. If you wish to write a socket
unit for tinc, use the ListenStream option to specify on which port(s) and
address(es) tinc should listen.
SysVinit
--------
The system startup script for tinc, /etc/init.d/tinc, uses the file
/etc/tinc/nets.boot to find out which networks have to be started. Use one
netname per line. Lines starting with a # are ignored.
/etc/network/interfaces
-----------------------
You can create a stanza in /etc/network/interfaces, and add a line with
"tinc-net <netname>". This will cause a tincd to be started which uses the
configuration from /etc/tinc/<netname>. You can use an inet static (with
address and netmask options) or inet dhcp stanza, in which case the ifup will
configure the VPN interface and you do not need to have a tinc-up script.
The following options are also recognized and map directly to the corresponding The following options are also recognized and map directly to the corresponding
command line options for tincd: command line options for tincd:
@ -37,7 +74,7 @@ iface vpn inet static
This will start a tinc daemon that reads its configuration from This will start a tinc daemon that reads its configuration from
/etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user /etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user
nobody, writes the PID to /tmp/tinc.pid, and creates a network interface called nobody, and creates a network interface called "vpn". Ifup then sets the
"vpn". Ifup then sets the address and netmask on that interface. address and netmask on that interface.
-- Guus Sliepen <guus@debian.org>, Fri, 25 June 2012, 20:28:35 +0200 -- Guus Sliepen <guus@debian.org>, Sun, 10 April 2016, 01:38:08 +0200

10
debian/changelog vendored
View file

@ -1,3 +1,13 @@
tinc (1.0.27-1) unstable; urgency=medium
* New upstream release.
* Bump Standards-Version.
* Add native systemd unit files.
* Automatically convert networks listed in nets.boot to systemd service
instances on upgrade.
-- Guus Sliepen <guus@debian.org> Sun, 10 Apr 2016 01:39:16 +0200
tinc (1.0.26-1) unstable; urgency=medium tinc (1.0.26-1) unstable; urgency=medium
* New upstream release. * New upstream release.

4
debian/control vendored
View file

@ -2,8 +2,8 @@ Source: tinc
Section: net Section: net
Priority: optional Priority: optional
Maintainer: Guus Sliepen <guus@debian.org> Maintainer: Guus Sliepen <guus@debian.org>
Standards-Version: 3.9.6 Standards-Version: 3.9.7
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev, dh-systemd
Homepage: http://www.tinc-vpn.org/ Homepage: http://www.tinc-vpn.org/
Package: tinc Package: tinc

28
debian/preinst vendored Normal file
View file

@ -0,0 +1,28 @@
#!/bin/sh
NETSFILE="/etc/tinc/nets.boot"
SYSTEM="/lib/systemd/system"
WANTS="/etc/systemd/system/multi-user.target.wants"
set -e
case "$1" in
upgrade)
if dpkg --compare-versions "$2" '<<' "1.0.27-1"; then
if [ -f "$NETSFILE" ]; then
echo -n "Creating systemd service instances from nets.boot:"
mkdir -p "$WANTS"
egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
echo -n " $net"
ln -s "$SYSTEM/tinc@.service" "$WANTS/tinc@$net.service" 2>/dev/null || true
done
echo "."
fi
fi
;;
*)
;;
esac
#DEBHELPER#

17
debian/rules vendored
View file

@ -1,16 +1,7 @@
#!/usr/bin/make -f #!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%: %:
dh $@ --parallel dh $@ --parallel --with systemd
override_dh_auto_configure: override_dh_auto_configure:
dh_auto_configure -- --enable-uml --enable-vde dh_auto_configure -- --enable-uml --enable-vde
@ -22,7 +13,7 @@ override_dh_auto_install:
override_dh_installinit: override_dh_installinit:
dh_installinit -R dh_installinit -R
dh_installinit --name=tinc@ --noscripts
override_dh_clean: override_dh_systemd_start:
dh_clean dh_systemd_start --restart-after-upgrade
rm -f src/device.c

16
debian/tinc.service vendored Normal file
View file

@ -0,0 +1,16 @@
# This is a mostly empty service, but allows commands like stop, start, reload
# to propagate to all tinc@ service instances.
[Unit]
Description=Tinc VPN
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/etc/tinc
[Install]
WantedBy=multi-user.target

17
debian/tinc@.service vendored Normal file
View file

@ -0,0 +1,17 @@
[Unit]
Description=Tinc net %i
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service
[Service]
Type=simple
WorkingDirectory=/etc/tinc/%i
ExecStart=/usr/sbin/tinc -n %i start -D
ExecReload=/usr/sbin/tinc -n %i reload
ExecStop=/usr/sbin/tinc -n %i stop
TimeoutStopSec=5
Restart=always
RestartSec=60
[Install]
WantedBy=tinc.service

View file

@ -3,7 +3,7 @@
scriptversion=2013-05-30.07; # UTC scriptversion=2013-05-30.07; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc. # Copyright (C) 1999-2014 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by

View file

@ -17,16 +17,16 @@ transform = s/ginstall/install/; @program_transform_name@
# see GNUmakefile and Makefile.maint. # see GNUmakefile and Makefile.maint.
sample-config.tar.gz: sample-config sample-config.tar.gz: sample-config
GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz --exclude .svn sample-config $(AM_V_GEN)GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz --exclude .svn sample-config
texi2html: tinc.texi texi2html: tinc.texi
texi2html -split=chapter tinc.texi $(AM_V_GEN)texi2html -split=chapter tinc.texi
tincd.8.html: tincd.8 tincd.8.html: tincd.8
w3mman2html $< > $@ $(AM_V_GEN)w3mman2html $< > $@
tinc.conf.5.html: tinc.conf.5 tinc.conf.5.html: tinc.conf.5
w3mman2html $< > $@ $(AM_V_GEN)w3mman2html $< > $@
substitute = sed \ substitute = sed \
-e s,'@PACKAGE\@',"$(PACKAGE)",g \ -e s,'@PACKAGE\@',"$(PACKAGE)",g \
@ -35,12 +35,12 @@ substitute = sed \
-e s,'@localstatedir\@',"$(localstatedir)",g -e s,'@localstatedir\@',"$(localstatedir)",g
tincd.8: tincd.8.in tincd.8: tincd.8.in
$(substitute) tincd.8.in > tincd.8 $(AM_V_GEN)$(substitute) tincd.8.in > tincd.8
tinc.conf.5: tinc.conf.5.in tinc.conf.5: tinc.conf.5.in
$(substitute) tinc.conf.5.in > tinc.conf.5 $(AM_V_GEN)$(substitute) tinc.conf.5.in > tinc.conf.5
tincinclude.texi: tincinclude.texi.in tincinclude.texi: tincinclude.texi.in
$(substitute) tincinclude.texi.in > tincinclude.texi $(AM_V_GEN)$(substitute) tincinclude.texi.in > tincinclude.texi
tinc.texi: tincinclude.texi tinc.texi: tincinclude.texi

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am. # Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc. # Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -14,7 +14,17 @@
@SET_MAKE@ @SET_MAKE@
VPATH = @srcdir@ VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \ am__make_running_with_option = \
case $${target_option-} in \ case $${target_option-} in \
?) ;; \ ?) ;; \
@ -77,7 +87,6 @@ POST_UNINSTALL = :
build_triplet = @build@ build_triplet = @build@
host_triplet = @host@ host_triplet = @host@
subdir = doc subdir = doc
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am texinfo.tex
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \
@ -86,6 +95,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/configure.ac $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4) $(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = CONFIG_CLEAN_FILES =
@ -183,6 +193,7 @@ man8dir = $(mandir)/man8
NROFF = nroff NROFF = nroff
MANS = $(man_MANS) MANS = $(man_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in texinfo.tex
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
# Use `ginstall' in the definition of man_MANS to avoid # Use `ginstall' in the definition of man_MANS to avoid
@ -277,6 +288,7 @@ pdfdir = @pdfdir@
prefix = @prefix@ prefix = @prefix@
program_transform_name = @program_transform_name@ program_transform_name = @program_transform_name@
psdir = @psdir@ psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@ srcdir = @srcdir@
@ -311,7 +323,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
$(am__cd) $(top_srcdir) && \ $(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile $(AUTOMAKE) --gnu doc/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \ @case '$?' in \
*config.status*) \ *config.status*) \
@ -812,30 +823,32 @@ uninstall-man: uninstall-man5 uninstall-man8
uninstall-html-am uninstall-info-am uninstall-man \ uninstall-html-am uninstall-info-am uninstall-man \
uninstall-man5 uninstall-man8 uninstall-pdf-am uninstall-ps-am uninstall-man5 uninstall-man8 uninstall-pdf-am uninstall-ps-am
.PRECIOUS: Makefile
# For additional rules usually of interest only to the maintainer, # For additional rules usually of interest only to the maintainer,
# see GNUmakefile and Makefile.maint. # see GNUmakefile and Makefile.maint.
sample-config.tar.gz: sample-config sample-config.tar.gz: sample-config
GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz --exclude .svn sample-config $(AM_V_GEN)GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz --exclude .svn sample-config
texi2html: tinc.texi texi2html: tinc.texi
texi2html -split=chapter tinc.texi $(AM_V_GEN)texi2html -split=chapter tinc.texi
tincd.8.html: tincd.8 tincd.8.html: tincd.8
w3mman2html $< > $@ $(AM_V_GEN)w3mman2html $< > $@
tinc.conf.5.html: tinc.conf.5 tinc.conf.5.html: tinc.conf.5
w3mman2html $< > $@ $(AM_V_GEN)w3mman2html $< > $@
tincd.8: tincd.8.in tincd.8: tincd.8.in
$(substitute) tincd.8.in > tincd.8 $(AM_V_GEN)$(substitute) tincd.8.in > tincd.8
tinc.conf.5: tinc.conf.5.in tinc.conf.5: tinc.conf.5.in
$(substitute) tinc.conf.5.in > tinc.conf.5 $(AM_V_GEN)$(substitute) tinc.conf.5.in > tinc.conf.5
tincinclude.texi: tincinclude.texi.in tincinclude.texi: tincinclude.texi.in
$(substitute) tincinclude.texi.in > tincinclude.texi $(AM_V_GEN)$(substitute) tincinclude.texi.in > tincinclude.texi
tinc.texi: tincinclude.texi tinc.texi: tincinclude.texi

Binary file not shown.

View file

@ -1,4 +1,4 @@
.Dd 2014-05-11 .Dd 2016-04-10
.Dt TINC.CONF 5 .Dt TINC.CONF 5
.\" Manual page created by: .\" Manual page created by:
.\" Ivo Timmermans .\" Ivo Timmermans
@ -54,7 +54,7 @@ But it is highly recommended that you use this feature of
because it will be so much clearer whom your daemon talks to. because it will be so much clearer whom your daemon talks to.
Hence, we will assume that you use it. Hence, we will assume that you use it.
.Sh NAMES .Sh NAMES
Each tinc daemon should have a name that is unique in the network which it will be part of. Each tinc daemon must have a name that is unique in the network which it will be part of.
The name will be used by other tinc daemons for identification. The name will be used by other tinc daemons for identification.
The name has to be declared in the The name has to be declared in the
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf .Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
@ -250,6 +250,10 @@ Tinc will expect packets read from the virtual network device
to start with a four byte header containing the address family, to start with a four byte header containing the address family,
followed by an IP header. followed by an IP header.
This mode should support both IPv4 and IPv6 packets. This mode should support both IPv4 and IPv6 packets.
.It utun Pq OS X
Set type to utun.
This is only supported on OS X version 10.6.8 and higher, but doesn't require the tuntaposx module.
This mode should support both IPv4 and IPv6 packets.
.It tap Pq BSD and Linux .It tap Pq BSD and Linux
Set type to tap. Set type to tap.
Tinc will expect packets read from the virtual network device Tinc will expect packets read from the virtual network device
@ -362,7 +366,7 @@ If
.Va Name .Va Name
is is
.Li $HOST , .Li $HOST ,
but no such environment variable exist, the hostname will be read using the gethostnname() system call. but no such environment variable exist, the hostname will be read using the gethostname() system call.
.It Va PingInterval Li = Ar seconds Pq 60 .It Va PingInterval Li = Ar seconds Pq 60
The number of seconds of inactivity that The number of seconds of inactivity that
.Nm tinc .Nm tinc
@ -556,7 +560,15 @@ UDP is possible or not.
.Sh SCRIPTS .Sh SCRIPTS
Apart from reading the server and host configuration files, Apart from reading the server and host configuration files,
tinc can also run scripts at certain moments. tinc can also run scripts at certain moments.
Under Windows (not Cygwin), the scripts should have the extension Below is a list of filenames of scripts and a description of when they are run.
A script is only run if it exists and if it is executable.
.Pp
Scripts are run synchronously;
this means that tinc will temporarily stop processing packets until the called script finishes executing.
This guarantees that scripts will execute in the exact same order as the events that trigger them.
If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
.Pp
Under Windows (not Cygwin), the scripts must have the extension
.Pa .bat . .Pa .bat .
.Bl -tag -width indent .Bl -tag -width indent
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up .It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
@ -564,6 +576,7 @@ This is the most important script.
If it is present it will be executed right after the tinc daemon has been started and has connected to the virtual network device. If it is present it will be executed right after the tinc daemon has been started and has connected to the virtual network device.
It should be used to set up the corresponding network interface, It should be used to set up the corresponding network interface,
but can also be used to start other things. but can also be used to start other things.
.Pp
Under Windows you can use the Network Connections control panel instead of creating this script. Under Windows you can use the Network Connections control panel instead of creating this script.
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down .It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
This script is started right before the tinc daemon quits. This script is started right before the tinc daemon quits.

View file

@ -1,14 +1,14 @@
This is tinc.info, produced by makeinfo version 5.2 from tinc.texi. This is tinc.info, produced by makeinfo version 6.1 from tinc.texi.
INFO-DIR-SECTION Networking tools INFO-DIR-SECTION Networking tools
START-INFO-DIR-ENTRY START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual. * tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.25, a Virtual Private This is the info manual for tinc version 1.0.27, a Virtual Private
Network daemon. Network daemon.
Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>. <guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this Permission is granted to make and distribute verbatim copies of this
@ -257,10 +257,16 @@ File: tinc.info, Node: Configuration of Darwin (Mac OS X) kernels, Next: Confi
------------------------------------------------ ------------------------------------------------
Tinc on Darwin relies on a tunnel driver for its data acquisition from Tinc on Darwin relies on a tunnel driver for its data acquisition from
the kernel. Tinc supports either the driver from the kernel. OS X version 10.6.8 and later have a built-in tun driver
called "utun". Tinc also supports the driver from
<http://tuntaposx.sourceforge.net/>, which supports both tun and tap <http://tuntaposx.sourceforge.net/>, which supports both tun and tap
style devices. style devices.
By default, tinc expects the tuntaposx driver to be installed. To
use the utun driver, set add 'Device = utunX' to 'tinc.conf', where X is
the desired number for the utun interface. You can also omit the
number, in which case the first free number will be chosen.
 
File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin (Mac OS X) kernels, Up: Configuring the kernel File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin (Mac OS X) kernels, Up: Configuring the kernel
@ -816,6 +822,11 @@ DeviceType = <TYPE> (platform dependent)
followed by an IP header. This mode should support both IPv4 followed by an IP header. This mode should support both IPv4
and IPv6 packets. and IPv6 packets.
utun (OS X)
Set type to utun. This is only supported on OS X version
10.6.8 and higher, but doesn't require the tuntaposx module.
This mode should support both IPv4 and IPv6 packets.
tap (BSD and Linux) tap (BSD and Linux)
Set type to tap. Tinc will expect packets read from the Set type to tap. Tinc will expect packets read from the
virtual network device to start with an Ethernet header. virtual network device to start with an Ethernet header.
@ -931,15 +942,15 @@ Mode = <router|switch|hub> (router)
routing table is managed. routing table is managed.
Name = <NAME> [required] Name = <NAME> [required]
This is a symbolic name for this connection. The name should This is a symbolic name for this connection. The name must consist
consist only of alphanumeric and underscore characters (a-z, A-Z, only of alphanumeric and underscore characters (a-z, A-Z, 0-9 and
0-9 and _). _).
If Name starts with a $, then the contents of the environment If Name starts with a $, then the contents of the environment
variable that follows will be used. In that case, invalid variable that follows will be used. In that case, invalid
characters will be converted to underscores. If Name is $HOST, but characters will be converted to underscores. If Name is $HOST, but
no such environment variable exist, the hostname will be read using no such environment variable exist, the hostname will be read using
the gethostnname() system call. the gethostname() system call.
PingInterval = <SECONDS> (60) PingInterval = <SECONDS> (60)
The number of seconds of inactivity that tinc will wait before The number of seconds of inactivity that tinc will wait before
@ -972,7 +983,7 @@ ProcessPriority = <low|normal|high>
adjusted. Increasing the priority may help to reduce latency and adjusted. Increasing the priority may help to reduce latency and
packet loss on the VPN. packet loss on the VPN.
Proxy = socks4 | socks5 | http | exec ... [experimental] Proxy = socks4 | socks5 | http | exec ... [experimental]
Use a proxy when making outgoing connections. The following proxy Use a proxy when making outgoing connections. The following proxy
types are currently supported: types are currently supported:
@ -1152,16 +1163,27 @@ File: tinc.info, Node: Scripts, Next: How to configure, Prev: Host configurat
------------- -------------
Apart from reading the server and host configuration files, tinc can Apart from reading the server and host configuration files, tinc can
also run scripts at certain moments. Under Windows (not Cygwin), the also run scripts at certain moments. Below is a list of filenames of
scripts should have the extension .bat. scripts and a description of when they are run. A script is only run if
it exists and if it is executable.
Scripts are run synchronously; this means that tinc will temporarily
stop processing packets until the called script finishes executing.
This guarantees that scripts will execute in the exact same order as the
events that trigger them. If you need to run commands asynchronously,
you have to ensure yourself that they are being run in the background.
Under Windows (not Cygwin), the scripts must have the extension .bat.
'/etc/tinc/NETNAME/tinc-up' '/etc/tinc/NETNAME/tinc-up'
This is the most important script. If it is present it will be This is the most important script. If it is present it will be
executed right after the tinc daemon has been started and has executed right after the tinc daemon has been started and has
connected to the virtual network device. It should be used to set connected to the virtual network device. It should be used to set
up the corresponding network interface, but can also be used to up the corresponding network interface, but can also be used to
start other things. Under Windows you can use the Network start other things.
Connections control panel instead of creating this script.
Under Windows you can use the Network Connections control panel
instead of creating this script.
'/etc/tinc/NETNAME/tinc-down' '/etc/tinc/NETNAME/tinc-down'
This script is started right before the tinc daemon quits. This script is started right before the tinc daemon quits.
@ -2449,86 +2471,86 @@ Concept Index
* DEL_SUBNET: The meta-protocol. (line 46) * DEL_SUBNET: The meta-protocol. (line 46)
* Device: Main configuration variables. * Device: Main configuration variables.
(line 73) (line 73)
* DEVICE: Scripts. (line 53) * DEVICE: Scripts. (line 64)
* device files: Device files. (line 6) * device files: Device files. (line 6)
* DeviceType: Main configuration variables. * DeviceType: Main configuration variables.
(line 79) (line 79)
* Digest: Host configuration variables. * Digest: Host configuration variables.
(line 31) (line 31)
* DirectOnly: Main configuration variables. * DirectOnly: Main configuration variables.
(line 144) (line 149)
* dummy: Main configuration variables. * dummy: Main configuration variables.
(line 86) (line 86)
* encapsulating: The UDP tunnel. (line 30) * encapsulating: The UDP tunnel. (line 30)
* encryption: Encryption of network packets. * encryption: Encryption of network packets.
(line 6) (line 6)
* environment variables: Scripts. (line 42) * environment variables: Scripts. (line 53)
* example: Example configuration. * example: Example configuration.
(line 6) (line 6)
* exec: Main configuration variables. * exec: Main configuration variables.
(line 314) (line 319)
* Forwarding: Main configuration variables. * Forwarding: Main configuration variables.
(line 151) (line 156)
* frame type: The UDP tunnel. (line 6) * frame type: The UDP tunnel. (line 6)
* GraphDumpFile: Main configuration variables. * GraphDumpFile: Main configuration variables.
(line 171) (line 176)
* Hostnames: Main configuration variables. * Hostnames: Main configuration variables.
(line 179) (line 184)
* http: Main configuration variables. * http: Main configuration variables.
(line 311) (line 316)
* hub: Main configuration variables. * hub: Main configuration variables.
(line 249) (line 254)
* ID: Authentication protocol. * ID: Authentication protocol.
(line 10) (line 10)
* IffOneQueue: Main configuration variables. * IffOneQueue: Main configuration variables.
(line 190) (line 195)
* IndirectData: Host configuration variables. * IndirectData: Host configuration variables.
(line 36) (line 36)
* Interface: Main configuration variables. * Interface: Main configuration variables.
(line 193) (line 198)
* INTERFACE: Scripts. (line 56) * INTERFACE: Scripts. (line 67)
* IRC: Contact information. (line 9) * IRC: Contact information. (line 9)
* key generation: Generating keypairs. (line 6) * key generation: Generating keypairs. (line 6)
* KeyExpire: Main configuration variables. * KeyExpire: Main configuration variables.
(line 201) (line 206)
* KEY_CHANGED: The meta-protocol. (line 63) * KEY_CHANGED: The meta-protocol. (line 63)
* libraries: Libraries. (line 6) * libraries: Libraries. (line 6)
* license: OpenSSL. (line 35) * license: OpenSSL. (line 35)
* LocalDiscovery: Main configuration variables. * LocalDiscovery: Main configuration variables.
(line 207) (line 212)
* lzo: lzo. (line 6) * lzo: lzo. (line 6)
* MACExpire: Main configuration variables. * MACExpire: Main configuration variables.
(line 218) (line 223)
* MACLength: Host configuration variables. * MACLength: Host configuration variables.
(line 44) (line 44)
* MaxTimeout: Main configuration variables. * MaxTimeout: Main configuration variables.
(line 223) (line 228)
* meta-protocol: The meta-connection. (line 18) * meta-protocol: The meta-connection. (line 18)
* META_KEY: Authentication protocol. * META_KEY: Authentication protocol.
(line 10) (line 10)
* Mode: Main configuration variables. * Mode: Main configuration variables.
(line 227) (line 232)
* multicast: Main configuration variables. * multicast: Main configuration variables.
(line 98) (line 98)
* multiple networks: Multiple networks. (line 6) * multiple networks: Multiple networks. (line 6)
* Name: Main configuration variables. * Name: Main configuration variables.
(line 254) (line 259)
* NAME: Scripts. (line 50) * NAME: Scripts. (line 61)
* netmask: Network interfaces. (line 33) * netmask: Network interfaces. (line 33)
* netname: Multiple networks. (line 6) * netname: Multiple networks. (line 6)
* NETNAME: Scripts. (line 47) * NETNAME: Scripts. (line 58)
* Network Administrators Guide: Configuration introduction. * Network Administrators Guide: Configuration introduction.
(line 15) (line 15)
* NODE: Scripts. (line 60) * NODE: Scripts. (line 71)
* OpenSSL: OpenSSL. (line 6) * OpenSSL: OpenSSL. (line 6)
* options: Runtime options. (line 9) * options: Runtime options. (line 9)
* PEM format: Host configuration variables. * PEM format: Host configuration variables.
(line 69) (line 69)
* PING: The meta-protocol. (line 88) * PING: The meta-protocol. (line 88)
* PingInterval: Main configuration variables. * PingInterval: Main configuration variables.
(line 265) (line 270)
* PingTimeout: Main configuration variables. * PingTimeout: Main configuration variables.
(line 269) (line 274)
* platforms: Supported platforms. (line 6) * platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables. * PMTU: Host configuration variables.
(line 49) (line 49)
@ -2539,17 +2561,17 @@ Concept Index
(line 57) (line 57)
* port numbers: Other files. (line 17) * port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables. * PriorityInheritance: Main configuration variables.
(line 275) (line 280)
* private: Virtual Private Networks. * private: Virtual Private Networks.
(line 10) (line 10)
* PrivateKey: Main configuration variables. * PrivateKey: Main configuration variables.
(line 280) (line 285)
* PrivateKeyFile: Main configuration variables. * PrivateKeyFile: Main configuration variables.
(line 286)
* ProcessPriority: Main configuration variables.
(line 291) (line 291)
* Proxy: Main configuration variables. * ProcessPriority: Main configuration variables.
(line 296) (line 296)
* Proxy: Main configuration variables.
(line 301)
* PublicKey: Host configuration variables. * PublicKey: Host configuration variables.
(line 61) (line 61)
* PublicKeyFile: Host configuration variables. * PublicKeyFile: Host configuration variables.
@ -2557,14 +2579,14 @@ Concept Index
* raw_socket: Main configuration variables. * raw_socket: Main configuration variables.
(line 91) (line 91)
* release: Supported platforms. (line 14) * release: Supported platforms. (line 14)
* REMOTEADDRESS: Scripts. (line 65) * REMOTEADDRESS: Scripts. (line 76)
* REMOTEPORT: Scripts. (line 68) * REMOTEPORT: Scripts. (line 79)
* ReplayWindow: Main configuration variables. * ReplayWindow: Main configuration variables.
(line 319) (line 324)
* requirements: Libraries. (line 6) * requirements: Libraries. (line 6)
* REQ_KEY: The meta-protocol. (line 63) * REQ_KEY: The meta-protocol. (line 63)
* router: Main configuration variables. * router: Main configuration variables.
(line 230) (line 235)
* runtime options: Runtime options. (line 9) * runtime options: Runtime options. (line 9)
* scalability: tinc. (line 19) * scalability: tinc. (line 19)
* scripts: Scripts. (line 6) * scripts: Scripts. (line 6)
@ -2572,46 +2594,48 @@ Concept Index
(line 18) (line 18)
* signals: Signals. (line 6) * signals: Signals. (line 6)
* socks4: Main configuration variables. * socks4: Main configuration variables.
(line 300)
* socks5: Main configuration variables.
(line 305) (line 305)
* socks5: Main configuration variables.
(line 310)
* StrictSubnets: Main configuration variables. * StrictSubnets: Main configuration variables.
(line 330) (line 335)
* Subnet: Host configuration variables. * Subnet: Host configuration variables.
(line 76) (line 76)
* SUBNET: Scripts. (line 72) * SUBNET: Scripts. (line 83)
* Subnet weight: Host configuration variables. * Subnet weight: Host configuration variables.
(line 98) (line 98)
* SVPN: Security. (line 11) * SVPN: Security. (line 11)
* switch: Main configuration variables. * switch: Main configuration variables.
(line 238) (line 243)
* TCP: The meta-connection. (line 10) * TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables. * TCPonly: Host configuration variables.
(line 105) (line 105)
* tinc: Introduction. (line 6) * tinc: Introduction. (line 6)
* TINC: Security. (line 6) * TINC: Security. (line 6)
* tinc-down: Scripts. (line 18) * tinc-down: Scripts. (line 29)
* tinc-up: Scripts. (line 10) * tinc-up: Scripts. (line 19)
* tinc-up <1>: Network interfaces. (line 19) * tinc-up <1>: Network interfaces. (line 19)
* tincd: tinc. (line 14) * tincd: tinc. (line 14)
* traditional VPNs: tinc. (line 19) * traditional VPNs: tinc. (line 19)
* tunifhead: Main configuration variables. * tunifhead: Main configuration variables.
(line 133) (line 133)
* TunnelServer: Main configuration variables. * TunnelServer: Main configuration variables.
(line 337) (line 342)
* tunnohead: Main configuration variables. * tunnohead: Main configuration variables.
(line 127) (line 127)
* UDP: The UDP tunnel. (line 30) * UDP: The UDP tunnel. (line 30)
* UDP <1>: Encryption of network packets. * UDP <1>: Encryption of network packets.
(line 12) (line 12)
* UDPRcvBuf: Main configuration variables. * UDPRcvBuf: Main configuration variables.
(line 344)
* UDPSndBuf: Main configuration variables.
(line 349) (line 349)
* UDPSndBuf: Main configuration variables.
(line 354)
* UML: Main configuration variables. * UML: Main configuration variables.
(line 109) (line 109)
* Universal tun/tap: Configuration of Linux kernels. * Universal tun/tap: Configuration of Linux kernels.
(line 6) (line 6)
* utun: Main configuration variables.
(line 140)
* VDE: Main configuration variables. * VDE: Main configuration variables.
(line 114) (line 114)
* virtual: Virtual Private Networks. * virtual: Virtual Private Networks.
@ -2621,7 +2645,7 @@ Concept Index
(line 6) (line 6)
* vpnd: tinc. (line 6) * vpnd: tinc. (line 6)
* website: Contact information. (line 6) * website: Contact information. (line 6)
* WEIGHT: Scripts. (line 75) * WEIGHT: Scripts. (line 86)
* zlib: zlib. (line 6) * zlib: zlib. (line 6)
@ -2640,53 +2664,53 @@ Node: Configuration of OpenBSD kernels7852
Node: Configuration of NetBSD kernels8460 Node: Configuration of NetBSD kernels8460
Node: Configuration of Solaris kernels8865 Node: Configuration of Solaris kernels8865
Node: Configuration of Darwin (Mac OS X) kernels9527 Node: Configuration of Darwin (Mac OS X) kernels9527
Node: Configuration of Windows10005 Node: Configuration of Windows10346
Node: Libraries10519 Node: Libraries10860
Node: OpenSSL10907 Node: OpenSSL11248
Node: zlib13195 Node: zlib13536
Node: lzo14223 Node: lzo14564
Node: Installation15205 Node: Installation15546
Node: Building and installing tinc16220 Node: Building and installing tinc16561
Node: Darwin (Mac OS X) build environment16880 Node: Darwin (Mac OS X) build environment17221
Node: Cygwin (Windows) build environment17462 Node: Cygwin (Windows) build environment17803
Node: MinGW (Windows) build environment18050 Node: MinGW (Windows) build environment18391
Node: System files18574 Node: System files18915
Node: Device files18839 Node: Device files19180
Node: Other files19255 Node: Other files19596
Node: Configuration19868 Node: Configuration20209
Node: Configuration introduction20179 Node: Configuration introduction20520
Node: Multiple networks21447 Node: Multiple networks21788
Node: How connections work22873 Node: How connections work23214
Node: Configuration files24095 Node: Configuration files24436
Node: Main configuration variables25589 Node: Main configuration variables25930
Node: Host configuration variables41628 Node: Host configuration variables42187
Node: Scripts47131 Node: Scripts47690
Node: How to configure49894 Node: How to configure50956
Node: Generating keypairs51152 Node: Generating keypairs52214
Node: Network interfaces51651 Node: Network interfaces52713
Node: Example configuration53499 Node: Example configuration54561
Node: Running tinc58824 Node: Running tinc59886
Node: Runtime options59414 Node: Runtime options60476
Node: Signals62716 Node: Signals63778
Node: Debug levels63907 Node: Debug levels64969
Node: Solving problems64843 Node: Solving problems65905
Node: Error messages66395 Node: Error messages67457
Node: Sending bug reports70404 Node: Sending bug reports71466
Node: Technical information71351 Node: Technical information72413
Node: The connection71582 Node: The connection72644
Node: The UDP tunnel71894 Node: The UDP tunnel72956
Node: The meta-connection74955 Node: The meta-connection76017
Node: The meta-protocol76424 Node: The meta-protocol77486
Node: Security81441 Node: Security82503
Node: Authentication protocol82574 Node: Authentication protocol83636
Node: Encryption of network packets87619 Node: Encryption of network packets88681
Node: Security issues88995 Node: Security issues90057
Node: Platform specific information90622 Node: Platform specific information91684
Node: Interface configuration90850 Node: Interface configuration91912
Node: Routes93321 Node: Routes94383
Node: About us95335 Node: About us96397
Node: Contact information95510 Node: Contact information96572
Node: Authors95914 Node: Authors96976
Node: Concept Index96319 Node: Concept Index97381
 
End Tag Table End Tag Table

View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2014 Ivo Timmermans, Copyright @copyright{} 1998-2016 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>. Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll @vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2014 Ivo Timmermans, Copyright @copyright{} 1998-2016 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>. Wessel Dankers <wsl@@tinc-vpn.org>.
@ -302,9 +302,15 @@ If the @file{net/if_tun.h} header file is missing, install it from the source pa
@subsection Configuration of Darwin (Mac OS X) kernels @subsection Configuration of Darwin (Mac OS X) kernels
Tinc on Darwin relies on a tunnel driver for its data acquisition from the kernel. Tinc on Darwin relies on a tunnel driver for its data acquisition from the kernel.
Tinc supports either the driver from @uref{http://tuntaposx.sourceforge.net/}, OS X version 10.6.8 and later have a built-in tun driver called "utun".
Tinc also supports the driver from @uref{http://tuntaposx.sourceforge.net/},
which supports both tun and tap style devices. which supports both tun and tap style devices.
By default, tinc expects the tuntaposx driver to be installed.
To use the utun driver, set add @code{Device = utunX} to @file{tinc.conf},
where X is the desired number for the utun interface.
You can also omit the number, in which case the first free number will be chosen.
@c ================================================================== @c ==================================================================
@node Configuration of Windows @node Configuration of Windows
@ -892,6 +898,12 @@ to start with a four byte header containing the address family,
followed by an IP header. followed by an IP header.
This mode should support both IPv4 and IPv6 packets. This mode should support both IPv4 and IPv6 packets.
@cindex utun
@item utun (OS X)
Set type to utun.
This is only supported on OS X version 10.6.8 and higher, but doesn't require the tuntaposx module.
This mode should support both IPv4 and IPv6 packets.
@item tap (BSD and Linux) @item tap (BSD and Linux)
Set type to tap. Set type to tap.
Tinc will expect packets read from the virtual network device Tinc will expect packets read from the virtual network device
@ -1014,12 +1026,12 @@ while no routing table is managed.
@cindex Name @cindex Name
@item Name = <@var{name}> [required] @item Name = <@var{name}> [required]
This is a symbolic name for this connection. This is a symbolic name for this connection.
The name should consist only of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _). The name must consist only of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _).
If Name starts with a $, then the contents of the environment variable that follows will be used. If Name starts with a $, then the contents of the environment variable that follows will be used.
In that case, invalid characters will be converted to underscores. In that case, invalid characters will be converted to underscores.
If Name is $HOST, but no such environment variable exist, If Name is $HOST, but no such environment variable exist,
the hostname will be read using the gethostnname() system call. the hostname will be read using the gethostname() system call.
@cindex PingInterval @cindex PingInterval
@item PingInterval = <@var{seconds}> (60) @item PingInterval = <@var{seconds}> (60)
@ -1256,7 +1268,15 @@ UDP is possible or not.
@cindex scripts @cindex scripts
Apart from reading the server and host configuration files, Apart from reading the server and host configuration files,
tinc can also run scripts at certain moments. tinc can also run scripts at certain moments.
Under Windows (not Cygwin), the scripts should have the extension .bat. Below is a list of filenames of scripts and a description of when they are run.
A script is only run if it exists and if it is executable.
Scripts are run synchronously;
this means that tinc will temporarily stop processing packets until the called script finishes executing.
This guarantees that scripts will execute in the exact same order as the events that trigger them.
If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
Under Windows (not Cygwin), the scripts must have the extension .bat.
@table @file @table @file
@cindex tinc-up @cindex tinc-up
@ -1266,6 +1286,7 @@ If it is present it will be executed right after the tinc daemon has been
started and has connected to the virtual network device. started and has connected to the virtual network device.
It should be used to set up the corresponding network interface, It should be used to set up the corresponding network interface,
but can also be used to start other things. but can also be used to start other things.
Under Windows you can use the Network Connections control panel instead of creating this script. Under Windows you can use the Network Connections control panel instead of creating this script.
@cindex tinc-down @cindex tinc-down

View file

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# install - install a program, script, or datafile # install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC scriptversion=2014-09-12.12; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was # This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the # later released in X11R6 (xc/config/util/install.sh) with the
@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC
# This script is compatible with the BSD install script, but was written # This script is compatible with the BSD install script, but was written
# from scratch. # from scratch.
tab=' '
nl=' nl='
' '
IFS=" "" $nl" IFS=" $tab$nl"
# set DOITPROG to echo to test this script # Set DOITPROG to "echo" to test this script.
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-} doit=${DOITPROG-}
if test -z "$doit"; then doit_exec=${doit:-exec}
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path; # Put in absolute file names if you don't have them in your path;
# or use environment vars. # or use environment vars.
@ -68,17 +64,6 @@ mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm} rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip} stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir= posix_mkdir=
# Desired mode of installed file. # Desired mode of installed file.
@ -97,7 +82,7 @@ dir_arg=
dst_arg= dst_arg=
copy_on_change=false copy_on_change=false
no_target_directory= is_target_a_directory=possibly
usage="\ usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
@ -143,8 +128,7 @@ while test $# -ne 0; do
-m) mode=$2 -m) mode=$2
case $mode in case $mode in
*' '* | *' '* | *' *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2 echo "$0: invalid mode: $mode" >&2
exit 1;; exit 1;;
esac esac
@ -155,14 +139,16 @@ while test $# -ne 0; do
-s) stripcmd=$stripprog;; -s) stripcmd=$stripprog;;
-t) dst_arg=$2 -t)
is_target_a_directory=always
dst_arg=$2
# Protect names problematic for 'test' and other utilities. # Protect names problematic for 'test' and other utilities.
case $dst_arg in case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;; -* | [=\(\)!]) dst_arg=./$dst_arg;;
esac esac
shift;; shift;;
-T) no_target_directory=true;; -T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;; --version) echo "$0 $scriptversion"; exit $?;;
@ -177,6 +163,16 @@ while test $# -ne 0; do
shift shift
done done
# We allow the use of options -d and -T together, by making -d
# take the precedence; this is for compatibility with GNU install.
if test -n "$dir_arg"; then
if test -n "$dst_arg"; then
echo "$0: target directory not allowed when installing a directory." >&2
exit 1
fi
fi
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create. # When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified. # When -t is used, the destination is already specified.
@ -207,6 +203,15 @@ if test $# -eq 0; then
exit 0 exit 0
fi fi
if test -z "$dir_arg"; then
if test $# -gt 1 || test "$is_target_a_directory" = always; then
if test ! -d "$dst_arg"; then
echo "$0: $dst_arg: Is not a directory." >&2
exit 1
fi
fi
fi
if test -z "$dir_arg"; then if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret' do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1 trap "ret=129; $do_exit" 1
@ -269,7 +274,7 @@ do
# If destination is a directory, append the input filename; won't work # If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored. # if double slashes aren't ignored.
if test -d "$dst"; then if test -d "$dst"; then
if test -n "$no_target_directory"; then if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2 echo "$0: $dst_arg: Is a directory" >&2
exit 1 exit 1
fi fi
@ -277,33 +282,7 @@ do
dst=$dstdir/`basename "$src"` dst=$dstdir/`basename "$src"`
dstdir_status=0 dstdir_status=0
else else
# Prefer dirname, but fall back on a substitute if dirname fails. dstdir=`dirname "$dst"`
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir" test -d "$dstdir"
dstdir_status=$? dstdir_status=$?
fi fi
@ -345,34 +324,41 @@ do
# is incompatible with FreeBSD 'install' when (umask & 300) != 0. # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;; ;;
*) *)
# $RANDOM is not portable (e.g. dash); use it when possible to
# lower collision chance
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
# create the $tmpdir first (and fail if unsuccessful) to make sure
# that nobody tries to guess the $tmpdir name.
if (umask $mkdir_umask && if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 $mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then then
if test -z "$dir_arg" || { if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m. # Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't. # other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"` test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;; d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;; d????-?--*) different_mode=755;;
*) false;; *) false;;
esac && esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && { $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"` ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
} }
} }
then posix_mkdir=: then posix_mkdir=:
fi fi
rmdir "$tmpdir/d" "$tmpdir" rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else else
# Remove any dirs left behind by ancient mkdir implementations. # Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi fi
trap '' 0;; trap '' 0;;
esac;; esac;;
@ -396,14 +382,12 @@ do
*) prefix='';; *) prefix='';;
esac esac
eval "$initialize_posix_glob"
oIFS=$IFS oIFS=$IFS
IFS=/ IFS=/
$posix_glob set -f set -f
set fnord $dstdir set fnord $dstdir
shift shift
$posix_glob set +f set +f
IFS=$oIFS IFS=$oIFS
prefixes= prefixes=
@ -474,13 +458,10 @@ do
if $copy_on_change && if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
set -f &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 && set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f && set +f &&
test "$old" = "$new" && test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then then

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am. # Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc. # Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -14,7 +14,17 @@
@SET_MAKE@ @SET_MAKE@
VPATH = @srcdir@ VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \ am__make_running_with_option = \
case $${target_option-} in \ case $${target_option-} in \
?) ;; \ ?) ;; \
@ -78,7 +88,6 @@ POST_UNINSTALL = :
build_triplet = @build@ build_triplet = @build@
host_triplet = @host@ host_triplet = @host@
subdir = m4 subdir = m4
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \
@ -87,6 +96,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/configure.ac $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4) $(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = CONFIG_CLEAN_FILES =
@ -111,6 +121,7 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \ *) (install-info --version) >/dev/null 2>&1;; \
esac esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in README
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@ ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@ AMTAR = @AMTAR@
@ -200,6 +211,7 @@ pdfdir = @pdfdir@
prefix = @prefix@ prefix = @prefix@
program_transform_name = @program_transform_name@ program_transform_name = @program_transform_name@
psdir = @psdir@ psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@ srcdir = @srcdir@
@ -224,7 +236,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu m4/Makefile'; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu m4/Makefile'; \
$(am__cd) $(top_srcdir) && \ $(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu m4/Makefile $(AUTOMAKE) --gnu m4/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \ @case '$?' in \
*config.status*) \ *config.status*) \
@ -392,6 +403,8 @@ uninstall-am:
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags-am uninstall uninstall-am pdf-am ps ps-am tags-am uninstall uninstall-am
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables. # Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded. # Otherwise a system limit (for SysV at least) may be exceeded.

View file

@ -3,7 +3,7 @@
scriptversion=2013-10-28.13; # UTC scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc. # Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify

View file

@ -17,8 +17,6 @@ tincd_SOURCES = \
fake-gai-errnos.h \ fake-gai-errnos.h \
fake-getaddrinfo.c fake-getaddrinfo.h \ fake-getaddrinfo.c fake-getaddrinfo.h \
fake-getnameinfo.c fake-getnameinfo.h \ fake-getnameinfo.c fake-getnameinfo.h \
getopt.c getopt.h \
getopt1.c \
graph.c graph.h \ graph.c graph.h \
ipv4.h \ ipv4.h \
ipv6.h \ ipv6.h \
@ -40,6 +38,7 @@ tincd_SOURCES = \
protocol_misc.c \ protocol_misc.c \
protocol_key.c \ protocol_key.c \
protocol_subnet.c \ protocol_subnet.c \
proxy.c proxy.h \
raw_socket_device.c \ raw_socket_device.c \
route.c route.h \ route.c route.h \
subnet.c subnet.h \ subnet.c subnet.h \
@ -48,6 +47,12 @@ tincd_SOURCES = \
xalloc.h \ xalloc.h \
xmalloc.c xmalloc.c
if !GETOPT
tincd_SOURCES += \
getopt.c getopt.h \
getopt1.c
endif
if LINUX if LINUX
tincd_SOURCES += linux/device.c tincd_SOURCES += linux/device.c
endif endif

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.14.1 from Makefile.am. # Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@ # @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc. # Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation # This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it, # gives unlimited permission to copy and/or distribute it,
@ -15,7 +15,17 @@
@SET_MAKE@ @SET_MAKE@
VPATH = @srcdir@ VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \ am__make_running_with_option = \
case $${target_option-} in \ case $${target_option-} in \
?) ;; \ ?) ;; \
@ -79,18 +89,20 @@ POST_UNINSTALL = :
build_triplet = @build@ build_triplet = @build@
host_triplet = @host@ host_triplet = @host@
sbin_PROGRAMS = tincd$(EXEEXT) sbin_PROGRAMS = tincd$(EXEEXT)
@LINUX_TRUE@am__append_1 = linux/device.c @GETOPT_FALSE@am__append_1 = \
@BSD_TRUE@am__append_2 = bsd/device.c @GETOPT_FALSE@ getopt.c getopt.h \
@BSD_TRUE@@TUNEMU_TRUE@am__append_3 = bsd/tunemu.c bsd/tunemu.h @GETOPT_FALSE@ getopt1.c
@SOLARIS_TRUE@am__append_4 = solaris/device.c
@MINGW_TRUE@am__append_5 = mingw/device.c mingw/common.h @LINUX_TRUE@am__append_2 = linux/device.c
@CYGWIN_TRUE@am__append_6 = cygwin/device.c @BSD_TRUE@am__append_3 = bsd/device.c
@UML_TRUE@am__append_7 = uml_device.c @BSD_TRUE@@TUNEMU_TRUE@am__append_4 = bsd/tunemu.c bsd/tunemu.h
@VDE_TRUE@am__append_8 = vde_device.c @SOLARIS_TRUE@am__append_5 = solaris/device.c
@TUNEMU_TRUE@am__append_9 = -lpcap @MINGW_TRUE@am__append_6 = mingw/device.c mingw/common.h
@CYGWIN_TRUE@am__append_7 = cygwin/device.c
@UML_TRUE@am__append_8 = uml_device.c
@VDE_TRUE@am__append_9 = vde_device.c
@TUNEMU_TRUE@am__append_10 = -lpcap
subdir = src subdir = src
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \
@ -99,6 +111,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/configure.ac $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4) $(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES = CONFIG_CLEAN_FILES =
@ -109,42 +122,44 @@ am__tincd_SOURCES_DIST = have.h system.h avl_tree.c avl_tree.h conf.c \
conf.h connection.c connection.h device.h dropin.c dropin.h \ conf.h connection.c connection.h device.h dropin.c dropin.h \
dummy_device.c edge.c edge.h ethernet.h event.c event.h \ dummy_device.c edge.c edge.h ethernet.h event.c event.h \
fake-gai-errnos.h fake-getaddrinfo.c fake-getaddrinfo.h \ fake-gai-errnos.h fake-getaddrinfo.c fake-getaddrinfo.h \
fake-getnameinfo.c fake-getnameinfo.h getopt.c getopt.h \ fake-getnameinfo.c fake-getnameinfo.h graph.c graph.h ipv4.h \
getopt1.c graph.c graph.h ipv4.h ipv6.h list.c list.h logger.c \ ipv6.h list.c list.h logger.c logger.h meta.c meta.h \
logger.h meta.c meta.h multicast_device.c net.c net.h \ multicast_device.c net.c net.h net_packet.c net_setup.c \
net_packet.c net_setup.c net_socket.c netutl.c netutl.h node.c \ net_socket.c netutl.c netutl.h node.c node.h pidfile.c \
node.h pidfile.c pidfile.h process.c process.h protocol.c \ pidfile.h process.c process.h protocol.c protocol.h \
protocol.h protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_auth.c protocol_edge.c protocol_misc.c protocol_key.c \
protocol_key.c protocol_subnet.c raw_socket_device.c route.c \ protocol_subnet.c proxy.c proxy.h raw_socket_device.c route.c \
route.h subnet.c subnet.h tincd.c utils.c utils.h xalloc.h \ route.h subnet.c subnet.h tincd.c utils.c utils.h xalloc.h \
xmalloc.c linux/device.c bsd/device.c bsd/tunemu.c \ xmalloc.c getopt.c getopt.h getopt1.c linux/device.c \
bsd/tunemu.h solaris/device.c mingw/device.c mingw/common.h \ bsd/device.c bsd/tunemu.c bsd/tunemu.h solaris/device.c \
cygwin/device.c uml_device.c vde_device.c mingw/device.c mingw/common.h cygwin/device.c uml_device.c \
vde_device.c
@GETOPT_FALSE@am__objects_1 = getopt.$(OBJEXT) getopt1.$(OBJEXT)
am__dirstamp = $(am__leading_dot)dirstamp am__dirstamp = $(am__leading_dot)dirstamp
@LINUX_TRUE@am__objects_1 = linux/device.$(OBJEXT) @LINUX_TRUE@am__objects_2 = linux/device.$(OBJEXT)
@BSD_TRUE@am__objects_2 = bsd/device.$(OBJEXT) @BSD_TRUE@am__objects_3 = bsd/device.$(OBJEXT)
@BSD_TRUE@@TUNEMU_TRUE@am__objects_3 = bsd/tunemu.$(OBJEXT) @BSD_TRUE@@TUNEMU_TRUE@am__objects_4 = bsd/tunemu.$(OBJEXT)
@SOLARIS_TRUE@am__objects_4 = solaris/device.$(OBJEXT) @SOLARIS_TRUE@am__objects_5 = solaris/device.$(OBJEXT)
@MINGW_TRUE@am__objects_5 = mingw/device.$(OBJEXT) @MINGW_TRUE@am__objects_6 = mingw/device.$(OBJEXT)
@CYGWIN_TRUE@am__objects_6 = cygwin/device.$(OBJEXT) @CYGWIN_TRUE@am__objects_7 = cygwin/device.$(OBJEXT)
@UML_TRUE@am__objects_7 = uml_device.$(OBJEXT) @UML_TRUE@am__objects_8 = uml_device.$(OBJEXT)
@VDE_TRUE@am__objects_8 = vde_device.$(OBJEXT) @VDE_TRUE@am__objects_9 = vde_device.$(OBJEXT)
am_tincd_OBJECTS = avl_tree.$(OBJEXT) conf.$(OBJEXT) \ am_tincd_OBJECTS = avl_tree.$(OBJEXT) conf.$(OBJEXT) \
connection.$(OBJEXT) dropin.$(OBJEXT) dummy_device.$(OBJEXT) \ connection.$(OBJEXT) dropin.$(OBJEXT) dummy_device.$(OBJEXT) \
edge.$(OBJEXT) event.$(OBJEXT) fake-getaddrinfo.$(OBJEXT) \ edge.$(OBJEXT) event.$(OBJEXT) fake-getaddrinfo.$(OBJEXT) \
fake-getnameinfo.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT) \ fake-getnameinfo.$(OBJEXT) graph.$(OBJEXT) list.$(OBJEXT) \
graph.$(OBJEXT) list.$(OBJEXT) logger.$(OBJEXT) meta.$(OBJEXT) \ logger.$(OBJEXT) meta.$(OBJEXT) multicast_device.$(OBJEXT) \
multicast_device.$(OBJEXT) net.$(OBJEXT) net_packet.$(OBJEXT) \ net.$(OBJEXT) net_packet.$(OBJEXT) net_setup.$(OBJEXT) \
net_setup.$(OBJEXT) net_socket.$(OBJEXT) netutl.$(OBJEXT) \ net_socket.$(OBJEXT) netutl.$(OBJEXT) node.$(OBJEXT) \
node.$(OBJEXT) pidfile.$(OBJEXT) process.$(OBJEXT) \ pidfile.$(OBJEXT) process.$(OBJEXT) protocol.$(OBJEXT) \
protocol.$(OBJEXT) protocol_auth.$(OBJEXT) \ protocol_auth.$(OBJEXT) protocol_edge.$(OBJEXT) \
protocol_edge.$(OBJEXT) protocol_misc.$(OBJEXT) \ protocol_misc.$(OBJEXT) protocol_key.$(OBJEXT) \
protocol_key.$(OBJEXT) protocol_subnet.$(OBJEXT) \ protocol_subnet.$(OBJEXT) proxy.$(OBJEXT) \
raw_socket_device.$(OBJEXT) route.$(OBJEXT) subnet.$(OBJEXT) \ raw_socket_device.$(OBJEXT) route.$(OBJEXT) subnet.$(OBJEXT) \
tincd.$(OBJEXT) utils.$(OBJEXT) xmalloc.$(OBJEXT) \ tincd.$(OBJEXT) utils.$(OBJEXT) xmalloc.$(OBJEXT) \
$(am__objects_1) $(am__objects_2) $(am__objects_3) \ $(am__objects_1) $(am__objects_2) $(am__objects_3) \
$(am__objects_4) $(am__objects_5) $(am__objects_6) \ $(am__objects_4) $(am__objects_5) $(am__objects_6) \
$(am__objects_7) $(am__objects_8) $(am__objects_7) $(am__objects_8) $(am__objects_9)
tincd_OBJECTS = $(am_tincd_OBJECTS) tincd_OBJECTS = $(am_tincd_OBJECTS)
tincd_LDADD = $(LDADD) tincd_LDADD = $(LDADD)
AM_V_P = $(am__v_P_@AM_V@) AM_V_P = $(am__v_P_@AM_V@)
@ -201,6 +216,7 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)` done | $(am__uniquify_input)`
ETAGS = etags ETAGS = etags
CTAGS = ctags CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@ ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@ AMTAR = @AMTAR@
@ -230,7 +246,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@ LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@ LIBOBJS = @LIBOBJS@
LIBS = @LIBS@ $(am__append_9) LIBS = @LIBS@ $(am__append_10)
LTLIBOBJS = @LTLIBOBJS@ LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@ MAINT = @MAINT@
MAKEINFO = @MAKEINFO@ MAKEINFO = @MAKEINFO@
@ -290,6 +306,7 @@ pdfdir = @pdfdir@
prefix = @prefix@ prefix = @prefix@
program_transform_name = @program_transform_name@ program_transform_name = @program_transform_name@
psdir = @psdir@ psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@ srcdir = @srcdir@
@ -302,17 +319,17 @@ tincd_SOURCES = have.h system.h avl_tree.c avl_tree.h conf.c conf.h \
connection.c connection.h device.h dropin.c dropin.h \ connection.c connection.h device.h dropin.c dropin.h \
dummy_device.c edge.c edge.h ethernet.h event.c event.h \ dummy_device.c edge.c edge.h ethernet.h event.c event.h \
fake-gai-errnos.h fake-getaddrinfo.c fake-getaddrinfo.h \ fake-gai-errnos.h fake-getaddrinfo.c fake-getaddrinfo.h \
fake-getnameinfo.c fake-getnameinfo.h getopt.c getopt.h \ fake-getnameinfo.c fake-getnameinfo.h graph.c graph.h ipv4.h \
getopt1.c graph.c graph.h ipv4.h ipv6.h list.c list.h logger.c \ ipv6.h list.c list.h logger.c logger.h meta.c meta.h \
logger.h meta.c meta.h multicast_device.c net.c net.h \ multicast_device.c net.c net.h net_packet.c net_setup.c \
net_packet.c net_setup.c net_socket.c netutl.c netutl.h node.c \ net_socket.c netutl.c netutl.h node.c node.h pidfile.c \
node.h pidfile.c pidfile.h process.c process.h protocol.c \ pidfile.h process.c process.h protocol.c protocol.h \
protocol.h protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_auth.c protocol_edge.c protocol_misc.c protocol_key.c \
protocol_key.c protocol_subnet.c raw_socket_device.c route.c \ protocol_subnet.c proxy.c proxy.h raw_socket_device.c route.c \
route.h subnet.c subnet.h tincd.c utils.c utils.h xalloc.h \ route.h subnet.c subnet.h tincd.c utils.c utils.h xalloc.h \
xmalloc.c $(am__append_1) $(am__append_2) $(am__append_3) \ xmalloc.c $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_4) $(am__append_5) $(am__append_6) \ $(am__append_4) $(am__append_5) $(am__append_6) \
$(am__append_7) $(am__append_8) $(am__append_7) $(am__append_8) $(am__append_9)
AM_CPPFLAGS = -DCONFDIR=\"$(sysconfdir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" AM_CPPFLAGS = -DCONFDIR=\"$(sysconfdir)\" -DLOCALSTATEDIR=\"$(localstatedir)\"
all: all-am all: all-am
@ -330,7 +347,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
$(am__cd) $(top_srcdir) && \ $(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu src/Makefile $(AUTOMAKE) --gnu src/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \ @case '$?' in \
*config.status*) \ *config.status*) \
@ -494,6 +510,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_key.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_key.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_misc.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_misc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_subnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol_subnet.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proxy.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/raw_socket_device.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/raw_socket_device.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/route.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/route.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/subnet.Po@am__quote@
@ -739,6 +756,8 @@ uninstall-am: uninstall-sbinPROGRAMS
mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-sbinPROGRAMS uninstall-am uninstall-sbinPROGRAMS
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables. # Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded. # Otherwise a system limit (for SysV at least) may be exceeded.

View file

@ -2,7 +2,7 @@
avl_tree.c -- avl_ tree and linked list convenience avl_tree.c -- avl_ tree and linked list convenience
Copyright (C) 1998 Michael H. Buselli Copyright (C) 1998 Michael H. Buselli
2000-2005 Ivo Timmermans, 2000-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
2000-2005 Wessel Dankers <wsl@tinc-vpn.org> 2000-2005 Wessel Dankers <wsl@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -123,8 +123,6 @@ static void avl_rebalance(avl_tree_t *tree, avl_node_t *node)
avl_node_t *parent; avl_node_t *parent;
avl_node_t **superparent; avl_node_t **superparent;
parent = node;
while(node) { while(node) {
parent = node->parent; parent = node->parent;

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction BSD tun/tap device device.c -- Interaction BSD tun/tap device
Copyright (C) 2001-2005 Ivo Timmermans, Copyright (C) 2001-2005 Ivo Timmermans,
2001-2014 Guus Sliepen <guus@tinc-vpn.org> 2001-2016 Guus Sliepen <guus@tinc-vpn.org>
2009 Grzegorz Dymarek <gregd72002@googlemail.com> 2009 Grzegorz Dymarek <gregd72002@googlemail.com>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -33,13 +33,15 @@
#include "tunemu.h" #include "tunemu.h"
#endif #endif
#define DEFAULT_TUN_DEVICE "/dev/tun0" #ifdef HAVE_NET_IF_UTUN_H
#if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD) || defined(HAVE_DARWIN) #include <sys/sys_domain.h>
#define DEFAULT_TAP_DEVICE "/dev/tap0" #include <sys/kern_control.h>
#else #include <net/if_utun.h>
#define DEFAULT_TAP_DEVICE "/dev/tun0"
#endif #endif
#define DEFAULT_TUN_DEVICE "/dev/tun0"
#define DEFAULT_TAP_DEVICE "/dev/tap0"
typedef enum device_type { typedef enum device_type {
DEVICE_TYPE_TUN, DEVICE_TYPE_TUN,
DEVICE_TYPE_TUNIFHEAD, DEVICE_TYPE_TUNIFHEAD,
@ -47,6 +49,9 @@ typedef enum device_type {
#ifdef ENABLE_TUNEMU #ifdef ENABLE_TUNEMU
DEVICE_TYPE_TUNEMU, DEVICE_TYPE_TUNEMU,
#endif #endif
#ifdef HAVE_NET_IF_UTUN_H
DEVICE_TYPE_UTUN,
#endif
} device_type_t; } device_type_t;
int device_fd = -1; int device_fd = -1;
@ -63,8 +68,61 @@ static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
static device_type_t device_type = DEVICE_TYPE_TUN; static device_type_t device_type = DEVICE_TYPE_TUN;
#endif #endif
#ifdef HAVE_NET_IF_UTUN_H
static bool setup_utun(void) {
device_fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
if(device_fd == -1) {
logger(LOG_ERR, "Could not open PF_SYSTEM socket: %s\n", strerror(errno));
return false;
}
struct ctl_info info = {};
strlcpy(info.ctl_name, UTUN_CONTROL_NAME, sizeof info.ctl_name);
if(ioctl(device_fd, CTLIOCGINFO, &info) == -1) {
logger(LOG_ERR, "ioctl(CTLIOCGINFO) failed: %s", strerror(errno));
return false;
}
int unit = -1;
char *p = strstr(device, "utun"), *e = NULL;
if(p) {
unit = strtol(p + 4, &e, 10);
if(!e)
unit = -1;
}
struct sockaddr_ctl sc = {
.sc_id = info.ctl_id,
.sc_len = sizeof sc,
.sc_family = AF_SYSTEM,
.ss_sysaddr = AF_SYS_CONTROL,
.sc_unit = unit + 1,
};
if(connect(device_fd, (struct sockaddr *)&sc, sizeof(sc)) == -1) {
logger(LOG_ERR, "Could not connect utun socket: %s\n", strerror(errno));
return false;
}
char name[64] = "";
socklen_t len = sizeof name;
if(getsockopt(device_fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, name, &len)) {
iface = xstrdup(device);
} else {
iface = xstrdup(name);
}
device_info = "OS X utun device";
logger(LOG_INFO, "%s is a %s", device, device_info);
return true;
}
#endif
static bool setup_device(void) { static bool setup_device(void) {
char *type; // Find out which device file to open
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) { if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
if(routing_mode == RMODE_ROUTER) if(routing_mode == RMODE_ROUTER)
@ -73,8 +131,9 @@ static bool setup_device(void) {
device = xstrdup(DEFAULT_TAP_DEVICE); device = xstrdup(DEFAULT_TAP_DEVICE);
} }
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) // Find out if it's supposed to be a tun or a tap device
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
char *type;
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) { if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
if(!strcasecmp(type, "tun")) if(!strcasecmp(type, "tun"))
@ -82,6 +141,10 @@ static bool setup_device(void) {
#ifdef ENABLE_TUNEMU #ifdef ENABLE_TUNEMU
else if(!strcasecmp(type, "tunemu")) else if(!strcasecmp(type, "tunemu"))
device_type = DEVICE_TYPE_TUNEMU; device_type = DEVICE_TYPE_TUNEMU;
#endif
#ifdef HAVE_NET_IF_UTUN_H
else if(!strcasecmp(type, "utun"))
device_type = DEVICE_TYPE_UTUN;
#endif #endif
else if(!strcasecmp(type, "tunnohead")) else if(!strcasecmp(type, "tunnohead"))
device_type = DEVICE_TYPE_TUN; device_type = DEVICE_TYPE_TUN;
@ -94,10 +157,22 @@ static bool setup_device(void) {
return false; return false;
} }
} else { } else {
#ifdef HAVE_NET_IF_UTUN_H
if(strncmp(device, "utun", 4) == 0 || strncmp(device, "/dev/utun", 9) == 0)
device_type = DEVICE_TYPE_UTUN;
else
#endif
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER) if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
device_type = DEVICE_TYPE_TAP; device_type = DEVICE_TYPE_TAP;
} }
if(routing_mode == RMODE_SWITCH && device_type != DEVICE_TYPE_TAP) {
logger(LOG_ERR, "Only tap devices support switch mode!");
return false;
}
// Open the device
switch(device_type) { switch(device_type) {
#ifdef ENABLE_TUNEMU #ifdef ENABLE_TUNEMU
case DEVICE_TYPE_TUNEMU: { case DEVICE_TYPE_TUNEMU: {
@ -105,6 +180,10 @@ static bool setup_device(void) {
device_fd = tunemu_open(dynamic_name); device_fd = tunemu_open(dynamic_name);
} }
break; break;
#endif
#ifdef HAVE_NET_IF_UTUN_H
case DEVICE_TYPE_UTUN:
return setup_utun();
#endif #endif
default: default:
device_fd = open(device, O_RDWR | O_NONBLOCK); device_fd = open(device, O_RDWR | O_NONBLOCK);
@ -119,6 +198,27 @@ static bool setup_device(void) {
fcntl(device_fd, F_SETFD, FD_CLOEXEC); fcntl(device_fd, F_SETFD, FD_CLOEXEC);
#endif #endif
// Guess what the corresponding interface is called
char *realname;
#if defined(HAVE_FDEVNAME)
realname = fdevname(device_fd) ? : device;
#elif defined(HAVE_DEVNAME)
struct stat buf;
if(!fstat(device_fd, &buf))
realname = devname(buf.st_rdev, S_IFCHR) ? : device;
#else
realname = device;
#endif
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
iface = xstrdup(strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname);
else if(strcmp(iface, strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname))
logger(LOG_WARNING, "Warning: Interface does not match Device. $INTERFACE might be set incorrectly.");
// Configure the device as best as we can
switch(device_type) { switch(device_type) {
default: default:
device_type = DEVICE_TYPE_TUN; device_type = DEVICE_TYPE_TUN;
@ -183,6 +283,11 @@ static bool setup_device(void) {
#endif #endif
} }
#ifdef SIOCGIFADDR
if(overwrite_mac)
ioctl(device_fd, SIOCGIFADDR, mymac.x);
#endif
logger(LOG_INFO, "%s is a %s", device, device_info); logger(LOG_INFO, "%s is a %s", device, device_info);
return true; return true;
@ -242,31 +347,27 @@ static bool read_packet(vpn_packet_t *packet) {
packet->len = lenin + 14; packet->len = lenin + 14;
break; break;
case DEVICE_TYPE_UTUN:
case DEVICE_TYPE_TUNIFHEAD: { case DEVICE_TYPE_TUNIFHEAD: {
u_int32_t type; if((lenin = read(device_fd, packet->data + 10, MTU - 10)) <= 0) {
struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}};
if((lenin = readv(device_fd, vector, 2)) <= 0) {
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, logger(LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno)); device, strerror(errno));
return false; return false;
} }
switch (ntohl(type)) { switch(packet->data[14] >> 4) {
case AF_INET: case 4:
packet->data[12] = 0x08; packet->data[12] = 0x08;
packet->data[13] = 0x00; packet->data[13] = 0x00;
break; break;
case 6:
case AF_INET6:
packet->data[12] = 0x86; packet->data[12] = 0x86;
packet->data[13] = 0xDD; packet->data[13] = 0xDD;
break; break;
default: default:
ifdebug(TRAFFIC) logger(LOG_ERR, ifdebug(TRAFFIC) logger(LOG_ERR,
"Unknown address family %x while reading packet from %s %s", "Unknown IP version %d while reading packet from %s %s",
ntohl(type), device_info, device); packet->data[14] >> 4, device_info, device);
return false; return false;
} }
@ -310,12 +411,10 @@ static bool write_packet(vpn_packet_t *packet) {
} }
break; break;
case DEVICE_TYPE_UTUN:
case DEVICE_TYPE_TUNIFHEAD: { case DEVICE_TYPE_TUNIFHEAD: {
u_int32_t type; int af = (packet->data[12] << 8) + packet->data[13];
struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, packet->len - 14}}; uint32_t type;
int af;
af = (packet->data[12] << 8) + packet->data[13];
switch (af) { switch (af) {
case 0x0800: case 0x0800:
@ -331,7 +430,9 @@ static bool write_packet(vpn_packet_t *packet) {
return false; return false;
} }
if(writev(device_fd, vector, 2) < 0) { memcpy(packet->data + 10, &type, sizeof type);
if(write(device_fd, packet->data + 10, packet->len - 10) < 0) {
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device,
strerror(errno)); strerror(errno));
return false; return false;

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction with Windows tap driver in a Cygwin environment device.c -- Interaction with Windows tap driver in a Cygwin environment
Copyright (C) 2002-2005 Ivo Timmermans, Copyright (C) 2002-2005 Ivo Timmermans,
2002-2011 Guus Sliepen <guus@tinc-vpn.org> 2002-2016 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -19,6 +19,7 @@
*/ */
#include "../system.h" #include "../system.h"
#include "../net.h"
#include <w32api/windows.h> #include <w32api/windows.h>
#include <w32api/winioctl.h> #include <w32api/winioctl.h>
@ -26,7 +27,6 @@
#include "../conf.h" #include "../conf.h"
#include "../device.h" #include "../device.h"
#include "../logger.h" #include "../logger.h"
#include "../net.h"
#include "../route.h" #include "../route.h"
#include "../utils.h" #include "../utils.h"
#include "../xalloc.h" #include "../xalloc.h"
@ -61,6 +61,9 @@ static bool setup_device(void) {
get_config_string(lookup_config(config_tree, "Device"), &device); get_config_string(lookup_config(config_tree, "Device"), &device);
get_config_string(lookup_config(config_tree, "Interface"), &iface); get_config_string(lookup_config(config_tree, "Interface"), &iface);
if(device && iface)
logger(LOG_WARNING, "Warning: both Device and Interface specified, results may not be as expected");
/* Open registry and look for network adapters */ /* Open registry and look for network adapters */
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key)) { if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key)) {

View file

@ -1,6 +1,6 @@
/* /*
meta.c -- handle the meta communication meta.c -- handle the meta communication
Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>, Copyright (C) 2000-2015 Guus Sliepen <guus@tinc-vpn.org>,
2000-2005 Ivo Timmermans 2000-2005 Ivo Timmermans
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
@ -30,6 +30,7 @@
#include "meta.h" #include "meta.h"
#include "net.h" #include "net.h"
#include "protocol.h" #include "protocol.h"
#include "proxy.h"
#include "utils.h" #include "utils.h"
#include "xalloc.h" #include "xalloc.h"
@ -160,6 +161,17 @@ bool receive_meta(connection_t *c) {
c->buflen += lenin; c->buflen += lenin;
while(lenin > 0) { while(lenin > 0) {
reqlen = 0;
/* Is it proxy metadata? */
if(c->allow_request == PROXY) {
reqlen = receive_proxy_meta(c, oldlen, lenin);
if(reqlen < 0)
return false;
goto consume;
}
/* Decrypt */ /* Decrypt */
if(c->status.decryptin && !decrypted) { if(c->status.decryptin && !decrypted) {
@ -177,74 +189,32 @@ bool receive_meta(connection_t *c) {
if(c->tcplen) { if(c->tcplen) {
if(c->tcplen <= c->buflen) { if(c->tcplen <= c->buflen) {
if(!c->node) { if(c->allow_request != ALL) {
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
} else {
logger(LOG_ERR, "Proxy request rejected");
return false;
}
} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
if(c->buffer[0] != 5) {
logger(LOG_ERR, "Invalid response from proxy server");
return false;
}
if(c->buffer[1] == (char)0xff) {
logger(LOG_ERR, "Proxy request rejected: unsuitable authentication method");
return false;
}
if(c->buffer[2] != 5) {
logger(LOG_ERR, "Invalid response from proxy server");
return false;
}
if(c->buffer[3] == 0) {
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
} else {
logger(LOG_ERR, "Proxy request rejected");
return false;
}
} else {
logger(LOG_ERR, "c->tcplen set but c->node is NULL!");
abort();
}
} else {
if(c->allow_request == ALL) {
receive_tcppacket(c, c->buffer, c->tcplen);
} else {
logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname); logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
return false; return false;
} }
}
c->buflen -= c->tcplen; receive_tcppacket(c, c->buffer, c->tcplen);
lenin -= c->tcplen - oldlen; reqlen = c->tcplen;
memmove(c->buffer, c->buffer + c->tcplen, c->buflen);
oldlen = 0;
c->tcplen = 0; c->tcplen = 0;
continue; }
} else { } else {
break;
}
}
/* Otherwise we are waiting for a request */ /* Otherwise we are waiting for a request */
reqlen = 0;
for(i = oldlen; i < c->buflen; i++) { for(i = oldlen; i < c->buflen; i++) {
if(c->buffer[i] == '\n') { if(c->buffer[i] == '\n') {
c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */
reqlen = i + 1; c->reqlen = reqlen = i + 1;
break; break;
} }
} }
if(reqlen) { if(reqlen && !receive_request(c))
c->reqlen = reqlen;
if(!receive_request(c))
return false; return false;
}
consume:
if(reqlen) {
c->buflen -= reqlen; c->buflen -= reqlen;
lenin -= reqlen - oldlen; lenin -= reqlen - oldlen;
memmove(c->buffer, c->buffer + reqlen, c->buflen); memmove(c->buffer, c->buffer + reqlen, c->buflen);

View file

@ -1,7 +1,7 @@
/* /*
device.c -- Interaction with Windows tap driver in a MinGW environment device.c -- Interaction with Windows tap driver in a MinGW environment
Copyright (C) 2002-2005 Ivo Timmermans, Copyright (C) 2002-2005 Ivo Timmermans,
2002-2014 Guus Sliepen <guus@tinc-vpn.org> 2002-2016 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -43,11 +43,12 @@ static uint64_t device_total_in = 0;
static uint64_t device_total_out = 0; static uint64_t device_total_out = 0;
extern char *myport; extern char *myport;
OVERLAPPED r_overlapped;
OVERLAPPED w_overlapped;
static DWORD WINAPI tapreader(void *bla) { static DWORD WINAPI tapreader(void *bla) {
int status; int status;
DWORD len; DWORD len;
OVERLAPPED overlapped;
vpn_packet_t packet; vpn_packet_t packet;
int errors = 0; int errors = 0;
@ -55,19 +56,17 @@ static DWORD WINAPI tapreader(void *bla) {
/* Read from tap device and send to parent */ /* Read from tap device and send to parent */
overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); r_overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
for(;;) { for(;;) {
overlapped.Offset = 0; ResetEvent(r_overlapped.hEvent);
overlapped.OffsetHigh = 0;
ResetEvent(overlapped.hEvent);
status = ReadFile(device_handle, packet.data, MTU, &len, &overlapped); status = ReadFile(device_handle, packet.data, MTU, &len, &r_overlapped);
if(!status) { if(!status) {
if(GetLastError() == ERROR_IO_PENDING) { if(GetLastError() == ERROR_IO_PENDING) {
WaitForSingleObject(overlapped.hEvent, INFINITE); WaitForSingleObject(r_overlapped.hEvent, INFINITE);
if(!GetOverlappedResult(device_handle, &overlapped, &len, FALSE)) if(!GetOverlappedResult(device_handle, &r_overlapped, &len, FALSE))
continue; continue;
} else { } else {
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, logger(LOG_ERR, "Error while reading from %s %s: %s", device_info,
@ -114,6 +113,9 @@ static bool setup_device(void) {
get_config_string(lookup_config(config_tree, "Device"), &device); get_config_string(lookup_config(config_tree, "Device"), &device);
get_config_string(lookup_config(config_tree, "Interface"), &iface); get_config_string(lookup_config(config_tree, "Interface"), &iface);
if(device && iface)
logger(LOG_WARNING, "Warning: both Device and Interface specified, results may not be as expected");
/* Open registry and look for network adapters */ /* Open registry and look for network adapters */
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key)) { if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key)) {
@ -201,6 +203,11 @@ static bool setup_device(void) {
overwrite_mac = 1; overwrite_mac = 1;
} }
/* Create overlapped events for tap I/O */
r_overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
w_overlapped.hEvent = CreateEvent(NULL, TRUE, TRUE, NULL);
/* Start the tap reader */ /* Start the tap reader */
thread = CreateThread(NULL, 0, tapreader, NULL, 0, NULL); thread = CreateThread(NULL, 0, tapreader, NULL, 0, NULL);
@ -235,15 +242,49 @@ static bool read_packet(vpn_packet_t *packet) {
static bool write_packet(vpn_packet_t *packet) { static bool write_packet(vpn_packet_t *packet) {
DWORD lenout; DWORD lenout;
OVERLAPPED overlapped = {0}; static vpn_packet_t queue;
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
packet->len, device_info); packet->len, device_info);
if(!WriteFile(device_handle, packet->data, packet->len, &lenout, &overlapped)) { /* Check if there is something in progress */
logger(LOG_ERR, "Error while writing to %s %s: %s", device_info, device, winerror(GetLastError()));
if(queue.len) {
DWORD size;
BOOL success = GetOverlappedResult(device_handle, &w_overlapped, &size, FALSE);
if(success) {
ResetEvent(&w_overlapped);
queue.len = 0;
} else {
int err = GetLastError();
if(err != ERROR_IO_INCOMPLETE) {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Error completing previously queued write: %s", winerror(err));
ResetEvent(&w_overlapped);
queue.len = 0;
} else {
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Previous overlapped write still in progress");
// drop this packet
return true;
}
}
}
/* Otherwise, try to write. */
memcpy(queue.data, packet->data, packet->len);
if(!WriteFile(device_handle, queue.data, packet->len, &lenout, &w_overlapped)) {
int err = GetLastError();
if(err != ERROR_IO_PENDING) {
logger(LOG_ERR, "Error while writing to %s %s: %s", device_info, device, winerror(err));
return false; return false;
} }
// Write is being done asynchronously.
queue.len = packet->len;
} else {
// Write was completed immediately.
ResetEvent(&w_overlapped);
}
device_total_out += packet->len; device_total_out += packet->len;

View file

@ -1,7 +1,7 @@
/* /*
net.h -- header for net.c net.h -- header for net.c
Copyright (C) 1998-2005 Ivo Timmermans Copyright (C) 1998-2005 Ivo Timmermans
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -123,20 +123,6 @@ extern time_t now;
extern int contradicting_add_edge; extern int contradicting_add_edge;
extern int contradicting_del_edge; extern int contradicting_del_edge;
extern char *proxyhost;
extern char *proxyport;
extern char *proxyuser;
extern char *proxypass;
typedef enum proxytype_t {
PROXY_NONE = 0,
PROXY_SOCKS4,
PROXY_SOCKS4A,
PROXY_SOCKS5,
PROXY_HTTP,
PROXY_EXEC,
} proxytype_t;
extern proxytype_t proxytype;
extern volatile bool running; extern volatile bool running;
/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */

View file

@ -1,7 +1,7 @@
/* /*
net_packet.c -- Handles in- and outgoing VPN packets net_packet.c -- Handles in- and outgoing VPN packets
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
2010 Timothy Redaelli <timothy@redaelli.eu> 2010 Timothy Redaelli <timothy@redaelli.eu>
2010 Brandon Black <blblack@gmail.com> 2010 Brandon Black <blblack@gmail.com>
@ -276,7 +276,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
vpn_packet_t pkt1, pkt2; vpn_packet_t pkt1, pkt2;
vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
int nextpkt = 0; int nextpkt = 0;
vpn_packet_t *outpkt = pkt[0]; vpn_packet_t *outpkt;
int outlen, outpad; int outlen, outpad;
unsigned char hmac[EVP_MAX_MD_SIZE]; unsigned char hmac[EVP_MAX_MD_SIZE];
int i; int i;
@ -552,14 +552,14 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
#if defined(SOL_IP) && defined(IP_TOS) #if defined(SOL_IP) && defined(IP_TOS)
case AF_INET: case AF_INET:
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority); ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv4 outgoing packet priority to %d", origpriority);
if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, &origpriority, sizeof(origpriority))) /* SO_PRIORITY doesn't seem to work */ if(setsockopt(listen_socket[n->sock].udp, SOL_IP, IP_TOS, (void *)&origpriority, sizeof(origpriority))) /* SO_PRIORITY doesn't seem to work */
logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno)); logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
break; break;
#endif #endif
#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
case AF_INET6: case AF_INET6:
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority); ifdebug(TRAFFIC) logger(LOG_DEBUG, "Setting IPv6 outgoing packet priority to %d", origpriority);
if(setsockopt(listen_socket[n->sock].udp, IPPROTO_IPV6, IPV6_TCLASS, &origpriority, sizeof(origpriority))) if(setsockopt(listen_socket[n->sock].udp, IPPROTO_IPV6, IPV6_TCLASS, (void *)&origpriority, sizeof(origpriority)))
logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno)); logger(LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
break; break;
#endif #endif

View file

@ -39,6 +39,7 @@
#include "netutl.h" #include "netutl.h"
#include "process.h" #include "process.h"
#include "protocol.h" #include "protocol.h"
#include "proxy.h"
#include "route.h" #include "route.h"
#include "subnet.h" #include "subnet.h"
#include "utils.h" #include "utils.h"
@ -47,12 +48,6 @@
char *myport; char *myport;
devops_t devops; devops_t devops;
char *proxyhost;
char *proxyport;
char *proxyuser;
char *proxypass;
proxytype_t proxytype;
bool read_rsa_public_key(connection_t *c) { bool read_rsa_public_key(connection_t *c) {
FILE *fp; FILE *fp;
char *pubname; char *pubname;

View file

@ -1,7 +1,7 @@
/* /*
net_socket.c -- Handle various kinds of sockets. net_socket.c -- Handle various kinds of sockets.
Copyright (C) 1998-2005 Ivo Timmermans, Copyright (C) 1998-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org> 2006 Scott Lamb <slamb@slamb.org>
2009 Florian Forster <octo@verplant.org> 2009 Florian Forster <octo@verplant.org>
@ -31,6 +31,7 @@
#include "net.h" #include "net.h"
#include "netutl.h" #include "netutl.h"
#include "protocol.h" #include "protocol.h"
#include "proxy.h"
#include "utils.h" #include "utils.h"
#include "xalloc.h" #include "xalloc.h"
@ -354,8 +355,19 @@ static void do_outgoing_pipe(connection_t *c, char *command) {
#endif #endif
} }
static bool is_valid_host_port(const char *host, const char *port) {
for(const char *p = host; *p; p++)
if(!isalnum(*p) && *p != '-' && *p != '.')
return false;
for(const char *p = port; *p; p++)
if(!isalnum(*p))
return false;
return true;
}
void do_outgoing_connection(connection_t *c) { void do_outgoing_connection(connection_t *c) {
char *address, *port, *space;
struct addrinfo *proxyai = NULL; struct addrinfo *proxyai = NULL;
int result; int result;
@ -375,6 +387,8 @@ begin:
return; return;
} }
char *address, *port, *space;
get_config_string(c->outgoing->cfg, &address); get_config_string(c->outgoing->cfg, &address);
space = strchr(address, ' '); space = strchr(address, ' ');
@ -387,11 +401,23 @@ begin:
} }
c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM);
// If we cannot resolve the address, maybe we are using a proxy that can?
if(!c->outgoing->ai && proxytype != PROXY_NONE && is_valid_host_port(address, port)) {
memset(&c->address, 0, sizeof c->address);
c->address.sa.sa_family = AF_UNKNOWN;
c->address.unknown.address = address;
c->address.unknown.port = port;
} else {
free(address); free(address);
free(port); free(port);
}
c->outgoing->aip = c->outgoing->ai; c->outgoing->aip = c->outgoing->ai;
c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg);
if(!c->outgoing->ai && proxytype != PROXY_NONE)
goto connect;
} }
if(!c->outgoing->aip) { if(!c->outgoing->aip) {
@ -404,6 +430,7 @@ begin:
memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen);
c->outgoing->aip = c->outgoing->aip->ai_next; c->outgoing->aip = c->outgoing->aip->ai_next;
connect:
if(c->hostname) if(c->hostname)
free(c->hostname); free(c->hostname);
@ -457,8 +484,11 @@ begin:
freeaddrinfo(proxyai); freeaddrinfo(proxyai);
} }
now = time(NULL);
if(result == -1) { if(result == -1) {
if(sockinprogress(sockerrno)) { if(sockinprogress(sockerrno)) {
c->last_ping_time = now;
c->status.connecting = true; c->status.connecting = true;
return; return;
} }

View file

@ -33,7 +33,7 @@ bool hostnames = false;
Return NULL on failure. Return NULL on failure.
*/ */
struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) { struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) {
struct addrinfo *ai, hint = {0}; struct addrinfo *ai = NULL, hint = {0};
int err; int err;
hint.ai_family = addressfamily; hint.ai_family = addressfamily;
@ -55,7 +55,7 @@ struct addrinfo *str2addrinfo(const char *address, const char *service, int sock
} }
sockaddr_t str2sockaddr(const char *address, const char *port) { sockaddr_t str2sockaddr(const char *address, const char *port) {
struct addrinfo *ai, hint = {0}; struct addrinfo *ai = NULL, hint = {0};
sockaddr_t result; sockaddr_t result;
int err; int err;

View file

@ -1,7 +1,7 @@
/* /*
protocol.c -- handle the meta-protocol, basic functions protocol.c -- handle the meta-protocol, basic functions
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2013 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -125,20 +125,6 @@ void forward_request(connection_t *from) {
bool receive_request(connection_t *c) { bool receive_request(connection_t *c) {
int request; int request;
if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
if(!c->buffer[0] || c->buffer[0] == '\r')
return true;
if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) {
if(!strncmp(c->buffer + 9, "200", 3)) {
logger(LOG_DEBUG, "Proxy request granted");
return true;
} else {
logger(LOG_DEBUG, "Proxy request rejected: %s", c->buffer + 9);
return false;
}
}
}
if(sscanf(c->buffer, "%d", &request) == 1) { if(sscanf(c->buffer, "%d", &request) == 1) {
if((request < 0) || (request >= LAST) || !request_handlers[request]) { if((request < 0) || (request >= LAST) || !request_handlers[request]) {
ifdebug(META) ifdebug(META)

View file

@ -1,7 +1,7 @@
/* /*
protocol.h -- header for protocol.c protocol.h -- header for protocol.c
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2009 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,6 +36,7 @@
/* Request numbers */ /* Request numbers */
typedef enum request_t { typedef enum request_t {
PROXY = -2,
ALL = -1, /* Guardian for allow_request */ ALL = -1, /* Guardian for allow_request */
ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK,
STATUS, ERROR, TERMREQ, STATUS, ERROR, TERMREQ,

View file

@ -1,7 +1,7 @@
/* /*
protocol_auth.c -- handle the meta-protocol, authentication protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,95 +36,10 @@
#include "netutl.h" #include "netutl.h"
#include "node.h" #include "node.h"
#include "protocol.h" #include "protocol.h"
#include "proxy.h"
#include "utils.h" #include "utils.h"
#include "xalloc.h" #include "xalloc.h"
static bool send_proxyrequest(connection_t *c) {
switch(proxytype) {
case PROXY_HTTP: {
char *host;
char *port;
sockaddr2str(&c->address, &host, &port);
send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
free(host);
free(port);
return true;
}
case PROXY_SOCKS4: {
if(c->address.sa.sa_family != AF_INET) {
logger(LOG_ERR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!");
return false;
}
char s4req[9 + (proxyuser ? strlen(proxyuser) : 0)];
s4req[0] = 4;
s4req[1] = 1;
memcpy(s4req + 2, &c->address.in.sin_port, 2);
memcpy(s4req + 4, &c->address.in.sin_addr, 4);
if(proxyuser)
strcpy(s4req + 8, proxyuser);
s4req[sizeof s4req - 1] = 0;
c->tcplen = 8;
return send_meta(c, s4req, sizeof s4req);
}
case PROXY_SOCKS5: {
int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16);
c->tcplen = 2;
if(proxypass)
len += 3 + strlen(proxyuser) + strlen(proxypass);
char s5req[len];
int i = 0;
s5req[i++] = 5;
s5req[i++] = 1;
if(proxypass) {
s5req[i++] = 2;
s5req[i++] = 1;
s5req[i++] = strlen(proxyuser);
strcpy(s5req + i, proxyuser);
i += strlen(proxyuser);
s5req[i++] = strlen(proxypass);
strcpy(s5req + i, proxypass);
i += strlen(proxypass);
c->tcplen += 2;
} else {
s5req[i++] = 0;
}
s5req[i++] = 5;
s5req[i++] = 1;
s5req[i++] = 0;
if(c->address.sa.sa_family == AF_INET) {
s5req[i++] = 1;
memcpy(s5req + i, &c->address.in.sin_addr, 4);
i += 4;
memcpy(s5req + i, &c->address.in.sin_port, 2);
i += 2;
c->tcplen += 10;
} else if(c->address.sa.sa_family == AF_INET6) {
s5req[i++] = 3;
memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
i += 16;
memcpy(s5req + i, &c->address.in6.sin6_port, 2);
i += 2;
c->tcplen += 22;
} else {
logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
return false;
}
if(i > len)
abort();
return send_meta(c, s5req, sizeof s5req);
}
case PROXY_SOCKS4A:
logger(LOG_ERR, "Proxy type not implemented yet");
return false;
case PROXY_EXEC:
return true;
default:
logger(LOG_ERR, "Unknown proxy type");
return false;
}
}
bool send_id(connection_t *c) { bool send_id(connection_t *c) {
if(proxytype && c->outgoing) if(proxytype && c->outgoing)
if(!send_proxyrequest(c)) if(!send_proxyrequest(c))

View file

@ -1,7 +1,7 @@
/* /*
protocol_edge.c -- handle the meta-protocol, edges protocol_edge.c -- handle the meta-protocol, edges
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2012 Guus Sliepen <guus@tinc-vpn.org> 2000-2016 Guus Sliepen <guus@tinc-vpn.org>
2009 Michael Tokarev <mjt@corpit.ru> 2009 Michael Tokarev <mjt@corpit.ru>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -125,8 +125,18 @@ bool add_edge_h(connection_t *c) {
} else { } else {
ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) which does not match existing entry", ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) which does not match existing entry",
"ADD_EDGE", c->name, c->hostname); "ADD_EDGE", c->name, c->hostname);
edge_del(e); e->options = options;
graph(); if(sockaddrcmp(&e->address, &address)) {
sockaddrfree(&e->address);
e->address = address;
}
if(e->weight != weight) {
avl_node_t *node = avl_unlink(edge_weight_tree, e);
e->weight = weight;
avl_insert_node(edge_weight_tree, node);
}
goto done;
} }
} else } else
return true; return true;
@ -150,6 +160,7 @@ bool add_edge_h(connection_t *c) {
e->weight = weight; e->weight = weight;
edge_add(e); edge_add(e);
done:
/* Tell the rest about the new edge */ /* Tell the rest about the new edge */
if(!tunnelserver) if(!tunnelserver)

View file

@ -1,7 +1,7 @@
/* /*
protocol_key.c -- handle the meta-protocol, key exchange protocol_key.c -- handle the meta-protocol, key exchange
Copyright (C) 1999-2005 Ivo Timmermans, Copyright (C) 1999-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2016 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -233,7 +233,7 @@ bool ans_key_h(connection_t *c) {
return true; return true;
} }
if(!*address && from->address.sa.sa_family != AF_UNSPEC) { if(!*address && from->address.sa.sa_family != AF_UNSPEC && to->minmtu) {
char *address, *port; char *address, *port;
ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name); ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
sockaddr2str(&from->address, &address, &port); sockaddr2str(&from->address, &address, &port);

287
src/proxy.c Normal file
View file

@ -0,0 +1,287 @@
/*
proxy.c -- Proxy handling functions.
Copyright (C) 2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "connection.h"
#include "logger.h"
#include "meta.h"
#include "netutl.h"
#include "protocol.h"
#include "proxy.h"
#include "utils.h" //
proxytype_t proxytype;
char *proxyhost;
char *proxyport;
char *proxyuser;
char *proxypass;
static void update_address_ipv4(connection_t *c, void *address, void *port) {
sockaddrfree(&c->address);
memset(&c->address, 0, sizeof c->address);
c->address.sa.sa_family = AF_INET;
if(address)
memcpy(&c->address.in.sin_addr, address, sizeof(ipv4_t));
if(port)
memcpy(&c->address.in.sin_port, port, sizeof(uint16_t));
// OpenSSH -D returns all zero address, set it to 0.0.0.1 to prevent spamming ourselves.
if(!memcmp(&c->address.in.sin_addr, "\0\0\0\0", 4))
memcpy(&c->address.in.sin_addr, "\0\0\0\01", 4);
}
static void update_address_ipv6(connection_t *c, void *address, void *port) {
sockaddrfree(&c->address);
memset(&c->address, 0, sizeof c->address);
c->address.sa.sa_family = AF_INET6;
if(address)
memcpy(&c->address.in6.sin6_addr, address, sizeof(ipv6_t));
if(port)
memcpy(&c->address.in6.sin6_port, port, sizeof(uint16_t));
// OpenSSH -D returns all zero address, set it to 0100:: to prevent spamming ourselves.
if(!memcmp(&c->address.in6.sin6_addr, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16))
memcpy(&c->address.in6.sin6_addr, "\01\0\0\0\0\0\0\0", 8);
}
bool send_proxyrequest(connection_t *c) {
switch(proxytype) {
case PROXY_SOCKS4:
if(c->address.sa.sa_family != AF_INET) {
logger(LOG_ERR, "Can only connect to numeric IPv4 addresses through a SOCKS 4 proxy!");
return false;
}
case PROXY_SOCKS4A: {
if(c->address.sa.sa_family != AF_INET && c->address.sa.sa_family != AF_UNKNOWN) {
logger(LOG_ERR, "Can only connect to IPv4 addresses or hostnames through a SOCKS 4a proxy!");
return false;
}
int len = 9;
if(proxyuser)
len += strlen(proxyuser);
if(c->address.sa.sa_family == AF_UNKNOWN)
len += 1 + strlen(c->address.unknown.address);
char s4req[len];
s4req[0] = 4;
s4req[1] = 1;
if(c->address.sa.sa_family == AF_INET) {
memcpy(s4req + 2, &c->address.in.sin_port, 2);
memcpy(s4req + 4, &c->address.in.sin_addr, 4);
} else {
uint16_t port = htons(atoi(c->address.unknown.port));
memcpy(s4req + 2, &port, 2);
memcpy(s4req + 4, "\0\0\0\1", 4);
strcpy(s4req + (9 + (proxyuser ? strlen(proxyuser) : 0)), c->address.unknown.address);
}
if(proxyuser)
strcpy(s4req + 8, proxyuser);
else
s4req[8] = 0;
s4req[sizeof s4req - 1] = 0;
c->allow_request = PROXY;
return send_meta(c, s4req, sizeof s4req);
}
case PROXY_SOCKS5: {
int len = 3 + 6;
if(c->address.sa.sa_family == AF_INET) {
len += 4;
} else if(c->address.sa.sa_family == AF_INET6) {
len += 16;
} else if(c->address.sa.sa_family == AF_UNKNOWN) {
len += 1 + strlen(c->address.unknown.address);
} else {
logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
return false;
}
if(proxypass)
len += 3 + strlen(proxyuser) + strlen(proxypass);
char s5req[len];
int i = 0;
s5req[i++] = 5;
s5req[i++] = 1;
if(proxypass) {
s5req[i++] = 2;
s5req[i++] = 1;
s5req[i++] = strlen(proxyuser);
strcpy(s5req + i, proxyuser);
i += strlen(proxyuser);
s5req[i++] = strlen(proxypass);
strcpy(s5req + i, proxypass);
i += strlen(proxypass);
} else {
s5req[i++] = 0;
}
s5req[i++] = 5;
s5req[i++] = 1;
s5req[i++] = 0;
if(c->address.sa.sa_family == AF_INET) {
s5req[i++] = 1;
memcpy(s5req + i, &c->address.in.sin_addr, 4);
i += 4;
memcpy(s5req + i, &c->address.in.sin_port, 2);
i += 2;
} else if(c->address.sa.sa_family == AF_INET6) {
s5req[i++] = 4;
memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
i += 16;
memcpy(s5req + i, &c->address.in6.sin6_port, 2);
i += 2;
} else if(c->address.sa.sa_family == AF_UNKNOWN) {
s5req[i++] = 3;
int len = strlen(c->address.unknown.address);
s5req[i++] = len;
memcpy(s5req + i, c->address.unknown.address, len);
i += len;
uint16_t port = htons(atoi(c->address.unknown.port));
memcpy(s5req + i, &port, 2);
i += 2;
} else {
logger(LOG_ERR, "Unknown address family while trying to connect to SOCKS5 proxy");
return false;
}
if(i > len)
abort();
c->allow_request = PROXY;
return send_meta(c, s5req, sizeof s5req);
}
case PROXY_HTTP: {
char *host;
char *port;
sockaddr2str(&c->address, &host, &port);
send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
free(host);
free(port);
c->allow_request = PROXY;
return true;
}
case PROXY_EXEC:
return true;
default:
logger(LOG_ERR, "Unknown proxy type");
return false;
}
}
int receive_proxy_meta(connection_t *c, int start, int lenin) {
switch(proxytype) {
case PROXY_SOCKS4:
case PROXY_SOCKS4A:
if(c->buflen < 8)
return 0;
if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
if(c->address.sa.sa_family == AF_UNKNOWN)
update_address_ipv4(c, c->buffer + 4, c->buffer + 2);
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
c->allow_request = ID;
return 8;
} else {
logger(LOG_ERR, "Proxy request rejected");
return -1;
}
case PROXY_SOCKS5:
if(c->buflen < 2)
return 0;
if(c->buffer[0] != 0x05 || c->buffer[1] == (char)0xff) {
logger(LOG_ERR, "Proxy authentication method rejected");
return -1;
}
int offset = 2;
if(c->buffer[1] == 0x02) {
if(c->buflen < 4)
return 0;
if(c->buffer[2] != 0x05 || c->buffer[3] != 0x00) {
logger(LOG_ERR, "Proxy username/password rejected");
return -1;
}
offset += 2;
}
if(c->buflen - offset < 7)
return 0;
if(c->buffer[offset] != 0x05 || c->buffer[offset + 1] != 0x00) {
logger(LOG_ERR, "Proxy request rejected");
return -1;
}
int replen = offset + 6;
switch(c->buffer[offset + 3]) {
case 0x01: // IPv4
if(c->address.sa.sa_family == AF_UNKNOWN)
update_address_ipv4(c, c->buffer + offset + 4, c->buffer + offset + 8);
replen += 4;
break;
case 0x03: // Hostname
if(c->address.sa.sa_family == AF_UNKNOWN)
update_address_ipv4(c, "\0\0\0\1", "\0\0");
replen += ((uint8_t *)c->buffer)[offset + 4];
break;
case 0x04: // IPv6
if(c->address.sa.sa_family == AF_UNKNOWN)
update_address_ipv6(c, c->buffer + offset + 4, c->buffer + offset + 20);
replen += 16;
break;
default:
logger(LOG_ERR, "Proxy reply malformed");
return -1;
}
if(c->buflen < replen) {
return 0;
} else {
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
c->allow_request = ID;
return replen;
}
case PROXY_HTTP: {
char *p = memchr(c->buffer, '\n', c->buflen);
if(!p || p - c->buffer >= c->buflen)
return 0;
p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer));
if(!p)
return 0;
if(c->buflen < 9)
return 0;
if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) {
if(!strncmp(c->buffer + 9, "200", 3)) {
if(c->address.sa.sa_family == AF_UNKNOWN)
update_address_ipv4(c, "\0\0\0\1", "\0\0");
logger(LOG_DEBUG, "Proxy request granted");
replen = p + 1 - c->buffer;
c->allow_request = ID;
return replen;
} else {
logger(LOG_ERR, "Proxy request rejected: %s", c->buffer + 9);
return false;
}
} else {
logger(LOG_ERR, "Proxy reply malformed");
return -1;
}
}
default:
abort();
}
}

43
src/proxy.h Normal file
View file

@ -0,0 +1,43 @@
/*
proxy.h -- header for proxy.c
Copyright (C) 2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef __TINC_PROXY_H__
#define __TINC_PROXY_H__
#include "connection.h"
typedef enum proxytype_t {
PROXY_NONE = 0,
PROXY_SOCKS4,
PROXY_SOCKS4A,
PROXY_SOCKS5,
PROXY_HTTP,
PROXY_EXEC,
} proxytype_t;
extern proxytype_t proxytype;
extern char *proxyhost;
extern char *proxyport;
extern char *proxyuser;
extern char *proxypass;
extern bool send_proxyrequest(struct connection_t *c);
extern int receive_proxy_meta(struct connection_t *c, int start, int lenin);
#endif

View file

@ -2,6 +2,7 @@
route.c -- routing route.c -- routing
Copyright (C) 2000-2005 Ivo Timmermans, Copyright (C) 2000-2005 Ivo Timmermans,
2000-2014 Guus Sliepen <guus@tinc-vpn.org> 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
2015 Vittorio Gambaletta
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -101,6 +102,260 @@ static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
return true; return true;
} }
static void swap_mac_addresses(vpn_packet_t *packet) {
mac_t tmp;
memcpy(&tmp, &packet->data[0], sizeof tmp);
memcpy(&packet->data[0], &packet->data[6], sizeof tmp);
memcpy(&packet->data[6], &tmp, sizeof tmp);
}
/* RFC 792 */
static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
struct ip ip = {0};
struct icmp icmp = {0};
struct in_addr ip_src;
struct in_addr ip_dst;
uint32_t oldlen;
if(ratelimit(3))
return;
/* Swap Ethernet source and destination addresses */
swap_mac_addresses(packet);
/* Copy headers from packet into properly aligned structs on the stack */
memcpy(&ip, packet->data + ether_size, ip_size);
/* Remember original source and destination */
ip_src = ip.ip_src;
ip_dst = ip.ip_dst;
/* Try to reply with an IP address assigned to the local machine */
if (type == ICMP_TIME_EXCEEDED && code == ICMP_EXC_TTL) {
int sockfd = socket(AF_INET, SOCK_DGRAM, 0);
if (sockfd != -1) {
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr = ip.ip_src;
if (!connect(sockfd, (const struct sockaddr*) &addr, sizeof(addr))) {
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
socklen_t addrlen = sizeof(addr);
if (!getsockname(sockfd, (struct sockaddr*) &addr, &addrlen) && addrlen <= sizeof(addr)) {
ip_dst = addr.sin_addr;
}
}
close(sockfd);
}
}
oldlen = packet->len - ether_size;
if(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
icmp.icmp_nextmtu = htons(packet->len - ether_size);
if(oldlen >= IP_MSS - ip_size - icmp_size)
oldlen = IP_MSS - ip_size - icmp_size;
/* Copy first part of original contents to ICMP message */
memmove(packet->data + ether_size + ip_size + icmp_size, packet->data + ether_size, oldlen);
/* Fill in IPv4 header */
ip.ip_v = 4;
ip.ip_hl = ip_size / 4;
ip.ip_tos = 0;
ip.ip_len = htons(ip_size + icmp_size + oldlen);
ip.ip_id = 0;
ip.ip_off = 0;
ip.ip_ttl = 255;
ip.ip_p = IPPROTO_ICMP;
ip.ip_sum = 0;
ip.ip_src = ip_dst;
ip.ip_dst = ip_src;
ip.ip_sum = inet_checksum(&ip, ip_size, ~0);
/* Fill in ICMP header */
icmp.icmp_type = type;
icmp.icmp_code = code;
icmp.icmp_cksum = 0;
icmp.icmp_cksum = inet_checksum(&icmp, icmp_size, ~0);
icmp.icmp_cksum = inet_checksum(packet->data + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum);
/* Copy structs on stack back to packet */
memcpy(packet->data + ether_size, &ip, ip_size);
memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size);
packet->len = ether_size + ip_size + icmp_size + oldlen;
send_packet(source, packet);
}
/* RFC 2463 */
static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
struct ip6_hdr ip6;
struct icmp6_hdr icmp6 = {0};
uint16_t checksum;
struct {
struct in6_addr ip6_src; /* source address */
struct in6_addr ip6_dst; /* destination address */
uint32_t length;
uint32_t next;
} pseudo;
if(ratelimit(3))
return;
/* Swap Ethernet source and destination addresses */
swap_mac_addresses(packet);
/* Copy headers from packet to structs on the stack */
memcpy(&ip6, packet->data + ether_size, ip6_size);
/* Remember original source and destination */
pseudo.ip6_src = ip6.ip6_dst;
pseudo.ip6_dst = ip6.ip6_src;
/* Try to reply with an IP address assigned to the local machine */
if (type == ICMP6_TIME_EXCEEDED && code == ICMP6_TIME_EXCEED_TRANSIT) {
int sockfd = socket(AF_INET6, SOCK_DGRAM, 0);
if (sockfd != -1) {
struct sockaddr_in6 addr;
memset(&addr, 0, sizeof(addr));
addr.sin6_family = AF_INET6;
addr.sin6_addr = ip6.ip6_src;
if (!connect(sockfd, (const struct sockaddr*) &addr, sizeof(addr))) {
memset(&addr, 0, sizeof(addr));
addr.sin6_family = AF_INET6;
socklen_t addrlen = sizeof(addr);
if (!getsockname(sockfd, (struct sockaddr*) &addr, &addrlen) && addrlen <= sizeof(addr)) {
pseudo.ip6_src = addr.sin6_addr;
}
}
close(sockfd);
}
}
pseudo.length = packet->len - ether_size;
if(type == ICMP6_PACKET_TOO_BIG)
icmp6.icmp6_mtu = htonl(pseudo.length);
if(pseudo.length >= IP_MSS - ip6_size - icmp6_size)
pseudo.length = IP_MSS - ip6_size - icmp6_size;
/* Copy first part of original contents to ICMP message */
memmove(packet->data + ether_size + ip6_size + icmp6_size, packet->data + ether_size, pseudo.length);
/* Fill in IPv6 header */
ip6.ip6_flow = htonl(0x60000000UL);
ip6.ip6_plen = htons(icmp6_size + pseudo.length);
ip6.ip6_nxt = IPPROTO_ICMPV6;
ip6.ip6_hlim = 255;
ip6.ip6_src = pseudo.ip6_src;
ip6.ip6_dst = pseudo.ip6_dst;
/* Fill in ICMP header */
icmp6.icmp6_type = type;
icmp6.icmp6_code = code;
icmp6.icmp6_cksum = 0;
/* Create pseudo header */
pseudo.length = htonl(icmp6_size + pseudo.length);
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0);
checksum = inet_checksum(&icmp6, icmp6_size, checksum);
checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum);
icmp6.icmp6_cksum = checksum;
/* Copy structs on stack back to packet */
memcpy(packet->data + ether_size, &ip6, ip6_size);
memcpy(packet->data + ether_size + ip6_size, &icmp6, icmp6_size);
packet->len = ether_size + ip6_size + ntohl(pseudo.length);
send_packet(source, packet);
}
static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
uint16_t type = packet->data[12] << 8 | packet->data[13];
length_t ethlen = ether_size;
if(type == ETH_P_8021Q) {
type = packet->data[16] << 8 | packet->data[17];
ethlen += 4;
}
switch (type) {
case ETH_P_IP:
if(!checklength(source, packet, ethlen + ip_size))
return false;
if(packet->data[ethlen + 8] <= 1) {
if(packet->data[ethlen + 11] != IPPROTO_ICMP || packet->data[ethlen + 32] != ICMP_TIME_EXCEEDED)
route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
return false;
}
uint16_t old = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
packet->data[ethlen + 8]--;
uint16_t new = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
uint32_t checksum = packet->data[ethlen + 10] << 8 | packet->data[ethlen + 11];
checksum += old + (~new & 0xFFFF);
while(checksum >> 16)
checksum = (checksum & 0xFFFF) + (checksum >> 16);
packet->data[ethlen + 10] = checksum >> 8;
packet->data[ethlen + 11] = checksum & 0xff;
return true;
case ETH_P_IPV6:
if(!checklength(source, packet, ethlen + ip6_size))
return false;
if(packet->data[ethlen + 7] <= 1) {
if(packet->data[ethlen + 6] != IPPROTO_ICMPV6 || packet->data[ethlen + 40] != ICMP6_TIME_EXCEEDED)
route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
return false;
}
packet->data[ethlen + 7]--;
return true;
default:
return true;
}
}
static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *packet) { static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *packet) {
if(!source || !via || !(via->options & OPTION_CLAMP_MSS)) if(!source || !via || !(via->options & OPTION_CLAMP_MSS))
return; return;
@ -160,7 +415,7 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac
/* Found it */ /* Found it */
uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i]; uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i];
uint16_t newmss = mtu - start - 20; uint16_t newmss = mtu - start - 20;
uint16_t csum = packet->data[start + 16] << 8 | packet->data[start + 17]; uint32_t csum = packet->data[start + 16] << 8 | packet->data[start + 17];
if(oldmss <= newmss) if(oldmss <= newmss)
break; break;
@ -171,22 +426,17 @@ static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *pac
packet->data[start + 22 + i] = newmss >> 8; packet->data[start + 22 + i] = newmss >> 8;
packet->data[start + 23 + i] = newmss & 0xff; packet->data[start + 23 + i] = newmss & 0xff;
csum ^= 0xffff; csum ^= 0xffff;
csum -= oldmss; csum += oldmss ^ 0xffff;
csum += newmss; csum += newmss;
csum = (csum & 0xffff) + (csum >> 16);
csum += csum >> 16;
csum ^= 0xffff; csum ^= 0xffff;
packet->data[start + 16] = csum >> 8; packet->data[start + 16] = csum >> 8;
packet->data[start + 17] = csum & 0xff; packet->data[start + 17] = csum;
break; break;
} }
} }
static void swap_mac_addresses(vpn_packet_t *packet) {
mac_t tmp;
memcpy(&tmp, &packet->data[0], sizeof tmp);
memcpy(&packet->data[0], &packet->data[6], sizeof tmp);
memcpy(&packet->data[6], &tmp, sizeof tmp);
}
static void learn_mac(mac_t *address) { static void learn_mac(mac_t *address) {
subnet_t *subnet; subnet_t *subnet;
avl_node_t *node; avl_node_t *node;
@ -249,77 +499,12 @@ void age_subnets(void) {
} }
} }
/* RFC 792 */ static void route_broadcast(node_t *source, vpn_packet_t *packet) {
if(decrement_ttl && source != myself)
static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) { if(!do_decrement_ttl(source, packet))
struct ip ip = {0};
struct icmp icmp = {0};
struct in_addr ip_src;
struct in_addr ip_dst;
uint32_t oldlen;
if(ratelimit(3))
return; return;
/* Swap Ethernet source and destination addresses */ broadcast_packet(source, packet);
swap_mac_addresses(packet);
/* Copy headers from packet into properly aligned structs on the stack */
memcpy(&ip, packet->data + ether_size, ip_size);
/* Remember original source and destination */
ip_src = ip.ip_src;
ip_dst = ip.ip_dst;
oldlen = packet->len - ether_size;
if(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
icmp.icmp_nextmtu = htons(packet->len - ether_size);
if(oldlen >= IP_MSS - ip_size - icmp_size)
oldlen = IP_MSS - ip_size - icmp_size;
/* Copy first part of original contents to ICMP message */
memmove(packet->data + ether_size + ip_size + icmp_size, packet->data + ether_size, oldlen);
/* Fill in IPv4 header */
ip.ip_v = 4;
ip.ip_hl = ip_size / 4;
ip.ip_tos = 0;
ip.ip_len = htons(ip_size + icmp_size + oldlen);
ip.ip_id = 0;
ip.ip_off = 0;
ip.ip_ttl = 255;
ip.ip_p = IPPROTO_ICMP;
ip.ip_sum = 0;
ip.ip_src = ip_dst;
ip.ip_dst = ip_src;
ip.ip_sum = inet_checksum(&ip, ip_size, ~0);
/* Fill in ICMP header */
icmp.icmp_type = type;
icmp.icmp_code = code;
icmp.icmp_cksum = 0;
icmp.icmp_cksum = inet_checksum(&icmp, icmp_size, ~0);
icmp.icmp_cksum = inet_checksum(packet->data + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum);
/* Copy structs on stack back to packet */
memcpy(packet->data + ether_size, &ip, ip_size);
memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size);
packet->len = ether_size + ip_size + icmp_size + oldlen;
send_packet(source, packet);
} }
/* RFC 791 */ /* RFC 791 */
@ -403,6 +588,10 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO); return route_ipv4_unreachable(source, packet, ether_size, ICMP_DEST_UNREACH, ICMP_NET_ANO);
if(decrement_ttl && source != myself && subnet->owner != myself)
if(!do_decrement_ttl(source, packet))
return;
if(priorityinheritance) if(priorityinheritance)
packet->priority = packet->data[15]; packet->priority = packet->data[15];
@ -442,91 +631,11 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) {
packet->data[31] == 255 && packet->data[31] == 255 &&
packet->data[32] == 255 && packet->data[32] == 255 &&
packet->data[33] == 255))) packet->data[33] == 255)))
broadcast_packet(source, packet); route_broadcast(source, packet);
else else
route_ipv4_unicast(source, packet); route_ipv4_unicast(source, packet);
} }
/* RFC 2463 */
static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_t ether_size, uint8_t type, uint8_t code) {
struct ip6_hdr ip6;
struct icmp6_hdr icmp6 = {0};
uint16_t checksum;
struct {
struct in6_addr ip6_src; /* source address */
struct in6_addr ip6_dst; /* destination address */
uint32_t length;
uint32_t next;
} pseudo;
if(ratelimit(3))
return;
/* Swap Ethernet source and destination addresses */
swap_mac_addresses(packet);
/* Copy headers from packet to structs on the stack */
memcpy(&ip6, packet->data + ether_size, ip6_size);
/* Remember original source and destination */
pseudo.ip6_src = ip6.ip6_dst;
pseudo.ip6_dst = ip6.ip6_src;
pseudo.length = packet->len - ether_size;
if(type == ICMP6_PACKET_TOO_BIG)
icmp6.icmp6_mtu = htonl(pseudo.length);
if(pseudo.length >= IP_MSS - ip6_size - icmp6_size)
pseudo.length = IP_MSS - ip6_size - icmp6_size;
/* Copy first part of original contents to ICMP message */
memmove(packet->data + ether_size + ip6_size + icmp6_size, packet->data + ether_size, pseudo.length);
/* Fill in IPv6 header */
ip6.ip6_flow = htonl(0x60000000UL);
ip6.ip6_plen = htons(icmp6_size + pseudo.length);
ip6.ip6_nxt = IPPROTO_ICMPV6;
ip6.ip6_hlim = 255;
ip6.ip6_src = pseudo.ip6_src;
ip6.ip6_dst = pseudo.ip6_dst;
/* Fill in ICMP header */
icmp6.icmp6_type = type;
icmp6.icmp6_code = code;
icmp6.icmp6_cksum = 0;
/* Create pseudo header */
pseudo.length = htonl(icmp6_size + pseudo.length);
pseudo.next = htonl(IPPROTO_ICMPV6);
/* Generate checksum */
checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0);
checksum = inet_checksum(&icmp6, icmp6_size, checksum);
checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum);
icmp6.icmp6_cksum = checksum;
/* Copy structs on stack back to packet */
memcpy(packet->data + ether_size, &ip6, ip6_size);
memcpy(packet->data + ether_size + ip6_size, &icmp6, icmp6_size);
packet->len = ether_size + ip6_size + ntohl(pseudo.length);
send_packet(source, packet);
}
static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
subnet_t *subnet; subnet_t *subnet;
node_t *via; node_t *via;
@ -562,6 +671,10 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN); return route_ipv6_unreachable(source, packet, ether_size, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN);
if(decrement_ttl && source != myself && subnet->owner != myself)
if(!do_decrement_ttl(source, packet))
return;
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
if(via == source) { if(via == source) {
@ -678,6 +791,10 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) {
if(subnet->owner == myself) if(subnet->owner == myself)
return; /* silently ignore */ return; /* silently ignore */
if(decrement_ttl)
if(!do_decrement_ttl(source, packet))
return;
/* Create neighbor advertation reply */ /* Create neighbor advertation reply */
memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */
@ -735,7 +852,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) {
} }
if(broadcast_mode && packet->data[38] == 255) if(broadcast_mode && packet->data[38] == 255)
broadcast_packet(source, packet); route_broadcast(source, packet);
else else
route_ipv6_unicast(source, packet); route_ipv6_unicast(source, packet);
} }
@ -788,6 +905,10 @@ static void route_arp(node_t *source, vpn_packet_t *packet) {
if(subnet->owner == myself) if(subnet->owner == myself)
return; /* silently ignore */ return; /* silently ignore */
if(decrement_ttl)
if(!do_decrement_ttl(source, packet))
return;
memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */
packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */
@ -824,7 +945,7 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
subnet = lookup_subnet_mac(NULL, &dest); subnet = lookup_subnet_mac(NULL, &dest);
if(!subnet) { if(!subnet) {
broadcast_packet(source, packet); route_broadcast(source, packet);
return; return;
} }
@ -836,6 +957,10 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself) if(forwarding_mode == FMODE_OFF && source != myself && subnet->owner != myself)
return; return;
if(decrement_ttl && source != myself && subnet->owner != myself)
if(!do_decrement_ttl(source, packet))
return;
uint16_t type = packet->data[12] << 8 | packet->data[13]; uint16_t type = packet->data[12] << 8 | packet->data[13];
if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size) if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
@ -877,58 +1002,6 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
send_packet(subnet->owner, packet); send_packet(subnet->owner, packet);
} }
static bool do_decrement_ttl(node_t *source, vpn_packet_t *packet) {
uint16_t type = packet->data[12] << 8 | packet->data[13];
length_t ethlen = ether_size;
if(type == ETH_P_8021Q) {
type = packet->data[16] << 8 | packet->data[17];
ethlen += 4;
}
switch (type) {
case ETH_P_IP:
if(!checklength(source, packet, ethlen + ip_size))
return false;
if(packet->data[ethlen + 8] < 1) {
if(packet->data[ethlen + 11] != IPPROTO_ICMP || packet->data[ethlen + 32] != ICMP_TIME_EXCEEDED)
route_ipv4_unreachable(source, packet, ethlen, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL);
return false;
}
uint16_t old = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
packet->data[ethlen + 8]--;
uint16_t new = packet->data[ethlen + 8] << 8 | packet->data[ethlen + 9];
uint32_t checksum = packet->data[ethlen + 10] << 8 | packet->data[ethlen + 11];
checksum += old + (~new & 0xFFFF);
while(checksum >> 16)
checksum = (checksum & 0xFFFF) + (checksum >> 16);
packet->data[ethlen + 10] = checksum >> 8;
packet->data[ethlen + 11] = checksum & 0xff;
return true;
case ETH_P_IPV6:
if(!checklength(source, packet, ethlen + ip6_size))
return false;
if(packet->data[ethlen + 7] < 1) {
if(packet->data[ethlen + 6] != IPPROTO_ICMPV6 || packet->data[ethlen + 40] != ICMP6_TIME_EXCEEDED)
route_ipv6_unreachable(source, packet, ethlen, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT);
return false;
}
packet->data[ethlen + 7]--;
return true;
default:
return true;
}
}
void route(node_t *source, vpn_packet_t *packet) { void route(node_t *source, vpn_packet_t *packet) {
if(forwarding_mode == FMODE_KERNEL && source != myself) { if(forwarding_mode == FMODE_KERNEL && source != myself) {
send_packet(myself, packet); send_packet(myself, packet);
@ -938,10 +1011,6 @@ void route(node_t *source, vpn_packet_t *packet) {
if(!checklength(source, packet, ether_size)) if(!checklength(source, packet, ether_size))
return; return;
if(decrement_ttl && source != myself)
if(!do_decrement_ttl(source, packet))
return;
switch (routing_mode) { switch (routing_mode) {
case RMODE_ROUTER: case RMODE_ROUTER:
{ {
@ -972,7 +1041,7 @@ void route(node_t *source, vpn_packet_t *packet) {
break; break;
case RMODE_HUB: case RMODE_HUB:
broadcast_packet(source, packet); route_broadcast(source, packet);
break; break;
} }
} }

View file

@ -534,18 +534,17 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : "");
xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
xasprintf(&envp[3], "NODE=%s", owner->name); xasprintf(&envp[3], "NODE=%s", owner->name);
xasprintf(&envp[4], "NAME=%s", myself->name);
if(owner != myself) { if(owner != myself) {
sockaddr2str(&owner->address, &address, &port); sockaddr2str(&owner->address, &address, &port);
// 4 and 5 are reserved for SUBNET and WEIGHT // 5 and 6 are reserved for SUBNET and WEIGHT
xasprintf(&envp[6], "REMOTEADDRESS=%s", address); xasprintf(&envp[7], "REMOTEADDRESS=%s", address);
xasprintf(&envp[7], "REMOTEPORT=%s", port); xasprintf(&envp[8], "REMOTEPORT=%s", port);
free(port); free(port);
free(address); free(address);
} }
xasprintf(&envp[8], "NAME=%s", myself->name);
name = up ? "subnet-up" : "subnet-down"; name = up ? "subnet-up" : "subnet-down";
if(!subnet) { if(!subnet) {
@ -561,12 +560,12 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
weight = empty; weight = empty;
// Prepare the SUBNET and WEIGHT variables // Prepare the SUBNET and WEIGHT variables
if(envp[4])
free(envp[4]);
if(envp[5]) if(envp[5])
free(envp[5]); free(envp[5]);
xasprintf(&envp[4], "SUBNET=%s", netstr); if(envp[6])
xasprintf(&envp[5], "WEIGHT=%s", weight); free(envp[6]);
xasprintf(&envp[5], "SUBNET=%s", netstr);
xasprintf(&envp[6], "WEIGHT=%s", weight);
execute_script(name, envp); execute_script(name, envp);
} }
@ -580,8 +579,8 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
weight = empty; weight = empty;
// Prepare the SUBNET and WEIGHT variables // Prepare the SUBNET and WEIGHT variables
xasprintf(&envp[4], "SUBNET=%s", netstr); xasprintf(&envp[5], "SUBNET=%s", netstr);
xasprintf(&envp[5], "WEIGHT=%s", weight); xasprintf(&envp[6], "WEIGHT=%s", weight);
execute_script(name, envp); execute_script(name, envp);
} }

View file

@ -1,7 +1,7 @@
/* /*
tincd.c -- the main file for tincd tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans Copyright (C) 1998-2005 Ivo Timmermans
2000-2015 Guus Sliepen <guus@tinc-vpn.org> 2000-2016 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com> 2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru> 2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu> 2010 Julien Muchembled <jm@jmuchemb.eu>
@ -49,7 +49,12 @@
#include <time.h> #include <time.h>
#endif #endif
#ifdef HAVE_GETOPT_LONG
#include <getopt.h> #include <getopt.h>
#else
#include "getopt.h"
#endif
#include "pidfile.h" #include "pidfile.h"
#include "conf.h" #include "conf.h"
@ -239,7 +244,8 @@ static bool parse_options(int argc, char **argv) {
usage(true); usage(true);
return false; return false;
} }
netname = strcmp(optarg, ".") != 0 ? xstrdup(optarg) : NULL; if(optarg && strcmp(optarg, "."))
netname = xstrdup(optarg);
break; break;
case 'o': /* option */ case 'o': /* option */
@ -547,9 +553,8 @@ int main(int argc, char **argv) {
make_names(); make_names();
if(show_version) { if(show_version) {
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE, printf("%s version %s\n", PACKAGE, VERSION);
VERSION, __DATE__, __TIME__, PROT_CURRENT); printf("Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.\n"
printf("Copyright (C) 1998-2015 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n" "See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n" "and you are welcome to redistribute it under certain conditions;\n"