Import Upstream version 1.0.12
This commit is contained in:
parent
23bd9e9d53
commit
c54d214bf2
33 changed files with 751 additions and 271 deletions
2
COPYING
2
COPYING
|
@ -1,4 +1,4 @@
|
||||||
Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen and others.
|
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.
|
||||||
See the AUTHORS file for a complete list.
|
See the AUTHORS file for a complete list.
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify it under
|
This program is free software; you can redistribute it and/or modify it under
|
||||||
|
|
|
@ -15,3 +15,5 @@ The following applies to the LZO library:
|
||||||
|
|
||||||
When tinc is compiled with the --enable-tunemu option, the resulting binary
|
When tinc is compiled with the --enable-tunemu option, the resulting binary
|
||||||
falls under the GPL version 3 or later.
|
falls under the GPL version 3 or later.
|
||||||
|
|
||||||
|
|
||||||
|
|
192
ChangeLog
192
ChangeLog
|
@ -1,3 +1,195 @@
|
||||||
|
commit f7b2a2ea43fca323f543e152e6a43a29a4eb6671
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Wed Feb 3 22:49:48 2010 +0100
|
||||||
|
|
||||||
|
Releasing 1.0.12.
|
||||||
|
|
||||||
|
commit cd0c2e86a403fc9aabecdc8d51413f94491b5494
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Wed Feb 3 11:18:46 2010 +0100
|
||||||
|
|
||||||
|
Ensure peers with a meta connection always have our key.
|
||||||
|
|
||||||
|
This keeps UDP probes going, which in turn keeps NAT mappings alive.
|
||||||
|
|
||||||
|
commit 40d91ff619a6ea24a2a35c9d934bcc6bace27e24
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Tue Feb 2 22:49:21 2010 +0100
|
||||||
|
|
||||||
|
Update copyright notices.
|
||||||
|
|
||||||
|
commit 44f8f61396a92c899172a1863bbc9c705cbfa649
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Tue Feb 2 22:22:27 2010 +0100
|
||||||
|
|
||||||
|
Try to set DF bit on BSDs as well.
|
||||||
|
|
||||||
|
Every operating system seems to have its own, slightly different way to disable
|
||||||
|
packet fragmentation. Emit a compiler warning when no suitable way is found.
|
||||||
|
On OpenBSD, it seems impossible to do it for IPv4.
|
||||||
|
|
||||||
|
commit ed14ef93b47622ba13099dfc6be5335222e987a6
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Tue Feb 2 01:02:40 2010 +0100
|
||||||
|
|
||||||
|
Immediately exchange keys when establishing a meta connection.
|
||||||
|
|
||||||
|
This in turn will trigger PMTU discovery, and ensures nodes know each others
|
||||||
|
reflexive UDP address and port.
|
||||||
|
|
||||||
|
commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Tue Feb 2 00:51:44 2010 +0100
|
||||||
|
|
||||||
|
Determine peer's reflexive address and port when exchanging keys.
|
||||||
|
|
||||||
|
To help peers that are behind NAT connect to each other directly via UDP, they
|
||||||
|
need to know the exact external address and port that they use. Keys exchanged
|
||||||
|
between NATted peers necessarily go via a third node, which knows this address
|
||||||
|
and port, and can append this information to the keys, which is in turned used
|
||||||
|
by the peers.
|
||||||
|
|
||||||
|
Since PMTU discovery will immediately trigger UDP communication from both sides
|
||||||
|
to each other, this should allow direct communication between peers behind
|
||||||
|
full, address-restricted and port-restricted cone NAT.
|
||||||
|
|
||||||
|
commit d15099e0029578bfd24d6b464b941f4693280001
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Sat Jan 23 18:48:01 2010 +0100
|
||||||
|
|
||||||
|
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
|
||||||
|
|
||||||
|
When we got a key request for or from a node we don't know, we disconnected the
|
||||||
|
node that forwarded us that request. However, especially in TunnelServer mode,
|
||||||
|
disconnecting does not help. We now ignore such requests, but since there is no
|
||||||
|
way of telling the original sender that the request was dropped, we now retry
|
||||||
|
sending REQ_KEY requests when we don't get an ANS_KEY back.
|
||||||
|
|
||||||
|
commit 469fa318bc817908af9a51e3a980ffc998fae6f2
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Fri Jan 22 21:59:40 2010 +0100
|
||||||
|
|
||||||
|
Run subnet-up/down scripts for local MAC addresses as well.
|
||||||
|
|
||||||
|
commit 5d194b9f8767390d9fb1170554a8b6928214957a
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Fri Jan 22 21:47:26 2010 +0100
|
||||||
|
|
||||||
|
Fix subnet-up/down scripts being called with an empty SUBNET.
|
||||||
|
|
||||||
|
Commit 052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
|
||||||
|
scripts to be called with an empty, or possibly corrupted SUBNET variable when
|
||||||
|
a Subnet is added or removed while the owner is still online. In router mode,
|
||||||
|
this normally does not happen, but in switch mode this is normal.
|
||||||
|
|
||||||
|
commit b45511118421920771f5dcd5e4bafc04376e4450
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Sat Jan 16 20:16:33 2010 +0100
|
||||||
|
|
||||||
|
Make MSS clamping configurable, but enabled by default.
|
||||||
|
|
||||||
|
It can either be set globally in tinc.conf, or per-node in host config files.
|
||||||
|
|
||||||
|
commit 95928f7c2910a7da01a89cdc63c86c4d87fac004
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Sat Jan 16 19:32:33 2010 +0100
|
||||||
|
|
||||||
|
Also clamp MSS of TCP over IPv6 packets.
|
||||||
|
|
||||||
|
commit b1945f70fe993ca447555a1e27f35638b0c1fd8b
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Fri Jan 15 23:41:14 2010 +0100
|
||||||
|
|
||||||
|
Optimise handling of select() returning <= 0.
|
||||||
|
|
||||||
|
Before, we immediately retried select() if it returned -1 and errno is EAGAIN
|
||||||
|
or EINTR, and if it returned 0 it would check for network events even if we
|
||||||
|
know there are none. Now, if -1 or 0 is returned we skip checking network
|
||||||
|
events, but we do check for timer and signal events.
|
||||||
|
|
||||||
|
commit 51099658c919794cde72ea1107b9d9b9c3cee926
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Fri Jan 15 23:19:08 2010 +0100
|
||||||
|
|
||||||
|
Ping nodes immediately when receiving SIGALRM.
|
||||||
|
|
||||||
|
One reason to send the ALRM signal is to let tinc immediately try to connect to
|
||||||
|
outgoing nodes, for example when PPP or DHCP configuration of the outgoing
|
||||||
|
interface finished. Conversely, when the outgoing interface goes down one can
|
||||||
|
now send this signal to let tinc quickly detect that links are down too.
|
||||||
|
|
||||||
|
commit 2a538ed34332b3392f866d56accd9efecc9467ed
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Fri Jan 15 13:42:37 2010 +0100
|
||||||
|
|
||||||
|
Clamp MSS of IPv4 SYN packets.
|
||||||
|
|
||||||
|
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends. We
|
||||||
|
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
|
||||||
|
sending too large packets.
|
||||||
|
|
||||||
|
commit e4812ba9cc4262ec921944f02639ce55781d7497
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Thu Dec 24 12:42:21 2009 +0100
|
||||||
|
|
||||||
|
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
|
||||||
|
|
||||||
|
commit 7203d5fb07be2d3ae006c2b65d0be1e6533e1273
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Wed Dec 23 19:51:55 2009 +0100
|
||||||
|
|
||||||
|
Use xstrdup() instead of xasprintf() to copy static strings.
|
||||||
|
|
||||||
|
commit a9a803d5662832eb397837055a49fd94118eabf3
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Wed Dec 23 19:49:38 2009 +0100
|
||||||
|
|
||||||
|
Allow port to be specified in Address statements.
|
||||||
|
|
||||||
|
This allows one to connect to use more than one port number to connect to
|
||||||
|
another node. The syntax is now:
|
||||||
|
|
||||||
|
Address = <hostname> [<port>]
|
||||||
|
|
||||||
|
commit 43e34d8180c90682ed1601dec3de7f68ec96d65b
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Wed Dec 23 19:22:06 2009 +0100
|
||||||
|
|
||||||
|
Do not fragment packets smaller than RFC defined minimum MTUs.
|
||||||
|
|
||||||
|
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
|
||||||
|
68, but this is such a low limit that it will probably hurt performance, so we
|
||||||
|
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
|
||||||
|
791). If we detect a path MTU smaller than those minima, and we have to handle
|
||||||
|
a packet that is bigger than the PMTU but smaller than those minima, we forward
|
||||||
|
them via TCP instead of fragmenting or returning ICMP packets.
|
||||||
|
|
||||||
|
commit 369fe1ab1cbfc3f8305de1faab2e30157378b044
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Tue Dec 8 22:18:37 2009 +0000
|
||||||
|
|
||||||
|
Forget addresses of unreachable nodes.
|
||||||
|
|
||||||
|
We clear the cached address used for UDP connections when a node becomes
|
||||||
|
unreachable. This also prevents host-up scripts from passing the old, cached
|
||||||
|
address from when the host becomes reachable again from a different address.
|
||||||
|
|
||||||
|
commit 62f235e05c54e458724f437e519ed1b3e17835b1
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Sat Nov 28 11:56:13 2009 +0000
|
||||||
|
|
||||||
|
Remove unused variable in lookup_subnet_*() functions.
|
||||||
|
|
||||||
|
commit 92aefd25bf9e8e63f199cc252218f5c427f836b7
|
||||||
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Sat Nov 28 11:52:23 2009 +0000
|
||||||
|
|
||||||
|
When learning MAC addresses, only check our own Subnets for previous entries.
|
||||||
|
|
||||||
|
Before it would check all addresses, and not learn an address if another node
|
||||||
|
already claimed that address. This caused fast roaming to fail, the code from
|
||||||
|
commit 6f6f426b353596edca77829c0477268fc2fc1925 was never triggered.
|
||||||
|
|
||||||
commit 44834d030464bbe1f7733caba8d96c678f1d6cf2
|
commit 44834d030464bbe1f7733caba8d96c678f1d6cf2
|
||||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
Date: Sun Nov 1 16:24:39 2009 +0100
|
Date: Sun Nov 1 16:24:39 2009 +0100
|
||||||
|
|
93
INSTALL
93
INSTALL
|
@ -4,8 +4,10 @@ Installation Instructions
|
||||||
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
|
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
|
||||||
2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This file is free documentation; the Free Software Foundation gives
|
Copying and distribution of this file, with or without modification,
|
||||||
unlimited permission to copy, distribute and modify it.
|
are permitted in any medium without royalty provided the copyright
|
||||||
|
notice and this notice are preserved. This file is offered as-is,
|
||||||
|
without warranty of any kind.
|
||||||
|
|
||||||
Basic Installation
|
Basic Installation
|
||||||
==================
|
==================
|
||||||
|
@ -13,7 +15,11 @@ Basic Installation
|
||||||
Briefly, the shell commands `./configure; make; make install' should
|
Briefly, the shell commands `./configure; make; make install' should
|
||||||
configure, build, and install this package. The following
|
configure, build, and install this package. The following
|
||||||
more-detailed instructions are generic; see the `README' file for
|
more-detailed instructions are generic; see the `README' file for
|
||||||
instructions specific to this package.
|
instructions specific to this package. Some packages provide this
|
||||||
|
`INSTALL' file but do not implement all of the features documented
|
||||||
|
below. The lack of an optional feature in a given package is not
|
||||||
|
necessarily a bug. More recommendations for GNU packages can be found
|
||||||
|
in *note Makefile Conventions: (standards)Makefile Conventions.
|
||||||
|
|
||||||
The `configure' shell script attempts to guess correct values for
|
The `configure' shell script attempts to guess correct values for
|
||||||
various system-dependent variables used during compilation. It uses
|
various system-dependent variables used during compilation. It uses
|
||||||
|
@ -53,12 +59,22 @@ The simplest way to compile this package is:
|
||||||
2. Type `make' to compile the package.
|
2. Type `make' to compile the package.
|
||||||
|
|
||||||
3. Optionally, type `make check' to run any self-tests that come with
|
3. Optionally, type `make check' to run any self-tests that come with
|
||||||
the package.
|
the package, generally using the just-built uninstalled binaries.
|
||||||
|
|
||||||
4. Type `make install' to install the programs and any data files and
|
4. Type `make install' to install the programs and any data files and
|
||||||
documentation.
|
documentation. When installing into a prefix owned by root, it is
|
||||||
|
recommended that the package be configured and built as a regular
|
||||||
|
user, and only the `make install' phase executed with root
|
||||||
|
privileges.
|
||||||
|
|
||||||
5. You can remove the program binaries and object files from the
|
5. Optionally, type `make installcheck' to repeat any self-tests, but
|
||||||
|
this time using the binaries in their final installed location.
|
||||||
|
This target does not install anything. Running this target as a
|
||||||
|
regular user, particularly if the prior `make install' required
|
||||||
|
root privileges, verifies that the installation completed
|
||||||
|
correctly.
|
||||||
|
|
||||||
|
6. You can remove the program binaries and object files from the
|
||||||
source code directory by typing `make clean'. To also remove the
|
source code directory by typing `make clean'. To also remove the
|
||||||
files that `configure' created (so you can compile the package for
|
files that `configure' created (so you can compile the package for
|
||||||
a different kind of computer), type `make distclean'. There is
|
a different kind of computer), type `make distclean'. There is
|
||||||
|
@ -67,8 +83,15 @@ The simplest way to compile this package is:
|
||||||
all sorts of other programs in order to regenerate files that came
|
all sorts of other programs in order to regenerate files that came
|
||||||
with the distribution.
|
with the distribution.
|
||||||
|
|
||||||
6. Often, you can also type `make uninstall' to remove the installed
|
7. Often, you can also type `make uninstall' to remove the installed
|
||||||
files again.
|
files again. In practice, not all packages have tested that
|
||||||
|
uninstallation works correctly, even though it is required by the
|
||||||
|
GNU Coding Standards.
|
||||||
|
|
||||||
|
8. Some packages, particularly those that use Automake, provide `make
|
||||||
|
distcheck', which can by used by developers to test that all other
|
||||||
|
targets like `make install' and `make uninstall' work correctly.
|
||||||
|
This target is generally not run by end users.
|
||||||
|
|
||||||
Compilers and Options
|
Compilers and Options
|
||||||
=====================
|
=====================
|
||||||
|
@ -93,7 +116,8 @@ same time, by placing the object files for each architecture in their
|
||||||
own directory. To do this, you can use GNU `make'. `cd' to the
|
own directory. To do this, you can use GNU `make'. `cd' to the
|
||||||
directory where you want the object files and executables to go and run
|
directory where you want the object files and executables to go and run
|
||||||
the `configure' script. `configure' automatically checks for the
|
the `configure' script. `configure' automatically checks for the
|
||||||
source code in the directory that `configure' is in and in `..'.
|
source code in the directory that `configure' is in and in `..'. This
|
||||||
|
is known as a "VPATH" build.
|
||||||
|
|
||||||
With a non-GNU `make', it is safer to compile the package for one
|
With a non-GNU `make', it is safer to compile the package for one
|
||||||
architecture at a time in the source code directory. After you have
|
architecture at a time in the source code directory. After you have
|
||||||
|
@ -120,7 +144,8 @@ Installation Names
|
||||||
By default, `make install' installs the package's commands under
|
By default, `make install' installs the package's commands under
|
||||||
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
||||||
can specify an installation prefix other than `/usr/local' by giving
|
can specify an installation prefix other than `/usr/local' by giving
|
||||||
`configure' the option `--prefix=PREFIX'.
|
`configure' the option `--prefix=PREFIX', where PREFIX must be an
|
||||||
|
absolute file name.
|
||||||
|
|
||||||
You can specify separate installation prefixes for
|
You can specify separate installation prefixes for
|
||||||
architecture-specific files and architecture-independent files. If you
|
architecture-specific files and architecture-independent files. If you
|
||||||
|
@ -131,15 +156,46 @@ Documentation and other data files still use the regular prefix.
|
||||||
In addition, if you use an unusual directory layout you can give
|
In addition, if you use an unusual directory layout you can give
|
||||||
options like `--bindir=DIR' to specify different values for particular
|
options like `--bindir=DIR' to specify different values for particular
|
||||||
kinds of files. Run `configure --help' for a list of the directories
|
kinds of files. Run `configure --help' for a list of the directories
|
||||||
you can set and what kinds of files go in them.
|
you can set and what kinds of files go in them. In general, the
|
||||||
|
default for these options is expressed in terms of `${prefix}', so that
|
||||||
|
specifying just `--prefix' will affect all of the other directory
|
||||||
|
specifications that were not explicitly provided.
|
||||||
|
|
||||||
|
The most portable way to affect installation locations is to pass the
|
||||||
|
correct locations to `configure'; however, many packages provide one or
|
||||||
|
both of the following shortcuts of passing variable assignments to the
|
||||||
|
`make install' command line to change installation locations without
|
||||||
|
having to reconfigure or recompile.
|
||||||
|
|
||||||
|
The first method involves providing an override variable for each
|
||||||
|
affected directory. For example, `make install
|
||||||
|
prefix=/alternate/directory' will choose an alternate location for all
|
||||||
|
directory configuration variables that were expressed in terms of
|
||||||
|
`${prefix}'. Any directories that were specified during `configure',
|
||||||
|
but not in terms of `${prefix}', must each be overridden at install
|
||||||
|
time for the entire installation to be relocated. The approach of
|
||||||
|
makefile variable overrides for each directory variable is required by
|
||||||
|
the GNU Coding Standards, and ideally causes no recompilation.
|
||||||
|
However, some platforms have known limitations with the semantics of
|
||||||
|
shared libraries that end up requiring recompilation when using this
|
||||||
|
method, particularly noticeable in packages that use GNU Libtool.
|
||||||
|
|
||||||
|
The second method involves providing the `DESTDIR' variable. For
|
||||||
|
example, `make install DESTDIR=/alternate/directory' will prepend
|
||||||
|
`/alternate/directory' before all installation names. The approach of
|
||||||
|
`DESTDIR' overrides is not required by the GNU Coding Standards, and
|
||||||
|
does not work on platforms that have drive letters. On the other hand,
|
||||||
|
it does better at avoiding recompilation issues, and works well even
|
||||||
|
when some directory options were not specified in terms of `${prefix}'
|
||||||
|
at `configure' time.
|
||||||
|
|
||||||
|
Optional Features
|
||||||
|
=================
|
||||||
|
|
||||||
If the package supports it, you can cause programs to be installed
|
If the package supports it, you can cause programs to be installed
|
||||||
with an extra prefix or suffix on their names by giving `configure' the
|
with an extra prefix or suffix on their names by giving `configure' the
|
||||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
||||||
|
|
||||||
Optional Features
|
|
||||||
=================
|
|
||||||
|
|
||||||
Some packages pay attention to `--enable-FEATURE' options to
|
Some packages pay attention to `--enable-FEATURE' options to
|
||||||
`configure', where FEATURE indicates an optional part of the package.
|
`configure', where FEATURE indicates an optional part of the package.
|
||||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
||||||
|
@ -152,6 +208,13 @@ find the X include and library files automatically, but if it doesn't,
|
||||||
you can use the `configure' options `--x-includes=DIR' and
|
you can use the `configure' options `--x-includes=DIR' and
|
||||||
`--x-libraries=DIR' to specify their locations.
|
`--x-libraries=DIR' to specify their locations.
|
||||||
|
|
||||||
|
Some packages offer the ability to configure how verbose the
|
||||||
|
execution of `make' will be. For these packages, running `./configure
|
||||||
|
--enable-silent-rules' sets the default to minimal output, which can be
|
||||||
|
overridden with `make V=1'; while running `./configure
|
||||||
|
--disable-silent-rules' sets the default to verbose, which can be
|
||||||
|
overridden with `make V=0'.
|
||||||
|
|
||||||
Particular systems
|
Particular systems
|
||||||
==================
|
==================
|
||||||
|
|
||||||
|
@ -288,7 +351,7 @@ operates.
|
||||||
`configure' can determine that directory automatically.
|
`configure' can determine that directory automatically.
|
||||||
|
|
||||||
`--prefix=DIR'
|
`--prefix=DIR'
|
||||||
Use DIR as the installation prefix. *Note Installation Names::
|
Use DIR as the installation prefix. *note Installation Names::
|
||||||
for more details, including other options available for fine-tuning
|
for more details, including other options available for fine-tuning
|
||||||
the installation locations.
|
the installation locations.
|
||||||
|
|
||||||
|
|
17
Makefile.in
17
Makefile.in
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
|
@ -269,7 +269,7 @@ distclean-hdr:
|
||||||
# (which will cause the Makefiles to be regenerated when you run `make');
|
# (which will cause the Makefiles to be regenerated when you run `make');
|
||||||
# (2) otherwise, pass the desired values on the `make' command line.
|
# (2) otherwise, pass the desired values on the `make' command line.
|
||||||
$(RECURSIVE_TARGETS):
|
$(RECURSIVE_TARGETS):
|
||||||
@failcom='exit 1'; \
|
@fail= failcom='exit 1'; \
|
||||||
for f in x $$MAKEFLAGS; do \
|
for f in x $$MAKEFLAGS; do \
|
||||||
case $$f in \
|
case $$f in \
|
||||||
*=* | --[!k]*);; \
|
*=* | --[!k]*);; \
|
||||||
|
@ -294,7 +294,7 @@ $(RECURSIVE_TARGETS):
|
||||||
fi; test -z "$$fail"
|
fi; test -z "$$fail"
|
||||||
|
|
||||||
$(RECURSIVE_CLEAN_TARGETS):
|
$(RECURSIVE_CLEAN_TARGETS):
|
||||||
@failcom='exit 1'; \
|
@fail= failcom='exit 1'; \
|
||||||
for f in x $$MAKEFLAGS; do \
|
for f in x $$MAKEFLAGS; do \
|
||||||
case $$f in \
|
case $$f in \
|
||||||
*=* | --[!k]*);; \
|
*=* | --[!k]*);; \
|
||||||
|
@ -458,7 +458,8 @@ distdir: $(DISTFILES)
|
||||||
fi; \
|
fi; \
|
||||||
done
|
done
|
||||||
-test -n "$(am__skip_mode_fix)" \
|
-test -n "$(am__skip_mode_fix)" \
|
||||||
|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
|
|| find "$(distdir)" -type d ! -perm -755 \
|
||||||
|
-exec chmod u+rwx,go+rx {} \; -o \
|
||||||
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
|
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
|
||||||
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
|
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
|
||||||
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
||||||
|
@ -502,17 +503,17 @@ dist dist-all: distdir
|
||||||
distcheck: dist
|
distcheck: dist
|
||||||
case '$(DIST_ARCHIVES)' in \
|
case '$(DIST_ARCHIVES)' in \
|
||||||
*.tar.gz*) \
|
*.tar.gz*) \
|
||||||
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
|
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||||
*.tar.bz2*) \
|
*.tar.bz2*) \
|
||||||
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
|
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||||
*.tar.lzma*) \
|
*.tar.lzma*) \
|
||||||
unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
|
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
|
||||||
*.tar.xz*) \
|
*.tar.xz*) \
|
||||||
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
|
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
|
||||||
*.tar.Z*) \
|
*.tar.Z*) \
|
||||||
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
||||||
*.shar.gz*) \
|
*.shar.gz*) \
|
||||||
GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
|
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
|
||||||
*.zip*) \
|
*.zip*) \
|
||||||
unzip $(distdir).zip ;;\
|
unzip $(distdir).zip ;;\
|
||||||
esac
|
esac
|
||||||
|
|
15
NEWS
15
NEWS
|
@ -1,3 +1,18 @@
|
||||||
|
Version 1.0.12 Feb 3 2010
|
||||||
|
|
||||||
|
* Really allow fast roaming of hosts to other nodes in a switched VPN.
|
||||||
|
|
||||||
|
* Fixes missing or incorrect environment variables when calling host-up/down
|
||||||
|
and subnet-up/down scripts in some cases.
|
||||||
|
|
||||||
|
* Allow port to be specified in Address statements.
|
||||||
|
|
||||||
|
* Clamp MSS of TCP packets to the discovered path MTU.
|
||||||
|
|
||||||
|
* Let two nodes behind NAT learn each others current UDP address and port via
|
||||||
|
a third node, potentially allowing direct communications in a similar way to
|
||||||
|
STUN.
|
||||||
|
|
||||||
Version 1.0.11 Nov 1 2009
|
Version 1.0.11 Nov 1 2009
|
||||||
|
|
||||||
* Fixed potential crash when the HUP signal is sent.
|
* Fixed potential crash when the HUP signal is sent.
|
||||||
|
|
6
README
6
README
|
@ -1,7 +1,7 @@
|
||||||
This is the README file for tinc version 1.0.11. Installation
|
This is the README file for tinc version 1.0.12. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2009 by:
|
tinc is Copyright (C) 1998-2010 by:
|
||||||
|
|
||||||
Ivo Timmermans,
|
Ivo Timmermans,
|
||||||
Guus Sliepen <guus@tinc-vpn.org>,
|
Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Version 1.0.11 is compatible with 1.0pre8, 1.0 and later, but not with older
|
Version 1.0.12 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||||
versions of tinc.
|
versions of tinc.
|
||||||
|
|
||||||
|
|
||||||
|
|
10
aclocal.m4
vendored
10
aclocal.m4
vendored
|
@ -1,4 +1,4 @@
|
||||||
# generated automatically by aclocal 1.11 -*- Autoconf -*-
|
# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
||||||
# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
||||||
|
@ -13,8 +13,8 @@
|
||||||
|
|
||||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||||
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.64],,
|
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],,
|
||||||
[m4_warning([this file was generated for autoconf 2.64.
|
[m4_warning([this file was generated for autoconf 2.65.
|
||||||
You have another version of autoconf. It may work, but is not guaranteed to.
|
You have another version of autoconf. It may work, but is not guaranteed to.
|
||||||
If you have problems, you may need to regenerate the build system entirely.
|
If you have problems, you may need to regenerate the build system entirely.
|
||||||
To do so, use the procedure documented by the package, typically `autoreconf'.])])
|
To do so, use the procedure documented by the package, typically `autoreconf'.])])
|
||||||
|
@ -34,7 +34,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
||||||
[am__api_version='1.11'
|
[am__api_version='1.11'
|
||||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||||
dnl require some minimum version. Point them to the right macro.
|
dnl require some minimum version. Point them to the right macro.
|
||||||
m4_if([$1], [1.11], [],
|
m4_if([$1], [1.11.1], [],
|
||||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
||||||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||||
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
||||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||||
[AM_AUTOMAKE_VERSION([1.11])dnl
|
[AM_AUTOMAKE_VERSION([1.11.1])dnl
|
||||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||||
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||||
|
|
175
configure
vendored
175
configure
vendored
|
@ -1,10 +1,12 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.64.
|
# Generated by GNU Autoconf 2.65.
|
||||||
|
#
|
||||||
#
|
#
|
||||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
|
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
|
||||||
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software
|
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
|
||||||
# Foundation, Inc.
|
# Inc.
|
||||||
|
#
|
||||||
#
|
#
|
||||||
# This configure script is free software; the Free Software Foundation
|
# This configure script is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy, distribute and modify it.
|
# gives unlimited permission to copy, distribute and modify it.
|
||||||
|
@ -524,7 +526,8 @@ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
|
||||||
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
|
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
|
||||||
|
|
||||||
|
|
||||||
exec 7<&0 </dev/null 6>&1
|
test -n "$DJDIR" || exec 7<&0 </dev/null
|
||||||
|
exec 6>&1
|
||||||
|
|
||||||
# Name of the host.
|
# Name of the host.
|
||||||
# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
|
# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
|
||||||
|
@ -1364,7 +1367,7 @@ Some influential environment variables:
|
||||||
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
|
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
|
||||||
nonstandard directory <lib dir>
|
nonstandard directory <lib dir>
|
||||||
LIBS libraries to pass to the linker, e.g. -l<library>
|
LIBS libraries to pass to the linker, e.g. -l<library>
|
||||||
CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
|
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
|
||||||
you have headers in a nonstandard directory <include dir>
|
you have headers in a nonstandard directory <include dir>
|
||||||
CPP C preprocessor
|
CPP C preprocessor
|
||||||
|
|
||||||
|
@ -1435,7 +1438,7 @@ test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
configure
|
configure
|
||||||
generated by GNU Autoconf 2.64
|
generated by GNU Autoconf 2.65
|
||||||
|
|
||||||
Copyright (C) 2009 Free Software Foundation, Inc.
|
Copyright (C) 2009 Free Software Foundation, Inc.
|
||||||
This configure script is free software; the Free Software Foundation
|
This configure script is free software; the Free Software Foundation
|
||||||
|
@ -1482,7 +1485,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
|
||||||
ac_retval=1
|
ac_retval=1
|
||||||
fi
|
fi
|
||||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||||
return $ac_retval
|
as_fn_set_status $ac_retval
|
||||||
|
|
||||||
} # ac_fn_c_try_compile
|
} # ac_fn_c_try_compile
|
||||||
|
|
||||||
|
@ -1519,7 +1522,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
|
||||||
ac_retval=1
|
ac_retval=1
|
||||||
fi
|
fi
|
||||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||||
return $ac_retval
|
as_fn_set_status $ac_retval
|
||||||
|
|
||||||
} # ac_fn_c_try_cpp
|
} # ac_fn_c_try_cpp
|
||||||
|
|
||||||
|
@ -1648,7 +1651,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
|
||||||
fi
|
fi
|
||||||
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
||||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||||
return $ac_retval
|
as_fn_set_status $ac_retval
|
||||||
|
|
||||||
} # ac_fn_c_try_run
|
} # ac_fn_c_try_run
|
||||||
|
|
||||||
|
@ -1779,7 +1782,7 @@ fi
|
||||||
# left behind by Apple's compiler. We do this before executing the actions.
|
# left behind by Apple's compiler. We do this before executing the actions.
|
||||||
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
||||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||||
return $ac_retval
|
as_fn_set_status $ac_retval
|
||||||
|
|
||||||
} # ac_fn_c_try_link
|
} # ac_fn_c_try_link
|
||||||
|
|
||||||
|
@ -1893,7 +1896,7 @@ This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by $as_me, which was
|
It was created by $as_me, which was
|
||||||
generated by GNU Autoconf 2.64. Invocation command line was
|
generated by GNU Autoconf 2.65. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
|
|
||||||
|
@ -2146,7 +2149,7 @@ fi
|
||||||
for ac_site_file in "$ac_site_file1" "$ac_site_file2"
|
for ac_site_file in "$ac_site_file1" "$ac_site_file2"
|
||||||
do
|
do
|
||||||
test "x$ac_site_file" = xNONE && continue
|
test "x$ac_site_file" = xNONE && continue
|
||||||
if test -r "$ac_site_file"; then
|
if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
|
||||||
$as_echo "$as_me: loading site script $ac_site_file" >&6;}
|
$as_echo "$as_me: loading site script $ac_site_file" >&6;}
|
||||||
sed 's/^/| /' "$ac_site_file" >&5
|
sed 's/^/| /' "$ac_site_file" >&5
|
||||||
|
@ -2155,9 +2158,9 @@ $as_echo "$as_me: loading site script $ac_site_file" >&6;}
|
||||||
done
|
done
|
||||||
|
|
||||||
if test -r "$cache_file"; then
|
if test -r "$cache_file"; then
|
||||||
# Some versions of bash will fail to source /dev/null (special
|
# Some versions of bash will fail to source /dev/null (special files
|
||||||
# files actually), so we avoid doing that.
|
# actually), so we avoid doing that. DJGPP emulates it as a regular file.
|
||||||
if test -f "$cache_file"; then
|
if test /dev/null != "$cache_file" && test -f "$cache_file"; then
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
|
||||||
$as_echo "$as_me: loading cache $cache_file" >&6;}
|
$as_echo "$as_me: loading cache $cache_file" >&6;}
|
||||||
case $cache_file in
|
case $cache_file in
|
||||||
|
@ -2577,6 +2580,7 @@ IFS=$as_save_IFS
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
test -d ./--version && rmdir ./--version
|
||||||
if test "${ac_cv_path_mkdir+set}" = set; then
|
if test "${ac_cv_path_mkdir+set}" = set; then
|
||||||
MKDIR_P="$ac_cv_path_mkdir -p"
|
MKDIR_P="$ac_cv_path_mkdir -p"
|
||||||
else
|
else
|
||||||
|
@ -2584,7 +2588,6 @@ fi
|
||||||
# value for MKDIR_P within a source directory, because that will
|
# value for MKDIR_P within a source directory, because that will
|
||||||
# break other packages using the cache if that directory is
|
# break other packages using the cache if that directory is
|
||||||
# removed, or if the value is a relative name.
|
# removed, or if the value is a relative name.
|
||||||
test -d ./--version && rmdir ./--version
|
|
||||||
MKDIR_P="$ac_install_sh -d"
|
MKDIR_P="$ac_install_sh -d"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -2701,7 +2704,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE=tinc
|
PACKAGE=tinc
|
||||||
VERSION=1.0.11
|
VERSION=1.0.12
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
@ -3154,32 +3157,30 @@ $as_echo "$ac_try_echo"; } >&5
|
||||||
... rest of stderr output deleted ...
|
... rest of stderr output deleted ...
|
||||||
10q' conftest.err >conftest.er1
|
10q' conftest.err >conftest.er1
|
||||||
cat conftest.er1 >&5
|
cat conftest.er1 >&5
|
||||||
rm -f conftest.er1 conftest.err
|
|
||||||
fi
|
fi
|
||||||
|
rm -f conftest.er1 conftest.err
|
||||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||||
test $ac_status = 0; }
|
test $ac_status = 0; }
|
||||||
done
|
done
|
||||||
|
|
||||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
/* end confdefs.h. */
|
/* end confdefs.h. */
|
||||||
#include <stdio.h>
|
|
||||||
int
|
int
|
||||||
main ()
|
main ()
|
||||||
{
|
{
|
||||||
FILE *f = fopen ("conftest.out", "w");
|
|
||||||
return ferror (f) || fclose (f) != 0;
|
|
||||||
|
|
||||||
;
|
;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
_ACEOF
|
_ACEOF
|
||||||
ac_clean_files_save=$ac_clean_files
|
ac_clean_files_save=$ac_clean_files
|
||||||
ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out conftest.out"
|
ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
|
||||||
# Try to create an executable without -o first, disregard a.out.
|
# Try to create an executable without -o first, disregard a.out.
|
||||||
# It will help us diagnose broken compilers, and finding out an intuition
|
# It will help us diagnose broken compilers, and finding out an intuition
|
||||||
# of exeext.
|
# of exeext.
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
|
||||||
$as_echo_n "checking for C compiler default output file name... " >&6; }
|
$as_echo_n "checking whether the C compiler works... " >&6; }
|
||||||
ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
|
ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
|
||||||
|
|
||||||
# The possible output files:
|
# The possible output files:
|
||||||
|
@ -3241,9 +3242,9 @@ test "$ac_cv_exeext" = no && ac_cv_exeext=
|
||||||
else
|
else
|
||||||
ac_file=''
|
ac_file=''
|
||||||
fi
|
fi
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
|
|
||||||
$as_echo "$ac_file" >&6; }
|
|
||||||
if test -z "$ac_file"; then :
|
if test -z "$ac_file"; then :
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||||
|
$as_echo "no" >&6; }
|
||||||
$as_echo "$as_me: failed program was:" >&5
|
$as_echo "$as_me: failed program was:" >&5
|
||||||
sed 's/^/| /' conftest.$ac_ext >&5
|
sed 's/^/| /' conftest.$ac_ext >&5
|
||||||
|
|
||||||
|
@ -3252,51 +3253,18 @@ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||||
{ as_fn_set_status 77
|
{ as_fn_set_status 77
|
||||||
as_fn_error "C compiler cannot create executables
|
as_fn_error "C compiler cannot create executables
|
||||||
See \`config.log' for more details." "$LINENO" 5; }; }
|
See \`config.log' for more details." "$LINENO" 5; }; }
|
||||||
fi
|
|
||||||
ac_exeext=$ac_cv_exeext
|
|
||||||
|
|
||||||
# Check that the compiler produces executables we can run. If not, either
|
|
||||||
# the compiler is broken, or we cross compile.
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
|
|
||||||
$as_echo_n "checking whether the C compiler works... " >&6; }
|
|
||||||
# If not cross compiling, check that we can run a simple program.
|
|
||||||
if test "$cross_compiling" != yes; then
|
|
||||||
if { ac_try='./$ac_file'
|
|
||||||
{ { case "(($ac_try" in
|
|
||||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
|
||||||
*) ac_try_echo=$ac_try;;
|
|
||||||
esac
|
|
||||||
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
|
||||||
$as_echo "$ac_try_echo"; } >&5
|
|
||||||
(eval "$ac_try") 2>&5
|
|
||||||
ac_status=$?
|
|
||||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
|
||||||
test $ac_status = 0; }; }; then
|
|
||||||
cross_compiling=no
|
|
||||||
else
|
else
|
||||||
if test "$cross_compiling" = maybe; then
|
|
||||||
cross_compiling=yes
|
|
||||||
else
|
|
||||||
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
|
||||||
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|
||||||
as_fn_error "cannot run C compiled programs.
|
|
||||||
If you meant to cross compile, use \`--host'.
|
|
||||||
See \`config.log' for more details." "$LINENO" 5; }
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
|
||||||
$as_echo "yes" >&6; }
|
$as_echo "yes" >&6; }
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
|
||||||
|
$as_echo_n "checking for C compiler default output file name... " >&6; }
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
|
||||||
|
$as_echo "$ac_file" >&6; }
|
||||||
|
ac_exeext=$ac_cv_exeext
|
||||||
|
|
||||||
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out conftest.out
|
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
|
||||||
ac_clean_files=$ac_clean_files_save
|
ac_clean_files=$ac_clean_files_save
|
||||||
# Check that the compiler produces executables we can run. If not, either
|
|
||||||
# the compiler is broken, or we cross compile.
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
|
|
||||||
$as_echo_n "checking whether we are cross compiling... " >&6; }
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
|
|
||||||
$as_echo "$cross_compiling" >&6; }
|
|
||||||
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
|
||||||
$as_echo_n "checking for suffix of executables... " >&6; }
|
$as_echo_n "checking for suffix of executables... " >&6; }
|
||||||
if { { ac_try="$ac_link"
|
if { { ac_try="$ac_link"
|
||||||
|
@ -3329,13 +3297,72 @@ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||||
as_fn_error "cannot compute suffix of executables: cannot compile and link
|
as_fn_error "cannot compute suffix of executables: cannot compile and link
|
||||||
See \`config.log' for more details." "$LINENO" 5; }
|
See \`config.log' for more details." "$LINENO" 5; }
|
||||||
fi
|
fi
|
||||||
rm -f conftest$ac_cv_exeext
|
rm -f conftest conftest$ac_cv_exeext
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
|
||||||
$as_echo "$ac_cv_exeext" >&6; }
|
$as_echo "$ac_cv_exeext" >&6; }
|
||||||
|
|
||||||
rm -f conftest.$ac_ext
|
rm -f conftest.$ac_ext
|
||||||
EXEEXT=$ac_cv_exeext
|
EXEEXT=$ac_cv_exeext
|
||||||
ac_exeext=$EXEEXT
|
ac_exeext=$EXEEXT
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
#include <stdio.h>
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
FILE *f = fopen ("conftest.out", "w");
|
||||||
|
return ferror (f) || fclose (f) != 0;
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
ac_clean_files="$ac_clean_files conftest.out"
|
||||||
|
# Check that the compiler produces executables we can run. If not, either
|
||||||
|
# the compiler is broken, or we cross compile.
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
|
||||||
|
$as_echo_n "checking whether we are cross compiling... " >&6; }
|
||||||
|
if test "$cross_compiling" != yes; then
|
||||||
|
{ { ac_try="$ac_link"
|
||||||
|
case "(($ac_try" in
|
||||||
|
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||||
|
*) ac_try_echo=$ac_try;;
|
||||||
|
esac
|
||||||
|
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
||||||
|
$as_echo "$ac_try_echo"; } >&5
|
||||||
|
(eval "$ac_link") 2>&5
|
||||||
|
ac_status=$?
|
||||||
|
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||||
|
test $ac_status = 0; }
|
||||||
|
if { ac_try='./conftest$ac_cv_exeext'
|
||||||
|
{ { case "(($ac_try" in
|
||||||
|
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||||
|
*) ac_try_echo=$ac_try;;
|
||||||
|
esac
|
||||||
|
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
||||||
|
$as_echo "$ac_try_echo"; } >&5
|
||||||
|
(eval "$ac_try") 2>&5
|
||||||
|
ac_status=$?
|
||||||
|
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||||
|
test $ac_status = 0; }; }; then
|
||||||
|
cross_compiling=no
|
||||||
|
else
|
||||||
|
if test "$cross_compiling" = maybe; then
|
||||||
|
cross_compiling=yes
|
||||||
|
else
|
||||||
|
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||||
|
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||||
|
as_fn_error "cannot run C compiled programs.
|
||||||
|
If you meant to cross compile, use \`--host'.
|
||||||
|
See \`config.log' for more details." "$LINENO" 5; }
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
|
||||||
|
$as_echo "$cross_compiling" >&6; }
|
||||||
|
|
||||||
|
rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
|
||||||
|
ac_clean_files=$ac_clean_files_save
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
|
||||||
$as_echo_n "checking for suffix of object files... " >&6; }
|
$as_echo_n "checking for suffix of object files... " >&6; }
|
||||||
if test "${ac_cv_objext+set}" = set; then :
|
if test "${ac_cv_objext+set}" = set; then :
|
||||||
|
@ -7118,7 +7145,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by $as_me, which was
|
This file was extended by $as_me, which was
|
||||||
generated by GNU Autoconf 2.64. Invocation command line was
|
generated by GNU Autoconf 2.65. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
CONFIG_HEADERS = $CONFIG_HEADERS
|
CONFIG_HEADERS = $CONFIG_HEADERS
|
||||||
|
@ -7158,6 +7185,7 @@ Usage: $0 [OPTION]... [TAG]...
|
||||||
|
|
||||||
-h, --help print this help, then exit
|
-h, --help print this help, then exit
|
||||||
-V, --version print version number and configuration settings, then exit
|
-V, --version print version number and configuration settings, then exit
|
||||||
|
--config print configuration, then exit
|
||||||
-q, --quiet, --silent
|
-q, --quiet, --silent
|
||||||
do not print progress messages
|
do not print progress messages
|
||||||
-d, --debug don't remove temporary files
|
-d, --debug don't remove temporary files
|
||||||
|
@ -7180,10 +7208,11 @@ Report bugs to the package provider."
|
||||||
|
|
||||||
_ACEOF
|
_ACEOF
|
||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
config.status
|
config.status
|
||||||
configured by $0, generated by GNU Autoconf 2.64,
|
configured by $0, generated by GNU Autoconf 2.65,
|
||||||
with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
Copyright (C) 2009 Free Software Foundation, Inc.
|
Copyright (C) 2009 Free Software Foundation, Inc.
|
||||||
This config.status script is free software; the Free Software Foundation
|
This config.status script is free software; the Free Software Foundation
|
||||||
|
@ -7221,6 +7250,8 @@ do
|
||||||
ac_cs_recheck=: ;;
|
ac_cs_recheck=: ;;
|
||||||
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
|
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
|
||||||
$as_echo "$ac_cs_version"; exit ;;
|
$as_echo "$ac_cs_version"; exit ;;
|
||||||
|
--config | --confi | --conf | --con | --co | --c )
|
||||||
|
$as_echo "$ac_cs_config"; exit ;;
|
||||||
--debug | --debu | --deb | --de | --d | -d )
|
--debug | --debu | --deb | --de | --d | -d )
|
||||||
debug=: ;;
|
debug=: ;;
|
||||||
--file | --fil | --fi | --f )
|
--file | --fil | --fi | --f )
|
||||||
|
@ -7412,7 +7443,7 @@ s/'"$ac_delim"'$//
|
||||||
t delim
|
t delim
|
||||||
:nl
|
:nl
|
||||||
h
|
h
|
||||||
s/\(.\{148\}\).*/\1/
|
s/\(.\{148\}\)..*/\1/
|
||||||
t more1
|
t more1
|
||||||
s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
|
s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
|
||||||
p
|
p
|
||||||
|
@ -7426,7 +7457,7 @@ s/.\{148\}//
|
||||||
t nl
|
t nl
|
||||||
:delim
|
:delim
|
||||||
h
|
h
|
||||||
s/\(.\{148\}\).*/\1/
|
s/\(.\{148\}\)..*/\1/
|
||||||
t more2
|
t more2
|
||||||
s/["\\]/\\&/g; s/^/"/; s/$/"/
|
s/["\\]/\\&/g; s/^/"/; s/$/"/
|
||||||
p
|
p
|
||||||
|
|
|
@ -3,7 +3,7 @@ dnl Process this file with autoconf to produce a configure script.
|
||||||
AC_PREREQ(2.61)
|
AC_PREREQ(2.61)
|
||||||
AC_INIT
|
AC_INIT
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AM_INIT_AUTOMAKE(tinc, 1.0.11)
|
AM_INIT_AUTOMAKE(tinc, 1.0.12)
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
AM_MAINTAINER_MODE
|
AM_MAINTAINER_MODE
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
|
|
Binary file not shown.
|
@ -3,7 +3,7 @@
|
||||||
% Load plain if necessary, i.e., if running under initex.
|
% Load plain if necessary, i.e., if running under initex.
|
||||||
\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
|
\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
|
||||||
%
|
%
|
||||||
\def\texinfoversion{2009-05-16.16}
|
\def\texinfoversion{2009-08-14.15}
|
||||||
%
|
%
|
||||||
% Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
|
% Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
|
||||||
% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||||
|
@ -1332,13 +1332,16 @@ output) for that.)}
|
||||||
|
|
||||||
\ifpdf
|
\ifpdf
|
||||||
%
|
%
|
||||||
% Color manipulation macros based on pdfcolor.tex.
|
% Color manipulation macros based on pdfcolor.tex,
|
||||||
\def\cmykDarkRed{0.28 1 1 0.35}
|
% except using rgb instead of cmyk; the latter is said to render as a
|
||||||
\def\cmykBlack{0 0 0 1}
|
% very dark gray on-screen and a very dark halftone in print, instead
|
||||||
|
% of actual black.
|
||||||
|
\def\rgbDarkRed{0.50 0.09 0.12}
|
||||||
|
\def\rgbBlack{0 0 0}
|
||||||
%
|
%
|
||||||
% k sets the color for filling (usual text, etc.);
|
% k sets the color for filling (usual text, etc.);
|
||||||
% K sets the color for stroking (thin rules, e.g., normal _'s).
|
% K sets the color for stroking (thin rules, e.g., normal _'s).
|
||||||
\def\pdfsetcolor#1{\pdfliteral{#1 k #1 K}}
|
\def\pdfsetcolor#1{\pdfliteral{#1 rg #1 RG}}
|
||||||
%
|
%
|
||||||
% Set color, and create a mark which defines \thiscolor accordingly,
|
% Set color, and create a mark which defines \thiscolor accordingly,
|
||||||
% so that \makeheadline knows which color to restore.
|
% so that \makeheadline knows which color to restore.
|
||||||
|
@ -1348,7 +1351,7 @@ output) for that.)}
|
||||||
\pdfsetcolor{#1}%
|
\pdfsetcolor{#1}%
|
||||||
}
|
}
|
||||||
%
|
%
|
||||||
\def\maincolor{\cmykBlack}
|
\def\maincolor{\rgbBlack}
|
||||||
\pdfsetcolor{\maincolor}
|
\pdfsetcolor{\maincolor}
|
||||||
\edef\thiscolor{\maincolor}
|
\edef\thiscolor{\maincolor}
|
||||||
\def\lastcolordefs{}
|
\def\lastcolordefs{}
|
||||||
|
@ -1443,8 +1446,8 @@ output) for that.)}
|
||||||
%
|
%
|
||||||
% by default, use a color that is dark enough to print on paper as
|
% by default, use a color that is dark enough to print on paper as
|
||||||
% nearly black, but still distinguishable for online viewing.
|
% nearly black, but still distinguishable for online viewing.
|
||||||
\def\urlcolor{\cmykDarkRed}
|
\def\urlcolor{\rgbDarkRed}
|
||||||
\def\linkcolor{\cmykDarkRed}
|
\def\linkcolor{\rgbDarkRed}
|
||||||
\def\endlink{\setcolor{\maincolor}\pdfendlink}
|
\def\endlink{\setcolor{\maincolor}\pdfendlink}
|
||||||
%
|
%
|
||||||
% Adding outlines to PDF; macros for calculating structure of outlines
|
% Adding outlines to PDF; macros for calculating structure of outlines
|
||||||
|
@ -4322,6 +4325,7 @@ end
|
||||||
\definedummyword\code
|
\definedummyword\code
|
||||||
\definedummyword\command
|
\definedummyword\command
|
||||||
\definedummyword\dfn
|
\definedummyword\dfn
|
||||||
|
\definedummyword\email
|
||||||
\definedummyword\emph
|
\definedummyword\emph
|
||||||
\definedummyword\env
|
\definedummyword\env
|
||||||
\definedummyword\file
|
\definedummyword\file
|
||||||
|
@ -9272,12 +9276,8 @@ directory should work if nowhere else does.}
|
||||||
@markupsetuplqdefault
|
@markupsetuplqdefault
|
||||||
@markupsetuprqdefault
|
@markupsetuprqdefault
|
||||||
|
|
||||||
@c Gnulib now utterly and painfully insists on no trailing whitespace.
|
|
||||||
@c So we have to nuke it.
|
|
||||||
|
|
||||||
@c Local variables:
|
@c Local variables:
|
||||||
@c eval: (add-hook 'write-file-hooks 'time-stamp)
|
@c eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||||
@c eval: (add-hook 'write-file-hooks 'nuke-trailing-whitespace)
|
|
||||||
@c page-delimiter: "^\\\\message"
|
@c page-delimiter: "^\\\\message"
|
||||||
@c time-stamp-start: "def\\\\texinfoversion{"
|
@c time-stamp-start: "def\\\\texinfoversion{"
|
||||||
@c time-stamp-format: "%:y-%02m-%02d.%02H"
|
@c time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.Dd 2009-03-05
|
.Dd 2010-01-16
|
||||||
.Dt TINC.CONF 5
|
.Dt TINC.CONF 5
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Ivo Timmermans
|
.\" Ivo Timmermans
|
||||||
|
@ -330,9 +330,10 @@ Since host configuration files only contain public keys,
|
||||||
no secrets are revealed by sending out this information.
|
no secrets are revealed by sending out this information.
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It Va Address Li = Ar address Bq recommended
|
.It Va Address Li = Ar address Oo port Oc Bq recommended
|
||||||
The IP address or hostname of this tinc daemon on the real network.
|
The IP address or hostname of this tinc daemon on the real network.
|
||||||
This will only be used when trying to make an outgoing connection to this tinc daemon.
|
This will only be used when trying to make an outgoing connection to this tinc daemon.
|
||||||
|
Optionally, a port can be specified to use for this address.
|
||||||
Multiple
|
Multiple
|
||||||
.Va Address
|
.Va Address
|
||||||
variables can be specified, in which case each address will be tried until a working
|
variables can be specified, in which case each address will be tried until a working
|
||||||
|
@ -346,6 +347,11 @@ Furthermore, specifying
|
||||||
will turn off packet encryption.
|
will turn off packet encryption.
|
||||||
It is best to use only those ciphers which support CBC mode.
|
It is best to use only those ciphers which support CBC mode.
|
||||||
|
|
||||||
|
.It Va ClampMSS Li = yes | no Pq yes
|
||||||
|
This option specifies whether tinc should clamp the maximum segment size (MSS)
|
||||||
|
of TCP packets to the path MTU. This helps in situations where ICMP
|
||||||
|
Fragmentation Needed or Packet too Big messages are dropped by firewalls.
|
||||||
|
|
||||||
.It Va Compression Li = Ar level Pq 0
|
.It Va Compression Li = Ar level Pq 0
|
||||||
This option sets the level of compression used for UDP packets.
|
This option sets the level of compression used for UDP packets.
|
||||||
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
||||||
|
@ -380,7 +386,10 @@ When this option is enabled, tinc will try to discover the path MTU to this node
|
||||||
After the path MTU has been discovered, it will be enforced on the VPN.
|
After the path MTU has been discovered, it will be enforced on the VPN.
|
||||||
|
|
||||||
.It Va Port Li = Ar port Pq 655
|
.It Va Port Li = Ar port Pq 655
|
||||||
The port number on which this tinc daemon is listening for incoming connections.
|
The port number on which this tinc daemon is listening for incoming connections,
|
||||||
|
which is used if no port number is specified in an
|
||||||
|
.Va Address
|
||||||
|
statement.
|
||||||
|
|
||||||
.It Va PublicKey Li = Ar key Bq obsolete
|
.It Va PublicKey Li = Ar key Bq obsolete
|
||||||
The public RSA key of this tinc daemon.
|
The public RSA key of this tinc daemon.
|
||||||
|
|
103
doc/tinc.info
103
doc/tinc.info
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
||||||
* tinc: (tinc). The tinc Manual.
|
* tinc: (tinc). The tinc Manual.
|
||||||
END-INFO-DIR-ENTRY
|
END-INFO-DIR-ENTRY
|
||||||
|
|
||||||
This is the info manual for tinc version 1.0.11, a Virtual Private
|
This is the info manual for tinc version 1.0.12, a Virtual Private
|
||||||
Network daemon.
|
Network daemon.
|
||||||
|
|
||||||
Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen
|
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen
|
||||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||||
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
Permission is granted to make and distribute verbatim copies of this
|
||||||
|
@ -855,10 +855,11 @@ File: tinc.info, Node: Host configuration variables, Next: Scripts, Prev: Mai
|
||||||
4.4.2 Host configuration variables
|
4.4.2 Host configuration variables
|
||||||
----------------------------------
|
----------------------------------
|
||||||
|
|
||||||
Address = <IP ADDRESS|HOSTNAME> [recommended]
|
Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
|
||||||
This variable is only required if you want to connect to this
|
This variable is only required if you want to connect to this
|
||||||
host. It must resolve to the external IP address where the host
|
host. It must resolve to the external IP address where the host
|
||||||
can be reached, not the one that is internal to the VPN.
|
can be reached, not the one that is internal to the VPN. If no
|
||||||
|
port is specified, the default Port is used.
|
||||||
|
|
||||||
Cipher = <CIPHER> (blowfish)
|
Cipher = <CIPHER> (blowfish)
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
||||||
|
@ -866,6 +867,12 @@ Cipher = <CIPHER> (blowfish)
|
||||||
specifying "none" will turn off packet encryption. It is best to
|
specifying "none" will turn off packet encryption. It is best to
|
||||||
use only those ciphers which support CBC mode.
|
use only those ciphers which support CBC mode.
|
||||||
|
|
||||||
|
ClampMSS = <yes|no> (yes)
|
||||||
|
This option specifies whether tinc should clamp the maximum
|
||||||
|
segment size (MSS) of TCP packets to the path MTU. This helps in
|
||||||
|
situations where ICMP Fragmentation Needed or Packet too Big
|
||||||
|
messages are dropped by firewalls.
|
||||||
|
|
||||||
Compression = <LEVEL> (0)
|
Compression = <LEVEL> (0)
|
||||||
This option sets the level of compression used for UDP packets.
|
This option sets the level of compression used for UDP packets.
|
||||||
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9
|
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9
|
||||||
|
@ -2224,14 +2231,16 @@ Concept Index
|
||||||
* CHALLENGE: Authentication protocol.
|
* CHALLENGE: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* CIDR notation: Host configuration variables.
|
* CIDR notation: Host configuration variables.
|
||||||
(line 85)
|
(line 92)
|
||||||
* Cipher: Host configuration variables.
|
* Cipher: Host configuration variables.
|
||||||
(line 11)
|
(line 12)
|
||||||
|
* ClampMSS: Host configuration variables.
|
||||||
|
(line 18)
|
||||||
* client: How connections work.
|
* client: How connections work.
|
||||||
(line 18)
|
(line 18)
|
||||||
* command line: Runtime options. (line 9)
|
* command line: Runtime options. (line 9)
|
||||||
* Compression: Host configuration variables.
|
* Compression: Host configuration variables.
|
||||||
(line 17)
|
(line 24)
|
||||||
* connection: The connection. (line 6)
|
* connection: The connection. (line 6)
|
||||||
* ConnectTo: Main configuration variables.
|
* ConnectTo: Main configuration variables.
|
||||||
(line 27)
|
(line 27)
|
||||||
|
@ -2248,7 +2257,7 @@ Concept Index
|
||||||
* DeviceType: Main configuration variables.
|
* DeviceType: Main configuration variables.
|
||||||
(line 45)
|
(line 45)
|
||||||
* Digest: Host configuration variables.
|
* Digest: Host configuration variables.
|
||||||
(line 22)
|
(line 29)
|
||||||
* encapsulating: The UDP tunnel. (line 30)
|
* encapsulating: The UDP tunnel. (line 30)
|
||||||
* encryption: Encryption of network packets.
|
* encryption: Encryption of network packets.
|
||||||
(line 6)
|
(line 6)
|
||||||
|
@ -2265,7 +2274,7 @@ Concept Index
|
||||||
* ID: Authentication protocol.
|
* ID: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* IndirectData: Host configuration variables.
|
* IndirectData: Host configuration variables.
|
||||||
(line 27)
|
(line 34)
|
||||||
* INTERFACE: Scripts. (line 58)
|
* INTERFACE: Scripts. (line 58)
|
||||||
* Interface: Main configuration variables.
|
* Interface: Main configuration variables.
|
||||||
(line 91)
|
(line 91)
|
||||||
|
@ -2280,7 +2289,7 @@ Concept Index
|
||||||
* MACExpire: Main configuration variables.
|
* MACExpire: Main configuration variables.
|
||||||
(line 133)
|
(line 133)
|
||||||
* MACLength: Host configuration variables.
|
* MACLength: Host configuration variables.
|
||||||
(line 35)
|
(line 42)
|
||||||
* meta-protocol: The meta-connection. (line 18)
|
* meta-protocol: The meta-connection. (line 18)
|
||||||
* META_KEY: Authentication protocol.
|
* META_KEY: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
|
@ -2299,7 +2308,7 @@ Concept Index
|
||||||
* OpenSSL: OpenSSL. (line 6)
|
* OpenSSL: OpenSSL. (line 6)
|
||||||
* options: Runtime options. (line 9)
|
* options: Runtime options. (line 9)
|
||||||
* PEM format: Host configuration variables.
|
* PEM format: Host configuration variables.
|
||||||
(line 60)
|
(line 67)
|
||||||
* PING: The meta-protocol. (line 89)
|
* PING: The meta-protocol. (line 89)
|
||||||
* PingInterval: Main configuration variables.
|
* PingInterval: Main configuration variables.
|
||||||
(line 143)
|
(line 143)
|
||||||
|
@ -2307,12 +2316,12 @@ Concept Index
|
||||||
(line 147)
|
(line 147)
|
||||||
* platforms: Supported platforms. (line 6)
|
* platforms: Supported platforms. (line 6)
|
||||||
* PMTU: Host configuration variables.
|
* PMTU: Host configuration variables.
|
||||||
(line 40)
|
(line 47)
|
||||||
* PMTUDiscovery: Host configuration variables.
|
* PMTUDiscovery: Host configuration variables.
|
||||||
(line 43)
|
(line 50)
|
||||||
* PONG: The meta-protocol. (line 89)
|
* PONG: The meta-protocol. (line 89)
|
||||||
* Port: Host configuration variables.
|
* Port: Host configuration variables.
|
||||||
(line 48)
|
(line 55)
|
||||||
* port numbers: Other files. (line 17)
|
* port numbers: Other files. (line 17)
|
||||||
* PriorityInheritance: Main configuration variables.
|
* PriorityInheritance: Main configuration variables.
|
||||||
(line 153)
|
(line 153)
|
||||||
|
@ -2325,9 +2334,9 @@ Concept Index
|
||||||
* ProcessPriority: Main configuration variables.
|
* ProcessPriority: Main configuration variables.
|
||||||
(line 172)
|
(line 172)
|
||||||
* PublicKey: Host configuration variables.
|
* PublicKey: Host configuration variables.
|
||||||
(line 52)
|
(line 59)
|
||||||
* PublicKeyFile: Host configuration variables.
|
* PublicKeyFile: Host configuration variables.
|
||||||
(line 55)
|
(line 62)
|
||||||
* release: Supported platforms. (line 14)
|
* release: Supported platforms. (line 14)
|
||||||
* REMOTEADDRESS: Scripts. (line 67)
|
* REMOTEADDRESS: Scripts. (line 67)
|
||||||
* REMOTEPORT: Scripts. (line 70)
|
* REMOTEPORT: Scripts. (line 70)
|
||||||
|
@ -2343,15 +2352,15 @@ Concept Index
|
||||||
* signals: Signals. (line 6)
|
* signals: Signals. (line 6)
|
||||||
* SUBNET: Scripts. (line 74)
|
* SUBNET: Scripts. (line 74)
|
||||||
* Subnet: Host configuration variables.
|
* Subnet: Host configuration variables.
|
||||||
(line 67)
|
(line 74)
|
||||||
* Subnet weight: Host configuration variables.
|
* Subnet weight: Host configuration variables.
|
||||||
(line 90)
|
(line 97)
|
||||||
* SVPN: Security. (line 11)
|
* SVPN: Security. (line 11)
|
||||||
* switch: Main configuration variables.
|
* switch: Main configuration variables.
|
||||||
(line 111)
|
(line 111)
|
||||||
* TCP: The meta-connection. (line 10)
|
* TCP: The meta-connection. (line 10)
|
||||||
* TCPonly: Host configuration variables.
|
* TCPonly: Host configuration variables.
|
||||||
(line 97)
|
(line 104)
|
||||||
* TINC: Security. (line 6)
|
* TINC: Security. (line 6)
|
||||||
* tinc: Introduction. (line 6)
|
* tinc: Introduction. (line 6)
|
||||||
* tinc-down: Scripts. (line 18)
|
* tinc-down: Scripts. (line 18)
|
||||||
|
@ -2416,33 +2425,33 @@ Node: How connections work22594
|
||||||
Node: Configuration files23816
|
Node: Configuration files23816
|
||||||
Node: Main configuration variables24823
|
Node: Main configuration variables24823
|
||||||
Node: Host configuration variables32865
|
Node: Host configuration variables32865
|
||||||
Node: Scripts37942
|
Node: Scripts38276
|
||||||
Node: How to configure40712
|
Node: How to configure41046
|
||||||
Node: Generating keypairs41975
|
Node: Generating keypairs42309
|
||||||
Node: Network interfaces42474
|
Node: Network interfaces42808
|
||||||
Node: Example configuration44322
|
Node: Example configuration44656
|
||||||
Node: Running tinc49634
|
Node: Running tinc49968
|
||||||
Node: Runtime options50224
|
Node: Runtime options50558
|
||||||
Node: Signals53019
|
Node: Signals53353
|
||||||
Node: Debug levels54088
|
Node: Debug levels54422
|
||||||
Node: Solving problems55024
|
Node: Solving problems55358
|
||||||
Node: Error messages56576
|
Node: Error messages56910
|
||||||
Node: Sending bug reports60589
|
Node: Sending bug reports60923
|
||||||
Node: Technical information61541
|
Node: Technical information61875
|
||||||
Node: The connection61772
|
Node: The connection62106
|
||||||
Node: The UDP tunnel62084
|
Node: The UDP tunnel62418
|
||||||
Node: The meta-connection65145
|
Node: The meta-connection65479
|
||||||
Node: The meta-protocol66614
|
Node: The meta-protocol66948
|
||||||
Node: Security71623
|
Node: Security71957
|
||||||
Node: Authentication protocol72753
|
Node: Authentication protocol73087
|
||||||
Node: Encryption of network packets77757
|
Node: Encryption of network packets78091
|
||||||
Node: Security issues79130
|
Node: Security issues79464
|
||||||
Node: Platform specific information80747
|
Node: Platform specific information81081
|
||||||
Node: Interface configuration80975
|
Node: Interface configuration81309
|
||||||
Node: Routes82874
|
Node: Routes83208
|
||||||
Node: About us84790
|
Node: About us85124
|
||||||
Node: Contact information84965
|
Node: Contact information85299
|
||||||
Node: Authors85369
|
Node: Authors85703
|
||||||
Node: Concept Index85774
|
Node: Concept Index86108
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2009 Ivo Timmermans,
|
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
||||||
@vskip 0pt plus 1filll
|
@vskip 0pt plus 1filll
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2009 Ivo Timmermans,
|
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -943,10 +943,11 @@ and will only allow nodes and subnets on the VPN which are present in the
|
||||||
|
|
||||||
@table @asis
|
@table @asis
|
||||||
@cindex Address
|
@cindex Address
|
||||||
@item Address = <@var{IP address}|@var{hostname}> [recommended]
|
@item Address = <@var{IP address}|@var{hostname}> [<port>] [recommended]
|
||||||
This variable is only required if you want to connect to this host. It
|
This variable is only required if you want to connect to this host. It
|
||||||
must resolve to the external IP address where the host can be reached,
|
must resolve to the external IP address where the host can be reached,
|
||||||
not the one that is internal to the VPN.
|
not the one that is internal to the VPN.
|
||||||
|
If no port is specified, the default Port is used.
|
||||||
|
|
||||||
@cindex Cipher
|
@cindex Cipher
|
||||||
@item Cipher = <@var{cipher}> (blowfish)
|
@item Cipher = <@var{cipher}> (blowfish)
|
||||||
|
@ -955,6 +956,12 @@ Any cipher supported by OpenSSL is recognized.
|
||||||
Furthermore, specifying "none" will turn off packet encryption.
|
Furthermore, specifying "none" will turn off packet encryption.
|
||||||
It is best to use only those ciphers which support CBC mode.
|
It is best to use only those ciphers which support CBC mode.
|
||||||
|
|
||||||
|
@cindex ClampMSS
|
||||||
|
@item ClampMSS = <yes|no> (yes)
|
||||||
|
This option specifies whether tinc should clamp the maximum segment size (MSS)
|
||||||
|
of TCP packets to the path MTU. This helps in situations where ICMP
|
||||||
|
Fragmentation Needed or Packet too Big messages are dropped by firewalls.
|
||||||
|
|
||||||
@cindex Compression
|
@cindex Compression
|
||||||
@item Compression = <@var{level}> (0)
|
@item Compression = <@var{level}> (0)
|
||||||
This option sets the level of compression used for UDP packets.
|
This option sets the level of compression used for UDP packets.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
connection.h -- header for connection.c
|
connection.h -- header for connection.c
|
||||||
Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -29,6 +29,7 @@
|
||||||
#define OPTION_INDIRECT 0x0001
|
#define OPTION_INDIRECT 0x0001
|
||||||
#define OPTION_TCPONLY 0x0002
|
#define OPTION_TCPONLY 0x0002
|
||||||
#define OPTION_PMTU_DISCOVERY 0x0004
|
#define OPTION_PMTU_DISCOVERY 0x0004
|
||||||
|
#define OPTION_CLAMP_MSS 0x0008
|
||||||
|
|
||||||
typedef struct connection_status_t {
|
typedef struct connection_status_t {
|
||||||
int pinged:1; /* sent ping */
|
int pinged:1; /* sent ping */
|
||||||
|
|
10
src/graph.c
10
src/graph.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
graph.c -- graph algorithms
|
graph.c -- graph algorithms
|
||||||
Copyright (C) 2001-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -53,6 +53,7 @@
|
||||||
#include "netutl.h"
|
#include "netutl.h"
|
||||||
#include "node.h"
|
#include "node.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
#include "protocol.h"
|
||||||
#include "subnet.h"
|
#include "subnet.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
@ -251,7 +252,7 @@ void sssp_bfs(void) {
|
||||||
/* TODO: only clear status.validkey if node is unreachable? */
|
/* TODO: only clear status.validkey if node is unreachable? */
|
||||||
|
|
||||||
n->status.validkey = false;
|
n->status.validkey = false;
|
||||||
n->status.waitingforkey = false;
|
n->last_req_key = 0;
|
||||||
|
|
||||||
n->maxmtu = MTU;
|
n->maxmtu = MTU;
|
||||||
n->minmtu = 0;
|
n->minmtu = 0;
|
||||||
|
@ -286,6 +287,11 @@ void sssp_bfs(void) {
|
||||||
free(envp[i]);
|
free(envp[i]);
|
||||||
|
|
||||||
subnet_update(n, NULL, n->status.reachable);
|
subnet_update(n, NULL, n->status.reachable);
|
||||||
|
|
||||||
|
if(!n->status.reachable)
|
||||||
|
update_node_udp(n, NULL);
|
||||||
|
else if(n->connection)
|
||||||
|
send_ans_key(n);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
10
src/net.c
10
src/net.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net.c -- most of the network code
|
net.c -- most of the network code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -374,10 +374,9 @@ int main_loop(void) {
|
||||||
dump_connections();
|
dump_connections();
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(r > 0)
|
||||||
check_network_activity(&readset, &writeset);
|
check_network_activity(&readset, &writeset);
|
||||||
|
|
||||||
if(do_purge) {
|
if(do_purge) {
|
||||||
|
@ -418,8 +417,13 @@ int main_loop(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(sigalrm) {
|
if(sigalrm) {
|
||||||
|
avl_node_t *node;
|
||||||
logger(LOG_INFO, "Flushing event queue");
|
logger(LOG_INFO, "Flushing event queue");
|
||||||
expire_events();
|
expire_events();
|
||||||
|
for(node = connection_tree->head; node; node = node->next) {
|
||||||
|
connection_t *c = node->data;
|
||||||
|
send_ping(c);
|
||||||
|
}
|
||||||
sigalrm = false;
|
sigalrm = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_packet.c -- Handles in- and outgoing VPN packets
|
net_packet.c -- Handles in- and outgoing VPN packets
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -353,10 +353,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
||||||
"No valid key known yet for %s (%s), forwarding via TCP",
|
"No valid key known yet for %s (%s), forwarding via TCP",
|
||||||
n->name, n->hostname);
|
n->name, n->hostname);
|
||||||
|
|
||||||
if(!n->status.waitingforkey)
|
if(n->last_req_key + 10 < now) {
|
||||||
send_req_key(n);
|
send_req_key(n);
|
||||||
|
n->last_req_key = now;
|
||||||
n->status.waitingforkey = true;
|
}
|
||||||
|
|
||||||
send_tcppacket(n->nexthop->connection, origpkt);
|
send_tcppacket(n->nexthop->connection, origpkt);
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -218,8 +218,8 @@ bool setup_myself(void) {
|
||||||
myself->connection = new_connection();
|
myself->connection = new_connection();
|
||||||
init_configuration(&myself->connection->config_tree);
|
init_configuration(&myself->connection->config_tree);
|
||||||
|
|
||||||
xasprintf(&myself->hostname, "MYSELF");
|
myself->hostname = xstrdup("MYSELF");
|
||||||
xasprintf(&myself->connection->hostname, "MYSELF");
|
myself->connection->hostname = xstrdup("MYSELF");
|
||||||
|
|
||||||
myself->connection->options = 0;
|
myself->connection->options = 0;
|
||||||
myself->connection->protocol_version = PROT_CURRENT;
|
myself->connection->protocol_version = PROT_CURRENT;
|
||||||
|
@ -246,8 +246,9 @@ bool setup_myself(void) {
|
||||||
if(!read_rsa_private_key())
|
if(!read_rsa_private_key())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
|
if(!get_config_string(lookup_config(config_tree, "Port"), &myport)
|
||||||
xasprintf(&myport, "655");
|
&& !get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
|
||||||
|
myport = xstrdup("655");
|
||||||
|
|
||||||
/* Read in all the subnets specified in the host configuration file */
|
/* Read in all the subnets specified in the host configuration file */
|
||||||
|
|
||||||
|
@ -296,13 +297,18 @@ bool setup_myself(void) {
|
||||||
} else
|
} else
|
||||||
routing_mode = RMODE_ROUTER;
|
routing_mode = RMODE_ROUTER;
|
||||||
|
|
||||||
// Enable PMTUDiscovery by default if we are in router mode.
|
choice = true;
|
||||||
|
|
||||||
choice = routing_mode == RMODE_ROUTER;
|
|
||||||
get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
|
get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
|
||||||
|
get_config_bool(lookup_config(config_tree, "PMTUDiscovery"), &choice);
|
||||||
if(choice)
|
if(choice)
|
||||||
myself->options |= OPTION_PMTU_DISCOVERY;
|
myself->options |= OPTION_PMTU_DISCOVERY;
|
||||||
|
|
||||||
|
choice = true;
|
||||||
|
get_config_bool(lookup_config(config_tree, "ClampMSS"), &choice);
|
||||||
|
get_config_bool(lookup_config(myself->connection->config_tree, "ClampMSS"), &choice);
|
||||||
|
if(choice)
|
||||||
|
myself->options |= OPTION_CLAMP_MSS;
|
||||||
|
|
||||||
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
|
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
|
||||||
|
|
||||||
#if !defined(SOL_IP) || !defined(IP_TOS)
|
#if !defined(SOL_IP) || !defined(IP_TOS)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_socket.c -- Handle various kinds of sockets.
|
net_socket.c -- Handle various kinds of sockets.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2009 Florian Forster <octo@verplant.org>
|
2009 Florian Forster <octo@verplant.org>
|
||||||
|
|
||||||
|
@ -261,9 +261,13 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
||||||
option = 1;
|
option = 1;
|
||||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
||||||
|
|
||||||
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||||
if(sa->sa.sa_family == AF_INET6)
|
if(sa->sa.sa_family == AF_INET6)
|
||||||
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
|
||||||
|
#define IP_DONTFRAGMENT IP_DONTFRAG
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
||||||
|
@ -276,6 +280,8 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
||||||
option = 1;
|
option = 1;
|
||||||
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, &option, sizeof(option));
|
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, &option, sizeof(option));
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
#warning No way to disable IPv4 fragmentation
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
||||||
|
@ -283,6 +289,13 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
||||||
option = IPV6_PMTUDISC_DO;
|
option = IPV6_PMTUDISC_DO;
|
||||||
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option));
|
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option));
|
||||||
}
|
}
|
||||||
|
#elif defined(IPPROTO_IPV6) && defined(IPV6_DONTFRAG)
|
||||||
|
if(myself->options & OPTION_PMTU_DISCOVERY) {
|
||||||
|
option = 1;
|
||||||
|
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, &option, sizeof(option));
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
#warning No way to disable IPv6 fragmentation
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!bind_to_interface(nfd)) {
|
if (!bind_to_interface(nfd)) {
|
||||||
|
@ -331,7 +344,7 @@ void finish_connecting(connection_t *c) {
|
||||||
}
|
}
|
||||||
|
|
||||||
void do_outgoing_connection(connection_t *c) {
|
void do_outgoing_connection(connection_t *c) {
|
||||||
char *address, *port;
|
char *address, *port, *space;
|
||||||
int result;
|
int result;
|
||||||
|
|
||||||
if(!c->outgoing) {
|
if(!c->outgoing) {
|
||||||
|
@ -352,8 +365,14 @@ begin:
|
||||||
|
|
||||||
get_config_string(c->outgoing->cfg, &address);
|
get_config_string(c->outgoing->cfg, &address);
|
||||||
|
|
||||||
|
space = strchr(address, ' ');
|
||||||
|
if(space) {
|
||||||
|
port = xstrdup(space + 1);
|
||||||
|
*space = 0;
|
||||||
|
} else {
|
||||||
if(!get_config_string(lookup_config(c->config_tree, "Port"), &port))
|
if(!get_config_string(lookup_config(c->config_tree, "Port"), &port))
|
||||||
xasprintf(&port, "655");
|
port = xstrdup("655");
|
||||||
|
}
|
||||||
|
|
||||||
c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM);
|
c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM);
|
||||||
free(address);
|
free(address);
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
node.h -- header for node.c
|
node.h -- header for node.c
|
||||||
Copyright (C) 2001-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
typedef struct node_status_t {
|
typedef struct node_status_t {
|
||||||
int unused_active:1; /* 1 if active (not used for nodes) */
|
int unused_active:1; /* 1 if active (not used for nodes) */
|
||||||
int validkey:1; /* 1 if we currently have a valid key for him */
|
int validkey:1; /* 1 if we currently have a valid key for him */
|
||||||
int waitingforkey:1; /* 1 if we already sent out a request */
|
int unused_waitingforkey:1; /* 1 if we already sent out a request */
|
||||||
int visited:1; /* 1 if this node has been visited by one of the graph algorithms */
|
int visited:1; /* 1 if this node has been visited by one of the graph algorithms */
|
||||||
int reachable:1; /* 1 if this node is reachable in the graph */
|
int reachable:1; /* 1 if this node is reachable in the graph */
|
||||||
int indirect:1; /* 1 if this node is not directly reachable by us */
|
int indirect:1; /* 1 if this node is not directly reachable by us */
|
||||||
|
@ -45,6 +45,7 @@ typedef struct node_t {
|
||||||
char *hostname; /* the hostname of its real ip */
|
char *hostname; /* the hostname of its real ip */
|
||||||
|
|
||||||
node_status_t status;
|
node_status_t status;
|
||||||
|
time_t last_req_key;
|
||||||
|
|
||||||
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
||||||
char *inkey; /* Cipher key and iv */
|
char *inkey; /* Cipher key and iv */
|
||||||
|
|
|
@ -95,7 +95,7 @@ extern bool send_add_subnet(struct connection_t *, const struct subnet_t *);
|
||||||
extern bool send_del_subnet(struct connection_t *, const struct subnet_t *);
|
extern bool send_del_subnet(struct connection_t *, const struct subnet_t *);
|
||||||
extern bool send_add_edge(struct connection_t *, const struct edge_t *);
|
extern bool send_add_edge(struct connection_t *, const struct edge_t *);
|
||||||
extern bool send_del_edge(struct connection_t *, const struct edge_t *);
|
extern bool send_del_edge(struct connection_t *, const struct edge_t *);
|
||||||
extern bool send_key_changed();
|
extern void send_key_changed();
|
||||||
extern bool send_req_key(struct node_t *);
|
extern bool send_req_key(struct node_t *);
|
||||||
extern bool send_ans_key(struct node_t *);
|
extern bool send_ans_key(struct node_t *);
|
||||||
extern bool send_tcppacket(struct connection_t *, struct vpn_packet_t *);
|
extern bool send_tcppacket(struct connection_t *, struct vpn_packet_t *);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_auth.c -- handle the meta-protocol, authentication
|
protocol_auth.c -- handle the meta-protocol, authentication
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -453,6 +453,11 @@ bool send_ack(connection_t *c) {
|
||||||
if(myself->options & OPTION_PMTU_DISCOVERY)
|
if(myself->options & OPTION_PMTU_DISCOVERY)
|
||||||
c->options |= OPTION_PMTU_DISCOVERY;
|
c->options |= OPTION_PMTU_DISCOVERY;
|
||||||
|
|
||||||
|
choice = myself->options & OPTION_CLAMP_MSS;
|
||||||
|
get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice);
|
||||||
|
if(choice)
|
||||||
|
c->options |= OPTION_CLAMP_MSS;
|
||||||
|
|
||||||
get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
|
get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
|
||||||
|
|
||||||
return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, c->options);
|
return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, c->options);
|
||||||
|
@ -496,6 +501,7 @@ bool ack_h(connection_t *c) {
|
||||||
int weight, mtu;
|
int weight, mtu;
|
||||||
uint32_t options;
|
uint32_t options;
|
||||||
node_t *n;
|
node_t *n;
|
||||||
|
bool choice;
|
||||||
|
|
||||||
if(sscanf(c->buffer, "%*d " MAX_STRING " %d %x", hisport, &weight, &options) != 3) {
|
if(sscanf(c->buffer, "%*d " MAX_STRING " %d %x", hisport, &weight, &options) != 3) {
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name,
|
logger(LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name,
|
||||||
|
@ -536,6 +542,13 @@ bool ack_h(connection_t *c) {
|
||||||
if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
|
if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
|
||||||
n->mtu = mtu;
|
n->mtu = mtu;
|
||||||
|
|
||||||
|
if(get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice)) {
|
||||||
|
if(choice)
|
||||||
|
c->options |= OPTION_CLAMP_MSS;
|
||||||
|
else
|
||||||
|
c->options &= ~OPTION_CLAMP_MSS;
|
||||||
|
}
|
||||||
|
|
||||||
/* Activate this connection */
|
/* Activate this connection */
|
||||||
|
|
||||||
c->allow_request = ALL;
|
c->allow_request = ALL;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_key.c -- handle the meta-protocol, key exchange
|
protocol_key.c -- handle the meta-protocol, key exchange
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -36,15 +36,19 @@
|
||||||
|
|
||||||
bool mykeyused = false;
|
bool mykeyused = false;
|
||||||
|
|
||||||
bool send_key_changed() {
|
void send_key_changed() {
|
||||||
/* Only send this message if some other daemon requested our key previously.
|
avl_node_t *node;
|
||||||
This reduces unnecessary key_changed broadcasts.
|
connection_t *c;
|
||||||
*/
|
|
||||||
|
|
||||||
if(!mykeyused)
|
send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
|
||||||
return true;
|
|
||||||
|
|
||||||
return send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
|
/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
|
||||||
|
|
||||||
|
for(node = connection_tree->head; node; node = node->next) {
|
||||||
|
c = node->data;
|
||||||
|
if(c->status.active && c->node && c->node->status.reachable)
|
||||||
|
send_ans_key(c->node);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool key_changed_h(connection_t *c) {
|
bool key_changed_h(connection_t *c) {
|
||||||
|
@ -57,6 +61,11 @@ bool key_changed_h(connection_t *c) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!check_id(name)) {
|
||||||
|
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "KEY_CHANGED", c->name, c->hostname, "invalid name");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if(seen_request(c->buffer))
|
if(seen_request(c->buffer))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
@ -65,11 +74,11 @@ bool key_changed_h(connection_t *c) {
|
||||||
if(!n) {
|
if(!n) {
|
||||||
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist",
|
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist",
|
||||||
"KEY_CHANGED", c->name, c->hostname, name);
|
"KEY_CHANGED", c->name, c->hostname, name);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
n->status.validkey = false;
|
n->status.validkey = false;
|
||||||
n->status.waitingforkey = false;
|
n->last_req_key = 0;
|
||||||
|
|
||||||
/* Tell the others */
|
/* Tell the others */
|
||||||
|
|
||||||
|
@ -94,12 +103,17 @@ bool req_key_h(connection_t *c) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!check_id(from_name) || !check_id(to_name)) {
|
||||||
|
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", c->name, c->hostname, "invalid name");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
from = lookup_node(from_name);
|
from = lookup_node(from_name);
|
||||||
|
|
||||||
if(!from) {
|
if(!from) {
|
||||||
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
|
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
|
||||||
"REQ_KEY", c->name, c->hostname, from_name);
|
"REQ_KEY", c->name, c->hostname, from_name);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
to = lookup_node(to_name);
|
to = lookup_node(to_name);
|
||||||
|
@ -107,7 +121,7 @@ bool req_key_h(connection_t *c) {
|
||||||
if(!to) {
|
if(!to) {
|
||||||
logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
|
logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
|
||||||
"REQ_KEY", c->name, c->hostname, to_name);
|
"REQ_KEY", c->name, c->hostname, to_name);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check if this key request is for us */
|
/* Check if this key request is for us */
|
||||||
|
@ -116,7 +130,7 @@ bool req_key_h(connection_t *c) {
|
||||||
send_ans_key(from);
|
send_ans_key(from);
|
||||||
} else {
|
} else {
|
||||||
if(tunnelserver)
|
if(tunnelserver)
|
||||||
return false;
|
return true;
|
||||||
|
|
||||||
if(!to->status.reachable) {
|
if(!to->status.reachable) {
|
||||||
logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
|
logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
|
||||||
|
@ -169,23 +183,30 @@ bool ans_key_h(connection_t *c) {
|
||||||
char from_name[MAX_STRING_SIZE];
|
char from_name[MAX_STRING_SIZE];
|
||||||
char to_name[MAX_STRING_SIZE];
|
char to_name[MAX_STRING_SIZE];
|
||||||
char key[MAX_STRING_SIZE];
|
char key[MAX_STRING_SIZE];
|
||||||
|
char address[MAX_STRING_SIZE] = "";
|
||||||
|
char port[MAX_STRING_SIZE] = "";
|
||||||
int cipher, digest, maclength, compression;
|
int cipher, digest, maclength, compression;
|
||||||
node_t *from, *to;
|
node_t *from, *to;
|
||||||
|
|
||||||
if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d",
|
if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
|
||||||
from_name, to_name, key, &cipher, &digest, &maclength,
|
from_name, to_name, key, &cipher, &digest, &maclength,
|
||||||
&compression) != 7) {
|
&compression, address, port) < 7) {
|
||||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
|
logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
|
||||||
c->hostname);
|
c->hostname);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!check_id(from_name) || !check_id(to_name)) {
|
||||||
|
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_KEY", c->name, c->hostname, "invalid name");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
from = lookup_node(from_name);
|
from = lookup_node(from_name);
|
||||||
|
|
||||||
if(!from) {
|
if(!from) {
|
||||||
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
|
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
|
||||||
"ANS_KEY", c->name, c->hostname, from_name);
|
"ANS_KEY", c->name, c->hostname, from_name);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
to = lookup_node(to_name);
|
to = lookup_node(to_name);
|
||||||
|
@ -193,14 +214,14 @@ bool ans_key_h(connection_t *c) {
|
||||||
if(!to) {
|
if(!to) {
|
||||||
logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
|
logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
|
||||||
"ANS_KEY", c->name, c->hostname, to_name);
|
"ANS_KEY", c->name, c->hostname, to_name);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Forward it if necessary */
|
/* Forward it if necessary */
|
||||||
|
|
||||||
if(to != myself) {
|
if(to != myself) {
|
||||||
if(tunnelserver)
|
if(tunnelserver)
|
||||||
return false;
|
return true;
|
||||||
|
|
||||||
if(!to->status.reachable) {
|
if(!to->status.reachable) {
|
||||||
logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
|
logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
|
||||||
|
@ -208,6 +229,16 @@ bool ans_key_h(connection_t *c) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!*address) {
|
||||||
|
char *address, *port;
|
||||||
|
ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
|
||||||
|
sockaddr2str(&from->address, &address, &port);
|
||||||
|
send_request(to->nexthop->connection, "%s %s %s", c->buffer, address, port);
|
||||||
|
free(address);
|
||||||
|
free(port);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
return send_request(to->nexthop->connection, "%s", c->buffer);
|
return send_request(to->nexthop->connection, "%s", c->buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -218,7 +249,6 @@ bool ans_key_h(connection_t *c) {
|
||||||
from->outkeylength = strlen(key) / 2;
|
from->outkeylength = strlen(key) / 2;
|
||||||
hex2bin(key, from->outkey, from->outkeylength);
|
hex2bin(key, from->outkey, from->outkeylength);
|
||||||
|
|
||||||
from->status.waitingforkey = false;
|
|
||||||
/* Check and lookup cipher and digest algorithms */
|
/* Check and lookup cipher and digest algorithms */
|
||||||
|
|
||||||
if(cipher) {
|
if(cipher) {
|
||||||
|
@ -227,13 +257,13 @@ bool ans_key_h(connection_t *c) {
|
||||||
if(!from->outcipher) {
|
if(!from->outcipher) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name,
|
logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name,
|
||||||
from->hostname);
|
from->hostname);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
|
if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
||||||
from->hostname);
|
from->hostname);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
from->outcipher = NULL;
|
from->outcipher = NULL;
|
||||||
|
@ -247,13 +277,13 @@ bool ans_key_h(connection_t *c) {
|
||||||
if(!from->outdigest) {
|
if(!from->outdigest) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name,
|
logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name,
|
||||||
from->hostname);
|
from->hostname);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
|
if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
||||||
from->name, from->hostname);
|
from->name, from->hostname);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
from->outdigest = NULL;
|
from->outdigest = NULL;
|
||||||
|
@ -261,7 +291,7 @@ bool ans_key_h(connection_t *c) {
|
||||||
|
|
||||||
if(compression < 0 || compression > 11) {
|
if(compression < 0 || compression > 11) {
|
||||||
logger(LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
|
logger(LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
from->outcompression = compression;
|
from->outcompression = compression;
|
||||||
|
@ -270,12 +300,18 @@ bool ans_key_h(connection_t *c) {
|
||||||
if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
|
if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
|
||||||
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
||||||
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||||
return false;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
from->status.validkey = true;
|
from->status.validkey = true;
|
||||||
from->sent_seqno = 0;
|
from->sent_seqno = 0;
|
||||||
|
|
||||||
|
if(*address && *port) {
|
||||||
|
ifdebug(PROTOCOL) logger(LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
|
||||||
|
sockaddr_t sa = str2sockaddr(address, port);
|
||||||
|
update_node_udp(from, &sa);
|
||||||
|
}
|
||||||
|
|
||||||
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
|
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
|
||||||
send_mtu_probe(from);
|
send_mtu_probe(from);
|
||||||
|
|
||||||
|
|
95
src/route.c
95
src/route.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
route.c -- routing
|
route.c -- routing
|
||||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -48,6 +48,7 @@ static const size_t ip6_size = sizeof(struct ip6_hdr);
|
||||||
static const size_t icmp6_size = sizeof(struct icmp6_hdr);
|
static const size_t icmp6_size = sizeof(struct icmp6_hdr);
|
||||||
static const size_t ns_size = sizeof(struct nd_neighbor_solicit);
|
static const size_t ns_size = sizeof(struct nd_neighbor_solicit);
|
||||||
static const size_t opt_size = sizeof(struct nd_opt_hdr);
|
static const size_t opt_size = sizeof(struct nd_opt_hdr);
|
||||||
|
#define max(a, b) ((a) > (b) ? (a) : (b))
|
||||||
|
|
||||||
/* RFC 1071 */
|
/* RFC 1071 */
|
||||||
|
|
||||||
|
@ -92,6 +93,74 @@ static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *packet) {
|
||||||
|
if(!via || via == myself || !(via->options & OPTION_CLAMP_MSS))
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* Find TCP header */
|
||||||
|
int start = 0;
|
||||||
|
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||||
|
|
||||||
|
if(type == ETH_P_IP && packet->data[23] == 6)
|
||||||
|
start = 14 + (packet->data[14] & 0xf) * 4;
|
||||||
|
else if(type == ETH_P_IPV6 && packet->data[20] == 6)
|
||||||
|
start = 14 + 40;
|
||||||
|
|
||||||
|
if(!start || packet->len <= start + 20)
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* Use data offset field to calculate length of options field */
|
||||||
|
int len = ((packet->data[start + 12] >> 4) - 5) * 4;
|
||||||
|
|
||||||
|
if(packet->len < start + 20 + len)
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* Search for MSS option header */
|
||||||
|
for(int i = 0; i < len;) {
|
||||||
|
if(packet->data[start + 20 + i] == 0)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if(packet->data[start + 20 + i] == 1) {
|
||||||
|
i++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(i > len - 2 || i > len - packet->data[start + 21 + i])
|
||||||
|
break;
|
||||||
|
|
||||||
|
if(packet->data[start + 20 + i] != 2) {
|
||||||
|
if(packet->data[start + 21 + i] < 2)
|
||||||
|
break;
|
||||||
|
i += packet->data[start + 21 + i];
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(packet->data[start + 21] != 4)
|
||||||
|
break;
|
||||||
|
|
||||||
|
/* Found it */
|
||||||
|
uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i];
|
||||||
|
uint16_t newmss = via->mtu - start - 20;
|
||||||
|
uint16_t csum = packet->data[start + 16] << 8 | packet->data[start + 17];
|
||||||
|
|
||||||
|
if(oldmss <= newmss)
|
||||||
|
break;
|
||||||
|
|
||||||
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Clamping MSS of packet from %s to %s to %d", source->name, via->name, newmss);
|
||||||
|
|
||||||
|
/* Update the MSS value and the checksum */
|
||||||
|
packet->data[start + 22 + i] = newmss >> 8;
|
||||||
|
packet->data[start + 23 + i] = newmss & 0xff;
|
||||||
|
csum ^= 0xffff;
|
||||||
|
csum -= oldmss;
|
||||||
|
csum += newmss;
|
||||||
|
csum ^= 0xffff;
|
||||||
|
packet->data[start + 16] = csum >> 8;
|
||||||
|
packet->data[start + 17] = csum & 0xff;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void swap_mac_addresses(vpn_packet_t *packet) {
|
static void swap_mac_addresses(vpn_packet_t *packet) {
|
||||||
mac_t tmp;
|
mac_t tmp;
|
||||||
memcpy(&tmp, &packet->data[0], sizeof tmp);
|
memcpy(&tmp, &packet->data[0], sizeof tmp);
|
||||||
|
@ -104,7 +173,7 @@ static void learn_mac(mac_t *address) {
|
||||||
avl_node_t *node;
|
avl_node_t *node;
|
||||||
connection_t *c;
|
connection_t *c;
|
||||||
|
|
||||||
subnet = lookup_subnet_mac(address);
|
subnet = lookup_subnet_mac(myself, address);
|
||||||
|
|
||||||
/* If we don't know this MAC address yet, store it */
|
/* If we don't know this MAC address yet, store it */
|
||||||
|
|
||||||
|
@ -119,6 +188,7 @@ static void learn_mac(mac_t *address) {
|
||||||
subnet->net.mac.address = *address;
|
subnet->net.mac.address = *address;
|
||||||
subnet->weight = 10;
|
subnet->weight = 10;
|
||||||
subnet_add(myself, subnet);
|
subnet_add(myself, subnet);
|
||||||
|
subnet_update(myself, subnet, true);
|
||||||
|
|
||||||
/* And tell all other tinc daemons it's our MAC */
|
/* And tell all other tinc daemons it's our MAC */
|
||||||
|
|
||||||
|
@ -154,6 +224,7 @@ void age_subnets(void) {
|
||||||
send_del_subnet(c, s);
|
send_del_subnet(c, s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
subnet_update(myself, s, false);
|
||||||
subnet_del(myself, s);
|
subnet_del(myself, s);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -315,10 +386,10 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
|
||||||
|
|
||||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
|
||||||
if(via && packet->len > via->mtu && via != myself) {
|
if(via && packet->len > max(via->mtu, 590) && via != myself) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
if(packet->data[20] & 0x40) {
|
if(packet->data[20] & 0x40) {
|
||||||
packet->len = via->mtu;
|
packet->len = max(via->mtu, 590);
|
||||||
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
|
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
|
||||||
} else {
|
} else {
|
||||||
fragment_ipv4_packet(via, packet);
|
fragment_ipv4_packet(via, packet);
|
||||||
|
@ -327,6 +398,8 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
clamp_mss(source, via, packet);
|
||||||
|
|
||||||
send_packet(subnet->owner, packet);
|
send_packet(subnet->owner, packet);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -458,13 +531,15 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
|
||||||
|
|
||||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||||
|
|
||||||
if(via && packet->len > via->mtu && via != myself) {
|
if(via && packet->len > max(via->mtu, 1294) && via != myself) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
packet->len = via->mtu;
|
packet->len = max(via->mtu, 1294);
|
||||||
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
|
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
clamp_mss(source, via, packet);
|
||||||
|
|
||||||
send_packet(subnet->owner, packet);
|
send_packet(subnet->owner, packet);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -705,7 +780,7 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
/* Lookup destination address */
|
/* Lookup destination address */
|
||||||
|
|
||||||
memcpy(&dest, &packet->data[0], sizeof dest);
|
memcpy(&dest, &packet->data[0], sizeof dest);
|
||||||
subnet = lookup_subnet_mac(&dest);
|
subnet = lookup_subnet_mac(NULL, &dest);
|
||||||
|
|
||||||
if(!subnet) {
|
if(!subnet) {
|
||||||
broadcast_packet(source, packet);
|
broadcast_packet(source, packet);
|
||||||
|
@ -724,7 +799,7 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
if(via && packet->len > via->mtu && via != myself) {
|
if(via && packet->len > via->mtu && via != myself) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||||
if(type == ETH_P_IP) {
|
if(type == ETH_P_IP && packet->len > 590) {
|
||||||
if(packet->data[20] & 0x40) {
|
if(packet->data[20] & 0x40) {
|
||||||
packet->len = via->mtu;
|
packet->len = via->mtu;
|
||||||
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
|
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
|
||||||
|
@ -732,13 +807,15 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
||||||
fragment_ipv4_packet(via, packet);
|
fragment_ipv4_packet(via, packet);
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
} else if(type == ETH_P_IPV6) {
|
} else if(type == ETH_P_IPV6 && packet->len > 1294) {
|
||||||
packet->len = via->mtu;
|
packet->len = via->mtu;
|
||||||
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
|
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
clamp_mss(source, via, packet);
|
||||||
|
|
||||||
send_packet(subnet->owner, packet);
|
send_packet(subnet->owner, packet);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
40
src/subnet.c
40
src/subnet.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
subnet.c -- handle subnet lookups and lists
|
subnet.c -- handle subnet lookups and lists
|
||||||
Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -329,8 +329,8 @@ subnet_t *lookup_subnet(const node_t *owner, const subnet_t *subnet) {
|
||||||
return avl_search(owner->subnet_tree, subnet);
|
return avl_search(owner->subnet_tree, subnet);
|
||||||
}
|
}
|
||||||
|
|
||||||
subnet_t *lookup_subnet_mac(const mac_t *address) {
|
subnet_t *lookup_subnet_mac(const node_t *owner, const mac_t *address) {
|
||||||
subnet_t *p, *r = NULL, subnet = {0};
|
subnet_t *p, *r = NULL;
|
||||||
avl_node_t *n;
|
avl_node_t *n;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
@ -339,20 +339,18 @@ subnet_t *lookup_subnet_mac(const mac_t *address) {
|
||||||
for(i = 0; i < 2; i++) {
|
for(i = 0; i < 2; i++) {
|
||||||
if(!cache_mac_valid[i])
|
if(!cache_mac_valid[i])
|
||||||
continue;
|
continue;
|
||||||
|
if(owner && cache_mac_subnet[i] && cache_mac_subnet[i]->owner != owner)
|
||||||
|
continue;
|
||||||
if(!memcmp(address, &cache_mac_address[i], sizeof *address))
|
if(!memcmp(address, &cache_mac_address[i], sizeof *address))
|
||||||
return cache_mac_subnet[i];
|
return cache_mac_subnet[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Search all subnets for a matching one
|
// Search all subnets for a matching one
|
||||||
|
|
||||||
subnet.type = SUBNET_MAC;
|
for(n = owner ? owner->subnet_tree->head : subnet_tree->head; n; n = n->next) {
|
||||||
subnet.net.mac.address = *address;
|
|
||||||
subnet.owner = NULL;
|
|
||||||
|
|
||||||
for(n = subnet_tree->head; n; n = n->next) {
|
|
||||||
p = n->data;
|
p = n->data;
|
||||||
|
|
||||||
if(!p || p->type != subnet.type)
|
if(!p || p->type != SUBNET_MAC)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if(!memcmp(address, &p->net.mac.address, sizeof *address)) {
|
if(!memcmp(address, &p->net.mac.address, sizeof *address)) {
|
||||||
|
@ -373,7 +371,7 @@ subnet_t *lookup_subnet_mac(const mac_t *address) {
|
||||||
}
|
}
|
||||||
|
|
||||||
subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
||||||
subnet_t *p, *r = NULL, subnet = {0};
|
subnet_t *p, *r = NULL;
|
||||||
avl_node_t *n;
|
avl_node_t *n;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
@ -388,15 +386,10 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
||||||
|
|
||||||
// Search all subnets for a matching one
|
// Search all subnets for a matching one
|
||||||
|
|
||||||
subnet.type = SUBNET_IPV4;
|
|
||||||
subnet.net.ipv4.address = *address;
|
|
||||||
subnet.net.ipv4.prefixlength = 32;
|
|
||||||
subnet.owner = NULL;
|
|
||||||
|
|
||||||
for(n = subnet_tree->head; n; n = n->next) {
|
for(n = subnet_tree->head; n; n = n->next) {
|
||||||
p = n->data;
|
p = n->data;
|
||||||
|
|
||||||
if(!p || p->type != subnet.type)
|
if(!p || p->type != SUBNET_IPV4)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if(!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength)) {
|
if(!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength)) {
|
||||||
|
@ -417,7 +410,7 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
||||||
}
|
}
|
||||||
|
|
||||||
subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
|
subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
|
||||||
subnet_t *p, *r = NULL, subnet = {0};
|
subnet_t *p, *r = NULL;
|
||||||
avl_node_t *n;
|
avl_node_t *n;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
@ -432,15 +425,10 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
|
||||||
|
|
||||||
// Search all subnets for a matching one
|
// Search all subnets for a matching one
|
||||||
|
|
||||||
subnet.type = SUBNET_IPV6;
|
|
||||||
subnet.net.ipv6.address = *address;
|
|
||||||
subnet.net.ipv6.prefixlength = 128;
|
|
||||||
subnet.owner = NULL;
|
|
||||||
|
|
||||||
for(n = subnet_tree->head; n; n = n->next) {
|
for(n = subnet_tree->head; n; n = n->next) {
|
||||||
p = n->data;
|
p = n->data;
|
||||||
|
|
||||||
if(!p || p->type != subnet.type)
|
if(!p || p->type != SUBNET_IPV6)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if(!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength)) {
|
if(!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength)) {
|
||||||
|
@ -490,7 +478,7 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
|
||||||
if(!net2str(netstr, sizeof netstr, subnet))
|
if(!net2str(netstr, sizeof netstr, subnet))
|
||||||
continue;
|
continue;
|
||||||
// Strip the weight from the subnet, and put it in its own environment variable
|
// Strip the weight from the subnet, and put it in its own environment variable
|
||||||
char *weight = strchr(netstr + 7, '#');
|
char *weight = strchr(netstr, '#');
|
||||||
if(weight)
|
if(weight)
|
||||||
*weight++ = 0;
|
*weight++ = 0;
|
||||||
else
|
else
|
||||||
|
@ -507,9 +495,9 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
|
||||||
execute_script(name, envp);
|
execute_script(name, envp);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if(net2str(netstr + 7, sizeof netstr - 7, subnet)) {
|
if(net2str(netstr, sizeof netstr, subnet)) {
|
||||||
// Strip the weight from the subnet, and put it in its own environment variable
|
// Strip the weight from the subnet, and put it in its own environment variable
|
||||||
char *weight = strchr(netstr + 7, '#');
|
char *weight = strchr(netstr, '#');
|
||||||
if(weight)
|
if(weight)
|
||||||
*weight++ = 0;
|
*weight++ = 0;
|
||||||
else
|
else
|
||||||
|
|
|
@ -77,7 +77,7 @@ extern void subnet_update(struct node_t *, subnet_t *, bool);
|
||||||
extern bool net2str(char *, int, const subnet_t *);
|
extern bool net2str(char *, int, const subnet_t *);
|
||||||
extern bool str2net(subnet_t *, const char *);
|
extern bool str2net(subnet_t *, const char *);
|
||||||
extern subnet_t *lookup_subnet(const struct node_t *, const subnet_t *);
|
extern subnet_t *lookup_subnet(const struct node_t *, const subnet_t *);
|
||||||
extern subnet_t *lookup_subnet_mac(const mac_t *);
|
extern subnet_t *lookup_subnet_mac(const struct node_t *, const mac_t *);
|
||||||
extern subnet_t *lookup_subnet_ipv4(const ipv4_t *);
|
extern subnet_t *lookup_subnet_ipv4(const ipv4_t *);
|
||||||
extern subnet_t *lookup_subnet_ipv6(const ipv6_t *);
|
extern subnet_t *lookup_subnet_ipv6(const ipv6_t *);
|
||||||
extern void dump_subnets(void);
|
extern void dump_subnets(void);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
tincd.c -- the main file for tincd
|
tincd.c -- the main file for tincd
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2008 Max Rijevski <maksuf@gmail.com>
|
2008 Max Rijevski <maksuf@gmail.com>
|
||||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||||
|
|
||||||
|
@ -500,7 +500,7 @@ int main(int argc, char **argv) {
|
||||||
if(show_version) {
|
if(show_version) {
|
||||||
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
||||||
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
||||||
printf("Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen and others.\n"
|
printf("Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||||
"See the AUTHORS file for a complete list.\n\n"
|
"See the AUTHORS file for a complete list.\n\n"
|
||||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||||
"and you are welcome to redistribute it under certain conditions;\n"
|
"and you are welcome to redistribute it under certain conditions;\n"
|
||||||
|
|
Loading…
Reference in a new issue