Import Upstream version 1.0.12
This commit is contained in:
parent
23bd9e9d53
commit
c54d214bf2
33 changed files with 751 additions and 271 deletions
2
COPYING
2
COPYING
|
@ -1,4 +1,4 @@
|
|||
Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen and others.
|
||||
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.
|
||||
See the AUTHORS file for a complete list.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify it under
|
||||
|
|
|
@ -15,3 +15,5 @@ The following applies to the LZO library:
|
|||
|
||||
When tinc is compiled with the --enable-tunemu option, the resulting binary
|
||||
falls under the GPL version 3 or later.
|
||||
|
||||
|
||||
|
|
192
ChangeLog
192
ChangeLog
|
@ -1,3 +1,195 @@
|
|||
commit f7b2a2ea43fca323f543e152e6a43a29a4eb6671
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Feb 3 22:49:48 2010 +0100
|
||||
|
||||
Releasing 1.0.12.
|
||||
|
||||
commit cd0c2e86a403fc9aabecdc8d51413f94491b5494
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Feb 3 11:18:46 2010 +0100
|
||||
|
||||
Ensure peers with a meta connection always have our key.
|
||||
|
||||
This keeps UDP probes going, which in turn keeps NAT mappings alive.
|
||||
|
||||
commit 40d91ff619a6ea24a2a35c9d934bcc6bace27e24
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Feb 2 22:49:21 2010 +0100
|
||||
|
||||
Update copyright notices.
|
||||
|
||||
commit 44f8f61396a92c899172a1863bbc9c705cbfa649
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Feb 2 22:22:27 2010 +0100
|
||||
|
||||
Try to set DF bit on BSDs as well.
|
||||
|
||||
Every operating system seems to have its own, slightly different way to disable
|
||||
packet fragmentation. Emit a compiler warning when no suitable way is found.
|
||||
On OpenBSD, it seems impossible to do it for IPv4.
|
||||
|
||||
commit ed14ef93b47622ba13099dfc6be5335222e987a6
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Feb 2 01:02:40 2010 +0100
|
||||
|
||||
Immediately exchange keys when establishing a meta connection.
|
||||
|
||||
This in turn will trigger PMTU discovery, and ensures nodes know each others
|
||||
reflexive UDP address and port.
|
||||
|
||||
commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Feb 2 00:51:44 2010 +0100
|
||||
|
||||
Determine peer's reflexive address and port when exchanging keys.
|
||||
|
||||
To help peers that are behind NAT connect to each other directly via UDP, they
|
||||
need to know the exact external address and port that they use. Keys exchanged
|
||||
between NATted peers necessarily go via a third node, which knows this address
|
||||
and port, and can append this information to the keys, which is in turned used
|
||||
by the peers.
|
||||
|
||||
Since PMTU discovery will immediately trigger UDP communication from both sides
|
||||
to each other, this should allow direct communication between peers behind
|
||||
full, address-restricted and port-restricted cone NAT.
|
||||
|
||||
commit d15099e0029578bfd24d6b464b941f4693280001
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Jan 23 18:48:01 2010 +0100
|
||||
|
||||
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
|
||||
|
||||
When we got a key request for or from a node we don't know, we disconnected the
|
||||
node that forwarded us that request. However, especially in TunnelServer mode,
|
||||
disconnecting does not help. We now ignore such requests, but since there is no
|
||||
way of telling the original sender that the request was dropped, we now retry
|
||||
sending REQ_KEY requests when we don't get an ANS_KEY back.
|
||||
|
||||
commit 469fa318bc817908af9a51e3a980ffc998fae6f2
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jan 22 21:59:40 2010 +0100
|
||||
|
||||
Run subnet-up/down scripts for local MAC addresses as well.
|
||||
|
||||
commit 5d194b9f8767390d9fb1170554a8b6928214957a
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jan 22 21:47:26 2010 +0100
|
||||
|
||||
Fix subnet-up/down scripts being called with an empty SUBNET.
|
||||
|
||||
Commit 052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
|
||||
scripts to be called with an empty, or possibly corrupted SUBNET variable when
|
||||
a Subnet is added or removed while the owner is still online. In router mode,
|
||||
this normally does not happen, but in switch mode this is normal.
|
||||
|
||||
commit b45511118421920771f5dcd5e4bafc04376e4450
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Jan 16 20:16:33 2010 +0100
|
||||
|
||||
Make MSS clamping configurable, but enabled by default.
|
||||
|
||||
It can either be set globally in tinc.conf, or per-node in host config files.
|
||||
|
||||
commit 95928f7c2910a7da01a89cdc63c86c4d87fac004
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Jan 16 19:32:33 2010 +0100
|
||||
|
||||
Also clamp MSS of TCP over IPv6 packets.
|
||||
|
||||
commit b1945f70fe993ca447555a1e27f35638b0c1fd8b
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jan 15 23:41:14 2010 +0100
|
||||
|
||||
Optimise handling of select() returning <= 0.
|
||||
|
||||
Before, we immediately retried select() if it returned -1 and errno is EAGAIN
|
||||
or EINTR, and if it returned 0 it would check for network events even if we
|
||||
know there are none. Now, if -1 or 0 is returned we skip checking network
|
||||
events, but we do check for timer and signal events.
|
||||
|
||||
commit 51099658c919794cde72ea1107b9d9b9c3cee926
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jan 15 23:19:08 2010 +0100
|
||||
|
||||
Ping nodes immediately when receiving SIGALRM.
|
||||
|
||||
One reason to send the ALRM signal is to let tinc immediately try to connect to
|
||||
outgoing nodes, for example when PPP or DHCP configuration of the outgoing
|
||||
interface finished. Conversely, when the outgoing interface goes down one can
|
||||
now send this signal to let tinc quickly detect that links are down too.
|
||||
|
||||
commit 2a538ed34332b3392f866d56accd9efecc9467ed
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jan 15 13:42:37 2010 +0100
|
||||
|
||||
Clamp MSS of IPv4 SYN packets.
|
||||
|
||||
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends. We
|
||||
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
|
||||
sending too large packets.
|
||||
|
||||
commit e4812ba9cc4262ec921944f02639ce55781d7497
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Thu Dec 24 12:42:21 2009 +0100
|
||||
|
||||
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
|
||||
|
||||
commit 7203d5fb07be2d3ae006c2b65d0be1e6533e1273
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Dec 23 19:51:55 2009 +0100
|
||||
|
||||
Use xstrdup() instead of xasprintf() to copy static strings.
|
||||
|
||||
commit a9a803d5662832eb397837055a49fd94118eabf3
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Dec 23 19:49:38 2009 +0100
|
||||
|
||||
Allow port to be specified in Address statements.
|
||||
|
||||
This allows one to connect to use more than one port number to connect to
|
||||
another node. The syntax is now:
|
||||
|
||||
Address = <hostname> [<port>]
|
||||
|
||||
commit 43e34d8180c90682ed1601dec3de7f68ec96d65b
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Dec 23 19:22:06 2009 +0100
|
||||
|
||||
Do not fragment packets smaller than RFC defined minimum MTUs.
|
||||
|
||||
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
|
||||
68, but this is such a low limit that it will probably hurt performance, so we
|
||||
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
|
||||
791). If we detect a path MTU smaller than those minima, and we have to handle
|
||||
a packet that is bigger than the PMTU but smaller than those minima, we forward
|
||||
them via TCP instead of fragmenting or returning ICMP packets.
|
||||
|
||||
commit 369fe1ab1cbfc3f8305de1faab2e30157378b044
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Dec 8 22:18:37 2009 +0000
|
||||
|
||||
Forget addresses of unreachable nodes.
|
||||
|
||||
We clear the cached address used for UDP connections when a node becomes
|
||||
unreachable. This also prevents host-up scripts from passing the old, cached
|
||||
address from when the host becomes reachable again from a different address.
|
||||
|
||||
commit 62f235e05c54e458724f437e519ed1b3e17835b1
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 28 11:56:13 2009 +0000
|
||||
|
||||
Remove unused variable in lookup_subnet_*() functions.
|
||||
|
||||
commit 92aefd25bf9e8e63f199cc252218f5c427f836b7
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 28 11:52:23 2009 +0000
|
||||
|
||||
When learning MAC addresses, only check our own Subnets for previous entries.
|
||||
|
||||
Before it would check all addresses, and not learn an address if another node
|
||||
already claimed that address. This caused fast roaming to fail, the code from
|
||||
commit 6f6f426b353596edca77829c0477268fc2fc1925 was never triggered.
|
||||
|
||||
commit 44834d030464bbe1f7733caba8d96c678f1d6cf2
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Nov 1 16:24:39 2009 +0100
|
||||
|
|
95
INSTALL
95
INSTALL
|
@ -4,8 +4,10 @@ Installation Instructions
|
|||
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
|
||||
2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
||||
|
||||
This file is free documentation; the Free Software Foundation gives
|
||||
unlimited permission to copy, distribute and modify it.
|
||||
Copying and distribution of this file, with or without modification,
|
||||
are permitted in any medium without royalty provided the copyright
|
||||
notice and this notice are preserved. This file is offered as-is,
|
||||
without warranty of any kind.
|
||||
|
||||
Basic Installation
|
||||
==================
|
||||
|
@ -13,7 +15,11 @@ Basic Installation
|
|||
Briefly, the shell commands `./configure; make; make install' should
|
||||
configure, build, and install this package. The following
|
||||
more-detailed instructions are generic; see the `README' file for
|
||||
instructions specific to this package.
|
||||
instructions specific to this package. Some packages provide this
|
||||
`INSTALL' file but do not implement all of the features documented
|
||||
below. The lack of an optional feature in a given package is not
|
||||
necessarily a bug. More recommendations for GNU packages can be found
|
||||
in *note Makefile Conventions: (standards)Makefile Conventions.
|
||||
|
||||
The `configure' shell script attempts to guess correct values for
|
||||
various system-dependent variables used during compilation. It uses
|
||||
|
@ -42,7 +48,7 @@ may remove or edit it.
|
|||
you want to change it or regenerate `configure' using a newer version
|
||||
of `autoconf'.
|
||||
|
||||
The simplest way to compile this package is:
|
||||
The simplest way to compile this package is:
|
||||
|
||||
1. `cd' to the directory containing the package's source code and type
|
||||
`./configure' to configure the package for your system.
|
||||
|
@ -53,12 +59,22 @@ The simplest way to compile this package is:
|
|||
2. Type `make' to compile the package.
|
||||
|
||||
3. Optionally, type `make check' to run any self-tests that come with
|
||||
the package.
|
||||
the package, generally using the just-built uninstalled binaries.
|
||||
|
||||
4. Type `make install' to install the programs and any data files and
|
||||
documentation.
|
||||
documentation. When installing into a prefix owned by root, it is
|
||||
recommended that the package be configured and built as a regular
|
||||
user, and only the `make install' phase executed with root
|
||||
privileges.
|
||||
|
||||
5. You can remove the program binaries and object files from the
|
||||
5. Optionally, type `make installcheck' to repeat any self-tests, but
|
||||
this time using the binaries in their final installed location.
|
||||
This target does not install anything. Running this target as a
|
||||
regular user, particularly if the prior `make install' required
|
||||
root privileges, verifies that the installation completed
|
||||
correctly.
|
||||
|
||||
6. You can remove the program binaries and object files from the
|
||||
source code directory by typing `make clean'. To also remove the
|
||||
files that `configure' created (so you can compile the package for
|
||||
a different kind of computer), type `make distclean'. There is
|
||||
|
@ -67,8 +83,15 @@ The simplest way to compile this package is:
|
|||
all sorts of other programs in order to regenerate files that came
|
||||
with the distribution.
|
||||
|
||||
6. Often, you can also type `make uninstall' to remove the installed
|
||||
files again.
|
||||
7. Often, you can also type `make uninstall' to remove the installed
|
||||
files again. In practice, not all packages have tested that
|
||||
uninstallation works correctly, even though it is required by the
|
||||
GNU Coding Standards.
|
||||
|
||||
8. Some packages, particularly those that use Automake, provide `make
|
||||
distcheck', which can by used by developers to test that all other
|
||||
targets like `make install' and `make uninstall' work correctly.
|
||||
This target is generally not run by end users.
|
||||
|
||||
Compilers and Options
|
||||
=====================
|
||||
|
@ -93,7 +116,8 @@ same time, by placing the object files for each architecture in their
|
|||
own directory. To do this, you can use GNU `make'. `cd' to the
|
||||
directory where you want the object files and executables to go and run
|
||||
the `configure' script. `configure' automatically checks for the
|
||||
source code in the directory that `configure' is in and in `..'.
|
||||
source code in the directory that `configure' is in and in `..'. This
|
||||
is known as a "VPATH" build.
|
||||
|
||||
With a non-GNU `make', it is safer to compile the package for one
|
||||
architecture at a time in the source code directory. After you have
|
||||
|
@ -120,7 +144,8 @@ Installation Names
|
|||
By default, `make install' installs the package's commands under
|
||||
`/usr/local/bin', include files under `/usr/local/include', etc. You
|
||||
can specify an installation prefix other than `/usr/local' by giving
|
||||
`configure' the option `--prefix=PREFIX'.
|
||||
`configure' the option `--prefix=PREFIX', where PREFIX must be an
|
||||
absolute file name.
|
||||
|
||||
You can specify separate installation prefixes for
|
||||
architecture-specific files and architecture-independent files. If you
|
||||
|
@ -131,15 +156,46 @@ Documentation and other data files still use the regular prefix.
|
|||
In addition, if you use an unusual directory layout you can give
|
||||
options like `--bindir=DIR' to specify different values for particular
|
||||
kinds of files. Run `configure --help' for a list of the directories
|
||||
you can set and what kinds of files go in them.
|
||||
you can set and what kinds of files go in them. In general, the
|
||||
default for these options is expressed in terms of `${prefix}', so that
|
||||
specifying just `--prefix' will affect all of the other directory
|
||||
specifications that were not explicitly provided.
|
||||
|
||||
The most portable way to affect installation locations is to pass the
|
||||
correct locations to `configure'; however, many packages provide one or
|
||||
both of the following shortcuts of passing variable assignments to the
|
||||
`make install' command line to change installation locations without
|
||||
having to reconfigure or recompile.
|
||||
|
||||
The first method involves providing an override variable for each
|
||||
affected directory. For example, `make install
|
||||
prefix=/alternate/directory' will choose an alternate location for all
|
||||
directory configuration variables that were expressed in terms of
|
||||
`${prefix}'. Any directories that were specified during `configure',
|
||||
but not in terms of `${prefix}', must each be overridden at install
|
||||
time for the entire installation to be relocated. The approach of
|
||||
makefile variable overrides for each directory variable is required by
|
||||
the GNU Coding Standards, and ideally causes no recompilation.
|
||||
However, some platforms have known limitations with the semantics of
|
||||
shared libraries that end up requiring recompilation when using this
|
||||
method, particularly noticeable in packages that use GNU Libtool.
|
||||
|
||||
The second method involves providing the `DESTDIR' variable. For
|
||||
example, `make install DESTDIR=/alternate/directory' will prepend
|
||||
`/alternate/directory' before all installation names. The approach of
|
||||
`DESTDIR' overrides is not required by the GNU Coding Standards, and
|
||||
does not work on platforms that have drive letters. On the other hand,
|
||||
it does better at avoiding recompilation issues, and works well even
|
||||
when some directory options were not specified in terms of `${prefix}'
|
||||
at `configure' time.
|
||||
|
||||
Optional Features
|
||||
=================
|
||||
|
||||
If the package supports it, you can cause programs to be installed
|
||||
with an extra prefix or suffix on their names by giving `configure' the
|
||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
||||
|
||||
Optional Features
|
||||
=================
|
||||
|
||||
Some packages pay attention to `--enable-FEATURE' options to
|
||||
`configure', where FEATURE indicates an optional part of the package.
|
||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
||||
|
@ -152,6 +208,13 @@ find the X include and library files automatically, but if it doesn't,
|
|||
you can use the `configure' options `--x-includes=DIR' and
|
||||
`--x-libraries=DIR' to specify their locations.
|
||||
|
||||
Some packages offer the ability to configure how verbose the
|
||||
execution of `make' will be. For these packages, running `./configure
|
||||
--enable-silent-rules' sets the default to minimal output, which can be
|
||||
overridden with `make V=1'; while running `./configure
|
||||
--disable-silent-rules' sets the default to verbose, which can be
|
||||
overridden with `make V=0'.
|
||||
|
||||
Particular systems
|
||||
==================
|
||||
|
||||
|
@ -288,7 +351,7 @@ operates.
|
|||
`configure' can determine that directory automatically.
|
||||
|
||||
`--prefix=DIR'
|
||||
Use DIR as the installation prefix. *Note Installation Names::
|
||||
Use DIR as the installation prefix. *note Installation Names::
|
||||
for more details, including other options available for fine-tuning
|
||||
the installation locations.
|
||||
|
||||
|
|
17
Makefile.in
17
Makefile.in
|
@ -1,4 +1,4 @@
|
|||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
@ -269,7 +269,7 @@ distclean-hdr:
|
|||
# (which will cause the Makefiles to be regenerated when you run `make');
|
||||
# (2) otherwise, pass the desired values on the `make' command line.
|
||||
$(RECURSIVE_TARGETS):
|
||||
@failcom='exit 1'; \
|
||||
@fail= failcom='exit 1'; \
|
||||
for f in x $$MAKEFLAGS; do \
|
||||
case $$f in \
|
||||
*=* | --[!k]*);; \
|
||||
|
@ -294,7 +294,7 @@ $(RECURSIVE_TARGETS):
|
|||
fi; test -z "$$fail"
|
||||
|
||||
$(RECURSIVE_CLEAN_TARGETS):
|
||||
@failcom='exit 1'; \
|
||||
@fail= failcom='exit 1'; \
|
||||
for f in x $$MAKEFLAGS; do \
|
||||
case $$f in \
|
||||
*=* | --[!k]*);; \
|
||||
|
@ -458,7 +458,8 @@ distdir: $(DISTFILES)
|
|||
fi; \
|
||||
done
|
||||
-test -n "$(am__skip_mode_fix)" \
|
||||
|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
|
||||
|| find "$(distdir)" -type d ! -perm -755 \
|
||||
-exec chmod u+rwx,go+rx {} \; -o \
|
||||
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
|
||||
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
|
||||
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
||||
|
@ -502,17 +503,17 @@ dist dist-all: distdir
|
|||
distcheck: dist
|
||||
case '$(DIST_ARCHIVES)' in \
|
||||
*.tar.gz*) \
|
||||
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
|
||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||
*.tar.bz2*) \
|
||||
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||
*.tar.lzma*) \
|
||||
unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
|
||||
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
|
||||
*.tar.xz*) \
|
||||
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
|
||||
*.tar.Z*) \
|
||||
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
||||
*.shar.gz*) \
|
||||
GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
|
||||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
|
||||
*.zip*) \
|
||||
unzip $(distdir).zip ;;\
|
||||
esac
|
||||
|
|
15
NEWS
15
NEWS
|
@ -1,3 +1,18 @@
|
|||
Version 1.0.12 Feb 3 2010
|
||||
|
||||
* Really allow fast roaming of hosts to other nodes in a switched VPN.
|
||||
|
||||
* Fixes missing or incorrect environment variables when calling host-up/down
|
||||
and subnet-up/down scripts in some cases.
|
||||
|
||||
* Allow port to be specified in Address statements.
|
||||
|
||||
* Clamp MSS of TCP packets to the discovered path MTU.
|
||||
|
||||
* Let two nodes behind NAT learn each others current UDP address and port via
|
||||
a third node, potentially allowing direct communications in a similar way to
|
||||
STUN.
|
||||
|
||||
Version 1.0.11 Nov 1 2009
|
||||
|
||||
* Fixed potential crash when the HUP signal is sent.
|
||||
|
|
6
README
6
README
|
@ -1,7 +1,7 @@
|
|||
This is the README file for tinc version 1.0.11. Installation
|
||||
This is the README file for tinc version 1.0.12. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright (C) 1998-2009 by:
|
||||
tinc is Copyright (C) 1998-2010 by:
|
||||
|
||||
Ivo Timmermans,
|
||||
Guus Sliepen <guus@tinc-vpn.org>,
|
||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
|||
Compatibility
|
||||
-------------
|
||||
|
||||
Version 1.0.11 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
Version 1.0.12 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
versions of tinc.
|
||||
|
||||
|
||||
|
|
10
aclocal.m4
vendored
10
aclocal.m4
vendored
|
@ -1,4 +1,4 @@
|
|||
# generated automatically by aclocal 1.11 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
||||
# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
||||
|
@ -13,8 +13,8 @@
|
|||
|
||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.64],,
|
||||
[m4_warning([this file was generated for autoconf 2.64.
|
||||
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],,
|
||||
[m4_warning([this file was generated for autoconf 2.65.
|
||||
You have another version of autoconf. It may work, but is not guaranteed to.
|
||||
If you have problems, you may need to regenerate the build system entirely.
|
||||
To do so, use the procedure documented by the package, typically `autoreconf'.])])
|
||||
|
@ -34,7 +34,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
|||
[am__api_version='1.11'
|
||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||
dnl require some minimum version. Point them to the right macro.
|
||||
m4_if([$1], [1.11], [],
|
||||
m4_if([$1], [1.11.1], [],
|
||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||
])
|
||||
|
||||
|
@ -50,7 +50,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
|||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||
[AM_AUTOMAKE_VERSION([1.11])dnl
|
||||
[AM_AUTOMAKE_VERSION([1.11.1])dnl
|
||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||
|
|
179
configure
vendored
179
configure
vendored
|
@ -1,10 +1,12 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.64.
|
||||
# Generated by GNU Autoconf 2.65.
|
||||
#
|
||||
#
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
|
||||
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software
|
||||
# Foundation, Inc.
|
||||
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
|
||||
# Inc.
|
||||
#
|
||||
#
|
||||
# This configure script is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy, distribute and modify it.
|
||||
|
@ -524,7 +526,8 @@ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
|
|||
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
|
||||
|
||||
|
||||
exec 7<&0 </dev/null 6>&1
|
||||
test -n "$DJDIR" || exec 7<&0 </dev/null
|
||||
exec 6>&1
|
||||
|
||||
# Name of the host.
|
||||
# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
|
||||
|
@ -1364,7 +1367,7 @@ Some influential environment variables:
|
|||
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
|
||||
nonstandard directory <lib dir>
|
||||
LIBS libraries to pass to the linker, e.g. -l<library>
|
||||
CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
|
||||
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
|
||||
you have headers in a nonstandard directory <include dir>
|
||||
CPP C preprocessor
|
||||
|
||||
|
@ -1435,7 +1438,7 @@ test -n "$ac_init_help" && exit $ac_status
|
|||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
configure
|
||||
generated by GNU Autoconf 2.64
|
||||
generated by GNU Autoconf 2.65
|
||||
|
||||
Copyright (C) 2009 Free Software Foundation, Inc.
|
||||
This configure script is free software; the Free Software Foundation
|
||||
|
@ -1482,7 +1485,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
|
|||
ac_retval=1
|
||||
fi
|
||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||
return $ac_retval
|
||||
as_fn_set_status $ac_retval
|
||||
|
||||
} # ac_fn_c_try_compile
|
||||
|
||||
|
@ -1519,7 +1522,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
|
|||
ac_retval=1
|
||||
fi
|
||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||
return $ac_retval
|
||||
as_fn_set_status $ac_retval
|
||||
|
||||
} # ac_fn_c_try_cpp
|
||||
|
||||
|
@ -1648,7 +1651,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
|
|||
fi
|
||||
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||
return $ac_retval
|
||||
as_fn_set_status $ac_retval
|
||||
|
||||
} # ac_fn_c_try_run
|
||||
|
||||
|
@ -1779,7 +1782,7 @@ fi
|
|||
# left behind by Apple's compiler. We do this before executing the actions.
|
||||
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
||||
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
|
||||
return $ac_retval
|
||||
as_fn_set_status $ac_retval
|
||||
|
||||
} # ac_fn_c_try_link
|
||||
|
||||
|
@ -1893,7 +1896,7 @@ This file contains any messages produced by compilers while
|
|||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by $as_me, which was
|
||||
generated by GNU Autoconf 2.64. Invocation command line was
|
||||
generated by GNU Autoconf 2.65. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
||||
|
@ -2146,7 +2149,7 @@ fi
|
|||
for ac_site_file in "$ac_site_file1" "$ac_site_file2"
|
||||
do
|
||||
test "x$ac_site_file" = xNONE && continue
|
||||
if test -r "$ac_site_file"; then
|
||||
if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
|
||||
$as_echo "$as_me: loading site script $ac_site_file" >&6;}
|
||||
sed 's/^/| /' "$ac_site_file" >&5
|
||||
|
@ -2155,9 +2158,9 @@ $as_echo "$as_me: loading site script $ac_site_file" >&6;}
|
|||
done
|
||||
|
||||
if test -r "$cache_file"; then
|
||||
# Some versions of bash will fail to source /dev/null (special
|
||||
# files actually), so we avoid doing that.
|
||||
if test -f "$cache_file"; then
|
||||
# Some versions of bash will fail to source /dev/null (special files
|
||||
# actually), so we avoid doing that. DJGPP emulates it as a regular file.
|
||||
if test /dev/null != "$cache_file" && test -f "$cache_file"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
|
||||
$as_echo "$as_me: loading cache $cache_file" >&6;}
|
||||
case $cache_file in
|
||||
|
@ -2577,6 +2580,7 @@ IFS=$as_save_IFS
|
|||
|
||||
fi
|
||||
|
||||
test -d ./--version && rmdir ./--version
|
||||
if test "${ac_cv_path_mkdir+set}" = set; then
|
||||
MKDIR_P="$ac_cv_path_mkdir -p"
|
||||
else
|
||||
|
@ -2584,7 +2588,6 @@ fi
|
|||
# value for MKDIR_P within a source directory, because that will
|
||||
# break other packages using the cache if that directory is
|
||||
# removed, or if the value is a relative name.
|
||||
test -d ./--version && rmdir ./--version
|
||||
MKDIR_P="$ac_install_sh -d"
|
||||
fi
|
||||
fi
|
||||
|
@ -2701,7 +2704,7 @@ fi
|
|||
|
||||
# Define the identity of the package.
|
||||
PACKAGE=tinc
|
||||
VERSION=1.0.11
|
||||
VERSION=1.0.12
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
|
@ -3154,32 +3157,30 @@ $as_echo "$ac_try_echo"; } >&5
|
|||
... rest of stderr output deleted ...
|
||||
10q' conftest.err >conftest.er1
|
||||
cat conftest.er1 >&5
|
||||
rm -f conftest.er1 conftest.err
|
||||
fi
|
||||
rm -f conftest.er1 conftest.err
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||
test $ac_status = 0; }
|
||||
done
|
||||
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
#include <stdio.h>
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
FILE *f = fopen ("conftest.out", "w");
|
||||
return ferror (f) || fclose (f) != 0;
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
ac_clean_files_save=$ac_clean_files
|
||||
ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out conftest.out"
|
||||
ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
|
||||
# Try to create an executable without -o first, disregard a.out.
|
||||
# It will help us diagnose broken compilers, and finding out an intuition
|
||||
# of exeext.
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
|
||||
$as_echo_n "checking for C compiler default output file name... " >&6; }
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
|
||||
$as_echo_n "checking whether the C compiler works... " >&6; }
|
||||
ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
|
||||
|
||||
# The possible output files:
|
||||
|
@ -3241,10 +3242,10 @@ test "$ac_cv_exeext" = no && ac_cv_exeext=
|
|||
else
|
||||
ac_file=''
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
|
||||
$as_echo "$ac_file" >&6; }
|
||||
if test -z "$ac_file"; then :
|
||||
$as_echo "$as_me: failed program was:" >&5
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
$as_echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||
|
@ -3252,51 +3253,18 @@ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|||
{ as_fn_set_status 77
|
||||
as_fn_error "C compiler cannot create executables
|
||||
See \`config.log' for more details." "$LINENO" 5; }; }
|
||||
else
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
|
||||
$as_echo "yes" >&6; }
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
|
||||
$as_echo_n "checking for C compiler default output file name... " >&6; }
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
|
||||
$as_echo "$ac_file" >&6; }
|
||||
ac_exeext=$ac_cv_exeext
|
||||
|
||||
# Check that the compiler produces executables we can run. If not, either
|
||||
# the compiler is broken, or we cross compile.
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
|
||||
$as_echo_n "checking whether the C compiler works... " >&6; }
|
||||
# If not cross compiling, check that we can run a simple program.
|
||||
if test "$cross_compiling" != yes; then
|
||||
if { ac_try='./$ac_file'
|
||||
{ { case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
||||
$as_echo "$ac_try_echo"; } >&5
|
||||
(eval "$ac_try") 2>&5
|
||||
ac_status=$?
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||
test $ac_status = 0; }; }; then
|
||||
cross_compiling=no
|
||||
else
|
||||
if test "$cross_compiling" = maybe; then
|
||||
cross_compiling=yes
|
||||
else
|
||||
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||
as_fn_error "cannot run C compiled programs.
|
||||
If you meant to cross compile, use \`--host'.
|
||||
See \`config.log' for more details." "$LINENO" 5; }
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
|
||||
$as_echo "yes" >&6; }
|
||||
|
||||
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out conftest.out
|
||||
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
|
||||
ac_clean_files=$ac_clean_files_save
|
||||
# Check that the compiler produces executables we can run. If not, either
|
||||
# the compiler is broken, or we cross compile.
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
|
||||
$as_echo_n "checking whether we are cross compiling... " >&6; }
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
|
||||
$as_echo "$cross_compiling" >&6; }
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
|
||||
$as_echo_n "checking for suffix of executables... " >&6; }
|
||||
if { { ac_try="$ac_link"
|
||||
|
@ -3329,13 +3297,72 @@ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
|||
as_fn_error "cannot compute suffix of executables: cannot compile and link
|
||||
See \`config.log' for more details." "$LINENO" 5; }
|
||||
fi
|
||||
rm -f conftest$ac_cv_exeext
|
||||
rm -f conftest conftest$ac_cv_exeext
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
|
||||
$as_echo "$ac_cv_exeext" >&6; }
|
||||
|
||||
rm -f conftest.$ac_ext
|
||||
EXEEXT=$ac_cv_exeext
|
||||
ac_exeext=$EXEEXT
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
#include <stdio.h>
|
||||
int
|
||||
main ()
|
||||
{
|
||||
FILE *f = fopen ("conftest.out", "w");
|
||||
return ferror (f) || fclose (f) != 0;
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
ac_clean_files="$ac_clean_files conftest.out"
|
||||
# Check that the compiler produces executables we can run. If not, either
|
||||
# the compiler is broken, or we cross compile.
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
|
||||
$as_echo_n "checking whether we are cross compiling... " >&6; }
|
||||
if test "$cross_compiling" != yes; then
|
||||
{ { ac_try="$ac_link"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
||||
$as_echo "$ac_try_echo"; } >&5
|
||||
(eval "$ac_link") 2>&5
|
||||
ac_status=$?
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||
test $ac_status = 0; }
|
||||
if { ac_try='./conftest$ac_cv_exeext'
|
||||
{ { case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
||||
$as_echo "$ac_try_echo"; } >&5
|
||||
(eval "$ac_try") 2>&5
|
||||
ac_status=$?
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||
test $ac_status = 0; }; }; then
|
||||
cross_compiling=no
|
||||
else
|
||||
if test "$cross_compiling" = maybe; then
|
||||
cross_compiling=yes
|
||||
else
|
||||
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
|
||||
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
|
||||
as_fn_error "cannot run C compiled programs.
|
||||
If you meant to cross compile, use \`--host'.
|
||||
See \`config.log' for more details." "$LINENO" 5; }
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
|
||||
$as_echo "$cross_compiling" >&6; }
|
||||
|
||||
rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
|
||||
ac_clean_files=$ac_clean_files_save
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
|
||||
$as_echo_n "checking for suffix of object files... " >&6; }
|
||||
if test "${ac_cv_objext+set}" = set; then :
|
||||
|
@ -7118,7 +7145,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by $as_me, which was
|
||||
generated by GNU Autoconf 2.64. Invocation command line was
|
||||
generated by GNU Autoconf 2.65. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
CONFIG_HEADERS = $CONFIG_HEADERS
|
||||
|
@ -7158,6 +7185,7 @@ Usage: $0 [OPTION]... [TAG]...
|
|||
|
||||
-h, --help print this help, then exit
|
||||
-V, --version print version number and configuration settings, then exit
|
||||
--config print configuration, then exit
|
||||
-q, --quiet, --silent
|
||||
do not print progress messages
|
||||
-d, --debug don't remove temporary files
|
||||
|
@ -7180,10 +7208,11 @@ Report bugs to the package provider."
|
|||
|
||||
_ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
config.status
|
||||
configured by $0, generated by GNU Autoconf 2.64,
|
||||
with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
|
||||
configured by $0, generated by GNU Autoconf 2.65,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
Copyright (C) 2009 Free Software Foundation, Inc.
|
||||
This config.status script is free software; the Free Software Foundation
|
||||
|
@ -7221,6 +7250,8 @@ do
|
|||
ac_cs_recheck=: ;;
|
||||
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
|
||||
$as_echo "$ac_cs_version"; exit ;;
|
||||
--config | --confi | --conf | --con | --co | --c )
|
||||
$as_echo "$ac_cs_config"; exit ;;
|
||||
--debug | --debu | --deb | --de | --d | -d )
|
||||
debug=: ;;
|
||||
--file | --fil | --fi | --f )
|
||||
|
@ -7412,7 +7443,7 @@ s/'"$ac_delim"'$//
|
|||
t delim
|
||||
:nl
|
||||
h
|
||||
s/\(.\{148\}\).*/\1/
|
||||
s/\(.\{148\}\)..*/\1/
|
||||
t more1
|
||||
s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
|
||||
p
|
||||
|
@ -7426,7 +7457,7 @@ s/.\{148\}//
|
|||
t nl
|
||||
:delim
|
||||
h
|
||||
s/\(.\{148\}\).*/\1/
|
||||
s/\(.\{148\}\)..*/\1/
|
||||
t more2
|
||||
s/["\\]/\\&/g; s/^/"/; s/$/"/
|
||||
p
|
||||
|
|
|
@ -3,7 +3,7 @@ dnl Process this file with autoconf to produce a configure script.
|
|||
AC_PREREQ(2.61)
|
||||
AC_INIT
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AM_INIT_AUTOMAKE(tinc, 1.0.11)
|
||||
AM_INIT_AUTOMAKE(tinc, 1.0.12)
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
AM_MAINTAINER_MODE
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
|
Binary file not shown.
|
@ -3,7 +3,7 @@
|
|||
% Load plain if necessary, i.e., if running under initex.
|
||||
\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
|
||||
%
|
||||
\def\texinfoversion{2009-05-16.16}
|
||||
\def\texinfoversion{2009-08-14.15}
|
||||
%
|
||||
% Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
|
||||
% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||
|
@ -1332,13 +1332,16 @@ output) for that.)}
|
|||
|
||||
\ifpdf
|
||||
%
|
||||
% Color manipulation macros based on pdfcolor.tex.
|
||||
\def\cmykDarkRed{0.28 1 1 0.35}
|
||||
\def\cmykBlack{0 0 0 1}
|
||||
% Color manipulation macros based on pdfcolor.tex,
|
||||
% except using rgb instead of cmyk; the latter is said to render as a
|
||||
% very dark gray on-screen and a very dark halftone in print, instead
|
||||
% of actual black.
|
||||
\def\rgbDarkRed{0.50 0.09 0.12}
|
||||
\def\rgbBlack{0 0 0}
|
||||
%
|
||||
% k sets the color for filling (usual text, etc.);
|
||||
% K sets the color for stroking (thin rules, e.g., normal _'s).
|
||||
\def\pdfsetcolor#1{\pdfliteral{#1 k #1 K}}
|
||||
\def\pdfsetcolor#1{\pdfliteral{#1 rg #1 RG}}
|
||||
%
|
||||
% Set color, and create a mark which defines \thiscolor accordingly,
|
||||
% so that \makeheadline knows which color to restore.
|
||||
|
@ -1348,7 +1351,7 @@ output) for that.)}
|
|||
\pdfsetcolor{#1}%
|
||||
}
|
||||
%
|
||||
\def\maincolor{\cmykBlack}
|
||||
\def\maincolor{\rgbBlack}
|
||||
\pdfsetcolor{\maincolor}
|
||||
\edef\thiscolor{\maincolor}
|
||||
\def\lastcolordefs{}
|
||||
|
@ -1443,8 +1446,8 @@ output) for that.)}
|
|||
%
|
||||
% by default, use a color that is dark enough to print on paper as
|
||||
% nearly black, but still distinguishable for online viewing.
|
||||
\def\urlcolor{\cmykDarkRed}
|
||||
\def\linkcolor{\cmykDarkRed}
|
||||
\def\urlcolor{\rgbDarkRed}
|
||||
\def\linkcolor{\rgbDarkRed}
|
||||
\def\endlink{\setcolor{\maincolor}\pdfendlink}
|
||||
%
|
||||
% Adding outlines to PDF; macros for calculating structure of outlines
|
||||
|
@ -4322,6 +4325,7 @@ end
|
|||
\definedummyword\code
|
||||
\definedummyword\command
|
||||
\definedummyword\dfn
|
||||
\definedummyword\email
|
||||
\definedummyword\emph
|
||||
\definedummyword\env
|
||||
\definedummyword\file
|
||||
|
@ -9272,12 +9276,8 @@ directory should work if nowhere else does.}
|
|||
@markupsetuplqdefault
|
||||
@markupsetuprqdefault
|
||||
|
||||
@c Gnulib now utterly and painfully insists on no trailing whitespace.
|
||||
@c So we have to nuke it.
|
||||
|
||||
@c Local variables:
|
||||
@c eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
@c eval: (add-hook 'write-file-hooks 'nuke-trailing-whitespace)
|
||||
@c page-delimiter: "^\\\\message"
|
||||
@c time-stamp-start: "def\\\\texinfoversion{"
|
||||
@c time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.Dd 2009-03-05
|
||||
.Dd 2010-01-16
|
||||
.Dt TINC.CONF 5
|
||||
.\" Manual page created by:
|
||||
.\" Ivo Timmermans
|
||||
|
@ -330,9 +330,10 @@ Since host configuration files only contain public keys,
|
|||
no secrets are revealed by sending out this information.
|
||||
.Bl -tag -width indent
|
||||
|
||||
.It Va Address Li = Ar address Bq recommended
|
||||
.It Va Address Li = Ar address Oo port Oc Bq recommended
|
||||
The IP address or hostname of this tinc daemon on the real network.
|
||||
This will only be used when trying to make an outgoing connection to this tinc daemon.
|
||||
Optionally, a port can be specified to use for this address.
|
||||
Multiple
|
||||
.Va Address
|
||||
variables can be specified, in which case each address will be tried until a working
|
||||
|
@ -346,6 +347,11 @@ Furthermore, specifying
|
|||
will turn off packet encryption.
|
||||
It is best to use only those ciphers which support CBC mode.
|
||||
|
||||
.It Va ClampMSS Li = yes | no Pq yes
|
||||
This option specifies whether tinc should clamp the maximum segment size (MSS)
|
||||
of TCP packets to the path MTU. This helps in situations where ICMP
|
||||
Fragmentation Needed or Packet too Big messages are dropped by firewalls.
|
||||
|
||||
.It Va Compression Li = Ar level Pq 0
|
||||
This option sets the level of compression used for UDP packets.
|
||||
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
||||
|
@ -380,7 +386,10 @@ When this option is enabled, tinc will try to discover the path MTU to this node
|
|||
After the path MTU has been discovered, it will be enforced on the VPN.
|
||||
|
||||
.It Va Port Li = Ar port Pq 655
|
||||
The port number on which this tinc daemon is listening for incoming connections.
|
||||
The port number on which this tinc daemon is listening for incoming connections,
|
||||
which is used if no port number is specified in an
|
||||
.Va Address
|
||||
statement.
|
||||
|
||||
.It Va PublicKey Li = Ar key Bq obsolete
|
||||
The public RSA key of this tinc daemon.
|
||||
|
|
103
doc/tinc.info
103
doc/tinc.info
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
|||
* tinc: (tinc). The tinc Manual.
|
||||
END-INFO-DIR-ENTRY
|
||||
|
||||
This is the info manual for tinc version 1.0.11, a Virtual Private
|
||||
This is the info manual for tinc version 1.0.12, a Virtual Private
|
||||
Network daemon.
|
||||
|
||||
Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen
|
||||
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen
|
||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
|
@ -855,10 +855,11 @@ File: tinc.info, Node: Host configuration variables, Next: Scripts, Prev: Mai
|
|||
4.4.2 Host configuration variables
|
||||
----------------------------------
|
||||
|
||||
Address = <IP ADDRESS|HOSTNAME> [recommended]
|
||||
Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
|
||||
This variable is only required if you want to connect to this
|
||||
host. It must resolve to the external IP address where the host
|
||||
can be reached, not the one that is internal to the VPN.
|
||||
can be reached, not the one that is internal to the VPN. If no
|
||||
port is specified, the default Port is used.
|
||||
|
||||
Cipher = <CIPHER> (blowfish)
|
||||
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
||||
|
@ -866,6 +867,12 @@ Cipher = <CIPHER> (blowfish)
|
|||
specifying "none" will turn off packet encryption. It is best to
|
||||
use only those ciphers which support CBC mode.
|
||||
|
||||
ClampMSS = <yes|no> (yes)
|
||||
This option specifies whether tinc should clamp the maximum
|
||||
segment size (MSS) of TCP packets to the path MTU. This helps in
|
||||
situations where ICMP Fragmentation Needed or Packet too Big
|
||||
messages are dropped by firewalls.
|
||||
|
||||
Compression = <LEVEL> (0)
|
||||
This option sets the level of compression used for UDP packets.
|
||||
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9
|
||||
|
@ -2224,14 +2231,16 @@ Concept Index
|
|||
* CHALLENGE: Authentication protocol.
|
||||
(line 10)
|
||||
* CIDR notation: Host configuration variables.
|
||||
(line 85)
|
||||
(line 92)
|
||||
* Cipher: Host configuration variables.
|
||||
(line 11)
|
||||
(line 12)
|
||||
* ClampMSS: Host configuration variables.
|
||||
(line 18)
|
||||
* client: How connections work.
|
||||
(line 18)
|
||||
* command line: Runtime options. (line 9)
|
||||
* Compression: Host configuration variables.
|
||||
(line 17)
|
||||
(line 24)
|
||||
* connection: The connection. (line 6)
|
||||
* ConnectTo: Main configuration variables.
|
||||
(line 27)
|
||||
|
@ -2248,7 +2257,7 @@ Concept Index
|
|||
* DeviceType: Main configuration variables.
|
||||
(line 45)
|
||||
* Digest: Host configuration variables.
|
||||
(line 22)
|
||||
(line 29)
|
||||
* encapsulating: The UDP tunnel. (line 30)
|
||||
* encryption: Encryption of network packets.
|
||||
(line 6)
|
||||
|
@ -2265,7 +2274,7 @@ Concept Index
|
|||
* ID: Authentication protocol.
|
||||
(line 10)
|
||||
* IndirectData: Host configuration variables.
|
||||
(line 27)
|
||||
(line 34)
|
||||
* INTERFACE: Scripts. (line 58)
|
||||
* Interface: Main configuration variables.
|
||||
(line 91)
|
||||
|
@ -2280,7 +2289,7 @@ Concept Index
|
|||
* MACExpire: Main configuration variables.
|
||||
(line 133)
|
||||
* MACLength: Host configuration variables.
|
||||
(line 35)
|
||||
(line 42)
|
||||
* meta-protocol: The meta-connection. (line 18)
|
||||
* META_KEY: Authentication protocol.
|
||||
(line 10)
|
||||
|
@ -2299,7 +2308,7 @@ Concept Index
|
|||
* OpenSSL: OpenSSL. (line 6)
|
||||
* options: Runtime options. (line 9)
|
||||
* PEM format: Host configuration variables.
|
||||
(line 60)
|
||||
(line 67)
|
||||
* PING: The meta-protocol. (line 89)
|
||||
* PingInterval: Main configuration variables.
|
||||
(line 143)
|
||||
|
@ -2307,12 +2316,12 @@ Concept Index
|
|||
(line 147)
|
||||
* platforms: Supported platforms. (line 6)
|
||||
* PMTU: Host configuration variables.
|
||||
(line 40)
|
||||
(line 47)
|
||||
* PMTUDiscovery: Host configuration variables.
|
||||
(line 43)
|
||||
(line 50)
|
||||
* PONG: The meta-protocol. (line 89)
|
||||
* Port: Host configuration variables.
|
||||
(line 48)
|
||||
(line 55)
|
||||
* port numbers: Other files. (line 17)
|
||||
* PriorityInheritance: Main configuration variables.
|
||||
(line 153)
|
||||
|
@ -2325,9 +2334,9 @@ Concept Index
|
|||
* ProcessPriority: Main configuration variables.
|
||||
(line 172)
|
||||
* PublicKey: Host configuration variables.
|
||||
(line 52)
|
||||
(line 59)
|
||||
* PublicKeyFile: Host configuration variables.
|
||||
(line 55)
|
||||
(line 62)
|
||||
* release: Supported platforms. (line 14)
|
||||
* REMOTEADDRESS: Scripts. (line 67)
|
||||
* REMOTEPORT: Scripts. (line 70)
|
||||
|
@ -2343,15 +2352,15 @@ Concept Index
|
|||
* signals: Signals. (line 6)
|
||||
* SUBNET: Scripts. (line 74)
|
||||
* Subnet: Host configuration variables.
|
||||
(line 67)
|
||||
(line 74)
|
||||
* Subnet weight: Host configuration variables.
|
||||
(line 90)
|
||||
(line 97)
|
||||
* SVPN: Security. (line 11)
|
||||
* switch: Main configuration variables.
|
||||
(line 111)
|
||||
* TCP: The meta-connection. (line 10)
|
||||
* TCPonly: Host configuration variables.
|
||||
(line 97)
|
||||
(line 104)
|
||||
* TINC: Security. (line 6)
|
||||
* tinc: Introduction. (line 6)
|
||||
* tinc-down: Scripts. (line 18)
|
||||
|
@ -2416,33 +2425,33 @@ Node: How connections work22594
|
|||
Node: Configuration files23816
|
||||
Node: Main configuration variables24823
|
||||
Node: Host configuration variables32865
|
||||
Node: Scripts37942
|
||||
Node: How to configure40712
|
||||
Node: Generating keypairs41975
|
||||
Node: Network interfaces42474
|
||||
Node: Example configuration44322
|
||||
Node: Running tinc49634
|
||||
Node: Runtime options50224
|
||||
Node: Signals53019
|
||||
Node: Debug levels54088
|
||||
Node: Solving problems55024
|
||||
Node: Error messages56576
|
||||
Node: Sending bug reports60589
|
||||
Node: Technical information61541
|
||||
Node: The connection61772
|
||||
Node: The UDP tunnel62084
|
||||
Node: The meta-connection65145
|
||||
Node: The meta-protocol66614
|
||||
Node: Security71623
|
||||
Node: Authentication protocol72753
|
||||
Node: Encryption of network packets77757
|
||||
Node: Security issues79130
|
||||
Node: Platform specific information80747
|
||||
Node: Interface configuration80975
|
||||
Node: Routes82874
|
||||
Node: About us84790
|
||||
Node: Contact information84965
|
||||
Node: Authors85369
|
||||
Node: Concept Index85774
|
||||
Node: Scripts38276
|
||||
Node: How to configure41046
|
||||
Node: Generating keypairs42309
|
||||
Node: Network interfaces42808
|
||||
Node: Example configuration44656
|
||||
Node: Running tinc49968
|
||||
Node: Runtime options50558
|
||||
Node: Signals53353
|
||||
Node: Debug levels54422
|
||||
Node: Solving problems55358
|
||||
Node: Error messages56910
|
||||
Node: Sending bug reports60923
|
||||
Node: Technical information61875
|
||||
Node: The connection62106
|
||||
Node: The UDP tunnel62418
|
||||
Node: The meta-connection65479
|
||||
Node: The meta-protocol66948
|
||||
Node: Security71957
|
||||
Node: Authentication protocol73087
|
||||
Node: Encryption of network packets78091
|
||||
Node: Security issues79464
|
||||
Node: Platform specific information81081
|
||||
Node: Interface configuration81309
|
||||
Node: Routes83208
|
||||
Node: About us85124
|
||||
Node: Contact information85299
|
||||
Node: Authors85703
|
||||
Node: Concept Index86108
|
||||
|
||||
End Tag Table
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2009 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2009 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -943,10 +943,11 @@ and will only allow nodes and subnets on the VPN which are present in the
|
|||
|
||||
@table @asis
|
||||
@cindex Address
|
||||
@item Address = <@var{IP address}|@var{hostname}> [recommended]
|
||||
@item Address = <@var{IP address}|@var{hostname}> [<port>] [recommended]
|
||||
This variable is only required if you want to connect to this host. It
|
||||
must resolve to the external IP address where the host can be reached,
|
||||
not the one that is internal to the VPN.
|
||||
If no port is specified, the default Port is used.
|
||||
|
||||
@cindex Cipher
|
||||
@item Cipher = <@var{cipher}> (blowfish)
|
||||
|
@ -955,6 +956,12 @@ Any cipher supported by OpenSSL is recognized.
|
|||
Furthermore, specifying "none" will turn off packet encryption.
|
||||
It is best to use only those ciphers which support CBC mode.
|
||||
|
||||
@cindex ClampMSS
|
||||
@item ClampMSS = <yes|no> (yes)
|
||||
This option specifies whether tinc should clamp the maximum segment size (MSS)
|
||||
of TCP packets to the path MTU. This helps in situations where ICMP
|
||||
Fragmentation Needed or Packet too Big messages are dropped by firewalls.
|
||||
|
||||
@cindex Compression
|
||||
@item Compression = <@var{level}> (0)
|
||||
This option sets the level of compression used for UDP packets.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Makefile.in generated by automake 1.11 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
connection.h -- header for connection.c
|
||||
Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -29,6 +29,7 @@
|
|||
#define OPTION_INDIRECT 0x0001
|
||||
#define OPTION_TCPONLY 0x0002
|
||||
#define OPTION_PMTU_DISCOVERY 0x0004
|
||||
#define OPTION_CLAMP_MSS 0x0008
|
||||
|
||||
typedef struct connection_status_t {
|
||||
int pinged:1; /* sent ping */
|
||||
|
|
10
src/graph.c
10
src/graph.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
graph.c -- graph algorithms
|
||||
Copyright (C) 2001-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -53,6 +53,7 @@
|
|||
#include "netutl.h"
|
||||
#include "node.h"
|
||||
#include "process.h"
|
||||
#include "protocol.h"
|
||||
#include "subnet.h"
|
||||
#include "utils.h"
|
||||
#include "xalloc.h"
|
||||
|
@ -251,7 +252,7 @@ void sssp_bfs(void) {
|
|||
/* TODO: only clear status.validkey if node is unreachable? */
|
||||
|
||||
n->status.validkey = false;
|
||||
n->status.waitingforkey = false;
|
||||
n->last_req_key = 0;
|
||||
|
||||
n->maxmtu = MTU;
|
||||
n->minmtu = 0;
|
||||
|
@ -286,6 +287,11 @@ void sssp_bfs(void) {
|
|||
free(envp[i]);
|
||||
|
||||
subnet_update(n, NULL, n->status.reachable);
|
||||
|
||||
if(!n->status.reachable)
|
||||
update_node_udp(n, NULL);
|
||||
else if(n->connection)
|
||||
send_ans_key(n);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
10
src/net.c
10
src/net.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net.c -- most of the network code
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -374,10 +374,9 @@ int main_loop(void) {
|
|||
dump_connections();
|
||||
return 1;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if(r > 0)
|
||||
check_network_activity(&readset, &writeset);
|
||||
|
||||
if(do_purge) {
|
||||
|
@ -418,8 +417,13 @@ int main_loop(void) {
|
|||
}
|
||||
|
||||
if(sigalrm) {
|
||||
avl_node_t *node;
|
||||
logger(LOG_INFO, "Flushing event queue");
|
||||
expire_events();
|
||||
for(node = connection_tree->head; node; node = node->next) {
|
||||
connection_t *c = node->data;
|
||||
send_ping(c);
|
||||
}
|
||||
sigalrm = false;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_packet.c -- Handles in- and outgoing VPN packets
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -353,10 +353,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
|||
"No valid key known yet for %s (%s), forwarding via TCP",
|
||||
n->name, n->hostname);
|
||||
|
||||
if(!n->status.waitingforkey)
|
||||
if(n->last_req_key + 10 < now) {
|
||||
send_req_key(n);
|
||||
|
||||
n->status.waitingforkey = true;
|
||||
n->last_req_key = now;
|
||||
}
|
||||
|
||||
send_tcppacket(n->nexthop->connection, origpkt);
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_setup.c -- Setup.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -218,8 +218,8 @@ bool setup_myself(void) {
|
|||
myself->connection = new_connection();
|
||||
init_configuration(&myself->connection->config_tree);
|
||||
|
||||
xasprintf(&myself->hostname, "MYSELF");
|
||||
xasprintf(&myself->connection->hostname, "MYSELF");
|
||||
myself->hostname = xstrdup("MYSELF");
|
||||
myself->connection->hostname = xstrdup("MYSELF");
|
||||
|
||||
myself->connection->options = 0;
|
||||
myself->connection->protocol_version = PROT_CURRENT;
|
||||
|
@ -246,8 +246,9 @@ bool setup_myself(void) {
|
|||
if(!read_rsa_private_key())
|
||||
return false;
|
||||
|
||||
if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
|
||||
xasprintf(&myport, "655");
|
||||
if(!get_config_string(lookup_config(config_tree, "Port"), &myport)
|
||||
&& !get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
|
||||
myport = xstrdup("655");
|
||||
|
||||
/* Read in all the subnets specified in the host configuration file */
|
||||
|
||||
|
@ -296,13 +297,18 @@ bool setup_myself(void) {
|
|||
} else
|
||||
routing_mode = RMODE_ROUTER;
|
||||
|
||||
// Enable PMTUDiscovery by default if we are in router mode.
|
||||
|
||||
choice = routing_mode == RMODE_ROUTER;
|
||||
choice = true;
|
||||
get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
|
||||
get_config_bool(lookup_config(config_tree, "PMTUDiscovery"), &choice);
|
||||
if(choice)
|
||||
myself->options |= OPTION_PMTU_DISCOVERY;
|
||||
|
||||
choice = true;
|
||||
get_config_bool(lookup_config(config_tree, "ClampMSS"), &choice);
|
||||
get_config_bool(lookup_config(myself->connection->config_tree, "ClampMSS"), &choice);
|
||||
if(choice)
|
||||
myself->options |= OPTION_CLAMP_MSS;
|
||||
|
||||
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
|
||||
|
||||
#if !defined(SOL_IP) || !defined(IP_TOS)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_socket.c -- Handle various kinds of sockets.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2009 Florian Forster <octo@verplant.org>
|
||||
|
||||
|
@ -261,9 +261,13 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
|||
option = 1;
|
||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
||||
|
||||
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
||||
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||
if(sa->sa.sa_family == AF_INET6)
|
||||
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||
#endif
|
||||
|
||||
#if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
|
||||
#define IP_DONTFRAGMENT IP_DONTFRAG
|
||||
#endif
|
||||
|
||||
#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
||||
|
@ -276,6 +280,8 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
|||
option = 1;
|
||||
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, &option, sizeof(option));
|
||||
}
|
||||
#else
|
||||
#warning No way to disable IPv4 fragmentation
|
||||
#endif
|
||||
|
||||
#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
||||
|
@ -283,6 +289,13 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
|||
option = IPV6_PMTUDISC_DO;
|
||||
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option));
|
||||
}
|
||||
#elif defined(IPPROTO_IPV6) && defined(IPV6_DONTFRAG)
|
||||
if(myself->options & OPTION_PMTU_DISCOVERY) {
|
||||
option = 1;
|
||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, &option, sizeof(option));
|
||||
}
|
||||
#else
|
||||
#warning No way to disable IPv6 fragmentation
|
||||
#endif
|
||||
|
||||
if (!bind_to_interface(nfd)) {
|
||||
|
@ -331,7 +344,7 @@ void finish_connecting(connection_t *c) {
|
|||
}
|
||||
|
||||
void do_outgoing_connection(connection_t *c) {
|
||||
char *address, *port;
|
||||
char *address, *port, *space;
|
||||
int result;
|
||||
|
||||
if(!c->outgoing) {
|
||||
|
@ -352,8 +365,14 @@ begin:
|
|||
|
||||
get_config_string(c->outgoing->cfg, &address);
|
||||
|
||||
space = strchr(address, ' ');
|
||||
if(space) {
|
||||
port = xstrdup(space + 1);
|
||||
*space = 0;
|
||||
} else {
|
||||
if(!get_config_string(lookup_config(c->config_tree, "Port"), &port))
|
||||
xasprintf(&port, "655");
|
||||
port = xstrdup("655");
|
||||
}
|
||||
|
||||
c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM);
|
||||
free(address);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
node.h -- header for node.c
|
||||
Copyright (C) 2001-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -30,7 +30,7 @@
|
|||
typedef struct node_status_t {
|
||||
int unused_active:1; /* 1 if active (not used for nodes) */
|
||||
int validkey:1; /* 1 if we currently have a valid key for him */
|
||||
int waitingforkey:1; /* 1 if we already sent out a request */
|
||||
int unused_waitingforkey:1; /* 1 if we already sent out a request */
|
||||
int visited:1; /* 1 if this node has been visited by one of the graph algorithms */
|
||||
int reachable:1; /* 1 if this node is reachable in the graph */
|
||||
int indirect:1; /* 1 if this node is not directly reachable by us */
|
||||
|
@ -45,6 +45,7 @@ typedef struct node_t {
|
|||
char *hostname; /* the hostname of its real ip */
|
||||
|
||||
node_status_t status;
|
||||
time_t last_req_key;
|
||||
|
||||
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
||||
char *inkey; /* Cipher key and iv */
|
||||
|
|
|
@ -95,7 +95,7 @@ extern bool send_add_subnet(struct connection_t *, const struct subnet_t *);
|
|||
extern bool send_del_subnet(struct connection_t *, const struct subnet_t *);
|
||||
extern bool send_add_edge(struct connection_t *, const struct edge_t *);
|
||||
extern bool send_del_edge(struct connection_t *, const struct edge_t *);
|
||||
extern bool send_key_changed();
|
||||
extern void send_key_changed();
|
||||
extern bool send_req_key(struct node_t *);
|
||||
extern bool send_ans_key(struct node_t *);
|
||||
extern bool send_tcppacket(struct connection_t *, struct vpn_packet_t *);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
protocol_auth.c -- handle the meta-protocol, authentication
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -453,6 +453,11 @@ bool send_ack(connection_t *c) {
|
|||
if(myself->options & OPTION_PMTU_DISCOVERY)
|
||||
c->options |= OPTION_PMTU_DISCOVERY;
|
||||
|
||||
choice = myself->options & OPTION_CLAMP_MSS;
|
||||
get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice);
|
||||
if(choice)
|
||||
c->options |= OPTION_CLAMP_MSS;
|
||||
|
||||
get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
|
||||
|
||||
return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, c->options);
|
||||
|
@ -496,6 +501,7 @@ bool ack_h(connection_t *c) {
|
|||
int weight, mtu;
|
||||
uint32_t options;
|
||||
node_t *n;
|
||||
bool choice;
|
||||
|
||||
if(sscanf(c->buffer, "%*d " MAX_STRING " %d %x", hisport, &weight, &options) != 3) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name,
|
||||
|
@ -536,6 +542,13 @@ bool ack_h(connection_t *c) {
|
|||
if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
|
||||
n->mtu = mtu;
|
||||
|
||||
if(get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice)) {
|
||||
if(choice)
|
||||
c->options |= OPTION_CLAMP_MSS;
|
||||
else
|
||||
c->options &= ~OPTION_CLAMP_MSS;
|
||||
}
|
||||
|
||||
/* Activate this connection */
|
||||
|
||||
c->allow_request = ALL;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
protocol_key.c -- handle the meta-protocol, key exchange
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -36,15 +36,19 @@
|
|||
|
||||
bool mykeyused = false;
|
||||
|
||||
bool send_key_changed() {
|
||||
/* Only send this message if some other daemon requested our key previously.
|
||||
This reduces unnecessary key_changed broadcasts.
|
||||
*/
|
||||
void send_key_changed() {
|
||||
avl_node_t *node;
|
||||
connection_t *c;
|
||||
|
||||
if(!mykeyused)
|
||||
return true;
|
||||
send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
|
||||
|
||||
return send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
|
||||
/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
|
||||
|
||||
for(node = connection_tree->head; node; node = node->next) {
|
||||
c = node->data;
|
||||
if(c->status.active && c->node && c->node->status.reachable)
|
||||
send_ans_key(c->node);
|
||||
}
|
||||
}
|
||||
|
||||
bool key_changed_h(connection_t *c) {
|
||||
|
@ -57,6 +61,11 @@ bool key_changed_h(connection_t *c) {
|
|||
return false;
|
||||
}
|
||||
|
||||
if(!check_id(name)) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "KEY_CHANGED", c->name, c->hostname, "invalid name");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(seen_request(c->buffer))
|
||||
return true;
|
||||
|
||||
|
@ -65,11 +74,11 @@ bool key_changed_h(connection_t *c) {
|
|||
if(!n) {
|
||||
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist",
|
||||
"KEY_CHANGED", c->name, c->hostname, name);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
n->status.validkey = false;
|
||||
n->status.waitingforkey = false;
|
||||
n->last_req_key = 0;
|
||||
|
||||
/* Tell the others */
|
||||
|
||||
|
@ -94,12 +103,17 @@ bool req_key_h(connection_t *c) {
|
|||
return false;
|
||||
}
|
||||
|
||||
if(!check_id(from_name) || !check_id(to_name)) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", c->name, c->hostname, "invalid name");
|
||||
return false;
|
||||
}
|
||||
|
||||
from = lookup_node(from_name);
|
||||
|
||||
if(!from) {
|
||||
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
|
||||
"REQ_KEY", c->name, c->hostname, from_name);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
to = lookup_node(to_name);
|
||||
|
@ -107,7 +121,7 @@ bool req_key_h(connection_t *c) {
|
|||
if(!to) {
|
||||
logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
|
||||
"REQ_KEY", c->name, c->hostname, to_name);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Check if this key request is for us */
|
||||
|
@ -116,7 +130,7 @@ bool req_key_h(connection_t *c) {
|
|||
send_ans_key(from);
|
||||
} else {
|
||||
if(tunnelserver)
|
||||
return false;
|
||||
return true;
|
||||
|
||||
if(!to->status.reachable) {
|
||||
logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
|
||||
|
@ -169,23 +183,30 @@ bool ans_key_h(connection_t *c) {
|
|||
char from_name[MAX_STRING_SIZE];
|
||||
char to_name[MAX_STRING_SIZE];
|
||||
char key[MAX_STRING_SIZE];
|
||||
char address[MAX_STRING_SIZE] = "";
|
||||
char port[MAX_STRING_SIZE] = "";
|
||||
int cipher, digest, maclength, compression;
|
||||
node_t *from, *to;
|
||||
|
||||
if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d",
|
||||
if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
|
||||
from_name, to_name, key, &cipher, &digest, &maclength,
|
||||
&compression) != 7) {
|
||||
&compression, address, port) < 7) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
|
||||
c->hostname);
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!check_id(from_name) || !check_id(to_name)) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_KEY", c->name, c->hostname, "invalid name");
|
||||
return false;
|
||||
}
|
||||
|
||||
from = lookup_node(from_name);
|
||||
|
||||
if(!from) {
|
||||
logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
|
||||
"ANS_KEY", c->name, c->hostname, from_name);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
to = lookup_node(to_name);
|
||||
|
@ -193,14 +214,14 @@ bool ans_key_h(connection_t *c) {
|
|||
if(!to) {
|
||||
logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
|
||||
"ANS_KEY", c->name, c->hostname, to_name);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Forward it if necessary */
|
||||
|
||||
if(to != myself) {
|
||||
if(tunnelserver)
|
||||
return false;
|
||||
return true;
|
||||
|
||||
if(!to->status.reachable) {
|
||||
logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
|
||||
|
@ -208,6 +229,16 @@ bool ans_key_h(connection_t *c) {
|
|||
return true;
|
||||
}
|
||||
|
||||
if(!*address) {
|
||||
char *address, *port;
|
||||
ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
|
||||
sockaddr2str(&from->address, &address, &port);
|
||||
send_request(to->nexthop->connection, "%s %s %s", c->buffer, address, port);
|
||||
free(address);
|
||||
free(port);
|
||||
return true;
|
||||
}
|
||||
|
||||
return send_request(to->nexthop->connection, "%s", c->buffer);
|
||||
}
|
||||
|
||||
|
@ -218,7 +249,6 @@ bool ans_key_h(connection_t *c) {
|
|||
from->outkeylength = strlen(key) / 2;
|
||||
hex2bin(key, from->outkey, from->outkeylength);
|
||||
|
||||
from->status.waitingforkey = false;
|
||||
/* Check and lookup cipher and digest algorithms */
|
||||
|
||||
if(cipher) {
|
||||
|
@ -227,13 +257,13 @@ bool ans_key_h(connection_t *c) {
|
|||
if(!from->outcipher) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name,
|
||||
from->hostname);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
||||
from->hostname);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
from->outcipher = NULL;
|
||||
|
@ -247,13 +277,13 @@ bool ans_key_h(connection_t *c) {
|
|||
if(!from->outdigest) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name,
|
||||
from->hostname);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
||||
from->name, from->hostname);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
from->outdigest = NULL;
|
||||
|
@ -261,7 +291,7 @@ bool ans_key_h(connection_t *c) {
|
|||
|
||||
if(compression < 0 || compression > 11) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
from->outcompression = compression;
|
||||
|
@ -270,12 +300,18 @@ bool ans_key_h(connection_t *c) {
|
|||
if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
|
||||
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
||||
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
from->status.validkey = true;
|
||||
from->sent_seqno = 0;
|
||||
|
||||
if(*address && *port) {
|
||||
ifdebug(PROTOCOL) logger(LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
|
||||
sockaddr_t sa = str2sockaddr(address, port);
|
||||
update_node_udp(from, &sa);
|
||||
}
|
||||
|
||||
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
|
||||
send_mtu_probe(from);
|
||||
|
||||
|
|
95
src/route.c
95
src/route.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
route.c -- routing
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -48,6 +48,7 @@ static const size_t ip6_size = sizeof(struct ip6_hdr);
|
|||
static const size_t icmp6_size = sizeof(struct icmp6_hdr);
|
||||
static const size_t ns_size = sizeof(struct nd_neighbor_solicit);
|
||||
static const size_t opt_size = sizeof(struct nd_opt_hdr);
|
||||
#define max(a, b) ((a) > (b) ? (a) : (b))
|
||||
|
||||
/* RFC 1071 */
|
||||
|
||||
|
@ -92,6 +93,74 @@ static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) {
|
|||
return true;
|
||||
}
|
||||
|
||||
static void clamp_mss(const node_t *source, const node_t *via, vpn_packet_t *packet) {
|
||||
if(!via || via == myself || !(via->options & OPTION_CLAMP_MSS))
|
||||
return;
|
||||
|
||||
/* Find TCP header */
|
||||
int start = 0;
|
||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||
|
||||
if(type == ETH_P_IP && packet->data[23] == 6)
|
||||
start = 14 + (packet->data[14] & 0xf) * 4;
|
||||
else if(type == ETH_P_IPV6 && packet->data[20] == 6)
|
||||
start = 14 + 40;
|
||||
|
||||
if(!start || packet->len <= start + 20)
|
||||
return;
|
||||
|
||||
/* Use data offset field to calculate length of options field */
|
||||
int len = ((packet->data[start + 12] >> 4) - 5) * 4;
|
||||
|
||||
if(packet->len < start + 20 + len)
|
||||
return;
|
||||
|
||||
/* Search for MSS option header */
|
||||
for(int i = 0; i < len;) {
|
||||
if(packet->data[start + 20 + i] == 0)
|
||||
break;
|
||||
|
||||
if(packet->data[start + 20 + i] == 1) {
|
||||
i++;
|
||||
continue;
|
||||
}
|
||||
|
||||
if(i > len - 2 || i > len - packet->data[start + 21 + i])
|
||||
break;
|
||||
|
||||
if(packet->data[start + 20 + i] != 2) {
|
||||
if(packet->data[start + 21 + i] < 2)
|
||||
break;
|
||||
i += packet->data[start + 21 + i];
|
||||
continue;
|
||||
}
|
||||
|
||||
if(packet->data[start + 21] != 4)
|
||||
break;
|
||||
|
||||
/* Found it */
|
||||
uint16_t oldmss = packet->data[start + 22 + i] << 8 | packet->data[start + 23 + i];
|
||||
uint16_t newmss = via->mtu - start - 20;
|
||||
uint16_t csum = packet->data[start + 16] << 8 | packet->data[start + 17];
|
||||
|
||||
if(oldmss <= newmss)
|
||||
break;
|
||||
|
||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Clamping MSS of packet from %s to %s to %d", source->name, via->name, newmss);
|
||||
|
||||
/* Update the MSS value and the checksum */
|
||||
packet->data[start + 22 + i] = newmss >> 8;
|
||||
packet->data[start + 23 + i] = newmss & 0xff;
|
||||
csum ^= 0xffff;
|
||||
csum -= oldmss;
|
||||
csum += newmss;
|
||||
csum ^= 0xffff;
|
||||
packet->data[start + 16] = csum >> 8;
|
||||
packet->data[start + 17] = csum & 0xff;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void swap_mac_addresses(vpn_packet_t *packet) {
|
||||
mac_t tmp;
|
||||
memcpy(&tmp, &packet->data[0], sizeof tmp);
|
||||
|
@ -104,7 +173,7 @@ static void learn_mac(mac_t *address) {
|
|||
avl_node_t *node;
|
||||
connection_t *c;
|
||||
|
||||
subnet = lookup_subnet_mac(address);
|
||||
subnet = lookup_subnet_mac(myself, address);
|
||||
|
||||
/* If we don't know this MAC address yet, store it */
|
||||
|
||||
|
@ -119,6 +188,7 @@ static void learn_mac(mac_t *address) {
|
|||
subnet->net.mac.address = *address;
|
||||
subnet->weight = 10;
|
||||
subnet_add(myself, subnet);
|
||||
subnet_update(myself, subnet, true);
|
||||
|
||||
/* And tell all other tinc daemons it's our MAC */
|
||||
|
||||
|
@ -154,6 +224,7 @@ void age_subnets(void) {
|
|||
send_del_subnet(c, s);
|
||||
}
|
||||
|
||||
subnet_update(myself, s, false);
|
||||
subnet_del(myself, s);
|
||||
}
|
||||
}
|
||||
|
@ -315,10 +386,10 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
|
|||
|
||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||
|
||||
if(via && packet->len > via->mtu && via != myself) {
|
||||
if(via && packet->len > max(via->mtu, 590) && via != myself) {
|
||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||
if(packet->data[20] & 0x40) {
|
||||
packet->len = via->mtu;
|
||||
packet->len = max(via->mtu, 590);
|
||||
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
|
||||
} else {
|
||||
fragment_ipv4_packet(via, packet);
|
||||
|
@ -327,6 +398,8 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) {
|
|||
return;
|
||||
}
|
||||
|
||||
clamp_mss(source, via, packet);
|
||||
|
||||
send_packet(subnet->owner, packet);
|
||||
}
|
||||
|
||||
|
@ -458,13 +531,15 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
|
|||
|
||||
via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
|
||||
|
||||
if(via && packet->len > via->mtu && via != myself) {
|
||||
if(via && packet->len > max(via->mtu, 1294) && via != myself) {
|
||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||
packet->len = via->mtu;
|
||||
packet->len = max(via->mtu, 1294);
|
||||
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
|
||||
return;
|
||||
}
|
||||
|
||||
clamp_mss(source, via, packet);
|
||||
|
||||
send_packet(subnet->owner, packet);
|
||||
}
|
||||
|
||||
|
@ -705,7 +780,7 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
|||
/* Lookup destination address */
|
||||
|
||||
memcpy(&dest, &packet->data[0], sizeof dest);
|
||||
subnet = lookup_subnet_mac(&dest);
|
||||
subnet = lookup_subnet_mac(NULL, &dest);
|
||||
|
||||
if(!subnet) {
|
||||
broadcast_packet(source, packet);
|
||||
|
@ -724,7 +799,7 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
|||
if(via && packet->len > via->mtu && via != myself) {
|
||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Packet for %s (%s) length %d larger than MTU %d", subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu);
|
||||
uint16_t type = packet->data[12] << 8 | packet->data[13];
|
||||
if(type == ETH_P_IP) {
|
||||
if(type == ETH_P_IP && packet->len > 590) {
|
||||
if(packet->data[20] & 0x40) {
|
||||
packet->len = via->mtu;
|
||||
route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED);
|
||||
|
@ -732,13 +807,15 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
|
|||
fragment_ipv4_packet(via, packet);
|
||||
}
|
||||
return;
|
||||
} else if(type == ETH_P_IPV6) {
|
||||
} else if(type == ETH_P_IPV6 && packet->len > 1294) {
|
||||
packet->len = via->mtu;
|
||||
route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
clamp_mss(source, via, packet);
|
||||
|
||||
send_packet(subnet->owner, packet);
|
||||
}
|
||||
|
||||
|
|
40
src/subnet.c
40
src/subnet.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
subnet.c -- handle subnet lookups and lists
|
||||
Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -329,8 +329,8 @@ subnet_t *lookup_subnet(const node_t *owner, const subnet_t *subnet) {
|
|||
return avl_search(owner->subnet_tree, subnet);
|
||||
}
|
||||
|
||||
subnet_t *lookup_subnet_mac(const mac_t *address) {
|
||||
subnet_t *p, *r = NULL, subnet = {0};
|
||||
subnet_t *lookup_subnet_mac(const node_t *owner, const mac_t *address) {
|
||||
subnet_t *p, *r = NULL;
|
||||
avl_node_t *n;
|
||||
int i;
|
||||
|
||||
|
@ -339,20 +339,18 @@ subnet_t *lookup_subnet_mac(const mac_t *address) {
|
|||
for(i = 0; i < 2; i++) {
|
||||
if(!cache_mac_valid[i])
|
||||
continue;
|
||||
if(owner && cache_mac_subnet[i] && cache_mac_subnet[i]->owner != owner)
|
||||
continue;
|
||||
if(!memcmp(address, &cache_mac_address[i], sizeof *address))
|
||||
return cache_mac_subnet[i];
|
||||
}
|
||||
|
||||
// Search all subnets for a matching one
|
||||
|
||||
subnet.type = SUBNET_MAC;
|
||||
subnet.net.mac.address = *address;
|
||||
subnet.owner = NULL;
|
||||
|
||||
for(n = subnet_tree->head; n; n = n->next) {
|
||||
for(n = owner ? owner->subnet_tree->head : subnet_tree->head; n; n = n->next) {
|
||||
p = n->data;
|
||||
|
||||
if(!p || p->type != subnet.type)
|
||||
if(!p || p->type != SUBNET_MAC)
|
||||
continue;
|
||||
|
||||
if(!memcmp(address, &p->net.mac.address, sizeof *address)) {
|
||||
|
@ -373,7 +371,7 @@ subnet_t *lookup_subnet_mac(const mac_t *address) {
|
|||
}
|
||||
|
||||
subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
||||
subnet_t *p, *r = NULL, subnet = {0};
|
||||
subnet_t *p, *r = NULL;
|
||||
avl_node_t *n;
|
||||
int i;
|
||||
|
||||
|
@ -388,15 +386,10 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
|||
|
||||
// Search all subnets for a matching one
|
||||
|
||||
subnet.type = SUBNET_IPV4;
|
||||
subnet.net.ipv4.address = *address;
|
||||
subnet.net.ipv4.prefixlength = 32;
|
||||
subnet.owner = NULL;
|
||||
|
||||
for(n = subnet_tree->head; n; n = n->next) {
|
||||
p = n->data;
|
||||
|
||||
if(!p || p->type != subnet.type)
|
||||
if(!p || p->type != SUBNET_IPV4)
|
||||
continue;
|
||||
|
||||
if(!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength)) {
|
||||
|
@ -417,7 +410,7 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) {
|
|||
}
|
||||
|
||||
subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
|
||||
subnet_t *p, *r = NULL, subnet = {0};
|
||||
subnet_t *p, *r = NULL;
|
||||
avl_node_t *n;
|
||||
int i;
|
||||
|
||||
|
@ -432,15 +425,10 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) {
|
|||
|
||||
// Search all subnets for a matching one
|
||||
|
||||
subnet.type = SUBNET_IPV6;
|
||||
subnet.net.ipv6.address = *address;
|
||||
subnet.net.ipv6.prefixlength = 128;
|
||||
subnet.owner = NULL;
|
||||
|
||||
for(n = subnet_tree->head; n; n = n->next) {
|
||||
p = n->data;
|
||||
|
||||
if(!p || p->type != subnet.type)
|
||||
if(!p || p->type != SUBNET_IPV6)
|
||||
continue;
|
||||
|
||||
if(!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength)) {
|
||||
|
@ -490,7 +478,7 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
|
|||
if(!net2str(netstr, sizeof netstr, subnet))
|
||||
continue;
|
||||
// Strip the weight from the subnet, and put it in its own environment variable
|
||||
char *weight = strchr(netstr + 7, '#');
|
||||
char *weight = strchr(netstr, '#');
|
||||
if(weight)
|
||||
*weight++ = 0;
|
||||
else
|
||||
|
@ -507,9 +495,9 @@ void subnet_update(node_t *owner, subnet_t *subnet, bool up) {
|
|||
execute_script(name, envp);
|
||||
}
|
||||
} else {
|
||||
if(net2str(netstr + 7, sizeof netstr - 7, subnet)) {
|
||||
if(net2str(netstr, sizeof netstr, subnet)) {
|
||||
// Strip the weight from the subnet, and put it in its own environment variable
|
||||
char *weight = strchr(netstr + 7, '#');
|
||||
char *weight = strchr(netstr, '#');
|
||||
if(weight)
|
||||
*weight++ = 0;
|
||||
else
|
||||
|
|
|
@ -77,7 +77,7 @@ extern void subnet_update(struct node_t *, subnet_t *, bool);
|
|||
extern bool net2str(char *, int, const subnet_t *);
|
||||
extern bool str2net(subnet_t *, const char *);
|
||||
extern subnet_t *lookup_subnet(const struct node_t *, const subnet_t *);
|
||||
extern subnet_t *lookup_subnet_mac(const mac_t *);
|
||||
extern subnet_t *lookup_subnet_mac(const struct node_t *, const mac_t *);
|
||||
extern subnet_t *lookup_subnet_ipv4(const ipv4_t *);
|
||||
extern subnet_t *lookup_subnet_ipv6(const ipv6_t *);
|
||||
extern void dump_subnets(void);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
tincd.c -- the main file for tincd
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2008 Max Rijevski <maksuf@gmail.com>
|
||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||
|
||||
|
@ -500,7 +500,7 @@ int main(int argc, char **argv) {
|
|||
if(show_version) {
|
||||
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
||||
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
||||
printf("Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||
printf("Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||
"See the AUTHORS file for a complete list.\n\n"
|
||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||
"and you are welcome to redistribute it under certain conditions;\n"
|
||||
|
|
Loading…
Reference in a new issue