Import Debian changes 1.0.24-1
tinc (1.0.24-1) unstable; urgency=medium [ Guus Sliepen ] * New upstream release * Add a debian/watch file. * Bump Standards-Version. [ Gian Piero Carrubba ] * Allow resource limits to be set in /etc/default/tinc. Closes: #690685, #704702
This commit is contained in:
commit
cce24e0be4
52 changed files with 1463 additions and 342 deletions
52
ChangeLog
52
ChangeLog
|
@ -1,3 +1,55 @@
|
||||||
|
Version 1.0.24 May 11 2014
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Guus Sliepen (26):
|
||||||
|
Mention in the manual that multiple Address staments are allowed.
|
||||||
|
If no Port is specified, set myport to actual port of first listening socket.
|
||||||
|
Enable compiler hardening flags by default.
|
||||||
|
Update support for Solaris.
|
||||||
|
Include <limits.h> for PATH_MAX.
|
||||||
|
Stricter check for raw socket support.
|
||||||
|
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||||
|
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||||
|
Don't enable -fstack-protector-all.
|
||||||
|
Remove or lower the priority of some debug messages.
|
||||||
|
Clarify StrictSubnets.
|
||||||
|
Attribution for various contributors.
|
||||||
|
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||||
|
Remove useless variable 'hard' from try_harder().
|
||||||
|
Merge pull request #14 from luckyhacky/master
|
||||||
|
Add an autoconf check for res_init().
|
||||||
|
Nexthop calculation should always use the shortest path.
|
||||||
|
Fix issues found by Coverity.
|
||||||
|
Fix warnings found by GCC 4.9.
|
||||||
|
Fix a few more issues found by Coverity.
|
||||||
|
Fix a few more issues found by Coverity.
|
||||||
|
Drop h and hh length modifiers from printf format strings.
|
||||||
|
Fix a bug that could prevent tinc from starting correctly on Windows.
|
||||||
|
FIx the autoconf checks for res_init().
|
||||||
|
Remove the warnings when IP_DONTFRAGMENT/IPV6-DONTFRAG is not supported.
|
||||||
|
Releasing 1.0.24.
|
||||||
|
|
||||||
|
Steffan Karger (3):
|
||||||
|
Use constant time memcmp() when comparing packet HMACs.
|
||||||
|
Use cryptographically strong random when generating keys.
|
||||||
|
Check RAND_bytes() return value, fail when getting random fails.
|
||||||
|
|
||||||
|
Florent Clairambault (2):
|
||||||
|
Adding "conf.d" configuration dir support.
|
||||||
|
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||||
|
|
||||||
|
Armin Fisslthaler (1):
|
||||||
|
reload /etc/resolv.conf in SIGALRM handler
|
||||||
|
|
||||||
|
Loic Dachary (1):
|
||||||
|
fix documentation typo
|
||||||
|
|
||||||
|
Vilbrekin (1):
|
||||||
|
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||||
|
|
||||||
|
luckyhacky (1):
|
||||||
|
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||||
|
|
||||||
Version 1.0.23 October 19 2013
|
Version 1.0.23 October 19 2013
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
4
INSTALL
4
INSTALL
|
@ -12,8 +12,8 @@ without warranty of any kind.
|
||||||
Basic Installation
|
Basic Installation
|
||||||
==================
|
==================
|
||||||
|
|
||||||
Briefly, the shell commands `./configure; make; make install' should
|
Briefly, the shell command `./configure && make && make install'
|
||||||
configure, build, and install this package. The following
|
should configure, build, and install this package. The following
|
||||||
more-detailed instructions are generic; see the `README' file for
|
more-detailed instructions are generic; see the `README' file for
|
||||||
instructions specific to this package. Some packages provide this
|
instructions specific to this package. Some packages provide this
|
||||||
`INSTALL' file but do not implement all of the features documented
|
`INSTALL' file but do not implement all of the features documented
|
||||||
|
|
11
Makefile.in
11
Makefile.in
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.14 from Makefile.am.
|
# Makefile.in generated by automake 1.14.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
||||||
|
@ -85,8 +85,10 @@ DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \
|
||||||
config.sub depcomp install-sh missing
|
config.sub depcomp install-sh missing
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
|
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
$(ACLOCAL_M4)
|
$(ACLOCAL_M4)
|
||||||
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
|
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
|
||||||
|
@ -592,9 +594,10 @@ distcheck: dist
|
||||||
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
|
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
|
||||||
&& am__cwd=`pwd` \
|
&& am__cwd=`pwd` \
|
||||||
&& $(am__cd) $(distdir)/_build \
|
&& $(am__cd) $(distdir)/_build \
|
||||||
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
|
&& ../configure \
|
||||||
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
|
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
|
||||||
$(DISTCHECK_CONFIGURE_FLAGS) \
|
$(DISTCHECK_CONFIGURE_FLAGS) \
|
||||||
|
--srcdir=.. --prefix="$$dc_install_base" \
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) \
|
&& $(MAKE) $(AM_MAKEFLAGS) \
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
|
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
|
||||||
&& $(MAKE) $(AM_MAKEFLAGS) check \
|
&& $(MAKE) $(AM_MAKEFLAGS) check \
|
||||||
|
|
23
NEWS
23
NEWS
|
@ -1,3 +1,26 @@
|
||||||
|
Version 1.0.24 May 11 2013
|
||||||
|
|
||||||
|
* Various compiler hardening flags are enabled by default.
|
||||||
|
|
||||||
|
* Updated support for Solaris, allowing switch mode on Solaris 11.
|
||||||
|
|
||||||
|
* Configuration will now also be read from a conf.d directory.
|
||||||
|
|
||||||
|
* Various updates to the documentation.
|
||||||
|
|
||||||
|
* Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.
|
||||||
|
|
||||||
|
* Fixed a potential routing loop when IndirectData or TCPOnly is used and
|
||||||
|
broadcast packets are being sent.
|
||||||
|
|
||||||
|
* Improved security with constant time memcmp and stricter use of OpenSSL's
|
||||||
|
RNG functions.
|
||||||
|
|
||||||
|
* Fixed all issues found by Coverity.
|
||||||
|
|
||||||
|
Thanks to Florent Clairambault, Vilbrekin, luckyhacky, Armin Fisslthaler, Loïc
|
||||||
|
Dachary and Steffan Karger for their contributions to this version of tinc.
|
||||||
|
|
||||||
Version 1.0.23 October 19 2013
|
Version 1.0.23 October 19 2013
|
||||||
|
|
||||||
* Start authentication immediately on outgoing connections (useful for sslh).
|
* Start authentication immediately on outgoing connections (useful for sslh).
|
||||||
|
|
6
README
6
README
|
@ -1,7 +1,7 @@
|
||||||
This is the README file for tinc version 1.0.23. Installation
|
This is the README file for tinc version 1.0.24. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2013 by:
|
tinc is Copyright (C) 1998-2014 by:
|
||||||
|
|
||||||
Ivo Timmermans,
|
Ivo Timmermans,
|
||||||
Guus Sliepen <guus@tinc-vpn.org>,
|
Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Version 1.0.23 is compatible with 1.0pre8, 1.0 and later, but not with older
|
Version 1.0.24 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||||
versions of tinc.
|
versions of tinc.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
Quick how-o cross compile tinc for android (done from $HOME/android/):
|
Quick how-to cross compile tinc for android (done from $HOME/android/):
|
||||||
|
|
||||||
- Download android NDK and setup local ARM toolchain:
|
- Download android NDK and setup local ARM toolchain:
|
||||||
wget http://dl.google.com/android/ndk/android-ndk-r8b-linux-x86.tar.bz2
|
wget http://dl.google.com/android/ndk/android-ndk-r9d-linux-x86.tar.bz2
|
||||||
tar xfj android-ndk-r8b-linux-x86.tar.bz2
|
tar xfj android-ndk-r9d-linux-x86.tar.bz2
|
||||||
./android-ndk-r8b/build/tools/make-standalone-toolchain.sh --platform=android-5 --install-dir=/tmp/my-android-toolchain
|
./android-ndk-r9d/build/tools/make-standalone-toolchain.sh --platform=android-5 --install-dir=/tmp/my-android-toolchain
|
||||||
|
|
||||||
- Download and cross-compile openSSL for ARM:
|
- Download and cross-compile openSSL for ARM:
|
||||||
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
|
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
|
||||||
tar xfz openssl-1.0.1c.tar.gz
|
tar xfz openssl-1.0.1g.tar.gz
|
||||||
cd openssl-1.0.1c
|
cd openssl-1.0.1g
|
||||||
./Configure dist
|
./Configure dist
|
||||||
make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib
|
make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib
|
||||||
|
|
||||||
|
@ -16,5 +16,9 @@ make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-andr
|
||||||
git clone git://tinc-vpn.org/tinc
|
git clone git://tinc-vpn.org/tinc
|
||||||
cd tinc
|
cd tinc
|
||||||
autoreconf -fsi
|
autoreconf -fsi
|
||||||
CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc ./configure --host=arm-linux --disable-lzo --with-openssl-lib=$HOME/android/openssl-1.0.1c --with-openssl-include=$HOME/android/openssl-1.0.1c/include/
|
CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc ./configure --host=arm-linux --disable-lzo --with-openssl-lib=$HOME/android/openssl-1.0.1g --with-openssl-include=$HOME/android/openssl-1.0.1g/include/ --disable-hardening
|
||||||
make -j5
|
make -j5
|
||||||
|
|
||||||
|
- Strip tincd binary to make it smaller
|
||||||
|
/tmp/my-android-toolchain/bin/arm-linux-androideabi-strip src/tincd
|
||||||
|
|
||||||
|
|
10
THANKS
10
THANKS
|
@ -4,6 +4,7 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Allesandro Gatti
|
* Allesandro Gatti
|
||||||
* Andreas van Cranenburgh
|
* Andreas van Cranenburgh
|
||||||
* Anthony G. Basile
|
* Anthony G. Basile
|
||||||
|
* Armin Fisslthaler
|
||||||
* Armijn Hemel
|
* Armijn Hemel
|
||||||
* Brandon Black
|
* Brandon Black
|
||||||
* Cris van Pelt
|
* Cris van Pelt
|
||||||
|
@ -11,10 +12,13 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Delf Eldkraft
|
* Delf Eldkraft
|
||||||
* dnk
|
* dnk
|
||||||
* Enrique Zanardi
|
* Enrique Zanardi
|
||||||
|
* Florent Clairambault
|
||||||
* Flynn Marquardt
|
* Flynn Marquardt
|
||||||
|
* Gary Kessler and Claudia Gonzalez
|
||||||
* Grzegorz Dymarek
|
* Grzegorz Dymarek
|
||||||
* Hans Bayle
|
* Hans Bayle
|
||||||
* Ivo van Dong
|
* Ivo van Dong
|
||||||
|
* James Cook
|
||||||
* James MacLean
|
* James MacLean
|
||||||
* Jamie Briggs
|
* Jamie Briggs
|
||||||
* Jason Harper
|
* Jason Harper
|
||||||
|
@ -22,11 +26,14 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Jeroen Ubbink
|
* Jeroen Ubbink
|
||||||
* Jerome Etienne
|
* Jerome Etienne
|
||||||
* Julien Muchembled
|
* Julien Muchembled
|
||||||
|
* Lavrans Laading
|
||||||
|
* Loïc Dachary
|
||||||
* Loïc Grenié
|
* Loïc Grenié
|
||||||
* Lubomír Bulej
|
* Lubomír Bulej
|
||||||
* Mads Kiilerich
|
* Mads Kiilerich
|
||||||
* Marc A. Lehmann
|
* Marc A. Lehmann
|
||||||
* Mark Glines
|
* Mark Glines
|
||||||
|
* Mark Petryk
|
||||||
* Markus Goetz
|
* Markus Goetz
|
||||||
* Martin Kihlgren
|
* Martin Kihlgren
|
||||||
* Martin Schobert
|
* Martin Schobert
|
||||||
|
@ -44,6 +51,7 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Robert van der Meulen
|
* Robert van der Meulen
|
||||||
* Rumko
|
* Rumko
|
||||||
* Scott Lamb
|
* Scott Lamb
|
||||||
|
* Steffan Karger
|
||||||
* Sven-Haegar Koch
|
* Sven-Haegar Koch
|
||||||
* Teemu Kiviniemi
|
* Teemu Kiviniemi
|
||||||
* Timothy Redaelli
|
* Timothy Redaelli
|
||||||
|
@ -52,7 +60,7 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Wessel Dankers
|
* Wessel Dankers
|
||||||
* Wouter van Heyst
|
* Wouter van Heyst
|
||||||
|
|
||||||
And everyone we forgot. Thank you!
|
And everyone we forgot (if we did, please let us know). Thank you!
|
||||||
|
|
||||||
Ivo Timmermans
|
Ivo Timmermans
|
||||||
Guus Sliepen
|
Guus Sliepen
|
||||||
|
|
11
aclocal.m4
vendored
11
aclocal.m4
vendored
|
@ -1,4 +1,4 @@
|
||||||
# generated automatically by aclocal 1.14 -*- Autoconf -*-
|
# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
|
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
||||||
[am__api_version='1.14'
|
[am__api_version='1.14'
|
||||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||||
dnl require some minimum version. Point them to the right macro.
|
dnl require some minimum version. Point them to the right macro.
|
||||||
m4_if([$1], [1.14], [],
|
m4_if([$1], [1.14.1], [],
|
||||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -51,7 +51,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
||||||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||||
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
||||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||||
[AM_AUTOMAKE_VERSION([1.14])dnl
|
[AM_AUTOMAKE_VERSION([1.14.1])dnl
|
||||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||||
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||||
|
@ -573,7 +573,8 @@ to "yes", and re-run configure.
|
||||||
END
|
END
|
||||||
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
|
AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
|
||||||
fi
|
fi
|
||||||
fi])
|
fi
|
||||||
|
])
|
||||||
|
|
||||||
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
|
dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
|
||||||
dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
|
dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
|
||||||
|
@ -1184,6 +1185,8 @@ AC_SUBST([am__untar])
|
||||||
]) # _AM_PROG_TAR
|
]) # _AM_PROG_TAR
|
||||||
|
|
||||||
m4_include([m4/attribute.m4])
|
m4_include([m4/attribute.m4])
|
||||||
|
m4_include([m4/ax_check_compile_flag.m4])
|
||||||
|
m4_include([m4/ax_check_link_flag.m4])
|
||||||
m4_include([m4/lzo.m4])
|
m4_include([m4/lzo.m4])
|
||||||
m4_include([m4/openssl.m4])
|
m4_include([m4/openssl.m4])
|
||||||
m4_include([m4/zlib.m4])
|
m4_include([m4/zlib.m4])
|
||||||
|
|
10
config.h.in
10
config.h.in
|
@ -15,6 +15,9 @@
|
||||||
/* Define to 1 if you have the <arpa/inet.h> header file. */
|
/* Define to 1 if you have the <arpa/inet.h> header file. */
|
||||||
#undef HAVE_ARPA_INET_H
|
#undef HAVE_ARPA_INET_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <arpa/nameser.h> header file. */
|
||||||
|
#undef HAVE_ARPA_NAMESER_H
|
||||||
|
|
||||||
/* Define to 1 if you have the `asprintf' function. */
|
/* Define to 1 if you have the `asprintf' function. */
|
||||||
#undef HAVE_ASPRINTF
|
#undef HAVE_ASPRINTF
|
||||||
|
|
||||||
|
@ -46,6 +49,10 @@
|
||||||
don't. */
|
don't. */
|
||||||
#undef HAVE_DECL_GETNAMEINFO
|
#undef HAVE_DECL_GETNAMEINFO
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of `res_init', and to 0 if you
|
||||||
|
don't. */
|
||||||
|
#undef HAVE_DECL_RES_INIT
|
||||||
|
|
||||||
/* Define to 1 if you have the <dirent.h> header file. */
|
/* Define to 1 if you have the <dirent.h> header file. */
|
||||||
#undef HAVE_DIRENT_H
|
#undef HAVE_DIRENT_H
|
||||||
|
|
||||||
|
@ -211,6 +218,9 @@
|
||||||
/* Define to 1 if you have the `RAND_pseudo_bytes' function. */
|
/* Define to 1 if you have the `RAND_pseudo_bytes' function. */
|
||||||
#undef HAVE_RAND_PSEUDO_BYTES
|
#undef HAVE_RAND_PSEUDO_BYTES
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <resolv.h> header file. */
|
||||||
|
#undef HAVE_RESOLV_H
|
||||||
|
|
||||||
/* Define to 1 if you have the `select' function. */
|
/* Define to 1 if you have the `select' function. */
|
||||||
#undef HAVE_SELECT
|
#undef HAVE_SELECT
|
||||||
|
|
||||||
|
|
476
configure
vendored
476
configure
vendored
|
@ -1,6 +1,6 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.23.
|
# Generated by GNU Autoconf 2.69 for tinc 1.0.24.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
||||||
|
@ -577,8 +577,8 @@ MAKEFLAGS=
|
||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='tinc'
|
PACKAGE_NAME='tinc'
|
||||||
PACKAGE_TARNAME='tinc'
|
PACKAGE_TARNAME='tinc'
|
||||||
PACKAGE_VERSION='1.0.23'
|
PACKAGE_VERSION='1.0.24'
|
||||||
PACKAGE_STRING='tinc 1.0.23'
|
PACKAGE_STRING='tinc 1.0.24'
|
||||||
PACKAGE_BUGREPORT=''
|
PACKAGE_BUGREPORT=''
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
|
@ -745,6 +745,7 @@ enable_uml
|
||||||
enable_vde
|
enable_vde
|
||||||
enable_tunemu
|
enable_tunemu
|
||||||
with_windows2000
|
with_windows2000
|
||||||
|
enable_hardening
|
||||||
enable_zlib
|
enable_zlib
|
||||||
with_zlib
|
with_zlib
|
||||||
with_zlib_include
|
with_zlib_include
|
||||||
|
@ -1307,7 +1308,7 @@ if test "$ac_init_help" = "long"; then
|
||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures tinc 1.0.23 to adapt to many kinds of systems.
|
\`configure' configures tinc 1.0.24 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
|
@ -1377,7 +1378,7 @@ fi
|
||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of tinc 1.0.23:";;
|
short | recursive ) echo "Configuration of tinc 1.0.24:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
|
@ -1397,15 +1398,16 @@ Optional Features:
|
||||||
--enable-uml enable support for User Mode Linux
|
--enable-uml enable support for User Mode Linux
|
||||||
--enable-vde enable support for Virtual Distributed Ethernet
|
--enable-vde enable support for Virtual Distributed Ethernet
|
||||||
--enable-tunemu enable support for the tunemu driver
|
--enable-tunemu enable support for the tunemu driver
|
||||||
|
--disable-hardening disable compiler and linker hardening flags
|
||||||
--disable-zlib disable zlib compression support
|
--disable-zlib disable zlib compression support
|
||||||
--disable-lzo disable lzo compression support
|
--disable-lzo disable lzo compression support
|
||||||
--disable-jumbograms enable support for jumbograms (packets up to 9000
|
--enable-jumbograms enable support for jumbograms (packets up to 9000
|
||||||
bytes)
|
bytes)
|
||||||
|
|
||||||
Optional Packages:
|
Optional Packages:
|
||||||
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||||||
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
|
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
|
||||||
--without-windows2000 compile with support for Windows 2000. This disables
|
--with-windows2000 compile with support for Windows 2000. This disables
|
||||||
support for tunneling over existing IPv6 networks.
|
support for tunneling over existing IPv6 networks.
|
||||||
--with-zlib=DIR zlib base directory, or:
|
--with-zlib=DIR zlib base directory, or:
|
||||||
--with-zlib-include=DIR zlib headers directory
|
--with-zlib-include=DIR zlib headers directory
|
||||||
|
@ -1495,7 +1497,7 @@ fi
|
||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
tinc configure 1.0.23
|
tinc configure 1.0.24
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
|
@ -1744,6 +1746,52 @@ $as_echo "$ac_res" >&6; }
|
||||||
|
|
||||||
} # ac_fn_c_check_header_compile
|
} # ac_fn_c_check_header_compile
|
||||||
|
|
||||||
|
# ac_fn_c_try_link LINENO
|
||||||
|
# -----------------------
|
||||||
|
# Try to link conftest.$ac_ext, and return whether this succeeded.
|
||||||
|
ac_fn_c_try_link ()
|
||||||
|
{
|
||||||
|
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
|
||||||
|
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||||
|
if { { ac_try="$ac_link"
|
||||||
|
case "(($ac_try" in
|
||||||
|
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||||
|
*) ac_try_echo=$ac_try;;
|
||||||
|
esac
|
||||||
|
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
||||||
|
$as_echo "$ac_try_echo"; } >&5
|
||||||
|
(eval "$ac_link") 2>conftest.err
|
||||||
|
ac_status=$?
|
||||||
|
if test -s conftest.err; then
|
||||||
|
grep -v '^ *+' conftest.err >conftest.er1
|
||||||
|
cat conftest.er1 >&5
|
||||||
|
mv -f conftest.er1 conftest.err
|
||||||
|
fi
|
||||||
|
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||||
|
test $ac_status = 0; } && {
|
||||||
|
test -z "$ac_c_werror_flag" ||
|
||||||
|
test ! -s conftest.err
|
||||||
|
} && test -s conftest$ac_exeext && {
|
||||||
|
test "$cross_compiling" = yes ||
|
||||||
|
test -x conftest$ac_exeext
|
||||||
|
}; then :
|
||||||
|
ac_retval=0
|
||||||
|
else
|
||||||
|
$as_echo "$as_me: failed program was:" >&5
|
||||||
|
sed 's/^/| /' conftest.$ac_ext >&5
|
||||||
|
|
||||||
|
ac_retval=1
|
||||||
|
fi
|
||||||
|
# Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
|
||||||
|
# created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
|
||||||
|
# interfere with the next link command; also delete a directory that is
|
||||||
|
# left behind by Apple's compiler. We do this before executing the actions.
|
||||||
|
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
||||||
|
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
|
||||||
|
as_fn_set_status $ac_retval
|
||||||
|
|
||||||
|
} # ac_fn_c_try_link
|
||||||
|
|
||||||
# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
|
# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
|
||||||
# -------------------------------------------
|
# -------------------------------------------
|
||||||
# Tests whether TYPE exists after having included INCLUDES, setting cache
|
# Tests whether TYPE exists after having included INCLUDES, setting cache
|
||||||
|
@ -1798,52 +1846,6 @@ $as_echo "$ac_res" >&6; }
|
||||||
|
|
||||||
} # ac_fn_c_check_type
|
} # ac_fn_c_check_type
|
||||||
|
|
||||||
# ac_fn_c_try_link LINENO
|
|
||||||
# -----------------------
|
|
||||||
# Try to link conftest.$ac_ext, and return whether this succeeded.
|
|
||||||
ac_fn_c_try_link ()
|
|
||||||
{
|
|
||||||
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
|
|
||||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
|
||||||
if { { ac_try="$ac_link"
|
|
||||||
case "(($ac_try" in
|
|
||||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
|
||||||
*) ac_try_echo=$ac_try;;
|
|
||||||
esac
|
|
||||||
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
|
|
||||||
$as_echo "$ac_try_echo"; } >&5
|
|
||||||
(eval "$ac_link") 2>conftest.err
|
|
||||||
ac_status=$?
|
|
||||||
if test -s conftest.err; then
|
|
||||||
grep -v '^ *+' conftest.err >conftest.er1
|
|
||||||
cat conftest.er1 >&5
|
|
||||||
mv -f conftest.er1 conftest.err
|
|
||||||
fi
|
|
||||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
|
||||||
test $ac_status = 0; } && {
|
|
||||||
test -z "$ac_c_werror_flag" ||
|
|
||||||
test ! -s conftest.err
|
|
||||||
} && test -s conftest$ac_exeext && {
|
|
||||||
test "$cross_compiling" = yes ||
|
|
||||||
test -x conftest$ac_exeext
|
|
||||||
}; then :
|
|
||||||
ac_retval=0
|
|
||||||
else
|
|
||||||
$as_echo "$as_me: failed program was:" >&5
|
|
||||||
sed 's/^/| /' conftest.$ac_ext >&5
|
|
||||||
|
|
||||||
ac_retval=1
|
|
||||||
fi
|
|
||||||
# Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
|
|
||||||
# created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
|
|
||||||
# interfere with the next link command; also delete a directory that is
|
|
||||||
# left behind by Apple's compiler. We do this before executing the actions.
|
|
||||||
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
|
|
||||||
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
|
|
||||||
as_fn_set_status $ac_retval
|
|
||||||
|
|
||||||
} # ac_fn_c_try_link
|
|
||||||
|
|
||||||
# ac_fn_c_check_func LINENO FUNC VAR
|
# ac_fn_c_check_func LINENO FUNC VAR
|
||||||
# ----------------------------------
|
# ----------------------------------
|
||||||
# Tests whether FUNC exists, setting the cache variable VAR accordingly
|
# Tests whether FUNC exists, setting the cache variable VAR accordingly
|
||||||
|
@ -1960,7 +1962,7 @@ cat >config.log <<_ACEOF
|
||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by tinc $as_me 1.0.23, which was
|
It was created by tinc $as_me 1.0.24, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
|
@ -2824,7 +2826,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE='tinc'
|
PACKAGE='tinc'
|
||||||
VERSION='1.0.23'
|
VERSION='1.0.24'
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
@ -2916,6 +2918,7 @@ END
|
||||||
as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
|
as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ac_config_headers="$ac_config_headers config.h"
|
ac_config_headers="$ac_config_headers config.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -5146,6 +5149,343 @@ if test -d /sw/lib ; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Check whether --enable-hardening was given.
|
||||||
|
if test "${enable_hardening+set}" = set; then :
|
||||||
|
enableval=$enable_hardening;
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test "x$enable_hardening" != "xno"; then :
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -DFORTIFY_SOURCE=2" >&5
|
||||||
|
$as_echo_n "checking whether C compiler accepts -DFORTIFY_SOURCE=2... " >&6; }
|
||||||
|
if ${ax_cv_check_cflags___DFORTIFY_SOURCE_2+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$CFLAGS
|
||||||
|
CFLAGS="$CFLAGS -DFORTIFY_SOURCE=2"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
ax_cv_check_cflags___DFORTIFY_SOURCE_2=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_cflags___DFORTIFY_SOURCE_2=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||||
|
CFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___DFORTIFY_SOURCE_2" >&5
|
||||||
|
$as_echo "$ax_cv_check_cflags___DFORTIFY_SOURCE_2" >&6; }
|
||||||
|
if test x"$ax_cv_check_cflags___DFORTIFY_SOURCE_2" = xyes; then :
|
||||||
|
CPPFLAGS="$CPPFLAGS -DFORITFY_SOURCE=2"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-strict-overflow" >&5
|
||||||
|
$as_echo_n "checking whether C compiler accepts -fno-strict-overflow... " >&6; }
|
||||||
|
if ${ax_cv_check_cflags___fno_strict_overflow+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$CFLAGS
|
||||||
|
CFLAGS="$CFLAGS -fno-strict-overflow"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
ax_cv_check_cflags___fno_strict_overflow=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_cflags___fno_strict_overflow=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||||
|
CFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_strict_overflow" >&5
|
||||||
|
$as_echo "$ax_cv_check_cflags___fno_strict_overflow" >&6; }
|
||||||
|
if test x"$ax_cv_check_cflags___fno_strict_overflow" = xyes; then :
|
||||||
|
CPPFLAGS="$CPPFLAGS -fno-strict-overflow"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fwrapv" >&5
|
||||||
|
$as_echo_n "checking whether C compiler accepts -fwrapv... " >&6; }
|
||||||
|
if ${ax_cv_check_cflags___fwrapv+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$CFLAGS
|
||||||
|
CFLAGS="$CFLAGS -fwrapv"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
ax_cv_check_cflags___fwrapv=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_cflags___fwrapv=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||||
|
CFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fwrapv" >&5
|
||||||
|
$as_echo "$ax_cv_check_cflags___fwrapv" >&6; }
|
||||||
|
if test x"$ax_cv_check_cflags___fwrapv" = xyes; then :
|
||||||
|
CPPFLAGS="$CPPFLAGS -fwrapv"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
case $host_os in
|
||||||
|
*mingw*)
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--dynamicbase" >&5
|
||||||
|
$as_echo_n "checking whether the linker accepts -Wl,--dynamicbase... " >&6; }
|
||||||
|
if ${ax_cv_check_ldflags___Wl___dynamicbase+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$LDFLAGS
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,--dynamicbase"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ax_cv_check_ldflags___Wl___dynamicbase=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_ldflags___Wl___dynamicbase=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LDFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___dynamicbase" >&5
|
||||||
|
$as_echo "$ax_cv_check_ldflags___Wl___dynamicbase" >&6; }
|
||||||
|
if test x"$ax_cv_check_ldflags___Wl___dynamicbase" = xyes; then :
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,--dynamicbase"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--nxcompat" >&5
|
||||||
|
$as_echo_n "checking whether the linker accepts -Wl,--nxcompat... " >&6; }
|
||||||
|
if ${ax_cv_check_ldflags___Wl___nxcompat+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$LDFLAGS
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,--nxcompat"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ax_cv_check_ldflags___Wl___nxcompat=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_ldflags___Wl___nxcompat=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LDFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___nxcompat" >&5
|
||||||
|
$as_echo "$ax_cv_check_ldflags___Wl___nxcompat" >&6; }
|
||||||
|
if test x"$ax_cv_check_ldflags___Wl___nxcompat" = xyes; then :
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,--nxcompat"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5
|
||||||
|
$as_echo_n "checking whether C compiler accepts -fPIE... " >&6; }
|
||||||
|
if ${ax_cv_check_cflags___fPIE+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$CFLAGS
|
||||||
|
CFLAGS="$CFLAGS -fPIE"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_compile "$LINENO"; then :
|
||||||
|
ax_cv_check_cflags___fPIE=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_cflags___fPIE=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||||
|
CFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5
|
||||||
|
$as_echo "$ax_cv_check_cflags___fPIE" >&6; }
|
||||||
|
if test x"$ax_cv_check_cflags___fPIE" = xyes; then :
|
||||||
|
CPPFLAGS="$CPPFLAGS -fPIE"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5
|
||||||
|
$as_echo_n "checking whether the linker accepts -pie... " >&6; }
|
||||||
|
if ${ax_cv_check_ldflags___pie+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$LDFLAGS
|
||||||
|
LDFLAGS="$LDFLAGS -pie"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ax_cv_check_ldflags___pie=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_ldflags___pie=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LDFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5
|
||||||
|
$as_echo "$ax_cv_check_ldflags___pie" >&6; }
|
||||||
|
if test x"$ax_cv_check_ldflags___pie" = xyes; then :
|
||||||
|
LDFLAGS="$LDFLAGS -pie"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5
|
||||||
|
$as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; }
|
||||||
|
if ${ax_cv_check_ldflags___Wl__z_relro+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$LDFLAGS
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,-z,relro"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ax_cv_check_ldflags___Wl__z_relro=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_ldflags___Wl__z_relro=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LDFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5
|
||||||
|
$as_echo "$ax_cv_check_ldflags___Wl__z_relro" >&6; }
|
||||||
|
if test x"$ax_cv_check_ldflags___Wl__z_relro" = xyes; then :
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,-z,relro"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,now" >&5
|
||||||
|
$as_echo_n "checking whether the linker accepts -Wl,-z,now... " >&6; }
|
||||||
|
if ${ax_cv_check_ldflags___Wl__z_now+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
|
||||||
|
ax_check_save_flags=$LDFLAGS
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,-z,now"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ax_cv_check_ldflags___Wl__z_now=yes
|
||||||
|
else
|
||||||
|
ax_cv_check_ldflags___Wl__z_now=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LDFLAGS=$ax_check_save_flags
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_now" >&5
|
||||||
|
$as_echo "$ax_cv_check_ldflags___Wl__z_now" >&6; }
|
||||||
|
if test x"$ax_cv_check_ldflags___Wl__z_now" = xyes; then :
|
||||||
|
LDFLAGS="$LDFLAGS -Wl,-z,now"
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
fi;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
|
||||||
$as_echo_n "checking for ANSI C header files... " >&6; }
|
$as_echo_n "checking for ANSI C header files... " >&6; }
|
||||||
|
@ -5259,7 +5599,7 @@ $as_echo "#define STDC_HEADERS 1" >>confdefs.h
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for ac_header in stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h dirent.h
|
for ac_header in stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h arpa/nameser.h dirent.h
|
||||||
do :
|
do :
|
||||||
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
||||||
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
|
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
|
||||||
|
@ -5287,7 +5627,7 @@ fi
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
for ac_header in netinet/if_ether.h netinet/ip.h netinet/ip6.h
|
for ac_header in netinet/if_ether.h netinet/ip.h netinet/ip6.h resolv.h
|
||||||
do :
|
do :
|
||||||
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
||||||
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include \"src/have.h\"
|
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include \"src/have.h\"
|
||||||
|
@ -5921,6 +6261,22 @@ cat >>confdefs.h <<_ACEOF
|
||||||
_ACEOF
|
_ACEOF
|
||||||
|
|
||||||
|
|
||||||
|
ac_fn_c_check_decl "$LINENO" "res_init" "ac_cv_have_decl_res_init" "
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <resolv.h>
|
||||||
|
|
||||||
|
"
|
||||||
|
if test "x$ac_cv_have_decl_res_init" = xyes; then :
|
||||||
|
ac_have_decl=1
|
||||||
|
else
|
||||||
|
ac_have_decl=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
#define HAVE_DECL_RES_INIT $ac_have_decl
|
||||||
|
_ACEOF
|
||||||
|
|
||||||
|
|
||||||
cat >confcache <<\_ACEOF
|
cat >confcache <<\_ACEOF
|
||||||
# This file is a shell script that caches the results of configure
|
# This file is a shell script that caches the results of configure
|
||||||
# tests run on this system so they can be shared between configure
|
# tests run on this system so they can be shared between configure
|
||||||
|
@ -7040,7 +7396,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by tinc $as_me 1.0.23, which was
|
This file was extended by tinc $as_me 1.0.24, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
|
@ -7106,7 +7462,7 @@ _ACEOF
|
||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
tinc config.status 1.0.23
|
tinc config.status 1.0.24
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
|
38
configure.ac
38
configure.ac
|
@ -1,7 +1,7 @@
|
||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
|
|
||||||
AC_PREREQ(2.61)
|
AC_PREREQ(2.61)
|
||||||
AC_INIT([tinc], [1.0.23])
|
AC_INIT([tinc], [1.0.24])
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc -Wall])
|
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc -Wall])
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
|
@ -105,7 +105,7 @@ AC_ARG_ENABLE(tunemu,
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_ARG_WITH(windows2000,
|
AC_ARG_WITH(windows2000,
|
||||||
AS_HELP_STRING([--without-windows2000], [compile with support for Windows 2000. This disables support for tunneling over existing IPv6 networks.]),
|
AS_HELP_STRING([--with-windows2000], [compile with support for Windows 2000. This disables support for tunneling over existing IPv6 networks.]),
|
||||||
[ AS_IF([test "x$with_windows2000" = "xyes"],
|
[ AS_IF([test "x$with_windows2000" = "xyes"],
|
||||||
[AC_DEFINE(WITH_WINDOWS2000, 1, [Compile with support for Windows 2000])])
|
[AC_DEFINE(WITH_WINDOWS2000, 1, [Compile with support for Windows 2000])])
|
||||||
]
|
]
|
||||||
|
@ -129,17 +129,40 @@ if test -d /sw/lib ; then
|
||||||
LIBS="$LIBS -L/sw/lib"
|
LIBS="$LIBS -L/sw/lib"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
dnl Compiler hardening flags
|
||||||
|
dnl No -fstack-protector-all because it doesn't work on all platforms or architectures.
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
|
||||||
|
AS_IF([test "x$enable_hardening" != "xno"],
|
||||||
|
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORITFY_SOURCE=2"])
|
||||||
|
AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CPPFLAGS="$CPPFLAGS -fno-strict-overflow"])
|
||||||
|
AX_CHECK_COMPILE_FLAG([-fwrapv], [CPPFLAGS="$CPPFLAGS -fwrapv"])
|
||||||
|
case $host_os in
|
||||||
|
*mingw*)
|
||||||
|
AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"])
|
||||||
|
AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
AX_CHECK_COMPILE_FLAG([-fPIE], [CPPFLAGS="$CPPFLAGS -fPIE"])
|
||||||
|
AX_CHECK_LINK_FLAG([-pie], [LDFLAGS="$LDFLAGS -pie"])
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
|
||||||
|
AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"])
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
dnl Checks for libraries.
|
dnl Checks for libraries.
|
||||||
|
|
||||||
dnl Checks for header files.
|
dnl Checks for header files.
|
||||||
dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
|
dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
|
||||||
|
|
||||||
AC_HEADER_STDC
|
AC_HEADER_STDC
|
||||||
AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h dirent.h])
|
AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h arpa/nameser.h dirent.h])
|
||||||
AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h],
|
AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h],
|
||||||
[], [], [#include "src/have.h"]
|
[], [], [#include "src/have.h"]
|
||||||
)
|
)
|
||||||
AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h],
|
AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h resolv.h],
|
||||||
[], [], [#include "src/have.h"]
|
[], [], [#include "src/have.h"]
|
||||||
)
|
)
|
||||||
AC_CHECK_HEADERS([netinet/tcp.h netinet/ip_icmp.h netinet/icmp6.h],
|
AC_CHECK_HEADERS([netinet/tcp.h netinet/ip_icmp.h netinet/icmp6.h],
|
||||||
|
@ -179,6 +202,11 @@ AC_CHECK_DECLS([freeaddrinfo, gai_strerror, getaddrinfo, getnameinfo],
|
||||||
[], [], [#include "src/have.h"]
|
[], [], [#include "src/have.h"]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
AC_CHECK_DECLS([res_init], [], [], [
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <resolv.h>
|
||||||
|
])
|
||||||
|
|
||||||
AC_CACHE_SAVE
|
AC_CACHE_SAVE
|
||||||
|
|
||||||
dnl These are defined in files in m4/
|
dnl These are defined in files in m4/
|
||||||
|
@ -189,7 +217,7 @@ tinc_OPENSSL
|
||||||
|
|
||||||
dnl Check if support for jumbograms is requested
|
dnl Check if support for jumbograms is requested
|
||||||
AC_ARG_ENABLE(jumbograms,
|
AC_ARG_ENABLE(jumbograms,
|
||||||
AS_HELP_STRING([--disable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]),
|
AS_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]),
|
||||||
[ AS_IF([test "x$enable_jumbograms" = "xyes"],
|
[ AS_IF([test "x$enable_jumbograms" = "xyes"],
|
||||||
[ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ])
|
[ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ])
|
||||||
]
|
]
|
||||||
|
|
13
debian/changelog
vendored
13
debian/changelog
vendored
|
@ -1,3 +1,16 @@
|
||||||
|
tinc (1.0.24-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
[ Guus Sliepen ]
|
||||||
|
* New upstream release
|
||||||
|
* Add a debian/watch file.
|
||||||
|
* Bump Standards-Version.
|
||||||
|
|
||||||
|
[ Gian Piero Carrubba ]
|
||||||
|
* Allow resource limits to be set in /etc/default/tinc.
|
||||||
|
Closes: #690685, #704702
|
||||||
|
|
||||||
|
-- Guus Sliepen <guus@debian.org> Sun, 11 May 2014 21:17:13 +0200
|
||||||
|
|
||||||
tinc (1.0.23-2) unstable; urgency=low
|
tinc (1.0.23-2) unstable; urgency=low
|
||||||
|
|
||||||
* Use if-statements instead of && in shell scripts. Closes: #731279
|
* Use if-statements instead of && in shell scripts. Closes: #731279
|
||||||
|
|
2
debian/control
vendored
2
debian/control
vendored
|
@ -2,7 +2,7 @@ Source: tinc
|
||||||
Section: net
|
Section: net
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Guus Sliepen <guus@debian.org>
|
Maintainer: Guus Sliepen <guus@debian.org>
|
||||||
Standards-Version: 3.9.4
|
Standards-Version: 3.9.5
|
||||||
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
|
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
|
||||||
Homepage: http://www.tinc-vpn.org/
|
Homepage: http://www.tinc-vpn.org/
|
||||||
|
|
||||||
|
|
5
debian/tinc.default
vendored
5
debian/tinc.default
vendored
|
@ -1,2 +1,7 @@
|
||||||
# Extra options to be passed to tincd.
|
# Extra options to be passed to tincd.
|
||||||
# EXTRA="-d"
|
# EXTRA="-d"
|
||||||
|
|
||||||
|
# Limits to be configured for the tincd process. Please read your shell
|
||||||
|
# (pointed by /bin/sh) documentation for ulimit. You probably want to raise the
|
||||||
|
# max locked memory value if using both --mlock and --user flags.
|
||||||
|
# LIMITS="-l 1024"
|
||||||
|
|
16
debian/tinc.if-pre-up
vendored
16
debian/tinc.if-pre-up
vendored
|
@ -10,6 +10,22 @@ fi
|
||||||
|
|
||||||
. /etc/default/tinc
|
. /etc/default/tinc
|
||||||
|
|
||||||
|
# Set process limits
|
||||||
|
|
||||||
|
setlimits() {
|
||||||
|
while [ $# -gt 0 ]; do
|
||||||
|
parm=$1 ; shift
|
||||||
|
if [ -n "$1" -a "${1#-}" = "$1" ]; then
|
||||||
|
value=$1 ; shift
|
||||||
|
ulimit $parm $value
|
||||||
|
else
|
||||||
|
ulimit $parm
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
test -n "$LIMITS" && setlimits $LIMITS
|
||||||
|
|
||||||
# Read options from /etc/network/interfaces
|
# Read options from /etc/network/interfaces
|
||||||
|
|
||||||
[ -n "$IF_TINC_CONFIG" ] && EXTRA="$EXTRA -c $IF_TINC_CONFIG"
|
[ -n "$IF_TINC_CONFIG" ] && EXTRA="$EXTRA -c $IF_TINC_CONFIG"
|
||||||
|
|
14
debian/tinc.init
vendored
14
debian/tinc.init
vendored
|
@ -56,6 +56,20 @@ signal_running() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setlimits() {
|
||||||
|
while [ $# -gt 0 ]; do
|
||||||
|
parm=$1 ; shift
|
||||||
|
if [ -n "$1" -a "${1#-}" = "$1" ]; then
|
||||||
|
value=$1 ; shift
|
||||||
|
ulimit $parm $value
|
||||||
|
else
|
||||||
|
ulimit $parm
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
test -n "$LIMITS" && setlimits $LIMITS
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
$DAEMON $EXTRA -n "$@"
|
$DAEMON $EXTRA -n "$@"
|
||||||
}
|
}
|
||||||
|
|
70
debian/upstream/signing-key.asc
vendored
Normal file
70
debian/upstream/signing-key.asc
vendored
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
mQINBEVZzTABEADawFv/ibQ48uA1eRhL07vdM36Pcq2HDyuyNA+vYEalNH4jLmha
|
||||||
|
nGPvDALWwX0DXIWDAG8zeTj8s8zliLIjuPS4WRI2YdKIvWeG9fEvpKSXVWa42ica
|
||||||
|
dpzn/H2aBd4Ax6rQaiTXKOvxANAp2Veb+73ssPV5AL00uGTpzhh98xQzfFQCZ9ZL
|
||||||
|
YSVPqbMed5oCt/4jM9FBO2CuBtkfiO0dVVYtW7FAVjcIlE2NaZol/KGvz7wsS+yA
|
||||||
|
dE42W0l5MdQueLmTF4AIUSSTyPFGMQoyqh+MPif73Y589IGcW6GdfKYWnVDo6Trh
|
||||||
|
HOhcEky+uTYKb6NL0vrJgUiYVMzAOXFDdJni1eQGO6EfZRNYtTga3alWq/jVelK7
|
||||||
|
BID5JyNbkrTAqdPnhJGivVyk8gGX3+Hng8rkXTfWhp6yAYau1QfBm0F2tIQmpL1C
|
||||||
|
+7DoLvFErboQf685jXJBjzyvsJxB2ZLH1OOw6mNL0hy2LFkIyGza/bktY2em4apo
|
||||||
|
KWV5AM5LpyW6THH1oDS7706xFNkf4IFhKE0hKPzBiRnMDjRtMI131lkc5+P8Lqf5
|
||||||
|
jLTCFUgbEhU6Dz2YjhHAumVm0NWJETUpFDtVvMrqk+mp5xldUOWRNlYQC5aQOyda
|
||||||
|
eHOlNzB/BFbPhKMWI/zWlEH6f0t6WjHb4iwpWO47511aVNHF59aPzbAHxwARAQAB
|
||||||
|
tC9UaW5jIERldmVsb3BtZW50IFRlYW0gPHRpbmMtZGV2ZWxAdGluYy12cG4ub3Jn
|
||||||
|
PokCNgQTAQIAIAUCRVnNMAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEEpg
|
||||||
|
hLnA1x9KxOAQAMPhO2WTXv9AaGQBQhyyoGseKoSfcRjtI9YEfE0OInQQ2E+SPYF/
|
||||||
|
dkfeLGAUqa4foTYQlMqfw70vBhTdVCb7HLTGn6/ICFUtDwakUQCgUQGlUVQiondA
|
||||||
|
8W6jj+QWrh5BQhHuXy2nCVaKnksu0/xQPsJotghxuYqaot3iJ4qVw9iT/Yeo9irH
|
||||||
|
Ffftqu0OVCdQ5zQuFNI9YCv/C83L59ecH7bOzYz2efTyobvxrhmgQtgOQwCWOE09
|
||||||
|
Kr3veM9KLG33YoXlqv8QN/3CwtsJvSwfhj+R2JowZC7RqHe/yznRzmRMsgbrolxi
|
||||||
|
uiJLonGxcNNkD7WhXi7/zL4A/JaC27XrFf1MPLv8aiTwnOIfrXd5jawpauUOZOXK
|
||||||
|
UjIZHlIqviB0r5s7A+AFeHW38Tp9VzNuQ7aEl5bHbSXV+s7DTAwGb279z0AVaJ3h
|
||||||
|
5hWFxupw7UoGdzROwCBYzeX3sioAL6QvkXua8X6zOH45VEiSwrRX3Hlx/MLo7Z4g
|
||||||
|
PWgFLf6WviHQXCG834To1XIwUk9RgNsL7OzGjtaCuRymADImKMNwierq2zTfoRFQ
|
||||||
|
v9onIadIMF1fsc70hiBG9yAi36MEuk4VxG8Jc3PQQfSFm4RWazv1k3E0AAIob2Ek
|
||||||
|
DLVjvLO62Navo/OQ6D7yyiX0qes5S7/k3F1h8+87eRn3yxZE2kbxPg8KuQENBEVZ
|
||||||
|
zYYBCACoYgExmMKEtABL3pir/IXI4exR/45hkP6txFIrkVQb8DGJ9H39kiDr4gtj
|
||||||
|
F+pvcgMpec35S3m4fJ7WhDNvbDB4ZvONc1NMKs9cqDXfB+TLWPm4W+SkcKUrs+nK
|
||||||
|
i8l7ieggTALJcvRoLTX2EFmUFrD6y870W3rK2SfC/0VJX8Ou5cPbwCeueExjo5x0
|
||||||
|
3gNfu0jWUS0cyA9y+1rVVekrLuJY/+SI4jv3gdzrYbxD0f6dpbpC37QHoJdd0KGF
|
||||||
|
acPtT2azjY+HxW10EA3Aw9oZWFXnb1nFg2RbDpkaGLmLbaXweltLyw154UmCXxym
|
||||||
|
PXPqi9bSfEkj0GiYrapk4mW114u9ABEBAAGJA0QEGAECAA8FAkVZzYcCGwIFCQHh
|
||||||
|
M4ABKQkQSmCEucDXH0rAXSAEGQECAAYFAkVZzYcACgkQ017duBDeLmmu3wf/TFZM
|
||||||
|
tLKxiyQPtGSTE3eULPdWCEMDZXdSPTY0QHM7Zvh+qn1ei+iFpD0549MYnBEAwDIV
|
||||||
|
4o62Nrcg8IPu0CEkZIAn2JiFFGYvMGk91awZGV1GS3umd7Dt349E1oKDPZVzRn+j
|
||||||
|
QIKarXxxabRmx2s/dZZgSs/eguWTboBFmvls9tVfe8x/xPvcHFmqHVUoGKEJy6Tm
|
||||||
|
no+s4yNjpc5wAaRml+GYf1tK9WMFuZn79qKxkYv4WI96dXR0FL59YbFRkkaI+1/b
|
||||||
|
G31MvWTqVjY1nJGslByFPUUB8Ca1djtp1gx6NXnOYr3V5MEDfdbjjPu79No+/y6M
|
||||||
|
tIua5yNtSRlk2nKhIqo3D/sGQ/uHijiMRAtoLhiyqYMc9W9vx/KOoCUHoMJqE39a
|
||||||
|
Eputvgwwo0rwgSmNfB1dzneFojBdJ47WBSHC8NKtkpJj6mzvvlaI9jmEpK54x3nl
|
||||||
|
OmBj3X/xaepoRGAtrmgTBP4A9hSjrTMGu/tUQjlX+Xcr6n3g7GSVe5FpUyIMPXEU
|
||||||
|
+JZDTiEUyn1OdzfNGmnWP+KJX5pQVq4czf5XK6otLZJELDVw/Hbjnjmdz5WOKgEH
|
||||||
|
jSof3WPeMBgPAcd/cMAZeiGtWM1UpJBHqEXTkthmrpmtRftJKDbooNM9d5OwKiT+
|
||||||
|
I3vNBv/plMSr8NDjhTWC+ihrN6RBj1vaqpDgGpucPhoO2hwNqWuI4q5WUKtCyw6J
|
||||||
|
An7ErNaH4c0nVaZq6kJ8Vxdt+LpKYmOsJ8y9xtl6StcrkKNn+6ZfCfee7DEo2bvb
|
||||||
|
scfpqJqqOqb5KOagTpYs8mo6yQ3leRvFtoeBOQHVQzct23EwOMxbDyeunT50a1eH
|
||||||
|
MZTEWuIiuCUudM81QXU46oIcaAtj8tpG0Tmnku9g27EjwxUt+8kVmhlPHMb2TdoF
|
||||||
|
k5d0ce+JuxIG5+i+t8sUCorMc8zfp4g1bxZeMOcPnfyO3bSW11EVcN7ZxHlFC+XE
|
||||||
|
YOByP50CM3P8lItPlQ+WpY9kYWjiwu9kVPaGQ16G47nspngJInU5dhka3KJGtIZe
|
||||||
|
q7kBDQRFWc3GAQgAz/JUs24niKsd0ZtOjUWd4R4y0gjS0kC/vvLL2gbXYkA9tcjG
|
||||||
|
5iEvVWJY34QsudX0v1ULsVnJ89X/gsk8hAhAia1TQm+0Qq+MSxEaQkMSaOO8N70U
|
||||||
|
XzgH1dielvpea20WO4MyWQuRIJ0K2nsGmEPnt6ZP7fK8HVHFNggP/mQ6LMu1reAF
|
||||||
|
gvb8cEtjb9B5QaCUEoLjsbsuo+vLW7AWy4GfIRNESHw2Qt08AUaGrihpu6zi7N2b
|
||||||
|
QkHHJtqa63GzYJ+kYzAVvrFJXdwL/TRXLBzv+6yyvYSIHi8uB6/o6CZN6hpjfpME
|
||||||
|
ph+oYPqXeNOyMd1E9Kg8ymcPrNyQKfE3WnCRXQARAQABiQIlBBgBAgAPBQJFWc3H
|
||||||
|
AhsMBQkB4TOAAAoJEEpghLnA1x9KXYMP/3D9JYti6C8DWuX2hWv+2SUbLcMa5u1e
|
||||||
|
ETewIo5S3mqGWSaxX4YLPVRkZ1lOLmFysOLimf0thYm7IsatLcWmBdYUpK92ilvr
|
||||||
|
Sk2sKlhrOoBXEX/79Kz+Aj5PjeyiQxgQ7Ba/afwhU6aTqs2Dp1T0YNu2eBvV+1QH
|
||||||
|
lZnW2Wh96zzwc0dJUuY9eBk5Fgpu08Wce7o6jxFPtVyAaQa0zcNAmw2TSY7wbunJ
|
||||||
|
WTl9OgATAyqVCuhWW7AnPcSqkH8lQigSc00wfqJKOD2Us0FqN6UKDCZTyQkdP6hx
|
||||||
|
G+3aUkkvGSOxy7u9bVWmrikuJMoiIY/CH/m+GcJJATVibI7t5MhhtBGySKc3PAwc
|
||||||
|
58sVe9AnbDvs84efrNP59j2KG2KKqcqjTGAmKyJnG3N50xJGakDIsqfneIRNWpEE
|
||||||
|
pOOPaOqR4qnPAS9OSt9A3hqBpWPjQcScd6AuO+J2PE5y23pTnb9PtLBQb5e4VFiv
|
||||||
|
N54u8j4bU2CO0SC2isZ3CR68dPHthWsxt4XbjhgktjbpQRQ8L2EDBQ8oE13GOrOw
|
||||||
|
P8x4Q0eC5uzkXNyRqzKOsxlZEuc+75aDDd3M2GDw08FG7GI1p/L+NgenwT+9TmFX
|
||||||
|
2hOKVrjgyx+fPut1t5DJJubDWXGOK33qvrL7HTCEv1zz7LNbbPwwNHK4lfMAWuJW
|
||||||
|
D9wc3Y9Se/P/
|
||||||
|
=5MAs
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
2
debian/watch
vendored
Normal file
2
debian/watch
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
version=3
|
||||||
|
opts=pgpsigurlmangle=s/$/.sig/ http://www.tinc-vpn.org/packages/tinc-(1\.0\.\d+)\.tar\.gz
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.14 from Makefile.am.
|
# Makefile.in generated by automake 1.14.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
||||||
|
@ -80,8 +80,10 @@ subdir = doc
|
||||||
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am texinfo.tex
|
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am texinfo.tex
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
|
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
$(ACLOCAL_M4)
|
$(ACLOCAL_M4)
|
||||||
mkinstalldirs = $(install_sh) -d
|
mkinstalldirs = $(install_sh) -d
|
||||||
|
|
Binary file not shown.
|
@ -1,4 +1,4 @@
|
||||||
.Dd 2010-01-16
|
.Dd 2014-05-11
|
||||||
.Dt TINC.CONF 5
|
.Dt TINC.CONF 5
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Ivo Timmermans
|
.\" Ivo Timmermans
|
||||||
|
@ -416,7 +416,7 @@ and
|
||||||
are available.
|
are available.
|
||||||
.El
|
.El
|
||||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||||
vhis is the size of the replay tracking window for each remote node, in bytes.
|
This is the size of the replay tracking window for each remote node, in bytes.
|
||||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||||
the default setting of 16 will track up to 128 packets in the window. In high
|
the default setting of 16 will track up to 128 packets in the window. In high
|
||||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||||
|
@ -428,7 +428,8 @@ traffic.
|
||||||
When this option is enabled tinc will only use Subnet statements which are
|
When this option is enabled tinc will only use Subnet statements which are
|
||||||
present in the host config files in the local
|
present in the host config files in the local
|
||||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
||||||
directory.
|
directory. Subnets learned via connections to other nodes and which are not
|
||||||
|
present in the local host config files are ignored.
|
||||||
.It Va TunnelServer Li = yes | no Po no Pc Bq experimental
|
.It Va TunnelServer Li = yes | no Po no Pc Bq experimental
|
||||||
When this option is enabled tinc will no longer forward information between other tinc daemons,
|
When this option is enabled tinc will no longer forward information between other tinc daemons,
|
||||||
and will only allow connections with nodes for which host config files are present in the local
|
and will only allow connections with nodes for which host config files are present in the local
|
||||||
|
@ -631,6 +632,8 @@ The top directory for configuration files.
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
|
||||||
The default name of the server configuration file for net
|
The default name of the server configuration file for net
|
||||||
.Ar NETNAME .
|
.Ar NETNAME .
|
||||||
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /conf.d/
|
||||||
|
Optional directory from which any *.conf file will be loaded
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
||||||
Host configuration files are kept in this directory.
|
Host configuration files are kept in this directory.
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
|
||||||
|
|
115
doc/tinc.info
115
doc/tinc.info
|
@ -1,14 +1,14 @@
|
||||||
This is tinc.info, produced by makeinfo version 5.1 from tinc.texi.
|
This is tinc.info, produced by makeinfo version 5.2 from tinc.texi.
|
||||||
|
|
||||||
INFO-DIR-SECTION Networking tools
|
INFO-DIR-SECTION Networking tools
|
||||||
START-INFO-DIR-ENTRY
|
START-INFO-DIR-ENTRY
|
||||||
* tinc: (tinc). The tinc Manual.
|
* tinc: (tinc). The tinc Manual.
|
||||||
END-INFO-DIR-ENTRY
|
END-INFO-DIR-ENTRY
|
||||||
|
|
||||||
This is the info manual for tinc version 1.0.22, a Virtual Private
|
This is the info manual for tinc version 1.0.23, a Virtual Private
|
||||||
Network daemon.
|
Network daemon.
|
||||||
|
|
||||||
Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
|
Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen
|
||||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||||
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
Permission is granted to make and distribute verbatim copies of this
|
||||||
|
@ -649,6 +649,9 @@ The actual configuration of the daemon is done in the file
|
||||||
'/etc/tinc/NETNAME/tinc.conf' and at least one other file in the
|
'/etc/tinc/NETNAME/tinc.conf' and at least one other file in the
|
||||||
directory '/etc/tinc/NETNAME/hosts/'.
|
directory '/etc/tinc/NETNAME/hosts/'.
|
||||||
|
|
||||||
|
An optionnal directory '/etc/tinc/NETNAME/conf.d' can be added from
|
||||||
|
which any .conf file will be read.
|
||||||
|
|
||||||
These file consists of comments (lines started with a #) or
|
These file consists of comments (lines started with a #) or
|
||||||
assignments in the form of
|
assignments in the form of
|
||||||
|
|
||||||
|
@ -1011,7 +1014,9 @@ ReplayWindow = <bytes> (16)
|
||||||
StrictSubnets = <yes|no> (no) [experimental]
|
StrictSubnets = <yes|no> (no) [experimental]
|
||||||
When this option is enabled tinc will only use Subnet statements
|
When this option is enabled tinc will only use Subnet statements
|
||||||
which are present in the host config files in the local
|
which are present in the host config files in the local
|
||||||
'/etc/tinc/NETNAME/hosts/' directory.
|
'/etc/tinc/NETNAME/hosts/' directory. Subnets learned via
|
||||||
|
connections to other nodes and which are not present in the local
|
||||||
|
host config files are ignored.
|
||||||
|
|
||||||
TunnelServer = <yes|no> (no) [experimental]
|
TunnelServer = <yes|no> (no) [experimental]
|
||||||
When this option is enabled tinc will no longer forward information
|
When this option is enabled tinc will no longer forward information
|
||||||
|
@ -1040,7 +1045,9 @@ Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
|
||||||
This variable is only required if you want to connect to this host.
|
This variable is only required if you want to connect to this host.
|
||||||
It must resolve to the external IP address where the host can be
|
It must resolve to the external IP address where the host can be
|
||||||
reached, not the one that is internal to the VPN. If no port is
|
reached, not the one that is internal to the VPN. If no port is
|
||||||
specified, the default Port is used.
|
specified, the default Port is used. Multiple Address variables
|
||||||
|
can be specified, in which case each address will be tried until a
|
||||||
|
working connection has been established.
|
||||||
|
|
||||||
Cipher = <CIPHER> (blowfish)
|
Cipher = <CIPHER> (blowfish)
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
||||||
|
@ -2424,16 +2431,16 @@ Concept Index
|
||||||
* CHAL_REPLY: Authentication protocol.
|
* CHAL_REPLY: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* CIDR notation: Host configuration variables.
|
* CIDR notation: Host configuration variables.
|
||||||
(line 91)
|
(line 93)
|
||||||
* Cipher: Host configuration variables.
|
* Cipher: Host configuration variables.
|
||||||
(line 12)
|
(line 14)
|
||||||
* ClampMSS: Host configuration variables.
|
* ClampMSS: Host configuration variables.
|
||||||
(line 18)
|
(line 20)
|
||||||
* client: How connections work.
|
* client: How connections work.
|
||||||
(line 18)
|
(line 18)
|
||||||
* command line: Runtime options. (line 9)
|
* command line: Runtime options. (line 9)
|
||||||
* Compression: Host configuration variables.
|
* Compression: Host configuration variables.
|
||||||
(line 24)
|
(line 26)
|
||||||
* connection: The connection. (line 6)
|
* connection: The connection. (line 6)
|
||||||
* ConnectTo: Main configuration variables.
|
* ConnectTo: Main configuration variables.
|
||||||
(line 53)
|
(line 53)
|
||||||
|
@ -2452,7 +2459,7 @@ Concept Index
|
||||||
* DeviceType: Main configuration variables.
|
* DeviceType: Main configuration variables.
|
||||||
(line 80)
|
(line 80)
|
||||||
* Digest: Host configuration variables.
|
* Digest: Host configuration variables.
|
||||||
(line 29)
|
(line 31)
|
||||||
* DirectOnly: Main configuration variables.
|
* DirectOnly: Main configuration variables.
|
||||||
(line 145)
|
(line 145)
|
||||||
* dummy: Main configuration variables.
|
* dummy: Main configuration variables.
|
||||||
|
@ -2481,7 +2488,7 @@ Concept Index
|
||||||
* IffOneQueue: Main configuration variables.
|
* IffOneQueue: Main configuration variables.
|
||||||
(line 191)
|
(line 191)
|
||||||
* IndirectData: Host configuration variables.
|
* IndirectData: Host configuration variables.
|
||||||
(line 34)
|
(line 36)
|
||||||
* Interface: Main configuration variables.
|
* Interface: Main configuration variables.
|
||||||
(line 194)
|
(line 194)
|
||||||
* INTERFACE: Scripts. (line 56)
|
* INTERFACE: Scripts. (line 56)
|
||||||
|
@ -2498,7 +2505,7 @@ Concept Index
|
||||||
* MACExpire: Main configuration variables.
|
* MACExpire: Main configuration variables.
|
||||||
(line 219)
|
(line 219)
|
||||||
* MACLength: Host configuration variables.
|
* MACLength: Host configuration variables.
|
||||||
(line 42)
|
(line 44)
|
||||||
* MaxTimeout: Main configuration variables.
|
* MaxTimeout: Main configuration variables.
|
||||||
(line 224)
|
(line 224)
|
||||||
* meta-protocol: The meta-connection. (line 18)
|
* meta-protocol: The meta-connection. (line 18)
|
||||||
|
@ -2521,7 +2528,7 @@ Concept Index
|
||||||
* OpenSSL: OpenSSL. (line 6)
|
* OpenSSL: OpenSSL. (line 6)
|
||||||
* options: Runtime options. (line 9)
|
* options: Runtime options. (line 9)
|
||||||
* PEM format: Host configuration variables.
|
* PEM format: Host configuration variables.
|
||||||
(line 67)
|
(line 69)
|
||||||
* PING: The meta-protocol. (line 88)
|
* PING: The meta-protocol. (line 88)
|
||||||
* PingInterval: Main configuration variables.
|
* PingInterval: Main configuration variables.
|
||||||
(line 266)
|
(line 266)
|
||||||
|
@ -2529,12 +2536,12 @@ Concept Index
|
||||||
(line 270)
|
(line 270)
|
||||||
* platforms: Supported platforms. (line 6)
|
* platforms: Supported platforms. (line 6)
|
||||||
* PMTU: Host configuration variables.
|
* PMTU: Host configuration variables.
|
||||||
(line 47)
|
(line 49)
|
||||||
* PMTUDiscovery: Host configuration variables.
|
* PMTUDiscovery: Host configuration variables.
|
||||||
(line 50)
|
(line 52)
|
||||||
* PONG: The meta-protocol. (line 88)
|
* PONG: The meta-protocol. (line 88)
|
||||||
* Port: Host configuration variables.
|
* Port: Host configuration variables.
|
||||||
(line 55)
|
(line 57)
|
||||||
* port numbers: Other files. (line 17)
|
* port numbers: Other files. (line 17)
|
||||||
* PriorityInheritance: Main configuration variables.
|
* PriorityInheritance: Main configuration variables.
|
||||||
(line 276)
|
(line 276)
|
||||||
|
@ -2549,9 +2556,9 @@ Concept Index
|
||||||
* Proxy: Main configuration variables.
|
* Proxy: Main configuration variables.
|
||||||
(line 297)
|
(line 297)
|
||||||
* PublicKey: Host configuration variables.
|
* PublicKey: Host configuration variables.
|
||||||
(line 59)
|
(line 61)
|
||||||
* PublicKeyFile: Host configuration variables.
|
* PublicKeyFile: Host configuration variables.
|
||||||
(line 62)
|
(line 64)
|
||||||
* raw_socket: Main configuration variables.
|
* raw_socket: Main configuration variables.
|
||||||
(line 92)
|
(line 92)
|
||||||
* release: Supported platforms. (line 14)
|
* release: Supported platforms. (line 14)
|
||||||
|
@ -2576,16 +2583,16 @@ Concept Index
|
||||||
* StrictSubnets: Main configuration variables.
|
* StrictSubnets: Main configuration variables.
|
||||||
(line 331)
|
(line 331)
|
||||||
* Subnet: Host configuration variables.
|
* Subnet: Host configuration variables.
|
||||||
(line 74)
|
(line 76)
|
||||||
* SUBNET: Scripts. (line 72)
|
* SUBNET: Scripts. (line 72)
|
||||||
* Subnet weight: Host configuration variables.
|
* Subnet weight: Host configuration variables.
|
||||||
(line 96)
|
(line 98)
|
||||||
* SVPN: Security. (line 11)
|
* SVPN: Security. (line 11)
|
||||||
* switch: Main configuration variables.
|
* switch: Main configuration variables.
|
||||||
(line 239)
|
(line 239)
|
||||||
* TCP: The meta-connection. (line 10)
|
* TCP: The meta-connection. (line 10)
|
||||||
* TCPonly: Host configuration variables.
|
* TCPonly: Host configuration variables.
|
||||||
(line 103)
|
(line 105)
|
||||||
* tinc: Introduction. (line 6)
|
* tinc: Introduction. (line 6)
|
||||||
* TINC: Security. (line 6)
|
* TINC: Security. (line 6)
|
||||||
* tinc-down: Scripts. (line 18)
|
* tinc-down: Scripts. (line 18)
|
||||||
|
@ -2596,16 +2603,16 @@ Concept Index
|
||||||
* tunifhead: Main configuration variables.
|
* tunifhead: Main configuration variables.
|
||||||
(line 134)
|
(line 134)
|
||||||
* TunnelServer: Main configuration variables.
|
* TunnelServer: Main configuration variables.
|
||||||
(line 336)
|
(line 338)
|
||||||
* tunnohead: Main configuration variables.
|
* tunnohead: Main configuration variables.
|
||||||
(line 128)
|
(line 128)
|
||||||
* UDP: The UDP tunnel. (line 30)
|
* UDP: The UDP tunnel. (line 30)
|
||||||
* UDP <1>: Encryption of network packets.
|
* UDP <1>: Encryption of network packets.
|
||||||
(line 12)
|
(line 12)
|
||||||
* UDPRcvBuf: Main configuration variables.
|
* UDPRcvBuf: Main configuration variables.
|
||||||
(line 343)
|
(line 345)
|
||||||
* UDPSndBuf: Main configuration variables.
|
* UDPSndBuf: Main configuration variables.
|
||||||
(line 348)
|
(line 350)
|
||||||
* UML: Main configuration variables.
|
* UML: Main configuration variables.
|
||||||
(line 110)
|
(line 110)
|
||||||
* Universal tun/tap: Configuration of Linux kernels.
|
* Universal tun/tap: Configuration of Linux kernels.
|
||||||
|
@ -2656,35 +2663,35 @@ Node: Configuration introduction20366
|
||||||
Node: Multiple networks21634
|
Node: Multiple networks21634
|
||||||
Node: How connections work23059
|
Node: How connections work23059
|
||||||
Node: Configuration files24281
|
Node: Configuration files24281
|
||||||
Node: Main configuration variables25669
|
Node: Main configuration variables25776
|
||||||
Node: Host configuration variables41635
|
Node: Host configuration variables41870
|
||||||
Node: Scripts46990
|
Node: Scripts47371
|
||||||
Node: How to configure49753
|
Node: How to configure50134
|
||||||
Node: Generating keypairs51010
|
Node: Generating keypairs51391
|
||||||
Node: Network interfaces51509
|
Node: Network interfaces51890
|
||||||
Node: Example configuration53357
|
Node: Example configuration53738
|
||||||
Node: Running tinc58682
|
Node: Running tinc59063
|
||||||
Node: Runtime options59272
|
Node: Runtime options59653
|
||||||
Node: Signals62574
|
Node: Signals62955
|
||||||
Node: Debug levels63765
|
Node: Debug levels64146
|
||||||
Node: Solving problems64701
|
Node: Solving problems65082
|
||||||
Node: Error messages66253
|
Node: Error messages66634
|
||||||
Node: Sending bug reports70262
|
Node: Sending bug reports70643
|
||||||
Node: Technical information71209
|
Node: Technical information71590
|
||||||
Node: The connection71440
|
Node: The connection71821
|
||||||
Node: The UDP tunnel71752
|
Node: The UDP tunnel72133
|
||||||
Node: The meta-connection74815
|
Node: The meta-connection75196
|
||||||
Node: The meta-protocol76284
|
Node: The meta-protocol76665
|
||||||
Node: Security81301
|
Node: Security81682
|
||||||
Node: Authentication protocol82434
|
Node: Authentication protocol82815
|
||||||
Node: Encryption of network packets87451
|
Node: Encryption of network packets87832
|
||||||
Node: Security issues88827
|
Node: Security issues89208
|
||||||
Node: Platform specific information90454
|
Node: Platform specific information90835
|
||||||
Node: Interface configuration90682
|
Node: Interface configuration91063
|
||||||
Node: Routes93135
|
Node: Routes93516
|
||||||
Node: About us95052
|
Node: About us95433
|
||||||
Node: Contact information95227
|
Node: Contact information95608
|
||||||
Node: Authors95631
|
Node: Authors96012
|
||||||
Node: Concept Index96036
|
Node: Concept Index96417
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2013 Ivo Timmermans,
|
Copyright @copyright{} 1998-2014 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
||||||
@vskip 0pt plus 1filll
|
@vskip 0pt plus 1filll
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2013 Ivo Timmermans,
|
Copyright @copyright{} 1998-2014 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
|
@ -718,6 +718,9 @@ The actual configuration of the daemon is done in the file
|
||||||
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf} and at least one other file in the directory
|
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf} and at least one other file in the directory
|
||||||
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/}.
|
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/}.
|
||||||
|
|
||||||
|
An optionnal directory @file{@value{sysconfdir}/tinc/@var{netname}/conf.d} can be added from which
|
||||||
|
any .conf file will be read.
|
||||||
|
|
||||||
These file consists of comments (lines started with a #) or assignments
|
These file consists of comments (lines started with a #) or assignments
|
||||||
in the form of
|
in the form of
|
||||||
|
|
||||||
|
@ -1102,6 +1105,8 @@ traffic.
|
||||||
When this option is enabled tinc will only use Subnet statements which are
|
When this option is enabled tinc will only use Subnet statements which are
|
||||||
present in the host config files in the local
|
present in the host config files in the local
|
||||||
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.
|
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.
|
||||||
|
Subnets learned via connections to other nodes and which are not
|
||||||
|
present in the local host config files are ignored.
|
||||||
|
|
||||||
@cindex TunnelServer
|
@cindex TunnelServer
|
||||||
@item TunnelServer = <yes|no> (no) [experimental]
|
@item TunnelServer = <yes|no> (no) [experimental]
|
||||||
|
@ -1134,6 +1139,8 @@ This variable is only required if you want to connect to this host. It
|
||||||
must resolve to the external IP address where the host can be reached,
|
must resolve to the external IP address where the host can be reached,
|
||||||
not the one that is internal to the VPN.
|
not the one that is internal to the VPN.
|
||||||
If no port is specified, the default Port is used.
|
If no port is specified, the default Port is used.
|
||||||
|
Multiple Address variables can be specified, in which case each address will be
|
||||||
|
tried until a working connection has been established.
|
||||||
|
|
||||||
@cindex Cipher
|
@cindex Cipher
|
||||||
@item Cipher = <@var{cipher}> (blowfish)
|
@item Cipher = <@var{cipher}> (blowfish)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.Dd 2011-01-02
|
.Dd 2014-05-11
|
||||||
.Dt TINCD 8
|
.Dt TINCD 8
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Ivo Timmermans
|
.\" Ivo Timmermans
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.14 from Makefile.am.
|
# Makefile.in generated by automake 1.14.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
||||||
|
@ -81,8 +81,10 @@ subdir = m4
|
||||||
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README
|
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
|
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
$(ACLOCAL_M4)
|
$(ACLOCAL_M4)
|
||||||
mkinstalldirs = $(install_sh) -d
|
mkinstalldirs = $(install_sh) -d
|
||||||
|
|
72
m4/ax_check_compile_flag.m4
Normal file
72
m4/ax_check_compile_flag.m4
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
# ===========================================================================
|
||||||
|
# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
|
||||||
|
# ===========================================================================
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
#
|
||||||
|
# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
#
|
||||||
|
# Check whether the given FLAG works with the current language's compiler
|
||||||
|
# or gives an error. (Warnings, however, are ignored)
|
||||||
|
#
|
||||||
|
# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
|
||||||
|
# success/failure.
|
||||||
|
#
|
||||||
|
# If EXTRA-FLAGS is defined, it is added to the current language's default
|
||||||
|
# flags (e.g. CFLAGS) when the check is done. The check is thus made with
|
||||||
|
# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
|
||||||
|
# force the compiler to issue an error when a bad flag is given.
|
||||||
|
#
|
||||||
|
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
|
||||||
|
# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
#
|
||||||
|
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
|
||||||
|
# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by the
|
||||||
|
# Free Software Foundation, either version 3 of the License, or (at your
|
||||||
|
# option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful, but
|
||||||
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||||
|
# Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# As a special exception, the respective Autoconf Macro's copyright owner
|
||||||
|
# gives unlimited permission to copy, distribute and modify the configure
|
||||||
|
# scripts that are the output of Autoconf when processing the Macro. You
|
||||||
|
# need not follow the terms of the GNU General Public License when using
|
||||||
|
# or distributing such scripts, even though portions of the text of the
|
||||||
|
# Macro appear in them. The GNU General Public License (GPL) does govern
|
||||||
|
# all other use of the material that constitutes the Autoconf Macro.
|
||||||
|
#
|
||||||
|
# This special exception to the GPL applies to versions of the Autoconf
|
||||||
|
# Macro released by the Autoconf Archive. When you make and distribute a
|
||||||
|
# modified version of the Autoconf Macro, you may extend this special
|
||||||
|
# exception to the GPL to apply to your modified version as well.
|
||||||
|
|
||||||
|
#serial 2
|
||||||
|
|
||||||
|
AC_DEFUN([AX_CHECK_COMPILE_FLAG],
|
||||||
|
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
|
||||||
|
AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
|
||||||
|
AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
|
||||||
|
ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
|
||||||
|
_AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
|
||||||
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM()],
|
||||||
|
[AS_VAR_SET(CACHEVAR,[yes])],
|
||||||
|
[AS_VAR_SET(CACHEVAR,[no])])
|
||||||
|
_AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
|
||||||
|
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
|
||||||
|
[m4_default([$2], :)],
|
||||||
|
[m4_default([$3], :)])
|
||||||
|
AS_VAR_POPDEF([CACHEVAR])dnl
|
||||||
|
])dnl AX_CHECK_COMPILE_FLAGS
|
71
m4/ax_check_link_flag.m4
Normal file
71
m4/ax_check_link_flag.m4
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
# ===========================================================================
|
||||||
|
# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
|
||||||
|
# ===========================================================================
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
#
|
||||||
|
# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
#
|
||||||
|
# Check whether the given FLAG works with the linker or gives an error.
|
||||||
|
# (Warnings, however, are ignored)
|
||||||
|
#
|
||||||
|
# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
|
||||||
|
# success/failure.
|
||||||
|
#
|
||||||
|
# If EXTRA-FLAGS is defined, it is added to the linker's default flags
|
||||||
|
# when the check is done. The check is thus made with the flags: "LDFLAGS
|
||||||
|
# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
|
||||||
|
# issue an error when a bad flag is given.
|
||||||
|
#
|
||||||
|
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
|
||||||
|
# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
|
||||||
|
#
|
||||||
|
# LICENSE
|
||||||
|
#
|
||||||
|
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
|
||||||
|
# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License as published by the
|
||||||
|
# Free Software Foundation, either version 3 of the License, or (at your
|
||||||
|
# option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful, but
|
||||||
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||||
|
# Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# As a special exception, the respective Autoconf Macro's copyright owner
|
||||||
|
# gives unlimited permission to copy, distribute and modify the configure
|
||||||
|
# scripts that are the output of Autoconf when processing the Macro. You
|
||||||
|
# need not follow the terms of the GNU General Public License when using
|
||||||
|
# or distributing such scripts, even though portions of the text of the
|
||||||
|
# Macro appear in them. The GNU General Public License (GPL) does govern
|
||||||
|
# all other use of the material that constitutes the Autoconf Macro.
|
||||||
|
#
|
||||||
|
# This special exception to the GPL applies to versions of the Autoconf
|
||||||
|
# Macro released by the Autoconf Archive. When you make and distribute a
|
||||||
|
# modified version of the Autoconf Macro, you may extend this special
|
||||||
|
# exception to the GPL to apply to your modified version as well.
|
||||||
|
|
||||||
|
#serial 2
|
||||||
|
|
||||||
|
AC_DEFUN([AX_CHECK_LINK_FLAG],
|
||||||
|
[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
|
||||||
|
AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
|
||||||
|
ax_check_save_flags=$LDFLAGS
|
||||||
|
LDFLAGS="$LDFLAGS $4 $1"
|
||||||
|
AC_LINK_IFELSE([AC_LANG_PROGRAM()],
|
||||||
|
[AS_VAR_SET(CACHEVAR,[yes])],
|
||||||
|
[AS_VAR_SET(CACHEVAR,[no])])
|
||||||
|
LDFLAGS=$ax_check_save_flags])
|
||||||
|
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
|
||||||
|
[m4_default([$2], :)],
|
||||||
|
[m4_default([$3], :)])
|
||||||
|
AS_VAR_POPDEF([CACHEVAR])dnl
|
||||||
|
])dnl AX_CHECK_LINK_FLAGS
|
4
missing
4
missing
|
@ -1,7 +1,7 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Common wrapper for a few potentially missing GNU programs.
|
# Common wrapper for a few potentially missing GNU programs.
|
||||||
|
|
||||||
scriptversion=2012-06-26.16; # UTC
|
scriptversion=2013-10-28.13; # UTC
|
||||||
|
|
||||||
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
|
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
|
||||||
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
|
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
|
||||||
|
@ -160,7 +160,7 @@ give_advice ()
|
||||||
;;
|
;;
|
||||||
autom4te*)
|
autom4te*)
|
||||||
echo "You might have modified some maintainer files that require"
|
echo "You might have modified some maintainer files that require"
|
||||||
echo "the 'automa4te' program to be rebuilt."
|
echo "the 'autom4te' program to be rebuilt."
|
||||||
program_details 'autom4te'
|
program_details 'autom4te'
|
||||||
;;
|
;;
|
||||||
bison*|yacc*)
|
bison*|yacc*)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Makefile.in generated by automake 1.14 from Makefile.am.
|
# Makefile.in generated by automake 1.14.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
|
||||||
|
@ -93,8 +93,10 @@ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
|
||||||
$(top_srcdir)/depcomp
|
$(top_srcdir)/depcomp
|
||||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||||
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
|
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||||
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
|
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||||
|
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||||
|
$(top_srcdir)/configure.ac
|
||||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
$(ACLOCAL_M4)
|
$(ACLOCAL_M4)
|
||||||
mkinstalldirs = $(install_sh) -d
|
mkinstalldirs = $(install_sh) -d
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
avl_tree.c -- avl_ tree and linked list convenience
|
avl_tree.c -- avl_ tree and linked list convenience
|
||||||
Copyright (C) 1998 Michael H. Buselli
|
Copyright (C) 1998 Michael H. Buselli
|
||||||
2000-2005 Ivo Timmermans,
|
2000-2005 Ivo Timmermans,
|
||||||
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2000-2005 Wessel Dankers <wsl@tinc-vpn.org>
|
2000-2005 Wessel Dankers <wsl@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -168,14 +168,12 @@ static void avl_rebalance(avl_tree_t *tree, avl_node_t *node)
|
||||||
child->right->parent = child;
|
child->right->parent = child;
|
||||||
gchild->right = node;
|
gchild->right = node;
|
||||||
|
|
||||||
if(gchild->right)
|
|
||||||
gchild->right->parent = gchild;
|
gchild->right->parent = gchild;
|
||||||
gchild->left = child;
|
gchild->left = child;
|
||||||
|
|
||||||
if(gchild->left)
|
|
||||||
gchild->left->parent = gchild;
|
gchild->left->parent = gchild;
|
||||||
*superparent = gchild;
|
|
||||||
|
|
||||||
|
*superparent = gchild;
|
||||||
gchild->parent = parent;
|
gchild->parent = parent;
|
||||||
#ifdef AVL_COUNT
|
#ifdef AVL_COUNT
|
||||||
node->count = AVL_CALC_COUNT(node);
|
node->count = AVL_CALC_COUNT(node);
|
||||||
|
@ -224,11 +222,9 @@ static void avl_rebalance(avl_tree_t *tree, avl_node_t *node)
|
||||||
child->left->parent = child;
|
child->left->parent = child;
|
||||||
gchild->left = node;
|
gchild->left = node;
|
||||||
|
|
||||||
if(gchild->left)
|
|
||||||
gchild->left->parent = gchild;
|
gchild->left->parent = gchild;
|
||||||
gchild->right = child;
|
gchild->right = child;
|
||||||
|
|
||||||
if(gchild->right)
|
|
||||||
gchild->right->parent = gchild;
|
gchild->right->parent = gchild;
|
||||||
|
|
||||||
*superparent = gchild;
|
*superparent = gchild;
|
||||||
|
@ -600,6 +596,8 @@ void avl_unlink_node(avl_tree_t *tree, avl_node_t *node)
|
||||||
balnode = parent;
|
balnode = parent;
|
||||||
} else {
|
} else {
|
||||||
subst = node->prev;
|
subst = node->prev;
|
||||||
|
if(!subst) // This only happens if node is not actually in a tree at all.
|
||||||
|
abort();
|
||||||
|
|
||||||
if(subst == left) {
|
if(subst == left) {
|
||||||
balnode = subst;
|
balnode = subst;
|
||||||
|
|
25
src/conf.c
25
src/conf.c
|
@ -2,7 +2,7 @@
|
||||||
conf.c -- configuration code
|
conf.c -- configuration code
|
||||||
Copyright (C) 1998 Robert van der Meulen
|
Copyright (C) 1998 Robert van der Meulen
|
||||||
1998-2005 Ivo Timmermans
|
1998-2005 Ivo Timmermans
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
||||||
2000 Cris van Pelt
|
2000 Cris van Pelt
|
||||||
|
|
||||||
|
@ -378,6 +378,29 @@ bool read_server_config(void) {
|
||||||
xasprintf(&fname, "%s/tinc.conf", confbase);
|
xasprintf(&fname, "%s/tinc.conf", confbase);
|
||||||
x = read_config_file(config_tree, fname);
|
x = read_config_file(config_tree, fname);
|
||||||
|
|
||||||
|
// We will try to read the conf files in the "conf.d" dir
|
||||||
|
if (x) {
|
||||||
|
char * dname;
|
||||||
|
xasprintf(&dname, "%s/conf.d", confbase);
|
||||||
|
DIR *dir = opendir (dname);
|
||||||
|
// If we can find this dir
|
||||||
|
if (dir) {
|
||||||
|
struct dirent *ep;
|
||||||
|
// We list all the files in it
|
||||||
|
while (x && (ep = readdir (dir))) {
|
||||||
|
size_t l = strlen(ep->d_name);
|
||||||
|
// And we try to read the ones that end with ".conf"
|
||||||
|
if (l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) {
|
||||||
|
free(fname);
|
||||||
|
xasprintf(&fname, "%s/%s", dname, ep->d_name);
|
||||||
|
x = read_config_file(config_tree, fname);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir (dir);
|
||||||
|
}
|
||||||
|
free(dname);
|
||||||
|
}
|
||||||
|
|
||||||
if(!x) { /* System error: complain */
|
if(!x) { /* System error: complain */
|
||||||
logger(LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno));
|
logger(LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno));
|
||||||
}
|
}
|
||||||
|
|
14
src/graph.c
14
src/graph.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
graph.c -- graph algorithms
|
graph.c -- graph algorithms
|
||||||
Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2014 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -212,9 +212,13 @@ static void sssp_bfs(void) {
|
||||||
&& (!e->to->status.indirect || indirect))
|
&& (!e->to->status.indirect || indirect))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
// Only update nexthop the first time we visit this node.
|
||||||
|
|
||||||
|
if(!e->to->status.visited)
|
||||||
|
e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop;
|
||||||
|
|
||||||
e->to->status.visited = true;
|
e->to->status.visited = true;
|
||||||
e->to->status.indirect = indirect;
|
e->to->status.indirect = indirect;
|
||||||
e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop;
|
|
||||||
e->to->prevedge = e;
|
e->to->prevedge = e;
|
||||||
e->to->via = indirect ? n->via : e->to;
|
e->to->via = indirect ? n->via : e->to;
|
||||||
e->to->options = e->options;
|
e->to->options = e->options;
|
||||||
|
@ -336,6 +340,7 @@ void dump_graph(void) {
|
||||||
|
|
||||||
if(!file) {
|
if(!file) {
|
||||||
logger(LOG_ERR, "Unable to open graph dump file %s: %s", filename, strerror(errno));
|
logger(LOG_ERR, "Unable to open graph dump file %s: %s", filename, strerror(errno));
|
||||||
|
free(filename);
|
||||||
free(tmpname);
|
free(tmpname);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -363,7 +368,10 @@ void dump_graph(void) {
|
||||||
#ifdef HAVE_MINGW
|
#ifdef HAVE_MINGW
|
||||||
unlink(filename);
|
unlink(filename);
|
||||||
#endif
|
#endif
|
||||||
rename(tmpname, filename);
|
if(rename(tmpname, filename))
|
||||||
|
logger(LOG_ERR, "Could not rename %s to %s: %s\n", tmpname, filename, strerror(errno));
|
||||||
free(tmpname);
|
free(tmpname);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(filename);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
have.h -- include headers which are known to exist
|
have.h -- include headers which are known to exist
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2003-2011 Guus Sliepen <guus@tinc-vpn.org>
|
2003-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -38,6 +38,7 @@
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
#include <limits.h>
|
||||||
|
|
||||||
#ifdef HAVE_MINGW
|
#ifdef HAVE_MINGW
|
||||||
#include <w32api.h>
|
#include <w32api.h>
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Linux ethertap and tun/tap device
|
device.c -- Interaction with Linux ethertap and tun/tap device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -107,17 +107,21 @@ static bool setup_device(void) {
|
||||||
ifr.ifr_flags |= IFF_ONE_QUEUE;
|
ifr.ifr_flags |= IFF_ONE_QUEUE;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(iface)
|
if(iface) {
|
||||||
strncpy(ifr.ifr_name, iface, IFNAMSIZ);
|
strncpy(ifr.ifr_name, iface, IFNAMSIZ);
|
||||||
|
ifr.ifr_name[IFNAMSIZ - 1] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if(!ioctl(device_fd, TUNSETIFF, &ifr)) {
|
if(!ioctl(device_fd, TUNSETIFF, &ifr)) {
|
||||||
strncpy(ifrname, ifr.ifr_name, IFNAMSIZ);
|
strncpy(ifrname, ifr.ifr_name, IFNAMSIZ);
|
||||||
if(iface) free(iface);
|
ifrname[IFNAMSIZ - 1] = 0;
|
||||||
|
free(iface);
|
||||||
iface = xstrdup(ifrname);
|
iface = xstrdup(ifrname);
|
||||||
} else if(!ioctl(device_fd, (('T' << 8) | 202), &ifr)) {
|
} else if(!ioctl(device_fd, (('T' << 8) | 202), &ifr)) {
|
||||||
logger(LOG_WARNING, "Old ioctl() request was needed for %s", device);
|
logger(LOG_WARNING, "Old ioctl() request was needed for %s", device);
|
||||||
strncpy(ifrname, ifr.ifr_name, IFNAMSIZ);
|
strncpy(ifrname, ifr.ifr_name, IFNAMSIZ);
|
||||||
if(iface) free(iface);
|
ifrname[IFNAMSIZ - 1] = 0;
|
||||||
|
free(iface);
|
||||||
iface = xstrdup(ifrname);
|
iface = xstrdup(ifrname);
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
|
@ -126,7 +130,6 @@ static bool setup_device(void) {
|
||||||
overwrite_mac = true;
|
overwrite_mac = true;
|
||||||
device_info = "Linux ethertap device";
|
device_info = "Linux ethertap device";
|
||||||
device_type = DEVICE_TYPE_ETHERTAP;
|
device_type = DEVICE_TYPE_ETHERTAP;
|
||||||
if(iface)
|
|
||||||
free(iface);
|
free(iface);
|
||||||
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
meta.c -- handle the meta communication
|
meta.c -- handle the meta communication
|
||||||
Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
|
|
||||||
|
@ -180,7 +180,7 @@ bool receive_meta(connection_t *c) {
|
||||||
if(!c->node) {
|
if(!c->node) {
|
||||||
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
|
if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
|
||||||
if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
|
if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
|
||||||
logger(LOG_DEBUG, "Proxy request granted");
|
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
|
||||||
} else {
|
} else {
|
||||||
logger(LOG_ERR, "Proxy request rejected");
|
logger(LOG_ERR, "Proxy request rejected");
|
||||||
return false;
|
return false;
|
||||||
|
@ -199,9 +199,9 @@ bool receive_meta(connection_t *c) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if(c->buffer[3] == 0) {
|
if(c->buffer[3] == 0) {
|
||||||
logger(LOG_DEBUG, "Proxy request granted");
|
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
|
||||||
} else {
|
} else {
|
||||||
logger(LOG_DEBUG, "Proxy request rejected");
|
logger(LOG_ERR, "Proxy request rejected");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Windows tap driver in a MinGW environment
|
device.c -- Interaction with Windows tap driver in a MinGW environment
|
||||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||||
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -49,6 +49,7 @@ static DWORD WINAPI tapreader(void *bla) {
|
||||||
DWORD len;
|
DWORD len;
|
||||||
OVERLAPPED overlapped;
|
OVERLAPPED overlapped;
|
||||||
vpn_packet_t packet;
|
vpn_packet_t packet;
|
||||||
|
int errors = 0;
|
||||||
|
|
||||||
logger(LOG_DEBUG, "Tap reader running");
|
logger(LOG_DEBUG, "Tap reader running");
|
||||||
|
|
||||||
|
@ -71,16 +72,27 @@ static DWORD WINAPI tapreader(void *bla) {
|
||||||
} else {
|
} else {
|
||||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||||
device, strerror(errno));
|
device, strerror(errno));
|
||||||
return -1;
|
errors++;
|
||||||
|
if(errors >= 10) {
|
||||||
|
EnterCriticalSection(&mutex);
|
||||||
|
running = false;
|
||||||
|
LeaveCriticalSection(&mutex);
|
||||||
|
}
|
||||||
|
usleep(1000000);
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
EnterCriticalSection(&mutex);
|
errors = 0;
|
||||||
packet.len = len;
|
packet.len = len;
|
||||||
packet.priority = 0;
|
packet.priority = 0;
|
||||||
|
|
||||||
|
EnterCriticalSection(&mutex);
|
||||||
route(myself, &packet);
|
route(myself, &packet);
|
||||||
LeaveCriticalSection(&mutex);
|
LeaveCriticalSection(&mutex);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool setup_device(void) {
|
static bool setup_device(void) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- multicast socket
|
device.c -- multicast socket
|
||||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||||
2002-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -56,6 +56,7 @@ static bool setup_device(void) {
|
||||||
space = strchr(host, ' ');
|
space = strchr(host, ' ');
|
||||||
if(!space) {
|
if(!space) {
|
||||||
logger(LOG_ERR, "Port number required for %s", device_info);
|
logger(LOG_ERR, "Port number required for %s", device_info);
|
||||||
|
free(host);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,6 +76,7 @@ static bool setup_device(void) {
|
||||||
device_fd = socket(ai->ai_family, SOCK_DGRAM, IPPROTO_UDP);
|
device_fd = socket(ai->ai_family, SOCK_DGRAM, IPPROTO_UDP);
|
||||||
if(device_fd < 0) {
|
if(device_fd < 0) {
|
||||||
logger(LOG_ERR, "Creating socket failed: %s", sockstrerror(sockerrno));
|
logger(LOG_ERR, "Creating socket failed: %s", sockstrerror(sockerrno));
|
||||||
|
free(host);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -88,6 +90,7 @@ static bool setup_device(void) {
|
||||||
if(bind(device_fd, ai->ai_addr, ai->ai_addrlen)) {
|
if(bind(device_fd, ai->ai_addr, ai->ai_addrlen)) {
|
||||||
closesocket(device_fd);
|
closesocket(device_fd);
|
||||||
logger(LOG_ERR, "Can't bind to %s %s: %s", host, port, sockstrerror(sockerrno));
|
logger(LOG_ERR, "Can't bind to %s %s: %s", host, port, sockstrerror(sockerrno));
|
||||||
|
free(host);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -102,6 +105,7 @@ static bool setup_device(void) {
|
||||||
if(setsockopt(device_fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void *)&mreq, sizeof mreq)) {
|
if(setsockopt(device_fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void *)&mreq, sizeof mreq)) {
|
||||||
logger(LOG_ERR, "Cannot join multicast group %s %s: %s", host, port, sockstrerror(sockerrno));
|
logger(LOG_ERR, "Cannot join multicast group %s %s: %s", host, port, sockstrerror(sockerrno));
|
||||||
closesocket(device_fd);
|
closesocket(device_fd);
|
||||||
|
free(host);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
#ifdef IP_MULTICAST_LOOP
|
#ifdef IP_MULTICAST_LOOP
|
||||||
|
@ -123,6 +127,7 @@ static bool setup_device(void) {
|
||||||
if(setsockopt(device_fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, (void *)&mreq, sizeof mreq)) {
|
if(setsockopt(device_fd, IPPROTO_IPV6, IPV6_JOIN_GROUP, (void *)&mreq, sizeof mreq)) {
|
||||||
logger(LOG_ERR, "Cannot join multicast group %s %s: %s", host, port, sockstrerror(sockerrno));
|
logger(LOG_ERR, "Cannot join multicast group %s %s: %s", host, port, sockstrerror(sockerrno));
|
||||||
closesocket(device_fd);
|
closesocket(device_fd);
|
||||||
|
free(host);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
#ifdef IPV6_MULTICAST_LOOP
|
#ifdef IPV6_MULTICAST_LOOP
|
||||||
|
@ -135,11 +140,13 @@ static bool setup_device(void) {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
logger(LOG_ERR, "Multicast for address family %hx unsupported", ai->ai_family);
|
logger(LOG_ERR, "Multicast for address family %x unsupported", ai->ai_family);
|
||||||
closesocket(device_fd);
|
closesocket(device_fd);
|
||||||
|
free(host);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(host);
|
||||||
logger(LOG_INFO, "%s is a %s", device, device_info);
|
logger(LOG_INFO, "%s is a %s", device, device_info);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
19
src/net.c
19
src/net.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net.c -- most of the network code
|
net.c -- most of the network code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2011 Loïc Grenié <loic.grenie@gmail.com>
|
2011 Loïc Grenié <loic.grenie@gmail.com>
|
||||||
|
|
||||||
|
@ -41,6 +41,14 @@
|
||||||
#include "subnet.h"
|
#include "subnet.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
||||||
|
#ifdef HAVE_ARPA_NAMESER_H
|
||||||
|
#include <arpa/nameser.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_RESOLV_H
|
||||||
|
#include <resolv.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
bool do_purge = false;
|
bool do_purge = false;
|
||||||
volatile bool running = false;
|
volatile bool running = false;
|
||||||
#ifdef HAVE_PSELECT
|
#ifdef HAVE_PSELECT
|
||||||
|
@ -182,6 +190,12 @@ void terminate_connection(connection_t *c, bool report) {
|
||||||
closesocket(c->socket);
|
closesocket(c->socket);
|
||||||
|
|
||||||
if(c->edge) {
|
if(c->edge) {
|
||||||
|
if(!c->node) {
|
||||||
|
logger(LOG_ERR, "Connection to %s (%s) has an edge but node is NULL!", c->name, c->hostname);
|
||||||
|
// And that should never happen.
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
if(report && !tunnelserver)
|
if(report && !tunnelserver)
|
||||||
send_del_edge(everyone, c->edge);
|
send_del_edge(everyone, c->edge);
|
||||||
|
|
||||||
|
@ -494,6 +508,9 @@ int main_loop(void) {
|
||||||
avl_node_t *node;
|
avl_node_t *node;
|
||||||
logger(LOG_INFO, "Flushing event queue");
|
logger(LOG_INFO, "Flushing event queue");
|
||||||
expire_events();
|
expire_events();
|
||||||
|
#if HAVE_DECL_RES_INIT
|
||||||
|
res_init();
|
||||||
|
#endif
|
||||||
for(node = connection_tree->head; node; node = node->next) {
|
for(node = connection_tree->head; node; node = node->next) {
|
||||||
connection_t *c = node->data;
|
connection_t *c = node->data;
|
||||||
if(c->status.active)
|
if(c->status.active)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_packet.c -- Handles in- and outgoing VPN packets
|
net_packet.c -- Handles in- and outgoing VPN packets
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -269,7 +269,7 @@ static bool try_mac(const node_t *n, const vpn_packet_t *inpkt) {
|
||||||
|
|
||||||
HMAC(n->indigest, n->inkey, n->inkeylength, (unsigned char *) &inpkt->seqno, inpkt->len - n->inmaclength, (unsigned char *)hmac, NULL);
|
HMAC(n->indigest, n->inkey, n->inkeylength, (unsigned char *) &inpkt->seqno, inpkt->len - n->inmaclength, (unsigned char *)hmac, NULL);
|
||||||
|
|
||||||
return !memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - n->inmaclength, n->inmaclength);
|
return !memcmp_constant_time(hmac, (char *) &inpkt->seqno + inpkt->len - n->inmaclength, n->inmaclength);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
||||||
|
@ -302,7 +302,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
||||||
HMAC(n->indigest, n->inkey, n->inkeylength,
|
HMAC(n->indigest, n->inkey, n->inkeylength,
|
||||||
(unsigned char *) &inpkt->seqno, inpkt->len, (unsigned char *)hmac, NULL);
|
(unsigned char *) &inpkt->seqno, inpkt->len, (unsigned char *)hmac, NULL);
|
||||||
|
|
||||||
if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, n->inmaclength)) {
|
if(memcmp_constant_time(hmac, (char *) &inpkt->seqno + inpkt->len, n->inmaclength)) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Got unauthenticated packet from %s (%s)",
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Got unauthenticated packet from %s (%s)",
|
||||||
n->name, n->hostname);
|
n->name, n->hostname);
|
||||||
return;
|
return;
|
||||||
|
@ -664,7 +664,6 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
|
||||||
avl_node_t *node;
|
avl_node_t *node;
|
||||||
edge_t *e;
|
edge_t *e;
|
||||||
node_t *n = NULL;
|
node_t *n = NULL;
|
||||||
bool hard = false;
|
|
||||||
static time_t last_hard_try = 0;
|
static time_t last_hard_try = 0;
|
||||||
|
|
||||||
for(node = edge_weight_tree->head; node; node = node->next) {
|
for(node = edge_weight_tree->head; node; node = node->next) {
|
||||||
|
@ -673,11 +672,8 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
|
||||||
if(e->to == myself)
|
if(e->to == myself)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if(sockaddrcmp_noport(from, &e->address)) {
|
if(last_hard_try == now && sockaddrcmp_noport(from, &e->address))
|
||||||
if(last_hard_try == now)
|
|
||||||
continue;
|
continue;
|
||||||
hard = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!try_mac(e->to, pkt))
|
if(!try_mac(e->to, pkt))
|
||||||
continue;
|
continue;
|
||||||
|
@ -686,9 +682,6 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(hard)
|
|
||||||
last_hard_try = now;
|
|
||||||
|
|
||||||
last_hard_try = now;
|
last_hard_try = now;
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2010 Brandon Black <blblack@gmail.com>
|
2010 Brandon Black <blblack@gmail.com>
|
||||||
|
|
||||||
|
@ -165,23 +165,25 @@ static bool read_rsa_private_key(void) {
|
||||||
char *fname, *key, *pubkey;
|
char *fname, *key, *pubkey;
|
||||||
|
|
||||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
||||||
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
|
||||||
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
myself->connection->rsa_key = RSA_new();
|
myself->connection->rsa_key = RSA_new();
|
||||||
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
||||||
if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
|
if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
|
||||||
logger(LOG_ERR, "Invalid PrivateKey for myself!");
|
logger(LOG_ERR, "Invalid PrivateKey for myself!");
|
||||||
|
free(key);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
free(key);
|
||||||
|
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
||||||
|
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
|
if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
|
||||||
logger(LOG_ERR, "Invalid PublicKey for myself!");
|
logger(LOG_ERR, "Invalid PublicKey for myself!");
|
||||||
|
free(pubkey);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
|
||||||
free(key);
|
|
||||||
free(pubkey);
|
free(pubkey);
|
||||||
|
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -200,15 +202,12 @@ static bool read_rsa_private_key(void) {
|
||||||
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
|
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
|
||||||
struct stat s;
|
struct stat s;
|
||||||
|
|
||||||
if(fstat(fileno(fp), &s)) {
|
if(!fstat(fileno(fp), &s)) {
|
||||||
logger(LOG_ERR, "Could not stat RSA private key file `%s': %s'",
|
|
||||||
fname, strerror(errno));
|
|
||||||
free(fname);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(s.st_mode & ~0100700)
|
if(s.st_mode & ~0100700)
|
||||||
logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
|
logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
|
||||||
|
} else {
|
||||||
|
logger(LOG_WARNING, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
|
myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
|
||||||
|
@ -299,10 +298,12 @@ char *get_name(void) {
|
||||||
if(!envname) {
|
if(!envname) {
|
||||||
if(strcmp(name + 1, "HOST")) {
|
if(strcmp(name + 1, "HOST")) {
|
||||||
fprintf(stderr, "Invalid Name: environment variable %s does not exist\n", name + 1);
|
fprintf(stderr, "Invalid Name: environment variable %s does not exist\n", name + 1);
|
||||||
|
free(name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if(gethostname(hostname, sizeof hostname) || !*hostname) {
|
if(gethostname(hostname, sizeof hostname) || !*hostname) {
|
||||||
fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
|
fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
|
||||||
|
free(name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
hostname[31] = 0;
|
hostname[31] = 0;
|
||||||
|
@ -340,6 +341,7 @@ static bool setup_myself(void) {
|
||||||
bool choice;
|
bool choice;
|
||||||
int i, err;
|
int i, err;
|
||||||
int replaywin_int;
|
int replaywin_int;
|
||||||
|
bool port_specified = false;
|
||||||
|
|
||||||
myself = new_node();
|
myself = new_node();
|
||||||
myself->connection = new_connection();
|
myself->connection = new_connection();
|
||||||
|
@ -355,6 +357,8 @@ static bool setup_myself(void) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Read tinc.conf and our own host config file */
|
||||||
|
|
||||||
myself->name = name;
|
myself->name = name;
|
||||||
myself->connection->name = xstrdup(name);
|
myself->connection->name = xstrdup(name);
|
||||||
xasprintf(&fname, "%s/hosts/%s", confbase, name);
|
xasprintf(&fname, "%s/hosts/%s", confbase, name);
|
||||||
|
@ -367,6 +371,10 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
if(!get_config_string(lookup_config(config_tree, "Port"), &myport))
|
if(!get_config_string(lookup_config(config_tree, "Port"), &myport))
|
||||||
myport = xstrdup("655");
|
myport = xstrdup("655");
|
||||||
|
else
|
||||||
|
port_specified = true;
|
||||||
|
|
||||||
|
/* Ensure myport is numeric */
|
||||||
|
|
||||||
if(!atoi(myport)) {
|
if(!atoi(myport)) {
|
||||||
struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM);
|
struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM);
|
||||||
|
@ -378,8 +386,7 @@ static bool setup_myself(void) {
|
||||||
sockaddr2str(&sa, NULL, &myport);
|
sockaddr2str(&sa, NULL, &myport);
|
||||||
}
|
}
|
||||||
|
|
||||||
get_config_string(lookup_config(config_tree, "Proxy"), &proxy);
|
if(get_config_string(lookup_config(config_tree, "Proxy"), &proxy)) {
|
||||||
if(proxy) {
|
|
||||||
if((space = strchr(proxy, ' ')))
|
if((space = strchr(proxy, ' ')))
|
||||||
*space++ = 0;
|
*space++ = 0;
|
||||||
|
|
||||||
|
@ -397,6 +404,7 @@ static bool setup_myself(void) {
|
||||||
proxytype = PROXY_EXEC;
|
proxytype = PROXY_EXEC;
|
||||||
} else {
|
} else {
|
||||||
logger(LOG_ERR, "Unknown proxy type %s!", proxy);
|
logger(LOG_ERR, "Unknown proxy type %s!", proxy);
|
||||||
|
free(proxy);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -408,6 +416,7 @@ static bool setup_myself(void) {
|
||||||
case PROXY_EXEC:
|
case PROXY_EXEC:
|
||||||
if(!space || !*space) {
|
if(!space || !*space) {
|
||||||
logger(LOG_ERR, "Argument expected for proxy type exec!");
|
logger(LOG_ERR, "Argument expected for proxy type exec!");
|
||||||
|
free(proxy);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
proxyhost = xstrdup(space);
|
proxyhost = xstrdup(space);
|
||||||
|
@ -426,6 +435,7 @@ static bool setup_myself(void) {
|
||||||
*space++ = 0, proxypass = space;
|
*space++ = 0, proxypass = space;
|
||||||
if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
|
if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
|
||||||
logger(LOG_ERR, "Host and port argument expected for proxy!");
|
logger(LOG_ERR, "Host and port argument expected for proxy!");
|
||||||
|
free(proxy);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
proxyhost = xstrdup(proxyhost);
|
proxyhost = xstrdup(proxyhost);
|
||||||
|
@ -479,6 +489,7 @@ static bool setup_myself(void) {
|
||||||
routing_mode = RMODE_HUB;
|
routing_mode = RMODE_HUB;
|
||||||
else {
|
else {
|
||||||
logger(LOG_ERR, "Invalid routing mode!");
|
logger(LOG_ERR, "Invalid routing mode!");
|
||||||
|
free(mode);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
free(mode);
|
free(mode);
|
||||||
|
@ -493,6 +504,7 @@ static bool setup_myself(void) {
|
||||||
forwarding_mode = FMODE_KERNEL;
|
forwarding_mode = FMODE_KERNEL;
|
||||||
else {
|
else {
|
||||||
logger(LOG_ERR, "Invalid forwarding mode!");
|
logger(LOG_ERR, "Invalid forwarding mode!");
|
||||||
|
free(mode);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
free(mode);
|
free(mode);
|
||||||
|
@ -519,6 +531,7 @@ static bool setup_myself(void) {
|
||||||
broadcast_mode = BMODE_DIRECT;
|
broadcast_mode = BMODE_DIRECT;
|
||||||
else {
|
else {
|
||||||
logger(LOG_ERR, "Invalid broadcast mode!");
|
logger(LOG_ERR, "Invalid broadcast mode!");
|
||||||
|
free(mode);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
free(mode);
|
free(mode);
|
||||||
|
@ -571,6 +584,7 @@ static bool setup_myself(void) {
|
||||||
addressfamily = AF_UNSPEC;
|
addressfamily = AF_UNSPEC;
|
||||||
else {
|
else {
|
||||||
logger(LOG_ERR, "Invalid address family!");
|
logger(LOG_ERR, "Invalid address family!");
|
||||||
|
free(afname);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
free(afname);
|
free(afname);
|
||||||
|
@ -580,8 +594,7 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
/* Generate packet encryption key */
|
/* Generate packet encryption key */
|
||||||
|
|
||||||
if(get_config_string
|
if(get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
|
||||||
(lookup_config(config_tree, "Cipher"), &cipher)) {
|
|
||||||
if(!strcasecmp(cipher, "none")) {
|
if(!strcasecmp(cipher, "none")) {
|
||||||
myself->incipher = NULL;
|
myself->incipher = NULL;
|
||||||
} else {
|
} else {
|
||||||
|
@ -589,9 +602,11 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
if(!myself->incipher) {
|
if(!myself->incipher) {
|
||||||
logger(LOG_ERR, "Unrecognized cipher type!");
|
logger(LOG_ERR, "Unrecognized cipher type!");
|
||||||
|
free(cipher);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
free(cipher);
|
||||||
} else
|
} else
|
||||||
myself->incipher = EVP_bf_cbc();
|
myself->incipher = EVP_bf_cbc();
|
||||||
|
|
||||||
|
@ -617,9 +632,12 @@ static bool setup_myself(void) {
|
||||||
|
|
||||||
if(!myself->indigest) {
|
if(!myself->indigest) {
|
||||||
logger(LOG_ERR, "Unrecognized digest type!");
|
logger(LOG_ERR, "Unrecognized digest type!");
|
||||||
|
free(digest);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(digest);
|
||||||
} else
|
} else
|
||||||
myself->indigest = EVP_sha1();
|
myself->indigest = EVP_sha1();
|
||||||
|
|
||||||
|
@ -683,6 +701,7 @@ static bool setup_myself(void) {
|
||||||
else if(!strcasecmp(type, "vde"))
|
else if(!strcasecmp(type, "vde"))
|
||||||
devops = vde_devops;
|
devops = vde_devops;
|
||||||
#endif
|
#endif
|
||||||
|
free(type);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!devops.setup())
|
if(!devops.setup())
|
||||||
|
@ -812,13 +831,27 @@ static bool setup_myself(void) {
|
||||||
} while(cfg);
|
} while(cfg);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(listen_sockets)
|
if(!listen_sockets) {
|
||||||
logger(LOG_NOTICE, "Ready");
|
|
||||||
else {
|
|
||||||
logger(LOG_ERR, "Unable to create any listening socket!");
|
logger(LOG_ERR, "Unable to create any listening socket!");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If no Port option was specified, set myport to the port used by the first listening socket. */
|
||||||
|
|
||||||
|
if(!port_specified) {
|
||||||
|
sockaddr_t sa;
|
||||||
|
socklen_t salen = sizeof sa;
|
||||||
|
if(!getsockname(listen_socket[0].udp, &sa.sa, &salen)) {
|
||||||
|
free(myport);
|
||||||
|
sockaddr2str(&sa, NULL, &myport);
|
||||||
|
if(!myport)
|
||||||
|
myport = xstrdup("655");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Done. */
|
||||||
|
|
||||||
|
logger(LOG_NOTICE, "Ready");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_socket.c -- Handle various kinds of sockets.
|
net_socket.c -- Handle various kinds of sockets.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2006 Scott Lamb <slamb@slamb.org>
|
2006 Scott Lamb <slamb@slamb.org>
|
||||||
2009 Florian Forster <octo@verplant.org>
|
2009 Florian Forster <octo@verplant.org>
|
||||||
|
|
||||||
|
@ -94,13 +94,14 @@ static bool bind_to_interface(int sd) {
|
||||||
memset(&ifr, 0, sizeof(ifr));
|
memset(&ifr, 0, sizeof(ifr));
|
||||||
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
||||||
ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
|
ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
|
||||||
|
free(iface);
|
||||||
|
|
||||||
status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
|
status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
|
||||||
if(status) {
|
if(status) {
|
||||||
logger(LOG_ERR, "Can't bind to interface %s: %s", iface,
|
logger(LOG_ERR, "Can't bind to interface %s: %s", ifr.ifr_ifrn.ifrn_name, strerror(errno));
|
||||||
strerror(errno));
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
|
#else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
|
||||||
logger(LOG_WARNING, "%s not supported on this platform", "BindToInterface");
|
logger(LOG_WARNING, "%s not supported on this platform", "BindToInterface");
|
||||||
#endif
|
#endif
|
||||||
|
@ -135,20 +136,21 @@ int setup_listen_socket(const sockaddr_t *sa) {
|
||||||
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
|
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(get_config_string
|
if(get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) {
|
||||||
(lookup_config(config_tree, "BindToInterface"), &iface)) {
|
|
||||||
#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
|
#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
|
||||||
struct ifreq ifr;
|
struct ifreq ifr;
|
||||||
|
|
||||||
memset(&ifr, 0, sizeof(ifr));
|
memset(&ifr, 0, sizeof(ifr));
|
||||||
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
||||||
|
ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
|
||||||
|
free(iface);
|
||||||
|
|
||||||
if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
|
if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
|
||||||
closesocket(nfd);
|
closesocket(nfd);
|
||||||
logger(LOG_ERR, "Can't bind to interface %s: %s", iface,
|
logger(LOG_ERR, "Can't bind to interface %s: %s", ifr.ifr_ifrn.ifrn_name, strerror(sockerrno));
|
||||||
strerror(sockerrno));
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#else
|
#else
|
||||||
logger(LOG_WARNING, "%s not supported on this platform", "BindToInterface");
|
logger(LOG_WARNING, "%s not supported on this platform", "BindToInterface");
|
||||||
#endif
|
#endif
|
||||||
|
@ -238,8 +240,6 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
||||||
option = 1;
|
option = 1;
|
||||||
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
|
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
#warning No way to disable IPv4 fragmentation
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
||||||
|
@ -252,8 +252,6 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
||||||
option = 1;
|
option = 1;
|
||||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
|
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
#warning No way to disable IPv6 fragmentation
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!bind_to_interface(nfd)) {
|
if (!bind_to_interface(nfd)) {
|
||||||
|
@ -311,7 +309,7 @@ static void do_outgoing_pipe(connection_t *c, char *command) {
|
||||||
if(fork()) {
|
if(fork()) {
|
||||||
c->socket = fd[0];
|
c->socket = fd[0];
|
||||||
close(fd[1]);
|
close(fd[1]);
|
||||||
logger(LOG_DEBUG, "Using proxy %s", command);
|
ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Using proxy %s", command);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -407,7 +405,6 @@ begin:
|
||||||
|
|
||||||
if(!proxytype) {
|
if(!proxytype) {
|
||||||
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
|
c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
|
||||||
configure_tcp(c);
|
|
||||||
} else if(proxytype == PROXY_EXEC) {
|
} else if(proxytype == PROXY_EXEC) {
|
||||||
do_outgoing_pipe(c, proxyhost);
|
do_outgoing_pipe(c, proxyhost);
|
||||||
} else {
|
} else {
|
||||||
|
@ -416,7 +413,6 @@ begin:
|
||||||
goto begin;
|
goto begin;
|
||||||
ifdebug(CONNECTIONS) logger(LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
|
ifdebug(CONNECTIONS) logger(LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
|
||||||
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
|
c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
|
||||||
configure_tcp(c);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(c->socket == -1) {
|
if(c->socket == -1) {
|
||||||
|
@ -424,6 +420,9 @@ begin:
|
||||||
goto begin;
|
goto begin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(proxytype != PROXY_EXEC)
|
||||||
|
configure_tcp(c);
|
||||||
|
|
||||||
#ifdef FD_CLOEXEC
|
#ifdef FD_CLOEXEC
|
||||||
fcntl(c->socket, F_SETFD, FD_CLOEXEC);
|
fcntl(c->socket, F_SETFD, FD_CLOEXEC);
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -46,7 +46,7 @@ pid_t read_pid (const char *pidfile)
|
||||||
if(fscanf(f,"%20ld", &pid) != 1)
|
if(fscanf(f,"%20ld", &pid) != 1)
|
||||||
pid = 0;
|
pid = 0;
|
||||||
fclose(f);
|
fclose(f);
|
||||||
return pid;
|
return (pid_t)pid;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check_pid
|
/* check_pid
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_auth.c -- handle the meta-protocol, authentication
|
protocol_auth.c -- handle the meta-protocol, authentication
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -107,7 +107,7 @@ static bool send_proxyrequest(connection_t *c) {
|
||||||
i += 2;
|
i += 2;
|
||||||
c->tcplen += 22;
|
c->tcplen += 22;
|
||||||
} else {
|
} else {
|
||||||
logger(LOG_ERR, "Address family %hx not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
|
logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if(i > len)
|
if(i > len)
|
||||||
|
@ -215,7 +215,12 @@ bool send_metakey(connection_t *c) {
|
||||||
|
|
||||||
/* Copy random data to the buffer */
|
/* Copy random data to the buffer */
|
||||||
|
|
||||||
RAND_pseudo_bytes((unsigned char *)c->outkey, len);
|
if (1 != RAND_bytes((unsigned char *)c->outkey, len)) {
|
||||||
|
int err = ERR_get_error();
|
||||||
|
logger(LOG_ERR, "Failed to generate meta key (%s)", ERR_error_string(err, NULL));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* The message we send must be smaller than the modulus of the RSA key.
|
/* The message we send must be smaller than the modulus of the RSA key.
|
||||||
By definition, for a key of k bits, the following formula holds:
|
By definition, for a key of k bits, the following formula holds:
|
||||||
|
@ -391,7 +396,11 @@ bool send_challenge(connection_t *c) {
|
||||||
|
|
||||||
/* Copy random data to the buffer */
|
/* Copy random data to the buffer */
|
||||||
|
|
||||||
RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
|
if (1 != RAND_bytes((unsigned char *)c->hischallenge, len)) {
|
||||||
|
int err = ERR_get_error();
|
||||||
|
logger(LOG_ERR, "Failed to generate challenge (%s)", ERR_error_string(err, NULL));
|
||||||
|
return false; // Do not send predictable challenges, let connection attempt fail.
|
||||||
|
}
|
||||||
|
|
||||||
/* Convert to hex */
|
/* Convert to hex */
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_key.c -- handle the meta-protocol, key exchange
|
protocol_key.c -- handle the meta-protocol, key exchange
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -127,7 +127,8 @@ bool req_key_h(connection_t *c) {
|
||||||
/* Check if this key request is for us */
|
/* Check if this key request is for us */
|
||||||
|
|
||||||
if(to == myself) { /* Yes, send our own key back */
|
if(to == myself) { /* Yes, send our own key back */
|
||||||
send_ans_key(from);
|
if (!send_ans_key(from))
|
||||||
|
return false;
|
||||||
} else {
|
} else {
|
||||||
if(tunnelserver)
|
if(tunnelserver)
|
||||||
return true;
|
return true;
|
||||||
|
@ -156,7 +157,12 @@ bool send_ans_key(node_t *to) {
|
||||||
to->inkey = xrealloc(to->inkey, to->inkeylength);
|
to->inkey = xrealloc(to->inkey, to->inkeylength);
|
||||||
|
|
||||||
// Create a new key
|
// Create a new key
|
||||||
RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
|
if (1 != RAND_bytes((unsigned char *)to->inkey, to->inkeylength)) {
|
||||||
|
int err = ERR_get_error();
|
||||||
|
logger(LOG_ERR, "Failed to generate random for key (%s)", ERR_error_string(err, NULL));
|
||||||
|
return false; // Do not send insecure keys, let connection attempt fail.
|
||||||
|
}
|
||||||
|
|
||||||
if(to->incipher)
|
if(to->incipher)
|
||||||
EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
|
EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- raw socket
|
device.c -- raw socket
|
||||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||||
2002-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
#include "route.h"
|
#include "route.h"
|
||||||
#include "xalloc.h"
|
#include "xalloc.h"
|
||||||
|
|
||||||
#if defined(PF_PACKET) && defined(ETH_P_ALL) && defined(AF_PACKET)
|
#if defined(PF_PACKET) && defined(ETH_P_ALL) && defined(AF_PACKET) && defined(SIOCGIFINDEX)
|
||||||
static char *device_info;
|
static char *device_info;
|
||||||
|
|
||||||
static uint64_t device_total_in = 0;
|
static uint64_t device_total_in = 0;
|
||||||
|
@ -62,20 +62,21 @@ static bool setup_device(void) {
|
||||||
|
|
||||||
memset(&ifr, 0, sizeof(ifr));
|
memset(&ifr, 0, sizeof(ifr));
|
||||||
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
||||||
|
ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
|
||||||
|
|
||||||
if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) {
|
if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) {
|
||||||
close(device_fd);
|
close(device_fd);
|
||||||
logger(LOG_ERR, "Can't find interface %s: %s", iface,
|
logger(LOG_ERR, "Can't find interface %s: %s", ifr.ifr_ifrn.ifrn_name, strerror(errno));
|
||||||
strerror(errno));
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(&sa, '0', sizeof(sa));
|
memset(&sa, 0, sizeof(sa));
|
||||||
sa.sll_family = AF_PACKET;
|
sa.sll_family = AF_PACKET;
|
||||||
sa.sll_protocol = htons(ETH_P_ALL);
|
sa.sll_protocol = htons(ETH_P_ALL);
|
||||||
sa.sll_ifindex = ifr.ifr_ifindex;
|
sa.sll_ifindex = ifr.ifr_ifindex;
|
||||||
|
|
||||||
if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) {
|
if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) {
|
||||||
logger(LOG_ERR, "Could not bind %s to %s: %s", device, iface, strerror(errno));
|
logger(LOG_ERR, "Could not bind %s to %s: %s", device, ifr.ifr_ifrn.ifrn_name, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
route.c -- routing
|
route.c -- routing
|
||||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -197,7 +197,7 @@ static void learn_mac(mac_t *address) {
|
||||||
/* If we don't know this MAC address yet, store it */
|
/* If we don't know this MAC address yet, store it */
|
||||||
|
|
||||||
if(!subnet) {
|
if(!subnet) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_INFO, "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx",
|
ifdebug(TRAFFIC) logger(LOG_INFO, "Learned new MAC address %x:%x:%x:%x:%x:%x",
|
||||||
address->x[0], address->x[1], address->x[2], address->x[3],
|
address->x[0], address->x[1], address->x[2], address->x[3],
|
||||||
address->x[4], address->x[5]);
|
address->x[4], address->x[5]);
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction with Solaris tun device
|
device.c -- Interaction with Solaris tun device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2012 Guus Sliepen <guus@tinc-vpn.org>
|
2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
|
||||||
|
2001-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -18,98 +19,258 @@
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
#include "../system.h"
|
#include "../system.h"
|
||||||
|
|
||||||
#include <sys/stropts.h>
|
#include <sys/stropts.h>
|
||||||
#include <sys/sockio.h>
|
#include <sys/sockio.h>
|
||||||
#include <net/if_tun.h>
|
|
||||||
|
|
||||||
#include "../conf.h"
|
#include "../conf.h"
|
||||||
#include "../device.h"
|
#include "../device.h"
|
||||||
#include "../logger.h"
|
#include "../logger.h"
|
||||||
#include "../net.h"
|
#include "../net.h"
|
||||||
|
#include "../route.h"
|
||||||
#include "../utils.h"
|
#include "../utils.h"
|
||||||
#include "../xalloc.h"
|
#include "../xalloc.h"
|
||||||
|
|
||||||
#define DEFAULT_DEVICE "/dev/tun"
|
#ifndef TUNNEWPPA
|
||||||
|
#warning Missing net/if_tun.h, using hardcoded value for TUNNEWPPA
|
||||||
|
#define TUNNEWPPA (('T'<<16) | 0x0001)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define DEFAULT_TUN_DEVICE "/dev/tun"
|
||||||
|
#define DEFAULT_TAP_DEVICE "/dev/tap"
|
||||||
|
|
||||||
|
static enum {
|
||||||
|
DEVICE_TYPE_TUN,
|
||||||
|
DEVICE_TYPE_TAP,
|
||||||
|
} device_type = DEVICE_TYPE_TUN;
|
||||||
|
|
||||||
int device_fd = -1;
|
int device_fd = -1;
|
||||||
static int ip_fd = -1, if_fd = -1;
|
static int if_fd = -1;
|
||||||
|
static int ip_fd = -1;
|
||||||
char *device = NULL;
|
char *device = NULL;
|
||||||
char *iface = NULL;
|
char *iface = NULL;
|
||||||
static char *device_info = NULL;
|
static char *device_info = NULL;
|
||||||
|
|
||||||
static uint64_t device_total_in = 0;
|
uint64_t device_total_in = 0;
|
||||||
static uint64_t device_total_out = 0;
|
uint64_t device_total_out = 0;
|
||||||
|
|
||||||
static bool setup_device(void) {
|
static bool setup_device(void) {
|
||||||
int ppa;
|
char *type;
|
||||||
char *ptr;
|
|
||||||
|
|
||||||
if(!get_config_string(lookup_config(config_tree, "Device"), &device))
|
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
|
||||||
device = xstrdup(DEFAULT_DEVICE);
|
if(routing_mode == RMODE_ROUTER)
|
||||||
|
device = xstrdup(DEFAULT_TUN_DEVICE);
|
||||||
if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) {
|
else
|
||||||
logger(LOG_ERR, "Could not open %s: %s", device, strerror(errno));
|
device = xstrdup(DEFAULT_TAP_DEVICE);
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef FD_CLOEXEC
|
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
||||||
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
|
if(!strcasecmp(type, "tun"))
|
||||||
#endif
|
/* use default */;
|
||||||
|
else if(!strcasecmp(type, "tap"))
|
||||||
|
device_type = DEVICE_TYPE_TAP;
|
||||||
|
else {
|
||||||
|
logger(LOG_ERR, "Unknown device type %s!", type);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
|
||||||
|
device_type = DEVICE_TYPE_TAP;
|
||||||
|
}
|
||||||
|
|
||||||
ppa = 0;
|
if(device_type == DEVICE_TYPE_TUN)
|
||||||
|
device_info = "Solaris tun device";
|
||||||
|
else
|
||||||
|
device_info = "Solaris tap device";
|
||||||
|
|
||||||
ptr = device;
|
/* The following is black magic copied from OpenVPN. */
|
||||||
while(*ptr && !isdigit((int) *ptr))
|
|
||||||
ptr++;
|
|
||||||
ppa = atoi(ptr);
|
|
||||||
|
|
||||||
if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) {
|
if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) {
|
||||||
logger(LOG_ERR, "Could not open /dev/ip: %s", strerror(errno));
|
logger(LOG_ERR, "Could not open %s: %s\n", "/dev/ip", strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef FD_CLOEXEC
|
if((device_fd = open(device, O_RDWR, 0)) < 0) {
|
||||||
fcntl(ip_fd, F_SETFD, FD_CLOEXEC);
|
logger(LOG_ERR, "Could not open %s: %s\n", device, strerror(errno));
|
||||||
#endif
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get unit number. */
|
||||||
|
|
||||||
|
char *ptr = device;
|
||||||
|
get_config_string(lookup_config(config_tree, "Interface"), &ptr);
|
||||||
|
|
||||||
|
while(*ptr && !isdigit(*ptr))
|
||||||
|
ptr++;
|
||||||
|
int ppa = atoi(ptr);
|
||||||
|
|
||||||
/* Assign a new PPA and get its unit number. */
|
/* Assign a new PPA and get its unit number. */
|
||||||
if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) {
|
|
||||||
logger(LOG_ERR, "Can't assign new interface: %s", strerror(errno));
|
struct strioctl strioc_ppa = {
|
||||||
|
.ic_cmd = TUNNEWPPA,
|
||||||
|
.ic_len = sizeof ppa,
|
||||||
|
.ic_dp = (char *)&ppa,
|
||||||
|
};
|
||||||
|
|
||||||
|
if(!*ptr) { /* no number given, try dynamic */
|
||||||
|
bool found = false;
|
||||||
|
while(!found && ppa < 64) {
|
||||||
|
int new_ppa = ioctl(device_fd, I_STR, &strioc_ppa);
|
||||||
|
if(new_ppa >= 0) {
|
||||||
|
ppa = new_ppa;
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
ppa++;
|
||||||
|
}
|
||||||
|
if(!found) {
|
||||||
|
logger(LOG_ERR, "Could not find free PPA for %s %s!", device_info, device);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
} else { /* try this particular one */
|
||||||
|
if((ppa = ioctl(device_fd, I_STR, &strioc_ppa)) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not assign PPA %d for %s %s!", ppa, device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if((if_fd = open(device, O_RDWR, 0)) < 0) {
|
if((if_fd = open(device, O_RDWR, 0)) < 0) {
|
||||||
logger(LOG_ERR, "Could not open %s twice: %s", device,
|
logger(LOG_ERR, "Could not open %s: %s\n", device, strerror(errno));
|
||||||
strerror(errno));
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef FD_CLOEXEC
|
|
||||||
fcntl(if_fd, F_SETFD, FD_CLOEXEC);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(ioctl(if_fd, I_PUSH, "ip") < 0) {
|
if(ioctl(if_fd, I_PUSH, "ip") < 0) {
|
||||||
logger(LOG_ERR, "Can't push IP module: %s", strerror(errno));
|
logger(LOG_ERR, "Could not push IP module onto %s %s!", device_info, device);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
xasprintf(&iface, "%s%d", device_type == DEVICE_TYPE_TUN ? "tun" : "tap", ppa);
|
||||||
|
|
||||||
|
{
|
||||||
|
/* Remove muxes just in case they are left over from a crashed tincd */
|
||||||
|
struct lifreq ifr = {};
|
||||||
|
strncpy(ifr.lifr_name, iface, sizeof ifr.lifr_name);
|
||||||
|
if(ioctl(ip_fd, SIOCGLIFMUXID, &ifr) >= 0) {
|
||||||
|
int muxid = ifr.lifr_arp_muxid;
|
||||||
|
ioctl(ip_fd, I_PUNLINK, muxid);
|
||||||
|
muxid = ifr.lifr_ip_muxid;
|
||||||
|
ioctl(ip_fd, I_PUNLINK, muxid);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device_type == DEVICE_TYPE_TUN) {
|
||||||
/* Assign ppa according to the unit number returned by tun device */
|
/* Assign ppa according to the unit number returned by tun device */
|
||||||
if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0) {
|
if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0) {
|
||||||
logger(LOG_ERR, "Can't set PPA %d: %s", ppa, strerror(errno));
|
logger(LOG_ERR, "Could not set PPA %d on %s %s!", ppa, device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int arp_fd = -1;
|
||||||
|
|
||||||
|
if(device_type == DEVICE_TYPE_TAP) {
|
||||||
|
struct lifreq ifr = {};
|
||||||
|
|
||||||
|
if(ioctl(if_fd, SIOCGLIFFLAGS, &ifr) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not set flags on %s %s!", device_info, device);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ioctl(ip_fd, I_LINK, if_fd) < 0) {
|
strncpy(ifr.lifr_name, iface, sizeof(ifr.lifr_name));
|
||||||
logger(LOG_ERR, "Can't link TUN device to IP: %s", strerror(errno));
|
ifr.lifr_ppa = ppa;
|
||||||
|
|
||||||
|
/* Assign ppa according to the unit number returned by tun device */
|
||||||
|
if(ioctl(if_fd, SIOCSLIFNAME, &ifr) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not set PPA %d on %s %s!", ppa, device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if(ioctl(if_fd, SIOCGLIFFLAGS, &ifr) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not set flags on %s %s!", device_info, device);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
/* Push arp module to if_fd */
|
||||||
xasprintf(&iface, "tun%d", ppa);
|
if(ioctl(if_fd, I_PUSH, "arp") < 0) {
|
||||||
|
logger(LOG_ERR, "Could not push ARP module onto %s %s!", device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
device_info = "Solaris tun device";
|
/* Pop any modules on the stream */
|
||||||
|
while(true) {
|
||||||
|
if(ioctl(ip_fd, I_POP, NULL) < 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Push arp module to ip_fd */
|
||||||
|
if(ioctl(ip_fd, I_PUSH, "arp") < 0) {
|
||||||
|
logger(LOG_ERR, "Could not push ARP module onto %s!", "/dev/ip");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Open arp_fd */
|
||||||
|
if((arp_fd = open(device, O_RDWR, 0)) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not open %s: %s\n", device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Push arp module to arp_fd */
|
||||||
|
if(ioctl(arp_fd, I_PUSH, "arp") < 0) {
|
||||||
|
logger(LOG_ERR, "Could not push ARP module onto %s %s!", device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set ifname to arp */
|
||||||
|
struct strioctl strioc_if = {
|
||||||
|
.ic_cmd = SIOCSLIFNAME,
|
||||||
|
.ic_len = sizeof ifr,
|
||||||
|
.ic_dp = (char *)&ifr,
|
||||||
|
};
|
||||||
|
|
||||||
|
if(ioctl(arp_fd, I_STR, &strioc_if) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not set ifname to %s %s", device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int ip_muxid, arp_muxid;
|
||||||
|
|
||||||
|
if((ip_muxid = ioctl(ip_fd, I_PLINK, if_fd)) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not link %s %s to IP", device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device_type == DEVICE_TYPE_TAP) {
|
||||||
|
if((arp_muxid = ioctl(ip_fd, I_PLINK, arp_fd)) < 0) {
|
||||||
|
logger(LOG_ERR, "Could not link %s %s to ARP", device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
close(arp_fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
struct lifreq ifr = {};
|
||||||
|
strncpy(ifr.lifr_name, iface, sizeof(ifr.lifr_name));
|
||||||
|
ifr.lifr_ip_muxid = ip_muxid;
|
||||||
|
if(device_type == DEVICE_TYPE_TAP) {
|
||||||
|
ifr.lifr_arp_muxid = arp_muxid;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(ioctl(ip_fd, SIOCSLIFMUXID, &ifr) < 0) {
|
||||||
|
if(device_type == DEVICE_TYPE_TAP) {
|
||||||
|
ioctl(ip_fd, I_PUNLINK, arp_muxid);
|
||||||
|
}
|
||||||
|
ioctl(ip_fd, I_PUNLINK, ip_muxid);
|
||||||
|
logger(LOG_ERR, "Could not set multiplexor id for %s %s", device_info, device);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
close(if_fd);
|
||||||
|
|
||||||
|
#ifdef FD_CLOEXEC
|
||||||
|
fcntl(device_fd, F_SETFD, FD_CLOEXEC);
|
||||||
|
fcntl(ip_fd, F_SETFD, FD_CLOEXEC);
|
||||||
|
#endif
|
||||||
|
|
||||||
logger(LOG_INFO, "%s is a %s", device, device_info);
|
logger(LOG_INFO, "%s is a %s", device, device_info);
|
||||||
|
|
||||||
|
@ -117,7 +278,17 @@ static bool setup_device(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void close_device(void) {
|
static void close_device(void) {
|
||||||
close(if_fd);
|
if(iface) {
|
||||||
|
struct lifreq ifr = {};
|
||||||
|
strncpy(ifr.lifr_name, iface, sizeof ifr.lifr_name);
|
||||||
|
if(ioctl(ip_fd, SIOCGLIFMUXID, &ifr) >= 0) {
|
||||||
|
int muxid = ifr.lifr_arp_muxid;
|
||||||
|
ioctl(ip_fd, I_PUNLINK, muxid);
|
||||||
|
muxid = ifr.lifr_ip_muxid;
|
||||||
|
ioctl(ip_fd, I_PUNLINK, muxid);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
close(ip_fd);
|
close(ip_fd);
|
||||||
close(device_fd);
|
close(device_fd);
|
||||||
|
|
||||||
|
@ -126,11 +297,12 @@ static void close_device(void) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool read_packet(vpn_packet_t *packet) {
|
static bool read_packet(vpn_packet_t *packet) {
|
||||||
int lenin;
|
int inlen;
|
||||||
|
|
||||||
if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) {
|
switch(device_type) {
|
||||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
case DEVICE_TYPE_TUN:
|
||||||
device, strerror(errno));
|
if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) {
|
||||||
|
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -144,32 +316,55 @@ static bool read_packet(vpn_packet_t *packet) {
|
||||||
packet->data[13] = 0xDD;
|
packet->data[13] = 0xDD;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
ifdebug(TRAFFIC) logger(LOG_ERR,
|
ifdebug(TRAFFIC) logger(LOG_ERR, "Unknown IP version %d while reading packet from %s %s", packet->data[14] >> 4, device_info, device);
|
||||||
"Unknown IP version %d while reading packet from %s %s",
|
|
||||||
packet->data[14] >> 4, device_info, device);
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(packet->data, 0, 12);
|
memset(packet->data, 0, 12);
|
||||||
packet->len = lenin + 14;
|
packet->len = inlen + 14;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case DEVICE_TYPE_TAP:
|
||||||
|
if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
|
||||||
|
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
packet->len = inlen + 14;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
device_total_in += packet->len;
|
device_total_in += packet->len;
|
||||||
|
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Read packet of %d bytes from %s", packet->len,
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Read packet of %d bytes from %s", packet->len, device_info);
|
||||||
device_info);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool write_packet(vpn_packet_t *packet) {
|
static bool write_packet(vpn_packet_t *packet) {
|
||||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s",
|
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info);
|
||||||
packet->len, device_info);
|
|
||||||
|
|
||||||
|
switch(device_type) {
|
||||||
|
case DEVICE_TYPE_TUN:
|
||||||
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
|
||||||
logger(LOG_ERR, "Can't write to %s %s: %s", device_info,
|
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||||
device, strerror(errno));
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case DEVICE_TYPE_TAP:
|
||||||
|
if(write(device_fd, packet->data, packet->len) < 0) {
|
||||||
|
logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
device_total_out += packet->len;
|
device_total_out += packet->len;
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
subnet.c -- handle subnet lookups and lists
|
subnet.c -- handle subnet lookups and lists
|
||||||
Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -351,7 +351,7 @@ bool net2str(char *netstr, int len, const subnet_t *subnet) {
|
||||||
|
|
||||||
switch (subnet->type) {
|
switch (subnet->type) {
|
||||||
case SUBNET_MAC:
|
case SUBNET_MAC:
|
||||||
snprintf(netstr, len, "%hx:%hx:%hx:%hx:%hx:%hx#%d",
|
snprintf(netstr, len, "%x:%x:%x:%x:%x:%x#%d",
|
||||||
subnet->net.mac.address.x[0],
|
subnet->net.mac.address.x[0],
|
||||||
subnet->net.mac.address.x[1],
|
subnet->net.mac.address.x[1],
|
||||||
subnet->net.mac.address.x[2],
|
subnet->net.mac.address.x[2],
|
||||||
|
@ -362,7 +362,7 @@ bool net2str(char *netstr, int len, const subnet_t *subnet) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUBNET_IPV4:
|
case SUBNET_IPV4:
|
||||||
snprintf(netstr, len, "%hu.%hu.%hu.%hu/%d#%d",
|
snprintf(netstr, len, "%u.%u.%u.%u/%d#%d",
|
||||||
subnet->net.ipv4.address.x[0],
|
subnet->net.ipv4.address.x[0],
|
||||||
subnet->net.ipv4.address.x[1],
|
subnet->net.ipv4.address.x[1],
|
||||||
subnet->net.ipv4.address.x[2],
|
subnet->net.ipv4.address.x[2],
|
||||||
|
@ -372,7 +372,7 @@ bool net2str(char *netstr, int len, const subnet_t *subnet) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SUBNET_IPV6:
|
case SUBNET_IPV6:
|
||||||
snprintf(netstr, len, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d#%d",
|
snprintf(netstr, len, "%x:%x:%x:%x:%x:%x:%x:%x/%d#%d",
|
||||||
ntohs(subnet->net.ipv6.address.x[0]),
|
ntohs(subnet->net.ipv6.address.x[0]),
|
||||||
ntohs(subnet->net.ipv6.address.x[1]),
|
ntohs(subnet->net.ipv6.address.x[1]),
|
||||||
ntohs(subnet->net.ipv6.address.x[2]),
|
ntohs(subnet->net.ipv6.address.x[2]),
|
||||||
|
|
37
src/tincd.c
37
src/tincd.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
tincd.c -- the main file for tincd
|
tincd.c -- the main file for tincd
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2008 Max Rijevski <maksuf@gmail.com>
|
2008 Max Rijevski <maksuf@gmail.com>
|
||||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||||
2010 Julien Muchembled <jm@jmuchemb.eu>
|
2010 Julien Muchembled <jm@jmuchemb.eu>
|
||||||
|
@ -162,6 +162,11 @@ static bool parse_options(int argc, char **argv) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'c': /* config file */
|
case 'c': /* config file */
|
||||||
|
if(confbase) {
|
||||||
|
fprintf(stderr, "Only one configuration directory can be given.\n");
|
||||||
|
usage(true);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
confbase = xstrdup(optarg);
|
confbase = xstrdup(optarg);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -229,6 +234,11 @@ static bool parse_options(int argc, char **argv) {
|
||||||
|
|
||||||
case 'n': /* net name given */
|
case 'n': /* net name given */
|
||||||
/* netname "." is special: a "top-level name" */
|
/* netname "." is special: a "top-level name" */
|
||||||
|
if(netname) {
|
||||||
|
fprintf(stderr, "Only one netname can be given.\n");
|
||||||
|
usage(true);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
netname = strcmp(optarg, ".") != 0 ? xstrdup(optarg) : NULL;
|
netname = strcmp(optarg, ".") != 0 ? xstrdup(optarg) : NULL;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -281,11 +291,22 @@ static bool parse_options(int argc, char **argv) {
|
||||||
use_logfile = true;
|
use_logfile = true;
|
||||||
if(!optarg && optind < argc && *argv[optind] != '-')
|
if(!optarg && optind < argc && *argv[optind] != '-')
|
||||||
optarg = argv[optind++];
|
optarg = argv[optind++];
|
||||||
if(optarg)
|
if(optarg) {
|
||||||
|
if(logfilename) {
|
||||||
|
fprintf(stderr, "Only one logfile can be given.\n");
|
||||||
|
usage(true);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
logfilename = xstrdup(optarg);
|
logfilename = xstrdup(optarg);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 5: /* write PID to a file */
|
case 5: /* write PID to a file */
|
||||||
|
if(pidfilename) {
|
||||||
|
fprintf(stderr, "Only one pidfile can be given.\n");
|
||||||
|
usage(true);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
pidfilename = xstrdup(optarg);
|
pidfilename = xstrdup(optarg);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -350,7 +371,6 @@ static void indicator(int a, int b, void *p) {
|
||||||
static bool keygen(int bits) {
|
static bool keygen(int bits) {
|
||||||
RSA *rsa_key;
|
RSA *rsa_key;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
char *name = get_name();
|
|
||||||
char *pubname, *privname;
|
char *pubname, *privname;
|
||||||
|
|
||||||
fprintf(stderr, "Generating %d bits keys:\n", bits);
|
fprintf(stderr, "Generating %d bits keys:\n", bits);
|
||||||
|
@ -378,10 +398,14 @@ static bool keygen(int bits) {
|
||||||
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
|
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
|
||||||
fclose(f);
|
fclose(f);
|
||||||
|
|
||||||
if(name)
|
char *name = get_name();
|
||||||
|
|
||||||
|
if(name) {
|
||||||
xasprintf(&pubname, "%s/hosts/%s", confbase, name);
|
xasprintf(&pubname, "%s/hosts/%s", confbase, name);
|
||||||
else
|
free(name);
|
||||||
|
} else {
|
||||||
xasprintf(&pubname, "%s/rsa_key.pub", confbase);
|
xasprintf(&pubname, "%s/rsa_key.pub", confbase);
|
||||||
|
}
|
||||||
|
|
||||||
f = ask_and_open(pubname, "public RSA key");
|
f = ask_and_open(pubname, "public RSA key");
|
||||||
free(pubname);
|
free(pubname);
|
||||||
|
@ -392,7 +416,6 @@ static bool keygen(int bits) {
|
||||||
fputc('\n', f);
|
fputc('\n', f);
|
||||||
PEM_write_RSAPublicKey(f, rsa_key);
|
PEM_write_RSAPublicKey(f, rsa_key);
|
||||||
fclose(f);
|
fclose(f);
|
||||||
free(name);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -526,7 +549,7 @@ int main(int argc, char **argv) {
|
||||||
if(show_version) {
|
if(show_version) {
|
||||||
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
||||||
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
||||||
printf("Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen and others.\n"
|
printf("Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||||
"See the AUTHORS file for a complete list.\n\n"
|
"See the AUTHORS file for a complete list.\n\n"
|
||||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||||
"and you are welcome to redistribute it under certain conditions;\n"
|
"and you are welcome to redistribute it under certain conditions;\n"
|
||||||
|
|
17
src/utils.c
17
src/utils.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
utils.c -- gathering of some stupid small functions
|
utils.c -- gathering of some stupid small functions
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans
|
Copyright (C) 1999-2005 Ivo Timmermans
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -78,3 +78,18 @@ unsigned int bitfield_to_int(const void *bitfield, size_t size) {
|
||||||
memcpy(&value, bitfield, size);
|
memcpy(&value, bitfield, size);
|
||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* As memcmp(), but constant-time.
|
||||||
|
* Returns 0 when data is equal, non-zero otherwise.
|
||||||
|
*/
|
||||||
|
int memcmp_constant_time (const void *a, const void *b, size_t size) {
|
||||||
|
const uint8_t *a1 = a, *b1 = b;
|
||||||
|
int ret = 0;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i = 0; i < size; i++)
|
||||||
|
ret |= *a1++ ^ *b1++;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
utils.h -- header file for utils.c
|
utils.h -- header file for utils.c
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans
|
Copyright (C) 1999-2005 Ivo Timmermans
|
||||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -42,4 +42,6 @@ extern const char *winerror(int);
|
||||||
|
|
||||||
extern unsigned int bitfield_to_int(const void *bitfield, size_t size);
|
extern unsigned int bitfield_to_int(const void *bitfield, size_t size);
|
||||||
|
|
||||||
|
int memcmp_constant_time (const void *a, const void *b, size_t size);
|
||||||
|
|
||||||
#endif /* __TINC_UTILS_H__ */
|
#endif /* __TINC_UTILS_H__ */
|
||||||
|
|
|
@ -113,6 +113,9 @@ char *xstrdup(const char *s)
|
||||||
{
|
{
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
|
if(!s)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
p = strdup(s);
|
p = strdup(s);
|
||||||
if(!p)
|
if(!p)
|
||||||
xalloc_fail ((int)strlen(s));
|
xalloc_fail ((int)strlen(s));
|
||||||
|
|
Loading…
Reference in a new issue