Import Upstream version 1.0.14
This commit is contained in:
parent
3f0ae998e8
commit
d906f6f9b0
50 changed files with 1593 additions and 753 deletions
3
AUTHORS
3
AUTHORS
|
@ -8,6 +8,9 @@ Significant contributions from:
|
|||
- Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||
- Max Rijevski <maksuf@gmail.com>
|
||||
- Scott Lamb <slamb@slamb.org>
|
||||
- Julien Muchembled <jm@jmuchemb.eu>
|
||||
- Timothy Redaelli <timothy@redaelli.eu>
|
||||
- Brandon Black <blblack@gmail.com>
|
||||
|
||||
These files are from other sources:
|
||||
* lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from
|
||||
|
|
441
ChangeLog
441
ChangeLog
|
@ -1,3 +1,444 @@
|
|||
commit f3f7ccfb2890576cb8992ec5e432310cec27627a
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 23:15:25 2011 +0200
|
||||
|
||||
Releasing 1.0.14.
|
||||
|
||||
commit 0d906489f2ce9faf81dc230f7db6ab5378573554
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 23:12:44 2011 +0200
|
||||
|
||||
Include <inttypes.h> when using intptr_t.
|
||||
|
||||
commit dc887f5011834d5a9a6ec5deb8781c6bfd88c474
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 23:12:06 2011 +0200
|
||||
|
||||
Ensure proper linking with OpenSSL with recent versions of MinGW.
|
||||
|
||||
commit 67766d65f06854ee894d784f638c5c9cd2b50bca
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 21:22:20 2011 +0200
|
||||
|
||||
Update THANKS and copyright information.
|
||||
|
||||
commit 6e6b037ef4fd9877aeb1d947da7364409fa8cbb7
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 21:06:06 2011 +0200
|
||||
|
||||
Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
|
||||
|
||||
The latter function disappeared, and wasn't actually used in tinc, so now we
|
||||
check on a function that we do use.
|
||||
|
||||
commit 257cb6ac60bb0924720de9e252cdf7f4759bf741
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 12:40:44 2011 +0200
|
||||
|
||||
Always use the default signal handler for ABRT signals.
|
||||
|
||||
This will allow coredumps to be generated when tinc is daemonized.
|
||||
Also add the -kABRT option.
|
||||
|
||||
commit eacb5a28fb4c1515633f2b8a206e7067bc7b8f0c
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun May 8 12:16:26 2011 +0200
|
||||
|
||||
Increase threshold for detecting two nodes with the same Name.
|
||||
|
||||
In commit 4a21aabada23d1d2c8a10f54dd7248171c4ec82f, code was added to detect
|
||||
contradicting ADD_EDGE and DEL_EDGE messages being sent, which is an indication
|
||||
of two nodes with the same Name connected to the same VPN. However, these
|
||||
contradictory messages can also happen when there is a network partitioning. In
|
||||
the former case a loop happens which causes many contradictory message, while
|
||||
in the latter case only a few of those messages will be sent. So, now we
|
||||
increase the threshold to at least 10 of both ADD_EDGE and DEL_EDGE messages.
|
||||
|
||||
commit f11c6101f30df645223920bef3eb7592de9bcb79
|
||||
Author: Julien Muchembled <jm@jmuchemb.eu>
|
||||
Date: Thu Apr 28 13:21:55 2011 +0200
|
||||
|
||||
Fix command-line '-o' option for host configuration
|
||||
|
||||
This fixes a regression introduced by commit 667b1ba while refactoring option
|
||||
parsing code.
|
||||
|
||||
commit 0aa86d4b8b3010522e6de8842f5bd29004ba3df6
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Mar 9 09:34:56 2011 +0100
|
||||
|
||||
Do not set indirect flag on edges from nodes with multiple addresses.
|
||||
|
||||
Since tinc now handles UDP packets with a different source address and port
|
||||
than used for TCP connections, the heuristic to treat edges as indirect when
|
||||
tinc could detect that multiple addresses were used does not make sense
|
||||
anymore, and can actually reduce performance.
|
||||
|
||||
commit 7cf68b5e35c002511cc7468967de6a75934cc998
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Feb 18 23:11:43 2011 +0100
|
||||
|
||||
Prevent anything from updating our own UDP address.
|
||||
|
||||
Because we don't want to keep track of that, and this will cause the node
|
||||
structure from being relinked into the node tree, which results in myself
|
||||
pointing to an invalid address.
|
||||
|
||||
commit cdbbbfabea173894bd2fb5f28135a04ddc5e3fd7
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Feb 18 23:02:11 2011 +0100
|
||||
|
||||
Fix spurious misidentification of incoming UDP packets.
|
||||
|
||||
When a UDP packet was received with an unknown source address/port, and if it
|
||||
failed a HMAC check against known keys, it could still incorrectly assign that
|
||||
UDP address to another node. This would temporarily cause outgoing UDP packets
|
||||
to go to the wrong destination address, until packets from the correct address
|
||||
were received again.
|
||||
|
||||
commit 046d83bf91e01bc7a32e66a02758caf228bc4601
|
||||
Author: Rumko <rumko@rumko.net>
|
||||
Date: Sat Feb 12 18:22:14 2011 +0100
|
||||
|
||||
DragonFlyBSD support
|
||||
|
||||
* added DragonFly BSD support
|
||||
* added a check for sys/resource.h (needed on DragonFly)
|
||||
|
||||
commit f017c7f98f8f68d6ca50ebe247f4115aadd93635
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Mon Feb 7 18:34:55 2011 +0100
|
||||
|
||||
Add support for VDE through libvdeplug.
|
||||
|
||||
When compiled with vde/device.c, tinc will connect to a vde_switch instance
|
||||
instead of using a tun/tap device.
|
||||
|
||||
commit 8d18cc6c4e625625a2437d26c587f9f382a0c589
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Jan 29 10:49:44 2011 +0100
|
||||
|
||||
Fix typo spotted by Andrew Scheller.
|
||||
|
||||
commit b3731c04097e66a6b8908bb893c5da831d89c04d
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Wed Jan 12 20:57:14 2011 +0100
|
||||
|
||||
Proper check and dropin replacement for usleep().
|
||||
|
||||
commit 4b8a5993036fccc2108fcc2550649d9b78fb1ab7
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 17:25:24 2011 +0100
|
||||
|
||||
Update the NEWS.
|
||||
|
||||
commit c228da54d47657811dfb679e7f138cbba58a9f67
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 17:25:03 2011 +0100
|
||||
|
||||
Update the manual.
|
||||
|
||||
commit 4575c6c7dffe228ce302776022a2075b7ef37ab0
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 17:24:23 2011 +0100
|
||||
|
||||
Document the behavior of "-n."
|
||||
|
||||
commit 6c05bf082b1ce9acfc0ebb5c6f32c2ece41c7f80
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 16:59:42 2011 +0100
|
||||
|
||||
Remove unused variables.
|
||||
|
||||
commit 6a51d89cf706bcefce1861a1a66d40ef7d7db43b
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 16:55:42 2011 +0100
|
||||
|
||||
Replace bogus #else with #endif.
|
||||
|
||||
Found by cppcheck, which complained about lenin not being initialized, but the
|
||||
real problem is that reading packets would fail when using code compiled with
|
||||
--tunemu on a normal tun device.
|
||||
|
||||
commit d7636352ce359e807b392a6e5ac0a6aeff4a63d2
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 16:52:36 2011 +0100
|
||||
|
||||
Limit field width when scanning PID file.
|
||||
|
||||
Cppcheck warns that scanf() might otherwise crash when presented with a huge,
|
||||
bogus PID file.
|
||||
|
||||
commit 3ce5e292da8bab3a1316faf1ca18625f05074467
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 16:50:24 2011 +0100
|
||||
|
||||
Close all filedescriptors in Solaris close_device().
|
||||
|
||||
commit f99661a4ca5bacff47239ce7978b9c9948917c54
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Jan 2 15:02:23 2011 +0100
|
||||
|
||||
Always send MTU probes at least once every PingInterval.
|
||||
|
||||
Before, if MTU probes failed, tinc would stop sending probes until the next
|
||||
time keys were regenerated (by default, once every hour). Now it continues to
|
||||
send them every PingInterval, so it recovers faster from temporary failures.
|
||||
|
||||
commit cac0a5c651535e8317839b0deff1ee98086a8184
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 20 14:31:11 2010 +0000
|
||||
|
||||
Use setpriority() instead of nice() on UNIX-like systems.
|
||||
|
||||
The return value of nice() can not reliably indicate errors. The return value
|
||||
of the setpriority() call is well-defined.
|
||||
|
||||
commit d91903ef3c2a1f4481ae8757bb2b14282f2b7e68
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Nov 16 17:28:41 2010 +0100
|
||||
|
||||
Attribution for Brandon Black.
|
||||
|
||||
commit e764ff7be9949c91865aff72844357e76ae6dd78
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Nov 16 16:45:36 2010 +0100
|
||||
|
||||
Fix variable length array declaration.
|
||||
|
||||
commit 5eb0440110f99f0a49838cc00a0686c7a7595663
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 13 21:36:51 2010 +0100
|
||||
|
||||
Free replay window when freeing a node_t.
|
||||
|
||||
commit a9445e38f25bd24eca289768fc46e44e36b842ac
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 13 21:34:59 2010 +0100
|
||||
|
||||
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
|
||||
|
||||
commit 0d61d4ae1358553fc8dde350747542f137f5cb8b
|
||||
Author: Brandon L Black <blblack@gmail.com>
|
||||
Date: Sat Nov 13 12:05:51 2010 -0600
|
||||
|
||||
Improved handling of queue-jumping packets on receive
|
||||
|
||||
commit 23acc19bc090051156ad895caed61848f5afb144
|
||||
Author: Brandon L Black <blblack@gmail.com>
|
||||
Date: Sat Nov 13 12:05:50 2010 -0600
|
||||
|
||||
Configurable ReplayWindow size, zero disables
|
||||
|
||||
commit 8dfe1b374e165ecba5d3ae324ee834d337476be8
|
||||
Author: Brandon L Black <blblack@gmail.com>
|
||||
Date: Sat Nov 13 12:05:49 2010 -0600
|
||||
|
||||
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
|
||||
|
||||
commit 3f410e2f8f7c365630f226adf4904935698f9e0d
|
||||
Author: Brandon L Black <blblack@gmail.com>
|
||||
Date: Sat Nov 13 12:05:48 2010 -0600
|
||||
|
||||
Experimental IFF_ONE_QUEUE support for Linux
|
||||
|
||||
commit 9e3ca397735077f85bbde48c36e1b3e0fa950988
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 13 15:55:38 2010 +0100
|
||||
|
||||
Use variable length arrays instead of alloca().
|
||||
|
||||
commit e2e6ec8050274b0a8678d6fc263e7dc4ef66feae
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Nov 13 15:50:39 2010 +0100
|
||||
|
||||
Provide usleep() for Windows.
|
||||
|
||||
commit 930bf74fbe5ce8363b6cc2ae3a3e960e910e0996
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Nov 12 11:38:05 2010 +0100
|
||||
|
||||
Don't use strlen() on a NULL pointer.
|
||||
|
||||
A bug introduced in commit 667b1bac77b134cf32c98d5dc25619e8c3303f52 caused tinc
|
||||
to crash on startup.
|
||||
|
||||
commit a07aa92176571eb7f063708640d0d486280808ef
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Nov 12 11:33:01 2010 +0100
|
||||
|
||||
Add short options -R and -U to the tincd(8) manpage.
|
||||
|
||||
commit 66b7aea294896a99df289231143a506b422b994c
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Nov 2 14:23:43 2010 +0100
|
||||
|
||||
Read error counter must be static.
|
||||
|
||||
commit a91bf2dfcd0f5857905e59da7d944654e0875503
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue Nov 2 14:18:35 2010 +0100
|
||||
|
||||
Quit when there are too many consecutive errors on the tun/tap device.
|
||||
|
||||
Although transient errors sometimes happen on the tun/tap device (for example,
|
||||
if the kernel is temporarily out of buffer space), there are situations where
|
||||
the tun/tap device becomes permanently broken. Instead of endlessly spamming
|
||||
the syslog, we now sleep an increasing amount of time between consecutive read
|
||||
errors, and if reads still fail after 10 attempts (approximately 3 seconds),
|
||||
tinc will quit.
|
||||
|
||||
commit aca70cd3c3fe787e62c618849e43f67b3870ac20
|
||||
Author: Michael Tokarev <mjt@tls.msk.ru>
|
||||
Date: Sun Oct 24 15:23:10 2010 +0400
|
||||
|
||||
Treat netname="." in a special way.
|
||||
|
||||
Treat netname "." in a special way as if there was no netname
|
||||
specified. Before, f.e. tincd -n. -k didn't work as it tried
|
||||
to open /var/run/tinc-.pid. Now -n. works as if there was no
|
||||
-n option is specified.
|
||||
|
||||
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
|
||||
|
||||
commit 5f729f76f5a63114df582fc29f4189140c1e5ead
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 22:46:44 2010 +0200
|
||||
|
||||
Remove unused variables.
|
||||
|
||||
These were caused by commit 667b1bac77b134cf32c98d5dc25619e8c3303f52.
|
||||
|
||||
commit 20ae7dd8c12390f7360eb28cc17e1b8a8a706b06
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 22:43:50 2010 +0200
|
||||
|
||||
Abort disabling old PEM keys on I/O errors.
|
||||
|
||||
commit a08462bf845973016e061b8ca1233142d80416f6
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 22:42:21 2010 +0200
|
||||
|
||||
Ensure there is a newline character before a PEM key is written.
|
||||
|
||||
commit c6ccbadfcf93a7bd4a88dee8ff146b4db7f85e71
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 13:40:04 2010 +0200
|
||||
|
||||
Attribution for Timothy Redaelli.
|
||||
|
||||
commit 1c2cd7ed273ee1538ff8a13d036c68aa9992c4aa
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 13:17:42 2010 +0200
|
||||
|
||||
Attribution for Julien Muchembled.
|
||||
|
||||
commit 667b1bac77b134cf32c98d5dc25619e8c3303f52
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 13:06:06 2010 +0200
|
||||
|
||||
Remove duplicate command-line option parsing.
|
||||
|
||||
Also fix parsing of command-line host configuration options for the local node.
|
||||
|
||||
commit ff71f289022ccb91abc2726f16522d55b5ccf0f6
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Oct 22 12:47:12 2010 +0200
|
||||
|
||||
Merge local host configuration with server configuration.
|
||||
|
||||
With some exceptions, tinc only accepted host configuration options for the
|
||||
local node from the corresponding host configuration file. Although this is
|
||||
documented, many people expect that they can also put those options in
|
||||
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
|
||||
local host configuration file.
|
||||
|
||||
commit 8c3105283ac53f8cc9cc4dde25957ec1cf6b53a0
|
||||
Author: Julien Muchembled <jm@jmuchemb.eu>
|
||||
Date: Fri Sep 3 13:34:22 2010 +0200
|
||||
|
||||
New '-o' option to configure server or hosts from command line
|
||||
|
||||
Options given on the command line have precedence over configuration from files.
|
||||
|
||||
This can be useful, for example, for a roaming node, for which 'ConnectTo' and
|
||||
<host>.Address depends on its location.
|
||||
|
||||
commit 4b6a9f1c1f645ce5989692655337d9e23ca28648
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jun 4 16:03:19 2010 +0200
|
||||
|
||||
Do not append an address to ANS_KEY messages if we don't know any address.
|
||||
|
||||
This would let tinc raise an exception when an ANS_KEY request crossed a
|
||||
DEL_EDGE request for the node sending the key.
|
||||
|
||||
commit 798fa2f04c52b0639713f74b1195847bec40c16a
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jun 4 15:04:08 2010 +0200
|
||||
|
||||
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
|
||||
|
||||
commit 4a21aabada23d1d2c8a10f54dd7248171c4ec82f
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri Jun 4 14:53:52 2010 +0200
|
||||
|
||||
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
|
||||
|
||||
In this situation, the two nodes will start fighting over the edges they announced.
|
||||
When we have to contradict both ADD_EDGE and DEL_EDGE messages, we log a warning,
|
||||
and with 25% chance per PingTimeout we quit.
|
||||
|
||||
commit dbf3d168b720045328d476f3b9e5f5e45b4ab6de
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Fri May 7 12:24:49 2010 +0200
|
||||
|
||||
Use strrchr() insteaad of rindex().
|
||||
|
||||
The latter function is deprecated, some build environments do not support.
|
||||
|
||||
commit eda71798749e8b0abf5e8b3cbc11da82aa607f00
|
||||
Author: Timothy Redaelli <timothy@redaelli.eu>
|
||||
Date: Tue May 4 15:43:48 2010 +0200
|
||||
|
||||
Fix warnings under BSD
|
||||
|
||||
commit df985256a766ee90f2fa4269b95fa0565c969dda
|
||||
Author: Timothy Redaelli <timothy@redaelli.eu>
|
||||
Date: Tue May 4 00:27:44 2010 +0200
|
||||
|
||||
Fix warnings showed using -D_FORTIFY_SOURCE=2
|
||||
|
||||
commit f5122ccecee095b9185b2324dea7bcd9655462ee
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat May 1 15:39:59 2010 +0200
|
||||
|
||||
Fix all warnings when compiling with mingw64.
|
||||
|
||||
commit ef92a5725c47c6e8e801e07190dd7dd3f9cb3a17
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat May 1 15:39:03 2010 +0200
|
||||
|
||||
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
|
||||
|
||||
commit 0fdd7da52077d77a11a3646eb3e7d5b6ffa178e8
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat May 1 15:38:04 2010 +0200
|
||||
|
||||
Use intptr_t instead of long to store a pointer.
|
||||
|
||||
commit c94ede3b8708cdf105a3fecfc119a558e1583f27
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat May 1 15:37:11 2010 +0200
|
||||
|
||||
Define WINVER before including any other header file on Windows.
|
||||
|
||||
commit 4766359e1426bdf1383c898d6103d8760e5e296d
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sat Apr 17 12:01:38 2010 +0200
|
||||
|
||||
Fix reading configuration files that do not end with a newline. Again.
|
||||
|
||||
commit 26b8cf8680ae68443dccac2adbc2361caafc3712
|
||||
Author: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun Apr 11 20:40:20 2010 +0200
|
||||
|
|
|
@ -37,7 +37,7 @@ subdir = .
|
|||
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
|
||||
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
|
||||
$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
|
||||
THANKS config.guess config.sub depcomp install-sh missing
|
||||
THANKS TODO config.guess config.sub depcomp install-sh missing
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
|
||||
|
|
21
NEWS
21
NEWS
|
@ -1,3 +1,24 @@
|
|||
Version 1.0.14 May 8 2011
|
||||
|
||||
* Fixed reading configuration files that do not end with a newline. Again.
|
||||
|
||||
* Allow arbitrary configuration options being specified on the command line.
|
||||
|
||||
* Allow all options in both tinc.conf and the local host config file.
|
||||
|
||||
* Configurable replay window, UDP send and receive buffers for performance tuning.
|
||||
|
||||
* Try harder to get UDP communication back after falling back to TCP.
|
||||
|
||||
* Initial support for attaching tinc to a VDE switch.
|
||||
|
||||
* DragonFly BSD support.
|
||||
|
||||
* Allow linking with OpenSSL 1.0.0.
|
||||
|
||||
Thanks to Brandon Black, Julien Muchembled, Michael Tokarev, Rumko and Timothy
|
||||
Redaelli for their contributions to this version of tinc.
|
||||
|
||||
Version 1.0.13 Apr 11 2010
|
||||
|
||||
* Allow building tinc without LZO and/or Zlib.
|
||||
|
|
18
README
18
README
|
@ -1,7 +1,7 @@
|
|||
This is the README file for tinc version 1.0.13. Installation
|
||||
This is the README file for tinc version 1.0.14. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright (C) 1998-2010 by:
|
||||
tinc is Copyright (C) 1998-2011 by:
|
||||
|
||||
Ivo Timmermans,
|
||||
Guus Sliepen <guus@tinc-vpn.org>,
|
||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
|||
Compatibility
|
||||
-------------
|
||||
|
||||
Version 1.0.13 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
Version 1.0.14 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
versions of tinc.
|
||||
|
||||
|
||||
|
@ -69,14 +69,12 @@ this library is not installed on you system, configure will fail. The
|
|||
manual in doc/tinc.texi contains more detailed information on how to
|
||||
install this library.
|
||||
|
||||
Since 1.0pre6, the zlib library is used for optional compression. You need this
|
||||
library whether or not you plan to enable the compression. You can find it at
|
||||
http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we
|
||||
recommand that you download version 1.1.4 or later.
|
||||
Since 1.0pre6, the zlib library is used for optional compression. You can
|
||||
find it at http://www.gzip.org/zlib/. Because of a possible exploit in
|
||||
earlier versions we recommend that you download version 1.1.4 or later.
|
||||
|
||||
Since 1.0, the lzo library is also used for optional compression. You need this
|
||||
library whether or not you plan to enable compression. You can find it at
|
||||
http://www.oberhumer.com/opensource/lzo/.
|
||||
Since 1.0, the lzo library is also used for optional compression. You can
|
||||
find it at http://www.oberhumer.com/opensource/lzo/.
|
||||
|
||||
In order to compile tinc, you will need a GNU C compiler environment.
|
||||
|
||||
|
|
3
THANKS
3
THANKS
|
@ -4,6 +4,7 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Allesandro Gatti
|
||||
* Andreas van Cranenburgh
|
||||
* Armijn Hemel
|
||||
* Brandon Black
|
||||
* Cris van Pelt
|
||||
* Delf Eldkraft
|
||||
* dnk
|
||||
|
@ -17,6 +18,7 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Jason Harper
|
||||
* Jeroen Ubbink
|
||||
* Jerome Etienne
|
||||
* Julien Muchembled
|
||||
* Lubomír Bulej
|
||||
* Mads Kiilerich
|
||||
* Marc A. Lehmann
|
||||
|
@ -31,6 +33,7 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Nick Patavalis
|
||||
* Paul Littlefield
|
||||
* Robert van der Meulen
|
||||
* Rumko
|
||||
* Scott Lamb
|
||||
* Sven-Haegar Koch
|
||||
* Teemu Kiviniemi
|
||||
|
|
7
TODO
Normal file
7
TODO
Normal file
|
@ -0,0 +1,7 @@
|
|||
* end-to-end encryption
|
||||
* perfect forward secrecy, ECDH
|
||||
* AES in counter mode
|
||||
* Replay + Delay protection
|
||||
* MPLS-like label
|
||||
* Conflicting Subnets or key-name pairs: disable both, inform admin
|
||||
|
4
aclocal.m4
vendored
4
aclocal.m4
vendored
|
@ -13,8 +13,8 @@
|
|||
|
||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],,
|
||||
[m4_warning([this file was generated for autoconf 2.65.
|
||||
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],,
|
||||
[m4_warning([this file was generated for autoconf 2.68.
|
||||
You have another version of autoconf. It may work, but is not guaranteed to.
|
||||
If you have problems, you may need to regenerate the build system entirely.
|
||||
To do so, use the procedure documented by the package, typically `autoreconf'.])])
|
||||
|
|
15
config.h.in
15
config.h.in
|
@ -58,6 +58,9 @@
|
|||
/* Define to 1 if you have the <dirent.h> header file. */
|
||||
#undef HAVE_DIRENT_H
|
||||
|
||||
/* DragonFly */
|
||||
#undef HAVE_DRAGONFLY
|
||||
|
||||
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
|
||||
#undef HAVE_EVP_ENCRYPTINIT_EX
|
||||
|
||||
|
@ -173,6 +176,12 @@
|
|||
/* Define to 1 if you have the <net/if_types.h> header file. */
|
||||
#undef HAVE_NET_IF_TYPES_H
|
||||
|
||||
/* Define to 1 if you have the <net/tap/if_tap.h> header file. */
|
||||
#undef HAVE_NET_TAP_IF_TAP_H
|
||||
|
||||
/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
|
||||
#undef HAVE_NET_TUN_IF_TUN_H
|
||||
|
||||
/* OpenBSD */
|
||||
#undef HAVE_OPENBSD
|
||||
|
||||
|
@ -303,6 +312,9 @@
|
|||
/* Define to 1 if you have the <sys/param.h> header file. */
|
||||
#undef HAVE_SYS_PARAM_H
|
||||
|
||||
/* Define to 1 if you have the <sys/resource.h> header file. */
|
||||
#undef HAVE_SYS_RESOURCE_H
|
||||
|
||||
/* Define to 1 if you have the <sys/socket.h> header file. */
|
||||
#undef HAVE_SYS_SOCKET_H
|
||||
|
||||
|
@ -327,6 +339,9 @@
|
|||
/* Define to 1 if you have the `unsetenv' function. */
|
||||
#undef HAVE_UNSETENV
|
||||
|
||||
/* Define to 1 if you have the `usleep' function. */
|
||||
#undef HAVE_USLEEP
|
||||
|
||||
/* Define to 1 if you have the `vsyslog' function. */
|
||||
#undef HAVE_VSYSLOG
|
||||
|
||||
|
|
16
configure.in
16
configure.in
|
@ -3,7 +3,7 @@ dnl Process this file with autoconf to produce a configure script.
|
|||
AC_PREREQ(2.61)
|
||||
AC_INIT
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AM_INIT_AUTOMAKE(tinc, 1.0.13)
|
||||
AM_INIT_AUTOMAKE(tinc, 1.0.14)
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
AM_MAINTAINER_MODE
|
||||
|
||||
|
@ -13,8 +13,6 @@ AM_MAINTAINER_MODE
|
|||
AC_GNU_SOURCE
|
||||
AC_DEFINE([__USE_BSD], 1, [Enable BSD extensions])
|
||||
|
||||
ALL_LINGUAS="nl"
|
||||
|
||||
dnl Checks for programs.
|
||||
AC_PROG_CC_C99
|
||||
AC_PROG_CPP
|
||||
|
@ -51,6 +49,10 @@ case $host_os in
|
|||
AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
|
||||
[ rm -f src/device.c; ln -sf bsd/device.c src/device.c ]
|
||||
;;
|
||||
*dragonfly*)
|
||||
AC_DEFINE(HAVE_DRAGONFLY, 1, [DragonFly])
|
||||
[ rm -f src/device.c; ln -sf bsd/device.c src/device.c ]
|
||||
;;
|
||||
*bsd*)
|
||||
AC_MSG_WARN("Unknown BSD variant, tinc might not compile or work!")
|
||||
AC_DEFINE(HAVE_BSD, 1, [Unknown BSD variant])
|
||||
|
@ -63,7 +65,7 @@ case $host_os in
|
|||
*mingw*)
|
||||
AC_DEFINE(HAVE_MINGW, 1, [MinGW])
|
||||
[ rm -f src/device.c; cp -f src/mingw/device.c src/device.c ]
|
||||
LIBS="$LIBS -lws2_32"
|
||||
LIBS="$LIBS -lws2_32 -lgdi32 -lcrypt32"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR("Unknown operating system.")
|
||||
|
@ -99,8 +101,8 @@ dnl Checks for header files.
|
|||
dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
|
||||
|
||||
AC_HEADER_STDC
|
||||
AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/socket.h sys/time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h dirent.h])
|
||||
AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h],
|
||||
AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h sys/uio.h sys/wait.h netdb.h arpa/inet.h dirent.h])
|
||||
AC_CHECK_HEADERS([net/if.h net/if_types.h linux/if_tun.h net/if_tun.h net/tun/if_tun.h net/if_tap.h net/tap/if_tap.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h],
|
||||
[], [], [#include "have.h"]
|
||||
)
|
||||
AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h],
|
||||
|
@ -128,7 +130,7 @@ dnl Checks for library functions.
|
|||
AC_FUNC_MEMCMP
|
||||
AC_FUNC_ALLOCA
|
||||
AC_TYPE_SIGNAL
|
||||
AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog writev],
|
||||
AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv usleep vsyslog writev],
|
||||
[], [], [#include "have.h"]
|
||||
)
|
||||
AC_FUNC_MALLOC
|
||||
|
|
Binary file not shown.
|
@ -110,6 +110,13 @@ Note: it is not required that you put in the
|
|||
sign, but doing so improves readability.
|
||||
If you leave it out, remember to replace it with at least one space character.
|
||||
|
||||
.Pp
|
||||
The server configuration is complemented with host specific configuration (see the next section).
|
||||
Although all configuration options for the local host listed in this document can also be put in
|
||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf ,
|
||||
it is recommended to put host specific configuration options in the host configuration file,
|
||||
as this makes it easy to exchange with other nodes.
|
||||
|
||||
.Pp
|
||||
Here are all valid variables, listed in alphabetical order.
|
||||
The default value is given between parentheses.
|
||||
|
@ -248,6 +255,9 @@ a lookup if your DNS server is not responding.
|
|||
This does not affect resolving hostnames to IP addresses from the
|
||||
host configuration files.
|
||||
|
||||
.It Va IffOneQueue Li = yes | no Po no Pc Bq experimental
|
||||
(Linux only) Set IFF_ONE_QUEUE flag on TUN/TAP devices.
|
||||
|
||||
.It Va Interface Li = Ar interface
|
||||
Defines the name of the interface corresponding to the virtual network device.
|
||||
Depending on the operating system and the type of device this may or may not actually set the name of the interface.
|
||||
|
@ -334,6 +344,16 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
the interaction of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking completely and
|
||||
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
|
||||
traffic.
|
||||
|
||||
.It Va StrictSubnets Li = yes | no Po no Pc Bq experimental
|
||||
When this option is enabled tinc will only use Subnet statements which are
|
||||
present in the host config files in the local
|
||||
|
@ -346,6 +366,14 @@ and will only allow connections with nodes for which host config files are prese
|
|||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
||||
directory.
|
||||
Setting this options also implicitly sets StrictSubnets.
|
||||
|
||||
.It Va UDPRcvBuf Li = Ar bytes Pq OS default
|
||||
Sets the socket receive buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
|
||||
.It Va UDPSndBuf Li = Ar bytes Pq OS default
|
||||
Sets the socket send buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
.El
|
||||
|
||||
.Sh HOST CONFIGURATION FILES
|
||||
|
|
165
doc/tinc.info
165
doc/tinc.info
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
|||
* tinc: (tinc). The tinc Manual.
|
||||
END-INFO-DIR-ENTRY
|
||||
|
||||
This is the info manual for tinc version 1.0.13, a Virtual Private
|
||||
This is the info manual for tinc version 1.0.14, a Virtual Private
|
||||
Network daemon.
|
||||
|
||||
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen
|
||||
Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen
|
||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
|
@ -84,7 +84,7 @@ trusted computers on the other end of the Internet.
|
|||
This problem can be solved by using _virtual_ networks. Virtual
|
||||
networks can live on top of other networks, but they use encapsulation
|
||||
to keep using their private address space so they do not interfere with
|
||||
the Internet. Mostly, virtual networks appear like a singe LAN, even
|
||||
the Internet. Mostly, virtual networks appear like a single LAN, even
|
||||
though they can span the entire world. But virtual networks can't be
|
||||
secured by using firewalls, because the traffic that flows through it
|
||||
has to go through the Internet, where other people can look at it.
|
||||
|
@ -654,6 +654,13 @@ that you put in the `=' sign, but doing so improves readability. If
|
|||
you leave it out, remember to replace it with at least one space
|
||||
character.
|
||||
|
||||
The server configuration is complemented with host specific
|
||||
configuration (see the next section). Although all host configuration
|
||||
options for the local node listed in this document can also be put in
|
||||
`/etc/tinc/NETNAME/tinc.conf', it is recommended to put host specific
|
||||
configuration options in the host configuration file, as this makes it
|
||||
easy to exchange with other nodes.
|
||||
|
||||
In this section all valid variables are listed in alphabetical order.
|
||||
The default value is given between parentheses, other comments are
|
||||
between square brackets.
|
||||
|
@ -869,6 +876,17 @@ ProcessPriority = <low|normal|high>
|
|||
adjusted. Increasing the priority may help to reduce latency and
|
||||
packet loss on the VPN.
|
||||
|
||||
ReplayWindow = <bytes> (16)
|
||||
This is the size of the replay tracking window for each remote
|
||||
node, in bytes. The window is a bitfield which tracks 1 packet
|
||||
per bit, so for example the default setting of 16 will track up to
|
||||
128 packets in the window. In high bandwidth scenarios, setting
|
||||
this to a higher value can reduce packet loss from the interaction
|
||||
of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking
|
||||
completely and pass all traffic, but leaves tinc vulnerable to
|
||||
replay-based attacks on your traffic.
|
||||
|
||||
StrictSubnets <yes|no> (no) [experimental]
|
||||
When this option is enabled tinc will only use Subnet statements
|
||||
which are present in the host config files in the local
|
||||
|
@ -881,6 +899,16 @@ TunnelServer = <yes|no> (no) [experimental]
|
|||
the local `/etc/tinc/NETNAME/hosts/' directory. Setting this
|
||||
options also implicitly sets StrictSubnets.
|
||||
|
||||
UDPRcvBuf = <bytes> (OS default)
|
||||
Sets the socket receive buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating
|
||||
system.
|
||||
|
||||
UDPSndBuf = <bytes> Pq OS default
|
||||
Sets the socket send buffer size for the UDP socket, in bytes. If
|
||||
unset, the default buffer size will be used by the operating
|
||||
system.
|
||||
|
||||
|
||||
|
||||
File: tinc.info, Node: Host configuration variables, Next: Scripts, Prev: Main configuration variables, Up: Configuration files
|
||||
|
@ -1403,7 +1431,10 @@ command line options.
|
|||
always be stopped and removed.
|
||||
|
||||
`-n, --net=NETNAME'
|
||||
Use configuration for net NETNAME. *Note Multiple networks::.
|
||||
Use configuration for net NETNAME. This will let tinc read all
|
||||
configuration files from `/etc/tinc/NETNAME/'. Specifying . for
|
||||
NETNAME is the same as not specifying any NETNAME. *Note Multiple
|
||||
networks::.
|
||||
|
||||
`-K, --generate-keys[=BITS]'
|
||||
Generate public/private keypair of BITS length. If BITS is not
|
||||
|
@ -2377,6 +2408,8 @@ Concept Index
|
|||
* release: Supported platforms. (line 14)
|
||||
* REMOTEADDRESS: Scripts. (line 67)
|
||||
* REMOTEPORT: Scripts. (line 70)
|
||||
* ReplayWindow: Main configuration variables.
|
||||
(line 204)
|
||||
* REQ_KEY: The meta-protocol. (line 64)
|
||||
* requirements: Libraries. (line 6)
|
||||
* router: Main configuration variables.
|
||||
|
@ -2388,7 +2421,7 @@ Concept Index
|
|||
(line 18)
|
||||
* signals: Signals. (line 6)
|
||||
* StrictSubnets: Main configuration variables.
|
||||
(line 204)
|
||||
(line 215)
|
||||
* SUBNET: Scripts. (line 74)
|
||||
* Subnet: Host configuration variables.
|
||||
(line 74)
|
||||
|
@ -2410,12 +2443,16 @@ Concept Index
|
|||
* tunifhead: Main configuration variables.
|
||||
(line 62)
|
||||
* TunnelServer: Main configuration variables.
|
||||
(line 209)
|
||||
(line 220)
|
||||
* tunnohead: Main configuration variables.
|
||||
(line 56)
|
||||
* UDP <1>: Encryption of network packets.
|
||||
(line 12)
|
||||
* UDP: The UDP tunnel. (line 30)
|
||||
* UDPRcvBuf: Main configuration variables.
|
||||
(line 227)
|
||||
* UDPSndBuf: Main configuration variables.
|
||||
(line 232)
|
||||
* Universal tun/tap: Configuration of Linux kernels.
|
||||
(line 6)
|
||||
* virtual: Virtual Private Networks.
|
||||
|
@ -2434,63 +2471,63 @@ Tag Table:
|
|||
Node: Top810
|
||||
Node: Introduction1109
|
||||
Node: Virtual Private Networks1919
|
||||
Node: tinc3644
|
||||
Node: Supported platforms5171
|
||||
Node: Preparations5869
|
||||
Node: Configuring the kernel6125
|
||||
Node: Configuration of Linux kernels6534
|
||||
Node: Configuration of FreeBSD kernels7389
|
||||
Node: Configuration of OpenBSD kernels7779
|
||||
Node: Configuration of NetBSD kernels8387
|
||||
Node: Configuration of Solaris kernels8792
|
||||
Node: Configuration of Darwin (MacOS/X) kernels9453
|
||||
Node: Configuration of Windows10142
|
||||
Node: Libraries10656
|
||||
Node: OpenSSL11044
|
||||
Node: zlib13320
|
||||
Node: lzo14149
|
||||
Node: Installation14936
|
||||
Node: Building and installing tinc15951
|
||||
Node: Darwin (MacOS/X) build environment16610
|
||||
Node: Cygwin (Windows) build environment17178
|
||||
Node: MinGW (Windows) build environment17766
|
||||
Node: System files18290
|
||||
Node: Device files18555
|
||||
Node: Other files18971
|
||||
Node: Configuration19584
|
||||
Node: Configuration introduction19895
|
||||
Node: Multiple networks21168
|
||||
Node: How connections work22594
|
||||
Node: Configuration files23816
|
||||
Node: Main configuration variables24823
|
||||
Node: Host configuration variables34334
|
||||
Node: Scripts39745
|
||||
Node: How to configure42515
|
||||
Node: Generating keypairs43778
|
||||
Node: Network interfaces44277
|
||||
Node: Example configuration46125
|
||||
Node: Running tinc51448
|
||||
Node: Runtime options52038
|
||||
Node: Signals54833
|
||||
Node: Debug levels55902
|
||||
Node: Solving problems56838
|
||||
Node: Error messages58390
|
||||
Node: Sending bug reports62403
|
||||
Node: Technical information63355
|
||||
Node: The connection63586
|
||||
Node: The UDP tunnel63898
|
||||
Node: The meta-connection66959
|
||||
Node: The meta-protocol68428
|
||||
Node: Security73437
|
||||
Node: Authentication protocol74567
|
||||
Node: Encryption of network packets79571
|
||||
Node: Security issues80944
|
||||
Node: Platform specific information82561
|
||||
Node: Interface configuration82789
|
||||
Node: Routes84688
|
||||
Node: About us86604
|
||||
Node: Contact information86779
|
||||
Node: Authors87183
|
||||
Node: Concept Index87588
|
||||
Node: tinc3645
|
||||
Node: Supported platforms5172
|
||||
Node: Preparations5870
|
||||
Node: Configuring the kernel6126
|
||||
Node: Configuration of Linux kernels6535
|
||||
Node: Configuration of FreeBSD kernels7390
|
||||
Node: Configuration of OpenBSD kernels7780
|
||||
Node: Configuration of NetBSD kernels8388
|
||||
Node: Configuration of Solaris kernels8793
|
||||
Node: Configuration of Darwin (MacOS/X) kernels9454
|
||||
Node: Configuration of Windows10143
|
||||
Node: Libraries10657
|
||||
Node: OpenSSL11045
|
||||
Node: zlib13321
|
||||
Node: lzo14150
|
||||
Node: Installation14937
|
||||
Node: Building and installing tinc15952
|
||||
Node: Darwin (MacOS/X) build environment16611
|
||||
Node: Cygwin (Windows) build environment17179
|
||||
Node: MinGW (Windows) build environment17767
|
||||
Node: System files18291
|
||||
Node: Device files18556
|
||||
Node: Other files18972
|
||||
Node: Configuration19585
|
||||
Node: Configuration introduction19896
|
||||
Node: Multiple networks21169
|
||||
Node: How connections work22595
|
||||
Node: Configuration files23817
|
||||
Node: Main configuration variables25204
|
||||
Node: Host configuration variables35709
|
||||
Node: Scripts41120
|
||||
Node: How to configure43890
|
||||
Node: Generating keypairs45153
|
||||
Node: Network interfaces45652
|
||||
Node: Example configuration47500
|
||||
Node: Running tinc52823
|
||||
Node: Runtime options53413
|
||||
Node: Signals56369
|
||||
Node: Debug levels57438
|
||||
Node: Solving problems58374
|
||||
Node: Error messages59926
|
||||
Node: Sending bug reports63939
|
||||
Node: Technical information64891
|
||||
Node: The connection65122
|
||||
Node: The UDP tunnel65434
|
||||
Node: The meta-connection68495
|
||||
Node: The meta-protocol69964
|
||||
Node: Security74973
|
||||
Node: Authentication protocol76103
|
||||
Node: Encryption of network packets81107
|
||||
Node: Security issues82480
|
||||
Node: Platform specific information84097
|
||||
Node: Interface configuration84325
|
||||
Node: Routes86224
|
||||
Node: About us88140
|
||||
Node: Contact information88315
|
||||
Node: Authors88719
|
||||
Node: Concept Index89124
|
||||
|
||||
End Tag Table
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2011 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2011 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -119,7 +119,7 @@ computers on the other end of the Internet.
|
|||
This problem can be solved by using @emph{virtual} networks. Virtual
|
||||
networks can live on top of other networks, but they use encapsulation to
|
||||
keep using their private address space so they do not interfere with
|
||||
the Internet. Mostly, virtual networks appear like a singe LAN, even though
|
||||
the Internet. Mostly, virtual networks appear like a single LAN, even though
|
||||
they can span the entire world. But virtual networks can't be secured
|
||||
by using firewalls, because the traffic that flows through it has to go
|
||||
through the Internet, where other people can look at it.
|
||||
|
@ -725,6 +725,13 @@ and carriage returns are ignored. Note: it is not required that you put
|
|||
in the `=' sign, but doing so improves readability. If you leave it
|
||||
out, remember to replace it with at least one space character.
|
||||
|
||||
The server configuration is complemented with host specific configuration (see
|
||||
the next section). Although all host configuration options for the local node
|
||||
listed in this document can also be put in
|
||||
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf}, it is recommended to
|
||||
put host specific configuration options in the host configuration file, as this
|
||||
makes it easy to exchange with other nodes.
|
||||
|
||||
In this section all valid variables are listed in alphabetical order.
|
||||
The default value is given between parentheses,
|
||||
other comments are between square brackets.
|
||||
|
@ -955,6 +962,18 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
@cindex ReplayWindow
|
||||
@item ReplayWindow = <bytes> (16)
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
the interaction of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking completely and
|
||||
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
|
||||
traffic.
|
||||
|
||||
|
||||
@cindex StrictSubnets
|
||||
@item StrictSubnets <yes|no> (no) [experimental]
|
||||
When this option is enabled tinc will only use Subnet statements which are
|
||||
|
@ -968,6 +987,16 @@ and will only allow connections with nodes for which host config files are prese
|
|||
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.
|
||||
Setting this options also implicitly sets StrictSubnets.
|
||||
|
||||
@cindex UDPRcvBuf
|
||||
@item UDPRcvBuf = <bytes> (OS default)
|
||||
Sets the socket receive buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
|
||||
@cindex UDPSndBuf
|
||||
@item UDPSndBuf = <bytes> Pq OS default
|
||||
Sets the socket send buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
|
||||
@end table
|
||||
|
||||
|
||||
|
@ -1536,7 +1565,11 @@ Under native Windows the optional argument is ignored,
|
|||
the service will always be stopped and removed.
|
||||
|
||||
@item -n, --net=@var{netname}
|
||||
Use configuration for net @var{netname}. @xref{Multiple networks}.
|
||||
Use configuration for net @var{netname}.
|
||||
This will let tinc read all configuration files from
|
||||
@file{@value{sysconfdir}/tinc/@var{netname}/}.
|
||||
Specifying . for @var{netname} is the same as not specifying any @var{netname}.
|
||||
@xref{Multiple networks}.
|
||||
|
||||
@item -K, --generate-keys[=@var{bits}]
|
||||
Generate public/private keypair of @var{bits} length. If @var{bits} is not specified,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.Dd 2009-05-18
|
||||
.Dd 2011-01-02
|
||||
.Dt TINCD 8
|
||||
.\" Manual page created by:
|
||||
.\" Ivo Timmermans
|
||||
|
@ -64,6 +64,14 @@ the service will always be stopped and removed.
|
|||
.It Fl n, -net Ns = Ns Ar NETNAME
|
||||
Connect to net
|
||||
.Ar NETNAME .
|
||||
This will let tinc read all configuration files from
|
||||
.Pa @sysconfdir@/tinc/ Ar NETNAME .
|
||||
Specifying
|
||||
.Li .
|
||||
for
|
||||
.Ar NETNAME
|
||||
is the same as not specifying any
|
||||
.Ar NETNAME .
|
||||
.It Fl K, -generate-keys Ns Op = Ns Ar BITS
|
||||
Generate public/private RSA keypair and exit.
|
||||
If
|
||||
|
@ -89,11 +97,11 @@ Under Windows this option will be ignored.
|
|||
.It Fl -bypass-security
|
||||
Disables encryption and authentication of the meta protocol.
|
||||
Only useful for debugging.
|
||||
.It Fl -chroot
|
||||
.It Fl R, -chroot
|
||||
With this option tinc chroots into the directory where network
|
||||
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
||||
or to the directory specified with -c option) after initialization.
|
||||
.It Fl -user Ns = Ns Ar USER
|
||||
.It Fl U, -user Ns = Ns Ar USER
|
||||
setuid to the specified
|
||||
.Ar USER
|
||||
after initialization.
|
||||
|
|
27
have.h
27
have.h
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
have.h -- include headers which are known to exist
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2003-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2003-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -21,6 +21,14 @@
|
|||
#ifndef __TINC_HAVE_H__
|
||||
#define __TINC_HAVE_H__
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
#ifdef WITH_WINDOWS2000
|
||||
#define WINVER Windows2000
|
||||
#else
|
||||
#define WINVER WindowsXP
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdarg.h>
|
||||
|
@ -32,11 +40,6 @@
|
|||
#include <unistd.h>
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
#ifdef WITH_WINDOWS2000
|
||||
#define WINVER Windows2000
|
||||
#else
|
||||
#define WINVER WindowsXP
|
||||
#endif
|
||||
#include <w32api.h>
|
||||
#include <windows.h>
|
||||
#include <ws2tcpip.h>
|
||||
|
@ -92,6 +95,10 @@
|
|||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SYS_RESOURCE_H
|
||||
#include <sys/resource.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SYS_UIO_H
|
||||
#include <sys/uio.h>
|
||||
#endif
|
||||
|
@ -123,10 +130,18 @@
|
|||
#include <net/if_tun.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NET_TUN_IF_TUN_H
|
||||
#include <net/tun/if_tun.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NET_IF_TAP_H
|
||||
#include <net/if_tap.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NET_TAP_IF_TAP_H
|
||||
#include <net/tap/if_tap.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NETINET_IN_SYSTM_H
|
||||
#include <netinet/in_systm.h>
|
||||
#endif
|
||||
|
|
10
lib/dropin.c
10
lib/dropin.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
dropin.c -- a set of drop-in replacements for libc functions
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -163,3 +163,11 @@ int gettimeofday(struct timeval *tv, void *tz) {
|
|||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_USLEEP
|
||||
int usleep(long usec) {
|
||||
struct timeval tv = {usec / 1000000, (usec / 1000) % 1000};
|
||||
select(0, NULL, NULL, NULL, &tv);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
dropin.h -- header file for dropin.c
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -41,4 +41,8 @@ extern int vasprintf(char **, const char *, va_list ap);
|
|||
extern int gettimeofday(struct timeval *, void *);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_USLEEP
|
||||
extern int usleep(long);
|
||||
#endif
|
||||
|
||||
#endif /* __DROPIN_H__ */
|
||||
|
|
26
lib/getopt.c
26
lib/getopt.c
|
@ -44,6 +44,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
/* Comment out all this code if we are using the GNU C Library, and are not
|
||||
actually compiling the library itself. This code is part of the GNU C
|
||||
Library, but also included in many other GNU distributions. Compiling
|
||||
|
@ -688,16 +692,18 @@ _getopt_internal (argc, argv, optstring, longopts, longind, long_only)
|
|||
else
|
||||
{
|
||||
if (opterr)
|
||||
if (argv[optind - 1][1] == '-')
|
||||
/* --option */
|
||||
fprintf (stderr,
|
||||
"%s: option `--%s' doesn't allow an argument\n",
|
||||
argv[0], pfound->name);
|
||||
else
|
||||
/* +option or -option */
|
||||
fprintf (stderr,
|
||||
"%s: option `%c%s' doesn't allow an argument\n",
|
||||
argv[0], argv[optind - 1][0], pfound->name);
|
||||
{
|
||||
if (argv[optind - 1][1] == '-')
|
||||
/* --option */
|
||||
fprintf (stderr,
|
||||
"%s: option `--%s' doesn't allow an argument\n",
|
||||
argv[0], pfound->name);
|
||||
else
|
||||
/* +option or -option */
|
||||
fprintf (stderr,
|
||||
"%s: option `%c%s' doesn't allow an argument\n",
|
||||
argv[0], argv[optind - 1][0], pfound->name);
|
||||
}
|
||||
|
||||
nextchar += strlen (nextchar);
|
||||
|
||||
|
|
24
lib/memcmp.c
24
lib/memcmp.c
|
@ -23,6 +23,10 @@
|
|||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_INTTYPES_H
|
||||
#include <inttypes.h>
|
||||
#endif
|
||||
|
||||
#undef __ptr_t
|
||||
#if defined __cplusplus || (defined __STDC__ && __STDC__)
|
||||
# define __ptr_t void *
|
||||
|
@ -107,8 +111,8 @@ static int
|
|||
memcmp_bytes (a, b)
|
||||
op_t a, b;
|
||||
{
|
||||
long int srcp1 = (long int) &a;
|
||||
long int srcp2 = (long int) &b;
|
||||
intptr_t srcp1 = (intptr_t) &a;
|
||||
intptr_t srcp2 = (intptr_t) &b;
|
||||
op_t a0, b0;
|
||||
|
||||
do
|
||||
|
@ -123,7 +127,7 @@ memcmp_bytes (a, b)
|
|||
}
|
||||
#endif
|
||||
|
||||
static int memcmp_common_alignment __P((long, long, size_t));
|
||||
static int memcmp_common_alignment __P((intptr_t, intptr_t, size_t));
|
||||
|
||||
/* memcmp_common_alignment -- Compare blocks at SRCP1 and SRCP2 with LEN `op_t'
|
||||
objects (not LEN bytes!). Both SRCP1 and SRCP2 should be aligned for
|
||||
|
@ -133,8 +137,8 @@ __inline
|
|||
#endif
|
||||
static int
|
||||
memcmp_common_alignment (srcp1, srcp2, len)
|
||||
long int srcp1;
|
||||
long int srcp2;
|
||||
intptr_t srcp1;
|
||||
intptr_t srcp2;
|
||||
size_t len;
|
||||
{
|
||||
op_t a0, a1;
|
||||
|
@ -213,7 +217,7 @@ memcmp_common_alignment (srcp1, srcp2, len)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int memcmp_not_common_alignment __P((long, long, size_t));
|
||||
static int memcmp_not_common_alignment __P((intptr_t, intptr_t, size_t));
|
||||
|
||||
/* memcmp_not_common_alignment -- Compare blocks at SRCP1 and SRCP2 with LEN
|
||||
`op_t' objects (not LEN bytes!). SRCP2 should be aligned for memory
|
||||
|
@ -223,8 +227,8 @@ __inline
|
|||
#endif
|
||||
static int
|
||||
memcmp_not_common_alignment (srcp1, srcp2, len)
|
||||
long int srcp1;
|
||||
long int srcp2;
|
||||
intptr_t srcp1;
|
||||
intptr_t srcp2;
|
||||
size_t len;
|
||||
{
|
||||
op_t a0, a1, a2, a3;
|
||||
|
@ -332,8 +336,8 @@ rpl_memcmp (s1, s2, len)
|
|||
{
|
||||
op_t a0;
|
||||
op_t b0;
|
||||
long int srcp1 = (long int) s1;
|
||||
long int srcp2 = (long int) s2;
|
||||
intptr_t srcp1 = (intptr_t) s1;
|
||||
intptr_t srcp2 = (intptr_t) s2;
|
||||
op_t res;
|
||||
|
||||
if (len >= OP_T_THRES)
|
||||
|
|
|
@ -41,7 +41,7 @@ pid_t read_pid (char *pidfile)
|
|||
|
||||
if (!(f=fopen(pidfile,"r")))
|
||||
return 0;
|
||||
if(fscanf(f,"%ld", &pid) != 1)
|
||||
if(fscanf(f,"%20ld", &pid) != 1)
|
||||
pid = 0;
|
||||
fclose(f);
|
||||
return pid;
|
||||
|
|
|
@ -26,19 +26,15 @@ AC_DEFUN([tinc_OPENSSL],
|
|||
[AC_MSG_ERROR([OpenSSL header files not found.]); break]
|
||||
)
|
||||
|
||||
AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
|
||||
[LIBS="-lcrypto $LIBS"],
|
||||
[AC_MSG_ERROR([OpenSSL libraries not found.])]
|
||||
)
|
||||
|
||||
case $host_os in
|
||||
*mingw*)
|
||||
AC_CHECK_LIB(crypto, SHA1_version,
|
||||
[LIBS="$LIBS -lcrypto -lgdi32"],
|
||||
[AC_MSG_ERROR([OpenSSL libraries not found.])]
|
||||
)
|
||||
;;
|
||||
*)
|
||||
AC_CHECK_LIB(crypto, SHA1_version,
|
||||
[LIBS="$LIBS -lcrypto"],
|
||||
[AC_MSG_ERROR([OpenSSL libraries not found.])]
|
||||
)
|
||||
|
||||
AC_CHECK_FUNC(dlopen,
|
||||
[],
|
||||
[AC_CHECK_LIB(dl, dlopen,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction BSD tun/tap device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -47,11 +47,11 @@ int device_fd = -1;
|
|||
char *device = NULL;
|
||||
char *iface = NULL;
|
||||
static char *device_info = NULL;
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
#if defined(TUNEMU)
|
||||
static device_type_t device_type = DEVICE_TYPE_TUNEMU;
|
||||
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD)
|
||||
#elif defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
||||
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||
#else
|
||||
static device_type_t device_type = DEVICE_TYPE_TUN;
|
||||
|
@ -64,7 +64,7 @@ bool setup_device(void) {
|
|||
device = xstrdup(DEFAULT_DEVICE);
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
||||
iface = xstrdup(rindex(device, '/') ? rindex(device, '/') + 1 : device);
|
||||
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "DeviceType"), &type)) {
|
||||
if(!strcasecmp(type, "tun"))
|
||||
|
@ -199,9 +199,8 @@ bool read_packet(vpn_packet_t *packet) {
|
|||
if(device_type == DEVICE_TYPE_TUNEMU)
|
||||
lenin = tunemu_read(device_fd, packet->data + 14, MTU - 14);
|
||||
else
|
||||
#else
|
||||
lenin = read(device_fd, packet->data + 14, MTU - 14);
|
||||
#endif
|
||||
lenin = read(device_fd, packet->data + 14, MTU - 14);
|
||||
|
||||
if(lenin <= 0) {
|
||||
logger(LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
|
@ -353,6 +352,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
150
src/conf.c
150
src/conf.c
|
@ -2,7 +2,8 @@
|
|||
conf.c -- configuration code
|
||||
Copyright (C) 1998 Robert van der Meulen
|
||||
1998-2005 Ivo Timmermans
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
||||
2000 Cris van Pelt
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -23,6 +24,7 @@
|
|||
#include "system.h"
|
||||
|
||||
#include "avl_tree.h"
|
||||
#include "connection.h"
|
||||
#include "conf.h"
|
||||
#include "logger.h"
|
||||
#include "netutl.h" /* for str2address */
|
||||
|
@ -36,6 +38,8 @@ int pinginterval = 0; /* seconds between pings */
|
|||
int pingtimeout = 0; /* seconds to wait for response */
|
||||
char *confbase = NULL; /* directory in which all config files are */
|
||||
char *netname = NULL; /* name of the vpn network */
|
||||
list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
|
||||
|
||||
|
||||
static int config_compare(const config_t *a, const config_t *b) {
|
||||
int result;
|
||||
|
@ -45,12 +49,17 @@ static int config_compare(const config_t *a, const config_t *b) {
|
|||
if(result)
|
||||
return result;
|
||||
|
||||
/* give priority to command line options */
|
||||
result = !b->file - !a->file;
|
||||
if (result)
|
||||
return result;
|
||||
|
||||
result = a->line - b->line;
|
||||
|
||||
if(result)
|
||||
return result;
|
||||
else
|
||||
return strcmp(a->file, b->file);
|
||||
return a->file ? strcmp(a->file, b->file) : 0;
|
||||
}
|
||||
|
||||
void init_configuration(avl_tree_t ** config_tree) {
|
||||
|
@ -87,7 +96,7 @@ config_t *lookup_config(avl_tree_t *config_tree, char *variable) {
|
|||
config_t cfg, *found;
|
||||
|
||||
cfg.variable = variable;
|
||||
cfg.file = "";
|
||||
cfg.file = NULL;
|
||||
cfg.line = 0;
|
||||
|
||||
found = avl_search_closest_greater(config_tree, &cfg);
|
||||
|
@ -224,7 +233,7 @@ static char *readline(FILE * fp, char *buf, size_t buflen) {
|
|||
newline = strchr(p, '\n');
|
||||
|
||||
if(!newline)
|
||||
return NULL;
|
||||
return buf;
|
||||
|
||||
*newline = '\0'; /* kill newline */
|
||||
if(newline > p && newline[-1] == '\r') /* and carriage return if necessary */
|
||||
|
@ -233,6 +242,45 @@ static char *readline(FILE * fp, char *buf, size_t buflen) {
|
|||
return buf;
|
||||
}
|
||||
|
||||
config_t *parse_config_line(char *line, const char *fname, int lineno) {
|
||||
config_t *cfg;
|
||||
int len;
|
||||
char *variable, *value, *eol;
|
||||
variable = value = line;
|
||||
|
||||
eol = line + strlen(line);
|
||||
while(strchr("\t ", *--eol))
|
||||
*eol = '\0';
|
||||
|
||||
len = strcspn(value, "\t =");
|
||||
value += len;
|
||||
value += strspn(value, "\t ");
|
||||
if(*value == '=') {
|
||||
value++;
|
||||
value += strspn(value, "\t ");
|
||||
}
|
||||
variable[len] = '\0';
|
||||
|
||||
if(!*value) {
|
||||
const char err[] = "No value for variable";
|
||||
if (fname)
|
||||
logger(LOG_ERR, "%s `%s' on line %d while reading config file %s",
|
||||
err, variable, lineno, fname);
|
||||
else
|
||||
logger(LOG_ERR, "%s `%s' in command line option %d",
|
||||
err, variable, lineno);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cfg = new_config();
|
||||
cfg->variable = xstrdup(variable);
|
||||
cfg->value = xstrdup(value);
|
||||
cfg->file = fname ? xstrdup(fname) : NULL;
|
||||
cfg->line = lineno;
|
||||
|
||||
return cfg;
|
||||
}
|
||||
|
||||
/*
|
||||
Parse a configuration file and put the results in the configuration tree
|
||||
starting at *base.
|
||||
|
@ -241,9 +289,7 @@ bool read_config_file(avl_tree_t *config_tree, const char *fname) {
|
|||
FILE *fp;
|
||||
char buffer[MAX_STRING_SIZE];
|
||||
char *line;
|
||||
char *variable, *value, *eol;
|
||||
int lineno = 0;
|
||||
int len;
|
||||
bool ignore = false;
|
||||
config_t *cfg;
|
||||
bool result = false;
|
||||
|
@ -280,34 +326,9 @@ bool read_config_file(avl_tree_t *config_tree, const char *fname) {
|
|||
continue;
|
||||
}
|
||||
|
||||
variable = value = line;
|
||||
|
||||
eol = line + strlen(line);
|
||||
while(strchr("\t ", *--eol))
|
||||
*eol = '\0';
|
||||
|
||||
len = strcspn(value, "\t =");
|
||||
value += len;
|
||||
value += strspn(value, "\t ");
|
||||
if(*value == '=') {
|
||||
value++;
|
||||
value += strspn(value, "\t ");
|
||||
}
|
||||
variable[len] = '\0';
|
||||
|
||||
|
||||
if(!*value) {
|
||||
logger(LOG_ERR, "No value for variable `%s' on line %d while reading config file %s",
|
||||
variable, lineno, fname);
|
||||
cfg = parse_config_line(line, fname, lineno);
|
||||
if (!cfg)
|
||||
break;
|
||||
}
|
||||
|
||||
cfg = new_config();
|
||||
cfg->variable = xstrdup(variable);
|
||||
cfg->value = xstrdup(value);
|
||||
cfg->file = xstrdup(fname);
|
||||
cfg->line = lineno;
|
||||
|
||||
config_add(config_tree, cfg);
|
||||
}
|
||||
|
||||
|
@ -316,10 +337,43 @@ bool read_config_file(avl_tree_t *config_tree, const char *fname) {
|
|||
return result;
|
||||
}
|
||||
|
||||
void read_config_options(avl_tree_t *config_tree, const char *prefix) {
|
||||
list_node_t *node, *next;
|
||||
size_t prefix_len = prefix ? strlen(prefix) : 0;
|
||||
|
||||
for(node = cmdline_conf->tail; node; node = next) {
|
||||
config_t *orig_cfg, *cfg = (config_t *)node->data;
|
||||
next = node->prev;
|
||||
|
||||
if(!prefix) {
|
||||
if(strchr(cfg->variable, '.'))
|
||||
continue;
|
||||
node->data = NULL;
|
||||
list_unlink_node(cmdline_conf, node);
|
||||
} else {
|
||||
if(strncmp(prefix, cfg->variable, prefix_len) ||
|
||||
cfg->variable[prefix_len] != '.')
|
||||
continue;
|
||||
/* Because host configuration is parsed again when
|
||||
reconnecting, nodes must not be freed when a prefix
|
||||
is given. */
|
||||
orig_cfg = cfg;
|
||||
cfg = new_config();
|
||||
cfg->variable = xstrdup(orig_cfg->variable + prefix_len + 1);
|
||||
cfg->value = xstrdup(orig_cfg->value);
|
||||
cfg->file = NULL;
|
||||
cfg->line = orig_cfg->line;
|
||||
}
|
||||
config_add(config_tree, cfg);
|
||||
}
|
||||
}
|
||||
|
||||
bool read_server_config() {
|
||||
char *fname;
|
||||
bool x;
|
||||
|
||||
read_config_options(config_tree, NULL);
|
||||
|
||||
xasprintf(&fname, "%s/tinc.conf", confbase);
|
||||
x = read_config_file(config_tree, fname);
|
||||
|
||||
|
@ -332,6 +386,19 @@ bool read_server_config() {
|
|||
return x;
|
||||
}
|
||||
|
||||
bool read_connection_config(connection_t *c) {
|
||||
char *fname;
|
||||
bool x;
|
||||
|
||||
read_config_options(c->config_tree, c->name);
|
||||
|
||||
xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
|
||||
x = read_config_file(c->config_tree, fname);
|
||||
free(fname);
|
||||
|
||||
return x;
|
||||
}
|
||||
|
||||
FILE *ask_and_open(const char *filename, const char *what) {
|
||||
FILE *r;
|
||||
char *directory;
|
||||
|
@ -400,24 +467,33 @@ bool disable_old_keys(FILE *f) {
|
|||
rewind(f);
|
||||
pos = ftell(f);
|
||||
|
||||
if(pos < 0)
|
||||
return false;
|
||||
|
||||
while(fgets(buf, sizeof buf, f)) {
|
||||
if(!strncmp(buf, "-----BEGIN RSA", 14)) {
|
||||
buf[11] = 'O';
|
||||
buf[12] = 'L';
|
||||
buf[13] = 'D';
|
||||
fseek(f, pos, SEEK_SET);
|
||||
fputs(buf, f);
|
||||
if(fseek(f, pos, SEEK_SET))
|
||||
break;
|
||||
if(fputs(buf, f) <= 0)
|
||||
break;
|
||||
disabled = true;
|
||||
}
|
||||
else if(!strncmp(buf, "-----END RSA", 12)) {
|
||||
buf[ 9] = 'O';
|
||||
buf[10] = 'L';
|
||||
buf[11] = 'D';
|
||||
fseek(f, pos, SEEK_SET);
|
||||
fputs(buf, f);
|
||||
if(fseek(f, pos, SEEK_SET))
|
||||
break;
|
||||
if(fputs(buf, f) <= 0)
|
||||
break;
|
||||
disabled = true;
|
||||
}
|
||||
pos = ftell(f);
|
||||
if(pos < 0)
|
||||
break;
|
||||
}
|
||||
|
||||
return disabled;
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#define __TINC_CONF_H__
|
||||
|
||||
#include "avl_tree.h"
|
||||
#include "list.h"
|
||||
|
||||
typedef struct config_t {
|
||||
char *variable;
|
||||
|
@ -40,6 +41,7 @@ extern int maxtimeout;
|
|||
extern bool bypass_security;
|
||||
extern char *confbase;
|
||||
extern char *netname;
|
||||
extern list_t *cmdline_conf;
|
||||
|
||||
extern void init_configuration(avl_tree_t **);
|
||||
extern void exit_configuration(avl_tree_t **);
|
||||
|
@ -54,8 +56,11 @@ extern bool get_config_string(const config_t *, char **);
|
|||
extern bool get_config_address(const config_t *, struct addrinfo **);
|
||||
extern bool get_config_subnet(const config_t *, struct subnet_t **);
|
||||
|
||||
extern config_t *parse_config_line(char *, const char *, int);
|
||||
extern bool read_config_file(avl_tree_t *, const char *);
|
||||
extern void read_config_options(avl_tree_t *, const char *);
|
||||
extern bool read_server_config(void);
|
||||
extern bool read_connection_config(struct connection_t *);
|
||||
extern FILE *ask_and_open(const char *, const char *);
|
||||
extern bool is_safe_path(const char *);
|
||||
extern bool disable_old_keys(FILE *);
|
||||
|
|
|
@ -127,14 +127,3 @@ void dump_connections(void) {
|
|||
|
||||
logger(LOG_DEBUG, "End of connections.");
|
||||
}
|
||||
|
||||
bool read_connection_config(connection_t *c) {
|
||||
char *fname;
|
||||
bool x;
|
||||
|
||||
xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
|
||||
x = read_config_file(c->config_tree, fname);
|
||||
free(fname);
|
||||
|
||||
return x;
|
||||
}
|
||||
|
|
|
@ -111,6 +111,5 @@ extern void free_connection(connection_t *);
|
|||
extern void connection_add(connection_t *);
|
||||
extern void connection_del(connection_t *);
|
||||
extern void dump_connections(void);
|
||||
extern bool read_connection_config(connection_t *);
|
||||
|
||||
#endif /* __TINC_CONNECTION_H__ */
|
||||
|
|
|
@ -38,8 +38,8 @@ char *device = NULL;
|
|||
char *iface = NULL;
|
||||
static char *device_info = NULL;
|
||||
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
static pid_t reader_pid;
|
||||
static int sp[2];
|
||||
|
@ -261,6 +261,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
graph.c -- graph algorithms
|
||||
Copyright (C) 2001-2010 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2011 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -199,16 +199,12 @@ void sssp_bfs(void) {
|
|||
n->address is set to the e->address of the edge left of n to n.
|
||||
We are currently examining the edge e right of n from n:
|
||||
|
||||
- If e->reverse->address != n->address, then e->to is probably
|
||||
not reachable for the nodes left of n. We do as if the indirectdata
|
||||
flag is set on edge e.
|
||||
- If edge e provides for better reachability of e->to, update
|
||||
e->to and (re)add it to the todo_list to (re)examine the reachability
|
||||
of nodes behind it.
|
||||
*/
|
||||
|
||||
indirect = n->status.indirect || e->options & OPTION_INDIRECT
|
||||
|| ((n != myself) && sockaddrcmp(&n->address, &e->reverse->address));
|
||||
indirect = n->status.indirect || e->options & OPTION_INDIRECT;
|
||||
|
||||
if(e->to->status.visited
|
||||
&& (!e->to->status.indirect || indirect))
|
||||
|
|
|
@ -47,11 +47,12 @@ char *iface = NULL;
|
|||
static char ifrname[IFNAMSIZ];
|
||||
static char *device_info;
|
||||
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
bool setup_device(void) {
|
||||
struct ifreq ifr;
|
||||
bool t1q = false;
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Device"), &device))
|
||||
device = xstrdup(DEFAULT_DEVICE);
|
||||
|
@ -61,7 +62,7 @@ bool setup_device(void) {
|
|||
if (netname != NULL)
|
||||
iface = xstrdup(netname);
|
||||
#else
|
||||
iface = xstrdup(rindex(device, '/') ? rindex(device, '/') + 1 : device);
|
||||
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||
#endif
|
||||
device_fd = open(device, O_RDWR | O_NONBLOCK);
|
||||
|
||||
|
@ -84,6 +85,12 @@ bool setup_device(void) {
|
|||
device_info = "Linux tun/tap device (tap mode)";
|
||||
}
|
||||
|
||||
#ifdef IFF_ONE_QUEUE
|
||||
/* Set IFF_ONE_QUEUE flag... */
|
||||
if(get_config_bool(lookup_config(config_tree, "IffOneQueue"), &t1q) && t1q)
|
||||
ifr.ifr_flags |= IFF_ONE_QUEUE;
|
||||
#endif
|
||||
|
||||
if(iface)
|
||||
strncpy(ifr.ifr_name, iface, IFNAMSIZ);
|
||||
|
||||
|
@ -105,7 +112,7 @@ bool setup_device(void) {
|
|||
device_type = DEVICE_TYPE_ETHERTAP;
|
||||
if(iface)
|
||||
free(iface);
|
||||
iface = xstrdup(rindex(device, '/') ? rindex(device, '/') + 1 : device);
|
||||
iface = xstrdup(strrchr(device, '/') ? strrchr(device, '/') + 1 : device);
|
||||
}
|
||||
|
||||
logger(LOG_INFO, "%s is a %s", device, device_info);
|
||||
|
@ -205,6 +212,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
|
@ -85,7 +85,7 @@ void logger(int priority, const char *format, ...) {
|
|||
#ifdef HAVE_MINGW
|
||||
{
|
||||
char message[4096];
|
||||
char *messages[] = {message};
|
||||
const char *messages[] = {message};
|
||||
vsnprintf(message, sizeof(message), format, ap);
|
||||
ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Windows tap driver in a MinGW environment
|
||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||
2002-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2002-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -38,8 +38,8 @@ char *device = NULL;
|
|||
char *iface = NULL;
|
||||
static char *device_info = NULL;
|
||||
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
extern char *myport;
|
||||
|
||||
|
@ -95,17 +95,9 @@ bool setup_device(void) {
|
|||
|
||||
bool found = false;
|
||||
|
||||
int sock, err;
|
||||
int err;
|
||||
HANDLE thread;
|
||||
|
||||
struct addrinfo *ai;
|
||||
struct addrinfo hint = {
|
||||
.ai_family = AF_UNSPEC,
|
||||
.ai_socktype = SOCK_STREAM,
|
||||
.ai_protocol = IPPROTO_TCP,
|
||||
.ai_flags = 0,
|
||||
};
|
||||
|
||||
get_config_string(lookup_config(config_tree, "Device"), &device);
|
||||
get_config_string(lookup_config(config_tree, "Interface"), &iface);
|
||||
|
||||
|
@ -247,6 +239,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
28
src/net.c
28
src/net.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net.c -- most of the network code
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -44,6 +44,8 @@ bool do_purge = false;
|
|||
volatile bool running = false;
|
||||
|
||||
time_t now = 0;
|
||||
int contradicting_add_edge = 0;
|
||||
int contradicting_del_edge = 0;
|
||||
|
||||
/* Purge edges and subnets of unreachable nodes. Use carefully. */
|
||||
|
||||
|
@ -278,12 +280,21 @@ static void check_network_activity(fd_set * readset, fd_set * writeset) {
|
|||
int result, i;
|
||||
socklen_t len = sizeof(result);
|
||||
vpn_packet_t packet;
|
||||
static int errors = 0;
|
||||
|
||||
/* check input from kernel */
|
||||
if(device_fd >= 0 && FD_ISSET(device_fd, readset)) {
|
||||
if(read_packet(&packet)) {
|
||||
errors = 0;
|
||||
packet.priority = 0;
|
||||
route(myself, &packet);
|
||||
} else {
|
||||
usleep(errors * 50000);
|
||||
errors++;
|
||||
if(errors > 10) {
|
||||
logger(LOG_ERR, "Too many errors from %s, exiting!", device);
|
||||
running = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -297,7 +308,7 @@ static void check_network_activity(fd_set * readset, fd_set * writeset) {
|
|||
if(FD_ISSET(c->socket, readset)) {
|
||||
if(c->status.connecting) {
|
||||
c->status.connecting = false;
|
||||
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len);
|
||||
getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len);
|
||||
|
||||
if(!result)
|
||||
finish_connecting(c);
|
||||
|
@ -415,6 +426,19 @@ int main_loop(void) {
|
|||
send_key_changed(broadcast, myself);
|
||||
keyexpires = now + keylifetime;
|
||||
}
|
||||
|
||||
if(contradicting_del_edge > 10 && contradicting_add_edge > 10) {
|
||||
logger(LOG_WARNING, "Possible node with same Name as us!");
|
||||
|
||||
if(rand() % 3 == 0) {
|
||||
logger(LOG_ERR, "Shutting down, check configuration of all nodes for duplicate Names!");
|
||||
running = false;
|
||||
break;
|
||||
}
|
||||
|
||||
contradicting_add_edge = 0;
|
||||
contradicting_del_edge = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if(sigalrm) {
|
||||
|
|
|
@ -106,15 +106,20 @@ extern list_t *outgoing_list;
|
|||
extern int maxoutbufsize;
|
||||
extern int seconds_till_retry;
|
||||
extern int addressfamily;
|
||||
extern unsigned replaywin;
|
||||
|
||||
extern listen_socket_t listen_socket[MAXSOCKETS];
|
||||
extern int listen_sockets;
|
||||
extern int keyexpires;
|
||||
extern int keylifetime;
|
||||
extern int udp_rcvbuf;
|
||||
extern int udp_sndbuf;
|
||||
extern bool do_prune;
|
||||
extern bool do_purge;
|
||||
extern char *myport;
|
||||
extern time_t now;
|
||||
extern int contradicting_add_edge;
|
||||
extern int contradicting_del_edge;
|
||||
|
||||
/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
|
||||
#include "connection.h"
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
/*
|
||||
net_packet.c -- Handles in- and outgoing VPN packets
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -59,6 +61,8 @@ static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999
|
|||
|
||||
static void send_udppacket(node_t *, vpn_packet_t *);
|
||||
|
||||
unsigned replaywin = 16;
|
||||
|
||||
#define MAX_SEQNO 1073741824
|
||||
|
||||
// mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
|
||||
|
@ -81,16 +85,21 @@ void send_mtu_probe(node_t *n) {
|
|||
}
|
||||
|
||||
if(n->mtuprobes > 32) {
|
||||
if(!n->minmtu) {
|
||||
n->mtuprobes = 31;
|
||||
timeout = pinginterval;
|
||||
goto end;
|
||||
}
|
||||
|
||||
ifdebug(TRAFFIC) logger(LOG_INFO, "%s (%s) did not respond to UDP ping, restarting PMTU discovery", n->name, n->hostname);
|
||||
n->mtuprobes = 1;
|
||||
n->minmtu = 0;
|
||||
n->maxmtu = MTU;
|
||||
}
|
||||
|
||||
if(n->mtuprobes >= 10 && !n->minmtu) {
|
||||
if(n->mtuprobes >= 10 && n->mtuprobes < 32 && !n->minmtu) {
|
||||
ifdebug(TRAFFIC) logger(LOG_INFO, "No response to MTU probes from %s (%s)", n->name, n->hostname);
|
||||
n->mtuprobes = 0;
|
||||
return;
|
||||
n->mtuprobes = 31;
|
||||
}
|
||||
|
||||
if(n->mtuprobes == 30 || (n->mtuprobes < 30 && n->minmtu >= n->maxmtu)) {
|
||||
|
@ -144,12 +153,17 @@ void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
|||
packet->data[0] = 1;
|
||||
send_udppacket(n, packet);
|
||||
} else {
|
||||
if(n->mtuprobes > 30) {
|
||||
if(n->minmtu)
|
||||
n->mtuprobes = 30;
|
||||
else
|
||||
n->mtuprobes = 1;
|
||||
}
|
||||
|
||||
if(len > n->maxmtu)
|
||||
len = n->maxmtu;
|
||||
if(n->minmtu < len)
|
||||
n->minmtu = len;
|
||||
if(n->mtuprobes > 30)
|
||||
n->mtuprobes = 30;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -292,25 +306,32 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
inpkt->len -= sizeof(inpkt->seqno);
|
||||
inpkt->seqno = ntohl(inpkt->seqno);
|
||||
|
||||
if(inpkt->seqno != n->received_seqno + 1) {
|
||||
if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) {
|
||||
logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
||||
|
||||
memset(n->late, 0, sizeof(n->late));
|
||||
} else if (inpkt->seqno <= n->received_seqno) {
|
||||
if((n->received_seqno >= sizeof(n->late) * 8 && inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8) || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) {
|
||||
logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
||||
return;
|
||||
if(replaywin) {
|
||||
if(inpkt->seqno != n->received_seqno + 1) {
|
||||
if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
|
||||
if(n->farfuture++ < replaywin >> 2) {
|
||||
logger(LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
|
||||
n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
|
||||
return;
|
||||
}
|
||||
logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
||||
memset(n->late, 0, replaywin);
|
||||
} else if (inpkt->seqno <= n->received_seqno) {
|
||||
if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
|
||||
logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
for(i = n->received_seqno + 1; i < inpkt->seqno; i++)
|
||||
n->late[(i / 8) % replaywin] |= 1 << i % 8;
|
||||
}
|
||||
} else {
|
||||
for(i = n->received_seqno + 1; i < inpkt->seqno; i++)
|
||||
n->late[(i / 8) % sizeof(n->late)] |= 1 << i % 8;
|
||||
}
|
||||
|
||||
n->farfuture = 0;
|
||||
n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
|
||||
}
|
||||
|
||||
n->late[(inpkt->seqno / 8) % sizeof(n->late)] &= ~(1 << inpkt->seqno % 8);
|
||||
|
||||
if(inpkt->seqno > n->received_seqno)
|
||||
n->received_seqno = inpkt->seqno;
|
||||
|
@ -365,7 +386,9 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
|||
vpn_packet_t *outpkt;
|
||||
int origlen;
|
||||
int outlen, outpad;
|
||||
#if defined(SOL_IP) && defined(IP_TOS)
|
||||
static int priority = 0;
|
||||
#endif
|
||||
int origpriority;
|
||||
int sock;
|
||||
|
||||
|
@ -552,20 +575,21 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
|
|||
avl_node_t *node;
|
||||
edge_t *e;
|
||||
node_t *n = NULL;
|
||||
bool hard = false;
|
||||
static time_t last_hard_try = 0;
|
||||
|
||||
for(node = edge_weight_tree->head; node; node = node->next) {
|
||||
e = node->data;
|
||||
|
||||
if(e->to == myself)
|
||||
continue;
|
||||
|
||||
if(sockaddrcmp_noport(from, &e->address)) {
|
||||
if(last_hard_try == now)
|
||||
continue;
|
||||
last_hard_try = now;
|
||||
hard = true;
|
||||
}
|
||||
|
||||
if(!n)
|
||||
n = e->to;
|
||||
|
||||
if(!try_mac(e->to, pkt))
|
||||
continue;
|
||||
|
||||
|
@ -573,6 +597,9 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(hard)
|
||||
last_hard_try = now;
|
||||
|
||||
return n;
|
||||
}
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -149,7 +150,7 @@ bool read_rsa_private_key(void) {
|
|||
struct stat s;
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
||||
if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) {
|
||||
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
||||
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
||||
return false;
|
||||
}
|
||||
|
@ -270,15 +271,16 @@ bool setup_myself(void) {
|
|||
config_t *cfg;
|
||||
subnet_t *subnet;
|
||||
char *name, *hostname, *mode, *afname, *cipher, *digest;
|
||||
char *fname = NULL;
|
||||
char *address = NULL;
|
||||
char *envp[5];
|
||||
struct addrinfo *ai, *aip, hint = {0};
|
||||
bool choice;
|
||||
int i, err;
|
||||
int replaywin_int;
|
||||
|
||||
myself = new_node();
|
||||
myself->connection = new_connection();
|
||||
init_configuration(&myself->connection->config_tree);
|
||||
|
||||
myself->hostname = xstrdup("MYSELF");
|
||||
myself->connection->hostname = xstrdup("MYSELF");
|
||||
|
@ -299,17 +301,15 @@ bool setup_myself(void) {
|
|||
|
||||
myself->name = name;
|
||||
myself->connection->name = xstrdup(name);
|
||||
|
||||
if(!read_connection_config(myself->connection)) {
|
||||
logger(LOG_ERR, "Cannot open host configuration file for myself!");
|
||||
return false;
|
||||
}
|
||||
xasprintf(&fname, "%s/hosts/%s", confbase, name);
|
||||
read_config_options(config_tree, name);
|
||||
read_config_file(config_tree, fname);
|
||||
free(fname);
|
||||
|
||||
if(!read_rsa_private_key())
|
||||
return false;
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Port"), &myport)
|
||||
&& !get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
|
||||
if(!get_config_string(lookup_config(config_tree, "Port"), &myport))
|
||||
myport = xstrdup("655");
|
||||
|
||||
if(!atoi(myport)) {
|
||||
|
@ -324,7 +324,7 @@ bool setup_myself(void) {
|
|||
|
||||
/* Read in all the subnets specified in the host configuration file */
|
||||
|
||||
cfg = lookup_config(myself->connection->config_tree, "Subnet");
|
||||
cfg = lookup_config(config_tree, "Subnet");
|
||||
|
||||
while(cfg) {
|
||||
if(!get_config_subnet(cfg, &subnet))
|
||||
|
@ -332,7 +332,7 @@ bool setup_myself(void) {
|
|||
|
||||
subnet_add(myself, subnet);
|
||||
|
||||
cfg = lookup_config_next(myself->connection->config_tree, cfg);
|
||||
cfg = lookup_config_next(config_tree, cfg);
|
||||
}
|
||||
|
||||
/* Check some options */
|
||||
|
@ -343,12 +343,6 @@ bool setup_myself(void) {
|
|||
if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice)
|
||||
myself->options |= OPTION_TCPONLY;
|
||||
|
||||
if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice) && choice)
|
||||
myself->options |= OPTION_INDIRECT;
|
||||
|
||||
if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice)
|
||||
myself->options |= OPTION_TCPONLY;
|
||||
|
||||
if(myself->options & OPTION_TCPONLY)
|
||||
myself->options |= OPTION_INDIRECT;
|
||||
|
||||
|
@ -386,14 +380,12 @@ bool setup_myself(void) {
|
|||
}
|
||||
|
||||
choice = true;
|
||||
get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
|
||||
get_config_bool(lookup_config(config_tree, "PMTUDiscovery"), &choice);
|
||||
if(choice)
|
||||
myself->options |= OPTION_PMTU_DISCOVERY;
|
||||
|
||||
choice = true;
|
||||
get_config_bool(lookup_config(config_tree, "ClampMSS"), &choice);
|
||||
get_config_bool(lookup_config(myself->connection->config_tree, "ClampMSS"), &choice);
|
||||
if(choice)
|
||||
myself->options |= OPTION_CLAMP_MSS;
|
||||
|
||||
|
@ -415,6 +407,28 @@ bool setup_myself(void) {
|
|||
} else
|
||||
maxtimeout = 900;
|
||||
|
||||
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
|
||||
if(udp_rcvbuf <= 0) {
|
||||
logger(LOG_ERR, "UDPRcvBuf cannot be negative!");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
|
||||
if(udp_sndbuf <= 0) {
|
||||
logger(LOG_ERR, "UDPSndBuf cannot be negative!");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
|
||||
if(replaywin_int < 0) {
|
||||
logger(LOG_ERR, "ReplayWindow cannot be negative!");
|
||||
return false;
|
||||
}
|
||||
replaywin = (unsigned)replaywin_int;
|
||||
}
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) {
|
||||
if(!strcasecmp(afname, "IPv4"))
|
||||
addressfamily = AF_INET;
|
||||
|
@ -434,7 +448,7 @@ bool setup_myself(void) {
|
|||
/* Generate packet encryption key */
|
||||
|
||||
if(get_config_string
|
||||
(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) {
|
||||
(lookup_config(config_tree, "Cipher"), &cipher)) {
|
||||
if(!strcasecmp(cipher, "none")) {
|
||||
myself->incipher = NULL;
|
||||
} else {
|
||||
|
@ -462,7 +476,7 @@ bool setup_myself(void) {
|
|||
|
||||
/* Check if we want to use message authentication codes... */
|
||||
|
||||
if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) {
|
||||
if(get_config_string(lookup_config(config_tree, "Digest"), &digest)) {
|
||||
if(!strcasecmp(digest, "none")) {
|
||||
myself->indigest = NULL;
|
||||
} else {
|
||||
|
@ -478,7 +492,7 @@ bool setup_myself(void) {
|
|||
|
||||
myself->connection->outdigest = EVP_sha1();
|
||||
|
||||
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
|
||||
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
|
||||
if(myself->indigest) {
|
||||
if(myself->inmaclength > myself->indigest->md_size) {
|
||||
logger(LOG_ERR, "MAC length exceeds size of digest!");
|
||||
|
@ -495,7 +509,7 @@ bool setup_myself(void) {
|
|||
|
||||
/* Compression */
|
||||
|
||||
if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->incompression)) {
|
||||
if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
|
||||
if(myself->incompression < 0 || myself->incompression > 11) {
|
||||
logger(LOG_ERR, "Bogus compression level!");
|
||||
return false;
|
||||
|
|
|
@ -44,6 +44,8 @@
|
|||
int addressfamily = AF_UNSPEC;
|
||||
int maxtimeout = 900;
|
||||
int seconds_till_retry = 5;
|
||||
int udp_rcvbuf = 0;
|
||||
int udp_sndbuf = 0;
|
||||
|
||||
listen_socket_t listen_socket[MAXSOCKETS];
|
||||
int listen_sockets;
|
||||
|
@ -70,12 +72,12 @@ static void configure_tcp(connection_t *c) {
|
|||
|
||||
#if defined(SOL_TCP) && defined(TCP_NODELAY)
|
||||
option = 1;
|
||||
setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option));
|
||||
setsockopt(c->socket, SOL_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
|
||||
#endif
|
||||
|
||||
#if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY)
|
||||
option = IPTOS_LOWDELAY;
|
||||
setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option));
|
||||
setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof(option));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -95,7 +97,7 @@ static bool bind_to_interface(int sd) {
|
|||
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
||||
ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
|
||||
|
||||
status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr));
|
||||
status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
|
||||
if(status) {
|
||||
logger(LOG_ERR, "Can't bind to interface %s: %s", iface,
|
||||
strerror(errno));
|
||||
|
@ -181,11 +183,11 @@ int setup_listen_socket(const sockaddr_t *sa) {
|
|||
/* Optimize TCP settings */
|
||||
|
||||
option = 1;
|
||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
|
||||
|
||||
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
||||
if(sa->sa.sa_family == AF_INET6)
|
||||
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
|
||||
#endif
|
||||
|
||||
if(get_config_string
|
||||
|
@ -196,7 +198,7 @@ int setup_listen_socket(const sockaddr_t *sa) {
|
|||
memset(&ifr, 0, sizeof(ifr));
|
||||
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
|
||||
|
||||
if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) {
|
||||
if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
|
||||
closesocket(nfd);
|
||||
logger(LOG_ERR, "Can't bind to interface %s: %s", iface,
|
||||
strerror(sockerrno));
|
||||
|
@ -259,11 +261,17 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
|||
#endif
|
||||
|
||||
option = 1;
|
||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
|
||||
|
||||
if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf)))
|
||||
logger(LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, strerror(errno));
|
||||
|
||||
if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf)))
|
||||
logger(LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, strerror(errno));
|
||||
|
||||
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||
if(sa->sa.sa_family == AF_INET6)
|
||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
|
||||
#endif
|
||||
|
||||
#if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
|
||||
|
@ -273,12 +281,12 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
|||
#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
||||
if(myself->options & OPTION_PMTU_DISCOVERY) {
|
||||
option = IP_PMTUDISC_DO;
|
||||
setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option));
|
||||
setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
|
||||
}
|
||||
#elif defined(IPPROTO_IP) && defined(IP_DONTFRAGMENT)
|
||||
if(myself->options & OPTION_PMTU_DISCOVERY) {
|
||||
option = 1;
|
||||
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, &option, sizeof(option));
|
||||
setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
|
||||
}
|
||||
#else
|
||||
#warning No way to disable IPv4 fragmentation
|
||||
|
@ -287,12 +295,12 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
|
|||
#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
|
||||
if(myself->options & OPTION_PMTU_DISCOVERY) {
|
||||
option = IPV6_PMTUDISC_DO;
|
||||
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option));
|
||||
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
|
||||
}
|
||||
#elif defined(IPPROTO_IPV6) && defined(IPV6_DONTFRAG)
|
||||
if(myself->options & OPTION_PMTU_DISCOVERY) {
|
||||
option = 1;
|
||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, &option, sizeof(option));
|
||||
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
|
||||
}
|
||||
#else
|
||||
#warning No way to disable IPv6 fragmentation
|
||||
|
@ -410,7 +418,7 @@ begin:
|
|||
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
||||
int option = 1;
|
||||
if(c->address.sa.sa_family == AF_INET6)
|
||||
setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||
setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
|
||||
#endif
|
||||
|
||||
bind_to_interface(c->socket);
|
||||
|
|
11
src/netutl.c
11
src/netutl.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
netutl.c -- some supporting network utility code
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -93,8 +93,7 @@ void sockaddr2str(const sockaddr_t *sa, char **addrstr, char **portstr) {
|
|||
if(err) {
|
||||
logger(LOG_ERR, "Error while translating addresses: %s",
|
||||
gai_strerror(err));
|
||||
raise(SIGFPE);
|
||||
exit(0);
|
||||
abort();
|
||||
}
|
||||
|
||||
scopeid = strchr(address, '%');
|
||||
|
@ -155,8 +154,7 @@ int sockaddrcmp_noport(const sockaddr_t *a, const sockaddr_t *b) {
|
|||
default:
|
||||
logger(LOG_ERR, "sockaddrcmp() was called with unknown address family %d, exitting!",
|
||||
a->sa.sa_family);
|
||||
raise(SIGFPE);
|
||||
exit(0);
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -199,8 +197,7 @@ int sockaddrcmp(const sockaddr_t *a, const sockaddr_t *b) {
|
|||
default:
|
||||
logger(LOG_ERR, "sockaddrcmp() was called with unknown address family %d, exitting!",
|
||||
a->sa.sa_family);
|
||||
raise(SIGFPE);
|
||||
exit(0);
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
11
src/node.c
11
src/node.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
node.c -- node tree management
|
||||
Copyright (C) 2001-2009 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2011 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -54,6 +54,7 @@ void exit_nodes(void) {
|
|||
node_t *new_node(void) {
|
||||
node_t *n = xmalloc_and_zero(sizeof(*n));
|
||||
|
||||
if(replaywin) n->late = xmalloc_and_zero(replaywin);
|
||||
n->subnet_tree = new_subnet_tree();
|
||||
n->edge_tree = new_edge_tree();
|
||||
EVP_CIPHER_CTX_init(&n->inctx);
|
||||
|
@ -91,6 +92,9 @@ void free_node(node_t *n) {
|
|||
if(n->name)
|
||||
free(n->name);
|
||||
|
||||
if(n->late)
|
||||
free(n->late);
|
||||
|
||||
free(n);
|
||||
}
|
||||
|
||||
|
@ -137,6 +141,11 @@ node_t *lookup_node_udp(const sockaddr_t *sa) {
|
|||
}
|
||||
|
||||
void update_node_udp(node_t *n, const sockaddr_t *sa) {
|
||||
if(n == myself) {
|
||||
logger(LOG_WARNING, "Trying to update UDP address of myself!\n");
|
||||
return;
|
||||
}
|
||||
|
||||
avl_delete(node_udp_tree, n);
|
||||
|
||||
if(n->hostname)
|
||||
|
|
|
@ -77,7 +77,8 @@ typedef struct node_t {
|
|||
|
||||
uint32_t sent_seqno; /* Sequence number last sent to this node */
|
||||
uint32_t received_seqno; /* Sequence number last received from this node */
|
||||
unsigned char late[16]; /* Bitfield marking late packets */
|
||||
uint32_t farfuture; /* Packets in a row that have arrived from the far future */
|
||||
unsigned char* late; /* Bitfield marking late packets */
|
||||
|
||||
length_t mtu; /* Maximum size of packets to send to this node */
|
||||
length_t minmtu; /* Probed minimum MTU */
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
process.c -- process management functions
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -43,7 +43,9 @@ extern char **g_argv;
|
|||
extern bool use_logfile;
|
||||
extern volatile bool running;
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
sigset_t emptysigset;
|
||||
#endif
|
||||
|
||||
static int saved_debug_level = -1;
|
||||
|
||||
|
@ -354,7 +356,7 @@ bool detach(void) {
|
|||
bool execute_script(const char *name, char **envp) {
|
||||
#ifdef HAVE_SYSTEM
|
||||
int status, len;
|
||||
char *scriptname, *p;
|
||||
char *scriptname;
|
||||
int i;
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
|
@ -395,7 +397,7 @@ bool execute_script(const char *name, char **envp) {
|
|||
for(i = 0; envp[i]; i++) {
|
||||
char *e = strchr(envp[i], '=');
|
||||
if(e) {
|
||||
p = alloca(e - envp[i] + 1);
|
||||
char p[e - envp[i] + 1];
|
||||
strncpy(p, envp[i], e - envp[i]);
|
||||
p[e - envp[i]] = '\0';
|
||||
putenv(p);
|
||||
|
@ -544,6 +546,7 @@ static struct {
|
|||
{SIGCHLD, ignore_signal_handler},
|
||||
{SIGALRM, sigalrm_handler},
|
||||
{SIGWINCH, sigwinch_handler},
|
||||
{SIGABRT, SIG_DFL},
|
||||
{0, NULL}
|
||||
};
|
||||
#endif
|
||||
|
|
|
@ -30,4 +30,8 @@ extern bool execute_script(const char *, char **);
|
|||
extern bool detach(void);
|
||||
extern bool kill_other(int);
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
extern bool init_service(void);
|
||||
#endif
|
||||
|
||||
#endif /* __TINC_PROCESS_H__ */
|
||||
|
|
|
@ -109,15 +109,13 @@ bool id_h(connection_t *c) {
|
|||
}
|
||||
|
||||
bool send_metakey(connection_t *c) {
|
||||
char *buffer;
|
||||
int len;
|
||||
bool x;
|
||||
|
||||
len = RSA_size(c->rsa_key);
|
||||
int len = RSA_size(c->rsa_key);
|
||||
|
||||
/* Allocate buffers for the meta key */
|
||||
|
||||
buffer = alloca(2 * len + 1);
|
||||
char buffer[2 * len + 1];
|
||||
|
||||
c->outkey = xrealloc(c->outkey, len);
|
||||
|
||||
|
@ -287,16 +285,13 @@ bool metakey_h(connection_t *c) {
|
|||
}
|
||||
|
||||
bool send_challenge(connection_t *c) {
|
||||
char *buffer;
|
||||
int len;
|
||||
|
||||
/* CHECKME: what is most reasonable value for len? */
|
||||
|
||||
len = RSA_size(c->rsa_key);
|
||||
int len = RSA_size(c->rsa_key);
|
||||
|
||||
/* Allocate buffers for the challenge */
|
||||
|
||||
buffer = alloca(2 * len + 1);
|
||||
char buffer[2 * len + 1];
|
||||
|
||||
c->hischallenge = xrealloc(c->hischallenge, len);
|
||||
|
||||
|
@ -539,7 +534,7 @@ bool ack_h(connection_t *c) {
|
|||
if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
|
||||
n->mtu = mtu;
|
||||
|
||||
if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
|
||||
if(get_config_int(lookup_config(config_tree, "PMTU"), &mtu) && mtu < n->mtu)
|
||||
n->mtu = mtu;
|
||||
|
||||
if(get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice)) {
|
||||
|
|
|
@ -133,6 +133,7 @@ bool add_edge_h(connection_t *c) {
|
|||
} else if(from == myself) {
|
||||
ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) for ourself which does not exist",
|
||||
"ADD_EDGE", c->name, c->hostname);
|
||||
contradicting_add_edge++;
|
||||
e = new_edge();
|
||||
e->from = from;
|
||||
e->to = to;
|
||||
|
@ -229,6 +230,7 @@ bool del_edge_h(connection_t *c) {
|
|||
if(e->from == myself) {
|
||||
ifdebug(PROTOCOL) logger(LOG_WARNING, "Got %s from %s (%s) for ourself",
|
||||
"DEL_EDGE", c->name, c->hostname);
|
||||
contradicting_del_edge++;
|
||||
send_add_edge(c, e); /* Send back a correction */
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
protocol_key.c -- handle the meta-protocol, key exchange
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -145,8 +145,6 @@ bool req_key_h(connection_t *c) {
|
|||
}
|
||||
|
||||
bool send_ans_key(node_t *to) {
|
||||
char *key;
|
||||
|
||||
// Set key parameters
|
||||
to->incipher = myself->incipher;
|
||||
to->inkeylength = myself->inkeylength;
|
||||
|
@ -165,10 +163,10 @@ bool send_ans_key(node_t *to) {
|
|||
// Reset sequence number and late packet window
|
||||
mykeyused = true;
|
||||
to->received_seqno = 0;
|
||||
memset(to->late, 0, sizeof(to->late));
|
||||
if(replaywin) memset(to->late, 0, replaywin);
|
||||
|
||||
// Convert to hexadecimal and send
|
||||
key = alloca(2 * to->inkeylength + 1);
|
||||
char key[2 * to->inkeylength + 1];
|
||||
bin2hex(to->inkey, key, to->inkeylength);
|
||||
key[to->inkeylength * 2] = '\0';
|
||||
|
||||
|
@ -229,7 +227,7 @@ bool ans_key_h(connection_t *c) {
|
|||
return true;
|
||||
}
|
||||
|
||||
if(!*address) {
|
||||
if(!*address && from->address.sa.sa_family != AF_UNSPEC) {
|
||||
char *address, *port;
|
||||
ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
|
||||
sockaddr2str(&from->address, &address, &port);
|
||||
|
@ -312,7 +310,7 @@ bool ans_key_h(connection_t *c) {
|
|||
update_node_udp(from, &sa);
|
||||
}
|
||||
|
||||
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
|
||||
if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuevent)
|
||||
send_mtu_probe(from);
|
||||
|
||||
return true;
|
||||
|
|
|
@ -35,8 +35,8 @@ char *iface = NULL;
|
|||
static char ifrname[IFNAMSIZ];
|
||||
static char *device_info;
|
||||
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
bool setup_device(void) {
|
||||
struct ifreq ifr;
|
||||
|
@ -123,6 +123,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Solaris tun device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -34,15 +34,15 @@
|
|||
#define DEFAULT_DEVICE "/dev/tun"
|
||||
|
||||
int device_fd = -1;
|
||||
int ip_fd = -1, if_fd = -1;
|
||||
char *device = NULL;
|
||||
char *iface = NULL;
|
||||
static char *device_info = NULL;
|
||||
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
bool setup_device(void) {
|
||||
int ip_fd = -1, if_fd = -1;
|
||||
int ppa;
|
||||
char *ptr;
|
||||
|
||||
|
@ -105,6 +105,8 @@ bool setup_device(void) {
|
|||
}
|
||||
|
||||
void close_device(void) {
|
||||
close(if_fd);
|
||||
close(ip_fd);
|
||||
close(device_fd);
|
||||
|
||||
free(device);
|
||||
|
@ -163,6 +165,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
59
src/tincd.c
59
src/tincd.c
|
@ -1,9 +1,11 @@
|
|||
/*
|
||||
tincd.c -- the main file for tincd
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2010 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2008 Max Rijevski <maksuf@gmail.com>
|
||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||
2010 Julien Muchembled <jm@jmuchemb.eu>
|
||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -118,6 +120,7 @@ static struct option const long_options[] = {
|
|||
#ifdef HAVE_MINGW
|
||||
static struct WSAData wsa_state;
|
||||
CRITICAL_SECTION mutex;
|
||||
int main2(int argc, char **argv);
|
||||
#endif
|
||||
|
||||
static void usage(bool status) {
|
||||
|
@ -135,6 +138,7 @@ static void usage(bool status) {
|
|||
" -L, --mlock Lock tinc into main memory.\n"
|
||||
" --logfile[=FILENAME] Write log entries to a logfile.\n"
|
||||
" --pidfile=FILENAME Write PID to FILENAME.\n"
|
||||
" -o [HOST.]KEY=VALUE Set global/host configuration value.\n"
|
||||
" -R, --chroot chroot to NET dir at startup.\n"
|
||||
" -U, --user=USER setuid to given USER at startup.\n"
|
||||
" --help Display this help and exit.\n"
|
||||
|
@ -144,10 +148,14 @@ static void usage(bool status) {
|
|||
}
|
||||
|
||||
static bool parse_options(int argc, char **argv) {
|
||||
config_t *cfg;
|
||||
int r;
|
||||
int option_index = 0;
|
||||
int lineno = 0;
|
||||
|
||||
while((r = getopt_long(argc, argv, "c:DLd::k::n:K::RU:", long_options, &option_index)) != EOF) {
|
||||
cmdline_conf = list_alloc((list_action_t)free_config);
|
||||
|
||||
while((r = getopt_long(argc, argv, "c:DLd::k::n:o:K::RU:", long_options, &option_index)) != EOF) {
|
||||
switch (r) {
|
||||
case 0: /* long option */
|
||||
break;
|
||||
|
@ -195,6 +203,8 @@ static bool parse_options(int argc, char **argv) {
|
|||
kill_tincd = SIGINT;
|
||||
else if(!strcasecmp(optarg, "ALRM"))
|
||||
kill_tincd = SIGALRM;
|
||||
else if(!strcasecmp(optarg, "ABRT"))
|
||||
kill_tincd = SIGABRT;
|
||||
else {
|
||||
kill_tincd = atoi(optarg);
|
||||
|
||||
|
@ -213,7 +223,16 @@ static bool parse_options(int argc, char **argv) {
|
|||
break;
|
||||
|
||||
case 'n': /* net name given */
|
||||
netname = xstrdup(optarg);
|
||||
/* netname "." is special: a "top-level name" */
|
||||
netname = strcmp(optarg, ".") != 0 ?
|
||||
xstrdup(optarg) : NULL;
|
||||
break;
|
||||
|
||||
case 'o': /* option */
|
||||
cfg = parse_config_line(optarg, NULL, ++lineno);
|
||||
if (!cfg)
|
||||
return false;
|
||||
list_insert_tail(cmdline_conf, cfg);
|
||||
break;
|
||||
|
||||
case 'K': /* generate public/private keypair */
|
||||
|
@ -350,6 +369,7 @@ static bool keygen(int bits) {
|
|||
fchmod(fileno(f), 0600);
|
||||
#endif
|
||||
|
||||
fputc('\n', f);
|
||||
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
|
||||
fclose(f);
|
||||
free(filename);
|
||||
|
@ -367,6 +387,7 @@ static bool keygen(int bits) {
|
|||
if(disable_old_keys(f))
|
||||
fprintf(stderr, "Warning: old key(s) found and disabled.\n");
|
||||
|
||||
fputc('\n', f);
|
||||
PEM_write_RSAPublicKey(f, rsa_key);
|
||||
fclose(f);
|
||||
free(filename);
|
||||
|
@ -483,12 +504,12 @@ static bool drop_privs() {
|
|||
}
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
# define setpriority(level) SetPriorityClass(GetCurrentProcess(), level)
|
||||
# define setpriority(level) SetPriorityClass(GetCurrentProcess(), (level))
|
||||
#else
|
||||
# define NORMAL_PRIORITY_CLASS 0
|
||||
# define BELOW_NORMAL_PRIORITY_CLASS 10
|
||||
# define HIGH_PRIORITY_CLASS -10
|
||||
# define setpriority(level) nice(level)
|
||||
# define setpriority(level) (setpriority(PRIO_PROCESS, 0, (level)))
|
||||
#endif
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
|
@ -502,7 +523,7 @@ int main(int argc, char **argv) {
|
|||
if(show_version) {
|
||||
printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
|
||||
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
||||
printf("Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||
printf("Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||
"See the AUTHORS file for a complete list.\n\n"
|
||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||
"and you are welcome to redistribute it under certain conditions;\n"
|
||||
|
@ -594,13 +615,25 @@ int main2(int argc, char **argv) {
|
|||
char *priority = 0;
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
|
||||
if(!strcasecmp(priority, "Normal"))
|
||||
setpriority(NORMAL_PRIORITY_CLASS);
|
||||
else if(!strcasecmp(priority, "Low"))
|
||||
setpriority(BELOW_NORMAL_PRIORITY_CLASS);
|
||||
else if(!strcasecmp(priority, "High"))
|
||||
setpriority(HIGH_PRIORITY_CLASS);
|
||||
else {
|
||||
if(!strcasecmp(priority, "Normal")) {
|
||||
if (setpriority(NORMAL_PRIORITY_CLASS) != 0) {
|
||||
logger(LOG_ERR, "System call `%s' failed: %s",
|
||||
"setpriority", strerror(errno));
|
||||
goto end;
|
||||
}
|
||||
} else if(!strcasecmp(priority, "Low")) {
|
||||
if (setpriority(BELOW_NORMAL_PRIORITY_CLASS) != 0) {
|
||||
logger(LOG_ERR, "System call `%s' failed: %s",
|
||||
"setpriority", strerror(errno));
|
||||
goto end;
|
||||
}
|
||||
} else if(!strcasecmp(priority, "High")) {
|
||||
if (setpriority(HIGH_PRIORITY_CLASS) != 0) {
|
||||
logger(LOG_ERR, "System call `%s' failed: %s",
|
||||
"setpriority", strerror(errno));
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
logger(LOG_ERR, "Invalid priority `%s`!", priority);
|
||||
goto end;
|
||||
}
|
||||
|
|
|
@ -41,8 +41,8 @@ static char *device_info;
|
|||
extern char *identname;
|
||||
extern bool running;
|
||||
|
||||
static int device_total_in = 0;
|
||||
static int device_total_out = 0;
|
||||
static uint64_t device_total_in = 0;
|
||||
static uint64_t device_total_out = 0;
|
||||
|
||||
enum request_type { REQ_NEW_CONTROL };
|
||||
|
||||
|
@ -272,6 +272,6 @@ bool write_packet(vpn_packet_t *packet) {
|
|||
|
||||
void dump_device_stats(void) {
|
||||
logger(LOG_DEBUG, "Statistics for %s %s:", device_info, device);
|
||||
logger(LOG_DEBUG, " total bytes in: %10d", device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10d", device_total_out);
|
||||
logger(LOG_DEBUG, " total bytes in: %10"PRIu64, device_total_in);
|
||||
logger(LOG_DEBUG, " total bytes out: %10"PRIu64, device_total_out);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue