From e0e55285b852bb04bf91c7f7f231b4ce1c2de3f3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 26 Aug 2019 13:44:48 +0200 Subject: [PATCH] Import Upstream version 1.0.32 --- ChangeLog | 68 ++++++--- INSTALL | 316 +++++++++++++++++++-------------------- Makefile.in | 12 +- NEWS | 10 ++ README | 2 +- THANKS | 2 + aclocal.m4 | 46 +++--- configure | 20 +-- configure.ac | 2 +- depcomp | 6 +- distro/Makefile.in | 4 +- distro/tinc@.service | 1 + doc/Makefile.in | 4 +- doc/sample-config.tar.gz | Bin 1249 -> 1259 bytes doc/tinc.info | 128 ++++++++-------- doc/tinc.texi | 4 +- m4/Makefile.in | 4 +- src/Makefile.in | 4 +- src/meta.c | 4 +- src/net_setup.c | 7 +- src/net_socket.c | 39 ++++- src/proxy.c | 4 +- src/route.c | 15 +- src/solaris/device.c | 43 ++++-- 24 files changed, 424 insertions(+), 321 deletions(-) diff --git a/ChangeLog b/ChangeLog index d306c3c..02d3df9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +Version 1.0.32 September 02 2017 +------------------------------------------------------------------------ + +Guus Sliepen (13): + Don't dereference myself->incipher if it's NULL. + Merge remote-tracking branch 'VittGam/master' + Use /dev/udp instead of /dev/ip on Solaris. + Use getmsg()/putmsg() instead of read()/write() on Solaris. + Fix Solaris DeviceType = tap in router Mode. + Bind outgoing TCP sockets. + Move logging of "would block" messages to debug level 4. + Set KillMode=mixed in the systemd service file. + Don't forget about outgoing connections on host file read errors. + Fix Proxy = exec. + Set status.proxy_passed early for Proxy = exec. + Don't try to bind Proxy = exec sockets to an address. + Releasing 1.0.32. + +Vittorio Gambaletta (VittGam) (1): + route: Support ToS/DiffServ priority inheritance when routing IPv6 packets. + Version 1.0.31 January 15 2017 ------------------------------------------------------------------------ @@ -162,20 +183,7 @@ VittGam (1): Version 1.0.24 May 11 2014 ------------------------------------------------------------------------ -Guus Sliepen (26): - Mention in the manual that multiple Address staments are allowed. - If no Port is specified, set myport to actual port of first listening socket. - Enable compiler hardening flags by default. - Update support for Solaris. - Include for PATH_MAX. - Stricter check for raw socket support. - Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris. - Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16. - Don't enable -fstack-protector-all. - Remove or lower the priority of some debug messages. - Clarify StrictSubnets. - Attribution for various contributors. - Handle errors from TAP-Win32/64 adapter in a better way. +Guus Sliepen (13): Remove useless variable 'hard' from try_harder(). Merge pull request #14 from luckyhacky/master Add an autoconf check for res_init(). @@ -195,22 +203,40 @@ Steffan Karger (3): Use cryptographically strong random when generating keys. Check RAND_bytes() return value, fail when getting random fails. -Florent Clairambault (2): - Adding "conf.d" configuration dir support. - Adding some documentation around the /etc/tinc/$NET/conf.d directory. - Armin Fisslthaler (1): reload /etc/resolv.conf in SIGALRM handler Loic Dachary (1): fix documentation typo -Vilbrekin (1): - Update android build instructions. Disable PIE as this is not supported on some devices. - luckyhacky (1): update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl +refs/tags/1.0.23-android-1 March 11 2014 +------------------------------------------------------------------------ + +Guus Sliepen (13): + Mention in the manual that multiple Address staments are allowed. + If no Port is specified, set myport to actual port of first listening socket. + Enable compiler hardening flags by default. + Update support for Solaris. + Include for PATH_MAX. + Stricter check for raw socket support. + Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris. + Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16. + Don't enable -fstack-protector-all. + Remove or lower the priority of some debug messages. + Clarify StrictSubnets. + Attribution for various contributors. + Handle errors from TAP-Win32/64 adapter in a better way. + +Florent Clairambault (2): + Adding "conf.d" configuration dir support. + Adding some documentation around the /etc/tinc/$NET/conf.d directory. + +Vilbrekin (1): + Update android build instructions. Disable PIE as this is not supported on some devices. + Version 1.0.23 October 19 2013 ------------------------------------------------------------------------ diff --git a/INSTALL b/INSTALL index 2099840..8865734 100644 --- a/INSTALL +++ b/INSTALL @@ -1,8 +1,8 @@ Installation Instructions ************************* -Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, -Inc. + Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software +Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright @@ -12,97 +12,96 @@ without warranty of any kind. Basic Installation ================== - Briefly, the shell command `./configure && make && make install' + Briefly, the shell command './configure && make && make install' should configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for +more-detailed instructions are generic; see the 'README' file for instructions specific to this package. Some packages provide this -`INSTALL' file but do not implement all of the features documented +'INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. - The `configure' shell script attempts to guess correct values for + The 'configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you +some point 'config.cache' contains results you don't want to keep, you may remove or edit it. - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. The simplest way to compile this package is: - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. - Running `configure' might take a while. While running, it prints + Running 'configure' might take a while. While running, it prints some messages telling which features it is checking for. - 2. Type `make' to compile the package. + 2. Type 'make' to compile the package. - 3. Optionally, type `make check' to run any self-tests that come with + 3. Optionally, type 'make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. - 4. Type `make install' to install the programs and any data files and + 4. Type 'make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular - user, and only the `make install' phase executed with root + user, and only the 'make install' phase executed with root privileges. - 5. Optionally, type `make installcheck' to repeat any self-tests, but + 5. Optionally, type 'make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a - regular user, particularly if the prior `make install' required + regular user, particularly if the prior 'make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. - 7. Often, you can also type `make uninstall' to remove the installed + 7. Often, you can also type 'make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. - 8. Some packages, particularly those that use Automake, provide `make + 8. Some packages, particularly those that use Automake, provide 'make distcheck', which can by used by developers to test that all other - targets like `make install' and `make uninstall' work correctly. + targets like 'make install' and 'make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. Run `./configure --help' +the 'configure' script does not know about. Run './configure --help' for details on some of the pertinent environment variables. - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix @@ -113,21 +112,21 @@ Compiling For Multiple Architectures You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the +own directory. To do this, you can use GNU 'make'. 'cd' to the directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. This -is known as a "VPATH" build. +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. - With a non-GNU `make', it is safer to compile the package for one + With a non-GNU 'make', it is safer to compile the package for one architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before +installed the package for one architecture, use 'make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or -"universal" binaries--by specifying multiple `-arch' options to the -compiler but only a single `-arch' option to the preprocessor. Like +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ @@ -136,105 +135,104 @@ this: This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results -using the `lipo' tool if you have problems. +using the 'lipo' tool if you have problems. Installation Names ================== - By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX', where PREFIX must be an + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. In general, the -default for these options is expressed in terms of `${prefix}', so that -specifying just `--prefix' will affect all of the other directory +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the -correct locations to `configure'; however, many packages provide one or +correct locations to 'configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the -`make install' command line to change installation locations without +'make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each -affected directory. For example, `make install +affected directory. For example, 'make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of -`${prefix}'. Any directories that were specified during `configure', -but not in terms of `${prefix}', must each be overridden at install -time for the entire installation to be relocated. The approach of -makefile variable overrides for each directory variable is required by -the GNU Coding Standards, and ideally causes no recompilation. -However, some platforms have known limitations with the semantics of -shared libraries that end up requiring recompilation when using this -method, particularly noticeable in packages that use GNU Libtool. +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. - The second method involves providing the `DESTDIR' variable. For -example, `make install DESTDIR=/alternate/directory' will prepend -`/alternate/directory' before all installation names. The approach of -`DESTDIR' overrides is not required by the GNU Coding Standards, and + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even -when some directory options were not specified in terms of `${prefix}' -at `configure' time. +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the package recognizes. - For packages that use the X Window System, `configure' can usually + For packages that use the X Window System, 'configure' can usually find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the -execution of `make' will be. For these packages, running `./configure +execution of 'make' will be. For these packages, running './configure --enable-silent-rules' sets the default to minimal output, which can be -overridden with `make V=1'; while running `./configure +overridden with 'make V=1'; while running './configure --disable-silent-rules' sets the default to verbose, which can be -overridden with `make V=0'. +overridden with 'make V=0'. Particular systems ================== - On HP-UX, the default C compiler is not ANSI C compatible. If GNU -CC is not installed, it is recommended to use the following options in + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. - HP-UX `make' updates targets which have the same time stamps as -their prerequisites, which makes it generally unusable when shipped -generated files such as `configure' are involved. Use GNU `make' -instead. + HP-UX 'make' updates targets which have the same time stamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -parse its `' header file. The option `-nodtk' can be used as -a workaround. If GNU CC is not installed, it is therefore recommended -to try +parse its '' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try ./configure CC="cc" @@ -242,26 +240,26 @@ and if that doesn't work, try ./configure CC="cc -nodtk" - On Solaris, don't put `/usr/ucb' early in your `PATH'. This + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This directory contains several dysfunctional programs; working variants of -these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -in your `PATH', put it _after_ `/usr/bin'. +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. - On Haiku, software installed for all users goes in `/boot/common', -not `/usr/local'. It is recommended to use the following options: + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== - There may be some features `configure' cannot figure out + There may be some features 'configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the -_same_ architectures, `configure' can figure that out, but if it prints +_same_ architectures, 'configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM @@ -270,101 +268,101 @@ where SYSTEM can have one of these forms: OS KERNEL-OS - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will +use the option '--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. +eventually be run) with '--host=TYPE'. Sharing Defaults ================ - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run +environment passed to 'configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: +them in the 'configure' command line, using 'VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc -causes the specified `gcc' to be used as the C compiler (unless it is +causes the specified 'gcc' to be used as the C compiler (unless it is overridden in the site shell script). -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf limitation. Until the limitation is lifted, you can use -this workaround: +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -`configure' Invocation +'configure' Invocation ====================== - `configure' recognizes the following options to control how it + 'configure' recognizes the following options to control how it operates. -`--help' -`-h' - Print a summary of all of the options to `configure', and exit. +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. -`--help=short' -`--help=recursive' +'--help=short' +'--help=recursive' Print a summary of the options unique to this package's - `configure', and exit. The `short' variant lists options used - only in the top level, while the `recursive' variant lists options - also present in any nested packages. + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' script, and exit. -`--cache-file=FILE' +'--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to + traditionally 'config.cache'. FILE defaults to '/dev/null' to disable caching. -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. -`--quiet' -`--silent' -`-q' +'--quiet' +'--silent' +'-q' Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error + suppress all normal output, redirect it to '/dev/null' (any error messages will still be shown). -`--srcdir=DIR' +'--srcdir=DIR' Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. + 'configure' can determine that directory automatically. -`--prefix=DIR' - Use DIR as the installation prefix. *note Installation Names:: - for more details, including other options available for fine-tuning - the installation locations. +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. -`--no-create' -`-n' +'--no-create' +'-n' Run the configure checks, but stop before creating any output files. -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff --git a/Makefile.in b/Makefile.in index a421b51..8b27d79 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -544,7 +544,7 @@ distdir: $(DISTFILES) ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -570,7 +570,7 @@ dist-shar: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -588,7 +588,7 @@ dist dist-all: distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -598,7 +598,7 @@ distcheck: dist *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac diff --git a/NEWS b/NEWS index 34c6f1f..ff5c3be 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,13 @@ +Version 1.0.32 September 2 2017 + + * Fix segmentation fault when using Cipher = none. + * Fix Proxy = exec. + * Support PriorityInheritance for IPv6 packets. + * Fixes for Solaris tun/tap support. + * Bind outgoing TCP sockets when ListenAddress is used. + +Thanks to Vittorio Gambaletta for his contribution to this version of tinc. + Version 1.0.31 January 15 2017 * Remove ExecStop in tinc@.service. diff --git a/README b/README index 3fb92fc..46f21c7 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0.31. Installation +This is the README file for tinc version 1.0.32. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2017 by: diff --git a/THANKS b/THANKS index 3446041..742d6b5 100644 --- a/THANKS +++ b/THANKS @@ -22,9 +22,11 @@ We would like to thank the following people for their contributions to tinc: * Flynn Marquardt * Gary Kessler and Claudia Gonzalez * Grzegorz Dymarek +* Gusariev Oleksandr * Hans Bayle * Harvest * Ivo van Dong +* Ivo Smits * James Cook * James MacLean * Jamie Briggs diff --git a/aclocal.m4 b/aclocal.m4 index a7af1d9..a52ae51 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.15.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -296,7 +296,7 @@ AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl ])dnl PKG_CHECK_VAR -# Copyright (C) 2002-2014 Free Software Foundation, Inc. +# Copyright (C) 2002-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -311,7 +311,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.15], [], +m4_if([$1], [1.15.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -327,14 +327,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.15])dnl +[AM_AUTOMAKE_VERSION([1.15.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -386,7 +386,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -417,7 +417,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -608,7 +608,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -684,7 +684,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -881,7 +881,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -902,7 +902,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -924,7 +924,7 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -959,7 +959,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1009,7 +1009,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1048,7 +1048,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1077,7 +1077,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1124,7 +1124,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1143,7 +1143,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1224,7 +1224,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2014 Free Software Foundation, Inc. +# Copyright (C) 2009-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1284,7 +1284,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1312,7 +1312,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2014 Free Software Foundation, Inc. +# Copyright (C) 2006-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1331,7 +1331,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/configure b/configure index 24c17f0..be44f56 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tinc 1.0.31. +# Generated by GNU Autoconf 2.69 for tinc 1.0.32. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='tinc' PACKAGE_TARNAME='tinc' -PACKAGE_VERSION='1.0.31' -PACKAGE_STRING='tinc 1.0.31' +PACKAGE_VERSION='1.0.32' +PACKAGE_STRING='tinc 1.0.32' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tinc 1.0.31 to adapt to many kinds of systems. +\`configure' configures tinc 1.0.32 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1402,7 +1402,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tinc 1.0.31:";; + short | recursive ) echo "Configuration of tinc 1.0.32:";; esac cat <<\_ACEOF @@ -1528,7 +1528,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tinc configure 1.0.31 +tinc configure 1.0.32 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tinc $as_me 1.0.31, which was +It was created by tinc $as_me 1.0.32, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2857,7 +2857,7 @@ fi # Define the identity of the package. PACKAGE='tinc' - VERSION='1.0.31' + VERSION='1.0.32' cat >>confdefs.h <<_ACEOF @@ -7807,7 +7807,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tinc $as_me 1.0.31, which was +This file was extended by tinc $as_me 1.0.32, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7873,7 +7873,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tinc config.status 1.0.31 +tinc config.status 1.0.32 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4853da7..5500291 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([tinc], [1.0.31]) +AC_INIT([tinc], [1.0.32]) AC_CONFIG_SRCDIR([src/tincd.c]) AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall]) AC_CONFIG_HEADERS([config.h]) diff --git a/depcomp b/depcomp index fc98710..b39f98f 100755 --- a/depcomp +++ b/depcomp @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2016-01-11.22; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -786,6 +786,6 @@ exit 0 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/distro/Makefile.in b/distro/Makefile.in index 90430cc..677348f 100644 --- a/distro/Makefile.in +++ b/distro/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/distro/tinc@.service b/distro/tinc@.service index c823fa5..5869442 100644 --- a/distro/tinc@.service +++ b/distro/tinc@.service @@ -8,6 +8,7 @@ Type=simple WorkingDirectory=/etc/tinc/%i ExecStart=/usr/sbin/tincd -n %i -D ExecReload=/usr/sbin/tincd -n %i -kHUP +KillMode=mixed TimeoutStopSec=5 Restart=always RestartSec=60 diff --git a/doc/Makefile.in b/doc/Makefile.in index 81abf5b..be310d4 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/doc/sample-config.tar.gz b/doc/sample-config.tar.gz index e960bec70b0a851691e7d90f5ba25e9b826069c9..093692bfb6f2b470a1aaff04923c5b37c70d5e6a 100644 GIT binary patch literal 1259 zcmV)-NI{l9C?MtQAF>V|%34SWY?zd!dl1ABKF5 z`iZ}WQLpE(3p$A6I0@4*jl=XHjKU=C9YC@lbM`|^N0!$YLUwKaom8WCRql8Wjz{`8 z>)-Fk2T>F!X+KTEF1?T9up1u0j?LIFz0mbPeAO9B)v?poA>2--g|W;LEIJES32utu zLaAYIvfzaS)|%f+&cV7DJpQ0sn?U*s9lm z{rvL;cIR2(AL0Mn`H%YDw88)9piS#9@^UJ6IL9{pPm|~|{-=}@V238`pI+$tAHu-z zfS+MYYXQav37amjL1dXhYir;l1m=pt%LZ^pphg&1Spux#95f-8c^J1r>trE&3{l(- z;%+bKCPCWgDXz6~s$wkl34w%k!D)mHQj{vl8XLeljzyI_2L6;lti?j4jP6;*U;)21 zR8s1245y`$GvSaCu*Q2vT~d(i5slW#haSBLt%Zu?73>T!evKr=c1a~-x2`Z#0 z)t-K3Co^a(z;AUh+aF*1^yIW57K#J5+DxYxA1<%pW^e-6pHDwsp25e9FMgmE1VPPm zadp0tVNdJ7>HH7T?eh3x7$bt{ z&D(#E6JfY7pom{8P^_PSW5u6jb-=;c-5%R^{%P>h`R|5Fw>kgMLG+ok*rE0QuFpAt zvu)a}U-y-U8v2juY5ynS`<>3Q<@`r+zxO!*cbopt^U#m{?-TIP>VEbfMJ7B3D<_JCx#41+kt3JSDaVqi6=u%;BFeC8Quk1F zHJSR(Q6c8Od&FH74LORs6C)KjMfj#Djpi;Cl^dBD%3QiRy!(~d|5!GPxD!-c<%o$B z@JLwhv{+PDIyu81HH+^}s6jk>vj1mw zu(-;giFM_f3UP<*qOq8dDWbWw4pmz#3d=(gL(*S34BR%V7G1NYl|ntLn0T(=C}7K) zs-W6O)=SDE;L?Shs8l8t_wdf@S#C8s#HHKPpOto%SA8$@oE5VAm5QoEJRRZ8 literal 1249 zcmV<71RnbziwFQ6VhL9O1MOICZ`(Ey&S(FMD>9%M5X+Km$!&pr$Xkn`T^7XYfPPwO zi?)eKq()M9{qK86%8i}4^M=_T0_c!HvU$h5Bl$dcv|&Y=^Y%!|v6ys@_97ulKMd&^ z^%M6Dqh8NFYdMPII0@4*jl=XPjKU=C9YM06aP}k1M3&DNB4%y>t&pR3rsi^|K4?AC zzuEsN>K#Q}mfu;eW{OF5$lw|NS_AivJ|)H~2qc1<%KkNSyYWT-+ydXFdmM2cpTBxFoYiR1y)!&@fcFoWa^lsU<=0{ zgdznwXC8?N0|W)V6s1G#AEl*;W#l<*|uD>o2qnL>pDjn#(Aee9|$IuitRNmOWL0y^ru)N=rZli%C>6 zW0E-h!h5+_m=LvY%Y0Vo%1u2Nc}^43^eY`z2X#8A8@h=(g+iA2{vIpA`QY*d^}SLh zz0yD-?+JfaelNMKmFS~W#6=`!r~66B>Kovv&T8Gc^l_c8={LVO?m*W0UmNx(cC7(5 z!@Kjbt^dQpC;ZKlruKY!1oo^8`*)A%dBO4> Lb=wmg04M+eQypay diff --git a/doc/tinc.info b/doc/tinc.info index 8d99cea..84c0a5e 100644 --- a/doc/tinc.info +++ b/doc/tinc.info @@ -1,11 +1,11 @@ -This is tinc.info, produced by makeinfo version 6.3 from tinc.texi. +This is tinc.info, produced by makeinfo version 6.4.90 from tinc.texi. INFO-DIR-SECTION Networking tools START-INFO-DIR-ENTRY * tinc: (tinc). The tinc Manual. END-INFO-DIR-ENTRY -This is the info manual for tinc version 1.0.29, a Virtual Private +This is the info manual for tinc version 1.0.31, a Virtual Private Network daemon. Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen @@ -981,7 +981,7 @@ ProcessPriority = adjusted. Increasing the priority may help to reduce latency and packet loss on the VPN. -Proxy = socks4 | socks5 | http | exec ... [experimental] +Proxy = socks4 | socks5 | http | exec ... [experimental] Use a proxy when making outgoing connections. The following proxy types are currently supported: @@ -2650,66 +2650,66 @@ Concept Index  Tag Table: -Node: Top806 -Node: Introduction1105 -Node: Virtual Private Networks1915 -Node: tinc3639 -Node: Supported platforms5166 -Node: Preparations5867 -Node: Configuring the kernel6123 -Node: Configuration of Linux kernels6533 -Node: Configuration of FreeBSD kernels7388 -Node: Configuration of OpenBSD kernels7853 -Node: Configuration of NetBSD kernels8210 -Node: Configuration of Solaris kernels8615 -Node: Configuration of Darwin (Mac OS X) kernels9278 -Node: Configuration of Windows10097 -Node: Libraries10637 -Node: LibreSSL/OpenSSL11046 -Node: zlib13588 -Node: lzo14620 -Node: Installation15603 -Node: Building and installing tinc16513 -Node: Darwin (Mac OS X) build environment17173 -Node: Cygwin (Windows) build environment17738 -Node: MinGW (Windows) build environment18327 -Node: System files18921 -Node: Device files19186 -Node: Other files19602 -Node: Configuration20215 -Node: Configuration introduction20526 -Node: Multiple networks21794 -Node: How connections work23220 -Node: Configuration files24442 -Node: Main configuration variables25936 -Node: Host configuration variables42193 -Node: Scripts47725 -Node: How to configure50991 -Node: Generating keypairs52249 -Node: Network interfaces52748 -Node: Example configuration54596 -Node: Running tinc59921 -Node: Runtime options60511 -Node: Signals63813 -Node: Debug levels65004 -Node: Solving problems65940 -Node: Error messages67492 -Node: Sending bug reports71501 -Node: Technical information72448 -Node: The connection72679 -Node: The UDP tunnel72991 -Node: The meta-connection76052 -Node: The meta-protocol77521 -Node: Security82538 -Node: Authentication protocol83680 -Node: Encryption of network packets88725 -Node: Security issues90101 -Node: Platform specific information91740 -Node: Interface configuration91968 -Node: Routes94439 -Node: About us96453 -Node: Contact information96628 -Node: Authors97031 -Node: Concept Index97436 +Node: Top809 +Node: Introduction1108 +Node: Virtual Private Networks1918 +Node: tinc3642 +Node: Supported platforms5169 +Node: Preparations5870 +Node: Configuring the kernel6126 +Node: Configuration of Linux kernels6536 +Node: Configuration of FreeBSD kernels7391 +Node: Configuration of OpenBSD kernels7856 +Node: Configuration of NetBSD kernels8213 +Node: Configuration of Solaris kernels8618 +Node: Configuration of Darwin (Mac OS X) kernels9281 +Node: Configuration of Windows10100 +Node: Libraries10640 +Node: LibreSSL/OpenSSL11049 +Node: zlib13591 +Node: lzo14623 +Node: Installation15606 +Node: Building and installing tinc16516 +Node: Darwin (Mac OS X) build environment17176 +Node: Cygwin (Windows) build environment17741 +Node: MinGW (Windows) build environment18330 +Node: System files18924 +Node: Device files19189 +Node: Other files19605 +Node: Configuration20218 +Node: Configuration introduction20529 +Node: Multiple networks21797 +Node: How connections work23223 +Node: Configuration files24445 +Node: Main configuration variables25939 +Node: Host configuration variables42195 +Node: Scripts47727 +Node: How to configure50993 +Node: Generating keypairs52251 +Node: Network interfaces52750 +Node: Example configuration54598 +Node: Running tinc59923 +Node: Runtime options60513 +Node: Signals63815 +Node: Debug levels65006 +Node: Solving problems65942 +Node: Error messages67494 +Node: Sending bug reports71503 +Node: Technical information72450 +Node: The connection72681 +Node: The UDP tunnel72993 +Node: The meta-connection76054 +Node: The meta-protocol77523 +Node: Security82540 +Node: Authentication protocol83682 +Node: Encryption of network packets88727 +Node: Security issues90103 +Node: Platform specific information91742 +Node: Interface configuration91970 +Node: Routes94441 +Node: About us96455 +Node: Contact information96630 +Node: Authors97033 +Node: Concept Index97438  End Tag Table diff --git a/doc/tinc.texi b/doc/tinc.texi index 132a1c4..cdccea5 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -15,7 +15,7 @@ This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2016 Ivo Timmermans, +Copyright @copyright{} 1998-2017 Ivo Timmermans, Guus Sliepen and Wessel Dankers . @@ -39,7 +39,7 @@ permission notice identical to this one. @vskip 0pt plus 1filll This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2016 Ivo Timmermans, +Copyright @copyright{} 1998-2017 Ivo Timmermans, Guus Sliepen and Wessel Dankers . diff --git a/m4/Makefile.in b/m4/Makefile.in index 25242d4..7a4d780 100644 --- a/m4/Makefile.in +++ b/m4/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/src/Makefile.in b/src/Makefile.in index 98b93fd..a158ea2 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/src/meta.c b/src/meta.c index 09c063d..ccc3b2e 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,6 +1,6 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2016 Guus Sliepen , + Copyright (C) 2000-2017 Guus Sliepen , 2000-2005 Ivo Timmermans 2006 Scott Lamb @@ -104,7 +104,7 @@ bool flush_meta(connection_t *c) { } else if(errno == EINTR) { continue; } else if(sockwouldblock(sockerrno)) { - ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", + ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", c->outbuflen, c->name, c->hostname); return true; } else { diff --git a/src/net_setup.c b/src/net_setup.c index d766888..2371f7e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2016 Guus Sliepen + 2000-2017 Guus Sliepen 2006 Scott Lamb 2010 Brandon Black @@ -660,9 +660,12 @@ static bool setup_myself(void) { /* We need to use a stream mode for the meta protocol. Use AES for this, but try to match the key size with the one from the cipher selected by Cipher. + + If Cipher is set to none, still use a low level of encryption for the + meta protocol. */ - int keylen = EVP_CIPHER_key_length(myself->incipher); + int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0; if(keylen <= 16) myself->connection->outcipher = EVP_aes_128_cfb(); else if(keylen <= 24) diff --git a/src/net_socket.c b/src/net_socket.c index a4c7f07..9d5837f 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -1,7 +1,7 @@ /* net_socket.c -- Handle various kinds of sockets. Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2015 Guus Sliepen + 2000-2017 Guus Sliepen 2006 Scott Lamb 2009 Florian Forster @@ -442,6 +442,7 @@ connect: if(!proxytype) { c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); } else if(proxytype == PROXY_EXEC) { + c->status.proxy_passed = true; do_outgoing_pipe(c, proxyhost); } else { proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM); @@ -471,6 +472,33 @@ connect: #endif bind_to_interface(c->socket); + + int b = -1; + + for(int i = 0; i < listen_sockets; i++) { + if(listen_socket[i].sa.sa.sa_family == c->address.sa.sa_family) { + if(b == -1) { + b = i; + } else { + b = -1; + break; + } + } + } + + if(b != -1) { + sockaddr_t sa = listen_socket[b].sa; + if(sa.sa.sa_family == AF_INET) + sa.in.sin_port = 0; + else if(sa.sa.sa_family == AF_INET6) + sa.in6.sin6_port = 0; + + if(bind(c->socket, &sa.sa, SALEN(sa.sa))) { + char *addrstr = sockaddr2hostname(&sa); + logger(LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno)); + free(addrstr); + } + } } /* Connect */ @@ -529,13 +557,20 @@ void setup_outgoing_connection(outgoing_t *outgoing) { c->outcompression = myself->connection->outcompression; init_configuration(&c->config_tree); - read_connection_config(c); + if(!read_connection_config(c)) { + free_connection(c); + outgoing->timeout = maxtimeout; + retry_outgoing(outgoing); + return; + } outgoing->cfg = lookup_config(c->config_tree, "Address"); if(!outgoing->cfg) { logger(LOG_ERR, "No address specified for %s", c->name); free_connection(c); + outgoing->timeout = maxtimeout; + retry_outgoing(outgoing); return; } diff --git a/src/proxy.c b/src/proxy.c index 5268272..ba48218 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -1,6 +1,6 @@ /* proxy.c -- Proxy handling functions. - Copyright (C) 2015-2016 Guus Sliepen + Copyright (C) 2015-2017 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -174,7 +174,7 @@ bool send_proxyrequest(connection_t *c) { } case PROXY_EXEC: - return true; + abort(); default: logger(LOG_ERR, "Unknown proxy type"); diff --git a/src/route.c b/src/route.c index bacfa62..107ad74 100644 --- a/src/route.c +++ b/src/route.c @@ -1,8 +1,8 @@ /* route.c -- routing Copyright (C) 2000-2005 Ivo Timmermans, - 2000-2014 Guus Sliepen - 2015 Vittorio Gambaletta + 2000-2017 Guus Sliepen + 2015-2016 Vittorio Gambaletta This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -675,6 +675,9 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { if(!do_decrement_ttl(source, packet)) return; + if(priorityinheritance) + packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4); + via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; if(via == source) { @@ -963,8 +966,12 @@ static void route_mac(node_t *source, vpn_packet_t *packet) { uint16_t type = packet->data[12] << 8 | packet->data[13]; - if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size) - packet->priority = packet->data[15]; + if(priorityinheritance) { + if(type == ETH_P_IP && packet->len >= ether_size + ip_size) + packet->priority = packet->data[15]; + else if(type == ETH_P_IPV6 && packet->len >= ether_size + ip6_size) + packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4); + } // Handle packets larger than PMTU diff --git a/src/solaris/device.c b/src/solaris/device.c index af771ba..0074615 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -2,7 +2,7 @@ device.c -- Interaction with Solaris tun device Copyright (C) 2001-2005 Ivo Timmermans, 2002-2010 OpenVPN Technologies, Inc. - 2001-2014 Guus Sliepen + 2001-2017 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,6 +24,7 @@ #include #include +#include #include "../conf.h" #include "../device.h" @@ -40,6 +41,7 @@ #define DEFAULT_TUN_DEVICE "/dev/tun" #define DEFAULT_TAP_DEVICE "/dev/tap" +#define IP_DEVICE "/dev/udp" static enum { DEVICE_TYPE_TUN, @@ -85,10 +87,13 @@ static bool setup_device(void) { else device_info = "Solaris tap device"; + if(device_type == DEVICE_TYPE_TAP && routing_mode == RMODE_ROUTER) + overwrite_mac = true; + /* The following is black magic copied from OpenVPN. */ - if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { - logger(LOG_ERR, "Could not open %s: %s\n", "/dev/ip", strerror(errno)); + if((ip_fd = open(IP_DEVICE, O_RDWR, 0)) < 0) { + logger(LOG_ERR, "Could not open %s: %s\n", IP_DEVICE, strerror(errno)); return false; } @@ -205,7 +210,7 @@ static bool setup_device(void) { /* Push arp module to ip_fd */ if(ioctl(ip_fd, I_PUSH, "arp") < 0) { - logger(LOG_ERR, "Could not push ARP module onto %s!", "/dev/ip"); + logger(LOG_ERR, "Could not push ARP module onto %s!", IP_DEVICE); return false; } @@ -297,11 +302,16 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int inlen; + int result; + struct strbuf sbuf; + int f = 0; switch(device_type) { case DEVICE_TYPE_TUN: - if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + sbuf.maxlen = MTU - 14; + sbuf.buf = (char *)packet->data + 14; + + if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) { logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; } @@ -321,16 +331,19 @@ static bool read_packet(vpn_packet_t *packet) { } memset(packet->data, 0, 12); - packet->len = inlen + 14; + packet->len = sbuf.len + 14; break; case DEVICE_TYPE_TAP: - if((inlen = read(device_fd, packet->data, MTU)) <= 0) { + sbuf.maxlen = MTU; + sbuf.buf = (char *)packet->data; + + if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) { logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; } - packet->len = inlen + 14; + packet->len = sbuf.len; break; default: @@ -347,16 +360,24 @@ static bool read_packet(vpn_packet_t *packet) { static bool write_packet(vpn_packet_t *packet) { ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info); + struct strbuf sbuf; + switch(device_type) { case DEVICE_TYPE_TUN: - if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + sbuf.len = packet->len - 14; + sbuf.buf = (char *)packet->data + 14; + + if(putmsg(device_fd, NULL, &sbuf, 0) < 0) { logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; } break; case DEVICE_TYPE_TAP: - if(write(device_fd, packet->data, packet->len) < 0) { + sbuf.len = packet->len; + sbuf.buf = (char *)packet->data; + + if(putmsg(device_fd, NULL, &sbuf, 0) < 0) { logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; }