Import Upstream version 1.0.32

src/Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

src/meta.c

@@ -1,6 +1,6 @@
 /*
     meta.c -- handle the meta communication
-    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
                   2006      Scott Lamb <slamb@slamb.org>
 
@@ -104,7 +104,7 @@ bool flush_meta(connection_t *c) {
 			} else if(errno == EINTR) {
 				continue;
 			} else if(sockwouldblock(sockerrno)) {
-				ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
+				ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
 						c->outbuflen, c->name, c->hostname);
 				return true;
 			} else {

src/net_setup.c

@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -660,9 +660,12 @@ static bool setup_myself(void) {
 	/* We need to use a stream mode for the meta protocol. Use AES for this,
 	   but try to match the key size with the one from the cipher selected
 	   by Cipher.
+
+	   If Cipher is set to none, still use a low level of encryption for the
+	   meta protocol.
 	*/
 
-	int keylen = EVP_CIPHER_key_length(myself->incipher);
+	int keylen = myself->incipher ? EVP_CIPHER_key_length(myself->incipher) : 0;
 	if(keylen <= 16)
 		myself->connection->outcipher = EVP_aes_128_cfb();
 	else if(keylen <= 24)

src/net_socket.c

@@ -1,7 +1,7 @@
 /*
     net_socket.c -- Handle various kinds of sockets.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2015 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2009      Florian Forster <octo@verplant.org>
 
@@ -442,6 +442,7 @@ connect:
 	if(!proxytype) {
 		c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
 	} else if(proxytype == PROXY_EXEC) {
+		c->status.proxy_passed = true;
 		do_outgoing_pipe(c, proxyhost);
 	} else {
 		proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
@@ -471,6 +472,33 @@ connect:
 #endif
 
 		bind_to_interface(c->socket);
+
+		int b = -1;
+
+		for(int i = 0; i < listen_sockets; i++) {
+			if(listen_socket[i].sa.sa.sa_family == c->address.sa.sa_family) {
+				if(b == -1) {
+					b = i;
+				} else  {
+					b = -1;
+					break;
+				}
+			}
+		}
+
+		if(b != -1) {
+			sockaddr_t sa = listen_socket[b].sa;
+			if(sa.sa.sa_family == AF_INET)
+				sa.in.sin_port = 0;
+			else if(sa.sa.sa_family == AF_INET6)
+				sa.in6.sin6_port = 0;
+
+			if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
+				char *addrstr = sockaddr2hostname(&sa);
+				logger(LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
+				free(addrstr);
+			}
+		}
 	}
 
 	/* Connect */
@@ -529,13 +557,20 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
 	c->outcompression = myself->connection->outcompression;
 
 	init_configuration(&c->config_tree);
-	read_connection_config(c);
+	if(!read_connection_config(c)) {
+		free_connection(c);
+		outgoing->timeout = maxtimeout;
+		retry_outgoing(outgoing);
+		return;
+	}
 
 	outgoing->cfg = lookup_config(c->config_tree, "Address");
 
 	if(!outgoing->cfg) {
 		logger(LOG_ERR, "No address specified for %s", c->name);
 		free_connection(c);
+		outgoing->timeout = maxtimeout;
+		retry_outgoing(outgoing);
 		return;
 	}
 

src/proxy.c

@@ -1,6 +1,6 @@
 /*
     proxy.c -- Proxy handling functions.
-    Copyright (C) 2015-2016 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2015-2017 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -174,7 +174,7 @@ bool send_proxyrequest(connection_t *c) {
 	}
 
 	case PROXY_EXEC:
-		return true;
+		abort();
 
 	default:
 		logger(LOG_ERR, "Unknown proxy type");

src/route.c

@@ -1,8 +1,8 @@
 /*
     route.c -- routing
     Copyright (C) 2000-2005 Ivo Timmermans,
-                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
-		  2015      Vittorio Gambaletta
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+		  2015-2016 Vittorio Gambaletta
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -675,6 +675,9 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) {
 		if(!do_decrement_ttl(source, packet))
 			return;
 
+	if(priorityinheritance)
+		packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
+
 	via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via;
 	
 	if(via == source) {
@@ -963,8 +966,12 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
 
 	uint16_t type = packet->data[12] << 8 | packet->data[13];
 
-	if(priorityinheritance && type == ETH_P_IP && packet->len >= ether_size + ip_size)
-		packet->priority = packet->data[15];
+	if(priorityinheritance) {
+		if(type == ETH_P_IP && packet->len >= ether_size + ip_size)
+			packet->priority = packet->data[15];
+		else if(type == ETH_P_IPV6 && packet->len >= ether_size + ip6_size)
+			packet->priority = ((packet->data[14] & 0x0f) << 4) | (packet->data[15] >> 4);
+	}
 
 	// Handle packets larger than PMTU
 

src/solaris/device.c

@@ -2,7 +2,7 @@
     device.c -- Interaction with Solaris tun device
     Copyright (C) 2001-2005 Ivo Timmermans,
                   2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
-                  2001-2014 Guus Sliepen <guus@tinc-vpn.org>
+                  2001-2017 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -24,6 +24,7 @@
 
 #include <sys/stropts.h>
 #include <sys/sockio.h>
+#include <stropts.h>
 
 #include "../conf.h"
 #include "../device.h"
@@ -40,6 +41,7 @@
 
 #define DEFAULT_TUN_DEVICE "/dev/tun"
 #define DEFAULT_TAP_DEVICE "/dev/tap"
+#define IP_DEVICE "/dev/udp"
 
 static enum {
 	DEVICE_TYPE_TUN,
@@ -85,10 +87,13 @@ static bool setup_device(void) {
 	else
 		device_info = "Solaris tap device";
 
+	if(device_type == DEVICE_TYPE_TAP && routing_mode == RMODE_ROUTER)
+		overwrite_mac = true;
+
 	/* The following is black magic copied from OpenVPN. */
 
-	if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) {
-		logger(LOG_ERR, "Could not open %s: %s\n", "/dev/ip", strerror(errno));
+	if((ip_fd = open(IP_DEVICE, O_RDWR, 0)) < 0) {
+		logger(LOG_ERR, "Could not open %s: %s\n", IP_DEVICE, strerror(errno));
 		return false;
 	}
 
@@ -205,7 +210,7 @@ static bool setup_device(void) {
 
 		/* Push arp module to ip_fd */
 		if(ioctl(ip_fd, I_PUSH, "arp") < 0) {
-			logger(LOG_ERR, "Could not push ARP module onto %s!", "/dev/ip");
+			logger(LOG_ERR, "Could not push ARP module onto %s!", IP_DEVICE);
 			return false;
 		}
 
@@ -297,11 +302,16 @@ static void close_device(void) {
 }
 
 static bool read_packet(vpn_packet_t *packet) {
-	int inlen;
+	int result;
+	struct strbuf sbuf;
+	int f = 0;
 
 	switch(device_type) {
 		case DEVICE_TYPE_TUN:
-			if((inlen = read(device_fd, packet->data + 14, MTU - 14)) <= 0) {
+			sbuf.maxlen = MTU - 14;
+			sbuf.buf = (char *)packet->data + 14;
+
+			if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
 				logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
 				return false;
 			}
@@ -321,16 +331,19 @@ static bool read_packet(vpn_packet_t *packet) {
 			}
 
 			memset(packet->data, 0, 12);
-			packet->len = inlen + 14;
+			packet->len = sbuf.len + 14;
 			break;
 
 		case DEVICE_TYPE_TAP:
-			if((inlen = read(device_fd, packet->data, MTU)) <= 0) {
+			sbuf.maxlen = MTU;
+			sbuf.buf = (char *)packet->data;
+
+			if((result = getmsg(device_fd, NULL, &sbuf, &f)) < 0) {
 				logger(LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno));
 				return false;
 			}
 
-			packet->len = inlen + 14;
+			packet->len = sbuf.len;
 			break;
 
 		default:
@@ -347,16 +360,24 @@ static bool read_packet(vpn_packet_t *packet) {
 static bool write_packet(vpn_packet_t *packet) {
 	ifdebug(TRAFFIC) logger(LOG_DEBUG, "Writing packet of %d bytes to %s", packet->len, device_info);
 
+	struct strbuf sbuf;
+
 	switch(device_type) {
 		case DEVICE_TYPE_TUN:
-			if(write(device_fd, packet->data + 14, packet->len - 14) < 0) {
+			sbuf.len = packet->len - 14;
+			sbuf.buf = (char *)packet->data + 14;
+
+			if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
 				logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
 				return false;
 			}
 			break;
 
 		case DEVICE_TYPE_TAP:
-			if(write(device_fd, packet->data, packet->len) < 0) {
+			sbuf.len = packet->len;
+			sbuf.buf = (char *)packet->data;
+
+			if(putmsg(device_fd, NULL, &sbuf, 0) < 0) {
 				logger(LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno));
 				return false;
 			}