Compare commits
84 commits
master
...
new_cipher
Author | SHA1 | Date | |
---|---|---|---|
|
3189f2ad9c | ||
|
8e732eefc2 | ||
|
d787d2479a | ||
|
56d25e7bd6 | ||
|
093206d6f2 | ||
|
5a8168ab4c | ||
|
ce9368f414 | ||
|
bb0afc8780 | ||
|
cf5509bd45 | ||
|
8e468ffc54 | ||
|
150c40db86 | ||
|
46616ac501 | ||
|
3c37b83332 | ||
|
03136efdbe | ||
|
ff4039db4b | ||
|
edfe2872c3 | ||
|
43bffaeb98 | ||
|
b0db4c75f6 | ||
|
5c54f47af6 | ||
|
a62bf04cde | ||
|
2127705d53 | ||
|
e9142bd3a6 | ||
|
cfba637f96 | ||
|
446afddf38 | ||
|
cf2ac65444 | ||
|
36f0d3c816 | ||
|
ecd1f6f67a | ||
|
f8e1f5a528 | ||
|
66e86a419b | ||
|
ac78971aab | ||
|
2989322746 | ||
|
11d9efef1b | ||
|
dcd38ec07d | ||
|
502cecde93 | ||
|
e537caa7b1 | ||
|
02fdd053f1 | ||
|
a83439b023 | ||
|
c167efd01b | ||
|
088ed763df | ||
|
4d11e18342 | ||
|
1e23c12b1d | ||
|
c0d04cc168 | ||
|
a0bb9d443f | ||
|
cce24e0be4 | ||
|
e53cefdf85 | ||
|
d7b49da4e6 | ||
|
c09679c3ba | ||
|
854118c85f | ||
|
a7e5217cf7 | ||
|
e8daab5950 | ||
|
6698135e07 | ||
|
4343b5a2fa | ||
|
a797a94c81 | ||
|
cc0493ea17 | ||
|
06acdce080 | ||
|
8ce89f6ef0 | ||
|
c63e635d89 | ||
|
c078db2fd8 | ||
|
94e6f906d5 | ||
|
5a84bb737c | ||
|
2ad1dc3fd7 | ||
|
3f653aaa2d | ||
|
f01c927470 | ||
|
dc781ea51d | ||
|
0fd2ac248d | ||
|
2006358f32 | ||
|
3cfe4d82fb | ||
|
0dd8a42607 | ||
|
08ed40f17e | ||
|
7e336e415f | ||
|
b96e4c6b19 | ||
|
445df16805 | ||
|
4812d2eb3d | ||
|
19f25e5e7d | ||
|
74be525b2f | ||
|
be5fbb7e93 | ||
|
bcb4501d84 | ||
|
c473eb1653 | ||
|
2cb3185582 | ||
|
23459e1237 | ||
|
458d509a4f | ||
|
64f9c3df1b | ||
|
6f5ff440c9 | ||
|
0f3c45c5cc |
117 changed files with 11919 additions and 24731 deletions
74
.drone.yml
Normal file
74
.drone.yml
Normal file
|
@ -0,0 +1,74 @@
|
|||
kind: pipeline
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: Build Bullseye
|
||||
image: debian:bullseye
|
||||
volumes:
|
||||
- name: finished_files
|
||||
path: /deb_files
|
||||
commands:
|
||||
- apt update
|
||||
- apt -y upgrade
|
||||
- apt -y install --no-install-recommends build-essential equivs devscripts git rename
|
||||
- git clean -f -d -x
|
||||
- mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' debian/control
|
||||
- dpkg-buildpackage -b -uc
|
||||
- rename 's/\.deb/_bullseye\.deb/' ../*.deb
|
||||
- mkdir -p /deb_files/bullseye/
|
||||
- cp ../tinc*.deb /deb_files/bullseye/
|
||||
- find /deb_files/
|
||||
|
||||
- name: Build Buster
|
||||
image: debian:buster
|
||||
volumes:
|
||||
- name: finished_files
|
||||
path: /deb_files
|
||||
commands:
|
||||
- apt update
|
||||
- apt -y upgrade
|
||||
- apt -y install --no-install-recommends build-essential equivs devscripts git rename
|
||||
- git clean -f -d -x
|
||||
- mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' debian/control
|
||||
- dpkg-buildpackage -b -uc
|
||||
- rename 's/\.deb/_buster\.deb/' ../*.deb
|
||||
- mkdir -p /deb_files/buster/
|
||||
- cp ../tinc*.deb /deb_files/buster/
|
||||
- find /deb_files/
|
||||
|
||||
- name: Build Ubuntu Focal
|
||||
image: ubuntu:focal
|
||||
volumes:
|
||||
- name: finished_files
|
||||
path: /deb_files
|
||||
commands:
|
||||
- apt update
|
||||
- apt -y upgrade
|
||||
- DEBIAN_FRONTEND=noninteractive apt -y install --no-install-recommends build-essential equivs devscripts git rename
|
||||
- git clean -f -d -x
|
||||
- mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' debian/control
|
||||
- dpkg-buildpackage -b -uc
|
||||
- rename 's/\.deb/_focal\.deb/' ../*.deb
|
||||
- mkdir -p /deb_files/focal/
|
||||
- cp ../tinc*.deb /deb_files/focal/
|
||||
- find /deb_files/
|
||||
|
||||
- name: gitea_release
|
||||
image: plugins/gitea-release
|
||||
volumes:
|
||||
- name: finished_files
|
||||
path: /deb_files
|
||||
settings:
|
||||
api_key:
|
||||
from_secret: GITEA_KEY
|
||||
base_url: https://git.neulandlabor.de/
|
||||
files:
|
||||
- /deb_files/buster/*
|
||||
- /deb_files/bullseye/*
|
||||
- /deb_files/focal/*
|
||||
when:
|
||||
event: tag
|
||||
|
||||
volumes:
|
||||
- name: finished_files
|
||||
temp: {}
|
2
COPYING
2
COPYING
|
@ -1,4 +1,4 @@
|
|||
Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.
|
||||
Copyright (C) 1998-2021 Ivo Timmermans, Guus Sliepen and others.
|
||||
See the AUTHORS file for a complete list.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify it under
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
AUTOMAKE_OPTIONS = gnu
|
||||
|
||||
SUBDIRS = src doc test systemd
|
||||
SUBDIRS = src doc test systemd bash_completion.d
|
||||
|
||||
ACLOCAL_AMFLAGS = -I m4
|
||||
|
||||
|
|
22
Makefile.in
22
Makefile.in
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.16.1 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.16.3 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -145,8 +145,8 @@ am__recursive_targets = \
|
|||
$(am__extra_recursive_targets)
|
||||
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
|
||||
cscope distdir distdir-am dist dist-all distcheck
|
||||
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
|
||||
$(LISP)config.h.in
|
||||
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
|
||||
config.h.in
|
||||
# Read a list of newline-separated strings from the standard input,
|
||||
# and print each of them once, without duplicates. Input order is
|
||||
# *not* preserved.
|
||||
|
@ -208,6 +208,8 @@ am__relativize = \
|
|||
DIST_ARCHIVES = $(distdir).tar.gz
|
||||
GZIP_ENV = --best
|
||||
DIST_TARGETS = dist-gzip
|
||||
# Exists only to be overridden by the user if desired.
|
||||
AM_DISTCHECK_DVI_TARGET = dvi
|
||||
distuninstallcheck_listfiles = find . -type f -print
|
||||
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
|
||||
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
|
||||
|
@ -323,7 +325,7 @@ top_build_prefix = @top_build_prefix@
|
|||
top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
AUTOMAKE_OPTIONS = gnu
|
||||
SUBDIRS = src doc test systemd
|
||||
SUBDIRS = src doc test systemd bash_completion.d
|
||||
ACLOCAL_AMFLAGS = -I m4
|
||||
EXTRA_DIST = COPYING.README README.android
|
||||
all: config.h
|
||||
|
@ -568,6 +570,10 @@ dist-xz: distdir
|
|||
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-zstd: distdir
|
||||
tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-tarZ: distdir
|
||||
@echo WARNING: "Support for distribution archives compressed with" \
|
||||
"legacy program 'compress' is deprecated." >&2
|
||||
|
@ -610,6 +616,8 @@ distcheck: dist
|
|||
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
|
||||
*.zip*) \
|
||||
unzip $(distdir).zip ;;\
|
||||
*.tar.zst*) \
|
||||
zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
|
||||
esac
|
||||
chmod -R a-w $(distdir)
|
||||
chmod u+w $(distdir)
|
||||
|
@ -625,7 +633,7 @@ distcheck: dist
|
|||
$(DISTCHECK_CONFIGURE_FLAGS) \
|
||||
--srcdir=../.. --prefix="$$dc_install_base" \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) check \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) install \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
|
||||
|
@ -786,7 +794,7 @@ uninstall-am:
|
|||
am--refresh check check-am clean clean-cscope clean-generic \
|
||||
cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
|
||||
dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
|
||||
distcheck distclean distclean-generic distclean-hdr \
|
||||
dist-zstd distcheck distclean distclean-generic distclean-hdr \
|
||||
distclean-tags distcleancheck distdir distuninstallcheck dvi \
|
||||
dvi-am html html-am info info-am install install-am \
|
||||
install-data install-data-am install-dvi install-dvi-am \
|
||||
|
|
20
NEWS
20
NEWS
|
@ -1,3 +1,23 @@
|
|||
# Version 1.1pre18 June 27 2021
|
||||
|
||||
* Check all Address statements when making outgoing connections.
|
||||
* Make more variables safe for use in invitations.
|
||||
* Allow "tinc --force join" to accept all variables sent in an invitation.
|
||||
* Make sure the stop command works on Windows if tincd is running in the
|
||||
foreground.
|
||||
* Handle DOS line endings in invitation files.
|
||||
* Double-quote node names in dump graph output.
|
||||
* Prevent large amounts of UDP probes being sent consecutively.
|
||||
* Try harder to reconnect with unreachable nodes.
|
||||
* Generate tinc-up.bat on Windows.
|
||||
* Fix a possible infinite loop when adding Subnets to a running tincd.
|
||||
* Allow a tun/tap filedescriptor to be passed through a UNIX socket.
|
||||
* Use auto-clone tun/tap devices as default on FreeBSD and DragonFlyBSD.
|
||||
|
||||
Thanks to Fabian Maurer, Ilia Pavlikhin, Maciej S. Szmigiero, Pacien
|
||||
Tran-Girard, Aaron Li, Andreas Rammhold, Rosen Penev, Shengjing Zhu, Werner
|
||||
Schreiber, iczero and leptonyu for their contributions to this version of tinc.
|
||||
|
||||
# Version 1.1pre17 October 8 2018
|
||||
|
||||
* Prevent oracle attacks in the legacy protocol (CVE-2018-16737,
|
||||
|
|
6
README
6
README
|
@ -1,7 +1,7 @@
|
|||
This is the README file for tinc version 1.1pre17. Installation
|
||||
This is the README file for tinc version 1.1pre18. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright © 1998-2018 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
|
||||
tinc is Copyright © 1998-2021 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
|
||||
|
||||
For a complete list of authors see the AUTHORS file.
|
||||
|
||||
|
@ -46,7 +46,7 @@ versions, the security might only be as good as that of the oldest version.
|
|||
Compatibility
|
||||
-------------
|
||||
|
||||
Version 1.1pre17 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
Version 1.1pre18 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
versions of tinc.
|
||||
|
||||
When the ExperimentalProtocol option is used, tinc is still compatible with
|
||||
|
|
21
THANKS
21
THANKS
|
@ -1,9 +1,11 @@
|
|||
We would like to thank the following people for their contributions to tinc:
|
||||
|
||||
* Aaron Li
|
||||
* Alexander Reil and Gemeinde Berg
|
||||
* Alexander Ried
|
||||
* Alexis Hildebrandt
|
||||
* Allesandro Gatti
|
||||
* Andreas Rammhold
|
||||
* Andreas van Cranenburgh
|
||||
* Andrew Hahn
|
||||
* Anthony G. Basile
|
||||
|
@ -26,17 +28,23 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Enrique Zanardi
|
||||
* Erik Tews
|
||||
* Etienne Dechamps
|
||||
* Fabian Maurer
|
||||
* Florent Clairambault
|
||||
* Florian Forster
|
||||
* Florian Klink
|
||||
* Florian Weik
|
||||
* Flynn Marquardt
|
||||
* Franz Pletz
|
||||
* Fufu Fang
|
||||
* Gary Kessler and Claudia Gonzalez
|
||||
* Grzegorz Dymarek
|
||||
* Gusariev Oleksandr
|
||||
* Hans Bayle
|
||||
* Harvest
|
||||
* Huai An Hsu
|
||||
* iczero
|
||||
* Ilia Pavlikhin
|
||||
* Ivan Mirić
|
||||
* Ivo Smits
|
||||
* Ivo van Dong
|
||||
* James Cook
|
||||
|
@ -49,17 +57,21 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Jeroen Domburg
|
||||
* Jeroen Ubbink
|
||||
* Jerome Etienne
|
||||
* Jiang Sheng
|
||||
* Jochen Voss
|
||||
* Jo-Philipp Wich
|
||||
* Julien Muchembled
|
||||
* Lavrans Laading
|
||||
* leptonyu
|
||||
* Loïc Dachary
|
||||
* Loïc Grenié
|
||||
* Lubomír Bulej
|
||||
* luckyhacky
|
||||
* LunarShaddow
|
||||
* Maciej S. Szmigiero
|
||||
* Mads Kiilerich
|
||||
* Marc A. Lehmann
|
||||
* Marco Oggioni
|
||||
* Mark Glines
|
||||
* Mark Petryk
|
||||
* Markus Goetz
|
||||
|
@ -78,20 +90,26 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Nathan Stratton Treadway
|
||||
* Nick Hibma
|
||||
* Nick Patavalis
|
||||
* Pacien Tran-Girard
|
||||
* Patrick Helms
|
||||
* Paul Littlefield
|
||||
* Philipp Babel
|
||||
* Pierre Emeriaud
|
||||
* Pierre-Olivier Mercier
|
||||
* Rafael Sadowski
|
||||
* Rafał Leśniak
|
||||
* René Rüthlein
|
||||
* Rhosyn Celyn
|
||||
* Robert van der Meulen
|
||||
* Robert Waniek
|
||||
* Rosen Penev
|
||||
* Rumko
|
||||
* Ryan Miller
|
||||
* Sam Bryan
|
||||
* Samuel Thibault
|
||||
* Saverio Proto
|
||||
* Scott Lamb
|
||||
* Shengjing Zhu
|
||||
* Steffan Karger
|
||||
* Stig Fagrell
|
||||
* Sven-Haegar Koch
|
||||
|
@ -104,8 +122,11 @@ We would like to thank the following people for their contributions to tinc:
|
|||
* Tonnerre Lombard
|
||||
* Ulrich Seifert
|
||||
* Vil Brekin
|
||||
* Vincent Laurent
|
||||
* Vittorio Gambaletta
|
||||
* Volker Augustin
|
||||
* Wendy Willard
|
||||
* Werner Schreiber
|
||||
* Wessel Dankers
|
||||
* William A. Kennington III
|
||||
* William McArthur
|
||||
|
|
55
aclocal.m4
vendored
55
aclocal.m4
vendored
|
@ -1,6 +1,6 @@
|
|||
# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.16.3 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to.
|
|||
If you have problems, you may need to regenerate the build system entirely.
|
||||
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
|
||||
|
||||
# Copyright (C) 2002-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2002-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
|||
[am__api_version='1.16'
|
||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||
dnl require some minimum version. Point them to the right macro.
|
||||
m4_if([$1], [1.16.1], [],
|
||||
m4_if([$1], [1.16.3], [],
|
||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||
])
|
||||
|
||||
|
@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
|||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
|
||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||
[AM_AUTOMAKE_VERSION([1.16.1])dnl
|
||||
[AM_AUTOMAKE_VERSION([1.16.3])dnl
|
||||
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
|
||||
|
||||
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
|
|||
|
||||
# AM_CONDITIONAL -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1997-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE(
|
|||
Usually this means the macro was only invoked conditionally.]])
|
||||
fi])])
|
||||
|
||||
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
|
|||
|
||||
# Generate code to set up dependency tracking. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -371,7 +371,9 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
|
|||
done
|
||||
if test $am_rc -ne 0; then
|
||||
AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
|
||||
for automatic dependency tracking. Try re-running configure with the
|
||||
for automatic dependency tracking. If GNU make was not used, consider
|
||||
re-running the configure script with MAKE="gmake" (or whatever is
|
||||
necessary). You can also try re-running configure with the
|
||||
'--disable-dependency-tracking' option to at least be able to build
|
||||
the package (albeit without support for automatic dependency tracking).])
|
||||
fi
|
||||
|
@ -398,7 +400,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
|
|||
|
||||
# Do all the work for Automake. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -595,7 +597,7 @@ for _am_header in $config_headers :; do
|
|||
done
|
||||
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
|
||||
|
||||
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -616,7 +618,7 @@ if test x"${install_sh+set}" != xset; then
|
|||
fi
|
||||
AC_SUBST([install_sh])])
|
||||
|
||||
# Copyright (C) 2003-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2003-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -637,7 +639,7 @@ AC_SUBST([am__leading_dot])])
|
|||
|
||||
# Check to see how 'make' treats includes. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -680,7 +682,7 @@ AC_SUBST([am__quote])])
|
|||
|
||||
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1997-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -701,12 +703,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN],
|
|||
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
|
||||
AC_REQUIRE_AUX_FILE([missing])dnl
|
||||
if test x"${MISSING+set}" != xset; then
|
||||
case $am_aux_dir in
|
||||
*\ * | *\ *)
|
||||
MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
|
||||
*)
|
||||
MISSING="\${SHELL} $am_aux_dir/missing" ;;
|
||||
esac
|
||||
MISSING="\${SHELL} '$am_aux_dir/missing'"
|
||||
fi
|
||||
# Use eval to expand $SHELL
|
||||
if eval "$MISSING --is-lightweight"; then
|
||||
|
@ -719,7 +716,7 @@ fi
|
|||
|
||||
# Helper functions for option handling. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -748,7 +745,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
|
|||
AC_DEFUN([_AM_IF_OPTION],
|
||||
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
|
||||
|
||||
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -795,7 +792,7 @@ AC_LANG_POP([C])])
|
|||
# For backward compatibility.
|
||||
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
|
||||
|
||||
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -814,7 +811,7 @@ AC_DEFUN([AM_RUN_LOG],
|
|||
|
||||
# Check to make sure that the build environment is sane. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -895,7 +892,7 @@ AC_CONFIG_COMMANDS_PRE(
|
|||
rm -f conftest.file
|
||||
])
|
||||
|
||||
# Copyright (C) 2009-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2009-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -955,7 +952,7 @@ AC_SUBST([AM_BACKSLASH])dnl
|
|||
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
|
||||
])
|
||||
|
||||
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -983,7 +980,7 @@ fi
|
|||
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
|
||||
AC_SUBST([INSTALL_STRIP_PROGRAM])])
|
||||
|
||||
# Copyright (C) 2006-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -1002,7 +999,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
|
|||
|
||||
# Check how to create a tarball. -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 2004-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2004-2020 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
2
bash_completion.d/Makefile.am
Normal file
2
bash_completion.d/Makefile.am
Normal file
|
@ -0,0 +1,2 @@
|
|||
bash_completiondir = @datarootdir@/bash-completion/completions/
|
||||
dist_bash_completion_DATA = tinc
|
490
bash_completion.d/Makefile.in
Normal file
490
bash_completion.d/Makefile.in
Normal file
|
@ -0,0 +1,490 @@
|
|||
# Makefile.in generated by automake 1.16.3 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
# with or without modifications, as long as this notice is preserved.
|
||||
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE.
|
||||
|
||||
@SET_MAKE@
|
||||
|
||||
VPATH = @srcdir@
|
||||
am__is_gnu_make = { \
|
||||
if test -z '$(MAKELEVEL)'; then \
|
||||
false; \
|
||||
elif test -n '$(MAKE_HOST)'; then \
|
||||
true; \
|
||||
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
|
||||
true; \
|
||||
else \
|
||||
false; \
|
||||
fi; \
|
||||
}
|
||||
am__make_running_with_option = \
|
||||
case $${target_option-} in \
|
||||
?) ;; \
|
||||
*) echo "am__make_running_with_option: internal error: invalid" \
|
||||
"target option '$${target_option-}' specified" >&2; \
|
||||
exit 1;; \
|
||||
esac; \
|
||||
has_opt=no; \
|
||||
sane_makeflags=$$MAKEFLAGS; \
|
||||
if $(am__is_gnu_make); then \
|
||||
sane_makeflags=$$MFLAGS; \
|
||||
else \
|
||||
case $$MAKEFLAGS in \
|
||||
*\\[\ \ ]*) \
|
||||
bs=\\; \
|
||||
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
|
||||
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
|
||||
esac; \
|
||||
fi; \
|
||||
skip_next=no; \
|
||||
strip_trailopt () \
|
||||
{ \
|
||||
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
|
||||
}; \
|
||||
for flg in $$sane_makeflags; do \
|
||||
test $$skip_next = yes && { skip_next=no; continue; }; \
|
||||
case $$flg in \
|
||||
*=*|--*) continue;; \
|
||||
-*I) strip_trailopt 'I'; skip_next=yes;; \
|
||||
-*I?*) strip_trailopt 'I';; \
|
||||
-*O) strip_trailopt 'O'; skip_next=yes;; \
|
||||
-*O?*) strip_trailopt 'O';; \
|
||||
-*l) strip_trailopt 'l'; skip_next=yes;; \
|
||||
-*l?*) strip_trailopt 'l';; \
|
||||
-[dEDm]) skip_next=yes;; \
|
||||
-[JT]) skip_next=yes;; \
|
||||
esac; \
|
||||
case $$flg in \
|
||||
*$$target_option*) has_opt=yes; break;; \
|
||||
esac; \
|
||||
done; \
|
||||
test $$has_opt = yes
|
||||
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
|
||||
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
|
||||
pkgdatadir = $(datadir)/@PACKAGE@
|
||||
pkgincludedir = $(includedir)/@PACKAGE@
|
||||
pkglibdir = $(libdir)/@PACKAGE@
|
||||
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
||||
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
||||
install_sh_DATA = $(install_sh) -c -m 644
|
||||
install_sh_PROGRAM = $(install_sh) -c
|
||||
install_sh_SCRIPT = $(install_sh) -c
|
||||
INSTALL_HEADER = $(INSTALL_DATA)
|
||||
transform = $(program_transform_name)
|
||||
NORMAL_INSTALL = :
|
||||
PRE_INSTALL = :
|
||||
POST_INSTALL = :
|
||||
NORMAL_UNINSTALL = :
|
||||
PRE_UNINSTALL = :
|
||||
POST_UNINSTALL = :
|
||||
build_triplet = @build@
|
||||
host_triplet = @host@
|
||||
subdir = bash_completion.d
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_code_coverage.m4 \
|
||||
$(top_srcdir)/m4/ax_require_defined.m4 \
|
||||
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
|
||||
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
|
||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \
|
||||
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
$(ACLOCAL_M4)
|
||||
DIST_COMMON = $(srcdir)/Makefile.am $(dist_bash_completion_DATA) \
|
||||
$(am__DIST_COMMON)
|
||||
mkinstalldirs = $(install_sh) -d
|
||||
CONFIG_HEADER = $(top_builddir)/config.h
|
||||
CONFIG_CLEAN_FILES =
|
||||
CONFIG_CLEAN_VPATH_FILES =
|
||||
AM_V_P = $(am__v_P_@AM_V@)
|
||||
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
|
||||
am__v_P_0 = false
|
||||
am__v_P_1 = :
|
||||
AM_V_GEN = $(am__v_GEN_@AM_V@)
|
||||
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
|
||||
am__v_GEN_0 = @echo " GEN " $@;
|
||||
am__v_GEN_1 =
|
||||
AM_V_at = $(am__v_at_@AM_V@)
|
||||
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
|
||||
am__v_at_0 = @
|
||||
am__v_at_1 =
|
||||
SOURCES =
|
||||
DIST_SOURCES =
|
||||
am__can_run_installinfo = \
|
||||
case $$AM_UPDATE_INFO_DIR in \
|
||||
n|no|NO) false;; \
|
||||
*) (install-info --version) >/dev/null 2>&1;; \
|
||||
esac
|
||||
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
|
||||
am__vpath_adj = case $$p in \
|
||||
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
|
||||
*) f=$$p;; \
|
||||
esac;
|
||||
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
|
||||
am__install_max = 40
|
||||
am__nobase_strip_setup = \
|
||||
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
|
||||
am__nobase_strip = \
|
||||
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
|
||||
am__nobase_list = $(am__nobase_strip_setup); \
|
||||
for p in $$list; do echo "$$p $$p"; done | \
|
||||
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
|
||||
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
|
||||
if (++n[$$2] == $(am__install_max)) \
|
||||
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
|
||||
END { for (dir in files) print dir, files[dir] }'
|
||||
am__base_list = \
|
||||
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
|
||||
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
|
||||
am__uninstall_files_from_dir = { \
|
||||
test -z "$$files" \
|
||||
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|
||||
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
|
||||
$(am__cd) "$$dir" && rm -f $$files; }; \
|
||||
}
|
||||
am__installdirs = "$(DESTDIR)$(bash_completiondir)"
|
||||
DATA = $(dist_bash_completion_DATA)
|
||||
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
|
||||
am__DIST_COMMON = $(srcdir)/Makefile.in
|
||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
ACLOCAL = @ACLOCAL@
|
||||
AMTAR = @AMTAR@
|
||||
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
|
||||
AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@
|
||||
CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@
|
||||
CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@
|
||||
CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
|
||||
CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@
|
||||
CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@
|
||||
CPP = @CPP@
|
||||
CPPFLAGS = @CPPFLAGS@
|
||||
CURSES_LIBS = @CURSES_LIBS@
|
||||
CYGPATH_W = @CYGPATH_W@
|
||||
DEFS = @DEFS@
|
||||
DEPDIR = @DEPDIR@
|
||||
ECHO_C = @ECHO_C@
|
||||
ECHO_N = @ECHO_N@
|
||||
ECHO_T = @ECHO_T@
|
||||
EGREP = @EGREP@
|
||||
EXEEXT = @EXEEXT@
|
||||
GCOV = @GCOV@
|
||||
GENHTML = @GENHTML@
|
||||
GREP = @GREP@
|
||||
INSTALL = @INSTALL@
|
||||
INSTALL_DATA = @INSTALL_DATA@
|
||||
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
||||
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
||||
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
||||
LCOV = @LCOV@
|
||||
LDFLAGS = @LDFLAGS@
|
||||
LIBOBJS = @LIBOBJS@
|
||||
LIBS = @LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MINIUPNPC_LIBS = @MINIUPNPC_LIBS@
|
||||
MKDIR_P = @MKDIR_P@
|
||||
OBJEXT = @OBJEXT@
|
||||
PACKAGE = @PACKAGE@
|
||||
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
||||
PACKAGE_NAME = @PACKAGE_NAME@
|
||||
PACKAGE_STRING = @PACKAGE_STRING@
|
||||
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||
PACKAGE_URL = @PACKAGE_URL@
|
||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||
PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
READLINE_LIBS = @READLINE_LIBS@
|
||||
SED = @SED@
|
||||
SET_MAKE = @SET_MAKE@
|
||||
SHELL = @SHELL@
|
||||
STRIP = @STRIP@
|
||||
VERSION = @VERSION@
|
||||
abs_builddir = @abs_builddir@
|
||||
abs_srcdir = @abs_srcdir@
|
||||
abs_top_builddir = @abs_top_builddir@
|
||||
abs_top_srcdir = @abs_top_srcdir@
|
||||
ac_ct_CC = @ac_ct_CC@
|
||||
am__include = @am__include@
|
||||
am__leading_dot = @am__leading_dot@
|
||||
am__quote = @am__quote@
|
||||
am__tar = @am__tar@
|
||||
am__untar = @am__untar@
|
||||
bindir = @bindir@
|
||||
build = @build@
|
||||
build_alias = @build_alias@
|
||||
build_cpu = @build_cpu@
|
||||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
dvidir = @dvidir@
|
||||
exec_prefix = @exec_prefix@
|
||||
host = @host@
|
||||
host_alias = @host_alias@
|
||||
host_cpu = @host_cpu@
|
||||
host_os = @host_os@
|
||||
host_vendor = @host_vendor@
|
||||
htmldir = @htmldir@
|
||||
includedir = @includedir@
|
||||
infodir = @infodir@
|
||||
install_sh = @install_sh@
|
||||
libdir = @libdir@
|
||||
libexecdir = @libexecdir@
|
||||
localedir = @localedir@
|
||||
localstatedir = @localstatedir@
|
||||
mandir = @mandir@
|
||||
mkdir_p = @mkdir_p@
|
||||
oldincludedir = @oldincludedir@
|
||||
pdfdir = @pdfdir@
|
||||
prefix = @prefix@
|
||||
program_transform_name = @program_transform_name@
|
||||
psdir = @psdir@
|
||||
runstatedir = @runstatedir@
|
||||
sbindir = @sbindir@
|
||||
sharedstatedir = @sharedstatedir@
|
||||
srcdir = @srcdir@
|
||||
sysconfdir = @sysconfdir@
|
||||
systemd_path = @systemd_path@
|
||||
target_alias = @target_alias@
|
||||
top_build_prefix = @top_build_prefix@
|
||||
top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
bash_completiondir = @datarootdir@/bash-completion/completions/
|
||||
dist_bash_completion_DATA = tinc
|
||||
all: all-am
|
||||
|
||||
.SUFFIXES:
|
||||
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
|
||||
@for dep in $?; do \
|
||||
case '$(am__configure_deps)' in \
|
||||
*$$dep*) \
|
||||
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
|
||||
&& { if test -f $@; then exit 0; else break; fi; }; \
|
||||
exit 1;; \
|
||||
esac; \
|
||||
done; \
|
||||
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu bash_completion.d/Makefile'; \
|
||||
$(am__cd) $(top_srcdir) && \
|
||||
$(AUTOMAKE) --gnu bash_completion.d/Makefile
|
||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
||||
@case '$?' in \
|
||||
*config.status*) \
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
|
||||
*) \
|
||||
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
|
||||
esac;
|
||||
|
||||
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||
|
||||
$(top_srcdir)/configure: $(am__configure_deps)
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||
$(am__aclocal_m4_deps):
|
||||
install-dist_bash_completionDATA: $(dist_bash_completion_DATA)
|
||||
@$(NORMAL_INSTALL)
|
||||
@list='$(dist_bash_completion_DATA)'; test -n "$(bash_completiondir)" || list=; \
|
||||
if test -n "$$list"; then \
|
||||
echo " $(MKDIR_P) '$(DESTDIR)$(bash_completiondir)'"; \
|
||||
$(MKDIR_P) "$(DESTDIR)$(bash_completiondir)" || exit 1; \
|
||||
fi; \
|
||||
for p in $$list; do \
|
||||
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
|
||||
echo "$$d$$p"; \
|
||||
done | $(am__base_list) | \
|
||||
while read files; do \
|
||||
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(bash_completiondir)'"; \
|
||||
$(INSTALL_DATA) $$files "$(DESTDIR)$(bash_completiondir)" || exit $$?; \
|
||||
done
|
||||
|
||||
uninstall-dist_bash_completionDATA:
|
||||
@$(NORMAL_UNINSTALL)
|
||||
@list='$(dist_bash_completion_DATA)'; test -n "$(bash_completiondir)" || list=; \
|
||||
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
|
||||
dir='$(DESTDIR)$(bash_completiondir)'; $(am__uninstall_files_from_dir)
|
||||
tags TAGS:
|
||||
|
||||
ctags CTAGS:
|
||||
|
||||
cscope cscopelist:
|
||||
|
||||
|
||||
distdir: $(BUILT_SOURCES)
|
||||
$(MAKE) $(AM_MAKEFLAGS) distdir-am
|
||||
|
||||
distdir-am: $(DISTFILES)
|
||||
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||
list='$(DISTFILES)'; \
|
||||
dist_files=`for file in $$list; do echo $$file; done | \
|
||||
sed -e "s|^$$srcdirstrip/||;t" \
|
||||
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
|
||||
case $$dist_files in \
|
||||
*/*) $(MKDIR_P) `echo "$$dist_files" | \
|
||||
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
|
||||
sort -u` ;; \
|
||||
esac; \
|
||||
for file in $$dist_files; do \
|
||||
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
||||
if test -d $$d/$$file; then \
|
||||
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
|
||||
if test -d "$(distdir)/$$file"; then \
|
||||
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
||||
fi; \
|
||||
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
||||
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
|
||||
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
||||
fi; \
|
||||
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
|
||||
else \
|
||||
test -f "$(distdir)/$$file" \
|
||||
|| cp -p $$d/$$file "$(distdir)/$$file" \
|
||||
|| exit 1; \
|
||||
fi; \
|
||||
done
|
||||
check-am: all-am
|
||||
check: check-am
|
||||
all-am: Makefile $(DATA)
|
||||
installdirs:
|
||||
for dir in "$(DESTDIR)$(bash_completiondir)"; do \
|
||||
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
|
||||
done
|
||||
install: install-am
|
||||
install-exec: install-exec-am
|
||||
install-data: install-data-am
|
||||
uninstall: uninstall-am
|
||||
|
||||
install-am: all-am
|
||||
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
||||
|
||||
installcheck: installcheck-am
|
||||
install-strip:
|
||||
if test -z '$(STRIP)'; then \
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
install; \
|
||||
else \
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
||||
fi
|
||||
mostlyclean-generic:
|
||||
|
||||
clean-generic:
|
||||
|
||||
distclean-generic:
|
||||
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
|
||||
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
|
||||
|
||||
maintainer-clean-generic:
|
||||
@echo "This command is intended for maintainers to use"
|
||||
@echo "it deletes files that may require special tools to rebuild."
|
||||
clean: clean-am
|
||||
|
||||
clean-am: clean-generic mostlyclean-am
|
||||
|
||||
distclean: distclean-am
|
||||
-rm -f Makefile
|
||||
distclean-am: clean-am distclean-generic
|
||||
|
||||
dvi: dvi-am
|
||||
|
||||
dvi-am:
|
||||
|
||||
html: html-am
|
||||
|
||||
html-am:
|
||||
|
||||
info: info-am
|
||||
|
||||
info-am:
|
||||
|
||||
install-data-am: install-dist_bash_completionDATA
|
||||
|
||||
install-dvi: install-dvi-am
|
||||
|
||||
install-dvi-am:
|
||||
|
||||
install-exec-am:
|
||||
|
||||
install-html: install-html-am
|
||||
|
||||
install-html-am:
|
||||
|
||||
install-info: install-info-am
|
||||
|
||||
install-info-am:
|
||||
|
||||
install-man:
|
||||
|
||||
install-pdf: install-pdf-am
|
||||
|
||||
install-pdf-am:
|
||||
|
||||
install-ps: install-ps-am
|
||||
|
||||
install-ps-am:
|
||||
|
||||
installcheck-am:
|
||||
|
||||
maintainer-clean: maintainer-clean-am
|
||||
-rm -f Makefile
|
||||
maintainer-clean-am: distclean-am maintainer-clean-generic
|
||||
|
||||
mostlyclean: mostlyclean-am
|
||||
|
||||
mostlyclean-am: mostlyclean-generic
|
||||
|
||||
pdf: pdf-am
|
||||
|
||||
pdf-am:
|
||||
|
||||
ps: ps-am
|
||||
|
||||
ps-am:
|
||||
|
||||
uninstall-am: uninstall-dist_bash_completionDATA
|
||||
|
||||
.MAKE: install-am install-strip
|
||||
|
||||
.PHONY: all all-am check check-am clean clean-generic cscopelist-am \
|
||||
ctags-am distclean distclean-generic distdir dvi dvi-am html \
|
||||
html-am info info-am install install-am install-data \
|
||||
install-data-am install-dist_bash_completionDATA install-dvi \
|
||||
install-dvi-am install-exec install-exec-am install-html \
|
||||
install-html-am install-info install-info-am install-man \
|
||||
install-pdf install-pdf-am install-ps install-ps-am \
|
||||
install-strip installcheck installcheck-am installdirs \
|
||||
maintainer-clean maintainer-clean-generic mostlyclean \
|
||||
mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
|
||||
uninstall-am uninstall-dist_bash_completionDATA
|
||||
|
||||
.PRECIOUS: Makefile
|
||||
|
||||
|
||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
.NOEXPORT:
|
92
bash_completion.d/tinc
Normal file
92
bash_completion.d/tinc
Normal file
|
@ -0,0 +1,92 @@
|
|||
_tinc() {
|
||||
local cur prev opts confvars commands nets
|
||||
COMPREPLY=()
|
||||
cur="${COMP_WORDS[COMP_CWORD]}"
|
||||
prev="${COMP_WORDS[COMP_CWORD-1]}"
|
||||
opts="-c -d -D -K -n -o -L -R -U --config --no-detach --debug --net --option --mlock --logfile --pidfile --chroot --user --help --version"
|
||||
confvars="Address AddressFamily BindToAddress BindToInterface Broadcast BroadcastSubnet Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceStandby DeviceType Digest DirectOnly Ed25519PrivateKeyFile Ed25519PublicKey Ed25519PublicKeyFile ExperimentalProtocol Forwarding FWMark GraphDumpFile Hostnames IffOneQueue IndirectData Interface InvitationExpire KeyExpire ListenAddress LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode MTUInfoInterval Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPDiscovery UDPDiscoveryKeepaliveInterval UDPDiscoveryInterval UDPDiscoveryTimeout UDPInfoInterval UDPRcvBuf UDPSndBuf UPnP UPnPDiscoverWait UPnPRefreshPeriod VDEGroup VDEPort Weight"
|
||||
commands="add connect debug del disconnect dump edit export export-all generate-ed25519-keys generate-keys generate-rsa-keys get help import info init invite join list log network pcap pid purge reload restart retry set sign start stop top verify version"
|
||||
|
||||
case ${prev} in
|
||||
-c|--config)
|
||||
compopt -o dirnames 2>/dev/null
|
||||
return 0
|
||||
;;
|
||||
-n|--net)
|
||||
nets=""
|
||||
pushd /etc/tinc >/dev/null 2>/dev/null
|
||||
for dir in *; do
|
||||
if [[ -f "$dir/tinc.conf" ]]; then
|
||||
nets="$nets $dir"
|
||||
fi
|
||||
done
|
||||
popd >/dev/null 2>/dev/null
|
||||
COMPREPLY=( $(compgen -W "${nets}" -- ${cur}) )
|
||||
return 0
|
||||
;;
|
||||
-o|--option)
|
||||
compopt -o nospace
|
||||
COMPREPLY=( $(compgen -W "${confvars}" -- ${cur}) )
|
||||
if [[ ${#COMPREPLY[*]} == 1 ]] ; then
|
||||
COMPREPLY=$COMPREPLY=
|
||||
fi
|
||||
return 0
|
||||
;;
|
||||
-U|--user)
|
||||
COMPREPLY=( $(compgen -u ${cur}) )
|
||||
return 0
|
||||
;;
|
||||
--logfile|--pidfile)
|
||||
compopt -o filenames 2>/dev/null
|
||||
COMPREPLY=( $(compgen -f ${cur}) )
|
||||
return 0
|
||||
esac
|
||||
if [[ ${cur} == -* ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
|
||||
return 0
|
||||
fi
|
||||
if [[ $1 == "d" ]]; then
|
||||
if [[ -z ${cur} ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
|
||||
fi
|
||||
return 0
|
||||
fi
|
||||
COMPREPLY=( $(compgen -W "${commands}" -- ${cur}) )
|
||||
case $prev in
|
||||
get|set|add|del)
|
||||
COMPREPLY=( $(compgen -W "${confvars}" -- ${cur}) )
|
||||
return 0
|
||||
;;
|
||||
dump|list|reachable)
|
||||
COMPREPLY=( $(compgen -W "reachable nodes edges subnets connections graph invitations" -- ${cur}) )
|
||||
return 0
|
||||
;;
|
||||
network)
|
||||
nets=""
|
||||
pushd /etc/tinc >/dev/null 2>/dev/null
|
||||
for dir in *; do
|
||||
if [[ -f "$dir/tinc.conf" ]]; then
|
||||
nets="$nets $dir"
|
||||
fi
|
||||
done
|
||||
popd >/dev/null 2>/dev/null
|
||||
COMPREPLY=( $(compgen -W "${nets}" -- ${cur}) )
|
||||
return 0
|
||||
;;
|
||||
esac
|
||||
if [[ -z ${cur} ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts} ${commands}" -- ${cur}) )
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
_tincd() {
|
||||
_tinc d;
|
||||
}
|
||||
|
||||
_tincctl() {
|
||||
_tinc ctl;
|
||||
}
|
||||
|
||||
complete -F _tincd tincd
|
||||
complete -F _tincctl tinc
|
6
compile
6
compile
|
@ -3,7 +3,7 @@
|
|||
|
||||
scriptversion=2018-03-07.03; # UTC
|
||||
|
||||
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
|
||||
# Written by Tom Tromey <tromey@cygnus.com>.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
|
@ -53,7 +53,7 @@ func_file_conv ()
|
|||
MINGW*)
|
||||
file_conv=mingw
|
||||
;;
|
||||
CYGWIN*)
|
||||
CYGWIN* | MSYS*)
|
||||
file_conv=cygwin
|
||||
;;
|
||||
*)
|
||||
|
@ -67,7 +67,7 @@ func_file_conv ()
|
|||
mingw/*)
|
||||
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
|
||||
;;
|
||||
cygwin/*)
|
||||
cygwin/* | msys/*)
|
||||
file=`cygpath -m "$file" || echo "$file"`
|
||||
;;
|
||||
wine/*)
|
||||
|
|
12
config.h.in
12
config.h.in
|
@ -33,9 +33,6 @@
|
|||
/* Define to 1 if you have the <curses.h> header file. */
|
||||
#undef HAVE_CURSES_H
|
||||
|
||||
/* Cygwin */
|
||||
#undef HAVE_CYGWIN
|
||||
|
||||
/* Define to 1 if you have the `daemon' function. */
|
||||
#undef HAVE_DAEMON
|
||||
|
||||
|
@ -264,6 +261,9 @@
|
|||
/* Solaris/SunOS */
|
||||
#undef HAVE_SOLARIS
|
||||
|
||||
/* Define to 1 if you have the <stddef.h> header file. */
|
||||
#undef HAVE_STDDEF_H
|
||||
|
||||
/* Define to 1 if you have the <stdint.h> header file. */
|
||||
#undef HAVE_STDINT_H
|
||||
|
||||
|
@ -381,9 +381,6 @@
|
|||
/* Define to the version of this package. */
|
||||
#undef PACKAGE_VERSION
|
||||
|
||||
/* Define as the return type of signal handlers (`int' or `void'). */
|
||||
#undef RETSIGTYPE
|
||||
|
||||
/* Define to 1 if you have the ANSI C header files. */
|
||||
#undef STDC_HEADERS
|
||||
|
||||
|
@ -422,9 +419,6 @@
|
|||
/* Define to 1 if you need to in order for `stat' and other things to work. */
|
||||
#undef _POSIX_SOURCE
|
||||
|
||||
/* Enable BSD extensions */
|
||||
#undef __USE_BSD
|
||||
|
||||
/* Defined if the __malloc__ attribute is not supported. */
|
||||
#undef __malloc__
|
||||
|
||||
|
|
20
configure.ac
20
configure.ac
|
@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
|
|||
|
||||
origcflags="$CFLAGS"
|
||||
|
||||
AC_PREREQ(2.61)
|
||||
AC_PREREQ(2.69)
|
||||
AC_INIT([tinc], m4_esyscmd_s((git describe || echo UNKNOWN) | sed 's/release-//'))
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AM_INIT_AUTOMAKE([std-options subdir-objects nostdinc silent-rules -Wall])
|
||||
|
@ -10,14 +10,11 @@ AC_CONFIG_HEADERS([config.h])
|
|||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AM_SILENT_RULES([yes])
|
||||
|
||||
# Enable GNU extensions.
|
||||
# Define this here, not in acconfig's @TOP@ section, since definitions
|
||||
# in the latter don't make it into the configure-time tests.
|
||||
AC_GNU_SOURCE
|
||||
AC_DEFINE([__USE_BSD], 1, [Enable BSD extensions])
|
||||
AC_USE_SYSTEM_EXTENSIONS
|
||||
|
||||
dnl Checks for programs.
|
||||
AC_PROG_CC_C99
|
||||
AC_PROG_CC
|
||||
AC_PROG_CC_STDC
|
||||
AC_PROG_CPP
|
||||
AC_PROG_INSTALL
|
||||
AM_PROG_CC_C_O
|
||||
|
@ -65,8 +62,7 @@ case $host_os in
|
|||
AC_DEFINE(HAVE_BSD, 1, [Unknown BSD variant])
|
||||
;;
|
||||
*cygwin*)
|
||||
cygwin=true
|
||||
AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
|
||||
AC_MSG_ERROR("Cygwin is no longer supported. Use MinGW to build native Windows binaries.")
|
||||
;;
|
||||
*mingw*)
|
||||
mingw=true
|
||||
|
@ -95,6 +91,7 @@ AC_ARG_ENABLE(vde,
|
|||
AS_HELP_STRING([--enable-vde], [enable support for Virtual Distributed Ethernet]),
|
||||
[ AS_IF([test "x$enable_vde" = "xyes"],
|
||||
[ AC_CHECK_HEADERS(libvdeplug_dyn.h, [], [AC_MSG_ERROR([VDE plug header files not found.]); break])
|
||||
AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"], [AC_MSG_ERROR([VDE plug depends on libdl.]); break])
|
||||
AC_DEFINE(ENABLE_VDE, 1, [Support for VDE])
|
||||
vde=true
|
||||
],
|
||||
|
@ -168,7 +165,7 @@ AS_IF([test "x$enable_hardening" != "xno"],
|
|||
dnl Checks for header files.
|
||||
dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
|
||||
|
||||
AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h sys/un.h sys/wait.h netdb.h arpa/inet.h dirent.h getopt.h])
|
||||
AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h sys/un.h sys/wait.h netdb.h arpa/inet.h dirent.h getopt.h stddef.h])
|
||||
AC_CHECK_HEADERS([net/if.h net/if_types.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h],
|
||||
[], [], [#include "$srcdir/src/have.h"]
|
||||
)
|
||||
|
@ -189,7 +186,6 @@ AC_CHECK_TYPES([struct ether_header, struct arphdr, struct ether_arp, struct ip,
|
|||
)
|
||||
|
||||
dnl Checks for library functions.
|
||||
AC_TYPE_SIGNAL
|
||||
AC_CHECK_FUNCS([asprintf daemon fchmod flock fork gettimeofday mlockall putenv recvmmsg strsignal nanosleep unsetenv vsyslog devname fdevname],
|
||||
[], [], [#include "$srcdir/src/have.h"]
|
||||
)
|
||||
|
@ -266,6 +262,6 @@ if test "x$runstatedir" = "x"; then
|
|||
AC_SUBST([runstatedir], ['${localstatedir}/run'])
|
||||
fi
|
||||
|
||||
AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile test/Makefile systemd/Makefile])
|
||||
AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile test/Makefile test/testlib.sh systemd/Makefile bash_completion.d/Makefile])
|
||||
|
||||
AC_OUTPUT
|
||||
|
|
43
debian/NEWS
vendored
Normal file
43
debian/NEWS
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
tinc (1.1~pre11-1) experimental; urgency=medium
|
||||
|
||||
This package now provides a native systemd service file, allowing multiple
|
||||
instances of tinc to be managed. Existing networks listed in
|
||||
/etc/tinc/nets.boot will be converted to service instances once during this
|
||||
upgrade. Afterwards, you can enable and disable networks using:
|
||||
|
||||
systemctl enable tinc@<netname>
|
||||
systemctl disable tinc@<netname>
|
||||
|
||||
If you do not have systemd installed, the SysV init script will continue to
|
||||
work as usual. For more information, see README.Debian.
|
||||
|
||||
Please note that tinc 1.1pre11 is backwards compatible with tinc 1.0.x, but
|
||||
is not backwards compatible with 1.1pre1 to 1.1pre10 nodes if
|
||||
ExperimentalProtocol is enabled, which is the default.
|
||||
|
||||
If you have more than one node running an 1.1 prerelease version in your VPN,
|
||||
make sure you upgrade them all at the same time, or disable the new protocol
|
||||
by adding the following line to tinc.conf:
|
||||
|
||||
ExperimentalProtocol = no
|
||||
|
||||
If you do want to use the new protocol, be aware that this version of tinc
|
||||
switched to Ed25519 keys. You can generate a new Ed25519 keypair by running
|
||||
the following command:
|
||||
|
||||
tinc -n <netname> generate-ed25519-keys
|
||||
|
||||
You have to manually restart tinc after this upgrade.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sat, 08 Jan 2015 14:02:27 +0100
|
||||
|
||||
tinc (1.1~pre2-1) experimental; urgency=low
|
||||
|
||||
tinc-1.1 has separate control utility, tinc (without the d), which is now
|
||||
used to start/stop tinc instances, to reload configuration, to get various
|
||||
information about running tincd (including dump of nodes and connections)
|
||||
and so on. tincd still reacts to some signals as before, but this usage is
|
||||
deprecated. In particular, -k option is now gone. Also, node/connection/etc
|
||||
dumps are produced on tincctl stdout, not into syslog.
|
||||
|
||||
-- Michael Tokarev <mjt@tls.msk.ru> Sun, 07 Aug 2011 13:16:17 +0400
|
78
debian/README.Debian
vendored
Normal file
78
debian/README.Debian
vendored
Normal file
|
@ -0,0 +1,78 @@
|
|||
tinc for Debian
|
||||
---------------
|
||||
|
||||
The manual for tinc is also available as info pages, type `info tinc'
|
||||
to read it.
|
||||
|
||||
There are several ways in which tinc may be automatically started at boot:
|
||||
|
||||
Systemd
|
||||
-------
|
||||
|
||||
Since 1.1~pre11-1, the tinc package comes with native systemd service files.
|
||||
To enable and start a net, call:
|
||||
|
||||
systemctl enable tinc@<netname>
|
||||
systemctl start tinc@<netname>
|
||||
|
||||
This will cause a tincd to be started which uses the configuration from
|
||||
/etc/tinc/<netname>, and also makes sure that it will be started next time your
|
||||
system boots.
|
||||
|
||||
Apart from controlling individual instances, you can also start/stop/reload all
|
||||
enabled instances simultaneously by omitting @<netname>, for example:
|
||||
|
||||
systemctl reload tinc
|
||||
|
||||
Note that when you have systemd installed on your system, the file
|
||||
/etc/tinc/nets.boot will not be used anymore to automatically start tinc
|
||||
daemons. If the variable EXTRA is defined in /etc/default/tinc, it will be
|
||||
passed on to tinc. The variable LIMITS is however not used.
|
||||
|
||||
The service files that come with this package start tinc unconditionally.
|
||||
However, tinc does support socket activation. If you wish to write a socket
|
||||
unit for tinc, use the ListenStream option to specify on which port(s) and
|
||||
address(es) tinc should listen.
|
||||
|
||||
SysVinit
|
||||
--------
|
||||
|
||||
The system startup script for tinc, /etc/init.d/tinc, uses the file
|
||||
/etc/tinc/nets.boot to find out which networks have to be started. Use one
|
||||
netname per line. Lines starting with a # are ignored.
|
||||
|
||||
/etc/network/interfaces
|
||||
-----------------------
|
||||
|
||||
You can create a stanza in /etc/network/interfaces, and add a line with
|
||||
"tinc-net <netname>". This will cause a tincd to be started which uses the
|
||||
configuration from /etc/tinc/<netname>. You can use an inet static (with
|
||||
address and netmask options) or inet dhcp stanza, in which case the ifup will
|
||||
configure the VPN interface and you do not need to have a tinc-up script.
|
||||
|
||||
The following options are also recognized and map directly to the corresponding
|
||||
command line options for tincd:
|
||||
|
||||
tinc-config <directory>
|
||||
tinc-debug <level>
|
||||
tinc-mlock yes
|
||||
tinc-logfile <filename>
|
||||
tinc-chroot yes
|
||||
tinc-user <username>
|
||||
|
||||
An example stanza:
|
||||
|
||||
iface vpn inet static
|
||||
address 192.168.2.42
|
||||
netmask 255.255.0.0
|
||||
tinc-net myvpn
|
||||
tinc-debug 1
|
||||
tinc-mlock yes
|
||||
tinc-user nobody
|
||||
|
||||
This will start a tinc daemon that reads its configuration from
|
||||
/etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user
|
||||
nobody, and creates a network interface called "vpn". Ifup then sets the
|
||||
address and netmask on that interface.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org>, Thu, 8 January 2015, 13:37:46 +0100
|
663
debian/changelog
vendored
Normal file
663
debian/changelog
vendored
Normal file
|
@ -0,0 +1,663 @@
|
|||
tinc (1.1~pre18-1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
- The patch for EVP_DecryptUpdate is no longer necessary.
|
||||
* Disable support for VDE.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 27 Jun 2021 20:10:22 +0200
|
||||
|
||||
tinc (1.1~pre17-1.2) experimental; urgency=medium
|
||||
|
||||
* Non-maintainer upload.
|
||||
* Add patch to fix EVP_DecryptUpdate issue. Closes: #923438
|
||||
|
||||
-- Don Armstrong <don@debian.org> Sun, 31 May 2020 15:11:34 -0700
|
||||
|
||||
tinc (1.1~pre17-1.1) experimental; urgency=medium
|
||||
|
||||
* Non-maintainer upload.
|
||||
* Fix systemd service install path. Closes: #910618
|
||||
* Fix typo in --enable-miniupnpc option.
|
||||
|
||||
-- Shengjing Zhu <zhsj@debian.org> Wed, 10 Oct 2018 10:58:42 +0800
|
||||
|
||||
tinc (1.1~pre17-1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
- Includes fixes for CVE-2018-16737, CVE-2018-16738.
|
||||
- The GUI is no longer part of upstream, so has been removed.
|
||||
* Link with the miniupnpc library.
|
||||
* Bump Standards-Version.
|
||||
* Bump debian/compat.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Mon, 08 Oct 2018 16:32:57 +0200
|
||||
|
||||
tinc (1.1~pre15-1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
* Bump Standards-Version.
|
||||
* Bump debian/compat.
|
||||
* Don't use while loops checking PID files anymore, the tinc CLI will
|
||||
wait properly for the daemon to start or stop. Closes: #772379, #832784
|
||||
* Clean up scripts as suggested by Dominik George. Closes: #832781
|
||||
* Test for /etc/default/tinc before trying to source it. Closes: #777262
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 05 Sep 2017 21:03:51 +0200
|
||||
|
||||
tinc (1.1~pre12-1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
* Bump Standards-Version.
|
||||
* Depend on python-wxgtk3.0 for the GUI.
|
||||
* Use dh --with python2.
|
||||
* Add Build-Depends for dh-python.
|
||||
* Update links in debian/control and debian/copyright.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 24 Apr 2016 14:51:14 +0200
|
||||
|
||||
tinc (1.1~pre11-1) experimental; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
* Update NEWS.Debian to reflect that tincctl has been renamed to tinc.
|
||||
Closes: #729889
|
||||
* Warn about incompatibility with previous 1.1preX releases, and that new
|
||||
Ed25519 keys should be generated.
|
||||
* Add native systemd service files.
|
||||
* Automatically convert networks listed in nets.boot to systemd service
|
||||
instances on upgrade.
|
||||
* Don't restart tinc on upgrade for now.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Thu, 08 Jan 2015 14:51:34 +0100
|
||||
|
||||
tinc (1.1~pre9-1) experimental; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 08 Sep 2013 18:00:28 +0200
|
||||
|
||||
tinc (1.1~pre8-2) experimental; urgency=low
|
||||
|
||||
* Run make clean after the configure step to get rid of .o files that were
|
||||
accidentily left in the orig.tar.gz.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 14 Aug 2013 16:13:43 +0200
|
||||
|
||||
tinc (1.1~pre8-1) experimental; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
- Handles whitespace between command line flags and optional arguments.
|
||||
Closes: #710267
|
||||
* Bump Standards-Version.
|
||||
* Source /lib/lsb/init-functions in the init.d script.
|
||||
* Don't use texi2html anymore, use automake's install-html target which uses
|
||||
makeinfo.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 14 Aug 2013 15:34:41 +0200
|
||||
|
||||
tinc (1.1~pre7-2) experimental; urgency=low
|
||||
|
||||
[ Gian Piero Carrubba ]
|
||||
* Init script fails to pass extra arguments to tincd. Closes: #704701
|
||||
+ Remove the '--' as it is passed unaltered to tincd, preventing it to read
|
||||
trailing parameters.
|
||||
+ Pass extra arguments also when restarting the daemon.
|
||||
* Set process limits when started by ifupdown. Closes: #704702
|
||||
|
||||
[ Guus Sliepen ]
|
||||
* Check whether the tincd process is still running in the if-post-down script.
|
||||
Closes: #704708
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 01 May 2013 10:41:31 +0200
|
||||
|
||||
tinc (1.1~pre7-1) experimental; urgency=high
|
||||
|
||||
* New upstream release.
|
||||
- Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 23 Apr 2013 11:37:38 +0200
|
||||
|
||||
tinc (1.1~pre6-1) experimental; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 20 Feb 2013 16:53:33 +0100
|
||||
|
||||
tinc (1.1~pre4-1) experimental; urgency=low
|
||||
|
||||
[ Gian Piero Carrubba ]
|
||||
* Allow resource limits to be set in /etc/default/tinc. Closes: #690685
|
||||
|
||||
[ Guus Sliepen ]
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 05 Dec 2012 23:05:01 +0100
|
||||
|
||||
tinc (1.1~pre3-1) experimental; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Bump Standards-Version.
|
||||
* Enable parallel builds.
|
||||
* Bump debian/compat to 9, so tinc gets build with hardening flags.
|
||||
* Move tinc-gui to its own package.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 14 Oct 2012 23:51:21 +0200
|
||||
|
||||
tinc (1.1~pre2-2) experimental; urgency=low
|
||||
|
||||
* add forgotten build-depend on libncurses5-dev for new `tincctl top'
|
||||
* add libevent-dev build dependency
|
||||
* remove build dependency on gettext
|
||||
|
||||
-- Michael Tokarev <mjt@tls.msk.ru> Sun, 07 Aug 2011 17:32:39 +0400
|
||||
|
||||
tinc (1.1~pre2-1) experimental; urgency=low
|
||||
|
||||
* first cut of 1.1-tobe.
|
||||
Rewrote control scripts et al to use tincctl.
|
||||
* build-depend on libssl >>1.0.0 to get proper EC support
|
||||
* remove crypto-related symlinks from src/ in clean --
|
||||
probably should go into upstream makefile instead
|
||||
|
||||
-- Michael Tokarev <mjt@tls.msk.ru> Sun, 07 Aug 2011 12:57:15 +0400
|
||||
|
||||
tinc (1.0.19-2) unstable; urgency=low
|
||||
|
||||
* Fix behaviour of tinc-pidfile. Closes: #679130
|
||||
* Enable parallel building in debian/rules.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 26 Jun 2012 18:28:34 +0200
|
||||
|
||||
tinc (1.0.19-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Bump debian/compat so tinc gets built with hardening flags.
|
||||
* Allow tinc-pidfile in /etc/network/interfaces.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Mon, 25 Jun 2012 20:29:22 +0200
|
||||
|
||||
tinc (1.0.18-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 25 Mar 2012 18:52:15 +0200
|
||||
|
||||
tinc (1.0.17-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Enable support for UML and VDE.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sat, 10 Mar 2012 14:50:00 +0100
|
||||
|
||||
tinc (1.0.16-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Mention alarm option in /etc/init.d/tinc's usage information.
|
||||
Closes: #631761
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sat, 23 Jul 2011 14:37:56 +0200
|
||||
|
||||
tinc (1.0.15-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Send SIGALRM to running tinc daemons whenever an interface is brought up
|
||||
with the ifupdown framework. Based on a patch from Joachim Breitner.
|
||||
Closes: #629880
|
||||
* Allow tinc daemons to be started using ifupdown.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Fri, 24 Jun 2011 18:21:51 +0200
|
||||
|
||||
tinc (1.0.14-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Bump Standards-Version.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Mon, 09 May 2011 00:25:37 +0200
|
||||
|
||||
tinc (1.0.13-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 13 Apr 2010 12:06:36 +0200
|
||||
|
||||
tinc (1.0.12-2) unstable; urgency=low
|
||||
|
||||
* Remove debconf questions. Closes: #572116
|
||||
Apparently debconf may not be used to ask a question at install time and
|
||||
use the answer at upgrade time. Instead of kludging around this
|
||||
restriction, no questions are asked anymore, and tinc will now always be
|
||||
restarted when upgrading.
|
||||
* Wait up to 5 seconds for tinc daemon to stop before restarting it.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 02 Mar 2010 14:01:36 +0100
|
||||
|
||||
tinc (1.0.12-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Bump Standards-Version.
|
||||
* Migrate from CDBS to debhelper.
|
||||
* Convert source package to 3.0 (quilt) format.
|
||||
* Remove useless tinc.modules.
|
||||
* Use init.d script from Michael Tokarev, allowing per-network arguments to
|
||||
tincd.
|
||||
* Remove update-rc.d calls from postinst and postrm.
|
||||
* Let the init.d script depend on $remote_fs.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Thu, 04 Feb 2010 00:56:45 +0100
|
||||
|
||||
tinc (1.0.11-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Cope with texi2html arbitrarily changing its output directory.
|
||||
Closes: #552927
|
||||
* Do not stop tinc when configuring a new version, just restart after
|
||||
the upgrade.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 01 Nov 2009 20:37:16 +0100
|
||||
|
||||
tinc (1.0.10-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Include Russian debconf translation. Closes: #548759
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sun, 18 Oct 2009 16:31:49 +0200
|
||||
|
||||
tinc (1.0.9-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
- Binds IPv6 sockets only to IPv6. Closes: #440150
|
||||
* Update copyright file. Closes: #482566
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Fri, 26 Dec 2008 13:25:05 +0100
|
||||
|
||||
tinc (1.0.8-2) unstable; urgency=low
|
||||
|
||||
* Include Portugese debconf translation. Closes: #434191
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 14 Aug 2007 13:50:27 +0200
|
||||
|
||||
tinc (1.0.8-1) unstable; urgency=low
|
||||
|
||||
* New upstream release. Closes: #173987
|
||||
* Include german debconf translation. Closes: #412351
|
||||
* Build-Depend on texinfo. Closes: #424209
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 16 May 2007 17:59:16 +0200
|
||||
|
||||
tinc (1.0.7-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Fri, 5 Jan 2007 15:55:42 +0100
|
||||
|
||||
tinc (1.0.6-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Mon, 18 Dec 2006 15:41:03 +0100
|
||||
|
||||
tinc (1.0.5-1) unstable; urgency=low
|
||||
|
||||
* New upstream release. Closes: #391610
|
||||
* Add an LSB section to the init script.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Tue, 14 Nov 2006 16:32:20 +0100
|
||||
|
||||
tinc (1.0.4-4) unstable; urgency=low
|
||||
|
||||
* Include swedish debconf translation. Closes: #332963
|
||||
* Remove nets.boot on purge. Closes: #333303
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Mon, 17 Oct 2005 12:34:32 +0200
|
||||
|
||||
tinc (1.0.4-3) unstable; urgency=low
|
||||
|
||||
* Depend on debconf | debconf-2.0.
|
||||
* Include vietnamese debconf translation. Closes: #322305
|
||||
* Include japanese debconf translation. Closes: #319591
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Thu, 29 Sep 2005 11:15:34 +0200
|
||||
|
||||
tinc (1.0.4-2) unstable; urgency=low
|
||||
|
||||
* Compensate for change in texinfo's output directory. Closes: #318562
|
||||
* Include Czech translation of the debconf questions. Closes: #312982
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Sat, 16 Jul 2005 11:42:04 +0200
|
||||
|
||||
tinc (1.0.4-1) unstable; urgency=low
|
||||
|
||||
* New upstream release. Closes: #294819
|
||||
* Update french translation of debconf template. Closes: #293371, #296148
|
||||
* Allow dashes in nets.boot. Closes: #296281
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Wed, 4 May 2005 21:56:22 +0200
|
||||
|
||||
tinc (1.0.3-4) unstable; urgency=low
|
||||
|
||||
* Call debconf early in postinst so it won't get confused by output
|
||||
from other commands in the postinst script. Closes: #292920
|
||||
* If MAKEDEV doesn't know about net/tun, fall back to tun.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Mon, 31 Jan 2005 13:27:16 +0100
|
||||
|
||||
tinc (1.0.3-3) unstable; urgency=low
|
||||
|
||||
* Fix clean rule in debian/rules.
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Thu, 27 Jan 2005 23:16:59 +0000
|
||||
|
||||
tinc (1.0.3-2) unstable; urgency=low
|
||||
|
||||
* Don't check for /dev/tap* in postinst if we don't create them anyway.
|
||||
* MAKEDEV expects net/tun instead of tun.
|
||||
* Don't ask if /dev/net/tun should be created, just do it.
|
||||
Closes: #259489, #292450
|
||||
* Move $EXTRA from init.d/tinc to /etc/default/tinc. Closes: #281366
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Thu, 27 Jan 2005 14:10:02 +0100
|
||||
|
||||
tinc (1.0.3-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Adopting the package from Ivo.
|
||||
* Use invoke-rc.d, and tell user to do so as well. Closes: #223276
|
||||
* Let force-reload do the same thing as reload. Closes: #230180
|
||||
|
||||
-- Guus Sliepen <guus@debian.org> Fri, 1 Oct 2004 21:04:14 +0200
|
||||
|
||||
tinc (1.0.2-2) unstable; urgency=low
|
||||
|
||||
* debian/control: Oops, really make that automake1.7.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sat, 8 Nov 2003 21:53:04 +0100
|
||||
|
||||
tinc (1.0.2-1) unstable; urgency=low
|
||||
|
||||
* New upstream release:
|
||||
* Fix broken replies to CHAL_RESP. (Closes: #217646)
|
||||
* debian/control: Updated automake build dependency to automake1.7.
|
||||
(Closes: #219360)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sat, 8 Nov 2003 19:56:04 +0100
|
||||
|
||||
tinc (1.0.1-2) unstable; urgency=low
|
||||
|
||||
* debian/dirs: Removed, moved contents to tinc.dirs.
|
||||
(Closes: #208591)
|
||||
* debian/docs: Renamed to tinc.docs.
|
||||
* debian/rules: Install the contents of doc/sample-config.tar.gz in
|
||||
/usr/share/doc/tinc/examples instead of /etc/tinc.
|
||||
* debian/Makefile*: Removed.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Wed, 10 Sep 2003 12:19:32 +0200
|
||||
|
||||
tinc (1.0.1-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* debian/patches/001_openbsd_device.c.patch: Removed.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 14 Aug 2003 17:03:28 +0200
|
||||
|
||||
tinc (1.0release-1) unstable; urgency=low
|
||||
|
||||
* New upstream version. (Closes: #204639)
|
||||
* Fixes switching back to normal logging mode when killing with
|
||||
SIGINT twice. (Closes: #175633)
|
||||
* Uses one SSL context struct for each connection, speeding up
|
||||
encrypting/decrypting data; don't throw away out of sequence
|
||||
packets. (Closes: #188874)
|
||||
* Fixes handling of broadcast messages. (Closes: #175632)
|
||||
* debian/rules: Use cdbs.
|
||||
* debian/control: Build-Depend on cdbs, liblzo-dev.
|
||||
* debian/patches/001_openbsd_device.c.patch: Sync openbsd/device.c to
|
||||
latest CVS version.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sun, 10 Aug 2003 16:13:29 +0200
|
||||
|
||||
tinc (1.0pre8-6) unstable; urgency=low
|
||||
|
||||
* debian/po/fr.po: Added French debconf translation. (Closes: #201803)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Fri, 18 Jul 2003 10:03:20 +0200
|
||||
|
||||
tinc (1.0pre8-5) unstable; urgency=low
|
||||
|
||||
* debian/*: Change to po-debconf, thanks to From: Michel Grentzinger
|
||||
<mic.grentz@online.fr> for the patch:
|
||||
- change debhelper dependency to 4.1.16 (according to man
|
||||
po-debconf),
|
||||
- manually add nl translation in old tinc.templates (master),
|
||||
- run debconf-gettextize debian/tinc.templates,
|
||||
- move old templates files (debian/tinc.templates.*),
|
||||
- change construction "If you say no" to "If you refuse",
|
||||
* debian/rules: Call po2debconf.
|
||||
* debian/rules: Don't copy COPYING.README to the package.
|
||||
* debian/control: Update Standards-Version.
|
||||
* debian/conffiles: Removed.
|
||||
* debian/postinst: No longer use mknod directly, use MAKEDEV.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Tue, 15 Jul 2003 20:13:47 +0200
|
||||
|
||||
tinc (1.0pre8-4) unstable; urgency=low
|
||||
|
||||
* src/net.h, src/net_packet.c, src/net_setup.c: Apply fix from CVS
|
||||
for OpenSSL-related memory leaks. (Closes: #189432)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Mon, 5 May 2003 15:00:29 +0200
|
||||
|
||||
tinc (1.0pre8-3) unstable; urgency=low
|
||||
|
||||
* m4/openssl.m4: Updated to CVS version. (Closes: #184400)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 13 Mar 2003 17:24:42 +0100
|
||||
|
||||
tinc (1.0pre8-2) unstable; urgency=low
|
||||
|
||||
* debian/postinst: Create /dev/net/tun if it doesn't exist.
|
||||
* debian/tinc.modules: Add alias for /dev/net/tun.
|
||||
* debian/rules: Install tinc.modules.
|
||||
* These things together: (Closes: #151967, #153156)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Wed, 13 Nov 2002 22:45:38 +0100
|
||||
|
||||
tinc (1.0pre8-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
* debian/rules:
|
||||
- DEB_BUILD_OPTIONS support.
|
||||
- Enable --enable-tracing by default.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Tue, 17 Sep 2002 13:50:44 +0200
|
||||
|
||||
tinc (1.0pre7-3) unstable; urgency=low
|
||||
|
||||
* Properly install _all_ info pages. (Closes: #144718)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Wed, 29 May 2002 14:01:21 +0200
|
||||
|
||||
tinc (1.0pre7-2) unstable; urgency=low
|
||||
|
||||
* Dutch translation wasn't being installed.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 11 Apr 2002 09:26:14 +0200
|
||||
|
||||
tinc (1.0pre7-1) unstable; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Tue, 9 Apr 2002 16:04:46 +0200
|
||||
|
||||
tinc (1.0pre6-3) unstable; urgency=medium
|
||||
|
||||
* Synched with upstream CVS.
|
||||
* Added build dependency on zlib1g-dev. (Closes: #141705)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Mon, 8 Apr 2002 21:19:31 +0200
|
||||
|
||||
tinc (1.0pre6-2) unstable; urgency=low
|
||||
|
||||
* The Section was non-US again, so changed it back to main/net.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 28 Mar 2002 07:26:10 +0100
|
||||
|
||||
tinc (1.0pre6-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Fixed text in debian/copyright
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Wed, 27 Mar 2002 23:10:07 +0100
|
||||
|
||||
tinc (1.0pre5-4) unstable; urgency=low
|
||||
|
||||
* Added a debconf question for restarting on upgrade.
|
||||
* Added reload option to init.d, start with EXTRA='-d' default.
|
||||
* Moved from non-US to main.
|
||||
* Install example configuration files.
|
||||
* The HTML documentation wasn't installed; fixed.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Tue, 26 Mar 2002 20:14:19 +0100
|
||||
|
||||
tinc (1.0pre5-3) unstable; urgency=low
|
||||
|
||||
* Config variables are now treated case sentitivly again.
|
||||
* Added a forgotten xstrdup.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Fri, 15 Feb 2002 12:35:17 +0100
|
||||
|
||||
tinc (1.0pre5-2) unstable; urgency=low
|
||||
|
||||
* MaxTimeout accidentally wasn't configurable. (Closes: #119653)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Wed, 13 Feb 2002 13:36:54 +0100
|
||||
|
||||
tinc (1.0pre5-1) unstable; urgency=low
|
||||
|
||||
* New upstream version. (Closes: #119653)
|
||||
* Init script redone in sh.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sun, 10 Feb 2002 16:39:53 +0100
|
||||
|
||||
tinc (1.0pre4-1.cvs010621.6) unstable; urgency=low
|
||||
|
||||
* Somehow po-Makefile.in.in.diff got lost, readded. (Closes: #119157)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 15 Nov 2001 17:00:03 +0100
|
||||
|
||||
tinc (1.0pre4-1.cvs010621.5) unstable; urgency=low
|
||||
|
||||
* Fix a typo in postinst that let it MAKEDEV even on devfs.
|
||||
(Closes: #116034)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 18 Oct 2001 09:35:16 +0200
|
||||
|
||||
tinc (1.0pre4-1.cvs010621.4) unstable; urgency=low
|
||||
|
||||
* Ask before creating the device files. (Closes: #111099)
|
||||
* Add a section to the info file.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Fri, 12 Oct 2001 20:47:09 +0200
|
||||
|
||||
tinc (1.0pre4-1.cvs010621.3) unstable; urgency=low
|
||||
|
||||
* Build and install html documentation. (Closes: #106843)
|
||||
* Remove build-time dependency on libc6-dev.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Mon, 30 Jul 2001 22:03:52 +0200
|
||||
|
||||
tinc (1.0pre4-1.cvs010621.2) unstable; urgency=low
|
||||
|
||||
* Changed location of the pidfile. (Closes: #102798)
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sun, 1 Jul 2001 01:57:43 +0200
|
||||
|
||||
tinc (1.0pre4-1.cvs010621.1) unstable; urgency=low
|
||||
|
||||
* New upstream version. (Closes: #98730)
|
||||
* Rebuilding automatically inserted new config.{sub|guess}.
|
||||
(Closes: #98165)
|
||||
* Updated Standards-Version.
|
||||
* Don't include a sample configuration file.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 21 Jun 2001 14:08:49 +0200
|
||||
|
||||
tinc (1.0pre3-5) unstable; urgency=low
|
||||
|
||||
* Fixed an error in the init script that prevented tinc from
|
||||
starting correctly.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 8 Feb 2001 02:45:09 +0100
|
||||
|
||||
tinc (1.0pre3-4) unstable; urgency=low
|
||||
|
||||
* Change build-depends for OpenSSL to libssl096-dev
|
||||
(Closes: #84197, #84873).
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sun, 4 Feb 2001 22:43:22 +0100
|
||||
|
||||
tinc (1.0pre3-3) unstable; urgency=low
|
||||
|
||||
* Set architecture to any (really this time!) (Closes: #80451).
|
||||
* Section set to non-US
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Tue, 23 Jan 2001 22:52:53 +0100
|
||||
|
||||
tinc (1.0pre3-2) unstable; urgency=low
|
||||
|
||||
* Set architecture to any (Closes: #80451).
|
||||
* Added tinc.modules with some useful module aliases.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Sat, 13 Jan 2001 16:10:57 +0100
|
||||
|
||||
tinc (1.0pre3-1) unstable; urgency=low
|
||||
|
||||
* New upstream version (1.0pre3) (Closes: #71274).
|
||||
* Better Depends and Build-Depends lines.
|
||||
* Dropped dependencies on libgmp, added libssl.
|
||||
* doc-base.tinc: New file.
|
||||
* Deleted the file shlibs, as there on longer is a libblowfish.
|
||||
* Patch po/Makefile.in.in from po-Makefile.in.in.diff if necessary.
|
||||
* Use dh_perl to get accurate perl dependencies.
|
||||
|
||||
-- Ivo Timmermans <ivo@debian.org> Thu, 9 Nov 2000 21:58:40 +0100
|
||||
|
||||
tinc (1.0pre2-1.1) unstable; urgency=low
|
||||
|
||||
* NMU at Ivo's request as his application is being processed, and his
|
||||
sponsor is based in the US.
|
||||
|
||||
-- J.H.M. Dassen (Ray) <jdassen@debian.org> Wed, 28 Jun 2000 21:52:30 +0200
|
||||
|
||||
tinc (1.0pre2-1) unstable; urgency=low
|
||||
|
||||
* postinst creates a file /etc/tinc/nets.boot, containing all networks
|
||||
to be started upon system startup;
|
||||
* init.d script starts all networks from that list.
|
||||
* postinst script creates tap devices.
|
||||
|
||||
-- Ivo Timmermans <itimmermans@bigfoot.com> Tue, 16 May 2000 00:06:25 +0200
|
||||
|
||||
tinc (1.0pre1-0.4) unstable; urgency=low
|
||||
|
||||
* postinst script.
|
||||
|
||||
-- Ivo Timmermans <itimmermans@bigfoot.com> Mon, 15 May 2000 19:22:05 +0200
|
||||
|
||||
tinc (1.0pre1-0.3) unstable; urgency=low
|
||||
|
||||
* system startup script.
|
||||
|
||||
-- Ivo Timmermans <itimmermans@bigfoot.com> Sun, 14 May 2000 22:58:02 +0200
|
||||
|
||||
tinc (1.0pre1-0.2) unstable; urgency=low
|
||||
|
||||
* Included the blowfish license.
|
||||
|
||||
-- Ivo Timmermans <itimmermans@bigfoot.com> Fri, 21 Apr 2000 17:07:50 +0200
|
||||
|
||||
tinc (1.0pre1-0.1) unstable; urgency=low
|
||||
|
||||
* Initial Release.
|
||||
|
||||
-- Ivo Timmermans <itimmermans@bigfoot.com> Fri, 21 Apr 2000 17:07:50 +0200
|
||||
|
||||
|
1
debian/compat
vendored
Normal file
1
debian/compat
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
11
|
16
debian/control
vendored
Normal file
16
debian/control
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
Source: tinc
|
||||
Section: net
|
||||
Priority: optional
|
||||
Maintainer: Guus Sliepen <guus@debian.org>
|
||||
Standards-Version: 4.2.1
|
||||
Build-Depends: libssl-dev (>>1.0.0), debhelper (>= 11), texinfo, zlib1g-dev, liblzo2-dev, libncurses5-dev, libreadline-dev, libminiupnpc-dev, quilt
|
||||
Homepage: https://www.tinc-vpn.org/
|
||||
|
||||
Package: tinc
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Description: Virtual Private Network daemon
|
||||
tinc is a daemon with which you can create a virtual private network
|
||||
(VPN). One daemon can handle multiple connections, so you can
|
||||
create an entire (moderately sized) VPN with only one daemon per
|
||||
participating computer.
|
34
debian/copyright
vendored
Normal file
34
debian/copyright
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
This package was debianized by Ivo Timmermans <ivo@debian.org> on
|
||||
Fri, 21 Apr 2000 17:07:50 +0200.
|
||||
|
||||
It was downloaded from https://www.tinc-vpn.org/
|
||||
|
||||
Upstream Authors:
|
||||
Guus Sliepen <guus@tinc-vpn.org>
|
||||
Ivo Timmermans
|
||||
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
1998-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
On Debian GNU/Linux systems, the complete text of the GNU General Public
|
||||
License version 2 can be found in /usr/share/common-licenses/GPL-2.
|
||||
|
||||
The following applies to tinc:
|
||||
|
||||
This program is released under the GPL with the additional exemption
|
||||
that compiling, linking, and/or using OpenSSL is allowed. You may
|
||||
provide binary packages linked to the OpenSSL libraries, provided that
|
||||
all other requirements of the GPL are met.
|
||||
|
||||
The following applies to the LZO library:
|
||||
|
||||
Hereby I grant a special exception to the tinc VPN project
|
||||
(https://wwww.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
||||
(https://openssl.org).
|
||||
|
||||
Markus F.X.J. Oberhumer
|
10
debian/doc-base.tinc
vendored
Normal file
10
debian/doc-base.tinc
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
Document: tinc
|
||||
Title: tinc Manual
|
||||
Author: Ivo Timmermans, Guus Sliepen
|
||||
Abstract: This manual describes how to set up a Virtual Private
|
||||
Network with tinc.
|
||||
Section: System/Security
|
||||
|
||||
Format: HTML
|
||||
Files: /usr/share/doc/tinc/tinc.html/*
|
||||
Index: /usr/share/doc/tinc/tinc.html/index.html
|
1
debian/info
vendored
Normal file
1
debian/info
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
doc/tinc.info
|
879
debian/patches/0001-Add-AES-256-GCM-support-to-SPTPS.patch
vendored
Normal file
879
debian/patches/0001-Add-AES-256-GCM-support-to-SPTPS.patch
vendored
Normal file
|
@ -0,0 +1,879 @@
|
|||
From cc521f3d5f3a0c758163c871e75f5e533e86771b Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Mon, 2 Aug 2021 23:53:13 +0200
|
||||
Subject: [PATCH 01/10] Add AES-256-GCM support to SPTPS.
|
||||
|
||||
This also adds a simple cipher suite negotiation, where peers announce the
|
||||
ciphers they support, and their preferred cipher. Since we need to bump the
|
||||
SPTPS version anyway, also prefer little endian over network byte order.
|
||||
---
|
||||
doc/SPTPS | 45 +++++--
|
||||
src/invitation.c | 11 +-
|
||||
src/protocol_auth.c | 25 +++-
|
||||
src/protocol_key.c | 30 ++++-
|
||||
src/sptps.c | 310 +++++++++++++++++++++++++++++++++-----------
|
||||
src/sptps.h | 44 ++++++-
|
||||
src/sptps_test.c | 13 +-
|
||||
7 files changed, 382 insertions(+), 96 deletions(-)
|
||||
|
||||
diff --git a/doc/SPTPS b/doc/SPTPS
|
||||
index 2d8fee5b..2da27604 100644
|
||||
--- a/doc/SPTPS
|
||||
+++ b/doc/SPTPS
|
||||
@@ -18,8 +18,8 @@ Stream record layer
|
||||
|
||||
A record consists of these fields:
|
||||
|
||||
-- uint32_t seqno (network byte order)
|
||||
-- uint16_t length (network byte order)
|
||||
+- uint32_t seqno (little endian)
|
||||
+- uint16_t length (little endian)
|
||||
- uint8_t type
|
||||
- opaque data[length]
|
||||
- opaque hmac[HMAC_SIZE] (HMAC over all preceding fields)
|
||||
@@ -45,8 +45,8 @@ Datagram record layer
|
||||
|
||||
A record consists of these fields:
|
||||
|
||||
-- uint16_t length (network byte order)
|
||||
-- uint32_t seqno (network byte order)
|
||||
+- uint16_t length (little endian)
|
||||
+- uint32_t seqno (little endian)
|
||||
- uint8_t type
|
||||
- opaque data[length]
|
||||
- opaque hmac[HMAC_SIZE] (HMAC over all preceding fields)
|
||||
@@ -75,7 +75,7 @@ SIG ->
|
||||
...encrypt and HMAC using session keys from now on...
|
||||
|
||||
App ->
|
||||
- <- App
|
||||
+ <- App
|
||||
...
|
||||
...
|
||||
|
||||
@@ -91,7 +91,7 @@ ACK ->
|
||||
...encrypt and HMAC using new session keys from now on...
|
||||
|
||||
App ->
|
||||
- <- App
|
||||
+ <- App
|
||||
...
|
||||
...
|
||||
---------------------
|
||||
@@ -102,7 +102,11 @@ connection.
|
||||
|
||||
Key EXchange message:
|
||||
|
||||
-- uint8_t kex_version (always 0 in this version of SPTPS)
|
||||
+- uint8_t kex_version (always 1 in this version of SPTPS)
|
||||
+- uint8_t
|
||||
+ - high 4 bits: public key algorithm
|
||||
+ - low 4 bits: preferred cipher suite
|
||||
+- uint16_t bitmask of cipher suites supported
|
||||
- opaque nonce[32] (random number)
|
||||
- opaque ecdh_key[ECDH_SIZE]
|
||||
|
||||
@@ -162,9 +166,34 @@ The expanded key is used as follows:
|
||||
Where initiator_cipher_key is the key used by session initiator to encrypt
|
||||
messages sent to the responder.
|
||||
|
||||
+Public key suites
|
||||
+-----------------
|
||||
+
|
||||
+0: Ed25519 + SHA512
|
||||
+1: Ed448 + SHAKE256?
|
||||
+
|
||||
+Symmetric cipher suites
|
||||
+-----------------------
|
||||
+
|
||||
+Value in parentheses is the static priority used to break ties in cipher suite
|
||||
+negotiation. We favor those algorithms that run faster without hardware
|
||||
+acceleration.
|
||||
+
|
||||
+0: Chacha20-Poly1305 (1)
|
||||
+1: AES256-GCM (0)
|
||||
+
|
||||
+Cipher suite selection
|
||||
+----------------------
|
||||
+
|
||||
+Public key suites are required to match on both sides. The symmetric suite is chosen as follows:
|
||||
+
|
||||
+1. AND the supported cipher suite bitmasks
|
||||
+2. If both preferred cipher suites are possible, choose the one with the highest static priority.
|
||||
+3. If only one is possible, choose that one.
|
||||
+4. If none is possible, choose the suite from the resulting bitmask that has the highest static priority.
|
||||
+
|
||||
TODO:
|
||||
-----
|
||||
|
||||
- Document format of ECDH public key, ECDSA signature
|
||||
-- Document how CTR mode is used
|
||||
- Refer to TLS RFCs where appropriate
|
||||
diff --git a/src/invitation.c b/src/invitation.c
|
||||
index cff9e727..6c49af48 100644
|
||||
--- a/src/invitation.c
|
||||
+++ b/src/invitation.c
|
||||
@@ -1399,7 +1399,16 @@ next:
|
||||
}
|
||||
|
||||
// Start an SPTPS session
|
||||
- if(!sptps_start(&sptps, NULL, true, false, key, hiskey, "tinc invitation", 15, invitation_send, invitation_receive)) {
|
||||
+ sptps_params_t params = {
|
||||
+ .initiator = true,
|
||||
+ .mykey = key,
|
||||
+ .hiskey = hiskey,
|
||||
+ .label = "tinc invitation",
|
||||
+ .send_data = invitation_send,
|
||||
+ .receive_record = invitation_receive,
|
||||
+ };
|
||||
+
|
||||
+ if(!sptps_start(&sptps, ¶ms)) {
|
||||
ecdsa_free(hiskey);
|
||||
ecdsa_free(key);
|
||||
return 1;
|
||||
diff --git a/src/protocol_auth.c b/src/protocol_auth.c
|
||||
index 22254575..050b266c 100644
|
||||
--- a/src/protocol_auth.c
|
||||
+++ b/src/protocol_auth.c
|
||||
@@ -412,7 +412,17 @@ bool id_h(connection_t *c, const char *request) {
|
||||
|
||||
c->protocol_minor = 2;
|
||||
|
||||
- return sptps_start(&c->sptps, c, false, false, invitation_key, c->ecdsa, "tinc invitation", 15, send_meta_sptps, receive_invitation_sptps);
|
||||
+ sptps_params_t params = {
|
||||
+ .handle = c,
|
||||
+ .initiator = false,
|
||||
+ .mykey = invitation_key,
|
||||
+ .hiskey = c->ecdsa,
|
||||
+ .label = "tinc invitation",
|
||||
+ .send_data = send_meta_sptps,
|
||||
+ .receive_record = receive_invitation_sptps,
|
||||
+ };
|
||||
+
|
||||
+ return sptps_start(&c->sptps, ¶ms);
|
||||
}
|
||||
|
||||
/* Check if identity is a valid name */
|
||||
@@ -507,7 +517,18 @@ bool id_h(connection_t *c, const char *request) {
|
||||
snprintf(label, labellen, "tinc TCP key expansion %s %s", c->name, myself->name);
|
||||
}
|
||||
|
||||
- return sptps_start(&c->sptps, c, c->outgoing, false, myself->connection->ecdsa, c->ecdsa, label, labellen, send_meta_sptps, receive_meta_sptps);
|
||||
+ sptps_params_t params = {
|
||||
+ .handle = c,
|
||||
+ .initiator = c->outgoing,
|
||||
+ .mykey = myself->connection->ecdsa,
|
||||
+ .hiskey = c->ecdsa,
|
||||
+ .label = label,
|
||||
+ .labellen = sizeof(label),
|
||||
+ .send_data = send_meta_sptps,
|
||||
+ .receive_record = receive_meta_sptps,
|
||||
+ };
|
||||
+
|
||||
+ return sptps_start(&c->sptps, ¶ms);
|
||||
} else {
|
||||
return send_metakey(c);
|
||||
}
|
||||
diff --git a/src/protocol_key.c b/src/protocol_key.c
|
||||
index 740d2fb4..da53c16c 100644
|
||||
--- a/src/protocol_key.c
|
||||
+++ b/src/protocol_key.c
|
||||
@@ -128,7 +128,20 @@ bool send_req_key(node_t *to) {
|
||||
to->status.waitingforkey = true;
|
||||
to->last_req_key = now.tv_sec;
|
||||
to->incompression = myself->incompression;
|
||||
- return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, labellen, send_initial_sptps_data, receive_sptps_record);
|
||||
+
|
||||
+ sptps_params_t params = {
|
||||
+ .handle = to,
|
||||
+ .initiator = true,
|
||||
+ .datagram = true,
|
||||
+ .mykey = myself->connection->ecdsa,
|
||||
+ .hiskey = to->ecdsa,
|
||||
+ .label = label,
|
||||
+ .labellen = sizeof(label),
|
||||
+ .send_data = send_initial_sptps_data,
|
||||
+ .receive_record = receive_sptps_record,
|
||||
+ };
|
||||
+
|
||||
+ return sptps_start(&to->sptps, ¶ms);
|
||||
}
|
||||
|
||||
return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
|
||||
@@ -249,7 +262,20 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, no
|
||||
from->status.validkey = false;
|
||||
from->status.waitingforkey = true;
|
||||
from->last_req_key = now.tv_sec;
|
||||
- sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, labellen, send_sptps_data_myself, receive_sptps_record);
|
||||
+
|
||||
+ sptps_params_t params = {
|
||||
+ .handle = from,
|
||||
+ .initiator = false,
|
||||
+ .datagram = true,
|
||||
+ .mykey = myself->connection->ecdsa,
|
||||
+ .hiskey = from->ecdsa,
|
||||
+ .label = label,
|
||||
+ .labellen = sizeof(label),
|
||||
+ .send_data = send_sptps_data_myself,
|
||||
+ .receive_record = receive_sptps_record,
|
||||
+ };
|
||||
+
|
||||
+ sptps_start(&from->sptps, ¶ms);
|
||||
sptps_receive_data(&from->sptps, buf, len);
|
||||
send_mtu_info(myself, from, MTU);
|
||||
return true;
|
||||
diff --git a/src/sptps.c b/src/sptps.c
|
||||
index a0483c34..33c41424 100644
|
||||
--- a/src/sptps.c
|
||||
+++ b/src/sptps.c
|
||||
@@ -28,6 +28,10 @@
|
||||
#include "sptps.h"
|
||||
#include "random.h"
|
||||
|
||||
+#ifdef HAVE_OPENSSL
|
||||
+#include <openssl/evp.h>
|
||||
+#endif
|
||||
+
|
||||
unsigned int sptps_replaywin = 16;
|
||||
|
||||
/*
|
||||
@@ -90,25 +94,159 @@ static void warning(sptps_t *s, const char *format, ...) {
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
+static bool cipher_init(uint8_t suite, void **ctx, const uint8_t *key, bool key_half) {
|
||||
+ switch(suite) {
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ *ctx = chacha_poly1305_init();
|
||||
+ return ctx && chacha_poly1305_set_key(*ctx, key + (key_half ? CHACHA_POLY1305_KEYLEN : 0));
|
||||
+
|
||||
+ case SPTPS_AES256_GCM:
|
||||
+#ifdef HAVE_OPENSSL
|
||||
+ *ctx = EVP_CIPHER_CTX_new();
|
||||
+
|
||||
+ if(!ctx) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return EVP_EncryptInit_ex(*ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)
|
||||
+ && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, 4, NULL)
|
||||
+ && EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? 32 : 0), key);
|
||||
+#endif
|
||||
+
|
||||
+ default:
|
||||
+ return false;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void cipher_exit(uint8_t suite, void *ctx) {
|
||||
+ switch(suite) {
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ chacha_poly1305_exit(ctx);
|
||||
+ break;
|
||||
+
|
||||
+ case SPTPS_AES256_GCM:
|
||||
+#ifdef HAVE_OPENSSL
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+ break;
|
||||
+#endif
|
||||
+
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static bool cipher_encrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) {
|
||||
+ switch(suite) {
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ chacha_poly1305_encrypt(ctx, seqno, in, inlen, out, outlen);
|
||||
+ return true;
|
||||
+
|
||||
+ case SPTPS_AES256_GCM:
|
||||
+#ifdef HAVE_OPENSSL
|
||||
+ {
|
||||
+ if(!EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, (uint8_t *)&seqno)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ int outlen1 = 0, outlen2 = 0;
|
||||
+
|
||||
+ if(!EVP_EncryptUpdate(ctx, out, &outlen1, in, (int)inlen)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if(!EVP_EncryptFinal_ex(ctx, out + outlen1, &outlen2)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ outlen1 += outlen2;
|
||||
+
|
||||
+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, out + outlen1)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ outlen1 += 16;
|
||||
+
|
||||
+ if(outlen) {
|
||||
+ *outlen = outlen1;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
+ default:
|
||||
+ return false;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static bool cipher_decrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) {
|
||||
+ switch(suite) {
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ return chacha_poly1305_decrypt(ctx, seqno, in, inlen, out, outlen);
|
||||
+
|
||||
+ case SPTPS_AES256_GCM:
|
||||
+#ifdef HAVE_OPENSSL
|
||||
+ {
|
||||
+ if(inlen < 16) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ inlen -= 16;
|
||||
+
|
||||
+ if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (uint8_t *)&seqno)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ int outlen1 = 0, outlen2 = 0;
|
||||
+
|
||||
+ if(!EVP_DecryptUpdate(ctx, out, &outlen1, in, (int)inlen)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, (void *)(in + inlen))) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if(!EVP_DecryptFinal_ex(ctx, out + outlen1, &outlen2)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if(outlen) {
|
||||
+ *outlen = outlen1 + outlen2;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
+ default:
|
||||
+ return false;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
// Send a record (datagram version, accepts all record types, handles encryption and authentication).
|
||||
static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
|
||||
- uint8_t *buffer = alloca(len + 21UL);
|
||||
-
|
||||
+ uint8_t *buffer = alloca(len + SPTPS_DATAGRAM_OVERHEAD);
|
||||
// Create header with sequence number, length and record type
|
||||
uint32_t seqno = s->outseqno++;
|
||||
- uint32_t netseqno = ntohl(seqno);
|
||||
|
||||
- memcpy(buffer, &netseqno, 4);
|
||||
+ memcpy(buffer, &seqno, 4);
|
||||
buffer[4] = type;
|
||||
memcpy(buffer + 5, data, len);
|
||||
|
||||
if(s->outstate) {
|
||||
// If first handshake has finished, encrypt and HMAC
|
||||
- chacha_poly1305_encrypt(s->outcipher, seqno, buffer + 4, len + 1, buffer + 4, NULL);
|
||||
- return s->send_data(s->handle, type, buffer, len + 21UL);
|
||||
+ if(!cipher_encrypt(s->cipher_suite, s->outcipher, seqno, buffer + 4, len + 1, buffer + 4, NULL)) {
|
||||
+ return error(s, EINVAL, "Failed to encrypt message");
|
||||
+ }
|
||||
+
|
||||
+ return s->send_data(s->handle, type, buffer, len + SPTPS_DATAGRAM_OVERHEAD);
|
||||
} else {
|
||||
// Otherwise send as plaintext
|
||||
- return s->send_data(s->handle, type, buffer, len + 5UL);
|
||||
+ return s->send_data(s->handle, type, buffer, len + SPTPS_DATAGRAM_HEADER);
|
||||
}
|
||||
}
|
||||
// Send a record (private version, accepts all record types, handles encryption and authentication).
|
||||
@@ -117,11 +255,11 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const void *data, uint16_
|
||||
return send_record_priv_datagram(s, type, data, len);
|
||||
}
|
||||
|
||||
- uint8_t *buffer = alloca(len + 19UL);
|
||||
+ uint8_t *buffer = alloca(len + SPTPS_OVERHEAD);
|
||||
|
||||
// Create header with sequence number, length and record type
|
||||
uint32_t seqno = s->outseqno++;
|
||||
- uint16_t netlen = htons(len);
|
||||
+ uint16_t netlen = len;
|
||||
|
||||
memcpy(buffer, &netlen, 2);
|
||||
buffer[2] = type;
|
||||
@@ -129,11 +267,14 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const void *data, uint16_
|
||||
|
||||
if(s->outstate) {
|
||||
// If first handshake has finished, encrypt and HMAC
|
||||
- chacha_poly1305_encrypt(s->outcipher, seqno, buffer + 2, len + 1, buffer + 2, NULL);
|
||||
- return s->send_data(s->handle, type, buffer, len + 19UL);
|
||||
+ if(!cipher_encrypt(s->cipher_suite, s->outcipher, seqno, buffer + 2, len + 1, buffer + 2, NULL)) {
|
||||
+ return error(s, EINVAL, "Failed to encrypt message");
|
||||
+ }
|
||||
+
|
||||
+ return s->send_data(s->handle, type, buffer, len + SPTPS_OVERHEAD);
|
||||
} else {
|
||||
// Otherwise send as plaintext
|
||||
- return s->send_data(s->handle, type, buffer, len + 3UL);
|
||||
+ return s->send_data(s->handle, type, buffer, len + SPTPS_HEADER);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -161,7 +302,7 @@ static bool send_kex(sptps_t *s) {
|
||||
return false;
|
||||
}
|
||||
|
||||
- s->mykex = realloc(s->mykex, 1 + 32 + keylen);
|
||||
+ s->mykex = realloc(s->mykex, 4 + 32 + keylen);
|
||||
|
||||
if(!s->mykex) {
|
||||
return error(s, errno, strerror(errno));
|
||||
@@ -169,16 +310,18 @@ static bool send_kex(sptps_t *s) {
|
||||
|
||||
// Set version byte to zero.
|
||||
s->mykex[0] = SPTPS_VERSION;
|
||||
+ s->mykex[1] = s->preferred_suite;
|
||||
+ memcpy(s->mykex + 2, &s->cipher_suites, 2);
|
||||
|
||||
// Create a random nonce.
|
||||
- randomize(s->mykex + 1, 32);
|
||||
+ randomize(s->mykex + 4, 32);
|
||||
|
||||
// Create a new ECDH public key.
|
||||
- if(!(s->ecdh = ecdh_generate_public(s->mykex + 1 + 32))) {
|
||||
+ if(!(s->ecdh = ecdh_generate_public(s->mykex + 4 + 32))) {
|
||||
return error(s, EINVAL, "Failed to generate ECDH public key");
|
||||
}
|
||||
|
||||
- return send_record_priv(s, SPTPS_HANDSHAKE, s->mykex, 1 + 32 + keylen);
|
||||
+ return send_record_priv(s, SPTPS_HANDSHAKE, s->mykex, 4 + 32 + keylen);
|
||||
}
|
||||
|
||||
// Send a SIGnature record, containing an Ed25519 signature over both KEX records.
|
||||
@@ -192,9 +335,9 @@ static bool send_sig(sptps_t *s) {
|
||||
uint8_t *sig = alloca(siglen);
|
||||
|
||||
msg[0] = s->initiator;
|
||||
- memcpy(msg + 1, s->mykex, 1 + 32 + keylen);
|
||||
- memcpy(msg + 1 + 33 + keylen, s->hiskex, 1 + 32 + keylen);
|
||||
- memcpy(msg + 1 + 2 * (33 + keylen), s->label, s->labellen);
|
||||
+ memcpy(msg + 1, s->mykex, 4 + 32 + keylen);
|
||||
+ memcpy(msg + 1 + (4 + 32 + keylen), s->hiskex, 4 + 32 + keylen);
|
||||
+ memcpy(msg + 1 + 2 * (4 + 32 + keylen), s->label, s->labellen);
|
||||
|
||||
// Sign the result.
|
||||
if(!ecdsa_sign(s->mykey, msg, msglen, sig)) {
|
||||
@@ -207,16 +350,6 @@ static bool send_sig(sptps_t *s) {
|
||||
|
||||
// Generate key material from the shared secret created from the ECDHE key exchange.
|
||||
static bool generate_key_material(sptps_t *s, const uint8_t *shared, size_t len) {
|
||||
- // Initialise cipher and digest structures if necessary
|
||||
- if(!s->outstate) {
|
||||
- s->incipher = chacha_poly1305_init();
|
||||
- s->outcipher = chacha_poly1305_init();
|
||||
-
|
||||
- if(!s->incipher || !s->outcipher) {
|
||||
- return error(s, EINVAL, "Failed to open cipher");
|
||||
- }
|
||||
- }
|
||||
-
|
||||
// Allocate memory for key material
|
||||
size_t keylen = 2 * CHACHA_POLY1305_KEYLEN;
|
||||
|
||||
@@ -261,14 +394,8 @@ static bool receive_ack(sptps_t *s, const uint8_t *data, uint16_t len) {
|
||||
return error(s, EIO, "Invalid ACK record length");
|
||||
}
|
||||
|
||||
- if(s->initiator) {
|
||||
- if(!chacha_poly1305_set_key(s->incipher, s->key)) {
|
||||
- return error(s, EINVAL, "Failed to set counter");
|
||||
- }
|
||||
- } else {
|
||||
- if(!chacha_poly1305_set_key(s->incipher, s->key + CHACHA_POLY1305_KEYLEN)) {
|
||||
- return error(s, EINVAL, "Failed to set counter");
|
||||
- }
|
||||
+ if(!cipher_init(s->cipher_suite, &s->incipher, s->key, s->initiator)) {
|
||||
+ return error(s, EINVAL, "Failed to initialize cipher");
|
||||
}
|
||||
|
||||
free(s->key);
|
||||
@@ -278,14 +405,51 @@ static bool receive_ack(sptps_t *s, const uint8_t *data, uint16_t len) {
|
||||
return true;
|
||||
}
|
||||
|
||||
+static uint8_t select_cipher_suite(uint16_t mask, uint8_t pref1, uint8_t pref2) {
|
||||
+ // Check if there is a viable preference, if so select the lowest one
|
||||
+ uint8_t selection = 255;
|
||||
+
|
||||
+ if(mask & (1U << pref1)) {
|
||||
+ selection = pref1;
|
||||
+ }
|
||||
+
|
||||
+ if(pref2 < selection && (mask & (1U << pref2))) {
|
||||
+ selection = pref2;
|
||||
+ }
|
||||
+
|
||||
+ // Otherwise, select the lowest cipher suite both sides support
|
||||
+ if(selection == 255) {
|
||||
+ selection = 0;
|
||||
+
|
||||
+ while(!(mask & 1U)) {
|
||||
+ selection++;
|
||||
+ mask >>= 1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return selection;
|
||||
+}
|
||||
+
|
||||
// Receive a Key EXchange record, respond by sending a SIG record.
|
||||
static bool receive_kex(sptps_t *s, const uint8_t *data, uint16_t len) {
|
||||
// Verify length of the HELLO record
|
||||
- if(len != 1 + 32 + ECDH_SIZE) {
|
||||
+ if(len != 4 + 32 + ECDH_SIZE) {
|
||||
return error(s, EIO, "Invalid KEX record length");
|
||||
}
|
||||
|
||||
- // Ignore version number for now.
|
||||
+ if(data[0] != SPTPS_VERSION) {
|
||||
+ return error(s, EIO, "Incompatible SPTPS version");
|
||||
+ }
|
||||
+
|
||||
+ uint16_t suites;
|
||||
+ memcpy(&suites, data + 2, 2);
|
||||
+ suites &= s->cipher_suites;
|
||||
+
|
||||
+ if(!suites) {
|
||||
+ return error(s, EIO, "No matching cipher suites");
|
||||
+ }
|
||||
+
|
||||
+ s->cipher_suite = select_cipher_suite(suites, s->preferred_suite, data[1] & 0xf);
|
||||
|
||||
// Make a copy of the KEX message, send_sig() and receive_sig() need it
|
||||
if(s->hiskex) {
|
||||
@@ -322,9 +486,9 @@ static bool receive_sig(sptps_t *s, const uint8_t *data, uint16_t len) {
|
||||
uint8_t *msg = alloca(msglen);
|
||||
|
||||
msg[0] = !s->initiator;
|
||||
- memcpy(msg + 1, s->hiskex, 1 + 32 + keylen);
|
||||
- memcpy(msg + 1 + 33 + keylen, s->mykex, 1 + 32 + keylen);
|
||||
- memcpy(msg + 1 + 2 * (33 + keylen), s->label, s->labellen);
|
||||
+ memcpy(msg + 1, s->hiskex, 4 + 32 + keylen);
|
||||
+ memcpy(msg + 1 + (4 + 32 + keylen), s->mykex, 4 + 32 + keylen);
|
||||
+ memcpy(msg + 1 + 2 * (4 + 32 + keylen), s->label, s->labellen);
|
||||
|
||||
// Verify signature.
|
||||
if(!ecdsa_verify(s->hiskey, msg, msglen, data)) {
|
||||
@@ -334,7 +498,7 @@ static bool receive_sig(sptps_t *s, const uint8_t *data, uint16_t len) {
|
||||
// Compute shared secret.
|
||||
uint8_t shared[ECDH_SHARED_SIZE];
|
||||
|
||||
- if(!ecdh_compute_shared(s->ecdh, s->hiskex + 1 + 32, shared)) {
|
||||
+ if(!ecdh_compute_shared(s->ecdh, s->hiskex + 4 + 32, shared)) {
|
||||
return error(s, EINVAL, "Failed to compute ECDH shared secret");
|
||||
}
|
||||
|
||||
@@ -360,15 +524,8 @@ static bool receive_sig(sptps_t *s, const uint8_t *data, uint16_t len) {
|
||||
return false;
|
||||
}
|
||||
|
||||
- // TODO: only set new keys after ACK has been set/received
|
||||
- if(s->initiator) {
|
||||
- if(!chacha_poly1305_set_key(s->outcipher, s->key + CHACHA_POLY1305_KEYLEN)) {
|
||||
- return error(s, EINVAL, "Failed to set key");
|
||||
- }
|
||||
- } else {
|
||||
- if(!chacha_poly1305_set_key(s->outcipher, s->key)) {
|
||||
- return error(s, EINVAL, "Failed to set key");
|
||||
- }
|
||||
+ if(!cipher_init(s->cipher_suite, &s->outcipher, s->key, !s->initiator)) {
|
||||
+ return error(s, EINVAL, "Failed to initialize cipher");
|
||||
}
|
||||
|
||||
return true;
|
||||
@@ -518,15 +675,13 @@ bool sptps_verify_datagram(sptps_t *s, const void *vdata, size_t len) {
|
||||
const uint8_t *data = vdata;
|
||||
uint32_t seqno;
|
||||
memcpy(&seqno, data, 4);
|
||||
- seqno = ntohl(seqno);
|
||||
|
||||
if(!sptps_check_seqno(s, seqno, false)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
uint8_t *buffer = alloca(len);
|
||||
- size_t outlen;
|
||||
- return chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen);
|
||||
+ return cipher_decrypt(s->cipher_suite, s->incipher, seqno, data + 4, len - 4, buffer, NULL);
|
||||
}
|
||||
|
||||
// Receive incoming data, datagram version.
|
||||
@@ -537,7 +692,6 @@ static bool sptps_receive_data_datagram(sptps_t *s, const uint8_t *data, size_t
|
||||
|
||||
uint32_t seqno;
|
||||
memcpy(&seqno, data, 4);
|
||||
- seqno = ntohl(seqno);
|
||||
data += 4;
|
||||
len -= 4;
|
||||
|
||||
@@ -563,7 +717,7 @@ static bool sptps_receive_data_datagram(sptps_t *s, const uint8_t *data, size_t
|
||||
uint8_t *buffer = alloca(len);
|
||||
size_t outlen;
|
||||
|
||||
- if(!chacha_poly1305_decrypt(s->incipher, seqno, data, len, buffer, &outlen)) {
|
||||
+ if(!cipher_decrypt(s->cipher_suite, s->incipher, seqno, data, len, buffer, &outlen)) {
|
||||
return error(s, EIO, "Failed to decrypt and verify packet");
|
||||
}
|
||||
|
||||
@@ -635,10 +789,9 @@ size_t sptps_receive_data(sptps_t *s, const void *vdata, size_t len) {
|
||||
// Get the length bytes
|
||||
|
||||
memcpy(&s->reclen, s->inbuf, 2);
|
||||
- s->reclen = ntohs(s->reclen);
|
||||
|
||||
// If we have the length bytes, ensure our buffer can hold the whole request.
|
||||
- s->inbuf = realloc(s->inbuf, s->reclen + 19UL);
|
||||
+ s->inbuf = realloc(s->inbuf, s->reclen + SPTPS_OVERHEAD);
|
||||
|
||||
if(!s->inbuf) {
|
||||
return error(s, errno, strerror(errno));
|
||||
@@ -651,7 +804,7 @@ size_t sptps_receive_data(sptps_t *s, const void *vdata, size_t len) {
|
||||
}
|
||||
|
||||
// Read up to the end of the record.
|
||||
- size_t toread = s->reclen + (s->instate ? 19UL : 3UL) - s->buflen;
|
||||
+ size_t toread = s->reclen + (s->instate ? SPTPS_OVERHEAD : SPTPS_HEADER) - s->buflen;
|
||||
|
||||
if(toread > len) {
|
||||
toread = len;
|
||||
@@ -662,7 +815,7 @@ size_t sptps_receive_data(sptps_t *s, const void *vdata, size_t len) {
|
||||
s->buflen += toread;
|
||||
|
||||
// If we don't have a whole record, exit.
|
||||
- if(s->buflen < s->reclen + (s->instate ? 19UL : 3UL)) {
|
||||
+ if(s->buflen < s->reclen + (s->instate ? SPTPS_OVERHEAD : SPTPS_HEADER)) {
|
||||
return total_read;
|
||||
}
|
||||
|
||||
@@ -672,13 +825,13 @@ size_t sptps_receive_data(sptps_t *s, const void *vdata, size_t len) {
|
||||
|
||||
// Check HMAC and decrypt.
|
||||
if(s->instate) {
|
||||
- if(!chacha_poly1305_decrypt(s->incipher, seqno, s->inbuf + 2UL, s->reclen + 17UL, s->inbuf + 2UL, NULL)) {
|
||||
+ if(!cipher_decrypt(s->cipher_suite, s->incipher, seqno, s->inbuf + 2UL, s->reclen + 17UL, s->inbuf + 2UL, NULL)) {
|
||||
return error(s, EINVAL, "Failed to decrypt and verify record");
|
||||
}
|
||||
}
|
||||
|
||||
// Append a NULL byte for safety.
|
||||
- s->inbuf[s->reclen + 3UL] = 0;
|
||||
+ s->inbuf[s->reclen + SPTPS_HEADER] = 0;
|
||||
|
||||
uint8_t type = s->inbuf[2];
|
||||
|
||||
@@ -704,16 +857,18 @@ size_t sptps_receive_data(sptps_t *s, const void *vdata, size_t len) {
|
||||
}
|
||||
|
||||
// Start a SPTPS session.
|
||||
-bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const void *label, size_t labellen, send_data_t send_data, receive_record_t receive_record) {
|
||||
+bool sptps_start(sptps_t *s, const sptps_params_t *params) {
|
||||
// Initialise struct sptps
|
||||
memset(s, 0, sizeof(*s));
|
||||
|
||||
- s->handle = handle;
|
||||
- s->initiator = initiator;
|
||||
- s->datagram = datagram;
|
||||
- s->mykey = mykey;
|
||||
- s->hiskey = hiskey;
|
||||
+ s->handle = params->handle;
|
||||
+ s->initiator = params->initiator;
|
||||
+ s->datagram = params->datagram;
|
||||
+ s->mykey = params->mykey;
|
||||
+ s->hiskey = params->hiskey;
|
||||
s->replaywin = sptps_replaywin;
|
||||
+ s->cipher_suites = params->cipher_suites ? params->cipher_suites & SPTPS_ALL_CIPHER_SUITES : SPTPS_ALL_CIPHER_SUITES;
|
||||
+ s->preferred_suite = params->preferred_suite;
|
||||
|
||||
if(s->replaywin) {
|
||||
s->late = malloc(s->replaywin);
|
||||
@@ -725,13 +880,16 @@ bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_
|
||||
memset(s->late, 0, s->replaywin);
|
||||
}
|
||||
|
||||
- s->label = malloc(labellen);
|
||||
+ s->labellen = params->labellen ? params->labellen : strlen(params->label);
|
||||
+ s->label = malloc(s->labellen);
|
||||
|
||||
if(!s->label) {
|
||||
return error(s, errno, strerror(errno));
|
||||
}
|
||||
|
||||
- if(!datagram) {
|
||||
+ memcpy(s->label, params->label, s->labellen);
|
||||
+
|
||||
+ if(!s->datagram) {
|
||||
s->inbuf = malloc(7);
|
||||
|
||||
if(!s->inbuf) {
|
||||
@@ -741,11 +899,9 @@ bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_
|
||||
s->buflen = 0;
|
||||
}
|
||||
|
||||
- memcpy(s->label, label, labellen);
|
||||
- s->labellen = labellen;
|
||||
|
||||
- s->send_data = send_data;
|
||||
- s->receive_record = receive_record;
|
||||
+ s->send_data = params->send_data;
|
||||
+ s->receive_record = params->receive_record;
|
||||
|
||||
// Do first KEX immediately
|
||||
s->state = SPTPS_KEX;
|
||||
@@ -755,8 +911,8 @@ bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_
|
||||
// Stop a SPTPS session.
|
||||
bool sptps_stop(sptps_t *s) {
|
||||
// Clean up any resources.
|
||||
- chacha_poly1305_exit(s->incipher);
|
||||
- chacha_poly1305_exit(s->outcipher);
|
||||
+ cipher_exit(s->cipher_suite, s->incipher);
|
||||
+ cipher_exit(s->cipher_suite, s->outcipher);
|
||||
ecdh_free(s->ecdh);
|
||||
free(s->inbuf);
|
||||
free(s->mykex);
|
||||
diff --git a/src/sptps.h b/src/sptps.h
|
||||
index 96edc366..b9ec11fd 100644
|
||||
--- a/src/sptps.h
|
||||
+++ b/src/sptps.h
|
||||
@@ -26,7 +26,7 @@
|
||||
#include "ecdh.h"
|
||||
#include "ecdsa.h"
|
||||
|
||||
-#define SPTPS_VERSION 0
|
||||
+#define SPTPS_VERSION 1
|
||||
|
||||
// Record types
|
||||
#define SPTPS_HANDSHAKE 128 // Key exchange and authentication
|
||||
@@ -34,7 +34,10 @@
|
||||
#define SPTPS_CLOSE 130 // Application closed the connection
|
||||
|
||||
// Overhead for datagrams
|
||||
-#define SPTPS_DATAGRAM_OVERHEAD 21
|
||||
+static const size_t SPTPS_OVERHEAD = 19;
|
||||
+static const size_t SPTPS_HEADER = 3;
|
||||
+static const size_t SPTPS_DATAGRAM_OVERHEAD = 21;
|
||||
+static const size_t SPTPS_DATAGRAM_HEADER = 5;
|
||||
|
||||
typedef bool (*send_data_t)(void *handle, uint8_t type, const void *data, size_t len);
|
||||
typedef bool (*receive_record_t)(void *handle, uint8_t type, const void *data, uint16_t len);
|
||||
@@ -47,9 +50,40 @@ typedef enum sptps_state_t {
|
||||
SPTPS_ACK = 4, // Waiting for an ACKnowledgement record
|
||||
} sptps_state_t;
|
||||
|
||||
+// Public key suites
|
||||
+enum {
|
||||
+ SPTPS_ED25519 = 0,
|
||||
+};
|
||||
+
|
||||
+// Cipher suites
|
||||
+enum {
|
||||
+ SPTPS_CHACHA_POLY1305 = 0,
|
||||
+ SPTPS_AES256_GCM = 1,
|
||||
+ SPTPS_ALL_CIPHER_SUITES = 0x3,
|
||||
+};
|
||||
+
|
||||
+typedef struct sptps_params {
|
||||
+ void *handle;
|
||||
+ bool initiator;
|
||||
+ bool datagram;
|
||||
+ uint8_t preferred_suite;
|
||||
+ uint16_t cipher_suites;
|
||||
+ ecdsa_t *mykey;
|
||||
+ ecdsa_t *hiskey;
|
||||
+ const void *label;
|
||||
+ size_t labellen;
|
||||
+ send_data_t send_data;
|
||||
+ receive_record_t receive_record;
|
||||
+} sptps_params_t;
|
||||
+
|
||||
typedef struct sptps {
|
||||
bool initiator;
|
||||
bool datagram;
|
||||
+ uint8_t preferred_suite;
|
||||
+ uint16_t cipher_suites;
|
||||
+
|
||||
+ uint8_t pk_suite;
|
||||
+ uint8_t cipher_suite;
|
||||
sptps_state_t state;
|
||||
|
||||
uint8_t *inbuf;
|
||||
@@ -57,7 +91,7 @@ typedef struct sptps {
|
||||
uint16_t reclen;
|
||||
|
||||
bool instate;
|
||||
- chacha_poly1305_ctx_t *incipher;
|
||||
+ void *incipher;
|
||||
uint32_t inseqno;
|
||||
uint32_t received;
|
||||
unsigned int replaywin;
|
||||
@@ -65,7 +99,7 @@ typedef struct sptps {
|
||||
uint8_t *late;
|
||||
|
||||
bool outstate;
|
||||
- chacha_poly1305_ctx_t *outcipher;
|
||||
+ void *outcipher;
|
||||
uint32_t outseqno;
|
||||
|
||||
ecdsa_t *mykey;
|
||||
@@ -87,7 +121,7 @@ extern unsigned int sptps_replaywin;
|
||||
extern void sptps_log_quiet(sptps_t *s, int s_errno, const char *format, va_list ap);
|
||||
extern void sptps_log_stderr(sptps_t *s, int s_errno, const char *format, va_list ap);
|
||||
extern void (*sptps_log)(sptps_t *s, int s_errno, const char *format, va_list ap);
|
||||
-extern bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const void *label, size_t labellen, send_data_t send_data, receive_record_t receive_record);
|
||||
+extern bool sptps_start(sptps_t *s, const struct sptps_params *params);
|
||||
extern bool sptps_stop(sptps_t *s);
|
||||
extern bool sptps_send_record(sptps_t *s, uint8_t type, const void *data, uint16_t len);
|
||||
extern size_t sptps_receive_data(sptps_t *s, const void *data, size_t len);
|
||||
diff --git a/src/sptps_test.c b/src/sptps_test.c
|
||||
index 249f2e4f..e77ab9c7 100644
|
||||
--- a/src/sptps_test.c
|
||||
+++ b/src/sptps_test.c
|
||||
@@ -562,7 +562,18 @@ static int run_test(int argc, char *argv[]) {
|
||||
|
||||
sptps_t s;
|
||||
|
||||
- if(!sptps_start(&s, &sock, initiator, datagram, mykey, hiskey, "sptps_test", 10, send_data, receive_record)) {
|
||||
+ sptps_params_t params = {
|
||||
+ .handle = &sock,
|
||||
+ .initiator = initiator,
|
||||
+ .datagram = datagram,
|
||||
+ .mykey = mykey,
|
||||
+ .hiskey = hiskey,
|
||||
+ .label = "sptps_test",
|
||||
+ .send_data = send_data,
|
||||
+ .receive_record = receive_record,
|
||||
+ };
|
||||
+
|
||||
+ if(!sptps_start(&s, ¶ms)) {
|
||||
free(mykey);
|
||||
free(hiskey);
|
||||
return 1;
|
||||
--
|
||||
2.36.0
|
||||
|
91
debian/patches/0002-Add-cipher-suite-selection-options-to-sptps_test.patch
vendored
Normal file
91
debian/patches/0002-Add-cipher-suite-selection-options-to-sptps_test.patch
vendored
Normal file
|
@ -0,0 +1,91 @@
|
|||
From 1d0eea4899f9642a3945c07b9266e660b9f9ce71 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue, 3 Aug 2021 00:38:37 +0200
|
||||
Subject: [PATCH 02/10] Add cipher suite selection options to sptps_test.
|
||||
|
||||
---
|
||||
src/sptps_test.c | 38 +++++++++++++++++++++++++++-----------
|
||||
1 file changed, 27 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/sptps_test.c b/src/sptps_test.c
|
||||
index e77ab9c7..32ed62d3 100644
|
||||
--- a/src/sptps_test.c
|
||||
+++ b/src/sptps_test.c
|
||||
@@ -127,6 +127,8 @@ static struct option const long_options[] = {
|
||||
{"replay-window", required_argument, NULL, 'W'},
|
||||
{"special", no_argument, NULL, 's'},
|
||||
{"verbose", required_argument, NULL, 'v'},
|
||||
+ {"cipher-suites", required_argument, NULL, 'M'},
|
||||
+ {"preferred-cipher", required_argument, NULL, 'P'},
|
||||
{"help", no_argument, NULL, 1},
|
||||
{NULL, 0, NULL, 0}
|
||||
};
|
||||
@@ -136,19 +138,21 @@ static void usage(void) {
|
||||
"Usage: %s [options] my_ed25519_key_file his_ed25519_key_file [host] port\n"
|
||||
"\n"
|
||||
"Valid options are:\n"
|
||||
- " -d, --datagram Enable datagram mode.\n"
|
||||
- " -q, --quit Quit when EOF occurs on stdin.\n"
|
||||
- " -r, --readonly Only send data from the socket to stdout.\n"
|
||||
+ " -d, --datagram Enable datagram mode.\n"
|
||||
+ " -q, --quit Quit when EOF occurs on stdin.\n"
|
||||
+ " -r, --readonly Only send data from the socket to stdout.\n"
|
||||
#ifdef HAVE_LINUX
|
||||
- " -t, --tun Use a tun device instead of stdio.\n"
|
||||
+ " -t, --tun Use a tun device instead of stdio.\n"
|
||||
#endif
|
||||
- " -w, --writeonly Only send data from stdin to the socket.\n"
|
||||
- " -L, --packet-loss RATE Fake packet loss of RATE percent.\n"
|
||||
- " -R, --replay-window N Set replay window to N bytes.\n"
|
||||
- " -s, --special Enable special handling of lines starting with #, ^ and $.\n"
|
||||
- " -v, --verbose Display debug messages.\n"
|
||||
- " -4 Use IPv4.\n"
|
||||
- " -6 Use IPv6.\n"
|
||||
+ " -w, --writeonly Only send data from stdin to the socket.\n"
|
||||
+ " -L, --packet-loss RATE Fake packet loss of RATE percent.\n"
|
||||
+ " -R, --replay-window N Set replay window to N bytes.\n"
|
||||
+ " -M, --cipher-suites MASK Set the mask of allowed cipher suites.\n"
|
||||
+ " -P, --preferred-suite N Set the preferred cipher suite.\n"
|
||||
+ " -s, --special Enable special handling of lines starting with #, ^ and $.\n"
|
||||
+ " -v, --verbose Display debug messages.\n"
|
||||
+ " -4 Use IPv4.\n"
|
||||
+ " -6 Use IPv6.\n"
|
||||
"\n"
|
||||
"Report bugs to tinc@tinc-vpn.org.\n";
|
||||
|
||||
@@ -326,6 +330,8 @@ static int run_test(int argc, char *argv[]) {
|
||||
int r;
|
||||
int option_index = 0;
|
||||
bool quit = false;
|
||||
+ unsigned long cipher_suites = SPTPS_ALL_CIPHER_SUITES;
|
||||
+ unsigned long preferred_suite = 0;
|
||||
|
||||
while((r = getopt_long(argc, argv, "dqrstwL:W:v46", long_options, &option_index)) != EOF) {
|
||||
switch(r) {
|
||||
@@ -366,6 +372,14 @@ static int run_test(int argc, char *argv[]) {
|
||||
sptps_replaywin = atoi(optarg);
|
||||
break;
|
||||
|
||||
+ case 'M': /* cipher suites */
|
||||
+ cipher_suites = strtoul(optarg, NULL, 0);
|
||||
+ break;
|
||||
+
|
||||
+ case 'P': /* preferred cipher */
|
||||
+ preferred_suite = strtoul(optarg, NULL, 0);
|
||||
+ break;
|
||||
+
|
||||
case 'v': /* be verbose */
|
||||
verbose = true;
|
||||
break;
|
||||
@@ -571,6 +585,8 @@ static int run_test(int argc, char *argv[]) {
|
||||
.label = "sptps_test",
|
||||
.send_data = send_data,
|
||||
.receive_record = receive_record,
|
||||
+ .cipher_suites = cipher_suites,
|
||||
+ .preferred_suite = preferred_suite,
|
||||
};
|
||||
|
||||
if(!sptps_start(&s, ¶ms)) {
|
||||
--
|
||||
2.36.0
|
||||
|
285
debian/patches/0003-Let-sptps_speed-benchmark-all-cipher-suites.patch
vendored
Normal file
285
debian/patches/0003-Let-sptps_speed-benchmark-all-cipher-suites.patch
vendored
Normal file
|
@ -0,0 +1,285 @@
|
|||
From c0f0610037847ea2abae1e7a826d36a55f9dfa36 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue, 3 Aug 2021 00:39:05 +0200
|
||||
Subject: [PATCH 03/10] Let sptps_speed benchmark all cipher suites.
|
||||
|
||||
---
|
||||
src/sptps_speed.c | 212 +++++++++++++++++++++++++++-------------------
|
||||
1 file changed, 125 insertions(+), 87 deletions(-)
|
||||
|
||||
diff --git a/src/sptps_speed.c b/src/sptps_speed.c
|
||||
index c7c6e546..45bbeb5c 100644
|
||||
--- a/src/sptps_speed.c
|
||||
+++ b/src/sptps_speed.c
|
||||
@@ -168,22 +168,76 @@ static int run_benchmark(int argc, char *argv[]) {
|
||||
fprintf(stderr, "%28.2lf op/s\n", rate);
|
||||
ecdh_free(ecdh1);
|
||||
|
||||
- // SPTPS authentication phase
|
||||
-
|
||||
int fd[2];
|
||||
+ struct pollfd pfd[2] = {{fd[0], POLLIN}, {fd[1], POLLIN}};
|
||||
+
|
||||
+ sptps_params_t params1 = {
|
||||
+ .handle = fd + 0,
|
||||
+ .initiator = true,
|
||||
+ .datagram = false,
|
||||
+ .mykey = key1,
|
||||
+ .hiskey = key2,
|
||||
+ .label = "sptps_speed",
|
||||
+ .send_data = send_data,
|
||||
+ .receive_record = receive_record,
|
||||
+ };
|
||||
+
|
||||
+ sptps_params_t params2 = {
|
||||
+ .handle = fd + 1,
|
||||
+ .initiator = false,
|
||||
+ .datagram = false,
|
||||
+ .mykey = key2,
|
||||
+ .hiskey = key1,
|
||||
+ .label = "sptps_speed",
|
||||
+ .send_data = send_data,
|
||||
+ .receive_record = receive_record,
|
||||
+ };
|
||||
+
|
||||
+ static const char *suite_names[] = {
|
||||
+ "Chacha20-Poly1305",
|
||||
+ "AES-256-GCM",
|
||||
+ };
|
||||
+
|
||||
+ for(uint8_t suite = 0; suite < 2; suite++) {
|
||||
+ fprintf(stderr, "\nCipher suite %u (%s):\n", suite, suite_names[suite]);
|
||||
+ params1.preferred_suite = params2.preferred_suite = suite;
|
||||
+
|
||||
+ // SPTPS authentication phase
|
||||
+
|
||||
+ fprintf(stderr, "SPTPS/TCP authenticate for %lg seconds: ", duration);
|
||||
+
|
||||
+ if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
|
||||
+ fprintf(stderr, "Could not create a UNIX socket pair: %s\n", sockstrerror(sockerrno));
|
||||
+ return 1;
|
||||
+ }
|
||||
|
||||
- if(socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) {
|
||||
- fprintf(stderr, "Could not create a UNIX socket pair: %s\n", sockstrerror(sockerrno));
|
||||
- return 1;
|
||||
- }
|
||||
+ pfd[0].fd = fd[0], pfd[1].fd = fd[1];
|
||||
+ params1.datagram = params2.datagram = false;
|
||||
|
||||
- struct pollfd pfd[2] = {{fd[0], POLLIN, 0}, {fd[1], POLLIN, 0}};
|
||||
+ for(clock_start(); clock_countto(duration);) {
|
||||
+ sptps_start(&sptps1, ¶ms1);
|
||||
+ sptps_start(&sptps2, ¶ms2);
|
||||
|
||||
- fprintf(stderr, "SPTPS/TCP authenticate for %lg seconds: ", duration);
|
||||
+ while(poll(pfd, 2, 0)) {
|
||||
+ if(pfd[0].revents) {
|
||||
+ receive_data(&sptps1);
|
||||
+ }
|
||||
|
||||
- for(clock_start(); clock_countto(duration);) {
|
||||
- sptps_start(&sptps1, fd + 0, true, false, key1, key2, "sptps_speed", 11, send_data, receive_record);
|
||||
- sptps_start(&sptps2, fd + 1, false, false, key2, key1, "sptps_speed", 11, send_data, receive_record);
|
||||
+ if(pfd[1].revents) {
|
||||
+ receive_data(&sptps2);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ sptps_stop(&sptps1);
|
||||
+ sptps_stop(&sptps2);
|
||||
+ }
|
||||
+
|
||||
+ fprintf(stderr, "%10.2lf op/s\n", rate * 2);
|
||||
+
|
||||
+ // SPTPS data
|
||||
+
|
||||
+ sptps_start(&sptps1, ¶ms1);
|
||||
+ sptps_start(&sptps2, ¶ms2);
|
||||
|
||||
while(poll(pfd, 2, 0)) {
|
||||
if(pfd[0].revents) {
|
||||
@@ -195,65 +249,68 @@ static int run_benchmark(int argc, char *argv[]) {
|
||||
}
|
||||
}
|
||||
|
||||
- sptps_stop(&sptps1);
|
||||
- sptps_stop(&sptps2);
|
||||
- }
|
||||
+ fprintf(stderr, "SPTPS/TCP transmit for %lg seconds: ", duration);
|
||||
|
||||
- fprintf(stderr, "%10.2lf op/s\n", rate * 2);
|
||||
+ for(clock_start(); clock_countto(duration);) {
|
||||
+ if(!sptps_send_record(&sptps1, 0, buf1, 1451)) {
|
||||
+ abort();
|
||||
+ }
|
||||
|
||||
- // SPTPS data
|
||||
+ receive_data(&sptps2);
|
||||
+ }
|
||||
|
||||
- sptps_start(&sptps1, fd + 0, true, false, key1, key2, "sptps_speed", 11, send_data, receive_record);
|
||||
- sptps_start(&sptps2, fd + 1, false, false, key2, key1, "sptps_speed", 11, send_data, receive_record);
|
||||
+ rate *= 2 * 1451 * 8;
|
||||
|
||||
- while(poll(pfd, 2, 0)) {
|
||||
- if(pfd[0].revents) {
|
||||
- receive_data(&sptps1);
|
||||
+ if(rate > 1e9) {
|
||||
+ fprintf(stderr, "%14.2lf Gbit/s\n", rate / 1e9);
|
||||
+ } else if(rate > 1e6) {
|
||||
+ fprintf(stderr, "%14.2lf Mbit/s\n", rate / 1e6);
|
||||
+ } else if(rate > 1e3) {
|
||||
+ fprintf(stderr, "%14.2lf kbit/s\n", rate / 1e3);
|
||||
}
|
||||
|
||||
- if(pfd[1].revents) {
|
||||
- receive_data(&sptps2);
|
||||
- }
|
||||
- }
|
||||
+ sptps_stop(&sptps1);
|
||||
+ sptps_stop(&sptps2);
|
||||
|
||||
- fprintf(stderr, "SPTPS/TCP transmit for %lg seconds: ", duration);
|
||||
+ close(fd[0]);
|
||||
+ close(fd[1]);
|
||||
|
||||
- for(clock_start(); clock_countto(duration);) {
|
||||
- if(!sptps_send_record(&sptps1, 0, buf1, 1451)) {
|
||||
- abort();
|
||||
+ // SPTPS datagram authentication phase
|
||||
+
|
||||
+ if(socketpair(AF_UNIX, SOCK_DGRAM, 0, fd)) {
|
||||
+ fprintf(stderr, "Could not create a UNIX socket pair: %s\n", sockstrerror(sockerrno));
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
- receive_data(&sptps2);
|
||||
- }
|
||||
+ pfd[0].fd = fd[0], pfd[1].fd = fd[1];
|
||||
+ params1.datagram = params2.datagram = true;
|
||||
|
||||
- rate *= 2 * 1451 * 8;
|
||||
+ fprintf(stderr, "SPTPS/UDP authenticate for %lg seconds: ", duration);
|
||||
|
||||
- if(rate > 1e9) {
|
||||
- fprintf(stderr, "%14.2lf Gbit/s\n", rate / 1e9);
|
||||
- } else if(rate > 1e6) {
|
||||
- fprintf(stderr, "%14.2lf Mbit/s\n", rate / 1e6);
|
||||
- } else if(rate > 1e3) {
|
||||
- fprintf(stderr, "%14.2lf kbit/s\n", rate / 1e3);
|
||||
- }
|
||||
+ for(clock_start(); clock_countto(duration);) {
|
||||
+ sptps_start(&sptps1, ¶ms1);
|
||||
+ sptps_start(&sptps2, ¶ms2);
|
||||
|
||||
- sptps_stop(&sptps1);
|
||||
- sptps_stop(&sptps2);
|
||||
+ while(poll(pfd, 2, 0)) {
|
||||
+ if(pfd[0].revents) {
|
||||
+ receive_data(&sptps1);
|
||||
+ }
|
||||
|
||||
- // SPTPS datagram authentication phase
|
||||
+ if(pfd[1].revents) {
|
||||
+ receive_data(&sptps2);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
- close(fd[0]);
|
||||
- close(fd[1]);
|
||||
+ sptps_stop(&sptps1);
|
||||
+ sptps_stop(&sptps2);
|
||||
+ }
|
||||
|
||||
- if(socketpair(AF_UNIX, SOCK_DGRAM, 0, fd)) {
|
||||
- fprintf(stderr, "Could not create a UNIX socket pair: %s\n", sockstrerror(sockerrno));
|
||||
- return 1;
|
||||
- }
|
||||
+ fprintf(stderr, "%10.2lf op/s\n", rate * 2);
|
||||
|
||||
- fprintf(stderr, "SPTPS/UDP authenticate for %lg seconds: ", duration);
|
||||
+ // SPTPS datagram data
|
||||
|
||||
- for(clock_start(); clock_countto(duration);) {
|
||||
- sptps_start(&sptps1, fd + 0, true, true, key1, key2, "sptps_speed", 11, send_data, receive_record);
|
||||
- sptps_start(&sptps2, fd + 1, false, true, key2, key1, "sptps_speed", 11, send_data, receive_record);
|
||||
+ sptps_start(&sptps1, ¶ms1);
|
||||
+ sptps_start(&sptps2, ¶ms2);
|
||||
|
||||
while(poll(pfd, 2, 0)) {
|
||||
if(pfd[0].revents) {
|
||||
@@ -265,54 +322,35 @@ static int run_benchmark(int argc, char *argv[]) {
|
||||
}
|
||||
}
|
||||
|
||||
- sptps_stop(&sptps1);
|
||||
- sptps_stop(&sptps2);
|
||||
- }
|
||||
-
|
||||
- fprintf(stderr, "%10.2lf op/s\n", rate * 2);
|
||||
+ fprintf(stderr, "SPTPS/UDP transmit for %lg seconds: ", duration);
|
||||
|
||||
- // SPTPS datagram data
|
||||
-
|
||||
- sptps_start(&sptps1, fd + 0, true, true, key1, key2, "sptps_speed", 11, send_data, receive_record);
|
||||
- sptps_start(&sptps2, fd + 1, false, true, key2, key1, "sptps_speed", 11, send_data, receive_record);
|
||||
-
|
||||
- while(poll(pfd, 2, 0)) {
|
||||
- if(pfd[0].revents) {
|
||||
- receive_data(&sptps1);
|
||||
- }
|
||||
+ for(clock_start(); clock_countto(duration);) {
|
||||
+ if(!sptps_send_record(&sptps1, 0, buf1, 1451)) {
|
||||
+ abort();
|
||||
+ }
|
||||
|
||||
- if(pfd[1].revents) {
|
||||
receive_data(&sptps2);
|
||||
}
|
||||
- }
|
||||
|
||||
- fprintf(stderr, "SPTPS/UDP transmit for %lg seconds: ", duration);
|
||||
+ rate *= 2 * 1451 * 8;
|
||||
|
||||
- for(clock_start(); clock_countto(duration);) {
|
||||
- if(!sptps_send_record(&sptps1, 0, buf1, 1451)) {
|
||||
- abort();
|
||||
+ if(rate > 1e9) {
|
||||
+ fprintf(stderr, "%14.2lf Gbit/s\n", rate / 1e9);
|
||||
+ } else if(rate > 1e6) {
|
||||
+ fprintf(stderr, "%14.2lf Mbit/s\n", rate / 1e6);
|
||||
+ } else if(rate > 1e3) {
|
||||
+ fprintf(stderr, "%14.2lf kbit/s\n", rate / 1e3);
|
||||
}
|
||||
|
||||
- receive_data(&sptps2);
|
||||
- }
|
||||
-
|
||||
- rate *= 2 * 1451 * 8;
|
||||
+ sptps_stop(&sptps1);
|
||||
+ sptps_stop(&sptps2);
|
||||
|
||||
- if(rate > 1e9) {
|
||||
- fprintf(stderr, "%14.2lf Gbit/s\n", rate / 1e9);
|
||||
- } else if(rate > 1e6) {
|
||||
- fprintf(stderr, "%14.2lf Mbit/s\n", rate / 1e6);
|
||||
- } else if(rate > 1e3) {
|
||||
- fprintf(stderr, "%14.2lf kbit/s\n", rate / 1e3);
|
||||
+ close(fd[0]);
|
||||
+ close(fd[1]);
|
||||
}
|
||||
|
||||
- sptps_stop(&sptps1);
|
||||
- sptps_stop(&sptps2);
|
||||
-
|
||||
// Clean up
|
||||
|
||||
- close(fd[0]);
|
||||
- close(fd[1]);
|
||||
ecdsa_free(key1);
|
||||
ecdsa_free(key2);
|
||||
|
||||
--
|
||||
2.36.0
|
||||
|
219
debian/patches/0004-If-we-link-with-OpenSSL-use-it-for-Chacha20-Poly1305.patch
vendored
Normal file
219
debian/patches/0004-If-we-link-with-OpenSSL-use-it-for-Chacha20-Poly1305.patch
vendored
Normal file
|
@ -0,0 +1,219 @@
|
|||
From 9d423c31024e37655aac014662cb5bee82c26464 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Mon, 9 Aug 2021 21:55:09 +0200
|
||||
Subject: [PATCH 04/10] If we link with OpenSSL, use it for Chacha20-Poly1305
|
||||
as well.
|
||||
|
||||
---
|
||||
src/sptps.c | 128 ++++++++++++++++++++++++++++++++--------------------
|
||||
1 file changed, 78 insertions(+), 50 deletions(-)
|
||||
|
||||
diff --git a/src/sptps.c b/src/sptps.c
|
||||
index 33c41424..55b9e5ca 100644
|
||||
--- a/src/sptps.c
|
||||
+++ b/src/sptps.c
|
||||
@@ -96,12 +96,26 @@ static void warning(sptps_t *s, const char *format, ...) {
|
||||
|
||||
static bool cipher_init(uint8_t suite, void **ctx, const uint8_t *key, bool key_half) {
|
||||
switch(suite) {
|
||||
+#ifndef HAVE_OPENSSL
|
||||
+
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
*ctx = chacha_poly1305_init();
|
||||
return ctx && chacha_poly1305_set_key(*ctx, key + (key_half ? CHACHA_POLY1305_KEYLEN : 0));
|
||||
|
||||
+#else
|
||||
+
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ *ctx = EVP_CIPHER_CTX_new();
|
||||
+
|
||||
+ if(!ctx) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return EVP_EncryptInit_ex(*ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL)
|
||||
+ && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|
||||
+ && EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? CHACHA_POLY1305_KEYLEN : 0), key);
|
||||
+
|
||||
case SPTPS_AES256_GCM:
|
||||
-#ifdef HAVE_OPENSSL
|
||||
*ctx = EVP_CIPHER_CTX_new();
|
||||
|
||||
if(!ctx) {
|
||||
@@ -109,8 +123,8 @@ static bool cipher_init(uint8_t suite, void **ctx, const uint8_t *key, bool key_
|
||||
}
|
||||
|
||||
return EVP_EncryptInit_ex(*ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)
|
||||
- && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, 4, NULL)
|
||||
- && EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? 32 : 0), key);
|
||||
+ && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|
||||
+ && EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? 64 : 0), key);
|
||||
#endif
|
||||
|
||||
default:
|
||||
@@ -120,12 +134,16 @@ static bool cipher_init(uint8_t suite, void **ctx, const uint8_t *key, bool key_
|
||||
|
||||
static void cipher_exit(uint8_t suite, void *ctx) {
|
||||
switch(suite) {
|
||||
+#ifndef HAVE_OPENSSL
|
||||
+
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
chacha_poly1305_exit(ctx);
|
||||
break;
|
||||
|
||||
+#else
|
||||
+
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
case SPTPS_AES256_GCM:
|
||||
-#ifdef HAVE_OPENSSL
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
break;
|
||||
#endif
|
||||
@@ -136,43 +154,48 @@ static void cipher_exit(uint8_t suite, void *ctx) {
|
||||
}
|
||||
|
||||
static bool cipher_encrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) {
|
||||
+ uint8_t nonce[12] = {seqno, seqno >> 8, seqno >> 16, seqno >> 24};
|
||||
+
|
||||
switch(suite) {
|
||||
+#ifndef HAVE_OPENSSL
|
||||
+
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
chacha_poly1305_encrypt(ctx, seqno, in, inlen, out, outlen);
|
||||
return true;
|
||||
|
||||
- case SPTPS_AES256_GCM:
|
||||
-#ifdef HAVE_OPENSSL
|
||||
- {
|
||||
- if(!EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, (uint8_t *)&seqno)) {
|
||||
- return false;
|
||||
- }
|
||||
+#else
|
||||
|
||||
- int outlen1 = 0, outlen2 = 0;
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ case SPTPS_AES256_GCM: {
|
||||
+ if(!EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, nonce)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(!EVP_EncryptUpdate(ctx, out, &outlen1, in, (int)inlen)) {
|
||||
- return false;
|
||||
- }
|
||||
+ int outlen1 = 0, outlen2 = 0;
|
||||
|
||||
- if(!EVP_EncryptFinal_ex(ctx, out + outlen1, &outlen2)) {
|
||||
- return false;
|
||||
- }
|
||||
+ if(!EVP_EncryptUpdate(ctx, out, &outlen1, in, (int)inlen)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- outlen1 += outlen2;
|
||||
+ if(!EVP_EncryptFinal_ex(ctx, out + outlen1, &outlen2)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, out + outlen1)) {
|
||||
- return false;
|
||||
- }
|
||||
+ outlen1 += outlen2;
|
||||
|
||||
- outlen1 += 16;
|
||||
+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, out + outlen1)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(outlen) {
|
||||
- *outlen = outlen1;
|
||||
- }
|
||||
+ outlen1 += 16;
|
||||
|
||||
- return true;
|
||||
+ if(outlen) {
|
||||
+ *outlen = outlen1;
|
||||
}
|
||||
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
#endif
|
||||
|
||||
default:
|
||||
@@ -181,44 +204,49 @@ static bool cipher_encrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8
|
||||
}
|
||||
|
||||
static bool cipher_decrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) {
|
||||
+ uint8_t nonce[12] = {seqno, seqno >> 8, seqno >> 16, seqno >> 24};
|
||||
+
|
||||
switch(suite) {
|
||||
+#ifndef HAVE_OPENSSL
|
||||
+
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
return chacha_poly1305_decrypt(ctx, seqno, in, inlen, out, outlen);
|
||||
|
||||
- case SPTPS_AES256_GCM:
|
||||
-#ifdef HAVE_OPENSSL
|
||||
- {
|
||||
- if(inlen < 16) {
|
||||
- return false;
|
||||
- }
|
||||
+#else
|
||||
|
||||
- inlen -= 16;
|
||||
+ case SPTPS_CHACHA_POLY1305:
|
||||
+ case SPTPS_AES256_GCM: {
|
||||
+ if(inlen < 16) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (uint8_t *)&seqno)) {
|
||||
- return false;
|
||||
- }
|
||||
+ inlen -= 16;
|
||||
|
||||
- int outlen1 = 0, outlen2 = 0;
|
||||
+ if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, nonce)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(!EVP_DecryptUpdate(ctx, out, &outlen1, in, (int)inlen)) {
|
||||
- return false;
|
||||
- }
|
||||
+ int outlen1 = 0, outlen2 = 0;
|
||||
|
||||
- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, (void *)(in + inlen))) {
|
||||
- return false;
|
||||
- }
|
||||
+ if(!EVP_DecryptUpdate(ctx, out, &outlen1, in, (int)inlen)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(!EVP_DecryptFinal_ex(ctx, out + outlen1, &outlen2)) {
|
||||
- return false;
|
||||
- }
|
||||
+ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, (void *)(in + inlen))) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- if(outlen) {
|
||||
- *outlen = outlen1 + outlen2;
|
||||
- }
|
||||
+ if(!EVP_DecryptFinal_ex(ctx, out + outlen1, &outlen2)) {
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
- return true;
|
||||
+ if(outlen) {
|
||||
+ *outlen = outlen1 + outlen2;
|
||||
}
|
||||
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
#endif
|
||||
|
||||
default:
|
||||
--
|
||||
2.36.0
|
||||
|
1295
debian/patches/0005-Update-the-built-in-Chacha20-Poly1305-code-to-an-RFC.patch
vendored
Normal file
1295
debian/patches/0005-Update-the-built-in-Chacha20-Poly1305-code-to-an-RFC.patch
vendored
Normal file
File diff suppressed because it is too large
Load diff
117
debian/patches/0006-Ensure-we-are-compatible-with-LibreSSL.patch
vendored
Normal file
117
debian/patches/0006-Ensure-we-are-compatible-with-LibreSSL.patch
vendored
Normal file
|
@ -0,0 +1,117 @@
|
|||
From d64b9c4a2f48ce7533e9f7a8f5f6e890764515ab Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue, 10 Aug 2021 23:08:04 +0200
|
||||
Subject: [PATCH 06/10] Ensure we are compatible with LibreSSL.
|
||||
|
||||
---
|
||||
src/sptps.c | 66 ++++++++++++++++++++++++++++++++++++++++++-----------
|
||||
1 file changed, 53 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/src/sptps.c b/src/sptps.c
|
||||
index 33e88ed9..7c8d20b7 100644
|
||||
--- a/src/sptps.c
|
||||
+++ b/src/sptps.c
|
||||
@@ -107,26 +107,26 @@ static bool cipher_init(uint8_t suite, void **ctx, const uint8_t *key, bool key_
|
||||
#else
|
||||
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
- *ctx = EVP_CIPHER_CTX_new();
|
||||
+#ifdef EVP_F_EVP_AEAD_CTX_INIT
|
||||
+ *ctx = malloc(sizeof(EVP_AEAD_CTX));
|
||||
|
||||
- if(!ctx) {
|
||||
- return false;
|
||||
- }
|
||||
+ return *ctx && EVP_AEAD_CTX_init(*ctx, EVP_aead_chacha20_poly1305(), key + (key_half ? CIPHER_KEYLEN : 0), 32, 16, NULL);
|
||||
+#else
|
||||
+ *ctx = EVP_CIPHER_CTX_new();
|
||||
|
||||
- return EVP_EncryptInit_ex(*ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL)
|
||||
- && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|
||||
+ return *ctx
|
||||
+ && EVP_EncryptInit_ex(*ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL)
|
||||
+ && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL)
|
||||
&& EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? CIPHER_KEYLEN : 0), key);
|
||||
+#endif
|
||||
|
||||
case SPTPS_AES256_GCM:
|
||||
*ctx = EVP_CIPHER_CTX_new();
|
||||
|
||||
- if(!ctx) {
|
||||
- return false;
|
||||
- }
|
||||
-
|
||||
- return EVP_EncryptInit_ex(*ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)
|
||||
- && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|
||||
- && EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? 64 : 0), key);
|
||||
+ return *ctx
|
||||
+ && EVP_EncryptInit_ex(*ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)
|
||||
+ && EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL)
|
||||
+ && EVP_EncryptInit_ex(*ctx, NULL, NULL, key + (key_half ? CIPHER_KEYLEN : 0), key);
|
||||
#endif
|
||||
|
||||
default:
|
||||
@@ -145,6 +145,12 @@ static void cipher_exit(uint8_t suite, void *ctx) {
|
||||
#else
|
||||
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
+#ifdef EVP_F_EVP_AEAD_CTX_INIT
|
||||
+ EVP_AEAD_CTX_cleanup(ctx);
|
||||
+ free(ctx);
|
||||
+ break;
|
||||
+#endif
|
||||
+
|
||||
case SPTPS_AES256_GCM:
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
break;
|
||||
@@ -176,6 +182,23 @@ static bool cipher_encrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8
|
||||
#else
|
||||
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
+#ifdef EVP_F_EVP_AEAD_CTX_INIT
|
||||
+ {
|
||||
+ size_t outlen1;
|
||||
+
|
||||
+ if(!EVP_AEAD_CTX_seal(ctx, out, &outlen1, inlen + 16, nonce, sizeof(nonce), in, inlen, NULL, 0)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if(outlen) {
|
||||
+ *outlen = outlen1;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
case SPTPS_AES256_GCM: {
|
||||
if(!EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, nonce)) {
|
||||
return false;
|
||||
@@ -239,6 +262,23 @@ static bool cipher_decrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8
|
||||
#else
|
||||
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
+#ifdef EVP_F_EVP_AEAD_CTX_INIT
|
||||
+ {
|
||||
+ size_t outlen1;
|
||||
+
|
||||
+ if(!EVP_AEAD_CTX_open(ctx, out, &outlen1, inlen, nonce, sizeof(nonce), in, inlen + 16, NULL, 0)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if(outlen) {
|
||||
+ *outlen = outlen1;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
case SPTPS_AES256_GCM: {
|
||||
if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, nonce)) {
|
||||
return false;
|
||||
--
|
||||
2.36.0
|
||||
|
26
debian/patches/0007-Fix-infinite-loop-on-SPTPS-errors-when-running-sptps.patch
vendored
Normal file
26
debian/patches/0007-Fix-infinite-loop-on-SPTPS-errors-when-running-sptps.patch
vendored
Normal file
|
@ -0,0 +1,26 @@
|
|||
From 948be5b4a813e814e36be23a63817df283e8db91 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue, 10 Aug 2021 23:08:52 +0200
|
||||
Subject: [PATCH 07/10] Fix infinite loop on SPTPS errors when running
|
||||
sptps_test in datagram mode.
|
||||
|
||||
---
|
||||
src/sptps_test.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/sptps_test.c b/src/sptps_test.c
|
||||
index 32ed62d3..7e5977ed 100644
|
||||
--- a/src/sptps_test.c
|
||||
+++ b/src/sptps_test.c
|
||||
@@ -721,6 +721,8 @@ static int run_test(int argc, char *argv[]) {
|
||||
free(mykey);
|
||||
free(hiskey);
|
||||
return 1;
|
||||
+ } else {
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.36.0
|
||||
|
40
debian/patches/0008-Fix-documentation-of-default-cipher-algorithm-used-f.patch
vendored
Normal file
40
debian/patches/0008-Fix-documentation-of-default-cipher-algorithm-used-f.patch
vendored
Normal file
|
@ -0,0 +1,40 @@
|
|||
From 440bf1e9e484ac9800308dafbb5089e400df3522 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun, 22 Aug 2021 22:16:42 +0200
|
||||
Subject: [PATCH 08/10] Fix documentation of default cipher algorithm used for
|
||||
the legacy protocol.
|
||||
|
||||
---
|
||||
doc/tinc.conf.5.in | 2 +-
|
||||
doc/tinc.texi | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
|
||||
index d7aa7d99..0cfdd089 100644
|
||||
--- a/doc/tinc.conf.5.in
|
||||
+++ b/doc/tinc.conf.5.in
|
||||
@@ -562,7 +562,7 @@ Multiple
|
||||
.Va Address
|
||||
variables can be specified, in which case each address will be tried until a working
|
||||
connection has been established.
|
||||
-.It Va Cipher Li = Ar cipher Pq blowfish
|
||||
+.It Va Cipher Li = Ar cipher Pq aes-256-cbc
|
||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
||||
Any cipher supported by LibreSSL or OpenSSL is recognised.
|
||||
Furthermore, specifying
|
||||
diff --git a/doc/tinc.texi b/doc/tinc.texi
|
||||
index 2e519d1c..ab3dca23 100644
|
||||
--- a/doc/tinc.texi
|
||||
+++ b/doc/tinc.texi
|
||||
@@ -1328,7 +1328,7 @@ Multiple Address variables can be specified, in which case each address will be
|
||||
tried until a working connection has been established.
|
||||
|
||||
@cindex Cipher
|
||||
-@item Cipher = <@var{cipher}> (blowfish)
|
||||
+@item Cipher = <@var{cipher}> (aes-256-cbc)
|
||||
The symmetric cipher algorithm used to encrypt UDP packets using the legacy protocol.
|
||||
Any cipher supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying @samp{none} will turn off packet encryption.
|
||||
--
|
||||
2.36.0
|
||||
|
230
debian/patches/0009-Make-the-ExperimentalProtocol-option-obsolete.patch
vendored
Normal file
230
debian/patches/0009-Make-the-ExperimentalProtocol-option-obsolete.patch
vendored
Normal file
|
@ -0,0 +1,230 @@
|
|||
From 4e64f72feb99b7933e907fb0fab93368749db779 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Sun, 22 Aug 2021 22:44:04 +0200
|
||||
Subject: [PATCH 09/10] Make the ExperimentalProtocol option obsolete.
|
||||
|
||||
Remove mentions of it from the documentation, but keep supporting the
|
||||
option for now, as this makes it easier to test compatibility with the
|
||||
legacy protocol.
|
||||
---
|
||||
README.md | 8 ++++----
|
||||
doc/tinc.conf.5.in | 18 +++---------------
|
||||
doc/tinc.texi | 21 ++++++---------------
|
||||
src/tincctl.c | 2 +-
|
||||
test/integration/algorithms.py | 4 ++--
|
||||
test/integration/legacy_protocol.py | 4 ++--
|
||||
test/integration/splice.py | 4 ++--
|
||||
7 files changed, 20 insertions(+), 41 deletions(-)
|
||||
|
||||
diff --git a/README.md b/README.md
|
||||
index 11129f79..9e3a64a4 100644
|
||||
--- a/README.md
|
||||
+++ b/README.md
|
||||
@@ -55,12 +55,12 @@ versions, the security might only be as good as that of the oldest version.
|
||||
|
||||
## Compatibility
|
||||
|
||||
-Version 1.1pre18 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
+Version 1.1pre18 is compatible with 1.0 and later, but not with older
|
||||
versions of tinc.
|
||||
|
||||
-When the ExperimentalProtocol option is used, tinc is still compatible with
|
||||
-1.0.X, 1.1pre11 and later, but not with any version between 1.1pre1 and
|
||||
-1.1pre10.
|
||||
+Note that this pre-release version of tinc 1.1 might be incompatible with older
|
||||
+pre-release versions as the new cryptographic protocol might still undergo
|
||||
+changes.
|
||||
|
||||
## Requirements
|
||||
|
||||
diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
|
||||
index 0cfdd089..a5a56ed5 100644
|
||||
--- a/doc/tinc.conf.5.in
|
||||
+++ b/doc/tinc.conf.5.in
|
||||
@@ -287,15 +287,6 @@ When combined with the IndirectData option,
|
||||
packets for nodes for which we do not have a meta connection with are also dropped.
|
||||
.It Va Ed25519PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ed25519_key.priv Pc
|
||||
The file in which the private Ed25519 key of this tinc daemon resides.
|
||||
-This is only used if
|
||||
-.Va ExperimentalProtocol
|
||||
-is enabled.
|
||||
-.It Va ExperimentalProtocol Li = yes | no Pq yes
|
||||
-When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
|
||||
-Ephemeral ECDH will be used for key exchanges,
|
||||
-and Ed25519 will be used instead of RSA for authentication.
|
||||
-When enabled, an Ed25519 key must have been generated before with
|
||||
-.Nm tinc generate-ed25519-keys .
|
||||
.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
|
||||
This option selects the way indirect packets are forwarded.
|
||||
.Bl -tag -width indent
|
||||
@@ -569,8 +560,7 @@ Furthermore, specifying
|
||||
.Qq none
|
||||
will turn off packet encryption.
|
||||
It is best to use only those ciphers which support CBC mode.
|
||||
-This option has no effect for connections between nodes using
|
||||
-.Va ExperimentalProtocol .
|
||||
+This option only affects communication using the legacy protocol.
|
||||
.It Va ClampMSS Li = yes | no Pq yes
|
||||
This option specifies whether tinc should clamp the maximum segment size (MSS)
|
||||
of TCP packets to the path MTU. This helps in situations where ICMP
|
||||
@@ -585,8 +575,7 @@ Any digest supported by LibreSSL or OpenSSL is recognised.
|
||||
Furthermore, specifying
|
||||
.Qq none
|
||||
will turn off packet authentication.
|
||||
-This option has no effect for connections between nodes using
|
||||
-.Va ExperimentalProtocol .
|
||||
+This option only affects communication using the legacy protocol.
|
||||
.It Va IndirectData Li = yes | no Pq no
|
||||
When set to yes, only nodes which already have a meta connection to you
|
||||
will try to establish direct communication with you.
|
||||
@@ -596,8 +585,7 @@ The length of the message authentication code used to authenticate UDP packets.
|
||||
Can be anything from
|
||||
.Qq 0
|
||||
up to the length of the digest produced by the digest algorithm.
|
||||
-This option has no effect for connections between nodes using
|
||||
-.Va ExperimentalProtocol .
|
||||
+This option only affects communication using the legacy protocol.
|
||||
.It Va PMTU Li = Ar mtu Po 1514 Pc
|
||||
This option controls the initial path MTU to this node.
|
||||
.It Va PMTUDiscovery Li = yes | no Po yes Pc
|
||||
diff --git a/doc/tinc.texi b/doc/tinc.texi
|
||||
index ab3dca23..c1e62a52 100644
|
||||
--- a/doc/tinc.texi
|
||||
+++ b/doc/tinc.texi
|
||||
@@ -1025,15 +1025,6 @@ packets for nodes for which we do not have a meta connection with are also dropp
|
||||
@cindex Ed25519PrivateKeyFile
|
||||
@item Ed25519PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/ed25519_key.priv})
|
||||
The file in which the private Ed25519 key of this tinc daemon resides.
|
||||
-This is only used if ExperimentalProtocol is enabled.
|
||||
-
|
||||
-@cindex ExperimentalProtocol
|
||||
-@item ExperimentalProtocol = <yes|no> (yes)
|
||||
-When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
|
||||
-Ephemeral ECDH will be used for key exchanges,
|
||||
-and Ed25519 will be used instead of RSA for authentication.
|
||||
-When enabled, an Ed25519 key must have been generated before with
|
||||
-@command{tinc generate-ed25519-keys}.
|
||||
|
||||
@cindex Forwarding
|
||||
@item Forwarding = <off|internal|kernel> (internal) [experimental]
|
||||
@@ -1333,7 +1324,7 @@ The symmetric cipher algorithm used to encrypt UDP packets using the legacy prot
|
||||
Any cipher supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying @samp{none} will turn off packet encryption.
|
||||
It is best to use only those ciphers which support CBC mode.
|
||||
-This option has no effect for connections using the SPTPS protocol, which always use AES-256-CTR.
|
||||
+This option only affects communication using the legacy protocol.
|
||||
|
||||
@cindex ClampMSS
|
||||
@item ClampMSS = <yes|no> (yes)
|
||||
@@ -1352,7 +1343,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
||||
The digest algorithm used to authenticate UDP packets using the legacy protocol.
|
||||
Any digest supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying @samp{none} will turn off packet authentication.
|
||||
-This option has no effect for connections using the SPTPS protocol, which always use HMAC-SHA-256.
|
||||
+This option only affects communication using the legacy protocol.
|
||||
|
||||
@cindex IndirectData
|
||||
@item IndirectData = <yes|no> (no)
|
||||
@@ -1365,7 +1356,7 @@ It is best to leave this option out or set it to no.
|
||||
The length of the message authentication code used to authenticate UDP packets using the legacy protocol.
|
||||
Can be anything from 0
|
||||
up to the length of the digest produced by the digest algorithm.
|
||||
-This option has no effect for connections using the SPTPS protocol, which never truncate MACs.
|
||||
+This option only affects communication using the legacy protocol.
|
||||
|
||||
@cindex PMTU
|
||||
@item PMTU = <@var{mtu}> (1514)
|
||||
@@ -3030,9 +3021,9 @@ Therefore, tinc also authenticates the data.
|
||||
Finally, tinc uses sequence numbers (which themselves are also authenticated) to prevent an attacker from replaying valid packets.
|
||||
|
||||
Since version 1.1pre3, tinc has two protocols used to protect your data; the legacy protocol, and the new Simple Peer-to-Peer Security (SPTPS) protocol.
|
||||
-The SPTPS protocol is designed to address some weaknesses in the legacy protocol.
|
||||
-The new authentication protocol is used when two nodes connect to each other that both have the ExperimentalProtocol option set to yes,
|
||||
-otherwise the legacy protocol will be used.
|
||||
+The SPTPS protocol is designed to address some weaknesses in the legacy protocol,
|
||||
+and is used automatically if both sides support it.
|
||||
+Once two nodes have connected with the new protocol, rollback to the legacy protocol is not allowed.
|
||||
|
||||
@menu
|
||||
* Legacy authentication protocol::
|
||||
diff --git a/src/tincctl.c b/src/tincctl.c
|
||||
index 9b39f2ce..2032b33a 100644
|
||||
--- a/src/tincctl.c
|
||||
+++ b/src/tincctl.c
|
||||
@@ -1651,7 +1651,7 @@ const var_t variables[] = {
|
||||
{"DeviceType", VAR_SERVER},
|
||||
{"DirectOnly", VAR_SERVER | VAR_SAFE},
|
||||
{"Ed25519PrivateKeyFile", VAR_SERVER},
|
||||
- {"ExperimentalProtocol", VAR_SERVER},
|
||||
+ {"ExperimentalProtocol", VAR_SERVER | VAR_OBSOLETE},
|
||||
{"Forwarding", VAR_SERVER},
|
||||
{"FWMark", VAR_SERVER},
|
||||
{"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},
|
||||
diff --git a/test/integration/algorithms.py b/test/integration/algorithms.py
|
||||
index b056c7d5..52e0f820 100755
|
||||
--- a/test/integration/algorithms.py
|
||||
+++ b/test/integration/algorithms.py
|
||||
@@ -23,7 +23,7 @@ def init(ctx: Test, digest: str, cipher: str) -> T.Tuple[Tinc, Tinc]:
|
||||
set Digest {digest}
|
||||
set Cipher {cipher}
|
||||
"""
|
||||
- foo.cmd(stdin=stdin)
|
||||
+ foo.cmd("--force", stdin=stdin)
|
||||
foo.start()
|
||||
|
||||
stdin = f"""
|
||||
@@ -35,7 +35,7 @@ def init(ctx: Test, digest: str, cipher: str) -> T.Tuple[Tinc, Tinc]:
|
||||
set Digest {digest}
|
||||
set Cipher {cipher}
|
||||
"""
|
||||
- bar.cmd(stdin=stdin)
|
||||
+ bar.cmd("--force", stdin=stdin)
|
||||
|
||||
foo.add_script(bar.script_up)
|
||||
bar.add_script(foo.script_up)
|
||||
diff --git a/test/integration/legacy_protocol.py b/test/integration/legacy_protocol.py
|
||||
index 845ac345..f7ab1bd2 100755
|
||||
--- a/test/integration/legacy_protocol.py
|
||||
+++ b/test/integration/legacy_protocol.py
|
||||
@@ -73,14 +73,14 @@ with Test("foo 1.1, bar 1.1") as context:
|
||||
|
||||
with Test("foo 1.1, bar 1.0") as context:
|
||||
foo_node, bar_node = init(context)
|
||||
- bar_node.cmd("set", "ExperimentalProtocol", "no")
|
||||
+ bar_node.cmd("--force", "set", "ExperimentalProtocol", "no")
|
||||
foo_node.cmd("del", f"{bar_node}.Ed25519PublicKey")
|
||||
bar_node.cmd("del", f"{foo_node}.Ed25519PublicKey")
|
||||
run_keys_test(foo_node, bar_node, empty=True)
|
||||
|
||||
with Test("bar 1.0 must not be allowed to connect") as context:
|
||||
foo_node, bar_node = init(context)
|
||||
- bar_node.cmd("set", "ExperimentalProtocol", "no")
|
||||
+ bar_node.cmd("--force", "set", "ExperimentalProtocol", "no")
|
||||
|
||||
bar_up = bar_node.add_script(Script.SUBNET_UP)
|
||||
bar_node.cmd("start")
|
||||
diff --git a/test/integration/splice.py b/test/integration/splice.py
|
||||
index 578845fb..868ffbc3 100755
|
||||
--- a/test/integration/splice.py
|
||||
+++ b/test/integration/splice.py
|
||||
@@ -28,7 +28,7 @@ def init(ctx: Test, *options: str) -> T.Tuple[Tinc, Tinc]:
|
||||
set Subnet 10.96.96.1
|
||||
{custom}
|
||||
"""
|
||||
- foo.cmd(stdin=stdin)
|
||||
+ foo.cmd("--force", stdin=stdin)
|
||||
|
||||
stdin = f"""
|
||||
init {bar}
|
||||
@@ -39,7 +39,7 @@ def init(ctx: Test, *options: str) -> T.Tuple[Tinc, Tinc]:
|
||||
set Subnet 10.96.96.2
|
||||
{custom}
|
||||
"""
|
||||
- bar.cmd(stdin=stdin)
|
||||
+ bar.cmd("--force", stdin=stdin)
|
||||
|
||||
foo.add_script(Script.SUBNET_UP)
|
||||
bar.add_script(Script.SUBNET_UP)
|
||||
--
|
||||
2.36.0
|
||||
|
322
debian/patches/0010-Move-poly1305_get_tag-into-poly1305.c-hide-poly1305_.patch
vendored
Normal file
322
debian/patches/0010-Move-poly1305_get_tag-into-poly1305.c-hide-poly1305_.patch
vendored
Normal file
|
@ -0,0 +1,322 @@
|
|||
From f4db140a8ffc63b575181299c3964e4634606280 Mon Sep 17 00:00:00 2001
|
||||
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||
Date: Tue, 31 Aug 2021 16:27:47 +0200
|
||||
Subject: [PATCH 10/10] Move poly1305_get_tag() into poly1305.c, hide
|
||||
poly1305_init().
|
||||
|
||||
The crypto library on Windows exposes a symbol named poly1305_init(),
|
||||
which clashes with ours. We can avoid this by moving poly1305_get_tag()
|
||||
to poly1305.[ch], where it belongs better, and this allows us to make
|
||||
all the lower-level Poly1305 functions static.
|
||||
|
||||
Also remove the support for associated data while we are at it, since we
|
||||
are never using it.
|
||||
---
|
||||
src/chacha-poly1305/chacha.h | 1 -
|
||||
src/chacha-poly1305/chachapoly.c | 58 ++++----------------------------
|
||||
src/chacha-poly1305/chachapoly.h | 6 ++--
|
||||
src/chacha-poly1305/poly1305.c | 54 +++++++++++++++++++++++++----
|
||||
src/chacha-poly1305/poly1305.h | 20 +----------
|
||||
src/sptps.c | 4 +--
|
||||
6 files changed, 58 insertions(+), 85 deletions(-)
|
||||
|
||||
diff --git a/src/chacha-poly1305/chacha.h b/src/chacha-poly1305/chacha.h
|
||||
index a137ab6b..d4784f49 100644
|
||||
--- a/src/chacha-poly1305/chacha.h
|
||||
+++ b/src/chacha-poly1305/chacha.h
|
||||
@@ -31,4 +31,3 @@ void chacha_encrypt_bytes(struct chacha_ctx *x, const unsigned char *m,
|
||||
unsigned char *c, uint32_t bytes);
|
||||
|
||||
#endif /* CHACHA_H */
|
||||
-
|
||||
diff --git a/src/chacha-poly1305/chachapoly.c b/src/chacha-poly1305/chachapoly.c
|
||||
index 9a6620ce..68f04edd 100644
|
||||
--- a/src/chacha-poly1305/chachapoly.c
|
||||
+++ b/src/chacha-poly1305/chachapoly.c
|
||||
@@ -53,52 +53,6 @@ static int memcmp_eq(const void *av, const void *bv, int n) {
|
||||
return res;
|
||||
}
|
||||
|
||||
-/**
|
||||
- * Poly1305 tag generation. This concatenates a string according to the rules
|
||||
- * outlined in RFC 7539 and calculates the tag.
|
||||
- *
|
||||
- * \param poly_key 32 byte secret one-time key for poly1305
|
||||
- * \param ad associated data
|
||||
- * \param ad_len associated data length in bytes
|
||||
- * \param ct ciphertext
|
||||
- * \param ct_len ciphertext length in bytes
|
||||
- * \param tag pointer to 16 bytes for tag storage
|
||||
- */
|
||||
-static void poly1305_get_tag(unsigned char *poly_key, const void *ad,
|
||||
- int ad_len, const void *ct, int ct_len, unsigned char *tag) {
|
||||
- struct poly1305_context poly;
|
||||
- unsigned left_over;
|
||||
- uint64_t len;
|
||||
- unsigned char pad[16];
|
||||
-
|
||||
- poly1305_init(&poly, poly_key);
|
||||
- memset(&pad, 0, sizeof(pad));
|
||||
-
|
||||
- /* associated data and padding */
|
||||
- poly1305_update(&poly, ad, ad_len);
|
||||
- left_over = ad_len % 16;
|
||||
-
|
||||
- if(left_over) {
|
||||
- poly1305_update(&poly, pad, 16 - left_over);
|
||||
- }
|
||||
-
|
||||
- /* payload and padding */
|
||||
- poly1305_update(&poly, ct, ct_len);
|
||||
- left_over = ct_len % 16;
|
||||
-
|
||||
- if(left_over) {
|
||||
- poly1305_update(&poly, pad, 16 - left_over);
|
||||
- }
|
||||
-
|
||||
- /* lengths */
|
||||
- len = ad_len;
|
||||
- poly1305_update(&poly, (unsigned char *)&len, 8);
|
||||
- len = ct_len;
|
||||
- poly1305_update(&poly, (unsigned char *)&len, 8);
|
||||
-
|
||||
- poly1305_finish(&poly, tag);
|
||||
-}
|
||||
-
|
||||
int chachapoly_init(struct chachapoly_ctx *ctx, const void *key, int key_len) {
|
||||
assert(key_len == 128 || key_len == 256);
|
||||
|
||||
@@ -108,7 +62,7 @@ int chachapoly_init(struct chachapoly_ctx *ctx, const void *key, int key_len) {
|
||||
}
|
||||
|
||||
int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
- const void *ad, int ad_len, void *input, int input_len,
|
||||
+ void *input, int input_len,
|
||||
void *output, void *tag, int tag_len, int encrypt) {
|
||||
unsigned char poly_key[CHACHA_BLOCKLEN];
|
||||
unsigned char calc_tag[POLY1305_TAGLEN];
|
||||
@@ -121,7 +75,7 @@ int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
|
||||
/* check tag if decrypting */
|
||||
if(encrypt == 0 && tag_len) {
|
||||
- poly1305_get_tag(poly_key, ad, ad_len, input, input_len, calc_tag);
|
||||
+ poly1305_get_tag(poly_key, input, input_len, calc_tag);
|
||||
|
||||
if(memcmp_eq(calc_tag, tag, tag_len) != 0) {
|
||||
return CHACHAPOLY_INVALID_MAC;
|
||||
@@ -135,7 +89,7 @@ int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
|
||||
/* add tag if encrypting */
|
||||
if(encrypt && tag_len) {
|
||||
- poly1305_get_tag(poly_key, ad, ad_len, output, input_len, calc_tag);
|
||||
+ poly1305_get_tag(poly_key, output, input_len, calc_tag);
|
||||
memcpy(tag, calc_tag, tag_len);
|
||||
}
|
||||
|
||||
@@ -143,7 +97,7 @@ int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
}
|
||||
|
||||
int chachapoly_crypt_short(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
- const void *ad, int ad_len, void *input, int input_len,
|
||||
+ void *input, int input_len,
|
||||
void *output, void *tag, int tag_len, int encrypt) {
|
||||
unsigned char keystream[CHACHA_BLOCKLEN];
|
||||
unsigned char calc_tag[POLY1305_TAGLEN];
|
||||
@@ -159,7 +113,7 @@ int chachapoly_crypt_short(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
|
||||
/* check tag if decrypting */
|
||||
if(encrypt == 0 && tag_len) {
|
||||
- poly1305_get_tag(keystream, ad, ad_len, input, input_len, calc_tag);
|
||||
+ poly1305_get_tag(keystream, input, input_len, calc_tag);
|
||||
|
||||
if(memcmp_eq(calc_tag, tag, tag_len) != 0) {
|
||||
return CHACHAPOLY_INVALID_MAC;
|
||||
@@ -174,7 +128,7 @@ int chachapoly_crypt_short(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
|
||||
/* add tag if encrypting */
|
||||
if(encrypt && tag_len) {
|
||||
- poly1305_get_tag(keystream, ad, ad_len, output, input_len, calc_tag);
|
||||
+ poly1305_get_tag(keystream, output, input_len, calc_tag);
|
||||
memcpy(tag, calc_tag, tag_len);
|
||||
}
|
||||
|
||||
diff --git a/src/chacha-poly1305/chachapoly.h b/src/chacha-poly1305/chachapoly.h
|
||||
index ffc9576d..5d01f525 100644
|
||||
--- a/src/chacha-poly1305/chachapoly.h
|
||||
+++ b/src/chacha-poly1305/chachapoly.h
|
||||
@@ -52,8 +52,6 @@ int chachapoly_init(struct chachapoly_ctx *ctx, const void *key, int key_len);
|
||||
*
|
||||
* \param ctx context data
|
||||
* \param nonce nonce (12 bytes)
|
||||
- * \param ad associated data
|
||||
- * \param ad_len associated data length in bytes
|
||||
* \param input plaintext/ciphertext input
|
||||
* \param input_len input length in bytes;
|
||||
* \param output plaintext/ciphertext output
|
||||
@@ -65,7 +63,7 @@ int chachapoly_init(struct chachapoly_ctx *ctx, const void *key, int key_len);
|
||||
* failed when decrypting
|
||||
*/
|
||||
int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
- const void *ad, int ad_len, void *input, int input_len,
|
||||
+ void *input, int input_len,
|
||||
void *output, void *tag, int tag_len, int encrypt);
|
||||
|
||||
/**
|
||||
@@ -76,7 +74,7 @@ int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
* chachapoly_crypt.
|
||||
*/
|
||||
int chachapoly_crypt_short(struct chachapoly_ctx *ctx, const void *nonce,
|
||||
- const void *ad, int ad_len, void *input, int input_len,
|
||||
+ void *input, int input_len,
|
||||
void *output, void *tag, int tag_len, int encrypt);
|
||||
|
||||
#endif
|
||||
diff --git a/src/chacha-poly1305/poly1305.c b/src/chacha-poly1305/poly1305.c
|
||||
index 0c90564c..b25435a7 100644
|
||||
--- a/src/chacha-poly1305/poly1305.c
|
||||
+++ b/src/chacha-poly1305/poly1305.c
|
||||
@@ -5,6 +5,20 @@ public domain
|
||||
|
||||
#include "poly1305.h"
|
||||
|
||||
+/* use memcpy() to copy blocks of memory (typically faster) */
|
||||
+#define USE_MEMCPY 1
|
||||
+/* use unaligned little-endian load/store (can be faster) */
|
||||
+#define USE_UNALIGNED 0
|
||||
+
|
||||
+struct poly1305_context {
|
||||
+ uint32_t r[5];
|
||||
+ uint32_t h[5];
|
||||
+ uint32_t pad[4];
|
||||
+ size_t leftover;
|
||||
+ unsigned char buffer[POLY1305_BLOCK_SIZE];
|
||||
+ unsigned char final;
|
||||
+};
|
||||
+
|
||||
#if (USE_UNALIGNED == 1)
|
||||
#define U8TO32(p) \
|
||||
(*((uint32_t *)(p)))
|
||||
@@ -33,7 +47,7 @@ U32TO8(unsigned char *p, uint32_t v) {
|
||||
}
|
||||
#endif
|
||||
|
||||
-void
|
||||
+static void
|
||||
poly1305_init(struct poly1305_context *st, const unsigned char key[32]) {
|
||||
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
|
||||
st->r[0] = (U8TO32(&key[ 0])) & 0x3ffffff;
|
||||
@@ -131,7 +145,7 @@ poly1305_blocks(struct poly1305_context *st, const unsigned char *m, size_t byte
|
||||
st->h[4] = h4;
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
poly1305_finish(struct poly1305_context *st, unsigned char mac[16]) {
|
||||
uint32_t h0, h1, h2, h3, h4, c;
|
||||
uint32_t g0, g1, g2, g3, g4;
|
||||
@@ -241,8 +255,7 @@ poly1305_finish(struct poly1305_context *st, unsigned char mac[16]) {
|
||||
st->pad[3] = 0;
|
||||
}
|
||||
|
||||
-
|
||||
-void
|
||||
+static void
|
||||
poly1305_update(struct poly1305_context *st, const unsigned char *m, size_t bytes) {
|
||||
size_t i;
|
||||
|
||||
@@ -293,10 +306,37 @@ poly1305_update(struct poly1305_context *st, const unsigned char *m, size_t byte
|
||||
}
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * Poly1305 tag generation. This concatenates a string according to the rules
|
||||
+ * outlined in RFC 7539 and calculates the tag.
|
||||
+ *
|
||||
+ * \param key 32 byte secret one-time key for poly1305
|
||||
+ * \param ct ciphertext
|
||||
+ * \param ct_len ciphertext length in bytes
|
||||
+ * \param tag pointer to 16 bytes for tag storage
|
||||
+ */
|
||||
void
|
||||
-poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]) {
|
||||
+poly1305_get_tag(const unsigned char key[32], const void *ct, int ct_len, unsigned char tag[16]) {
|
||||
struct poly1305_context ctx;
|
||||
+ unsigned left_over;
|
||||
+ uint64_t len;
|
||||
+ unsigned char pad[16];
|
||||
+
|
||||
poly1305_init(&ctx, key);
|
||||
- poly1305_update(&ctx, m, bytes);
|
||||
- poly1305_finish(&ctx, mac);
|
||||
+ memset(&pad, 0, sizeof(pad));
|
||||
+
|
||||
+ /* payload and padding */
|
||||
+ poly1305_update(&ctx, ct, ct_len);
|
||||
+ left_over = ct_len % 16;
|
||||
+
|
||||
+ if(left_over) {
|
||||
+ poly1305_update(&ctx, pad, 16 - left_over);
|
||||
+ }
|
||||
+
|
||||
+ /* lengths */
|
||||
+ len = 0;
|
||||
+ poly1305_update(&ctx, (unsigned char *)&len, 8);
|
||||
+ len = ct_len;
|
||||
+ poly1305_update(&ctx, (unsigned char *)&len, 8);
|
||||
+ poly1305_finish(&ctx, tag);
|
||||
}
|
||||
diff --git a/src/chacha-poly1305/poly1305.h b/src/chacha-poly1305/poly1305.h
|
||||
index 624a19a9..5fc3b903 100644
|
||||
--- a/src/chacha-poly1305/poly1305.h
|
||||
+++ b/src/chacha-poly1305/poly1305.h
|
||||
@@ -9,24 +9,6 @@
|
||||
#define POLY1305_TAGLEN 16
|
||||
#define POLY1305_BLOCK_SIZE 16
|
||||
|
||||
-/* use memcpy() to copy blocks of memory (typically faster) */
|
||||
-#define USE_MEMCPY 1
|
||||
-/* use unaligned little-endian load/store (can be faster) */
|
||||
-#define USE_UNALIGNED 0
|
||||
-
|
||||
-struct poly1305_context {
|
||||
- uint32_t r[5];
|
||||
- uint32_t h[5];
|
||||
- uint32_t pad[4];
|
||||
- size_t leftover;
|
||||
- unsigned char buffer[POLY1305_BLOCK_SIZE];
|
||||
- unsigned char final;
|
||||
-};
|
||||
-
|
||||
-void poly1305_init(struct poly1305_context *ctx, const unsigned char key[32]);
|
||||
-void poly1305_update(struct poly1305_context *ctx, const unsigned char *m, size_t bytes);
|
||||
-void poly1305_finish(struct poly1305_context *ctx, unsigned char mac[16]);
|
||||
-void poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]);
|
||||
+void poly1305_get_tag(const unsigned char key[32], const void *ct, int ct_len, unsigned char tag[16]);
|
||||
|
||||
#endif /* POLY1305_H */
|
||||
-
|
||||
diff --git a/src/sptps.c b/src/sptps.c
|
||||
index 7c8d20b7..8f713fe6 100644
|
||||
--- a/src/sptps.c
|
||||
+++ b/src/sptps.c
|
||||
@@ -168,7 +168,7 @@ static bool cipher_encrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8
|
||||
#ifndef HAVE_OPENSSL
|
||||
|
||||
case SPTPS_CHACHA_POLY1305: {
|
||||
- if(chachapoly_crypt(ctx, nonce, NULL, 0, (void *)in, inlen, out, out + inlen, 16, 1) != CHACHAPOLY_OK) {
|
||||
+ if(chachapoly_crypt(ctx, nonce, (void *)in, inlen, out, out + inlen, 16, 1) != CHACHAPOLY_OK) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -249,7 +249,7 @@ static bool cipher_decrypt(uint8_t suite, void *ctx, uint32_t seqno, const uint8
|
||||
#ifndef HAVE_OPENSSL
|
||||
|
||||
case SPTPS_CHACHA_POLY1305:
|
||||
- if(chachapoly_crypt(ctx, nonce, NULL, 0, (void *)in, inlen, out, (void *)(in + inlen), 16, 0) != CHACHAPOLY_OK) {
|
||||
+ if(chachapoly_crypt(ctx, nonce, (void *)in, inlen, out, (void *)(in + inlen), 16, 0) != CHACHAPOLY_OK) {
|
||||
return false;
|
||||
}
|
||||
|
||||
--
|
||||
2.36.0
|
||||
|
11
debian/patches/fix-version-number
vendored
Normal file
11
debian/patches/fix-version-number
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -3,7 +3,7 @@
|
||||
origcflags="$CFLAGS"
|
||||
|
||||
AC_PREREQ(2.69)
|
||||
-AC_INIT([tinc], m4_esyscmd_s((git describe || echo UNKNOWN) | sed 's/release-//'))
|
||||
+AC_INIT([tinc], [1.1~pre18])
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AM_INIT_AUTOMAKE([std-options subdir-objects nostdinc silent-rules -Wall])
|
||||
AC_CONFIG_HEADERS([config.h])
|
11
debian/patches/series
vendored
Normal file
11
debian/patches/series
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
0001-Add-AES-256-GCM-support-to-SPTPS.patch
|
||||
0002-Add-cipher-suite-selection-options-to-sptps_test.patch
|
||||
0003-Let-sptps_speed-benchmark-all-cipher-suites.patch
|
||||
0004-If-we-link-with-OpenSSL-use-it-for-Chacha20-Poly1305.patch
|
||||
0005-Update-the-built-in-Chacha20-Poly1305-code-to-an-RFC.patch
|
||||
0006-Ensure-we-are-compatible-with-LibreSSL.patch
|
||||
0007-Fix-infinite-loop-on-SPTPS-errors-when-running-sptps.patch
|
||||
0008-Fix-documentation-of-default-cipher-algorithm-used-f.patch
|
||||
0009-Make-the-ExperimentalProtocol-option-obsolete.patch
|
||||
0010-Move-poly1305_get_tag-into-poly1305.c-hide-poly1305_.patch
|
||||
fix-version-number
|
23
debian/postinst
vendored
Normal file
23
debian/postinst
vendored
Normal file
|
@ -0,0 +1,23 @@
|
|||
#! /bin/sh
|
||||
|
||||
NETSFILE="/etc/tinc/nets.boot"
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
if [ ! -e $NETSFILE ] ; then
|
||||
echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE
|
||||
fi
|
||||
;;
|
||||
|
||||
abort-upgrade|abort-remove|abort-deconfigure)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "postinst called with unknown argument \`$1'" >&2
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
9
debian/postrm
vendored
Normal file
9
debian/postrm
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if [ "$1" = purge ]; then
|
||||
rm -f /etc/tinc/nets.boot
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
28
debian/preinst
vendored
Normal file
28
debian/preinst
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
|
||||
NETSFILE="/etc/tinc/nets.boot"
|
||||
SYSTEM="/lib/systemd/system"
|
||||
WANTS="/etc/systemd/system/multi-user.target.wants"
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
upgrade)
|
||||
if dpkg --compare-versions "$2" '<<' "1.1~pre11-1"; then
|
||||
if [ -f "$NETSFILE" ]; then
|
||||
echo -n "Creating systemd service instances from nets.boot:"
|
||||
mkdir -p "$WANTS"
|
||||
egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
|
||||
echo -n " $net"
|
||||
ln -s "$SYSTEM/tinc@.service" "$WANTS/tinc@$net.service" 2>/dev/null || true
|
||||
done
|
||||
echo "."
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
21
debian/rules
vendored
Executable file
21
debian/rules
vendored
Executable file
|
@ -0,0 +1,21 @@
|
|||
#!/usr/bin/make -f
|
||||
|
||||
%:
|
||||
dh $@ --with quilt
|
||||
|
||||
override_dh_auto_configure:
|
||||
dh_auto_configure -- --enable-uml \
|
||||
--with-systemd=/lib/systemd/system/
|
||||
$(MAKE) clean
|
||||
|
||||
override_dh_auto_install:
|
||||
dh_auto_install -- install-html
|
||||
# Remove info dir file
|
||||
rm -f debian/tinc/usr/share/info/dir
|
||||
|
||||
override_dh_auto_test:
|
||||
# Don't run the tests, it involves starting tinc daemons and making network connections.
|
||||
# I don't think the autobuilders will like this.
|
||||
|
||||
override_dh_installinit:
|
||||
dh_installinit -r
|
1
debian/source/format
vendored
Normal file
1
debian/source/format
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
3.0 (quilt)
|
7
debian/tinc.default
vendored
Normal file
7
debian/tinc.default
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Extra options to be passed to tincd.
|
||||
# EXTRA="-d"
|
||||
|
||||
# Limits to be configured for the tincd process. Please read your shell
|
||||
# (pointed by /bin/sh) documentation for ulimit. You probably want to raise the
|
||||
# max locked memory value if using both --mlock and --user flags.
|
||||
# LIMITS="-l 128"
|
3
debian/tinc.docs
vendored
Normal file
3
debian/tinc.docs
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
NEWS
|
||||
README
|
||||
AUTHORS
|
13
debian/tinc.if-post-down
vendored
Executable file
13
debian/tinc.if-post-down
vendored
Executable file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
test "$METHOD" != loopback -a -n "$IF_TINC_NET" || exit 0
|
||||
|
||||
if test -z "$IF_TINC_PIDFILE"; then
|
||||
/usr/sbin/tinc -n "$IF_TINC_NET" stop $EXTRA
|
||||
else
|
||||
/usr/sbin/tinc -n "$IF_TINC_NET" --pidfile="$IF_TINC_PIDFILE" stop
|
||||
fi
|
||||
|
||||
exit 0
|
46
debian/tinc.if-pre-up
vendored
Executable file
46
debian/tinc.if-pre-up
vendored
Executable file
|
@ -0,0 +1,46 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
test -n "$IF_TINC_NET" || exit 0
|
||||
|
||||
# Read options from /etc/default
|
||||
|
||||
if test -e /etc/default/tinc; then
|
||||
. /etc/default/tinc
|
||||
fi
|
||||
|
||||
# Set process limits
|
||||
|
||||
setlimits() {
|
||||
while [ $# -gt 0 ]; do
|
||||
parm=$1 ; shift
|
||||
if [ -n "$1" -a "${1#-}" = "$1" ]; then
|
||||
value=$1 ; shift
|
||||
ulimit $parm $value
|
||||
else
|
||||
ulimit $parm
|
||||
fi
|
||||
done
|
||||
}
|
||||
test -n "$LIMITS" && setlimits $LIMITS
|
||||
|
||||
# Read options from /etc/network/interfaces
|
||||
|
||||
test -z "$IF_TINC_CONFIG" || EXTRA="$EXTRA -c $IF_TINC_CONFIG"
|
||||
test -z "$IF_TINC_DEBUG" || EXTRA="$EXTRA -d$IF_TINC_DEBUG"
|
||||
test -z "$IF_TINC_MLOCK" || EXTRA="$EXTRA --mlock"
|
||||
test -z "$IF_TINC_LOGFILE" || EXTRA="$EXTRA --logfile=$IF_TINC_LOGFILE"
|
||||
test -z "$IF_TINC_PIDFILE" || EXTRA="$EXTRA --pidfile=$IF_TINC_PIDFILE" || IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid
|
||||
test -z "$IF_TINC_CHROOT" || EXTRA="$EXTRA --chroot"
|
||||
test -z "$IF_TINC_USER" || EXTRA="$EXTRA --user=$IF_TINC_USER"
|
||||
|
||||
# Start tinc daemon
|
||||
|
||||
if test -z "$IF_TINC_PIDFILE"; then
|
||||
/usr/sbin/tinc -n "$IF_TINC_NET" start -o "Interface=$IFACE" $EXTRA
|
||||
else
|
||||
/usr/sbin/tinc -n "$IF_TINC_NET" --pidfile="$IF_TINC_PIDFILE" start -o "Interface=$IFACE" $EXTRA
|
||||
fi
|
||||
|
||||
exit 0
|
11
debian/tinc.if-up
vendored
Executable file
11
debian/tinc.if-up
vendored
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
test "$METHOD" != loopback -a -n "$IF_TINC_NET" || exit 0
|
||||
|
||||
if test -z "$IF_TINC_PIDFILE"; then
|
||||
/usr/sbin/tinc -n "$IF_TINC_NET" retry
|
||||
else
|
||||
/usr/sbin/tinc -n "$IF_TINC_NET" --pidfile="$IF_TINC_PIDFILE" retry
|
||||
fi
|
103
debian/tinc.noinit
vendored
Normal file
103
debian/tinc.noinit
vendored
Normal file
|
@ -0,0 +1,103 @@
|
|||
#! /bin/sh
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: tinc
|
||||
# Required-Start: $remote_fs $network
|
||||
# Required-Stop: $remote_fs $network
|
||||
# Should-Start: $syslog $named
|
||||
# Should-Stop: $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Start tinc daemons
|
||||
# Description: Create a file $NETSFILE (/etc/tinc/nets.boot),
|
||||
# and put all the names of the networks in there.
|
||||
# These names must be valid directory names under
|
||||
# $TCONF (/etc/tinc). Lines starting with a # will be
|
||||
# ignored in this file.
|
||||
### END INIT INFO
|
||||
#
|
||||
# Based on Lubomir Bulej's Redhat init script.
|
||||
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
DAEMON="/usr/sbin/tincd"
|
||||
CONTROL="/usr/sbin/tinc"
|
||||
NAME="tinc"
|
||||
DESC="tinc daemons"
|
||||
TCONF="/etc/tinc"
|
||||
NETSFILE="$TCONF/nets.boot"
|
||||
NETS=""
|
||||
|
||||
test -f $DAEMON || exit 0
|
||||
|
||||
[ -r /etc/default/tinc ] && . /etc/default/tinc
|
||||
|
||||
# foreach_net "what-to-say" action [arguments...]
|
||||
foreach_net() {
|
||||
if [ ! -f $NETSFILE ] ; then
|
||||
echo "Please create $NETSFILE."
|
||||
exit 0
|
||||
fi
|
||||
echo -n "$1"
|
||||
shift
|
||||
egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
|
||||
echo -n " $net"
|
||||
case "$1" in
|
||||
start|restart) $CONTROL -n $net $1 $EXTRA $args ;;
|
||||
*) $CONTROL -n $net $1 ;;
|
||||
esac
|
||||
done
|
||||
echo "."
|
||||
}
|
||||
|
||||
signal_running() {
|
||||
for i in /var/run/tinc.*pid; do
|
||||
if [ -f "$i" ]; then
|
||||
head -1 $i | while read pid junk; do
|
||||
kill -$1 $pid
|
||||
done
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
setlimits() {
|
||||
while [ $# -gt 0 ]; do
|
||||
parm=$1 ; shift
|
||||
if [ -n "$1" -a "${1#-}" = "$1" ]; then
|
||||
value=$1 ; shift
|
||||
ulimit $parm $value
|
||||
else
|
||||
ulimit $parm
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
test -n "$LIMITS" && setlimits $LIMITS
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
foreach_net "Starting $DESC:" start
|
||||
;;
|
||||
stop)
|
||||
foreach_net "Stopping $DESC:" stop
|
||||
;;
|
||||
reload|force-reload)
|
||||
foreach_net "Reloading $DESC configuration:" reload
|
||||
;;
|
||||
restart)
|
||||
foreach_net "Restarting $DESC:" restart
|
||||
;;
|
||||
force-restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
retry)
|
||||
signal_running ALRM
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|retry}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
2
depcomp
2
depcomp
|
@ -3,7 +3,7 @@
|
|||
|
||||
scriptversion=2018-03-07.03; # UTC
|
||||
|
||||
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.16.1 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.16.3 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
1387
doc/texinfo.tex
1387
doc/texinfo.tex
File diff suppressed because it is too large
Load diff
|
@ -114,7 +114,7 @@ If
|
|||
.Qq any
|
||||
is selected, then depending on the operating system both IPv4 and IPv6 or just
|
||||
IPv6 listening sockets will be created.
|
||||
.It Va AutoConnect Li = yes | no Po yes
|
||||
.It Va AutoConnect Li = yes | no Pq yes
|
||||
If set to yes,
|
||||
.Nm tinc
|
||||
will automatically set up meta connections to other nodes,
|
||||
|
@ -235,7 +235,8 @@ Do NOT connect multiple
|
|||
daemons to the same multicast address, this will very likely cause routing loops.
|
||||
Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured.
|
||||
.It fd
|
||||
Use a file descriptor.
|
||||
Use a file descriptor, given directly as an integer or passed through a unix domain socket.
|
||||
On Linux, an abstract socket address can be specified by using "@" as a prefix.
|
||||
All packets are read from this interface.
|
||||
Packets received for the local node are written to it.
|
||||
.It uml Pq not compiled in by default
|
||||
|
@ -683,7 +684,7 @@ this means that tinc will temporarily stop processing packets until the called s
|
|||
This guarantees that scripts will execute in the exact same order as the events that trigger them.
|
||||
If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
|
||||
.Pp
|
||||
Under Windows (not Cygwin), the scripts must have the extension
|
||||
Under Windows, the scripts must have the extension
|
||||
.Pa .bat
|
||||
or
|
||||
.Pa .cmd .
|
||||
|
|
528
doc/tinc.info
528
doc/tinc.info
File diff suppressed because it is too large
Load diff
193
doc/tinc.texi
193
doc/tinc.texi
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2018 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2021 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -43,7 +43,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2018 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2021 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
@ -182,7 +182,7 @@ available too.
|
|||
@section Supported platforms
|
||||
|
||||
@cindex platforms
|
||||
Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment),
|
||||
Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows,
|
||||
with various hardware architectures. These are some of the platforms
|
||||
that are supported by the universal tun/tap device driver or other virtual network device drivers.
|
||||
Without such a driver, tinc will most
|
||||
|
@ -267,7 +267,7 @@ alias char-major-10-200 tun
|
|||
@subsection Configuration of FreeBSD kernels
|
||||
|
||||
For FreeBSD version 4.1 and higher, tun and tap drivers are included in the default kernel configuration.
|
||||
The tap driver can be loaded with @code{kldload if_tap}, or by adding @code{if_tap_load="YES"} to @file{/boot/loader.conf}.
|
||||
The tap driver can be loaded with @command{kldload if_tap}, or by adding @samp{if_tap_load="YES"} to @file{/boot/loader.conf}.
|
||||
|
||||
|
||||
@c ==================================================================
|
||||
|
@ -308,7 +308,7 @@ Tinc also supports the driver from @uref{http://tuntaposx.sourceforge.net/},
|
|||
which supports both tun and tap style devices,
|
||||
|
||||
By default, tinc expects the tuntaposx driver to be installed.
|
||||
To use the utun driver, set add @code{Device = utunX} to @file{tinc.conf},
|
||||
To use the utun driver, set add @samp{Device = utunX} to @file{tinc.conf},
|
||||
where X is the desired number for the utun interface.
|
||||
You can also omit the number, in which case the first free number will be chosen.
|
||||
|
||||
|
@ -421,7 +421,7 @@ by the zlib library.
|
|||
|
||||
If this library is not installed, you will get an error when running the
|
||||
configure script. You can either install the zlib library, or disable support
|
||||
for zlib compression by using the "--disable-zlib" option when running the
|
||||
for zlib compression by using the @option{--disable-zlib} option when running the
|
||||
configure script. Note that if you disable support for zlib, the resulting
|
||||
binary will not work correctly on VPNs where zlib compression is used.
|
||||
|
||||
|
@ -445,7 +445,7 @@ Another form of compression is offered using the LZO library.
|
|||
|
||||
If this library is not installed, you will get an error when running the
|
||||
configure script. You can either install the LZO library, or disable support
|
||||
for LZO compression by using the "--disable-lzo" option when running the
|
||||
for LZO compression by using the @option{--disable-lzo} option when running the
|
||||
configure script. Note that if you disable support for LZO, the resulting
|
||||
binary will not work correctly on VPNs where LZO compression is used.
|
||||
|
||||
|
@ -465,12 +465,12 @@ default).
|
|||
@subsection libcurses
|
||||
|
||||
@cindex libcurses
|
||||
For the "tinc top" command, tinc requires a curses library.
|
||||
For the @command{tinc top} command, tinc requires a curses library.
|
||||
|
||||
If this library is not installed, you will get an error when running the
|
||||
configure script. You can either install a suitable curses library, or disable
|
||||
all functionality that depends on a curses library by using the
|
||||
"--disable-curses" option when running the configure script.
|
||||
@option{--disable-curses} option when running the configure script.
|
||||
|
||||
There are several curses libraries. It is recommended that you install
|
||||
"ncurses" (@url{https://invisible-island.net/ncurses/}),
|
||||
|
@ -488,12 +488,12 @@ of this package.
|
|||
@subsection libreadline
|
||||
|
||||
@cindex libreadline
|
||||
For the "tinc" command's shell functionality, tinc uses the readline library.
|
||||
For the @command{tinc} command's shell functionality, tinc uses the readline library.
|
||||
|
||||
If this library is not installed, you will get an error when running the
|
||||
configure script. You can either install a suitable readline library, or
|
||||
disable all functionality that depends on a readline library by using the
|
||||
"--disable-readline" option when running the configure script.
|
||||
@option{--disable-readline} option when running the configure script.
|
||||
|
||||
You can use your operating system's package manager to install this if
|
||||
available. Make sure you install the development AND runtime versions
|
||||
|
@ -553,7 +553,6 @@ The documentation that comes along with your distribution will tell you how to d
|
|||
|
||||
@menu
|
||||
* Darwin (MacOS/X) build environment::
|
||||
* Cygwin (Windows) build environment::
|
||||
* MinGW (Windows) build environment::
|
||||
@end menu
|
||||
|
||||
|
@ -568,17 +567,6 @@ It might also help to install a recent version of Fink from @uref{http://www.fin
|
|||
You need to download and install LibreSSL (or OpenSSL) and LZO,
|
||||
either directly from their websites (see @ref{Libraries}) or using Fink.
|
||||
|
||||
@c ==================================================================
|
||||
@node Cygwin (Windows) build environment
|
||||
@subsection Cygwin (Windows) build environment
|
||||
|
||||
If Cygwin hasn't already been installed, install it directly from
|
||||
@uref{https://www.cygwin.com/}.
|
||||
|
||||
When tinc is compiled in a Cygwin environment, it can only be run in this environment,
|
||||
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
|
||||
It will also support all features.
|
||||
|
||||
@c ==================================================================
|
||||
@node MinGW (Windows) build environment
|
||||
@subsection MinGW (Windows) build environment
|
||||
|
@ -639,7 +627,7 @@ myvpn 10.0.0.0
|
|||
|
||||
@cindex port numbers
|
||||
You may add this line to @file{/etc/services}. The effect is that you
|
||||
may supply a @samp{tinc} as a valid port number to some programs. The
|
||||
may supply @samp{tinc} as a valid port number to some programs. The
|
||||
number 655 is registered with the IANA.
|
||||
|
||||
@example
|
||||
|
@ -699,10 +687,10 @@ First, create the initial configuration files and public/private keypairs using
|
|||
@example
|
||||
tinc -n @var{NETNAME} init @var{NAME}
|
||||
@end example
|
||||
Second, use @samp{tinc -n @var{NETNAME} add ...} to further configure tinc.
|
||||
Finally, export your host configuration file using @samp{tinc -n @var{NETNAME} export} and send it to those
|
||||
Second, use @command{tinc -n @var{NETNAME} add ...} to further configure tinc.
|
||||
Finally, export your host configuration file using @command{tinc -n @var{NETNAME} export} and send it to those
|
||||
people or computers you want tinc to connect to.
|
||||
They should send you their host configuration file back, which you can import using @samp{tinc -n @var{NETNAME} import}.
|
||||
They should send you their host configuration file back, which you can import using @command{tinc -n @var{NETNAME} import}.
|
||||
|
||||
These steps are described in the subsections below.
|
||||
|
||||
|
@ -953,7 +941,8 @@ Also note that this can cause decrypted VPN packets to be sent out on a real net
|
|||
|
||||
@cindex fd
|
||||
@item fd
|
||||
Use a file descriptor.
|
||||
Use a file descriptor, given directly as an integer or passed through a unix domain socket.
|
||||
On Linux, an abstract socket address can be specified by using @samp{@@} as a prefix.
|
||||
All packets are read from this interface.
|
||||
Packets received for the local node are written to it.
|
||||
|
||||
|
@ -1024,7 +1013,7 @@ When this option is enabled, the SPTPS protocol will be used when connecting to
|
|||
Ephemeral ECDH will be used for key exchanges,
|
||||
and Ed25519 will be used instead of RSA for authentication.
|
||||
When enabled, an Ed25519 key must have been generated before with
|
||||
@samp{tinc generate-ed25519-keys}.
|
||||
@command{tinc generate-ed25519-keys}.
|
||||
|
||||
@cindex Forwarding
|
||||
@item Forwarding = <off|internal|kernel> (internal) [experimental]
|
||||
|
@ -1081,7 +1070,7 @@ in which case listening sockets for each specified address are made.
|
|||
|
||||
If no @var{port} is specified, the socket will listen on the port specified by the Port option,
|
||||
or to port 655 if neither is given.
|
||||
To only listen on a specific port but not to a specific address, use "*" for the @var{address}.
|
||||
To only listen on a specific port but not to a specific address, use @samp{*} for the @var{address}.
|
||||
|
||||
@cindex LocalDiscovery
|
||||
@item LocalDiscovery = <yes | no> (no)
|
||||
|
@ -1141,7 +1130,7 @@ impossible to crack a single key.
|
|||
@cindex MACExpire
|
||||
@item MACExpire = <@var{seconds}> (600)
|
||||
This option controls the amount of time MAC addresses are kept before they are removed.
|
||||
This only has effect when Mode is set to "switch".
|
||||
This only has effect when Mode is set to @samp{switch}.
|
||||
|
||||
@cindex MaxConnectionBurst
|
||||
@item MaxConnectionBurst = <@var{count}> (100)
|
||||
|
@ -1185,7 +1174,7 @@ accidental eavesdropping if you are editing the configuration file.
|
|||
@cindex PrivateKeyFile
|
||||
@item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv})
|
||||
This is the full path name of the RSA private key file that was
|
||||
generated by @samp{tinc generate-keys}. It must be a full path, not a
|
||||
generated by @command{tinc generate-keys}. It must be a full path, not a
|
||||
relative directory.
|
||||
|
||||
@cindex ProcessPriority
|
||||
|
@ -1287,7 +1276,7 @@ Note: this setting can have a significant impact on performance, especially raw
|
|||
@item UPnP = <yes|udponly|no> (no)
|
||||
If this option is enabled then tinc will search for UPnP-IGD devices on the local network.
|
||||
It will then create and maintain port mappings for tinc's listening TCP and UDP ports.
|
||||
If set to "udponly", tinc will only create a mapping for its UDP (data) port, not for its TCP (metaconnection) port.
|
||||
If set to @samp{udponly}, tinc will only create a mapping for its UDP (data) port, not for its TCP (metaconnection) port.
|
||||
Note that tinc must have been built with miniupnpc support for this feature to be available.
|
||||
Furthermore, be advised that enabling this can have security implications, because the miniupnpc library that
|
||||
tinc uses might not be well-hardened with regard to malicious UPnP replies.
|
||||
|
@ -1322,7 +1311,7 @@ tried until a working connection has been established.
|
|||
@item Cipher = <@var{cipher}> (blowfish)
|
||||
The symmetric cipher algorithm used to encrypt UDP packets using the legacy protocol.
|
||||
Any cipher supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying "none" will turn off packet encryption.
|
||||
Furthermore, specifying @samp{none} will turn off packet encryption.
|
||||
It is best to use only those ciphers which support CBC mode.
|
||||
This option has no effect for connections using the SPTPS protocol, which always use AES-256-CTR.
|
||||
|
||||
|
@ -1342,7 +1331,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
|||
@item Digest = <@var{digest}> (sha1)
|
||||
The digest algorithm used to authenticate UDP packets using the legacy protocol.
|
||||
Any digest supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying "none" will turn off packet authentication.
|
||||
Furthermore, specifying @samp{none} will turn off packet authentication.
|
||||
This option has no effect for connections using the SPTPS protocol, which always use HMAC-SHA-256.
|
||||
|
||||
@cindex IndirectData
|
||||
|
@ -1383,7 +1372,7 @@ This is the RSA public key for this host.
|
|||
@cindex PublicKeyFile
|
||||
@item PublicKeyFile = <@var{path}> [obsolete]
|
||||
This is the full path name of the RSA public key file that was generated
|
||||
by @samp{tinc generate-keys}. It must be a full path, not a relative
|
||||
by @command{tinc generate-keys}. It must be a full path, not a relative
|
||||
directory.
|
||||
|
||||
@cindex PEM format
|
||||
|
@ -1455,7 +1444,7 @@ this means that tinc will temporarily stop processing packets until the called s
|
|||
This guarantees that scripts will execute in the exact same order as the events that trigger them.
|
||||
If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
|
||||
|
||||
Under Windows (not Cygwin), the scripts should have the extension @file{.bat} or @file{.cmd}.
|
||||
Under Windows, the scripts should have the extension @file{.bat} or @file{.cmd}.
|
||||
|
||||
@table @file
|
||||
@cindex tinc-up
|
||||
|
@ -1557,7 +1546,7 @@ this is set to the invitation URL that has been created.
|
|||
@end table
|
||||
|
||||
Do not forget that under UNIX operating systems,
|
||||
you have to make the scripts executable, using the command @samp{chmod a+x script}.
|
||||
you have to make the scripts executable, using the command @command{chmod a+x script}.
|
||||
|
||||
|
||||
@c ==================================================================
|
||||
|
@ -1572,7 +1561,7 @@ The initial directory structure, configuration files and public/private keypairs
|
|||
tinc -n @var{netname} init @var{name}
|
||||
@end example
|
||||
|
||||
(You will need to run this as root, or use "sudo".)
|
||||
(You will need to run this as root, or use @command{sudo}.)
|
||||
This will create the configuration directory @file{@value{sysconfdir}/tinc/@var{netname}.},
|
||||
and inside it will create another directory named @file{hosts/}.
|
||||
In the configuration directory, it will create the file @file{tinc.conf} with the following contents:
|
||||
|
@ -1706,8 +1695,8 @@ The netmask is the mask of the @emph{entire} VPN network, not just your
|
|||
own subnet.
|
||||
The second command gives the interface an IPv6 address and netmask,
|
||||
which will also automatically add an IPv6 route.
|
||||
If you only want to use "ip addr" commands on Linux, don't forget that it doesn't bring the interface up, unlike ifconfig,
|
||||
so you need to add @samp{ip link set $INTERFACE up} in that case.
|
||||
If you only want to use @command{ip addr} commands on Linux, don't forget that it doesn't bring the interface up, unlike ifconfig,
|
||||
so you need to add @command{ip link set $INTERFACE up} in that case.
|
||||
|
||||
The exact syntax of the ifconfig and route commands differs from platform to platform.
|
||||
You can look up the commands for setting addresses and adding routes in @ref{Platform specific information},
|
||||
|
@ -1747,7 +1736,7 @@ the real interface is also shown as a comment, to give you an idea of
|
|||
how these example host is set up. All branches use the netname `company'
|
||||
for this particular VPN.
|
||||
|
||||
Each branch is set up using the @samp{tinc init} and @samp{tinc config} commands,
|
||||
Each branch is set up using the @command{tinc init} and @command{tinc config} commands,
|
||||
here we just show the end results:
|
||||
|
||||
@subsubheading For Branch A
|
||||
|
@ -2238,7 +2227,7 @@ Be sure to include the following information in your bugreport:
|
|||
@item What platform (operating system, version, hardware architecture) and which version of tinc you use.
|
||||
@item If compiling tinc fails, a copy of @file{config.log} and the error messages you get.
|
||||
@item Otherwise, a copy of @file{tinc.conf}, @file{tinc-up} and all files in the @file{hosts/} directory.
|
||||
@item The output of the commands @samp{ifconfig -a} and @samp{route -n} (or @samp{netstat -rn} if that doesn't work).
|
||||
@item The output of the commands @command{ifconfig -a} and @command{route -n} (or @command{netstat -rn} if that doesn't work).
|
||||
@item The output of any command that fails to work as it should (like ping or traceroute).
|
||||
@end itemize
|
||||
|
||||
|
@ -2319,7 +2308,7 @@ the value of this environment variable is used.
|
|||
@section tinc commands
|
||||
|
||||
@c from the manpage
|
||||
@table @code
|
||||
@table @samp
|
||||
|
||||
@cindex init
|
||||
@item init [@var{name}]
|
||||
|
@ -2386,15 +2375,15 @@ If no @var{URL} is given, it will be read from standard input.
|
|||
|
||||
@cindex start
|
||||
@item start [tincd options]
|
||||
Start @samp{tincd}, optionally with the given extra options.
|
||||
Start @command{tincd}, optionally with the given extra options.
|
||||
|
||||
@cindex stop
|
||||
@item stop
|
||||
Stop @samp{tincd}.
|
||||
Stop @command{tincd}.
|
||||
|
||||
@cindex restart
|
||||
@item restart [tincd options]
|
||||
Restart @samp{tincd}, optionally with the given extra options.
|
||||
Restart @command{tincd}, optionally with the given extra options.
|
||||
|
||||
@cindex reload
|
||||
@item reload
|
||||
|
@ -2404,7 +2393,7 @@ in @file{tinc.conf} will be made.
|
|||
|
||||
@cindex pid
|
||||
@item pid
|
||||
Shows the PID of the currently running @samp{tincd}.
|
||||
Shows the PID of the currently running @command{tincd}.
|
||||
|
||||
@cindex generate-keys
|
||||
@item generate-keys [@var{bits}]
|
||||
|
@ -2515,8 +2504,8 @@ The signed file is written to standard output.
|
|||
|
||||
Check the signature of a file against a node's public key.
|
||||
The @var{name} of the node must be given,
|
||||
or can be "." to check against the local node's public key,
|
||||
or "*" to allow a signature from any node whose public key is known.
|
||||
or can be @samp{.} to check against the local node's public key,
|
||||
or @samp{*} to allow a signature from any node whose public key is known.
|
||||
If no @var{filename} is given, the file is read from standard input.
|
||||
If the verification is successful, a copy of the input with the signature removed is written to standard output, and the exit code will be zero.
|
||||
If the verification failed, nothing will be written to standard output, and the exit code will be non-zero.
|
||||
|
@ -2612,9 +2601,9 @@ Quit.
|
|||
@chapter Invitations
|
||||
|
||||
Invitations are an easy way to add new nodes to an existing VPN. Invitations
|
||||
can be created on an existing node using the @code{tinc invite} command, which
|
||||
can be created on an existing node using the @command{tinc invite} command, which
|
||||
generates a relatively short URL which can be given to someone else, who uses
|
||||
the @code{tinc join} command to automatically set up tinc so it can connect to
|
||||
the @command{tinc join} command to automatically set up tinc so it can connect to
|
||||
the inviting node. The next sections describe how invitations actually work,
|
||||
and how to further automate the invitations.
|
||||
|
||||
|
@ -2630,7 +2619,7 @@ and how to further automate the invitations.
|
|||
@section How invitations work
|
||||
|
||||
When an invitation is created on a node (which from now on we will call the
|
||||
server) using the @code{tinc invite} command, an invitation file is created
|
||||
server) using the @command{tinc invite} command, an invitation file is created
|
||||
that contains all the information necessary for the invitee (which we will call
|
||||
the client) to create its configuration files. The invitation file is stays on
|
||||
the server, but a URL is generated that has enough information for the client
|
||||
|
@ -2668,14 +2657,14 @@ information in the invitation file.
|
|||
|
||||
It is important that the invitation URL is kept secret until it is used; if
|
||||
another person gets a copy of the invitation URL before the real client runs
|
||||
the @code{tinc join} command, then that other person can try to join the VPN.
|
||||
the @command{tinc join} command, then that other person can try to join the VPN.
|
||||
|
||||
|
||||
@c ==================================================================
|
||||
@node Invitation file format
|
||||
@section Invitation file format
|
||||
|
||||
The contents of an invitation file that is generated by the @code{tinc invite}
|
||||
The contents of an invitation file that is generated by the @command{tinc invite}
|
||||
command looks like this:
|
||||
|
||||
@example
|
||||
|
@ -2689,15 +2678,15 @@ Address = server.example.com
|
|||
@end example
|
||||
|
||||
The file is basically a concatenation of several host config blocks. Each host
|
||||
config block starts with @code{Name = ...}. Lines that look like @code{#---#}
|
||||
config block starts with @samp{Name = ...}. Lines that look like @samp{#---#}
|
||||
are not important, it just makes it easier for humans to read the file.
|
||||
However, the first line of an invitation file @emph{must} always start with
|
||||
@code{Name = ...}.
|
||||
@samp{Name = ...}.
|
||||
|
||||
The first host config block is always the one representing the invitee. So the
|
||||
first Name statement determines the name that the invitee will get. From the
|
||||
first block, the @file{tinc.conf} and @file{hosts/client} files will be
|
||||
generated; the @code{tinc join} command on the client will automatically
|
||||
generated; the @command{tinc join} command on the client will automatically
|
||||
separate statements based on whether they should be in @file{tinc.conf} or in a
|
||||
host config file. Some statements are special and are treated differently:
|
||||
|
||||
|
@ -2711,9 +2700,9 @@ configuration with the same netname.
|
|||
@item Ifconfig = <@var{address}[/@var{netmask}] | dhcp | dhcp6 | slaac>
|
||||
This is a hint for generating a @file{tinc-up} script.
|
||||
If an address is specified, a command will be added to @file{tinc-up} so the VPN interface will be configured to have the given address.
|
||||
If it is the word "dhcp", a command will be added to start a DHCP client on the VPN interface.
|
||||
If it is the word dhcpv6, it will be a DHCPv6 client.
|
||||
If it is "slaac", then it will add commands to enable IPv6 stateless address autoconfiguration.
|
||||
If it is the word @samp{dhcp}, a command will be added to start a DHCP client on the VPN interface.
|
||||
If it is the word @samp{dhcpv6}, it will be a DHCPv6 client.
|
||||
If it is @samp{slaac}, then it will add commands to enable IPv6 stateless address autoconfiguration.
|
||||
It is also possible to specify a MAC address, in which case a command will be added to set the MAC address of the VPN interface.
|
||||
|
||||
The exact commands added to the @file{tinc-up} script depends on the operating system the client is using.
|
||||
|
@ -2729,7 +2718,7 @@ In general, a gateway is only necessary when running tinc in switch mode.
|
|||
@end table
|
||||
|
||||
Subsequent host config blocks are copied verbatim into their respective files
|
||||
in @file{hosts/}. The invitation file generated by @code{tinc invite} will
|
||||
in @file{hosts/}. The invitation file generated by @command{tinc invite} will
|
||||
normally only contain two blocks; one for the client and one for the server.
|
||||
|
||||
|
||||
|
@ -2737,7 +2726,7 @@ normally only contain two blocks; one for the client and one for the server.
|
|||
@node Writing an invitation-created script
|
||||
@section Writing an invitation-created script
|
||||
|
||||
When an invitation is generated, the "invitation-created" script is called (if
|
||||
When an invitation is generated, the @file{invitation-created} script is called (if
|
||||
it exists) right after the invitation file is written, but before the URL has
|
||||
been written to stdout. This allows one to change the invitation file
|
||||
automatically before the invitation URL is passed to the invitee. Here is an
|
||||
|
@ -3424,42 +3413,42 @@ For IPv4 addresses:
|
|||
|
||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||
@item Linux
|
||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||
@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
|
||||
@item Linux iproute2
|
||||
@tab @code{ip addr add} @var{address}@code{/}@var{prefixlength} @code{dev} @var{interface}
|
||||
@tab @command{ip addr add} @var{address}@samp{/}@var{prefixlength} @samp{dev} @var{interface}
|
||||
@item FreeBSD
|
||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||
@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
|
||||
@item OpenBSD
|
||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||
@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
|
||||
@item NetBSD
|
||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||
@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
|
||||
@item Solaris
|
||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||
@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
|
||||
@item Darwin (MacOS/X)
|
||||
@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
|
||||
@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
|
||||
@item Windows
|
||||
@tab @code{netsh interface ip set address} @var{interface} @code{static} @var{address} @var{netmask}
|
||||
@tab @command{netsh interface ip set address} @var{interface} @samp{static} @var{address} @var{netmask}
|
||||
@end multitable
|
||||
|
||||
For IPv6 addresses:
|
||||
|
||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||
@item Linux
|
||||
@tab @code{ifconfig} @var{interface} @code{add} @var{address}@code{/}@var{prefixlength}
|
||||
@tab @command{ifconfig} @var{interface} @samp{add} @var{address}@samp{/}@var{prefixlength}
|
||||
@item FreeBSD
|
||||
@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
|
||||
@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
|
||||
@item OpenBSD
|
||||
@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
|
||||
@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
|
||||
@item NetBSD
|
||||
@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
|
||||
@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
|
||||
@item Solaris
|
||||
@tab @code{ifconfig} @var{interface} @code{inet6 plumb up}
|
||||
@tab @command{ifconfig} @var{interface} @samp{inet6 plumb up}
|
||||
@item
|
||||
@tab @code{ifconfig} @var{interface} @code{inet6 addif} @var{address} @var{address}
|
||||
@tab @command{ifconfig} @var{interface} @samp{inet6 addif} @var{address} @var{address}
|
||||
@item Darwin (MacOS/X)
|
||||
@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
|
||||
@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
|
||||
@item Windows
|
||||
@tab @code{netsh interface ipv6 add address} @var{interface} @code{static} @var{address}/@var{prefixlength}
|
||||
@tab @command{netsh interface ipv6 add address} @var{interface} @samp{static} @var{address}/@var{prefixlength}
|
||||
@end multitable
|
||||
|
||||
On Linux, it is possible to create a persistent tun/tap interface which will
|
||||
|
@ -3469,7 +3458,7 @@ tinc can be started without needing any root privileges at all.
|
|||
|
||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||
@item Linux
|
||||
@tab @code{ip tuntap add dev} @var{interface} @code{mode} @var{tun|tap} @code{user} @var{username}
|
||||
@tab @command{ip tuntap add dev} @var{interface} @samp{mode} @var{tun|tap} @samp{user} @var{username}
|
||||
@end multitable
|
||||
|
||||
@c ==================================================================
|
||||
|
@ -3487,42 +3476,42 @@ Adding routes to IPv4 subnets:
|
|||
|
||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||
@item Linux
|
||||
@tab @code{route add -net} @var{network_address} @code{netmask} @var{netmask} @var{interface}
|
||||
@tab @command{route add -net} @var{network_address} @samp{netmask} @var{netmask} @var{interface}
|
||||
@item Linux iproute2
|
||||
@tab @code{ip route add} @var{network_address}@code{/}@var{prefixlength} @code{dev} @var{interface}
|
||||
@tab @command{ip route add} @var{network_address}@samp{/}@var{prefixlength} @samp{dev} @var{interface}
|
||||
@item FreeBSD
|
||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
||||
@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
|
||||
@item OpenBSD
|
||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
||||
@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
|
||||
@item NetBSD
|
||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
||||
@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
|
||||
@item Solaris
|
||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
|
||||
@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address} @samp{-interface}
|
||||
@item Darwin (MacOS/X)
|
||||
@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
||||
@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
|
||||
@item Windows
|
||||
@tab @code{netsh routing ip add persistentroute} @var{network_address} @var{netmask} @var{interface} @var{local_address}
|
||||
@tab @command{netsh routing ip add persistentroute} @var{network_address} @var{netmask} @var{interface} @var{local_address}
|
||||
@end multitable
|
||||
|
||||
Adding routes to IPv6 subnets:
|
||||
|
||||
@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
|
||||
@item Linux
|
||||
@tab @code{route add -A inet6} @var{network_address}@code{/}@var{prefixlength} @var{interface}
|
||||
@tab @command{route add -A inet6} @var{network_address}@samp{/}@var{prefixlength} @var{interface}
|
||||
@item Linux iproute2
|
||||
@tab @code{ip route add} @var{network_address}@code{/}@var{prefixlength} @code{dev} @var{interface}
|
||||
@tab @command{ip route add} @var{network_address}@samp{/}@var{prefixlength} @samp{dev} @var{interface}
|
||||
@item FreeBSD
|
||||
@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
|
||||
@tab @command{route add -inet6} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
|
||||
@item OpenBSD
|
||||
@tab @code{route add -inet6} @var{network_address} @var{local_address} @code{-prefixlen} @var{prefixlength}
|
||||
@tab @command{route add -inet6} @var{network_address} @var{local_address} @samp{-prefixlen} @var{prefixlength}
|
||||
@item NetBSD
|
||||
@tab @code{route add -inet6} @var{network_address} @var{local_address} @code{-prefixlen} @var{prefixlength}
|
||||
@tab @command{route add -inet6} @var{network_address} @var{local_address} @samp{-prefixlen} @var{prefixlength}
|
||||
@item Solaris
|
||||
@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
|
||||
@tab @command{route add -inet6} @var{network_address}@samp{/}@var{prefixlength} @var{local_address} @samp{-interface}
|
||||
@item Darwin (MacOS/X)
|
||||
@tab ?
|
||||
@item Windows
|
||||
@tab @code{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface}
|
||||
@tab @command{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface}
|
||||
@end multitable
|
||||
|
||||
@c ==================================================================
|
||||
|
@ -3544,10 +3533,10 @@ There are many Linux distributions, and historically, many of them had their
|
|||
own way of starting programs at boot time. Today, a number of major Linux
|
||||
distributions have chosen to use systemd as their init system. Tinc ships with
|
||||
systemd service files that allow you to start and stop tinc using systemd.
|
||||
There are two service files: @code{tinc.service} is used to globally enable or
|
||||
There are two service files: @samp{tinc.service} is used to globally enable or
|
||||
disable all tinc daemons managed by systemd, and
|
||||
@code{tinc@@@var{netname}.service} is used to enable or disable specific tinc
|
||||
daemons. So if one has created a tinc network with netname @code{foo}, then
|
||||
@samp{tinc@@@var{netname}.service} is used to enable or disable specific tinc
|
||||
daemons. So if one has created a tinc network with netname @samp{foo}, then
|
||||
you have to run the following two commands to ensure it is started at boot
|
||||
time:
|
||||
|
||||
|
@ -3563,7 +3552,7 @@ following command:
|
|||
systemctl start tinc@@foo
|
||||
@end example
|
||||
|
||||
You can also use @samp{systemctl start tinc}, this will start all tinc daemons
|
||||
You can also use @command{systemctl start tinc}, this will start all tinc daemons
|
||||
that are enabled. You can stop and disable tinc networks in the same way.
|
||||
|
||||
If your system is not using systemd, then you have to look up your
|
||||
|
@ -3573,10 +3562,10 @@ distribution's way of starting tinc at boot time.
|
|||
@node Windows
|
||||
@subsection Windows
|
||||
|
||||
On Windows, if tinc is started with the @code{tinc start} command without using
|
||||
the @code{-D} or @code{--no-detach} option, it will automatically register
|
||||
On Windows, if tinc is started with the @command{tinc start} command without using
|
||||
the @option{-D} or @option{--no-detach} option, it will automatically register
|
||||
itself as a service that is started at boot time. When tinc is stopped using
|
||||
the @code{tinc stop} command, it will also automatically unregister itself.
|
||||
the @command{tinc stop} command, it will also automatically unregister itself.
|
||||
Once tinc is registered as a service, it is also possible to stop and start
|
||||
tinc using the Windows Services Manager.
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ If that succeeds,
|
|||
it will detach from the controlling terminal and continue in the background,
|
||||
accepting and setting up connections to other tinc daemons
|
||||
that are part of the virtual private network.
|
||||
Under Windows (not Cygwin) tinc will install itself as a service,
|
||||
Under Windows tinc will install itself as a service,
|
||||
which will be restarted automatically after reboots.
|
||||
.Sh OPTIONS
|
||||
.Bl -tag -width indent
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
@set VERSION 1.1pre17
|
||||
@set VERSION 1.1pre17-49-g4cc4b9bc
|
||||
@set PACKAGE tinc
|
||||
@set sysconfdir /etc
|
||||
@set localstatedir /var
|
||||
@set runstatedir /var/run
|
||||
@set sysconfdir /usr/local/etc
|
||||
@set localstatedir /usr/local/var
|
||||
@set runstatedir /usr/local/var/run
|
||||
|
|
89
install-sh
89
install-sh
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
# install - install a program, script, or datafile
|
||||
|
||||
scriptversion=2018-03-11.20; # UTC
|
||||
scriptversion=2020-11-14.01; # UTC
|
||||
|
||||
# This originates from X11R5 (mit/util/scripts/install.sh), which was
|
||||
# later released in X11R6 (xc/config/util/install.sh) with the
|
||||
|
@ -69,6 +69,11 @@ posix_mkdir=
|
|||
# Desired mode of installed file.
|
||||
mode=0755
|
||||
|
||||
# Create dirs (including intermediate dirs) using mode 755.
|
||||
# This is like GNU 'install' as of coreutils 8.32 (2020).
|
||||
mkdir_umask=22
|
||||
|
||||
backupsuffix=
|
||||
chgrpcmd=
|
||||
chmodcmd=$chmodprog
|
||||
chowncmd=
|
||||
|
@ -99,18 +104,28 @@ Options:
|
|||
--version display version info and exit.
|
||||
|
||||
-c (ignored)
|
||||
-C install only if different (preserve the last data modification time)
|
||||
-C install only if different (preserve data modification time)
|
||||
-d create directories instead of installing files.
|
||||
-g GROUP $chgrpprog installed files to GROUP.
|
||||
-m MODE $chmodprog installed files to MODE.
|
||||
-o USER $chownprog installed files to USER.
|
||||
-p pass -p to $cpprog.
|
||||
-s $stripprog installed files.
|
||||
-S SUFFIX attempt to back up existing files, with suffix SUFFIX.
|
||||
-t DIRECTORY install into DIRECTORY.
|
||||
-T report an error if DSTFILE is a directory.
|
||||
|
||||
Environment variables override the default commands:
|
||||
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
|
||||
RMPROG STRIPPROG
|
||||
|
||||
By default, rm is invoked with -f; when overridden with RMPROG,
|
||||
it's up to you to specify -f if you want it.
|
||||
|
||||
If -S is not specified, no backups are attempted.
|
||||
|
||||
Email bug reports to bug-automake@gnu.org.
|
||||
Automake home page: https://www.gnu.org/software/automake/
|
||||
"
|
||||
|
||||
while test $# -ne 0; do
|
||||
|
@ -137,8 +152,13 @@ while test $# -ne 0; do
|
|||
-o) chowncmd="$chownprog $2"
|
||||
shift;;
|
||||
|
||||
-p) cpprog="$cpprog -p";;
|
||||
|
||||
-s) stripcmd=$stripprog;;
|
||||
|
||||
-S) backupsuffix="$2"
|
||||
shift;;
|
||||
|
||||
-t)
|
||||
is_target_a_directory=always
|
||||
dst_arg=$2
|
||||
|
@ -255,6 +275,10 @@ do
|
|||
dstdir=$dst
|
||||
test -d "$dstdir"
|
||||
dstdir_status=$?
|
||||
# Don't chown directories that already exist.
|
||||
if test $dstdir_status = 0; then
|
||||
chowncmd=""
|
||||
fi
|
||||
else
|
||||
|
||||
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
|
||||
|
@ -301,22 +325,6 @@ do
|
|||
if test $dstdir_status != 0; then
|
||||
case $posix_mkdir in
|
||||
'')
|
||||
# Create intermediate dirs using mode 755 as modified by the umask.
|
||||
# This is like FreeBSD 'install' as of 1997-10-28.
|
||||
umask=`umask`
|
||||
case $stripcmd.$umask in
|
||||
# Optimize common cases.
|
||||
*[2367][2367]) mkdir_umask=$umask;;
|
||||
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
|
||||
|
||||
*[0-7])
|
||||
mkdir_umask=`expr $umask + 22 \
|
||||
- $umask % 100 % 40 + $umask % 20 \
|
||||
- $umask % 10 % 4 + $umask % 2
|
||||
`;;
|
||||
*) mkdir_umask=$umask,go-w;;
|
||||
esac
|
||||
|
||||
# With -d, create the new directory with the user-specified mode.
|
||||
# Otherwise, rely on $mkdir_umask.
|
||||
if test -n "$dir_arg"; then
|
||||
|
@ -326,22 +334,20 @@ do
|
|||
fi
|
||||
|
||||
posix_mkdir=false
|
||||
case $umask in
|
||||
*[123567][0-7][0-7])
|
||||
# POSIX mkdir -p sets u+wx bits regardless of umask, which
|
||||
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
|
||||
;;
|
||||
*)
|
||||
# Note that $RANDOM variable is not portable (e.g. dash); Use it
|
||||
# The $RANDOM variable is not portable (e.g., dash). Use it
|
||||
# here however when possible just to lower collision chance.
|
||||
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
|
||||
|
||||
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
|
||||
trap '
|
||||
ret=$?
|
||||
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
|
||||
exit $ret
|
||||
' 0
|
||||
|
||||
# Because "mkdir -p" follows existing symlinks and we likely work
|
||||
# directly in world-writeable /tmp, make sure that the '$tmpdir'
|
||||
# directory is successfully created first before we actually test
|
||||
# 'mkdir -p' feature.
|
||||
# 'mkdir -p'.
|
||||
if (umask $mkdir_umask &&
|
||||
$mkdirprog $mkdir_mode "$tmpdir" &&
|
||||
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
|
||||
|
@ -371,7 +377,6 @@ do
|
|||
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
|
||||
fi
|
||||
trap '' 0;;
|
||||
esac;;
|
||||
esac
|
||||
|
||||
if
|
||||
|
@ -382,7 +387,7 @@ do
|
|||
then :
|
||||
else
|
||||
|
||||
# The umask is ridiculous, or mkdir does not conform to POSIX,
|
||||
# mkdir does not conform to POSIX,
|
||||
# or it failed possibly due to a race condition. Create the
|
||||
# directory the slow way, step by step, checking for races as we go.
|
||||
|
||||
|
@ -411,7 +416,7 @@ do
|
|||
prefixes=
|
||||
else
|
||||
if $posix_mkdir; then
|
||||
(umask=$mkdir_umask &&
|
||||
(umask $mkdir_umask &&
|
||||
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
|
||||
# Don't fail if two instances are running concurrently.
|
||||
test -d "$prefix" || exit 1
|
||||
|
@ -451,7 +456,18 @@ do
|
|||
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
|
||||
|
||||
# Copy the file name to the temp name.
|
||||
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
|
||||
(umask $cp_umask &&
|
||||
{ test -z "$stripcmd" || {
|
||||
# Create $dsttmp read-write so that cp doesn't create it read-only,
|
||||
# which would cause strip to fail.
|
||||
if test -z "$doit"; then
|
||||
: >"$dsttmp" # No need to fork-exec 'touch'.
|
||||
else
|
||||
$doit touch "$dsttmp"
|
||||
fi
|
||||
}
|
||||
} &&
|
||||
$doit_exec $cpprog "$src" "$dsttmp") &&
|
||||
|
||||
# and set any options; do chmod last to preserve setuid bits.
|
||||
#
|
||||
|
@ -477,6 +493,13 @@ do
|
|||
then
|
||||
rm -f "$dsttmp"
|
||||
else
|
||||
# If $backupsuffix is set, and the file being installed
|
||||
# already exists, attempt a backup. Don't worry if it fails,
|
||||
# e.g., if mv doesn't support -f.
|
||||
if test -n "$backupsuffix" && test -f "$dst"; then
|
||||
$doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
|
||||
fi
|
||||
|
||||
# Rename the file to the real destination.
|
||||
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
|
||||
|
||||
|
@ -491,9 +514,9 @@ do
|
|||
# file should still install successfully.
|
||||
{
|
||||
test ! -f "$dst" ||
|
||||
$doit $rmcmd -f "$dst" 2>/dev/null ||
|
||||
$doit $rmcmd "$dst" 2>/dev/null ||
|
||||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
|
||||
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
|
||||
{ $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
|
||||
} ||
|
||||
{ echo "$0: cannot unlink or rename $dst" >&2
|
||||
(exit 1); exit 1
|
||||
|
|
|
@ -9,8 +9,8 @@ AC_DEFUN([tinc_ATTRIBUTE],
|
|||
CFLAGS="$CFLAGS -Wall -Werror"
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_SOURCE(
|
||||
[void *test(void) __attribute__ (($1));
|
||||
void *test(void) { return (void *)0; }
|
||||
[void *test(void *x) __attribute__ (($1));
|
||||
void *test(void *x) { return (void *)x; }
|
||||
],
|
||||
)],
|
||||
[tinc_cv_attribute_$1=yes],
|
||||
|
|
2
missing
2
missing
|
@ -3,7 +3,7 @@
|
|||
|
||||
scriptversion=2018-03-07.03; # UTC
|
||||
|
||||
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
|
|
|
@ -190,10 +190,6 @@ if MINGW
|
|||
tincd_SOURCES += mingw/device.c mingw/common.h
|
||||
endif
|
||||
|
||||
if CYGWIN
|
||||
tincd_SOURCES += cygwin/device.c
|
||||
endif
|
||||
|
||||
if UML
|
||||
tincd_SOURCES += uml_device.c
|
||||
endif
|
||||
|
|
121
src/Makefile.in
121
src/Makefile.in
|
@ -1,7 +1,7 @@
|
|||
# Makefile.in generated by automake 1.16.1 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.16.3 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
@ -114,17 +114,16 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
|
|||
@BSD_TRUE@@TUNEMU_TRUE@am__append_8 = bsd/tunemu.c bsd/tunemu.h
|
||||
@SOLARIS_TRUE@am__append_9 = solaris/device.c
|
||||
@MINGW_TRUE@am__append_10 = mingw/device.c mingw/common.h
|
||||
@CYGWIN_TRUE@am__append_11 = cygwin/device.c
|
||||
@UML_TRUE@am__append_12 = uml_device.c
|
||||
@VDE_TRUE@am__append_13 = vde_device.c
|
||||
@OPENSSL_TRUE@am__append_14 = \
|
||||
@UML_TRUE@am__append_11 = uml_device.c
|
||||
@VDE_TRUE@am__append_12 = vde_device.c
|
||||
@OPENSSL_TRUE@am__append_13 = \
|
||||
@OPENSSL_TRUE@ openssl/cipher.c \
|
||||
@OPENSSL_TRUE@ openssl/crypto.c \
|
||||
@OPENSSL_TRUE@ openssl/digest.c openssl/digest.h \
|
||||
@OPENSSL_TRUE@ openssl/prf.c \
|
||||
@OPENSSL_TRUE@ openssl/rsa.c
|
||||
|
||||
@OPENSSL_TRUE@am__append_15 = \
|
||||
@OPENSSL_TRUE@am__append_14 = \
|
||||
@OPENSSL_TRUE@ openssl/cipher.c \
|
||||
@OPENSSL_TRUE@ openssl/crypto.c \
|
||||
@OPENSSL_TRUE@ openssl/digest.c openssl/digest.h \
|
||||
|
@ -132,27 +131,27 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
|
|||
@OPENSSL_TRUE@ openssl/rsa.c \
|
||||
@OPENSSL_TRUE@ openssl/rsagen.c
|
||||
|
||||
@OPENSSL_TRUE@am__append_16 = \
|
||||
@OPENSSL_TRUE@am__append_15 = \
|
||||
@OPENSSL_TRUE@ openssl/crypto.c \
|
||||
@OPENSSL_TRUE@ openssl/digest.c openssl/digest.h \
|
||||
@OPENSSL_TRUE@ openssl/prf.c
|
||||
|
||||
@OPENSSL_TRUE@am__append_17 = \
|
||||
@OPENSSL_TRUE@am__append_16 = \
|
||||
@OPENSSL_TRUE@ openssl/crypto.c
|
||||
|
||||
@OPENSSL_TRUE@am__append_18 = \
|
||||
@OPENSSL_TRUE@am__append_17 = \
|
||||
@OPENSSL_TRUE@ openssl/crypto.c \
|
||||
@OPENSSL_TRUE@ openssl/digest.c openssl/digest.h \
|
||||
@OPENSSL_TRUE@ openssl/prf.c
|
||||
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_19 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_18 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/cipher.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/crypto.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/digest.c gcrypt/digest.h \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/prf.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/rsa.c
|
||||
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_20 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_19 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/cipher.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/crypto.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/digest.c gcrypt/digest.h \
|
||||
|
@ -160,20 +159,24 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
|
|||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/rsa.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/rsagen.c
|
||||
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_21 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_20 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/cipher.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/crypto.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/digest.c gcrypt/digest.h \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/prf.c
|
||||
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_22 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_21 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ openssl/crypto.c
|
||||
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_23 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_22 = \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ openssl/crypto.c \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ openssl/digest.c openssl/digest.h \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ openssl/prf.c
|
||||
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_23 = \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/crypto.c \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/prf.c
|
||||
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_24 = \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/crypto.c \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/prf.c
|
||||
|
@ -183,18 +186,14 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
|
|||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/prf.c
|
||||
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_26 = \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/crypto.c \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/prf.c
|
||||
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_27 = \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/crypto.c
|
||||
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_28 = \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_27 = \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/crypto.c \
|
||||
@GCRYPT_FALSE@@OPENSSL_FALSE@ nolegacy/prf.c
|
||||
|
||||
@MINIUPNPC_TRUE@am__append_29 = upnp.h upnp.c
|
||||
@TUNEMU_TRUE@am__append_30 = -lpcap
|
||||
@MINIUPNPC_TRUE@am__append_28 = upnp.h upnp.c
|
||||
@TUNEMU_TRUE@am__append_29 = -lpcap
|
||||
subdir = src
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
|
@ -362,8 +361,8 @@ am__tincd_SOURCES_DIST = address_cache.c address_cache.h autoconnect.c \
|
|||
chacha-poly1305/chacha-poly1305.h chacha-poly1305/poly1305.c \
|
||||
chacha-poly1305/poly1305.h getopt.c getopt.h getopt1.c \
|
||||
linux/device.c bsd/device.c bsd/tunemu.c bsd/tunemu.h \
|
||||
solaris/device.c mingw/device.c mingw/common.h cygwin/device.c \
|
||||
uml_device.c vde_device.c openssl/cipher.c openssl/crypto.c \
|
||||
solaris/device.c mingw/device.c mingw/common.h uml_device.c \
|
||||
vde_device.c openssl/cipher.c openssl/crypto.c \
|
||||
openssl/digest.c openssl/digest.h openssl/prf.c openssl/rsa.c \
|
||||
gcrypt/cipher.c gcrypt/crypto.c gcrypt/digest.c \
|
||||
gcrypt/digest.h gcrypt/prf.c gcrypt/rsa.c nolegacy/crypto.c \
|
||||
|
@ -373,19 +372,18 @@ am__tincd_SOURCES_DIST = address_cache.c address_cache.h autoconnect.c \
|
|||
@BSD_TRUE@@TUNEMU_TRUE@am__objects_15 = bsd/tunemu.$(OBJEXT)
|
||||
@SOLARIS_TRUE@am__objects_16 = solaris/device.$(OBJEXT)
|
||||
@MINGW_TRUE@am__objects_17 = mingw/device.$(OBJEXT)
|
||||
@CYGWIN_TRUE@am__objects_18 = cygwin/device.$(OBJEXT)
|
||||
@UML_TRUE@am__objects_19 = uml_device.$(OBJEXT)
|
||||
@VDE_TRUE@am__objects_20 = vde_device.$(OBJEXT)
|
||||
@OPENSSL_TRUE@am__objects_21 = openssl/cipher.$(OBJEXT) \
|
||||
@UML_TRUE@am__objects_18 = uml_device.$(OBJEXT)
|
||||
@VDE_TRUE@am__objects_19 = vde_device.$(OBJEXT)
|
||||
@OPENSSL_TRUE@am__objects_20 = openssl/cipher.$(OBJEXT) \
|
||||
@OPENSSL_TRUE@ openssl/crypto.$(OBJEXT) \
|
||||
@OPENSSL_TRUE@ openssl/digest.$(OBJEXT) openssl/prf.$(OBJEXT) \
|
||||
@OPENSSL_TRUE@ openssl/rsa.$(OBJEXT)
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__objects_22 = gcrypt/cipher.$(OBJEXT) \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@am__objects_21 = gcrypt/cipher.$(OBJEXT) \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/crypto.$(OBJEXT) \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/digest.$(OBJEXT) \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/prf.$(OBJEXT) \
|
||||
@GCRYPT_TRUE@@OPENSSL_FALSE@ gcrypt/rsa.$(OBJEXT)
|
||||
@MINIUPNPC_TRUE@am__objects_23 = upnp.$(OBJEXT)
|
||||
@MINIUPNPC_TRUE@am__objects_22 = upnp.$(OBJEXT)
|
||||
am_tincd_OBJECTS = address_cache.$(OBJEXT) autoconnect.$(OBJEXT) \
|
||||
buffer.$(OBJEXT) conf.$(OBJEXT) connection.$(OBJEXT) \
|
||||
control.$(OBJEXT) dropin.$(OBJEXT) dummy_device.$(OBJEXT) \
|
||||
|
@ -405,8 +403,7 @@ am_tincd_OBJECTS = address_cache.$(OBJEXT) autoconnect.$(OBJEXT) \
|
|||
$(am__objects_2) $(am__objects_13) $(am__objects_14) \
|
||||
$(am__objects_15) $(am__objects_16) $(am__objects_17) \
|
||||
$(am__objects_18) $(am__objects_19) $(am__objects_20) \
|
||||
$(am__objects_21) $(am__objects_22) $(am__objects_9) \
|
||||
$(am__objects_23)
|
||||
$(am__objects_21) $(am__objects_9) $(am__objects_22)
|
||||
tincd_OBJECTS = $(am_tincd_OBJECTS)
|
||||
@MINIUPNPC_TRUE@tincd_DEPENDENCIES = $(am__DEPENDENCIES_1)
|
||||
tincd_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(tincd_LDFLAGS) \
|
||||
|
@ -458,21 +455,20 @@ am__depfiles_remade = ./$(DEPDIR)/address_cache.Po \
|
|||
chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po \
|
||||
chacha-poly1305/$(DEPDIR)/chacha.Po \
|
||||
chacha-poly1305/$(DEPDIR)/poly1305.Po \
|
||||
cygwin/$(DEPDIR)/device.Po ed25519/$(DEPDIR)/ecdh.Po \
|
||||
ed25519/$(DEPDIR)/ecdsa.Po ed25519/$(DEPDIR)/ecdsagen.Po \
|
||||
ed25519/$(DEPDIR)/fe.Po ed25519/$(DEPDIR)/ge.Po \
|
||||
ed25519/$(DEPDIR)/key_exchange.Po ed25519/$(DEPDIR)/keypair.Po \
|
||||
ed25519/$(DEPDIR)/sc.Po ed25519/$(DEPDIR)/sha512.Po \
|
||||
ed25519/$(DEPDIR)/sign.Po ed25519/$(DEPDIR)/verify.Po \
|
||||
gcrypt/$(DEPDIR)/cipher.Po gcrypt/$(DEPDIR)/crypto.Po \
|
||||
gcrypt/$(DEPDIR)/digest.Po gcrypt/$(DEPDIR)/prf.Po \
|
||||
gcrypt/$(DEPDIR)/rsa.Po gcrypt/$(DEPDIR)/rsagen.Po \
|
||||
linux/$(DEPDIR)/device.Po mingw/$(DEPDIR)/device.Po \
|
||||
nolegacy/$(DEPDIR)/crypto.Po nolegacy/$(DEPDIR)/prf.Po \
|
||||
openssl/$(DEPDIR)/cipher.Po openssl/$(DEPDIR)/crypto.Po \
|
||||
openssl/$(DEPDIR)/digest.Po openssl/$(DEPDIR)/prf.Po \
|
||||
openssl/$(DEPDIR)/rsa.Po openssl/$(DEPDIR)/rsagen.Po \
|
||||
solaris/$(DEPDIR)/device.Po
|
||||
ed25519/$(DEPDIR)/ecdh.Po ed25519/$(DEPDIR)/ecdsa.Po \
|
||||
ed25519/$(DEPDIR)/ecdsagen.Po ed25519/$(DEPDIR)/fe.Po \
|
||||
ed25519/$(DEPDIR)/ge.Po ed25519/$(DEPDIR)/key_exchange.Po \
|
||||
ed25519/$(DEPDIR)/keypair.Po ed25519/$(DEPDIR)/sc.Po \
|
||||
ed25519/$(DEPDIR)/sha512.Po ed25519/$(DEPDIR)/sign.Po \
|
||||
ed25519/$(DEPDIR)/verify.Po gcrypt/$(DEPDIR)/cipher.Po \
|
||||
gcrypt/$(DEPDIR)/crypto.Po gcrypt/$(DEPDIR)/digest.Po \
|
||||
gcrypt/$(DEPDIR)/prf.Po gcrypt/$(DEPDIR)/rsa.Po \
|
||||
gcrypt/$(DEPDIR)/rsagen.Po linux/$(DEPDIR)/device.Po \
|
||||
mingw/$(DEPDIR)/device.Po nolegacy/$(DEPDIR)/crypto.Po \
|
||||
nolegacy/$(DEPDIR)/prf.Po openssl/$(DEPDIR)/cipher.Po \
|
||||
openssl/$(DEPDIR)/crypto.Po openssl/$(DEPDIR)/digest.Po \
|
||||
openssl/$(DEPDIR)/prf.Po openssl/$(DEPDIR)/rsa.Po \
|
||||
openssl/$(DEPDIR)/rsagen.Po solaris/$(DEPDIR)/device.Po
|
||||
am__mv = mv -f
|
||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
|
@ -555,7 +551,7 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
|||
LCOV = @LCOV@
|
||||
LDFLAGS = @LDFLAGS@
|
||||
LIBOBJS = @LIBOBJS@
|
||||
LIBS = @LIBS@ -lm $(CODE_COVERAGE_LIBS) $(am__append_30)
|
||||
LIBS = @LIBS@ -lm $(CODE_COVERAGE_LIBS) $(am__append_29)
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MINIUPNPC_LIBS = @MINIUPNPC_LIBS@
|
||||
|
@ -665,28 +661,27 @@ tincd_SOURCES = address_cache.c address_cache.h autoconnect.c \
|
|||
$(am__append_2) $(am__append_6) $(am__append_7) \
|
||||
$(am__append_8) $(am__append_9) $(am__append_10) \
|
||||
$(am__append_11) $(am__append_12) $(am__append_13) \
|
||||
$(am__append_14) $(am__append_19) $(am__append_24) \
|
||||
$(am__append_29)
|
||||
$(am__append_18) $(am__append_23) $(am__append_28)
|
||||
tinc_SOURCES = dropin.c dropin.h fsck.c fsck.h ifconfig.c ifconfig.h \
|
||||
info.c info.h invitation.c invitation.h list.c list.h names.c \
|
||||
names.h netutl.c netutl.h script.c script.h sptps.c sptps.h \
|
||||
subnet_parse.c subnet.h tincctl.c tincctl.h top.c top.h \
|
||||
utils.c utils.h version.c version.h ed25519/ecdh.c \
|
||||
ed25519/ecdsa.c ed25519/ecdsagen.c $(ed25519_SOURCES) \
|
||||
$(chacha_poly1305_SOURCES) $(am__append_3) $(am__append_15) \
|
||||
$(am__append_20) $(am__append_25)
|
||||
$(chacha_poly1305_SOURCES) $(am__append_3) $(am__append_14) \
|
||||
$(am__append_19) $(am__append_24)
|
||||
sptps_test_SOURCES = logger.c logger.h sptps.c sptps.h sptps_test.c \
|
||||
utils.c utils.h ed25519/ecdh.c ed25519/ecdsa.c \
|
||||
$(ed25519_SOURCES) $(chacha_poly1305_SOURCES) $(am__append_4) \
|
||||
$(am__append_16) $(am__append_21) $(am__append_26)
|
||||
$(am__append_15) $(am__append_20) $(am__append_25)
|
||||
sptps_keypair_SOURCES = sptps_keypair.c utils.c utils.h \
|
||||
ed25519/ecdsagen.c $(ed25519_SOURCES) $(am__append_5) \
|
||||
$(am__append_17) $(am__append_22) $(am__append_27)
|
||||
$(am__append_16) $(am__append_21) $(am__append_26)
|
||||
sptps_speed_SOURCES = logger.c logger.h sptps.c sptps.h sptps_speed.c \
|
||||
utils.c utils.h ed25519/ecdh.c ed25519/ecdsa.c \
|
||||
ed25519/ecdsagen.c $(ed25519_SOURCES) \
|
||||
$(chacha_poly1305_SOURCES) $(am__append_18) $(am__append_23) \
|
||||
$(am__append_28)
|
||||
$(chacha_poly1305_SOURCES) $(am__append_17) $(am__append_22) \
|
||||
$(am__append_27)
|
||||
@MINIUPNPC_TRUE@tincd_LDADD = $(MINIUPNPC_LIBS)
|
||||
@MINIUPNPC_TRUE@tincd_LDFLAGS = -pthread
|
||||
tinc_LDADD = $(READLINE_LIBS) $(CURSES_LIBS)
|
||||
|
@ -924,14 +919,6 @@ mingw/$(DEPDIR)/$(am__dirstamp):
|
|||
@: > mingw/$(DEPDIR)/$(am__dirstamp)
|
||||
mingw/device.$(OBJEXT): mingw/$(am__dirstamp) \
|
||||
mingw/$(DEPDIR)/$(am__dirstamp)
|
||||
cygwin/$(am__dirstamp):
|
||||
@$(MKDIR_P) cygwin
|
||||
@: > cygwin/$(am__dirstamp)
|
||||
cygwin/$(DEPDIR)/$(am__dirstamp):
|
||||
@$(MKDIR_P) cygwin/$(DEPDIR)
|
||||
@: > cygwin/$(DEPDIR)/$(am__dirstamp)
|
||||
cygwin/device.$(OBJEXT): cygwin/$(am__dirstamp) \
|
||||
cygwin/$(DEPDIR)/$(am__dirstamp)
|
||||
|
||||
tincd$(EXEEXT): $(tincd_OBJECTS) $(tincd_DEPENDENCIES) $(EXTRA_tincd_DEPENDENCIES)
|
||||
@rm -f tincd$(EXEEXT)
|
||||
|
@ -941,7 +928,6 @@ mostlyclean-compile:
|
|||
-rm -f *.$(OBJEXT)
|
||||
-rm -f bsd/*.$(OBJEXT)
|
||||
-rm -f chacha-poly1305/*.$(OBJEXT)
|
||||
-rm -f cygwin/*.$(OBJEXT)
|
||||
-rm -f ed25519/*.$(OBJEXT)
|
||||
-rm -f gcrypt/*.$(OBJEXT)
|
||||
-rm -f linux/*.$(OBJEXT)
|
||||
|
@ -1013,7 +999,6 @@ distclean-compile:
|
|||
@AMDEP_TRUE@@am__include@ @am__quote@chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@chacha-poly1305/$(DEPDIR)/chacha.Po@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@chacha-poly1305/$(DEPDIR)/poly1305.Po@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@cygwin/$(DEPDIR)/device.Po@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@ed25519/$(DEPDIR)/ecdh.Po@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@ed25519/$(DEPDIR)/ecdsa.Po@am__quote@ # am--include-marker
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@ed25519/$(DEPDIR)/ecdsagen.Po@am__quote@ # am--include-marker
|
||||
|
@ -1189,8 +1174,6 @@ distclean-generic:
|
|||
-rm -f bsd/$(am__dirstamp)
|
||||
-rm -f chacha-poly1305/$(DEPDIR)/$(am__dirstamp)
|
||||
-rm -f chacha-poly1305/$(am__dirstamp)
|
||||
-rm -f cygwin/$(DEPDIR)/$(am__dirstamp)
|
||||
-rm -f cygwin/$(am__dirstamp)
|
||||
-rm -f ed25519/$(DEPDIR)/$(am__dirstamp)
|
||||
-rm -f ed25519/$(am__dirstamp)
|
||||
-rm -f gcrypt/$(DEPDIR)/$(am__dirstamp)
|
||||
|
@ -1275,7 +1258,6 @@ distclean: distclean-am
|
|||
-rm -f chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po
|
||||
-rm -f chacha-poly1305/$(DEPDIR)/chacha.Po
|
||||
-rm -f chacha-poly1305/$(DEPDIR)/poly1305.Po
|
||||
-rm -f cygwin/$(DEPDIR)/device.Po
|
||||
-rm -f ed25519/$(DEPDIR)/ecdh.Po
|
||||
-rm -f ed25519/$(DEPDIR)/ecdsa.Po
|
||||
-rm -f ed25519/$(DEPDIR)/ecdsagen.Po
|
||||
|
@ -1409,7 +1391,6 @@ maintainer-clean: maintainer-clean-am
|
|||
-rm -f chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po
|
||||
-rm -f chacha-poly1305/$(DEPDIR)/chacha.Po
|
||||
-rm -f chacha-poly1305/$(DEPDIR)/poly1305.Po
|
||||
-rm -f cygwin/$(DEPDIR)/device.Po
|
||||
-rm -f ed25519/$(DEPDIR)/ecdh.Po
|
||||
-rm -f ed25519/$(DEPDIR)/ecdsa.Po
|
||||
-rm -f ed25519/$(DEPDIR)/ecdsagen.Po
|
||||
|
|
|
@ -151,7 +151,7 @@ const sockaddr_t *get_recent_address(address_cache_t *cache) {
|
|||
cache->cfg = lookup_config(cache->config_tree, "Address");
|
||||
}
|
||||
|
||||
while(cache->cfg && !cache->ai) {
|
||||
while(cache->cfg && !cache->aip) {
|
||||
char *address, *port;
|
||||
|
||||
get_config_string(cache->cfg, &address);
|
||||
|
@ -167,6 +167,10 @@ const sockaddr_t *get_recent_address(address_cache_t *cache) {
|
|||
}
|
||||
}
|
||||
|
||||
if(cache->ai) {
|
||||
free_known_addresses(cache->ai);
|
||||
}
|
||||
|
||||
cache->aip = cache->ai = str2addrinfo(address, port, SOCK_STREAM);
|
||||
|
||||
if(cache->ai) {
|
||||
|
|
|
@ -186,10 +186,9 @@ void do_autoconnect() {
|
|||
drop_superfluous_outgoing_connection();
|
||||
}
|
||||
|
||||
/* Drop pending outgoing connections from the outgoing list. */
|
||||
drop_superfluous_pending_connections();
|
||||
|
||||
/* Check if there are unreachable nodes that we should try to connect to. */
|
||||
connect_to_unreachable();
|
||||
|
||||
/* Drop pending outgoing connections from the outgoing list. */
|
||||
drop_superfluous_pending_connections();
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction BSD tun/tap device
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -40,8 +40,13 @@
|
|||
#include <net/if_utun.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
|
||||
#define DEFAULT_TUN_DEVICE "/dev/tun" // Use the autoclone device
|
||||
#define DEFAULT_TAP_DEVICE "/dev/tap"
|
||||
#else
|
||||
#define DEFAULT_TUN_DEVICE "/dev/tun0"
|
||||
#define DEFAULT_TAP_DEVICE "/dev/tap0"
|
||||
#endif
|
||||
|
||||
typedef enum device_type {
|
||||
DEVICE_TYPE_TUN,
|
||||
|
|
16
src/conf.c
16
src/conf.c
|
@ -4,7 +4,7 @@
|
|||
1998-2005 Ivo Timmermans
|
||||
2000 Cris van Pelt
|
||||
2010-2011 Julien Muchembled <jm@jmuchemb.eu>
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2013 Florent Clairambault <florent@clairambault.fr>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -206,22 +206,16 @@ bool get_config_subnet(const config_t *cfg, subnet_t **result) {
|
|||
return false;
|
||||
}
|
||||
|
||||
/* Teach newbies what subnets are... */
|
||||
if(subnetcheck(subnet)) {
|
||||
*(*result = new_subnet()) = subnet;
|
||||
return true;
|
||||
}
|
||||
|
||||
if(((subnet.type == SUBNET_IPV4)
|
||||
&& !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(subnet.net.ipv4.address)))
|
||||
|| ((subnet.type == SUBNET_IPV6)
|
||||
&& !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(subnet.net.ipv6.address)))) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Network address and prefix length do not match for configuration variable %s in %s line %d",
|
||||
cfg->variable, cfg->file, cfg->line);
|
||||
return false;
|
||||
}
|
||||
|
||||
*(*result = new_subnet()) = subnet;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
Read exactly one line and strip the trailing newline if any.
|
||||
*/
|
||||
|
|
|
@ -1,278 +0,0 @@
|
|||
/*
|
||||
device.c -- Interaction with Windows tap driver in a Cygwin environment
|
||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||
2002-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "../system.h"
|
||||
#include "../net.h"
|
||||
|
||||
#include <w32api/windows.h>
|
||||
#include <w32api/winioctl.h>
|
||||
|
||||
#include "../conf.h"
|
||||
#include "../device.h"
|
||||
#include "../logger.h"
|
||||
#include "../names.h"
|
||||
#include "../route.h"
|
||||
#include "../utils.h"
|
||||
#include "../xalloc.h"
|
||||
|
||||
#include "../mingw/common.h"
|
||||
|
||||
int device_fd = -1;
|
||||
static HANDLE device_handle = INVALID_HANDLE_VALUE;
|
||||
char *device = NULL;
|
||||
char *iface = NULL;
|
||||
static const char *device_info = "Windows tap device";
|
||||
|
||||
static pid_t reader_pid;
|
||||
static int sp[2];
|
||||
|
||||
static bool setup_device(void) {
|
||||
HKEY key, key2;
|
||||
int i, err;
|
||||
|
||||
char regpath[1024];
|
||||
char adapterid[1024];
|
||||
char adaptername[1024];
|
||||
char tapname[1024];
|
||||
char gelukt = 0;
|
||||
long len;
|
||||
|
||||
bool found = false;
|
||||
|
||||
get_config_string(lookup_config(config_tree, "Device"), &device);
|
||||
get_config_string(lookup_config(config_tree, "Interface"), &iface);
|
||||
|
||||
if(device && iface) {
|
||||
logger(LOG_WARNING, "Warning: both Device and Interface specified, results may not be as expected");
|
||||
}
|
||||
|
||||
/* Open registry and look for network adapters */
|
||||
|
||||
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read registry: %s", winerror(GetLastError()));
|
||||
return false;
|
||||
}
|
||||
|
||||
for(i = 0; ; i++) {
|
||||
len = sizeof(adapterid);
|
||||
|
||||
if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) {
|
||||
break;
|
||||
}
|
||||
|
||||
/* Find out more about this adapter */
|
||||
|
||||
snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", NETWORK_CONNECTIONS_KEY, adapterid);
|
||||
|
||||
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
len = sizeof(adaptername);
|
||||
err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
|
||||
|
||||
RegCloseKey(key2);
|
||||
|
||||
if(err) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if(device) {
|
||||
if(!strcmp(device, adapterid)) {
|
||||
found = true;
|
||||
break;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if(iface) {
|
||||
if(!strcmp(iface, adaptername)) {
|
||||
found = true;
|
||||
break;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid);
|
||||
device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0);
|
||||
|
||||
if(device_handle != INVALID_HANDLE_VALUE) {
|
||||
CloseHandle(device_handle);
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
RegCloseKey(key);
|
||||
|
||||
if(!found) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "No Windows tap device found!");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!device) {
|
||||
device = xstrdup(adapterid);
|
||||
}
|
||||
|
||||
if(!iface) {
|
||||
iface = xstrdup(adaptername);
|
||||
}
|
||||
|
||||
snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device);
|
||||
|
||||
/* Now we are going to open this device twice: once for reading and once for writing.
|
||||
We do this because apparently it isn't possible to check for activity in the select() loop.
|
||||
Furthermore I don't really know how to do it the "Windows" way. */
|
||||
|
||||
if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) {
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, "System call `%s' failed: %s", "socketpair", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
/* The parent opens the tap device for writing. */
|
||||
|
||||
device_handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0);
|
||||
|
||||
if(device_handle == INVALID_HANDLE_VALUE) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open Windows tap device %s (%s) for writing: %s", device, iface, winerror(GetLastError()));
|
||||
return false;
|
||||
}
|
||||
|
||||
device_fd = sp[0];
|
||||
|
||||
/* Get MAC address from tap device */
|
||||
|
||||
if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not get MAC address from Windows tap device %s (%s): %s", device, iface, winerror(GetLastError()));
|
||||
return false;
|
||||
}
|
||||
|
||||
if(routing_mode == RMODE_ROUTER) {
|
||||
overwrite_mac = 1;
|
||||
}
|
||||
|
||||
/* Now we start the child */
|
||||
|
||||
reader_pid = fork();
|
||||
|
||||
if(reader_pid == -1) {
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, "System call `%s' failed: %s", "fork", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!reader_pid) {
|
||||
/* The child opens the tap device for reading, blocking.
|
||||
It passes everything it reads to the socket. */
|
||||
|
||||
char buf[MTU];
|
||||
long inlen;
|
||||
|
||||
CloseHandle(device_handle);
|
||||
|
||||
device_handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0);
|
||||
|
||||
if(device_handle == INVALID_HANDLE_VALUE) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open Windows tap device %s (%s) for reading: %s", device, iface, winerror(GetLastError()));
|
||||
buf[0] = 0;
|
||||
write(sp[1], buf, 1);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, "Tap reader forked and running.");
|
||||
|
||||
/* Notify success */
|
||||
|
||||
buf[0] = 1;
|
||||
write(sp[1], buf, 1);
|
||||
|
||||
/* Pass packets */
|
||||
|
||||
for(;;) {
|
||||
ReadFile(device_handle, buf, MTU, &inlen, NULL);
|
||||
write(sp[1], buf, inlen);
|
||||
}
|
||||
}
|
||||
|
||||
read(device_fd, &gelukt, 1);
|
||||
|
||||
if(gelukt != 1) {
|
||||
logger(DEBUG_ALWAYS, LOG_DEBUG, "Tap reader failed!");
|
||||
return false;
|
||||
}
|
||||
|
||||
logger(DEBUG_ALWAYS, LOG_INFO, "%s (%s) is a %s", device, iface, device_info);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void close_device(void) {
|
||||
close(sp[0]);
|
||||
close(sp[1]);
|
||||
CloseHandle(device_handle);
|
||||
device_handle = INVALID_HANDLE_VALUE;
|
||||
|
||||
kill(reader_pid, SIGKILL);
|
||||
|
||||
free(device);
|
||||
device = NULL;
|
||||
free(iface);
|
||||
iface = NULL;
|
||||
device_info = NULL;
|
||||
}
|
||||
|
||||
static bool read_packet(vpn_packet_t *packet) {
|
||||
int inlen;
|
||||
|
||||
if((inlen = read(sp[0], DATA(packet), MTU)) <= 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
|
||||
device, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
packet->len = inlen;
|
||||
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s", packet->len,
|
||||
device_info);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool write_packet(vpn_packet_t *packet) {
|
||||
long outlen;
|
||||
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
|
||||
packet->len, device_info);
|
||||
|
||||
if(!WriteFile(device_handle, DATA(packet), packet->len, &outlen, NULL)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, winerror(GetLastError()));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
const devops_t os_devops = {
|
||||
.setup = setup_device,
|
||||
.close = close_device,
|
||||
.read = read_packet,
|
||||
.write = write_packet,
|
||||
};
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
dropin.c -- a set of drop-in replacements for libc functions
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -82,6 +82,8 @@ int daemon(int nochdir, int noclose) {
|
|||
|
||||
return 0;
|
||||
#else
|
||||
(void)nochdir;
|
||||
(void)noclose;
|
||||
return -1;
|
||||
#endif
|
||||
}
|
||||
|
@ -144,6 +146,7 @@ int gettimeofday(struct timeval *tv, void *tz) {
|
|||
|
||||
#ifndef HAVE_NANOSLEEP
|
||||
int nanosleep(const struct timespec *req, struct timespec *rem) {
|
||||
(void)rem;
|
||||
struct timeval tv = {req->tv_sec, req->tv_nsec / 1000};
|
||||
return select(0, NULL, NULL, NULL, &tv);
|
||||
}
|
||||
|
|
18
src/edge.c
18
src/edge.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
edge.c -- edge tree management
|
||||
Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2021 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -83,14 +83,26 @@ void free_edge(edge_t *e) {
|
|||
}
|
||||
|
||||
void edge_add(edge_t *e) {
|
||||
splay_insert(edge_weight_tree, e);
|
||||
splay_insert(e->from->edge_tree, e);
|
||||
splay_node_t *node = splay_insert(e->from->edge_tree, e);
|
||||
|
||||
if(!node) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Edge from %s to %s already exists in edge_tree\n", e->from->name, e->to->name);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
e->reverse = lookup_edge(e->to, e->from);
|
||||
|
||||
if(e->reverse) {
|
||||
e->reverse->reverse = e;
|
||||
}
|
||||
|
||||
node = splay_insert(edge_weight_tree, e);
|
||||
|
||||
if(!node) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Edge from %s to %s already exists in edge_weight_tree\n", e->from->name, e->to->name);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
void edge_del(edge_t *e) {
|
||||
|
|
|
@ -63,7 +63,7 @@ struct ether_header {
|
|||
uint8_t ether_dhost[ETH_ALEN];
|
||||
uint8_t ether_shost[ETH_ALEN];
|
||||
uint16_t ether_type;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRUCT_ARPHDR
|
||||
|
@ -73,7 +73,7 @@ struct arphdr {
|
|||
uint8_t ar_hln;
|
||||
uint8_t ar_pln;
|
||||
uint16_t ar_op;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
|
||||
#define ARPOP_REQUEST 1
|
||||
#define ARPOP_REPLY 2
|
||||
|
@ -91,7 +91,7 @@ struct ether_arp {
|
|||
uint8_t arp_spa[4];
|
||||
uint8_t arp_tha[ETH_ALEN];
|
||||
uint8_t arp_tpa[4];
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#define arp_hrd ea_hdr.ar_hrd
|
||||
#define arp_pro ea_hdr.ar_pro
|
||||
#define arp_hln ea_hdr.ar_hln
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
event.c -- I/O, timeout and signal event handling
|
||||
Copyright (C) 2012-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2012-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -378,7 +378,7 @@ bool event_loop(void) {
|
|||
while(running) {
|
||||
struct timeval diff;
|
||||
struct timeval *tv = get_time_remaining(&diff);
|
||||
DWORD timeout_ms = tv ? (tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1) : WSA_INFINITE;
|
||||
DWORD timeout_ms = tv ? (DWORD)(tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1) : WSA_INFINITE;
|
||||
|
||||
if(!event_count) {
|
||||
Sleep(timeout_ms);
|
||||
|
@ -436,7 +436,7 @@ bool event_loop(void) {
|
|||
}
|
||||
|
||||
if(result < WSA_WAIT_EVENT_0 || result >= WSA_WAIT_EVENT_0 + event_count - event_offset) {
|
||||
return(false);
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Look up io in the map by index. */
|
||||
|
|
136
src/fd_device.c
136
src/fd_device.c
|
@ -1,9 +1,9 @@
|
|||
/*
|
||||
fd_device.c -- Interaction with Android tun fd
|
||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||
2001-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2001-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2009 Grzegorz Dymarek <gregd72002@googlemail.com>
|
||||
2016 Pacien TRAN-GIRARD <pacien@pacien.net>
|
||||
2016-2020 Pacien TRAN-GIRARD <pacien@pacien.net>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -21,6 +21,10 @@
|
|||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#ifdef HAVE_SYS_UN_H
|
||||
#include <sys/un.h>
|
||||
|
||||
#include "conf.h"
|
||||
#include "device.h"
|
||||
#include "ethernet.h"
|
||||
|
@ -29,23 +33,132 @@
|
|||
#include "route.h"
|
||||
#include "utils.h"
|
||||
|
||||
static inline bool check_config(void) {
|
||||
struct unix_socket_addr {
|
||||
size_t size;
|
||||
struct sockaddr_un addr;
|
||||
};
|
||||
|
||||
static int read_fd(int socket) {
|
||||
char iobuf;
|
||||
struct iovec iov = {0};
|
||||
char cmsgbuf[CMSG_SPACE(sizeof(device_fd))];
|
||||
struct msghdr msg = {0};
|
||||
int ret;
|
||||
struct cmsghdr *cmsgptr;
|
||||
|
||||
iov.iov_base = &iobuf;
|
||||
iov.iov_len = 1;
|
||||
msg.msg_iov = &iov;
|
||||
msg.msg_iovlen = 1;
|
||||
msg.msg_control = cmsgbuf;
|
||||
msg.msg_controllen = sizeof(cmsgbuf);
|
||||
|
||||
if((ret = recvmsg(socket, &msg, 0)) < 1) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not read from unix socket (error %d)!", ret);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef IP_RECVERR
|
||||
|
||||
if(msg.msg_flags & (MSG_CTRUNC | MSG_OOB | MSG_ERRQUEUE)) {
|
||||
#else
|
||||
|
||||
if(msg.msg_flags & (MSG_CTRUNC | MSG_OOB)) {
|
||||
#endif
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Error while receiving message (flags %d)!", msg.msg_flags);
|
||||
return -1;
|
||||
}
|
||||
|
||||
cmsgptr = CMSG_FIRSTHDR(&msg);
|
||||
|
||||
if(cmsgptr->cmsg_level != SOL_SOCKET) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG level: %d, expected %d!",
|
||||
cmsgptr->cmsg_level, SOL_SOCKET);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(cmsgptr->cmsg_type != SCM_RIGHTS) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG type: %d, expected %d!",
|
||||
cmsgptr->cmsg_type, SCM_RIGHTS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(cmsgptr->cmsg_len != CMSG_LEN(sizeof(device_fd))) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG data length: %lu, expected %lu!",
|
||||
(unsigned long)cmsgptr->cmsg_len, (unsigned long)CMSG_LEN(sizeof(device_fd)));
|
||||
return -1;
|
||||
}
|
||||
|
||||
return *(int *) CMSG_DATA(cmsgptr);
|
||||
}
|
||||
|
||||
static int receive_fd(struct unix_socket_addr socket_addr) {
|
||||
int socketfd;
|
||||
int ret;
|
||||
int result;
|
||||
|
||||
if((socketfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open stream socket (error %d)!", socketfd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if((ret = connect(socketfd, (struct sockaddr *) &socket_addr.addr, socket_addr.size)) < 0) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not connect to Unix socket (error %d)!", ret);
|
||||
result = -1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
result = read_fd(socketfd);
|
||||
|
||||
end:
|
||||
close(socketfd);
|
||||
return result;
|
||||
}
|
||||
|
||||
static struct unix_socket_addr parse_socket_addr(const char *path) {
|
||||
struct sockaddr_un socket_addr;
|
||||
size_t path_length;
|
||||
|
||||
if(strlen(path) >= sizeof(socket_addr.sun_path)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Unix socket path too long!");
|
||||
return (struct unix_socket_addr) {
|
||||
0
|
||||
};
|
||||
}
|
||||
|
||||
socket_addr.sun_family = AF_UNIX;
|
||||
strncpy(socket_addr.sun_path, path, sizeof(socket_addr.sun_path));
|
||||
|
||||
if(path[0] == '@') {
|
||||
/* abstract namespace socket */
|
||||
socket_addr.sun_path[0] = '\0';
|
||||
path_length = strlen(path);
|
||||
} else {
|
||||
/* filesystem path with NUL terminator */
|
||||
path_length = strlen(path) + 1;
|
||||
}
|
||||
|
||||
return (struct unix_socket_addr) {
|
||||
.size = offsetof(struct sockaddr_un, sun_path) + path_length,
|
||||
.addr = socket_addr
|
||||
};
|
||||
}
|
||||
|
||||
static bool setup_device(void) {
|
||||
if(routing_mode == RMODE_SWITCH) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Switch mode not supported (requires unsupported TAP device)!");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!get_config_int(lookup_config(config_tree, "Device"), &device_fd)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not read fd from configuration!");
|
||||
if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Could not read device from configuration!");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool setup_device(void) {
|
||||
if(!check_config()) {
|
||||
return false;
|
||||
/* device is either directly a file descriptor or an unix socket to read it from */
|
||||
if(sscanf(device, "%d", &device_fd) != 1) {
|
||||
logger(DEBUG_ALWAYS, LOG_INFO, "Receiving fd from Unix socket at %s.", device);
|
||||
device_fd = receive_fd(parse_socket_addr(device));
|
||||
}
|
||||
|
||||
if(device_fd < 0) {
|
||||
|
@ -123,3 +236,4 @@ const devops_t fd_devops = {
|
|||
.read = read_packet,
|
||||
.write = write_packet,
|
||||
};
|
||||
#endif
|
||||
|
|
48
src/fsck.c
48
src/fsck.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
fsck.c -- Check the configuration files for problems
|
||||
Copyright (C) 2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2014-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -254,7 +254,7 @@ int fsck(const char *argv0) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
|
||||
#ifndef HAVE_MINGW
|
||||
|
||||
if(st.st_mode & 077) {
|
||||
fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
|
||||
|
@ -303,7 +303,7 @@ int fsck(const char *argv0) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
|
||||
#ifndef HAVE_MINGW
|
||||
|
||||
if(st.st_mode & 077) {
|
||||
fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
|
||||
|
@ -385,26 +385,38 @@ int fsck(const char *argv0) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
char buf1[len], buf2[len], buf3[len];
|
||||
randomize(buf1, sizeof(buf1));
|
||||
char *buf1 = malloc(len);
|
||||
char *buf2 = malloc(len);
|
||||
char *buf3 = malloc(len);
|
||||
|
||||
randomize(buf1, len);
|
||||
buf1[0] &= 0x7f;
|
||||
memset(buf2, 0, sizeof(buf2));
|
||||
memset(buf3, 0, sizeof(buf2));
|
||||
memset(buf2, 0, len);
|
||||
memset(buf3, 0, len);
|
||||
bool result = false;
|
||||
|
||||
if(!rsa_public_encrypt(rsa_pub, buf1, sizeof(buf1), buf2)) {
|
||||
fprintf(stderr, "ERROR: public RSA key does not work.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(!rsa_private_decrypt(rsa_priv, buf2, sizeof(buf2), buf3)) {
|
||||
fprintf(stderr, "ERROR: private RSA key does not work.\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(memcmp(buf1, buf3, sizeof(buf1))) {
|
||||
if(rsa_public_encrypt(rsa_pub, buf1, len, buf2)) {
|
||||
if(rsa_private_decrypt(rsa_priv, buf2, len, buf3)) {
|
||||
if(memcmp(buf1, buf3, len)) {
|
||||
result = true;
|
||||
} else {
|
||||
fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "ERROR: private RSA key does not work.\n");
|
||||
}
|
||||
} else {
|
||||
fprintf(stderr, "ERROR: public RSA key does not work.\n");
|
||||
}
|
||||
|
||||
free(buf3);
|
||||
free(buf2);
|
||||
free(buf1);
|
||||
|
||||
if(!result) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
}
|
||||
} else {
|
||||
if(rsa_pub) {
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
/*
|
||||
have.h -- include headers which are known to exist
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2003-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2003-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -57,6 +57,10 @@
|
|||
|
||||
/* Include system specific headers */
|
||||
|
||||
#ifdef HAVE_STDDEF_H
|
||||
#include <stddef.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SYSLOG_H
|
||||
#include <syslog.h>
|
||||
#endif
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
ifconfig.c -- Generate platform specific interface configuration commands
|
||||
Copyright (C) 2016-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2016-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -71,10 +71,12 @@ void ifconfig_dhcp(FILE *out) {
|
|||
}
|
||||
|
||||
void ifconfig_dhcp6(FILE *out) {
|
||||
(void)out;
|
||||
fprintf(stderr, "DHCPv6 requested, but not supported by tinc on this platform\n");
|
||||
}
|
||||
|
||||
void ifconfig_slaac(FILE *out) {
|
||||
(void)out;
|
||||
// It's the default?
|
||||
}
|
||||
|
||||
|
@ -126,7 +128,7 @@ void ifconfig_address(FILE *out, const char *value) {
|
|||
return;
|
||||
}
|
||||
|
||||
#elif defined(HAVE_MINGW) || defined(HAVE_CYGWIN)
|
||||
#elif defined(HAVE_MINGW)
|
||||
|
||||
switch(address.type) {
|
||||
case SUBNET_MAC:
|
||||
|
@ -134,11 +136,11 @@ void ifconfig_address(FILE *out, const char *value) {
|
|||
break;
|
||||
|
||||
case SUBNET_IPV4:
|
||||
fprintf(out, "netsh inetface ipv4 set address \"$INTERFACE\" static %s\n", address_str);
|
||||
fprintf(out, "netsh interface ipv4 set address \"%%INTERFACE%%\" static %s\n", address_str);
|
||||
break;
|
||||
|
||||
case SUBNET_IPV6:
|
||||
fprintf(out, "netsh inetface ipv6 set address \"$INTERFACE\" static %s\n", address_str);
|
||||
fprintf(out, "netsh interface ipv6 set address \"%%INTERFACE%%\" %s\n", address_str);
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -199,11 +201,11 @@ void ifconfig_route(FILE *out, const char *value) {
|
|||
if(*gateway_str) {
|
||||
switch(subnet.type) {
|
||||
case SUBNET_IPV4:
|
||||
fprintf(out, "ip route add %s via %s dev \"$INTERFACE\"\n", subnet_str, gateway_str);
|
||||
fprintf(out, "ip route add %s via %s dev \"$INTERFACE\" onlink\n", subnet_str, gateway_str);
|
||||
break;
|
||||
|
||||
case SUBNET_IPV6:
|
||||
fprintf(out, "ip route add %s via %s dev \"$INTERFACE\"\n", subnet_str, gateway_str);
|
||||
fprintf(out, "ip route add %s via %s dev \"$INTERFACE\" onlink\n", subnet_str, gateway_str);
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -224,16 +226,16 @@ void ifconfig_route(FILE *out, const char *value) {
|
|||
}
|
||||
}
|
||||
|
||||
#elif defined(HAVE_MINGW) || defined(HAVE_CYGWIN)
|
||||
#elif defined(HAVE_MINGW)
|
||||
|
||||
if(*gateway_str) {
|
||||
switch(subnet.type) {
|
||||
case SUBNET_IPV4:
|
||||
fprintf(out, "netsh inetface ipv4 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
|
||||
fprintf(out, "netsh interface ipv4 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
|
||||
break;
|
||||
|
||||
case SUBNET_IPV6:
|
||||
fprintf(out, "netsh inetface ipv6 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
|
||||
fprintf(out, "netsh interface ipv6 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -242,11 +244,11 @@ void ifconfig_route(FILE *out, const char *value) {
|
|||
} else {
|
||||
switch(subnet.type) {
|
||||
case SUBNET_IPV4:
|
||||
fprintf(out, "netsh inetface ipv4 add route %s \"%%INTERFACE%%\"\n", subnet_str);
|
||||
fprintf(out, "netsh interface ipv4 add route %s \"%%INTERFACE%%\"\n", subnet_str);
|
||||
break;
|
||||
|
||||
case SUBNET_IPV6:
|
||||
fprintf(out, "netsh inetface ipv6 add route %s \"%%INTERFACE%%\"\n", subnet_str);
|
||||
fprintf(out, "netsh interface ipv6 add route %s \"%%INTERFACE%%\"\n", subnet_str);
|
||||
break;
|
||||
|
||||
default:
|
||||
|
|
|
@ -836,9 +836,13 @@ make_names:
|
|||
fprintf(stderr, "Ignoring unknown variable '%s' in invitation.\n", l);
|
||||
continue;
|
||||
} else if(!(variables[i].type & VAR_SAFE)) {
|
||||
if(force) {
|
||||
fprintf(stderr, "Warning: unsafe variable '%s' in invitation.\n", l);
|
||||
} else {
|
||||
fprintf(stderr, "Ignoring unsafe variable '%s' in invitation.\n", l);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
// Copy the safe variable to the right config file
|
||||
fprintf((variables[i].type & VAR_HOST) ? fh : f, "%s = %s\n", l, value);
|
||||
|
@ -983,7 +987,12 @@ ask_netname:
|
|||
|
||||
char filename2[PATH_MAX];
|
||||
snprintf(filename, sizeof(filename), "%s" SLASH "tinc-up.invitation", confbase);
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
snprintf(filename2, sizeof(filename2), "%s" SLASH "tinc-up.bat", confbase);
|
||||
#else
|
||||
snprintf(filename2, sizeof(filename2), "%s" SLASH "tinc-up", confbase);
|
||||
#endif
|
||||
|
||||
if(valid_tinc_up) {
|
||||
if(tty) {
|
||||
|
@ -1013,10 +1022,14 @@ ask_netname:
|
|||
char *command;
|
||||
#ifndef HAVE_MINGW
|
||||
const char *editor = getenv("VISUAL");
|
||||
if (!editor)
|
||||
|
||||
if(!editor) {
|
||||
editor = getenv("EDITOR");
|
||||
if (!editor)
|
||||
}
|
||||
|
||||
if(!editor) {
|
||||
editor = "vi";
|
||||
}
|
||||
|
||||
xasprintf(&command, "\"%s\" \"%s\"", editor, filename);
|
||||
#else
|
||||
|
|
|
@ -81,7 +81,7 @@ struct ip {
|
|||
uint8_t ip_p;
|
||||
uint16_t ip_sum;
|
||||
struct in_addr ip_src, ip_dst;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#endif
|
||||
|
||||
#ifndef IP_OFFMASK
|
||||
|
@ -143,7 +143,7 @@ struct icmp {
|
|||
#define icmp_radv icmp_dun.id_radv
|
||||
#define icmp_mask icmp_dun.id_mask
|
||||
#define icmp_data icmp_dun.id_data
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -49,7 +49,7 @@ struct ip6_hdr {
|
|||
} ip6_ctlun;
|
||||
struct in6_addr ip6_src;
|
||||
struct in6_addr ip6_dst;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#define ip6_vfc ip6_ctlun.ip6_un2_vfc
|
||||
#define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow
|
||||
#define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen
|
||||
|
@ -68,7 +68,7 @@ struct icmp6_hdr {
|
|||
uint16_t icmp6_un_data16[2];
|
||||
uint8_t icmp6_un_data8[4];
|
||||
} icmp6_dataun;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#define ICMP6_DST_UNREACH_NOROUTE 0
|
||||
#define ICMP6_DST_UNREACH 1
|
||||
#define ICMP6_PACKET_TOO_BIG 2
|
||||
|
@ -88,7 +88,7 @@ struct icmp6_hdr {
|
|||
struct nd_neighbor_solicit {
|
||||
struct icmp6_hdr nd_ns_hdr;
|
||||
struct in6_addr nd_ns_target;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#define ND_OPT_SOURCE_LINKADDR 1
|
||||
#define ND_OPT_TARGET_LINKADDR 2
|
||||
#define nd_ns_type nd_ns_hdr.icmp6_type
|
||||
|
@ -101,7 +101,7 @@ struct nd_neighbor_solicit {
|
|||
struct nd_opt_hdr {
|
||||
uint8_t nd_opt_type;
|
||||
uint8_t nd_opt_len;
|
||||
} __attribute__((__gcc_struct__, __packed__));
|
||||
} __attribute__((__gcc_struct__)) __attribute((__packed__));
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
meta.c -- handle the meta communication
|
||||
Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2018 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
|
||||
|
@ -31,7 +31,9 @@
|
|||
#include "xalloc.h"
|
||||
|
||||
#ifndef MIN
|
||||
#define MIN(x, y) (((x)<(y))?(x):(y))
|
||||
static ssize_t MIN(ssize_t x, ssize_t y) {
|
||||
return x < y ? x : y;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
device.c -- Interaction with Windows tap driver in a MinGW environment
|
||||
Copyright (C) 2002-2005 Ivo Timmermans,
|
||||
2002-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2002-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -71,6 +71,9 @@ static void device_issue_read() {
|
|||
}
|
||||
|
||||
static void device_handle_read(void *data, int flags) {
|
||||
(void)data;
|
||||
(void)flags;
|
||||
|
||||
DWORD len;
|
||||
|
||||
if(!GetOverlappedResult(device_handle, &device_read_overlapped, &len, FALSE)) {
|
||||
|
@ -300,6 +303,7 @@ static void close_device(void) {
|
|||
}
|
||||
|
||||
static bool read_packet(vpn_packet_t *packet) {
|
||||
(void)packet;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
names.c -- generate commonly used (file)names
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -93,6 +93,7 @@ void make_names(bool daemon) {
|
|||
}
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
(void)daemon;
|
||||
|
||||
if(!logfilename) {
|
||||
xasprintf(&logfilename, "%s" SLASH "log", confbase);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net.c -- most of the network code
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2011 Loïc Grenié <loic.grenie@gmail.com>
|
||||
|
||||
|
@ -404,10 +404,7 @@ int reload_configuration(void) {
|
|||
while(cfg) {
|
||||
subnet_t *subnet, *s2;
|
||||
|
||||
if(!get_config_subnet(cfg, &subnet)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if(get_config_subnet(cfg, &subnet)) {
|
||||
if((s2 = lookup_subnet(myself, subnet))) {
|
||||
if(s2->expires == 1) {
|
||||
s2->expires = 0;
|
||||
|
@ -419,6 +416,7 @@ int reload_configuration(void) {
|
|||
send_add_subnet(everyone, subnet);
|
||||
subnet_update(myself, subnet, true);
|
||||
}
|
||||
}
|
||||
|
||||
cfg = lookup_config_next(config_tree, cfg);
|
||||
}
|
||||
|
|
|
@ -121,7 +121,6 @@ typedef struct listen_socket_t {
|
|||
typedef struct outgoing_t {
|
||||
struct node_t *node;
|
||||
int timeout;
|
||||
struct address_cache_t *address_cache;
|
||||
timeout_t ev;
|
||||
} outgoing_t;
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_packet.c -- Handles in- and outgoing VPN packets
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -152,11 +152,12 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
|||
len = ntohs(len16);
|
||||
}
|
||||
|
||||
if(n->udp_ping_sent.tv_sec != 0) { // a probe in flight
|
||||
if(n->status.ping_sent) { // a probe in flight
|
||||
gettimeofday(&now, NULL);
|
||||
struct timeval rtt;
|
||||
timersub(&now, &n->udp_ping_sent, &rtt);
|
||||
n->udp_ping_rtt = rtt.tv_sec * 1000000 + rtt.tv_usec;
|
||||
n->status.ping_sent = false;
|
||||
logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s) rtt=%d.%03d", DATA(packet)[0], len, n->name, n->hostname, n->udp_ping_rtt / 1000, n->udp_ping_rtt % 1000);
|
||||
} else {
|
||||
logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
|
||||
|
@ -175,8 +176,7 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
|
|||
reset_address_cache(n->address_cache, &n->address);
|
||||
}
|
||||
|
||||
// Reset the UDP ping timer. (no probe in flight)
|
||||
n->udp_ping_sent.tv_sec = 0;
|
||||
// Reset the UDP ping timer.
|
||||
|
||||
if(udp_discovery) {
|
||||
timeout_del(&n->udp_ping_timeout);
|
||||
|
@ -314,13 +314,6 @@ static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
|
|||
}
|
||||
|
||||
static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
||||
vpn_packet_t pkt1, pkt2;
|
||||
vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
|
||||
int nextpkt = 0;
|
||||
size_t outlen;
|
||||
pkt1.offset = DEFAULT_PACKET_OFFSET;
|
||||
pkt2.offset = DEFAULT_PACKET_OFFSET;
|
||||
|
||||
if(n->status.sptps) {
|
||||
if(!n->sptps.state) {
|
||||
if(!n->status.waitingforkey) {
|
||||
|
@ -356,6 +349,12 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
vpn_packet_t pkt1, pkt2;
|
||||
vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
|
||||
int nextpkt = 0;
|
||||
size_t outlen;
|
||||
pkt1.offset = DEFAULT_PACKET_OFFSET;
|
||||
pkt2.offset = DEFAULT_PACKET_OFFSET;
|
||||
|
||||
if(!n->status.validkey_in) {
|
||||
logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
|
||||
|
@ -546,7 +545,10 @@ bool receive_tcppacket_sptps(connection_t *c, const char *data, size_t len) {
|
|||
/* If we're not the final recipient, relay the packet. */
|
||||
|
||||
if(to != myself) {
|
||||
if(to->status.validkey) {
|
||||
send_sptps_data(to, from, 0, data, len);
|
||||
}
|
||||
|
||||
try_tx(to, true);
|
||||
return true;
|
||||
}
|
||||
|
@ -699,18 +701,6 @@ static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *so
|
|||
}
|
||||
|
||||
static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
||||
vpn_packet_t pkt1, pkt2;
|
||||
vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
|
||||
vpn_packet_t *inpkt = origpkt;
|
||||
int nextpkt = 0;
|
||||
vpn_packet_t *outpkt;
|
||||
int origlen = origpkt->len;
|
||||
size_t outlen;
|
||||
int origpriority = origpkt->priority;
|
||||
|
||||
pkt1.offset = DEFAULT_PACKET_OFFSET;
|
||||
pkt2.offset = DEFAULT_PACKET_OFFSET;
|
||||
|
||||
if(!n->status.reachable) {
|
||||
logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
|
||||
return;
|
||||
|
@ -724,6 +714,18 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
|||
#ifdef DISABLE_LEGACY
|
||||
return;
|
||||
#else
|
||||
vpn_packet_t pkt1, pkt2;
|
||||
vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
|
||||
vpn_packet_t *inpkt = origpkt;
|
||||
int nextpkt = 0;
|
||||
vpn_packet_t *outpkt;
|
||||
int origlen = origpkt->len;
|
||||
size_t outlen;
|
||||
int origpriority = origpkt->priority;
|
||||
|
||||
pkt1.offset = DEFAULT_PACKET_OFFSET;
|
||||
pkt2.offset = DEFAULT_PACKET_OFFSET;
|
||||
|
||||
/* Make sure we have a valid key */
|
||||
|
||||
if(!n->status.validkey) {
|
||||
|
@ -1133,6 +1135,7 @@ static void try_udp(node_t *n) {
|
|||
if(ping_tx_elapsed.tv_sec >= interval) {
|
||||
gettimeofday(&now, NULL);
|
||||
n->udp_ping_sent = now; // a probe in flight
|
||||
n->status.ping_sent = true;
|
||||
send_udp_probe_packet(n, MIN_PROBE_SIZE);
|
||||
|
||||
if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
|
||||
|
@ -1229,9 +1232,8 @@ static length_t choose_initial_maxmtu(node_t *n) {
|
|||
return mtu;
|
||||
|
||||
#else
|
||||
|
||||
(void)n;
|
||||
return MTU;
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -1776,13 +1778,13 @@ void handle_incoming_vpn_data(void *data, int flags) {
|
|||
|
||||
#else
|
||||
vpn_packet_t pkt;
|
||||
sockaddr_t addr = {};
|
||||
sockaddr_t addr = {0};
|
||||
socklen_t addrlen = sizeof(addr);
|
||||
|
||||
pkt.offset = 0;
|
||||
int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
|
||||
|
||||
if(len <= 0 || len > MAXSIZE) {
|
||||
if(len <= 0 || (size_t)len > MAXSIZE) {
|
||||
if(!sockwouldblock(sockerrno)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_setup.c -- Setup.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -222,7 +222,7 @@ static bool read_ecdsa_private_key(void) {
|
|||
return false;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
|
||||
#ifndef HAVE_MINGW
|
||||
struct stat s;
|
||||
|
||||
if(fstat(fileno(fp), &s)) {
|
||||
|
@ -314,7 +314,7 @@ static bool read_rsa_private_key(void) {
|
|||
return false;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
|
||||
#ifndef HAVE_MINGW
|
||||
struct stat s;
|
||||
|
||||
if(fstat(fileno(fp), &s)) {
|
||||
|
@ -341,6 +341,7 @@ static bool read_rsa_private_key(void) {
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifndef DISABLE_LEGACY
|
||||
static timeout_t keyexpire_timeout;
|
||||
|
||||
static void keyexpire_handler(void *data) {
|
||||
|
@ -349,6 +350,7 @@ static void keyexpire_handler(void *data) {
|
|||
keylifetime, rand() % 100000
|
||||
});
|
||||
}
|
||||
#endif
|
||||
|
||||
void regenerate_key(void) {
|
||||
logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
|
||||
|
@ -822,7 +824,7 @@ void device_disable(void) {
|
|||
Configure node_t myself and set up the local sockets (listen only)
|
||||
*/
|
||||
static bool setup_myself(void) {
|
||||
char *name, *hostname, *cipher, *digest, *type;
|
||||
char *name, *hostname, *type;
|
||||
char *address = NULL;
|
||||
bool port_specified = false;
|
||||
|
||||
|
@ -967,6 +969,8 @@ static bool setup_myself(void) {
|
|||
#ifndef DISABLE_LEGACY
|
||||
/* Generate packet encryption key */
|
||||
|
||||
char *cipher;
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
|
||||
cipher = xstrdup("aes-256-cbc");
|
||||
}
|
||||
|
@ -995,6 +999,8 @@ static bool setup_myself(void) {
|
|||
return false;
|
||||
}
|
||||
|
||||
char *digest;
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) {
|
||||
digest = xstrdup("sha256");
|
||||
}
|
||||
|
@ -1047,10 +1053,14 @@ static bool setup_myself(void) {
|
|||
devops = raw_socket_devops;
|
||||
} else if(!strcasecmp(type, "multicast")) {
|
||||
devops = multicast_devops;
|
||||
} else if(!strcasecmp(type, "fd")) {
|
||||
}
|
||||
|
||||
#ifdef HAVE_SYS_UN_H
|
||||
else if(!strcasecmp(type, "fd")) {
|
||||
devops = fd_devops;
|
||||
}
|
||||
|
||||
#endif
|
||||
#ifdef ENABLE_UML
|
||||
else if(!strcasecmp(type, "uml")) {
|
||||
devops = uml_devops;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_socket.c -- Handle various kinds of sockets.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2009 Florian Forster <octo@verplant.org>
|
||||
|
||||
|
@ -122,6 +122,7 @@ static bool bind_to_interface(int sd) {
|
|||
}
|
||||
|
||||
#else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
|
||||
(void)sd;
|
||||
logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
|
||||
#endif
|
||||
|
||||
|
@ -387,7 +388,7 @@ void finish_connecting(connection_t *c) {
|
|||
send_id(c);
|
||||
}
|
||||
|
||||
static void do_outgoing_pipe(connection_t *c, char *command) {
|
||||
static void do_outgoing_pipe(connection_t *c, const char *command) {
|
||||
#ifndef HAVE_MINGW
|
||||
int fd[2];
|
||||
|
||||
|
@ -435,6 +436,8 @@ static void do_outgoing_pipe(connection_t *c, char *command) {
|
|||
|
||||
exit(result);
|
||||
#else
|
||||
(void)c;
|
||||
(void)command;
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
|
||||
return;
|
||||
#endif
|
||||
|
@ -524,7 +527,7 @@ bool do_outgoing_connection(outgoing_t *outgoing) {
|
|||
int result;
|
||||
|
||||
begin:
|
||||
sa = get_recent_address(outgoing->address_cache);
|
||||
sa = get_recent_address(outgoing->node->address_cache);
|
||||
|
||||
if(!sa) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
|
||||
|
@ -629,6 +632,10 @@ void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
|
|||
|
||||
node_t *n = outgoing->node;
|
||||
|
||||
if(!n->address_cache) {
|
||||
n->address_cache = open_address_cache(n);
|
||||
}
|
||||
|
||||
if(n->connection) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
|
||||
|
||||
|
@ -640,10 +647,6 @@ void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!outgoing->address_cache) {
|
||||
outgoing->address_cache = open_address_cache(n);
|
||||
}
|
||||
|
||||
do_outgoing_connection(outgoing);
|
||||
return;
|
||||
|
||||
|
@ -784,11 +787,6 @@ void handle_new_unix_connection(void *data, int flags) {
|
|||
|
||||
static void free_outgoing(outgoing_t *outgoing) {
|
||||
timeout_del(&outgoing->ev);
|
||||
|
||||
if(outgoing->address_cache) {
|
||||
close_address_cache(outgoing->address_cache);
|
||||
}
|
||||
|
||||
free(outgoing);
|
||||
}
|
||||
|
||||
|
|
|
@ -41,7 +41,8 @@ typedef struct node_status_t {
|
|||
unsigned int udppacket: 1; /* 1 if the most recently received packet was UDP */
|
||||
unsigned int validkey_in: 1; /* 1 if we have sent a valid key to him */
|
||||
unsigned int has_address: 1; /* 1 if we know an external address for this node */
|
||||
unsigned int unused: 20;
|
||||
unsigned int ping_sent: 1; /* 1 if we sent a UDP probe but haven't received the reply yet */
|
||||
unsigned int unused: 19;
|
||||
} node_status_t;
|
||||
|
||||
typedef struct node_t {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
crypto.c -- Cryptographic miscellaneous functions and initialisation
|
||||
Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -42,12 +42,14 @@ static void random_exit(void) {
|
|||
close(random_fd);
|
||||
}
|
||||
|
||||
void randomize(void *out, size_t outlen) {
|
||||
void randomize(void *vout, size_t outlen) {
|
||||
char *out = vout;
|
||||
|
||||
while(outlen) {
|
||||
size_t len = read(random_fd, out, outlen);
|
||||
ssize_t len = read(random_fd, out, outlen);
|
||||
|
||||
if(len <= 0) {
|
||||
if(errno == EAGAIN || errno == EINTR) {
|
||||
if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
@ -189,7 +189,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
|
|||
} else {
|
||||
int len;
|
||||
|
||||
if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
|
||||
if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
|
||||
if(outlen) {
|
||||
*outlen = len;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
crypto.c -- Cryptographic miscellaneous functions and initialisation
|
||||
Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -50,10 +50,10 @@ void randomize(void *vout, size_t outlen) {
|
|||
char *out = vout;
|
||||
|
||||
while(outlen) {
|
||||
size_t len = read(random_fd, out, outlen);
|
||||
ssize_t len = read(random_fd, out, outlen);
|
||||
|
||||
if(len <= 0) {
|
||||
if(errno == EAGAIN || errno == EINTR) {
|
||||
if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -96,9 +96,10 @@ void crypto_init(void) {
|
|||
|
||||
ENGINE_load_builtin_engines();
|
||||
ENGINE_register_all_complete();
|
||||
|
||||
#if OPENSSL_API_COMPAT < 0x10100000L
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
#endif
|
||||
|
||||
if(!RAND_status()) {
|
||||
fprintf(stderr, "Not enough entropy for the PRNG!\n");
|
||||
|
@ -107,8 +108,10 @@ void crypto_init(void) {
|
|||
}
|
||||
|
||||
void crypto_exit(void) {
|
||||
#if OPENSSL_API_COMPAT < 0x10100000L
|
||||
EVP_cleanup();
|
||||
ERR_free_strings();
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
random_exit();
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
rsa.c -- RSA key handling
|
||||
Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -21,6 +21,7 @@
|
|||
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#define TINC_RSA_INTERNAL
|
||||
typedef RSA rsa_t;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
process.c -- process management functions
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -115,7 +115,11 @@ static bool install_service(void) {
|
|||
|
||||
io_t stop_io;
|
||||
|
||||
DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) {
|
||||
DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID data, LPVOID context) {
|
||||
(void)type;
|
||||
(void)data;
|
||||
(void)context;
|
||||
|
||||
switch(request) {
|
||||
case SERVICE_CONTROL_INTERROGATE:
|
||||
SetServiceStatus(statushandle, &status);
|
||||
|
|
|
@ -284,13 +284,16 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
|
|||
}
|
||||
|
||||
// Read the new node's Name from the file
|
||||
char buf[1024];
|
||||
char buf[1024] = "";
|
||||
fgets(buf, sizeof(buf), f);
|
||||
size_t buflen = strlen(buf);
|
||||
|
||||
if(*buf) {
|
||||
buf[strlen(buf) - 1] = 0;
|
||||
// Strip whitespace at the end
|
||||
while(buflen && strchr(" \t\r\n", buf[buflen - 1])) {
|
||||
buf[--buflen] = 0;
|
||||
}
|
||||
|
||||
// Split the first line into variable and value
|
||||
len = strcspn(buf, " \t=");
|
||||
char *name = buf + len;
|
||||
name += strspn(name, " \t");
|
||||
|
@ -302,6 +305,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
|
|||
|
||||
buf[len] = 0;
|
||||
|
||||
// Check that it is a valid Name
|
||||
if(!*buf || !*name || strcasecmp(buf, "Name") || !check_id(name) || !strcmp(name, myself->name)) {
|
||||
logger(DEBUG_ALWAYS, LOG_ERR, "Invalid invitation file %s\n", cookie);
|
||||
fclose(f);
|
||||
|
@ -486,11 +490,8 @@ bool id_h(connection_t *c, const char *request) {
|
|||
}
|
||||
}
|
||||
|
||||
#ifndef DISABLE_LEGACY
|
||||
bool send_metakey(connection_t *c) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
|
||||
if(!myself->connection->rsa) {
|
||||
logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
|
||||
return false;
|
||||
|
@ -580,14 +581,9 @@ bool send_metakey(connection_t *c) {
|
|||
|
||||
c->status.encryptout = true;
|
||||
return result;
|
||||
#endif
|
||||
}
|
||||
|
||||
bool metakey_h(connection_t *c, const char *request) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
|
||||
if(!myself->connection->rsa) {
|
||||
return false;
|
||||
}
|
||||
|
@ -655,13 +651,9 @@ bool metakey_h(connection_t *c, const char *request) {
|
|||
c->allow_request = CHALLENGE;
|
||||
|
||||
return send_challenge(c);
|
||||
#endif
|
||||
}
|
||||
|
||||
bool send_challenge(connection_t *c) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
const size_t len = rsa_size(c->rsa);
|
||||
char buffer[len * 2 + 1];
|
||||
|
||||
|
@ -678,14 +670,9 @@ bool send_challenge(connection_t *c) {
|
|||
/* Send the challenge */
|
||||
|
||||
return send_request(c, "%d %s", CHALLENGE, buffer);
|
||||
#endif
|
||||
}
|
||||
|
||||
bool challenge_h(connection_t *c, const char *request) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
|
||||
if(!myself->connection->rsa) {
|
||||
return false;
|
||||
}
|
||||
|
@ -720,8 +707,6 @@ bool challenge_h(connection_t *c, const char *request) {
|
|||
} else {
|
||||
return true;
|
||||
}
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
bool send_chal_reply(connection_t *c) {
|
||||
|
@ -748,9 +733,6 @@ bool send_chal_reply(connection_t *c) {
|
|||
}
|
||||
|
||||
bool chal_reply_h(connection_t *c, const char *request) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
char hishash[MAX_STRING_SIZE];
|
||||
|
||||
if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
|
||||
|
@ -791,13 +773,9 @@ bool chal_reply_h(connection_t *c, const char *request) {
|
|||
}
|
||||
|
||||
return send_ack(c);
|
||||
#endif
|
||||
}
|
||||
|
||||
static bool send_upgrade(connection_t *c) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
return false;
|
||||
#else
|
||||
/* Special case when protocol_minor is 1: the other end is Ed25519 capable,
|
||||
* but doesn't know our key yet. So send it now. */
|
||||
|
||||
|
@ -810,8 +788,46 @@ static bool send_upgrade(connection_t *c) {
|
|||
bool result = send_request(c, "%d %s", ACK, pubkey);
|
||||
free(pubkey);
|
||||
return result;
|
||||
#endif
|
||||
}
|
||||
#else
|
||||
bool send_metakey(connection_t *c) {
|
||||
(void)c;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool metakey_h(connection_t *c, const char *request) {
|
||||
(void)c;
|
||||
(void)request;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool send_challenge(connection_t *c) {
|
||||
(void)c;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool challenge_h(connection_t *c, const char *request) {
|
||||
(void)c;
|
||||
(void)request;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool send_chal_reply(connection_t *c) {
|
||||
(void)c;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool chal_reply_h(connection_t *c, const char *request) {
|
||||
(void)c;
|
||||
(void)request;
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool send_upgrade(connection_t *c) {
|
||||
(void)c;
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool send_ack(connection_t *c) {
|
||||
if(c->protocol_minor == 1) {
|
||||
|
|
|
@ -34,7 +34,9 @@
|
|||
#include "utils.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
#ifndef DISABLE_LEGACY
|
||||
static bool mykeyused = false;
|
||||
#endif
|
||||
|
||||
void send_key_changed(void) {
|
||||
#ifndef DISABLE_LEGACY
|
||||
|
|
|
@ -71,9 +71,9 @@ bool pong_h(connection_t *c, const char *request) {
|
|||
|
||||
/* Successful connection, reset timeout if this is an outgoing connection. */
|
||||
|
||||
if(c->outgoing) {
|
||||
if(c->outgoing && c->outgoing->timeout) {
|
||||
c->outgoing->timeout = 0;
|
||||
reset_address_cache(c->outgoing->address_cache, &c->address);
|
||||
reset_address_cache(c->outgoing->node->address_cache, &c->address);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
25
src/route.c
25
src/route.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
route.c -- routing
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2013 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -59,33 +59,30 @@ static const size_t opt_size = sizeof(struct nd_opt_hdr);
|
|||
#define MAX(a, b) ((a) > (b) ? (a) : (b))
|
||||
#endif
|
||||
|
||||
volatile int dummy;
|
||||
static timeout_t age_subnets_timeout;
|
||||
|
||||
/* RFC 1071 */
|
||||
|
||||
static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
|
||||
uint16_t *p = data;
|
||||
static uint16_t inet_checksum(void *vdata, int len, uint16_t prevsum) {
|
||||
uint8_t *data = vdata;
|
||||
uint16_t word;
|
||||
uint32_t checksum = prevsum ^ 0xFFFF;
|
||||
|
||||
while(len >= 2) {
|
||||
checksum += *p++;
|
||||
memcpy(&word, data, sizeof(word));
|
||||
checksum += word;
|
||||
data += 2;
|
||||
len -= 2;
|
||||
}
|
||||
|
||||
if(len) {
|
||||
checksum += *(uint8_t *)p;
|
||||
checksum += *data;
|
||||
}
|
||||
|
||||
while(checksum >> 16) {
|
||||
checksum = (checksum & 0xFFFF) + (checksum >> 16);
|
||||
}
|
||||
|
||||
// Work around a compiler optimization bug.
|
||||
if(checksum) {
|
||||
dummy = 1;
|
||||
}
|
||||
|
||||
return ~checksum;
|
||||
}
|
||||
|
||||
|
@ -165,7 +162,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_
|
|||
addr.sin_family = AF_INET;
|
||||
socklen_t addrlen = sizeof(addr);
|
||||
|
||||
if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
|
||||
if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && (size_t)addrlen <= sizeof(addr)) {
|
||||
ip_dst = addr.sin_addr;
|
||||
}
|
||||
}
|
||||
|
@ -270,7 +267,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_
|
|||
addr.sin6_family = AF_INET6;
|
||||
socklen_t addrlen = sizeof(addr);
|
||||
|
||||
if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
|
||||
if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && (size_t)addrlen <= sizeof(addr)) {
|
||||
pseudo.ip6_src = addr.sin6_addr;
|
||||
}
|
||||
}
|
||||
|
@ -598,7 +595,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et
|
|||
logger(DEBUG_TRAFFIC, LOG_INFO, "Fragmenting packet of %d bytes to %s (%s)", packet->len, dest->name, dest->hostname);
|
||||
|
||||
offset = DATA(packet) + ether_size + ip_size;
|
||||
maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
|
||||
maxlen = (MAX(dest->mtu, 590) - ether_size - ip_size) & ~0x7;
|
||||
ip_off = ntohs(ip.ip_off);
|
||||
origf = ip_off & ~IP_OFFMASK;
|
||||
ip_off &= IP_OFFMASK;
|
||||
|
|
11
src/script.c
11
src/script.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
script.c -- call an external script
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2017 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -50,7 +50,7 @@ static void unputenv(const char *p) {
|
|||
#else
|
||||
// We must keep what we putenv() around in memory.
|
||||
// To do this without memory leaks, keep things in a list and reuse if possible.
|
||||
static list_t list = {};
|
||||
static list_t list = {0};
|
||||
|
||||
for list_each(char, data, &list) {
|
||||
if(!strcmp(data, var)) {
|
||||
|
@ -142,7 +142,12 @@ bool execute_script(const char *name, environment_t *env) {
|
|||
#ifdef HAVE_MINGW
|
||||
|
||||
if(!*scriptextension) {
|
||||
const char *pathext = getenv("PATHEXT") ? : ".COM;.EXE;.BAT;.CMD";
|
||||
const char *pathext = getenv("PATHEXT");
|
||||
|
||||
if(!pathext) {
|
||||
pathext = ".COM;.EXE;.BAT;.CMD";
|
||||
}
|
||||
|
||||
size_t pathlen = strlen(pathext);
|
||||
size_t scriptlen = strlen(scriptname);
|
||||
char fullname[scriptlen + pathlen + 1];
|
||||
|
|
|
@ -78,6 +78,7 @@ static bool send_data(void *handle, uint8_t type, const void *data, size_t len)
|
|||
|
||||
static bool receive_record(void *handle, uint8_t type, const void *data, uint16_t len) {
|
||||
(void)handle;
|
||||
|
||||
if(verbose) {
|
||||
fprintf(stderr, "Received type %d record of %u bytes:\n", type, len);
|
||||
}
|
||||
|
@ -369,6 +370,7 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
char buf[65535] = "";
|
||||
size_t readsize = datagram ? 1460u : sizeof(buf);
|
||||
|
||||
fd_set fds;
|
||||
FD_ZERO(&fds);
|
||||
|
@ -386,7 +388,7 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
if(FD_ISSET(in, &fds)) {
|
||||
ssize_t len = read(in, buf, sizeof(buf));
|
||||
ssize_t len = read(in, buf, readsize);
|
||||
|
||||
if(len < 0) {
|
||||
fprintf(stderr, "Could not read from stdin: %s\n", strerror(errno));
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
/*
|
||||
subnet.h -- header for subnet.c
|
||||
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2021 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -78,6 +78,7 @@ extern void subnet_update(struct node_t *owner, subnet_t *subnet, bool up);
|
|||
extern int maskcmp(const void *a, const void *b, int masklen);
|
||||
extern void maskcpy(void *dest, const void *src, int masklen, int len);
|
||||
extern void mask(void *mask, int masklen, int len);
|
||||
extern bool subnetcheck(const subnet_t subnet);
|
||||
extern bool maskcheck(const void *mask, int masklen, int len);
|
||||
extern bool net2str(char *netstr, int len, const subnet_t *subnet);
|
||||
extern bool str2net(subnet_t *subnet, const char *netstr);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
subnet_parse.c -- handle subnet parsing
|
||||
Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2000-2021 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2000-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -87,6 +87,17 @@ void maskcpy(void *va, const void *vb, int masklen, int len) {
|
|||
}
|
||||
}
|
||||
|
||||
bool subnetcheck(const subnet_t subnet) {
|
||||
if(((subnet.type == SUBNET_IPV4)
|
||||
&& !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(subnet.net.ipv4.address)))
|
||||
|| ((subnet.type == SUBNET_IPV6)
|
||||
&& !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(subnet.net.ipv6.address)))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool maskcheck(const void *va, int masklen, int len) {
|
||||
int i;
|
||||
const char *a = va;
|
||||
|
|
139
src/tincctl.c
139
src/tincctl.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
tincctl.c -- Controlling a running tincd
|
||||
Copyright (C) 2007-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -40,6 +40,7 @@
|
|||
#include "tincctl.h"
|
||||
#include "top.h"
|
||||
#include "version.h"
|
||||
#include "subnet.h"
|
||||
|
||||
#ifndef MSG_NOSIGNAL
|
||||
#define MSG_NOSIGNAL 0
|
||||
|
@ -237,7 +238,7 @@ static bool parse_options(int argc, char **argv) {
|
|||
FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
|
||||
mode_t mask = umask(0);
|
||||
perms &= ~mask;
|
||||
umask(~perms);
|
||||
umask(~perms & 0777);
|
||||
FILE *f = fopen(filename, mode);
|
||||
|
||||
if(!f) {
|
||||
|
@ -262,19 +263,21 @@ static void disable_old_keys(const char *filename, const char *what) {
|
|||
bool disabled = false;
|
||||
bool block = false;
|
||||
bool error = false;
|
||||
FILE *r, *w;
|
||||
|
||||
r = fopen(filename, "r");
|
||||
FILE *r = fopen(filename, "r");
|
||||
FILE *w = NULL;
|
||||
|
||||
if(!r) {
|
||||
return;
|
||||
}
|
||||
|
||||
snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
|
||||
int result = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
|
||||
|
||||
if(result < sizeof(tmpfile)) {
|
||||
struct stat st = {.st_mode = 0600};
|
||||
fstat(fileno(r), &st);
|
||||
w = fopenmask(tmpfile, "w", st.st_mode);
|
||||
}
|
||||
|
||||
while(fgets(buf, sizeof(buf), r)) {
|
||||
if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
|
||||
|
@ -725,6 +728,24 @@ static void logcontrol(int fd, FILE *out, int level) {
|
|||
}
|
||||
}
|
||||
|
||||
static bool stop_tincd(void) {
|
||||
if(!connect_tincd(true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
sendline(fd, "%d %d", CONTROL, REQ_STOP);
|
||||
|
||||
while(recvline(fd, line, sizeof(line))) {
|
||||
// wait for tincd to close the connection...
|
||||
}
|
||||
|
||||
close(fd);
|
||||
pid = 0;
|
||||
fd = -1;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
static bool remove_service(void) {
|
||||
SC_HANDLE manager = NULL;
|
||||
|
@ -742,7 +763,12 @@ static bool remove_service(void) {
|
|||
service = OpenService(manager, identname, SERVICE_ALL_ACCESS);
|
||||
|
||||
if(!service) {
|
||||
if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST) {
|
||||
success = stop_tincd();
|
||||
} else {
|
||||
fprintf(stderr, "Could not open %s service: %s\n", identname, winerror(GetLastError()));
|
||||
}
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -883,7 +909,6 @@ bool connect_tincd(bool verbose) {
|
|||
return false;
|
||||
}
|
||||
|
||||
#ifdef HAVE_MINGW
|
||||
unsigned long arg = 0;
|
||||
|
||||
if(ioctlsocket(fd, FIONBIO, &arg) != 0) {
|
||||
|
@ -892,8 +917,6 @@ bool connect_tincd(bool verbose) {
|
|||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
|
||||
if(verbose) {
|
||||
fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno));
|
||||
|
@ -1083,9 +1106,11 @@ static int cmd_stop(int argc, char *argv[]) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
#ifndef HAVE_MINGW
|
||||
#ifdef HAVE_MINGW
|
||||
return remove_service();
|
||||
#else
|
||||
|
||||
if(!connect_tincd(true)) {
|
||||
if(!stop_tincd()) {
|
||||
if(pid) {
|
||||
if(kill(pid, SIGTERM)) {
|
||||
fprintf(stderr, "Could not send TERM signal to process with PID %d: %s\n", pid, strerror(errno));
|
||||
|
@ -1100,24 +1125,8 @@ static int cmd_stop(int argc, char *argv[]) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
sendline(fd, "%d %d", CONTROL, REQ_STOP);
|
||||
|
||||
while(recvline(fd, line, sizeof(line))) {
|
||||
// Wait for tincd to close the connection...
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
if(!remove_service()) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
close(fd);
|
||||
pid = 0;
|
||||
fd = -1;
|
||||
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int cmd_restart(int argc, char *argv[]) {
|
||||
|
@ -1346,7 +1355,7 @@ static int cmd_dump(int argc, char *argv[]) {
|
|||
color = "green";
|
||||
}
|
||||
|
||||
printf(" %s [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\"");
|
||||
printf(" \"%s\" [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\"");
|
||||
} else {
|
||||
if(only_reachable && !status.reachable) {
|
||||
continue;
|
||||
|
@ -1376,9 +1385,9 @@ static int cmd_dump(int argc, char *argv[]) {
|
|||
float w = 1 + 65536.0 / weight;
|
||||
|
||||
if(do_graph == 1 && strcmp(node1, node2) > 0) {
|
||||
printf(" %s -- %s [w = %f, weight = %f];\n", node1, node2, w, w);
|
||||
printf(" \"%s\" -- \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w);
|
||||
} else if(do_graph == 2) {
|
||||
printf(" %s -> %s [w = %f, weight = %f];\n", node1, node2, w, w);
|
||||
printf(" \"%s\" -> \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w);
|
||||
}
|
||||
} else {
|
||||
printf("%s to %s at %s port %s local %s port %s options %x weight %d\n", from, to, host, port, local_host, local_port, options, weight);
|
||||
|
@ -1717,18 +1726,18 @@ ecdsa_t *get_pubkey(FILE *f) {
|
|||
|
||||
const var_t variables[] = {
|
||||
/* Server configuration */
|
||||
{"AddressFamily", VAR_SERVER},
|
||||
{"AddressFamily", VAR_SERVER | VAR_SAFE},
|
||||
{"AutoConnect", VAR_SERVER | VAR_SAFE},
|
||||
{"BindToAddress", VAR_SERVER | VAR_MULTIPLE},
|
||||
{"BindToInterface", VAR_SERVER},
|
||||
{"Broadcast", VAR_SERVER | VAR_SAFE},
|
||||
{"BroadcastSubnet", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
|
||||
{"ConnectTo", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
|
||||
{"DecrementTTL", VAR_SERVER},
|
||||
{"DecrementTTL", VAR_SERVER | VAR_SAFE},
|
||||
{"Device", VAR_SERVER},
|
||||
{"DeviceStandby", VAR_SERVER},
|
||||
{"DeviceType", VAR_SERVER},
|
||||
{"DirectOnly", VAR_SERVER},
|
||||
{"DirectOnly", VAR_SERVER | VAR_SAFE},
|
||||
{"Ed25519PrivateKeyFile", VAR_SERVER},
|
||||
{"ExperimentalProtocol", VAR_SERVER},
|
||||
{"Forwarding", VAR_SERVER},
|
||||
|
@ -1738,34 +1747,34 @@ const var_t variables[] = {
|
|||
{"IffOneQueue", VAR_SERVER},
|
||||
{"Interface", VAR_SERVER},
|
||||
{"InvitationExpire", VAR_SERVER},
|
||||
{"KeyExpire", VAR_SERVER},
|
||||
{"KeyExpire", VAR_SERVER | VAR_SAFE},
|
||||
{"ListenAddress", VAR_SERVER | VAR_MULTIPLE},
|
||||
{"LocalDiscovery", VAR_SERVER},
|
||||
{"LocalDiscovery", VAR_SERVER | VAR_SAFE},
|
||||
{"LogLevel", VAR_SERVER},
|
||||
{"MACExpire", VAR_SERVER},
|
||||
{"MaxConnectionBurst", VAR_SERVER},
|
||||
{"MaxOutputBufferSize", VAR_SERVER},
|
||||
{"MaxTimeout", VAR_SERVER},
|
||||
{"MACExpire", VAR_SERVER | VAR_SAFE},
|
||||
{"MaxConnectionBurst", VAR_SERVER | VAR_SAFE},
|
||||
{"MaxOutputBufferSize", VAR_SERVER | VAR_SAFE},
|
||||
{"MaxTimeout", VAR_SERVER | VAR_SAFE},
|
||||
{"Mode", VAR_SERVER | VAR_SAFE},
|
||||
{"Name", VAR_SERVER},
|
||||
{"PingInterval", VAR_SERVER},
|
||||
{"PingTimeout", VAR_SERVER},
|
||||
{"PingInterval", VAR_SERVER | VAR_SAFE},
|
||||
{"PingTimeout", VAR_SERVER | VAR_SAFE},
|
||||
{"PriorityInheritance", VAR_SERVER},
|
||||
{"PrivateKey", VAR_SERVER | VAR_OBSOLETE},
|
||||
{"PrivateKeyFile", VAR_SERVER},
|
||||
{"ProcessPriority", VAR_SERVER},
|
||||
{"Proxy", VAR_SERVER},
|
||||
{"ReplayWindow", VAR_SERVER},
|
||||
{"ReplayWindow", VAR_SERVER | VAR_SAFE},
|
||||
{"ScriptsExtension", VAR_SERVER},
|
||||
{"ScriptsInterpreter", VAR_SERVER},
|
||||
{"StrictSubnets", VAR_SERVER},
|
||||
{"TunnelServer", VAR_SERVER},
|
||||
{"UDPDiscovery", VAR_SERVER},
|
||||
{"UDPDiscoveryKeepaliveInterval", VAR_SERVER},
|
||||
{"UDPDiscoveryInterval", VAR_SERVER},
|
||||
{"UDPDiscoveryTimeout", VAR_SERVER},
|
||||
{"MTUInfoInterval", VAR_SERVER},
|
||||
{"UDPInfoInterval", VAR_SERVER},
|
||||
{"StrictSubnets", VAR_SERVER | VAR_SAFE},
|
||||
{"TunnelServer", VAR_SERVER | VAR_SAFE},
|
||||
{"UDPDiscovery", VAR_SERVER | VAR_SAFE},
|
||||
{"UDPDiscoveryKeepaliveInterval", VAR_SERVER | VAR_SAFE},
|
||||
{"UDPDiscoveryInterval", VAR_SERVER | VAR_SAFE},
|
||||
{"UDPDiscoveryTimeout", VAR_SERVER | VAR_SAFE},
|
||||
{"MTUInfoInterval", VAR_SERVER | VAR_SAFE},
|
||||
{"UDPInfoInterval", VAR_SERVER | VAR_SAFE},
|
||||
{"UDPRcvBuf", VAR_SERVER},
|
||||
{"UDPSndBuf", VAR_SERVER},
|
||||
{"UPnP", VAR_SERVER},
|
||||
|
@ -1776,12 +1785,12 @@ const var_t variables[] = {
|
|||
/* Host configuration */
|
||||
{"Address", VAR_HOST | VAR_MULTIPLE},
|
||||
{"Cipher", VAR_SERVER | VAR_HOST},
|
||||
{"ClampMSS", VAR_SERVER | VAR_HOST},
|
||||
{"Compression", VAR_SERVER | VAR_HOST},
|
||||
{"ClampMSS", VAR_SERVER | VAR_HOST | VAR_SAFE},
|
||||
{"Compression", VAR_SERVER | VAR_HOST | VAR_SAFE},
|
||||
{"Digest", VAR_SERVER | VAR_HOST},
|
||||
{"Ed25519PublicKey", VAR_HOST},
|
||||
{"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST},
|
||||
{"IndirectData", VAR_SERVER | VAR_HOST},
|
||||
{"IndirectData", VAR_SERVER | VAR_HOST | VAR_SAFE},
|
||||
{"MACLength", VAR_SERVER | VAR_HOST},
|
||||
{"PMTU", VAR_SERVER | VAR_HOST},
|
||||
{"PMTUDiscovery", VAR_SERVER | VAR_HOST},
|
||||
|
@ -1789,7 +1798,7 @@ const var_t variables[] = {
|
|||
{"PublicKey", VAR_HOST | VAR_OBSOLETE},
|
||||
{"PublicKeyFile", VAR_SERVER | VAR_HOST | VAR_OBSOLETE},
|
||||
{"Subnet", VAR_HOST | VAR_MULTIPLE | VAR_SAFE},
|
||||
{"TCPOnly", VAR_SERVER | VAR_HOST},
|
||||
{"TCPOnly", VAR_SERVER | VAR_HOST | VAR_SAFE},
|
||||
{"Weight", VAR_HOST | VAR_SAFE},
|
||||
{NULL, 0}
|
||||
};
|
||||
|
@ -1880,6 +1889,19 @@ static int cmd_config(int argc, char *argv[]) {
|
|||
found = true;
|
||||
variable = (char *)variables[i].name;
|
||||
|
||||
if(!strcasecmp(variable, "Subnet")) {
|
||||
subnet_t s = {0};
|
||||
|
||||
if(!str2net(&s, value)) {
|
||||
fprintf(stderr, "Malformed subnet definition %s\n", value);
|
||||
}
|
||||
|
||||
if(!subnetcheck(s)) {
|
||||
fprintf(stderr, "Network address and prefix length do not match: %s\n", value);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Discourage use of obsolete variables. */
|
||||
|
||||
if(variables[i].type & VAR_OBSOLETE && action >= 0) {
|
||||
|
@ -2301,6 +2323,7 @@ static int cmd_init(int argc, char *argv[]) {
|
|||
|
||||
static int cmd_generate_keys(int argc, char *argv[]) {
|
||||
#ifdef DISABLE_LEGACY
|
||||
(void)argv;
|
||||
|
||||
if(argc > 1) {
|
||||
#else
|
||||
|
@ -2440,10 +2463,14 @@ static int cmd_edit(int argc, char *argv[]) {
|
|||
char *command;
|
||||
#ifndef HAVE_MINGW
|
||||
const char *editor = getenv("VISUAL");
|
||||
if (!editor)
|
||||
|
||||
if(!editor) {
|
||||
editor = getenv("EDITOR");
|
||||
if (!editor)
|
||||
}
|
||||
|
||||
if(!editor) {
|
||||
editor = "vi";
|
||||
}
|
||||
|
||||
xasprintf(&command, "\"%s\" \"%s\"", editor, filename);
|
||||
#else
|
||||
|
|
11
src/tincd.c
11
src/tincd.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
tincd.c -- the main file for tincd
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2018 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2021 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2008 Max Rijevski <maksuf@gmail.com>
|
||||
2009 Michael Tokarev <mjt@tls.msk.ru>
|
||||
2010 Julien Muchembled <jm@jmuchemb.eu>
|
||||
|
@ -344,10 +344,15 @@ static bool drop_privs(void) {
|
|||
# define setpriority(level) !SetPriorityClass(GetCurrentProcess(), (level))
|
||||
|
||||
static void stop_handler(void *data, int flags) {
|
||||
(void)data;
|
||||
(void)flags;
|
||||
|
||||
event_exit();
|
||||
}
|
||||
|
||||
static BOOL WINAPI console_ctrl_handler(DWORD type) {
|
||||
(void)type;
|
||||
|
||||
logger(DEBUG_ALWAYS, LOG_NOTICE, "Got console shutdown request");
|
||||
|
||||
if(WSASetEvent(stop_io.event) == FALSE) {
|
||||
|
@ -373,7 +378,7 @@ int main(int argc, char **argv) {
|
|||
if(show_version) {
|
||||
printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
|
||||
BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
|
||||
printf("Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||
printf("Copyright (C) 1998-2021 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||
"See the AUTHORS file for a complete list.\n\n"
|
||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||
"and you are welcome to redistribute it under certain conditions;\n"
|
||||
|
@ -481,6 +486,8 @@ int main(int argc, char **argv) {
|
|||
}
|
||||
|
||||
int main2(int argc, char **argv) {
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif
|
||||
char *priority = NULL;
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue