Fix indentation

tinc (1.1~pre17-1.1) experimental; urgency=medium

  * Non-maintainer upload.
  * Fix systemd service install path. Closes: #910618
  * Fix typo in --enable-miniupnpc option.

.drone.yml

@@ -0,0 +1,52 @@
+kind: pipeline
+name: default
+
+steps:
+  - name: Build Bullseye
+    image: debian:bullseye
+    volumes:
+      - name: finished_files
+        path: /deb_files
+    commands:
+      - apt update
+      - apt -y upgrade
+      - apt -y install --no-install-recommends build-essential equivs devscripts git
+      - git clean -f -d -x
+      - mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' debian/control
+      - dpkg-buildpackage -b -uc
+      - mkdir -p /deb_files/bullseye/
+      - cp ../tinc*.deb /deb_files/bullseye/
+      - find ..
+  
+  - name: Build Buster
+    image: debian:buster
+    volumes:
+      - name: finished_files
+        path: /deb_files
+    commands:
+      - apt update
+      - apt -y upgrade
+      - apt -y install --no-install-recommends build-essential equivs devscripts git
+      - git clean -f -d -x
+      - mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' debian/control
+      - dpkg-buildpackage -b -uc
+      - mkdir -p /deb_files/buster/
+      - cp ../tinc*.deb /deb_files/buster/
+      - find ..
+
+  - name: gitea_release
+    image: plugins/gitea-release
+    settings:
+      api_key:
+        from_secret: GITEA_KEY
+      base_url: https://git.neulandlabor.de/
+      files: 
+        - /deb_files/buster/*.deb
+        - /deb_files/bullseye/*.deb
+    when:
+      event: tag
+      branch:
+        - nll_*
+volumes:
+  - name: finished_files
+    temp: {}

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.
+Copyright (C) 1998-2021 Ivo Timmermans, Guus Sliepen and others.
 See the AUTHORS file for a complete list.
 
 This program is free software; you can redistribute it and/or modify it under

Makefile.am

@@ -2,7 +2,7 @@
 
 AUTOMAKE_OPTIONS = gnu
 
-SUBDIRS =  src doc test systemd
+SUBDIRS =  src doc test systemd bash_completion.d
 
 ACLOCAL_AMFLAGS = -I m4
 

Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -145,8 +145,8 @@ am__recursive_targets = \
   $(am__extra_recursive_targets)
 AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
 	cscope distdir distdir-am dist dist-all distcheck
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
-	$(LISP)config.h.in
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
+	config.h.in
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
 # *not* preserved.
@@ -208,6 +208,8 @@ am__relativize = \
 DIST_ARCHIVES = $(distdir).tar.gz
 GZIP_ENV = --best
 DIST_TARGETS = dist-gzip
+# Exists only to be overridden by the user if desired.
+AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -323,7 +325,7 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 AUTOMAKE_OPTIONS = gnu
-SUBDIRS = src doc test systemd
+SUBDIRS = src doc test systemd bash_completion.d
 ACLOCAL_AMFLAGS = -I m4
 EXTRA_DIST = COPYING.README README.android
 all: config.h
@@ -568,6 +570,10 @@ dist-xz: distdir
 	tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
 	$(am__post_remove_distdir)
 
+dist-zstd: distdir
+	tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
+	$(am__post_remove_distdir)
+
 dist-tarZ: distdir
 	@echo WARNING: "Support for distribution archives compressed with" \
 		       "legacy program 'compress' is deprecated." >&2
@@ -610,6 +616,8 @@ distcheck: dist
 	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
+	*.tar.zst*) \
+	  zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
 	esac
 	chmod -R a-w $(distdir)
 	chmod u+w $(distdir)
@@ -625,7 +633,7 @@ distcheck: dist
 	    $(DISTCHECK_CONFIGURE_FLAGS) \
 	    --srcdir=../.. --prefix="$$dc_install_base" \
 	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
 	  && $(MAKE) $(AM_MAKEFLAGS) check \
 	  && $(MAKE) $(AM_MAKEFLAGS) install \
 	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -786,7 +794,7 @@ uninstall-am:
 	am--refresh check check-am clean clean-cscope clean-generic \
 	cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
 	dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
-	distcheck distclean distclean-generic distclean-hdr \
+	dist-zstd distcheck distclean distclean-generic distclean-hdr \
 	distclean-tags distcleancheck distdir distuninstallcheck dvi \
 	dvi-am html html-am info info-am install install-am \
 	install-data install-data-am install-dvi install-dvi-am \

NEWS

@@ -1,3 +1,23 @@
+# Version 1.1pre18             June 27 2021
+
+* Check all Address statements when making outgoing connections.
+* Make more variables safe for use in invitations.
+* Allow "tinc --force join" to accept all variables sent in an invitation.
+* Make sure the stop command works on Windows if tincd is running in the
+  foreground.
+* Handle DOS line endings in invitation files.
+* Double-quote node names in dump graph output.
+* Prevent large amounts of UDP probes being sent consecutively.
+* Try harder to reconnect with unreachable nodes.
+* Generate tinc-up.bat on Windows.
+* Fix a possible infinite loop when adding Subnets to a running tincd.
+* Allow a tun/tap filedescriptor to be passed through a UNIX socket.
+* Use auto-clone tun/tap devices as default on FreeBSD and DragonFlyBSD.
+
+Thanks to Fabian Maurer, Ilia Pavlikhin, Maciej S. Szmigiero, Pacien
+Tran-Girard, Aaron Li, Andreas Rammhold, Rosen Penev, Shengjing Zhu, Werner
+Schreiber, iczero and leptonyu for their contributions to this version of tinc.
+
 # Version 1.1pre17             October 8 2018
 
 * Prevent oracle attacks in the legacy protocol (CVE-2018-16737,

README

@@ -1,7 +1,7 @@
-This is the README file for tinc version 1.1pre17. Installation
+This is the README file for tinc version 1.1pre18. Installation
 instructions may be found in the INSTALL file.
 
-tinc is Copyright © 1998-2018 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
+tinc is Copyright © 1998-2021 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
 
 For a complete list of authors see the AUTHORS file.
 
@@ -46,7 +46,7 @@ versions, the security might only be as good as that of the oldest version.
 Compatibility
 -------------
 
-Version 1.1pre17 is compatible with 1.0pre8, 1.0 and later, but not with older
+Version 1.1pre18 is compatible with 1.0pre8, 1.0 and later, but not with older
 versions of tinc.
 
 When the ExperimentalProtocol option is used, tinc is still compatible with

THANKS

@@ -1,9 +1,11 @@
 We would like to thank the following people for their contributions to tinc:
 
+* Aaron Li
 * Alexander Reil and Gemeinde Berg
 * Alexander Ried
 * Alexis Hildebrandt
 * Allesandro Gatti
+* Andreas Rammhold
 * Andreas van Cranenburgh
 * Andrew Hahn
 * Anthony G. Basile
@@ -26,17 +28,23 @@ We would like to thank the following people for their contributions to tinc:
 * Enrique Zanardi
 * Erik Tews
 * Etienne Dechamps
+* Fabian Maurer
 * Florent Clairambault
 * Florian Forster
 * Florian Klink
 * Florian Weik
 * Flynn Marquardt
 * Franz Pletz
+* Fufu Fang
 * Gary Kessler and Claudia Gonzalez
 * Grzegorz Dymarek
 * Gusariev Oleksandr
 * Hans Bayle
 * Harvest
+* Huai An Hsu
+* iczero
+* Ilia Pavlikhin
+* Ivan Mirić
 * Ivo Smits
 * Ivo van Dong
 * James Cook
@@ -49,17 +57,21 @@ We would like to thank the following people for their contributions to tinc:
 * Jeroen Domburg
 * Jeroen Ubbink
 * Jerome Etienne
+* Jiang Sheng
 * Jochen Voss
 * Jo-Philipp Wich
 * Julien Muchembled
 * Lavrans Laading
+* leptonyu
 * Loïc Dachary
 * Loïc Grenié
 * Lubomír Bulej
 * luckyhacky
 * LunarShaddow
+* Maciej S. Szmigiero
 * Mads Kiilerich
 * Marc A. Lehmann
+* Marco Oggioni
 * Mark Glines
 * Mark Petryk
 * Markus Goetz
@@ -78,20 +90,26 @@ We would like to thank the following people for their contributions to tinc:
 * Nathan Stratton Treadway
 * Nick Hibma
 * Nick Patavalis
+* Pacien Tran-Girard
+* Patrick Helms
 * Paul Littlefield
 * Philipp Babel
 * Pierre Emeriaud
 * Pierre-Olivier Mercier
 * Rafael Sadowski
 * Rafał Leśniak
+* René Rüthlein
 * Rhosyn Celyn
 * Robert van der Meulen
+* Robert Waniek
+* Rosen Penev
 * Rumko
 * Ryan Miller
 * Sam Bryan
 * Samuel Thibault
 * Saverio Proto
 * Scott Lamb
+* Shengjing Zhu
 * Steffan Karger
 * Stig Fagrell
 * Sven-Haegar Koch
@@ -104,8 +122,11 @@ We would like to thank the following people for their contributions to tinc:
 * Tonnerre Lombard
 * Ulrich Seifert
 * Vil Brekin
+* Vincent Laurent
 * Vittorio Gambaletta
+* Volker Augustin
 * Wendy Willard
+* Werner Schreiber
 * Wessel Dankers
 * William A. Kennington III
 * William McArthur

aclocal.m4

@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.3 -*- Autoconf -*-
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,7 @@ You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically 'autoreconf'.])])
 
-# Copyright (C) 2002-2018 Free Software Foundation, Inc.
+# Copyright (C) 2002-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
 [am__api_version='1.16'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.16.1], [],
+m4_if([$1], [1.16.3], [],
       [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])
 
@@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.16.1])dnl
+[AM_AUTOMAKE_VERSION([1.16.3])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
 
 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
 
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
-# Copyright (C) 1997-2018 Free Software Foundation, Inc.
+# Copyright (C) 1997-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
 
 # Generate code to set up dependency tracking.              -*- Autoconf -*-
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -371,7 +371,9 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
   done
   if test $am_rc -ne 0; then
     AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
-    for automatic dependency tracking.  Try re-running configure with the
+    for automatic dependency tracking.  If GNU make was not used, consider
+    re-running the configure script with MAKE="gmake" (or whatever is
+    necessary).  You can also try re-running configure with the
     '--disable-dependency-tracking' option to at least be able to build
     the package (albeit without support for automatic dependency tracking).])
   fi
@@ -398,7 +400,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 
 # Do all the work for Automake.                             -*- Autoconf -*-
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -595,7 +597,7 @@ for _am_header in $config_headers :; do
 done
 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -616,7 +618,7 @@ if test x"${install_sh+set}" != xset; then
 fi
 AC_SUBST([install_sh])])
 
-# Copyright (C) 2003-2018 Free Software Foundation, Inc.
+# Copyright (C) 2003-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -637,7 +639,7 @@ AC_SUBST([am__leading_dot])])
 
 # Check to see how 'make' treats includes.	            -*- Autoconf -*-
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -680,7 +682,7 @@ AC_SUBST([am__quote])])
 
 # Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
 
-# Copyright (C) 1997-2018 Free Software Foundation, Inc.
+# Copyright (C) 1997-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -701,12 +703,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN],
 [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
 AC_REQUIRE_AUX_FILE([missing])dnl
 if test x"${MISSING+set}" != xset; then
-  case $am_aux_dir in
-  *\ * | *\	*)
-    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
-  *)
-    MISSING="\${SHELL} $am_aux_dir/missing" ;;
-  esac
+  MISSING="\${SHELL} '$am_aux_dir/missing'"
 fi
 # Use eval to expand $SHELL
 if eval "$MISSING --is-lightweight"; then
@@ -719,7 +716,7 @@ fi
 
 # Helper functions for option handling.                     -*- Autoconf -*-
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -748,7 +745,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
 AC_DEFUN([_AM_IF_OPTION],
 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -795,7 +792,7 @@ AC_LANG_POP([C])])
 # For backward compatibility.
 AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -814,7 +811,7 @@ AC_DEFUN([AM_RUN_LOG],
 
 # Check to make sure that the build environment is sane.    -*- Autoconf -*-
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -895,7 +892,7 @@ AC_CONFIG_COMMANDS_PRE(
 rm -f conftest.file
 ])
 
-# Copyright (C) 2009-2018 Free Software Foundation, Inc.
+# Copyright (C) 2009-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -955,7 +952,7 @@ AC_SUBST([AM_BACKSLASH])dnl
 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
 ])
 
-# Copyright (C) 2001-2018 Free Software Foundation, Inc.
+# Copyright (C) 2001-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -983,7 +980,7 @@ fi
 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
 AC_SUBST([INSTALL_STRIP_PROGRAM])])
 
-# Copyright (C) 2006-2018 Free Software Foundation, Inc.
+# Copyright (C) 2006-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1002,7 +999,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 
 # Check how to create a tarball.                            -*- Autoconf -*-
 
-# Copyright (C) 2004-2018 Free Software Foundation, Inc.
+# Copyright (C) 2004-2020 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

bash_completion.d/Makefile.am

@@ -0,0 +1,2 @@
+bash_completiondir = @datarootdir@/bash-completion/completions/
+dist_bash_completion_DATA = tinc

bash_completion.d/Makefile.in

@@ -0,0 +1,490 @@
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = bash_completion.d
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/ax_append_flag.m4 \
+	$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
+	$(top_srcdir)/m4/ax_check_compile_flag.m4 \
+	$(top_srcdir)/m4/ax_check_link_flag.m4 \
+	$(top_srcdir)/m4/ax_code_coverage.m4 \
+	$(top_srcdir)/m4/ax_require_defined.m4 \
+	$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
+	$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \
+	$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_bash_completion_DATA) \
+	$(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__installdirs = "$(DESTDIR)$(bash_completiondir)"
+DATA = $(dist_bash_completion_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@
+CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@
+CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@
+CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
+CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@
+CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CURSES_LIBS = @CURSES_LIBS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+GCOV = @GCOV@
+GENHTML = @GENHTML@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MINIUPNPC_LIBS = @MINIUPNPC_LIBS@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+READLINE_LIBS = @READLINE_LIBS@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+systemd_path = @systemd_path@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+bash_completiondir = @datarootdir@/bash-completion/completions/
+dist_bash_completion_DATA = tinc
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu bash_completion.d/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu bash_completion.d/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-dist_bash_completionDATA: $(dist_bash_completion_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(dist_bash_completion_DATA)'; test -n "$(bash_completiondir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(bash_completiondir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(bash_completiondir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(bash_completiondir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(bash_completiondir)" || exit $$?; \
+	done
+
+uninstall-dist_bash_completionDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_bash_completion_DATA)'; test -n "$(bash_completiondir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(bash_completiondir)'; $(am__uninstall_files_from_dir)
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(DATA)
+installdirs:
+	for dir in "$(DESTDIR)$(bash_completiondir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_bash_completionDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_bash_completionDATA
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic cscopelist-am \
+	ctags-am distclean distclean-generic distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_bash_completionDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
+	uninstall-am uninstall-dist_bash_completionDATA
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:

bash_completion.d/tinc

@@ -0,0 +1,92 @@
+_tinc() {
+	local cur prev opts confvars commands nets
+	COMPREPLY=()
+	cur="${COMP_WORDS[COMP_CWORD]}"
+	prev="${COMP_WORDS[COMP_CWORD-1]}"
+	opts="-c -d -D -K -n -o -L -R -U --config --no-detach --debug --net --option --mlock --logfile --pidfile --chroot --user --help --version"
+	confvars="Address AddressFamily BindToAddress BindToInterface Broadcast BroadcastSubnet Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceStandby DeviceType Digest DirectOnly Ed25519PrivateKeyFile Ed25519PublicKey Ed25519PublicKeyFile ExperimentalProtocol Forwarding FWMark GraphDumpFile Hostnames IffOneQueue IndirectData Interface InvitationExpire KeyExpire ListenAddress LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode MTUInfoInterval Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPDiscovery UDPDiscoveryKeepaliveInterval UDPDiscoveryInterval UDPDiscoveryTimeout UDPInfoInterval UDPRcvBuf UDPSndBuf UPnP UPnPDiscoverWait UPnPRefreshPeriod VDEGroup VDEPort Weight"
+	commands="add connect debug del disconnect dump edit export export-all generate-ed25519-keys generate-keys generate-rsa-keys get help import info init invite join list log network pcap pid purge reload restart retry set sign start stop top verify version"
+
+	case ${prev} in
+		-c|--config)
+        	compopt -o dirnames 2>/dev/null
+		return 0
+		;;
+		-n|--net)
+		nets=""
+		pushd /etc/tinc >/dev/null 2>/dev/null
+		for dir in *; do
+			if [[ -f "$dir/tinc.conf" ]]; then
+				nets="$nets $dir"
+			fi
+		done
+		popd >/dev/null 2>/dev/null
+		COMPREPLY=( $(compgen -W "${nets}" -- ${cur}) )
+		return 0
+		;;
+		-o|--option)
+		compopt -o nospace
+		COMPREPLY=( $(compgen -W "${confvars}" -- ${cur}) )
+		if [[ ${#COMPREPLY[*]} == 1 ]] ; then
+			COMPREPLY=$COMPREPLY=
+		fi
+		return 0
+		;;
+		-U|--user)
+		COMPREPLY=( $(compgen -u ${cur}) )
+		return 0
+		;;
+		--logfile|--pidfile)
+        	compopt -o filenames 2>/dev/null
+		COMPREPLY=( $(compgen -f ${cur}) )
+		return 0
+	esac
+	if [[ ${cur} == -* ]] ; then
+		COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+		return 0
+	fi
+	if [[ $1 == "d" ]]; then
+		if [[ -z ${cur} ]] ; then 
+			COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+		fi
+		return 0
+	fi
+	COMPREPLY=( $(compgen -W "${commands}" -- ${cur}) )
+	case $prev in
+		get|set|add|del)
+		COMPREPLY=( $(compgen -W "${confvars}" -- ${cur}) )
+		return 0
+		;;
+		dump|list|reachable)
+		COMPREPLY=( $(compgen -W "reachable nodes edges subnets connections graph invitations" -- ${cur}) )
+		return 0
+		;;
+		network)
+		nets=""
+		pushd /etc/tinc >/dev/null 2>/dev/null
+		for dir in *; do
+			if [[ -f "$dir/tinc.conf" ]]; then
+				nets="$nets $dir"
+			fi
+		done
+		popd >/dev/null 2>/dev/null
+		COMPREPLY=( $(compgen -W "${nets}" -- ${cur}) )
+		return 0
+		;;
+	esac
+	if [[ -z ${cur} ]] ; then 
+		COMPREPLY=( $(compgen -W "${opts} ${commands}" -- ${cur}) )
+	fi
+	return 0
+}
+
+_tincd() {
+	_tinc d;
+}
+
+_tincctl() {
+	_tinc ctl;
+}
+
+complete -F _tincd tincd
+complete -F _tincctl tinc

compile

@@ -3,7 +3,7 @@
 
 scriptversion=2018-03-07.03; # UTC
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 # Written by Tom Tromey <tromey@cygnus.com>.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -53,7 +53,7 @@ func_file_conv ()
 	  MINGW*)
 	    file_conv=mingw
 	    ;;
-	  CYGWIN*)
+	  CYGWIN* | MSYS*)
 	    file_conv=cygwin
 	    ;;
 	  *)
@@ -67,7 +67,7 @@ func_file_conv ()
 	mingw/*)
 	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
 	  ;;
-	cygwin/*)
+	cygwin/* | msys/*)
 	  file=`cygpath -m "$file" || echo "$file"`
 	  ;;
 	wine/*)

config.h.in

@@ -33,9 +33,6 @@
 /* Define to 1 if you have the <curses.h> header file. */
 #undef HAVE_CURSES_H
 
-/* Cygwin */
-#undef HAVE_CYGWIN
-
 /* Define to 1 if you have the `daemon' function. */
 #undef HAVE_DAEMON
 
@@ -264,6 +261,9 @@
 /* Solaris/SunOS */
 #undef HAVE_SOLARIS
 
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
 
@@ -381,9 +381,6 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
@@ -422,9 +419,6 @@
 /* Define to 1 if you need to in order for `stat' and other things to work. */
 #undef _POSIX_SOURCE
 
-/* Enable BSD extensions */
-#undef __USE_BSD
-
 /* Defined if the __malloc__ attribute is not supported. */
 #undef __malloc__
 

configure.ac

@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
 
 origcflags="$CFLAGS"
 
-AC_PREREQ(2.61)
+AC_PREREQ(2.69)
 AC_INIT([tinc], m4_esyscmd_s((git describe || echo UNKNOWN) | sed 's/release-//'))
 AC_CONFIG_SRCDIR([src/tincd.c])
 AM_INIT_AUTOMAKE([std-options subdir-objects nostdinc silent-rules -Wall])
@@ -10,14 +10,11 @@ AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
 AM_SILENT_RULES([yes])
 
-# Enable GNU extensions.
-# Define this here, not in acconfig's @TOP@ section, since definitions
-# in the latter don't make it into the configure-time tests.
-AC_GNU_SOURCE
-AC_DEFINE([__USE_BSD], 1, [Enable BSD extensions])
+AC_USE_SYSTEM_EXTENSIONS
 
 dnl Checks for programs.
-AC_PROG_CC_C99
+AC_PROG_CC
+AC_PROG_CC_STDC
 AC_PROG_CPP
 AC_PROG_INSTALL
 AM_PROG_CC_C_O
@@ -65,8 +62,7 @@ case $host_os in
     AC_DEFINE(HAVE_BSD, 1, [Unknown BSD variant])
   ;;
   *cygwin*)
-    cygwin=true
-    AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
+    AC_MSG_ERROR("Cygwin is no longer supported. Use MinGW to build native Windows binaries.")
   ;;
   *mingw*)
     mingw=true
@@ -95,6 +91,7 @@ AC_ARG_ENABLE(vde,
   AS_HELP_STRING([--enable-vde], [enable support for Virtual Distributed Ethernet]),
   [ AS_IF([test "x$enable_vde" = "xyes"],
       [ AC_CHECK_HEADERS(libvdeplug_dyn.h, [], [AC_MSG_ERROR([VDE plug header files not found.]); break])
+        AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"], [AC_MSG_ERROR([VDE plug depends on libdl.]); break])
         AC_DEFINE(ENABLE_VDE, 1, [Support for VDE])
         vde=true
       ],
@@ -168,7 +165,7 @@ AS_IF([test "x$enable_hardening" != "xno"],
 dnl Checks for header files.
 dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies.
 
-AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h sys/un.h sys/wait.h netdb.h arpa/inet.h dirent.h getopt.h])
+AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/mman.h sys/param.h sys/resource.h sys/socket.h sys/time.h sys/un.h sys/wait.h netdb.h arpa/inet.h dirent.h getopt.h stddef.h])
 AC_CHECK_HEADERS([net/if.h net/if_types.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h netpacket/packet.h],
   [], [], [#include "$srcdir/src/have.h"]
 )
@@ -189,7 +186,6 @@ AC_CHECK_TYPES([struct ether_header, struct arphdr, struct ether_arp, struct ip,
 )
 
 dnl Checks for library functions.
-AC_TYPE_SIGNAL
 AC_CHECK_FUNCS([asprintf daemon fchmod flock fork gettimeofday mlockall putenv recvmmsg strsignal nanosleep unsetenv vsyslog devname fdevname],
   [], [], [#include "$srcdir/src/have.h"]
 )
@@ -266,6 +262,6 @@ if test "x$runstatedir" = "x"; then
   AC_SUBST([runstatedir], ['${localstatedir}/run'])
 fi
 
-AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile test/Makefile systemd/Makefile])
+AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile test/Makefile test/testlib.sh systemd/Makefile bash_completion.d/Makefile])
 
 AC_OUTPUT

debian/NEWS

@@ -0,0 +1,43 @@
+tinc (1.1~pre11-1) experimental; urgency=medium
+
+  This package now provides a native systemd service file, allowing multiple
+  instances of tinc to be managed. Existing networks listed in
+  /etc/tinc/nets.boot will be converted to service instances once during this
+  upgrade. Afterwards, you can enable and disable networks using:
+
+    systemctl enable tinc@<netname>
+    systemctl disable tinc@<netname>
+
+  If you do not have systemd installed, the SysV init script will continue to
+  work as usual. For more information, see README.Debian.
+
+  Please note that tinc 1.1pre11 is backwards compatible with tinc 1.0.x, but
+  is not backwards compatible with 1.1pre1 to 1.1pre10 nodes if
+  ExperimentalProtocol is enabled, which is the default.
+
+  If you have more than one node running an 1.1 prerelease version in your VPN,
+  make sure you upgrade them all at the same time, or disable the new protocol
+  by adding the following line to tinc.conf:
+
+    ExperimentalProtocol = no
+
+  If you do want to use the new protocol, be aware that this version of tinc
+  switched to Ed25519 keys. You can generate a new Ed25519 keypair by running
+  the following command:
+
+    tinc -n <netname> generate-ed25519-keys
+
+  You have to manually restart tinc after this upgrade.
+
+ -- Guus Sliepen <guus@debian.org>  Sat, 08 Jan 2015 14:02:27 +0100
+
+tinc (1.1~pre2-1) experimental; urgency=low
+
+  tinc-1.1 has separate control utility, tinc (without the d), which is now
+  used to start/stop tinc instances, to reload configuration, to get various
+  information about running tincd (including dump of nodes and connections)
+  and so on. tincd still reacts to some signals as before, but this usage is
+  deprecated. In particular, -k option is now gone. Also, node/connection/etc
+  dumps are produced on tincctl stdout, not into syslog.
+
+ -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 07 Aug 2011 13:16:17 +0400

debian/README.Debian

@@ -0,0 +1,78 @@
+tinc for Debian
+---------------
+
+The manual for tinc is also available as info pages, type `info tinc'
+to read it.
+
+There are several ways in which tinc may be automatically started at boot:
+
+Systemd
+-------
+
+Since 1.1~pre11-1, the tinc package comes with native systemd service files.
+To enable and start a net, call:
+
+systemctl enable tinc@<netname>
+systemctl start tinc@<netname>
+
+This will cause a tincd to be started which uses the configuration from
+/etc/tinc/<netname>, and also makes sure that it will be started next time your
+system boots.
+
+Apart from controlling individual instances, you can also start/stop/reload all
+enabled instances simultaneously by omitting @<netname>, for example:
+
+systemctl reload tinc
+
+Note that when you have systemd installed on your system, the file
+/etc/tinc/nets.boot will not be used anymore to automatically start tinc
+daemons. If the variable EXTRA is defined in /etc/default/tinc, it will be
+passed on to tinc. The variable LIMITS is however not used.
+
+The service files that come with this package start tinc unconditionally.
+However, tinc does support socket activation. If you wish to write a socket
+unit for tinc, use the ListenStream option to specify on which port(s) and
+address(es) tinc should listen.
+
+SysVinit
+--------
+
+The system startup script for tinc, /etc/init.d/tinc, uses the file
+/etc/tinc/nets.boot to find out which networks have to be started. Use one
+netname per line. Lines starting with a # are ignored.
+
+/etc/network/interfaces
+-----------------------
+
+You can create a stanza in /etc/network/interfaces, and add a line with
+"tinc-net <netname>". This will cause a tincd to be started which uses the
+configuration from /etc/tinc/<netname>. You can use an inet static (with
+address and netmask options) or inet dhcp stanza, in which case the ifup will
+configure the VPN interface and you do not need to have a tinc-up script.
+
+The following options are also recognized and map directly to the corresponding
+command line options for tincd:
+
+tinc-config <directory>
+tinc-debug <level>
+tinc-mlock yes
+tinc-logfile <filename>
+tinc-chroot yes
+tinc-user <username>
+
+An example stanza:
+
+iface vpn inet static
+	address 192.168.2.42
+	netmask 255.255.0.0
+	tinc-net myvpn
+	tinc-debug 1
+	tinc-mlock yes
+	tinc-user nobody
+
+This will start a tinc daemon that reads its configuration from
+/etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user
+nobody, and creates a network interface called "vpn". Ifup then sets the
+address and netmask on that interface.
+
+ -- Guus Sliepen <guus@debian.org>, Thu, 8 January 2015, 13:37:46 +0100

debian/changelog

@@ -0,0 +1,663 @@
+tinc (1.1~pre18-1) experimental; urgency=medium
+
+  * New upstream release.
+    - The patch for EVP_DecryptUpdate is no longer necessary.
+  * Disable support for VDE.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 27 Jun 2021 20:10:22 +0200
+
+tinc (1.1~pre17-1.2) experimental; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch to fix EVP_DecryptUpdate issue. Closes: #923438
+  
+ -- Don Armstrong <don@debian.org>  Sun, 31 May 2020 15:11:34 -0700
+
+tinc (1.1~pre17-1.1) experimental; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix systemd service install path. Closes: #910618
+  * Fix typo in --enable-miniupnpc option.
+
+ -- Shengjing Zhu <zhsj@debian.org>  Wed, 10 Oct 2018 10:58:42 +0800
+
+tinc (1.1~pre17-1) experimental; urgency=medium
+
+  * New upstream release.
+    - Includes fixes for CVE-2018-16737, CVE-2018-16738.
+    - The GUI is no longer part of upstream, so has been removed.
+  * Link with the miniupnpc library.
+  * Bump Standards-Version.
+  * Bump debian/compat.
+
+ -- Guus Sliepen <guus@debian.org>  Mon, 08 Oct 2018 16:32:57 +0200
+
+tinc (1.1~pre15-1) experimental; urgency=medium
+
+  * New upstream release.
+  * Bump Standards-Version.
+  * Bump debian/compat.
+  * Don't use while loops checking PID files anymore, the tinc CLI will
+    wait properly for the daemon to start or stop. Closes: #772379, #832784
+  * Clean up scripts as suggested by Dominik George. Closes: #832781
+  * Test for /etc/default/tinc before trying to source it. Closes: #777262
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 05 Sep 2017 21:03:51 +0200
+
+tinc (1.1~pre12-1) experimental; urgency=medium
+
+  * New upstream release.
+  * Bump Standards-Version.
+  * Depend on python-wxgtk3.0 for the GUI.
+  * Use dh --with python2.
+  * Add Build-Depends for dh-python.
+  * Update links in debian/control and debian/copyright.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 24 Apr 2016 14:51:14 +0200
+
+tinc (1.1~pre11-1) experimental; urgency=medium
+
+  * New upstream release.
+  * Update NEWS.Debian to reflect that tincctl has been renamed to tinc.
+    Closes: #729889
+  * Warn about incompatibility with previous 1.1preX releases, and that new
+    Ed25519 keys should be generated.
+  * Add native systemd service files.
+  * Automatically convert networks listed in nets.boot to systemd service
+    instances on upgrade.
+  * Don't restart tinc on upgrade for now.
+
+ -- Guus Sliepen <guus@debian.org>  Thu, 08 Jan 2015 14:51:34 +0100
+
+tinc (1.1~pre9-1) experimental; urgency=low
+
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 08 Sep 2013 18:00:28 +0200
+
+tinc (1.1~pre8-2) experimental; urgency=low
+
+  * Run make clean after the configure step to get rid of .o files that were
+    accidentily left in the orig.tar.gz.
+
+ -- Guus Sliepen <guus@debian.org>  Wed, 14 Aug 2013 16:13:43 +0200
+
+tinc (1.1~pre8-1) experimental; urgency=low
+
+  * New upstream release.
+    - Handles whitespace between command line flags and optional arguments.
+      Closes: #710267
+  * Bump Standards-Version.
+  * Source /lib/lsb/init-functions in the init.d script.
+  * Don't use texi2html anymore, use automake's install-html target which uses
+    makeinfo.
+
+ -- Guus Sliepen <guus@debian.org>  Wed, 14 Aug 2013 15:34:41 +0200
+
+tinc (1.1~pre7-2) experimental; urgency=low
+
+  [ Gian Piero Carrubba ]
+  * Init script fails to pass extra arguments to tincd. Closes: #704701
+    + Remove the '--' as it is passed unaltered to tincd, preventing it to read
+      trailing parameters.
+    + Pass extra arguments also when restarting the daemon.
+  * Set process limits when started by ifupdown. Closes: #704702
+
+  [ Guus Sliepen ]
+  * Check whether the tincd process is still running in the if-post-down script.
+    Closes: #704708
+
+ -- Guus Sliepen <guus@debian.org>  Wed, 01 May 2013 10:41:31 +0200
+
+tinc (1.1~pre7-1) experimental; urgency=high
+
+  * New upstream release.
+    - Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 23 Apr 2013 11:37:38 +0200
+
+tinc (1.1~pre6-1) experimental; urgency=low
+
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Wed, 20 Feb 2013 16:53:33 +0100
+
+tinc (1.1~pre4-1) experimental; urgency=low
+
+  [ Gian Piero Carrubba ]
+  * Allow resource limits to be set in /etc/default/tinc. Closes: #690685
+
+  [ Guus Sliepen ]
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Wed, 05 Dec 2012 23:05:01 +0100
+
+tinc (1.1~pre3-1) experimental; urgency=low
+
+  * New upstream release.
+  * Bump Standards-Version.
+  * Enable parallel builds.
+  * Bump debian/compat to 9, so tinc gets build with hardening flags.
+  * Move tinc-gui to its own package.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 14 Oct 2012 23:51:21 +0200
+
+tinc (1.1~pre2-2) experimental; urgency=low
+
+  * add forgotten build-depend on libncurses5-dev for new `tincctl top'
+  * add libevent-dev build dependency
+  * remove build dependency on gettext
+
+ -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 07 Aug 2011 17:32:39 +0400
+
+tinc (1.1~pre2-1) experimental; urgency=low
+
+  * first cut of 1.1-tobe.
+    Rewrote control scripts et al to use tincctl.
+  * build-depend on libssl >>1.0.0 to get proper EC support
+  * remove crypto-related symlinks from src/ in clean --
+    probably should go into upstream makefile instead
+
+ -- Michael Tokarev <mjt@tls.msk.ru>  Sun, 07 Aug 2011 12:57:15 +0400
+
+tinc (1.0.19-2) unstable; urgency=low
+
+  * Fix behaviour of tinc-pidfile. Closes: #679130
+  * Enable parallel building in debian/rules.
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 26 Jun 2012 18:28:34 +0200
+
+tinc (1.0.19-1) unstable; urgency=low
+
+  * New upstream release.
+  * Bump debian/compat so tinc gets built with hardening flags.
+  * Allow tinc-pidfile in /etc/network/interfaces.
+
+ -- Guus Sliepen <guus@debian.org>  Mon, 25 Jun 2012 20:29:22 +0200
+
+tinc (1.0.18-1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 25 Mar 2012 18:52:15 +0200
+
+tinc (1.0.17-1) unstable; urgency=low
+
+  * New upstream release.
+  * Enable support for UML and VDE.
+
+ -- Guus Sliepen <guus@debian.org>  Sat, 10 Mar 2012 14:50:00 +0100
+
+tinc (1.0.16-1) unstable; urgency=low
+
+  * New upstream release.
+  * Mention alarm option in /etc/init.d/tinc's usage information.
+    Closes: #631761
+
+ -- Guus Sliepen <guus@debian.org>  Sat, 23 Jul 2011 14:37:56 +0200
+
+tinc (1.0.15-1) unstable; urgency=low
+
+  * New upstream release.
+  * Send SIGALRM to running tinc daemons whenever an interface is brought up
+    with the ifupdown framework. Based on a patch from Joachim Breitner.
+    Closes: #629880
+  * Allow tinc daemons to be started using ifupdown.
+
+ -- Guus Sliepen <guus@debian.org>  Fri, 24 Jun 2011 18:21:51 +0200
+
+tinc (1.0.14-1) unstable; urgency=low
+
+  * New upstream release.
+  * Bump Standards-Version.
+
+ -- Guus Sliepen <guus@debian.org>  Mon, 09 May 2011 00:25:37 +0200
+
+tinc (1.0.13-1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 13 Apr 2010 12:06:36 +0200
+
+tinc (1.0.12-2) unstable; urgency=low
+
+  * Remove debconf questions. Closes: #572116
+    Apparently debconf may not be used to ask a question at install time and
+    use the answer at upgrade time. Instead of kludging around this
+    restriction, no questions are asked anymore, and tinc will now always be
+    restarted when upgrading.
+  * Wait up to 5 seconds for tinc daemon to stop before restarting it.
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 02 Mar 2010 14:01:36 +0100
+
+tinc (1.0.12-1) unstable; urgency=low
+
+  * New upstream release.
+  * Bump Standards-Version.
+  * Migrate from CDBS to debhelper.
+  * Convert source package to 3.0 (quilt) format.
+  * Remove useless tinc.modules.
+  * Use init.d script from Michael Tokarev, allowing per-network arguments to
+    tincd.
+  * Remove update-rc.d calls from postinst and postrm.
+  * Let the init.d script depend on $remote_fs.
+
+ -- Guus Sliepen <guus@debian.org>  Thu, 04 Feb 2010 00:56:45 +0100
+
+tinc (1.0.11-1) unstable; urgency=low
+
+  * New upstream release.
+  * Cope with texi2html arbitrarily changing its output directory.
+    Closes: #552927
+  * Do not stop tinc when configuring a new version, just restart after
+    the upgrade.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 01 Nov 2009 20:37:16 +0100
+
+tinc (1.0.10-1) unstable; urgency=low
+
+  * New upstream release.
+  * Include Russian debconf translation. Closes: #548759
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 18 Oct 2009 16:31:49 +0200
+
+tinc (1.0.9-1) unstable; urgency=low
+
+  * New upstream release.
+    - Binds IPv6 sockets only to IPv6. Closes: #440150
+  * Update copyright file. Closes: #482566
+
+ -- Guus Sliepen <guus@debian.org>  Fri, 26 Dec 2008 13:25:05 +0100
+
+tinc (1.0.8-2) unstable; urgency=low
+
+  * Include Portugese debconf translation. Closes: #434191
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 14 Aug 2007 13:50:27 +0200
+
+tinc (1.0.8-1) unstable; urgency=low
+
+  * New upstream release. Closes: #173987
+  * Include german debconf translation. Closes: #412351
+  * Build-Depend on texinfo. Closes: #424209
+
+ -- Guus Sliepen <guus@debian.org>  Wed, 16 May 2007 17:59:16 +0200
+
+tinc (1.0.7-1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Fri,  5 Jan 2007 15:55:42 +0100
+
+tinc (1.0.6-1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Guus Sliepen <guus@debian.org>  Mon, 18 Dec 2006 15:41:03 +0100
+
+tinc (1.0.5-1) unstable; urgency=low
+
+  * New upstream release. Closes: #391610
+  * Add an LSB section to the init script.
+
+ -- Guus Sliepen <guus@debian.org>  Tue, 14 Nov 2006 16:32:20 +0100
+
+tinc (1.0.4-4) unstable; urgency=low
+
+  * Include swedish debconf translation. Closes: #332963
+  * Remove nets.boot on purge. Closes: #333303
+
+ -- Guus Sliepen <guus@debian.org>  Mon, 17 Oct 2005 12:34:32 +0200
+
+tinc (1.0.4-3) unstable; urgency=low
+
+  * Depend on debconf | debconf-2.0.
+  * Include vietnamese debconf translation. Closes: #322305
+  * Include japanese debconf translation. Closes: #319591
+
+ -- Guus Sliepen <guus@debian.org>  Thu, 29 Sep 2005 11:15:34 +0200
+
+tinc (1.0.4-2) unstable; urgency=low
+
+  * Compensate for change in texinfo's output directory. Closes: #318562
+  * Include Czech translation of the debconf questions. Closes: #312982
+
+ -- Guus Sliepen <guus@debian.org>  Sat, 16 Jul 2005 11:42:04 +0200
+
+tinc (1.0.4-1) unstable; urgency=low
+
+  * New upstream release. Closes: #294819
+  * Update french translation of debconf template. Closes: #293371, #296148
+  * Allow dashes in nets.boot. Closes: #296281
+
+ -- Guus Sliepen <guus@debian.org>  Wed,  4 May 2005 21:56:22 +0200
+
+tinc (1.0.3-4) unstable; urgency=low
+
+  * Call debconf early in postinst so it won't get confused by output
+    from other commands in the postinst script. Closes: #292920
+  * If MAKEDEV doesn't know about net/tun, fall back to tun.
+
+ -- Guus Sliepen <guus@debian.org>  Mon, 31 Jan 2005 13:27:16 +0100
+
+tinc (1.0.3-3) unstable; urgency=low
+
+  * Fix clean rule in debian/rules.
+
+ -- Guus Sliepen <guus@debian.org>  Thu, 27 Jan 2005 23:16:59 +0000
+
+tinc (1.0.3-2) unstable; urgency=low
+
+  * Don't check for /dev/tap* in postinst if we don't create them anyway.
+  * MAKEDEV expects net/tun instead of tun.
+  * Don't ask if /dev/net/tun should be created, just do it.
+    Closes: #259489, #292450
+  * Move $EXTRA from init.d/tinc to /etc/default/tinc. Closes: #281366
+
+ -- Guus Sliepen <guus@debian.org>  Thu, 27 Jan 2005 14:10:02 +0100
+
+tinc (1.0.3-1) unstable; urgency=low
+
+  * New upstream release.
+  * Adopting the package from Ivo.
+  * Use invoke-rc.d, and tell user to do so as well. Closes: #223276
+  * Let force-reload do the same thing as reload. Closes: #230180
+
+ -- Guus Sliepen <guus@debian.org>  Fri,  1 Oct 2004 21:04:14 +0200
+
+tinc (1.0.2-2) unstable; urgency=low
+
+  * debian/control: Oops, really make that automake1.7.
+
+ -- Ivo Timmermans <ivo@debian.org>  Sat,  8 Nov 2003 21:53:04 +0100
+
+tinc (1.0.2-1) unstable; urgency=low
+
+  * New upstream release:
+      * Fix broken replies to CHAL_RESP.  (Closes: #217646)
+  * debian/control: Updated automake build dependency to automake1.7.
+    (Closes: #219360)
+
+ -- Ivo Timmermans <ivo@debian.org>  Sat,  8 Nov 2003 19:56:04 +0100
+
+tinc (1.0.1-2) unstable; urgency=low
+
+  * debian/dirs: Removed, moved contents to tinc.dirs.
+    (Closes: #208591)
+  * debian/docs: Renamed to tinc.docs.
+  * debian/rules: Install the contents of doc/sample-config.tar.gz in
+    /usr/share/doc/tinc/examples instead of /etc/tinc.
+  * debian/Makefile*: Removed.
+
+ -- Ivo Timmermans <ivo@debian.org>  Wed, 10 Sep 2003 12:19:32 +0200
+
+tinc (1.0.1-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/patches/001_openbsd_device.c.patch: Removed.
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 14 Aug 2003 17:03:28 +0200
+
+tinc (1.0release-1) unstable; urgency=low
+
+  * New upstream version.  (Closes: #204639)
+      * Fixes switching back to normal logging mode when killing with
+        SIGINT twice.  (Closes: #175633)
+      * Uses one SSL context struct for each connection, speeding up
+        encrypting/decrypting data; don't throw away out of sequence
+        packets.  (Closes: #188874)
+      * Fixes handling of broadcast messages.  (Closes: #175632)
+  * debian/rules: Use cdbs.
+  * debian/control: Build-Depend on cdbs, liblzo-dev.
+  * debian/patches/001_openbsd_device.c.patch: Sync openbsd/device.c to
+    latest CVS version.
+
+ -- Ivo Timmermans <ivo@debian.org>  Sun, 10 Aug 2003 16:13:29 +0200
+
+tinc (1.0pre8-6) unstable; urgency=low
+
+  * debian/po/fr.po: Added French debconf translation.  (Closes: #201803)
+
+ -- Ivo Timmermans <ivo@debian.org>  Fri, 18 Jul 2003 10:03:20 +0200
+
+tinc (1.0pre8-5) unstable; urgency=low
+
+  * debian/*: Change to po-debconf, thanks to From: Michel Grentzinger
+    <mic.grentz@online.fr> for the patch:
+      - change debhelper dependency to 4.1.16 (according to man
+        po-debconf),
+      - manually add nl translation in old tinc.templates (master),
+      - run debconf-gettextize debian/tinc.templates,
+      - move old templates files (debian/tinc.templates.*),
+      - change construction "If you say no" to "If you refuse",
+  * debian/rules: Call po2debconf.
+  * debian/rules: Don't copy COPYING.README to the package.
+  * debian/control: Update Standards-Version.
+  * debian/conffiles: Removed.
+  * debian/postinst: No longer use mknod directly, use MAKEDEV.
+
+ -- Ivo Timmermans <ivo@debian.org>  Tue, 15 Jul 2003 20:13:47 +0200
+
+tinc (1.0pre8-4) unstable; urgency=low
+
+  * src/net.h, src/net_packet.c, src/net_setup.c: Apply fix from CVS
+    for OpenSSL-related memory leaks.  (Closes: #189432)
+
+ -- Ivo Timmermans <ivo@debian.org>  Mon,  5 May 2003 15:00:29 +0200
+
+tinc (1.0pre8-3) unstable; urgency=low
+
+  * m4/openssl.m4: Updated to CVS version.  (Closes: #184400)
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 13 Mar 2003 17:24:42 +0100
+
+tinc (1.0pre8-2) unstable; urgency=low
+
+  * debian/postinst: Create /dev/net/tun if it doesn't exist.
+  * debian/tinc.modules: Add alias for /dev/net/tun.
+  * debian/rules: Install tinc.modules.
+  * These things together: (Closes: #151967, #153156)
+
+ -- Ivo Timmermans <ivo@debian.org>  Wed, 13 Nov 2002 22:45:38 +0100
+
+tinc (1.0pre8-1) unstable; urgency=low
+
+  * New upstream version.
+  * debian/rules:
+      - DEB_BUILD_OPTIONS support.
+      - Enable --enable-tracing by default.
+
+ -- Ivo Timmermans <ivo@debian.org>  Tue, 17 Sep 2002 13:50:44 +0200
+
+tinc (1.0pre7-3) unstable; urgency=low
+
+  * Properly install _all_ info pages. (Closes: #144718)
+
+ -- Ivo Timmermans <ivo@debian.org>  Wed, 29 May 2002 14:01:21 +0200
+
+tinc (1.0pre7-2) unstable; urgency=low
+
+  * Dutch translation wasn't being installed.
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 11 Apr 2002 09:26:14 +0200
+
+tinc (1.0pre7-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Ivo Timmermans <ivo@debian.org>  Tue,  9 Apr 2002 16:04:46 +0200
+
+tinc (1.0pre6-3) unstable; urgency=medium
+
+  * Synched with upstream CVS.
+  * Added build dependency on zlib1g-dev. (Closes: #141705)
+
+ -- Ivo Timmermans <ivo@debian.org>  Mon,  8 Apr 2002 21:19:31 +0200
+
+tinc (1.0pre6-2) unstable; urgency=low
+
+  * The Section was non-US again, so changed it back to main/net.
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 28 Mar 2002 07:26:10 +0100
+
+tinc (1.0pre6-1) unstable; urgency=low
+
+  * New upstream release.
+  * Fixed text in debian/copyright
+
+ -- Ivo Timmermans <ivo@debian.org>  Wed, 27 Mar 2002 23:10:07 +0100
+
+tinc (1.0pre5-4) unstable; urgency=low
+
+  * Added a debconf question for restarting on upgrade.
+  * Added reload option to init.d, start with EXTRA='-d' default.
+  * Moved from non-US to main.
+  * Install example configuration files.
+  * The HTML documentation wasn't installed; fixed.
+
+ -- Ivo Timmermans <ivo@debian.org>  Tue, 26 Mar 2002 20:14:19 +0100
+
+tinc (1.0pre5-3) unstable; urgency=low
+
+  * Config variables are now treated case sentitivly again.
+  * Added a forgotten xstrdup.
+
+ -- Ivo Timmermans <ivo@debian.org>  Fri, 15 Feb 2002 12:35:17 +0100
+
+tinc (1.0pre5-2) unstable; urgency=low
+
+  * MaxTimeout accidentally wasn't configurable. (Closes: #119653)
+
+ -- Ivo Timmermans <ivo@debian.org>  Wed, 13 Feb 2002 13:36:54 +0100
+
+tinc (1.0pre5-1) unstable; urgency=low
+
+  * New upstream version. (Closes: #119653)
+  * Init script redone in sh.
+
+ -- Ivo Timmermans <ivo@debian.org>  Sun, 10 Feb 2002 16:39:53 +0100
+
+tinc (1.0pre4-1.cvs010621.6) unstable; urgency=low
+
+  * Somehow po-Makefile.in.in.diff got lost, readded. (Closes: #119157)
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 15 Nov 2001 17:00:03 +0100
+
+tinc (1.0pre4-1.cvs010621.5) unstable; urgency=low
+
+  * Fix a typo in postinst that let it MAKEDEV even on devfs.
+    (Closes: #116034)
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 18 Oct 2001 09:35:16 +0200
+
+tinc (1.0pre4-1.cvs010621.4) unstable; urgency=low
+
+  * Ask before creating the device files. (Closes: #111099)
+  * Add a section to the info file.
+
+ -- Ivo Timmermans <ivo@debian.org>  Fri, 12 Oct 2001 20:47:09 +0200
+
+tinc (1.0pre4-1.cvs010621.3) unstable; urgency=low
+
+  * Build and install html documentation. (Closes: #106843)
+  * Remove build-time dependency on libc6-dev.
+
+ -- Ivo Timmermans <ivo@debian.org>  Mon, 30 Jul 2001 22:03:52 +0200
+
+tinc (1.0pre4-1.cvs010621.2) unstable; urgency=low
+
+  * Changed location of the pidfile. (Closes: #102798)
+
+ -- Ivo Timmermans <ivo@debian.org>  Sun,  1 Jul 2001 01:57:43 +0200
+
+tinc (1.0pre4-1.cvs010621.1) unstable; urgency=low
+
+  * New upstream version. (Closes: #98730)
+  * Rebuilding automatically inserted new config.{sub|guess}.
+    (Closes: #98165)
+  * Updated Standards-Version.
+  * Don't include a sample configuration file.
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu, 21 Jun 2001 14:08:49 +0200
+
+tinc (1.0pre3-5) unstable; urgency=low
+
+  * Fixed an error in the init script that prevented tinc from
+    starting correctly.
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu,  8 Feb 2001 02:45:09 +0100
+
+tinc (1.0pre3-4) unstable; urgency=low
+
+  * Change build-depends for OpenSSL to libssl096-dev
+    (Closes: #84197, #84873).
+
+ -- Ivo Timmermans <ivo@debian.org>  Sun,  4 Feb 2001 22:43:22 +0100
+
+tinc (1.0pre3-3) unstable; urgency=low
+
+  * Set architecture to any (really this time!) (Closes: #80451).
+  * Section set to non-US
+
+ -- Ivo Timmermans <ivo@debian.org>  Tue, 23 Jan 2001 22:52:53 +0100
+
+tinc (1.0pre3-2) unstable; urgency=low
+
+  * Set architecture to any (Closes: #80451).
+  * Added tinc.modules with some useful module aliases.
+
+ -- Ivo Timmermans <ivo@debian.org>  Sat, 13 Jan 2001 16:10:57 +0100
+
+tinc (1.0pre3-1) unstable; urgency=low
+
+  * New upstream version (1.0pre3) (Closes: #71274).
+  * Better Depends and Build-Depends lines.
+  * Dropped dependencies on libgmp, added libssl.
+  * doc-base.tinc: New file.
+  * Deleted the file shlibs, as there on longer is a libblowfish.
+  * Patch po/Makefile.in.in from po-Makefile.in.in.diff if necessary.
+  * Use dh_perl to get accurate perl dependencies.
+
+ -- Ivo Timmermans <ivo@debian.org>  Thu,  9 Nov 2000 21:58:40 +0100
+
+tinc (1.0pre2-1.1) unstable; urgency=low
+
+  * NMU at Ivo's request as his application is being processed, and his
+    sponsor is based in the US.
+
+ -- J.H.M. Dassen (Ray) <jdassen@debian.org>  Wed, 28 Jun 2000 21:52:30 +0200
+
+tinc (1.0pre2-1) unstable; urgency=low
+
+  * postinst creates a file /etc/tinc/nets.boot, containing all networks
+    to be started upon system startup;
+  * init.d script starts all networks from that list.
+  * postinst script creates tap devices.
+
+ -- Ivo Timmermans <itimmermans@bigfoot.com>  Tue, 16 May 2000 00:06:25 +0200
+
+tinc (1.0pre1-0.4) unstable; urgency=low
+
+  * postinst script.
+
+ -- Ivo Timmermans <itimmermans@bigfoot.com>  Mon, 15 May 2000 19:22:05 +0200
+
+tinc (1.0pre1-0.3) unstable; urgency=low
+
+  * system startup script.
+
+ -- Ivo Timmermans <itimmermans@bigfoot.com>  Sun, 14 May 2000 22:58:02 +0200
+  
+tinc (1.0pre1-0.2) unstable; urgency=low
+
+  * Included the blowfish license.
+
+ -- Ivo Timmermans <itimmermans@bigfoot.com>  Fri, 21 Apr 2000 17:07:50 +0200
+
+tinc (1.0pre1-0.1) unstable; urgency=low
+
+  * Initial Release.
+
+ -- Ivo Timmermans <itimmermans@bigfoot.com>  Fri, 21 Apr 2000 17:07:50 +0200
+
+

debian/compat

@@ -0,0 +1 @@
+11

debian/control

@@ -0,0 +1,16 @@
+Source: tinc
+Section: net
+Priority: optional
+Maintainer: Guus Sliepen <guus@debian.org>
+Standards-Version: 4.2.1
+Build-Depends: libssl-dev (>>1.0.0), debhelper (>= 11), texinfo, zlib1g-dev, liblzo2-dev, libncurses5-dev, libreadline-dev, libminiupnpc-dev
+Homepage: https://www.tinc-vpn.org/
+
+Package: tinc
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Virtual Private Network daemon
+ tinc is a daemon with which you can create a virtual private network
+ (VPN). One daemon can handle multiple connections, so you can
+ create an entire (moderately sized) VPN with only one daemon per
+ participating computer.

debian/copyright

@@ -0,0 +1,34 @@
+This package was debianized by Ivo Timmermans <ivo@debian.org> on
+Fri, 21 Apr 2000 17:07:50 +0200.
+
+It was downloaded from https://www.tinc-vpn.org/
+
+Upstream Authors:
+ Guus Sliepen <guus@tinc-vpn.org>
+ Ivo Timmermans
+
+Copyright (C) 1998-2005 Ivo Timmermans
+              1998-2016 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+On Debian GNU/Linux systems, the complete text of the GNU General Public
+License version 2 can be found in /usr/share/common-licenses/GPL-2.
+
+The following applies to tinc:
+
+This program is released under the GPL with the additional exemption
+that compiling, linking, and/or using OpenSSL is allowed.  You may
+provide binary packages linked to the OpenSSL libraries, provided that
+all other requirements of the GPL are met.
+
+The following applies to the LZO library:
+
+Hereby I grant a special exception to the tinc VPN project
+(https://wwww.tinc-vpn.org/) to link the LZO library with the OpenSSL library
+(https://openssl.org).
+
+Markus F.X.J. Oberhumer

debian/doc-base.tinc

@@ -0,0 +1,10 @@
+Document: tinc
+Title: tinc Manual
+Author: Ivo Timmermans, Guus Sliepen
+Abstract: This manual describes how to set up a Virtual Private
+ Network with tinc.
+Section: System/Security
+
+Format: HTML
+Files: /usr/share/doc/tinc/tinc.html/*
+Index: /usr/share/doc/tinc/tinc.html/index.html

debian/info

@@ -0,0 +1 @@
+doc/tinc.info

debian/patches/fix-version-number

@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -3,7 +3,7 @@
+ origcflags="$CFLAGS"
+ 
+ AC_PREREQ(2.69)
+-AC_INIT([tinc], m4_esyscmd_s((git describe || echo UNKNOWN) | sed 's/release-//'))
++AC_INIT([tinc], [1.1~pre18])
+ AC_CONFIG_SRCDIR([src/tincd.c])
+ AM_INIT_AUTOMAKE([std-options subdir-objects nostdinc silent-rules -Wall])
+ AC_CONFIG_HEADERS([config.h])

debian/patches/series

@@ -0,0 +1 @@
+fix-version-number

debian/postinst

@@ -0,0 +1,23 @@
+#! /bin/sh
+
+NETSFILE="/etc/tinc/nets.boot"
+
+set -e
+
+case "$1" in
+    configure)
+	if [ ! -e $NETSFILE ] ; then
+	    echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE
+	fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 0
+    ;;
+esac
+
+#DEBHELPER#

debian/postrm

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = purge ]; then
+    rm -f /etc/tinc/nets.boot
+fi
+
+#DEBHELPER#

debian/preinst

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+NETSFILE="/etc/tinc/nets.boot"
+SYSTEM="/lib/systemd/system"
+WANTS="/etc/systemd/system/multi-user.target.wants"
+
+set -e
+
+case "$1" in
+	upgrade)
+		if dpkg --compare-versions "$2" '<<' "1.1~pre11-1"; then
+			if [ -f "$NETSFILE" ]; then
+				echo -n "Creating systemd service instances from nets.boot:"
+				mkdir -p "$WANTS"
+				egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
+					echo -n " $net"
+					ln -s "$SYSTEM/tinc@.service" "$WANTS/tinc@$net.service" 2>/dev/null || true
+				done
+				echo "."
+			fi
+		fi
+	;;
+
+	*)
+	;;
+esac
+
+#DEBHELPER#

debian/rules

@@ -0,0 +1,21 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_auto_configure:
+	dh_auto_configure -- --enable-uml \
+		--with-systemd=/lib/systemd/system/
+	$(MAKE) clean
+
+override_dh_auto_install:
+	dh_auto_install -- install-html
+	# Remove info dir file
+	rm -f debian/tinc/usr/share/info/dir
+
+override_dh_auto_test:
+	# Don't run the tests, it involves starting tinc daemons and making network connections.
+	# I don't think the autobuilders will like this.
+
+override_dh_installinit:
+	dh_installinit -r

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/tinc.default

@@ -0,0 +1,7 @@
+# Extra options to be passed to tincd.
+# EXTRA="-d"
+
+# Limits to be configured for the tincd process. Please read your shell
+# (pointed by /bin/sh) documentation for ulimit. You probably want to raise the
+# max locked memory value if using both --mlock and --user flags.
+# LIMITS="-l 128"

debian/tinc.docs

@@ -0,0 +1,3 @@
+NEWS
+README
+AUTHORS

debian/tinc.if-post-down

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+test "$METHOD" != loopback -a -n "$IF_TINC_NET" || exit 0
+
+if test -z "$IF_TINC_PIDFILE"; then
+	/usr/sbin/tinc -n "$IF_TINC_NET" stop $EXTRA
+else
+	/usr/sbin/tinc -n "$IF_TINC_NET" --pidfile="$IF_TINC_PIDFILE" stop
+fi
+
+exit 0

debian/tinc.if-pre-up

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+test -n "$IF_TINC_NET" || exit 0
+
+# Read options from /etc/default
+
+if test -e /etc/default/tinc; then
+	. /etc/default/tinc
+fi
+
+# Set process limits
+
+setlimits() {
+  while [ $# -gt 0 ]; do
+    parm=$1 ; shift
+    if [ -n "$1" -a "${1#-}" = "$1" ]; then
+      value=$1 ; shift
+      ulimit $parm $value
+    else
+      ulimit $parm
+    fi
+  done
+}
+test -n "$LIMITS" && setlimits $LIMITS
+
+# Read options from /etc/network/interfaces
+
+test -z "$IF_TINC_CONFIG"  || EXTRA="$EXTRA -c $IF_TINC_CONFIG"
+test -z "$IF_TINC_DEBUG"   || EXTRA="$EXTRA -d$IF_TINC_DEBUG"
+test -z "$IF_TINC_MLOCK"   || EXTRA="$EXTRA --mlock"
+test -z "$IF_TINC_LOGFILE" || EXTRA="$EXTRA --logfile=$IF_TINC_LOGFILE"
+test -z "$IF_TINC_PIDFILE" || EXTRA="$EXTRA --pidfile=$IF_TINC_PIDFILE" || IF_TINC_PIDFILE=/var/run/tinc.$IF_TINC_NET.pid
+test -z "$IF_TINC_CHROOT"  || EXTRA="$EXTRA --chroot"
+test -z "$IF_TINC_USER"    || EXTRA="$EXTRA --user=$IF_TINC_USER"
+
+# Start tinc daemon
+
+if test -z "$IF_TINC_PIDFILE"; then
+	/usr/sbin/tinc -n "$IF_TINC_NET" start -o "Interface=$IFACE" $EXTRA
+else
+	/usr/sbin/tinc -n "$IF_TINC_NET" --pidfile="$IF_TINC_PIDFILE" start -o "Interface=$IFACE" $EXTRA
+fi
+
+exit 0

debian/tinc.if-up

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+test "$METHOD" != loopback -a -n "$IF_TINC_NET" || exit 0
+
+if test -z "$IF_TINC_PIDFILE"; then
+	/usr/sbin/tinc -n "$IF_TINC_NET" retry
+else
+	/usr/sbin/tinc -n "$IF_TINC_NET" --pidfile="$IF_TINC_PIDFILE" retry
+fi

debian/tinc.noinit

@@ -0,0 +1,103 @@
+#! /bin/sh
+#
+### BEGIN INIT INFO
+# Provides:          tinc
+# Required-Start:    $remote_fs $network
+# Required-Stop:     $remote_fs $network
+# Should-Start:      $syslog $named
+# Should-Stop:       $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start tinc daemons
+# Description:       Create a file $NETSFILE (/etc/tinc/nets.boot),
+#                    and put all the names of the networks in there.
+#                    These names must be valid directory names under
+#                    $TCONF (/etc/tinc). Lines starting with a # will be
+#                    ignored in this file.
+### END INIT INFO
+#
+# Based on Lubomir Bulej's Redhat init script.
+
+. /lib/lsb/init-functions
+
+DAEMON="/usr/sbin/tincd"
+CONTROL="/usr/sbin/tinc"
+NAME="tinc"
+DESC="tinc daemons"
+TCONF="/etc/tinc"
+NETSFILE="$TCONF/nets.boot"
+NETS=""
+
+test -f $DAEMON || exit 0
+
+[ -r /etc/default/tinc ] && . /etc/default/tinc
+
+# foreach_net "what-to-say" action [arguments...]
+foreach_net() {
+  if [ ! -f $NETSFILE ] ; then
+    echo "Please create $NETSFILE."
+    exit 0
+  fi
+  echo -n "$1"
+  shift
+  egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do
+    echo -n " $net"
+    case "$1" in
+      start|restart) $CONTROL -n $net $1 $EXTRA $args ;;
+      *) $CONTROL -n $net $1 ;;
+    esac
+  done
+  echo "."
+}
+
+signal_running() {
+  for i in /var/run/tinc.*pid; do
+    if [ -f "$i" ]; then
+      head -1 $i | while read pid junk; do
+        kill -$1 $pid
+      done
+    fi
+  done
+}
+
+setlimits() {
+  while [ $# -gt 0 ]; do
+    parm=$1 ; shift
+    if [ -n "$1" -a "${1#-}" = "$1" ]; then
+      value=$1 ; shift
+      ulimit $parm $value
+    else
+      ulimit $parm
+    fi
+  done
+}
+
+test -n "$LIMITS" && setlimits $LIMITS
+
+case "$1" in
+  start)
+    foreach_net "Starting $DESC:" start
+  ;;
+  stop)
+    foreach_net "Stopping $DESC:" stop
+  ;;
+  reload|force-reload)
+    foreach_net "Reloading $DESC configuration:" reload
+  ;;
+  restart)
+    foreach_net "Restarting $DESC:" restart
+  ;;
+  force-restart)
+    $0 stop
+    $0 start
+  ;;
+  retry)
+    signal_running ALRM
+  ;;
+  *)
+    echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|retry}"
+    exit 1
+  ;;
+esac
+
+exit 0

depcomp

@@ -3,7 +3,7 @@
 
 scriptversion=2018-03-07.03; # UTC
 
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

doc/Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

doc/tinc.8.in

@@ -75,7 +75,7 @@ option, the value of this environment variable is used.
 .Sh COMMANDS
 .Bl -tag -width indent
 .It init Op Ar name
-Create initial configuration files and RSA and Ed25519 keypairs with default length.
+Create initial configuration files and RSA and Ed25519 key pairs with default length.
 If no
 .Ar name
 for this node is given, it will be asked for.
@@ -149,11 +149,11 @@ will be made.
 Shows the PID of the currently running
 .Xr tincd 8 .
 .It generate-keys Op bits
-Generate both RSA and Ed25519 keypairs (see below) and exit.
+Generate both RSA and Ed25519 key pairs (see below) and exit.
 .It generate-ed25519-keys
-Generate public/private Ed25519 keypair and exit.
+Generate public/private Ed25519 key pair and exit.
 .It generate-rsa-keys Op bits
-Generate public/private RSA keypair and exit.
+Generate public/private RSA key pair and exit.
 If
 .Ar bits
 is omitted, the default length will be 2048 bits.

doc/tinc.conf.5.in

@@ -64,7 +64,7 @@ or by using
 .Sh PUBLIC/PRIVATE KEYS
 The
 .Nm tinc Li init
-command will have generated both RSA and Ed25519 public/private keypairs.
+command will have generated both RSA and Ed25519 public/private key pairs.
 The private keys should be stored in files named
 .Pa rsa_key.priv
 and
@@ -114,7 +114,7 @@ If
 .Qq any
 is selected, then depending on the operating system both IPv4 and IPv6 or just
 IPv6 listening sockets will be created.
-.It Va AutoConnect Li = yes | no Po yes
+.It Va AutoConnect Li = yes | no Pq yes
 If set to yes,
 .Nm tinc
 will automatically set up meta connections to other nodes,
@@ -235,7 +235,8 @@ Do NOT connect multiple
 daemons to the same multicast address, this will very likely cause routing loops.
 Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured.
 .It fd
-Use a file descriptor.
+Use a file descriptor, given directly as an integer or passed through a unix domain socket.
+On Linux, an abstract socket address can be specified by using "@" as a prefix.
 All packets are read from this interface.
 Packets received for the local node are written to it.
 .It uml Pq not compiled in by default
@@ -683,7 +684,7 @@ this means that tinc will temporarily stop processing packets until the called s
 This guarantees that scripts will execute in the exact same order as the events that trigger them.
 If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
 .Pp
-Under Windows (not Cygwin), the scripts must have the extension
+Under Windows, the scripts must have the extension
 .Pa .bat
 or
 .Pa .cmd .

doc/tinc.texi

@@ -15,7 +15,7 @@
 
 This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
 
-Copyright @copyright{} 1998-2018 Ivo Timmermans,
+Copyright @copyright{} 1998-2021 Ivo Timmermans,
 Guus Sliepen <guus@@tinc-vpn.org> and
 Wessel Dankers <wsl@@tinc-vpn.org>.
 
@@ -43,7 +43,7 @@ permission notice identical to this one.
 @vskip 0pt plus 1filll
 This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
 
-Copyright @copyright{} 1998-2018 Ivo Timmermans,
+Copyright @copyright{} 1998-2021 Ivo Timmermans,
 Guus Sliepen <guus@@tinc-vpn.org> and
 Wessel Dankers <wsl@@tinc-vpn.org>.
 
@@ -182,7 +182,7 @@ available too.
 @section Supported platforms
 
 @cindex platforms
-Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment),
+Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows,
 with various hardware architectures.  These are some of the platforms
 that are supported by the universal tun/tap device driver or other virtual network device drivers.
 Without such a driver, tinc will most
@@ -267,7 +267,7 @@ alias char-major-10-200 tun
 @subsection Configuration of FreeBSD kernels
 
 For FreeBSD version 4.1 and higher, tun and tap drivers are included in the default kernel configuration.
-The tap driver can be loaded with @code{kldload if_tap}, or by adding @code{if_tap_load="YES"} to @file{/boot/loader.conf}.
+The tap driver can be loaded with @command{kldload if_tap}, or by adding @samp{if_tap_load="YES"} to @file{/boot/loader.conf}.
 
 
 @c ==================================================================
@@ -308,7 +308,7 @@ Tinc also supports the driver from @uref{http://tuntaposx.sourceforge.net/},
 which supports both tun and tap style devices,
 
 By default, tinc expects the tuntaposx driver to be installed.
-To use the utun driver, set add @code{Device = utunX} to @file{tinc.conf},
+To use the utun driver, set add @samp{Device = utunX} to @file{tinc.conf},
 where X is the desired number for the utun interface.
 You can also omit the number, in which case the first free number will be chosen.
 
@@ -421,7 +421,7 @@ by the zlib library.
 
 If this library is not installed, you will get an error when running the
 configure script.  You can either install the zlib library, or disable support
-for zlib compression by using the "--disable-zlib" option when running the
+for zlib compression by using the @option{--disable-zlib} option when running the
 configure script. Note that if you disable support for zlib, the resulting
 binary will not work correctly on VPNs where zlib compression is used.
 
@@ -445,7 +445,7 @@ Another form of compression is offered using the LZO library.
 
 If this library is not installed, you will get an error when running the
 configure script.  You can either install the LZO library, or disable support
-for LZO compression by using the "--disable-lzo" option when running the
+for LZO compression by using the @option{--disable-lzo} option when running the
 configure script. Note that if you disable support for LZO, the resulting
 binary will not work correctly on VPNs where LZO compression is used.
 
@@ -465,12 +465,12 @@ default).
 @subsection libcurses
 
 @cindex libcurses
-For the "tinc top" command, tinc requires a curses library.
+For the @command{tinc top} command, tinc requires a curses library.
 
 If this library is not installed, you will get an error when running the
 configure script.  You can either install a suitable curses library, or disable
 all functionality that depends on a curses library by using the
-"--disable-curses" option when running the configure script.
+@option{--disable-curses} option when running the configure script.
 
 There are several curses libraries. It is recommended that you install
 "ncurses" (@url{https://invisible-island.net/ncurses/}),
@@ -488,12 +488,12 @@ of this package.
 @subsection libreadline
 
 @cindex libreadline
-For the "tinc" command's shell functionality, tinc uses the readline library.
+For the @command{tinc} command's shell functionality, tinc uses the readline library.
 
 If this library is not installed, you will get an error when running the
 configure script.  You can either install a suitable readline library, or
 disable all functionality that depends on a readline library by using the
-"--disable-readline" option when running the configure script.
+@option{--disable-readline} option when running the configure script.
 
 You can use your operating system's package manager to install this if
 available.  Make sure you install the development AND runtime versions
@@ -553,7 +553,6 @@ The documentation that comes along with your distribution will tell you how to d
 
 @menu
 * Darwin (MacOS/X) build environment::
-* Cygwin (Windows) build environment::
 * MinGW (Windows) build environment::
 @end menu
 
@@ -568,17 +567,6 @@ It might also help to install a recent version of Fink from @uref{http://www.fin
 You need to download and install LibreSSL (or OpenSSL) and LZO,
 either directly from their websites (see @ref{Libraries}) or using Fink.
 
-@c ==================================================================
-@node       Cygwin (Windows) build environment
-@subsection Cygwin (Windows) build environment
-
-If Cygwin hasn't already been installed, install it directly from
-@uref{https://www.cygwin.com/}.
-
-When tinc is compiled in a Cygwin environment, it can only be run in this environment,
-but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
-It will also support all features.
-
 @c ==================================================================
 @node       MinGW (Windows) build environment
 @subsection MinGW (Windows) build environment
@@ -639,7 +627,7 @@ myvpn 10.0.0.0
 
 @cindex port numbers
 You may add this line to @file{/etc/services}.  The effect is that you
-may supply a @samp{tinc} as a valid port number to some programs.  The
+may supply @samp{tinc} as a valid port number to some programs.  The
 number 655 is registered with the IANA.
 
 @example
@@ -695,14 +683,14 @@ A good resource on networking is the
 
 If you have everything clearly pictured in your mind,
 proceed in the following order:
-First, create the initial configuration files and public/private keypairs using the following command:
+First, create the initial configuration files and public/private key pairs using the following command:
 @example
 tinc -n @var{NETNAME} init @var{NAME}
 @end example
-Second, use @samp{tinc -n @var{NETNAME} add ...} to further configure tinc.
-Finally, export your host configuration file using @samp{tinc -n @var{NETNAME} export} and send it to those
+Second, use @command{tinc -n @var{NETNAME} add ...} to further configure tinc.
+Finally, export your host configuration file using @command{tinc -n @var{NETNAME} export} and send it to those
 people or computers you want tinc to connect to.
-They should send you their host configuration file back, which you can import using @samp{tinc -n @var{NETNAME} import}.
+They should send you their host configuration file back, which you can import using @command{tinc -n @var{NETNAME} import}.
 
 These steps are described in the subsections below.
 
@@ -953,7 +941,8 @@ Also note that this can cause decrypted VPN packets to be sent out on a real net
 
 @cindex fd
 @item fd
-Use a file descriptor.
+Use a file descriptor, given directly as an integer or passed through a unix domain socket.
+On Linux, an abstract socket address can be specified by using @samp{@@} as a prefix.
 All packets are read from this interface.
 Packets received for the local node are written to it.
 
@@ -1024,7 +1013,7 @@ When this option is enabled, the SPTPS protocol will be used when connecting to
 Ephemeral ECDH will be used for key exchanges,
 and Ed25519 will be used instead of RSA for authentication.
 When enabled, an Ed25519 key must have been generated before with
-@samp{tinc generate-ed25519-keys}.
+@command{tinc generate-ed25519-keys}.
 
 @cindex Forwarding
 @item Forwarding = <off|internal|kernel> (internal) [experimental]
@@ -1081,7 +1070,7 @@ in which case listening sockets for each specified address are made.
 
 If no @var{port} is specified, the socket will listen on the port specified by the Port option,
 or to port 655 if neither is given.
-To only listen on a specific port but not to a specific address, use "*" for the @var{address}.
+To only listen on a specific port but not to a specific address, use @samp{*} for the @var{address}.
 
 @cindex LocalDiscovery
 @item LocalDiscovery = <yes | no> (no)
@@ -1141,7 +1130,7 @@ impossible to crack a single key.
 @cindex MACExpire
 @item MACExpire = <@var{seconds}> (600)
 This option controls the amount of time MAC addresses are kept before they are removed.
-This only has effect when Mode is set to "switch".
+This only has effect when Mode is set to @samp{switch}.
 
 @cindex MaxConnectionBurst
 @item MaxConnectionBurst = <@var{count}> (100)
@@ -1185,7 +1174,7 @@ accidental eavesdropping if you are editing the configuration file.
 @cindex PrivateKeyFile
 @item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv})
 This is the full path name of the RSA private key file that was
-generated by @samp{tinc generate-keys}.  It must be a full path, not a
+generated by @command{tinc generate-keys}.  It must be a full path, not a
 relative directory.
 
 @cindex ProcessPriority
@@ -1287,7 +1276,7 @@ Note: this setting can have a significant impact on performance, especially raw
 @item UPnP = <yes|udponly|no> (no)
 If this option is enabled then tinc will search for UPnP-IGD devices on the local network.
 It will then create and maintain port mappings for tinc's listening TCP and UDP ports.
-If set to "udponly", tinc will only create a mapping for its UDP (data) port, not for its TCP (metaconnection) port.
+If set to @samp{udponly}, tinc will only create a mapping for its UDP (data) port, not for its TCP (metaconnection) port.
 Note that tinc must have been built with miniupnpc support for this feature to be available.
 Furthermore, be advised that enabling this can have security implications, because the miniupnpc library that
 tinc uses might not be well-hardened with regard to malicious UPnP replies.
@@ -1322,7 +1311,7 @@ tried until a working connection has been established.
 @item Cipher = <@var{cipher}> (blowfish)
 The symmetric cipher algorithm used to encrypt UDP packets using the legacy protocol.
 Any cipher supported by LibreSSL or OpenSSL is recognized.
-Furthermore, specifying "none" will turn off packet encryption.
+Furthermore, specifying @samp{none} will turn off packet encryption.
 It is best to use only those ciphers which support CBC mode.
 This option has no effect for connections using the SPTPS protocol, which always use AES-256-CTR.
 
@@ -1342,7 +1331,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
 @item Digest = <@var{digest}> (sha1)
 The digest algorithm used to authenticate UDP packets using the legacy protocol.
 Any digest supported by LibreSSL or OpenSSL is recognized.
-Furthermore, specifying "none" will turn off packet authentication.
+Furthermore, specifying @samp{none} will turn off packet authentication.
 This option has no effect for connections using the SPTPS protocol, which always use HMAC-SHA-256.
 
 @cindex IndirectData
@@ -1383,7 +1372,7 @@ This is the RSA public key for this host.
 @cindex PublicKeyFile
 @item PublicKeyFile = <@var{path}> [obsolete]
 This is the full path name of the RSA public key file that was generated
-by @samp{tinc generate-keys}.  It must be a full path, not a relative
+by @command{tinc generate-keys}.  It must be a full path, not a relative
 directory.
 
 @cindex PEM format
@@ -1455,7 +1444,7 @@ this means that tinc will temporarily stop processing packets until the called s
 This guarantees that scripts will execute in the exact same order as the events that trigger them.
 If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
 
-Under Windows (not Cygwin), the scripts should have the extension @file{.bat} or @file{.cmd}.
+Under Windows, the scripts should have the extension @file{.bat} or @file{.cmd}.
 
 @table @file
 @cindex tinc-up
@@ -1557,7 +1546,7 @@ this is set to the invitation URL that has been created.
 @end table
 
 Do not forget that under UNIX operating systems,
-you have to make the scripts executable, using the command @samp{chmod a+x script}.
+you have to make the scripts executable, using the command @command{chmod a+x script}.
 
 
 @c ==================================================================
@@ -1566,13 +1555,13 @@ you have to make the scripts executable, using the command @samp{chmod a+x scrip
 
 @subsubheading Step 1.  Creating initial configuration files.
 
-The initial directory structure, configuration files and public/private keypairs are created using the following command:
+The initial directory structure, configuration files and public/private key pairs are created using the following command:
 
 @example
 tinc -n @var{netname} init @var{name}
 @end example
 
-(You will need to run this as root, or use "sudo".)
+(You will need to run this as root, or use @command{sudo}.)
 This will create the configuration directory @file{@value{sysconfdir}/tinc/@var{netname}.},
 and inside it will create another directory named @file{hosts/}.
 In the configuration directory, it will create the file @file{tinc.conf} with the following contents:
@@ -1706,8 +1695,8 @@ The netmask is the mask of the @emph{entire} VPN network, not just your
 own subnet.
 The second command gives the interface an IPv6 address and netmask,
 which will also automatically add an IPv6 route.
-If you only want to use "ip addr" commands on Linux, don't forget that it doesn't bring the interface up, unlike ifconfig,
-so you need to add @samp{ip link set $INTERFACE up} in that case.
+If you only want to use @command{ip addr} commands on Linux, don't forget that it doesn't bring the interface up, unlike ifconfig,
+so you need to add @command{ip link set $INTERFACE up} in that case.
 
 The exact syntax of the ifconfig and route commands differs from platform to platform.
 You can look up the commands for setting addresses and adding routes in @ref{Platform specific information},
@@ -1747,7 +1736,7 @@ the real interface is also shown as a comment, to give you an idea of
 how these example host is set up. All branches use the netname `company'
 for this particular VPN.
 
-Each branch is set up using the @samp{tinc init} and @samp{tinc config} commands,
+Each branch is set up using the @command{tinc init} and @command{tinc config} commands,
 here we just show the end results:
 
 @subsubheading For Branch A
@@ -1893,7 +1882,7 @@ Address = 4.5.6.7
 
 @subsubheading Key files
 
-A, B, C and D all have their own public/private keypairs:
+A, B, C and D all have their own public/private key pairs:
 
 The private RSA key is stored in @file{@value{sysconfdir}/tinc/company/rsa_key.priv},
 the private Ed25519 key is stored in @file{@value{sysconfdir}/tinc/company/ed25519_key.priv},
@@ -2149,7 +2138,7 @@ Some of them will only be visible if the debug level is high enough.
 @item Error reading RSA key file `rsa_key.priv': No such file or directory
 
 @itemize
-@item You forgot to create a public/private keypair.
+@item You forgot to create a public/private key pair.
 @item Specify the complete pathname to the private key file with the @samp{PrivateKeyFile} option.
 @end itemize
 
@@ -2217,8 +2206,8 @@ You can add @samp{TCPOnly = yes} to host configuration files to force all VPN tr
 @item Got bad/bogus/unauthorized REQUEST from foo (1.2.3.4 port 12345)
 
 @itemize
-@item Node foo does not have the right public/private keypair.
-Generate new keypairs and distribute them again.
+@item Node foo does not have the right public/private key pair.
+Generate new key pairs and distribute them again.
 @item An attacker tries to gain access to your VPN.
 @item A network error caused corruption of metadata sent from foo.
 @end itemize
@@ -2238,7 +2227,7 @@ Be sure to include the following information in your bugreport:
 @item What platform (operating system, version, hardware architecture) and which version of tinc you use.
 @item If compiling tinc fails, a copy of @file{config.log} and the error messages you get.
 @item Otherwise, a copy of @file{tinc.conf}, @file{tinc-up} and all files in the @file{hosts/} directory.
-@item The output of the commands @samp{ifconfig -a} and @samp{route -n} (or @samp{netstat -rn} if that doesn't work).
+@item The output of the commands @command{ifconfig -a} and @command{route -n} (or @command{netstat -rn} if that doesn't work).
 @item The output of any command that fails to work as it should (like ping or traceroute).
 @end itemize
 
@@ -2319,11 +2308,11 @@ the value of this environment variable is used.
 @section tinc commands
 
 @c from the manpage
-@table @code
+@table @samp
 
 @cindex init
 @item init [@var{name}]
-Create initial configuration files and RSA and Ed25519 keypairs with default length.
+Create initial configuration files and RSA and Ed25519 key pairs with default length.
 If no @var{name} for this node is given, it will be asked for.
 
 @cindex get
@@ -2386,15 +2375,15 @@ If no @var{URL} is given, it will be read from standard input.
 
 @cindex start
 @item start [tincd options]
-Start @samp{tincd}, optionally with the given extra options.
+Start @command{tincd}, optionally with the given extra options.
 
 @cindex stop
 @item stop
-Stop @samp{tincd}.
+Stop @command{tincd}.
 
 @cindex restart
 @item restart [tincd options]
-Restart @samp{tincd}, optionally with the given extra options.
+Restart @command{tincd}, optionally with the given extra options.
 
 @cindex reload
 @item reload
@@ -2404,21 +2393,21 @@ in @file{tinc.conf} will be made.
 
 @cindex pid
 @item pid
-Shows the PID of the currently running @samp{tincd}.
+Shows the PID of the currently running @command{tincd}.
 
 @cindex generate-keys
 @item generate-keys [@var{bits}]
-Generate both RSA and Ed25519 keypairs (see below) and exit.
+Generate both RSA and Ed25519 key pairs (see below) and exit.
 tinc will ask where you want to store the files, but will default to the
 configuration directory (you can use the -c or -n option).
 
 @cindex generate-ed25519-keys
 @item generate-ed25519-keys
-Generate public/private Ed25519 keypair and exit.
+Generate public/private Ed25519 key pair and exit.
 
 @cindex generate-rsa-keys
 @item generate-rsa-keys [@var{bits}]
-Generate public/private RSA keypair and exit.  If @var{bits} is omitted, the
+Generate public/private RSA key pair and exit.  If @var{bits} is omitted, the
 default length will be 2048 bits.  When saving keys to existing files, tinc
 will not delete the old keys; you have to remove them manually.
 
@@ -2515,8 +2504,8 @@ The signed file is written to standard output.
 
 Check the signature of a file against a node's public key.
 The @var{name} of the node must be given,
-or can be "." to check against the local node's public key,
-or "*" to allow a signature from any node whose public key is known.
+or can be @samp{.} to check against the local node's public key,
+or @samp{*} to allow a signature from any node whose public key is known.
 If no @var{filename} is given, the file is read from standard input.
 If the verification is successful, a copy of the input with the signature removed is written to standard output, and the exit code will be zero.
 If the verification failed, nothing will be written to standard output, and the exit code will be non-zero.
@@ -2612,9 +2601,9 @@ Quit.
 @chapter Invitations
 
 Invitations are an easy way to add new nodes to an existing VPN.  Invitations
-can be created on an existing node using the @code{tinc invite} command, which
+can be created on an existing node using the @command{tinc invite} command, which
 generates a relatively short URL which can be given to someone else, who uses
-the @code{tinc join} command to automatically set up tinc so it can connect to
+the @command{tinc join} command to automatically set up tinc so it can connect to
 the inviting node.  The next sections describe how invitations actually work,
 and how to further automate the invitations.
 
@@ -2630,7 +2619,7 @@ and how to further automate the invitations.
 @section How invitations work
 
 When an invitation is created on a node (which from now on we will call the
-server) using the @code{tinc invite} command, an invitation file is created
+server) using the @command{tinc invite} command, an invitation file is created
 that contains all the information necessary for the invitee (which we will call
 the client) to create its configuration files. The invitation file is stays on
 the server, but a URL is generated that has enough information for the client
@@ -2668,14 +2657,14 @@ information in the invitation file.
 
 It is important that the invitation URL is kept secret until it is used; if
 another person gets a copy of the invitation URL before the real client runs
-the @code{tinc join} command, then that other person can try to join the VPN.
+the @command{tinc join} command, then that other person can try to join the VPN.
 
 
 @c ==================================================================
 @node    Invitation file format
 @section Invitation file format
 
-The contents of an invitation file that is generated by the @code{tinc invite}
+The contents of an invitation file that is generated by the @command{tinc invite}
 command looks like this:
 
 @example
@@ -2689,15 +2678,15 @@ Address = server.example.com
 @end example
 
 The file is basically a concatenation of several host config blocks. Each host
-config block starts with @code{Name = ...}.  Lines that look like @code{#---#}
+config block starts with @samp{Name = ...}.  Lines that look like @samp{#---#}
 are not important, it just makes it easier for humans to read the file.
 However, the first line of an invitation file @emph{must} always start with
-@code{Name = ...}.
+@samp{Name = ...}.
 
 The first host config block is always the one representing the invitee. So the
 first Name statement determines the name that the invitee will get. From the
 first block, the @file{tinc.conf} and @file{hosts/client} files will be
-generated; the @code{tinc join} command on the client will automatically
+generated; the @command{tinc join} command on the client will automatically
 separate statements based on whether they should be in @file{tinc.conf} or in a
 host config file. Some statements are special and are treated differently:
 
@@ -2711,9 +2700,9 @@ configuration with the same netname.
 @item Ifconfig = <@var{address}[/@var{netmask}] | dhcp | dhcp6 | slaac>
 This is a hint for generating a @file{tinc-up} script.
 If an address is specified, a command will be added to @file{tinc-up} so the VPN interface will be configured to have the given address.
-If it is the word "dhcp", a command will be added to start a DHCP client on the VPN interface.
-If it is the word dhcpv6, it will be a DHCPv6 client.
-If it is "slaac", then it will add commands to enable IPv6 stateless address autoconfiguration.
+If it is the word @samp{dhcp}, a command will be added to start a DHCP client on the VPN interface.
+If it is the word @samp{dhcpv6}, it will be a DHCPv6 client.
+If it is @samp{slaac}, then it will add commands to enable IPv6 stateless address autoconfiguration.
 It is also possible to specify a MAC address, in which case a command will be added to set the MAC address of the VPN interface.
 
 The exact commands added to the @file{tinc-up} script depends on the operating system the client is using.
@@ -2729,7 +2718,7 @@ In general, a gateway is only necessary when running tinc in switch mode.
 @end table
 
 Subsequent host config blocks are copied verbatim into their respective files
-in @file{hosts/}. The invitation file generated by @code{tinc invite} will
+in @file{hosts/}. The invitation file generated by @command{tinc invite} will
 normally only contain two blocks; one for the client and one for the server.
 
 
@@ -2737,7 +2726,7 @@ normally only contain two blocks; one for the client and one for the server.
 @node    Writing an invitation-created script
 @section Writing an invitation-created script
 
-When an invitation is generated, the "invitation-created" script is called (if
+When an invitation is generated, the @file{invitation-created} script is called (if
 it exists) right after the invitation file is written, but before the URL has
 been written to stdout. This allows one to change the invitation file
 automatically before the invitation URL is passed to the invitee. Here is an
@@ -3424,42 +3413,42 @@ For IPv4 addresses:
 
 @multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
 @item Linux
-@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
+@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
 @item Linux iproute2
-@tab @code{ip addr add} @var{address}@code{/}@var{prefixlength} @code{dev} @var{interface}
+@tab @command{ip addr add} @var{address}@samp{/}@var{prefixlength} @samp{dev} @var{interface}
 @item FreeBSD
-@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
+@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
 @item OpenBSD
-@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
+@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
 @item NetBSD
-@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
+@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
 @item Solaris
-@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
+@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
 @item Darwin (MacOS/X)
-@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask}
+@tab @command{ifconfig} @var{interface} @var{address} @samp{netmask} @var{netmask}
 @item Windows
-@tab @code{netsh interface ip set address} @var{interface} @code{static} @var{address} @var{netmask}
+@tab @command{netsh interface ip set address} @var{interface} @samp{static} @var{address} @var{netmask}
 @end multitable
 
 For IPv6 addresses:
 
 @multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
 @item Linux
-@tab @code{ifconfig} @var{interface} @code{add} @var{address}@code{/}@var{prefixlength}
+@tab @command{ifconfig} @var{interface} @samp{add} @var{address}@samp{/}@var{prefixlength}
 @item FreeBSD
-@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
+@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
 @item OpenBSD
-@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
+@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
 @item NetBSD
-@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
+@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
 @item Solaris
-@tab @code{ifconfig} @var{interface} @code{inet6 plumb up}
+@tab @command{ifconfig} @var{interface} @samp{inet6 plumb up}
 @item
-@tab @code{ifconfig} @var{interface} @code{inet6 addif} @var{address} @var{address}
+@tab @command{ifconfig} @var{interface} @samp{inet6 addif} @var{address} @var{address}
 @item Darwin (MacOS/X)
-@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength}
+@tab @command{ifconfig} @var{interface} @samp{inet6} @var{address} @samp{prefixlen} @var{prefixlength}
 @item Windows
-@tab @code{netsh interface ipv6 add address} @var{interface} @code{static} @var{address}/@var{prefixlength}
+@tab @command{netsh interface ipv6 add address} @var{interface} @samp{static} @var{address}/@var{prefixlength}
 @end multitable
 
 On Linux, it is possible to create a persistent tun/tap interface which will
@@ -3469,7 +3458,7 @@ tinc can be started without needing any root privileges at all.
 
 @multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
 @item Linux
-@tab @code{ip tuntap add dev} @var{interface} @code{mode} @var{tun|tap} @code{user} @var{username}
+@tab @command{ip tuntap add dev} @var{interface} @samp{mode} @var{tun|tap} @samp{user} @var{username}
 @end multitable
 
 @c ==================================================================
@@ -3487,42 +3476,42 @@ Adding routes to IPv4 subnets:
 
 @multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
 @item Linux
-@tab @code{route add -net} @var{network_address} @code{netmask} @var{netmask} @var{interface}
+@tab @command{route add -net} @var{network_address} @samp{netmask} @var{netmask} @var{interface}
 @item Linux iproute2
-@tab @code{ip route add} @var{network_address}@code{/}@var{prefixlength} @code{dev} @var{interface}
+@tab @command{ip route add} @var{network_address}@samp{/}@var{prefixlength} @samp{dev} @var{interface}
 @item FreeBSD
-@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
+@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
 @item OpenBSD
-@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
+@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
 @item NetBSD
-@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
+@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
 @item Solaris
-@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
+@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address} @samp{-interface}
 @item Darwin (MacOS/X)
-@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
+@tab @command{route add} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
 @item Windows
-@tab @code{netsh routing ip add persistentroute} @var{network_address} @var{netmask} @var{interface} @var{local_address}
+@tab @command{netsh routing ip add persistentroute} @var{network_address} @var{netmask} @var{interface} @var{local_address}
 @end multitable
 
 Adding routes to IPv6 subnets:
 
 @multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
 @item Linux
-@tab @code{route add -A inet6} @var{network_address}@code{/}@var{prefixlength} @var{interface}
+@tab @command{route add -A inet6} @var{network_address}@samp{/}@var{prefixlength} @var{interface}
 @item Linux iproute2
-@tab @code{ip route add} @var{network_address}@code{/}@var{prefixlength} @code{dev} @var{interface}
+@tab @command{ip route add} @var{network_address}@samp{/}@var{prefixlength} @samp{dev} @var{interface}
 @item FreeBSD
-@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @var{local_address}
+@tab @command{route add -inet6} @var{network_address}@samp{/}@var{prefixlength} @var{local_address}
 @item OpenBSD
-@tab @code{route add -inet6} @var{network_address} @var{local_address} @code{-prefixlen} @var{prefixlength}
+@tab @command{route add -inet6} @var{network_address} @var{local_address} @samp{-prefixlen} @var{prefixlength}
 @item NetBSD
-@tab @code{route add -inet6} @var{network_address} @var{local_address} @code{-prefixlen} @var{prefixlength}
+@tab @command{route add -inet6} @var{network_address} @var{local_address} @samp{-prefixlen} @var{prefixlength}
 @item Solaris
-@tab @code{route add -inet6} @var{network_address}@code{/}@var{prefixlength} @var{local_address} @code{-interface}
+@tab @command{route add -inet6} @var{network_address}@samp{/}@var{prefixlength} @var{local_address} @samp{-interface}
 @item Darwin (MacOS/X)
 @tab ?
 @item Windows
-@tab @code{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface}
+@tab @command{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface}
 @end multitable
 
 @c ==================================================================
@@ -3544,10 +3533,10 @@ There are many Linux distributions, and historically, many of them had their
 own way of starting programs at boot time. Today, a number of major Linux
 distributions have chosen to use systemd as their init system. Tinc ships with
 systemd service files that allow you to start and stop tinc using systemd.
-There are two service files: @code{tinc.service} is used to globally enable or
+There are two service files: @samp{tinc.service} is used to globally enable or
 disable all tinc daemons managed by systemd, and
-@code{tinc@@@var{netname}.service} is used to enable or disable specific tinc
-daemons. So if one has created a tinc network with netname @code{foo}, then
+@samp{tinc@@@var{netname}.service} is used to enable or disable specific tinc
+daemons. So if one has created a tinc network with netname @samp{foo}, then
 you have to run the following two commands to ensure it is started at boot
 time:
 
@@ -3563,7 +3552,7 @@ following command:
 systemctl start tinc@@foo
 @end example
 
-You can also use @samp{systemctl start tinc}, this will start all tinc daemons
+You can also use @command{systemctl start tinc}, this will start all tinc daemons
 that are enabled. You can stop and disable tinc networks in the same way.
 
 If your system is not using systemd, then you have to look up your
@@ -3573,10 +3562,10 @@ distribution's way of starting tinc at boot time.
 @node       Windows
 @subsection Windows
 
-On Windows, if tinc is started with the @code{tinc start} command without using
-the @code{-D} or @code{--no-detach} option, it will automatically register
+On Windows, if tinc is started with the @command{tinc start} command without using
+the @option{-D} or @option{--no-detach} option, it will automatically register
 itself as a service that is started at boot time. When tinc is stopped using
-the @code{tinc stop} command, it will also automatically unregister itself.
+the @command{tinc stop} command, it will also automatically unregister itself.
 Once tinc is registered as a service, it is also possible to stop and start
 tinc using the Windows Services Manager.
 

doc/tincd.8.in

@@ -35,7 +35,7 @@ If that succeeds,
 it will detach from the controlling terminal and continue in the background,
 accepting and setting up connections to other tinc daemons
 that are part of the virtual private network.
-Under Windows (not Cygwin) tinc will install itself as a service,
+Under Windows tinc will install itself as a service,
 which will be restarted automatically after reboots.
 .Sh OPTIONS
 .Bl -tag -width indent

doc/tincinclude.texi

@@ -1,5 +1,5 @@
-@set VERSION 1.1pre17
+@set VERSION 1.1pre17-49-g4cc4b9bc
 @set PACKAGE tinc
-@set sysconfdir /etc
-@set localstatedir /var
-@set runstatedir /var/run
+@set sysconfdir /usr/local/etc
+@set localstatedir /usr/local/var
+@set runstatedir /usr/local/var/run

install-sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # install - install a program, script, or datafile
 
-scriptversion=2018-03-11.20; # UTC
+scriptversion=2020-11-14.01; # UTC
 
 # This originates from X11R5 (mit/util/scripts/install.sh), which was
 # later released in X11R6 (xc/config/util/install.sh) with the
@@ -69,6 +69,11 @@ posix_mkdir=
 # Desired mode of installed file.
 mode=0755
 
+# Create dirs (including intermediate dirs) using mode 755.
+# This is like GNU 'install' as of coreutils 8.32 (2020).
+mkdir_umask=22
+
+backupsuffix=
 chgrpcmd=
 chmodcmd=$chmodprog
 chowncmd=
@@ -99,18 +104,28 @@ Options:
      --version  display version info and exit.
 
   -c            (ignored)
-  -C            install only if different (preserve the last data modification time)
+  -C            install only if different (preserve data modification time)
   -d            create directories instead of installing files.
   -g GROUP      $chgrpprog installed files to GROUP.
   -m MODE       $chmodprog installed files to MODE.
   -o USER       $chownprog installed files to USER.
+  -p            pass -p to $cpprog.
   -s            $stripprog installed files.
+  -S SUFFIX     attempt to back up existing files, with suffix SUFFIX.
   -t DIRECTORY  install into DIRECTORY.
   -T            report an error if DSTFILE is a directory.
 
 Environment variables override the default commands:
   CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
   RMPROG STRIPPROG
+
+By default, rm is invoked with -f; when overridden with RMPROG,
+it's up to you to specify -f if you want it.
+
+If -S is not specified, no backups are attempted.
+
+Email bug reports to bug-automake@gnu.org.
+Automake home page: https://www.gnu.org/software/automake/
 "
 
 while test $# -ne 0; do
@@ -137,8 +152,13 @@ while test $# -ne 0; do
     -o) chowncmd="$chownprog $2"
         shift;;
 
+    -p) cpprog="$cpprog -p";;
+
     -s) stripcmd=$stripprog;;
 
+    -S) backupsuffix="$2"
+        shift;;
+
     -t)
         is_target_a_directory=always
         dst_arg=$2
@@ -255,6 +275,10 @@ do
     dstdir=$dst
     test -d "$dstdir"
     dstdir_status=$?
+    # Don't chown directories that already exist.
+    if test $dstdir_status = 0; then
+      chowncmd=""
+    fi
   else
 
     # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@@ -301,22 +325,6 @@ do
   if test $dstdir_status != 0; then
     case $posix_mkdir in
       '')
-        # Create intermediate dirs using mode 755 as modified by the umask.
-        # This is like FreeBSD 'install' as of 1997-10-28.
-        umask=`umask`
-        case $stripcmd.$umask in
-          # Optimize common cases.
-          *[2367][2367]) mkdir_umask=$umask;;
-          .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
-          *[0-7])
-            mkdir_umask=`expr $umask + 22 \
-              - $umask % 100 % 40 + $umask % 20 \
-              - $umask % 10 % 4 + $umask % 2
-            `;;
-          *) mkdir_umask=$umask,go-w;;
-        esac
-
         # With -d, create the new directory with the user-specified mode.
         # Otherwise, rely on $mkdir_umask.
         if test -n "$dir_arg"; then
@@ -326,22 +334,20 @@ do
         fi
 
         posix_mkdir=false
-        case $umask in
-          *[123567][0-7][0-7])
-            # POSIX mkdir -p sets u+wx bits regardless of umask, which
-            # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
-            ;;
-          *)
-            # Note that $RANDOM variable is not portable (e.g. dash);  Use it
+	# The $RANDOM variable is not portable (e.g., dash).  Use it
 	# here however when possible just to lower collision chance.
 	tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
 
-            trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
+	trap '
+	  ret=$?
+	  rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
+	  exit $ret
+	' 0
 
 	# Because "mkdir -p" follows existing symlinks and we likely work
 	# directly in world-writeable /tmp, make sure that the '$tmpdir'
 	# directory is successfully created first before we actually test
-            # 'mkdir -p' feature.
+	# 'mkdir -p'.
 	if (umask $mkdir_umask &&
 	    $mkdirprog $mkdir_mode "$tmpdir" &&
 	    exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
@@ -371,7 +377,6 @@ do
 	  rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
 	fi
 	trap '' 0;;
-        esac;;
     esac
 
     if
@@ -382,7 +387,7 @@ do
     then :
     else
 
-      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # mkdir does not conform to POSIX,
       # or it failed possibly due to a race condition.  Create the
       # directory the slow way, step by step, checking for races as we go.
 
@@ -411,7 +416,7 @@ do
           prefixes=
         else
           if $posix_mkdir; then
-            (umask=$mkdir_umask &&
+            (umask $mkdir_umask &&
              $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
             # Don't fail if two instances are running concurrently.
             test -d "$prefix" || exit 1
@@ -451,7 +456,18 @@ do
     trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
 
     # Copy the file name to the temp name.
-    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+    (umask $cp_umask &&
+     { test -z "$stripcmd" || {
+	 # Create $dsttmp read-write so that cp doesn't create it read-only,
+	 # which would cause strip to fail.
+	 if test -z "$doit"; then
+	   : >"$dsttmp" # No need to fork-exec 'touch'.
+	 else
+	   $doit touch "$dsttmp"
+	 fi
+       }
+     } &&
+     $doit_exec $cpprog "$src" "$dsttmp") &&
 
     # and set any options; do chmod last to preserve setuid bits.
     #
@@ -477,6 +493,13 @@ do
     then
       rm -f "$dsttmp"
     else
+      # If $backupsuffix is set, and the file being installed
+      # already exists, attempt a backup.  Don't worry if it fails,
+      # e.g., if mv doesn't support -f.
+      if test -n "$backupsuffix" && test -f "$dst"; then
+        $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
+      fi
+
       # Rename the file to the real destination.
       $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
 
@@ -491,9 +514,9 @@ do
         # file should still install successfully.
         {
           test ! -f "$dst" ||
-          $doit $rmcmd -f "$dst" 2>/dev/null ||
+          $doit $rmcmd "$dst" 2>/dev/null ||
           { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
-            { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+            { $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
           } ||
           { echo "$0: cannot unlink or rename $dst" >&2
             (exit 1); exit 1

m4/attribute.m4

@@ -9,8 +9,8 @@ AC_DEFUN([tinc_ATTRIBUTE],
     CFLAGS="$CFLAGS -Wall -Werror"
     AC_COMPILE_IFELSE(
       [AC_LANG_SOURCE(
-        [void *test(void) __attribute__ (($1));
-	 void *test(void) { return (void *)0; }
+        [void *test(void *x) __attribute__ (($1));
+	 void *test(void *x) { return (void *)x; }
 	],
        )],
        [tinc_cv_attribute_$1=yes],

missing

@@ -3,7 +3,7 @@
 
 scriptversion=2018-03-07.03; # UTC
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
 # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
 
 # This program is free software; you can redistribute it and/or modify

src/Makefile.am

@@ -190,10 +190,6 @@ if MINGW
 tincd_SOURCES += mingw/device.c mingw/common.h
 endif
 
-if CYGWIN
-tincd_SOURCES += cygwin/device.c
-endif
-
 if UML
 tincd_SOURCES += uml_device.c
 endif

src/Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -114,17 +114,16 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
 @BSD_TRUE@@TUNEMU_TRUE@am__append_8 = bsd/tunemu.c bsd/tunemu.h
 @SOLARIS_TRUE@am__append_9 = solaris/device.c
 @MINGW_TRUE@am__append_10 = mingw/device.c mingw/common.h
-@CYGWIN_TRUE@am__append_11 = cygwin/device.c
-@UML_TRUE@am__append_12 = uml_device.c
-@VDE_TRUE@am__append_13 = vde_device.c
-@OPENSSL_TRUE@am__append_14 = \
+@UML_TRUE@am__append_11 = uml_device.c
+@VDE_TRUE@am__append_12 = vde_device.c
+@OPENSSL_TRUE@am__append_13 = \
 @OPENSSL_TRUE@	openssl/cipher.c \
 @OPENSSL_TRUE@	openssl/crypto.c \
 @OPENSSL_TRUE@	openssl/digest.c openssl/digest.h \
 @OPENSSL_TRUE@	openssl/prf.c \
 @OPENSSL_TRUE@	openssl/rsa.c
 
-@OPENSSL_TRUE@am__append_15 = \
+@OPENSSL_TRUE@am__append_14 = \
 @OPENSSL_TRUE@	openssl/cipher.c \
 @OPENSSL_TRUE@	openssl/crypto.c \
 @OPENSSL_TRUE@	openssl/digest.c openssl/digest.h \
@@ -132,27 +131,27 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
 @OPENSSL_TRUE@	openssl/rsa.c \
 @OPENSSL_TRUE@	openssl/rsagen.c
 
-@OPENSSL_TRUE@am__append_16 = \
+@OPENSSL_TRUE@am__append_15 = \
 @OPENSSL_TRUE@	openssl/crypto.c \
 @OPENSSL_TRUE@	openssl/digest.c openssl/digest.h \
 @OPENSSL_TRUE@	openssl/prf.c
 
-@OPENSSL_TRUE@am__append_17 = \
+@OPENSSL_TRUE@am__append_16 = \
 @OPENSSL_TRUE@	openssl/crypto.c
 
-@OPENSSL_TRUE@am__append_18 = \
+@OPENSSL_TRUE@am__append_17 = \
 @OPENSSL_TRUE@	openssl/crypto.c \
 @OPENSSL_TRUE@	openssl/digest.c openssl/digest.h \
 @OPENSSL_TRUE@	openssl/prf.c
 
-@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_19 = \
+@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_18 = \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/cipher.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/crypto.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/digest.c gcrypt/digest.h \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/prf.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/rsa.c
 
-@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_20 = \
+@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_19 = \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/cipher.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/crypto.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/digest.c gcrypt/digest.h \
@@ -160,20 +159,24 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/rsa.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/rsagen.c
 
-@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_21 = \
+@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_20 = \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/cipher.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/crypto.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/digest.c gcrypt/digest.h \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/prf.c
 
-@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_22 = \
+@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_21 = \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	openssl/crypto.c
 
-@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_23 = \
+@GCRYPT_TRUE@@OPENSSL_FALSE@am__append_22 = \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	openssl/crypto.c \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	openssl/digest.c openssl/digest.h \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	openssl/prf.c
 
+@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_23 = \
+@GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/crypto.c \
+@GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/prf.c
+
 @GCRYPT_FALSE@@OPENSSL_FALSE@am__append_24 = \
 @GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/crypto.c \
 @GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/prf.c
@@ -183,18 +186,14 @@ EXTRA_PROGRAMS = sptps_test$(EXEEXT) sptps_keypair$(EXEEXT) \
 @GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/prf.c
 
 @GCRYPT_FALSE@@OPENSSL_FALSE@am__append_26 = \
-@GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/crypto.c \
-@GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/prf.c
-
-@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_27 = \
 @GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/crypto.c
 
-@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_28 = \
+@GCRYPT_FALSE@@OPENSSL_FALSE@am__append_27 = \
 @GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/crypto.c \
 @GCRYPT_FALSE@@OPENSSL_FALSE@	nolegacy/prf.c
 
-@MINIUPNPC_TRUE@am__append_29 = upnp.h upnp.c
-@TUNEMU_TRUE@am__append_30 = -lpcap
+@MINIUPNPC_TRUE@am__append_28 = upnp.h upnp.c
+@TUNEMU_TRUE@am__append_29 = -lpcap
 subdir = src
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
@@ -362,8 +361,8 @@ am__tincd_SOURCES_DIST = address_cache.c address_cache.h autoconnect.c \
 	chacha-poly1305/chacha-poly1305.h chacha-poly1305/poly1305.c \
 	chacha-poly1305/poly1305.h getopt.c getopt.h getopt1.c \
 	linux/device.c bsd/device.c bsd/tunemu.c bsd/tunemu.h \
-	solaris/device.c mingw/device.c mingw/common.h cygwin/device.c \
-	uml_device.c vde_device.c openssl/cipher.c openssl/crypto.c \
+	solaris/device.c mingw/device.c mingw/common.h uml_device.c \
+	vde_device.c openssl/cipher.c openssl/crypto.c \
 	openssl/digest.c openssl/digest.h openssl/prf.c openssl/rsa.c \
 	gcrypt/cipher.c gcrypt/crypto.c gcrypt/digest.c \
 	gcrypt/digest.h gcrypt/prf.c gcrypt/rsa.c nolegacy/crypto.c \
@@ -373,19 +372,18 @@ am__tincd_SOURCES_DIST = address_cache.c address_cache.h autoconnect.c \
 @BSD_TRUE@@TUNEMU_TRUE@am__objects_15 = bsd/tunemu.$(OBJEXT)
 @SOLARIS_TRUE@am__objects_16 = solaris/device.$(OBJEXT)
 @MINGW_TRUE@am__objects_17 = mingw/device.$(OBJEXT)
-@CYGWIN_TRUE@am__objects_18 = cygwin/device.$(OBJEXT)
-@UML_TRUE@am__objects_19 = uml_device.$(OBJEXT)
-@VDE_TRUE@am__objects_20 = vde_device.$(OBJEXT)
-@OPENSSL_TRUE@am__objects_21 = openssl/cipher.$(OBJEXT) \
+@UML_TRUE@am__objects_18 = uml_device.$(OBJEXT)
+@VDE_TRUE@am__objects_19 = vde_device.$(OBJEXT)
+@OPENSSL_TRUE@am__objects_20 = openssl/cipher.$(OBJEXT) \
 @OPENSSL_TRUE@	openssl/crypto.$(OBJEXT) \
 @OPENSSL_TRUE@	openssl/digest.$(OBJEXT) openssl/prf.$(OBJEXT) \
 @OPENSSL_TRUE@	openssl/rsa.$(OBJEXT)
-@GCRYPT_TRUE@@OPENSSL_FALSE@am__objects_22 = gcrypt/cipher.$(OBJEXT) \
+@GCRYPT_TRUE@@OPENSSL_FALSE@am__objects_21 = gcrypt/cipher.$(OBJEXT) \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/crypto.$(OBJEXT) \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/digest.$(OBJEXT) \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/prf.$(OBJEXT) \
 @GCRYPT_TRUE@@OPENSSL_FALSE@	gcrypt/rsa.$(OBJEXT)
-@MINIUPNPC_TRUE@am__objects_23 = upnp.$(OBJEXT)
+@MINIUPNPC_TRUE@am__objects_22 = upnp.$(OBJEXT)
 am_tincd_OBJECTS = address_cache.$(OBJEXT) autoconnect.$(OBJEXT) \
 	buffer.$(OBJEXT) conf.$(OBJEXT) connection.$(OBJEXT) \
 	control.$(OBJEXT) dropin.$(OBJEXT) dummy_device.$(OBJEXT) \
@@ -405,8 +403,7 @@ am_tincd_OBJECTS = address_cache.$(OBJEXT) autoconnect.$(OBJEXT) \
 	$(am__objects_2) $(am__objects_13) $(am__objects_14) \
 	$(am__objects_15) $(am__objects_16) $(am__objects_17) \
 	$(am__objects_18) $(am__objects_19) $(am__objects_20) \
-	$(am__objects_21) $(am__objects_22) $(am__objects_9) \
-	$(am__objects_23)
+	$(am__objects_21) $(am__objects_9) $(am__objects_22)
 tincd_OBJECTS = $(am_tincd_OBJECTS)
 @MINIUPNPC_TRUE@tincd_DEPENDENCIES = $(am__DEPENDENCIES_1)
 tincd_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(tincd_LDFLAGS) \
@@ -458,21 +455,20 @@ am__depfiles_remade = ./$(DEPDIR)/address_cache.Po \
 	chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po \
 	chacha-poly1305/$(DEPDIR)/chacha.Po \
 	chacha-poly1305/$(DEPDIR)/poly1305.Po \
-	cygwin/$(DEPDIR)/device.Po ed25519/$(DEPDIR)/ecdh.Po \
-	ed25519/$(DEPDIR)/ecdsa.Po ed25519/$(DEPDIR)/ecdsagen.Po \
-	ed25519/$(DEPDIR)/fe.Po ed25519/$(DEPDIR)/ge.Po \
-	ed25519/$(DEPDIR)/key_exchange.Po ed25519/$(DEPDIR)/keypair.Po \
-	ed25519/$(DEPDIR)/sc.Po ed25519/$(DEPDIR)/sha512.Po \
-	ed25519/$(DEPDIR)/sign.Po ed25519/$(DEPDIR)/verify.Po \
-	gcrypt/$(DEPDIR)/cipher.Po gcrypt/$(DEPDIR)/crypto.Po \
-	gcrypt/$(DEPDIR)/digest.Po gcrypt/$(DEPDIR)/prf.Po \
-	gcrypt/$(DEPDIR)/rsa.Po gcrypt/$(DEPDIR)/rsagen.Po \
-	linux/$(DEPDIR)/device.Po mingw/$(DEPDIR)/device.Po \
-	nolegacy/$(DEPDIR)/crypto.Po nolegacy/$(DEPDIR)/prf.Po \
-	openssl/$(DEPDIR)/cipher.Po openssl/$(DEPDIR)/crypto.Po \
-	openssl/$(DEPDIR)/digest.Po openssl/$(DEPDIR)/prf.Po \
-	openssl/$(DEPDIR)/rsa.Po openssl/$(DEPDIR)/rsagen.Po \
-	solaris/$(DEPDIR)/device.Po
+	ed25519/$(DEPDIR)/ecdh.Po ed25519/$(DEPDIR)/ecdsa.Po \
+	ed25519/$(DEPDIR)/ecdsagen.Po ed25519/$(DEPDIR)/fe.Po \
+	ed25519/$(DEPDIR)/ge.Po ed25519/$(DEPDIR)/key_exchange.Po \
+	ed25519/$(DEPDIR)/keypair.Po ed25519/$(DEPDIR)/sc.Po \
+	ed25519/$(DEPDIR)/sha512.Po ed25519/$(DEPDIR)/sign.Po \
+	ed25519/$(DEPDIR)/verify.Po gcrypt/$(DEPDIR)/cipher.Po \
+	gcrypt/$(DEPDIR)/crypto.Po gcrypt/$(DEPDIR)/digest.Po \
+	gcrypt/$(DEPDIR)/prf.Po gcrypt/$(DEPDIR)/rsa.Po \
+	gcrypt/$(DEPDIR)/rsagen.Po linux/$(DEPDIR)/device.Po \
+	mingw/$(DEPDIR)/device.Po nolegacy/$(DEPDIR)/crypto.Po \
+	nolegacy/$(DEPDIR)/prf.Po openssl/$(DEPDIR)/cipher.Po \
+	openssl/$(DEPDIR)/crypto.Po openssl/$(DEPDIR)/digest.Po \
+	openssl/$(DEPDIR)/prf.Po openssl/$(DEPDIR)/rsa.Po \
+	openssl/$(DEPDIR)/rsagen.Po solaris/$(DEPDIR)/device.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -555,7 +551,7 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 LCOV = @LCOV@
 LDFLAGS = @LDFLAGS@
 LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@ -lm $(CODE_COVERAGE_LIBS) $(am__append_30)
+LIBS = @LIBS@ -lm $(CODE_COVERAGE_LIBS) $(am__append_29)
 LTLIBOBJS = @LTLIBOBJS@
 MAKEINFO = @MAKEINFO@
 MINIUPNPC_LIBS = @MINIUPNPC_LIBS@
@@ -665,28 +661,27 @@ tincd_SOURCES = address_cache.c address_cache.h autoconnect.c \
 	$(am__append_2) $(am__append_6) $(am__append_7) \
 	$(am__append_8) $(am__append_9) $(am__append_10) \
 	$(am__append_11) $(am__append_12) $(am__append_13) \
-	$(am__append_14) $(am__append_19) $(am__append_24) \
-	$(am__append_29)
+	$(am__append_18) $(am__append_23) $(am__append_28)
 tinc_SOURCES = dropin.c dropin.h fsck.c fsck.h ifconfig.c ifconfig.h \
 	info.c info.h invitation.c invitation.h list.c list.h names.c \
 	names.h netutl.c netutl.h script.c script.h sptps.c sptps.h \
 	subnet_parse.c subnet.h tincctl.c tincctl.h top.c top.h \
 	utils.c utils.h version.c version.h ed25519/ecdh.c \
 	ed25519/ecdsa.c ed25519/ecdsagen.c $(ed25519_SOURCES) \
-	$(chacha_poly1305_SOURCES) $(am__append_3) $(am__append_15) \
-	$(am__append_20) $(am__append_25)
+	$(chacha_poly1305_SOURCES) $(am__append_3) $(am__append_14) \
+	$(am__append_19) $(am__append_24)
 sptps_test_SOURCES = logger.c logger.h sptps.c sptps.h sptps_test.c \
 	utils.c utils.h ed25519/ecdh.c ed25519/ecdsa.c \
 	$(ed25519_SOURCES) $(chacha_poly1305_SOURCES) $(am__append_4) \
-	$(am__append_16) $(am__append_21) $(am__append_26)
+	$(am__append_15) $(am__append_20) $(am__append_25)
 sptps_keypair_SOURCES = sptps_keypair.c utils.c utils.h \
 	ed25519/ecdsagen.c $(ed25519_SOURCES) $(am__append_5) \
-	$(am__append_17) $(am__append_22) $(am__append_27)
+	$(am__append_16) $(am__append_21) $(am__append_26)
 sptps_speed_SOURCES = logger.c logger.h sptps.c sptps.h sptps_speed.c \
 	utils.c utils.h ed25519/ecdh.c ed25519/ecdsa.c \
 	ed25519/ecdsagen.c $(ed25519_SOURCES) \
-	$(chacha_poly1305_SOURCES) $(am__append_18) $(am__append_23) \
-	$(am__append_28)
+	$(chacha_poly1305_SOURCES) $(am__append_17) $(am__append_22) \
+	$(am__append_27)
 @MINIUPNPC_TRUE@tincd_LDADD = $(MINIUPNPC_LIBS)
 @MINIUPNPC_TRUE@tincd_LDFLAGS = -pthread
 tinc_LDADD = $(READLINE_LIBS) $(CURSES_LIBS)
@@ -924,14 +919,6 @@ mingw/$(DEPDIR)/$(am__dirstamp):
 	@: > mingw/$(DEPDIR)/$(am__dirstamp)
 mingw/device.$(OBJEXT): mingw/$(am__dirstamp) \
 	mingw/$(DEPDIR)/$(am__dirstamp)
-cygwin/$(am__dirstamp):
-	@$(MKDIR_P) cygwin
-	@: > cygwin/$(am__dirstamp)
-cygwin/$(DEPDIR)/$(am__dirstamp):
-	@$(MKDIR_P) cygwin/$(DEPDIR)
-	@: > cygwin/$(DEPDIR)/$(am__dirstamp)
-cygwin/device.$(OBJEXT): cygwin/$(am__dirstamp) \
-	cygwin/$(DEPDIR)/$(am__dirstamp)
 
 tincd$(EXEEXT): $(tincd_OBJECTS) $(tincd_DEPENDENCIES) $(EXTRA_tincd_DEPENDENCIES) 
 	@rm -f tincd$(EXEEXT)
@@ -941,7 +928,6 @@ mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 	-rm -f bsd/*.$(OBJEXT)
 	-rm -f chacha-poly1305/*.$(OBJEXT)
-	-rm -f cygwin/*.$(OBJEXT)
 	-rm -f ed25519/*.$(OBJEXT)
 	-rm -f gcrypt/*.$(OBJEXT)
 	-rm -f linux/*.$(OBJEXT)
@@ -1013,7 +999,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@chacha-poly1305/$(DEPDIR)/chacha.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@chacha-poly1305/$(DEPDIR)/poly1305.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@cygwin/$(DEPDIR)/device.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@ed25519/$(DEPDIR)/ecdh.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@ed25519/$(DEPDIR)/ecdsa.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@ed25519/$(DEPDIR)/ecdsagen.Po@am__quote@ # am--include-marker
@@ -1189,8 +1174,6 @@ distclean-generic:
 	-rm -f bsd/$(am__dirstamp)
 	-rm -f chacha-poly1305/$(DEPDIR)/$(am__dirstamp)
 	-rm -f chacha-poly1305/$(am__dirstamp)
-	-rm -f cygwin/$(DEPDIR)/$(am__dirstamp)
-	-rm -f cygwin/$(am__dirstamp)
 	-rm -f ed25519/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ed25519/$(am__dirstamp)
 	-rm -f gcrypt/$(DEPDIR)/$(am__dirstamp)
@@ -1275,7 +1258,6 @@ distclean: distclean-am
 	-rm -f chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po
 	-rm -f chacha-poly1305/$(DEPDIR)/chacha.Po
 	-rm -f chacha-poly1305/$(DEPDIR)/poly1305.Po
-	-rm -f cygwin/$(DEPDIR)/device.Po
 	-rm -f ed25519/$(DEPDIR)/ecdh.Po
 	-rm -f ed25519/$(DEPDIR)/ecdsa.Po
 	-rm -f ed25519/$(DEPDIR)/ecdsagen.Po
@@ -1409,7 +1391,6 @@ maintainer-clean: maintainer-clean-am
 	-rm -f chacha-poly1305/$(DEPDIR)/chacha-poly1305.Po
 	-rm -f chacha-poly1305/$(DEPDIR)/chacha.Po
 	-rm -f chacha-poly1305/$(DEPDIR)/poly1305.Po
-	-rm -f cygwin/$(DEPDIR)/device.Po
 	-rm -f ed25519/$(DEPDIR)/ecdh.Po
 	-rm -f ed25519/$(DEPDIR)/ecdsa.Po
 	-rm -f ed25519/$(DEPDIR)/ecdsagen.Po

src/address_cache.c

@@ -151,7 +151,7 @@ const sockaddr_t *get_recent_address(address_cache_t *cache) {
 		cache->cfg = lookup_config(cache->config_tree, "Address");
 	}
 
-	while(cache->cfg && !cache->ai) {
+	while(cache->cfg && !cache->aip) {
 		char *address, *port;
 
 		get_config_string(cache->cfg, &address);
@@ -167,6 +167,10 @@ const sockaddr_t *get_recent_address(address_cache_t *cache) {
 			}
 		}
 
+		if(cache->ai) {
+			free_known_addresses(cache->ai);
+		}
+
 		cache->aip = cache->ai = str2addrinfo(address, port, SOCK_STREAM);
 
 		if(cache->ai) {

src/autoconnect.c

@@ -186,10 +186,9 @@ void do_autoconnect() {
 		drop_superfluous_outgoing_connection();
 	}
 
+	/* Drop pending outgoing connections from the outgoing list. */
+	drop_superfluous_pending_connections();
 
 	/* Check if there are unreachable nodes that we should try to connect to. */
 	connect_to_unreachable();
-
-	/* Drop pending outgoing connections from the outgoing list. */
-	drop_superfluous_pending_connections();
 }

src/bsd/device.c

@@ -1,7 +1,7 @@
 /*
     device.c -- Interaction BSD tun/tap device
     Copyright (C) 2001-2005 Ivo Timmermans,
-                  2001-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2001-2021 Guus Sliepen <guus@tinc-vpn.org>
                   2009      Grzegorz Dymarek <gregd72002@googlemail.com>
 
     This program is free software; you can redistribute it and/or modify
@@ -40,8 +40,13 @@
 #include <net/if_utun.h>
 #endif
 
+#if defined(HAVE_FREEBSD) || defined(HAVE_DRAGONFLY)
+#define DEFAULT_TUN_DEVICE "/dev/tun"  // Use the autoclone device
+#define DEFAULT_TAP_DEVICE "/dev/tap"
+#else
 #define DEFAULT_TUN_DEVICE "/dev/tun0"
 #define DEFAULT_TAP_DEVICE "/dev/tap0"
+#endif
 
 typedef enum device_type {
 	DEVICE_TYPE_TUN,

src/conf.c

@@ -4,7 +4,7 @@
                   1998-2005 Ivo Timmermans
                   2000      Cris van Pelt
                   2010-2011 Julien Muchembled <jm@jmuchemb.eu>
-                  2000-2015 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2021 Guus Sliepen <guus@tinc-vpn.org>
                   2013      Florent Clairambault <florent@clairambault.fr>
 
     This program is free software; you can redistribute it and/or modify
@@ -206,20 +206,14 @@ bool get_config_subnet(const config_t *cfg, subnet_t **result) {
 		return false;
 	}
 
-	/* Teach newbies what subnets are... */
+	if(subnetcheck(subnet)) {
+		*(*result = new_subnet()) = subnet;
+		return true;
+	}
 
-	if(((subnet.type == SUBNET_IPV4)
-	                && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(subnet.net.ipv4.address)))
-	                || ((subnet.type == SUBNET_IPV6)
-	                    && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(subnet.net.ipv6.address)))) {
 	logger(DEBUG_ALWAYS, LOG_ERR, "Network address and prefix length do not match for configuration variable %s in %s line %d",
 	       cfg->variable, cfg->file, cfg->line);
 	return false;
-	}
-
-	*(*result = new_subnet()) = subnet;
-
-	return true;
 }
 
 /*

src/cygwin/device.c

@@ -1,278 +0,0 @@
-/*
-    device.c -- Interaction with Windows tap driver in a Cygwin environment
-    Copyright (C) 2002-2005 Ivo Timmermans,
-                  2002-2014 Guus Sliepen <guus@tinc-vpn.org>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "../system.h"
-#include "../net.h"
-
-#include <w32api/windows.h>
-#include <w32api/winioctl.h>
-
-#include "../conf.h"
-#include "../device.h"
-#include "../logger.h"
-#include "../names.h"
-#include "../route.h"
-#include "../utils.h"
-#include "../xalloc.h"
-
-#include "../mingw/common.h"
-
-int device_fd = -1;
-static HANDLE device_handle = INVALID_HANDLE_VALUE;
-char *device = NULL;
-char *iface = NULL;
-static const char *device_info = "Windows tap device";
-
-static pid_t reader_pid;
-static int sp[2];
-
-static bool setup_device(void) {
-	HKEY key, key2;
-	int i, err;
-
-	char regpath[1024];
-	char adapterid[1024];
-	char adaptername[1024];
-	char tapname[1024];
-	char gelukt = 0;
-	long len;
-
-	bool found = false;
-
-	get_config_string(lookup_config(config_tree, "Device"), &device);
-	get_config_string(lookup_config(config_tree, "Interface"), &iface);
-
-	if(device && iface) {
-		logger(LOG_WARNING, "Warning: both Device and Interface specified, results may not be as expected");
-	}
-
-	/* Open registry and look for network adapters */
-
-	if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key)) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read registry: %s", winerror(GetLastError()));
-		return false;
-	}
-
-	for(i = 0; ; i++) {
-		len = sizeof(adapterid);
-
-		if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) {
-			break;
-		}
-
-		/* Find out more about this adapter */
-
-		snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", NETWORK_CONNECTIONS_KEY, adapterid);
-
-		if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) {
-			continue;
-		}
-
-		len = sizeof(adaptername);
-		err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
-
-		RegCloseKey(key2);
-
-		if(err) {
-			continue;
-		}
-
-		if(device) {
-			if(!strcmp(device, adapterid)) {
-				found = true;
-				break;
-			} else {
-				continue;
-			}
-		}
-
-		if(iface) {
-			if(!strcmp(iface, adaptername)) {
-				found = true;
-				break;
-			} else {
-				continue;
-			}
-		}
-
-		snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid);
-		device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0);
-
-		if(device_handle != INVALID_HANDLE_VALUE) {
-			CloseHandle(device_handle);
-			found = true;
-			break;
-		}
-	}
-
-	RegCloseKey(key);
-
-	if(!found) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "No Windows tap device found!");
-		return false;
-	}
-
-	if(!device) {
-		device = xstrdup(adapterid);
-	}
-
-	if(!iface) {
-		iface = xstrdup(adaptername);
-	}
-
-	snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device);
-
-	/* Now we are going to open this device twice: once for reading and once for writing.
-	   We do this because apparently it isn't possible to check for activity in the select() loop.
-	   Furthermore I don't really know how to do it the "Windows" way. */
-
-	if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) {
-		logger(DEBUG_ALWAYS, LOG_DEBUG, "System call `%s' failed: %s", "socketpair", strerror(errno));
-		return false;
-	}
-
-	/* The parent opens the tap device for writing. */
-
-	device_handle = CreateFile(tapname, GENERIC_WRITE,  FILE_SHARE_READ,  0,  OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0);
-
-	if(device_handle == INVALID_HANDLE_VALUE) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open Windows tap device %s (%s) for writing: %s", device, iface, winerror(GetLastError()));
-		return false;
-	}
-
-	device_fd = sp[0];
-
-	/* Get MAC address from tap device */
-
-	if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Could not get MAC address from Windows tap device %s (%s): %s", device, iface, winerror(GetLastError()));
-		return false;
-	}
-
-	if(routing_mode == RMODE_ROUTER) {
-		overwrite_mac = 1;
-	}
-
-	/* Now we start the child */
-
-	reader_pid = fork();
-
-	if(reader_pid == -1) {
-		logger(DEBUG_ALWAYS, LOG_DEBUG, "System call `%s' failed: %s", "fork", strerror(errno));
-		return false;
-	}
-
-	if(!reader_pid) {
-		/* The child opens the tap device for reading, blocking.
-		   It passes everything it reads to the socket. */
-
-		char buf[MTU];
-		long inlen;
-
-		CloseHandle(device_handle);
-
-		device_handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0,  OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0);
-
-		if(device_handle == INVALID_HANDLE_VALUE) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "Could not open Windows tap device %s (%s) for reading: %s", device, iface, winerror(GetLastError()));
-			buf[0] = 0;
-			write(sp[1], buf, 1);
-			exit(1);
-		}
-
-		logger(DEBUG_ALWAYS, LOG_DEBUG, "Tap reader forked and running.");
-
-		/* Notify success */
-
-		buf[0] = 1;
-		write(sp[1], buf, 1);
-
-		/* Pass packets */
-
-		for(;;) {
-			ReadFile(device_handle, buf, MTU, &inlen, NULL);
-			write(sp[1], buf, inlen);
-		}
-	}
-
-	read(device_fd, &gelukt, 1);
-
-	if(gelukt != 1) {
-		logger(DEBUG_ALWAYS, LOG_DEBUG, "Tap reader failed!");
-		return false;
-	}
-
-	logger(DEBUG_ALWAYS, LOG_INFO, "%s (%s) is a %s", device, iface, device_info);
-
-	return true;
-}
-
-static void close_device(void) {
-	close(sp[0]);
-	close(sp[1]);
-	CloseHandle(device_handle);
-	device_handle = INVALID_HANDLE_VALUE;
-
-	kill(reader_pid, SIGKILL);
-
-	free(device);
-	device = NULL;
-	free(iface);
-	iface = NULL;
-	device_info = NULL;
-}
-
-static bool read_packet(vpn_packet_t *packet) {
-	int inlen;
-
-	if((inlen = read(sp[0], DATA(packet), MTU)) <= 0) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
-		       device, strerror(errno));
-		return false;
-	}
-
-	packet->len = inlen;
-
-	logger(DEBUG_TRAFFIC, LOG_DEBUG, "Read packet of %d bytes from %s", packet->len,
-	       device_info);
-
-	return true;
-}
-
-static bool write_packet(vpn_packet_t *packet) {
-	long outlen;
-
-	logger(DEBUG_TRAFFIC, LOG_DEBUG, "Writing packet of %d bytes to %s",
-	       packet->len, device_info);
-
-	if(!WriteFile(device_handle, DATA(packet), packet->len, &outlen, NULL)) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Error while writing to %s %s: %s", device_info, device, winerror(GetLastError()));
-		return false;
-	}
-
-	return true;
-}
-
-const devops_t os_devops = {
-	.setup = setup_device,
-	.close = close_device,
-	.read = read_packet,
-	.write = write_packet,
-};

src/dropin.c

@@ -1,7 +1,7 @@
 /*
     dropin.c -- a set of drop-in replacements for libc functions
     Copyright (C) 2000-2005 Ivo Timmermans,
-                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -82,6 +82,8 @@ int daemon(int nochdir, int noclose) {
 
 	return 0;
 #else
+	(void)nochdir;
+	(void)noclose;
 	return -1;
 #endif
 }
@@ -144,6 +146,7 @@ int gettimeofday(struct timeval *tv, void *tz) {
 
 #ifndef HAVE_NANOSLEEP
 int nanosleep(const struct timespec *req, struct timespec *rem) {
+	(void)rem;
 	struct timeval tv = {req->tv_sec, req->tv_nsec / 1000};
 	return select(0, NULL, NULL, NULL, &tv);
 }

src/edge.c

@@ -1,6 +1,6 @@
 /*
     edge.c -- edge tree management
-    Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2021 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
 
     This program is free software; you can redistribute it and/or modify
@@ -83,14 +83,26 @@ void free_edge(edge_t *e) {
 }
 
 void edge_add(edge_t *e) {
-	splay_insert(edge_weight_tree, e);
-	splay_insert(e->from->edge_tree, e);
+	splay_node_t *node = splay_insert(e->from->edge_tree, e);
+
+	if(!node) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Edge from %s to %s already exists in edge_tree\n", e->from->name, e->to->name);
+		return;
+	}
+
 
 	e->reverse = lookup_edge(e->to, e->from);
 
 	if(e->reverse) {
 		e->reverse->reverse = e;
 	}
+
+	node = splay_insert(edge_weight_tree, e);
+
+	if(!node) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Edge from %s to %s already exists in edge_weight_tree\n", e->from->name, e->to->name);
+		return;
+	}
 }
 
 void edge_del(edge_t *e) {

src/ethernet.h

@@ -63,7 +63,7 @@ struct ether_header {
 	uint8_t ether_dhost[ETH_ALEN];
 	uint8_t ether_shost[ETH_ALEN];
 	uint16_t ether_type;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #endif
 
 #ifndef HAVE_STRUCT_ARPHDR
@@ -73,7 +73,7 @@ struct arphdr {
 	uint8_t ar_hln;
 	uint8_t ar_pln;
 	uint16_t ar_op;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 
 #define ARPOP_REQUEST 1
 #define ARPOP_REPLY 2
@@ -91,7 +91,7 @@ struct  ether_arp {
 	uint8_t arp_spa[4];
 	uint8_t arp_tha[ETH_ALEN];
 	uint8_t arp_tpa[4];
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #define arp_hrd ea_hdr.ar_hrd
 #define arp_pro ea_hdr.ar_pro
 #define arp_hln ea_hdr.ar_hln

src/event.c

@@ -1,6 +1,6 @@
 /*
     event.c -- I/O, timeout and signal event handling
-    Copyright (C) 2012-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2012-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -378,7 +378,7 @@ bool event_loop(void) {
 	while(running) {
 		struct timeval diff;
 		struct timeval *tv = get_time_remaining(&diff);
-		DWORD timeout_ms = tv ? (tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1) : WSA_INFINITE;
+		DWORD timeout_ms = tv ? (DWORD)(tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1) : WSA_INFINITE;
 
 		if(!event_count) {
 			Sleep(timeout_ms);
@@ -436,7 +436,7 @@ bool event_loop(void) {
 			}
 
 			if(result < WSA_WAIT_EVENT_0 || result >= WSA_WAIT_EVENT_0 + event_count - event_offset) {
-				return(false);
+				return false;
 			}
 
 			/* Look up io in the map by index. */

src/fd_device.c

@@ -1,9 +1,9 @@
 /*
     fd_device.c -- Interaction with Android tun fd
     Copyright (C)   2001-2005   Ivo Timmermans,
-                    2001-2016   Guus Sliepen <guus@tinc-vpn.org>
+                    2001-2021   Guus Sliepen <guus@tinc-vpn.org>
                     2009        Grzegorz Dymarek <gregd72002@googlemail.com>
-                    2016        Pacien TRAN-GIRARD <pacien@pacien.net>
+                    2016-2020   Pacien TRAN-GIRARD <pacien@pacien.net>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -21,6 +21,10 @@
 */
 
 #include "system.h"
+
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+
 #include "conf.h"
 #include "device.h"
 #include "ethernet.h"
@@ -29,23 +33,132 @@
 #include "route.h"
 #include "utils.h"
 
-static inline bool check_config(void) {
+struct unix_socket_addr {
+	size_t size;
+	struct sockaddr_un addr;
+};
+
+static int read_fd(int socket) {
+	char iobuf;
+	struct iovec iov = {0};
+	char cmsgbuf[CMSG_SPACE(sizeof(device_fd))];
+	struct msghdr msg = {0};
+	int ret;
+	struct cmsghdr *cmsgptr;
+
+	iov.iov_base = &iobuf;
+	iov.iov_len = 1;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_control = cmsgbuf;
+	msg.msg_controllen = sizeof(cmsgbuf);
+
+	if((ret = recvmsg(socket, &msg, 0)) < 1) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Could not read from unix socket (error %d)!", ret);
+		return -1;
+	}
+
+#ifdef IP_RECVERR
+
+	if(msg.msg_flags & (MSG_CTRUNC | MSG_OOB | MSG_ERRQUEUE)) {
+#else
+
+	if(msg.msg_flags & (MSG_CTRUNC | MSG_OOB)) {
+#endif
+		logger(DEBUG_ALWAYS, LOG_ERR, "Error while receiving message (flags %d)!", msg.msg_flags);
+		return -1;
+	}
+
+	cmsgptr = CMSG_FIRSTHDR(&msg);
+
+	if(cmsgptr->cmsg_level != SOL_SOCKET) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG level: %d, expected %d!",
+		       cmsgptr->cmsg_level, SOL_SOCKET);
+		return -1;
+	}
+
+	if(cmsgptr->cmsg_type != SCM_RIGHTS) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG type: %d, expected %d!",
+		       cmsgptr->cmsg_type, SCM_RIGHTS);
+		return -1;
+	}
+
+	if(cmsgptr->cmsg_len != CMSG_LEN(sizeof(device_fd))) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG data length: %lu, expected %lu!",
+		       (unsigned long)cmsgptr->cmsg_len, (unsigned long)CMSG_LEN(sizeof(device_fd)));
+		return -1;
+	}
+
+	return *(int *) CMSG_DATA(cmsgptr);
+}
+
+static int receive_fd(struct unix_socket_addr socket_addr) {
+	int socketfd;
+	int ret;
+	int result;
+
+	if((socketfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open stream socket (error %d)!", socketfd);
+		return -1;
+	}
+
+	if((ret = connect(socketfd, (struct sockaddr *) &socket_addr.addr, socket_addr.size)) < 0) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Could not connect to Unix socket (error %d)!", ret);
+		result = -1;
+		goto end;
+	}
+
+	result = read_fd(socketfd);
+
+end:
+	close(socketfd);
+	return result;
+}
+
+static struct unix_socket_addr parse_socket_addr(const char *path) {
+	struct sockaddr_un socket_addr;
+	size_t path_length;
+
+	if(strlen(path) >= sizeof(socket_addr.sun_path)) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Unix socket path too long!");
+		return (struct unix_socket_addr) {
+			0
+		};
+	}
+
+	socket_addr.sun_family = AF_UNIX;
+	strncpy(socket_addr.sun_path, path, sizeof(socket_addr.sun_path));
+
+	if(path[0] == '@') {
+		/* abstract namespace socket */
+		socket_addr.sun_path[0] = '\0';
+		path_length = strlen(path);
+	} else {
+		/* filesystem path with NUL terminator */
+		path_length = strlen(path) + 1;
+	}
+
+	return (struct unix_socket_addr) {
+		.size = offsetof(struct sockaddr_un, sun_path) + path_length,
+		.addr = socket_addr
+	};
+}
+
+static bool setup_device(void) {
 	if(routing_mode == RMODE_SWITCH) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Switch mode not supported (requires unsupported TAP device)!");
 		return false;
 	}
 
-	if(!get_config_int(lookup_config(config_tree, "Device"), &device_fd)) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Could not read fd from configuration!");
+	if(!get_config_string(lookup_config(config_tree, "Device"), &device)) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Could not read device from configuration!");
 		return false;
 	}
 
-	return true;
-}
-
-static bool setup_device(void) {
-	if(!check_config()) {
-		return false;
+	/* device is either directly a file descriptor or an unix socket to read it from */
+	if(sscanf(device, "%d", &device_fd) != 1) {
+		logger(DEBUG_ALWAYS, LOG_INFO, "Receiving fd from Unix socket at %s.", device);
+		device_fd = receive_fd(parse_socket_addr(device));
 	}
 
 	if(device_fd < 0) {
@@ -123,3 +236,4 @@ const devops_t fd_devops = {
 	.read = read_packet,
 	.write = write_packet,
 };
+#endif

src/fsck.c

@@ -1,6 +1,6 @@
 /*
     fsck.c -- Check the configuration files for problems
-    Copyright (C) 2014 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2014-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -254,7 +254,7 @@ int fsck(const char *argv0) {
 			return 1;
 		}
 
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
 
 		if(st.st_mode & 077) {
 			fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
@@ -303,7 +303,7 @@ int fsck(const char *argv0) {
 			return 1;
 		}
 
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
 
 		if(st.st_mode & 077) {
 			fprintf(stderr, "WARNING: unsafe file permissions on %s.\n", fname);
@@ -385,26 +385,38 @@ int fsck(const char *argv0) {
 				return 1;
 			}
 
-			char buf1[len], buf2[len], buf3[len];
-			randomize(buf1, sizeof(buf1));
+			char *buf1 = malloc(len);
+			char *buf2 = malloc(len);
+			char *buf3 = malloc(len);
+
+			randomize(buf1, len);
 			buf1[0] &= 0x7f;
-			memset(buf2, 0, sizeof(buf2));
-			memset(buf3, 0, sizeof(buf2));
+			memset(buf2, 0, len);
+			memset(buf3, 0, len);
+			bool result = false;
 
-			if(!rsa_public_encrypt(rsa_pub, buf1, sizeof(buf1), buf2)) {
-				fprintf(stderr, "ERROR: public RSA key does not work.\n");
-				return 1;
-			}
-
-			if(!rsa_private_decrypt(rsa_priv, buf2, sizeof(buf2), buf3)) {
-				fprintf(stderr, "ERROR: private RSA key does not work.\n");
-				return 1;
-			}
-
-			if(memcmp(buf1, buf3, sizeof(buf1))) {
+			if(rsa_public_encrypt(rsa_pub, buf1, len, buf2)) {
+				if(rsa_private_decrypt(rsa_priv, buf2, len, buf3)) {
+					if(memcmp(buf1, buf3, len)) {
+						result = true;
+					} else {
 						fprintf(stderr, "ERROR: public and private RSA keys do not match.\n");
+					}
+				} else {
+					fprintf(stderr, "ERROR: private RSA key does not work.\n");
+				}
+			} else {
+				fprintf(stderr, "ERROR: public RSA key does not work.\n");
+			}
+
+			free(buf3);
+			free(buf2);
+			free(buf1);
+
+			if(!result) {
 				return 1;
 			}
+
 		}
 	} else {
 		if(rsa_pub) {

src/have.h

@@ -4,7 +4,7 @@
 /*
     have.h -- include headers which are known to exist
     Copyright (C) 1998-2005 Ivo Timmermans
-                  2003-2016 Guus Sliepen <guus@tinc-vpn.org>
+                  2003-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -57,6 +57,10 @@
 
 /* Include system specific headers */
 
+#ifdef HAVE_STDDEF_H
+#include <stddef.h>
+#endif
+
 #ifdef HAVE_SYSLOG_H
 #include <syslog.h>
 #endif

src/ifconfig.c

@@ -1,6 +1,6 @@
 /*
     ifconfig.c -- Generate platform specific interface configuration commands
-    Copyright (C) 2016-2017 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2016-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -71,10 +71,12 @@ void ifconfig_dhcp(FILE *out) {
 }
 
 void ifconfig_dhcp6(FILE *out) {
+	(void)out;
 	fprintf(stderr, "DHCPv6 requested, but not supported by tinc on this platform\n");
 }
 
 void ifconfig_slaac(FILE *out) {
+	(void)out;
 	// It's the default?
 }
 
@@ -126,7 +128,7 @@ void ifconfig_address(FILE *out, const char *value) {
 		return;
 	}
 
-#elif defined(HAVE_MINGW) || defined(HAVE_CYGWIN)
+#elif defined(HAVE_MINGW)
 
 	switch(address.type) {
 	case SUBNET_MAC:
@@ -134,11 +136,11 @@ void ifconfig_address(FILE *out, const char *value) {
 		break;
 
 	case SUBNET_IPV4:
-		fprintf(out, "netsh inetface ipv4 set address \"$INTERFACE\" static %s\n", address_str);
+		fprintf(out, "netsh interface ipv4 set address \"%%INTERFACE%%\" static %s\n", address_str);
 		break;
 
 	case SUBNET_IPV6:
-		fprintf(out, "netsh inetface ipv6 set address \"$INTERFACE\" static %s\n", address_str);
+		fprintf(out, "netsh interface ipv6 set address \"%%INTERFACE%%\" %s\n", address_str);
 		break;
 
 	default:
@@ -199,11 +201,11 @@ void ifconfig_route(FILE *out, const char *value) {
 	if(*gateway_str) {
 		switch(subnet.type) {
 		case SUBNET_IPV4:
-			fprintf(out, "ip route add %s via %s dev \"$INTERFACE\"\n", subnet_str, gateway_str);
+			fprintf(out, "ip route add %s via %s dev \"$INTERFACE\" onlink\n", subnet_str, gateway_str);
 			break;
 
 		case SUBNET_IPV6:
-			fprintf(out, "ip route add %s via %s dev \"$INTERFACE\"\n", subnet_str, gateway_str);
+			fprintf(out, "ip route add %s via %s dev \"$INTERFACE\" onlink\n", subnet_str, gateway_str);
 			break;
 
 		default:
@@ -224,16 +226,16 @@ void ifconfig_route(FILE *out, const char *value) {
 		}
 	}
 
-#elif defined(HAVE_MINGW) || defined(HAVE_CYGWIN)
+#elif defined(HAVE_MINGW)
 
 	if(*gateway_str) {
 		switch(subnet.type) {
 		case SUBNET_IPV4:
-			fprintf(out, "netsh inetface ipv4 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
+			fprintf(out, "netsh interface ipv4 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
 			break;
 
 		case SUBNET_IPV6:
-			fprintf(out, "netsh inetface ipv6 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
+			fprintf(out, "netsh interface ipv6 add route %s \"%%INTERFACE%%\" %s\n", subnet_str, gateway_str);
 			break;
 
 		default:
@@ -242,11 +244,11 @@ void ifconfig_route(FILE *out, const char *value) {
 	} else {
 		switch(subnet.type) {
 		case SUBNET_IPV4:
-			fprintf(out, "netsh inetface ipv4 add route %s \"%%INTERFACE%%\"\n", subnet_str);
+			fprintf(out, "netsh interface ipv4 add route %s \"%%INTERFACE%%\"\n", subnet_str);
 			break;
 
 		case SUBNET_IPV6:
-			fprintf(out, "netsh inetface ipv6 add route %s \"%%INTERFACE%%\"\n", subnet_str);
+			fprintf(out, "netsh interface ipv6 add route %s \"%%INTERFACE%%\"\n", subnet_str);
 			break;
 
 		default:

src/invitation.c

@@ -836,9 +836,13 @@ make_names:
 			fprintf(stderr, "Ignoring unknown variable '%s' in invitation.\n", l);
 			continue;
 		} else if(!(variables[i].type & VAR_SAFE)) {
+			if(force) {
+				fprintf(stderr, "Warning: unsafe variable '%s' in invitation.\n", l);
+			} else {
 				fprintf(stderr, "Ignoring unsafe variable '%s' in invitation.\n", l);
 				continue;
 			}
+		}
 
 		// Copy the safe variable to the right config file
 		fprintf((variables[i].type & VAR_HOST) ? fh : f, "%s = %s\n", l, value);
@@ -983,7 +987,12 @@ ask_netname:
 
 	char filename2[PATH_MAX];
 	snprintf(filename, sizeof(filename), "%s" SLASH "tinc-up.invitation", confbase);
+
+#ifdef HAVE_MINGW
+	snprintf(filename2, sizeof(filename2), "%s" SLASH "tinc-up.bat", confbase);
+#else
 	snprintf(filename2, sizeof(filename2), "%s" SLASH "tinc-up", confbase);
+#endif
 
 	if(valid_tinc_up) {
 		if(tty) {
@@ -1013,10 +1022,14 @@ ask_netname:
 					char *command;
 #ifndef HAVE_MINGW
 					const char *editor = getenv("VISUAL");
-					if (!editor)
+
+					if(!editor) {
 						editor = getenv("EDITOR");
-					if (!editor)
+					}
+
+					if(!editor) {
 						editor = "vi";
+					}
 
 					xasprintf(&command, "\"%s\" \"%s\"", editor, filename);
 #else

src/ipv4.h

@@ -81,7 +81,7 @@ struct ip {
 	uint8_t ip_p;
 	uint16_t ip_sum;
 	struct in_addr ip_src, ip_dst;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #endif
 
 #ifndef IP_OFFMASK
@@ -143,7 +143,7 @@ struct icmp {
 #define icmp_radv icmp_dun.id_radv
 #define icmp_mask icmp_dun.id_mask
 #define icmp_data icmp_dun.id_data
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #endif
 
 #endif

src/ipv6.h

@@ -49,7 +49,7 @@ struct ip6_hdr {
 	} ip6_ctlun;
 	struct in6_addr ip6_src;
 	struct in6_addr ip6_dst;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #define ip6_vfc ip6_ctlun.ip6_un2_vfc
 #define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow
 #define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen
@@ -68,7 +68,7 @@ struct icmp6_hdr {
 		uint16_t icmp6_un_data16[2];
 		uint8_t icmp6_un_data8[4];
 	} icmp6_dataun;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #define ICMP6_DST_UNREACH_NOROUTE 0
 #define ICMP6_DST_UNREACH 1
 #define ICMP6_PACKET_TOO_BIG 2
@@ -88,7 +88,7 @@ struct icmp6_hdr {
 struct nd_neighbor_solicit {
 	struct icmp6_hdr nd_ns_hdr;
 	struct in6_addr nd_ns_target;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #define ND_OPT_SOURCE_LINKADDR 1
 #define ND_OPT_TARGET_LINKADDR 2
 #define nd_ns_type nd_ns_hdr.icmp6_type
@@ -101,7 +101,7 @@ struct nd_neighbor_solicit {
 struct nd_opt_hdr {
 	uint8_t nd_opt_type;
 	uint8_t nd_opt_len;
-} __attribute__((__gcc_struct__, __packed__));
+} __attribute__((__gcc_struct__)) __attribute((__packed__));
 #endif
 
 #endif

src/meta.c

@@ -1,6 +1,6 @@
 /*
     meta.c -- handle the meta communication
-    Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2018 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
                   2006      Scott Lamb <slamb@slamb.org>
 
@@ -31,7 +31,9 @@
 #include "xalloc.h"
 
 #ifndef MIN
-#define MIN(x, y) (((x)<(y))?(x):(y))
+static ssize_t MIN(ssize_t x, ssize_t y) {
+	return x < y ? x : y;
+}
 #endif
 
 bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) {

src/mingw/device.c

@@ -1,7 +1,7 @@
 /*
     device.c -- Interaction with Windows tap driver in a MinGW environment
     Copyright (C) 2002-2005 Ivo Timmermans,
-                  2002-2014 Guus Sliepen <guus@tinc-vpn.org>
+                  2002-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -71,6 +71,9 @@ static void device_issue_read() {
 }
 
 static void device_handle_read(void *data, int flags) {
+	(void)data;
+	(void)flags;
+
 	DWORD len;
 
 	if(!GetOverlappedResult(device_handle, &device_read_overlapped, &len, FALSE)) {
@@ -300,6 +303,7 @@ static void close_device(void) {
 }
 
 static bool read_packet(vpn_packet_t *packet) {
+	(void)packet;
 	return false;
 }
 

src/names.c

@@ -1,7 +1,7 @@
 /*
     names.c -- generate commonly used (file)names
     Copyright (C) 1998-2005 Ivo Timmermans
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -93,6 +93,7 @@ void make_names(bool daemon) {
 	}
 
 #ifdef HAVE_MINGW
+	(void)daemon;
 
 	if(!logfilename) {
 		xasprintf(&logfilename, "%s" SLASH "log", confbase);

src/net.c

@@ -1,7 +1,7 @@
 /*
     net.c -- most of the network code
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2021 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2011      Loïc Grenié <loic.grenie@gmail.com>
 
@@ -404,10 +404,7 @@ int reload_configuration(void) {
 		while(cfg) {
 			subnet_t *subnet, *s2;
 
-			if(!get_config_subnet(cfg, &subnet)) {
-				continue;
-			}
-
+			if(get_config_subnet(cfg, &subnet)) {
 				if((s2 = lookup_subnet(myself, subnet))) {
 					if(s2->expires == 1) {
 						s2->expires = 0;
@@ -419,6 +416,7 @@ int reload_configuration(void) {
 					send_add_subnet(everyone, subnet);
 					subnet_update(myself, subnet, true);
 				}
+			}
 
 			cfg = lookup_config_next(config_tree, cfg);
 		}

src/net.h

@@ -121,7 +121,6 @@ typedef struct listen_socket_t {
 typedef struct outgoing_t {
 	struct node_t *node;
 	int timeout;
-	struct address_cache_t *address_cache;
 	timeout_t ev;
 } outgoing_t;
 

src/net_packet.c

@@ -1,7 +1,7 @@
 /*
     net_packet.c -- Handles in- and outgoing VPN packets
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2021 Guus Sliepen <guus@tinc-vpn.org>
                   2010      Timothy Redaelli <timothy@redaelli.eu>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -152,11 +152,12 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
 		len = ntohs(len16);
 	}
 
-	if(n->udp_ping_sent.tv_sec != 0) {  // a probe in flight
+	if(n->status.ping_sent) {  // a probe in flight
 		gettimeofday(&now, NULL);
 		struct timeval rtt;
 		timersub(&now, &n->udp_ping_sent, &rtt);
 		n->udp_ping_rtt = rtt.tv_sec * 1000000 + rtt.tv_usec;
+		n->status.ping_sent = false;
 		logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s) rtt=%d.%03d", DATA(packet)[0], len, n->name, n->hostname, n->udp_ping_rtt / 1000, n->udp_ping_rtt % 1000);
 	} else {
 		logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s)", DATA(packet)[0], len, n->name, n->hostname);
@@ -175,8 +176,7 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
 		reset_address_cache(n->address_cache, &n->address);
 	}
 
-	// Reset the UDP ping timer. (no probe in flight)
-	n->udp_ping_sent.tv_sec = 0;
+	// Reset the UDP ping timer.
 
 	if(udp_discovery) {
 		timeout_del(&n->udp_ping_timeout);
@@ -314,13 +314,6 @@ static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
 }
 
 static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
-	vpn_packet_t pkt1, pkt2;
-	vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
-	int nextpkt = 0;
-	size_t outlen;
-	pkt1.offset = DEFAULT_PACKET_OFFSET;
-	pkt2.offset = DEFAULT_PACKET_OFFSET;
-
 	if(n->status.sptps) {
 		if(!n->sptps.state) {
 			if(!n->status.waitingforkey) {
@@ -356,6 +349,12 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 #ifdef DISABLE_LEGACY
 	return false;
 #else
+	vpn_packet_t pkt1, pkt2;
+	vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
+	int nextpkt = 0;
+	size_t outlen;
+	pkt1.offset = DEFAULT_PACKET_OFFSET;
+	pkt2.offset = DEFAULT_PACKET_OFFSET;
 
 	if(!n->status.validkey_in) {
 		logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
@@ -546,7 +545,10 @@ bool receive_tcppacket_sptps(connection_t *c, const char *data, size_t len) {
 	/* If we're not the final recipient, relay the packet. */
 
 	if(to != myself) {
+		if(to->status.validkey) {
 			send_sptps_data(to, from, 0, data, len);
+		}
+
 		try_tx(to, true);
 		return true;
 	}
@@ -699,18 +701,6 @@ static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *so
 }
 
 static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
-	vpn_packet_t pkt1, pkt2;
-	vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
-	vpn_packet_t *inpkt = origpkt;
-	int nextpkt = 0;
-	vpn_packet_t *outpkt;
-	int origlen = origpkt->len;
-	size_t outlen;
-	int origpriority = origpkt->priority;
-
-	pkt1.offset = DEFAULT_PACKET_OFFSET;
-	pkt2.offset = DEFAULT_PACKET_OFFSET;
-
 	if(!n->status.reachable) {
 		logger(DEBUG_TRAFFIC, LOG_INFO, "Trying to send UDP packet to unreachable node %s (%s)", n->name, n->hostname);
 		return;
@@ -724,6 +714,18 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
 #ifdef DISABLE_LEGACY
 	return;
 #else
+	vpn_packet_t pkt1, pkt2;
+	vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 };
+	vpn_packet_t *inpkt = origpkt;
+	int nextpkt = 0;
+	vpn_packet_t *outpkt;
+	int origlen = origpkt->len;
+	size_t outlen;
+	int origpriority = origpkt->priority;
+
+	pkt1.offset = DEFAULT_PACKET_OFFSET;
+	pkt2.offset = DEFAULT_PACKET_OFFSET;
+
 	/* Make sure we have a valid key */
 
 	if(!n->status.validkey) {
@@ -1133,6 +1135,7 @@ static void try_udp(node_t *n) {
 	if(ping_tx_elapsed.tv_sec >= interval) {
 		gettimeofday(&now, NULL);
 		n->udp_ping_sent = now; // a probe in flight
+		n->status.ping_sent = true;
 		send_udp_probe_packet(n, MIN_PROBE_SIZE);
 
 		if(localdiscovery && !n->status.udp_confirmed && n->prevedge) {
@@ -1229,9 +1232,8 @@ static length_t choose_initial_maxmtu(node_t *n) {
 	return mtu;
 
 #else
-
+	(void)n;
 	return MTU;
-
 #endif
 }
 
@@ -1776,13 +1778,13 @@ void handle_incoming_vpn_data(void *data, int flags) {
 
 #else
 	vpn_packet_t pkt;
-	sockaddr_t addr = {};
+	sockaddr_t addr = {0};
 	socklen_t addrlen = sizeof(addr);
 
 	pkt.offset = 0;
 	int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen);
 
-	if(len <= 0 || len > MAXSIZE) {
+	if(len <= 0 || (size_t)len > MAXSIZE) {
 		if(!sockwouldblock(sockerrno)) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno));
 		}

src/net_setup.c

@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2021 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -215,14 +215,14 @@ static bool read_ecdsa_private_key(void) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno));
 
 		if(errno == ENOENT) {
-			logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 keypair with `tinc -n %s generate-ed25519-keys'.", netname ? netname : ".");
+			logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 key pair with `tinc -n %s generate-ed25519-keys'.", netname ? netname : ".");
 		}
 
 		free(fname);
 		return false;
 	}
 
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
 	struct stat s;
 
 	if(fstat(fileno(fp), &s)) {
@@ -307,14 +307,14 @@ static bool read_rsa_private_key(void) {
 		       fname, strerror(errno));
 
 		if(errno == ENOENT) {
-			logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA keypair with `tinc -n %s generate-rsa-keys'.", netname ? netname : ".");
+			logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA key pair with `tinc -n %s generate-rsa-keys'.", netname ? netname : ".");
 		}
 
 		free(fname);
 		return false;
 	}
 
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
 	struct stat s;
 
 	if(fstat(fileno(fp), &s)) {
@@ -341,6 +341,7 @@ static bool read_rsa_private_key(void) {
 }
 #endif
 
+#ifndef DISABLE_LEGACY
 static timeout_t keyexpire_timeout;
 
 static void keyexpire_handler(void *data) {
@@ -349,6 +350,7 @@ static void keyexpire_handler(void *data) {
 		keylifetime, rand() % 100000
 	});
 }
+#endif
 
 void regenerate_key(void) {
 	logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
@@ -822,7 +824,7 @@ void device_disable(void) {
   Configure node_t myself and set up the local sockets (listen only)
 */
 static bool setup_myself(void) {
-	char *name, *hostname, *cipher, *digest, *type;
+	char *name, *hostname, *type;
 	char *address = NULL;
 	bool port_specified = false;
 
@@ -967,6 +969,8 @@ static bool setup_myself(void) {
 #ifndef DISABLE_LEGACY
 	/* Generate packet encryption key */
 
+	char *cipher;
+
 	if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
 		cipher = xstrdup("aes-256-cbc");
 	}
@@ -995,6 +999,8 @@ static bool setup_myself(void) {
 		return false;
 	}
 
+	char *digest;
+
 	if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) {
 		digest = xstrdup("sha256");
 	}
@@ -1047,10 +1053,14 @@ static bool setup_myself(void) {
 			devops = raw_socket_devops;
 		} else if(!strcasecmp(type, "multicast")) {
 			devops = multicast_devops;
-		} else if(!strcasecmp(type, "fd")) {
+		}
+
+#ifdef HAVE_SYS_UN_H
+		else if(!strcasecmp(type, "fd")) {
 			devops = fd_devops;
 		}
 
+#endif
 #ifdef ENABLE_UML
 		else if(!strcasecmp(type, "uml")) {
 			devops = uml_devops;

src/net_socket.c

@@ -1,7 +1,7 @@
 /*
     net_socket.c -- Handle various kinds of sockets.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2009      Florian Forster <octo@verplant.org>
 
@@ -122,6 +122,7 @@ static bool bind_to_interface(int sd) {
 	}
 
 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
+	(void)sd;
 	logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
 #endif
 
@@ -387,7 +388,7 @@ void finish_connecting(connection_t *c) {
 	send_id(c);
 }
 
-static void do_outgoing_pipe(connection_t *c, char *command) {
+static void do_outgoing_pipe(connection_t *c, const char *command) {
 #ifndef HAVE_MINGW
 	int fd[2];
 
@@ -435,6 +436,8 @@ static void do_outgoing_pipe(connection_t *c, char *command) {
 
 	exit(result);
 #else
+	(void)c;
+	(void)command;
 	logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
 	return;
 #endif
@@ -524,7 +527,7 @@ bool do_outgoing_connection(outgoing_t *outgoing) {
 	int result;
 
 begin:
-	sa = get_recent_address(outgoing->address_cache);
+	sa = get_recent_address(outgoing->node->address_cache);
 
 	if(!sa) {
 		logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
@@ -629,6 +632,10 @@ void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
 
 	node_t *n = outgoing->node;
 
+	if(!n->address_cache) {
+		n->address_cache = open_address_cache(n);
+	}
+
 	if(n->connection) {
 		logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
 
@@ -640,10 +647,6 @@ void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
 		}
 	}
 
-	if(!outgoing->address_cache) {
-		outgoing->address_cache = open_address_cache(n);
-	}
-
 	do_outgoing_connection(outgoing);
 	return;
 
@@ -784,11 +787,6 @@ void handle_new_unix_connection(void *data, int flags) {
 
 static void free_outgoing(outgoing_t *outgoing) {
 	timeout_del(&outgoing->ev);
-
-	if(outgoing->address_cache) {
-		close_address_cache(outgoing->address_cache);
-	}
-
 	free(outgoing);
 }
 

src/node.h

@@ -41,7 +41,8 @@ typedef struct node_status_t {
 	unsigned int udppacket: 1;              /* 1 if the most recently received packet was UDP */
 	unsigned int validkey_in: 1;            /* 1 if we have sent a valid key to him */
 	unsigned int has_address: 1;            /* 1 if we know an external address for this node */
-	unsigned int unused: 20;
+	unsigned int ping_sent: 1;              /* 1 if we sent a UDP probe but haven't received the reply yet */
+	unsigned int unused: 19;
 } node_status_t;
 
 typedef struct node_t {

src/nolegacy/crypto.c

@@ -1,6 +1,6 @@
 /*
     crypto.c -- Cryptographic miscellaneous functions and initialisation
-    Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -42,12 +42,14 @@ static void random_exit(void) {
 	close(random_fd);
 }
 
-void randomize(void *out, size_t outlen) {
+void randomize(void *vout, size_t outlen) {
+	char *out = vout;
+
 	while(outlen) {
-		size_t len = read(random_fd, out, outlen);
+		ssize_t len = read(random_fd, out, outlen);
 
 		if(len <= 0) {
-			if(errno == EAGAIN || errno == EINTR) {
+			if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
 				continue;
 			}
 

src/openssl/cipher.c

@@ -189,7 +189,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 	} else {
 		int len;
 
-		if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
+		if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
 			if(outlen) {
 				*outlen = len;
 			}

src/openssl/crypto.c

@@ -1,6 +1,6 @@
 /*
     crypto.c -- Cryptographic miscellaneous functions and initialisation
-    Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -50,10 +50,10 @@ void randomize(void *vout, size_t outlen) {
 	char *out = vout;
 
 	while(outlen) {
-		size_t len = read(random_fd, out, outlen);
+		ssize_t len = read(random_fd, out, outlen);
 
 		if(len <= 0) {
-			if(errno == EAGAIN || errno == EINTR) {
+			if(len == -1 && (errno == EAGAIN || errno == EINTR)) {
 				continue;
 			}
 
@@ -96,9 +96,10 @@ void crypto_init(void) {
 
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
-
+#if OPENSSL_API_COMPAT < 0x10100000L
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
+#endif
 
 	if(!RAND_status()) {
 		fprintf(stderr, "Not enough entropy for the PRNG!\n");
@@ -107,8 +108,10 @@ void crypto_init(void) {
 }
 
 void crypto_exit(void) {
+#if OPENSSL_API_COMPAT < 0x10100000L
 	EVP_cleanup();
 	ERR_free_strings();
 	ENGINE_cleanup();
+#endif
 	random_exit();
 }

src/openssl/rsa.c

@@ -1,6 +1,6 @@
 /*
     rsa.c -- RSA key handling
-    Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -21,6 +21,7 @@
 
 #include <openssl/pem.h>
 #include <openssl/err.h>
+#include <openssl/rsa.h>
 
 #define TINC_RSA_INTERNAL
 typedef RSA rsa_t;

src/process.c

@@ -1,7 +1,7 @@
 /*
     process.c -- process management functions
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -115,7 +115,11 @@ static bool install_service(void) {
 
 io_t stop_io;
 
-DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) {
+DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID data, LPVOID context) {
+	(void)type;
+	(void)data;
+	(void)context;
+
 	switch(request) {
 	case SERVICE_CONTROL_INTERROGATE:
 		SetServiceStatus(statushandle, &status);

src/protocol_auth.c

@@ -284,13 +284,16 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
 	}
 
 	// Read the new node's Name from the file
-	char buf[1024];
+	char buf[1024] = "";
 	fgets(buf, sizeof(buf), f);
+	size_t buflen = strlen(buf);
 
-	if(*buf) {
-		buf[strlen(buf) - 1] = 0;
+	// Strip whitespace at the end
+	while(buflen && strchr(" \t\r\n", buf[buflen - 1])) {
+		buf[--buflen] = 0;
 	}
 
+	// Split the first line into variable and value
 	len = strcspn(buf, " \t=");
 	char *name = buf + len;
 	name += strspn(name, " \t");
@@ -302,6 +305,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
 
 	buf[len] = 0;
 
+	// Check that it is a valid Name
 	if(!*buf || !*name || strcasecmp(buf, "Name") || !check_id(name) || !strcmp(name, myself->name)) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Invalid invitation file %s\n", cookie);
 		fclose(f);
@@ -486,11 +490,8 @@ bool id_h(connection_t *c, const char *request) {
 	}
 }
 
+#ifndef DISABLE_LEGACY
 bool send_metakey(connection_t *c) {
-#ifdef DISABLE_LEGACY
-	return false;
-#else
-
 	if(!myself->connection->rsa) {
 		logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
 		return false;
@@ -580,14 +581,9 @@ bool send_metakey(connection_t *c) {
 
 	c->status.encryptout = true;
 	return result;
-#endif
 }
 
 bool metakey_h(connection_t *c, const char *request) {
-#ifdef DISABLE_LEGACY
-	return false;
-#else
-
 	if(!myself->connection->rsa) {
 		return false;
 	}
@@ -655,13 +651,9 @@ bool metakey_h(connection_t *c, const char *request) {
 	c->allow_request = CHALLENGE;
 
 	return send_challenge(c);
-#endif
 }
 
 bool send_challenge(connection_t *c) {
-#ifdef DISABLE_LEGACY
-	return false;
-#else
 	const size_t len = rsa_size(c->rsa);
 	char buffer[len * 2 + 1];
 
@@ -678,14 +670,9 @@ bool send_challenge(connection_t *c) {
 	/* Send the challenge */
 
 	return send_request(c, "%d %s", CHALLENGE, buffer);
-#endif
 }
 
 bool challenge_h(connection_t *c, const char *request) {
-#ifdef DISABLE_LEGACY
-	return false;
-#else
-
 	if(!myself->connection->rsa) {
 		return false;
 	}
@@ -720,8 +707,6 @@ bool challenge_h(connection_t *c, const char *request) {
 	} else {
 		return true;
 	}
-
-#endif
 }
 
 bool send_chal_reply(connection_t *c) {
@@ -748,9 +733,6 @@ bool send_chal_reply(connection_t *c) {
 }
 
 bool chal_reply_h(connection_t *c, const char *request) {
-#ifdef DISABLE_LEGACY
-	return false;
-#else
 	char hishash[MAX_STRING_SIZE];
 
 	if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
@@ -791,13 +773,9 @@ bool chal_reply_h(connection_t *c, const char *request) {
 	}
 
 	return send_ack(c);
-#endif
 }
 
 static bool send_upgrade(connection_t *c) {
-#ifdef DISABLE_LEGACY
-	return false;
-#else
 	/* Special case when protocol_minor is 1: the other end is Ed25519 capable,
 	 * but doesn't know our key yet. So send it now. */
 
@@ -810,8 +788,46 @@ static bool send_upgrade(connection_t *c) {
 	bool result = send_request(c, "%d %s", ACK, pubkey);
 	free(pubkey);
 	return result;
-#endif
 }
+#else
+bool send_metakey(connection_t *c) {
+	(void)c;
+	return false;
+}
+
+bool metakey_h(connection_t *c, const char *request) {
+	(void)c;
+	(void)request;
+	return false;
+}
+
+bool send_challenge(connection_t *c) {
+	(void)c;
+	return false;
+}
+
+bool challenge_h(connection_t *c, const char *request) {
+	(void)c;
+	(void)request;
+	return false;
+}
+
+bool send_chal_reply(connection_t *c) {
+	(void)c;
+	return false;
+}
+
+bool chal_reply_h(connection_t *c, const char *request) {
+	(void)c;
+	(void)request;
+	return false;
+}
+
+static bool send_upgrade(connection_t *c) {
+	(void)c;
+	return false;
+}
+#endif
 
 bool send_ack(connection_t *c) {
 	if(c->protocol_minor == 1) {

src/protocol_key.c

@@ -34,7 +34,9 @@
 #include "utils.h"
 #include "xalloc.h"
 
+#ifndef DISABLE_LEGACY
 static bool mykeyused = false;
+#endif
 
 void send_key_changed(void) {
 #ifndef DISABLE_LEGACY

src/protocol_misc.c

@@ -71,9 +71,9 @@ bool pong_h(connection_t *c, const char *request) {
 
 	/* Successful connection, reset timeout if this is an outgoing connection. */
 
-	if(c->outgoing) {
+	if(c->outgoing && c->outgoing->timeout) {
 		c->outgoing->timeout = 0;
-		reset_address_cache(c->outgoing->address_cache, &c->address);
+		reset_address_cache(c->outgoing->node->address_cache, &c->address);
 	}
 
 	return true;

src/route.c

@@ -1,7 +1,7 @@
 /*
     route.c -- routing
     Copyright (C) 2000-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -59,33 +59,30 @@ static const size_t opt_size = sizeof(struct nd_opt_hdr);
 #define MAX(a, b) ((a) > (b) ? (a) : (b))
 #endif
 
-volatile int dummy;
 static timeout_t age_subnets_timeout;
 
 /* RFC 1071 */
 
-static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) {
-	uint16_t *p = data;
+static uint16_t inet_checksum(void *vdata, int len, uint16_t prevsum) {
+	uint8_t *data = vdata;
+	uint16_t word;
 	uint32_t checksum = prevsum ^ 0xFFFF;
 
 	while(len >= 2) {
-		checksum += *p++;
+		memcpy(&word, data, sizeof(word));
+		checksum += word;
+		data += 2;
 		len -= 2;
 	}
 
 	if(len) {
-		checksum += *(uint8_t *)p;
+		checksum += *data;
 	}
 
 	while(checksum >> 16) {
 		checksum = (checksum & 0xFFFF) + (checksum >> 16);
 	}
 
-	// Work around a compiler optimization bug.
-	if(checksum) {
-		dummy = 1;
-	}
-
 	return ~checksum;
 }
 
@@ -165,7 +162,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, length_
 				addr.sin_family = AF_INET;
 				socklen_t addrlen = sizeof(addr);
 
-				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
+				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && (size_t)addrlen <= sizeof(addr)) {
 					ip_dst = addr.sin_addr;
 				}
 			}
@@ -270,7 +267,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, length_
 				addr.sin6_family = AF_INET6;
 				socklen_t addrlen = sizeof(addr);
 
-				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && addrlen <= sizeof(addr)) {
+				if(!getsockname(sockfd, (struct sockaddr *) &addr, &addrlen) && (size_t)addrlen <= sizeof(addr)) {
 					pseudo.ip6_src = addr.sin6_addr;
 				}
 			}
@@ -598,7 +595,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et
 	logger(DEBUG_TRAFFIC, LOG_INFO, "Fragmenting packet of %d bytes to %s (%s)", packet->len, dest->name, dest->hostname);
 
 	offset = DATA(packet) + ether_size + ip_size;
-	maxlen = (dest->mtu - ether_size - ip_size) & ~0x7;
+	maxlen = (MAX(dest->mtu, 590) - ether_size - ip_size) & ~0x7;
 	ip_off = ntohs(ip.ip_off);
 	origf = ip_off & ~IP_OFFMASK;
 	ip_off &= IP_OFFMASK;

src/script.c

@@ -1,7 +1,7 @@
 /*
     script.c -- call an external script
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -50,7 +50,7 @@ static void unputenv(const char *p) {
 #else
 	// We must keep what we putenv() around in memory.
 	// To do this without memory leaks, keep things in a list and reuse if possible.
-	static list_t list = {};
+	static list_t list = {0};
 
 	for list_each(char, data, &list) {
 		if(!strcmp(data, var)) {
@@ -142,7 +142,12 @@ bool execute_script(const char *name, environment_t *env) {
 #ifdef HAVE_MINGW
 
 	if(!*scriptextension) {
-		const char *pathext = getenv("PATHEXT") ? : ".COM;.EXE;.BAT;.CMD";
+		const char *pathext = getenv("PATHEXT");
+
+		if(!pathext) {
+			pathext = ".COM;.EXE;.BAT;.CMD";
+		}
+
 		size_t pathlen = strlen(pathext);
 		size_t scriptlen = strlen(scriptname);
 		char fullname[scriptlen + pathlen + 1];

src/sptps_test.c

@@ -78,6 +78,7 @@ static bool send_data(void *handle, uint8_t type, const void *data, size_t len)
 
 static bool receive_record(void *handle, uint8_t type, const void *data, uint16_t len) {
 	(void)handle;
+
 	if(verbose) {
 		fprintf(stderr, "Received type %d record of %u bytes:\n", type, len);
 	}
@@ -369,6 +370,7 @@ int main(int argc, char *argv[]) {
 		}
 
 		char buf[65535] = "";
+		size_t readsize = datagram ? 1460u : sizeof(buf);
 
 		fd_set fds;
 		FD_ZERO(&fds);
@@ -386,7 +388,7 @@ int main(int argc, char *argv[]) {
 		}
 
 		if(FD_ISSET(in, &fds)) {
-			ssize_t len = read(in, buf, sizeof(buf));
+			ssize_t len = read(in, buf, readsize);
 
 			if(len < 0) {
 				fprintf(stderr, "Could not read from stdin: %s\n", strerror(errno));

src/subnet.h

@@ -3,7 +3,7 @@
 
 /*
     subnet.h -- header for subnet.c
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2021 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
 
     This program is free software; you can redistribute it and/or modify
@@ -78,6 +78,7 @@ extern void subnet_update(struct node_t *owner, subnet_t *subnet, bool up);
 extern int maskcmp(const void *a, const void *b, int masklen);
 extern void maskcpy(void *dest, const void *src, int masklen, int len);
 extern void mask(void *mask, int masklen, int len);
+extern bool subnetcheck(const subnet_t subnet);
 extern bool maskcheck(const void *mask, int masklen, int len);
 extern bool net2str(char *netstr, int len, const subnet_t *subnet);
 extern bool str2net(subnet_t *subnet, const char *netstr);

src/subnet_parse.c

@@ -1,6 +1,6 @@
 /*
     subnet_parse.c -- handle subnet parsing
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2021 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
 
     This program is free software; you can redistribute it and/or modify
@@ -87,6 +87,17 @@ void maskcpy(void *va, const void *vb, int masklen, int len) {
 	}
 }
 
+bool subnetcheck(const subnet_t subnet) {
+	if(((subnet.type == SUBNET_IPV4)
+	                && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(subnet.net.ipv4.address)))
+	                || ((subnet.type == SUBNET_IPV6)
+	                    && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(subnet.net.ipv6.address)))) {
+		return false;
+	}
+
+	return true;
+}
+
 bool maskcheck(const void *va, int masklen, int len) {
 	int i;
 	const char *a = va;

src/tincctl.c

@@ -1,6 +1,6 @@
 /*
     tincctl.c -- Controlling a running tincd
-    Copyright (C) 2007-2018 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -40,6 +40,7 @@
 #include "tincctl.h"
 #include "top.h"
 #include "version.h"
+#include "subnet.h"
 
 #ifndef MSG_NOSIGNAL
 #define MSG_NOSIGNAL 0
@@ -125,12 +126,12 @@ static void usage(bool status) {
 		       "  reload                     Partially reload configuration of running tincd.\n"
 		       "  pid                        Show PID of currently running tincd.\n"
 #ifdef DISABLE_LEGACY
-		       "  generate-keys              Generate a new Ed25519 public/private keypair.\n"
+		       "  generate-keys              Generate a new Ed25519 public/private key pair.\n"
 #else
-		       "  generate-keys [bits]       Generate new RSA and Ed25519 public/private keypairs.\n"
-		       "  generate-rsa-keys [bits]   Generate a new RSA public/private keypair.\n"
+		       "  generate-keys [bits]       Generate new RSA and Ed25519 public/private key pairs.\n"
+		       "  generate-rsa-keys [bits]   Generate a new RSA public/private key pair.\n"
 #endif
-		       "  generate-ed25519-keys      Generate a new Ed25519 public/private keypair.\n"
+		       "  generate-ed25519-keys      Generate a new Ed25519 public/private key pair.\n"
 		       "  dump                       Dump a list of one of the following things:\n"
 		       "    [reachable] nodes        - all known nodes in the VPN\n"
 		       "    edges                    - all known connections in the VPN\n"
@@ -237,7 +238,7 @@ static bool parse_options(int argc, char **argv) {
 FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
 	mode_t mask = umask(0);
 	perms &= ~mask;
-	umask(~perms);
+	umask(~perms & 0777);
 	FILE *f = fopen(filename, mode);
 
 	if(!f) {
@@ -262,19 +263,21 @@ static void disable_old_keys(const char *filename, const char *what) {
 	bool disabled = false;
 	bool block = false;
 	bool error = false;
-	FILE *r, *w;
 
-	r = fopen(filename, "r");
+	FILE *r = fopen(filename, "r");
+	FILE *w = NULL;
 
 	if(!r) {
 		return;
 	}
 
-	snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
+	int result = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
 
+	if(result < sizeof(tmpfile)) {
 		struct stat st = {.st_mode = 0600};
 		fstat(fileno(r), &st);
 		w = fopenmask(tmpfile, "w", st.st_mode);
+	}
 
 	while(fgets(buf, sizeof(buf), r)) {
 		if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
@@ -416,7 +419,7 @@ ask_filename:
 }
 
 /*
-  Generate a public/private Ed25519 keypair, and ask for a file to store
+  Generate a public/private Ed25519 key pair, and ask for a file to store
   them in.
 */
 static bool ed25519_keygen(bool ask) {
@@ -424,7 +427,7 @@ static bool ed25519_keygen(bool ask) {
 	FILE *f;
 	char fname[PATH_MAX];
 
-	fprintf(stderr, "Generating Ed25519 keypair:\n");
+	fprintf(stderr, "Generating Ed25519 key pair:\n");
 
 	if(!(key = ecdsa_generate())) {
 		fprintf(stderr, "Error during key generation!\n");
@@ -480,7 +483,7 @@ error:
 
 #ifndef DISABLE_LEGACY
 /*
-  Generate a public/private RSA keypair, and ask for a file to store
+  Generate a public/private RSA key pair, and ask for a file to store
   them in.
 */
 static bool rsa_keygen(int bits, bool ask) {
@@ -725,6 +728,24 @@ static void logcontrol(int fd, FILE *out, int level) {
 	}
 }
 
+static bool stop_tincd(void) {
+	if(!connect_tincd(true)) {
+		return false;
+	}
+
+	sendline(fd, "%d %d", CONTROL, REQ_STOP);
+
+	while(recvline(fd, line, sizeof(line))) {
+		// wait for tincd to close the connection...
+	}
+
+	close(fd);
+	pid = 0;
+	fd = -1;
+
+	return true;
+}
+
 #ifdef HAVE_MINGW
 static bool remove_service(void) {
 	SC_HANDLE manager = NULL;
@@ -742,7 +763,12 @@ static bool remove_service(void) {
 	service = OpenService(manager, identname, SERVICE_ALL_ACCESS);
 
 	if(!service) {
+		if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST) {
+			success = stop_tincd();
+		} else {
 			fprintf(stderr, "Could not open %s service: %s\n", identname, winerror(GetLastError()));
+		}
+
 		goto exit;
 	}
 
@@ -883,7 +909,6 @@ bool connect_tincd(bool verbose) {
 		return false;
 	}
 
-#ifdef HAVE_MINGW
 	unsigned long arg = 0;
 
 	if(ioctlsocket(fd, FIONBIO, &arg) != 0) {
@@ -892,8 +917,6 @@ bool connect_tincd(bool verbose) {
 		}
 	}
 
-#endif
-
 	if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
 		if(verbose) {
 			fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno));
@@ -1083,9 +1106,11 @@ static int cmd_stop(int argc, char *argv[]) {
 		return 1;
 	}
 
-#ifndef HAVE_MINGW
+#ifdef HAVE_MINGW
+	return remove_service();
+#else
 
-	if(!connect_tincd(true)) {
+	if(!stop_tincd()) {
 		if(pid) {
 			if(kill(pid, SIGTERM)) {
 				fprintf(stderr, "Could not send TERM signal to process with PID %d: %s\n", pid, strerror(errno));
@@ -1100,24 +1125,8 @@ static int cmd_stop(int argc, char *argv[]) {
 		return 1;
 	}
 
-	sendline(fd, "%d %d", CONTROL, REQ_STOP);
-
-	while(recvline(fd, line, sizeof(line))) {
-		// Wait for tincd to close the connection...
-	}
-
-#else
-
-	if(!remove_service()) {
-		return 1;
-	}
-
-#endif
-	close(fd);
-	pid = 0;
-	fd = -1;
-
 	return 0;
+#endif
 }
 
 static int cmd_restart(int argc, char *argv[]) {
@@ -1346,7 +1355,7 @@ static int cmd_dump(int argc, char *argv[]) {
 					color = "green";
 				}
 
-				printf(" %s [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\"");
+				printf(" \"%s\" [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\"");
 			} else {
 				if(only_reachable && !status.reachable) {
 					continue;
@@ -1376,9 +1385,9 @@ static int cmd_dump(int argc, char *argv[]) {
 				float w = 1 + 65536.0 / weight;
 
 				if(do_graph == 1 && strcmp(node1, node2) > 0) {
-					printf(" %s -- %s [w = %f, weight = %f];\n", node1, node2, w, w);
+					printf(" \"%s\" -- \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w);
 				} else if(do_graph == 2) {
-					printf(" %s -> %s [w = %f, weight = %f];\n", node1, node2, w, w);
+					printf(" \"%s\" -> \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w);
 				}
 			} else {
 				printf("%s to %s at %s port %s local %s port %s options %x weight %d\n", from, to, host, port, local_host, local_port, options, weight);
@@ -1717,18 +1726,18 @@ ecdsa_t *get_pubkey(FILE *f) {
 
 const var_t variables[] = {
 	/* Server configuration */
-	{"AddressFamily", VAR_SERVER},
+	{"AddressFamily", VAR_SERVER | VAR_SAFE},
 	{"AutoConnect", VAR_SERVER | VAR_SAFE},
 	{"BindToAddress", VAR_SERVER | VAR_MULTIPLE},
 	{"BindToInterface", VAR_SERVER},
 	{"Broadcast", VAR_SERVER | VAR_SAFE},
 	{"BroadcastSubnet", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
 	{"ConnectTo", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
-	{"DecrementTTL", VAR_SERVER},
+	{"DecrementTTL", VAR_SERVER | VAR_SAFE},
 	{"Device", VAR_SERVER},
 	{"DeviceStandby", VAR_SERVER},
 	{"DeviceType", VAR_SERVER},
-	{"DirectOnly", VAR_SERVER},
+	{"DirectOnly", VAR_SERVER | VAR_SAFE},
 	{"Ed25519PrivateKeyFile", VAR_SERVER},
 	{"ExperimentalProtocol", VAR_SERVER},
 	{"Forwarding", VAR_SERVER},
@@ -1738,34 +1747,34 @@ const var_t variables[] = {
 	{"IffOneQueue", VAR_SERVER},
 	{"Interface", VAR_SERVER},
 	{"InvitationExpire", VAR_SERVER},
-	{"KeyExpire", VAR_SERVER},
+	{"KeyExpire", VAR_SERVER | VAR_SAFE},
 	{"ListenAddress", VAR_SERVER | VAR_MULTIPLE},
-	{"LocalDiscovery", VAR_SERVER},
+	{"LocalDiscovery", VAR_SERVER | VAR_SAFE},
 	{"LogLevel", VAR_SERVER},
-	{"MACExpire", VAR_SERVER},
-	{"MaxConnectionBurst", VAR_SERVER},
-	{"MaxOutputBufferSize", VAR_SERVER},
-	{"MaxTimeout", VAR_SERVER},
+	{"MACExpire", VAR_SERVER | VAR_SAFE},
+	{"MaxConnectionBurst", VAR_SERVER | VAR_SAFE},
+	{"MaxOutputBufferSize", VAR_SERVER | VAR_SAFE},
+	{"MaxTimeout", VAR_SERVER | VAR_SAFE},
 	{"Mode", VAR_SERVER | VAR_SAFE},
 	{"Name", VAR_SERVER},
-	{"PingInterval", VAR_SERVER},
-	{"PingTimeout", VAR_SERVER},
+	{"PingInterval", VAR_SERVER | VAR_SAFE},
+	{"PingTimeout", VAR_SERVER | VAR_SAFE},
 	{"PriorityInheritance", VAR_SERVER},
 	{"PrivateKey", VAR_SERVER | VAR_OBSOLETE},
 	{"PrivateKeyFile", VAR_SERVER},
 	{"ProcessPriority", VAR_SERVER},
 	{"Proxy", VAR_SERVER},
-	{"ReplayWindow", VAR_SERVER},
+	{"ReplayWindow", VAR_SERVER | VAR_SAFE},
 	{"ScriptsExtension", VAR_SERVER},
 	{"ScriptsInterpreter", VAR_SERVER},
-	{"StrictSubnets", VAR_SERVER},
-	{"TunnelServer", VAR_SERVER},
-	{"UDPDiscovery", VAR_SERVER},
-	{"UDPDiscoveryKeepaliveInterval", VAR_SERVER},
-	{"UDPDiscoveryInterval", VAR_SERVER},
-	{"UDPDiscoveryTimeout", VAR_SERVER},
-	{"MTUInfoInterval", VAR_SERVER},
-	{"UDPInfoInterval", VAR_SERVER},
+	{"StrictSubnets", VAR_SERVER | VAR_SAFE},
+	{"TunnelServer", VAR_SERVER | VAR_SAFE},
+	{"UDPDiscovery", VAR_SERVER | VAR_SAFE},
+	{"UDPDiscoveryKeepaliveInterval", VAR_SERVER | VAR_SAFE},
+	{"UDPDiscoveryInterval", VAR_SERVER | VAR_SAFE},
+	{"UDPDiscoveryTimeout", VAR_SERVER | VAR_SAFE},
+	{"MTUInfoInterval", VAR_SERVER | VAR_SAFE},
+	{"UDPInfoInterval", VAR_SERVER | VAR_SAFE},
 	{"UDPRcvBuf", VAR_SERVER},
 	{"UDPSndBuf", VAR_SERVER},
 	{"UPnP", VAR_SERVER},
@@ -1776,12 +1785,12 @@ const var_t variables[] = {
 	/* Host configuration */
 	{"Address", VAR_HOST | VAR_MULTIPLE},
 	{"Cipher", VAR_SERVER | VAR_HOST},
-	{"ClampMSS", VAR_SERVER | VAR_HOST},
-	{"Compression", VAR_SERVER | VAR_HOST},
+	{"ClampMSS", VAR_SERVER | VAR_HOST | VAR_SAFE},
+	{"Compression", VAR_SERVER | VAR_HOST | VAR_SAFE},
 	{"Digest", VAR_SERVER | VAR_HOST},
 	{"Ed25519PublicKey", VAR_HOST},
 	{"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST},
-	{"IndirectData", VAR_SERVER | VAR_HOST},
+	{"IndirectData", VAR_SERVER | VAR_HOST | VAR_SAFE},
 	{"MACLength", VAR_SERVER | VAR_HOST},
 	{"PMTU", VAR_SERVER | VAR_HOST},
 	{"PMTUDiscovery", VAR_SERVER | VAR_HOST},
@@ -1789,7 +1798,7 @@ const var_t variables[] = {
 	{"PublicKey", VAR_HOST | VAR_OBSOLETE},
 	{"PublicKeyFile", VAR_SERVER | VAR_HOST | VAR_OBSOLETE},
 	{"Subnet", VAR_HOST | VAR_MULTIPLE | VAR_SAFE},
-	{"TCPOnly", VAR_SERVER | VAR_HOST},
+	{"TCPOnly", VAR_SERVER | VAR_HOST | VAR_SAFE},
 	{"Weight", VAR_HOST | VAR_SAFE},
 	{NULL, 0}
 };
@@ -1880,6 +1889,19 @@ static int cmd_config(int argc, char *argv[]) {
 		found = true;
 		variable = (char *)variables[i].name;
 
+		if(!strcasecmp(variable, "Subnet")) {
+			subnet_t s = {0};
+
+			if(!str2net(&s, value)) {
+				fprintf(stderr, "Malformed subnet definition %s\n", value);
+			}
+
+			if(!subnetcheck(s)) {
+				fprintf(stderr, "Network address and prefix length do not match: %s\n", value);
+				return 1;
+			}
+		}
+
 		/* Discourage use of obsolete variables. */
 
 		if(variables[i].type & VAR_OBSOLETE && action >= 0) {
@@ -2301,6 +2323,7 @@ static int cmd_init(int argc, char *argv[]) {
 
 static int cmd_generate_keys(int argc, char *argv[]) {
 #ifdef DISABLE_LEGACY
+	(void)argv;
 
 	if(argc > 1) {
 #else
@@ -2440,10 +2463,14 @@ static int cmd_edit(int argc, char *argv[]) {
 	char *command;
 #ifndef HAVE_MINGW
 	const char *editor = getenv("VISUAL");
-	if (!editor)
+
+	if(!editor) {
 		editor = getenv("EDITOR");
-	if (!editor)
+	}
+
+	if(!editor) {
 		editor = "vi";
+	}
 
 	xasprintf(&command, "\"%s\" \"%s\"", editor, filename);
 #else

src/tincd.c

@@ -1,7 +1,7 @@
 /*
     tincd.c -- the main file for tincd
     Copyright (C) 1998-2005 Ivo Timmermans
-                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2021 Guus Sliepen <guus@tinc-vpn.org>
                   2008      Max Rijevski <maksuf@gmail.com>
                   2009      Michael Tokarev <mjt@tls.msk.ru>
                   2010      Julien Muchembled <jm@jmuchemb.eu>
@@ -344,10 +344,15 @@ static bool drop_privs(void) {
 # define setpriority(level) !SetPriorityClass(GetCurrentProcess(), (level))
 
 static void stop_handler(void *data, int flags) {
+	(void)data;
+	(void)flags;
+
 	event_exit();
 }
 
 static BOOL WINAPI console_ctrl_handler(DWORD type) {
+	(void)type;
+
 	logger(DEBUG_ALWAYS, LOG_NOTICE, "Got console shutdown request");
 
 	if(WSASetEvent(stop_io.event) == FALSE) {
@@ -373,7 +378,7 @@ int main(int argc, char **argv) {
 	if(show_version) {
 		printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
 		       BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
-		printf("Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n"
+		printf("Copyright (C) 1998-2021 Ivo Timmermans, Guus Sliepen and others.\n"
 		       "See the AUTHORS file for a complete list.\n\n"
 		       "tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
 		       "and you are welcome to redistribute it under certain conditions;\n"
@@ -481,6 +486,8 @@ int main(int argc, char **argv) {
 }
 
 int main2(int argc, char **argv) {
+	(void)argc;
+	(void)argv;
 #endif
 	char *priority = NULL;
 

src/upnp.c

@@ -1,6 +1,6 @@
 /*
     upnp.c -- UPnP-IGD client
-    Copyright (C) 2015 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2015-2018 Guus Sliepen <guus@tinc-vpn.org>,
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -19,7 +19,9 @@
 
 #include "upnp.h"
 
+#ifndef HAVE_MINGW
 #include <pthread.h>
+#endif
 
 #include "miniupnpc/miniupnpc.h"
 #include "miniupnpc/upnpcommands.h"
@@ -159,7 +161,9 @@ static void *upnp_thread(void *data) {
 		time_t now = time(NULL);
 
 		if(now < refresh_time) {
-			sleep(refresh_time - now);
+			nanosleep(&(struct timespec) {
+				refresh_time - now, 0
+			}, NULL);
 		}
 	}
 
@@ -176,10 +180,20 @@ void upnp_init(bool tcp, bool udp) {
 	get_config_int(lookup_config(config_tree, "UPnPDiscoverWait"), &upnp_discover_wait);
 	get_config_int(lookup_config(config_tree, "UPnPRefreshPeriod"), &upnp_refresh_period);
 
+#ifdef HAVE_MINGW
+	HANDLE handle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)upnp_thread, NULL, 0, NULL);
+
+	if(!handle) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to start UPnP-IGD client thread");
+	}
+
+#else
 	pthread_t thread;
 	int error = pthread_create(&thread, NULL, upnp_thread, NULL);
 
 	if(error) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to start UPnP-IGD client thread: [%d] %s", error, strerror(error));
 	}
+
+#endif
 }

src/utils.c

@@ -173,11 +173,7 @@ size_t b64encode_urlsafe(const void *src, char *dst, size_t length) {
 	return b64encode_internal(src, dst, length, base64_urlsafe);
 }
 
-#if defined(HAVE_MINGW) || defined(HAVE_CYGWIN)
-#ifdef HAVE_CYGWIN
-#include <w32api/windows.h>
-#endif
-
+#ifdef HAVE_MINGW
 const char *winerror(int err) {
 	static char buf[1024], *ptr;
 

src/xalloc.h

@@ -53,7 +53,7 @@ static inline void *xrealloc(void *p, size_t n) {
 	return p;
 }
 
-static inline char *xstrdup(const char *s) __attribute__((__malloc__, __nonnull__));
+static inline char *xstrdup(const char *s) __attribute__((__malloc__)) __attribute((__nonnull__));
 static inline char *xstrdup(const char *s) {
 	char *p = strdup(s);
 

systemd/Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

test-driver

@@ -3,7 +3,7 @@
 
 scriptversion=2018-03-07.03; # UTC
 
-# Copyright (C) 2011-2018 Free Software Foundation, Inc.
+# Copyright (C) 2011-2020 Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -42,11 +42,13 @@ print_usage ()
 {
   cat <<END
 Usage:
-  test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
-              [--expect-failure={yes|no}] [--color-tests={yes|no}]
-              [--enable-hard-errors={yes|no}] [--]
+  test-driver --test-name NAME --log-file PATH --trs-file PATH
+              [--expect-failure {yes|no}] [--color-tests {yes|no}]
+              [--enable-hard-errors {yes|no}] [--]
               TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
 The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
 END
 }
 

test/Makefile.am

@@ -15,8 +15,6 @@ TESTS = \
 
 dist_check_SCRIPTS = $(TESTS)
 
-EXTRA_DIST = testlib.sh
-
 AM_CFLAGS = -iquote.
 
 check_PROGRAMS = \

test/Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -107,7 +107,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
 	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_FILES = testlib.sh
 CONFIG_CLEAN_VPATH_FILES =
 am_splice_OBJECTS = splice.$(OBJEXT)
 splice_OBJECTS = $(am_splice_OBJECTS)
@@ -349,6 +349,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -369,8 +370,8 @@ am__set_b = \
     *) \
       b='$*';; \
   esac
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
-	$(top_srcdir)/test-driver
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/testlib.sh.in \
+	$(top_srcdir)/depcomp $(top_srcdir)/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -498,7 +499,6 @@ TESTS = \
 	variables.test
 
 dist_check_SCRIPTS = $(TESTS)
-EXTRA_DIST = testlib.sh
 AM_CFLAGS = -iquote.
 splice_SOURCES = splice.c
 all: all-am
@@ -534,6 +534,8 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+testlib.sh: $(top_builddir)/config.status $(srcdir)/testlib.sh.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 
 clean-checkPROGRAMS:
 	-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
@@ -731,7 +733,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\

test/commandline.test

@@ -16,6 +16,10 @@ read pid rest <$d1/pid
 (sleep 0.1; kill \$pid) &
 EOF
 
+cat >$d1/tinc-up.cmd <<EOF
+start /min ../$tinc $c1 stop
+EOF
+
 # Test tincd command line options that should work
 
 $tincd $c1 $r1 -D

test/invite-offline.test

@@ -15,7 +15,7 @@ EOF
 
 # Generate an invitation offline and let another node join the VPN
 
-invitation=`$tinc $c1 invite bar`
+invitation=`$tinc $c1 invite bar | sed 's/\r//'`
 
 $tinc $c1 start $r1