1862 lines
88 KiB
Text
1862 lines
88 KiB
Text
Version 1.0.22 August 13 2013
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (7):
|
||
Better optional argument handling.
|
||
Fix a typo.
|
||
Set $NAME when calling host-up/down and subnet-up/down scripts.
|
||
Don't use vasprintf() anymore on Windows.
|
||
Don't echo broadcast packets back when Broadcast = direct.
|
||
Update copyright notices.
|
||
Releasing 1.0.22.
|
||
|
||
Etienne Dechamps (1):
|
||
Fix combination of Mode = router and DeviceType = tap on Linux.
|
||
|
||
Version 1.0.21 April 22 2013
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (2):
|
||
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
|
||
Releasing 1.0.21.
|
||
|
||
Version 1.0.20 March 03 2013
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (30):
|
||
Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
|
||
Document how to load the tap driver on FreeBSD.
|
||
Update THANKS file.
|
||
Also clarify hostnames=[yes|no] in tinc.conf(5).
|
||
Attribution for Vil Brekin and some code style cleanups.
|
||
Don't ignore Makefile.am.
|
||
Fix links in documenation.
|
||
Attribution for Martin Schürrer.
|
||
Add strict checks to hex to binary conversions.
|
||
Clear connection options and status fields in free_connection_partially().
|
||
Fix warnings from cppcheck.
|
||
Clear Ethernet header when reading packets from a tun device.
|
||
Clear status and options fields of unreachable nodes.
|
||
Fix warnings from groff.
|
||
Using alloca() for a constant sized buffer is very silly.
|
||
Make sure PMTU discovery works in switch mode with VLAN tags.
|
||
Mention in the manual that support for LZO and zlib can be disabled.
|
||
Fix configure script help text for --enable options.
|
||
Don't take the address of a variable whose scope is about to disappear.
|
||
Send broadcast packets using a random socket, and properly support IPv6.
|
||
Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
|
||
Fix support for tunemu on iOS devices.
|
||
Make sure PriorityInheritance also works in switch mode.
|
||
Detect increases in PMTU.
|
||
Fix a compiler warning.
|
||
Fix segmentation fault when trying to connect via a SOCKS5 proxy.
|
||
Don't send proxy requests for incoming connections.
|
||
Fix compiler warnings on Windows.
|
||
Fix detection of rejected SOCKS5 proxy requests.
|
||
Releasing 1.0.20.
|
||
|
||
Vilbrekin (5):
|
||
Basic patch for android cross-compilation.
|
||
Replace hard-code with new ScriptsInterpreter configuration property.
|
||
Add basic .gitignore file, cleaning (most) files generated by autotools.
|
||
Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
|
||
Android cross-compilation instructions.
|
||
|
||
Martin Schürrer (1):
|
||
Output details of encryption errors
|
||
|
||
Mesar Hameed (1):
|
||
Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
|
||
|
||
Version 1.0.19 June 25 2012
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (14):
|
||
Support :: in IPv6 Subnets.
|
||
Remove newline from log message.
|
||
Add support for systemd style socket activation.
|
||
Allow environment variables to be used for Name.
|
||
Allow broadcast packets to be sent directly instead of via the MST.
|
||
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
|
||
Add support for SOCKS 5 proxies.
|
||
Add support for proxying through an external command.
|
||
Document new proxy types.
|
||
Small fixes in proxy code.
|
||
#include <winsock2.h> on Windows.
|
||
Fix compiler warnings.
|
||
Fix crash when using Broadcast = direct.
|
||
Releasing 1.0.19.
|
||
|
||
Anthony G. Basile (1):
|
||
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
|
||
|
||
Michael Tokarev (1):
|
||
add (errnum) in front of windows error messages
|
||
|
||
Version 1.0.18 March 25 2012
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (13):
|
||
Always try next Address when an outgoing connection fails to authenticate.
|
||
Allow a port to be specified in BindToAddress statements.
|
||
Add support for multicast communication with UML/QEMU/KVM.
|
||
Set default value of DecrementTTL to "no".
|
||
Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
|
||
Allow scoped addresses to be used for IPv6 multicast socket.
|
||
Fix compiler warnings.
|
||
Fix return value type of vde_send().
|
||
Fix some more compiler warnings.
|
||
Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
|
||
Fix return type of vde_recv() as well.
|
||
Mark DecrementTTL option experimental.
|
||
Releasing 1.0.18.
|
||
|
||
Version 1.0.17 March 10 2012
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (32):
|
||
Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
|
||
Return false instead of void when there is an error.
|
||
Fix compilation of VDE and UML interfaces.
|
||
Add vde/device.c to the tarball.
|
||
Fix a few small memory leaks.
|
||
Allow linking with multiple device drivers.
|
||
Set FD_CLOEXEC flag on all sockets.
|
||
Allow multiple BindToAddress statements.
|
||
Merge branch 'master' of black:tinc
|
||
Send packets back using the same socket as they were received on.
|
||
Allow setting DeviceType to tun or tap on Linux.
|
||
Merge branch 'master' of black:tinc
|
||
Only compile raw socket code when it is supported on that platform.
|
||
Decrement TTL of incoming packets.
|
||
Don't bind outgoing TCP sockets anymore.
|
||
Rename connection_t *broadcast to everyone.
|
||
Allow disabling of broadcast packets.
|
||
Move initialization of char *priority up to prevent freeing an uninitialized pointer.
|
||
Document the command line flag -o and provide --option as well.
|
||
Fix a bug that caused tinc to ignore all but the last listening socket.
|
||
Fix check for raw socket support.
|
||
Pass index into listen_socket[] to handle_incoming_vpn_data().
|
||
Add LocalDiscovery option which tries to detect peers on the local network.
|
||
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
|
||
Stricter checks against routing loops.
|
||
Only use broadcast at the start of the PMTU discovery phase.
|
||
Only log errors sending UDP packets when debug level >= 5.
|
||
Accept Subnets passed with the -o option when StrictSubnets = yes.
|
||
Add missing ICMP6 message type definitions.
|
||
Make sure disabling old RSA keys works on Windows.
|
||
Update copyright notices.
|
||
Releasing 1.0.17.
|
||
|
||
Nick Hibma (1):
|
||
Add missing ICMP message type definitions.
|
||
|
||
Version 1.0.16 July 23 2011
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (4):
|
||
Make code to detect two nodes with the same Name less triggerhappy.
|
||
Flush output buffer in send_tcppacket().
|
||
Use usleep() instead of sleep(), MinGW complained.
|
||
Releasing 1.0.16.
|
||
|
||
Version 1.0.15 June 24 2011
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (9):
|
||
Reorder checks for libraries to allow ./configure LDFLAGS=-static.
|
||
Make return value of SetPriorityClass() behave the same as setpriority().
|
||
Fix sparse warnings and add an extra sprinkling of const.
|
||
Remove newlines from log messages.
|
||
Remove a few unnecessary #includes.
|
||
Attribution for Loïc Grenié.
|
||
Improved --logfile option.
|
||
Remove redundant @CFLAGS@ from AM_CFLAGS.
|
||
Releasing 1.0.15.
|
||
|
||
Loïc Grenié (1):
|
||
Nearly tickless tinc.
|
||
|
||
Version 1.0.14 May 08 2011
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (48):
|
||
Fix reading configuration files that do not end with a newline. Again.
|
||
Define WINVER before including any other header file on Windows.
|
||
Use intptr_t instead of long to store a pointer.
|
||
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
|
||
Fix all warnings when compiling with mingw64.
|
||
Use strrchr() insteaad of rindex().
|
||
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
|
||
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
|
||
Do not append an address to ANS_KEY messages if we don't know any address.
|
||
Merge local host configuration with server configuration.
|
||
Remove duplicate command-line option parsing.
|
||
Attribution for Julien Muchembled.
|
||
Attribution for Timothy Redaelli.
|
||
Ensure there is a newline character before a PEM key is written.
|
||
Abort disabling old PEM keys on I/O errors.
|
||
Remove unused variables.
|
||
Quit when there are too many consecutive errors on the tun/tap device.
|
||
Read error counter must be static.
|
||
Add short options -R and -U to the tincd(8) manpage.
|
||
Don't use strlen() on a NULL pointer.
|
||
Provide usleep() for Windows.
|
||
Use variable length arrays instead of alloca().
|
||
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
|
||
Free replay window when freeing a node_t.
|
||
Fix variable length array declaration.
|
||
Attribution for Brandon Black.
|
||
Use setpriority() instead of nice() on UNIX-like systems.
|
||
Always send MTU probes at least once every PingInterval.
|
||
Close all filedescriptors in Solaris close_device().
|
||
Limit field width when scanning PID file.
|
||
Replace bogus #else with #endif.
|
||
Remove unused variables.
|
||
Document the behavior of "-n."
|
||
Update the manual.
|
||
Update the NEWS.
|
||
Proper check and dropin replacement for usleep().
|
||
Fix typo spotted by Andrew Scheller.
|
||
Add support for VDE through libvdeplug.
|
||
Fix spurious misidentification of incoming UDP packets.
|
||
Prevent anything from updating our own UDP address.
|
||
Do not set indirect flag on edges from nodes with multiple addresses.
|
||
Increase threshold for detecting two nodes with the same Name.
|
||
Always use the default signal handler for ABRT signals.
|
||
Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
|
||
Update THANKS and copyright information.
|
||
Ensure proper linking with OpenSSL with recent versions of MinGW.
|
||
Include <inttypes.h> when using intptr_t.
|
||
Releasing 1.0.14.
|
||
|
||
Brandon L Black (4):
|
||
Experimental IFF_ONE_QUEUE support for Linux
|
||
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
|
||
Configurable ReplayWindow size, zero disables
|
||
Improved handling of queue-jumping packets on receive
|
||
|
||
Julien Muchembled (2):
|
||
New '-o' option to configure server or hosts from command line
|
||
Fix command-line '-o' option for host configuration
|
||
|
||
Timothy Redaelli (2):
|
||
Fix warnings showed using -D_FORTIFY_SOURCE=2
|
||
Fix warnings under BSD
|
||
|
||
Michael Tokarev (1):
|
||
Treat netname="." in a special way.
|
||
|
||
Rumko (1):
|
||
DragonFlyBSD support
|
||
|
||
Version 1.0.13 April 11 2010
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (20):
|
||
Clamp MSS to miminum MTU in both directions.
|
||
Simplify reading lines from configuration files.
|
||
Check for dirent.h.
|
||
Preload all Subnets in TunnelServer mode.
|
||
Add the StrictSubnets option.
|
||
Add the Forwarding option.
|
||
Add the DirectOnly option.
|
||
Fixes for the Forwarding option.
|
||
ConnectTo does not mean tinc does not listen for incoming connections anymore.
|
||
Log unauthorized Subnets when StrictSubnets is set.
|
||
Fix typo.
|
||
Convert Port to numeric form before sending it to other nodes.
|
||
Ensure ICMP_NET_ANO is defined.
|
||
Reload Subnets when getting a HUP signal and StrictSubnets is used.
|
||
Fix reloading Subnets when StrictSubnets is set.
|
||
Ensure subnet-up/down scripts are called after HUP when necessary.
|
||
Fixes for definitions under Windows.
|
||
Don't redefine MAX if it already exists.
|
||
Mark Forwarding and DirectOnly options as being experimental.
|
||
Releasing 1.0.13.
|
||
|
||
Timothy Redaelli (2):
|
||
Add --disable-lzo configure option
|
||
Add --disable-zlib configure option
|
||
|
||
Sven-Haegar Koch (1):
|
||
Never delete Subnets when StrictSubnets is set
|
||
|
||
Version 1.0.12 February 03 2010
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (21):
|
||
When learning MAC addresses, only check our own Subnets for previous entries.
|
||
Remove unused variable in lookup_subnet_*() functions.
|
||
Forget addresses of unreachable nodes.
|
||
Do not fragment packets smaller than RFC defined minimum MTUs.
|
||
Allow port to be specified in Address statements.
|
||
Use xstrdup() instead of xasprintf() to copy static strings.
|
||
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
|
||
Clamp MSS of IPv4 SYN packets.
|
||
Ping nodes immediately when receiving SIGALRM.
|
||
Optimise handling of select() returning <= 0.
|
||
Also clamp MSS of TCP over IPv6 packets.
|
||
Make MSS clamping configurable, but enabled by default.
|
||
Fix subnet-up/down scripts being called with an empty SUBNET.
|
||
Run subnet-up/down scripts for local MAC addresses as well.
|
||
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
|
||
Determine peer's reflexive address and port when exchanging keys.
|
||
Immediately exchange keys when establishing a meta connection.
|
||
Try to set DF bit on BSDs as well.
|
||
Update copyright notices.
|
||
Ensure peers with a meta connection always have our key.
|
||
Releasing 1.0.12.
|
||
|
||
Version 1.0.11 November 01 2009
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (16):
|
||
Fix a possible crash when sending the HUP signal.
|
||
Starting to work towards 1.0.11.
|
||
Handle weighted Subnets in switch and hub modes.
|
||
Clarify and increase level of log message about MTU probes to unreachable nodes.
|
||
Add dummy device.
|
||
Use uint32_t instead of long int for connection options.
|
||
Allow UDP packets with an address different from the corresponding TCP connection.
|
||
Always reply to MTU probes via UDP.
|
||
Make maxmtu equal to minmtu when fixing the path MTU to a node.
|
||
Forward packets to not directly reachable hosts via UDP if possible.
|
||
Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
|
||
Use WSAGetLastError() to determine cause of network errors on Windows.
|
||
Move socket error interpretation to utils.h.
|
||
Fast handoff of roaming MAC addresses.
|
||
Start a tinc service if it already exists.
|
||
Releasing 1.0.11.
|
||
|
||
Michael Tokarev (1):
|
||
Remove localedir leftovers.
|
||
|
||
Version 1.0.10 October 18 2009
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (78):
|
||
Update documentation for git.
|
||
Consistently allocate device and iface variables on the heap.
|
||
Only send packets via UDP if UDP communication is possible.
|
||
Move free()s at the end om main() to the proper destructor functions.
|
||
Change flush_events() to expire_events().
|
||
Add missing cleanup functions in close_network_connections().
|
||
Use a global list to track outgoing connections.
|
||
Remove unused definitions from net.h.
|
||
Allow reading config files with CRLF endings on Unix systems.
|
||
Validate Name before using it in a filename when generating a keypair.
|
||
Disable old RSA keys when generating new ones.
|
||
Handle neighbor solicitation requests without link layer addresses.
|
||
Allow weight to be assigned to Subnets.
|
||
Update THANKS and copyright information.
|
||
Disable PMTUDiscovery in switch and hub modes.
|
||
Use a simple Random Early Drop algorithm in send_tcppacket().
|
||
Handle UDP packets from different and ports than advertised.
|
||
If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily.
|
||
Fix link to Mattias Nissler's tun/tap driver for MacOS/X.
|
||
Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66.
|
||
Use xrealloc instead of if(ptr) ptr = xmalloc().
|
||
Add declaration for sockaddrcmp_noport().
|
||
Use packet size before decompression to calculate path MTU.
|
||
Do not forward broadcast packets when TunnelServer is enabled.
|
||
Add ProcessPriority option.
|
||
Add some const where appropriate.
|
||
Properly set HMAC length for incoming packets.
|
||
Don't try to send MTU probes to unreachable nodes.
|
||
Remove pending MTU probe events when a node's reachability status changes.
|
||
Do not log errors when recvfrom() returns EAGAIN or EINTR.
|
||
Change level of some debug messages, zero pointer after freeing hostname.
|
||
Always remove a node from the UDP tree before freeing it.
|
||
Add xasprintf() and xvasprintf().
|
||
Check the return value of fscanf() when reading a PID file.
|
||
Replace asprintf() by xasprintf().
|
||
UNIX signal numbers start at 1.
|
||
Ensure tinc compiles with gcc -std=c99.
|
||
Convert bitfields to integers in a safe way.
|
||
Add the GPL license to the repository.
|
||
Another safe bitfield conversion.
|
||
Add support for iPhones and recent iPods.
|
||
Don't stat() on iPhone/iPod.
|
||
Put Subnet weight in a separate environment variable.
|
||
Allow PMTUDiscovery in switch and hub modes again.
|
||
Handle unicast packets larger than PMTU in switch mode.
|
||
Remove superfluous call to avl_delete().
|
||
Apparently it's impolite to ask GCC to subtract two pointers.
|
||
Use only rand(), not random().
|
||
Also do not use drand48(), it is not available on Windows.
|
||
Allow compiling for Windows XP and higher.
|
||
Remove dropin random() function, as it is not used anymore.
|
||
Use access() instead of stat() for checking whether scripts exist.
|
||
Raise default crypto algorithms to AES256 and SHA256.
|
||
Remove extra {.
|
||
Use a mutex to allow the TAP reader to process packets faster on Windows.
|
||
Raise default RSA key length to 2048 bits.
|
||
Send large packets we cannot handle properly via TCP.
|
||
Update copyright information.
|
||
Remove all occurences of $Id$.
|
||
Remove Ivo's old email addresses.
|
||
Update the address of the Free Software Foundation in all copyright headers.
|
||
K&R style braces.
|
||
Remove checkpoint tracing.
|
||
Drop support for localisation.
|
||
Add more authors to the copyright headers.
|
||
Update the NEWS.
|
||
Remove autogenerated files from EXTRA_DIST.
|
||
Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
|
||
Remove code duplication when checking ADD_EDGE/DEL_EDGE messages.
|
||
Revert "Raise default crypto algorithms to AES256 and SHA256."
|
||
Ensure that the texinfo manual can be converted to HTML.
|
||
Small updates to the documentation.
|
||
Use MTU probes to regularly ping other nodes over UDP.
|
||
Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
|
||
Remove debugging message when reading packets from a BSD device.
|
||
Include missing header.
|
||
Fix description of the WEIGHT environment variable.
|
||
Releasing 1.0.10.
|
||
|
||
Michael Tokarev (17):
|
||
Allow tunnelserver to work with clients that have other peers.
|
||
Enable PMTUDiscovery only if BOTH sides wants it.
|
||
Rename setup_network_connections() and split out try_outgoing_connections()
|
||
Implement privilege dropping
|
||
bugfix: initialize pid (as read from pidfile) to zero
|
||
bugfix: move mlock to after detach() so it works for child, not parent
|
||
bugfix: chdir(/) after chroot
|
||
change error messages in droppriv code to match the rest
|
||
format 'not supported on this platform' error message
|
||
TunnelServer: Don't disconnect client on DEL_SUBNET too
|
||
ignore indirect edge registrations in tunnelserver mode
|
||
don't log every strange packet coming to the UDP port
|
||
Fix ans_key exchange in recent changes
|
||
tunnelserver: log which ADD_SUBNET was refused
|
||
cleanup setpriority thing to make it readable
|
||
try outgoing connections before chroot/drop_privs
|
||
Remove extra semicolon in my definition of setpriority()
|
||
|
||
Florian Forster (2):
|
||
src/linux/device.c: Fix segfault when running without `--net'.
|
||
src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
|
||
|
||
Borg (1):
|
||
Removed last gettext function.
|
||
|
||
Version 1.0.9 December 26 2008
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (18):
|
||
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
|
||
Make sure the prefixlength of subnets is sane.
|
||
Fix reading configuration files that do not end with a newline.
|
||
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
|
||
Prevent freeing a NULL pointer when a hostname is unresolvable.
|
||
Correct debug message.
|
||
Treat virtual network device as tap if Mode = switch or hub.
|
||
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
|
||
Make sure IPv6 sockets are IPv6 only.
|
||
Update Dutch translation.
|
||
Update copyright information.
|
||
Enable PMTU discovery by default.
|
||
Update documentation.
|
||
Update the manpage as well, and some whitespace to make its source more legible.
|
||
Handle broadcast and multicast packets in router mode.
|
||
Apply patch from Max Rijevski fixing a memory leak when closing connections.
|
||
Add missing parentheses in check for IPv4 multicast addresses.
|
||
Releasing 1.0.9.
|
||
|
||
Version 1.0.8 May 16 2007
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (8):
|
||
Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM.
|
||
Apply patch from Scott Lamb fixing some memory and resource leaks.
|
||
Close the proper filedescriptor (if it exists).
|
||
Apply patch from "dnk" making sockets non-blocking under Windows.
|
||
Make sure connection->name is never NULL.
|
||
Update dutch translation.
|
||
Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski.
|
||
Releasing 1.0.8.
|
||
|
||
Version 1.0.7 January 05 2007
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (7):
|
||
Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
|
||
Tapreader socket should be bound to localhost only.
|
||
Fix generic BSD tun device to write only the actual packet length.
|
||
rename() cannot replace existing files on Windows.
|
||
No things to do for the 1.0 branch except bugfixing.
|
||
Update copyright notices.
|
||
Releasing 1.0.7.
|
||
|
||
Version 1.0.6 December 18 2006
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (13):
|
||
Make sure resolved addressed for outgoing connections are freed, if there are any.
|
||
Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h.
|
||
When building the minimum spanning tree, make sure we start from a reachable node.
|
||
Use the correct next pointer.
|
||
Remove unnecessary stuff from configure.in.
|
||
Remove old Spanish translation.
|
||
Fix rule that creates html version of manpages.
|
||
Use standard autoconf macros instead of our own.
|
||
We do properly check for malloc and realloc.
|
||
Remove the test for linux/if_tun.h.
|
||
Do a simple test for linux/if_tun.h instead of no test at all.
|
||
Prevent compiler warnings about redefinition of EAI_FAMILY on FreeBSD 6.1.
|
||
Releasing 1.0.6.
|
||
|
||
Version 1.0.5 November 14 2006
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (32):
|
||
Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
|
||
Add alloca.h to the list of necessary header files.
|
||
Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh.
|
||
EVP_Cleanup() when quitting.
|
||
Apply patch from Scott Lamb unifying configuration of TCP socket options.
|
||
Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
|
||
Make sure $NAME is set correctly when executing tinc-down script.
|
||
Missing #include.
|
||
Export flush_meta().
|
||
Fix signedness compiler warnings.
|
||
Fix a bug in handling prefixlengths that are not a multiple of 4.
|
||
Update copyright notices, remove Ivo's email address.
|
||
Restore length of the original packet in send_udppacket().
|
||
Use memcpy() to copy sockaddrs returned by getaddrinfo().
|
||
Add generic host-up and host-down scripts.
|
||
Do not break strict aliasing of status_t structs.
|
||
Fix format string warnings.
|
||
Remove unused variables.
|
||
Remove unused parameter from maskcmp().
|
||
Remove unused variable.
|
||
memcpy() addresses from packet headers before calling the lookup functions.
|
||
The "active" bit in node.status is not used.
|
||
Added graph dumping ability based on Markus Goetz's patch.
|
||
popen() requires pclose().
|
||
Support and autodetect LZO version 2.0 and later.
|
||
Support and autodetect LZO version 2.0 and later.
|
||
Document GraphDumpFile option.
|
||
Update Dutch translation.
|
||
Nodes use events, so event system should be initialised first and destroyed last.
|
||
When deleting an entire tree, start at head, not at root.
|
||
EWOULDBLOCK does not exist on platforms without O_NONBLOCK
|
||
Releasing 1.0.5.
|
||
|
||
Version 1.0.4 May 04 2005
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (17):
|
||
Make sure broadcast packet reach the local network interface.
|
||
Fix splay tree code.
|
||
subnet-up/down hooks
|
||
subnet-up/down hooks, use list_t for the todo list.
|
||
Small fix.
|
||
Free memory used by connection_t after it is deleted from the connection tree.
|
||
Use the proper free function.
|
||
Correct size argument for strncat().
|
||
Nodes should only be in the node_udp_tree if they are reachable.
|
||
Don't try to add a non-existing node back to the node_udp_tree.
|
||
Remove unused (and potentially segfaulting) net2str() call.
|
||
Be on the safe side with initialisation of c->name.
|
||
Searching through splay trees may change the tree variable.
|
||
Several splay tree fixes.
|
||
Describe subnet-up/down scripts in documentation.
|
||
Update copyright notices.
|
||
Releasing 1.0.4.
|
||
|
||
Version 1.0.3 November 11 2004
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (77):
|
||
Removed items in TODO list that are already implemented. Only two items
|
||
Applied patch from Jamie Briggs for bash2 conformance.
|
||
Added another semicolon for bash2 compliance (thanks to Jamie Briggs)
|
||
Adding even more stuff from the CABAL branch.
|
||
Synchronise HEAD with CABAL branch.
|
||
This will become 2.0.
|
||
Some device.c files weren't synchronised.
|
||
Makevars file was accidentily removed.
|
||
Forgot to synchronise po/ directory...
|
||
Add description of new authentication scheme.
|
||
Add Opaque option which prevent information from being forwarded to certain nodes.
|
||
Replace Opaque and Strict options with a TunnelServer option.
|
||
Complain if pid file cannot be created.
|
||
Read MaxTimeout from tinc.conf like the manpage says.
|
||
Missing space between words.
|
||
Don't retry if configuration is wrong from the beginning.
|
||
Fix proxy-neighborsolicitation.
|
||
Code beautification, start of multicast support.
|
||
Forget multicast. Always inline some function.
|
||
Let tinc figure out the exact MTU of the link.
|
||
More sensible name, and try to set PMTU discovery on IPv6 sockets as well.
|
||
Describe the TunnelServer and PMTUDiscovery options.
|
||
Better name, show probed MTU in dump.
|
||
Improvements for PMTU discovery and IPv4 packet fragmentation.
|
||
Missing definitions.
|
||
Small fixes for PMTU discovery.
|
||
Don't forget to update destination MAC address.
|
||
Small updates.
|
||
Remove autogen.sh, the autoreconf program does exactly that.
|
||
Replace cvs-clean with a much better svn-clean.
|
||
Remove CVS related cruft.
|
||
Eat trailing whitespace in config files.
|
||
Only read our public key if it wasn't already in the private key file.
|
||
Updating dutch translation.
|
||
Even better svn-clean command.
|
||
Applied Martin Kihlgren's IdentityGenerosity patch,
|
||
Fix declaration of update_node_address().
|
||
Use Subversion to create ChangeLog, better svn-clean rule.
|
||
Revert Martin Kihlgren's patch, it doesn't work the way it should.
|
||
Move CABAL branch to its rightful place: the trunk.
|
||
Update copyrights, links, email addresses and let Subversion update $Id$ keywords.
|
||
Increase MTU by 4 bytes to allow VLAN tagged Ethernet frames in hub and switch mode.
|
||
Clean up environment after executing scripts.
|
||
Handle timeouts during connecting the same way as other errors.
|
||
Added UML network socket handling.
|
||
Don't set $INTERFACE automatically, don't quit on EINTR/EAGAIN.
|
||
Marking potential late packets was in the wrong place.
|
||
Remove duplicate #include "system.h"
|
||
Move all #ifdef HAVE_HEADER_H #include <header.h> to have.h,
|
||
Fix several #includes.
|
||
strndupa() is too arcane for some environments.
|
||
Allow tinc to work with the latest TAP-Win32 driver.
|
||
Correct return value.
|
||
Don't let tinc service depend on NDIS component.
|
||
Support alternative tun/tap driver from http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
|
||
Generic device driver for *BSD and MacOS/X
|
||
static
|
||
Check for sys/uio.h, net/if_tun.h and net/if_tap.h
|
||
Don't include .svn directory in sample configuration.
|
||
Splay trees.
|
||
Hoopjumping to get the default directories in the manuals properly.
|
||
Update to make it compile again.
|
||
Fixed another bug in late packet handling.
|
||
Hopefully this really fixes late packet handling.
|
||
Missing check for NULL-pointer.
|
||
Use the generic BSD tun/tap code.
|
||
Fix order of arguments for tar.
|
||
Let compiler decide when to inline.
|
||
Support tunneling IPv6 on Solaris.
|
||
Add BlockingTCP option, useful when using TCPOnly on slow or congested links.
|
||
Update documentation.
|
||
Set BSD tuns to broadcast mode. On OpenBSD, this enables IPv6 on the tun device!
|
||
Remove duplication.
|
||
Updated dutch translation.
|
||
Short readme about how to compile tinc from a Subversion checkout.
|
||
Add more people who have contributed to tinc.
|
||
Releasing 1.0.3.
|
||
|
||
Ivo Timmermans (52):
|
||
Check for __gmpz_powm for libgmp3.
|
||
Changed version number to 1.0pre3.
|
||
Autogenerated by gettextize.
|
||
Bring head revision up to date with cabal (try #3)
|
||
Add check for the syslog function
|
||
Generalized error handling functions
|
||
Add all the new files to the sources list for the utility library
|
||
New function: xalloc_and_zero()
|
||
Generalized list and hash handling functions
|
||
First try to create a graphical frontend for tinc configuration
|
||
Updating HEAD branch #1; removing obsolete files.
|
||
Updating HEAD branch #2; removing debian/ dir.
|
||
Updating HEAD branch #3; more obsolete files removed.
|
||
Updating HEAD branch #4; Merging CABAL -> HEAD.
|
||
Updating HEAD branch #5; Last files from CABAL.
|
||
Ok, I forgot these ;)
|
||
More updates
|
||
More...
|
||
Last bits (hopefully)
|
||
Main pokey interface files.
|
||
Pokey interface definition
|
||
Write src/pokey/Makefile
|
||
Also compile in pokey/
|
||
Remove debug level declaration
|
||
Update copyright info
|
||
Remove debug_lvl
|
||
New logging system to replace syslog() calls with a generic function.
|
||
Rename log_message to log
|
||
Add syslog() wrapper
|
||
Add syslog wrapper
|
||
Some magic
|
||
Added priority definitions from syslog.h
|
||
log_default_hook was renamed to log_default
|
||
Added prototype for log_syslog
|
||
Use logging.h instead of syslog.h
|
||
Compile in logging.c
|
||
Things to ignore...
|
||
Use new logging system
|
||
Include logging.h
|
||
Renamed libvpn to libtinc
|
||
Rename libvpn to libtinc
|
||
...
|
||
Print newline when writing to stderr
|
||
*** empty log message ***
|
||
Moving files, first attempt at gcrypt compatibility, more interface
|
||
Commit diff test
|
||
Another file moved; random interface stuff.
|
||
Callbacks
|
||
Moved event.c/h
|
||
test
|
||
test 2
|
||
Hm.
|
||
|
||
Wessel Dankers (5):
|
||
Initial revision. Lots of loose ends, not usable yet.
|
||
added bit on config file, split up sections, added Id: tag
|
||
Added extra bit about keys.
|
||
More about keys
|
||
This file is now only in the CABAL revision.
|
||
|
||
cvs2svn (1):
|
||
This commit was generated by cvs2svn to compensate for changes in r1352,
|
||
|
||
Version 1.0.2 November 08 2003
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (47):
|
||
Simplify fake getname/addrinfo() functions, possibly fixing freeing a NULL pointer.
|
||
stat() batch files under Windows.
|
||
Don't getsockopt() SO_ERROR. We get the error from send()/recv() anyway.
|
||
Fix fake getnameinfo() and check more arguments.
|
||
Fix --logfile under Windows.
|
||
Use the event log under Windows.
|
||
Compilation fix.
|
||
Do what the SDK documentation tells.
|
||
If we're not in main_loop() and the service is stopped, exit immediately.
|
||
Allow tinc to handle unknown type addresses from other tinc daemons.
|
||
Don't overwrite the first " when installing a service.
|
||
Add checkpoints.
|
||
When purging nodes, only delete them if nobody references them anymore.
|
||
Remove debug message.
|
||
Add license exception from Markus Oberhumer.
|
||
Remove old edges from unreachable nodes to us. This prevents the hosts/NAME-up
|
||
We don't have to tell GCC how to cast.
|
||
Prevent multiple inclusions.
|
||
Remove pidfile when exitting.
|
||
Update translations.
|
||
Check for short packets from the tun/tap device and from other tinc daemons.
|
||
Generate keys with 0x10001 as public exponent, which has less prime factors
|
||
Better length checks.
|
||
Copy structs from packets to the stack before using them, to prevent
|
||
const
|
||
Ethernet protocol types.
|
||
Unused variable in struct.
|
||
Don't confuse users with "Address family not supported" warnings.
|
||
Use CPPFLAGS, LDFLAGS and LIBS as appropiate.
|
||
PIDs are of type pid_t, and use %ld when reading/writing them to the pidfile.
|
||
Make sure type of AF_UNKNOWN is sa_family_t.
|
||
Forgot to #include "xalloc.h"
|
||
Update missing definitions, structs describing headers get __packed__ attribute.
|
||
Missing declaration.
|
||
Set media status for newer TAP-Win32 driver.
|
||
Some platforms don't know sa_family_t or define it other than uint16_t.
|
||
Update documentation.
|
||
Fix ASCII art.
|
||
Check return value of EVP_* functions, and check if length before en/decryption
|
||
Check all EVP_ function calls.
|
||
Parentheses in the wrong spots.
|
||
Fix bug that could lead to an assertion failure in libcrypto when multiple
|
||
Small fixes in documentation.
|
||
Fix another bug in meta.c.
|
||
Update dutch translation.
|
||
Add missing definitions.
|
||
Release notes for 1.0.2
|
||
|
||
Version 1.0.1 August 14 2003
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (24):
|
||
Windows uses backslashes...
|
||
Tell windows to be patient.
|
||
Remove unused stuff from doc/.
|
||
Correct error message when remote host closed connection.
|
||
Simplify execute_script(). It will probably work under Windows as well.
|
||
Allow empty lines in config files.
|
||
Make rule for sample-config.tar.gz.
|
||
Readd quotes.
|
||
Typo.
|
||
Better error messages under Windows.
|
||
Log error first, try to close later.
|
||
Quote when needed and don't try stuff that doesn't work under Windows.
|
||
Under Windows, the installation directory can be found in the registry.
|
||
Better error checking and reporting.
|
||
Small things.
|
||
Simpler checking of permissions on private RSA key and other fixes.
|
||
Check for fchmod().
|
||
Only system() needs script name quoted.
|
||
Update documentation.
|
||
Add a description for the Service control panel.
|
||
Updated dutch translation.
|
||
Small fixes.
|
||
Fix permissions check for rsa_key.priv.
|
||
Update.
|
||
|
||
Version 1.0 August 08 2003
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (111):
|
||
Thank some more people.
|
||
Run graph() after edge_del() when updating an edge.
|
||
Add documentation for BindToAddress.
|
||
Fix PriorityInheritance.
|
||
PrivateKeyFile instead of PrivateKey.
|
||
Run graph algorithm when replacing a second connection from the same host
|
||
Add $NAME for tinc-up/down scripts.
|
||
- Fix indentation in some places.
|
||
Various fixes for autoconf and OpenSSL 0.9.7 and a missing header.
|
||
Make sure send_meta() writes everything.
|
||
Typo.
|
||
- Avoid memory leak caused by OpenSSL 0.9.7a.
|
||
- Speed up checksumming
|
||
Don't copy more than necessary.
|
||
Checksums must also work for uneven number of bytes.
|
||
HUP signal now closes connections to hosts if their host config file is
|
||
Better handling of late packets.
|
||
Make sure outgoing_t is completely freed.
|
||
- Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
|
||
Small fixes to make LZO compression work.
|
||
Small fixes.
|
||
Fix links.
|
||
Fix warning and add missing checks for LZO library.
|
||
Call make_names() before doing anything else.
|
||
If we have a Linux tun/tap device and we are in router mode, open the device
|
||
AddressFamily is "any" by default.
|
||
Remove mymac stuff from device.c.
|
||
Fixes from Wessel Danker's libavl.
|
||
More braces to make gcc happy.
|
||
Update documentation.
|
||
Update dutch translation.
|
||
Typo and conversion to UTF-8.
|
||
There are two lzo compression levels.
|
||
Really make tinc default to any addressfamily.
|
||
This subtle pointer arithmetic thingy is (I'm very sure of it) the cause
|
||
- simplify configure.in
|
||
Check for IPv6 header files.
|
||
Define logger(), cleans up source code and allows us to write log entries
|
||
Sprinkling the source with static and attributes.
|
||
Provide all missing IPv6 definitions in lib/ipv6.h.
|
||
Actually add ipv6.h.
|
||
More missing definitions.
|
||
More missing IPv6 definitions and autoconf checks to make sure it compiles
|
||
Simplify logging, update copyrights and some minor cleanups.
|
||
Update copyrights.
|
||
Removing distribution specific files from CVS.
|
||
Format string checking for logger().
|
||
Export mymac.
|
||
Make use of the CIPE driver. Woohoo, tinc for Windows!
|
||
Windows headers declare a struct interface somewhere.
|
||
Big header file cleanup: everything that has to do with standard system
|
||
Even more missing definitions.
|
||
Remove all #ifndefs from route.c
|
||
Update all device.c files.
|
||
Check for ethernet/ipv4/ipv6 related structures.
|
||
Use iface instead of interface because it might already be declared in
|
||
Oops.
|
||
No UNIX style permissions under Windows.
|
||
Be consistent.
|
||
Oops.
|
||
Check for sys/mman.h.
|
||
Use functions from logger.c
|
||
Copy cygwin driver to mingw directory. It doesn't work (yet).
|
||
Add section about configuring Cygwin and CIPE on Windows.
|
||
Option to specify pidfile location.
|
||
Use bools and enums where appropriate.
|
||
Run setup_device() after parsing configuration but before claiming we're ready.
|
||
Don't initialise a CIPHER_CTX if cipher == NULL.
|
||
Sprinkle around a lot of const and some C99 initialisers.
|
||
More generic handling of tap device under Windows.
|
||
More checks for missing functions.
|
||
Fix compile errors and warnings.
|
||
Update dutch translation and make sure all device drivers are included in
|
||
Update configure scripts.
|
||
Make sure it works.
|
||
Make sure (at least) the MinGW device driver works.
|
||
Native Windows support.
|
||
Cleanups.
|
||
Update documentation and remove stuff that's too outdated.
|
||
Remove doc/es/ and src/device.c from the distribution.
|
||
No C99 initialisers, gcc 2.95.3 doesn't like it.
|
||
Replacement for stdbool.h
|
||
Prevent definitions from messing up attributes.
|
||
Check if the compiler knows about the __malloc__ attribute.
|
||
Wrong argument.
|
||
Remove forgotten braces.
|
||
No easy way to properly detect header files...
|
||
Woops!
|
||
Wrong function...
|
||
Prevent system headers from including our own headers.
|
||
Allow whitespace in values.
|
||
Oops.
|
||
Windows has no symbolic links as we know it.
|
||
When compiling with MinGW, link with ws2_32.
|
||
Install tinc as a service under Windows (MinGW). Remove cleanup_and_exit(),
|
||
Error messages.
|
||
Cleanups and error messages.
|
||
Missing include.
|
||
Oops.
|
||
Updated dutch translation.
|
||
Explain how tinc detaches and how it is "killed" under Windows.
|
||
Typo and another thing to think about.
|
||
Clean up last part of main().
|
||
Old gcc compilers don't like declarations in the middle of a function.
|
||
Cygwin needs windows.h.
|
||
Keep Windows happy.
|
||
Remove newlines from log messages.
|
||
Update dutch translation
|
||
Simplify translation
|
||
Use our own port when connecting to ourself.
|
||
Sync CABAL branch with release-1_0 branch.
|
||
|
||
Ivo Timmermans (2):
|
||
Fix saving of debug level for startup level 0
|
||
Call RSA_blinding_on(), as advised in the paper on
|
||
|
||
Wessel Dankers (1):
|
||
its: Engels voor "van het" - 3e persoon enkelvoud, genitief, onzijdig
|
||
|
||
Version 1.0pre8 September 16 2002
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (73):
|
||
Support for MaxOS/X.
|
||
Add BindToAddress variable, similar to the late BindToIP.
|
||
Added Nick Patavalis for his RedHat package.
|
||
Informative log message if execl() failed.
|
||
Fix very stupid bug in node_del(), which might have caused corruption of
|
||
Only purge once when there are no more connections.
|
||
Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts
|
||
Make it work correctly with NetBSD tun device.
|
||
Use correct includes on NetBSD.
|
||
Cleanup:
|
||
Use inttypes.h instead of stdint.h.
|
||
- netinet/* include files depend on netinet/in_systm.h.
|
||
Added Darwin (MacOS/X) tun device handling.
|
||
Use darwin/device.c when compiling on MacOS/X.
|
||
Include darwin/device.c in distribution.
|
||
Autoconf cleanup. Works for both 2.13 and 2.53, although running autoconf
|
||
Add configuration details for NetBSD and Darwin (MacOS/X).
|
||
Reset listen_sockets after SIGHUP.
|
||
Update comments about IPv6 autoconfiguration.
|
||
s/sliepen.warande.net/sliepen.eu.org/g
|
||
Fix for prefixlengths of 32 (IPv4) and 128 (IPv6) bits.
|
||
Allow list of environment variables to be passed to execute_script().
|
||
Allow identical subnets from different owners.
|
||
Clear subnets before using them.
|
||
Started port to Cygwin.
|
||
Added stub device.c for Cygwin.
|
||
Include complete fake-getname/addrinfo from OpenSSH.
|
||
Allow tincd to be locked into main memory.
|
||
Don't bother to chown, and correctly document ConnectTo.
|
||
Added support for raw sockets. This can be used instead of tun/tap devices.
|
||
Gettext 1.11.5 compatibility.
|
||
Check for ranlib.
|
||
Replacement for the current routing algorithm.
|
||
Make sure setlocale() is available.
|
||
Drop graph and edge stuff. Use new node stuff instead.
|
||
A reachable node is always more preferable to an unreachable one...
|
||
Woops.
|
||
Reduce KEY_CHANGED traffic.
|
||
Prevent looping DEL_NODE/ADD_NODE messages after a node disconnects.
|
||
Don't forget to set prevhop to myself for new connections.
|
||
Just ignore wrong ADD_NODEs instead of replying with a DEL_NODE, in the
|
||
Revert to edge and graph stuff. This time, use a directed graph.
|
||
Small fixes.
|
||
Generalized request broadcasting/forwarding.
|
||
Updated dutch translation.
|
||
Small updates.
|
||
Run autopoint and libtoolize before creating initial makefiles.
|
||
Add missing headers.
|
||
Typo.
|
||
Only reset seqno's when a key is sent or received.
|
||
Remove global edge_tree.
|
||
edge_weight_compare() shouldn't rely on edge_compare().
|
||
Reset the *correct* seqnos.
|
||
Fix MST algorithm.
|
||
Why don't these connection_t's get cleaned up?
|
||
Cleanups:
|
||
Switch to K&R style indentation.
|
||
Switch to K&R style indentation.
|
||
Remove redundant spaces.
|
||
Let GCC check format string and arguments of send_request().
|
||
Fix compiler warnings.
|
||
Clean up after indent.
|
||
Link with libintl if necessary.
|
||
Fix placement of #include "config.h"
|
||
Make sure malloc() is declared.
|
||
What was I thinking?
|
||
MacOS/X needs #define _P1003_1B_VISIBLE in order to use mlockall().
|
||
port_t isn't used anymore and conflicts with MacOS/X headers.
|
||
Small fixes so tinc compiles out of the box on SunOS 5.8
|
||
Updated dutch translation.
|
||
Use /dev/net/tun as default for tun/tap device under Linux.
|
||
Update documentation.
|
||
Remarks about 1.0pre8 release.
|
||
|
||
Ivo Timmermans (9):
|
||
Put #ifndef checks for HAVE_RAND_PSEUDO_BYTES in the correct places.
|
||
Typo
|
||
OSX support
|
||
getnameinfo fixes
|
||
Add /sw/{include,lib} to search paths if they exist
|
||
Include a few more header files
|
||
Include netbsd's device.c in make dist
|
||
Added Alessandro Gatti
|
||
Added AM_MAINTAINER_MODE
|
||
|
||
Wessel Dankers (1):
|
||
This should work much better.
|
||
|
||
Version 1.0pre7 April 09 2002
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (9):
|
||
Make configure --help output look nicer.
|
||
Don't check_network_activity() if select() is interrupted by a signal.
|
||
check_rsa() is broken, I don't know why, just remove it for now.
|
||
Fix maskcheck() and maskcmp().
|
||
Automake forgets about depcomp, remind it.
|
||
masklength is better known as prefixlength.
|
||
masklength is better known as prefixlength
|
||
Updated dutch translation.
|
||
Remarks about 1.0pre7 release.
|
||
|
||
Version 1.0pre6 March 27 2002
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (91):
|
||
Forgot to merge new files from pre5.
|
||
Last bits of the merger.
|
||
Sensible defaults for $INTERFACE.
|
||
- If no PrivateKeyFile is specified, /etc/tinc/netname/rsa_key.priv is assumed.
|
||
Small fix.
|
||
Added support for packet compression, thanks to Mark Glines.
|
||
Don't use sa_sigaction (which NetBSD doesn't like) at all if we don't use siginfo.
|
||
Get rid of sys/signal.h.
|
||
Added device.c for NetBSD, actually a copy of the OpenBSD one.
|
||
Add check for NetBSD.
|
||
- Non-blocking connect()s.
|
||
Fix segfault when receiving HUP signal.
|
||
Use AF_UNSPEC for listening sockets if AddressFamily = any.
|
||
Forward packets in router mode.
|
||
Fix maskcmp() and maskcpy().
|
||
Cache results of lookup_subnet_...().
|
||
Protocol now also exchanges cipher/digest/maclength/compression for the
|
||
Preserve inpkt->len, needed for broadcasts.
|
||
- Use gai_strerror() where appropriate
|
||
- Change SA_LEN to SALEN, former one is already defined on some platforms.
|
||
Tweaking IPv6 support.
|
||
Allow multiple listening sockets.
|
||
Fix send_request() bug.
|
||
Make BindToInterface work.
|
||
Fix listening sockets.
|
||
If "PriorityInheritance = yes" is specified in tinc.conf, the value of the
|
||
Create/bind TCP and UDP listening sockets in pairs.
|
||
Updated documentation.
|
||
Updated dutch translation.
|
||
- Global time_t now, so that we don't have to call time() too often.
|
||
Document and clean up MAC address expiry.
|
||
Woops.
|
||
Check if BindToDevice and PriorityInheritance are supported.
|
||
Fix forwarding of IPv6 packets.
|
||
po/POTFILES and po/Makefile should not be generated by configure.
|
||
Autodetect $MAKE/gmake/make.
|
||
Small fixes to improve portability.
|
||
Don't retry to make outgoing connections when exitting.
|
||
Cleanups, spelling fixes, allow symbol names for signals (-k option),
|
||
prune_connections() before build_fdset().
|
||
Try to reply to neighbor solicitation requests.
|
||
New strategy: forward icmp6 neighbor solicitations to intended target.
|
||
Simplified implementation of Kruskal's minimum spanning tree algorithm.
|
||
Packet sequence number/authentication warnings only if debug_lvl >= 5.
|
||
Remove silly cache thingy.
|
||
Put #ifdef NEIGHBORSOL around corresponding code.
|
||
Revert changes to Kruskal's algo.
|
||
Neighbor solicitation requests now work (I think).
|
||
Oops, don't forget to actually put the checksum in the response packet.
|
||
Different way of detecting neighbor solicitation requests.
|
||
Typo.
|
||
Unmap v4mapped sockaddrs.
|
||
Only unmap IPv6 addresses.
|
||
#define s6_addr32, needed for FreeBSD.
|
||
Fix #define s6_addr32.
|
||
Remember sockaddrs of listening sockets, use appropriate one when sending
|
||
Cleanup.
|
||
Don't use s6_addr[16|32] anymore.
|
||
Updated dutch translation.
|
||
Updated SSSP algorithm to automatically detect indirect links (if a node uses
|
||
Put a break on requests that run around in circles.
|
||
- Added support for jumbograms.
|
||
Fix add_edge_h().
|
||
Fix compiler warnings, strictly use long int and %lx for options.
|
||
send_ack() was broken.
|
||
free() request strings when deleting past requests from the tree.
|
||
Don't run graph algorithms if no edge is deleted in terminate_connection().
|
||
Reset retry timeout when receiving the first PONG, not right after receiving the ACK.
|
||
Don't try to execute scripts unless they exist.
|
||
Execute hosts/name-up when a node becomes reachable, and hosts/name-down
|
||
Set $INTERFACE correctly when using ethertap while compiled with tun/tap support.
|
||
Updated dutch translation.
|
||
Respect type field.
|
||
OpenBSD tun device uses address family number instead of Ethernet type.
|
||
Configuration variables were still handled case sensitively.
|
||
Set myself->status.reachable.
|
||
Updated documentation.
|
||
Tell a little bit more about security.
|
||
Send REQ_KEY only once until ANS_KEY has arrived.
|
||
Fix execute_script().
|
||
Small correction.
|
||
Merge do_prune() with build_fdset(). Probably fixes the invalid filedescriptor error.
|
||
Extend list_t with the number of elements in the list.
|
||
Limit the amount of packets in a queue to 8.
|
||
Small updates.
|
||
Remove cruft.
|
||
Recent automake uses $(AMTAR) instead of $(TAR)
|
||
Remove symlink to device.c when doing a make dist.
|
||
Fix format strings.
|
||
Update dutch translation.
|
||
Update with information about the pre6 release.
|
||
|
||
Version 1.0pre5 February 10 2002
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (109):
|
||
Small fixes to allow correct compilation under FreeBSD (tested with 4.3)
|
||
Make sure Solaris is happy too.
|
||
Fix subnet_lookup() for overlapping subnets. Needs rethinking.
|
||
Added proxy-arp support. No more ifconfig -arp needed. Works like a charm
|
||
- tinc can now act as a switch or a hub too (as opposed to a router only)
|
||
Changed some stuff to allow correct generation of po/Makefile after a
|
||
Updated dutch translation.
|
||
- This oneliner removes the need for ifconfig tap? hw ether fe:fd:0:0:0:0
|
||
Fix bug where lookup_subnet_ipv4() could go into an infinite loop.
|
||
You can now put an option "Mode" in tinc.conf, and choose from:
|
||
Add missing? counting of total_socket_in.
|
||
Log and warn about duplicate subnet_add()'s for the same subnet.
|
||
Fixes to make switching work between hosts that have no meta-connection.
|
||
Save configure cache more often.
|
||
Changed drastically because it didn't work correctly:
|
||
Only reset seconds_till_retry when we activate the outgoing connection.
|
||
Woops - big bug in send_key_changed fixed.
|
||
- Solaris compile fixes
|
||
Check for and add -ldl.
|
||
Remove #warnings I used for debugging stuff.
|
||
Reinstated search for if_tun.h in kernel source tree, because apparently
|
||
Spanish translation removed. Nobody maintains it, and it is severely
|
||
ABOUT-NLS is created by autogen.sh.
|
||
Don't build Spanish translation.
|
||
Execute tinc-down BEFORE tap device is closed. This is a. more symmetric
|
||
es.po revived.
|
||
Also remove po/Makefile.in.in, which is generated by autogen.sh.
|
||
Log error if two hosts connect with same IP/port tuple.
|
||
Fix gcc 3.0 warnings.
|
||
Check for dlopen in standard libraries first (needed for DEC OSF).
|
||
It appears that autogen.sh doesn't like es.po if it isn't mentioned in
|
||
Update of RedHat build scripts.
|
||
Dutch translation updated.
|
||
More items marked as done.
|
||
Fix printf format bug.
|
||
Fix compiler warning.
|
||
Check for all potential duplicate entries in the id tree.
|
||
- Always use <openssl/include.h> instead of just <include.h>
|
||
Don't load table of verbose OpenSSL errormessages.
|
||
Correct inclusion of standard if_tun.h header file.
|
||
Split connection list into two lists:
|
||
Correctly use the active_tree.
|
||
Remove all unnecessary status.meta and status.active checks.
|
||
Added purge_tree for connection_t's which are no longer in the connection,
|
||
Updated terminate_connection() so you can choose if DEL_HOSTs should be
|
||
Always close all sockets in terminate_connection().
|
||
Woohoo! tinc now compiles, runs and actually *works* on Solaris!
|
||
Started writing a document about how daemons connect to each other.
|
||
Described problem in more detail.
|
||
Small update.
|
||
Correctie.
|
||
Written down a possible solution.
|
||
Discuss how sending ADD_EDGEs would be better than sending ADD_HOSTs.
|
||
More on edges.
|
||
Don't use %m in fprintf().
|
||
Write public key to rsa_key.pub instead of rsa_key.priv (if not host
|
||
The val variable in a config_t is never used as a long.
|
||
Explicitly log which type of tunnel device is used.
|
||
Don't send DEL_HOSTs when !status.meta
|
||
Fix signed comparison bug in lookup_subnet_ipv4().
|
||
Remove IndirectData support for now, new implementation will be added
|
||
Revised reconnection mechanism, always try out all ConnectTo lines.
|
||
Optional signal number for -k option.
|
||
config_t* is a const parameter in get_config_val().
|
||
- Try old TUN/TAP ioctl() request if the one from if_tun.h fails.
|
||
Not only keep track of nexthop, but also of lastbutonehop. If destination cl
|
||
Show next- and lastbutonehop when dumping connectionlist to syslog.
|
||
Try next connectto instead of the same over and over.
|
||
Fill in next- and lastbutonehop for myself.
|
||
- Renamed lastbutonehop to prevhop.
|
||
Fix bug where tinc would crash because of a portscan or a connection from a
|
||
- Use ping timeout mechanism to close connections that don't authenticate
|
||
Fix bug when dropping an old connection in favour of a new one from the
|
||
Updated dutch translation.
|
||
Started implementing doc/CONNECTIVITY.
|
||
Small corrections.
|
||
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a
|
||
Removed everything from connection.c that has already been moved to node.c and
|
||
Revamp configuration handling:
|
||
More updates to new node/vertex/connection combo.
|
||
- Split tap device stuff out of net.[ch]
|
||
Added FreeBSD tap device handling.
|
||
Solaris tun device handling cleaned up a bit and added.
|
||
Forgot to remove some old #ifdef stuff.
|
||
Added OpenBSD tun device handling. Untested though.
|
||
Forgot the tun specific stuff.
|
||
Support new files (node/vertex/device.[ch]) and OpenBSD.
|
||
Big bad commit:
|
||
Make sure everything links.
|
||
Various small fixes to make tinc runnable again.
|
||
What was I thinking? s/vertex/edge/g.
|
||
- More s/vertex/edge/g
|
||
- More changes needed for Kruskal's algorithm
|
||
Working version of Kruskal's algorithm. The running time is very bad though.
|
||
Various fixes, tinc is now somewhat capable of actually working again.
|
||
More updates to protocol handlers and reimplemented terminate_connection().
|
||
- Small fixes to graph algorithms
|
||
Don't forget to read public RSA key when making an outgoing connection.
|
||
Show cfg->variable instead of cfg->value when complaining about wrong type.
|
||
Avoid connecting to another node twice, and check name of outgoing connections.
|
||
Some very small fixes
|
||
Use PEM functions as suggested by OpenSSL docs.
|
||
Several bugfixes.
|
||
*** empty log message ***
|
||
Be liberal in what you accept: allow unknown edges to be deleted.
|
||
Correctly check if subnet owner exists.
|
||
Various fixes needed for Solaris.
|
||
More fixes for Solaris.
|
||
Merging of the entire pre5 branch.
|
||
|
||
Ivo Timmermans (32):
|
||
New make target: `make release'
|
||
Changed version number to 1.0-cvs
|
||
Don't distribute autogen.sh in a release
|
||
Don't include the debian/ dir in a release
|
||
Small fix to make it compile again
|
||
Killing tincd with SIGINT causes it to toggle between the current
|
||
Check for getaddrinfo
|
||
Check for getnameinfo, gai_strerror, freeaddrinfo
|
||
Credit OpenSSH
|
||
Check for struct addrinfo
|
||
Deprecated get_config_ip and get_config_port
|
||
Use struct addrinfo in connection_t to hold all host data such as IP
|
||
Changed prototype for lookup_connection to use struct addrinfo
|
||
Changed lookup_connection to use struct addrinfo
|
||
Removed definitions of ipv4_t, ipv6_t, port_t
|
||
Obsoleted all IP<x> types in favor of struct addrinfo
|
||
Changed to use struct addrinfo where needed.
|
||
get_config_{ip,port} removed.
|
||
Don't compile/link netutl.c.
|
||
Obsoleted.
|
||
Don't include netutl.h.
|
||
(re)added port to struct node_t
|
||
Added HAVE_STRUCT_ADDRINFO
|
||
Added dropin replacements for get*info and helper functions.
|
||
First part of rewriting things to use struct addrinfo.
|
||
lookup_node_udp changed.
|
||
Don't include netutl.h.
|
||
route_ipv4 and route_ipv6 replaced by route_ip.
|
||
get_config_subnet needs to be fixed.
|
||
Fixed silly typo: "np" instead of "no"
|
||
Don't include netutl.h.
|
||
Conversion to struct addrinfo is almost complete for this file.
|
||
|
||
Wessel Dankers (1):
|
||
make is not always GNU make.
|
||
|
||
Version 1.0pre4 May 25 2001
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (97):
|
||
Porting to FreeBSD:
|
||
- Added balanced tree management stuff as well. (It is not finished yet.)
|
||
- Simplified do_detach
|
||
- Removed stray @INCLUDE@ (how did that get there?)
|
||
- Fixed searching
|
||
- Implemented deletions
|
||
- Fix tree head/tail upon insertion
|
||
- Fixed a lot of small things. Tested everything except deletions.
|
||
- Deletion also works now.
|
||
- Small fixes
|
||
- Integrate rbl trees into tinc.
|
||
- Proper initialization of rbltree structures.
|
||
- Various small fixes.
|
||
- More fixes.
|
||
- Check for NULL tree->delete callback
|
||
- Cleaned up and checked for some more NULL pointers in rbl.c
|
||
- Write pidfile AFTER detaching...
|
||
- No more %as.
|
||
- Work with the correct key buffer in ans_key_h
|
||
- More porting to FreeBSD and Solaris.
|
||
- Fixed all (except 2) compiler warnings gcc -Wall gave.
|
||
- #include <stdlib.h> instead of <malloc.h>
|
||
- Don't link with -ldl anymore
|
||
Another big & bad commit:
|
||
- Added Armijn to the list
|
||
- Added daemon() replacement.
|
||
- Use only one socket for all UDP traffic (for compatibility)
|
||
- Don't even think about using sscanf with %as anymore
|
||
- AVL tree routines: faster than RBL, and also more stable.
|
||
- Doubled size of trace buffer for easier debugging.
|
||
- Let user choose whether keys are in the config files or separate
|
||
- Updated dutch translation.
|
||
- Check and follow symlinks in is_safe_path
|
||
- Changed license of AVL tree library to GPL.
|
||
- Updated manual pages.
|
||
- Updated texinfo manual.
|
||
- Typo.
|
||
- Changed list routines to give it the same look'n'feel as the rbl and
|
||
- Reinstated a queue for outgoing packets.
|
||
- Added header file for route.c. The routing routines in it are not used
|
||
- Description of protocol and authentication updated.
|
||
- It's 2001, all copyright notices are updated.
|
||
- Fixed IPv6 subnet lookup routine.
|
||
- Added indirectdata and tcponly functionality.
|
||
- Squashed another nasty bug.
|
||
- Sign was wrong in search_closest_smaller/greater
|
||
- Cleaned up subnet_t
|
||
- Only send out DEL_HOSTs for hosts with a meta connection
|
||
Added sample configuration directory.
|
||
- Copy entire sample-config directory to /etc/tinc/example upon installing.
|
||
- Allow ASN1 style keys to be in the config files.
|
||
FreeBSD compile fixes (thanks to XeF4)
|
||
Fix memory leak in avl_insert() if item was already inserted.
|
||
Updated dutch translation.
|
||
Removed another local definition of the variable "errno"
|
||
Added .cvsignore files to get rid of warnings and prevent autogenerated
|
||
Ignore file for src/
|
||
- Updated CVS_CREATED to remove intl/ directory and some other
|
||
Added description of the proposed new authentication scheme.
|
||
Corrected check for errors after read() calls.
|
||
Add missing \n.
|
||
Free node->data and node, not node->data twice.
|
||
Copy packets before putting them in the queue.
|
||
Encrypt network packets in CBC mode instead of CFB mode.
|
||
Implemented new authentication scheme from doc/SECURITY2.
|
||
Added process.c to the translated files.
|
||
- Make sure METAKEY is smaller than the modulus of the RSA key
|
||
Don't forget to reconnect if outgoing connection fails during
|
||
- Fixed Interface option (untested)
|
||
Removed lots of compiler warnings.
|
||
Removed compiler warning.
|
||
Various small fixes.
|
||
Added explaination of our key exchange using RSA encryption.
|
||
- route.c is now used to determine destination
|
||
Updated translation.
|
||
Added a description of what is going on in net.c and route.c, and how
|
||
Fixed a race condition triggered by receive_meta() and the new
|
||
Fixed bug in setup_signals() that would make tinc die when unexpected
|
||
Ignore alarm signals if we do not need to respond to them.
|
||
Check indirectdata option before forwarding certain requests.
|
||
Depend on new ssl package and install alias for universal TUN/TAP module.
|
||
Correctly cycle through ConnectTo variables.
|
||
- s/ip_t/ipv4_t/g
|
||
- Make sure correct information is supplied for both old kernels (with
|
||
More revisions to the documentation:
|
||
Changed URL from kernelnotes.org to linuxdoc.org.
|
||
Add randomness to PING/PONG packets to prevent crypto attacks on quiet
|
||
Since this is incompatible with some earlier versions, PROT_CURRENT is
|
||
All features for 1.0 are implemented now, we just have to check the
|
||
Only send key_changed if it was previously requested.
|
||
Small fixes:
|
||
Small corrections to the manuals.
|
||
With recent kernels the tun device file is located in /dev/net.
|
||
TCPonly now works (in a relatively clean way too).
|
||
Merged PROTOCOL, NETWORK and SECURITY2 with the texinfo manual.
|
||
Documents are merged. Now we only need to check the ports and the TCPonly
|
||
Fix sample configuration to show keys in PEM format and correct tapdevice.
|
||
|
||
Ivo Timmermans (88):
|
||
Add a check for openssl that accepts explicit file locations.
|
||
Identify version as 1.0pre4-cvs
|
||
Better checks for OpenSSL. I think it can now detect almost all conceivable installations.
|
||
Oops, small error.
|
||
Get rid of the annoying empty line
|
||
Also check for rand.h and err.h. If any of these files does not
|
||
Also check for sha.h.
|
||
Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during
|
||
Let the output from an executed script in execute_script() go to
|
||
List management and manipulation routines.
|
||
Keep a list of running children, and in each loop in main_loop(),
|
||
Move all process-related functions into process.c.
|
||
New function: xmalloc_and_zero, which initialises the allocated memory
|
||
Delete struct ifr
|
||
Move more functions from tincd.c into process.c.
|
||
Use proper prototypes.
|
||
Added this release
|
||
More function and header checks
|
||
Also include process.h
|
||
Get rid of all libtool references at once. libtool was only used by
|
||
Honor the --localstatedir option to configure, instead of hardcoded /var.
|
||
Add more checks to ensure that filedescriptors are right in
|
||
Declare fd.
|
||
Do not use the C library's daemon() call.
|
||
Do not check for the daemon() system call
|
||
Do not attempt to retreive ChangeLog information only from the CABAL
|
||
Set localstatedir to /var
|
||
Use cvs2cl instead of rcs2log to generate the ChangeLog.
|
||
Set CFLAGS to -O2 -Wall when running configure
|
||
Alter CFLAGS, somehow INCLUDES doesn't propagate properly. Still
|
||
Set errno to 0 before trying to kill the other process.
|
||
Explain how to tell configure where OpenSSL lives.
|
||
Call autogen.sh instead of configure alone; and make cvs-clean instead
|
||
Add default tinc-up and tinc-down scripts for a Debian system. These
|
||
Updated Spanish translation, provided by Enrique Zanardi.
|
||
Give an error message if daemon() failed.
|
||
Check for the function strsignal, and define it to "" if it is not
|
||
Sort items to either 1.0 or future release goals.
|
||
Use sigaction to set signal handlers, the previous commit (1.1.2.16)
|
||
Save RSA public and private keys to a separate file, instead of
|
||
dropin.c/h contain a set of drop-in replacements for non-standard C
|
||
Check for get_current_dir_name. There is a replacement function in
|
||
Added a check for a scanf that knows about %as.
|
||
Implemented a readline() function that will read an entire line into a
|
||
xstrdup now takes a const pointer as an argument.
|
||
Use readline() in read_config_file() instead of fgets.
|
||
Also free the pointer returned by readline().
|
||
Updated Dutch translation
|
||
Implemented is_safe_path, and extended ask_and_safe_open.
|
||
Read the PEM file pointed to by the configuration directive
|
||
The file is safe if it doesn't exist.
|
||
In readline(): initialise the line to zero length;
|
||
Better error checking when reading the RSA private key.
|
||
Avoid printing duplicate messages from read_rsa_keys
|
||
New function read_rsa_public_key();
|
||
All full stops have two spaces after them. (Silly commit, I know.)
|
||
Tagged `Storing private key in separate file' as done.
|
||
readline() accepts two extra parameters, buf and buflen, to avoid
|
||
Use buffer instead of line in read_config_file(), line may be assigned
|
||
Stated that distributing executables linked with OpenSSL is permitted
|
||
Include COPYING.README in the distribution.
|
||
Added documentation merger
|
||
Sort configuration directives
|
||
Option -d accepts an argument to set the debug level immediately.
|
||
Massive long awaited documentation update. It's not finished yet,
|
||
Oops. I did some VERY wrong things with readline(). Fixed now.
|
||
Tiny bits of code beautifying
|
||
Install a file in /etc/modutils/tinc, containing all necessary aliases
|
||
Ported it back to /bin/sh.
|
||
Give a warning about having to re-create the keys
|
||
Re-introduced MyVirtualIP and VpnMask, as dummy options.
|
||
Various small changes.
|
||
Include autogen.sh (needed for the Debian package).
|
||
Forget router.c
|
||
Added lint target, requires lclint.
|
||
Fix error reporting of read_config
|
||
Set Architecture to `any'
|
||
Change version to 1.0pre4
|
||
Second draft of the release notes
|
||
Merged documentation with various updates I had lying around
|
||
Get the Debian changelog up to date
|
||
Get the PO files up to date with the current source
|
||
Fixed some errors
|
||
Distribute the sample config as a .tar.gz
|
||
Unpack sample-config.tar.gz when installing
|
||
More files to ignore in CVS
|
||
tinc_TUNTAP now substitutes the values outside the AC_CACHE_CHECK
|
||
Authentication done
|
||
|
||
Wessel Dankers (1):
|
||
Important bugfix in avl_insert_before() and avl_insert_after()
|
||
|
||
Version 1.0pre3 November 09 2000
|
||
------------------------------------------------------------------------
|
||
|
||
Guus Sliepen (119):
|
||
Debian init.d script automatically sets tap device's MTU to 1448 now.
|
||
First step for implementation of the "indirectdata" directive. This should
|
||
If we have "indirectdata" flag set, we only send data to our uplink.
|
||
Large cleanup:
|
||
Added CVS Id tags to header files.
|
||
- Log possible spoofing attacks.
|
||
Hostnames are back!
|
||
Hostlookup() is actually being called now.
|
||
- More verbose connection list
|
||
Fixes some hostlookups. Fixes indirectdata for real now (hopefully).
|
||
- Indirectdata finally REALLY REALLY works now!
|
||
- Moved all connection messages to debug level 1, without -d's only the
|
||
- Fixed KEY_CHANGED notification. A lot of notify_others() calls were
|
||
- Fixed indirectdata=no problem
|
||
- Improved handling of errors on connection attempts.
|
||
- Purge old connections that are ADD_HOSTed.
|
||
- Fixes a silly little insignificant buglet.
|
||
- Extra check op EINTR bij inlezen requests
|
||
- Fixed some spelling errors.
|
||
- Fixed missing " in nl.po
|
||
- Fixed a message in nl.po
|
||
- Added log message when SIGCHLD is received ("thanks" to Ivo van Dong)
|
||
- Updated Dutch translation.
|
||
- Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
|
||
- New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
|
||
- Fixed memory leak.
|
||
- Removed segfault bug in conf.c (must have been there for ages!)
|
||
- Instead of logging an error when remote end closes the connection,
|
||
- Made tinc even more silent if no -d flag is given at all.
|
||
- Added documentation for the protocols (most important the meta protocol)
|
||
- Removed a single unused bit from status_bits_t.
|
||
- Updated PROTOCOL (a bit)
|
||
- Forgot to mention ourselves in the tincd manual page! :)
|
||
- Added Spanish translation from Enrique Zanardi.
|
||
- Updated THANKS file
|
||
- Delayed address resolving for ConnectTo lines in configuration file to
|
||
- Fixed typo.
|
||
- Added experimental hackish tunneling-over-TCP support.
|
||
- Lots o' buglets fixed (-Wall helps)
|
||
Fixed PACKET read loop.
|
||
Removed calling add_queue for tcponly packets.
|
||
- Added date/time of build and protocol number to --version output.
|
||
- Moved TCP packet reception to meta handler: less kludgy and less buggy!
|
||
- Reinstated O_NONBLOCK for meta socket
|
||
- Added two extra configuration options, Interface and InterfaceIP, to
|
||
Fixed all sprintf() spl01ts.
|
||
Ran update-po and updated dutch translation.
|
||
Commented on some size calculations.
|
||
Updated the manual:
|
||
Updated tinc.conf manual.
|
||
Fix rules (thanks to Laurence)
|
||
- Use strerror() instead of sys_errlist[] for increased portability
|
||
- New protocol. Will break everything else for now.
|
||
- Added more function skeletons for the new protocol.
|
||
- Lots of functions added for the new protocol.
|
||
- Some key exchange stuff. (Last commit before going to bed.)
|
||
- Fixed modulo in keylength check
|
||
- Lots of small changes.
|
||
Added document about the used cryptographic algorithms and the reasons
|
||
- Included authentication scheme from protocol.c
|
||
- Updated authentication scheme.
|
||
- Severe code reduction and simplification of challenge requests
|
||
- Removed options "string" stuff. It was a bad idea...
|
||
- Very detailed example of the authentication phase.
|
||
- Added meta.c which contains functions to send, receive and broadcast
|
||
- Added subnet handling code
|
||
Removing cipher directory (all will be covered by OpenSSL).
|
||
Big and bad commit of my current tree...
|
||
- Changed genauth to produce rsa keypairs instead of random passphrases.
|
||
- Generalized config file parsing to support multiple configuration trees.
|
||
- Fixing-things pass: every source file compiles into an object file now,
|
||
- Second fixing-things pass: it even links now.
|
||
- The daemon actually runs now (somewhat)
|
||
Corrected #ifdefs for tun/tap support.
|
||
- Fixing little things
|
||
- More fixing. Tinc daemons can now even create activated connections.
|
||
- Seed the PRNG using /dev/random before generating the keys.
|
||
- tinc now really does public/private key encryption! It even works, whee!
|
||
- Made Makefile.am stub for doc/es/
|
||
- Removed last reference to genauth from Makefile.am
|
||
- Fixed all debug levels.
|
||
- route.c will contain the routing logic.
|
||
- Lots of little stuff modified
|
||
- Updated subnet list handling. Subnets are added to two lists now, the
|
||
- Lots of small fixes
|
||
- Fixed offsets when reading/writing from/to tap device
|
||
- Override destination ethernet address on incoming packets with
|
||
- Very big cleanup.
|
||
- Fixed ans_key_h
|
||
- Hit people who can't figure out subnet address/mask pairs with a
|
||
- Enforce correct order of authentication requests
|
||
- Moved connlist stuff to the proper header file.
|
||
- Updated dutch translation.
|
||
- Removed old encr stuff
|
||
- Small fixes
|
||
- Use CFB mode for encrypting packets: it works and we don't need padding.
|
||
- Finishing touch: encrypt the meta connections
|
||
- Small cleanups
|
||
- Fixed some spelling mistakes and terminology here and there.
|
||
- Update.
|
||
Removed config file parsing and interface setup. This will be handled by
|
||
- Removed unused MAC strip/add functions.
|
||
- Removed even more warnings.
|
||
- Resolve scriptname after fork()
|
||
- Removed manpage for no longer existing genauth.
|
||
- connlist.c added to translation
|
||
- Don't forget to set packet cipher for added hosts.
|
||
- Forward keys in hex notation, not as binary data.
|
||
- Check for packets that are looping back.
|
||
- Simplified ping mechanism.
|
||
- Prepended config_ to all configuration option names, because it confused
|
||
Changed execution of tinc-up:
|
||
- Open UDP connection for all known hosts. Comments please.
|
||
Porting to SunOS 5.8:
|
||
Porting to SunOS 5.8:
|
||
- Fixed --config
|
||
- Applied Jamie Brigg's patch (close sockets after error)
|
||
- Add Jamie :)
|
||
- Make checkpoint tracing a compile time option (off by default)
|
||
|
||
Ivo Timmermans (77):
|
||
Alphabetized the list, added Lubom<6F>r Bulej, removed Sander Smeenk and Tijs van Bakel, put merits after all names.
|
||
Don't touch VPNMASK if it's defined, otherwise use $MSK.
|
||
These files are created by gettextize (run by autogen.sh) (should have known that).
|
||
Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries.
|
||
Merge changes from 1.6-1.8.
|
||
Configuration directive `IndirectData'.
|
||
Changed version number to 1.0pre3.
|
||
Version 1.0pre3.
|
||
Removed Free Software Foundation copyright, because Guus Sliepen contributed significantly.
|
||
Oops, and mention Guus too.
|
||
Include the Spanish translation in the distribution/build process.
|
||
(Quoting Laurence Lane:)
|
||
Also chomp $VPNMASK
|
||
Added a rule to create an rpm
|
||
Changed CVSROOT path in `make ChangeLog'
|
||
Link with OpenSSL crypto libraries instead of own blowfish library
|
||
Updated text, removed protocol flowchart
|
||
Include openssl/blowfish.h
|
||
Support for -lsocket and -lnsl on SunOS
|
||
Correct filenames for passphrases given in the example
|
||
Add Guus' name and shift out old protocol requests
|
||
Better checks for SunOS libraries
|
||
Added some structures and types that are needed for the overhaul.
|
||
New directive: Name.
|
||
First round of needed fixes after the overhaul
|
||
Second round of fixes
|
||
Added Spanish translation of the docs by Matias Carrasco
|
||
Many updates, parts rewritten, added, shuffled around.
|
||
Link with OpenSSL, forget libGMP
|
||
Updated new requirements, pointers to the manual
|
||
Don't look for GMP header files
|
||
Update Depends lines to reflect the dependencies on OpenSSL
|
||
Fix `Requirements'-section for GMP and OpenSSL libraries.
|
||
Add CVS id lines
|
||
Add checks for the presence of the universal tun/tap device driver.
|
||
Wrap the tun/tap code in #ifdef HAVE_TUNTAP
|
||
Linearized checks for if_tun.h
|
||
Really #include the if_tun.h files now
|
||
Output doc/es/Makefile
|
||
Process subdir es/
|
||
Don't declare cp_file and cp_line in xmalloc()
|
||
Get the head revision up to date with cabal
|
||
Changed changelog
|
||
Include linux/sockios.h and net/if.h anyway, regardless of the value of HAVE_TUNTAP.
|
||
read_server_config: Check for result of read_config_file.
|
||
Oops, echelon change committed to cabal... :)
|
||
Skip the check for Linux kernel sources
|
||
This file is no longer needed.
|
||
- Synchronized changelog with the package's changelog.
|
||
Do not include $(top_srcdir)/cipher, it does no longer exist.
|
||
Added a perl example to turn an IP address into a MAC address.
|
||
Only check for linux/if_tun.h once
|
||
Changed `I' to `We' - small change, lots of difference :)
|
||
More exhaustive list of changes - perhaps it can be worded differently?
|
||
Change wsl to Wessel's name and email address in the ChangeLog creation
|
||
Mention fileutils, add a pointer to THANKS for more details
|
||
Changed a few messages wrt. system calls; updated and changed the Dutch translation a bit.
|
||
Don't include shlibs, as it no longer exists.
|
||
Oops, and include doc-base.tinc (new file).
|
||
- If necessary, patch po/Makefile.in from po-Makefile.in.in.diff to
|
||
Minor cosmetic change.
|
||
Save the environment on startup.
|
||
Run the scripts tinc-up and tinc-down from a separate function, which
|
||
Warnings removal pass: always include config.h first; add a few
|
||
Small change to the way the environment is copied.
|
||
Use putenv() instead of clumsy do-it-yourself in execute_script.
|
||
Do not include the passphrases directory
|
||
In execute_script:
|
||
Add route.c to the list of source files.
|
||
Updated Dutch translation
|
||
Build-depends on libtool
|
||
Build-Depends on gettext
|
||
Final release notes added, also edited release notes for 1.0pre2 to what the announcement on the mailing list looked like.
|
||
Wrapped text to 70 (72?) columns for easy reading
|
||
Bop version number to 1.0pre3-1
|
||
Updates, updates
|
||
Add prototype for destroy_queue
|
||
|
||
Wessel Dankers (3):
|
||
File added to CABAL (hopefully)
|
||
Grrr, recommit
|
||
Added architecture section, made a start with the kernel section.
|
||
|
||
Version 1.0pre2 May 31 2000
|
||
------------------------------------------------------------------------
|
||
|
||
Ivo Timmermans (56):
|
||
Deleted the protocol description.
|
||
Perl version of the system startup script.
|
||
Only print an error with send_termreq if debug_lvl is 2 or more.
|
||
Add check for mpz_powm in libgmp3.
|
||
Version 1.0pre1-0.1.
|
||
Changed version to 1.0pre2.
|
||
Give IP address instead of hex number when connecting tcp socket failed.
|
||
Add shlibs control file for the blowfish library.
|
||
Inserted useful content.
|
||
Add initscript, tincd->tinc.
|
||
Add description, better dependancies.
|
||
Mention both upstream authors.
|
||
tincd->tinc
|
||
.deb version number 1.0pre2-0.4.
|
||
Updated to newer version.
|
||
Exit with zero status if is empty.
|
||
Unlimited length in the config file, thanks to Cris van Pelt.
|
||
Depend on perl5.
|
||
*** empty log message ***
|
||
Look if the tap devices exist before bluntly remaking them.
|
||
Use the new VpnMask directive to add a route to the rest of the VPN.
|
||
This file is generated with dpkg-buildpackage.
|
||
Read /etc/tinc/nets.boot to find the networks that have to be started.
|
||
Create a default /etc/tinc/nets.boot after installation, containing all directories under /etc/tinc by default.
|
||
Version 1.0pre2-0.3
|
||
Don't distribute the file files.
|
||
Find networks in instead of .
|
||
Include postinst in the distribution.
|
||
Errors will not terminate the script or result in a nonzero exit code.
|
||
Updated copyright notice.
|
||
Fixed typo.
|
||
Mask the vpn net with the vpn netmask, route would give an error if the netmask didn't match the net.
|
||
When VpnMask is not present in the config file, silently use $MSK as vpnmask.
|
||
Add an example of using VpnMask.
|
||
Use /etc/tinc/example as a base directory for an example. /etc/tinc/example/README points to /usr/share/doc/tinc/README.Debian.
|
||
Create an empty /etc/tinc/nets.boot.
|
||
Updated by Lubomir Bulej and Mads Kiilerich: it uses /etc/tinc/nets.boot and the VpnMask directive in the config files.
|
||
Internationalization of tinc.
|
||
Include intl/ directory in the list of subdirs.
|
||
Include system.h and ABOUT-NLS.
|
||
Update acconfig.h to include values for gettext inclusion.
|
||
Include GNU gettext checks.
|
||
Define LOCALEDIR in CFLAGS.
|
||
Dutch translation of tinc.
|
||
Bounds check for request id (between 0 and 255).
|
||
Updated changes list for version 1.0pre2.
|
||
Added new configuration directive `Hostnames', which controls the resolving of IP addresses to hostnames.
|
||
When a connection is terminated, all hosts that are still connected get notified of the lost connections.
|
||
In terminate_connection, only send a notification to hosts that are directly connected to us. (DEL_HOST gets forwarded automatically.)
|
||
Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients.
|
||
Include news for 1.0pre2.
|
||
Tell about /etc/tinc/nets.boot.
|
||
Updated Dutch translation.
|
||
Version 1.0pre2-1.
|
||
Handle locale settings.
|
||
Miscellaneous copyright updates.
|
||
|
||
Guus Sliepen (16):
|
||
Proxymode removed.
|
||
Cleanups.
|
||
Changed ping behaviour (backwards compatible). If we don't have any data
|
||
Fixed typos.
|
||
Test for existence of configured tinc networks. This will also make
|
||
Stub for VpnMask config directive.
|
||
TODO file reinstated:
|
||
VpnMask truely works now.
|
||
Typo.
|
||
Fixed last typo. Init.d now uses ifconfig command to set both the tap's IP
|
||
Documentation updates. Removed all references to configuration variable
|
||
Fix for a DoS attack:
|
||
Fixed typos. When terminating a connection, it's status is not only set to
|
||
Made tinc persistent. If no outgoing connection can be established right
|
||
Terminate a connection on any error. Furthermore, disallow del_host,
|
||
Only activate a connection upon receiving it's public key if it's an
|
||
|
||
Version 1.0pre1 May 08 2000
|
||
------------------------------------------------------------------------
|
||
|
||
Ivo Timmermans (84):
|
||
Get rid of the message `zxnrbl\'.
|
||
Upon regeneration, free the old encryption key `securely\' by overwriting it.
|
||
Kill the parent after any error conditions in detach().
|
||
Ignore SIGCHLD.
|
||
New option -D, don't detach.
|
||
Moved to version number 1.0.
|
||
Only one round of reading bits out of urandom;
|
||
Pass the requested size from xmalloc() and xrealloc() on to xalloc_fail_func()
|
||
Check for an illegal length of passphrase in read_passphrase().
|
||
Check if stdout is a terminal, if so, print a verbose message.
|
||
Default passphrase length of 1024, added -h/--help options.
|
||
Submitted by Mads Kiilerich.
|
||
New manpage for genauth.
|
||
Updated manpages.
|
||
Address for bugreports changed to tinc@nl.linux.org.
|
||
Include the directory redhat in the build process.
|
||
Include genauth.8 in the distribution.
|
||
Submitted changes by Mads Kiilerich.
|
||
A short notice from Mads Kiilerich.
|
||
Keep make dist(dir) happy.
|
||
Added cvs-clean.
|
||
These files are not needed in release 1.0.
|
||
Don't compile in `idea'.
|
||
Don't include idea/idea.h.
|
||
Don't try to create cipher/idea/Makefile.
|
||
The shell script autogen.sh can create all these removed files, but be
|
||
s/Gnome/tinc/g
|
||
This file is obsolete, most of the ideas are already in echelon.
|
||
Remove check for bigendianness.
|
||
Don't define HAVE_NAMESPACES and HAVE_STL.
|
||
Use `make ChangeLog' to create this file from the CVS logs.
|
||
Remove test for GNOME.
|
||
Changes largely from Mads Kiilerich.
|
||
Added Mads Kiilerich, removed Guus Sliepen.
|
||
*** empty log message ***
|
||
Generate this Makefile.am from Makefile.am.in.
|
||
Contributed by Mads Kiilerich.
|
||
Spelling fixes.
|
||
Delete all the files that are created by autogen.sh on a `make cvs-clean'.
|
||
Propagate CFLAGS from configure to gcc.
|
||
Don't include TODO in the dist.
|
||
Remove ChangeLog with a `make cvs-clean'.
|
||
Initial CVS.
|
||
*** empty log message ***
|
||
Create a ChangeLog file, automake requires it.
|
||
*** empty log message ***
|
||
Debug level tweaking.
|
||
From Mads Kiilerich.
|
||
The make command is in /usr/bin.
|
||
Add an entry to dir.
|
||
Omit TODO.
|
||
Version to 1.0pre1;
|
||
Filled in the details, license from libblowfish copied.
|
||
Updated version number to 1.0.
|
||
Default config file name is tinc.conf, and pidfile is tinc.pid.
|
||
More updates wrt. the change from tincd->tinc.
|
||
Added `deb' target.
|
||
Filled up the protocol structs with unused bytes.
|
||
Got rid of the nasty hacks... and replaced it by another one.
|
||
Initially, the vpn_mask of a connection is 255.255.255.255 to avoid confusion with lookup_conn.
|
||
Replaced check for status.active by status.dataopen in check_network_activity.
|
||
New way of handling the meta protocol.
|
||
Read public keys the right way (tm).
|
||
Removed debug messages.
|
||
Read one less byte from an ANS_KEY request.
|
||
Send one less byte from an ANS_KEY request.
|
||
Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility.
|
||
Key forwarding, write one byte extra.
|
||
Committed by Lubom<6F>r Bulej.
|
||
Updates by Mads Kiilerich.
|
||
Committed by Mads Kiilerich.
|
||
Fixed meta protocol.
|
||
More tincd->tinc updates.
|
||
Mentioned new metaprotocol.
|
||
Fix a typo, better handling of the info document. (from Mads Kiilerich)
|
||
Don't use error.h or error(), put #error in front of cpp errors.
|
||
getopt_long() support for platforms that don't have it.
|
||
Include stdio.h for fprintf.
|
||
More for getopt support.
|
||
Check for the existance of libdl.
|
||
Don't link in libdl.
|
||
Include sys/types.h.
|
||
Copied most of the code from the redhat script.
|
||
Added semicolons required by bash2 (Mads Kiilerich).
|
||
|
||
Guus Sliepen (18):
|
||
Added extra checks for desynchronized connection lists. Hopefully this will
|
||
Bug found! Wrong pointer was used for handling multiple ADD_HOST requests
|
||
Added checkpoints to beginning and ending of every function.
|
||
Packet queues fixed. They caused the trouble when resending keys.
|
||
Fixed typo and removed some unnecessary variables.
|
||
When trying to talk to a host that is in the netmask of a tinc server but
|
||
Converted every &variable[0] to variable.
|
||
Cleanups:
|
||
Removed write_n() function.
|
||
Oops! Reference to write_n() removed and changed into neat write() call.
|
||
Meta protocol overhaul. Tinc is now incompatible with previous versions,
|
||
Fixed small mistake that would prevent forwarding requests.
|
||
Previous fix fixed. Meta protocol should be really flawless from now on!
|
||
Replaced sprintf() by safer snprintf(), removed possible buffer overflow
|
||
Outgoing packets now use network byte order in header.
|
||
Fixes typo and UDP network byte order.
|
||
Squashed gcc warning.
|
||
Added new config variable "ProxyMode". If enabled, all outgoing packets
|
||
|