tinc/ChangeLog
2019-08-26 13:44:51 +02:00

2698 lines
131 KiB
Text
Raw Blame History

Version 1.1pre8 August 13 2013
------------------------------------------------------------------------
Guus Sliepen (56):
Don't try to create tinc.conf when using set or add commands.
Modernize the configure script a bit.
Use conditional compilation for device.c.
Use conditional compilation for cryptographic functions.
Rename xmalloc_and_zero() to xzalloc().
Add generic crypto headers.
Add more __attribute__((malloc)) where appropriate.
Add __attribute__((warn_unused_result)) to crypto functions.
Fix warnings for functions marked __attribute((warn_unused_result)).
Add a few more checks and warnings in the crypto functions.
Enable the SPTPS protocol by default.
Fix check for presence of ECDSA public key for outgoing connections.
Use read_host_config() where appropriate.
Don't free ephemeral ECDH keys twice.
Fix potential NULL pointer dereferences.
Don't try to handle incoming data if sptps_start() has not been called yet.
Enable and fix warnings from automake.
Send a new key when we receive packets from a node we don't have a valid key for.
Annotate the xalloc functions.
Improve base64 encoding/decoding, add URL-safe variant.
Add a newline when logging to stderr in the tinc binary.
Fix port number in pidfile.
Add an invitation protocol.
Better optional argument handling.
Allow the log output to be stopped with control-C in tinc's shell.
Use strerror() instead of gai_strerror() when err == EAI_SYSTEM.
Add the LocalDiscoveryAddress option.
Set $NAME when calling host-up/down and subnet-up/down scripts.
Add connection rate limiting.
Fix warning "Both netname and configuration directory given" on Windows.
Add missing definitions on Windows.
Don't search in local directories for include files.
Don't use vasprintf() anymore on Windows.
Attribution for Etienne Dechamps.
Forbid protocol version rollback.
Allow extra options to be passed to "tinc restart" again.
Honour umask, let temporary key files inherit original's permissions.
Fix compression when using the SPTPS protocol.
Warn when incorrect use of add or set causes variables to be removed.
Allow control-C to stop tincd without stopping the tinc shell.
Don't forget the Port variable when creating an invitation URL.
Choose a different Port when 655 isn't available when doing "tinc init".
Choose a different Port when 655 isn't available when doing "tinc join".
Make absolutely sure we can write config files before accepting an invitation.
Defer handling netname conflicts when accepting an invitation.
Use umask() to set file and UNIX socket permissions without race conditions.
Clean up the SIGINT handler.
Really retry outgoing connections immediately if requested.
Non-zero exit code when reloading config file fails after SIGHUP.
Fix a typo.
Don't echo broadcast packets back when Broadcast = direct.
Move .h files from noinst_HEADERS to tincd_SOURCES.
Build .tar.gz instead of .tar.xz.
Update copyright notices.
Don't typedef the same struct in two header files.
Releasing 1.1pre8.
Etienne Dechamps (5):
Fix combination of Mode = router and DeviceType = tap on Linux.
Fix hash_function().
Disable PMTU discovery when TCPOnly is set.
Introduce lightweight PMTU probe replies.
Further improve bandwidth estimation for type 2 MTU probe replies.
Sven-Haegar Koch (1):
Modified some error messages in src/sptps.c.
Version 1.1pre7 April 22 2013
------------------------------------------------------------------------
Guus Sliepen (12):
Use UDP when using sptps_test in datagram mode.
Flush output buffers in the tap reader thread on Windows.
Better default output file for generated public keys.
Allow changing configuration with tincctl without the "config" keyword.
Avoid calling time(NULL).
Include README.android in the tarballs.
Rename tincctl to tinc.
Remove references to the config keyword.
Describe the SPTPS protocol in the manual.
Fix completion of add/del/get/set commands.
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Releasing 1.1pre7.
Version 1.1pre6 February 20 2013
------------------------------------------------------------------------
Guus Sliepen (16):
Fix datagram SPTPS.
Fix a typo.
Get microsecond time resolution on Windows.
Detect increases in PMTU.
Remove direct inclusion of OpenSSL headers in net_packet.c and tincd.c.
Fix tincd terminating immediately on Windows.
Check for writability when waiting for a socket to finish connecting.
Fix segmentation fault when trying to connect via a SOCKS5 proxy.
Don't send proxy requests for incoming connections.
Derive UNIX socket filename from PID filename.
Let the GUI use UNIX sockets if available.
Don't expect a response from tincd after sending REQ_STOP.
Fix a tiny memory leak.
Fix compiler warnings on Windows.
Fix compiler warnings on some BSD variants.
Releasing 1.1pre6.
Version 1.1pre5 January 20 2013
------------------------------------------------------------------------
Guus Sliepen (24):
Clarify the description of IndirectData and Mode = router.
Fix display of cumulative packet counters.
Fix infinite loop in timeout handling on Windows.
Fix support for tunemu on iOS devices.
Fix a typo.
Note that node Names are case sensitive.
Note that tincctl import is only meant to work with data from tincctl export.
Mention that the -L, -R and -U options are not supported on all platforms.
Don't complain about garbage if we skipped importing a host file.
Better error messages when using -L, -R or -U on platforms that do not support it.
Always complain if too many arguments are given for tincctl commands.
Check HMAC before sequence number.
Add the tincctl exchange and exchange-all commands.
Count the number of correctly received UDP packets.
Estimate RTT, bandwidth and packet loss between nodes.
Fix the minimum spanning tree algorithm.
Handle SIGINT gracefully.
Move make_names() and related variables to its own source file.
Fix compilation of UML and VDE device support.
Allow connections via UNIX sockets.
Make sure PriorityInheritance also works in switch mode.
Remove possible definition of timersub(), which is also in dropin.h.
Fix tincctl init when /etc/tinc does not yet exist.
Releasing 1.1pre5.
Version 1.1pre4 December 05 2012
------------------------------------------------------------------------
Guus Sliepen (35):
Fix warnings from groff.
Keep track of the number of nodes in a tree.
Add the AutoConnect option.
Slightly randomize all timeouts.
Fix potential buffer overflow reading the PID file.
Using alloca() for a constant sized buffer is very silly.
Make sure PMTU discovery works in switch mode with VLAN tags.
Mention libcurses and libreadline in the manual.
Mention in the manual that support for LZO and zlib can be disabled.
Fix index entry for section about readline library.
Fix configure script help text for --enable options.
Don't take the address of a variable whose scope is about to disappear.
Send broadcast packets using a random socket, and properly support IPv6.
Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
Disable support for kqueue on MacOS/X.
Also don't use poll() on MacOS/X.
Choose a suitable socket when updating a node's UDP address.
Try all known addresses of node during PMTU discovery, now also for SPTPS.
Improve UDP address selection.
Ensure MTU probe replies are sent back the same way they came in.
Drop libevent and use our own event handling again.
Allow multiple timeouts to expire at the exact same time.
Fix check for expired events.
Fix use of unitialised values in hash tables.
Set a node's pointers to zero before trying to insert it into a tree.
Fix crash in timeout handling.
Fix compiler error on Windows.
More fixes for Windows.
Add option to dump only a list of reachable nodes.
Remove GraphDumpFile from the manual and manpages.
Fix compiler warnings on OpenBSD.
Don't use nested functions.
Scale packet counters similar to byte counters.
Fix whitespace.
Releasing 1.1pre4.
Version 1.1pre3 October 14 2012
------------------------------------------------------------------------
Guus Sliepen (384):
Created the 1.1 branch where large code changes can take place,
Only free members of connection_t that have been allocated.
Port fixes from release 1.0.8.
Properly delete listener socket events on shutdown.
128 listener sockets is way too much.
Use a separate event structure to handle meta data writes.
Use libevent to dump graphs when necessary.
Use libevent to handle HUP signal.
Configure events after obtaining a socket.
Use libevent to send MTU probes.
Use libevent for retrying outgoing connections.
Remove legacy event system.
Properly use the timeout_initialized() macro.
Use libevent to handle all non-fatal signals.
Redo SIGALRM handling.
Use libevent to age past requests.
Use libevent to age learned MAC addresses.
Use libevent to handle key expiration.
Move key regeneration handling to net_setup.c.
Remove global variable "now".
Remove the last bits of the legacy main_loop().
Remove last references to the global variable "running".
K&R style braces
Use splay trees instead of AVL trees.
Detect duplicate outgoing connections.
More consistent variable naming.
Show branch version number.
Update documentation.
Start of control socket implementation.
We can safely delete a connection_t in terminate_connection() now.
Fix retrying outgoing connections.
Remove pidfile in favour of control socket.
Move key generation to tincctl.
Implement "stop" command, and allow tincctl to retrieve a running tincd's PID.
Use bufferevents to handle control socket buffering.
Use libevent for meta socket input/output buffering.
Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption.
Create wrappers for the cryptographic operations used in tinc.
Make sure the crypto wrapper functions can actually be compiled.
Some more crypto wrapper functions are needed.
Finish crypto wrapping. Also provide wrappers for OpenSSL.
Only check for libgcrypt if --with-gcrypt is used.
Fix formatting of --help output.
Small fixes to make gcrypt routines compile.
Apply patch from Scott Lamb: Update documentation to match tincctl changes
Fix connection weight estimation.
Use a dummy function as the read callback for connection bufferevents. Should not be triggered.
Fix meta data segfault when receiving a partial command.
Prevent double free() of a used challenge nonce.
Look in the configured sbin directory for the tincd binary.
Only show meta connection related debug messages when debug level >= 4
Move AC_GNU_SOURCE up to make autoconf happy.
Use the crypto wrappers again instead of calling OpenSSL directly.
Backport fixes from trunk since revision 1555.
Fix compiler warnings.
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
Remove wrong checks.
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
Make sure IPv6 sockets are IPv6 only.
Move RSA key generation into the wrappers.
Merge branch 'master' into 1.1
Merge branch 'master' into 1.1
Handle truncated message authentication codes.
Fix pointer arithmetic when creating and verifying message authentication codes.
Merge branch 'master' into 1.1
Add missing #include.
Use correct format specifiers.
Replace asprintf()s not covered by the merge to xasprintf().
Add a better autoconf check for libevent.
Merge branch 'master' into 1.1
Drop localisation and checkpoint tracing in files not covered by the merge.
Update FSF address in files not covered by the merge.
Merge branch 'master' into 1.1
Don't enable device events when there is no valid filedescriptor.
Use %x instead of %lx where appropriate.
Handle truncated message authentication codes with gcrypt.
Handle PKCS#5 padding in the gcrypt backend.
Make sure the 1.1 branch compiles in a MinGW environment.
Better integration of libevent in build system.
Small fixes to get really working control sockets on Windows.
Use the TCP socket infrastructure for control sockets.
Only call ioctlsocket() on Windows.
Merge branch 'master' into 1.1
Fix compiler warnings.
Do not include OpenSSL headers directly.
Include missing header files and source directories.
Allow connections to be closed.
Start of a GUI for tinc.
Fix packet authentication.
Fix block cipher padding when using libgcrypt.
Reinitialise block cipher IV each time we encrypt a packet when using libgcrypt.
Fix reading raw RSA keys with libgcrypt.
recv() and recvfrom() return int, do not prematurely cast the return value.
Do not consider unreachable nodes when trying to determine packet origin.
Fix alignment of results of RSA operations when using libgcrypt.
Do not use hardcoded cipher block length when padding.
Remove unused AVL tree library.
Move source from lib/ to src/.
Fix experimental GUI when reading hexadecimal values.
Merge branch 'master' into 1.1
Fix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.
Add missing return statement.
Use correct digest length when checking a received key.
Do not try to free NULL pointers.
Remove obsolete lib/ directory.
Merge branch 'master' into 1.1
Link tincctl with dropin.o.
Merge branch 'master' into 1.1
Do not try to dereference myself->connection->config_tree.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Fix check for event initialization due to the merge.
Add simple buffer management code.
Remove use of bufferevent and eventbuffers, use our own buffering instead.
Several fixes for the buffer code.
Add per-node traffic counters.
Dump traffic statistics over control sockets.
Add an autoconf check for the curses library.
Add a very primitive "top" command to tincctl.
Allow inserting items in the middle of a list.
Nicer top command.
Add tincctl.h.
Add top.h.
Use GetItemCount() on ListCtrls instead of directly accessing ItemCount.
Fix some compiler warnings.
Compact input buffer before trying to read instead of after.
Always compact the buffer if it has reached MAXBUFSIZE.
Check if an event is initialized before calling event_del().
Reset tcplen after use.
Add the ability to dump all traffic going through route() over a control connection.
Allow tincctl to connect to something besides localhost.
Show hostname and port in error message when connecting to a running tincd.
Cosmetic fix when pressing 's' in tincctl top.
Initialise priority field to zero for packets read from the VPN interface.
Remove outgoing event in free_connection().
Simplify signal handling.
Drop the GNU malloc.c, realloc.c, and xmalloc.c.
Drop the GNU memcmp.c implementation.
Don't #include <alloca.h> anymore.
Remove unused functions and variables.
Remove support for the Ethertap device.
Fix some compiler and cppcheck warnings.
More stable sorting in tincctl top.
Make traffic statistics more readable with configurable scaling.
Fix nodes joining the VPN after tincctl top started.
Don't treat packets coming in via TCP as having zero length.
Remove debugging message that was accidentily left in.
Even simpler signal handling.
Small fixes for Windows.
Use send() when writing to sockets, and the return type is ssize_t.
Fix format strings for Windows.
Don't ignore SIGCHLD, system() needs it.
Clean up digests when freeing a connection_t.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Reopen log file after SIGHUP.
Only log UDP address changes at the appropriate debug levels.
No need to check for pselect() in tinc 1.1.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Delete mtuevent if it is not used.
Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h().
Don't use AM_CONDITIONAL for CURSES.
Add Makefile.am in gui/.
Update manpages and info manual.
Ensure that the texinfo manual can be converted to HTML.
Releasing 1.1pre1.
Ensure the right files end up in the tarball after make dist.
Thank Scott Lamb, Sven-Haegar Koch and Loïc Grenié in the NEWS file.
Merge Tinc.py into tinc-gui to simplify make install.
Re-add support for SIGALRM.
Don't call exit_control() if we didn't do init_control().
Rename controlcookie file to pidfile.
Make pid files backwards compatible and add address of listening socket.
Add +git to the version string.
Really stable sorting of tincctl top output.
Use pidfile in tinc-gui as well.
Don't react to escape character in tincctl top.
Update documentation to mention pidfiles instead of controlcookies.
Remove debug messages that were printed to stdout.
Add manpage for tinc-gui.
Preliminary implementation of Elliptic Curve Diffie-Hellman Ephemeral key exchange.
Support ECDH key exchange.
Add PRF to derive key material from the ECDH shared secret.
Use PRF.
Proper use of PRF.
No need to keep around pointers to EC_GROUP.
Cleanups in ECDH code.
Base64 encoding and decoding functions.
Add ECDSA key generation.
Have tincctl generate ECDSA keys.
Finish base64 decoding routine.
Add ECDSA key import.
Round up the size of the secret parts after splitting it in two.
Add a minor number to the protocol version.
Bump minor protocol to indicate ECDH capability for UDP session keys.
Implement ECDSA sign and verify operations.
Read ECDSA keys.
Very primitive ECDSA signed ECDH key exchange for the meta protocol.
Hash input before signing it with ECDSA.
Free ECDSA and RSA structures when freeing a connection_t.
Automatically exchange ECDSA keys and upgrade to new authentication protocol.
Close meta connection socket after cleaning up event structures.
Require ExperimentalProtocol = yes for new features, update documentation.
Don't use wildcards in filenames in configure.in.
Make hexadecimal and base64 routines behave the same.
Make use of the improved hex and base64 functions.
Remove unnecessary variables and functions.
Fix compiler warnings.
Use the correct direction flag when setting cipher keys.
Use the same logic as tinc 1.0.x for detecting two nodes with the same Name.
Use ECDSA to sign ECDH key exchange for UDP session keys.
Update info manual.
Use usleep() instead of sleep(), MinGW complained.
Use const pointer to source in base64 and hex routines.
Ensure symlinked files do not end up in the tarball.
Fix declaration of usleep().
"tincctl stop" now removes the tinc service on Windows.
Write loopback address instead of "any" address in pidfile.
Add missing newline.
Releasing 1.1pre2.
Fix tinc 1.0.x daemons connecting when ExperimentalProtocol = yes.
Don't abort() on low-level crypto errors, just return false.
Start of "Simple Peer-To-Peer Security" protocol.
Handle UDP packets with unknown source addresses properly.
Fix compiler warning.
Update SPTPS protocol.
Test corner cases in the SPTPS protocol.
Add counter mode encryption.
Use counter mode encryption.
Exchange ACK records to indicate switch to new keys.
Fix compiler warnings.
Fix a few small memory leaks.
Use only one hash algorithm (SHA512) in the PRF.
Remove useless warning about signature length being shorter than expected.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Apply HMAC after encryption.
Use SPTPS when ExperimentalProtocol is enabled.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Go back to breadth first search for path finding.
Ensure all SPTPS functions are prefixed with sptps_.
Let tincctl use the NETNAME environment variable if no -n option is given.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Don't close control connections when handling a reload command.
Allow log messages to be captured by tincctl.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Allow CTR mode counter to be set to a specific value.
Add datagram mode to the SPTPS protocol.
Test SPTPS messages sent while key renegotation is in progress.
Don't send an ACK message after the first key exchange in the SPTPS protocol.
Start documenting the SPTPS protocol.
Make sure the signature also covers the session label.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Add autoconf checks for OpenSSL's elliptic curve functions.
Update README to reflect that only OpenSSL is currently supported.
Always pass request strings to other functions as const char *.
Don't forget to send a newline when forwarding requests.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Fix crash when handling the ALRM signal.
Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
Document how to load the tap driver on FreeBSD.
Update THANKS file.
Merge branch 'master' into 1.1
"tincctl init" creates initial directory structure, tinc.conf and keypairs.
Put every command in its own function.
Allow configuration variables to be added/removed using tincctl.
Stricter checks for node names.
Add an easy way to edit a configuration file.
Have tincctl notify a running tincd of configuration file changes.
Fix tincctl start.
Let tincctl ignore tincd options, so they will be passed on.
Fix tincctl dump.
Move all functions related to subnet parsing to subnet_parse.c.
"tincctl info" gives more human readable information about nodes or subnets.
Give an error message when tincctl info cannot parse the given subnet or address.
Strip default subnet weight from output.
Add an easy way to export and import host configuration files.
When exporting configuration files, don't copy Name variables.
Put minor protocol version in connection options so other nodes can see it.
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
Never remove items from cmdline_conf.
Split setup_myself() into two functions, one for reloading configuration.
Allow more configuration variables to be changed when reloading configuration.
Prefer routes with lower weight as long as they do not increase the number of hops.
Make sure tinc compiles on Windows.
Make sure sptps.h and info.h are in the tarball.
BSD make doesn't like $<.
Fix various compiler warnings.
Call event_init() after detaching.
Add some checks when changing configuration.
Add a newline to a configuration file if it is missing.
Have tincd and tincctl use the same method of determining netname.
Fix some compiler warnings.
Fix crash when no netname is specified.
Don't try to mkdir(CONFDIR) on Windows when there is a registry key for tinc.
Use backslashes on Windows.
Windows doesn't like quotes around "edit" when calling it through system().
Fix exit code when installing tincd as a service on Windows.
tincctl init now also creates a template tinc-up script.
Have tinc-gui use same way of locating pidfile as tincd and tincctl.
Remove unused po/ directory.
Also clarify hostnames=[yes|no] in tinc.conf(5).
Merge branch 'master' into 1.1
Use datagram SPTPS for packet exchange between nodes.
Remove unused #include.
Handle SPTPS datagrams in try_mac().
Add Brandon Black's replay window code to SPTPS.
Use a status bit to track which nodes use SPTPS.
Try sending SIGTERM if we cannot connect to a tincd but we know its PID.
tincctl restart should work even if no tincd is running.
Add the ability to query configuration variables to tincctl.
Add missing configuration variables.
Stricter checks for netname and node names.
Update the documentation to encourage using "tincctl init" and "tincctl config".
Clear struct sptps before reusing it.
Have tincctl act as a shell when no command is given.
Optionally compress and/or strip Ethernet header from SPTPS packets.
Add readline completion for tincctl config and tincctl info.
Fork when using the "start" command in tincctl.
Make sure the top command can be used more than once in tincctl's shell.
Add bash completion script.
Fix segfault when using tincctl's shell without readline.
Quit when "exit" or "quit" commands are used in tincctl's shell.
Fix node name check for "connect" and "disconnect" commands.
Properly handle SPTPS packets with stripped Ethernet headers.
Remove some debug messages.
Remove newlines at end of log messages.
Add a simple hash table implementation.
Use hash tables to lookup owners of addresses.
Replace node_udp_tree with a hash table.
Ensure sptps_test compiles with -flto.
Attribution for Vil Brekin and some code style cleanups.
Don't ignore Makefile.am.
Fix typo in manpage.
Remove remnants of Ethertap and old TUNSETIFF ioctl().
Keep last known address and time since reachability changed.
Let tincctl parse and format dumps.
Allow dumping either directed or undirected graphs.
Update documentation of the "dump graph" command.
Comment out old public/private keys when generating new ones.
Fix links in documentation.
Fix links in documenation.
Let the GUI handle the new dump format.
Fix column sorting, make all lists sortable.
Correctly add/remove outgoing connections when reloading configuration.
Make tincctl robust against dropped control connections.
Remove some debugging messages.
Attribution for Martin Schürrer.
Add strict checks to hex to binary conversions.
Merge branch 'master' into 1.1
Fix not reading Port statement from host config file.
Remove unused function declaration.
Make sure sptps_test compiles without -flto.
Remove abort() call that accidentily sneaked into commit dd1b69e.
Libreadline might depend on libcurses.
Fix off-by-one error.
Improve starting/stopping tincd using tincctl.
Clear connection options and status fields in free_connection_partially().
When terminating, keep control connections open until the end.
Useful error messages when writing to a meta connection fails.
Make datagram SPTPS key exchange more robust.
Handle packets encrypted via SPTPS that need to be forwarded via TCP.
Remove a debug message.
Fix warnings from cppcheck.
Refactor outgoing connection handling.
Replace the connection_tree with a connection_list.
C99 extravaganza.
Fix deleting connections from the connection list.
Remove unused variables, fix some #includes.
Clear Ethernet header when reading packets from a tun device.
Fix memory leaks found by valgrind.
Fix hash functions for keys whose size is not divisible by 4.
Try all known addresses of node during the PMTU discovery phase.
Fix whitespace.
Clear status and options fields of unreachable nodes.
Strip newline from incoming SPTPS requests.
Fix handling of initial datagram SPTPS packet.
Only log success of initial datagram SPTPS handshake.
Make sure the ReplayWindow option works for SPTPS as well.
Log more messages using logger().
tincctl: add node colors and edge weight to graph dump.
Fix compile error on Windows.
Update copyright notices.
Fix a few compiler errors/warnings.
Releasing 1.1pre3.
Sven-Haegar Koch (29):
Merge branch 'master' into 1.1
Fixed 1.0 miss-merges
Add missing AC_CHECK_HEADERS([dirent.h]) to configure.in
Function flush_meta() does not exist anymore.
README.git: tinc 1.1 needs libevent
Demote all LOG_EMERG to LOG_ERR, spamming all xterms is bad.
Fixed metadata protokoll corruption on forwarded requests
Fixed error logging on "Input buffer full" condition.
Removed two newlines from the end of log messages which created empty lines.
Use same definition for xalloc_fail_func as is really used.
sparse fixup: error: dubious one-bit signed bitfield
sparse fixup: error: too many arguments for function send_key_changed
sparse fixup: warning: symbol '...' was not declared. Should it be static?
sparse fixup: warning: non-ANSI function declaration of function '...'
sparse fixup: warning: Using plain integer as NULL pointer
fgets() returns NULL on error, not < 0
src/net_socket.c bind_to_address(): Use after free in error path.
do_outgoing_connection() may delete a failed connection, and the structure
sptps_stop(): clear pointers after free to avoid double free.
Remove confusing error message for failed reading in ECDSA keys.
ecdh & ecdsa: avoid some possible memory leaks in error conditions.
terminate_connection(): Avoid use-after-free and double-free for
terminate_connection(): only kill c->node->connection if it is pointing
free_connection_partially(): Avoid possible use-after-free for c->hischallenge
Label control connections for log output as "<control>", not "<unknown>".
terminate_connection(): delete non-outgoing (aka incoming) connections.
Silence SPTPS log messages, reduce them from DEBUG_ALWAYS to DEBUG_META.
free_connection_partially(): also reset remote protocol version infos
sptps.c: Add missing newline to log message.
Scott Lamb (19):
Rename "event_t" to "tevent_t", along with associated functions.
A couple missed tevent things.
Convert to libevent.
Lots of svn:ignore entries
Revert to only requiring autoconf 2.59.
Refresh po/POTFILES.in.
Updated svn:ignores list for new symlinked sources and tincctl.
const correctness
Temporarily revert to old crypto code
Update documentation to match tincctl changes
Fix reload crash
Fancier protocol for control socket
Dump through control socket
Purge through the control socket
Alter debugging levels through control socket
Retry connections through control socket
Reload configuration through control socket
Coding style corrections
Use a control socket directory to restrict access
Vilbrekin (5):
Basic patch for android cross-compilation.
Replace hard-code with new ScriptsInterpreter configuration property.
Add basic .gitignore file, cleaning (most) files generated by autotools.
Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
Android cross-compilation instructions.
Michael Tokarev (3):
don't mention reload twice in tincctl help
run tincd from the same directory as tincctl and pass all options to it
use execvp() not execve() in tincctl start
Martin Schürrer (1):
Output details of encryption errors
Mesar Hameed (1):
Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
Version 1.0.19 June 25 2012
------------------------------------------------------------------------
Guus Sliepen (14):
Support :: in IPv6 Subnets.
Remove newline from log message.
Add support for systemd style socket activation.
Allow environment variables to be used for Name.
Allow broadcast packets to be sent directly instead of via the MST.
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
Add support for SOCKS 5 proxies.
Add support for proxying through an external command.
Document new proxy types.
Small fixes in proxy code.
#include <winsock2.h> on Windows.
Fix compiler warnings.
Fix crash when using Broadcast = direct.
Releasing 1.0.19.
Anthony G. Basile (1):
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
Michael Tokarev (1):
add (errnum) in front of windows error messages
Version 1.0.18 March 25 2012
------------------------------------------------------------------------
Guus Sliepen (13):
Always try next Address when an outgoing connection fails to authenticate.
Allow a port to be specified in BindToAddress statements.
Add support for multicast communication with UML/QEMU/KVM.
Set default value of DecrementTTL to "no".
Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
Allow scoped addresses to be used for IPv6 multicast socket.
Fix compiler warnings.
Fix return value type of vde_send().
Fix some more compiler warnings.
Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
Fix return type of vde_recv() as well.
Mark DecrementTTL option experimental.
Releasing 1.0.18.
Version 1.0.17 March 10 2012
------------------------------------------------------------------------
Guus Sliepen (32):
Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
Return false instead of void when there is an error.
Fix compilation of VDE and UML interfaces.
Add vde/device.c to the tarball.
Fix a few small memory leaks.
Allow linking with multiple device drivers.
Set FD_CLOEXEC flag on all sockets.
Allow multiple BindToAddress statements.
Merge branch 'master' of black:tinc
Send packets back using the same socket as they were received on.
Allow setting DeviceType to tun or tap on Linux.
Merge branch 'master' of black:tinc
Only compile raw socket code when it is supported on that platform.
Decrement TTL of incoming packets.
Don't bind outgoing TCP sockets anymore.
Rename connection_t *broadcast to everyone.
Allow disabling of broadcast packets.
Move initialization of char *priority up to prevent freeing an uninitialized pointer.
Document the command line flag -o and provide --option as well.
Fix a bug that caused tinc to ignore all but the last listening socket.
Fix check for raw socket support.
Pass index into listen_socket[] to handle_incoming_vpn_data().
Add LocalDiscovery option which tries to detect peers on the local network.
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
Stricter checks against routing loops.
Only use broadcast at the start of the PMTU discovery phase.
Only log errors sending UDP packets when debug level >= 5.
Accept Subnets passed with the -o option when StrictSubnets = yes.
Add missing ICMP6 message type definitions.
Make sure disabling old RSA keys works on Windows.
Update copyright notices.
Releasing 1.0.17.
Nick Hibma (1):
Add missing ICMP message type definitions.
Version 1.0.16 July 23 2011
------------------------------------------------------------------------
Guus Sliepen (4):
Make code to detect two nodes with the same Name less triggerhappy.
Flush output buffer in send_tcppacket().
Use usleep() instead of sleep(), MinGW complained.
Releasing 1.0.16.
Version 1.1pre2 July 17 2011
------------------------------------------------------------------------
Guus Sliepen (54):
Ensure the right files end up in the tarball after make dist.
Thank Scott Lamb, Sven-Haegar Koch and Loïc Grenié in the NEWS file.
Merge Tinc.py into tinc-gui to simplify make install.
Re-add support for SIGALRM.
Don't call exit_control() if we didn't do init_control().
Rename controlcookie file to pidfile.
Make pid files backwards compatible and add address of listening socket.
Add +git to the version string.
Really stable sorting of tincctl top output.
Use pidfile in tinc-gui as well.
Don't react to escape character in tincctl top.
Update documentation to mention pidfiles instead of controlcookies.
Remove debug messages that were printed to stdout.
Add manpage for tinc-gui.
Preliminary implementation of Elliptic Curve Diffie-Hellman Ephemeral key exchange.
Support ECDH key exchange.
Add PRF to derive key material from the ECDH shared secret.
Use PRF.
Proper use of PRF.
No need to keep around pointers to EC_GROUP.
Cleanups in ECDH code.
Base64 encoding and decoding functions.
Add ECDSA key generation.
Have tincctl generate ECDSA keys.
Finish base64 decoding routine.
Add ECDSA key import.
Round up the size of the secret parts after splitting it in two.
Add a minor number to the protocol version.
Bump minor protocol to indicate ECDH capability for UDP session keys.
Implement ECDSA sign and verify operations.
Read ECDSA keys.
Very primitive ECDSA signed ECDH key exchange for the meta protocol.
Hash input before signing it with ECDSA.
Free ECDSA and RSA structures when freeing a connection_t.
Automatically exchange ECDSA keys and upgrade to new authentication protocol.
Close meta connection socket after cleaning up event structures.
Require ExperimentalProtocol = yes for new features, update documentation.
Don't use wildcards in filenames in configure.in.
Make hexadecimal and base64 routines behave the same.
Make use of the improved hex and base64 functions.
Remove unnecessary variables and functions.
Fix compiler warnings.
Use the correct direction flag when setting cipher keys.
Use the same logic as tinc 1.0.x for detecting two nodes with the same Name.
Use ECDSA to sign ECDH key exchange for UDP session keys.
Update info manual.
Use usleep() instead of sleep(), MinGW complained.
Use const pointer to source in base64 and hex routines.
Ensure symlinked files do not end up in the tarball.
Fix declaration of usleep().
"tincctl stop" now removes the tinc service on Windows.
Write loopback address instead of "any" address in pidfile.
Add missing newline.
Releasing 1.1pre2.
Version 1.1pre1 June 25 2011
------------------------------------------------------------------------
Guus Sliepen (164):
Created the 1.1 branch where large code changes can take place,
Only free members of connection_t that have been allocated.
Port fixes from release 1.0.8.
Properly delete listener socket events on shutdown.
128 listener sockets is way too much.
Use a separate event structure to handle meta data writes.
Use libevent to dump graphs when necessary.
Use libevent to handle HUP signal.
Configure events after obtaining a socket.
Use libevent to send MTU probes.
Use libevent for retrying outgoing connections.
Remove legacy event system.
Properly use the timeout_initialized() macro.
Use libevent to handle all non-fatal signals.
Redo SIGALRM handling.
Use libevent to age past requests.
Use libevent to age learned MAC addresses.
Use libevent to handle key expiration.
Move key regeneration handling to net_setup.c.
Remove global variable "now".
Remove the last bits of the legacy main_loop().
Remove last references to the global variable "running".
K&R style braces
Use splay trees instead of AVL trees.
Detect duplicate outgoing connections.
More consistent variable naming.
Show branch version number.
Update documentation.
Start of control socket implementation.
We can safely delete a connection_t in terminate_connection() now.
Fix retrying outgoing connections.
Remove pidfile in favour of control socket.
Move key generation to tincctl.
Implement "stop" command, and allow tincctl to retrieve a running tincd's PID.
Use bufferevents to handle control socket buffering.
Use libevent for meta socket input/output buffering.
Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption.
Create wrappers for the cryptographic operations used in tinc.
Make sure the crypto wrapper functions can actually be compiled.
Some more crypto wrapper functions are needed.
Finish crypto wrapping. Also provide wrappers for OpenSSL.
Only check for libgcrypt if --with-gcrypt is used.
Fix formatting of --help output.
Small fixes to make gcrypt routines compile.
Apply patch from Scott Lamb: Update documentation to match tincctl changes
Fix connection weight estimation.
Use a dummy function as the read callback for connection bufferevents. Should not be triggered.
Fix meta data segfault when receiving a partial command.
Prevent double free() of a used challenge nonce.
Look in the configured sbin directory for the tincd binary.
Only show meta connection related debug messages when debug level >= 4
Move AC_GNU_SOURCE up to make autoconf happy.
Use the crypto wrappers again instead of calling OpenSSL directly.
Backport fixes from trunk since revision 1555.
Fix compiler warnings.
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
Remove wrong checks.
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
Make sure IPv6 sockets are IPv6 only.
Move RSA key generation into the wrappers.
Merge branch 'master' into 1.1
Merge branch 'master' into 1.1
Handle truncated message authentication codes.
Fix pointer arithmetic when creating and verifying message authentication codes.
Merge branch 'master' into 1.1
Add missing #include.
Use correct format specifiers.
Replace asprintf()s not covered by the merge to xasprintf().
Add a better autoconf check for libevent.
Merge branch 'master' into 1.1
Drop localisation and checkpoint tracing in files not covered by the merge.
Update FSF address in files not covered by the merge.
Merge branch 'master' into 1.1
Don't enable device events when there is no valid filedescriptor.
Use %x instead of %lx where appropriate.
Handle truncated message authentication codes with gcrypt.
Handle PKCS#5 padding in the gcrypt backend.
Make sure the 1.1 branch compiles in a MinGW environment.
Better integration of libevent in build system.
Small fixes to get really working control sockets on Windows.
Use the TCP socket infrastructure for control sockets.
Only call ioctlsocket() on Windows.
Merge branch 'master' into 1.1
Fix compiler warnings.
Do not include OpenSSL headers directly.
Include missing header files and source directories.
Allow connections to be closed.
Start of a GUI for tinc.
Fix packet authentication.
Fix block cipher padding when using libgcrypt.
Reinitialise block cipher IV each time we encrypt a packet when using libgcrypt.
Fix reading raw RSA keys with libgcrypt.
recv() and recvfrom() return int, do not prematurely cast the return value.
Do not consider unreachable nodes when trying to determine packet origin.
Fix alignment of results of RSA operations when using libgcrypt.
Do not use hardcoded cipher block length when padding.
Remove unused AVL tree library.
Move source from lib/ to src/.
Fix experimental GUI when reading hexadecimal values.
Merge branch 'master' into 1.1
Fix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.
Add missing return statement.
Use correct digest length when checking a received key.
Do not try to free NULL pointers.
Remove obsolete lib/ directory.
Merge branch 'master' into 1.1
Link tincctl with dropin.o.
Merge branch 'master' into 1.1
Do not try to dereference myself->connection->config_tree.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Fix check for event initialization due to the merge.
Add simple buffer management code.
Remove use of bufferevent and eventbuffers, use our own buffering instead.
Several fixes for the buffer code.
Add per-node traffic counters.
Dump traffic statistics over control sockets.
Add an autoconf check for the curses library.
Add a very primitive "top" command to tincctl.
Allow inserting items in the middle of a list.
Nicer top command.
Add tincctl.h.
Add top.h.
Use GetItemCount() on ListCtrls instead of directly accessing ItemCount.
Fix some compiler warnings.
Compact input buffer before trying to read instead of after.
Always compact the buffer if it has reached MAXBUFSIZE.
Check if an event is initialized before calling event_del().
Reset tcplen after use.
Add the ability to dump all traffic going through route() over a control connection.
Allow tincctl to connect to something besides localhost.
Show hostname and port in error message when connecting to a running tincd.
Cosmetic fix when pressing 's' in tincctl top.
Initialise priority field to zero for packets read from the VPN interface.
Remove outgoing event in free_connection().
Simplify signal handling.
Drop the GNU malloc.c, realloc.c, and xmalloc.c.
Drop the GNU memcmp.c implementation.
Don't #include <alloca.h> anymore.
Remove unused functions and variables.
Remove support for the Ethertap device.
Fix some compiler and cppcheck warnings.
More stable sorting in tincctl top.
Make traffic statistics more readable with configurable scaling.
Fix nodes joining the VPN after tincctl top started.
Don't treat packets coming in via TCP as having zero length.
Remove debugging message that was accidentily left in.
Even simpler signal handling.
Small fixes for Windows.
Use send() when writing to sockets, and the return type is ssize_t.
Fix format strings for Windows.
Don't ignore SIGCHLD, system() needs it.
Clean up digests when freeing a connection_t.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Reopen log file after SIGHUP.
Only log UDP address changes at the appropriate debug levels.
No need to check for pselect() in tinc 1.1.
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Delete mtuevent if it is not used.
Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h().
Don't use AM_CONDITIONAL for CURSES.
Add Makefile.am in gui/.
Update manpages and info manual.
Ensure that the texinfo manual can be converted to HTML.
Releasing 1.1pre1.
Scott Lamb (19):
Rename "event_t" to "tevent_t", along with associated functions.
A couple missed tevent things.
Convert to libevent.
Lots of svn:ignore entries
Revert to only requiring autoconf 2.59.
Refresh po/POTFILES.in.
Updated svn:ignores list for new symlinked sources and tincctl.
const correctness
Temporarily revert to old crypto code
Update documentation to match tincctl changes
Fix reload crash
Fancier protocol for control socket
Dump through control socket
Purge through the control socket
Alter debugging levels through control socket
Retry connections through control socket
Reload configuration through control socket
Coding style corrections
Use a control socket directory to restrict access
Sven-Haegar Koch (18):
Merge branch 'master' into 1.1
Fixed 1.0 miss-merges
Add missing AC_CHECK_HEADERS([dirent.h]) to configure.in
Function flush_meta() does not exist anymore.
README.git: tinc 1.1 needs libevent
Demote all LOG_EMERG to LOG_ERR, spamming all xterms is bad.
Fixed metadata protokoll corruption on forwarded requests
Fixed error logging on "Input buffer full" condition.
Removed two newlines from the end of log messages which created empty lines.
Use same definition for xalloc_fail_func as is really used.
sparse fixup: error: dubious one-bit signed bitfield
sparse fixup: error: too many arguments for function send_key_changed
sparse fixup: warning: symbol '...' was not declared. Should it be static?
sparse fixup: warning: non-ANSI function declaration of function '...'
sparse fixup: warning: Using plain integer as NULL pointer
fgets() returns NULL on error, not < 0
src/net_socket.c bind_to_address(): Use after free in error path.
do_outgoing_connection() may delete a failed connection, and the structure
Version 1.0.15 June 24 2011
------------------------------------------------------------------------
Guus Sliepen (9):
Reorder checks for libraries to allow ./configure LDFLAGS=-static.
Make return value of SetPriorityClass() behave the same as setpriority().
Fix sparse warnings and add an extra sprinkling of const.
Remove newlines from log messages.
Remove a few unnecessary #includes.
Attribution for Loïc Grenié.
Improved --logfile option.
Remove redundant @CFLAGS@ from AM_CFLAGS.
Releasing 1.0.15.
Loïc Grenié (1):
Nearly tickless tinc.
Version 1.0.14 May 08 2011
------------------------------------------------------------------------
Guus Sliepen (48):
Fix reading configuration files that do not end with a newline. Again.
Define WINVER before including any other header file on Windows.
Use intptr_t instead of long to store a pointer.
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
Fix all warnings when compiling with mingw64.
Use strrchr() insteaad of rindex().
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
Do not append an address to ANS_KEY messages if we don't know any address.
Merge local host configuration with server configuration.
Remove duplicate command-line option parsing.
Attribution for Julien Muchembled.
Attribution for Timothy Redaelli.
Ensure there is a newline character before a PEM key is written.
Abort disabling old PEM keys on I/O errors.
Remove unused variables.
Quit when there are too many consecutive errors on the tun/tap device.
Read error counter must be static.
Add short options -R and -U to the tincd(8) manpage.
Don't use strlen() on a NULL pointer.
Provide usleep() for Windows.
Use variable length arrays instead of alloca().
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
Free replay window when freeing a node_t.
Fix variable length array declaration.
Attribution for Brandon Black.
Use setpriority() instead of nice() on UNIX-like systems.
Always send MTU probes at least once every PingInterval.
Close all filedescriptors in Solaris close_device().
Limit field width when scanning PID file.
Replace bogus #else with #endif.
Remove unused variables.
Document the behavior of "-n."
Update the manual.
Update the NEWS.
Proper check and dropin replacement for usleep().
Fix typo spotted by Andrew Scheller.
Add support for VDE through libvdeplug.
Fix spurious misidentification of incoming UDP packets.
Prevent anything from updating our own UDP address.
Do not set indirect flag on edges from nodes with multiple addresses.
Increase threshold for detecting two nodes with the same Name.
Always use the default signal handler for ABRT signals.
Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
Update THANKS and copyright information.
Ensure proper linking with OpenSSL with recent versions of MinGW.
Include <inttypes.h> when using intptr_t.
Releasing 1.0.14.
Brandon L Black (4):
Experimental IFF_ONE_QUEUE support for Linux
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
Configurable ReplayWindow size, zero disables
Improved handling of queue-jumping packets on receive
Julien Muchembled (2):
New '-o' option to configure server or hosts from command line
Fix command-line '-o' option for host configuration
Timothy Redaelli (2):
Fix warnings showed using -D_FORTIFY_SOURCE=2
Fix warnings under BSD
Michael Tokarev (1):
Treat netname="." in a special way.
Rumko (1):
DragonFlyBSD support
Version 1.0.13 April 11 2010
------------------------------------------------------------------------
Guus Sliepen (20):
Clamp MSS to miminum MTU in both directions.
Simplify reading lines from configuration files.
Check for dirent.h.
Preload all Subnets in TunnelServer mode.
Add the StrictSubnets option.
Add the Forwarding option.
Add the DirectOnly option.
Fixes for the Forwarding option.
ConnectTo does not mean tinc does not listen for incoming connections anymore.
Log unauthorized Subnets when StrictSubnets is set.
Fix typo.
Convert Port to numeric form before sending it to other nodes.
Ensure ICMP_NET_ANO is defined.
Reload Subnets when getting a HUP signal and StrictSubnets is used.
Fix reloading Subnets when StrictSubnets is set.
Ensure subnet-up/down scripts are called after HUP when necessary.
Fixes for definitions under Windows.
Don't redefine MAX if it already exists.
Mark Forwarding and DirectOnly options as being experimental.
Releasing 1.0.13.
Timothy Redaelli (2):
Add --disable-lzo configure option
Add --disable-zlib configure option
Sven-Haegar Koch (1):
Never delete Subnets when StrictSubnets is set
Version 1.0.12 February 03 2010
------------------------------------------------------------------------
Guus Sliepen (21):
When learning MAC addresses, only check our own Subnets for previous entries.
Remove unused variable in lookup_subnet_*() functions.
Forget addresses of unreachable nodes.
Do not fragment packets smaller than RFC defined minimum MTUs.
Allow port to be specified in Address statements.
Use xstrdup() instead of xasprintf() to copy static strings.
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
Clamp MSS of IPv4 SYN packets.
Ping nodes immediately when receiving SIGALRM.
Optimise handling of select() returning <= 0.
Also clamp MSS of TCP over IPv6 packets.
Make MSS clamping configurable, but enabled by default.
Fix subnet-up/down scripts being called with an empty SUBNET.
Run subnet-up/down scripts for local MAC addresses as well.
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
Determine peer's reflexive address and port when exchanging keys.
Immediately exchange keys when establishing a meta connection.
Try to set DF bit on BSDs as well.
Update copyright notices.
Ensure peers with a meta connection always have our key.
Releasing 1.0.12.
Version 1.0.11 November 01 2009
------------------------------------------------------------------------
Guus Sliepen (16):
Fix a possible crash when sending the HUP signal.
Starting to work towards 1.0.11.
Handle weighted Subnets in switch and hub modes.
Clarify and increase level of log message about MTU probes to unreachable nodes.
Add dummy device.
Use uint32_t instead of long int for connection options.
Allow UDP packets with an address different from the corresponding TCP connection.
Always reply to MTU probes via UDP.
Make maxmtu equal to minmtu when fixing the path MTU to a node.
Forward packets to not directly reachable hosts via UDP if possible.
Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
Use WSAGetLastError() to determine cause of network errors on Windows.
Move socket error interpretation to utils.h.
Fast handoff of roaming MAC addresses.
Start a tinc service if it already exists.
Releasing 1.0.11.
Michael Tokarev (1):
Remove localedir leftovers.
Version 1.0.10 October 18 2009
------------------------------------------------------------------------
Guus Sliepen (78):
Update documentation for git.
Consistently allocate device and iface variables on the heap.
Only send packets via UDP if UDP communication is possible.
Move free()s at the end om main() to the proper destructor functions.
Change flush_events() to expire_events().
Add missing cleanup functions in close_network_connections().
Use a global list to track outgoing connections.
Remove unused definitions from net.h.
Allow reading config files with CRLF endings on Unix systems.
Validate Name before using it in a filename when generating a keypair.
Disable old RSA keys when generating new ones.
Handle neighbor solicitation requests without link layer addresses.
Allow weight to be assigned to Subnets.
Update THANKS and copyright information.
Disable PMTUDiscovery in switch and hub modes.
Use a simple Random Early Drop algorithm in send_tcppacket().
Handle UDP packets from different and ports than advertised.
If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily.
Fix link to Mattias Nissler's tun/tap driver for MacOS/X.
Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66.
Use xrealloc instead of if(ptr) ptr = xmalloc().
Add declaration for sockaddrcmp_noport().
Use packet size before decompression to calculate path MTU.
Do not forward broadcast packets when TunnelServer is enabled.
Add ProcessPriority option.
Add some const where appropriate.
Properly set HMAC length for incoming packets.
Don't try to send MTU probes to unreachable nodes.
Remove pending MTU probe events when a node's reachability status changes.
Do not log errors when recvfrom() returns EAGAIN or EINTR.
Change level of some debug messages, zero pointer after freeing hostname.
Always remove a node from the UDP tree before freeing it.
Add xasprintf() and xvasprintf().
Check the return value of fscanf() when reading a PID file.
Replace asprintf() by xasprintf().
UNIX signal numbers start at 1.
Ensure tinc compiles with gcc -std=c99.
Convert bitfields to integers in a safe way.
Add the GPL license to the repository.
Another safe bitfield conversion.
Add support for iPhones and recent iPods.
Don't stat() on iPhone/iPod.
Put Subnet weight in a separate environment variable.
Allow PMTUDiscovery in switch and hub modes again.
Handle unicast packets larger than PMTU in switch mode.
Remove superfluous call to avl_delete().
Apparently it's impolite to ask GCC to subtract two pointers.
Use only rand(), not random().
Also do not use drand48(), it is not available on Windows.
Allow compiling for Windows XP and higher.
Remove dropin random() function, as it is not used anymore.
Use access() instead of stat() for checking whether scripts exist.
Raise default crypto algorithms to AES256 and SHA256.
Remove extra {.
Use a mutex to allow the TAP reader to process packets faster on Windows.
Raise default RSA key length to 2048 bits.
Send large packets we cannot handle properly via TCP.
Update copyright information.
Remove all occurences of $Id$.
Remove Ivo's old email addresses.
Update the address of the Free Software Foundation in all copyright headers.
K&R style braces.
Remove checkpoint tracing.
Drop support for localisation.
Add more authors to the copyright headers.
Update the NEWS.
Remove autogenerated files from EXTRA_DIST.
Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
Remove code duplication when checking ADD_EDGE/DEL_EDGE messages.
Revert "Raise default crypto algorithms to AES256 and SHA256."
Ensure that the texinfo manual can be converted to HTML.
Small updates to the documentation.
Use MTU probes to regularly ping other nodes over UDP.
Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
Remove debugging message when reading packets from a BSD device.
Include missing header.
Fix description of the WEIGHT environment variable.
Releasing 1.0.10.
Michael Tokarev (17):
Allow tunnelserver to work with clients that have other peers.
Enable PMTUDiscovery only if BOTH sides wants it.
Rename setup_network_connections() and split out try_outgoing_connections()
Implement privilege dropping
bugfix: initialize pid (as read from pidfile) to zero
bugfix: move mlock to after detach() so it works for child, not parent
bugfix: chdir(/) after chroot
change error messages in droppriv code to match the rest
format 'not supported on this platform' error message
TunnelServer: Don't disconnect client on DEL_SUBNET too
ignore indirect edge registrations in tunnelserver mode
don't log every strange packet coming to the UDP port
Fix ans_key exchange in recent changes
tunnelserver: log which ADD_SUBNET was refused
cleanup setpriority thing to make it readable
try outgoing connections before chroot/drop_privs
Remove extra semicolon in my definition of setpriority()
Florian Forster (2):
src/linux/device.c: Fix segfault when running without `--net'.
src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
Borg (1):
Removed last gettext function.
Version 1.0.9 December 26 2008
------------------------------------------------------------------------
Guus Sliepen (18):
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
Make sure the prefixlength of subnets is sane.
Fix reading configuration files that do not end with a newline.
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
Prevent freeing a NULL pointer when a hostname is unresolvable.
Correct debug message.
Treat virtual network device as tap if Mode = switch or hub.
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
Make sure IPv6 sockets are IPv6 only.
Update Dutch translation.
Update copyright information.
Enable PMTU discovery by default.
Update documentation.
Update the manpage as well, and some whitespace to make its source more legible.
Handle broadcast and multicast packets in router mode.
Apply patch from Max Rijevski fixing a memory leak when closing connections.
Add missing parentheses in check for IPv4 multicast addresses.
Releasing 1.0.9.
Version 1.0.8 May 16 2007
------------------------------------------------------------------------
Guus Sliepen (8):
Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM.
Apply patch from Scott Lamb fixing some memory and resource leaks.
Close the proper filedescriptor (if it exists).
Apply patch from "dnk" making sockets non-blocking under Windows.
Make sure connection->name is never NULL.
Update dutch translation.
Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski.
Releasing 1.0.8.
Version 1.0.7 January 05 2007
------------------------------------------------------------------------
Guus Sliepen (7):
Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
Tapreader socket should be bound to localhost only.
Fix generic BSD tun device to write only the actual packet length.
rename() cannot replace existing files on Windows.
No things to do for the 1.0 branch except bugfixing.
Update copyright notices.
Releasing 1.0.7.
Version 1.0.6 December 18 2006
------------------------------------------------------------------------
Guus Sliepen (13):
Make sure resolved addressed for outgoing connections are freed, if there are any.
Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h.
When building the minimum spanning tree, make sure we start from a reachable node.
Use the correct next pointer.
Remove unnecessary stuff from configure.in.
Remove old Spanish translation.
Fix rule that creates html version of manpages.
Use standard autoconf macros instead of our own.
We do properly check for malloc and realloc.
Remove the test for linux/if_tun.h.
Do a simple test for linux/if_tun.h instead of no test at all.
Prevent compiler warnings about redefinition of EAI_FAMILY on FreeBSD 6.1.
Releasing 1.0.6.
Version 1.0.5 November 14 2006
------------------------------------------------------------------------
Guus Sliepen (32):
Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
Add alloca.h to the list of necessary header files.
Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh.
EVP_Cleanup() when quitting.
Apply patch from Scott Lamb unifying configuration of TCP socket options.
Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
Make sure $NAME is set correctly when executing tinc-down script.
Missing #include.
Export flush_meta().
Fix signedness compiler warnings.
Fix a bug in handling prefixlengths that are not a multiple of 4.
Update copyright notices, remove Ivo's email address.
Restore length of the original packet in send_udppacket().
Use memcpy() to copy sockaddrs returned by getaddrinfo().
Add generic host-up and host-down scripts.
Do not break strict aliasing of status_t structs.
Fix format string warnings.
Remove unused variables.
Remove unused parameter from maskcmp().
Remove unused variable.
memcpy() addresses from packet headers before calling the lookup functions.
The "active" bit in node.status is not used.
Added graph dumping ability based on Markus Goetz's patch.
popen() requires pclose().
Support and autodetect LZO version 2.0 and later.
Support and autodetect LZO version 2.0 and later.
Document GraphDumpFile option.
Update Dutch translation.
Nodes use events, so event system should be initialised first and destroyed last.
When deleting an entire tree, start at head, not at root.
EWOULDBLOCK does not exist on platforms without O_NONBLOCK
Releasing 1.0.5.
Version 1.0.4 May 04 2005
------------------------------------------------------------------------
Guus Sliepen (17):
Make sure broadcast packet reach the local network interface.
Fix splay tree code.
subnet-up/down hooks
subnet-up/down hooks, use list_t for the todo list.
Small fix.
Free memory used by connection_t after it is deleted from the connection tree.
Use the proper free function.
Correct size argument for strncat().
Nodes should only be in the node_udp_tree if they are reachable.
Don't try to add a non-existing node back to the node_udp_tree.
Remove unused (and potentially segfaulting) net2str() call.
Be on the safe side with initialisation of c->name.
Searching through splay trees may change the tree variable.
Several splay tree fixes.
Describe subnet-up/down scripts in documentation.
Update copyright notices.
Releasing 1.0.4.
Version 1.0.3 November 11 2004
------------------------------------------------------------------------
Guus Sliepen (77):
Removed items in TODO list that are already implemented. Only two items
Applied patch from Jamie Briggs for bash2 conformance.
Added another semicolon for bash2 compliance (thanks to Jamie Briggs)
Adding even more stuff from the CABAL branch.
Synchronise HEAD with CABAL branch.
This will become 2.0.
Some device.c files weren't synchronised.
Makevars file was accidentily removed.
Forgot to synchronise po/ directory...
Add description of new authentication scheme.
Add Opaque option which prevent information from being forwarded to certain nodes.
Replace Opaque and Strict options with a TunnelServer option.
Complain if pid file cannot be created.
Read MaxTimeout from tinc.conf like the manpage says.
Missing space between words.
Don't retry if configuration is wrong from the beginning.
Fix proxy-neighborsolicitation.
Code beautification, start of multicast support.
Forget multicast. Always inline some function.
Let tinc figure out the exact MTU of the link.
More sensible name, and try to set PMTU discovery on IPv6 sockets as well.
Describe the TunnelServer and PMTUDiscovery options.
Better name, show probed MTU in dump.
Improvements for PMTU discovery and IPv4 packet fragmentation.
Missing definitions.
Small fixes for PMTU discovery.
Don't forget to update destination MAC address.
Small updates.
Remove autogen.sh, the autoreconf program does exactly that.
Replace cvs-clean with a much better svn-clean.
Remove CVS related cruft.
Eat trailing whitespace in config files.
Only read our public key if it wasn't already in the private key file.
Updating dutch translation.
Even better svn-clean command.
Applied Martin Kihlgren's IdentityGenerosity patch,
Fix declaration of update_node_address().
Use Subversion to create ChangeLog, better svn-clean rule.
Revert Martin Kihlgren's patch, it doesn't work the way it should.
Move CABAL branch to its rightful place: the trunk.
Update copyrights, links, email addresses and let Subversion update $Id$ keywords.
Increase MTU by 4 bytes to allow VLAN tagged Ethernet frames in hub and switch mode.
Clean up environment after executing scripts.
Handle timeouts during connecting the same way as other errors.
Added UML network socket handling.
Don't set $INTERFACE automatically, don't quit on EINTR/EAGAIN.
Marking potential late packets was in the wrong place.
Remove duplicate #include "system.h"
Move all #ifdef HAVE_HEADER_H #include <header.h> to have.h,
Fix several #includes.
strndupa() is too arcane for some environments.
Allow tinc to work with the latest TAP-Win32 driver.
Correct return value.
Don't let tinc service depend on NDIS component.
Support alternative tun/tap driver from http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
Generic device driver for *BSD and MacOS/X
static
Check for sys/uio.h, net/if_tun.h and net/if_tap.h
Don't include .svn directory in sample configuration.
Splay trees.
Hoopjumping to get the default directories in the manuals properly.
Update to make it compile again.
Fixed another bug in late packet handling.
Hopefully this really fixes late packet handling.
Missing check for NULL-pointer.
Use the generic BSD tun/tap code.
Fix order of arguments for tar.
Let compiler decide when to inline.
Support tunneling IPv6 on Solaris.
Add BlockingTCP option, useful when using TCPOnly on slow or congested links.
Update documentation.
Set BSD tuns to broadcast mode. On OpenBSD, this enables IPv6 on the tun device!
Remove duplication.
Updated dutch translation.
Short readme about how to compile tinc from a Subversion checkout.
Add more people who have contributed to tinc.
Releasing 1.0.3.
Ivo Timmermans (52):
Check for __gmpz_powm for libgmp3.
Changed version number to 1.0pre3.
Autogenerated by gettextize.
Bring head revision up to date with cabal (try #3)
Add check for the syslog function
Generalized error handling functions
Add all the new files to the sources list for the utility library
New function: xalloc_and_zero()
Generalized list and hash handling functions
First try to create a graphical frontend for tinc configuration
Updating HEAD branch #1; removing obsolete files.
Updating HEAD branch #2; removing debian/ dir.
Updating HEAD branch #3; more obsolete files removed.
Updating HEAD branch #4; Merging CABAL -> HEAD.
Updating HEAD branch #5; Last files from CABAL.
Ok, I forgot these ;)
More updates
More...
Last bits (hopefully)
Main pokey interface files.
Pokey interface definition
Write src/pokey/Makefile
Also compile in pokey/
Remove debug level declaration
Update copyright info
Remove debug_lvl
New logging system to replace syslog() calls with a generic function.
Rename log_message to log
Add syslog() wrapper
Add syslog wrapper
Some magic
Added priority definitions from syslog.h
log_default_hook was renamed to log_default
Added prototype for log_syslog
Use logging.h instead of syslog.h
Compile in logging.c
Things to ignore...
Use new logging system
Include logging.h
Renamed libvpn to libtinc
Rename libvpn to libtinc
...
Print newline when writing to stderr
*** empty log message ***
Moving files, first attempt at gcrypt compatibility, more interface
Commit diff test
Another file moved; random interface stuff.
Callbacks
Moved event.c/h
test
test 2
Hm.
Wessel Dankers (5):
Initial revision. Lots of loose ends, not usable yet.
added bit on config file, split up sections, added Id: tag
Added extra bit about keys.
More about keys
This file is now only in the CABAL revision.
cvs2svn (1):
This commit was generated by cvs2svn to compensate for changes in r1352,
Version 1.0.2 November 08 2003
------------------------------------------------------------------------
Guus Sliepen (47):
Simplify fake getname/addrinfo() functions, possibly fixing freeing a NULL pointer.
stat() batch files under Windows.
Don't getsockopt() SO_ERROR. We get the error from send()/recv() anyway.
Fix fake getnameinfo() and check more arguments.
Fix --logfile under Windows.
Use the event log under Windows.
Compilation fix.
Do what the SDK documentation tells.
If we're not in main_loop() and the service is stopped, exit immediately.
Allow tinc to handle unknown type addresses from other tinc daemons.
Don't overwrite the first " when installing a service.
Add checkpoints.
When purging nodes, only delete them if nobody references them anymore.
Remove debug message.
Add license exception from Markus Oberhumer.
Remove old edges from unreachable nodes to us. This prevents the hosts/NAME-up
We don't have to tell GCC how to cast.
Prevent multiple inclusions.
Remove pidfile when exitting.
Update translations.
Check for short packets from the tun/tap device and from other tinc daemons.
Generate keys with 0x10001 as public exponent, which has less prime factors
Better length checks.
Copy structs from packets to the stack before using them, to prevent
const
Ethernet protocol types.
Unused variable in struct.
Don't confuse users with "Address family not supported" warnings.
Use CPPFLAGS, LDFLAGS and LIBS as appropiate.
PIDs are of type pid_t, and use %ld when reading/writing them to the pidfile.
Make sure type of AF_UNKNOWN is sa_family_t.
Forgot to #include "xalloc.h"
Update missing definitions, structs describing headers get __packed__ attribute.
Missing declaration.
Set media status for newer TAP-Win32 driver.
Some platforms don't know sa_family_t or define it other than uint16_t.
Update documentation.
Fix ASCII art.
Check return value of EVP_* functions, and check if length before en/decryption
Check all EVP_ function calls.
Parentheses in the wrong spots.
Fix bug that could lead to an assertion failure in libcrypto when multiple
Small fixes in documentation.
Fix another bug in meta.c.
Update dutch translation.
Add missing definitions.
Release notes for 1.0.2
Version 1.0.1 August 14 2003
------------------------------------------------------------------------
Guus Sliepen (24):
Windows uses backslashes...
Tell windows to be patient.
Remove unused stuff from doc/.
Correct error message when remote host closed connection.
Simplify execute_script(). It will probably work under Windows as well.
Allow empty lines in config files.
Make rule for sample-config.tar.gz.
Readd quotes.
Typo.
Better error messages under Windows.
Log error first, try to close later.
Quote when needed and don't try stuff that doesn't work under Windows.
Under Windows, the installation directory can be found in the registry.
Better error checking and reporting.
Small things.
Simpler checking of permissions on private RSA key and other fixes.
Check for fchmod().
Only system() needs script name quoted.
Update documentation.
Add a description for the Service control panel.
Updated dutch translation.
Small fixes.
Fix permissions check for rsa_key.priv.
Update.
Version 1.0 August 08 2003
------------------------------------------------------------------------
Guus Sliepen (111):
Thank some more people.
Run graph() after edge_del() when updating an edge.
Add documentation for BindToAddress.
Fix PriorityInheritance.
PrivateKeyFile instead of PrivateKey.
Run graph algorithm when replacing a second connection from the same host
Add $NAME for tinc-up/down scripts.
- Fix indentation in some places.
Various fixes for autoconf and OpenSSL 0.9.7 and a missing header.
Make sure send_meta() writes everything.
Typo.
- Avoid memory leak caused by OpenSSL 0.9.7a.
- Speed up checksumming
Don't copy more than necessary.
Checksums must also work for uneven number of bytes.
HUP signal now closes connections to hosts if their host config file is
Better handling of late packets.
Make sure outgoing_t is completely freed.
- Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
Small fixes to make LZO compression work.
Small fixes.
Fix links.
Fix warning and add missing checks for LZO library.
Call make_names() before doing anything else.
If we have a Linux tun/tap device and we are in router mode, open the device
AddressFamily is "any" by default.
Remove mymac stuff from device.c.
Fixes from Wessel Danker's libavl.
More braces to make gcc happy.
Update documentation.
Update dutch translation.
Typo and conversion to UTF-8.
There are two lzo compression levels.
Really make tinc default to any addressfamily.
This subtle pointer arithmetic thingy is (I'm very sure of it) the cause
- simplify configure.in
Check for IPv6 header files.
Define logger(), cleans up source code and allows us to write log entries
Sprinkling the source with static and attributes.
Provide all missing IPv6 definitions in lib/ipv6.h.
Actually add ipv6.h.
More missing definitions.
More missing IPv6 definitions and autoconf checks to make sure it compiles
Simplify logging, update copyrights and some minor cleanups.
Update copyrights.
Removing distribution specific files from CVS.
Format string checking for logger().
Export mymac.
Make use of the CIPE driver. Woohoo, tinc for Windows!
Windows headers declare a struct interface somewhere.
Big header file cleanup: everything that has to do with standard system
Even more missing definitions.
Remove all #ifndefs from route.c
Update all device.c files.
Check for ethernet/ipv4/ipv6 related structures.
Use iface instead of interface because it might already be declared in
Oops.
No UNIX style permissions under Windows.
Be consistent.
Oops.
Check for sys/mman.h.
Use functions from logger.c
Copy cygwin driver to mingw directory. It doesn't work (yet).
Add section about configuring Cygwin and CIPE on Windows.
Option to specify pidfile location.
Use bools and enums where appropriate.
Run setup_device() after parsing configuration but before claiming we're ready.
Don't initialise a CIPHER_CTX if cipher == NULL.
Sprinkle around a lot of const and some C99 initialisers.
More generic handling of tap device under Windows.
More checks for missing functions.
Fix compile errors and warnings.
Update dutch translation and make sure all device drivers are included in
Update configure scripts.
Make sure it works.
Make sure (at least) the MinGW device driver works.
Native Windows support.
Cleanups.
Update documentation and remove stuff that's too outdated.
Remove doc/es/ and src/device.c from the distribution.
No C99 initialisers, gcc 2.95.3 doesn't like it.
Replacement for stdbool.h
Prevent definitions from messing up attributes.
Check if the compiler knows about the __malloc__ attribute.
Wrong argument.
Remove forgotten braces.
No easy way to properly detect header files...
Woops!
Wrong function...
Prevent system headers from including our own headers.
Allow whitespace in values.
Oops.
Windows has no symbolic links as we know it.
When compiling with MinGW, link with ws2_32.
Install tinc as a service under Windows (MinGW). Remove cleanup_and_exit(),
Error messages.
Cleanups and error messages.
Missing include.
Oops.
Updated dutch translation.
Explain how tinc detaches and how it is "killed" under Windows.
Typo and another thing to think about.
Clean up last part of main().
Old gcc compilers don't like declarations in the middle of a function.
Cygwin needs windows.h.
Keep Windows happy.
Remove newlines from log messages.
Update dutch translation
Simplify translation
Use our own port when connecting to ourself.
Sync CABAL branch with release-1_0 branch.
Ivo Timmermans (2):
Fix saving of debug level for startup level 0
Call RSA_blinding_on(), as advised in the paper on
Wessel Dankers (1):
its: Engels voor "van het" - 3e persoon enkelvoud, genitief, onzijdig
Version 1.0pre8 September 16 2002
------------------------------------------------------------------------
Guus Sliepen (73):
Support for MaxOS/X.
Add BindToAddress variable, similar to the late BindToIP.
Added Nick Patavalis for his RedHat package.
Informative log message if execl() failed.
Fix very stupid bug in node_del(), which might have caused corruption of
Only purge once when there are no more connections.
Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts
Make it work correctly with NetBSD tun device.
Use correct includes on NetBSD.
Cleanup:
Use inttypes.h instead of stdint.h.
- netinet/* include files depend on netinet/in_systm.h.
Added Darwin (MacOS/X) tun device handling.
Use darwin/device.c when compiling on MacOS/X.
Include darwin/device.c in distribution.
Autoconf cleanup. Works for both 2.13 and 2.53, although running autoconf
Add configuration details for NetBSD and Darwin (MacOS/X).
Reset listen_sockets after SIGHUP.
Update comments about IPv6 autoconfiguration.
s/sliepen.warande.net/sliepen.eu.org/g
Fix for prefixlengths of 32 (IPv4) and 128 (IPv6) bits.
Allow list of environment variables to be passed to execute_script().
Allow identical subnets from different owners.
Clear subnets before using them.
Started port to Cygwin.
Added stub device.c for Cygwin.
Include complete fake-getname/addrinfo from OpenSSH.
Allow tincd to be locked into main memory.
Don't bother to chown, and correctly document ConnectTo.
Added support for raw sockets. This can be used instead of tun/tap devices.
Gettext 1.11.5 compatibility.
Check for ranlib.
Replacement for the current routing algorithm.
Make sure setlocale() is available.
Drop graph and edge stuff. Use new node stuff instead.
A reachable node is always more preferable to an unreachable one...
Woops.
Reduce KEY_CHANGED traffic.
Prevent looping DEL_NODE/ADD_NODE messages after a node disconnects.
Don't forget to set prevhop to myself for new connections.
Just ignore wrong ADD_NODEs instead of replying with a DEL_NODE, in the
Revert to edge and graph stuff. This time, use a directed graph.
Small fixes.
Generalized request broadcasting/forwarding.
Updated dutch translation.
Small updates.
Run autopoint and libtoolize before creating initial makefiles.
Add missing headers.
Typo.
Only reset seqno's when a key is sent or received.
Remove global edge_tree.
edge_weight_compare() shouldn't rely on edge_compare().
Reset the *correct* seqnos.
Fix MST algorithm.
Why don't these connection_t's get cleaned up?
Cleanups:
Switch to K&R style indentation.
Switch to K&R style indentation.
Remove redundant spaces.
Let GCC check format string and arguments of send_request().
Fix compiler warnings.
Clean up after indent.
Link with libintl if necessary.
Fix placement of #include "config.h"
Make sure malloc() is declared.
What was I thinking?
MacOS/X needs #define _P1003_1B_VISIBLE in order to use mlockall().
port_t isn't used anymore and conflicts with MacOS/X headers.
Small fixes so tinc compiles out of the box on SunOS 5.8
Updated dutch translation.
Use /dev/net/tun as default for tun/tap device under Linux.
Update documentation.
Remarks about 1.0pre8 release.
Ivo Timmermans (9):
Put #ifndef checks for HAVE_RAND_PSEUDO_BYTES in the correct places.
Typo
OSX support
getnameinfo fixes
Add /sw/{include,lib} to search paths if they exist
Include a few more header files
Include netbsd's device.c in make dist
Added Alessandro Gatti
Added AM_MAINTAINER_MODE
Wessel Dankers (1):
This should work much better.
Version 1.0pre7 April 09 2002
------------------------------------------------------------------------
Guus Sliepen (9):
Make configure --help output look nicer.
Don't check_network_activity() if select() is interrupted by a signal.
check_rsa() is broken, I don't know why, just remove it for now.
Fix maskcheck() and maskcmp().
Automake forgets about depcomp, remind it.
masklength is better known as prefixlength.
masklength is better known as prefixlength
Updated dutch translation.
Remarks about 1.0pre7 release.
Version 1.0pre6 March 27 2002
------------------------------------------------------------------------
Guus Sliepen (91):
Forgot to merge new files from pre5.
Last bits of the merger.
Sensible defaults for $INTERFACE.
- If no PrivateKeyFile is specified, /etc/tinc/netname/rsa_key.priv is assumed.
Small fix.
Added support for packet compression, thanks to Mark Glines.
Don't use sa_sigaction (which NetBSD doesn't like) at all if we don't use siginfo.
Get rid of sys/signal.h.
Added device.c for NetBSD, actually a copy of the OpenBSD one.
Add check for NetBSD.
- Non-blocking connect()s.
Fix segfault when receiving HUP signal.
Use AF_UNSPEC for listening sockets if AddressFamily = any.
Forward packets in router mode.
Fix maskcmp() and maskcpy().
Cache results of lookup_subnet_...().
Protocol now also exchanges cipher/digest/maclength/compression for the
Preserve inpkt->len, needed for broadcasts.
- Use gai_strerror() where appropriate
- Change SA_LEN to SALEN, former one is already defined on some platforms.
Tweaking IPv6 support.
Allow multiple listening sockets.
Fix send_request() bug.
Make BindToInterface work.
Fix listening sockets.
If "PriorityInheritance = yes" is specified in tinc.conf, the value of the
Create/bind TCP and UDP listening sockets in pairs.
Updated documentation.
Updated dutch translation.
- Global time_t now, so that we don't have to call time() too often.
Document and clean up MAC address expiry.
Woops.
Check if BindToDevice and PriorityInheritance are supported.
Fix forwarding of IPv6 packets.
po/POTFILES and po/Makefile should not be generated by configure.
Autodetect $MAKE/gmake/make.
Small fixes to improve portability.
Don't retry to make outgoing connections when exitting.
Cleanups, spelling fixes, allow symbol names for signals (-k option),
prune_connections() before build_fdset().
Try to reply to neighbor solicitation requests.
New strategy: forward icmp6 neighbor solicitations to intended target.
Simplified implementation of Kruskal's minimum spanning tree algorithm.
Packet sequence number/authentication warnings only if debug_lvl >= 5.
Remove silly cache thingy.
Put #ifdef NEIGHBORSOL around corresponding code.
Revert changes to Kruskal's algo.
Neighbor solicitation requests now work (I think).
Oops, don't forget to actually put the checksum in the response packet.
Different way of detecting neighbor solicitation requests.
Typo.
Unmap v4mapped sockaddrs.
Only unmap IPv6 addresses.
#define s6_addr32, needed for FreeBSD.
Fix #define s6_addr32.
Remember sockaddrs of listening sockets, use appropriate one when sending
Cleanup.
Don't use s6_addr[16|32] anymore.
Updated dutch translation.
Updated SSSP algorithm to automatically detect indirect links (if a node uses
Put a break on requests that run around in circles.
- Added support for jumbograms.
Fix add_edge_h().
Fix compiler warnings, strictly use long int and %lx for options.
send_ack() was broken.
free() request strings when deleting past requests from the tree.
Don't run graph algorithms if no edge is deleted in terminate_connection().
Reset retry timeout when receiving the first PONG, not right after receiving the ACK.
Don't try to execute scripts unless they exist.
Execute hosts/name-up when a node becomes reachable, and hosts/name-down
Set $INTERFACE correctly when using ethertap while compiled with tun/tap support.
Updated dutch translation.
Respect type field.
OpenBSD tun device uses address family number instead of Ethernet type.
Configuration variables were still handled case sensitively.
Set myself->status.reachable.
Updated documentation.
Tell a little bit more about security.
Send REQ_KEY only once until ANS_KEY has arrived.
Fix execute_script().
Small correction.
Merge do_prune() with build_fdset(). Probably fixes the invalid filedescriptor error.
Extend list_t with the number of elements in the list.
Limit the amount of packets in a queue to 8.
Small updates.
Remove cruft.
Recent automake uses $(AMTAR) instead of $(TAR)
Remove symlink to device.c when doing a make dist.
Fix format strings.
Update dutch translation.
Update with information about the pre6 release.
Version 1.0pre5 February 10 2002
------------------------------------------------------------------------
Guus Sliepen (109):
Small fixes to allow correct compilation under FreeBSD (tested with 4.3)
Make sure Solaris is happy too.
Fix subnet_lookup() for overlapping subnets. Needs rethinking.
Added proxy-arp support. No more ifconfig -arp needed. Works like a charm
- tinc can now act as a switch or a hub too (as opposed to a router only)
Changed some stuff to allow correct generation of po/Makefile after a
Updated dutch translation.
- This oneliner removes the need for ifconfig tap? hw ether fe:fd:0:0:0:0
Fix bug where lookup_subnet_ipv4() could go into an infinite loop.
You can now put an option "Mode" in tinc.conf, and choose from:
Add missing? counting of total_socket_in.
Log and warn about duplicate subnet_add()'s for the same subnet.
Fixes to make switching work between hosts that have no meta-connection.
Save configure cache more often.
Changed drastically because it didn't work correctly:
Only reset seconds_till_retry when we activate the outgoing connection.
Woops - big bug in send_key_changed fixed.
- Solaris compile fixes
Check for and add -ldl.
Remove #warnings I used for debugging stuff.
Reinstated search for if_tun.h in kernel source tree, because apparently
Spanish translation removed. Nobody maintains it, and it is severely
ABOUT-NLS is created by autogen.sh.
Don't build Spanish translation.
Execute tinc-down BEFORE tap device is closed. This is a. more symmetric
es.po revived.
Also remove po/Makefile.in.in, which is generated by autogen.sh.
Log error if two hosts connect with same IP/port tuple.
Fix gcc 3.0 warnings.
Check for dlopen in standard libraries first (needed for DEC OSF).
It appears that autogen.sh doesn't like es.po if it isn't mentioned in
Update of RedHat build scripts.
Dutch translation updated.
More items marked as done.
Fix printf format bug.
Fix compiler warning.
Check for all potential duplicate entries in the id tree.
- Always use <openssl/include.h> instead of just <include.h>
Don't load table of verbose OpenSSL errormessages.
Correct inclusion of standard if_tun.h header file.
Split connection list into two lists:
Correctly use the active_tree.
Remove all unnecessary status.meta and status.active checks.
Added purge_tree for connection_t's which are no longer in the connection,
Updated terminate_connection() so you can choose if DEL_HOSTs should be
Always close all sockets in terminate_connection().
Woohoo! tinc now compiles, runs and actually *works* on Solaris!
Started writing a document about how daemons connect to each other.
Described problem in more detail.
Small update.
Correctie.
Written down a possible solution.
Discuss how sending ADD_EDGEs would be better than sending ADD_HOSTs.
More on edges.
Don't use %m in fprintf().
Write public key to rsa_key.pub instead of rsa_key.priv (if not host
The val variable in a config_t is never used as a long.
Explicitly log which type of tunnel device is used.
Don't send DEL_HOSTs when !status.meta
Fix signed comparison bug in lookup_subnet_ipv4().
Remove IndirectData support for now, new implementation will be added
Revised reconnection mechanism, always try out all ConnectTo lines.
Optional signal number for -k option.
config_t* is a const parameter in get_config_val().
- Try old TUN/TAP ioctl() request if the one from if_tun.h fails.
Not only keep track of nexthop, but also of lastbutonehop. If destination cl
Show next- and lastbutonehop when dumping connectionlist to syslog.
Try next connectto instead of the same over and over.
Fill in next- and lastbutonehop for myself.
- Renamed lastbutonehop to prevhop.
Fix bug where tinc would crash because of a portscan or a connection from a
- Use ping timeout mechanism to close connections that don't authenticate
Fix bug when dropping an old connection in favour of a new one from the
Updated dutch translation.
Started implementing doc/CONNECTIVITY.
Small corrections.
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a
Removed everything from connection.c that has already been moved to node.c and
Revamp configuration handling:
More updates to new node/vertex/connection combo.
- Split tap device stuff out of net.[ch]
Added FreeBSD tap device handling.
Solaris tun device handling cleaned up a bit and added.
Forgot to remove some old #ifdef stuff.
Added OpenBSD tun device handling. Untested though.
Forgot the tun specific stuff.
Support new files (node/vertex/device.[ch]) and OpenBSD.
Big bad commit:
Make sure everything links.
Various small fixes to make tinc runnable again.
What was I thinking? s/vertex/edge/g.
- More s/vertex/edge/g
- More changes needed for Kruskal's algorithm
Working version of Kruskal's algorithm. The running time is very bad though.
Various fixes, tinc is now somewhat capable of actually working again.
More updates to protocol handlers and reimplemented terminate_connection().
- Small fixes to graph algorithms
Don't forget to read public RSA key when making an outgoing connection.
Show cfg->variable instead of cfg->value when complaining about wrong type.
Avoid connecting to another node twice, and check name of outgoing connections.
Some very small fixes
Use PEM functions as suggested by OpenSSL docs.
Several bugfixes.
*** empty log message ***
Be liberal in what you accept: allow unknown edges to be deleted.
Correctly check if subnet owner exists.
Various fixes needed for Solaris.
More fixes for Solaris.
Merging of the entire pre5 branch.
Ivo Timmermans (32):
New make target: `make release'
Changed version number to 1.0-cvs
Don't distribute autogen.sh in a release
Don't include the debian/ dir in a release
Small fix to make it compile again
Killing tincd with SIGINT causes it to toggle between the current
Check for getaddrinfo
Check for getnameinfo, gai_strerror, freeaddrinfo
Credit OpenSSH
Check for struct addrinfo
Deprecated get_config_ip and get_config_port
Use struct addrinfo in connection_t to hold all host data such as IP
Changed prototype for lookup_connection to use struct addrinfo
Changed lookup_connection to use struct addrinfo
Removed definitions of ipv4_t, ipv6_t, port_t
Obsoleted all IP<x> types in favor of struct addrinfo
Changed to use struct addrinfo where needed.
get_config_{ip,port} removed.
Don't compile/link netutl.c.
Obsoleted.
Don't include netutl.h.
(re)added port to struct node_t
Added HAVE_STRUCT_ADDRINFO
Added dropin replacements for get*info and helper functions.
First part of rewriting things to use struct addrinfo.
lookup_node_udp changed.
Don't include netutl.h.
route_ipv4 and route_ipv6 replaced by route_ip.
get_config_subnet needs to be fixed.
Fixed silly typo: "np" instead of "no"
Don't include netutl.h.
Conversion to struct addrinfo is almost complete for this file.
Wessel Dankers (1):
make is not always GNU make.
Version 1.0pre4 May 25 2001
------------------------------------------------------------------------
Guus Sliepen (97):
Porting to FreeBSD:
- Added balanced tree management stuff as well. (It is not finished yet.)
- Simplified do_detach
- Removed stray @INCLUDE@ (how did that get there?)
- Fixed searching
- Implemented deletions
- Fix tree head/tail upon insertion
- Fixed a lot of small things. Tested everything except deletions.
- Deletion also works now.
- Small fixes
- Integrate rbl trees into tinc.
- Proper initialization of rbltree structures.
- Various small fixes.
- More fixes.
- Check for NULL tree->delete callback
- Cleaned up and checked for some more NULL pointers in rbl.c
- Write pidfile AFTER detaching...
- No more %as.
- Work with the correct key buffer in ans_key_h
- More porting to FreeBSD and Solaris.
- Fixed all (except 2) compiler warnings gcc -Wall gave.
- #include <stdlib.h> instead of <malloc.h>
- Don't link with -ldl anymore
Another big & bad commit:
- Added Armijn to the list
- Added daemon() replacement.
- Use only one socket for all UDP traffic (for compatibility)
- Don't even think about using sscanf with %as anymore
- AVL tree routines: faster than RBL, and also more stable.
- Doubled size of trace buffer for easier debugging.
- Let user choose whether keys are in the config files or separate
- Updated dutch translation.
- Check and follow symlinks in is_safe_path
- Changed license of AVL tree library to GPL.
- Updated manual pages.
- Updated texinfo manual.
- Typo.
- Changed list routines to give it the same look'n'feel as the rbl and
- Reinstated a queue for outgoing packets.
- Added header file for route.c. The routing routines in it are not used
- Description of protocol and authentication updated.
- It's 2001, all copyright notices are updated.
- Fixed IPv6 subnet lookup routine.
- Added indirectdata and tcponly functionality.
- Squashed another nasty bug.
- Sign was wrong in search_closest_smaller/greater
- Cleaned up subnet_t
- Only send out DEL_HOSTs for hosts with a meta connection
Added sample configuration directory.
- Copy entire sample-config directory to /etc/tinc/example upon installing.
- Allow ASN1 style keys to be in the config files.
FreeBSD compile fixes (thanks to XeF4)
Fix memory leak in avl_insert() if item was already inserted.
Updated dutch translation.
Removed another local definition of the variable "errno"
Added .cvsignore files to get rid of warnings and prevent autogenerated
Ignore file for src/
- Updated CVS_CREATED to remove intl/ directory and some other
Added description of the proposed new authentication scheme.
Corrected check for errors after read() calls.
Add missing \n.
Free node->data and node, not node->data twice.
Copy packets before putting them in the queue.
Encrypt network packets in CBC mode instead of CFB mode.
Implemented new authentication scheme from doc/SECURITY2.
Added process.c to the translated files.
- Make sure METAKEY is smaller than the modulus of the RSA key
Don't forget to reconnect if outgoing connection fails during
- Fixed Interface option (untested)
Removed lots of compiler warnings.
Removed compiler warning.
Various small fixes.
Added explaination of our key exchange using RSA encryption.
- route.c is now used to determine destination
Updated translation.
Added a description of what is going on in net.c and route.c, and how
Fixed a race condition triggered by receive_meta() and the new
Fixed bug in setup_signals() that would make tinc die when unexpected
Ignore alarm signals if we do not need to respond to them.
Check indirectdata option before forwarding certain requests.
Depend on new ssl package and install alias for universal TUN/TAP module.
Correctly cycle through ConnectTo variables.
- s/ip_t/ipv4_t/g
- Make sure correct information is supplied for both old kernels (with
More revisions to the documentation:
Changed URL from kernelnotes.org to linuxdoc.org.
Add randomness to PING/PONG packets to prevent crypto attacks on quiet
Since this is incompatible with some earlier versions, PROT_CURRENT is
All features for 1.0 are implemented now, we just have to check the
Only send key_changed if it was previously requested.
Small fixes:
Small corrections to the manuals.
With recent kernels the tun device file is located in /dev/net.
TCPonly now works (in a relatively clean way too).
Merged PROTOCOL, NETWORK and SECURITY2 with the texinfo manual.
Documents are merged. Now we only need to check the ports and the TCPonly
Fix sample configuration to show keys in PEM format and correct tapdevice.
Ivo Timmermans (88):
Add a check for openssl that accepts explicit file locations.
Identify version as 1.0pre4-cvs
Better checks for OpenSSL. I think it can now detect almost all conceivable installations.
Oops, small error.
Get rid of the annoying empty line
Also check for rand.h and err.h. If any of these files does not
Also check for sha.h.
Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during
Let the output from an executed script in execute_script() go to
List management and manipulation routines.
Keep a list of running children, and in each loop in main_loop(),
Move all process-related functions into process.c.
New function: xmalloc_and_zero, which initialises the allocated memory
Delete struct ifr
Move more functions from tincd.c into process.c.
Use proper prototypes.
Added this release
More function and header checks
Also include process.h
Get rid of all libtool references at once. libtool was only used by
Honor the --localstatedir option to configure, instead of hardcoded /var.
Add more checks to ensure that filedescriptors are right in
Declare fd.
Do not use the C library's daemon() call.
Do not check for the daemon() system call
Do not attempt to retreive ChangeLog information only from the CABAL
Set localstatedir to /var
Use cvs2cl instead of rcs2log to generate the ChangeLog.
Set CFLAGS to -O2 -Wall when running configure
Alter CFLAGS, somehow INCLUDES doesn't propagate properly. Still
Set errno to 0 before trying to kill the other process.
Explain how to tell configure where OpenSSL lives.
Call autogen.sh instead of configure alone; and make cvs-clean instead
Add default tinc-up and tinc-down scripts for a Debian system. These
Updated Spanish translation, provided by Enrique Zanardi.
Give an error message if daemon() failed.
Check for the function strsignal, and define it to "" if it is not
Sort items to either 1.0 or future release goals.
Use sigaction to set signal handlers, the previous commit (1.1.2.16)
Save RSA public and private keys to a separate file, instead of
dropin.c/h contain a set of drop-in replacements for non-standard C
Check for get_current_dir_name. There is a replacement function in
Added a check for a scanf that knows about %as.
Implemented a readline() function that will read an entire line into a
xstrdup now takes a const pointer as an argument.
Use readline() in read_config_file() instead of fgets.
Also free the pointer returned by readline().
Updated Dutch translation
Implemented is_safe_path, and extended ask_and_safe_open.
Read the PEM file pointed to by the configuration directive
The file is safe if it doesn't exist.
In readline(): initialise the line to zero length;
Better error checking when reading the RSA private key.
Avoid printing duplicate messages from read_rsa_keys
New function read_rsa_public_key();
All full stops have two spaces after them. (Silly commit, I know.)
Tagged `Storing private key in separate file' as done.
readline() accepts two extra parameters, buf and buflen, to avoid
Use buffer instead of line in read_config_file(), line may be assigned
Stated that distributing executables linked with OpenSSL is permitted
Include COPYING.README in the distribution.
Added documentation merger
Sort configuration directives
Option -d accepts an argument to set the debug level immediately.
Massive long awaited documentation update. It's not finished yet,
Oops. I did some VERY wrong things with readline(). Fixed now.
Tiny bits of code beautifying
Install a file in /etc/modutils/tinc, containing all necessary aliases
Ported it back to /bin/sh.
Give a warning about having to re-create the keys
Re-introduced MyVirtualIP and VpnMask, as dummy options.
Various small changes.
Include autogen.sh (needed for the Debian package).
Forget router.c
Added lint target, requires lclint.
Fix error reporting of read_config
Set Architecture to `any'
Change version to 1.0pre4
Second draft of the release notes
Merged documentation with various updates I had lying around
Get the Debian changelog up to date
Get the PO files up to date with the current source
Fixed some errors
Distribute the sample config as a .tar.gz
Unpack sample-config.tar.gz when installing
More files to ignore in CVS
tinc_TUNTAP now substitutes the values outside the AC_CACHE_CHECK
Authentication done
Wessel Dankers (1):
Important bugfix in avl_insert_before() and avl_insert_after()
Version 1.0pre3 November 09 2000
------------------------------------------------------------------------
Guus Sliepen (119):
Debian init.d script automatically sets tap device's MTU to 1448 now.
First step for implementation of the "indirectdata" directive. This should
If we have "indirectdata" flag set, we only send data to our uplink.
Large cleanup:
Added CVS Id tags to header files.
- Log possible spoofing attacks.
Hostnames are back!
Hostlookup() is actually being called now.
- More verbose connection list
Fixes some hostlookups. Fixes indirectdata for real now (hopefully).
- Indirectdata finally REALLY REALLY works now!
- Moved all connection messages to debug level 1, without -d's only the
- Fixed KEY_CHANGED notification. A lot of notify_others() calls were
- Fixed indirectdata=no problem
- Improved handling of errors on connection attempts.
- Purge old connections that are ADD_HOSTed.
- Fixes a silly little insignificant buglet.
- Extra check op EINTR bij inlezen requests
- Fixed some spelling errors.
- Fixed missing " in nl.po
- Fixed a message in nl.po
- Added log message when SIGCHLD is received ("thanks" to Ivo van Dong)
- Updated Dutch translation.
- Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
- New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
- Fixed memory leak.
- Removed segfault bug in conf.c (must have been there for ages!)
- Instead of logging an error when remote end closes the connection,
- Made tinc even more silent if no -d flag is given at all.
- Added documentation for the protocols (most important the meta protocol)
- Removed a single unused bit from status_bits_t.
- Updated PROTOCOL (a bit)
- Forgot to mention ourselves in the tincd manual page! :)
- Added Spanish translation from Enrique Zanardi.
- Updated THANKS file
- Delayed address resolving for ConnectTo lines in configuration file to
- Fixed typo.
- Added experimental hackish tunneling-over-TCP support.
- Lots o' buglets fixed (-Wall helps)
Fixed PACKET read loop.
Removed calling add_queue for tcponly packets.
- Added date/time of build and protocol number to --version output.
- Moved TCP packet reception to meta handler: less kludgy and less buggy!
- Reinstated O_NONBLOCK for meta socket
- Added two extra configuration options, Interface and InterfaceIP, to
Fixed all sprintf() spl01ts.
Ran update-po and updated dutch translation.
Commented on some size calculations.
Updated the manual:
Updated tinc.conf manual.
Fix rules (thanks to Laurence)
- Use strerror() instead of sys_errlist[] for increased portability
- New protocol. Will break everything else for now.
- Added more function skeletons for the new protocol.
- Lots of functions added for the new protocol.
- Some key exchange stuff. (Last commit before going to bed.)
- Fixed modulo in keylength check
- Lots of small changes.
Added document about the used cryptographic algorithms and the reasons
- Included authentication scheme from protocol.c
- Updated authentication scheme.
- Severe code reduction and simplification of challenge requests
- Removed options "string" stuff. It was a bad idea...
- Very detailed example of the authentication phase.
- Added meta.c which contains functions to send, receive and broadcast
- Added subnet handling code
Removing cipher directory (all will be covered by OpenSSL).
Big and bad commit of my current tree...
- Changed genauth to produce rsa keypairs instead of random passphrases.
- Generalized config file parsing to support multiple configuration trees.
- Fixing-things pass: every source file compiles into an object file now,
- Second fixing-things pass: it even links now.
- The daemon actually runs now (somewhat)
Corrected #ifdefs for tun/tap support.
- Fixing little things
- More fixing. Tinc daemons can now even create activated connections.
- Seed the PRNG using /dev/random before generating the keys.
- tinc now really does public/private key encryption! It even works, whee!
- Made Makefile.am stub for doc/es/
- Removed last reference to genauth from Makefile.am
- Fixed all debug levels.
- route.c will contain the routing logic.
- Lots of little stuff modified
- Updated subnet list handling. Subnets are added to two lists now, the
- Lots of small fixes
- Fixed offsets when reading/writing from/to tap device
- Override destination ethernet address on incoming packets with
- Very big cleanup.
- Fixed ans_key_h
- Hit people who can't figure out subnet address/mask pairs with a
- Enforce correct order of authentication requests
- Moved connlist stuff to the proper header file.
- Updated dutch translation.
- Removed old encr stuff
- Small fixes
- Use CFB mode for encrypting packets: it works and we don't need padding.
- Finishing touch: encrypt the meta connections
- Small cleanups
- Fixed some spelling mistakes and terminology here and there.
- Update.
Removed config file parsing and interface setup. This will be handled by
- Removed unused MAC strip/add functions.
- Removed even more warnings.
- Resolve scriptname after fork()
- Removed manpage for no longer existing genauth.
- connlist.c added to translation
- Don't forget to set packet cipher for added hosts.
- Forward keys in hex notation, not as binary data.
- Check for packets that are looping back.
- Simplified ping mechanism.
- Prepended config_ to all configuration option names, because it confused
Changed execution of tinc-up:
- Open UDP connection for all known hosts. Comments please.
Porting to SunOS 5.8:
Porting to SunOS 5.8:
- Fixed --config
- Applied Jamie Brigg's patch (close sockets after error)
- Add Jamie :)
- Make checkpoint tracing a compile time option (off by default)
Ivo Timmermans (77):
Alphabetized the list, added Lubom<6F>r Bulej, removed Sander Smeenk and Tijs van Bakel, put merits after all names.
Don't touch VPNMASK if it's defined, otherwise use $MSK.
These files are created by gettextize (run by autogen.sh) (should have known that).
Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries.
Merge changes from 1.6-1.8.
Configuration directive `IndirectData'.
Changed version number to 1.0pre3.
Version 1.0pre3.
Removed Free Software Foundation copyright, because Guus Sliepen contributed significantly.
Oops, and mention Guus too.
Include the Spanish translation in the distribution/build process.
(Quoting Laurence Lane:)
Also chomp $VPNMASK
Added a rule to create an rpm
Changed CVSROOT path in `make ChangeLog'
Link with OpenSSL crypto libraries instead of own blowfish library
Updated text, removed protocol flowchart
Include openssl/blowfish.h
Support for -lsocket and -lnsl on SunOS
Correct filenames for passphrases given in the example
Add Guus' name and shift out old protocol requests
Better checks for SunOS libraries
Added some structures and types that are needed for the overhaul.
New directive: Name.
First round of needed fixes after the overhaul
Second round of fixes
Added Spanish translation of the docs by Matias Carrasco
Many updates, parts rewritten, added, shuffled around.
Link with OpenSSL, forget libGMP
Updated new requirements, pointers to the manual
Don't look for GMP header files
Update Depends lines to reflect the dependencies on OpenSSL
Fix `Requirements'-section for GMP and OpenSSL libraries.
Add CVS id lines
Add checks for the presence of the universal tun/tap device driver.
Wrap the tun/tap code in #ifdef HAVE_TUNTAP
Linearized checks for if_tun.h
Really #include the if_tun.h files now
Output doc/es/Makefile
Process subdir es/
Don't declare cp_file and cp_line in xmalloc()
Get the head revision up to date with cabal
Changed changelog
Include linux/sockios.h and net/if.h anyway, regardless of the value of HAVE_TUNTAP.
read_server_config: Check for result of read_config_file.
Oops, echelon change committed to cabal... :)
Skip the check for Linux kernel sources
This file is no longer needed.
- Synchronized changelog with the package's changelog.
Do not include $(top_srcdir)/cipher, it does no longer exist.
Added a perl example to turn an IP address into a MAC address.
Only check for linux/if_tun.h once
Changed `I' to `We' - small change, lots of difference :)
More exhaustive list of changes - perhaps it can be worded differently?
Change wsl to Wessel's name and email address in the ChangeLog creation
Mention fileutils, add a pointer to THANKS for more details
Changed a few messages wrt. system calls; updated and changed the Dutch translation a bit.
Don't include shlibs, as it no longer exists.
Oops, and include doc-base.tinc (new file).
- If necessary, patch po/Makefile.in from po-Makefile.in.in.diff to
Minor cosmetic change.
Save the environment on startup.
Run the scripts tinc-up and tinc-down from a separate function, which
Warnings removal pass: always include config.h first; add a few
Small change to the way the environment is copied.
Use putenv() instead of clumsy do-it-yourself in execute_script.
Do not include the passphrases directory
In execute_script:
Add route.c to the list of source files.
Updated Dutch translation
Build-depends on libtool
Build-Depends on gettext
Final release notes added, also edited release notes for 1.0pre2 to what the announcement on the mailing list looked like.
Wrapped text to 70 (72?) columns for easy reading
Bop version number to 1.0pre3-1
Updates, updates
Add prototype for destroy_queue
Wessel Dankers (3):
File added to CABAL (hopefully)
Grrr, recommit
Added architecture section, made a start with the kernel section.
Version 1.0pre2 May 31 2000
------------------------------------------------------------------------
Ivo Timmermans (56):
Deleted the protocol description.
Perl version of the system startup script.
Only print an error with send_termreq if debug_lvl is 2 or more.
Add check for mpz_powm in libgmp3.
Version 1.0pre1-0.1.
Changed version to 1.0pre2.
Give IP address instead of hex number when connecting tcp socket failed.
Add shlibs control file for the blowfish library.
Inserted useful content.
Add initscript, tincd->tinc.
Add description, better dependancies.
Mention both upstream authors.
tincd->tinc
.deb version number 1.0pre2-0.4.
Updated to newer version.
Exit with zero status if is empty.
Unlimited length in the config file, thanks to Cris van Pelt.
Depend on perl5.
*** empty log message ***
Look if the tap devices exist before bluntly remaking them.
Use the new VpnMask directive to add a route to the rest of the VPN.
This file is generated with dpkg-buildpackage.
Read /etc/tinc/nets.boot to find the networks that have to be started.
Create a default /etc/tinc/nets.boot after installation, containing all directories under /etc/tinc by default.
Version 1.0pre2-0.3
Don't distribute the file files.
Find networks in instead of .
Include postinst in the distribution.
Errors will not terminate the script or result in a nonzero exit code.
Updated copyright notice.
Fixed typo.
Mask the vpn net with the vpn netmask, route would give an error if the netmask didn't match the net.
When VpnMask is not present in the config file, silently use $MSK as vpnmask.
Add an example of using VpnMask.
Use /etc/tinc/example as a base directory for an example. /etc/tinc/example/README points to /usr/share/doc/tinc/README.Debian.
Create an empty /etc/tinc/nets.boot.
Updated by Lubomir Bulej and Mads Kiilerich: it uses /etc/tinc/nets.boot and the VpnMask directive in the config files.
Internationalization of tinc.
Include intl/ directory in the list of subdirs.
Include system.h and ABOUT-NLS.
Update acconfig.h to include values for gettext inclusion.
Include GNU gettext checks.
Define LOCALEDIR in CFLAGS.
Dutch translation of tinc.
Bounds check for request id (between 0 and 255).
Updated changes list for version 1.0pre2.
Added new configuration directive `Hostnames', which controls the resolving of IP addresses to hostnames.
When a connection is terminated, all hosts that are still connected get notified of the lost connections.
In terminate_connection, only send a notification to hosts that are directly connected to us. (DEL_HOST gets forwarded automatically.)
Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients.
Include news for 1.0pre2.
Tell about /etc/tinc/nets.boot.
Updated Dutch translation.
Version 1.0pre2-1.
Handle locale settings.
Miscellaneous copyright updates.
Guus Sliepen (16):
Proxymode removed.
Cleanups.
Changed ping behaviour (backwards compatible). If we don't have any data
Fixed typos.
Test for existence of configured tinc networks. This will also make
Stub for VpnMask config directive.
TODO file reinstated:
VpnMask truely works now.
Typo.
Fixed last typo. Init.d now uses ifconfig command to set both the tap's IP
Documentation updates. Removed all references to configuration variable
Fix for a DoS attack:
Fixed typos. When terminating a connection, it's status is not only set to
Made tinc persistent. If no outgoing connection can be established right
Terminate a connection on any error. Furthermore, disallow del_host,
Only activate a connection upon receiving it's public key if it's an
Version 1.0pre1 May 08 2000
------------------------------------------------------------------------
Ivo Timmermans (84):
Get rid of the message `zxnrbl\'.
Upon regeneration, free the old encryption key `securely\' by overwriting it.
Kill the parent after any error conditions in detach().
Ignore SIGCHLD.
New option -D, don't detach.
Moved to version number 1.0.
Only one round of reading bits out of urandom;
Pass the requested size from xmalloc() and xrealloc() on to xalloc_fail_func()
Check for an illegal length of passphrase in read_passphrase().
Check if stdout is a terminal, if so, print a verbose message.
Default passphrase length of 1024, added -h/--help options.
Submitted by Mads Kiilerich.
New manpage for genauth.
Updated manpages.
Address for bugreports changed to tinc@nl.linux.org.
Include the directory redhat in the build process.
Include genauth.8 in the distribution.
Submitted changes by Mads Kiilerich.
A short notice from Mads Kiilerich.
Keep make dist(dir) happy.
Added cvs-clean.
These files are not needed in release 1.0.
Don't compile in `idea'.
Don't include idea/idea.h.
Don't try to create cipher/idea/Makefile.
The shell script autogen.sh can create all these removed files, but be
s/Gnome/tinc/g
This file is obsolete, most of the ideas are already in echelon.
Remove check for bigendianness.
Don't define HAVE_NAMESPACES and HAVE_STL.
Use `make ChangeLog' to create this file from the CVS logs.
Remove test for GNOME.
Changes largely from Mads Kiilerich.
Added Mads Kiilerich, removed Guus Sliepen.
*** empty log message ***
Generate this Makefile.am from Makefile.am.in.
Contributed by Mads Kiilerich.
Spelling fixes.
Delete all the files that are created by autogen.sh on a `make cvs-clean'.
Propagate CFLAGS from configure to gcc.
Don't include TODO in the dist.
Remove ChangeLog with a `make cvs-clean'.
Initial CVS.
*** empty log message ***
Create a ChangeLog file, automake requires it.
*** empty log message ***
Debug level tweaking.
From Mads Kiilerich.
The make command is in /usr/bin.
Add an entry to dir.
Omit TODO.
Version to 1.0pre1;
Filled in the details, license from libblowfish copied.
Updated version number to 1.0.
Default config file name is tinc.conf, and pidfile is tinc.pid.
More updates wrt. the change from tincd->tinc.
Added `deb' target.
Filled up the protocol structs with unused bytes.
Got rid of the nasty hacks... and replaced it by another one.
Initially, the vpn_mask of a connection is 255.255.255.255 to avoid confusion with lookup_conn.
Replaced check for status.active by status.dataopen in check_network_activity.
New way of handling the meta protocol.
Read public keys the right way (tm).
Removed debug messages.
Read one less byte from an ANS_KEY request.
Send one less byte from an ANS_KEY request.
Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility.
Key forwarding, write one byte extra.
Committed by Lubom<6F>r Bulej.
Updates by Mads Kiilerich.
Committed by Mads Kiilerich.
Fixed meta protocol.
More tincd->tinc updates.
Mentioned new metaprotocol.
Fix a typo, better handling of the info document. (from Mads Kiilerich)
Don't use error.h or error(), put #error in front of cpp errors.
getopt_long() support for platforms that don't have it.
Include stdio.h for fprintf.
More for getopt support.
Check for the existance of libdl.
Don't link in libdl.
Include sys/types.h.
Copied most of the code from the redhat script.
Added semicolons required by bash2 (Mads Kiilerich).
Guus Sliepen (18):
Added extra checks for desynchronized connection lists. Hopefully this will
Bug found! Wrong pointer was used for handling multiple ADD_HOST requests
Added checkpoints to beginning and ending of every function.
Packet queues fixed. They caused the trouble when resending keys.
Fixed typo and removed some unnecessary variables.
When trying to talk to a host that is in the netmask of a tinc server but
Converted every &variable[0] to variable.
Cleanups:
Removed write_n() function.
Oops! Reference to write_n() removed and changed into neat write() call.
Meta protocol overhaul. Tinc is now incompatible with previous versions,
Fixed small mistake that would prevent forwarding requests.
Previous fix fixed. Meta protocol should be really flawless from now on!
Replaced sprintf() by safer snprintf(), removed possible buffer overflow
Outgoing packets now use network byte order in header.
Fixes typo and UDP network byte order.
Squashed gcc warning.
Added new config variable "ProxyMode". If enabled, all outgoing packets