/*
net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2021 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com>
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno));
if(errno == ENOENT) {
- logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 keypair with `tinc -n %s generate-ed25519-keys'.", netname ? : ".");
+ logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 key pair with `tinc -n %s generate-ed25519-keys'.", netname ? netname : ".");
}
free(fname);
return false;
}
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
struct stat s;
if(fstat(fileno(fp), &s)) {
return false;
}
- if(s.st_mode & ~0100700) {
+ if(s.st_mode & ~0100700u) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for Ed25519 private key file `%s'!", fname);
}
fname, strerror(errno));
if(errno == ENOENT) {
- logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA keypair with `tinc -n %s generate-rsa-keys'.", netname ? : ".");
+ logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA key pair with `tinc -n %s generate-rsa-keys'.", netname ? netname : ".");
}
free(fname);
return false;
}
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+#ifndef HAVE_MINGW
struct stat s;
if(fstat(fileno(fp), &s)) {
return false;
}
- if(s.st_mode & ~0100700) {
+ if(s.st_mode & ~0100700u) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
}
}
#endif
+#ifndef DISABLE_LEGACY
static timeout_t keyexpire_timeout;
static void keyexpire_handler(void *data) {
keylifetime, rand() % 100000
});
}
+#endif
void regenerate_key(void) {
logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
subnet_add(NULL, s);
}
-#if !defined(IPPROTO_IP) || !defined(IP_TOS)
+#if !defined(IP_TOS)
if(priorityinheritance) {
logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv4 connections", "PriorityInheritance");
#endif
-#if !defined(IPPROTO_IPV6) || !defined(IPV6_TCLASS)
+#if !defined(IPV6_TCLASS)
if(priorityinheritance) {
logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv6 connections", "PriorityInheritance");
keylifetime = 3600;
}
- config_t *cfg = lookup_config(config_tree, "AutoConnect");
-
- if(cfg) {
- if(!get_config_bool(cfg, &autoconnect)) {
- // Some backwards compatibility with when this option was an int
- int val = 0;
- get_config_int(cfg, &val);
- autoconnect = val;
- }
+ if(!get_config_bool(lookup_config(config_tree, "AutoConnect"), &autoconnect)) {
+ autoconnect = true;
}
get_config_bool(lookup_config(config_tree, "DisableBuggyPeers"), &disablebuggypeers);
Configure node_t myself and set up the local sockets (listen only)
*/
static bool setup_myself(void) {
- char *name, *hostname, *cipher, *digest, *type;
+ char *name, *hostname, *type;
char *address = NULL;
bool port_specified = false;
free(myport);
memcpy(&sa, ai->ai_addr, ai->ai_addrlen);
+ freeaddrinfo(ai);
sockaddr2str(&sa, NULL, &myport);
}
logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
return false;
}
+
+ udp_rcvbuf_warnings = true;
}
if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
return false;
}
+
+ udp_sndbuf_warnings = true;
+ }
+
+ get_config_int(lookup_config(config_tree, "FWMark"), &fwmark);
+#ifndef SO_MARK
+
+ if(fwmark) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "FWMark not supported on this platform!");
+ return false;
}
+#endif
+
int replaywin_int;
if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
#ifndef DISABLE_LEGACY
/* Generate packet encryption key */
+ char *cipher;
+
if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
cipher = xstrdup("aes-256-cbc");
}
myself->incipher = NULL;
} else if(!(myself->incipher = cipher_open_by_name(cipher))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
+ free(cipher);
return false;
}
return false;
}
+ char *digest;
+
if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) {
digest = xstrdup("sha256");
}
myself->indigest = NULL;
} else if(!(myself->indigest = digest_open_by_name(digest, maclength))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
+ free(digest);
return false;
}
/* Compression */
if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
- if(myself->incompression < 0 || myself->incompression > 11) {
+ switch(myself->incompression) {
+ case 12:
+#ifdef HAVE_LZ4
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "LZ4 compression is unavailable on this node.");
+ return false;
+#endif
+
+ case 11:
+ case 10:
+#ifdef HAVE_LZO
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "LZO compression is unavailable on this node.");
+ return false;
+#endif
+
+ case 9:
+ case 8:
+ case 7:
+ case 6:
+ case 5:
+ case 4:
+ case 3:
+ case 2:
+ case 1:
+#ifdef HAVE_ZLIB
+ break;
+#else
logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "ZLIB compression is unavailable on this node.");
+ return false;
+#endif
+
+ case 0:
+ break;
+
+ default:
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Compression level %i is unrecognized by this node.", myself->incompression);
return false;
}
} else {
devops = raw_socket_devops;
} else if(!strcasecmp(type, "multicast")) {
devops = multicast_devops;
- } else if(!strcasecmp(type, "fd")) {
+ }
+
+#ifdef HAVE_SYS_UN_H
+ else if(!strcasecmp(type, "fd")) {
devops = fd_devops;
}
+#endif
#ifdef ENABLE_UML
else if(!strcasecmp(type, "uml")) {
devops = uml_devops;
if(myself && myself->connection) {
subnet_update(myself, NULL, false);
- connection_del(myself->connection);
+ free_connection(myself->connection);
}
for(int i = 0; i < listen_sockets; i++) {
projects / tinc / blobdiff