From: Guus Sliepen Date: Sun, 24 Aug 2003 20:38:31 +0000 (+0000) Subject: Synchronise HEAD with CABAL branch. X-Git-Tag: release-1.0.3~44 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=013a2e159e42c46808ea8d0b6abd57525db30a50;p=tinc Synchronise HEAD with CABAL branch. --- diff --git a/AUTHORS b/AUTHORS index 4721984f..ac4e1a22 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,6 +1,6 @@ Main tinc authors: -Guus Sliepen -Ivo Timmermans +Guus Sliepen +Ivo Timmermans These files are from other sources: * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from diff --git a/Makefile.am b/Makefile.am index 805c3123..8462e685 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,16 +2,17 @@ AUTOMAKE_OPTIONS = gnu -SUBDIRS = m4 intl lib src doc po +SUBDIRS = m4 lib src doc po -ACLOCAL_AMFLAGS = +ACLOCAL_AMFLAGS = -I m4 -EXTRA_DIST = system.h COPYING.README depcomp +EXTRA_DIST = config.rpath mkinstalldirs system.h COPYING.README depcomp CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ - po/tinc.pot src/.libs intl depcomp + po/tinc.pot po/*.sed po/*.header po/*.sin po/Rules-quot \ + src/.libs intl depcomp ChangeLog: cvs2cl -U cvsusers --fsf @@ -20,6 +21,7 @@ cvs-clean: maintainer-clean for f in $(CVS_CREATED) `find . -name Makefile.in` tinc-$(VERSION).tar.gz; do\ rm -Rf "$$f"; \ done + grep -l gettext `find m4 -type f` | xargs rm -f deb: dpkg-buildpackage -rfakeroot diff --git a/NEWS b/NEWS index 0317dd5a..4c7c9397 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,40 @@ +version 1.0.1 Aug 14 2003 + +* Allow empty lines in config files. + +* Fix handling of spaces and backslashes in filenames under native Windows. + +* Allow scripts to be executed under native Windows. + +* Update documentation, make it less Linux specific. + +version 1.0 Aug 4 2003 + +* Lots of small bugfixes and code cleanups. + +* Throughput doubled and latency reduced. + +* Added support for LZO compression. + +* No need to set MAC address or disable ARP anymore. + +* Added support for Windows 2000 and XP, both natively and in a Cygwin + environment. + +version 1.0pre8 Sep 16 2002 + +* More fixes for subnets with prefixlength undivisible by 8. + +* Added support for NetBSD and MacOS/X. + +* Switched from undirected graphs to directed graphs to avoid certain race + conditions and improve scalability. + +* Generalized broadcasting and forwarding of protocol messages. + +* Cleanup of source code. + + version 1.0pre7 Apr 7 2002 * Don't do blocking read()s when getting a signal. diff --git a/README b/README index d75d7f65..1024d608 100644 --- a/README +++ b/README @@ -1,10 +1,10 @@ -This is the README file for tinc version 1.0pre7. Installation +This is the README file for tinc version 1.0.1. Installation instructions may be found in the INSTALL file. -tinc is Copyright (C) 1998-2002 by: +tinc is Copyright (C) 1998-2003 by: -Ivo Timmermans , -Guus Sliepen , +Ivo Timmermans , +Guus Sliepen , and others. For a complete list of authors see the AUTHORS file. @@ -44,13 +44,19 @@ Some configuration variables have different names now. Most notably "TapDevice" should be changed into "Device", and "Device" should be changed into "BindToDevice". +Compatibility +------------- + +Version 1.0.1 is compatible with 1.0 and 1.0pre8 but not with older versions +of tinc. + Requirements ------------ Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to install this library first; grab it from -http://www.openssl.org/. We recommend version 0.9.5 or better. If +http://www.openssl.org/. You will need version 0.9.7 or later. If this library is not installed on you system, configure will fail. The manual in doc/tinc.texi contains more detailed information on how to install this library. @@ -60,8 +66,11 @@ library whether or not you plan to enable the compression. You can find it at http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we recommand that you download version 1.1.4 or later. -In order to compile tinc, you will also need autoconf, automake, GNU make, m4 -and gettext. +Since 1.0, the lzo library is also used for optional compression. You need this +library whether or not you plan to enable compression. You can find it at +http://www.oberhumer.com/opensource/lzo/. + +In order to compile tinc, you will need a GNU C compiler environment. Features @@ -70,17 +79,7 @@ Features This version of tinc supports multiple virtual networks at once. To use this feature, you may supply a netname via the -n or --net options. The standard locations for the config files will then be -/etc/tinc//. Because of this feature, tinc will send packets -directly to their destinations, instead of to the uplink. If this -behaviour is undesirable (for instance because of firewalls or other -restrictions), please use an older version of tinc (I would recommend -tinc-0.2.19). - -In order to force the kernel to accept received packets, the -destination MAC address will be set to FE:FD:00:00:00:00 upon -reception. The MAC address of the ethertap or tun/tap interface must -also be set to this address. See the manual for more detailed -information. +/etc/tinc//. tincd regenerates its encryption key pairs. It does this on the first activity after the keys have expired. This period is adjustable in the @@ -96,7 +95,7 @@ Since pre5, tinc can operate in several routing modes. The default mode, determine the destination of packets. The other two modes, "switch" and "hub", allow the tinc daemons to work together like a single network switch or hub. This is useful for bridging networks. The latter modes only work properly on -Linux and FreeBSD. +Linux, FreeBSD and Windows. The algorithms used for encryption and generating message authentication codes can now be changed in the configuration files. All cipher and digest algorithms @@ -107,11 +106,17 @@ etcetera. Support for routing IPv6 packets has been added. Just add Subnet lines with IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from the iproute package) to give the virtual network interface corresponding IPv6 -addresses. Autoconfiguration will not work in router mode. Tunneling IPv6 -packets only works on Linux, FreeBSD and possibly OpenBSD. - -It is also possible to make tunnels to other tinc daemons over IPv6 networks. -In order to enable this feature the option "AddressFamily = any" or -"AddressFamily = ipv6" must be added to the tinc.conf file. The host -configuration files should contain IPv6 addresses for the "Address" variables, -or hostnames which have an AAAA or A6 record. +addresses. tinc does not provide autoconfiguration for IPv6 hosts, if you need +it use radvd or zebra. Tunneling IPv6 packets only works on Linux, FreeBSD, +Windows and possibly OpenBSD. + +It is also possible to make tunnels to other tinc daemons over IPv6 networks, +if the operating system supports IPv6. tinc will automatically use both IPv6 +and IPv4 when available, but this can be changed by adding the option +"AddressFamily = ipv4" or "AddressFamily = ipv6" to the tinc.conf file. + +Normally, when started tinc will detach and run in the background. In a native +Windows environment this means tinc will intall itself as a service, which will +restart after reboots. To prevent tinc from detaching or running as a service, +use the -D option. + diff --git a/THANKS b/THANKS index e4cfd6d0..cbdc5a52 100644 --- a/THANKS +++ b/THANKS @@ -18,6 +18,14 @@ We would like to thank * Armijn Hemel (for being our very own PR manager) * Jerome Etienne (for a thorough security analysis of tinc) * Mark Glines (for his compression patch) + * Nick Patavalis (RedHat package) + * Alessandro Gatti (for helping us support Darwin) + * Ivo van Dong (for help during the early versions of tinc) + * Jeroen Ubbink (for help testing tinc on Free- and NetBSD) + * LarstiQ (for help testing tinc on MacOS/X) + * Marc A. Lehmann (for criticism) + * Teemu Kiviniemi (for his lzo compression patch) + * Flynn Marquardt (for help testing tinc on Solaris 2.6) for their help, support and ideas. Thank you guys! diff --git a/TODO b/TODO index c0f2ee3f..d6a6df44 100644 --- a/TODO +++ b/TODO @@ -1,5 +1,3 @@ TODO LIST -1.0: - -* A nice, secure and stable release +* Think of new things to do. diff --git a/acconfig.h b/acconfig.h deleted file mode 100644 index ff033262..00000000 --- a/acconfig.h +++ /dev/null @@ -1,91 +0,0 @@ -/* Define to the name name of this package */ -#undef PACKAGE - -/* Define to the version of the package */ -#undef VERSION - -/* Define to rpl_malloc if the replacement function should be used. */ -#undef malloc - -/* Define to rpl_realloc if the replacement function should be used. */ -#undef realloc - -/* This is always defined. It enables GNU extensions on systems that - have them. */ -#if !defined(_GNU_SOURCE) -# undef _GNU_SOURCE -#endif - -#if !defined(__USE_BSD) -# undef __USE_BSD -#endif - - -/* Define to 1 if NLS is requested. */ -#undef ENABLE_NLS - -/* Define as 1 if you have catgets and don't want to use GNU gettext. */ -#undef HAVE_CATGETS - -/* Define as 1 if you have gettext and don't want to use GNU gettext. */ -#undef HAVE_GETTEXT - -/* Define if your locale.h file contains LC_MESSAGES. */ -#undef HAVE_LC_MESSAGES - -/* Define to 1 if you have the stpcpy function. */ -#undef HAVE_STPCPY - -/* For getopt */ -#if HAVE_STDLIB_H -# define getopt system_getopt -# include -# undef getopt -#endif - -/* Linux */ -#undef HAVE_LINUX - -/* FreeBSD */ -#undef HAVE_FREEBSD - -/* OpenBSD */ -#undef HAVE_OPENBSD - -/* Solaris */ -#undef HAVE_SOLARIS - -/* NetBSD */ -#undef HAVE_NETBSD - -/* Define to the location of the kernel sources */ -#undef CONFIG_TINC_KERNELDIR - -/* Define to 1 if tun/tap support is enabled and found */ -#undef HAVE_TUNTAP - -/* Define to the location of if_tun.h */ -#undef LINUX_IF_TUN_H - -/* Define to 1 if support for jumbograms is enabled */ -#undef ENABLE_JUMBOGRAMS - -/* Define to 1 if checkpoint tracing is enabled */ -#undef ENABLE_TRACING - -/* Define to enable use of old SSLeay_add_all_algorithms() function */ -#undef HAVE_SSLEAY_ADD_ALL_ALGORITHMS - -/* Define to 1 if you want to include GCRYPT support */ -#undef USE_GCRYPT - -/* Define to 1 if you want to include OpenSSL support */ -#undef USE_OPENSSL - -#if defined(USE_GCRYPT) && defined(USE_OPENSSL) -# error You can only define one of USE_GCRYPT and USE_OPENSSL -#endif - -#if !defined(USE_GCRYPT) && !defined(USE_OPENSSL) -# error You must define exactly one of USE_GCRYPT and USE_OPENSSL -#endif diff --git a/autogen.sh b/autogen.sh index 21a0f4c1..ecdd7010 100644 --- a/autogen.sh +++ b/autogen.sh @@ -96,26 +96,14 @@ do echo processing $dr macrodirs=`sed -n -e 's,AM_ACLOCAL_INCLUDE(\(.*\)),\1,gp' < $coin` ( cd $dr - aclocalinclude="$ACLOCAL_FLAGS" - for k in $macrodirs; do - if test -d $k; then - if test -f $k/Makefile.am.in; then - make -C $k -f Makefile.am.in Makefile.am - fi - aclocalinclude="$aclocalinclude -I $k" - ##else - ## echo "**Warning**: No such directory \`$k'. Ignored." - fi - done - touch ChangeLog if grep "^AM_GNU_GETTEXT" configure.in >/dev/null; then if grep "sed.*POTFILES" configure.in >/dev/null; then : do nothing -- we still have an old unmodified configure.in else echo "Creating $dr/aclocal.m4 ..." test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 - echo "Running gettextize... Ignore non-fatal messages." - echo "no" | gettextize --force --copy + echo "Running autopoint..." + autopoint --force echo "Making $dr/aclocal.m4 writable ..." test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 fi @@ -123,8 +111,8 @@ do if grep "^AM_GNOME_GETTEXT" configure.in >/dev/null; then echo "Creating $dr/aclocal.m4 ..." test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 - echo "Running gettextize... Ignore non-fatal messages." - echo "no" | gettextize --force --copy + echo "Running autopoint..." + autopoint --force echo "Making $dr/aclocal.m4 writable ..." test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 fi @@ -132,6 +120,18 @@ do echo "Running libtoolize..." libtoolize --force --copy fi + aclocalinclude="$ACLOCAL_FLAGS" + for k in $macrodirs; do + if test -d $k; then + if test -f $k/Makefile.am.in; then + make -C $k -f Makefile.am.in Makefile.am + fi + aclocalinclude="$aclocalinclude -I $k" + ##else + ## echo "**Warning**: No such directory \`$k'. Ignored." + fi + done + touch ChangeLog echo "Running aclocal $aclocalinclude ..." aclocal $aclocalinclude if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then diff --git a/configure.in b/configure.in index 1073df9e..92cc6976 100644 --- a/configure.in +++ b/configure.in @@ -1,18 +1,24 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.19 2002/04/28 12:46:25 zarq Exp $ +dnl $Id: configure.in,v 1.20 2003/08/24 20:38:18 guus Exp $ +AC_PREREQ(2.57) AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) AM_CONFIG_HEADER(config.h) +AM_MAINTAINER_MODE dnl Include the macros from the m4/ directory AM_ACLOCAL_INCLUDE(m4) +AM_GNU_GETTEXT([external]) +AM_GNU_GETTEXT_VERSION(0.12.1) + # Enable GNU extensions. # Define this here, not in acconfig's @TOP@ section, since definitions # in the latter don't make it into the configure-time tests. -AC_DEFINE([_GNU_SOURCE], [__USE_BSD]) +AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extenstions]) +AC_DEFINE([__USE_BSD], 1, [Enable BSD extensions]) ALL_LINGUAS="nl" @@ -24,66 +30,233 @@ AC_PROG_AWK AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET -jm_PERL - +AC_PROG_RANLIB AC_ISC_POSIX dnl Check and set OS -AC_CANONICAL_HOST +#AC_CANONICAL_HOST case $host_os in *linux*) - AC_DEFINE(HAVE_LINUX) + AC_DEFINE(HAVE_LINUX, 1, [Linux]) [ rm -f src/device.c; ln -sf linux/device.c src/device.c ] ;; *freebsd*) - AC_DEFINE(HAVE_FREEBSD) + AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD]) [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] ;; + *darwin*) + AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)]) + [ rm -f src/device.c; ln -sf darwin/device.c src/device.c ] + ;; *solaris*) - AC_DEFINE(HAVE_SOLARIS) + AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS]) [ rm -f src/device.c; ln -sf solaris/device.c src/device.c ] ;; *openbsd*) - AC_DEFINE(HAVE_OPENBSD) + AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD]) [ rm -f src/device.c; ln -sf openbsd/device.c src/device.c ] ;; *netbsd*) - AC_DEFINE(HAVE_NETBSD) + AC_DEFINE(HAVE_NETBSD, 1, [NetBSD]) [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ] ;; + *cygwin*) + AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin]) + [ rm -f src/device.c; ln -sf cygwin/device.c src/device.c ] + ;; + *mingw*) + AC_DEFINE(HAVE_MINGW, 1, [MinGW]) + [ rm -f src/device.c; cp -f src/mingw/device.c src/device.c ] + LIBS="$LIBS -lws2_32" + ;; + *) + AC_MSG_ERROR("Unknown operating system.") + ;; esac AC_CACHE_SAVE +if test -d /sw/include ; then + CPPFLAGS="$CPPFLAGS -I/sw/include" +fi +if test -d /sw/lib ; then + LIBS="$LIBS -L/sw/lib" +fi + dnl Checks for libraries. dnl Checks for header files. +dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies. + AC_HEADER_STDC -AC_CHECK_HEADERS([fcntl.h limits.h sys/ioctl.h syslog.h unistd.h \ -sys/time.h malloc.h strings.h sys/file.h]) +AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h sys/mman.h netdb.h arpa/inet.h]) +AC_CHECK_HEADERS([net/if.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h], + [], [], + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + ] +) +AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h], + [], [], + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_NET_IF_H + #include + #endif + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif + #ifdef HAVE_NETINET_IN_H + #include + #endif + #ifdef HAVE_NETINET_IN6_H + #include + #endif + #ifdef HAVE_NET_ETHERNET_H + #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + ] +) +AC_CHECK_HEADERS([netinet/tcp.h netinet/ip_icmp.h netinet/icmp6.h], + [], [], + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_NET_IF_H + #include + #endif + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif + #ifdef HAVE_NETINET_IN_H + #include + #endif + #ifdef HAVE_NETINET_IP_H + #include + #endif + #ifdef HAVE_NETINET_IN6_H + #include + #endif + #ifdef HAVE_NETINET_IP6_H + #include + #endif + #ifdef HAVE_NET_ETHERNET_H + #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + #ifdef HAVE_NETINET_IF_ETHER_H + #include + #endif + ] +) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST +AC_C_VOLATILE AC_TYPE_PID_T AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM +tinc_ATTRIBUTE(__malloc__) + +AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, struct addrinfo, struct ip, struct icmp, struct in6_addr, struct sockaddr_in6, struct ip6_hdr, struct icmp6_hdr, struct nd_neighbor_solicit, struct nd_opt_hdr], , , + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_NET_IF_H + #include + #endif + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif + #ifdef HAVE_NETINET_IN_H + #include + #endif + #ifdef HAVE_NETINET_IP_H + #include + #endif + #ifdef HAVE_NETINET_TCP_H + #include + #endif + #ifdef HAVE_NETINET_IN6_H + #include + #endif + #ifdef HAVE_NETINET_IP6_H + #include + #endif + #ifdef HAVE_NET_ETHERNET_H + #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + #ifdef HAVE_NETINET_IF_ETHER_H + #include + #endif + #ifdef HAVE_NETINET_IP_ICMP_H + #include + #endif + #ifdef HAVE_NETINET_ICMP6_H + #include + #endif + ] +) + dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name]) +AC_CHECK_FUNCS([asprintf daemon fchmod fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC -AM_GNU_GETTEXT - - dnl Support for SunOS AC_CHECK_FUNC(socket, [], [ @@ -93,79 +266,36 @@ AC_CHECK_FUNC(gethostbyname, [], [ AC_CHECK_LIB(nsl, gethostbyname) ]) +AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo inet_aton]) + AC_CACHE_SAVE dnl These are defined in files in m4/ -tinc_TUNTAP - - use_gcrypt=0 - use_openssl=0 - - AC_ARG_WITH(gcrypt, - [ --with-gcrypt Use GCRYPT for all cryptographic functions], - [ - if test "x$withval" = "xyes" ; then - use_gcrypt=1 - else - use_gcrypt=0 - fi - ], - [use_gcrypt=0]) - - AC_ARG_WITH(openssl, - [ --with-openssl Use OpenSSL for all cryptographic functions], - [ - if test "x$withval" = "xyes" ; then - use_openssl=1 - else - use_openssl=0 - fi - ], - [use_openssl=0]) - - if test \( $use_gcrypt -eq 0 -a $use_openssl -eq 0 \) \ - -o \( $use_gcrypt -eq 1 -a $use_openssl -eq 1 \) ; then - cat << EOM -Error: You must select exactly one of GCRYPT or OpenSSL. -EOM - echo use_openssl=$use_openssl, use_gcrypt=$use_gcrypt - exit 1 - fi - - if test $use_gcrypt -eq 1 ; then - AC_MSG_RESULT([Selecting GCRYPT for crypto]) - tinc_GCRYPT - AC_DEFINE(USE_GCRYPT) - fi - if test $use_openssl -eq 1 ; then - AC_MSG_RESULT([Selecting OpenSSL for crypto]) - tinc_OPENSSL - AC_DEFINE(USE_OPENSSL) - fi - - tinc_ZLIB + +case $host_os in + *linux*) + tinc_TUNTAP + ;; +esac + +tinc_OPENSSL +tinc_ZLIB +tinc_LZO dnl Check if support for jumbograms is requested AC_ARG_ENABLE(jumbograms, - [ --enable-jumbograms enable support for jumbograms (packets up to 9000 bytes)], - [ AC_DEFINE(ENABLE_JUMBOGRAMS) ] + AC_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]), + [ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ] ) dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, - [ --enable-tracing enable checkpoint tracing (debugging only)], - [ AC_DEFINE(ENABLE_TRACING) ] + AC_HELP_STRING([--enable-tracing], [enable checkpoint tracing (debugging only)]), + [ AC_DEFINE(ENABLE_TRACING, 1, [Checkpoint tracing]) ] ) AC_SUBST(INCLUDES) -AC_OUTPUT(Makefile -src/Makefile -src/pokey/Makefile -doc/Makefile -doc/es/Makefile -intl/Makefile -lib/Makefile -m4/Makefile -po/Makefile.in -) +AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile doc/tincd.8 doc/tinc.conf.5 doc/tincinclude.texi lib/Makefile po/Makefile.in m4/Makefile]) + +AC_OUTPUT diff --git a/cvsusers b/cvsusers index 3d1d2d33..24b85047 100644 --- a/cvsusers +++ b/cvsusers @@ -1,3 +1,3 @@ -zarq:Ivo Timmermans -guus:Guus Sliepen +zarq:Ivo Timmermans +guus:Guus Sliepen wsl:Wessel Dankers diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 09f1230c..3af434f6 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -1,7 +1,7 @@ This document describes how nodes in a VPN find and connect to eachother and maintain a stable network. - Copyright 2001-2002 Guus Sliepen + Copyright 2001-2002 Guus Sliepen Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,343 +12,34 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.2 2002/04/12 08:25:01 guus Exp $ + $Id: CONNECTIVITY,v 1.3 2003/08/24 20:38:18 guus Exp $ -1. Problem -========== - -We have a set of nodes (A, B, C, ...) that are part of the same VPN. They need -to connect to eachother and form a single graph that satisfies the tree -property. - -There is the possibility that loops are formed, the offending connections must -be eliminated. - -Suppose we start with two smaller graphs that want to form a single larger -graph. Both graphs consist of three nodes: - - A-----B-----C - - - - D-----E-----F - -It is very well possible that A wants to connect to D, and F wants to connect -to C, both at the same time. The following loop will occur: - - A-----B-----C - | ^ - | | - v | - D-----E-----F - -The situation described here is totally symmetric, there is no preference to -one connection over the other. The problem of resolving the loop, maintaining -consistency and stability is therefore not a trivial one. - -What happens when A---D and C---F are connected to eachother? They exchange -lists of known hosts. A knows of B and C, and D knows of E and F. The protocol -defines ADD_HOST messages, from now on we will say that "node X sends and -ADD_HOST(Y) to Z". - -There are two possible scenarios: either both A---D and C---F finish -authentication at the same time, or A---D finishes first, so that ADD_HOST -messages will reach C and F before they finish authentication. - -1.1 A---D finishes first ------------------------- - -After A---D authentication finishes the following actions are taken: - - 1 A sends ADD_HOST(B) to D - A sends ADD_HOST(C) to D - D sends ADD_HOST(E) to A - D sends ADD_HOST(F) to A - - 2 A sends ADD_HOST(D) to B - A receives ADD_HOST(E) from D: - A sends ADD_HOST(E) to B - A receives ADD_HOST(F) from D: - A sends ADD_HOST(F) to B - D sends ADD_HOST(A) to E - D receives ADD_HOST(B) from A: - D sends ADD_HOST(B) to E - D receives ADD_HOST(C) from A: - D sends ADD_HOST(C) to E - - 3 B receives ADD_HOST(D) from A, - B sends ADD_HOST(D) to C - B receives ADD_HOST(E) from A: - B sends ADD_HOST(E) to C - B receives ADD_HOST(F) from A: - B sends ADD_HOST(F) to C - E receives ADD_HOST(A) from D: - E sends ADD_HOST(A) to F - E receives ADD_HOST(B) from D: - E sends ADD_HOST(B) to F - E receives ADD_HOST(C) from D: - E sends ADD_HOST(C) to F - - 4 C receives ADD_HOST(D) from B. - C receives ADD_HOST(E) from B. - C receives ADD_HOST(F) from B. - F receives ADD_HOST(A) from E. - F receives ADD_HOST(B) from E. - F receives ADD_HOST(C) from E. - -Then C---F authentication finishes, the following actions are taken: - - 1 C notes that F is already known: - Connection is closed. - F notes that C is already known: - Connection is closed. - -1.2 Both A---D and C---F finish at the same time. -------------------------------------------------- - - 1 A sends ADD_HOST(B) to D - A sends ADD_HOST(C) to D - D sends ADD_HOST(E) to A - D sends ADD_HOST(F) to A - - C sends ADD_HOST(A) to F - C sends ADD_HOST(B) to F - F sends ADD_HOST(D) to C - F sends ADD_HOST(E) to C - - 2 A sends ADD_HOST(D) to B - A receives ADD_HOST(E) from D: - A sends ADD_HOST(E) to B - A receives ADD_HOST(F) from D: - A sends ADD_HOST(F) to B - D sends ADD_HOST(A) to E - D receives ADD_HOST(B) from A: - D sends ADD_HOST(B) to E - D receives ADD_HOST(C) from A: - D sends ADD_HOST(C) to E - - C sends ADD_HOST(F) to B - C receives ADD_HOST(D) from F: - A sends ADD_HOST(D) to B - C receives ADD_HOST(E) from F: - A sends ADD_HOST(E) to B - F sends ADD_HOSTS(C) to E - F receives ADD_HOST(A) from C: - D sends ADD_HOST(A) to E - F receives ADD_HOST(B) from C: - D sends ADD_HOST(B) to E - - 3 B receives ADD_HOST(D) from A, - B sends ADD_HOST(D) to C - B receives ADD_HOST(E) from A: - B sends ADD_HOST(E) to C - B receives ADD_HOST(F) from A: - B sends ADD_HOST(F) to C - E receives ADD_HOST(A) from D: - E sends ADD_HOST(A) to F - E receives ADD_HOST(B) from D: - E sends ADD_HOST(B) to F - E receives ADD_HOST(C) from D: - E sends ADD_HOST(C) to F - - B receives ADD_HOST(F) from C, and notes that is is already known: - - B receives ADD_HOST(D) from C, and notes that is is already known: - - B receives ADD_HOST(E) from C, and notes that is is already known: - - E receives ADD_HOST(C) from F, and notes that is is already known: - - E receives ADD_HOST(A) from F, and notes that is is already known: - - E receives ADD_HOST(B) from F, and notes that is is already known: - - - 4 A receives ADD_HOST(D) from B, and notes that it is already known: - - A receives ADD_HOST(E) from B, and notes that it is already known: - - A receives ADD_HOST(F) from B, and notes that it is already known: - - F receives ADD_HOST(A) from E, and notes that it is already known: - - F receives ADD_HOST(B) from E, and notes that it is already known: - - F receives ADD_HOST(B) from E, and notes that it is already known: - +1. Synchronisation +================== - ... +Each tinc daemon has zero or more connections to other tinc daemons. It will +try to keep its own information synchronised with the other tinc daemons. If +one of its peers sends information, the tinc daemon will check if it is new +information. If so, it will update its own information and forward the new +information to all the other peers. -1.2.1 Augmenting ADD_HOST -------------------------- +This scheme will make sure that after a short amount of time all tinc daemons +share the same information. It will also almost completely prevent information +from looping, because "new" information that is already known is ignored and +not forwarded any further. However, since information can also be deleted +there's the possibility of a looping sequence of add/delete messages. This is +resolved by additionaly adding a unique identifier to each broadcasted message. +Messages are dropped if the same message with that identifier has already been +seen. -A solution would be to augment ADD_HOST with an extra parameter, the nexthop of -the added host: - - 3 B receives ADD_HOST(D,A) from A, - B sends ADD_HOST(D,A) to C - B receives ADD_HOST(E,D) from A: - B sends ADD_HOST(E,D) to C - B receives ADD_HOST(F,E) from A: - B sends ADD_HOST(F,E) to C - E receives ADD_HOST(A,D) from D: - E sends ADD_HOST(A,D) to F - E receives ADD_HOST(B,A) from D: - E sends ADD_HOST(B,A) to F - E receives ADD_HOST(C,B) from D: - E sends ADD_HOST(C,B) to F - - B receives ADD_HOST(F,C) from C, and notes that F is already known: - - B receives ADD_HOST(D,E) from C, and notes that D is already known: - - B receives ADD_HOST(E,F) from C, and notes that E is already known: - - E receives ADD_HOST(C,F) from F, and notes that C is already known: - - E receives ADD_HOST(A,B) from F, and notes that A is already known: - - E receives ADD_HOST(B,C) from F, and notes that B is already known: - - -So, B and E have to make a choice. Which ADD_HOST is going to win? Fortunately, -since the ADD_HOST messages are augmented, they have an extra piece of -information they can use to decide in a deterministic way which one is going to -win. For example, B got ADD_HOST(F,E) and ADD_HOST(F,C). Since "E" > "C", it -could let ADD_HOST(F,E) win. - - B receives ADD_HOST(F,C) from C, and notes that F is already known: - since "C" < "E", B ignores ADD_HOST(F,E) - B sends ADD_HOST(F,C) to A - ... - E receives ADD_HOST(C,F) from F, and notes that C is already known: - since "F" > "B", E removes the ADD_HOST(C,B) in favour of the new one - E sends ADD_HOST(C,F) to D - - 4 A receives ADD_HOST(F,E) from B, and notes that F is already known: - since "E" < "D", A ignores ADD_HOST(F,D). - ... - D receives ADD_HOST(C,F) from E, and notes that C is already known: - since "F" > "B", D removes the ADD_HOST(C,B), - closes the connection with C, in favour of the new one. - -Ok, time to forget this crap. - -1.2.2 ------ - -The problem with the current ADD/DEL_HOST technique is that each host only -knows the general direction in which to send packets for the other hosts. It -really doesn't know much about the true topology of the network, only about -it's direct neighbours. With so little information each host cannot make a -certain decision which it knows for sure all the others will decide too. - -Let's do something totally different. Instead of notifying every host of the -addition of a new host, which is represented by a vertex in a graph, lets send -out notifications of new connections, which are the edges in a graph. This is -rather cheap, since our graphs are (almost) spanning trees, there is -approximately one edge for each vertex in the graph, so we don't need to send -more messages. Furthermore, an edge is characterized by two vertices, so we -only send a fixed amount of extra information. The size/complexity of the -problem therefore does not increase much. - -What is the advantage of notifying each vertex of new edges instead of new -vertices? Well, all the vertices now know exactly which connections are made -between each host. This was not known with the former schemes. - -Ok back to our problem: - - A-----B-----C - - - - D-----E-----F - -Edges are undirected, and are characterised by the vertices it connects, sorted -alphabetically, so the edges in the two graphs are: - -(A,B), (B,C), (D,E) and (E,F). - -So again we have that A wants to connect to D, and F wants to connect to C, -both at the same time. The following loop will occur: - - A-----B-----C - | ^ - | | - v | - D-----E-----F - -Instead of sending ADD_HOSTs, lets assume the hosts send ADD_EDGEs. So, after -making the connections: - - 1 A sends ADD_EDGE(A,D) to B - A sends ADD_EDGE(A,B) to D - A sends ADD_EDGE(B,C) to D - D sends ADD_EDGE(A,D) to E - D sends ADD_EDGE(D,E) to A - D sends ADD_EDGE(E,F) to A - - C sends ADD_EDGE(C,F) to B - C sends ADD_EDGE(A,B) to F - C sends ADD_EDGE(B,C) to F - F sends ADD_EDGE(C,F) to E - F sends ADD_EDGE(D,E) to C - F sends ADD_EDGE(E,F) to C - - 2 B receives ADD_EDGE(A,D) from A: - B sends ADD_EDGE(A,D) to C - B receives ADD_EDGE(D,E) from A: - B sends ADD_EDGE(D,E) to C - B receives ADD_EDGE(E,F) from A: - B sends ADD_EDGE(E,F) to C - ... - - B receives ADD_EDGE(C,F) from C, notes that both C and F are already known, - but that the edge (C,F) was not known, so a loop has been created: - - -Ok, how to resolve the loop? Remeber, we want to do that in such a way that it -is consistent with the way all the other hosts resolve the loop. Here is the -things B does when it notices that a loop is going to be formed: - - B performs a Breadth First Search from the first element of the list of all - known hosts sorted alfabetically, in this case A, and thereby finds a - spanning tree. (This might later be changed into a minimum spanning tree - alhorithm, but the key point here is that all hosts do this with exactly the - same starting parameters.) All known edges that are not in the spanning tree - are marked inactive. - -An edge marked inactive does not mean anything, unless this edge is connected -to B itself. In that case, B will stop sending messages over that edge. B might -consider closing this edge, but this is not really needed. Keeping it means no -DEL_EDGE has to be sent for it, and if another edge is removed (which will -quite certainly split the graph if it's a spanning tree), this edge might be -reactivated, without the need of sending a new ADD_EDGE for it. On the other -hand, we mustn't keep to many inactive edges, because we want to keep the -number of known edges linear to the number of hosts (otherwise the size of the -problem will grow quadratically). - -So, since B didn't deactivate one of it's own edges, it forwards the -ADD_EDGE(C,F) to A, which also does a BFS, and so on, until it reaches F. F of -course also does a BFS, notes that is is one of it's own edges. It deactivates -the edge (C,F), and consequently will not forward the ADD_EDGE(C,F) to C -anymore. In the mean time, C got messages from B which will make C do the same. - -Ok, suppose a DEL_EDGE was sent, and it means an inactive edge has to be -reactivated. The vertices connected by that edge must exchange their entire -knowledge of edges again, because in the mean time other messages could have -been sent, which were not properly forwarded. Take this example: +2. Routing +========== - X C-----D - | | | - | | | - v | | - A-----B- - -E +Every node tells its peers to which other peers it is connected. This way +every node will eventually know every connection every node has on the VPN. +Each node will use graph algorithms to determine if other nodes are reachable or not and +what the best route is to other nodes. -The edge (B,E) is inactive. X is trying to make a new connection with A. A -sends an ADD_EDGE(A,X) to B, which forwards it to C. At that time, the -connection between C and D goes down, so C sends a DEL_EDGE(C,D) to B, and D -sends a DEL_EDGE(C,D) to E. If we just allow (B,E) to be reactivated again -without anything else, then E and D will never have received the ADD_EDGE(A,X). -So, B and E have to exchange edges again, and propagate them to the hosts they -already know. +Because all nodes share the same information, using a deterministic algorithm +each node will calculate the same minimum spanning tree for the entire VPN. +The MST will be used to send broadcast VPN packets. diff --git a/doc/GNUmakefile b/doc/GNUmakefile deleted file mode 100644 index 8fb7a6b7..00000000 --- a/doc/GNUmakefile +++ /dev/null @@ -1,23 +0,0 @@ -# Having a separate GNUmakefile lets me use features of GNU make -# to generate the man pages. -# This makefile is used only if you run GNU Make. -# It is necessary if you want to build targets usually of interest -# only to the maintainer. - -have-Makefile := $(shell test -f Makefile && echo yes) - -# If the user runs GNU make but has not yet run ./configure, -# give them a diagnostic. -ifeq ($(have-Makefile),yes) - -include Makefile -include $(srcdir)/Makefile.maint - -else - -all: - @echo There seems to be no Makefile in this directory. - @echo "You must run ./configure before running \`make'." - @exit 1 - -endif diff --git a/doc/HOWTO b/doc/HOWTO deleted file mode 100644 index e1b6edfe..00000000 --- a/doc/HOWTO +++ /dev/null @@ -1,175 +0,0 @@ - ============== - The TINC HOWTO - ============== - - Wessel Dankers - wsl@nl.linux.org - -Introduction ------------- -Tinc is a system to create a virtual ethernet network on top of an existing -infrastructure. This infrastructure can be anything from modem lines to -gigabit ethernet networks, as long as they talk IP. Once you install and -configure tinc, your host will get an extra IP address, just like it would -when you stick an extra ethernet card into it. Using this IP address, it can -communicate with all hosts in its virtual network using strong encryption. - -If you install Tinc on a router (and pick your numbers correctly) you can -have the router forward all packets. This way you can---instead of -connecting hosts---connect entire sites together! Now you need only one -outgoing network connection for both internet and intranet. - -Architecture ------------- -When a few Tinc daemons are running they will try to seek contact with -eachother. A daemon is all the time connected to a few other daemons, -but if traffic is required with a daemon it doesn't know yet, it will -instantly contact it and exchange keys. These so-called meta-connections -are made over TCP, using encryption of course. - -When actual traffic has to be sent, a daemon checks his connection list to -see if the addressee is known (and makes contact with it if neccessary). -All packets are then sent using UDP to the other host, just like in a real -network. If a packet gets lost, the connection layer of Linux will resend -the packet, just like it would over a normal network. - -Once in a while the daemons will renegotiate keys so that even if a cracker -breaks one, it'll be of limited use. - -Getting Tinc ------------- -Before you fetch the latest tarball, you might want to check if there's a -package for your Linux distribution. One of the main authors is a Debian -Developer, so you can expect the Debian packages to be very up to date. - -The official website for Tinc can be found at http://tinc.nl.linux.org/. -There you can find Debian packages, RPM's and of course... the tarball! -Since we run Doohickey Linux Pro 1.0, for which no package exists (or -indeed the distribution itself) we shall compile the package ourselves. - -Building --------- -The Tinc source adheres to so many standards it makes you head spin. -Even the debug messages have been localized! Amazing. Tinc also comes -with a configuration script. If you like to see what is there to -configure run ./configure --help | more. If you don't have time for such -nonsense: - - ./configure --sysconfdir=/etc - -This will see if your system is nice enough to run tinc on, and will -create some Makefiles and other stuff which will together build tinc. - - make - make install - -The first will do the actual build, the second copies all files into place. - -The kernel ----------- -Next you will have to configure the kernel to support the tap device. -It is important that you run a recent kernel, but anything after 2.2.16 -will do. You have to enable both the netlink device AND the ethertap -device (in that order). Enable them as modules! -Compile, install =) You don't even have to reboot. - -Picking your numbers --------------------- -The first thing we should do is pick network numbers. Tinc has a very -peculiar taste for network numbers, which is caused by the way it routes -traffic. However, it turns out to be really handy if you want to use -your tinc host as a router for a site. - -The numbers have to be in a range that is not yet in use in your existing, -real network! In this example we will use numbers from the 192.168.0/16 -range. This is standard CIDR notation for all IP addresses from 192.168.0.0 -to 192.168.255.255. The /16 means that the first 16 bits form the network -part. - -It is common practice for Tinc networks to use private (RFC 1918) addresses. -This is not necessary, but it would be a waste to use official addresses -for a private network! - -In the example we will connect three machines: f00f, fdiv and hlt. We will -give each an address, but not just that, also a slice of our address space -to play with. - - Host Real address Tinc network - --------------------------------------------------- - f00f 126.202.37.20 192.168.1.1/24 - fdiv 126.202.37.81 192.168.2.1/24 - hlt 103.22.1.218 192.168.3.1/24 - -It is very important that none of the Tinc netmasks overlap! Note how the -192.168.0/16 network covers the entire address space of the three hosts. -We will refer to the 192.168.0/16 network as the `umbrella' from now on. -As you can see we can fit 256 hosts into this umbrella this way, which is -also the practical maximum for tinc. Let's name our VPN 'fubar'. - -The configuration file ----------------------- -Let's create a configuration file for f00f. We have to put it in -/etc/tinc/fubar because that's how we named our VPN. - - MyOwnVPNIP = 192.168.1.1/24 - VpnMask = 255.255.0.0 - ConnectTo = 126.202.37.81 - ConnectTo = 103.22.1.218 - TapDevice = /dev/tap0 - -The first two lines tell Tinc about the numbers we have chosen above. -Using the ConnectTo lines, the daemon will seek contact with the rest of -the umbrella. It's possible to configure any number of ConnectTo lines, -you can even omit them so that it just sits and waits until someone else -contacts it. Until someone does, the poor daemon won't be able to send -any data because it doesn't know where everybody is. -The TapDevice is where the tinc daemon will interface with the kernel. - -The passphrases ---------------- -We will have to generate keys for ourselves, and get a key from everybody -we want to ConnectTo. All of these go into a directory named -/etc/tinc/fubar/passphrases. PROTECT THIS DIRECTORY! - - mkdir -m 700 /etc/tinc/fubar/passphrases - -To generate our own key: - - genauth 1024 >/etc/tinc/fubar/passphrases/local - -You should then proceed to give this key to anyone who wants to ConnectTo -you. DO THIS IN A SECURE MANNER! Anyone who has this number can do icky -things to the umbrella network! Encrypt it using PGP, GPG or another -program using asymmetric keys. Read it over the phone (without anyone -listening of course). Send it by snailmail. Write the key down and bring -it to your partners personally! - -If you get any keys from your partners, store them under their network -number. For example, the key we get from fdiv's network administrator -will be stored in /etc/tinc/fubar/passphrases/192.168.2.0 (note the 0). - -Running the daemon ------------------- -If you use a package manager to install Tinc, the startup scripts use a file -called /etc/tinc/nets.boot to see which umbrella's exist. It has a line -per VPN, and lines starting with a # are ignored. Ours will contain: - - # Example VPN from the HOWTO - fubar - -In Debian, /etc/init.d/tinc start will start the daemons. - -If you use Doohickey Linux just like we do, you'll have to edit the systems -startup scripts by hand. It should contain something along the lines of: - - insmod ethertap -s --name=tap0 unit=0 - ifconfig tap0 hw ether fe:fd:c0:a8:01:01 - ifconfig tap0 192.168.1.1 netmask 255.255.0.0 broadcast 192.168.255.255 -arp - -There are two things to note here! First, the MAC address of the ethertap -device is very important. It must start with fe:fd, and end in the -hexadecimal representation of the VPN IP number. -Second, the netmask of the tap device is set to that of the umbrella! - --- -$Id: HOWTO,v 1.6 2002/04/12 08:25:01 guus Exp $ diff --git a/doc/Makefile.am b/doc/Makefile.am index b62feb7e..f1aa7fb5 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,20 +1,12 @@ ## Process this file with automake to get Makefile.in -SUBDIRS = es - info_TEXINFOS = tinc.texi -dyn_MANS = -man_aux = $(dyn_MANS:.8=.x) - -man_MANS = tincd.8 tinc.conf.5 $(dyn_MANS) +man_MANS = tincd.8 tinc.conf.5 -PERL = @PERL@ -HELP2MAN = help2man -MAINTAINERCLEANFILES = $(dyn_MANS) +EXTRA_DIST = tincinclude.texi.in tincd.8.in tinc.conf.5.in sample-config.tar.gz -EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \ - Makefile.maint GNUmakefile Makefile.summ sample-config.tar.gz +CLEANFILES = *.html # Use `ginstall' in the definition of man_MANS to avoid # confusion with the `install' target. The install rule transforms `ginstall' @@ -23,3 +15,12 @@ transform = s/ginstall/install/; @program_transform_name@ # For additional rules usually of interest only to the maintainer, # see GNUmakefile and Makefile.maint. + +sample-config.tar.gz: sample-config + GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config + +texi2html: tinc.texi + texi2html -split=chapter tinc.texi + +%.html: $(man_MANS) + w3mman2html $< > $@ diff --git a/doc/Makefile.maint b/doc/Makefile.maint deleted file mode 100644 index 75804f0a..00000000 --- a/doc/Makefile.maint +++ /dev/null @@ -1,38 +0,0 @@ -# This -*- Makefile -*- uses features of GNU make. -# It is included via GNUmakefile. - -# The following one line summaries were extracted from the -# original man pages using this bit of sh code: -# for i in *.1; do echo "$i: "|tr -d '\012'; \ -# grep -A1 SH.NAME $i|sed '/SH NAME/d;s/^[^ ][^ ]* .- //'; done - -include Makefile.summ - -HELP2MAN-run = $(PERL) -w -- $(srcdir)/$(HELP2MAN) - -# Depend on configure.in to get version number changes. -$(dyn_MANS): $(top_srcdir)/configure.in - -# Depend on the source file containing the --help text. -# Filter out irregular cases. -regular-men = $(filter-out $(irregular-men),$(dyn_MANS)) -$(regular-men): %.8: $(top_srcdir)/src/%.c - -executable = $(patsubst %/install,%/ginstall, ../src/$(basename $@)) -$(dyn_MANS): %.8: %.x $(HELP2MAN) - @if test -f $(executable); then \ - echo "Updating man page $@"; \ - rm -f $@-t $@; \ - $(HELP2MAN-run) \ - --name="$($(basename $@)-summary)" \ - --include=$(basename $@).x \ - $(executable) > $@-t; \ - chmod -w $@-t; \ - mv $@-t $@; \ - else \ - echo "WARNING: The man page $@ cannot be updated yet."; \ - echo " Retry once the corresponding executable is built."; \ - fi - -sample-config.tar.gz: - GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config diff --git a/doc/Makefile.summ b/doc/Makefile.summ deleted file mode 100644 index a97b4924..00000000 --- a/doc/Makefile.summ +++ /dev/null @@ -1,2 +0,0 @@ -# -*- makefile -*- -tincd-summary = tinc VPN daemon diff --git a/doc/NETWORKING b/doc/NETWORKING index 902ed4e1..2162dae3 100644 --- a/doc/NETWORKING +++ b/doc/NETWORKING @@ -1,7 +1,7 @@ This is the network infrastructure documentation for tinc, a Virtual Private Network daemon. - Copyright 2001-2002 Guus Sliepen + Copyright 2001-2002 Guus Sliepen Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: NETWORKING,v 1.2 2002/04/12 08:25:01 guus Exp $ + $Id: NETWORKING,v 1.3 2003/08/24 20:38:18 guus Exp $ 1. Packet flow ============== diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 66544f10..727ba796 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -1,7 +1,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. - Copyright 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmmermans + Copyright 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmmermans Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.2 2002/04/12 08:25:01 guus Exp $ + $Id: PROTOCOL,v 1.3 2003/08/24 20:38:18 guus Exp $ 1. Protocols used in tinc @@ -69,24 +69,62 @@ synchronised. daemon message -------------------------------------------------------------------------- -origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 - | | | \___________________/ | +-> options - | | | | +----> weight - | | | +----------------> see below - | | +--> UDP port - | +----------> real address - +------------------> name of node on one side of the edge +origin ADD_EDGE node1 node2 21.32.43.54 655 222 0 + | | | | | +-> options + | | | | +----> weight + | | | +--------> UDP port of node2 + | | +----------------> real address of node2 + | +-------------------------> name of destination node + +-------------------------------> name of source node origin ADD_SUBNET node 192.168.1.0/24 | | +--> prefixlength - | +--------> IPv4 network address + | +--------> network address +------------------> owner of this subnet -------------------------------------------------------------------------- +The ADD_EDGE messages are to inform other tinc daemons that a connection between +two nodes exist. The address of the destination node is available so that +VPN packets can be sent directly to that node. + +The ADD_SUBNET messages inform other tinc daemons that certain subnets belong +to certain nodes. tinc will use it to determine to which node a VPN packet has +to be sent. + +message +------------------------------------------------------------------ +DEL_EDGE node1 node2 + | +----> name of destination node + +----------> name of source node + +DEL_SUBNET node 192.168.1.0/24 + | | +--> prefixlength + | +--------> network address + +------------------> owner of this subnet +------------------------------------------------------------------ + In case a connection between two daemons is closed or broken, DEL_EDGE messages are sent to inform the other daemons of that fact. Each daemon will calculate a new route to the the daemons, or mark them unreachable if there isn't any. +message +------------------------------------------------------------------ +REQ_KEY origin destination + | +--> name of the tinc daemon it wants the key from + +----------> name of the daemon that wants the key + +ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 + | | \______________/ | | +--> MAC length + | | | | +-----> digest algorithm + | | | +--------> cipher algorithm + | | +--> 128 bits key + | +--> name of the daemon that wants the key + +----------> name of the daemon that uses this key + +KEY_CHANGED origin + +--> daemon that has changed it's packet key +-------------------------------------------------------------------------- + The keys used to encrypt VPN packets are not sent out directly. This is because it would generate a lot of traffic on VPNs with many daemons, and chances are that not every tinc daemon will ever send a packet to every @@ -97,33 +135,17 @@ act as a proxy and forward its copy back to the requestor. daemon message -------------------------------------------------------------------------- -daemon REQ_KEY origin destination - | +--> name of the tinc daemon it wants the key from - +----------> name of the daemon that wants the key - -daemon ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 - | | \______________/ | | +--> MAC length - | | | | +-----> digest algorithm - | | | +--------> cipher algorithm - | | +--> 128 bits key - | +--> name of the daemon that wants the key - +----------> name of the daemon that uses this key - -daemon KEY_CHANGED origin - +--> daemon that has changed it's packet key +origin PING +dest. PONG -------------------------------------------------------------------------- There is also a mechanism to check if hosts are still alive. Since network failures or a crash can cause a daemon to be killed without properly shutting down the TCP connection, this is necessary to keep an up to date connection list. Pings are sent at regular intervals, except when there -is also some other traffic. - -daemon message --------------------------------------------------------------------------- -origin PING -dest. PONG --------------------------------------------------------------------------- +is also some other traffic. A little bit of salt (random data) is added +with each PING and PONG message, to make sure that long sequences of PING/PONG +messages without any other traffic won't result in known plaintext. This basically covers everything that is sent over the meta connection by tinc. diff --git a/doc/SECURITY2 b/doc/SECURITY2 index b73d34b2..138500eb 100644 --- a/doc/SECURITY2 +++ b/doc/SECURITY2 @@ -1,6 +1,6 @@ This is the security documentation for tinc, a Virtual Private Network daemon. - Copyright 2001-2002 Guus Sliepen , + Copyright 2001-2002 Guus Sliepen , 2001-2002 Wessel Dankers Permission is granted to make and distribute verbatim copies of @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY2,v 1.2 2002/04/12 08:25:01 guus Exp $ + $Id: SECURITY2,v 1.3 2003/08/24 20:38:18 guus Exp $ Proposed new authentication scheme ---------------------------------- @@ -66,17 +66,15 @@ server CHAL_REPLY 928ffe After the correct challenge replies are recieved, both ends have proved their identity. Further information is exchanged. -client ACK 655 12.23.34.45 123 0 - | | | +-> options - | | +----> estimated weight - | +------------> IP address of server as seen by client - +--------------------> UDP port of client - -server ACK 655 21.32.43.54 321 0 - | | | +-> options - | | +----> estimated weight - | +------------> IP address of client as seen by server - +--------------------> UDP port of server +client ACK 655 123 0 + | | +-> options + | +----> estimated weight + +--------> listening port of client + +server ACK 655 321 0 + | | +-> options + | +----> estimated weight + +--------> listening port of server -------------------------------------------------------------------------- This new scheme has several improvements, both in efficiency and security. diff --git a/doc/es/.cvsignore b/doc/es/.cvsignore deleted file mode 100644 index 6179e0db..00000000 --- a/doc/es/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile Makefile.in diff --git a/doc/es/Makefile.am b/doc/es/Makefile.am deleted file mode 100644 index 756d6707..00000000 --- a/doc/es/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -## Process this file with automake to get Makefile.in - -# Nothing to see here, go away! diff --git a/doc/help2man b/doc/help2man deleted file mode 100644 index 71778a92..00000000 --- a/doc/help2man +++ /dev/null @@ -1,375 +0,0 @@ -#!/usr/bin/perl -w - -# Generate a short man page from --help and --version output. -# Copyright © 1997, 98 Free Software Foundation, Inc. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software Foundation, -# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -# Written by Brendan O'Dea - -use 5.004; -use strict; -use Getopt::Long; -use POSIX qw(strftime setlocale LC_TIME); - -my $this_program = 'help2man'; -my $this_version = '1.006'; -my $version_info = < -EOT - -my $help_info = < \$opt_name, - 'include=s' => \$include, - 'opt-include=s' => \$opt_include, - 'output=s' => \$opt_output, - 'no-info' => \$opt_no_info, - help => sub { print $help_info; exit }, - version => sub { print $version_info; exit }, -) or die $help_info; - -die $help_info unless @ARGV == 1; - -my %include = (); -my @include = (); # to retain order - -# Process include file (if given). Format is: -# -# [section name] -# verbatim text - -if ($include or $opt_include) -{ - if (open INC, $include || $opt_include) - { - my $sect; - - while () - { - if (/^\[([^]]+)\]/) - { - $sect = uc $1; - $sect =~ s/^\s+//; - $sect =~ s/\s+$//; - next; - } - - # Silently ignore anything before the first - # section--allows for comments and revision info. - next unless $sect; - - push @include, $sect unless $include{$sect}; - $include{$sect} ||= ''; - $include{$sect} .= $_; - } - - close INC; - - die "$this_program: no valid information found in `$include'\n" - unless %include; - - # Compress trailing blank lines. - for (keys %include) - { - $include{$_} =~ s/\n+$//; - $include{$_} .= "\n" unless /^NAME$/; - } - } - else - { - die "$this_program: can't open `$include' ($!)\n" if $include; - } -} - -# Turn off localisation of executable's ouput. -@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - -# Turn off localisation of date (for strftime) -setlocale LC_TIME, 'C'; - -# Grab help and version paragraphs from executable -my @help = split /\n\n+/, `$ARGV[0] --help 2>/dev/null` - or die "$this_program: can't get `--help' info from $ARGV[0]\n"; - -my @version = split /\n\n+/, `$ARGV[0] --version 2>/dev/null` - or die "$this_program: can't get `--version' info from $ARGV[0]\n"; - -my $date = strftime "%B %Y", localtime; -my $program = $ARGV[0]; $program =~ s!.*/!!; -my $package = $program; -my $version; - -if ($opt_output) -{ - unlink $opt_output - or die "$this_program: can't unlink $opt_output ($!)\n" - if -e $opt_output; - - open STDOUT, ">$opt_output" - or die "$this_program: can't create $opt_output ($!)\n"; -} - -# The first line of the --version information is assumed to be in one -# of the following formats: -# -# -# -# GNU -# (GNU ) -# - GNU -# -# and seperated from any copyright/author details by a blank line. - -$_ = shift @version; - -if (/^(\S+)\s+\((GNU\s+[^)]+)\)\s+(.*)/ or - /^(\S+)\s+-\s*(GNU\s+\S+)\s+(.*)/) -{ - $program = $1; - $package = $2; - $version = $3; -} -elsif (/^(GNU\s+)?(\S+)\s+(.*)/) -{ - $program = $2; - $package = $1 ? "$1$2" : $2; - $version = $3; -} -else -{ - $version = $_; -} - -$program =~ s!.*/!!; - -# no info for `info' itself -$opt_no_info = 1 if $program eq 'info'; - -# --name overrides --include contents -$include{NAME} = "$program \\- $opt_name" if $opt_name; - -# Default (useless) NAME paragraph -$include{NAME} ||= "$program \\- manual page for $program $version"; - -# Man pages traditionally have the page title in caps. -my $PROGRAM = uc $program; - -# Header. -print < 0pt - % Only leave this space if the footline is nonempty. - % (We lessened \vsize for it in \oddfootingxxx.) - % The \baselineskip=24pt in plain's \makefootline has no effect. - \vskip 2\baselineskip - \unvbox\footlinebox - \fi - % - \ifcropmarks - \egroup % end of \vbox\bgroup - \hfil\egroup % end of (centering) \line\bgroup - \vskip\topandbottommargin plus1fill minus1fill - \boxmaxdepth = \cornerthick - \vbox to0pt{\vss - \line{% - \vbox{\moveleft\cornerthick\nsbot}% - \hfill - \vbox{\moveright\cornerthick\nsbot}% - }% - \nointerlineskip - \line{\ewbot\hfil\ewbot}% - }% - \egroup % \vbox from first cropmarks clause - \fi - }% end of \shipout\vbox - }% end of group with \turnoffactive - \advancepageno - \ifnum\outputpenalty>-20000 \else\dosupereject\fi -} - -\newinsert\margin \dimen\margin=\maxdimen - -\def\pagebody#1{\vbox to\pageheight{\boxmaxdepth=\maxdepth #1}} -{\catcode`\@ =11 -\gdef\pagecontents#1{\ifvoid\topins\else\unvbox\topins\fi -% marginal hacks, juha@viisa.uucp (Juha Takala) -\ifvoid\margin\else % marginal info is present - \rlap{\kern\hsize\vbox to\z@{\kern1pt\box\margin \vss}}\fi -\dimen@=\dp#1 \unvbox#1 -\ifvoid\footins\else\vskip\skip\footins\footnoterule \unvbox\footins\fi -\ifr@ggedbottom \kern-\dimen@ \vfil \fi} -} - -% Here are the rules for the cropmarks. Note that they are -% offset so that the space between them is truly \outerhsize or \outervsize -% (P. A. MacKay, 12 November, 1986) -% -\def\ewtop{\vrule height\cornerthick depth0pt width\cornerlong} -\def\nstop{\vbox - {\hrule height\cornerthick depth\cornerlong width\cornerthick}} -\def\ewbot{\vrule height0pt depth\cornerthick width\cornerlong} -\def\nsbot{\vbox - {\hrule height\cornerlong depth\cornerthick width\cornerthick}} - -% Parse an argument, then pass it to #1. The argument is the rest of -% the input line (except we remove a trailing comment). #1 should be a -% macro which expects an ordinary undelimited TeX argument. -% -\def\parsearg#1{% - \let\next = #1% - \begingroup - \obeylines - \futurelet\temp\parseargx -} - -% If the next token is an obeyed space (from an @example environment or -% the like), remove it and recurse. Otherwise, we're done. -\def\parseargx{% - % \obeyedspace is defined far below, after the definition of \sepspaces. - \ifx\obeyedspace\temp - \expandafter\parseargdiscardspace - \else - \expandafter\parseargline - \fi -} - -% Remove a single space (as the delimiter token to the macro call). -{\obeyspaces % - \gdef\parseargdiscardspace {\futurelet\temp\parseargx}} - -{\obeylines % - \gdef\parseargline#1^^M{% - \endgroup % End of the group started in \parsearg. - % - % First remove any @c comment, then any @comment. - % Result of each macro is put in \toks0. - \argremovec #1\c\relax % - \expandafter\argremovecomment \the\toks0 \comment\relax % - % - % Call the caller's macro, saved as \next in \parsearg. - \expandafter\next\expandafter{\the\toks0}% - }% -} - -% Since all \c{,omment} does is throw away the argument, we can let TeX -% do that for us. The \relax here is matched by the \relax in the call -% in \parseargline; it could be more or less anything, its purpose is -% just to delimit the argument to the \c. -\def\argremovec#1\c#2\relax{\toks0 = {#1}} -\def\argremovecomment#1\comment#2\relax{\toks0 = {#1}} - -% \argremovec{,omment} might leave us with trailing spaces, though; e.g., -% @end itemize @c foo -% will have two active spaces as part of the argument with the -% `itemize'. Here we remove all active spaces from #1, and assign the -% result to \toks0. -% -% This loses if there are any *other* active characters besides spaces -% in the argument -- _ ^ +, for example -- since they get expanded. -% Fortunately, Texinfo does not define any such commands. (If it ever -% does, the catcode of the characters in questionwill have to be changed -% here.) But this means we cannot call \removeactivespaces as part of -% \argremovec{,omment}, since @c uses \parsearg, and thus the argument -% that \parsearg gets might well have any character at all in it. -% -\def\removeactivespaces#1{% - \begingroup - \ignoreactivespaces - \edef\temp{#1}% - \global\toks0 = \expandafter{\temp}% - \endgroup -} - -% Change the active space to expand to nothing. -% -\begingroup - \obeyspaces - \gdef\ignoreactivespaces{\obeyspaces\let =\empty} -\endgroup - - -\def\flushcr{\ifx\par\lisppar \def\next##1{}\else \let\next=\relax \fi \next} - -%% These are used to keep @begin/@end levels from running away -%% Call \inENV within environments (after a \begingroup) -\newif\ifENV \ENVfalse \def\inENV{\ifENV\relax\else\ENVtrue\fi} -\def\ENVcheck{% -\ifENV\errmessage{Still within an environment; press RETURN to continue} -\endgroup\fi} % This is not perfect, but it should reduce lossage - -% @begin foo is the same as @foo, for now. -\newhelp\EMsimple{Press RETURN to continue.} - -\outer\def\begin{\parsearg\beginxxx} - -\def\beginxxx #1{% -\expandafter\ifx\csname #1\endcsname\relax -{\errhelp=\EMsimple \errmessage{Undefined command @begin #1}}\else -\csname #1\endcsname\fi} - -% @end foo executes the definition of \Efoo. -% -\def\end{\parsearg\endxxx} -\def\endxxx #1{% - \removeactivespaces{#1}% - \edef\endthing{\the\toks0}% - % - \expandafter\ifx\csname E\endthing\endcsname\relax - \expandafter\ifx\csname \endthing\endcsname\relax - % There's no \foo, i.e., no ``environment'' foo. - \errhelp = \EMsimple - \errmessage{Undefined command `@end \endthing'}% - \else - \unmatchedenderror\endthing - \fi - \else - % Everything's ok; the right environment has been started. - \csname E\endthing\endcsname - \fi -} - -% There is an environment #1, but it hasn't been started. Give an error. -% -\def\unmatchedenderror#1{% - \errhelp = \EMsimple - \errmessage{This `@end #1' doesn't have a matching `@#1'}% -} - -% Define the control sequence \E#1 to give an unmatched @end error. -% -\def\defineunmatchedend#1{% - \expandafter\def\csname E#1\endcsname{\unmatchedenderror{#1}}% -} - - -% Single-spacing is done by various environments (specifically, in -% \nonfillstart and \quotations). -\newskip\singlespaceskip \singlespaceskip = 12.5pt -\def\singlespace{% - % Why was this kern here? It messes up equalizing space above and below - % environments. --karl, 6may93 - %{\advance \baselineskip by -\singlespaceskip - %\kern \baselineskip}% - \setleading \singlespaceskip -} - -%% Simple single-character @ commands - -% @@ prints an @ -% Kludge this until the fonts are right (grr). -\def\@{{\tt\char64}} - -% This is turned off because it was never documented -% and you can use @w{...} around a quote to suppress ligatures. -%% Define @` and @' to be the same as ` and ' -%% but suppressing ligatures. -%\def\`{{`}} -%\def\'{{'}} - -% Used to generate quoted braces. -\def\mylbrace {{\tt\char123}} -\def\myrbrace {{\tt\char125}} -\let\{=\mylbrace -\let\}=\myrbrace -\begingroup - % Definitions to produce actual \{ & \} command in an index. - \catcode`\{ = 12 \catcode`\} = 12 - \catcode`\[ = 1 \catcode`\] = 2 - \catcode`\@ = 0 \catcode`\\ = 12 - @gdef@lbracecmd[\{]% - @gdef@rbracecmd[\}]% -@endgroup - -% Accents: @, @dotaccent @ringaccent @ubaraccent @udotaccent -% Others are defined by plain TeX: @` @' @" @^ @~ @= @v @H. -\let\, = \c -\let\dotaccent = \. -\def\ringaccent#1{{\accent23 #1}} -\let\tieaccent = \t -\let\ubaraccent = \b -\let\udotaccent = \d - -% Other special characters: @questiondown @exclamdown -% Plain TeX defines: @AA @AE @O @OE @L (and lowercase versions) @ss. -\def\questiondown{?`} -\def\exclamdown{!`} - -% Dotless i and dotless j, used for accents. -\def\imacro{i} -\def\jmacro{j} -\def\dotless#1{% - \def\temp{#1}% - \ifx\temp\imacro \ptexi - \else\ifx\temp\jmacro \j - \else \errmessage{@dotless can be used only with i or j}% - \fi\fi -} - -% Be sure we're in horizontal mode when doing a tie, since we make space -% equivalent to this in @example-like environments. Otherwise, a space -% at the beginning of a line will start with \penalty -- and -% since \penalty is valid in vertical mode, we'd end up putting the -% penalty on the vertical list instead of in the new paragraph. -{\catcode`@ = 11 - % Avoid using \@M directly, because that causes trouble - % if the definition is written into an index file. - \global\let\tiepenalty = \@M - \gdef\tie{\leavevmode\penalty\tiepenalty\ } -} - -% @: forces normal size whitespace following. -\def\:{\spacefactor=1000 } - -% @* forces a line break. -\def\*{\hfil\break\hbox{}\ignorespaces} - -% @. is an end-of-sentence period. -\def\.{.\spacefactor=3000 } - -% @! is an end-of-sentence bang. -\def\!{!\spacefactor=3000 } - -% @? is an end-of-sentence query. -\def\?{?\spacefactor=3000 } - -% @w prevents a word break. Without the \leavevmode, @w at the -% beginning of a paragraph, when TeX is still in vertical mode, would -% produce a whole line of output instead of starting the paragraph. -\def\w#1{\leavevmode\hbox{#1}} - -% @group ... @end group forces ... to be all on one page, by enclosing -% it in a TeX vbox. We use \vtop instead of \vbox to construct the box -% to keep its height that of a normal line. According to the rules for -% \topskip (p.114 of the TeXbook), the glue inserted is -% max (\topskip - \ht (first item), 0). If that height is large, -% therefore, no glue is inserted, and the space between the headline and -% the text is small, which looks bad. -% -\def\group{\begingroup - \ifnum\catcode13=\active \else - \errhelp = \groupinvalidhelp - \errmessage{@group invalid in context where filling is enabled}% - \fi - % - % The \vtop we start below produces a box with normal height and large - % depth; thus, TeX puts \baselineskip glue before it, and (when the - % next line of text is done) \lineskip glue after it. (See p.82 of - % the TeXbook.) Thus, space below is not quite equal to space - % above. But it's pretty close. - \def\Egroup{% - \egroup % End the \vtop. - \endgroup % End the \group. - }% - % - \vtop\bgroup - % We have to put a strut on the last line in case the @group is in - % the midst of an example, rather than completely enclosing it. - % Otherwise, the interline space between the last line of the group - % and the first line afterwards is too small. But we can't put the - % strut in \Egroup, since there it would be on a line by itself. - % Hence this just inserts a strut at the beginning of each line. - \everypar = {\strut}% - % - % Since we have a strut on every line, we don't need any of TeX's - % normal interline spacing. - \offinterlineskip - % - % OK, but now we have to do something about blank - % lines in the input in @example-like environments, which normally - % just turn into \lisppar, which will insert no space now that we've - % turned off the interline space. Simplest is to make them be an - % empty paragraph. - \ifx\par\lisppar - \edef\par{\leavevmode \par}% - % - % Reset ^^M's definition to new definition of \par. - \obeylines - \fi - % - % Do @comment since we are called inside an environment such as - % @example, where each end-of-line in the input causes an - % end-of-line in the output. We don't want the end-of-line after - % the `@group' to put extra space in the output. Since @group - % should appear on a line by itself (according to the Texinfo - % manual), we don't worry about eating any user text. - \comment -} -% -% TeX puts in an \escapechar (i.e., `@') at the beginning of the help -% message, so this ends up printing `@group can only ...'. -% -\newhelp\groupinvalidhelp{% -group can only be used in environments such as @example,^^J% -where each line of input produces a line of output.} - -% @need space-in-mils -% forces a page break if there is not space-in-mils remaining. - -\newdimen\mil \mil=0.001in - -\def\need{\parsearg\needx} - -% Old definition--didn't work. -%\def\needx #1{\par % -%% This method tries to make TeX break the page naturally -%% if the depth of the box does not fit. -%{\baselineskip=0pt% -%\vtop to #1\mil{\vfil}\kern -#1\mil\nobreak -%\prevdepth=-1000pt -%}} - -\def\needx#1{% - % Go into vertical mode, so we don't make a big box in the middle of a - % paragraph. - \par - % - % Don't add any leading before our big empty box, but allow a page - % break, since the best break might be right here. - \allowbreak - \nointerlineskip - \vtop to #1\mil{\vfil}% - % - % TeX does not even consider page breaks if a penalty added to the - % main vertical list is 10000 or more. But in order to see if the - % empty box we just added fits on the page, we must make it consider - % page breaks. On the other hand, we don't want to actually break the - % page after the empty box. So we use a penalty of 9999. - % - % There is an extremely small chance that TeX will actually break the - % page at this \penalty, if there are no other feasible breakpoints in - % sight. (If the user is using lots of big @group commands, which - % almost-but-not-quite fill up a page, TeX will have a hard time doing - % good page breaking, for example.) However, I could not construct an - % example where a page broke at this \penalty; if it happens in a real - % document, then we can reconsider our strategy. - \penalty9999 - % - % Back up by the size of the box, whether we did a page break or not. - \kern -#1\mil - % - % Do not allow a page break right after this kern. - \nobreak -} - -% @br forces paragraph break - -\let\br = \par - -% @dots{} output an ellipsis using the current font. -% We do .5em per period so that it has the same spacing in a typewriter -% font as three actual period characters. -% -\def\dots{% - \leavevmode - \hbox to 1.5em{% - \hskip 0pt plus 0.25fil minus 0.25fil - .\hss.\hss.% - \hskip 0pt plus 0.5fil minus 0.5fil - }% -} - -% @enddots{} is an end-of-sentence ellipsis. -% -\def\enddots{% - \leavevmode - \hbox to 2em{% - \hskip 0pt plus 0.25fil minus 0.25fil - .\hss.\hss.\hss.% - \hskip 0pt plus 0.5fil minus 0.5fil - }% - \spacefactor=3000 -} - - -% @page forces the start of a new page -% -\def\page{\par\vfill\supereject} - -% @exdent text.... -% outputs text on separate line in roman font, starting at standard page margin - -% This records the amount of indent in the innermost environment. -% That's how much \exdent should take out. -\newskip\exdentamount - -% This defn is used inside fill environments such as @defun. -\def\exdent{\parsearg\exdentyyy} -\def\exdentyyy #1{{\hfil\break\hbox{\kern -\exdentamount{\rm#1}}\hfil\break}} - -% This defn is used inside nofill environments such as @example. -\def\nofillexdent{\parsearg\nofillexdentyyy} -\def\nofillexdentyyy #1{{\advance \leftskip by -\exdentamount -\leftline{\hskip\leftskip{\rm#1}}}} - -% @inmargin{TEXT} puts TEXT in the margin next to the current paragraph. - -\def\inmargin#1{% -\strut\vadjust{\nobreak\kern-\strutdepth - \vtop to \strutdepth{\baselineskip\strutdepth\vss - \llap{\rightskip=\inmarginspacing \vbox{\noindent #1}}\null}}} -\newskip\inmarginspacing \inmarginspacing=1cm -\def\strutdepth{\dp\strutbox} - -%\hbox{{\rm#1}}\hfil\break}} - -% @include file insert text of that file as input. -% Allow normal characters that we make active in the argument (a file name). -\def\include{\begingroup - \catcode`\\=12 - \catcode`~=12 - \catcode`^=12 - \catcode`_=12 - \catcode`|=12 - \catcode`<=12 - \catcode`>=12 - \catcode`+=12 - \parsearg\includezzz} -% Restore active chars for included file. -\def\includezzz#1{\endgroup\begingroup - % Read the included file in a group so nested @include's work. - \def\thisfile{#1}% - \input\thisfile -\endgroup} - -\def\thisfile{} - -% @center line outputs that line, centered - -\def\center{\parsearg\centerzzz} -\def\centerzzz #1{{\advance\hsize by -\leftskip -\advance\hsize by -\rightskip -\centerline{#1}}} - -% @sp n outputs n lines of vertical space - -\def\sp{\parsearg\spxxx} -\def\spxxx #1{\vskip #1\baselineskip} - -% @comment ...line which is ignored... -% @c is the same as @comment -% @ignore ... @end ignore is another way to write a comment - -\def\comment{\begingroup \catcode`\^^M=\other% -\catcode`\@=\other \catcode`\{=\other \catcode`\}=\other% -\commentxxx} -{\catcode`\^^M=\other \gdef\commentxxx#1^^M{\endgroup}} - -\let\c=\comment - -% @paragraphindent is defined for the Info formatting commands only. -\let\paragraphindent=\comment - -% Prevent errors for section commands. -% Used in @ignore and in failing conditionals. -\def\ignoresections{% -\let\chapter=\relax -\let\unnumbered=\relax -\let\top=\relax -\let\unnumberedsec=\relax -\let\unnumberedsection=\relax -\let\unnumberedsubsec=\relax -\let\unnumberedsubsection=\relax -\let\unnumberedsubsubsec=\relax -\let\unnumberedsubsubsection=\relax -\let\section=\relax -\let\subsec=\relax -\let\subsubsec=\relax -\let\subsection=\relax -\let\subsubsection=\relax -\let\appendix=\relax -\let\appendixsec=\relax -\let\appendixsection=\relax -\let\appendixsubsec=\relax -\let\appendixsubsection=\relax -\let\appendixsubsubsec=\relax -\let\appendixsubsubsection=\relax -\let\contents=\relax -\let\smallbook=\relax -\let\titlepage=\relax -} - -% Used in nested conditionals, where we have to parse the Texinfo source -% and so want to turn off most commands, in case they are used -% incorrectly. -% -\def\ignoremorecommands{% - \let\defcodeindex = \relax - \let\defcv = \relax - \let\deffn = \relax - \let\deffnx = \relax - \let\defindex = \relax - \let\defivar = \relax - \let\defmac = \relax - \let\defmethod = \relax - \let\defop = \relax - \let\defopt = \relax - \let\defspec = \relax - \let\deftp = \relax - \let\deftypefn = \relax - \let\deftypefun = \relax - \let\deftypevar = \relax - \let\deftypevr = \relax - \let\defun = \relax - \let\defvar = \relax - \let\defvr = \relax - \let\ref = \relax - \let\xref = \relax - \let\printindex = \relax - \let\pxref = \relax - \let\settitle = \relax - \let\setchapternewpage = \relax - \let\setchapterstyle = \relax - \let\everyheading = \relax - \let\evenheading = \relax - \let\oddheading = \relax - \let\everyfooting = \relax - \let\evenfooting = \relax - \let\oddfooting = \relax - \let\headings = \relax - \let\include = \relax - \let\lowersections = \relax - \let\down = \relax - \let\raisesections = \relax - \let\up = \relax - \let\set = \relax - \let\clear = \relax - \let\item = \relax -} - -% Ignore @ignore ... @end ignore. -% -\def\ignore{\doignore{ignore}} - -% Ignore @ifinfo, @ifhtml, @ifnottex, @html, @menu, and @direntry text. -% -\def\ifinfo{\doignore{ifinfo}} -\def\ifhtml{\doignore{ifhtml}} -\def\ifnottex{\doignore{ifnottex}} -\def\html{\doignore{html}} -\def\menu{\doignore{menu}} -\def\direntry{\doignore{direntry}} - -% @dircategory CATEGORY -- specify a category of the dir file -% which this file should belong to. Ignore this in TeX. -\let\dircategory = \comment - -% Ignore text until a line `@end #1'. -% -\def\doignore#1{\begingroup - % Don't complain about control sequences we have declared \outer. - \ignoresections - % - % Define a command to swallow text until we reach `@end #1'. - % This @ is a catcode 12 token (that is the normal catcode of @ in - % this texinfo.tex file). We change the catcode of @ below to match. - \long\def\doignoretext##1@end #1{\enddoignore}% - % - % Make sure that spaces turn into tokens that match what \doignoretext wants. - \catcode32 = 10 - % - % Ignore braces, too, so mismatched braces don't cause trouble. - \catcode`\{ = 9 - \catcode`\} = 9 - % - % We must not have @c interpreted as a control sequence. - \catcode`\@ = 12 - % - % Make the letter c a comment character so that the rest of the line - % will be ignored. This way, the document can have (for example) - % @c @end ifinfo - % and the @end ifinfo will be properly ignored. - % (We've just changed @ to catcode 12.) - \catcode`\c = 14 - % - % And now expand that command. - \doignoretext -} - -% What we do to finish off ignored text. -% -\def\enddoignore{\endgroup\ignorespaces}% - -\newif\ifwarnedobs\warnedobsfalse -\def\obstexwarn{% - \ifwarnedobs\relax\else - % We need to warn folks that they may have trouble with TeX 3.0. - % This uses \immediate\write16 rather than \message to get newlines. - \immediate\write16{} - \immediate\write16{***WARNING*** for users of Unix TeX 3.0!} - \immediate\write16{This manual trips a bug in TeX version 3.0 (tex hangs).} - \immediate\write16{If you are running another version of TeX, relax.} - \immediate\write16{If you are running Unix TeX 3.0, kill this TeX process.} - \immediate\write16{ Then upgrade your TeX installation if you can.} - \immediate\write16{ (See ftp://ftp.gnu.org/pub/gnu/TeX.README.)} - \immediate\write16{If you are stuck with version 3.0, run the} - \immediate\write16{ script ``tex3patch'' from the Texinfo distribution} - \immediate\write16{ to use a workaround.} - \immediate\write16{} - \global\warnedobstrue - \fi -} - -% **In TeX 3.0, setting text in \nullfont hangs tex. For a -% workaround (which requires the file ``dummy.tfm'' to be installed), -% uncomment the following line: -%%%%%\font\nullfont=dummy\let\obstexwarn=\relax - -% Ignore text, except that we keep track of conditional commands for -% purposes of nesting, up to an `@end #1' command. -% -\def\nestedignore#1{% - \obstexwarn - % We must actually expand the ignored text to look for the @end - % command, so that nested ignore constructs work. Thus, we put the - % text into a \vbox and then do nothing with the result. To minimize - % the change of memory overflow, we follow the approach outlined on - % page 401 of the TeXbook: make the current font be a dummy font. - % - \setbox0 = \vbox\bgroup - % Don't complain about control sequences we have declared \outer. - \ignoresections - % - % Define `@end #1' to end the box, which will in turn undefine the - % @end command again. - \expandafter\def\csname E#1\endcsname{\egroup\ignorespaces}% - % - % We are going to be parsing Texinfo commands. Most cause no - % trouble when they are used incorrectly, but some commands do - % complicated argument parsing or otherwise get confused, so we - % undefine them. - % - % We can't do anything about stray @-signs, unfortunately; - % they'll produce `undefined control sequence' errors. - \ignoremorecommands - % - % Set the current font to be \nullfont, a TeX primitive, and define - % all the font commands to also use \nullfont. We don't use - % dummy.tfm, as suggested in the TeXbook, because not all sites - % might have that installed. Therefore, math mode will still - % produce output, but that should be an extremely small amount of - % stuff compared to the main input. - % - \nullfont - \let\tenrm = \nullfont \let\tenit = \nullfont \let\tensl = \nullfont - \let\tenbf = \nullfont \let\tentt = \nullfont \let\smallcaps = \nullfont - \let\tensf = \nullfont - % Similarly for index fonts (mostly for their use in - % smallexample) - \let\indrm = \nullfont \let\indit = \nullfont \let\indsl = \nullfont - \let\indbf = \nullfont \let\indtt = \nullfont \let\indsc = \nullfont - \let\indsf = \nullfont - % - % Don't complain when characters are missing from the fonts. - \tracinglostchars = 0 - % - % Don't bother to do space factor calculations. - \frenchspacing - % - % Don't report underfull hboxes. - \hbadness = 10000 - % - % Do minimal line-breaking. - \pretolerance = 10000 - % - % Do not execute instructions in @tex - \def\tex{\doignore{tex}}% - % Do not execute macro definitions. - % `c' is a comment character, so the word `macro' will get cut off. - \def\macro{\doignore{ma}}% -} - -% @set VAR sets the variable VAR to an empty value. -% @set VAR REST-OF-LINE sets VAR to the value REST-OF-LINE. -% -% Since we want to separate VAR from REST-OF-LINE (which might be -% empty), we can't just use \parsearg; we have to insert a space of our -% own to delimit the rest of the line, and then take it out again if we -% didn't need it. Make sure the catcode of space is correct to avoid -% losing inside @example, for instance. -% -\def\set{\begingroup\catcode` =10 - \catcode`\-=12 \catcode`\_=12 % Allow - and _ in VAR. - \parsearg\setxxx} -\def\setxxx#1{\setyyy#1 \endsetyyy} -\def\setyyy#1 #2\endsetyyy{% - \def\temp{#2}% - \ifx\temp\empty \global\expandafter\let\csname SET#1\endcsname = \empty - \else \setzzz{#1}#2\endsetzzz % Remove the trailing space \setxxx inserted. - \fi - \endgroup -} -% Can't use \xdef to pre-expand #2 and save some time, since \temp or -% \next or other control sequences that we've defined might get us into -% an infinite loop. Consider `@set foo @cite{bar}'. -\def\setzzz#1#2 \endsetzzz{\expandafter\gdef\csname SET#1\endcsname{#2}} - -% @clear VAR clears (i.e., unsets) the variable VAR. -% -\def\clear{\parsearg\clearxxx} -\def\clearxxx#1{\global\expandafter\let\csname SET#1\endcsname=\relax} - -% @value{foo} gets the text saved in variable foo. -% -{ - \catcode`\_ = \active - % - % We might end up with active _ or - characters in the argument if - % we're called from @code, as @code{@value{foo-bar_}}. So \let any - % such active characters to their normal equivalents. - \gdef\value{\begingroup - \catcode`\-=12 \catcode`\_=12 - \indexbreaks \let_\normalunderscore - \valuexxx} -} -\def\valuexxx#1{\expandablevalue{#1}\endgroup} - -% We have this subroutine so that we can handle at least some @value's -% properly in indexes (we \let\value to this in \indexdummies). Ones -% whose names contain - or _ still won't work, but we can't do anything -% about that. The command has to be fully expandable, since the result -% winds up in the index file. This means that if the variable's value -% contains other Texinfo commands, it's almost certain it will fail -% (although perhaps we could fix that with sufficient work to do a -% one-level expansion on the result, instead of complete). -% -\def\expandablevalue#1{% - \expandafter\ifx\csname SET#1\endcsname\relax - {[No value for ``#1'']}% - \else - \csname SET#1\endcsname - \fi -} - -% @ifset VAR ... @end ifset reads the `...' iff VAR has been defined -% with @set. -% -\def\ifset{\parsearg\ifsetxxx} -\def\ifsetxxx #1{% - \expandafter\ifx\csname SET#1\endcsname\relax - \expandafter\ifsetfail - \else - \expandafter\ifsetsucceed - \fi -} -\def\ifsetsucceed{\conditionalsucceed{ifset}} -\def\ifsetfail{\nestedignore{ifset}} -\defineunmatchedend{ifset} - -% @ifclear VAR ... @end ifclear reads the `...' iff VAR has never been -% defined with @set, or has been undefined with @clear. -% -\def\ifclear{\parsearg\ifclearxxx} -\def\ifclearxxx #1{% - \expandafter\ifx\csname SET#1\endcsname\relax - \expandafter\ifclearsucceed - \else - \expandafter\ifclearfail - \fi -} -\def\ifclearsucceed{\conditionalsucceed{ifclear}} -\def\ifclearfail{\nestedignore{ifclear}} -\defineunmatchedend{ifclear} - -% @iftex, @ifnothtml, @ifnotinfo always succeed; we read the text -% following, through the first @end iftex (etc.). Make `@end iftex' -% (etc.) valid only after an @iftex. -% -\def\iftex{\conditionalsucceed{iftex}} -\def\ifnothtml{\conditionalsucceed{ifnothtml}} -\def\ifnotinfo{\conditionalsucceed{ifnotinfo}} -\defineunmatchedend{iftex} -\defineunmatchedend{ifnothtml} -\defineunmatchedend{ifnotinfo} - -% We can't just want to start a group at @iftex (for example) and end it -% at @end iftex, since then @set commands inside the conditional have no -% effect (they'd get reverted at the end of the group). So we must -% define \Eiftex to redefine itself to be its previous value. (We can't -% just define it to fail again with an ``unmatched end'' error, since -% the @ifset might be nested.) -% -\def\conditionalsucceed#1{% - \edef\temp{% - % Remember the current value of \E#1. - \let\nece{prevE#1} = \nece{E#1}% - % - % At the `@end #1', redefine \E#1 to be its previous value. - \def\nece{E#1}{\let\nece{E#1} = \nece{prevE#1}}% - }% - \temp -} - -% We need to expand lots of \csname's, but we don't want to expand the -% control sequences after we've constructed them. -% -\def\nece#1{\expandafter\noexpand\csname#1\endcsname} - -% @asis just yields its argument. Used with @table, for example. -% -\def\asis#1{#1} - -% @math means output in math mode. -% We don't use $'s directly in the definition of \math because control -% sequences like \math are expanded when the toc file is written. Then, -% we read the toc file back, the $'s will be normal characters (as they -% should be, according to the definition of Texinfo). So we must use a -% control sequence to switch into and out of math mode. -% -% This isn't quite enough for @math to work properly in indices, but it -% seems unlikely it will ever be needed there. -% -\let\implicitmath = $ -\def\math#1{\implicitmath #1\implicitmath} - -% @bullet and @minus need the same treatment as @math, just above. -\def\bullet{\implicitmath\ptexbullet\implicitmath} -\def\minus{\implicitmath-\implicitmath} - -% @refill is a no-op. -\let\refill=\relax - -% If working on a large document in chapters, it is convenient to -% be able to disable indexing, cross-referencing, and contents, for test runs. -% This is done with @novalidate (before @setfilename). -% -\newif\iflinks \linkstrue % by default we want the aux files. -\let\novalidate = \linksfalse - -% @setfilename is done at the beginning of every texinfo file. -% So open here the files we need to have open while reading the input. -% This makes it possible to make a .fmt file for texinfo. -\def\setfilename{% - \iflinks - \readauxfile - \fi % \openindices needs to do some work in any case. - \openindices - \fixbackslash % Turn off hack to swallow `\input texinfo'. - \global\let\setfilename=\comment % Ignore extra @setfilename cmds. - % - % If texinfo.cnf is present on the system, read it. - % Useful for site-wide @afourpaper, etc. - % Just to be on the safe side, close the input stream before the \input. - \openin 1 texinfo.cnf - \ifeof1 \let\temp=\relax \else \def\temp{\input texinfo.cnf }\fi - \closein1 - \temp - % - \comment % Ignore the actual filename. -} - -% Called from \setfilename. -% -\def\openindices{% - \newindex{cp}% - \newcodeindex{fn}% - \newcodeindex{vr}% - \newcodeindex{tp}% - \newcodeindex{ky}% - \newcodeindex{pg}% -} - -% @bye. -\outer\def\bye{\pagealignmacro\tracingstats=1\ptexend} - - -\message{fonts,} -% Font-change commands. - -% Texinfo sort of supports the sans serif font style, which plain TeX does not. -% So we set up a \sf analogous to plain's \rm, etc. -\newfam\sffam -\def\sf{\fam=\sffam \tensf} -\let\li = \sf % Sometimes we call it \li, not \sf. - -% We don't need math for this one. -\def\ttsl{\tenttsl} - -% Use Computer Modern fonts at \magstephalf (11pt). -\newcount\mainmagstep -\mainmagstep=\magstephalf - -% Set the font macro #1 to the font named #2, adding on the -% specified font prefix (normally `cm'). -% #3 is the font's design size, #4 is a scale factor -\def\setfont#1#2#3#4{\font#1=\fontprefix#2#3 scaled #4} - -% Use cm as the default font prefix. -% To specify the font prefix, you must define \fontprefix -% before you read in texinfo.tex. -\ifx\fontprefix\undefined -\def\fontprefix{cm} -\fi -% Support font families that don't use the same naming scheme as CM. -\def\rmshape{r} -\def\rmbshape{bx} %where the normal face is bold -\def\bfshape{b} -\def\bxshape{bx} -\def\ttshape{tt} -\def\ttbshape{tt} -\def\ttslshape{sltt} -\def\itshape{ti} -\def\itbshape{bxti} -\def\slshape{sl} -\def\slbshape{bxsl} -\def\sfshape{ss} -\def\sfbshape{ss} -\def\scshape{csc} -\def\scbshape{csc} - -\ifx\bigger\relax -\let\mainmagstep=\magstep1 -\setfont\textrm\rmshape{12}{1000} -\setfont\texttt\ttshape{12}{1000} -\else -\setfont\textrm\rmshape{10}{\mainmagstep} -\setfont\texttt\ttshape{10}{\mainmagstep} -\fi -% Instead of cmb10, you many want to use cmbx10. -% cmbx10 is a prettier font on its own, but cmb10 -% looks better when embedded in a line with cmr10. -\setfont\textbf\bfshape{10}{\mainmagstep} -\setfont\textit\itshape{10}{\mainmagstep} -\setfont\textsl\slshape{10}{\mainmagstep} -\setfont\textsf\sfshape{10}{\mainmagstep} -\setfont\textsc\scshape{10}{\mainmagstep} -\setfont\textttsl\ttslshape{10}{\mainmagstep} -\font\texti=cmmi10 scaled \mainmagstep -\font\textsy=cmsy10 scaled \mainmagstep - -% A few fonts for @defun, etc. -\setfont\defbf\bxshape{10}{\magstep1} %was 1314 -\setfont\deftt\ttshape{10}{\magstep1} -\def\df{\let\tentt=\deftt \let\tenbf = \defbf \bf} - -% Fonts for indices and small examples (9pt). -% We actually use the slanted font rather than the italic, -% because texinfo normally uses the slanted fonts for that. -% Do not make many font distinctions in general in the index, since they -% aren't very useful. -\setfont\ninett\ttshape{9}{1000} -\setfont\ninettsl\ttslshape{10}{900} -\setfont\indrm\rmshape{9}{1000} -\setfont\indit\itshape{9}{1000} -\setfont\indsl\slshape{9}{1000} -\let\indtt=\ninett -\let\indttsl=\ninettsl -\let\indsf=\indrm -\let\indbf=\indrm -\setfont\indsc\scshape{10}{900} -\font\indi=cmmi9 -\font\indsy=cmsy9 - -% Fonts for title page: -\setfont\titlerm\rmbshape{12}{\magstep3} -\setfont\titleit\itbshape{10}{\magstep4} -\setfont\titlesl\slbshape{10}{\magstep4} -\setfont\titlett\ttbshape{12}{\magstep3} -\setfont\titlettsl\ttslshape{10}{\magstep4} -\setfont\titlesf\sfbshape{17}{\magstep1} -\let\titlebf=\titlerm -\setfont\titlesc\scbshape{10}{\magstep4} -\font\titlei=cmmi12 scaled \magstep3 -\font\titlesy=cmsy10 scaled \magstep4 -\def\authorrm{\secrm} - -% Chapter (and unnumbered) fonts (17.28pt). -\setfont\chaprm\rmbshape{12}{\magstep2} -\setfont\chapit\itbshape{10}{\magstep3} -\setfont\chapsl\slbshape{10}{\magstep3} -\setfont\chaptt\ttbshape{12}{\magstep2} -\setfont\chapttsl\ttslshape{10}{\magstep3} -\setfont\chapsf\sfbshape{17}{1000} -\let\chapbf=\chaprm -\setfont\chapsc\scbshape{10}{\magstep3} -\font\chapi=cmmi12 scaled \magstep2 -\font\chapsy=cmsy10 scaled \magstep3 - -% Section fonts (14.4pt). -\setfont\secrm\rmbshape{12}{\magstep1} -\setfont\secit\itbshape{10}{\magstep2} -\setfont\secsl\slbshape{10}{\magstep2} -\setfont\sectt\ttbshape{12}{\magstep1} -\setfont\secttsl\ttslshape{10}{\magstep2} -\setfont\secsf\sfbshape{12}{\magstep1} -\let\secbf\secrm -\setfont\secsc\scbshape{10}{\magstep2} -\font\seci=cmmi12 scaled \magstep1 -\font\secsy=cmsy10 scaled \magstep2 - -% \setfont\ssecrm\bxshape{10}{\magstep1} % This size an font looked bad. -% \setfont\ssecit\itshape{10}{\magstep1} % The letters were too crowded. -% \setfont\ssecsl\slshape{10}{\magstep1} -% \setfont\ssectt\ttshape{10}{\magstep1} -% \setfont\ssecsf\sfshape{10}{\magstep1} - -%\setfont\ssecrm\bfshape{10}{1315} % Note the use of cmb rather than cmbx. -%\setfont\ssecit\itshape{10}{1315} % Also, the size is a little larger than -%\setfont\ssecsl\slshape{10}{1315} % being scaled magstep1. -%\setfont\ssectt\ttshape{10}{1315} -%\setfont\ssecsf\sfshape{10}{1315} - -%\let\ssecbf=\ssecrm - -% Subsection fonts (13.15pt). -\setfont\ssecrm\rmbshape{12}{\magstephalf} -\setfont\ssecit\itbshape{10}{1315} -\setfont\ssecsl\slbshape{10}{1315} -\setfont\ssectt\ttbshape{12}{\magstephalf} -\setfont\ssecttsl\ttslshape{10}{1315} -\setfont\ssecsf\sfbshape{12}{\magstephalf} -\let\ssecbf\ssecrm -\setfont\ssecsc\scbshape{10}{\magstep1} -\font\sseci=cmmi12 scaled \magstephalf -\font\ssecsy=cmsy10 scaled 1315 -% The smallcaps and symbol fonts should actually be scaled \magstep1.5, -% but that is not a standard magnification. - -% In order for the font changes to affect most math symbols and letters, -% we have to define the \textfont of the standard families. Since -% texinfo doesn't allow for producing subscripts and superscripts, we -% don't bother to reset \scriptfont and \scriptscriptfont (which would -% also require loading a lot more fonts). -% -\def\resetmathfonts{% - \textfont0 = \tenrm \textfont1 = \teni \textfont2 = \tensy - \textfont\itfam = \tenit \textfont\slfam = \tensl \textfont\bffam = \tenbf - \textfont\ttfam = \tentt \textfont\sffam = \tensf -} - - -% The font-changing commands redefine the meanings of \tenSTYLE, instead -% of just \STYLE. We do this so that font changes will continue to work -% in math mode, where it is the current \fam that is relevant in most -% cases, not the current font. Plain TeX does \def\bf{\fam=\bffam -% \tenbf}, for example. By redefining \tenbf, we obviate the need to -% redefine \bf itself. -\def\textfonts{% - \let\tenrm=\textrm \let\tenit=\textit \let\tensl=\textsl - \let\tenbf=\textbf \let\tentt=\texttt \let\smallcaps=\textsc - \let\tensf=\textsf \let\teni=\texti \let\tensy=\textsy \let\tenttsl=\textttsl - \resetmathfonts} -\def\titlefonts{% - \let\tenrm=\titlerm \let\tenit=\titleit \let\tensl=\titlesl - \let\tenbf=\titlebf \let\tentt=\titlett \let\smallcaps=\titlesc - \let\tensf=\titlesf \let\teni=\titlei \let\tensy=\titlesy - \let\tenttsl=\titlettsl - \resetmathfonts \setleading{25pt}} -\def\titlefont#1{{\titlefonts\rm #1}} -\def\chapfonts{% - \let\tenrm=\chaprm \let\tenit=\chapit \let\tensl=\chapsl - \let\tenbf=\chapbf \let\tentt=\chaptt \let\smallcaps=\chapsc - \let\tensf=\chapsf \let\teni=\chapi \let\tensy=\chapsy \let\tenttsl=\chapttsl - \resetmathfonts \setleading{19pt}} -\def\secfonts{% - \let\tenrm=\secrm \let\tenit=\secit \let\tensl=\secsl - \let\tenbf=\secbf \let\tentt=\sectt \let\smallcaps=\secsc - \let\tensf=\secsf \let\teni=\seci \let\tensy=\secsy \let\tenttsl=\secttsl - \resetmathfonts \setleading{16pt}} -\def\subsecfonts{% - \let\tenrm=\ssecrm \let\tenit=\ssecit \let\tensl=\ssecsl - \let\tenbf=\ssecbf \let\tentt=\ssectt \let\smallcaps=\ssecsc - \let\tensf=\ssecsf \let\teni=\sseci \let\tensy=\ssecsy \let\tenttsl=\ssecttsl - \resetmathfonts \setleading{15pt}} -\let\subsubsecfonts = \subsecfonts % Maybe make sssec fonts scaled magstephalf? -\def\indexfonts{% - \let\tenrm=\indrm \let\tenit=\indit \let\tensl=\indsl - \let\tenbf=\indbf \let\tentt=\indtt \let\smallcaps=\indsc - \let\tensf=\indsf \let\teni=\indi \let\tensy=\indsy \let\tenttsl=\indttsl - \resetmathfonts \setleading{12pt}} - -% Set up the default fonts, so we can use them for creating boxes. -% -\textfonts - -% Define these so they can be easily changed for other fonts. -\def\angleleft{$\langle$} -\def\angleright{$\rangle$} - -% Count depth in font-changes, for error checks -\newcount\fontdepth \fontdepth=0 - -% Fonts for short table of contents. -\setfont\shortcontrm\rmshape{12}{1000} -\setfont\shortcontbf\bxshape{12}{1000} -\setfont\shortcontsl\slshape{12}{1000} - -%% Add scribe-like font environments, plus @l for inline lisp (usually sans -%% serif) and @ii for TeX italic - -% \smartitalic{ARG} outputs arg in italics, followed by an italic correction -% unless the following character is such as not to need one. -\def\smartitalicx{\ifx\next,\else\ifx\next-\else\ifx\next.\else\/\fi\fi\fi} -\def\smartslanted#1{{\sl #1}\futurelet\next\smartitalicx} -\def\smartitalic#1{{\it #1}\futurelet\next\smartitalicx} - -\let\i=\smartitalic -\let\var=\smartslanted -\let\dfn=\smartslanted -\let\emph=\smartitalic -\let\cite=\smartslanted - -\def\b#1{{\bf #1}} -\let\strong=\b - -% We can't just use \exhyphenpenalty, because that only has effect at -% the end of a paragraph. Restore normal hyphenation at the end of the -% group within which \nohyphenation is presumably called. -% -\def\nohyphenation{\hyphenchar\font = -1 \aftergroup\restorehyphenation} -\def\restorehyphenation{\hyphenchar\font = `- } - -\def\t#1{% - {\tt \rawbackslash \frenchspacing #1}% - \null -} -\let\ttfont=\t -\def\samp#1{`\tclose{#1}'\null} -\setfont\smallrm\rmshape{8}{1000} -\font\smallsy=cmsy9 -\def\key#1{{\smallrm\textfont2=\smallsy \leavevmode\hbox{% - \raise0.4pt\hbox{\angleleft}\kern-.08em\vtop{% - \vbox{\hrule\kern-0.4pt - \hbox{\raise0.4pt\hbox{\vphantom{\angleleft}}#1}}% - \kern-0.4pt\hrule}% - \kern-.06em\raise0.4pt\hbox{\angleright}}}} -% The old definition, with no lozenge: -%\def\key #1{{\ttsl \nohyphenation \uppercase{#1}}\null} -\def\ctrl #1{{\tt \rawbackslash \hat}#1} - -% @file, @option are the same as @samp. -\let\file=\samp -\let\option=\samp - -% @code is a modification of @t, -% which makes spaces the same size as normal in the surrounding text. -\def\tclose#1{% - {% - % Change normal interword space to be same as for the current font. - \spaceskip = \fontdimen2\font - % - % Switch to typewriter. - \tt - % - % But `\ ' produces the large typewriter interword space. - \def\ {{\spaceskip = 0pt{} }}% - % - % Turn off hyphenation. - \nohyphenation - % - \rawbackslash - \frenchspacing - #1% - }% - \null -} - -% We *must* turn on hyphenation at `-' and `_' in \code. -% Otherwise, it is too hard to avoid overfull hboxes -% in the Emacs manual, the Library manual, etc. - -% Unfortunately, TeX uses one parameter (\hyphenchar) to control -% both hyphenation at - and hyphenation within words. -% We must therefore turn them both off (\tclose does that) -% and arrange explicitly to hyphenate at a dash. -% -- rms. -{ - \catcode`\-=\active - \catcode`\_=\active - % - \global\def\code{\begingroup - \catcode`\-=\active \let-\codedash - \catcode`\_=\active \let_\codeunder - \codex - } - % - % If we end up with any active - characters when handling the index, - % just treat them as a normal -. - \global\def\indexbreaks{\catcode`\-=\active \let-\realdash} -} - -\def\realdash{-} -\def\codedash{-\discretionary{}{}{}} -\def\codeunder{\ifusingtt{\normalunderscore\discretionary{}{}{}}{\_}} -\def\codex #1{\tclose{#1}\endgroup} - -%\let\exp=\tclose %Was temporary - -% @kbd is like @code, except that if the argument is just one @key command, -% then @kbd has no effect. - -% @kbdinputstyle -- arg is `distinct' (@kbd uses slanted tty font always), -% `example' (@kbd uses ttsl only inside of @example and friends), -% or `code' (@kbd uses normal tty font always). -\def\kbdinputstyle{\parsearg\kbdinputstylexxx} -\def\kbdinputstylexxx#1{% - \def\arg{#1}% - \ifx\arg\worddistinct - \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl}% - \else\ifx\arg\wordexample - \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\tt}% - \else\ifx\arg\wordcode - \gdef\kbdexamplefont{\tt}\gdef\kbdfont{\tt}% - \fi\fi\fi -} -\def\worddistinct{distinct} -\def\wordexample{example} -\def\wordcode{code} - -% Default is kbdinputdistinct. (Too much of a hassle to call the macro, -% the catcodes are wrong for parsearg to work.) -\gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl} - -\def\xkey{\key} -\def\kbdfoo#1#2#3\par{\def\one{#1}\def\three{#3}\def\threex{??}% -\ifx\one\xkey\ifx\threex\three \key{#2}% -\else{\tclose{\kbdfont\look}}\fi -\else{\tclose{\kbdfont\look}}\fi} - -% For @url, @env, @command quotes seem unnecessary, so use \code. -\let\url=\code -\let\env=\code -\let\command=\code - -% @uref (abbreviation for `urlref') takes an optional second argument -% specifying the text to display. First (mandatory) arg is the url. -% Perhaps eventually put in a hypertex \special here. -% -\def\uref#1{\urefxxx #1,,\finish} -\def\urefxxx#1,#2,#3\finish{% - \setbox0 = \hbox{\ignorespaces #2}% - \ifdim\wd0 > 0pt - \unhbox0\ (\code{#1})% - \else - \code{#1}% - \fi -} - -% rms does not like the angle brackets --karl, 17may97. -% So now @email is just like @uref. -%\def\email#1{\angleleft{\tt #1}\angleright} -\let\email=\uref - -% Check if we are currently using a typewriter font. Since all the -% Computer Modern typewriter fonts have zero interword stretch (and -% shrink), and it is reasonable to expect all typewriter fonts to have -% this property, we can check that font parameter. -% -\def\ifmonospace{\ifdim\fontdimen3\font=0pt } - -% Typeset a dimension, e.g., `in' or `pt'. The only reason for the -% argument is to make the input look right: @dmn{pt} instead of @dmn{}pt. -% -\def\dmn#1{\thinspace #1} - -\def\kbd#1{\def\look{#1}\expandafter\kbdfoo\look??\par} - -% @l was never documented to mean ``switch to the Lisp font'', -% and it is not used as such in any manual I can find. We need it for -% Polish suppressed-l. --karl, 22sep96. -%\def\l#1{{\li #1}\null} - -% Explicit font changes: @r, @sc, undocumented @ii. -\def\r#1{{\rm #1}} % roman font -\def\sc#1{{\smallcaps#1}} % smallcaps font -\def\ii#1{{\it #1}} % italic font - -% @acronym downcases the argument and prints in smallcaps. -\def\acronym#1{{\smallcaps \lowercase{#1}}} - -% @pounds{} is a sterling sign. -\def\pounds{{\it\$}} - - -\message{page headings,} - -\newskip\titlepagetopglue \titlepagetopglue = 1.5in -\newskip\titlepagebottomglue \titlepagebottomglue = 2pc - -% First the title page. Must do @settitle before @titlepage. -\newif\ifseenauthor -\newif\iffinishedtitlepage - -% Do an implicit @contents or @shortcontents after @end titlepage if the -% user says @setcontentsaftertitlepage or @setshortcontentsaftertitlepage. -% -\newif\ifsetcontentsaftertitlepage - \let\setcontentsaftertitlepage = \setcontentsaftertitlepagetrue -\newif\ifsetshortcontentsaftertitlepage - \let\setshortcontentsaftertitlepage = \setshortcontentsaftertitlepagetrue - -\def\shorttitlepage{\parsearg\shorttitlepagezzz} -\def\shorttitlepagezzz #1{\begingroup\hbox{}\vskip 1.5in \chaprm \centerline{#1}% - \endgroup\page\hbox{}\page} - -\def\titlepage{\begingroup \parindent=0pt \textfonts - \let\subtitlerm=\tenrm - \def\subtitlefont{\subtitlerm \normalbaselineskip = 13pt \normalbaselines}% - % - \def\authorfont{\authorrm \normalbaselineskip = 16pt \normalbaselines}% - % - % Leave some space at the very top of the page. - \vglue\titlepagetopglue - % - % Now you can print the title using @title. - \def\title{\parsearg\titlezzz}% - \def\titlezzz##1{\leftline{\titlefonts\rm ##1} - % print a rule at the page bottom also. - \finishedtitlepagefalse - \vskip4pt \hrule height 4pt width \hsize \vskip4pt}% - % No rule at page bottom unless we print one at the top with @title. - \finishedtitlepagetrue - % - % Now you can put text using @subtitle. - \def\subtitle{\parsearg\subtitlezzz}% - \def\subtitlezzz##1{{\subtitlefont \rightline{##1}}}% - % - % @author should come last, but may come many times. - \def\author{\parsearg\authorzzz}% - \def\authorzzz##1{\ifseenauthor\else\vskip 0pt plus 1filll\seenauthortrue\fi - {\authorfont \leftline{##1}}}% - % - % Most title ``pages'' are actually two pages long, with space - % at the top of the second. We don't want the ragged left on the second. - \let\oldpage = \page - \def\page{% - \iffinishedtitlepage\else - \finishtitlepage - \fi - \oldpage - \let\page = \oldpage - \hbox{}}% -% \def\page{\oldpage \hbox{}} -} - -\def\Etitlepage{% - \iffinishedtitlepage\else - \finishtitlepage - \fi - % It is important to do the page break before ending the group, - % because the headline and footline are only empty inside the group. - % If we use the new definition of \page, we always get a blank page - % after the title page, which we certainly don't want. - \oldpage - \endgroup - % - % If they want short, they certainly want long too. - \ifsetshortcontentsaftertitlepage - \shortcontents - \contents - \global\let\shortcontents = \relax - \global\let\contents = \relax - \fi - % - \ifsetcontentsaftertitlepage - \contents - \global\let\contents = \relax - \global\let\shortcontents = \relax - \fi - % - \HEADINGSon -} - -\def\finishtitlepage{% - \vskip4pt \hrule height 2pt width \hsize - \vskip\titlepagebottomglue - \finishedtitlepagetrue -} - -%%% Set up page headings and footings. - -\let\thispage=\folio - -\newtoks\evenheadline % headline on even pages -\newtoks\oddheadline % headline on odd pages -\newtoks\evenfootline % footline on even pages -\newtoks\oddfootline % footline on odd pages - -% Now make Tex use those variables -\headline={{\textfonts\rm \ifodd\pageno \the\oddheadline - \else \the\evenheadline \fi}} -\footline={{\textfonts\rm \ifodd\pageno \the\oddfootline - \else \the\evenfootline \fi}\HEADINGShook} -\let\HEADINGShook=\relax - -% Commands to set those variables. -% For example, this is what @headings on does -% @evenheading @thistitle|@thispage|@thischapter -% @oddheading @thischapter|@thispage|@thistitle -% @evenfooting @thisfile|| -% @oddfooting ||@thisfile - -\def\evenheading{\parsearg\evenheadingxxx} -\def\oddheading{\parsearg\oddheadingxxx} -\def\everyheading{\parsearg\everyheadingxxx} - -\def\evenfooting{\parsearg\evenfootingxxx} -\def\oddfooting{\parsearg\oddfootingxxx} -\def\everyfooting{\parsearg\everyfootingxxx} - -{\catcode`\@=0 % - -\gdef\evenheadingxxx #1{\evenheadingyyy #1@|@|@|@|\finish} -\gdef\evenheadingyyy #1@|#2@|#3@|#4\finish{% -\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\gdef\oddheadingxxx #1{\oddheadingyyy #1@|@|@|@|\finish} -\gdef\oddheadingyyy #1@|#2@|#3@|#4\finish{% -\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\gdef\everyheadingxxx#1{\oddheadingxxx{#1}\evenheadingxxx{#1}}% - -\gdef\evenfootingxxx #1{\evenfootingyyy #1@|@|@|@|\finish} -\gdef\evenfootingyyy #1@|#2@|#3@|#4\finish{% -\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\gdef\oddfootingxxx #1{\oddfootingyyy #1@|@|@|@|\finish} -\gdef\oddfootingyyy #1@|#2@|#3@|#4\finish{% - \global\oddfootline = {\rlap{\centerline{#2}}\line{#1\hfil#3}}% - % - % Leave some space for the footline. Hopefully ok to assume - % @evenfooting will not be used by itself. - \global\advance\pageheight by -\baselineskip - \global\advance\vsize by -\baselineskip -} - -\gdef\everyfootingxxx#1{\oddfootingxxx{#1}\evenfootingxxx{#1}} -% -}% unbind the catcode of @. - -% @headings double turns headings on for double-sided printing. -% @headings single turns headings on for single-sided printing. -% @headings off turns them off. -% @headings on same as @headings double, retained for compatibility. -% @headings after turns on double-sided headings after this page. -% @headings doubleafter turns on double-sided headings after this page. -% @headings singleafter turns on single-sided headings after this page. -% By default, they are off at the start of a document, -% and turned `on' after @end titlepage. - -\def\headings #1 {\csname HEADINGS#1\endcsname} - -\def\HEADINGSoff{ -\global\evenheadline={\hfil} \global\evenfootline={\hfil} -\global\oddheadline={\hfil} \global\oddfootline={\hfil}} -\HEADINGSoff -% When we turn headings on, set the page number to 1. -% For double-sided printing, put current file name in lower left corner, -% chapter name on inside top of right hand pages, document -% title on inside top of left hand pages, and page numbers on outside top -% edge of all pages. -\def\HEADINGSdouble{ -\global\pageno=1 -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\folio\hfil\thistitle}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chapoddpage -} -\let\contentsalignmacro = \chappager - -% For single-sided printing, chapter title goes across top left of page, -% page number on top right. -\def\HEADINGSsingle{ -\global\pageno=1 -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\thischapter\hfil\folio}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chappager -} -\def\HEADINGSon{\HEADINGSdouble} - -\def\HEADINGSafter{\let\HEADINGShook=\HEADINGSdoublex} -\let\HEADINGSdoubleafter=\HEADINGSafter -\def\HEADINGSdoublex{% -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\folio\hfil\thistitle}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chapoddpage -} - -\def\HEADINGSsingleafter{\let\HEADINGShook=\HEADINGSsinglex} -\def\HEADINGSsinglex{% -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\thischapter\hfil\folio}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chappager -} - -% Subroutines used in generating headings -% Produces Day Month Year style of output. -\def\today{\number\day\space -\ifcase\month\or -January\or February\or March\or April\or May\or June\or -July\or August\or September\or October\or November\or December\fi -\space\number\year} - -% Use this if you want the Month Day, Year style of output. -%\def\today{\ifcase\month\or -%January\or February\or March\or April\or May\or June\or -%July\or August\or September\or October\or November\or December\fi -%\space\number\day, \number\year} - -% @settitle line... specifies the title of the document, for headings -% It generates no output of its own - -\def\thistitle{No Title} -\def\settitle{\parsearg\settitlezzz} -\def\settitlezzz #1{\gdef\thistitle{#1}} - - -\message{tables,} -% Tables -- @table, @ftable, @vtable, @item(x), @kitem(x), @xitem(x). - -% default indentation of table text -\newdimen\tableindent \tableindent=.8in -% default indentation of @itemize and @enumerate text -\newdimen\itemindent \itemindent=.3in -% margin between end of table item and start of table text. -\newdimen\itemmargin \itemmargin=.1in - -% used internally for \itemindent minus \itemmargin -\newdimen\itemmax - -% Note @table, @vtable, and @vtable define @item, @itemx, etc., with -% these defs. -% They also define \itemindex -% to index the item name in whatever manner is desired (perhaps none). - -\newif\ifitemxneedsnegativevskip - -\def\itemxpar{\par\ifitemxneedsnegativevskip\nobreak\vskip-\parskip\nobreak\fi} - -\def\internalBitem{\smallbreak \parsearg\itemzzz} -\def\internalBitemx{\itemxpar \parsearg\itemzzz} - -\def\internalBxitem "#1"{\def\xitemsubtopix{#1} \smallbreak \parsearg\xitemzzz} -\def\internalBxitemx "#1"{\def\xitemsubtopix{#1} \itemxpar \parsearg\xitemzzz} - -\def\internalBkitem{\smallbreak \parsearg\kitemzzz} -\def\internalBkitemx{\itemxpar \parsearg\kitemzzz} - -\def\kitemzzz #1{\dosubind {kw}{\code{#1}}{for {\bf \lastfunction}}% - \itemzzz {#1}} - -\def\xitemzzz #1{\dosubind {kw}{\code{#1}}{for {\bf \xitemsubtopic}}% - \itemzzz {#1}} - -\def\itemzzz #1{\begingroup % - \advance\hsize by -\rightskip - \advance\hsize by -\tableindent - \setbox0=\hbox{\itemfont{#1}}% - \itemindex{#1}% - \nobreak % This prevents a break before @itemx. - % - % If the item text does not fit in the space we have, put it on a line - % by itself, and do not allow a page break either before or after that - % line. We do not start a paragraph here because then if the next - % command is, e.g., @kindex, the whatsit would get put into the - % horizontal list on a line by itself, resulting in extra blank space. - \ifdim \wd0>\itemmax - % - % Make this a paragraph so we get the \parskip glue and wrapping, - % but leave it ragged-right. - \begingroup - \advance\leftskip by-\tableindent - \advance\hsize by\tableindent - \advance\rightskip by0pt plus1fil - \leavevmode\unhbox0\par - \endgroup - % - % We're going to be starting a paragraph, but we don't want the - % \parskip glue -- logically it's part of the @item we just started. - \nobreak \vskip-\parskip - % - % Stop a page break at the \parskip glue coming up. Unfortunately - % we can't prevent a possible page break at the following - % \baselineskip glue. - \nobreak - \endgroup - \itemxneedsnegativevskipfalse - \else - % The item text fits into the space. Start a paragraph, so that the - % following text (if any) will end up on the same line. - \noindent - % Do this with kerns and \unhbox so that if there is a footnote in - % the item text, it can migrate to the main vertical list and - % eventually be printed. - \nobreak\kern-\tableindent - \dimen0 = \itemmax \advance\dimen0 by \itemmargin \advance\dimen0 by -\wd0 - \unhbox0 - \nobreak\kern\dimen0 - \endgroup - \itemxneedsnegativevskiptrue - \fi -} - -\def\item{\errmessage{@item while not in a table}} -\def\itemx{\errmessage{@itemx while not in a table}} -\def\kitem{\errmessage{@kitem while not in a table}} -\def\kitemx{\errmessage{@kitemx while not in a table}} -\def\xitem{\errmessage{@xitem while not in a table}} -\def\xitemx{\errmessage{@xitemx while not in a table}} - -% Contains a kludge to get @end[description] to work. -\def\description{\tablez{\dontindex}{1}{}{}{}{}} - -% @table, @ftable, @vtable. -\def\table{\begingroup\inENV\obeylines\obeyspaces\tablex} -{\obeylines\obeyspaces% -\gdef\tablex #1^^M{% -\tabley\dontindex#1 \endtabley}} - -\def\ftable{\begingroup\inENV\obeylines\obeyspaces\ftablex} -{\obeylines\obeyspaces% -\gdef\ftablex #1^^M{% -\tabley\fnitemindex#1 \endtabley -\def\Eftable{\endgraf\afterenvbreak\endgroup}% -\let\Etable=\relax}} - -\def\vtable{\begingroup\inENV\obeylines\obeyspaces\vtablex} -{\obeylines\obeyspaces% -\gdef\vtablex #1^^M{% -\tabley\vritemindex#1 \endtabley -\def\Evtable{\endgraf\afterenvbreak\endgroup}% -\let\Etable=\relax}} - -\def\dontindex #1{} -\def\fnitemindex #1{\doind {fn}{\code{#1}}}% -\def\vritemindex #1{\doind {vr}{\code{#1}}}% - -{\obeyspaces % -\gdef\tabley#1#2 #3 #4 #5 #6 #7\endtabley{\endgroup% -\tablez{#1}{#2}{#3}{#4}{#5}{#6}}} - -\def\tablez #1#2#3#4#5#6{% -\aboveenvbreak % -\begingroup % -\def\Edescription{\Etable}% Necessary kludge. -\let\itemindex=#1% -\ifnum 0#3>0 \advance \leftskip by #3\mil \fi % -\ifnum 0#4>0 \tableindent=#4\mil \fi % -\ifnum 0#5>0 \advance \rightskip by #5\mil \fi % -\def\itemfont{#2}% -\itemmax=\tableindent % -\advance \itemmax by -\itemmargin % -\advance \leftskip by \tableindent % -\exdentamount=\tableindent -\parindent = 0pt -\parskip = \smallskipamount -\ifdim \parskip=0pt \parskip=2pt \fi% -\def\Etable{\endgraf\afterenvbreak\endgroup}% -\let\item = \internalBitem % -\let\itemx = \internalBitemx % -\let\kitem = \internalBkitem % -\let\kitemx = \internalBkitemx % -\let\xitem = \internalBxitem % -\let\xitemx = \internalBxitemx % -} - -% This is the counter used by @enumerate, which is really @itemize - -\newcount \itemno - -\def\itemize{\parsearg\itemizezzz} - -\def\itemizezzz #1{% - \begingroup % ended by the @end itemize - \itemizey {#1}{\Eitemize} -} - -\def\itemizey #1#2{% -\aboveenvbreak % -\itemmax=\itemindent % -\advance \itemmax by -\itemmargin % -\advance \leftskip by \itemindent % -\exdentamount=\itemindent -\parindent = 0pt % -\parskip = \smallskipamount % -\ifdim \parskip=0pt \parskip=2pt \fi% -\def#2{\endgraf\afterenvbreak\endgroup}% -\def\itemcontents{#1}% -\let\item=\itemizeitem} - -% Set sfcode to normal for the chars that usually have another value. -% These are `.?!:;,' -\def\frenchspacing{\sfcode46=1000 \sfcode63=1000 \sfcode33=1000 - \sfcode58=1000 \sfcode59=1000 \sfcode44=1000 } - -% \splitoff TOKENS\endmark defines \first to be the first token in -% TOKENS, and \rest to be the remainder. -% -\def\splitoff#1#2\endmark{\def\first{#1}\def\rest{#2}}% - -% Allow an optional argument of an uppercase letter, lowercase letter, -% or number, to specify the first label in the enumerated list. No -% argument is the same as `1'. -% -\def\enumerate{\parsearg\enumeratezzz} -\def\enumeratezzz #1{\enumeratey #1 \endenumeratey} -\def\enumeratey #1 #2\endenumeratey{% - \begingroup % ended by the @end enumerate - % - % If we were given no argument, pretend we were given `1'. - \def\thearg{#1}% - \ifx\thearg\empty \def\thearg{1}\fi - % - % Detect if the argument is a single token. If so, it might be a - % letter. Otherwise, the only valid thing it can be is a number. - % (We will always have one token, because of the test we just made. - % This is a good thing, since \splitoff doesn't work given nothing at - % all -- the first parameter is undelimited.) - \expandafter\splitoff\thearg\endmark - \ifx\rest\empty - % Only one token in the argument. It could still be anything. - % A ``lowercase letter'' is one whose \lccode is nonzero. - % An ``uppercase letter'' is one whose \lccode is both nonzero, and - % not equal to itself. - % Otherwise, we assume it's a number. - % - % We need the \relax at the end of the \ifnum lines to stop TeX from - % continuing to look for a . - % - \ifnum\lccode\expandafter`\thearg=0\relax - \numericenumerate % a number (we hope) - \else - % It's a letter. - \ifnum\lccode\expandafter`\thearg=\expandafter`\thearg\relax - \lowercaseenumerate % lowercase letter - \else - \uppercaseenumerate % uppercase letter - \fi - \fi - \else - % Multiple tokens in the argument. We hope it's a number. - \numericenumerate - \fi -} - -% An @enumerate whose labels are integers. The starting integer is -% given in \thearg. -% -\def\numericenumerate{% - \itemno = \thearg - \startenumeration{\the\itemno}% -} - -% The starting (lowercase) letter is in \thearg. -\def\lowercaseenumerate{% - \itemno = \expandafter`\thearg - \startenumeration{% - % Be sure we're not beyond the end of the alphabet. - \ifnum\itemno=0 - \errmessage{No more lowercase letters in @enumerate; get a bigger - alphabet}% - \fi - \char\lccode\itemno - }% -} - -% The starting (uppercase) letter is in \thearg. -\def\uppercaseenumerate{% - \itemno = \expandafter`\thearg - \startenumeration{% - % Be sure we're not beyond the end of the alphabet. - \ifnum\itemno=0 - \errmessage{No more uppercase letters in @enumerate; get a bigger - alphabet} - \fi - \char\uccode\itemno - }% -} - -% Call itemizey, adding a period to the first argument and supplying the -% common last two arguments. Also subtract one from the initial value in -% \itemno, since @item increments \itemno. -% -\def\startenumeration#1{% - \advance\itemno by -1 - \itemizey{#1.}\Eenumerate\flushcr -} - -% @alphaenumerate and @capsenumerate are abbreviations for giving an arg -% to @enumerate. -% -\def\alphaenumerate{\enumerate{a}} -\def\capsenumerate{\enumerate{A}} -\def\Ealphaenumerate{\Eenumerate} -\def\Ecapsenumerate{\Eenumerate} - -% Definition of @item while inside @itemize. - -\def\itemizeitem{% -\advance\itemno by 1 -{\let\par=\endgraf \smallbreak}% -\ifhmode \errmessage{In hmode at itemizeitem}\fi -{\parskip=0in \hskip 0pt -\hbox to 0pt{\hss \itemcontents\hskip \itemmargin}% -\vadjust{\penalty 1200}}% -\flushcr} - -% @multitable macros -% Amy Hendrickson, 8/18/94, 3/6/96 -% -% @multitable ... @end multitable will make as many columns as desired. -% Contents of each column will wrap at width given in preamble. Width -% can be specified either with sample text given in a template line, -% or in percent of \hsize, the current width of text on page. - -% Table can continue over pages but will only break between lines. - -% To make preamble: -% -% Either define widths of columns in terms of percent of \hsize: -% @multitable @columnfractions .25 .3 .45 -% @item ... -% -% Numbers following @columnfractions are the percent of the total -% current hsize to be used for each column. You may use as many -% columns as desired. - - -% Or use a template: -% @multitable {Column 1 template} {Column 2 template} {Column 3 template} -% @item ... -% using the widest term desired in each column. -% -% For those who want to use more than one line's worth of words in -% the preamble, break the line within one argument and it -% will parse correctly, i.e., -% -% @multitable {Column 1 template} {Column 2 template} {Column 3 -% template} -% Not: -% @multitable {Column 1 template} {Column 2 template} -% {Column 3 template} - -% Each new table line starts with @item, each subsequent new column -% starts with @tab. Empty columns may be produced by supplying @tab's -% with nothing between them for as many times as empty columns are needed, -% ie, @tab@tab@tab will produce two empty columns. - -% @item, @tab, @multitable or @end multitable do not need to be on their -% own lines, but it will not hurt if they are. - -% Sample multitable: - -% @multitable {Column 1 template} {Column 2 template} {Column 3 template} -% @item first col stuff @tab second col stuff @tab third col -% @item -% first col stuff -% @tab -% second col stuff -% @tab -% third col -% @item first col stuff @tab second col stuff -% @tab Many paragraphs of text may be used in any column. -% -% They will wrap at the width determined by the template. -% @item@tab@tab This will be in third column. -% @end multitable - -% Default dimensions may be reset by user. -% @multitableparskip is vertical space between paragraphs in table. -% @multitableparindent is paragraph indent in table. -% @multitablecolmargin is horizontal space to be left between columns. -% @multitablelinespace is space to leave between table items, baseline -% to baseline. -% 0pt means it depends on current normal line spacing. -% -\newskip\multitableparskip -\newskip\multitableparindent -\newdimen\multitablecolspace -\newskip\multitablelinespace -\multitableparskip=0pt -\multitableparindent=6pt -\multitablecolspace=12pt -\multitablelinespace=0pt - -% Macros used to set up halign preamble: -% -\let\endsetuptable\relax -\def\xendsetuptable{\endsetuptable} -\let\columnfractions\relax -\def\xcolumnfractions{\columnfractions} -\newif\ifsetpercent - -% #1 is the part of the @columnfraction before the decimal point, which -% is presumably either 0 or the empty string (but we don't check, we -% just throw it away). #2 is the decimal part, which we use as the -% percent of \hsize for this column. -\def\pickupwholefraction#1.#2 {% - \global\advance\colcount by 1 - \expandafter\xdef\csname col\the\colcount\endcsname{.#2\hsize}% - \setuptable -} - -\newcount\colcount -\def\setuptable#1{% - \def\firstarg{#1}% - \ifx\firstarg\xendsetuptable - \let\go = \relax - \else - \ifx\firstarg\xcolumnfractions - \global\setpercenttrue - \else - \ifsetpercent - \let\go\pickupwholefraction - \else - \global\advance\colcount by 1 - \setbox0=\hbox{#1\unskip }% Add a normal word space as a separator; - % typically that is always in the input, anyway. - \expandafter\xdef\csname col\the\colcount\endcsname{\the\wd0}% - \fi - \fi - \ifx\go\pickupwholefraction - % Put the argument back for the \pickupwholefraction call, so - % we'll always have a period there to be parsed. - \def\go{\pickupwholefraction#1}% - \else - \let\go = \setuptable - \fi% - \fi - \go -} - -% multitable syntax -\def\tab{&\hskip1sp\relax} % 2/2/96 - % tiny skip here makes sure this column space is - % maintained, even if it is never used. - -% @multitable ... @end multitable definitions: -% -\def\multitable{\parsearg\dotable} -\def\dotable#1{\bgroup - \vskip\parskip - \let\item\crcr - \tolerance=9500 - \hbadness=9500 - \setmultitablespacing - \parskip=\multitableparskip - \parindent=\multitableparindent - \overfullrule=0pt - \global\colcount=0 - \def\Emultitable{\global\setpercentfalse\cr\egroup\egroup}% - % - % To parse everything between @multitable and @item: - \setuptable#1 \endsetuptable - % - % \everycr will reset column counter, \colcount, at the end of - % each line. Every column entry will cause \colcount to advance by one. - % The table preamble - % looks at the current \colcount to find the correct column width. - \everycr{\noalign{% - % - % \filbreak%% keeps underfull box messages off when table breaks over pages. - % Maybe so, but it also creates really weird page breaks when the table - % breaks over pages. Wouldn't \vfil be better? Wait until the problem - % manifests itself, so it can be fixed for real --karl. - \global\colcount=0\relax}}% - % - % This preamble sets up a generic column definition, which will - % be used as many times as user calls for columns. - % \vtop will set a single line and will also let text wrap and - % continue for many paragraphs if desired. - \halign\bgroup&\global\advance\colcount by 1\relax - \multistrut\vtop{\hsize=\expandafter\csname col\the\colcount\endcsname - % - % In order to keep entries from bumping into each other - % we will add a \leftskip of \multitablecolspace to all columns after - % the first one. - % - % If a template has been used, we will add \multitablecolspace - % to the width of each template entry. - % - % If the user has set preamble in terms of percent of \hsize we will - % use that dimension as the width of the column, and the \leftskip - % will keep entries from bumping into each other. Table will start at - % left margin and final column will justify at right margin. - % - % Make sure we don't inherit \rightskip from the outer environment. - \rightskip=0pt - \ifnum\colcount=1 - % The first column will be indented with the surrounding text. - \advance\hsize by\leftskip - \else - \ifsetpercent \else - % If user has not set preamble in terms of percent of \hsize - % we will advance \hsize by \multitablecolspace. - \advance\hsize by \multitablecolspace - \fi - % In either case we will make \leftskip=\multitablecolspace: - \leftskip=\multitablecolspace - \fi - % Ignoring space at the beginning and end avoids an occasional spurious - % blank line, when TeX decides to break the line at the space before the - % box from the multistrut, so the strut ends up on a line by itself. - % For example: - % @multitable @columnfractions .11 .89 - % @item @code{#} - % @tab Legal holiday which is valid in major parts of the whole country. - % Is automatically provided with highlighting sequences respectively marking - % characters. - \noindent\ignorespaces##\unskip\multistrut}\cr -} - -\def\setmultitablespacing{% test to see if user has set \multitablelinespace. -% If so, do nothing. If not, give it an appropriate dimension based on -% current baselineskip. -\ifdim\multitablelinespace=0pt -%% strut to put in table in case some entry doesn't have descenders, -%% to keep lines equally spaced -\let\multistrut = \strut -%% Test to see if parskip is larger than space between lines of -%% table. If not, do nothing. -%% If so, set to same dimension as multitablelinespace. -\else -\gdef\multistrut{\vrule height\multitablelinespace depth\dp0 -width0pt\relax} \fi -\ifdim\multitableparskip>\multitablelinespace -\global\multitableparskip=\multitablelinespace -\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller - %% than skip between lines in the table. -\fi% -\ifdim\multitableparskip=0pt -\global\multitableparskip=\multitablelinespace -\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller - %% than skip between lines in the table. -\fi} - - -\message{indexing,} -% Index generation facilities - -% Define \newwrite to be identical to plain tex's \newwrite -% except not \outer, so it can be used within \newindex. -{\catcode`\@=11 -\gdef\newwrite{\alloc@7\write\chardef\sixt@@n}} - -% \newindex {foo} defines an index named foo. -% It automatically defines \fooindex such that -% \fooindex ...rest of line... puts an entry in the index foo. -% It also defines \fooindfile to be the number of the output channel for -% the file that accumulates this index. The file's extension is foo. -% The name of an index should be no more than 2 characters long -% for the sake of vms. -% -\def\newindex#1{% - \iflinks - \expandafter\newwrite \csname#1indfile\endcsname - \openout \csname#1indfile\endcsname \jobname.#1 % Open the file - \fi - \expandafter\xdef\csname#1index\endcsname{% % Define @#1index - \noexpand\doindex{#1}} -} - -% @defindex foo == \newindex{foo} - -\def\defindex{\parsearg\newindex} - -% Define @defcodeindex, like @defindex except put all entries in @code. - -\def\newcodeindex#1{% - \iflinks - \expandafter\newwrite \csname#1indfile\endcsname - \openout \csname#1indfile\endcsname \jobname.#1 - \fi - \expandafter\xdef\csname#1index\endcsname{% - \noexpand\docodeindex{#1}} -} - -\def\defcodeindex{\parsearg\newcodeindex} - -% @synindex foo bar makes index foo feed into index bar. -% Do this instead of @defindex foo if you don't want it as a separate index. -% The \closeout helps reduce unnecessary open files; the limit on the -% Acorn RISC OS is a mere 16 files. -\def\synindex#1 #2 {% - \expandafter\let\expandafter\synindexfoo\expandafter=\csname#2indfile\endcsname - \expandafter\closeout\csname#1indfile\endcsname - \expandafter\let\csname#1indfile\endcsname=\synindexfoo - \expandafter\xdef\csname#1index\endcsname{% define \xxxindex - \noexpand\doindex{#2}}% -} - -% @syncodeindex foo bar similar, but put all entries made for index foo -% inside @code. -\def\syncodeindex#1 #2 {% - \expandafter\let\expandafter\synindexfoo\expandafter=\csname#2indfile\endcsname - \expandafter\closeout\csname#1indfile\endcsname - \expandafter\let\csname#1indfile\endcsname=\synindexfoo - \expandafter\xdef\csname#1index\endcsname{% define \xxxindex - \noexpand\docodeindex{#2}}% -} - -% Define \doindex, the driver for all \fooindex macros. -% Argument #1 is generated by the calling \fooindex macro, -% and it is "foo", the name of the index. - -% \doindex just uses \parsearg; it calls \doind for the actual work. -% This is because \doind is more useful to call from other macros. - -% There is also \dosubind {index}{topic}{subtopic} -% which makes an entry in a two-level index such as the operation index. - -\def\doindex#1{\edef\indexname{#1}\parsearg\singleindexer} -\def\singleindexer #1{\doind{\indexname}{#1}} - -% like the previous two, but they put @code around the argument. -\def\docodeindex#1{\edef\indexname{#1}\parsearg\singlecodeindexer} -\def\singlecodeindexer #1{\doind{\indexname}{\code{#1}}} - -\def\indexdummies{% -\def\ { }% -% Take care of the plain tex accent commands. -\def\"{\realbackslash "}% -\def\`{\realbackslash `}% -\def\'{\realbackslash '}% -\def\^{\realbackslash ^}% -\def\~{\realbackslash ~}% -\def\={\realbackslash =}% -\def\b{\realbackslash b}% -\def\c{\realbackslash c}% -\def\d{\realbackslash d}% -\def\u{\realbackslash u}% -\def\v{\realbackslash v}% -\def\H{\realbackslash H}% -% Take care of the plain tex special European modified letters. -\def\oe{\realbackslash oe}% -\def\ae{\realbackslash ae}% -\def\aa{\realbackslash aa}% -\def\OE{\realbackslash OE}% -\def\AE{\realbackslash AE}% -\def\AA{\realbackslash AA}% -\def\o{\realbackslash o}% -\def\O{\realbackslash O}% -\def\l{\realbackslash l}% -\def\L{\realbackslash L}% -\def\ss{\realbackslash ss}% -% Take care of texinfo commands likely to appear in an index entry. -% (Must be a way to avoid doing expansion at all, and thus not have to -% laboriously list every single command here.) -\def\@{@}% will be @@ when we switch to @ as escape char. -% Need these in case \tex is in effect and \{ is a \delimiter again. -% But can't use \lbracecmd and \rbracecmd because texindex assumes -% braces and backslashes are used only as delimiters. -\let\{ = \mylbrace -\let\} = \myrbrace -\def\_{{\realbackslash _}}% -\def\w{\realbackslash w }% -\def\bf{\realbackslash bf }% -%\def\rm{\realbackslash rm }% -\def\sl{\realbackslash sl }% -\def\sf{\realbackslash sf}% -\def\tt{\realbackslash tt}% -\def\gtr{\realbackslash gtr}% -\def\less{\realbackslash less}% -\def\hat{\realbackslash hat}% -\def\TeX{\realbackslash TeX}% -\def\dots{\realbackslash dots }% -\def\result{\realbackslash result}% -\def\equiv{\realbackslash equiv}% -\def\expansion{\realbackslash expansion}% -\def\print{\realbackslash print}% -\def\error{\realbackslash error}% -\def\point{\realbackslash point}% -\def\copyright{\realbackslash copyright}% -\def\tclose##1{\realbackslash tclose {##1}}% -\def\code##1{\realbackslash code {##1}}% -\def\uref##1{\realbackslash uref {##1}}% -\def\url##1{\realbackslash url {##1}}% -\def\env##1{\realbackslash env {##1}}% -\def\command##1{\realbackslash command {##1}}% -\def\option##1{\realbackslash option {##1}}% -\def\dotless##1{\realbackslash dotless {##1}}% -\def\samp##1{\realbackslash samp {##1}}% -\def\,##1{\realbackslash ,{##1}}% -\def\t##1{\realbackslash t {##1}}% -\def\r##1{\realbackslash r {##1}}% -\def\i##1{\realbackslash i {##1}}% -\def\b##1{\realbackslash b {##1}}% -\def\sc##1{\realbackslash sc {##1}}% -\def\cite##1{\realbackslash cite {##1}}% -\def\key##1{\realbackslash key {##1}}% -\def\file##1{\realbackslash file {##1}}% -\def\var##1{\realbackslash var {##1}}% -\def\kbd##1{\realbackslash kbd {##1}}% -\def\dfn##1{\realbackslash dfn {##1}}% -\def\emph##1{\realbackslash emph {##1}}% -\def\acronym##1{\realbackslash acronym {##1}}% -% -% Handle some cases of @value -- where the variable name does not -% contain - or _, and the value does not contain any -% (non-fully-expandable) commands. -\let\value = \expandablevalue -% -\unsepspaces -} - -% If an index command is used in an @example environment, any spaces -% therein should become regular spaces in the raw index file, not the -% expansion of \tie (\\leavevmode \penalty \@M \ ). -{\obeyspaces - \gdef\unsepspaces{\obeyspaces\let =\space}} - -% \indexnofonts no-ops all font-change commands. -% This is used when outputting the strings to sort the index by. -\def\indexdummyfont#1{#1} -\def\indexdummytex{TeX} -\def\indexdummydots{...} - -\def\indexnofonts{% -% Just ignore accents. -\let\,=\indexdummyfont -\let\"=\indexdummyfont -\let\`=\indexdummyfont -\let\'=\indexdummyfont -\let\^=\indexdummyfont -\let\~=\indexdummyfont -\let\==\indexdummyfont -\let\b=\indexdummyfont -\let\c=\indexdummyfont -\let\d=\indexdummyfont -\let\u=\indexdummyfont -\let\v=\indexdummyfont -\let\H=\indexdummyfont -\let\dotless=\indexdummyfont -% Take care of the plain tex special European modified letters. -\def\oe{oe}% -\def\ae{ae}% -\def\aa{aa}% -\def\OE{OE}% -\def\AE{AE}% -\def\AA{AA}% -\def\o{o}% -\def\O{O}% -\def\l{l}% -\def\L{L}% -\def\ss{ss}% -\let\w=\indexdummyfont -\let\t=\indexdummyfont -\let\r=\indexdummyfont -\let\i=\indexdummyfont -\let\b=\indexdummyfont -\let\emph=\indexdummyfont -\let\strong=\indexdummyfont -\let\cite=\indexdummyfont -\let\sc=\indexdummyfont -%Don't no-op \tt, since it isn't a user-level command -% and is used in the definitions of the active chars like <, >, |... -%\let\tt=\indexdummyfont -\let\tclose=\indexdummyfont -\let\code=\indexdummyfont -\let\url=\indexdummyfont -\let\uref=\indexdummyfont -\let\env=\indexdummyfont -\let\command=\indexdummyfont -\let\option=\indexdummyfont -\let\file=\indexdummyfont -\let\samp=\indexdummyfont -\let\kbd=\indexdummyfont -\let\key=\indexdummyfont -\let\var=\indexdummyfont -\let\TeX=\indexdummytex -\let\dots=\indexdummydots -\def\@{@}% -} - -% To define \realbackslash, we must make \ not be an escape. -% We must first make another character (@) an escape -% so we do not become unable to do a definition. - -{\catcode`\@=0 \catcode`\\=\other - @gdef@realbackslash{\}} - -\let\indexbackslash=0 %overridden during \printindex. -\let\SETmarginindex=\relax % put index entries in margin (undocumented)? - -% For \ifx comparisons. -\def\emptymacro{\empty} - -% Most index entries go through here, but \dosubind is the general case. -% -\def\doind#1#2{\dosubind{#1}{#2}\empty} - -% Workhorse for all \fooindexes. -% #1 is name of index, #2 is stuff to put there, #3 is subentry -- -% \empty if called from \doind, as we usually are. The main exception -% is with defuns, which call us directly. -% -\def\dosubind#1#2#3{% - % Put the index entry in the margin if desired. - \ifx\SETmarginindex\relax\else - \insert\margin{\hbox{\vrule height8pt depth3pt width0pt #2}}% - \fi - {% - \count255=\lastpenalty - {% - \indexdummies % Must do this here, since \bf, etc expand at this stage - \escapechar=`\\ - {% - \let\folio = 0% We will expand all macros now EXCEPT \folio. - \def\rawbackslashxx{\indexbackslash}% \indexbackslash isn't defined now - % so it will be output as is; and it will print as backslash. - % - \def\thirdarg{#3}% - % - % If third arg is present, precede it with space in sort key. - \ifx\thirdarg\emptymacro - \let\subentry = \empty - \else - \def\subentry{ #3}% - \fi - % - % First process the index-string with all font commands turned off - % to get the string to sort by. - {\indexnofonts \xdef\indexsorttmp{#2\subentry}}% - % - % Now produce the complete index entry, with both the sort key and the - % original text, including any font commands. - \toks0 = {#2}% - \edef\temp{% - \write\csname#1indfile\endcsname{% - \realbackslash entry{\indexsorttmp}{\folio}{\the\toks0}}% - }% - % - % If third (subentry) arg is present, add it to the index string. - \ifx\thirdarg\emptymacro \else - \toks0 = {#3}% - \edef\temp{\temp{\the\toks0}}% - \fi - % - % If a skip is the last thing on the list now, preserve it - % by backing up by \lastskip, doing the \write, then inserting - % the skip again. Otherwise, the whatsit generated by the - % \write will make \lastskip zero. The result is that sequences - % like this: - % @end defun - % @tindex whatever - % @defun ... - % will have extra space inserted, because the \medbreak in the - % start of the @defun won't see the skip inserted by the @end of - % the previous defun. - % - % But don't do any of this if we're not in vertical mode. We - % don't want to do a \vskip and prematurely end a paragraph. - % - % Avoid page breaks due to these extra skips, too. - % - \iflinks - \ifvmode - \skip0 = \lastskip - \ifdim\lastskip = 0pt \else \nobreak\vskip-\lastskip \fi - \fi - % - \temp % do the write - % - % - \ifvmode \ifdim\skip0 = 0pt \else \nobreak\vskip\skip0 \fi \fi - \fi - }% - }% - \penalty\count255 - }% -} - -% The index entry written in the file actually looks like -% \entry {sortstring}{page}{topic} -% or -% \entry {sortstring}{page}{topic}{subtopic} -% The texindex program reads in these files and writes files -% containing these kinds of lines: -% \initial {c} -% before the first topic whose initial is c -% \entry {topic}{pagelist} -% for a topic that is used without subtopics -% \primary {topic} -% for the beginning of a topic that is used with subtopics -% \secondary {subtopic}{pagelist} -% for each subtopic. - -% Define the user-accessible indexing commands -% @findex, @vindex, @kindex, @cindex. - -\def\findex {\fnindex} -\def\kindex {\kyindex} -\def\cindex {\cpindex} -\def\vindex {\vrindex} -\def\tindex {\tpindex} -\def\pindex {\pgindex} - -\def\cindexsub {\begingroup\obeylines\cindexsub} -{\obeylines % -\gdef\cindexsub "#1" #2^^M{\endgroup % -\dosubind{cp}{#2}{#1}}} - -% Define the macros used in formatting output of the sorted index material. - -% @printindex causes a particular index (the ??s file) to get printed. -% It does not print any chapter heading (usually an @unnumbered). -% -\def\printindex{\parsearg\doprintindex} -\def\doprintindex#1{\begingroup - \dobreak \chapheadingskip{10000}% - % - \indexfonts \rm - \tolerance = 9500 - \indexbreaks - % - % See if the index file exists and is nonempty. - % Change catcode of @ here so that if the index file contains - % \initial {@} - % as its first line, TeX doesn't complain about mismatched braces - % (because it thinks @} is a control sequence). - \catcode`\@ = 11 - \openin 1 \jobname.#1s - \ifeof 1 - % \enddoublecolumns gets confused if there is no text in the index, - % and it loses the chapter title and the aux file entries for the - % index. The easiest way to prevent this problem is to make sure - % there is some text. - (Index is nonexistent) - \else - % - % If the index file exists but is empty, then \openin leaves \ifeof - % false. We have to make TeX try to read something from the file, so - % it can discover if there is anything in it. - \read 1 to \temp - \ifeof 1 - (Index is empty) - \else - % Index files are almost Texinfo source, but we use \ as the escape - % character. It would be better to use @, but that's too big a change - % to make right now. - \def\indexbackslash{\rawbackslashxx}% - \catcode`\\ = 0 - \escapechar = `\\ - \begindoublecolumns - \input \jobname.#1s - \enddoublecolumns - \fi - \fi - \closein 1 -\endgroup} - -% These macros are used by the sorted index file itself. -% Change them to control the appearance of the index. - -\def\initial#1{{% - % Some minor font changes for the special characters. - \let\tentt=\sectt \let\tt=\sectt \let\sf=\sectt - % - % Remove any glue we may have, we'll be inserting our own. - \removelastskip - % - % We like breaks before the index initials, so insert a bonus. - \penalty -300 - % - % Typeset the initial. Making this add up to a whole number of - % baselineskips increases the chance of the dots lining up from column - % to column. It still won't often be perfect, because of the stretch - % we need before each entry, but it's better. - % - % No shrink because it confuses \balancecolumns. - \vskip 1.67\baselineskip plus .5\baselineskip - \leftline{\secbf #1}% - \vskip .33\baselineskip plus .1\baselineskip - % - % Do our best not to break after the initial. - \nobreak -}} - -% This typesets a paragraph consisting of #1, dot leaders, and then #2 -% flush to the right margin. It is used for index and table of contents -% entries. The paragraph is indented by \leftskip. -% -\def\entry#1#2{\begingroup - % - % Start a new paragraph if necessary, so our assignments below can't - % affect previous text. - \par - % - % Do not fill out the last line with white space. - \parfillskip = 0in - % - % No extra space above this paragraph. - \parskip = 0in - % - % Do not prefer a separate line ending with a hyphen to fewer lines. - \finalhyphendemerits = 0 - % - % \hangindent is only relevant when the entry text and page number - % don't both fit on one line. In that case, bob suggests starting the - % dots pretty far over on the line. Unfortunately, a large - % indentation looks wrong when the entry text itself is broken across - % lines. So we use a small indentation and put up with long leaders. - % - % \hangafter is reset to 1 (which is the value we want) at the start - % of each paragraph, so we need not do anything with that. - \hangindent = 2em - % - % When the entry text needs to be broken, just fill out the first line - % with blank space. - \rightskip = 0pt plus1fil - % - % A bit of stretch before each entry for the benefit of balancing columns. - \vskip 0pt plus1pt - % - % Start a ``paragraph'' for the index entry so the line breaking - % parameters we've set above will have an effect. - \noindent - % - % Insert the text of the index entry. TeX will do line-breaking on it. - #1% - % The following is kludged to not output a line of dots in the index if - % there are no page numbers. The next person who breaks this will be - % cursed by a Unix daemon. - \def\tempa{{\rm }}% - \def\tempb{#2}% - \edef\tempc{\tempa}% - \edef\tempd{\tempb}% - \ifx\tempc\tempd\ \else% - % - % If we must, put the page number on a line of its own, and fill out - % this line with blank space. (The \hfil is overwhelmed with the - % fill leaders glue in \indexdotfill if the page number does fit.) - \hfil\penalty50 - \null\nobreak\indexdotfill % Have leaders before the page number. - % - % The `\ ' here is removed by the implicit \unskip that TeX does as - % part of (the primitive) \par. Without it, a spurious underfull - % \hbox ensues. - \ #2% The page number ends the paragraph. - \fi% - \par -\endgroup} - -% Like \dotfill except takes at least 1 em. -\def\indexdotfill{\cleaders - \hbox{$\mathsurround=0pt \mkern1.5mu ${\it .}$ \mkern1.5mu$}\hskip 1em plus 1fill} - -\def\primary #1{\line{#1\hfil}} - -\newskip\secondaryindent \secondaryindent=0.5cm - -\def\secondary #1#2{ -{\parfillskip=0in \parskip=0in -\hangindent =1in \hangafter=1 -\noindent\hskip\secondaryindent\hbox{#1}\indexdotfill #2\par -}} - -% Define two-column mode, which we use to typeset indexes. -% Adapted from the TeXbook, page 416, which is to say, -% the manmac.tex format used to print the TeXbook itself. -\catcode`\@=11 - -\newbox\partialpage -\newdimen\doublecolumnhsize - -\def\begindoublecolumns{\begingroup % ended by \enddoublecolumns - % Grab any single-column material above us. - \output = {\global\setbox\partialpage = \vbox{% - % - % Here is a possibility not foreseen in manmac: if we accumulate a - % whole lot of material, we might end up calling this \output - % routine twice in a row (see the doublecol-lose test, which is - % essentially a couple of indexes with @setchapternewpage off). In - % that case, we must prevent the second \partialpage from - % simply overwriting the first, causing us to lose the page. - % This will preserve it until a real output routine can ship it - % out. Generally, \partialpage will be empty when this runs and - % this will be a no-op. - \unvbox\partialpage - % - % Unvbox the main output page. - \unvbox255 - \kern-\topskip \kern\baselineskip - }}% - \eject % run that output routine to set \partialpage - % - % Use the double-column output routine for subsequent pages. - \output = {\doublecolumnout}% - % - % Change the page size parameters. We could do this once outside this - % routine, in each of @smallbook, @afourpaper, and the default 8.5x11 - % format, but then we repeat the same computation. Repeating a couple - % of assignments once per index is clearly meaningless for the - % execution time, so we may as well do it in one place. - % - % First we halve the line length, less a little for the gutter between - % the columns. We compute the gutter based on the line length, so it - % changes automatically with the paper format. The magic constant - % below is chosen so that the gutter has the same value (well, +-<1pt) - % as it did when we hard-coded it. - % - % We put the result in a separate register, \doublecolumhsize, so we - % can restore it in \pagesofar, after \hsize itself has (potentially) - % been clobbered. - % - \doublecolumnhsize = \hsize - \advance\doublecolumnhsize by -.04154\hsize - \divide\doublecolumnhsize by 2 - \hsize = \doublecolumnhsize - % - % Double the \vsize as well. (We don't need a separate register here, - % since nobody clobbers \vsize.) - \advance\vsize by -\ht\partialpage - \vsize = 2\vsize -} - -% The double-column output routine for all double-column pages except -% the last. -% -\def\doublecolumnout{% - \splittopskip=\topskip \splitmaxdepth=\maxdepth - % Get the available space for the double columns -- the normal - % (undoubled) page height minus any material left over from the - % previous page. - \dimen@ = \vsize - \divide\dimen@ by 2 - % - % box0 will be the left-hand column, box2 the right. - \setbox0=\vsplit255 to\dimen@ \setbox2=\vsplit255 to\dimen@ - \onepageout\pagesofar - \unvbox255 - \penalty\outputpenalty -} -\def\pagesofar{% - % Re-output the contents of the output page -- any previous material, - % followed by the two boxes we just split, in box0 and box2. - \advance\vsize by \ht\partialpage - \unvbox\partialpage - % - \hsize = \doublecolumnhsize - \wd0=\hsize \wd2=\hsize - \hbox to\pagewidth{\box0\hfil\box2}% -} -\def\enddoublecolumns{% - \output = {% - % Split the last of the double-column material. Leave it on the - % current page, no automatic page break. - \balancecolumns - % - % If we end up splitting too much material for the current page, - % though, there will be another page break right after this \output - % invocation ends. Having called \balancecolumns once, we do not - % want to call it again. Therefore, reset \output to its normal - % definition right away. (We hope \balancecolumns will never be - % called on to balance too much material, but if it is, this makes - % the output somewhat more palatable.) - \global\output = {\onepageout{\pagecontents\PAGE}}% - }% - \eject - \endgroup % started in \begindoublecolumns - % - % \pagegoal was set to the doubled \vsize above, since we restarted - % the current page. We're now back to normal single-column - % typesetting, so reset \pagegoal to the normal \vsize (after the - % \endgroup where \vsize got restored). - \pagegoal = \vsize -} -\def\balancecolumns{% - % Called at the end of the double column material. - \setbox0 = \vbox{\unvbox255}% like \box255 but more efficient, see p.120. - \dimen@ = \ht0 - \advance\dimen@ by \topskip - \advance\dimen@ by-\baselineskip - \divide\dimen@ by 2 % target to split to - %debug\message{final 2-column material height=\the\ht0, target=\the\dimen@.}% - \splittopskip = \topskip - % Loop until we get a decent breakpoint. - {% - \vbadness = 10000 - \loop - \global\setbox3 = \copy0 - \global\setbox1 = \vsplit3 to \dimen@ - \ifdim\ht3>\dimen@ - \global\advance\dimen@ by 1pt - \repeat - }% - %debug\message{split to \the\dimen@, column heights: \the\ht1, \the\ht3.}% - \setbox0=\vbox to\dimen@{\unvbox1}% - \setbox2=\vbox to\dimen@{\unvbox3}% - % - \pagesofar -} -\catcode`\@ = \other - - -\message{sectioning,} -% Define chapters, sections, etc. - -\newcount\chapno -\newcount\secno \secno=0 -\newcount\subsecno \subsecno=0 -\newcount\subsubsecno \subsubsecno=0 - -% This counter is funny since it counts through charcodes of letters A, B, ... -\newcount\appendixno \appendixno = `\@ -\def\appendixletter{\char\the\appendixno} - -% Each @chapter defines this as the name of the chapter. -% page headings and footings can use it. @section does likewise. -\def\thischapter{} -\def\thissection{} - -\newcount\absseclevel % used to calculate proper heading level -\newcount\secbase\secbase=0 % @raise/lowersections modify this count - -% @raisesections: treat @section as chapter, @subsection as section, etc. -\def\raisesections{\global\advance\secbase by -1} -\let\up=\raisesections % original BFox name - -% @lowersections: treat @chapter as section, @section as subsection, etc. -\def\lowersections{\global\advance\secbase by 1} -\let\down=\lowersections % original BFox name - -% Choose a numbered-heading macro -% #1 is heading level if unmodified by @raisesections or @lowersections -% #2 is text for heading -\def\numhead#1#2{\absseclevel=\secbase\advance\absseclevel by #1 -\ifcase\absseclevel - \chapterzzz{#2} -\or - \seczzz{#2} -\or - \numberedsubseczzz{#2} -\or - \numberedsubsubseczzz{#2} -\else - \ifnum \absseclevel<0 - \chapterzzz{#2} - \else - \numberedsubsubseczzz{#2} - \fi -\fi -} - -% like \numhead, but chooses appendix heading levels -\def\apphead#1#2{\absseclevel=\secbase\advance\absseclevel by #1 -\ifcase\absseclevel - \appendixzzz{#2} -\or - \appendixsectionzzz{#2} -\or - \appendixsubseczzz{#2} -\or - \appendixsubsubseczzz{#2} -\else - \ifnum \absseclevel<0 - \appendixzzz{#2} - \else - \appendixsubsubseczzz{#2} - \fi -\fi -} - -% like \numhead, but chooses numberless heading levels -\def\unnmhead#1#2{\absseclevel=\secbase\advance\absseclevel by #1 -\ifcase\absseclevel - \unnumberedzzz{#2} -\or - \unnumberedseczzz{#2} -\or - \unnumberedsubseczzz{#2} -\or - \unnumberedsubsubseczzz{#2} -\else - \ifnum \absseclevel<0 - \unnumberedzzz{#2} - \else - \unnumberedsubsubseczzz{#2} - \fi -\fi -} - -% @chapter, @appendix, @unnumbered. -\def\thischaptername{No Chapter Title} -\outer\def\chapter{\parsearg\chapteryyy} -\def\chapteryyy #1{\numhead0{#1}} % normally numhead0 calls chapterzzz -\def\chapterzzz #1{% -\secno=0 \subsecno=0 \subsubsecno=0 -\global\advance \chapno by 1 \message{\putwordChapter\space \the\chapno}% -\chapmacro {#1}{\the\chapno}% -\gdef\thissection{#1}% -\gdef\thischaptername{#1}% -% We don't substitute the actual chapter name into \thischapter -% because we don't want its macros evaluated now. -\xdef\thischapter{\putwordChapter{} \the\chapno: \noexpand\thischaptername}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash chapentry{\the\toks0}% - {\the\chapno}}}% -\temp -\donoderef -\global\let\section = \numberedsec -\global\let\subsection = \numberedsubsec -\global\let\subsubsection = \numberedsubsubsec -} - -\outer\def\appendix{\parsearg\appendixyyy} -\def\appendixyyy #1{\apphead0{#1}} % normally apphead0 calls appendixzzz -\def\appendixzzz #1{% -\secno=0 \subsecno=0 \subsubsecno=0 -\global\advance \appendixno by 1 -\message{\putwordAppendix\space \appendixletter}% -\chapmacro {#1}{\putwordAppendix{} \appendixletter}% -\gdef\thissection{#1}% -\gdef\thischaptername{#1}% -\xdef\thischapter{\putwordAppendix{} \appendixletter: \noexpand\thischaptername}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash chapentry{\the\toks0}% - {\putwordAppendix{} \appendixletter}}}% -\temp -\appendixnoderef -\global\let\section = \appendixsec -\global\let\subsection = \appendixsubsec -\global\let\subsubsection = \appendixsubsubsec -} - -% @centerchap is like @unnumbered, but the heading is centered. -\outer\def\centerchap{\parsearg\centerchapyyy} -\def\centerchapyyy #1{{\let\unnumbchapmacro=\centerchapmacro \unnumberedyyy{#1}}} - -% @top is like @unnumbered. -\outer\def\top{\parsearg\unnumberedyyy} - -\outer\def\unnumbered{\parsearg\unnumberedyyy} -\def\unnumberedyyy #1{\unnmhead0{#1}} % normally unnmhead0 calls unnumberedzzz -\def\unnumberedzzz #1{% -\secno=0 \subsecno=0 \subsubsecno=0 -% -% This used to be simply \message{#1}, but TeX fully expands the -% argument to \message. Therefore, if #1 contained @-commands, TeX -% expanded them. For example, in `@unnumbered The @cite{Book}', TeX -% expanded @cite (which turns out to cause errors because \cite is meant -% to be executed, not expanded). -% -% Anyway, we don't want the fully-expanded definition of @cite to appear -% as a result of the \message, we just want `@cite' itself. We use -% \the to achieve this: TeX expands \the only once, -% simply yielding the contents of . (We also do this for -% the toc entries.) -\toks0 = {#1}\message{(\the\toks0)}% -% -\unnumbchapmacro {#1}% -\gdef\thischapter{#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbchapentry{\the\toks0}}}% -\temp -\unnumbnoderef -\global\let\section = \unnumberedsec -\global\let\subsection = \unnumberedsubsec -\global\let\subsubsection = \unnumberedsubsubsec -} - -% Sections. -\outer\def\numberedsec{\parsearg\secyyy} -\def\secyyy #1{\numhead1{#1}} % normally calls seczzz -\def\seczzz #1{% -\subsecno=0 \subsubsecno=0 \global\advance \secno by 1 % -\gdef\thissection{#1}\secheading {#1}{\the\chapno}{\the\secno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash secentry{\the\toks0}% - {\the\chapno}{\the\secno}}}% -\temp -\donoderef -\nobreak -} - -\outer\def\appendixsection{\parsearg\appendixsecyyy} -\outer\def\appendixsec{\parsearg\appendixsecyyy} -\def\appendixsecyyy #1{\apphead1{#1}} % normally calls appendixsectionzzz -\def\appendixsectionzzz #1{% -\subsecno=0 \subsubsecno=0 \global\advance \secno by 1 % -\gdef\thissection{#1}\secheading {#1}{\appendixletter}{\the\secno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash secentry{\the\toks0}% - {\appendixletter}{\the\secno}}}% -\temp -\appendixnoderef -\nobreak -} - -\outer\def\unnumberedsec{\parsearg\unnumberedsecyyy} -\def\unnumberedsecyyy #1{\unnmhead1{#1}} % normally calls unnumberedseczzz -\def\unnumberedseczzz #1{% -\plainsecheading {#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbsecentry{\the\toks0}}}% -\temp -\unnumbnoderef -\nobreak -} - -% Subsections. -\outer\def\numberedsubsec{\parsearg\numberedsubsecyyy} -\def\numberedsubsecyyy #1{\numhead2{#1}} % normally calls numberedsubseczzz -\def\numberedsubseczzz #1{% -\gdef\thissection{#1}\subsubsecno=0 \global\advance \subsecno by 1 % -\subsecheading {#1}{\the\chapno}{\the\secno}{\the\subsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsecentry{\the\toks0}% - {\the\chapno}{\the\secno}{\the\subsecno}}}% -\temp -\donoderef -\nobreak -} - -\outer\def\appendixsubsec{\parsearg\appendixsubsecyyy} -\def\appendixsubsecyyy #1{\apphead2{#1}} % normally calls appendixsubseczzz -\def\appendixsubseczzz #1{% -\gdef\thissection{#1}\subsubsecno=0 \global\advance \subsecno by 1 % -\subsecheading {#1}{\appendixletter}{\the\secno}{\the\subsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsecentry{\the\toks0}% - {\appendixletter}{\the\secno}{\the\subsecno}}}% -\temp -\appendixnoderef -\nobreak -} - -\outer\def\unnumberedsubsec{\parsearg\unnumberedsubsecyyy} -\def\unnumberedsubsecyyy #1{\unnmhead2{#1}} %normally calls unnumberedsubseczzz -\def\unnumberedsubseczzz #1{% -\plainsubsecheading {#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbsubsecentry% - {\the\toks0}}}% -\temp -\unnumbnoderef -\nobreak -} - -% Subsubsections. -\outer\def\numberedsubsubsec{\parsearg\numberedsubsubsecyyy} -\def\numberedsubsubsecyyy #1{\numhead3{#1}} % normally numberedsubsubseczzz -\def\numberedsubsubseczzz #1{% -\gdef\thissection{#1}\global\advance \subsubsecno by 1 % -\subsubsecheading {#1} - {\the\chapno}{\the\secno}{\the\subsecno}{\the\subsubsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsubsecentry{\the\toks0}% - {\the\chapno}{\the\secno}{\the\subsecno}{\the\subsubsecno}}}% -\temp -\donoderef -\nobreak -} - -\outer\def\appendixsubsubsec{\parsearg\appendixsubsubsecyyy} -\def\appendixsubsubsecyyy #1{\apphead3{#1}} % normally appendixsubsubseczzz -\def\appendixsubsubseczzz #1{% -\gdef\thissection{#1}\global\advance \subsubsecno by 1 % -\subsubsecheading {#1} - {\appendixletter}{\the\secno}{\the\subsecno}{\the\subsubsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsubsecentry{\the\toks0}% - {\appendixletter}{\the\secno}{\the\subsecno}{\the\subsubsecno}}}% -\temp -\appendixnoderef -\nobreak -} - -\outer\def\unnumberedsubsubsec{\parsearg\unnumberedsubsubsecyyy} -\def\unnumberedsubsubsecyyy #1{\unnmhead3{#1}} %normally unnumberedsubsubseczzz -\def\unnumberedsubsubseczzz #1{% -\plainsubsubsecheading {#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbsubsubsecentry% - {\the\toks0}}}% -\temp -\unnumbnoderef -\nobreak -} - -% These are variants which are not "outer", so they can appear in @ifinfo. -% Actually, they should now be obsolete; ordinary section commands should work. -\def\infotop{\parsearg\unnumberedzzz} -\def\infounnumbered{\parsearg\unnumberedzzz} -\def\infounnumberedsec{\parsearg\unnumberedseczzz} -\def\infounnumberedsubsec{\parsearg\unnumberedsubseczzz} -\def\infounnumberedsubsubsec{\parsearg\unnumberedsubsubseczzz} - -\def\infoappendix{\parsearg\appendixzzz} -\def\infoappendixsec{\parsearg\appendixseczzz} -\def\infoappendixsubsec{\parsearg\appendixsubseczzz} -\def\infoappendixsubsubsec{\parsearg\appendixsubsubseczzz} - -\def\infochapter{\parsearg\chapterzzz} -\def\infosection{\parsearg\sectionzzz} -\def\infosubsection{\parsearg\subsectionzzz} -\def\infosubsubsection{\parsearg\subsubsectionzzz} - -% These macros control what the section commands do, according -% to what kind of chapter we are in (ordinary, appendix, or unnumbered). -% Define them by default for a numbered chapter. -\global\let\section = \numberedsec -\global\let\subsection = \numberedsubsec -\global\let\subsubsection = \numberedsubsubsec - -% Define @majorheading, @heading and @subheading - -% NOTE on use of \vbox for chapter headings, section headings, and such: -% 1) We use \vbox rather than the earlier \line to permit -% overlong headings to fold. -% 2) \hyphenpenalty is set to 10000 because hyphenation in a -% heading is obnoxious; this forbids it. -% 3) Likewise, headings look best if no \parindent is used, and -% if justification is not attempted. Hence \raggedright. - - -\def\majorheading{\parsearg\majorheadingzzz} -\def\majorheadingzzz #1{% -{\advance\chapheadingskip by 10pt \chapbreak }% -{\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\penalty 200} - -\def\chapheading{\parsearg\chapheadingzzz} -\def\chapheadingzzz #1{\chapbreak % -{\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\penalty 200} - -% @heading, @subheading, @subsubheading. -\def\heading{\parsearg\plainsecheading} -\def\subheading{\parsearg\plainsubsecheading} -\def\subsubheading{\parsearg\plainsubsubsecheading} - -% These macros generate a chapter, section, etc. heading only -% (including whitespace, linebreaking, etc. around it), -% given all the information in convenient, parsed form. - -%%% Args are the skip and penalty (usually negative) -\def\dobreak#1#2{\par\ifdim\lastskip<#1\removelastskip\penalty#2\vskip#1\fi} - -\def\setchapterstyle #1 {\csname CHAPF#1\endcsname} - -%%% Define plain chapter starts, and page on/off switching for it -% Parameter controlling skip before chapter headings (if needed) - -\newskip\chapheadingskip - -\def\chapbreak{\dobreak \chapheadingskip {-4000}} -\def\chappager{\par\vfill\supereject} -\def\chapoddpage{\chappager \ifodd\pageno \else \hbox to 0pt{} \chappager\fi} - -\def\setchapternewpage #1 {\csname CHAPPAG#1\endcsname} - -\def\CHAPPAGoff{% -\global\let\contentsalignmacro = \chappager -\global\let\pchapsepmacro=\chapbreak -\global\let\pagealignmacro=\chappager} - -\def\CHAPPAGon{% -\global\let\contentsalignmacro = \chappager -\global\let\pchapsepmacro=\chappager -\global\let\pagealignmacro=\chappager -\global\def\HEADINGSon{\HEADINGSsingle}} - -\def\CHAPPAGodd{ -\global\let\contentsalignmacro = \chapoddpage -\global\let\pchapsepmacro=\chapoddpage -\global\let\pagealignmacro=\chapoddpage -\global\def\HEADINGSon{\HEADINGSdouble}} - -\CHAPPAGon - -\def\CHAPFplain{ -\global\let\chapmacro=\chfplain -\global\let\unnumbchapmacro=\unnchfplain -\global\let\centerchapmacro=\centerchfplain} - -% Plain chapter opening. -% #1 is the text, #2 the chapter number or empty if unnumbered. -\def\chfplain#1#2{% - \pchapsepmacro - {% - \chapfonts \rm - \def\chapnum{#2}% - \setbox0 = \hbox{#2\ifx\chapnum\empty\else\enspace\fi}% - \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright - \hangindent = \wd0 \centerparametersmaybe - \unhbox0 #1\par}% - }% - \nobreak\bigskip % no page break after a chapter title - \nobreak -} - -% Plain opening for unnumbered. -\def\unnchfplain#1{\chfplain{#1}{}} - -% @centerchap -- centered and unnumbered. -\let\centerparametersmaybe = \relax -\def\centerchfplain#1{{% - \def\centerparametersmaybe{% - \advance\rightskip by 3\rightskip - \leftskip = \rightskip - \parfillskip = 0pt - }% - \chfplain{#1}{}% -}} - -\CHAPFplain % The default - -\def\unnchfopen #1{% -\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\nobreak -} - -\def\chfopen #1#2{\chapoddpage {\chapfonts -\vbox to 3in{\vfil \hbox to\hsize{\hfil #2} \hbox to\hsize{\hfil #1} \vfil}}% -\par\penalty 5000 % -} - -\def\centerchfopen #1{% -\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt - \hfill {\rm #1}\hfill}}\bigskip \par\nobreak -} - -\def\CHAPFopen{ -\global\let\chapmacro=\chfopen -\global\let\unnumbchapmacro=\unnchfopen -\global\let\centerchapmacro=\centerchfopen} - - -% Section titles. -\newskip\secheadingskip -\def\secheadingbreak{\dobreak \secheadingskip {-1000}} -\def\secheading#1#2#3{\sectionheading{sec}{#2.#3}{#1}} -\def\plainsecheading#1{\sectionheading{sec}{}{#1}} - -% Subsection titles. -\newskip \subsecheadingskip -\def\subsecheadingbreak{\dobreak \subsecheadingskip {-500}} -\def\subsecheading#1#2#3#4{\sectionheading{subsec}{#2.#3.#4}{#1}} -\def\plainsubsecheading#1{\sectionheading{subsec}{}{#1}} - -% Subsubsection titles. -\let\subsubsecheadingskip = \subsecheadingskip -\let\subsubsecheadingbreak = \subsecheadingbreak -\def\subsubsecheading#1#2#3#4#5{\sectionheading{subsubsec}{#2.#3.#4.#5}{#1}} -\def\plainsubsubsecheading#1{\sectionheading{subsubsec}{}{#1}} - - -% Print any size section title. -% -% #1 is the section type (sec/subsec/subsubsec), #2 is the section -% number (maybe empty), #3 the text. -\def\sectionheading#1#2#3{% - {% - \expandafter\advance\csname #1headingskip\endcsname by \parskip - \csname #1headingbreak\endcsname - }% - {% - % Switch to the right set of fonts. - \csname #1fonts\endcsname \rm - % - % Only insert the separating space if we have a section number. - \def\secnum{#2}% - \setbox0 = \hbox{#2\ifx\secnum\empty\else\enspace\fi}% - % - \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright - \hangindent = \wd0 % zero if no section number - \unhbox0 #3}% - }% - \ifdim\parskip<10pt \nobreak\kern10pt\nobreak\kern-\parskip\fi \nobreak -} - - -\message{toc,} -\newwrite\tocfile - -% Write an entry to the toc file, opening it if necessary. -% Called from @chapter, etc. We supply {\folio} at the end of the -% argument, which will end up as the last argument to the \...entry macro. -% -% We open the .toc file here instead of at @setfilename or any other -% given time so that @contents can be put in the document anywhere. -% -\newif\iftocfileopened -\def\writetocentry#1{% - \iftocfileopened\else - \immediate\openout\tocfile = \jobname.toc - \global\tocfileopenedtrue - \fi - \iflinks \write\tocfile{#1{\folio}}\fi -} - -\newskip\contentsrightmargin \contentsrightmargin=1in -\newcount\savepageno -\newcount\lastnegativepageno \lastnegativepageno = -1 - -% Finish up the main text and prepare to read what we've written -% to \tocfile. -% -\def\startcontents#1{% - % If @setchapternewpage on, and @headings double, the contents should - % start on an odd page, unlike chapters. Thus, we maintain - % \contentsalignmacro in parallel with \pagealignmacro. - % From: Torbjorn Granlund - \contentsalignmacro - \immediate\closeout\tocfile - % - % Don't need to put `Contents' or `Short Contents' in the headline. - % It is abundantly clear what they are. - \unnumbchapmacro{#1}\def\thischapter{}% - \savepageno = \pageno - \begingroup % Set up to handle contents files properly. - \catcode`\\=0 \catcode`\{=1 \catcode`\}=2 \catcode`\@=11 - % We can't do this, because then an actual ^ in a section - % title fails, e.g., @chapter ^ -- exponentiation. --karl, 9jul97. - %\catcode`\^=7 % to see ^^e4 as \"a etc. juha@piuha.ydi.vtt.fi - \raggedbottom % Worry more about breakpoints than the bottom. - \advance\hsize by -\contentsrightmargin % Don't use the full line length. - % - % Roman numerals for page numbers. - \ifnum \pageno>0 \pageno = \lastnegativepageno \fi -} - - -% Normal (long) toc. -\def\contents{% - \startcontents{\putwordTableofContents}% - \openin 1 \jobname.toc - \ifeof 1 \else - \closein 1 - \input \jobname.toc - \fi - \vfill \eject - \endgroup - \lastnegativepageno = \pageno - \pageno = \savepageno -} - -% And just the chapters. -\def\summarycontents{% - \startcontents{\putwordShortContents}% - % - \let\chapentry = \shortchapentry - \let\unnumbchapentry = \shortunnumberedentry - % We want a true roman here for the page numbers. - \secfonts - \let\rm=\shortcontrm \let\bf=\shortcontbf \let\sl=\shortcontsl - \rm - \hyphenpenalty = 10000 - \advance\baselineskip by 1pt % Open it up a little. - \def\secentry ##1##2##3##4{} - \def\unnumbsecentry ##1##2{} - \def\subsecentry ##1##2##3##4##5{} - \def\unnumbsubsecentry ##1##2{} - \def\subsubsecentry ##1##2##3##4##5##6{} - \def\unnumbsubsubsecentry ##1##2{} - \openin 1 \jobname.toc - \ifeof 1 \else - \closein 1 - \input \jobname.toc - \fi - \vfill \eject - \endgroup - \lastnegativepageno = \pageno - \pageno = \savepageno -} -\let\shortcontents = \summarycontents - -% These macros generate individual entries in the table of contents. -% The first argument is the chapter or section name. -% The last argument is the page number. -% The arguments in between are the chapter number, section number, ... - -% Chapter-level things, for both the long and short contents. -\def\chapentry#1#2#3{\dochapentry{#2\labelspace#1}{#3}} - -% See comments in \dochapentry re vbox and related settings -\def\shortchapentry#1#2#3{% - \tocentry{\shortchaplabel{#2}\labelspace #1}{\doshortpageno{#3}}% -} - -% Typeset the label for a chapter or appendix for the short contents. -% The arg is, e.g. `Appendix A' for an appendix, or `3' for a chapter. -% We could simplify the code here by writing out an \appendixentry -% command in the toc file for appendices, instead of using \chapentry -% for both, but it doesn't seem worth it. -\setbox0 = \hbox{\shortcontrm \putwordAppendix } -\newdimen\shortappendixwidth \shortappendixwidth = \wd0 - -\def\shortchaplabel#1{% - % We typeset #1 in a box of constant width, regardless of the text of - % #1, so the chapter titles will come out aligned. - \setbox0 = \hbox{#1}% - \dimen0 = \ifdim\wd0 > \shortappendixwidth \shortappendixwidth \else 0pt \fi - % - % This space should be plenty, since a single number is .5em, and the - % widest letter (M) is 1em, at least in the Computer Modern fonts. - % (This space doesn't include the extra space that gets added after - % the label; that gets put in by \shortchapentry above.) - \advance\dimen0 by 1.1em - \hbox to \dimen0{#1\hfil}% -} - -\def\unnumbchapentry#1#2{\dochapentry{#1}{#2}} -\def\shortunnumberedentry#1#2{\tocentry{#1}{\doshortpageno{#2}}} - -% Sections. -\def\secentry#1#2#3#4{\dosecentry{#2.#3\labelspace#1}{#4}} -\def\unnumbsecentry#1#2{\dosecentry{#1}{#2}} - -% Subsections. -\def\subsecentry#1#2#3#4#5{\dosubsecentry{#2.#3.#4\labelspace#1}{#5}} -\def\unnumbsubsecentry#1#2{\dosubsecentry{#1}{#2}} - -% And subsubsections. -\def\subsubsecentry#1#2#3#4#5#6{% - \dosubsubsecentry{#2.#3.#4.#5\labelspace#1}{#6}} -\def\unnumbsubsubsecentry#1#2{\dosubsubsecentry{#1}{#2}} - -% This parameter controls the indentation of the various levels. -\newdimen\tocindent \tocindent = 3pc - -% Now for the actual typesetting. In all these, #1 is the text and #2 is the -% page number. -% -% If the toc has to be broken over pages, we want it to be at chapters -% if at all possible; hence the \penalty. -\def\dochapentry#1#2{% - \penalty-300 \vskip1\baselineskip plus.33\baselineskip minus.25\baselineskip - \begingroup - \chapentryfonts - \tocentry{#1}{\dopageno{#2}}% - \endgroup - \nobreak\vskip .25\baselineskip plus.1\baselineskip -} - -\def\dosecentry#1#2{\begingroup - \secentryfonts \leftskip=\tocindent - \tocentry{#1}{\dopageno{#2}}% -\endgroup} - -\def\dosubsecentry#1#2{\begingroup - \subsecentryfonts \leftskip=2\tocindent - \tocentry{#1}{\dopageno{#2}}% -\endgroup} - -\def\dosubsubsecentry#1#2{\begingroup - \subsubsecentryfonts \leftskip=3\tocindent - \tocentry{#1}{\dopageno{#2}}% -\endgroup} - -% Final typesetting of a toc entry; we use the same \entry macro as for -% the index entries, but we want to suppress hyphenation here. (We -% can't do that in the \entry macro, since index entries might consist -% of hyphenated-identifiers-that-do-not-fit-on-a-line-and-nothing-else.) -\def\tocentry#1#2{\begingroup - \vskip 0pt plus1pt % allow a little stretch for the sake of nice page breaks - % Do not use \turnoffactive in these arguments. Since the toc is - % typeset in cmr, so characters such as _ would come out wrong; we - % have to do the usual translation tricks. - \entry{#1}{#2}% -\endgroup} - -% Space between chapter (or whatever) number and the title. -\def\labelspace{\hskip1em \relax} - -\def\dopageno#1{{\rm #1}} -\def\doshortpageno#1{{\rm #1}} - -\def\chapentryfonts{\secfonts \rm} -\def\secentryfonts{\textfonts} -\let\subsecentryfonts = \textfonts -\let\subsubsecentryfonts = \textfonts - - -\message{environments,} - -% Since these characters are used in examples, it should be an even number of -% \tt widths. Each \tt character is 1en, so two makes it 1em. -% Furthermore, these definitions must come after we define our fonts. -\newbox\dblarrowbox \newbox\longdblarrowbox -\newbox\pushcharbox \newbox\bullbox -\newbox\equivbox \newbox\errorbox - -%{\tentt -%\global\setbox\dblarrowbox = \hbox to 1em{\hfil$\Rightarrow$\hfil} -%\global\setbox\longdblarrowbox = \hbox to 1em{\hfil$\mapsto$\hfil} -%\global\setbox\pushcharbox = \hbox to 1em{\hfil$\dashv$\hfil} -%\global\setbox\equivbox = \hbox to 1em{\hfil$\ptexequiv$\hfil} -% Adapted from the manmac format (p.420 of TeXbook) -%\global\setbox\bullbox = \hbox to 1em{\kern.15em\vrule height .75ex width .85ex -% depth .1ex\hfil} -%} - -% @point{}, @result{}, @expansion{}, @print{}, @equiv{}. -\def\point{$\star$} -\def\result{\leavevmode\raise.15ex\hbox to 1em{\hfil$\Rightarrow$\hfil}} -\def\expansion{\leavevmode\raise.1ex\hbox to 1em{\hfil$\mapsto$\hfil}} -\def\print{\leavevmode\lower.1ex\hbox to 1em{\hfil$\dashv$\hfil}} -\def\equiv{\leavevmode\lower.1ex\hbox to 1em{\hfil$\ptexequiv$\hfil}} - -% Adapted from the TeXbook's \boxit. -{\tentt \global\dimen0 = 3em}% Width of the box. -\dimen2 = .55pt % Thickness of rules -% The text. (`r' is open on the right, `e' somewhat less so on the left.) -\setbox0 = \hbox{\kern-.75pt \tensf error\kern-1.5pt} - -\global\setbox\errorbox=\hbox to \dimen0{\hfil - \hsize = \dimen0 \advance\hsize by -5.8pt % Space to left+right. - \advance\hsize by -2\dimen2 % Rules. - \vbox{ - \hrule height\dimen2 - \hbox{\vrule width\dimen2 \kern3pt % Space to left of text. - \vtop{\kern2.4pt \box0 \kern2.4pt}% Space above/below. - \kern3pt\vrule width\dimen2}% Space to right. - \hrule height\dimen2} - \hfil} - -% The @error{} command. -\def\error{\leavevmode\lower.7ex\copy\errorbox} - -% @tex ... @end tex escapes into raw Tex temporarily. -% One exception: @ is still an escape character, so that @end tex works. -% But \@ or @@ will get a plain tex @ character. - -\def\tex{\begingroup - \catcode `\\=0 \catcode `\{=1 \catcode `\}=2 - \catcode `\$=3 \catcode `\&=4 \catcode `\#=6 - \catcode `\^=7 \catcode `\_=8 \catcode `\~=13 \let~=\tie - \catcode `\%=14 - \catcode 43=12 % plus - \catcode`\"=12 - \catcode`\==12 - \catcode`\|=12 - \catcode`\<=12 - \catcode`\>=12 - \escapechar=`\\ - % - \let\b=\ptexb - \let\bullet=\ptexbullet - \let\c=\ptexc - \let\,=\ptexcomma - \let\.=\ptexdot - \let\dots=\ptexdots - \let\equiv=\ptexequiv - \let\!=\ptexexclam - \let\i=\ptexi - \let\{=\ptexlbrace - \let\+=\tabalign - \let\}=\ptexrbrace - \let\*=\ptexstar - \let\t=\ptext - % - \def\endldots{\mathinner{\ldots\ldots\ldots\ldots}}% - \def\enddots{\relax\ifmmode\endldots\else$\mathsurround=0pt \endldots\,$\fi}% - \def\@{@}% -\let\Etex=\endgroup} - -% Define @lisp ... @endlisp. -% @lisp does a \begingroup so it can rebind things, -% including the definition of @endlisp (which normally is erroneous). - -% Amount to narrow the margins by for @lisp. -\newskip\lispnarrowing \lispnarrowing=0.4in - -% This is the definition that ^^M gets inside @lisp, @example, and other -% such environments. \null is better than a space, since it doesn't -% have any width. -\def\lisppar{\null\endgraf} - -% Make each space character in the input produce a normal interword -% space in the output. Don't allow a line break at this space, as this -% is used only in environments like @example, where each line of input -% should produce a line of output anyway. -% -{\obeyspaces % -\gdef\sepspaces{\obeyspaces\let =\tie}} - -% Define \obeyedspace to be our active space, whatever it is. This is -% for use in \parsearg. -{\sepspaces% -\global\let\obeyedspace= } - -% This space is always present above and below environments. -\newskip\envskipamount \envskipamount = 0pt - -% Make spacing and below environment symmetrical. We use \parskip here -% to help in doing that, since in @example-like environments \parskip -% is reset to zero; thus the \afterenvbreak inserts no space -- but the -% start of the next paragraph will insert \parskip -% -\def\aboveenvbreak{{\advance\envskipamount by \parskip -\endgraf \ifdim\lastskip<\envskipamount -\removelastskip \penalty-50 \vskip\envskipamount \fi}} - -\let\afterenvbreak = \aboveenvbreak - -% \nonarrowing is a flag. If "set", @lisp etc don't narrow margins. -\let\nonarrowing=\relax - -% @cartouche ... @end cartouche: draw rectangle w/rounded corners around -% environment contents. -\font\circle=lcircle10 -\newdimen\circthick -\newdimen\cartouter\newdimen\cartinner -\newskip\normbskip\newskip\normpskip\newskip\normlskip -\circthick=\fontdimen8\circle -% -\def\ctl{{\circle\char'013\hskip -6pt}}% 6pt from pl file: 1/2charwidth -\def\ctr{{\hskip 6pt\circle\char'010}} -\def\cbl{{\circle\char'012\hskip -6pt}} -\def\cbr{{\hskip 6pt\circle\char'011}} -\def\carttop{\hbox to \cartouter{\hskip\lskip - \ctl\leaders\hrule height\circthick\hfil\ctr - \hskip\rskip}} -\def\cartbot{\hbox to \cartouter{\hskip\lskip - \cbl\leaders\hrule height\circthick\hfil\cbr - \hskip\rskip}} -% -\newskip\lskip\newskip\rskip - -\long\def\cartouche{% -\begingroup - \lskip=\leftskip \rskip=\rightskip - \leftskip=0pt\rightskip=0pt %we want these *outside*. - \cartinner=\hsize \advance\cartinner by-\lskip - \advance\cartinner by-\rskip - \cartouter=\hsize - \advance\cartouter by 18.4pt % allow for 3pt kerns on either -% side, and for 6pt waste from -% each corner char, and rule thickness - \normbskip=\baselineskip \normpskip=\parskip \normlskip=\lineskip - % Flag to tell @lisp, etc., not to narrow margin. - \let\nonarrowing=\comment - \vbox\bgroup - \baselineskip=0pt\parskip=0pt\lineskip=0pt - \carttop - \hbox\bgroup - \hskip\lskip - \vrule\kern3pt - \vbox\bgroup - \hsize=\cartinner - \kern3pt - \begingroup - \baselineskip=\normbskip - \lineskip=\normlskip - \parskip=\normpskip - \vskip -\parskip -\def\Ecartouche{% - \endgroup - \kern3pt - \egroup - \kern3pt\vrule - \hskip\rskip - \egroup - \cartbot - \egroup -\endgroup -}} - - -% This macro is called at the beginning of all the @example variants, -% inside a group. -\def\nonfillstart{% - \aboveenvbreak - \inENV % This group ends at the end of the body - \hfuzz = 12pt % Don't be fussy - \sepspaces % Make spaces be word-separators rather than space tokens. - \singlespace - \let\par = \lisppar % don't ignore blank lines - \obeylines % each line of input is a line of output - \parskip = 0pt - \parindent = 0pt - \emergencystretch = 0pt % don't try to avoid overfull boxes - % @cartouche defines \nonarrowing to inhibit narrowing - % at next level down. - \ifx\nonarrowing\relax - \advance \leftskip by \lispnarrowing - \exdentamount=\lispnarrowing - \let\exdent=\nofillexdent - \let\nonarrowing=\relax - \fi -} - -% Define the \E... control sequence only if we are inside the particular -% environment, so the error checking in \end will work. -% -% To end an @example-like environment, we first end the paragraph (via -% \afterenvbreak's vertical glue), and then the group. That way we keep -% the zero \parskip that the environments set -- \parskip glue will be -% inserted at the beginning of the next paragraph in the document, after -% the environment. -% -\def\nonfillfinish{\afterenvbreak\endgroup} - -% @lisp: indented, narrowed, typewriter font. -\def\lisp{\begingroup - \nonfillstart - \let\Elisp = \nonfillfinish - \tt - \let\kbdfont = \kbdexamplefont % Allow @kbd to do something special. - \gobble % eat return -} - -% @example: Same as @lisp. -\def\example{\begingroup \def\Eexample{\nonfillfinish\endgroup}\lisp} - -% @small... is usually equivalent to the non-small (@smallbook -% redefines). We must call \example (or whatever) last in the -% definition, since it reads the return following the @example (or -% whatever) command. -% -% This actually allows (for example) @end display inside an -% @smalldisplay. Too bad, but makeinfo will catch the error anyway. -% -\def\smalldisplay{\begingroup\def\Esmalldisplay{\nonfillfinish\endgroup}\display} -\def\smallexample{\begingroup\def\Esmallexample{\nonfillfinish\endgroup}\lisp} -\def\smallformat{\begingroup\def\Esmallformat{\nonfillfinish\endgroup}\format} -\def\smalllisp{\begingroup\def\Esmalllisp{\nonfillfinish\endgroup}\lisp} - -% Real @smallexample and @smalllisp (when @smallbook): use smaller fonts. -% Originally contributed by Pavel@xerox. -\def\smalllispx{\begingroup - \def\Esmalllisp{\nonfillfinish\endgroup}% - \def\Esmallexample{\nonfillfinish\endgroup}% - \indexfonts - \lisp -} - -% @display: same as @lisp except keep current font. -% -\def\display{\begingroup - \nonfillstart - \let\Edisplay = \nonfillfinish - \gobble -} - -% @smalldisplay (when @smallbook): @display plus smaller fonts. -% -\def\smalldisplayx{\begingroup - \def\Esmalldisplay{\nonfillfinish\endgroup}% - \indexfonts \rm - \display -} - -% @format: same as @display except don't narrow margins. -% -\def\format{\begingroup - \let\nonarrowing = t - \nonfillstart - \let\Eformat = \nonfillfinish - \gobble -} - -% @smallformat (when @smallbook): @format plus smaller fonts. -% -\def\smallformatx{\begingroup - \def\Esmallformat{\nonfillfinish\endgroup}% - \indexfonts \rm - \format -} - -% @flushleft (same as @format). -% -\def\flushleft{\begingroup \def\Eflushleft{\nonfillfinish\endgroup}\format} - -% @flushright. -% -\def\flushright{\begingroup - \let\nonarrowing = t - \nonfillstart - \let\Eflushright = \nonfillfinish - \advance\leftskip by 0pt plus 1fill - \gobble -} - -% @quotation does normal linebreaking (hence we can't use \nonfillstart) -% and narrows the margins. -% -\def\quotation{% - \begingroup\inENV %This group ends at the end of the @quotation body - {\parskip=0pt \aboveenvbreak}% because \aboveenvbreak inserts \parskip - \singlespace - \parindent=0pt - % We have retained a nonzero parskip for the environment, since we're - % doing normal filling. So to avoid extra space below the environment... - \def\Equotation{\parskip = 0pt \nonfillfinish}% - % - % @cartouche defines \nonarrowing to inhibit narrowing at next level down. - \ifx\nonarrowing\relax - \advance\leftskip by \lispnarrowing - \advance\rightskip by \lispnarrowing - \exdentamount = \lispnarrowing - \let\nonarrowing = \relax - \fi -} - - -\message{defuns,} -% Define formatter for defuns -% First, allow user to change definition object font (\df) internally -\def\setdeffont #1 {\csname DEF#1\endcsname} - -\newskip\defbodyindent \defbodyindent=.4in -\newskip\defargsindent \defargsindent=50pt -\newskip\deftypemargin \deftypemargin=12pt -\newskip\deflastargmargin \deflastargmargin=18pt - -\newcount\parencount -% define \functionparens, which makes ( and ) and & do special things. -% \functionparens affects the group it is contained in. -\def\activeparens{% -\catcode`\(=\active \catcode`\)=\active \catcode`\&=\active -\catcode`\[=\active \catcode`\]=\active} - -% Make control sequences which act like normal parenthesis chars. -\let\lparen = ( \let\rparen = ) - -{\activeparens % Now, smart parens don't turn on until &foo (see \amprm) - -% Be sure that we always have a definition for `(', etc. For example, -% if the fn name has parens in it, \boldbrax will not be in effect yet, -% so TeX would otherwise complain about undefined control sequence. -\global\let(=\lparen \global\let)=\rparen -\global\let[=\lbrack \global\let]=\rbrack - -\gdef\functionparens{\boldbrax\let&=\amprm\parencount=0 } -\gdef\boldbrax{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb} -% This is used to turn on special parens -% but make & act ordinary (given that it's active). -\gdef\boldbraxnoamp{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb\let&=\ampnr} - -% Definitions of (, ) and & used in args for functions. -% This is the definition of ( outside of all parentheses. -\gdef\oprm#1 {{\rm\char`\(}#1 \bf \let(=\opnested - \global\advance\parencount by 1 -} -% -% This is the definition of ( when already inside a level of parens. -\gdef\opnested{\char`\(\global\advance\parencount by 1 } -% -\gdef\clrm{% Print a paren in roman if it is taking us back to depth of 0. - % also in that case restore the outer-level definition of (. - \ifnum \parencount=1 {\rm \char `\)}\sl \let(=\oprm \else \char `\) \fi - \global\advance \parencount by -1 } -% If we encounter &foo, then turn on ()-hacking afterwards -\gdef\amprm#1 {{\rm\}\let(=\oprm \let)=\clrm\ } -% -\gdef\normalparens{\boldbrax\let&=\ampnr} -} % End of definition inside \activeparens -%% These parens (in \boldbrax) actually are a little bolder than the -%% contained text. This is especially needed for [ and ] -\def\opnr{{\sf\char`\(}\global\advance\parencount by 1 } -\def\clnr{{\sf\char`\)}\global\advance\parencount by -1 } -\def\ampnr{\&} -\def\lbrb{{\bf\char`\[}} -\def\rbrb{{\bf\char`\]}} - -% First, defname, which formats the header line itself. -% #1 should be the function name. -% #2 should be the type of definition, such as "Function". - -\def\defname #1#2{% -% Get the values of \leftskip and \rightskip as they were -% outside the @def... -\dimen2=\leftskip -\advance\dimen2 by -\defbodyindent -\noindent -\setbox0=\hbox{\hskip \deflastargmargin{\rm #2}\hskip \deftypemargin}% -\dimen0=\hsize \advance \dimen0 by -\wd0 % compute size for first line -\dimen1=\hsize \advance \dimen1 by -\defargsindent %size for continuations -\parshape 2 0in \dimen0 \defargsindent \dimen1 -% Now output arg 2 ("Function" or some such) -% ending at \deftypemargin from the right margin, -% but stuck inside a box of width 0 so it does not interfere with linebreaking -{% Adjust \hsize to exclude the ambient margins, -% so that \rightline will obey them. -\advance \hsize by -\dimen2 -\rlap{\rightline{{\rm #2}\hskip -1.25pc }}}% -% Make all lines underfull and no complaints: -\tolerance=10000 \hbadness=10000 -\advance\leftskip by -\defbodyindent -\exdentamount=\defbodyindent -{\df #1}\enskip % Generate function name -} - -% Actually process the body of a definition -% #1 should be the terminating control sequence, such as \Edefun. -% #2 should be the "another name" control sequence, such as \defunx. -% #3 should be the control sequence that actually processes the header, -% such as \defunheader. - -\def\defparsebody #1#2#3{\begingroup\inENV% Environment for definitionbody -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2{\begingroup\obeylines\activeparens\spacesplit#3}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup % -\catcode 61=\active % 61 is `=' -\obeylines\activeparens\spacesplit#3} - -% #1 is the \E... control sequence to end the definition (which we define). -% #2 is the \...x control sequence for consecutive fns (which we define). -% #3 is the control sequence to call to resume processing. -% #4, delimited by the space, is the class name. -% -\def\defmethparsebody#1#2#3#4 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 {\begingroup\obeylines\activeparens\spacesplit{#3{##1}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\activeparens\spacesplit{#3{#4}}} - -% @deftypemethod has an extra argument that nothing else does. Sigh. -% #1 is the \E... control sequence to end the definition (which we define). -% #2 is the \...x control sequence for consecutive fns (which we define). -% #3 is the control sequence to call to resume processing. -% #4, delimited by the space, is the class name. -% #5 is the method's return type. -% -\def\deftypemethparsebody#1#2#3#4 #5 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 ##2 {\begingroup\obeylines\activeparens\spacesplit{#3{##1}{##2}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\activeparens\spacesplit{#3{#4}{#5}}} - -\def\defopparsebody #1#2#3#4#5 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 ##2 {\def#4{##1}% -\begingroup\obeylines\activeparens\spacesplit{#3{##2}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\activeparens\spacesplit{#3{#5}}} - -% These parsing functions are similar to the preceding ones -% except that they do not make parens into active characters. -% These are used for "variables" since they have no arguments. - -\def\defvarparsebody #1#2#3{\begingroup\inENV% Environment for definitionbody -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2{\begingroup\obeylines\spacesplit#3}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup % -\catcode 61=\active % -\obeylines\spacesplit#3} - -% This is used for \def{tp,vr}parsebody. It could probably be used for -% some of the others, too, with some judicious conditionals. -% -\def\parsebodycommon#1#2#3{% - \begingroup\inENV % - \medbreak % - % Define the end token that this defining construct specifies - % so that it will exit this group. - \def#1{\endgraf\endgroup\medbreak}% - \def#2##1 {\begingroup\obeylines\spacesplit{#3{##1}}}% - \parindent=0in - \advance\leftskip by \defbodyindent - \exdentamount=\defbodyindent - \begingroup\obeylines -} - -\def\defvrparsebody#1#2#3#4 {% - \parsebodycommon{#1}{#2}{#3}% - \spacesplit{#3{#4}}% -} - -% This loses on `@deftp {Data Type} {struct termios}' -- it thinks the -% type is just `struct', because we lose the braces in `{struct -% termios}' when \spacesplit reads its undelimited argument. Sigh. -% \let\deftpparsebody=\defvrparsebody -% -% So, to get around this, we put \empty in with the type name. That -% way, TeX won't find exactly `{...}' as an undelimited argument, and -% won't strip off the braces. -% -\def\deftpparsebody #1#2#3#4 {% - \parsebodycommon{#1}{#2}{#3}% - \spacesplit{\parsetpheaderline{#3{#4}}}\empty -} - -% Fine, but then we have to eventually remove the \empty *and* the -% braces (if any). That's what this does. -% -\def\removeemptybraces\empty#1\relax{#1} - -% After \spacesplit has done its work, this is called -- #1 is the final -% thing to call, #2 the type name (which starts with \empty), and #3 -% (which might be empty) the arguments. -% -\def\parsetpheaderline#1#2#3{% - #1{\removeemptybraces#2\relax}{#3}% -}% - -\def\defopvarparsebody #1#2#3#4#5 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 ##2 {\def#4{##1}% -\begingroup\obeylines\spacesplit{#3{##2}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\spacesplit{#3{#5}}} - -% Split up #2 at the first space token. -% call #1 with two arguments: -% the first is all of #2 before the space token, -% the second is all of #2 after that space token. -% If #2 contains no space token, all of it is passed as the first arg -% and the second is passed as empty. - -{\obeylines -\gdef\spacesplit#1#2^^M{\endgroup\spacesplitfoo{#1}#2 \relax\spacesplitfoo}% -\long\gdef\spacesplitfoo#1#2 #3#4\spacesplitfoo{% -\ifx\relax #3% -#1{#2}{}\else #1{#2}{#3#4}\fi}} - -% So much for the things common to all kinds of definitions. - -% Define @defun. - -% First, define the processing that is wanted for arguments of \defun -% Use this to expand the args and terminate the paragraph they make up - -\def\defunargs #1{\functionparens \sl -% Expand, preventing hyphenation at `-' chars. -% Note that groups don't affect changes in \hyphenchar. -\hyphenchar\tensl=0 -#1% -\hyphenchar\tensl=45 -\ifnum\parencount=0 \else \errmessage{Unbalanced parentheses in @def}\fi% -\interlinepenalty=10000 -\advance\rightskip by 0pt plus 1fil -\endgraf\nobreak\vskip -\parskip\nobreak -} - -\def\deftypefunargs #1{% -% Expand, preventing hyphenation at `-' chars. -% Note that groups don't affect changes in \hyphenchar. -% Use \boldbraxnoamp, not \functionparens, so that & is not special. -\boldbraxnoamp -\tclose{#1}% avoid \code because of side effects on active chars -\interlinepenalty=10000 -\advance\rightskip by 0pt plus 1fil -\endgraf\nobreak\vskip -\parskip\nobreak -} - -% Do complete processing of one @defun or @defunx line already parsed. - -% @deffn Command forward-char nchars - -\def\deffn{\defmethparsebody\Edeffn\deffnx\deffnheader} - -\def\deffnheader #1#2#3{\doind {fn}{\code{#2}}% -\begingroup\defname {#2}{#1}\defunargs{#3}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @defun == @deffn Function - -\def\defun{\defparsebody\Edefun\defunx\defunheader} - -\def\defunheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index -\begingroup\defname {#1}{Function}% -\defunargs {#2}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @deftypefun int foobar (int @var{foo}, float @var{bar}) - -\def\deftypefun{\defparsebody\Edeftypefun\deftypefunx\deftypefunheader} - -% #1 is the data type. #2 is the name and args. -\def\deftypefunheader #1#2{\deftypefunheaderx{#1}#2 \relax} -% #1 is the data type, #2 the name, #3 the args. -\def\deftypefunheaderx #1#2 #3\relax{% -\doind {fn}{\code{#2}}% Make entry in function index -\begingroup\defname {\defheaderxcond#1\relax$$$#2}{Function}% -\deftypefunargs {#3}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @deftypefn {Library Function} int foobar (int @var{foo}, float @var{bar}) - -\def\deftypefn{\defmethparsebody\Edeftypefn\deftypefnx\deftypefnheader} - -% \defheaderxcond#1\relax$$$ -% puts #1 in @code, followed by a space, but does nothing if #1 is null. -\def\defheaderxcond#1#2$$${\ifx#1\relax\else\code{#1#2} \fi} - -% #1 is the classification. #2 is the data type. #3 is the name and args. -\def\deftypefnheader #1#2#3{\deftypefnheaderx{#1}{#2}#3 \relax} -% #1 is the classification, #2 the data type, #3 the name, #4 the args. -\def\deftypefnheaderx #1#2#3 #4\relax{% -\doind {fn}{\code{#3}}% Make entry in function index -\begingroup -\normalparens % notably, turn off `&' magic, which prevents -% at least some C++ text from working -\defname {\defheaderxcond#2\relax$$$#3}{#1}% -\deftypefunargs {#4}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @defmac == @deffn Macro - -\def\defmac{\defparsebody\Edefmac\defmacx\defmacheader} - -\def\defmacheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index -\begingroup\defname {#1}{Macro}% -\defunargs {#2}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @defspec == @deffn Special Form - -\def\defspec{\defparsebody\Edefspec\defspecx\defspecheader} - -\def\defspecheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index -\begingroup\defname {#1}{Special Form}% -\defunargs {#2}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% This definition is run if you use @defunx -% anywhere other than immediately after a @defun or @defunx. - -\def\deffnx #1 {\errmessage{@deffnx in invalid context}} -\def\defunx #1 {\errmessage{@defunx in invalid context}} -\def\defmacx #1 {\errmessage{@defmacx in invalid context}} -\def\defspecx #1 {\errmessage{@defspecx in invalid context}} -\def\deftypefnx #1 {\errmessage{@deftypefnx in invalid context}} -\def\deftypemethodx #1 {\errmessage{@deftypemethodx in invalid context}} -\def\deftypefunx #1 {\errmessage{@deftypefunx in invalid context}} - -% @defmethod, and so on - -% @defop CATEGORY CLASS OPERATION ARG... - -\def\defop #1 {\def\defoptype{#1}% -\defopparsebody\Edefop\defopx\defopheader\defoptype} - -\def\defopheader #1#2#3{% -\dosubind {fn}{\code{#2}}{\putwordon\ #1}% Make entry in function index -\begingroup\defname {#2}{\defoptype{} on #1}% -\defunargs {#3}\endgroup % -} - -% @deftypemethod CLASS RETURN-TYPE METHOD ARG... -% -\def\deftypemethod{% - \deftypemethparsebody\Edeftypemethod\deftypemethodx\deftypemethodheader} -% -% #1 is the class name, #2 the data type, #3 the method name, #4 the args. -\def\deftypemethodheader#1#2#3#4{% - \dosubind{fn}{\code{#3}}{\putwordon\ \code{#1}}% entry in function index - \begingroup - \defname{\defheaderxcond#2\relax$$$#3}{\putwordMethodon\ \code{#1}}% - \deftypefunargs{#4}% - \endgroup -} - -% @defmethod == @defop Method -% -\def\defmethod{\defmethparsebody\Edefmethod\defmethodx\defmethodheader} -% -% #1 is the class name, #2 the method name, #3 the args. -\def\defmethodheader#1#2#3{% - \dosubind{fn}{\code{#2}}{\putwordon\ \code{#1}}% entry in function index - \begingroup - \defname{#2}{\putwordMethodon\ \code{#1}}% - \defunargs{#3}% - \endgroup -} - -% @defcv {Class Option} foo-class foo-flag - -\def\defcv #1 {\def\defcvtype{#1}% -\defopvarparsebody\Edefcv\defcvx\defcvarheader\defcvtype} - -\def\defcvarheader #1#2#3{% -\dosubind {vr}{\code{#2}}{of #1}% Make entry in var index -\begingroup\defname {#2}{\defcvtype{} of #1}% -\defvarargs {#3}\endgroup % -} - -% @defivar == @defcv {Instance Variable} - -\def\defivar{\defvrparsebody\Edefivar\defivarx\defivarheader} - -\def\defivarheader #1#2#3{% -\dosubind {vr}{\code{#2}}{of #1}% Make entry in var index -\begingroup\defname {#2}{Instance Variable of #1}% -\defvarargs {#3}\endgroup % -} - -% These definitions are run if you use @defmethodx, etc., -% anywhere other than immediately after a @defmethod, etc. - -\def\defopx #1 {\errmessage{@defopx in invalid context}} -\def\defmethodx #1 {\errmessage{@defmethodx in invalid context}} -\def\defcvx #1 {\errmessage{@defcvx in invalid context}} -\def\defivarx #1 {\errmessage{@defivarx in invalid context}} - -% Now @defvar - -% First, define the processing that is wanted for arguments of @defvar. -% This is actually simple: just print them in roman. -% This must expand the args and terminate the paragraph they make up -\def\defvarargs #1{\normalparens #1% -\interlinepenalty=10000 -\endgraf\nobreak\vskip -\parskip\nobreak} - -% @defvr Counter foo-count - -\def\defvr{\defvrparsebody\Edefvr\defvrx\defvrheader} - -\def\defvrheader #1#2#3{\doind {vr}{\code{#2}}% -\begingroup\defname {#2}{#1}\defvarargs{#3}\endgroup} - -% @defvar == @defvr Variable - -\def\defvar{\defvarparsebody\Edefvar\defvarx\defvarheader} - -\def\defvarheader #1#2{\doind {vr}{\code{#1}}% Make entry in var index -\begingroup\defname {#1}{Variable}% -\defvarargs {#2}\endgroup % -} - -% @defopt == @defvr {User Option} - -\def\defopt{\defvarparsebody\Edefopt\defoptx\defoptheader} - -\def\defoptheader #1#2{\doind {vr}{\code{#1}}% Make entry in var index -\begingroup\defname {#1}{User Option}% -\defvarargs {#2}\endgroup % -} - -% @deftypevar int foobar - -\def\deftypevar{\defvarparsebody\Edeftypevar\deftypevarx\deftypevarheader} - -% #1 is the data type. #2 is the name, perhaps followed by text that -% is actually part of the data type, which should not be put into the index. -\def\deftypevarheader #1#2{% -\dovarind#2 \relax% Make entry in variables index -\begingroup\defname {\defheaderxcond#1\relax$$$#2}{Variable}% -\interlinepenalty=10000 -\endgraf\nobreak\vskip -\parskip\nobreak -\endgroup} -\def\dovarind#1 #2\relax{\doind{vr}{\code{#1}}} - -% @deftypevr {Global Flag} int enable - -\def\deftypevr{\defvrparsebody\Edeftypevr\deftypevrx\deftypevrheader} - -\def\deftypevrheader #1#2#3{\dovarind#3 \relax% -\begingroup\defname {\defheaderxcond#2\relax$$$#3}{#1} -\interlinepenalty=10000 -\endgraf\nobreak\vskip -\parskip\nobreak -\endgroup} - -% This definition is run if you use @defvarx -% anywhere other than immediately after a @defvar or @defvarx. - -\def\defvrx #1 {\errmessage{@defvrx in invalid context}} -\def\defvarx #1 {\errmessage{@defvarx in invalid context}} -\def\defoptx #1 {\errmessage{@defoptx in invalid context}} -\def\deftypevarx #1 {\errmessage{@deftypevarx in invalid context}} -\def\deftypevrx #1 {\errmessage{@deftypevrx in invalid context}} - -% Now define @deftp -% Args are printed in bold, a slight difference from @defvar. - -\def\deftpargs #1{\bf \defvarargs{#1}} - -% @deftp Class window height width ... - -\def\deftp{\deftpparsebody\Edeftp\deftpx\deftpheader} - -\def\deftpheader #1#2#3{\doind {tp}{\code{#2}}% -\begingroup\defname {#2}{#1}\deftpargs{#3}\endgroup} - -% This definition is run if you use @deftpx, etc -% anywhere other than immediately after a @deftp, etc. - -\def\deftpx #1 {\errmessage{@deftpx in invalid context}} - - -\message{macros,} -% @macro. - -% To do this right we need a feature of e-TeX, \scantokens, -% which we arrange to emulate with a temporary file in ordinary TeX. -\ifx\eTeXversion\undefined - \newwrite\macscribble - \def\scanmacro#1{% - \begingroup \newlinechar`\^^M - \immediate\openout\macscribble=\jobname.tmp - \immediate\write\macscribble{#1}% - \immediate\closeout\macscribble - \let\xeatspaces\eatspaces - \input \jobname.tmp - \endgroup -} -\else -\def\scanmacro#1{% -\begingroup \newlinechar`\^^M -\let\xeatspaces\eatspaces\scantokens{#1}\endgroup} -\fi - -\newcount\paramno % Count of parameters -\newtoks\macname % Macro name -\newif\ifrecursive % Is it recursive? - -% Utility routines. -% Thisdoes \let #1 = #2, except with \csnames. -\def\cslet#1#2{% -\expandafter\expandafter -\expandafter\let -\expandafter\expandafter -\csname#1\endcsname -\csname#2\endcsname} - -% Trim leading and trailing spaces off a string. -% Concepts from aro-bend problem 15 (see CTAN). -{\catcode`\@=11 -\gdef\eatspaces #1{\expandafter\trim@\expandafter{#1 }} -\gdef\trim@ #1{\trim@@ @#1 @ #1 @ @@} -\gdef\trim@@ #1@ #2@ #3@@{\trim@@@\empty #2 @} -\def\unbrace#1{#1} -\unbrace{\gdef\trim@@@ #1 } #2@{#1} -} - -% Trim a single trailing ^^M off a string. -{\catcode`\^^M=12\catcode`\Q=3% -\gdef\eatcr #1{\eatcra #1Q^^MQ}% -\gdef\eatcra#1^^MQ{\eatcrb#1Q}% -\gdef\eatcrb#1Q#2Q{#1}% -} - -% Macro bodies are absorbed as an argument in a context where -% all characters are catcode 10, 11 or 12, except \ which is active -% (as in normal texinfo). It is necessary to change the definition of \. - -% It's necessary to have hard CRs when the macro is executed. This is -% done by making ^^M (\endlinechar) catcode 12 when reading the macro -% body, and then making it the \newlinechar in \scanmacro. - -\def\macrobodyctxt{% - \catcode`\~=12 - \catcode`\^=12 - \catcode`\_=12 - \catcode`\|=12 - \catcode`\<=12 - \catcode`\>=12 - \catcode`\+=12 - \catcode`\{=12 - \catcode`\}=12 - \catcode`\@=12 - \catcode`\^^M=12 - \usembodybackslash} - -\def\macroargctxt{% - \catcode`\~=12 - \catcode`\^=12 - \catcode`\_=12 - \catcode`\|=12 - \catcode`\<=12 - \catcode`\>=12 - \catcode`\+=12 - \catcode`\@=12 - \catcode`\\=12} - -% \mbodybackslash is the definition of \ in @macro bodies. -% It maps \foo\ => \csname macarg.foo\endcsname => #N -% where N is the macro parameter number. -% We define \csname macarg.\endcsname to be \realbackslash, so -% \\ in macro replacement text gets you a backslash. - -{\catcode`@=0 @catcode`@\=@active - @gdef@usembodybackslash{@let\=@mbodybackslash} - @gdef@mbodybackslash#1\{@csname macarg.#1@endcsname} -} -\expandafter\def\csname macarg.\endcsname{\realbackslash} - -\def\macro{\recursivefalse\parsearg\macroxxx} -\def\rmacro{\recursivetrue\parsearg\macroxxx} - -\def\macroxxx#1{% - \getargs{#1}% now \macname is the macname and \argl the arglist - \ifx\argl\empty % no arguments - \paramno=0% - \else - \expandafter\parsemargdef \argl;% - \fi - \expandafter\ifx \csname macsave.\the\macname\endcsname \relax - \cslet{macsave.\the\macname}{\the\macname}% - \else - \message{Warning: redefining \the\macname}% - \fi - \begingroup \macrobodyctxt - \ifrecursive \expandafter\parsermacbody - \else \expandafter\parsemacbody - \fi} - -\def\unmacro{\parsearg\unmacroxxx} -\def\unmacroxxx#1{% - \expandafter\ifx \csname macsave.\the\macname\endcsname \relax - \errmessage{Macro \the\macname\ not defined.}% - \else - \cslet{#1}{macsave.#1}% - \expandafter\let \csname macsave.\the\macname\endcsname \undefined - \fi -} - -% This makes use of the obscure feature that if the last token of a -% is #, then the preceding argument is delimited by -% an opening brace, and that opening brace is not consumed. -\def\getargs#1{\getargsxxx#1{}} -\def\getargsxxx#1#{\getmacname #1 \relax\getmacargs} -\def\getmacname #1 #2\relax{\macname={#1}} -\def\getmacargs#1{\def\argl{#1}} - -% Parse the optional {params} list. Set up \paramno and \paramlist -% so \defmacro knows what to do. Define \macarg.blah for each blah -% in the params list, to be ##N where N is the position in that list. -% That gets used by \mbodybackslash (above). - -% We need to get `macro parameter char #' into several definitions. -% The technique used is stolen from LaTeX: let \hash be something -% unexpandable, insert that wherever you need a #, and then redefine -% it to # just before using the token list produced. -% -% The same technique is used to protect \eatspaces till just before -% the macro is used. - -\def\parsemargdef#1;{\paramno=0\def\paramlist{}% - \let\hash\relax\let\xeatspaces\relax\parsemargdefxxx#1,;,} -\def\parsemargdefxxx#1,{% - \if#1;\let\next=\relax - \else \let\next=\parsemargdefxxx - \advance\paramno by 1% - \expandafter\edef\csname macarg.\eatspaces{#1}\endcsname - {\xeatspaces{\hash\the\paramno}}% - \edef\paramlist{\paramlist\hash\the\paramno,}% - \fi\next} - -% These two commands read recursive and nonrecursive macro bodies. -% (They're different since rec and nonrec macros end differently.) - -\long\def\parsemacbody#1@end macro% -{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}% -\long\def\parsermacbody#1@end rmacro% -{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}% - -% This defines the macro itself. There are six cases: recursive and -% nonrecursive macros of zero, one, and many arguments. -% Much magic with \expandafter here. -% \xdef is used so that macro definitions will survive the file -% they're defined in; @include reads the file inside a group. -\def\defmacro{% - \let\hash=##% convert placeholders to macro parameter chars - \ifrecursive - \ifcase\paramno - % 0 - \expandafter\xdef\csname\the\macname\endcsname{% - \noexpand\scanmacro{\temp}}% - \or % 1 - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\braceorline\csname\the\macname xxx\endcsname}% - \expandafter\xdef\csname\the\macname xxx\endcsname##1{% - \egroup\noexpand\scanmacro{\temp}}% - \else % many - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\csname\the\macname xx\endcsname} - \expandafter\xdef\csname\the\macname xx\endcsname##1{% - \csname\the\macname xxx\endcsname ##1,}% - \expandafter\expandafter - \expandafter\xdef - \expandafter\expandafter - \csname\the\macname xxx\endcsname - \paramlist{\egroup\noexpand\scanmacro{\temp}}% - \fi - \else - \ifcase\paramno - % 0 - \expandafter\xdef\csname\the\macname\endcsname{% - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \or % 1 - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\braceorline\csname\the\macname xxx\endcsname}% - \expandafter\xdef\csname\the\macname xxx\endcsname##1{% - \egroup - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \else % many - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\csname\the\macname xx\endcsname} - \expandafter\xdef\csname\the\macname xx\endcsname##1{% - \csname\the\macname xxx\endcsname ##1,}% - \expandafter\expandafter - \expandafter\xdef - \expandafter\expandafter - \csname\the\macname xxx\endcsname - \paramlist{% - \egroup - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \fi - \fi} - -\def\norecurse#1{\bgroup\cslet{#1}{macsave.#1}} - -% \braceorline decides whether the next nonwhitespace character is a -% {. If so it reads up to the closing }, if not, it reads the whole -% line. Whatever was read is then fed to the next control sequence -% as an argument (by \parsebrace or \parsearg) -\def\braceorline#1{\let\next=#1\futurelet\nchar\braceorlinexxx} -\def\braceorlinexxx{% - \ifx\nchar\bgroup\else - \expandafter\parsearg - \fi \next} - - -\message{cross references,} -\newwrite\auxfile - -\newif\ifhavexrefs % True if xref values are known. -\newif\ifwarnedxrefs % True if we warned once that they aren't known. - -% @inforef is relatively simple. -\def\inforef #1{\inforefzzz #1,,,,**} -\def\inforefzzz #1,#2,#3,#4**{\putwordSee{} \putwordInfo{} \putwordfile{} \file{\ignorespaces #3{}}, - node \samp{\ignorespaces#1{}}} - -% @node's job is to define \lastnode. -\def\node{\ENVcheck\parsearg\nodezzz} -\def\nodezzz#1{\nodexxx [#1,]} -\def\nodexxx[#1,#2]{\gdef\lastnode{#1}} -\let\nwnode=\node -\let\lastnode=\relax - -% The sectioning commands (@chapter, etc.) call these. -\def\donoderef{% - \ifx\lastnode\relax\else - \expandafter\expandafter\expandafter\setref{\lastnode}% - {Ysectionnumberandtype}% - \global\let\lastnode=\relax - \fi -} -\def\unnumbnoderef{% - \ifx\lastnode\relax\else - \expandafter\expandafter\expandafter\setref{\lastnode}{Ynothing}% - \global\let\lastnode=\relax - \fi -} -\def\appendixnoderef{% - \ifx\lastnode\relax\else - \expandafter\expandafter\expandafter\setref{\lastnode}% - {Yappendixletterandtype}% - \global\let\lastnode=\relax - \fi -} - - -% @anchor{NAME} -- define xref target at arbitrary point. -% -\def\anchor#1{\setref{#1}{Ynothing}} - - -% \setref{NAME}{SNT} defines a cross-reference point NAME, namely -% NAME-title, NAME-pg, and NAME-SNT. Called from \foonoderef. We have -% to set \indexdummies so commands such as @code in a section title -% aren't expanded. It would be nicer not to expand the titles in the -% first place, but there's so many layers that that is hard to do. -% -\def\setref#1#2{{% - \indexdummies - \dosetq{#1-title}{Ytitle}% - \dosetq{#1-pg}{Ypagenumber}% - \dosetq{#1-snt}{#2} -}} - -% @xref, @pxref, and @ref generate cross-references. For \xrefX, #1 is -% the node name, #2 the name of the Info cross-reference, #3 the printed -% node name, #4 the name of the Info file, #5 the name of the printed -% manual. All but the node name can be omitted. -% -\def\pxref#1{\putwordsee{} \xrefX[#1,,,,,,,]} -\def\xref#1{\putwordSee{} \xrefX[#1,,,,,,,]} -\def\ref#1{\xrefX[#1,,,,,,,]} -\def\xrefX[#1,#2,#3,#4,#5,#6]{\begingroup - \def\printedmanual{\ignorespaces #5}% - \def\printednodename{\ignorespaces #3}% - \setbox1=\hbox{\printedmanual}% - \setbox0=\hbox{\printednodename}% - \ifdim \wd0 = 0pt - % No printed node name was explicitly given. - \expandafter\ifx\csname SETxref-automatic-section-title\endcsname\relax - % Use the node name inside the square brackets. - \def\printednodename{\ignorespaces #1}% - \else - % Use the actual chapter/section title appear inside - % the square brackets. Use the real section title if we have it. - \ifdim \wd1 > 0pt - % It is in another manual, so we don't have it. - \def\printednodename{\ignorespaces #1}% - \else - \ifhavexrefs - % We know the real title if we have the xref values. - \def\printednodename{\refx{#1-title}{}}% - \else - % Otherwise just copy the Info node name. - \def\printednodename{\ignorespaces #1}% - \fi% - \fi - \fi - \fi - % - % If we use \unhbox0 and \unhbox1 to print the node names, TeX does not - % insert empty discretionaries after hyphens, which means that it will - % not find a line break at a hyphen in a node names. Since some manuals - % are best written with fairly long node names, containing hyphens, this - % is a loss. Therefore, we give the text of the node name again, so it - % is as if TeX is seeing it for the first time. - \ifdim \wd1 > 0pt - \putwordsection{} ``\printednodename'' in \cite{\printedmanual}% - \else - % _ (for example) has to be the character _ for the purposes of the - % control sequence corresponding to the node, but it has to expand - % into the usual \leavevmode...\vrule stuff for purposes of - % printing. So we \turnoffactive for the \refx-snt, back on for the - % printing, back off for the \refx-pg. - {\normalturnoffactive - % Only output a following space if the -snt ref is nonempty; for - % @unnumbered and @anchor, it won't be. - \setbox2 = \hbox{\ignorespaces \refx{#1-snt}{}}% - \ifdim \wd2 > 0pt \refx{#1-snt}\space\fi - }% - % [mynode], - [\printednodename],\space - % page 3 - \turnoffactive \putwordpage\tie\refx{#1-pg}{}% - \fi -\endgroup} - -% \dosetq is the interface for calls from other macros - -% Use \normalturnoffactive so that punctuation chars such as underscore -% and backslash work in node names. (\turnoffactive doesn't do \.) -\def\dosetq#1#2{% - {\let\folio=0 - \normalturnoffactive - \edef\next{\write\auxfile{\internalsetq{#1}{#2}}}% - \iflinks - \next - \fi - }% -} - -% \internalsetq {foo}{page} expands into -% CHARACTERS 'xrdef {foo}{...expansion of \Ypage...} -% When the aux file is read, ' is the escape character - -\def\internalsetq #1#2{'xrdef {#1}{\csname #2\endcsname}} - -% Things to be expanded by \internalsetq - -\def\Ypagenumber{\folio} - -\def\Ytitle{\thissection} - -\def\Ynothing{} - -\def\Ysectionnumberandtype{% -\ifnum\secno=0 \putwordChapter\xreftie\the\chapno % -\else \ifnum \subsecno=0 \putwordSection\xreftie\the\chapno.\the\secno % -\else \ifnum \subsubsecno=0 % -\putwordSection\xreftie\the\chapno.\the\secno.\the\subsecno % -\else % -\putwordSection\xreftie\the\chapno.\the\secno.\the\subsecno.\the\subsubsecno % -\fi \fi \fi } - -\def\Yappendixletterandtype{% -\ifnum\secno=0 \putwordAppendix\xreftie'char\the\appendixno{}% -\else \ifnum \subsecno=0 \putwordSection\xreftie'char\the\appendixno.\the\secno % -\else \ifnum \subsubsecno=0 % -\putwordSection\xreftie'char\the\appendixno.\the\secno.\the\subsecno % -\else % -\putwordSection\xreftie'char\the\appendixno.\the\secno.\the\subsecno.\the\subsubsecno % -\fi \fi \fi } - -\gdef\xreftie{'tie} - -% Use TeX 3.0's \inputlineno to get the line number, for better error -% messages, but if we're using an old version of TeX, don't do anything. -% -\ifx\inputlineno\thisisundefined - \let\linenumber = \empty % Non-3.0. -\else - \def\linenumber{\the\inputlineno:\space} -\fi - -% Define \refx{NAME}{SUFFIX} to reference a cross-reference string named NAME. -% If its value is nonempty, SUFFIX is output afterward. - -\def\refx#1#2{% - \expandafter\ifx\csname X#1\endcsname\relax - % If not defined, say something at least. - \angleleft un\-de\-fined\angleright - \iflinks - \ifhavexrefs - \message{\linenumber Undefined cross reference `#1'.}% - \else - \ifwarnedxrefs\else - \global\warnedxrefstrue - \message{Cross reference values unknown; you must run TeX again.}% - \fi - \fi - \fi - \else - % It's defined, so just use it. - \csname X#1\endcsname - \fi - #2% Output the suffix in any case. -} - -% This is the macro invoked by entries in the aux file. -% -\def\xrdef#1{\begingroup - % Reenable \ as an escape while reading the second argument. - \catcode`\\ = 0 - \afterassignment\endgroup - \expandafter\gdef\csname X#1\endcsname -} - -% Read the last existing aux file, if any. No error if none exists. -\def\readauxfile{\begingroup - \catcode`\^^@=\other - \catcode`\^^A=\other - \catcode`\^^B=\other - \catcode`\^^C=\other - \catcode`\^^D=\other - \catcode`\^^E=\other - \catcode`\^^F=\other - \catcode`\^^G=\other - \catcode`\^^H=\other - \catcode`\^^K=\other - \catcode`\^^L=\other - \catcode`\^^N=\other - \catcode`\^^P=\other - \catcode`\^^Q=\other - \catcode`\^^R=\other - \catcode`\^^S=\other - \catcode`\^^T=\other - \catcode`\^^U=\other - \catcode`\^^V=\other - \catcode`\^^W=\other - \catcode`\^^X=\other - \catcode`\^^Z=\other - \catcode`\^^[=\other - \catcode`\^^\=\other - \catcode`\^^]=\other - \catcode`\^^^=\other - \catcode`\^^_=\other - \catcode`\@=\other - \catcode`\^=\other - % It was suggested to define this as 7, which would allow ^^e4 etc. - % in xref tags, i.e., node names. But since ^^e4 notation isn't - % supported in the main text, it doesn't seem desirable. Furthermore, - % that is not enough: for node names that actually contain a ^ - % character, we would end up writing a line like this: 'xrdef {'hat - % b-title}{'hat b} and \xrdef does a \csname...\endcsname on the first - % argument, and \hat is not an expandable control sequence. It could - % all be worked out, but why? Either we support ^^ or we don't. - % - % The other change necessary for this was to define \auxhat: - % \def\auxhat{\def^{'hat }}% extra space so ok if followed by letter - % and then to call \auxhat in \setq. - % - \catcode`\~=\other - \catcode`\[=\other - \catcode`\]=\other - \catcode`\"=\other - \catcode`\_=\other - \catcode`\|=\other - \catcode`\<=\other - \catcode`\>=\other - \catcode`\$=\other - \catcode`\#=\other - \catcode`\&=\other - \catcode`+=\other % avoid \+ for paranoia even though we've turned it off - % Make the characters 128-255 be printing characters - {% - \count 1=128 - \def\loop{% - \catcode\count 1=\other - \advance\count 1 by 1 - \ifnum \count 1<256 \loop \fi - }% - }% - % The aux file uses ' as the escape (for now). - % Turn off \ as an escape so we do not lose on - % entries which were dumped with control sequences in their names. - % For example, 'xrdef {$\leq $-fun}{page ...} made by @defun ^^ - % Reference to such entries still does not work the way one would wish, - % but at least they do not bomb out when the aux file is read in. - \catcode`\{=1 - \catcode`\}=2 - \catcode`\%=\other - \catcode`\'=0 - \catcode`\\=\other - % - \openin 1 \jobname.aux - \ifeof 1 \else - \closein 1 - \input \jobname.aux - \global\havexrefstrue - \global\warnedobstrue - \fi - % Open the new aux file. TeX will close it automatically at exit. - \openout\auxfile=\jobname.aux -\endgroup} - - -% Footnotes. - -\newcount \footnoteno - -% The trailing space in the following definition for supereject is -% vital for proper filling; pages come out unaligned when you do a -% pagealignmacro call if that space before the closing brace is -% removed. (Generally, numeric constants should always be followed by a -% space to prevent strange expansion errors.) -\def\supereject{\par\penalty -20000\footnoteno =0 } - -% @footnotestyle is meaningful for info output only. -\let\footnotestyle=\comment - -\let\ptexfootnote=\footnote - -{\catcode `\@=11 -% -% Auto-number footnotes. Otherwise like plain. -\gdef\footnote{% - \global\advance\footnoteno by \@ne - \edef\thisfootno{$^{\the\footnoteno}$}% - % - % In case the footnote comes at the end of a sentence, preserve the - % extra spacing after we do the footnote number. - \let\@sf\empty - \ifhmode\edef\@sf{\spacefactor\the\spacefactor}\/\fi - % - % Remove inadvertent blank space before typesetting the footnote number. - \unskip - \thisfootno\@sf - \footnotezzz -}% - -% Don't bother with the trickery in plain.tex to not require the -% footnote text as a parameter. Our footnotes don't need to be so general. -% -% Oh yes, they do; otherwise, @ifset and anything else that uses -% \parseargline fail inside footnotes because the tokens are fixed when -% the footnote is read. --karl, 16nov96. -% -\long\gdef\footnotezzz{\insert\footins\bgroup - % We want to typeset this text as a normal paragraph, even if the - % footnote reference occurs in (for example) a display environment. - % So reset some parameters. - \interlinepenalty\interfootnotelinepenalty - \splittopskip\ht\strutbox % top baseline for broken footnotes - \splitmaxdepth\dp\strutbox - \floatingpenalty\@MM - \leftskip\z@skip - \rightskip\z@skip - \spaceskip\z@skip - \xspaceskip\z@skip - \parindent\defaultparindent - % - % Hang the footnote text off the number. - \hang - \textindent{\thisfootno}% - % - % Don't crash into the line above the footnote text. Since this - % expands into a box, it must come within the paragraph, lest it - % provide a place where TeX can split the footnote. - \footstrut - \futurelet\next\fo@t -} -\def\fo@t{\ifcat\bgroup\noexpand\next \let\next\f@@t - \else\let\next\f@t\fi \next} -\def\f@@t{\bgroup\aftergroup\@foot\let\next} -\def\f@t#1{#1\@foot} -\def\@foot{\strut\egroup} - -}%end \catcode `\@=11 - -% Set the baselineskip to #1, and the lineskip and strut size -% correspondingly. There is no deep meaning behind these magic numbers -% used as factors; they just match (closely enough) what Knuth defined. -% -\def\lineskipfactor{.08333} -\def\strutheightpercent{.70833} -\def\strutdepthpercent {.29167} -% -\def\setleading#1{% - \normalbaselineskip = #1\relax - \normallineskip = \lineskipfactor\normalbaselineskip - \normalbaselines - \setbox\strutbox =\hbox{% - \vrule width0pt height\strutheightpercent\baselineskip - depth \strutdepthpercent \baselineskip - }% -} - -% @| inserts a changebar to the left of the current line. It should -% surround any changed text. This approach does *not* work if the -% change spans more than two lines of output. To handle that, we would -% have adopt a much more difficult approach (putting marks into the main -% vertical list for the beginning and end of each change). -% -\def\|{% - % \vadjust can only be used in horizontal mode. - \leavevmode - % - % Append this vertical mode material after the current line in the output. - \vadjust{% - % We want to insert a rule with the height and depth of the current - % leading; that is exactly what \strutbox is supposed to record. - \vskip-\baselineskip - % - % \vadjust-items are inserted at the left edge of the type. So - % the \llap here moves out into the left-hand margin. - \llap{% - % - % For a thicker or thinner bar, change the `1pt'. - \vrule height\baselineskip width1pt - % - % This is the space between the bar and the text. - \hskip 12pt - }% - }% -} - -% For a final copy, take out the rectangles -% that mark overfull boxes (in case you have decided -% that the text looks ok even though it passes the margin). -% -\def\finalout{\overfullrule=0pt} - -% @image. We use the macros from epsf.tex to support this. -% If epsf.tex is not installed and @image is used, we complain. -% -% Check for and read epsf.tex up front. If we read it only at @image -% time, we might be inside a group, and then its definitions would get -% undone and the next image would fail. -\openin 1 = epsf.tex -\ifeof 1 \else - \closein 1 - % Do not bother showing banner with post-v2.7 epsf.tex (available in - % doc/epsf.tex until it shows up on ctan). - \def\epsfannounce{\toks0 = }% - \input epsf.tex -\fi -% -\newif\ifwarnednoepsf -\newhelp\noepsfhelp{epsf.tex must be installed for images to - work. It is also included in the Texinfo distribution, or you can get - it from ftp://ftp.tug.org/tex/epsf.tex.} -% -% Only complain once about lack of epsf.tex. -\def\image#1{% - \ifx\epsfbox\undefined - \ifwarnednoepsf \else - \errhelp = \noepsfhelp - \errmessage{epsf.tex not found, images will be ignored}% - \global\warnednoepsftrue - \fi - \else - \imagexxx #1,,,\finish - \fi -} -% -% Arguments to @image: -% #1 is (mandatory) image filename; we tack on .eps extension. -% #2 is (optional) width, #3 is (optional) height. -% #4 is just the usual extra ignored arg for parsing this stuff. -\def\imagexxx#1,#2,#3,#4\finish{% - % \epsfbox itself resets \epsf?size at each figure. - \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \epsfxsize=#2\relax \fi - \setbox0 = \hbox{\ignorespaces #3}\ifdim\wd0 > 0pt \epsfysize=#3\relax \fi - % If the image is by itself, center it. - \ifvmode - \nobreak\medskip - \nobreak - \centerline{\epsfbox{#1.eps}}% - \bigbreak - \else - \epsfbox{#1.eps}% - \fi -} - - -\message{paper sizes,} -% And other related parameters. - -\newdimen\defaultparindent \defaultparindent = 15pt - -\chapheadingskip = 15pt plus 4pt minus 2pt -\secheadingskip = 12pt plus 3pt minus 2pt -\subsecheadingskip = 9pt plus 2pt minus 2pt - -% Prevent underfull vbox error messages. -\vbadness = 10000 - -% Don't be so finicky about underfull hboxes, either. -\hbadness = 2000 - -% Following George Bush, just get rid of widows and orphans. -\widowpenalty=10000 -\clubpenalty=10000 - -% Use TeX 3.0's \emergencystretch to help line breaking, but if we're -% using an old version of TeX, don't do anything. We want the amount of -% stretch added to depend on the line length, hence the dependence on -% \hsize. This makes it come to about 9pt for the 8.5x11 format. We -% call this whenever the paper size is set. -% -\def\setemergencystretch{% - \ifx\emergencystretch\thisisundefined - % Allow us to assign to \emergencystretch anyway. - \def\emergencystretch{\dimen0}% - \else - \emergencystretch = \hsize - \divide\emergencystretch by 45 - \fi -} - -% Parameters in order: 1) textheight; 2) textwidth; 3) voffset; -% 4) hoffset; 5) binding offset; 6) topskip. Then whoever calls us can -% set \parskip and call \setleading for \baselineskip. -% -\def\internalpagesizes#1#2#3#4#5#6{% - \voffset = #3\relax - \topskip = #6\relax - \splittopskip = \topskip - % - \vsize = #1\relax - \advance\vsize by \topskip - \outervsize = \vsize - \advance\outervsize by 2\topandbottommargin - \pageheight = \vsize - % - \hsize = #2\relax - \outerhsize = \hsize - \advance\outerhsize by 0.5in - \pagewidth = \hsize - % - \normaloffset = #4\relax - \bindingoffset = #5\relax - % - \parindent = \defaultparindent - \setemergencystretch -} - -% @letterpaper (the default). -\def\letterpaper{{\globaldefs = 1 - \parskip = 3pt plus 2pt minus 1pt - \setleading{13.2pt}% - % - % If page is nothing but text, make it come out even. - \internalpagesizes{46\baselineskip}{6in}{\voffset}{.25in}{\bindingoffset}{36pt}% -}} - -% Use @smallbook to reset parameters for 7x9.5 (or so) format. -\def\smallbook{{\globaldefs = 1 - \parskip = 2pt plus 1pt - \setleading{12pt}% - % - \internalpagesizes{7.5in}{5.in}{\voffset}{.25in}{\bindingoffset}{16pt}% - % - \lispnarrowing = 0.3in - \tolerance = 700 - \hfuzz = 1pt - \contentsrightmargin = 0pt - \deftypemargin = 0pt - \defbodyindent = .5cm - % - \let\smalldisplay = \smalldisplayx - \let\smallexample = \smalllispx - \let\smallformat = \smallformatx - \let\smalllisp = \smalllispx -}} - -% Use @afourpaper to print on European A4 paper. -\def\afourpaper{{\globaldefs = 1 - \setleading{12pt}% - \parskip = 3pt plus 2pt minus 1pt - % - \internalpagesizes{53\baselineskip}{160mm}{\voffset}{4mm}{\bindingoffset}{44pt}% - % - \tolerance = 700 - \hfuzz = 1pt -}} - -% A specific text layout, 24x15cm overall, intended for A4 paper. Top margin -% 29mm, hence bottom margin 28mm, nominal side margin 3cm. -\def\afourlatex{{\globaldefs = 1 - \setleading{13.6pt}% - % - \afourpaper - \internalpagesizes{237mm}{150mm}{3.6mm}{3.6mm}{3mm}{7mm}% - % - \globaldefs = 0 -}} - -% Use @afourwide to print on European A4 paper in wide format. -\def\afourwide{% - \afourpaper - \internalpagesizes{9.5in}{6.5in}{\hoffset}{\normaloffset}{\bindingoffset}{7mm}% - % - \globaldefs = 0 -} - -% @pagesizes TEXTHEIGHT[,TEXTWIDTH] -% Perhaps we should allow setting the margins, \topskip, \parskip, -% and/or leading, also. Or perhaps we should compute them somehow. -% -\def\pagesizes{\parsearg\pagesizesxxx} -\def\pagesizesxxx#1{\pagesizesyyy #1,,\finish} -\def\pagesizesyyy#1,#2,#3\finish{{% - \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \hsize=#2\relax \fi - \globaldefs = 1 - % - \parskip = 3pt plus 2pt minus 1pt - \setleading{13.2pt}% - % - \internalpagesizes{#1}{\hsize}{\voffset}{\normaloffset}{\bindingoffset}{44pt}% -}} - -% Set default to letter. -% -\letterpaper - -\message{and turning on texinfo input format.} - -% Define macros to output various characters with catcode for normal text. -\catcode`\"=\other -\catcode`\~=\other -\catcode`\^=\other -\catcode`\_=\other -\catcode`\|=\other -\catcode`\<=\other -\catcode`\>=\other -\catcode`\+=\other -\def\normaldoublequote{"} -\def\normaltilde{~} -\def\normalcaret{^} -\def\normalunderscore{_} -\def\normalverticalbar{|} -\def\normalless{<} -\def\normalgreater{>} -\def\normalplus{+} - -% This macro is used to make a character print one way in ttfont -% where it can probably just be output, and another way in other fonts, -% where something hairier probably needs to be done. -% -% #1 is what to print if we are indeed using \tt; #2 is what to print -% otherwise. Since all the Computer Modern typewriter fonts have zero -% interword stretch (and shrink), and it is reasonable to expect all -% typewriter fonts to have this, we can check that font parameter. -% -\def\ifusingtt#1#2{\ifdim \fontdimen3\the\font=0pt #1\else #2\fi} - -% Turn off all special characters except @ -% (and those which the user can use as if they were ordinary). -% Most of these we simply print from the \tt font, but for some, we can -% use math or other variants that look better in normal text. - -\catcode`\"=\active -\def\activedoublequote{{\tt\char34}} -\let"=\activedoublequote -\catcode`\~=\active -\def~{{\tt\char126}} -\chardef\hat=`\^ -\catcode`\^=\active -\def^{{\tt \hat}} - -\catcode`\_=\active -\def_{\ifusingtt\normalunderscore\_} -% Subroutine for the previous macro. -\def\_{\leavevmode \kern.06em \vbox{\hrule width.3em height.1ex}} - -\catcode`\|=\active -\def|{{\tt\char124}} -\chardef \less=`\< -\catcode`\<=\active -\def<{{\tt \less}} -\chardef \gtr=`\> -\catcode`\>=\active -\def>{{\tt \gtr}} -\catcode`\+=\active -\def+{{\tt \char 43}} -%\catcode 27=\active -%\def^^[{$\diamondsuit$} - -% Set up an active definition for =, but don't enable it most of the time. -{\catcode`\==\active -\global\def={{\tt \char 61}}} - -\catcode`+=\active -\catcode`\_=\active - -% If a .fmt file is being used, characters that might appear in a file -% name cannot be active until we have parsed the command line. -% So turn them off again, and have \everyjob (or @setfilename) turn them on. -% \otherifyactive is called near the end of this file. -\def\otherifyactive{\catcode`+=\other \catcode`\_=\other} - -\catcode`\@=0 - -% \rawbackslashxx output one backslash character in current font -\global\chardef\rawbackslashxx=`\\ -%{\catcode`\\=\other -%@gdef@rawbackslashxx{\}} - -% \rawbackslash redefines \ as input to do \rawbackslashxx. -{\catcode`\\=\active -@gdef@rawbackslash{@let\=@rawbackslashxx }} - -% \normalbackslash outputs one backslash in fixed width font. -\def\normalbackslash{{\tt\rawbackslashxx}} - -% Say @foo, not \foo, in error messages. -\escapechar=`\@ - -% \catcode 17=0 % Define control-q -\catcode`\\=\active - -% Used sometimes to turn off (effectively) the active characters -% even after parsing them. -@def@turnoffactive{@let"=@normaldoublequote -@let\=@realbackslash -@let~=@normaltilde -@let^=@normalcaret -@let_=@normalunderscore -@let|=@normalverticalbar -@let<=@normalless -@let>=@normalgreater -@let+=@normalplus} - -@def@normalturnoffactive{@let"=@normaldoublequote -@let\=@normalbackslash -@let~=@normaltilde -@let^=@normalcaret -@let_=@normalunderscore -@let|=@normalverticalbar -@let<=@normalless -@let>=@normalgreater -@let+=@normalplus} - -% Make _ and + \other characters, temporarily. -% This is canceled by @fixbackslash. -@otherifyactive - -% If a .fmt file is being used, we don't want the `\input texinfo' to show up. -% That is what \eatinput is for; after that, the `\' should revert to printing -% a backslash. -% -@gdef@eatinput input texinfo{@fixbackslash} -@global@let\ = @eatinput - -% On the other hand, perhaps the file did not have a `\input texinfo'. Then -% the first `\{ in the file would cause an error. This macro tries to fix -% that, assuming it is called before the first `\' could plausibly occur. -% Also back turn on active characters that might appear in the input -% file name, in case not using a pre-dumped format. -% -@gdef@fixbackslash{@ifx\@eatinput @let\ = @normalbackslash @fi - @catcode`+=@active @catcode`@_=@active} - -% These look ok in all fonts, so just make them not special. The @rm below -% makes sure that the current font starts out as the newly loaded cmr10 -@catcode`@$=@other @catcode`@%=@other @catcode`@&=@other @catcode`@#=@other - -@textfonts -@rm - -@c Local variables: -@c eval: (add-hook 'write-file-hooks 'time-stamp) -@c page-delimiter: "^\\\\message" -@c time-stamp-start: "def\\\\texinfoversion{" -@c time-stamp-format: "%:y-%02m-%02d" -@c time-stamp-end: "}" -@c End: diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 deleted file mode 100644 index 42d9cf28..00000000 --- a/doc/tinc.conf.5 +++ /dev/null @@ -1,196 +0,0 @@ -.TH TINC 5 "May 2000" "tinc version 1.0" "FSF" -.SH NAME -tincd.conf \- tinc daemon configuration -.SH "DESCRIPTION" -The files in the \fI/etc/tinc\fR directory contain runtime and -security information for the \fBtinc\fR(8) daemon. -.PP -.SH "NETWORKS" -It is perfectly ok for you to run more than one tinc daemon. However, -in its default form, you will soon notice that you can't use two -different configuration files without the \fI-c\fR option. - -We have thought of another way of dealing with this: network -names. This means that you call \fBtincd\fR with the \fI-n\fR argument, -which will assign a name to this daemon. - -The effect of this is that the daemon will set its configuration -``root'' to \fI/etc/tinc/\fBnn\fI/\fR, where \fBnn\fR is your argument -to the \fI-n\fR option. You'll notice that it appears in syslog as -``tincd.\fBnn\fR''. - -However, it is not strictly necessary that you call tinc with the -n -option. In this case, the network name would just be empty, and it -will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, -instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be -\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be -in \fI/etc/tinc/passphrases/\fR. - -But it is highly recommended that you use this feature of tinc, -because it will be so much clearer whom your daemon talks to. Hence, -we will assume that you use it. -.PP -.SH "PASSPHRASES" -You should use the \fBgenauth\fR(8) program to generate passphrases. -with, it accepts a single parameter, which is the number of bits the -passphrase should be. Its output should be stored in -\fI/etc/tinc/\fBnn\fI/passphrases/local\fR \-\- where \fBnn\fR stands -for the network (See under \fBNETWORKS\fR) above. - -Please see the manpage for \fBgenauth\fR to learn more about setting -up an authentication scheme. -.PP -.SH "CONFIGURATION" -The actual configuration of the daemon is done in the file -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR. - -This file consists of comments (lines started with a \fB#\fR) or -assignments in the form of -.PP -.Vb 1 -\& \fIVariable \fB= \fIValue\fR. -.Ve -.PP -The variable names are case insensitive, and any spaces, tabs, -newlines and carriage returns are ignored. \fINote\fR: it is not -required that you put in the \fB=\fR sign, but doing so improves -readability. If you leave it out, remember to replace it with at least -one space character. -.PP -.SH "VARIABLES" -.PP -Here are all valid variables, listed in alphabetical order. The default -value, required or optional is given between parentheses. -.TP -\fBConnectPort\fR = <\fIport\fR> (655) -Connect to the upstream host (given with the \fBConnectTo\fR directive) on -port \fIport\fR. port may be given in decimal (default), octal (when preceded -by a single zero) or hexadecimal (prefixed with 0x). \fIport\fR is the port -number for both the UDP and the TCP (meta) connections. -.TP -\fBConnectTo\fR = <\fIIP address|hostname\fR> (optional) -Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables -may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. It is possible to specify hostnames for dynamic IP -addresses (like those given on dyndns.org), tinc will not cache the resolved -IP address. - -If you don't specify a host with \fBConnectTo\fR, regardless of whether a -value for \fBConnectPort\fR is given, tinc won't connect at all, and will -instead just listen for incoming connections. -.TP -\fBHostnames\fR = <\fIyes|no\fR> (no) -This option selects whether IP addresses (both real and on the VPN) should -be resolved. Since DNS lookups are blocking, it might affect tinc's -efficiency, even stopping the daemon for a few seconds everytime it does -a lookup if your DNS server is not responding. - -This does not affect resolving hostnames to IP addresses from the configuration -file. -.TP -\fBIndirectData\fR = <\fIyes|no\fR> (no) -This option specifies whether other tinc daemons besides the one you -specified with \fBConnectTo\fR can make a direct connection to you. This is -especially useful if you are behind a firewall and it is impossible -to make a connection from the outside to your tinc daemon. Otherwise, -it is best to leave this option out or set it to no. -.TP -\fBInterface\fR = <\fIdevice\fR> (optional) -If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to -bind tinc to a single interface like eth0 or ppp0 with this variable. -.TP -\fBInterfaceIP\fR = <\fIlocal address\fR> (optional) -If your computer has more than one IP address on a single interface (for example -if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same -time though, if they share the same IP address. -.TP -\fBKeyExpire\fR = <\fIseconds\fR> (3600) -This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to -make it even harder for crackers, even though it is thought to be nearly -impossible to crack a single key. -.TP -\fBListenPort\fR = <\fIport\fR> (655) -Listen on local port \fIport\fR. The computer connecting to this daemon should -use this number as the argument for his \fBConnectPort\fR. -.TP -\fBMyOwnVPNIP\fR = <\fIlocal address[/maskbits]\fR> (required) -The \fIlocal address\fR is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this -will be the file name of the passphrase file that the other end expects -to find the passphrase in. - -The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it -is also necessary that you make the ethernet (also known as MAC) address -equal to the IP address (see the example). - -\fImaskbits\fR is the number of bits set to 1 in the netmask part. -.TP -\fBMyVirtualIP\fR = <\fIlocal address[/maskbits]> -This is an alias for \fBMyOwnVPNIP\fR. -.TP -\fBPassphrases\fR = <\fIdirectory\fR> (/etc/tinc/NETNAME/passphrases) -The directory where tinc will look for passphrases when someone tries to -connect. Please see the manpage for genauth(8) for more information -about passphrases as used by tinc. -.TP -\fBPingTimeout\fR = <\fIseconds\fR> (5) -The number of seconds of inactivity that tinc will wait before sending a -probe to the other end. If that other end doesn't answer within that -same amount of seconds, the connection is terminated, and the others -will be notified of this. -.TP -\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) -The ethertap device to use. Note that you can only use one device per -daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for Linux. -.TP -\fBTCPonly\fR = <\fIyes|no\fR> (no, experimental) -If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those -who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, -try this at your own risk. -.TP -\fBVpnMask\fR = <\fImask\fR> (optional) -The mask that defines the scope of the entire VPN. This option is not used -by the tinc daemon itself, but can be used by startup scripts to configure -the ethertap devices correctly. -.PP -.SH "FILES" -.TP -\fI/etc/tinc/\fR -The top directory for configuration files. -.TP -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR -The default name of the configuration file for net -\fBnn\fR. -.TP -\fI/etc/tinc/\fBnn\fI/passphrases/\fR -Passphrases are kept in this directory. (See the section -\fBPASSPHRASES\fR above). -.PP -.SH "SEE ALSO" -\fBtincd\fR(8), \fBgenauth\fR(8) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.PP -The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info -and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP -should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; -see the file COPYING for details. diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in new file mode 100644 index 00000000..7257bfe0 --- /dev/null +++ b/doc/tinc.conf.5.in @@ -0,0 +1,399 @@ +.Dd 2002-04-09 +.Dt TINC.CONF 5 +.\" Manual page created by: +.\" Ivo Timmermans +.\" Guus Sliepen +.Sh NAME +.Nm tinc.conf +.Nd tinc daemon configuration +.Sh DESCRIPTION +The files in the +.Pa @sysconfdir@/tinc/ +directory contain runtime and security information for the tinc daemon. +.Sh NETWORKS +It is perfectly ok for you to run more than one tinc daemon. +However, in its default form, +you will soon notice that you can't use two different configuration files without the +.Fl c +option. +.Pp +We have thought of another way of dealing with this: network names. +This means that you call +.Nm +with the +.Fl n +option, which will assign a name to this daemon. +.Pp +The effect of this is that the daemon will set its configuration root to +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / , +where +.Ar NETNAME +is your argument to the +.Fl n +option. +You'll notice that messages appear in syslog as coming from +.Nm tincd. Ns Ar NETNAME . +.Pp +However, it is not strictly necessary that you call tinc with the +.Fl n +option. +In this case, the network name would just be empty, +and it will be used as such. +.Nm tinc +now looks for files in +.Pa @sysconfdir@/tinc/ , +instead of +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / ; +the configuration file should be +.Pa @sysconfdir@/tinc/tinc.conf , +and the host configuration files are now expected to be in +.Pa @sysconfdir@/tinc/hosts/ . +.Pp +But it is highly recommended that you use this feature of +.Nm tinc , +because it will be so much clearer whom your daemon talks to. +Hence, we will assume that you use it. +.Sh NAMES +Each tinc daemon should have a name that is unique in the network which it will be part of. +The name will be used by other tinc daemons for identification. +The name has to be declared in the +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +file. +.Pp +To make things easy, +choose something that will give unique and easy to remember names to your tinc daemon(s). +You could try things like hostnames, owner surnames or location names. +.Sh PUBLIC/PRIVATE KEYS +You should use +.Ic tincd -K +to generate public/private keypairs. +It will generate two keys. +The private key should be stored in a separate file +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv +\-\- where +.Ar NETNAME +stands for the network (see +.Sx NETWORKS ) +above. +The public key should be stored in the host configuration file +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME +\-\- where +.Va NAME +stands for the name of the local tinc daemon (see +.Sx NAMES ) . +.Sh SERVER CONFIGURATION +The server configuration of the daemon is done in the file +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf . +This file consists of comments (lines started with a +.Li # ) +or assignments in the form of: +.Pp +.Va Variable Li = Ar Value . +.Pp +The variable names are case insensitive, and any spaces, tabs, +newlines and carriage returns are ignored. +Note: it is not required that you put in the +.Li = +sign, but doing so improves readability. +If you leave it out, remember to replace it with at least one space character. +.Pp +Here are all valid variables, listed in alphabetical order. +The default value is given between parentheses. +.Bl -tag -width indent +.It Va AddressFamily Li = ipv4 | ipv6 | any Pq any +This option affects the address family of listening and outgoing sockets. +If +.Qq any +is selected, then depending on the operating system both IPv4 and IPv6 or just +IPv6 listening sockets will be created. +.It Va BindToAddress Li = Ar address Bq experimental +If your computer has more than one IPv4 or IPv6 address, +.Nm tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single address with this variable. +.Pp +This option may not work on all platforms. +.It Va BindToInterface Li = Ar interface Bq experimental +If your computer has more than one network interface, +.Nm tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single interface with this variable. +.Pp +This option may not work on all platforms. +.It Va ConnectTo Li = Ar name +Specifies which other tinc daemon to connect to on startup. +Multiple +.Va ConnectTo +variables may be specified, +in which case outgoing connections to each specified tinc daemon are made. +The names should be known to this tinc daemon +(i.e., there should be a host configuration file for the name on the +.Va ConnectTo +line). +.Pp +If you don't specify a host with +.Va ConnectTo , +.Nm tinc +won't try to connect to other daemons at all, +and will instead just listen for incoming connections. +.It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc +The virtual network device to use. +.Nm tinc +will automatically detect what kind of device it is. +Note that you can only use one device per daemon. +Under Windows, use +.Va Interface +instead of +.Va Device . +The info pages of the tinc package contain more information +about configuring the virtual network device. +.It Va Hostnames Li = yes | no Pq no +This option selects whether IP addresses (both real and on the VPN) should +be resolved. Since DNS lookups are blocking, it might affect tinc's +efficiency, even stopping the daemon for a few seconds every time it does +a lookup if your DNS server is not responding. +.Pp +This does not affect resolving hostnames to IP addresses from the +host configuration files. +.It Va Interface Li = Ar interface +Defines the name of the interface corresponding to the virtual network device. +Depending on the operating system and the type of device this may or may not actually set the name of the interface. +Under Windows, this variable is used to select which network interface will be used. +If you specified a +.Va Device , +this variable is almost always already correctly set. +.It Va KeyExpire Li = Ar seconds Pq 3600 +This option controls the period the encryption keys used to encrypt the data are valid. +It is common practice to change keys at regular intervals to make it even harder for crackers, +even though it is thought to be nearly impossible to crack a single key. +.It Va MACExpire Li = Ar seconds Pq 600 +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when +.Va Mode +is set to +.Qq switch . +.It Va MaxTimeout Li = Ar seconds Pq 900 +This is the maximum delay before trying to reconnect to other tinc daemons. +.It Va Mode Li = router | switch | hub Pq router +This option selects the way packets are routed to other daemons. +.Bl -tag -width indent +.It router +In this mode +.Va Subnet +variables in the host configuration files will be used to form a routing table. +Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. +.Pp +This is the default mode, and unless you really know you need another mode, don't change it. +.It switch +In this mode the MAC addresses of the packets on the VPN will be used to +dynamically create a routing table just like an Ethernet switch does. +Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode +at the cost of frequent broadcast ARP requests and routing table updates. +.Pp +This mode is primarily useful if you want to bridge Ethernet segments. +.It hub +This mode is almost the same as the switch mode, but instead +every packet will be broadcast to the other daemons +while no routing table is managed. +.El +.It Va Name Li = Ar name Bq required +This is the name which identifies this tinc daemon. +It must be unique for the virtual private network this daemon will connect to. +.It Va PingTimeout Li = Ar seconds Pq 60 +The number of seconds of inactivity that +.Nm tinc +will wait before sending a probe to the other end. +If that other end doesn't answer within that same amount of time, +the connection is terminated, +and the others will be notified of this. +.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental +When this option is enabled the value of the TOS field of tunneled IPv4 packets +will be inherited by the UDP packets that are sent out. +.It Va PrivateKey Li = Ar key Bq obsolete +The private RSA key of this tinc daemon. +It will allow this tinc daemon to authenticate itself to other daemons. +.It Va PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv Pc +The file in which the private RSA key of this tinc daemon resides. +Note that there must be exactly one of +.Va PrivateKey +or +.Va PrivateKeyFile +specified in the configuration file. +.El +.Sh HOST CONFIGURATION FILES +The host configuration files contain all information needed +to establish a connection to those hosts. +A host configuration file is also required for the local tinc daemon, +it will use it to read in it's listen port, public key and subnets. +.Pp +The idea is that these files are portable. +You can safely mail your own host configuration file to someone else. +That other person can then copy it to his own hosts directory, +and now his tinc daemon will be able to connect to your tinc daemon. +Since host configuration files only contain public keys, +no secrets are revealed by sending out this information. +.Bl -tag -width indent +.It Va Address Li = Ar address Bq recommended +The IP address or hostname of this tinc daemon on the real network. +This wil only be used when trying to make an outgoing connection to this tinc daemon. +Multiple +.Va Address +variables can be specified, in which case each address will be tried until a working +connection has been established. +.It Va Cipher Li = Ar cipher Pq blowfish +The symmetric cipher algorithm used to encrypt UDP packets. +Any cipher supported by OpenSSL is recognised. +Furthermore, specifying +.Qq none +will turn off packet encryption. +.It Va Compression Li = Ar level Pq 0 +This option sets the level of compression used for UDP packets. +Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), +10 (fast lzo) and 11 (best lzo). +.It Va Digest Li = Ar digest Pq sha1 +The digest algorithm used to authenticate UDP packets. +Any digest supported by OpenSSL is recognised. +Furthermore, specifying +.Qq none +will turn off packet authentication. +.It Va IndirectData Li = yes | no Pq no +This option specifies whether other tinc daemons besides the one you specified with +.Va ConnectTo +can make a direct connection to you. +This is especially useful if you are behind a firewall +and it is impossible to make a connection from the outside to your tinc daemon. +Otherwise, it is best to leave this option out or set it to no. +.It Va MACLength Li = Ar length Pq 4 +The length of the message authentication code used to authenticate UDP packets. +Can be anything from +.Qq 0 +up to the length of the digest produced by the digest algorithm. +.It Va Port Li = Ar port Pq 655 +The port number on which this tinc daemon is listening for incoming connections. +.It Va PublicKey Li = Ar key Bq obsolete +The public RSA key of this tinc daemon. +It will be used to cryptographically verify it's identity and to set up a secure connection. +.It Va PublicKeyFile Li = Ar filename Bq obsolete +The file in which the public RSA key of this tinc daemon resides. +.Pp +From version 1.0pre4 on +.Nm tinc +will store the public key directly into the host configuration file in PEM format, +the above two options then are not necessary. +Either the PEM format is used, or exactly one of the above two options must be specified +in each host configuration file, +if you want to be able to establish a connection with that host. +.It Va Subnet Li = Ar address Ns Op Li / Ns Ar prefixlength +The subnet which this tinc daemon will serve. +.Nm tinc +tries to look up which other daemon it should send a packet to by searching the appropriate subnet. +If the packet matches a subnet, +it will be sent to the daemon who has this subnet in his host configuration file. +Multiple +.Va Subnet +variables can be specified. +.Pp +Subnets can either be single MAC, IPv4 or IPv6 addresses, +in which case a subnet consisting of only that single address is assumed, +or they can be a IPv4 or IPv6 network address with a prefixlength. +Shorthand notations are not supported. +For example, IPv4 subnets must be in a form like 192.168.1.0/24, +where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. +Note that subnets like 192.168.1.1/24 are invalid! +Read a networking HOWTO/FAQ/guide if you don't understand this. +IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. +MAC addresses are notated like 0:1a:2b:3c:4d:5e. +.It Va TCPOnly Li = yes | no Pq no +If this variable is set to yes, +then the packets are tunnelled over the TCP connection instead of a UDP connection. +This is especially useful for those who want to run a tinc daemon +from behind a masquerading firewall, +or if UDP packet routing is disabled somehow. +Setting this options also implicitly sets IndirectData. +.El +.Sh SCRIPTS +Apart from reading the server and host configuration files, +tinc can also run scripts at certain moments. +On Windows (not Cygwin), the scripts should have the extension +.Pa .bat . +.Bl -tag -width indent +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +This is the most important script. +If it is present it will be executed right after the tinc daemon has been started and has connected to the virtual network device. +It should be used to set up the corresponding network interface, +but can also be used to start other things. +Under Windows you can use the Network Connections control panel instead of creating this script. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +This script is started right before the tinc daemon quits. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -up +This script is started when the tinc daemon with name +.Ar HOST +becomes reachable. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -down +This script is started when the tinc daemon with name +.Ar HOST +becomes unreachable. +.El +.Pp +The scripts are started without command line arguments, but can make use of certain environment variables. +Under UNIX like operating systems the names of environment variables must be preceded by a +.Li $ +in scripts. +Under Windows, in +.Pa .bat +files, they have to be put between +.Li % +signs. +.Bl -tag -width indent +.It Ev NETNAME +If a netname was specified, this environment variable contains it. +.It Ev NAME +Contains the name of this tinc daemon. +.It Ev DEVICE +Contains the name of the virtual network device that tinc uses. +.It Ev INTERFACE +Contains the name of the virtual network interface that tinc uses. +This should be used for commands like +.Pa ifconfig . +.It Ev NODE +When a host becomes (un)reachable, this is set to its name. +.It Ev REMOTEADDRESS +When a host becomes (un)reachable, this is set to its real address. +.It Ev REMOTEPORT +When a host becomes (un)reachable, this is set to the port number it uses for communication with other tinc daemons. +.El +.Sh FILES +The most important files are: +.Bl -tag -width indent +.It Pa @sysconfdir@/tinc/ +The top directory for configuration files. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +The default name of the server configuration file for net +.Ar NETNAME . +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ +Host configuration files are kept in this directory. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +If an executable file with this name exists, +it will be executed right after the tinc daemon has connected to the virtual network device. +It can be used to set up the corresponding network interface. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +If an executable file with this name exists, +it will be executed right before the tinc daemon is going to close +its connection to the virtual network device. +.El +.Sh SEE ALSO +.Xr tincd 8 , +.Pa http://tinc.nl.linux.org/ , +.Pa http://www.linuxdoc.org/LDP/nag2/ . +.Pp +The full documentation for +.Nm tinc +is maintained as a Texinfo manual. +If the info and tinc programs are properly installed at your site, the command +.Ic info tinc +should give you access to the complete manual. +.Pp +.Nm tinc +comes with ABSOLUTELY NO WARRANTY. +This is free software, and you are welcome to redistribute it under certain conditions; +see the file COPYING for details. diff --git a/doc/tinc.texi b/doc/tinc.texi index 50ff6616..2132251e 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,23 +1,26 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.9 2000/10/18 20:12:06 zarq Exp $ +@c $Id: tinc.texi,v 1.10 2003/08/24 20:38:19 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @setchapternewpage odd @c %**end of header +@include tincinclude.texi + @ifinfo +@dircategory Networking tools @direntry * tinc: (tinc). The tinc Manual. @end direntry -This is the info manual for tinc, a Virtual Private Network daemon. +This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998,199,2000 Ivo Timmermans -, Guus Sliepen and +Copyright @copyright{} 1998-2003 Ivo Timmermans +, Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.9 2000/10/18 20:12:06 zarq Exp $ +$Id: tinc.texi,v 1.10 2003/08/24 20:38:19 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -38,11 +41,13 @@ permission notice identical to this one. @page @vskip 0pt plus 1filll @cindex copyright -Copyright @copyright{} 1998,1999,2000 Ivo Timmermans -, Guus Sliepen and +This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. + +Copyright @copyright{} 1998-2003 Ivo Timmermans +, Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.9 2000/10/18 20:12:06 zarq Exp $ +$Id: tinc.texi,v 1.10 2003/08/24 20:38:19 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -59,13 +64,13 @@ permission notice identical to this one. @node Top, Introduction, (dir), (dir) @menu -* Introduction:: Introduction -* Installing tinc - preparations:: -* Installing tinc - installation:: -* Configuring tinc:: -* Running tinc:: -* Technical information:: -* About us:: +* Introduction:: +* Preparations:: +* Installation:: +* Configuration:: +* Running tinc:: +* Technical information:: +* About us:: * Concept Index:: All used terms explained @end menu @@ -73,7 +78,7 @@ permission notice identical to this one. @contents @c ================================================================== -@node Introduction, Installing tinc - preparations, Top, Top +@node Introduction, Preparations, Top, Top @chapter Introduction @cindex tinc @@ -83,74 +88,67 @@ Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. - -This tunneling allows VPN sites to share information with each other +The encrypted tunnels allows VPN sites to share information with each other over the Internet without exposing any information to others. -This document is the manual for tinc. Included are chapters on how to +This document is the manual for tinc. Included are chapters on how to configure your computer to use tinc, as well as the configuration process of tinc itself. @menu -* VPNs:: Virtual Private Networks in general -* tinc:: about tinc -* Supported platforms:: +* Virtual Private Networks:: +* tinc:: About tinc +* Supported platforms:: @end menu @c ================================================================== -@node VPNs, tinc, Introduction, Introduction +@node Virtual Private Networks, tinc, Introduction, Introduction @section Virtual Private Networks @cindex VPN A Virtual Private Network or VPN is a network that can only be accessed -by a few elected computers that participate. This goal is achievable in +by a few elected computers that participate. This goal is achievable in more than just one way. @cindex private -Private networks can consist of a single stand-alone ethernet LAN. Or -even two computers hooked up using a null-modem cable. In these cases, +Private networks can consist of a single stand-alone Ethernet LAN. Or +even two computers hooked up using a null-modem cable. In these cases, it is obvious that the network is @emph{private}, no one can access it from the -outside. But if your computers are linked to the internet, the network +outside. But if your computers are linked to the Internet, the network is not private anymore, unless one uses firewalls to block all private -traffic. But then, there is no way to send private data to trusted -computers on the other end of the internet. +traffic. But then, there is no way to send private data to trusted +computers on the other end of the Internet. @cindex virtual -This problem can be solved by using @emph{virtual} networks. Virtual -networks can live on top of other networks, but do not interfere with -each other. Mostly, virtual networks appear like a singe LAN, even though -they can span the entire world. But virtual networks can't be secured +This problem can be solved by using @emph{virtual} networks. Virtual +networks can live on top of other networks, but they use encapsulation to +keep using their private address space so they do not interfere with +the Internet. Mostly, virtual networks appear like a singe LAN, even though +they can span the entire world. But virtual networks can't be secured by using firewalls, because the traffic that flows through it has to go -through the internet, where other people can look at it. +through the Internet, where other people can look at it. -When one introduces encryption, we can form a true VPN. Other people may +As is the case with either type of VPN, anybody could eavesdrop. Or +worse, alter data. Hence it's probably advisable to encrypt the data +that flows over the network. + +When one introduces encryption, we can form a true VPN. Other people may see encrypted traffic, but if they don't know how to decipher it (they need to know the key for that), they cannot read the information that flows -through the VPN. This is what tinc was made for. - -@cindex virtual -tinc uses normal IP datagrams to encapsulate data that goes over the VPN -network link. In this case it's also clear that the network is -@emph{virtual}, because no direct network link has to exist between to -participants. - -As is the case with either type of VPN, anybody could eavesdrop. Or -worse, alter data. Hence it's probably advisable to encrypt the data -that flows over the network. +through the VPN. This is what tinc was made for. @c ================================================================== -@node tinc, Supported platforms, VPNs, Introduction +@node tinc, Supported platforms, Virtual Private Networks, Introduction @section tinc @cindex vpnd -@cindex ethertap I really don't quite remember what got us started, but it must have been -Guus' idea. He wrote a simple implementation (about 50 lines of C) that -used the @emph{ethertap} device that Linux knows of since somewhere -about kernel 2.1.60. It didn't work immediately and he improved it a -bit. At this stage, the project was still simply called @samp{vpnd}. +Guus' idea. He wrote a simple implementation (about 50 lines of C) that +used the ethertap device that Linux knows of since somewhere +about kernel 2.1.60. It didn't work immediately and he improved it a +bit. At this stage, the project was still simply called @samp{vpnd}. Since then, a lot has changed---to say the least. @@ -160,12 +158,21 @@ both the receiving and sending end, it has become largely runtime-configurable---in short, it has become a full-fledged professional package. -A lot can---and will be---changed. I have a few things that I'd like to -see in the future releases of tinc. Not everything will be available in -the near future. Our first objective is to make tinc work perfectly as +@cindex Traditional VPNs +@cindex scalability +tinc also allows more than two sites to connect to eachother and form a single VPN. +Traditionally VPNs are created by making tunnels, which only have two endpoints. +Larger VPNs with more sites are created by adding more tunnels. +tinc takes another approach: only endpoints are specified, +the software itself will take care of creating the tunnels. +This allows for easier configuration and improved scalability. + +A lot can---and will be---changed. We have a number of things that we would like to +see in the future releases of tinc. Not everything will be available in +the near future. Our first objective is to make tinc work perfectly as it stands, and then add more advanced features. -Meanwhile, we're always open-minded towards new ideas. And we're +Meanwhile, we're always open-minded towards new ideas. And we're available too. @@ -173,44 +180,95 @@ available too. @node Supported platforms, , tinc, Introduction @section Supported platforms -tinc works on Linux, FreeBSD and Solaris. These are the three platforms -that are supported by the universial TUN/TAP device driver, so if -support for other operating systems is added to this driver, perhaps -tinc will run on them as well. Without this driver, tinc will most +@cindex platforms +tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment), +with various hardware architectures. These are some of the platforms +that are supported by the universal tun/tap device driver or other virtual network device drivers. +Without such a driver, tinc will most likely compile and run, but it will not be able to send or receive data packets. +@cindex release +For an up to date list of supported platforms, please check the list on +our website: +@uref{http://tinc.nl.linux.org/platforms}. + + @c ================================================================== @subsection Linux +@cindex Linux tinc was first written for Linux running on an intel x86 processor, so this is the best supported platform. The protocol however, and actually anything about tinc, has been rewritten to support random byte ordering and arbitrary word length. So in theory it should run on other -processors that Linux runs on. Take care however, we haven't been able -to really test it yet. If you want to run tinc on another platform than -x86, and want to tell us how it went, please do so. +processors that Linux runs on. It has already been verified to run on +alpha and sparc processors as well. -tinc uses the ethertap device that is provided in the standard kernel -since version 2.1.60, so anything above that (2.2.x, 2.3.x, and the -2.4.0-testx (which is current at the time of this writing) kernel -versions) is able to support tinc. +tinc uses the ethertap device or the universal tun/tap driver. The former is provided in the standard kernel +from version 2.1.60 up to 2.3.x, but has been replaced in favour of the tun/tap driver in kernel versions 2.4.0 and later. @c ================================================================== @subsection FreeBSD -tinc on FreeBSD relies on the universial TUN/TAP driver for its data -acquisition from the kernel. Therefore, tinc suports the same platforms +@cindex FreeBSD +tinc on FreeBSD relies on the universal tun/tap driver for its data +acquisition from the kernel. Therefore, tinc will work on the same platforms as this driver. These are: FreeBSD 3.x, 4.x, 5.x. +@c ================================================================== +@subsection OpenBSD + +@cindex OpenBSD +tinc on OpenBSD relies on the tun driver for its data +acquisition from the kernel. It has been verified to work under at least OpenBSD 2.9. + +Tunneling IPv6 packets may not work on OpenBSD. + + +@c ================================================================== +@subsection Solaris + +@c ================================================================== +@subsection NetBSD + +@cindex NetBSD +tinc on NetBSD relies on the tun driver for its data +acquisition from the kernel. It has been verified to work under at least NetBSD 1.5.2. + +Tunneling IPv6 does not work on OpenBSD. + + @c ================================================================== @subsection Solaris -tinc on Solaris relies on the universial TUN/TAP driver for its data -acquisition from the kernel. Therefore, tinc suports the same platforms -as this driver. These are: Solaris, 2.1.x. +@cindex Solaris +tinc on Solaris relies on the universal tun/tap driver for its data +acquisition from the kernel. Therefore, tinc will work on the same platforms +as this driver. These are: Solaris 8 (SunOS 5.8). + +IPv6 packets cannot be tunneled on Solaris. + +@c ================================================================== +@subsection Darwin (MacOS/X) + +@cindex Darwin +@cindex MacOS/X +tinc on Darwin relies on the tunnel driver for its data +acquisition from the kernel. This driver is not part of Darwin but can be +downloaded from @uref{http://chrisp.de/en/projects/tunnel.html}. + +IPv6 packets cannot be tunneled on Darwin. + +@c ================================================================== +@subsection Windows + +@cindex Windows +tinc on Windows, in a Cygwin environment, relies on the CIPE driver or the TAP-Win32 driver for its data +acquisition from the kernel. This driver is not part of Windows but can be +downloaded from @uref{http://cipe-win32.sourceforge.net/}. @c @@ -227,150 +285,204 @@ as this driver. These are: Solaris, 2.1.x. @c @c ================================================================== -@node Installing tinc - preparations, Installing tinc - installation, Introduction, Top -@chapter Installing tinc: preparations +@node Preparations, Installation, Introduction, Top +@chapter Preparations This chapter contains information on how to prepare your system to support tinc. @menu -* Configuring the kernel:: -* Libraries:: +* Configuring the kernel:: +* Libraries:: @end menu @c ================================================================== -@node Configuring the kernel, Libraries, Installing tinc - preparations, Installing tinc - preparations +@node Configuring the kernel, Libraries, Preparations, Preparations @section Configuring the kernel -If you are running Linux, chances are good that your kernel already -supports all the devices that tinc needs for proper operation. For -example, the standard kernel from Redhat Linux already has support for -ethertap and netlink compiled in. Debian users can use the modconf -utility to select the modules. If your Linux distribution supports this -method of selecting devices, look out for something called `ethertap', -and `netlink_dev'. You need both these devices. - -If you can install these devices in a similar manner, you may skip this -section. +@cindex RedHat +@cindex Debian +@cindex netlink_dev +@cindex tun +@cindex ethertap +If you are running Linux, chances are good that your kernel already supports +all the devices that tinc needs for proper operation. For example, the +standard kernel from Redhat Linux already has support for ethertap and netlink +compiled in. Debian users can use the modconf utility to select the modules. +If your Linux distribution supports this method of selecting devices, look out +for something called `ethertap', and `netlink_dev' if it is using a kernel +version prior to 2.4.0. In that case you will need both these devices. If you +are using kernel 2.4.0 or later, you need to select `tun'. + +@cindex Kernel-HOWTO +If you can install these devices in a similar manner, you may skip this section. +Otherwise, you will have to recompile the kernel in order to turn on the required features. +If you are unfamiliar with the process of configuring and compiling a new kernel, +you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel HOWTO} first. @menu -* Configuration of the Linux kernel:: -* Configuration of the FreeBSD kernel:: -* Configuration of the Solaris kernel:: +* Configuration of Linux kernels 2.1.60 up to 2.4.0:: +* Configuration of Linux kernels 2.4.0 and higher:: +* Configuration of FreeBSD kernels:: +* Configuration of OpenBSD kernels:: +* Configuration of NetBSD kernels:: +* Configuration of Solaris kernels:: +* Configuration of Darwin (MacOS/X) kernels:: +* Configuration of Windows:: @end menu @c ================================================================== -@node Configuration of the Linux kernel, Configuration of the FreeBSD kernel, Configuring the kernel, Configuring the kernel -@subsection Configuring the Linux kernel - -Since this particular implementation only runs on 2.1 or higher Linux -kernels, you should grab one (2.2 is current at this time). A 2.0 port -is not really possible, unless someone tells me someone ported the -ethertap and netlink devices back to 2.0. - -If you are unfamiliar with the process of configuring and compiling a -new kernel, you should read the -@uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel -HOWTO} first. Do that now! +@node Configuration of Linux kernels 2.1.60 up to 2.4.0, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel, Configuring the kernel +@subsection Configuration of Linux kernels 2.1.60 up to 2.4.0 -Here are the options you have to turn on when configuring a new -kernel. - -For kernel 2.2.x: +Here are the options you have to turn on when configuring a new kernel: @example Code maturity level options [*] Prompt for development and/or incomplete code/drivers Networking options [*] Kernel/User netlink socket -<*> Netlink device emulation + Netlink device emulation Network device support -<*> Ethertap network tap + Ethertap network tap @end example -For kernel 2.3.x and 2.4.x: +If you want to run more than one instance of tinc or other programs that use +the ethertap, you have to compile the ethertap driver as a module, otherwise +you can also choose to compile it directly into the kernel. + +If you decide to build any of these as dynamic kernel modules, it's a good idea +to add these lines to @file{/etc/modules.conf}: + +@example +alias char-major-36 netlink_dev +alias tap0 ethertap +options tap0 -o tap0 unit=0 +alias tap1 ethertap +options tap1 -o tap1 unit=1 +... +alias tap@emph{N} ethertap +options tap@emph{N} -o tap@emph{N} unit=@emph{N} +@end example + +Add as much alias/options lines as necessary. + + +@c ================================================================== +@node Configuration of Linux kernels 2.4.0 and higher, Configuration of FreeBSD kernels, Configuration of Linux kernels 2.1.60 up to 2.4.0, Configuring the kernel +@subsection Configuration of Linux kernels 2.4.0 and higher + +Here are the options you have to turn on when configuring a new kernel: @example Code maturity level options [*] Prompt for development and/or incomplete code/drivers -Networking options -[*] Kernel/User netlink socket -<*> Netlink device emulation Network device support -<*> Universal TUN/TAP device driver support + Universal tun/tap device driver support @end example +It's not necessary to compile this driver as a module, even if you are going to +run more than one instance of tinc. -Any other options not mentioned here are not relevant to tinc. If you -decide to build any of these as dynamic kernel modules, it's a good idea -to add these lines to @file{/etc/modules.conf}. +If you have an early 2.4 kernel, you can choose both the tun/tap driver and the +`Ethertap network tap' device. This latter is marked obsolete, and chances are +that it won't even function correctly anymore. Make sure you select the +universal tun/tap driver. + +If you decide to build the tun/tap driver as a kernel module, add these lines +to @file{/etc/modules.conf}: @example -alias tap0 ethertap -alias char-major-36 netlink_dev +alias char-major-10-200 tun @end example -If you have a 2.4 kernel, you can also choose to use the `Ethertap -network tap' device. This is marked obsolete, because the universal -TUN/TAP driver is a newer implementation that is supposed to be used in -favor of ethertap. For tinc, it doesn't really matter which one you -choose; based on the device file name, tinc will make the right choice -about what protocol to use. -Finally, after having set up other options, build the kernel and boot -it. Unfortunately it's not possible to insert these modules in a -running kernel. +@c ================================================================== +@node Configuration of FreeBSD kernels, Configuration of OpenBSD kernels, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel +@subsection Configuration of FreeBSD kernels + +For FreeBSD version 4.1 and higher, the tap driver is included in the default kernel configuration, for earlier +systems (4.0 and earlier), you need to install the universal tun/tap driver +yourself. @c ================================================================== -@node Configuration of the FreeBSD kernel, Configuration of the Solaris kernel, Configuration of the Linux kernel, Configuring the kernel -@subsection Configuring the FreeBSD kernel +@node Configuration of OpenBSD kernels, Configuration of NetBSD kernels, Configuration of FreeBSD kernels, Configuring the kernel +@subsection Configuration of OpenBSD kernels -This section will contain information on how to configure your FreeBSD -kernel to support the universal TUN/TAP device. For 5.0 and 4.1 -systems, this is included in the kernel configuration, for earlier -systems (4.0 and 3.x), you need to install the universal TUN/TAP driver -yourself. +For OpenBSD version 2.9 and higher, +the tun driver is included in the default kernel configuration. -Unfortunately somebody still has to write the text. + +@c ================================================================== +@node Configuration of NetBSD kernels, Configuration of Solaris kernels, Configuration of OpenBSD kernels, Configuring the kernel +@subsection Configuration of NetBSD kernels + +For NetBSD version 1.5.2 and higher, +the tun driver is included in the default kernel configuration. @c ================================================================== -@node Configuration of the Solaris kernel, , Configuration of the FreeBSD kernel, Configuring the kernel -@subsection Configuring the Solaris kernel +@node Configuration of Solaris kernels, Configuration of Darwin (MacOS/X) kernels, Configuration of NetBSD kernels, Configuring the kernel +@subsection Configuration of Solaris kernels -This section will contain information on how to configure your Solaris -kernel to support the universal TUN/TAP device. You need to install -this driver yourself. +For Solaris 8 (SunOS 5.8) and higher, +the tun driver is included in the default kernel configuration. -Unfortunately somebody still has to write the text. + +@c ================================================================== +@node Configuration of Darwin (MacOS/X) kernels, Configuration of Windows, Configuration of Solaris kernels, Configuring the kernel +@subsection Configuration of Darwin (MacOS/X) kernels + +Darwin does not come with a tunnel driver. You must download it at +@uref{http://chrisp.de/en/projects/tunnel.html}. If compiling the source fails, +try the binary module. The tunnel driver must be loaded before starting tinc +with the following command: + +@example +kmodload tunnel +@end example + +Once loaded, the tunnel driver will automatically create @file{/dev/tun0}..@file{/dev/tun3} +and the corresponding network interfaces. @c ================================================================== -@node Libraries, , Configuring the kernel, Installing tinc - preparations +@node Configuration of Windows, , Configuration of Darwin (MacOS/X) kernels, Configuring the kernel +@subsection Configuration of Windows + +You will need to install the CIPE driver or the TAP-Win32 driver. You can download the CIPE driver from +@uref{http://cipe-win32.sourceforge.net}. Using the Network Connections control panel, +configure the CIPE network device in the same way as you would do from the tinc-up script +as explained in the rest of the documentation. + + +@c ================================================================== +@node Libraries, , Configuring the kernel, Preparations @section Libraries @cindex requirements -Before you can configure or build tinc, you need to have the OpenSSL -library installed on your system. If you try to configure tinc without -having installed it, configure will give you an error message, and stop. +@cindex libraries +Before you can configure or build tinc, you need to have the OpenSSL, +zlib and lzo libraries installed on your system. If you try to configure tinc without +having them installed, configure will give you an error message, and stop. @menu -* OpenSSL:: +* OpenSSL:: +* zlib:: +* lzo:: @end menu @c ================================================================== -@node OpenSSL, , Libraries, Libraries +@node OpenSSL, zlib, Libraries, Libraries @subsection OpenSSL @cindex OpenSSL For all cryptography-related functions, tinc uses the functions provided -by the OpenSSL library. We recommend using version 0.9.5 or 0.9.6 of -this library. Other versions may also work, but we can guarantee -nothing. +by the OpenSSL library. If this library is not installed, you wil get an error when configuring tinc for build. Support for running tinc without having OpenSSL @@ -386,6 +498,79 @@ build and install this package are included within the package. Please make sure you build development and runtime libraries (which is the default). +If you installed the OpenSSL libraries from source, it may be necessary +to let configure know where they are, by passing configure one of the +--with-openssl-* parameters. + +@example +--with-openssl=DIR OpenSSL library and headers prefix +--with-openssl-include=DIR OpenSSL headers directory + (Default is OPENSSL_DIR/include) +--with-openssl-lib=DIR OpenSSL library directory + (Default is OPENSSL_DIR/lib) +@end example + + +@subsubheading License + +@cindex license +Since the license under which OpenSSL is distributed is not directly +compatible with the terms of the GNU GPL +@uref{http://www.openssl.org/support/faq.html#LEGAL2}, therefore we +include an addition to the GPL (see also the file COPYING.README): + +@quotation +This program is released under the GPL with the additional exemption +that compiling, linking, and/or using OpenSSL is allowed. You may +provide binary packages linked to the OpenSSL libraries, provided that +all other requirements of the GPL are met. +@end quotation + + +@c ================================================================== +@node zlib, lzo, OpenSSL, Libraries +@subsection zlib + +@cindex zlib +For the optional compression of UDP packets, tinc uses the functions provided +by the zlib library. + +If this library is not installed, you wil get an error when configuring +tinc for build. Support for running tinc without having zlib +installed @emph{may} be added in the future. + +You can use your operating system's package manager to install this if +available. Make sure you install the development AND runtime versions +of this package. + +If you have to install zlib manually, you can get the source code +from @url{http://www.gzip.org/zlib/}. Instructions on how to configure, +build and install this package are included within the package. Please +make sure you build development and runtime libraries (which is the +default). + + +@c ================================================================== +@node lzo, , zlib, Libraries +@subsection lzo + +@cindex lzo +Another form of compression is offered using the lzo library. + +If this library is not installed, you wil get an error when configuring +tinc for build. Support for running tinc without having lzo +installed @emph{may} be added in the future. + +You can use your operating system's package manager to install this if +available. Make sure you install the development AND runtime versions +of this package. + +If you have to install lzo manually, you can get the source code +from @url{http://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure, +build and install this package are included within the package. Please +make sure you build development and runtime libraries (which is the +default). + @c @c @@ -397,51 +582,96 @@ default). @c @c ================================================================== -@node Installing tinc - installation, Configuring tinc, Installing tinc - preparations, Top -@chapter Installing tinc: installation +@node Installation, Configuration, Preparations, Top +@chapter Installation -If you use Redhat or Debian, you may want to install one of the +If you use Debian, you may want to install one of the precompiled packages for your system. These packages are equipped with system startup scripts and sample configurations. -If you don't run either of these systems, or you want to compile tinc +If you cannot use one of the precompiled packages, or you want to compile tinc for yourself, you can use the source. The source is distributed under the GNU General Public License (GPL). Download the source from the -@uref{http://tinc.nl.linux.org/download.html, download page}, which has +@uref{http://tinc.nl.linux.org/download, download page}, which has the checksums of these files listed; you may wish to check these with md5sum before continuing. -tinc comes in a handy autoconf/automake package, which you can just -treat the same as any other package. Which is just untar it, type -`configure' and then `make'. - +tinc comes in a convenient autoconf/automake package, which you can just +treat the same as any other package. Which is just untar it, type +`./configure' and then `make'. More detailed instructions are in the file @file{INSTALL}, which is included in the source distribution. @menu -* Building tinc:: -* System files:: -* Interfaces:: +* Building and installing tinc:: +* System files:: @end menu @c ================================================================== -@node Building tinc, System files, Installing tinc - installation, Installing tinc - installation -@section Building tinc +@node Building and installing tinc, System files, Installation, Installation +@section Building and installing tinc + +Detailed instructions on configuring the source, building tinc and installing tinc +can be found in the file called @file{INSTALL}. + +@cindex binary package +If you happen to have a binary package for tinc for your distribution, +you can use the package management tools of that distribution to install tinc. +The documentation that comes along with your distribution will tell you how to do that. -Detailed instructions on configuring the source and building tinc can be -found in the file called @file{INSTALL}. +@menu +* Darwin (MacOS/X) build environment:: +* Cygwin (Windows) build environment:: +* MinGW (Windows) build environment:: +@end menu @c ================================================================== -@node System files, Interfaces, Building tinc, Installing tinc - installation +@node Darwin (MacOS/X) build environment, Cygwin (Windows) build environment, Building and installing tinc, Building and installing tinc +@subsection Darwin (MacOS/X) build environment + +In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools +from @uref{http://developer.apple.com/tools/macosxtools.html} and +a recent version of Fink from @uref{http://fink.sourceforge.net/}. + +After installation use fink to download and install the following packages: +autoconf25, automake, dlcompat, m4, openssl, zlib and lzo. + +@c ================================================================== +@node Cygwin (Windows) build environment, MinGW (Windows) build environment, Darwin (MacOS/X) build environment, Building and installing tinc +@subsection Cygwin (Windows) build environment + +If Cygwin hasn't already been installed, install it directly from +@uref{http://www.cygwin.com/}. + +When tinc is compiled in a Cygwin environment, it can only be run in this environment, +but all programs, including those started outside the Cygwin environment, will be able to use the VPN. +It will also support all features. + +@c ================================================================== +@node MinGW (Windows) build environment, , Cygwin (Windows) build environment, Building and installing tinc +@subsection MinGW (Windows) build environment + +You will need to install the MinGW environment from @uref{http://www.mingw.org}. + +When tinc is compiled using MinGW it runs natively under Windows, +it is not necessary to keep MinGW installed. + +When detaching, tinc will install itself as a service, +which will be restarted automatically after reboots. + + +@c ================================================================== +@node System files, , Building and installing tinc, Installation @section System files -Before you can run tinc, you +Before you can run tinc, you must make sure you have all the needed +files on your system. @menu -* Device files:: -* Other files:: +* Device files:: +* Other files:: @end menu @@ -449,6 +679,7 @@ Before you can run tinc, you @node Device files, Other files, System files, System files @subsection Device files +@cindex device files First, you'll need the special device file(s) that form the interface between the kernel and the daemon. @@ -457,29 +688,31 @@ may read/write to this file. You'd want this, because otherwise eavesdropping would become a bit too easy. This does, however, imply that you'd have to run tincd as root. -If you use the universal TUN/TAP driver, you have to create the -following device files (unless they already exist): +If you use Linux and have a kernel version prior to 2.4.0, you have to make the +ethertap devices: @example -mknod -m 600 /dev/... c .. .. -chown 0.0 /dev/... +mknod -m 600 /dev/tap0 c 36 16 +mknod -m 600 /dev/tap1 c 36 17 +... +mknod -m 600 /dev/tap@emph{N} c 36 @emph{N+16} @end example -If you want to have more devices, the device numbers will be .. .. ... - -If you use Linux, and you run the new 2.4 kernel using the devfs -filesystem, then the tap device will be automatically generated as -@file{/dev/netlink/tap0}. +There is a maximum of 16 ethertap devices. -If you use Linux and have kernel 2.2.x, you have to make the ethertap -devices: +If you use the universal tun/tap driver, you have to create the +following device file (unless it already exist): @example -mknod -m 600 /dev/tap0 c 36 16 -chown 0.0 /dev/tap0 +mknod -m 600 /dev/tun c 10 200 @end example -Any further ethertap devices have minor device number 16 through 31. +If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, +then the tun/tap device will probably be automatically generated as +@file{/dev/net/tun}. + +Unlike the ethertap device, you do not need multiple device files if +you are planning to run multiple tinc daemons. @c ================================================================== @@ -489,85 +722,26 @@ Any further ethertap devices have minor device number 16 through 31. @subsubheading @file{/etc/networks} You may add a line to @file{/etc/networks} so that your VPN will get a -symbolic name. For example: +symbolic name. For example: @example myvpn 10.0.0.0 @end example -This has nothing to do with the MyVPNIP configuration variable that will be -discussed later, it is only to make the output of the route command more -legible. - @subsubheading @file{/etc/services} -You may add this line to @file{/etc/services}. The effect is that you -may supply a @samp{tinc} as a valid port number to some programs. The +@cindex port numbers +You may add this line to @file{/etc/services}. The effect is that you +may supply a @samp{tinc} as a valid port number to some programs. The number 655 is registered with the IANA. @example tinc 655/tcp TINC tinc 655/udp TINC -# Ivo Timmermans +# Ivo Timmermans @end example -@c ================================================================== -@node Interfaces, , System files, Installing tinc - installation -@section Interfaces - -Before you can start transmitting data over the tinc tunnel, you must -set up the ethertap network devices. - -First, decide which IP addresses you want to have associated with these -devices, and what network mask they must have. You also need these -numbers when you are going to configure tinc itself. @xref{Configuring -tinc}. - -It doesn't matter much which part you do first, setting up the network -devices or configure tinc. But they both have to be done before you try -to start a tincd. - -The actual setup of the ethertap device is quite simple, just repeat -after me: - -@example -ifconfig tap@emph{n} hw ether fe:fd:@emph{xx}:@emph{xx}:@emph{xx}:@emph{xx} -@end example - -The @emph{n} here is the number of the ethertap device you want to use. -It should be the same @emph{n} as the one you use for -@file{/dev/tap@emph{n}}. The @emph{xx}s are four hexadecimal numbers -(0--ff). With previous versions of tincd, it didn't matter what they -were. But newer kernels require properly set up ethernet addresses. In -fact, the old behavior was wrong. It is required that the @emph{xx}s -match the numbers of the IP address you will give to the tap device and -to the MyOwnVPNIP configuration (which will be discussed later). - -@cindex MAC address -@cindex hardware address -@strong{Tip}: for finding out what the MAC address of the tap interface -should be, you can use the following command: - -@example -$ printf 'fe:fd:%02x:%02x:%02x:%02x' 10 1 54 1 -fe:fd:0a:01:36:01 -@end example - -@cindex ifconfig -To activate the device, you have to assign an IP address to it. To set -an IP address @emph{IP} with network mask @emph{mask}, do the following: - -@example -ifconfig tap@emph{n} @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} -@end example - -@cindex netmask -The netmask is the mask of the @emph{entire} VPN network, not just your -own subnet. It is the same netmask you will have to specify with the -VpnMask configuration variable. - - @c @c @c @@ -580,64 +754,113 @@ VpnMask configuration variable. @c ================================================================== -@node Configuring tinc, Running tinc, Installing tinc - installation, Top -@chapter Configuring tinc +@node Configuration, Running tinc, Installation, Top +@chapter Configuration @menu -* Multiple networks:: -* How connections work:: -* Configuration file:: -* Example:: +* Configuration introduction:: +* Multiple networks:: +* How connections work:: +* Configuration files:: +* Generating keypairs:: +* Network interfaces:: +* Example configuration:: @end menu @c ================================================================== -@node Multiple networks, How connections work, Configuring tinc, Configuring tinc -@section Multiple networks +@node Configuration introduction, Multiple networks, Configuration, Configuration +@section Configuration introduction + +Before actually starting to configure tinc and editing files, +make sure you have read this entire section so you know what to expect. +Then, make it clear to yourself how you want to organize your VPN: +What are the nodes (computers running tinc)? +What IP addresses/subnets do they have? +What is the network mask of the entire VPN? +Do you need special firewall rules? +Do you have to set up masquerading or forwarding rules? +Do you want to run tinc in router mode or switch mode? +These questions can only be answered by yourself, +you will not find the answers in this documentation. +Make sure you have an adequate understanding of networks in general. +@cindex Network Administrators Guide +A good resource on networking is the +@uref{http://www.linuxdoc.org/LDP/nag2/, Linux Network Administrators Guide}. + +If you have everything clearly pictured in your mind, +proceed in the following order: +First, generate the configuration files (@file{tinc.conf}, your host configuration file, @file{tinc-up} and perhaps @file{tinc-down}). +Then generate the keypairs. +Finally, distribute the host configuration files. +These steps are described in the subsections below. -@c from the manpage -It is perfectly OK for you to run more than one tinc daemon. -However, in its default form, you will soon notice that you can't use -two different configuration files without the -c option. +@c ================================================================== +@node Multiple networks, How connections work, Configuration introduction, Configuration +@section Multiple networks + +@cindex multiple networks +@cindex netname +In order to allow you to run more than one tinc daemon on one computer, +for instance if your computer is part of more than one VPN, +you can assign a ``netname'' to your VPN. +It is not required if you only run one tinc daemon, +it doesn't even have to be the same on all the sites of your VPN, +but it is recommended that you choose one anyway. -We have thought of another way of dealing with this: network names. This -means that you call tincd with the -n argument, which will assign a name -to this daemon. +We will asume you use a netname throughout this document. +This means that you call tincd with the -n argument, +which will assign a netname to this daemon. The effect of this is that the daemon will set its configuration -``root'' to /etc/tinc/nn/, where nn is your argument to the -n -option. You'll notice that it appears in syslog as ``tinc.nn''. +``root'' to @value{sysconfdir}/tinc/@var{netname}/, where @var{netname} is your argument to the -n +option. You'll notice that it appears in syslog as ``tinc.@var{netname}''. However, it is not strictly necessary that you call tinc with the -n -option. In this case, the network name would just be empty, and it will -be used as such. tinc now looks for files in /etc/tinc/, instead of -/etc/tinc/nn/; the configuration file should be /etc/tinc/tinc.conf, -and the passphrases are now expected to be in /etc/tinc/passphrases/. +option. In this case, the network name would just be empty, and it will +be used as such. tinc now looks for files in @value{sysconfdir}/tinc/, instead of +@value{sysconfdir}/tinc/@var{netname}/; the configuration file should be @value{sysconfdir}/tinc/tinc.conf, +and the host configuration files are now expected to be in @value{sysconfdir}/tinc/hosts/. But it is highly recommended that you use this feature of tinc, because -it will be so much clearer whom your daemon talks to. Hence, we will +it will be so much clearer whom your daemon talks to. Hence, we will assume that you use it. @c ================================================================== -@node How connections work, Configuration file, Multiple networks, Configuring tinc +@node How connections work, Configuration files, Multiple networks, Configuration @section How connections work -Before going on, first a bit on how tinc sees connections. - -When tinc starts up, it reads in the configuration file and parses the -command-line options. If it sees a `ConnectTo' value in the file, it -will try to connect to it, on the given port. If this fails, tinc exits. +When tinc starts up, it parses the command-line options and then +reads in the configuration file tinc.conf. +If it sees one or more `ConnectTo' values pointing to other tinc daemons in that file, +it will try to connect to those other daemons. +Whether this succeeds or not and whether `ConnectTo' is specified or not, +tinc will listen for incoming connection from other deamons. +If you did specify a `ConnectTo' value and the other side is not responding, +tinc will keep retrying. +This means that once started, tinc will stay running until you tell it to stop, +and failures to connect to other tinc daemons will not stop your tinc daemon +for trying again later. +This means you don't have to intervene if there are temporary network problems. + +@cindex client +@cindex server +There is no real distinction between a server and a client in tinc. +If you wish, you can view a tinc daemon without a `ConnectTo' value as a server, +and one which does specify such a value as a client. +It does not matter if two tinc daemons have a `ConnectTo' value pointing to each other however. @c ================================================================== -@node Configuration file, Example, How connections work, Configuring tinc -@section Configuration file +@node Configuration files, Generating keypairs, How connections work, Configuration +@section Configuration files The actual configuration of the daemon is done in the file -@file{/etc/tinc/nn/tinc.conf}. +@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf} and at least one other file in the directory +@file{@value{sysconfdir}/tinc/@var{netname}/hosts/}. -This file consists of comments (lines started with a #) or assignments +These file consists of comments (lines started with a #) or assignments in the form of @example @@ -645,136 +868,431 @@ Variable = Value. @end example The variable names are case insensitive, and any spaces, tabs, newlines -and carriage returns are ignored. Note: it is not required that you put +and carriage returns are ignored. Note: it is not required that you put in the `=' sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. +In this section all valid variables are listed in alphabetical order. +The default value is given between parentheses, +other comments are between square brackets. + @menu -* Variables:: +* Main configuration variables:: +* Host configuration variables:: +* Scripts:: +* How to configure:: @end menu + @c ================================================================== -@node Variables, , Configuration file, Configuration file -@subsection Variables +@node Main configuration variables, Host configuration variables, Configuration files, Configuration files +@subsection Main configuration variables -Here are all valid variables, listed in alphabetical order. The default -value, required or optional is given between parentheses. +@table @asis +@cindex AddressFamily +@item @var{AddressFamily} = (any) +This option affects the address family of listening and outgoing sockets. +If "any" is selected, then depending on the operating system +both IPv4 and IPv6 or just IPv6 listening sockets will be created. + +@cindex BindToAddress +@item @var{BindToAddress} =
[experimental] +If your computer has more than one IPv4 or IPv6 address, tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single address with this variable. + +This option may not work on all platforms. + +@cindex BindToInterface +@item @var{BindToInterface} = [experimental] +If you have more than one network interface in your computer, tinc will +by default listen on all of them for incoming connections. It is +possible to bind tinc to a single interface like eth0 or ppp0 with this +variable. + +This option may not work on all platforms. + +@cindex ConnectTo +@item @var{ConnectTo} = +Specifies which other tinc daemon to connect to on startup. +Multiple ConnectTo variables may be specified, +in which case outgoing connections to each specified tinc daemon are made. +The names should be known to this tinc daemon +(i.e., there should be a host configuration file for the name on the ConnectTo line). + +If you don't specify a host with ConnectTo, +tinc won't try to connect to other daemons at all, +and will instead just listen for incoming connections. + +@cindex Device +@item @var{Device} = (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform) +The virtual network device to use. +tinc will automatically detect what kind of device it is. +Note that you can only use one device per daemon. +Under Windows, use @var{Interface} instead of @var{Device}. +Note that you can only use one device per daemon. +See also @ref{Device files}. + +@cindex Hostnames +@item @var{Hostnames} = (no) +This option selects whether IP addresses (both real and on the VPN) +should be resolved. Since DNS lookups are blocking, it might affect +tinc's efficiency, even stopping the daemon for a few seconds everytime +it does a lookup if your DNS server is not responding. + +This does not affect resolving hostnames to IP addresses from the +configuration file. + +@cindex Interface +@item @var{Interface} = +Defines the name of the interface corresponding to the virtual network device. +Depending on the operating system and the type of device this may or may not actually set the name of the interface. +Under Windows, this variable is used to select which network interface will be used. +If you specified a Device, this variable is almost always already correctly set. + +@cindex Mode +@item @var{Mode} = (router) +This option selects the way packets are routed to other daemons. -@c straight from the manpage @table @asis -@item ConnectPort = (655) -Connect to the upstream host (given with the ConnectTo directive) on -port port. port may be given in decimal (default), octal (when preceded -by a single zero) or hexadecimal (prefixed with 0x). port is the port -number for both the UDP and the TCP (meta) connections. - -@item ConnectTo = (optional) -Specifies which host to connect to on startup. Multiple ConnectTo variables -may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. It is possible to specify hostnames for dynamic IP -addresses (like those given on dyndns.org), tinc will not cache the resolved -IP address. - -If you don't specify a host with ConnectTo, regardless of whether a -value for ConnectPort is given, tinc won't connect at all, and will -instead just listen for incoming connections. - -@item Hostnames = (no) -This option selects whether IP addresses (both real and on the VPN) should -be resolved. Since DNS lookups are blocking, it might affect tinc's -efficiency, even stopping the daemon for a few seconds everytime it does -a lookup if your DNS server is not responding. - -This does not affect resolving hostnames to IP addresses from the configuration -file. - -@item IndirectData = (no) -This option specifies whether other tinc daemons besides the one you -specified with ConnectTo can make a direct connection to you. This is -especially useful if you are behind a firewall and it is impossible -to make a connection from the outside to your tinc daemon. Otherwise, -it is best to leave this option out or set it to no. - -@item Interface = (optional) -If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to -bind tinc to a single interface like eth0 or ppp0 with this variable. - -@item InterfaceIP = (optional) -If your computer has more than one IP address on a single interface (for example -if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same -time though, if they share the same IP address. - -@item KeyExpire = (3600) +@cindex router +@item router +In this mode Subnet +variables in the host configuration files will be used to form a routing table. +Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. + +This is the default mode, and unless you really know you need another mode, don't change it. + +@cindex switch +@item switch +In this mode the MAC addresses of the packets on the VPN will be used to +dynamically create a routing table just like an Ethernet switch does. +Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode +at the cost of frequent broadcast ARP requests and routing table updates. + +This mode is primarily useful if you want to bridge Ethernet segments. + +@cindex hub +@item hub +This mode is almost the same as the switch mode, but instead +every packet will be broadcast to the other daemons +while no routing table is managed. +@end table + +@cindex KeyExpire +@item @var{KeyExpire} = (3600) This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to +are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. -@item ListenPort = (655) -Listen on local port port. The computer connecting to this daemon should -use this number as the argument for his ConnectPort. +@cindex MACExpire +@item @var{MACExpire} = (600) +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when Mode is set to "switch". -@item MyOwnVPNIP = (required) -The local address is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this -will be the file name of the passphrase file that the other end expects -to find the passphrase in. +@cindex Name +@item @var{Name} = [required] +This is a symbolic name for this connection. It can be anything -The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it -is also necessary that you make the ethernet (also known as MAC) address -equal to the IP address (see the example). +@cindex PingTimeout +@item @var{PingTimeout} = (60) +The number of seconds of inactivity that tinc will wait before sending a +probe to the other end. If that other end doesn't answer within that +same amount of seconds, the connection is terminated, and the others +will be notified of this. -maskbits is the number of bits set to 1 in the netmask part. +@cindex PriorityInheritance +@item @var{PriorityInheritance} = (no) [experimental] +When this option is enabled the value of the TOS field of tunneled IPv4 packets +will be inherited by the UDP packets that are sent out. -@item MyVirtualIP = -This is an alias for MyOwnVPNIP. +@cindex PrivateKey +@item @var{PrivateKey} = [obsolete] +This is the RSA private key for tinc. However, for safety reasons it is +advised to store private keys of any kind in separate files. This prevents +accidental eavesdropping if you are editting the configuration file. -@item Passphrases = (/etc/tinc/NETNAME/passphrases) -The directory where tinc will look for passphrases when someone tries to -connect. Please see the manpage for genauth(8) for more information -about passphrases as used by tinc. +@cindex PrivateKeyFile +@item @var{PrivateKeyFile} = (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv}) +This is the full path name of the RSA private key file that was +generated by ``tincd --generate-keys''. It must be a full path, not a +relative directory. -@item PingTimeout = (5) -The number of seconds of inactivity that tinc will wait before sending a -probe to the other end. If that other end doesn't answer within that -same amount of seconds, the connection is terminated, and the others -will be notified of this. +Note that there must be exactly one of @var{PrivateKey} +or @var{PrivateKeyFile} +specified in the configuration file. + +@end table + + +@c ================================================================== +@node Host configuration variables, Scripts, Main configuration variables, Configuration files +@subsection Host configuration variables + +@table @asis +@cindex Address +@item @var{Address} = [recommended] +This variable is only required if you want to connect to this host. It +must resolve to the external IP address where the host can be reached, +not the one that is internal to the VPN. + +@cindex Cipher +@item @var{Cipher} = (blowfish) +The symmetric cipher algorithm used to encrypt UDP packets. +Any cipher supported by OpenSSL is recognized. + +@cindex Compression +@item @var{Compression} = (0) +This option sets the level of compression used for UDP packets. +Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), +10 (fast lzo) and 11 (best lzo). + +@cindex Digest +@item @var{Digest} = (sha1) +The digest algorithm used to authenticate UDP packets. +Any digest supported by OpenSSL is recognized. +Furthermore, specifying "none" will turn off packet authentication. + +@cindex IndirectData +@item @var{IndirectData} = (no) +This option specifies whether other tinc daemons besides the one you +specified with ConnectTo can make a direct connection to you. This is +especially useful if you are behind a firewall and it is impossible to +make a connection from the outside to your tinc daemon. Otherwise, it +is best to leave this option out or set it to no. + +@cindex MACLength +@item @var{MACLength} = (4) +The length of the message authentication code used to authenticate UDP packets. +Can be anything from 0 +up to the length of the digest produced by the digest algorithm. + +@cindex Port +@item @var{Port} = (655) +This is the port this tinc daemon listens on. +You can use decimal portnumbers or symbolic names (as listed in /etc/services). + +@cindex PublicKey +@item @var{PublicKey} = [obsolete] +This is the RSA public key for this host. + +@cindex PublicKeyFile +@item @var{PublicKeyFile} = [obsolete] +This is the full path name of the RSA public key file that was generated +by ``tincd --generate-keys''. It must be a full path, not a relative +directory. + +@cindex PEM format +From version 1.0pre4 on tinc will store the public key directly into the +host configuration file in PEM format, the above two options then are not +necessary. Either the PEM format is used, or exactly +@strong{one of the above two options} must be specified +in each host configuration file, if you want to be able to establish a +connection with that host. + +@cindex Subnet +@item @var{Subnet} = +The subnet which this tinc daemon will serve. +tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. +If the packet matches a subnet, +it will be sent to the daemon who has this subnet in his host configuration file. +Multiple subnet lines can be specified for each daemon. + +Subnets can either be single MAC, IPv4 or IPv6 addresses, +in which case a subnet consisting of only that single address is assumed, +or they can be a IPv4 or IPv6 network address with a prefixlength. +Shorthand notations are not supported. +For example, IPv4 subnets must be in a form like 192.168.1.0/24, +where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. +Note that subnets like 192.168.1.1/24 are invalid! +Read a networking HOWTO/FAQ/guide if you don't understand this. +IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. +MAC addresses are notated like 0:1a:2b:3c:4d:5e. + +@cindex CIDR notation +prefixlength is the number of bits set to 1 in the netmask part; for +example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes +/22. This conforms to standard CIDR notation as described in +@uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} + +@cindex TCPonly +@item @var{TCPonly} = (no) [experimental] +If this variable is set to yes, then the packets are tunnelled over a +TCP connection instead of a UDP connection. This is especially useful +for those who want to run a tinc daemon from behind a masquerading +firewall, or if UDP packet routing is disabled somehow. +Setting this options also implicitly sets IndirectData. +@end table + + +@c ================================================================== +@node Scripts, How to configure, Host configuration variables, Configuration files +@subsection Scripts + +@cindex scripts +Apart from reading the server and host configuration files, +tinc can also run scripts at certain moments. +On Windows (not Cygwin), the scripts should have the extension .bat. + +@table @file +@cindex tinc-up +@item @value{sysconfdir}/tinc/@var{netname}/tinc-up +This is the most important script. +If it is present it will be executed right after the tinc daemon has been +started and has connected to the virtual network device. +It should be used to set up the corresponding network interface, +but can also be used to start other things. +Under Windows you can use the Network Connections control panel instead of creating this script. + +@cindex tinc-down +@item @value{sysconfdir}/tinc/@var{netname}/tinc-down +This script is started right before the tinc daemon quits. + +@item @value{sysconfdir}/tinc/@var{netname}/hosts/@var{host}-up +This script is started when the tinc daemon with name @var{host} becomes reachable. + +@item @value{sysconfdir}/tinc/@var{netname}/hosts/@var{host}-down +This script is started when the tinc daemon with name @var{host} becomes unreachable. +@end table -@item TapDevice = (/dev/tap0) -The ethertap device to use. Note that you can only use one device per -daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for Linux. - -@item TCPonly = (no, experimental) -If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those -who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, -try this at your own risk. - -@item VpnMask = (optional) -The mask that defines the scope of the entire VPN. This option is not used -by the tinc daemon itself, but can be used by startup scripts to configure -the ethertap devices correctly. +@cindex environment variables +The scripts are started without command line arguments, +but can make use of certain environment variables. +Under UNIX like operating systems the names of environment variables must be preceded by a $ in scripts. +Under Windows, in @file{.bat} files, they have to be put between % signs. + +@table @env +@cindex NETNAME +@item NETNAME +If a netname was specified, this environment variable contains it. + +@cindex NAME +@item NAME +Contains the name of this tinc daemon. + +@cindex DEVICE +@item DEVICE +Contains the name of the virtual network device that tinc uses. + +@cindex INTERFACE +@item INTERFACE +Contains the name of the virtual network interface that tinc uses. +This should be used for commands like ifconfig. + +@cindex NODE +@item NODE +When a host becomes (un)reachable, this is set to its name. + +@cindex REMOTEADDRESS +@item REMOTEADDRESS +When a host becomes (un)reachable, this is set to its real address. + +@cindex REMOTEPORT +@item REMOTEPORT +When a host becomes (un)reachable, +this is set to the port number it uses for communication with other tinc daemons. @end table +@c ================================================================== +@node How to configure, , Scripts, Configuration files +@subsection How to configure + +@subsubheading Step 1. Creating the main configuration file + +The main configuration file will be called @file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf}. +Adapt the following example to create a basic configuration file: + +@example +Name = @var{yourname} +Device = @file{/dev/tap0} +@end example + +Then, if you know to which other tinc daemon(s) yours is going to connect, +add `ConnectTo' values. + +@subsubheading Step 2. Creating your host configuration file + +If you added a line containing `Name = yourname' in the main configuarion file, +you will need to create a host configuration file @file{@value{sysconfdir}/tinc/@var{netname}/hosts/yourname}. +Adapt the following example to create a host configuration file: + +@example +Address = your.real.hostname.org +Subnet = 192.168.1.0/24 +@end example + +You can also use an IP address instead of a hostname. +The `Subnet' specifies the address range that is local for @emph{your part of the VPN only}. +If you have multiple address ranges you can specify more than one `Subnet'. +You might also need to add a `Port' if you want your tinc daemon to run on a different port number than the default (655). + @c ================================================================== -@node Example, , Configuration file, Configuring tinc -@section Example +@node Generating keypairs, Network interfaces, Configuration files, Configuration +@section Generating keypairs + +@cindex key generation +Now that you have already created the main configuration file and your host configuration file, +you can easily create a public/private keypair by entering the following command: +@example +tincd -n @var{netname} -K +@end example + +tinc will generate a public and a private key and ask you where to put them. +Just press enter to accept the defaults. -Imagine the following situation. An A-based company wants to connect -three branch offices in B, C and D using the internet. All four offices -have a 24/7 connection to the internet. -A is going to serve as the center of the network. B and C will connect -to A, and D will connect to C. Each office will be assigned their own IP +@c ================================================================== +@node Network interfaces, Example configuration, Generating keypairs, Configuration +@section Network interfaces + +Before tinc can start transmitting data over the tunnel, it must +set up the virtual network interface. + +First, decide which IP addresses you want to have associated with these +devices, and what network mask they must have. + +tinc will open a virtual network device (@file{/dev/tun}, @file{/dev/tap0} or similar), +which will also create a network interface called something like `tun0', `tap0', or, +if you are using the Linux tun/tap driver, the network interface will by default have the same name as the netname. + +@cindex tinc-up +You can configure the network interface by putting ordinary ifconfig, route, and other commands +to a script named @file{@value{sysconfdir}/tinc/@var{netname}/tinc-up}. When tinc starts, this script +will be executed. When tinc exits, it will execute the script named +@file{@value{sysconfdir}/tinc/@var{netname}/tinc-down}, but normally you don't need to create that script. + +An example @file{tinc-up} script: + +@example +#!/bin/sh +ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 +@end example + +This script gives the interface an IP address and a netmask. +The kernel will also automatically add a route to this interface, so normally you don't need +to add route commands to the @file{tinc-up} script. +The kernel will also bring the interface up after this command. +@cindex netmask +The netmask is the mask of the @emph{entire} VPN network, not just your +own subnet. + + +@c ================================================================== +@node Example configuration, , Network interfaces, Configuration +@section Example configuration + + +@cindex example +Imagine the following situation. Branch A of our example `company' wants to connect +three branch offices in B, C and D using the Internet. All four offices +have a 24/7 connection to the Internet. + +A is going to serve as the center of the network. B and C will connect +to A, and D will connect to C. Each office will be assigned their own IP network, 10.x.0.0. @example @@ -785,454 +1303,746 @@ D: net 10.4.0.0 mask 255.255.0.0 gateway 10.4.3.32 internet IP 4.5.6.7 @end example ``gateway'' is the VPN IP address of the machine that is running the -tincd. ``internet IP'' is the IP address of the firewall, which does not +tincd. ``internet IP'' is the IP address of the firewall, which does not need to run tincd, but it must do a port forwarding of TCP&UDP on port 655 (unless otherwise configured). In this example, it is assumed that eth0 is the interface that points to -the inner LAN of the office, although this could also be the same as the -interface that leads to the internet. The configuration of the real -interface is also shown as a comment, to give you an idea of how these -example host is set up. +the inner (physical) LAN of the office, although this could also be the +same as the interface that leads to the Internet. The configuration of +the real interface is also shown as a comment, to give you an idea of +how these example host is set up. All branches use the netname `company' +for this particular VPN. + +@subsubheading For Branch A -@subsubheading For A +@emph{BranchA} would be configured like this: -@emph{A} would be configured like this: +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example -#ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 -ifconfig tap0 hw ether fe:fd:0a:01:36:01 -ifconfig tap0 10.1.54.1 netmask 255.0.0.0 +# Real interface of internal network: +# ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 + +ifconfig $INTERFACE 10.1.54.1 netmask 255.0.0.0 @end example -and in /etc/tinc/tinc.conf: +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example -TapDevice = /dev/tap0 -MyVirtualIP = 10.1.54.1/16 -VpnMask = 255.0.0.0 +Name = BranchA +PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv +Device = /dev/tap0 @end example -@subsubheading For B +On all hosts, @value{sysconfdir}/tinc/company/hosts/BranchA contains: @example -#ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 -ifconfig tap0 hw ether fe:fd:0a:02:01:0c -ifconfig tap0 10.2.1.12 netmask 255.0.0.0 +Subnet = 10.1.0.0/16 +Address = 1.2.3.4 + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- @end example -and in /etc/tinc/tinc.conf: +Note that the IP addresses of eth0 and tap0 are the same. +This is quite possible, if you make sure that the netmasks of the interfaces are different. +It is in fact recommended to give give both real internal network interfaces and tap interfaces the same IP address, +since that will make things a lot easier to remember and set up. + + +@subsubheading For Branch B + +In @file{@value{sysconfdir}/tinc/company/tinc-up}: + +@example +# Real interface of internal network: +# ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 + +ifconfig $INTERFACE 10.2.1.12 netmask 255.0.0.0 +@end example + +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example -TapDevice = /dev/tap0 -MyVirtualIP = 10.2.1.12/16 -ConnectTo = 1.2.3.4 -VpnMask = 255.0.0.0 +Name = BranchB +ConnectTo = BranchA +PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv @end example Note here that the internal address (on eth0) doesn't have to be the -same as on the tap0 device. Also, ConnectTo is given so that no-one can +same as on the tap0 device. Also, ConnectTo is given so that no-one can connect to this node. -@subsubheading For C +On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchB}: + +@example +Subnet = 10.2.0.0/16 +Address = 2.3.4.5 + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- +@end example + + +@subsubheading For Branch C + +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example -#ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 -ifconfig tap0 hw ether fe:fd:0a:03:45:fe -ifconfig tap0 10.3.69.254 netmask 255.0.0.0 +# Real interface of internal network: +# ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 + +ifconfig $INTERFACE 10.3.69.254 netmask 255.0.0.0 @end example -and in /etc/tinc/A/tinc.conf: +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example -MyVirtualIP = 10.3.69.254/16 -TapDevice = /dev/tap1 -ConnectTo = 1.2.3.4 -ListenPort = 2000 -VpnMask = 255.0.0.0 +Name = BranchC +ConnectTo = BranchA +Device = /dev/tap1 @end example C already has another daemon that runs on port 655, so they have to -reserve another port for tinc. It can connect to other tinc daemons on -the regular port though, so no ConnectPort variable is needed. -They also use the netname to distinguish -between the two. tinc is started with `tincd -n A'. +reserve another port for tinc. It knows the portnumber it has to listen on +from it's own host configuration file. -@subsubheading For D +On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchC}: @example -#ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 -ifconfig tap0 hw ether fe:fd:0a:04:03:20 -ifconfig tap0 10.4.3.32 netmask 255.0.0.0 +Address = 3.4.5.6 +Subnet = 10.3.0.0/16 +Port = 2000 + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- @end example -and in /etc/tinc/tinc.conf: + +@subsubheading For Branch D + +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example -MyVirtualIP = 10.4.3.32/16 -ConnectTo = 3.4.5.6 -ConnectPort = 2000 -VpnMask=255.0.0.0 +# Real interface of internal network: +# ifconfig eth0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 + +ifconfig $INTERFACE 10.4.3.32 netmask 255.0.0.0 @end example -D will be connecting to C, which has a tincd running for this network on -port 2000. Hence they need to put in a ConnectPort, but it doesn't need -to have a different ListenPort. +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: -@subsubheading Authentication +@example +Name = BranchD +ConnectTo = BranchC +Device = /dev/net/tun +PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv +@end example -A, B, C and D all generate a passphrase with genauth 2048, the output is -stored in /etc/tinc/passphrases/local, except for C, where it should be -/etc/tinc/A/passphrases/local. +D will be connecting to C, which has a tincd running for this network on +port 2000. It knows the port number from the host configuration file. +Also note that since D uses the tun/tap driver, the network interface +will not be called `tun' or `tap0' or something like that, but will +have the same name as netname. -A stores a copy of B's passphrase in /etc/tinc/passphrases/10.2.1.12 +On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchD}: -A stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 +@example +Subnet = 10.4.0.0/16 +Address = 4.5.6.7 -B stores a copy of A's passphrase in /etc/tinc/passphrases/10.1.54.1 +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- +@end example -C stores a copy of A's passphrase in /etc/tinc/A/passphrases/10.1.54.1 +@subsubheading Key files -C stores a copy of D's passphrase in /etc/tinc/A/passphrases/10.4.3.32 +A, B, C and D all have generated a public/private keypair with the following command: -D stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 +@example +tincd -n company -K +@end example -@subsubheading Starting +The private key is stored in @file{@value{sysconfdir}/tinc/company/rsa_key.priv}, +the public key is put into the host configuration file in the @file{@value{sysconfdir}/tinc/company/hosts/} directory. +During key generation, tinc automatically guesses the right filenames based on the -n option and +the Name directive in the @file{tinc.conf} file (if it is available). -A has to start their tincd first. Then come B and C, where C has to -provide the option `-n A', because they have more than one tinc -network. Finally, D's tincd is started. +@subsubheading Starting +After each branch has finished configuration and they have distributed +the host configuration files amongst them, they can start their tinc daemons. +They don't necessarily have to wait for the other branches to have started +their daemons, tinc will try connecting until they are available. @c ================================================================== -@node Running tinc, Technical information, Configuring tinc, Top +@node Running tinc, Technical information, Configuration, Top @chapter Running tinc -Running tinc isn't just as easy as typing `tincd' and hoping everything -will just work out the way you wanted. Instead, the use of tinc is a -project that involves trust relations and more than one computer. +If everything else is done, you can start tinc by typing the following command: + +@example +tincd -n @var{netname} +@end example + +@cindex daemon +tinc will detach from the terminal and continue to run in the background like a good daemon. +If there are any problems however you can try to increase the debug level +and look in the syslog to find out what the problems are. @menu -* Managing keys:: -* Runtime options:: +* Runtime options:: +* Error messages:: @end menu @c ================================================================== -@node Managing keys, Runtime options, Running tinc, Running tinc -@section Managing keys +@node Runtime options, Error messages, Running tinc, Running tinc +@section Runtime options -Before attempting to start tinc, you have to create passphrases. When -tinc tries to make a connection, it exchanges some sensitive -data. Before doing so, it likes to know if the other end is -trustworthy. +Besides the settings in the configuration file, tinc also accepts some +command line options. -To do this, both ends must have some knowledge about the other. In the -case of tinc this is the authentication passphrase. +@cindex command line +@cindex runtime options +@cindex options +@c from the manpage +@table @option +@item -c, --config=PATH +Read configuration options from the directory PATH. The default is +@file{@value{sysconfdir}/tinc/@var{netname}/}. + +@item -D, --no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. + +@cindex debug level +@item -d, --debug=LEVEL +Set debug level to LEVEL. The higher the debug level, the more gets +logged. Everything goes via syslog. + +@item -k, --kill[=SIGNAL] +Attempt to kill a running tincd (optionally with the specified SIGNAL instead of SIGTERM) and exit. +Use it in conjunction with the -n option to make sure you kill the right tinc daemon. +Under native Windows the optional argument is ignored, +the service will always be stopped and removed. -This passphrase is a number, which is chosen at random. This number is -then sent to the other computers which want to talk to us directly. To -avoid breaking security, this should be done over a known secure channel -(such as ssh or similar). +@item -n, --net=NETNAME +Connect to net NETNAME. @xref{Multiple networks}. -All passphrases are stored in the passphrases directory, which is -normally /etc/tinc/nn/passphrases/, but it may be changed using the -`Passphrases' option in the config file. +@item -K, --generate-keys[=BITS] +Generate public/private keypair of BITS length. If BITS is not specified, +1024 is the default. tinc will ask where you want to store the files, +but will default to the configuration directory (you can use the -c or -n option +in combination with -K). After that, tinc will quit. -To generate a passphrase, run `genauth'. genauth takes one argument, -which is the length of the passphrase in bits. The length of the -passphrase should be in the range 1024--2048 for a key length of 128 -bits. genauth creates a random number of the specified length, and puts -it to stdout. +@item -L, --mlock +Lock tinc into main memory. +This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. -Every computer that wants to participate in the VPN should do this, and -store the output in the passphrases directory, in the file @file{local}. +@item --logfile[=FILE] +Write log entries to a file instead of to the system logging facility. +If FILE is omitted, the default is @value{localstatedir}/log/tinc.NETNAME.log. -When every computer has his own local key, it should copy it to the -computer that it wants to talk to directly. (i.e. the one it connects to -during startup.) This should be done via a secure channel, because it is -sensitive information. If this is not done securely, someone might break -in on you later on. +@item --pidfile=FILE +Write PID to FILE instead of @value{localstatedir}/run/tinc.NETNAME.pid. -Those non-local passphrase files must have the name of the VPN IP -address that they will advertise to you. For instance, if a computer -tells us it likes to be 10.1.1.3 with netmask 255.255.0.0, the file -should still be called 10.1.1.3, and not 10.1.0.0. +@item --bypass-security +Disables encryption and authentication. +Only useful for debugging. + +@item --help +Display a short reminder of these runtime options and terminate. + +@item --version +Output version information and exit. + +@end table @c ================================================================== -@node Runtime options, , Managing keys, Running tinc -@section Runtime options +@node Error messages, , Runtime options, Running tinc +@section Error messages -Besides the settings in the configuration file, tinc also accepts some -command line options. +What follows is a list of the most common error messages you can see +when configuring tinc. Most of these messages are visible in the syslog +only, so keep an eye on it! -This list is a longer version of that in the manpage. The latter is -generated automatically, so may be more up-to-date. +@table @strong +@item Could not open /dev/tap0: No such device -@c from the manpage -@table @asis -@item -c, --config=FILE -Read configuration options from FILE. The default is -@file{/etc/tinc/nn/tinc.conf}. +@itemize +@item You forgot to `modprobe netlink_dev' or `modprobe ethertap'. +@item You forgot to compile `Netlink device emulation' in the kernel. +@end itemize -@item -d -Increase debug level. The higher it gets, the more gets -logged. Everything goes via syslog. +@item Can't write to /dev/net/tun: No such device -0 is the default, only some basic information connection attempts get -logged. Setting it to 1 will log a bit more, still not very -disturbing. With two -d's tincd will log protocol information, which can -get pretty noisy. Three or more -d's will output every single packet -that goes out or comes in, which probably generates more data than the -packets themselves. +@itemize +@item You forgot to `modprobe tun'. +@item You forgot to compile `Universal TUN/TAP driver' in the kernel. +@end itemize -@item -k, --kill -Attempt to kill a running tincd and exit. A TERM signal (15) gets sent -to the daemon that his its PID in /var/run/tinc.nn.pid. +@item Packet with destination 1.2.3.4 is looping back to us! -Because it kills only one tincd, you should use -n here if you use it -normally. +@itemize +@item Something is not configured right. Packets are being sent out to the +virtual network device, but according to the Subnet directives in your host configuration +file, those packets should go to your own host. Most common mistake is that +you have a Subnet line in your host configuration file with a prefix length which is +just as large as the prefix of the virtual network interface. The latter should in almost all +cases be larger. Rethink your configuration. +Note that you will only see this message if you specified a debug +level of 5 or higher! +@item Chances are that a `Subnet = ...' line in the host configuration file of this tinc daemon is wrong. +Change it to a subnet that is accepted locally by another interface, +or if that is not the case, try changing the prefix length into /32. +@end itemize -@item -n, --net=NETNAME -Connect to net NETNAME. @xref{Multiple networks}. +@item Network doesn't work, syslog shows only packets of length 46 -@item -t, --timeout=TIMEOUT -Seconds to wait before giving a timeout. Should not be set too low, -because every time tincd senses a timeout, it disconnects and reconnects -again, which will cause unnecessary network traffic and log messages. +@item Network address and prefix length do not match! -@item --help -Display a short reminder of these runtime options and terminate. +@itemize +@item The Subnet field must contain a @emph{network} address. +@item If you only want to use one IP address, set the netmask to /32. +@end itemize -@item --version -Output version information and exit. +@item This is a bug: net.c:253: 24: Some error -@end table +@itemize +@item This is something that should not have happened. +Please report this, and tell us exactly what went wrong before you got +this message. In normal operation, these errors should not occur. +@end itemize + +@item Error reading RSA key file `rsa_key.priv': No such file or directory +@itemize +@item You must specify the complete pathname. +Specifying a relative path does not make sense here. tinc changes its +directory to / when starting (to avoid keeping a mount point busy). +@end itemize + +@end table @c ================================================================== @node Technical information, About us, Running tinc, Top @chapter Technical information -@c ================================================================== @menu -* The Connection:: -* Security:: +* The connection:: +* The meta-protocol:: +* Security:: @end menu -@node The Connection, Security, Technical information, Technical information -@section The basic philosophy of the way tinc works -@cindex Connection +@c ================================================================== +@node The connection, The meta-protocol, Technical information, Technical information +@section The connection + +@cindex connection tinc is a daemon that takes VPN data and transmit that to another host computer over the existing Internet infrastructure. @menu -* Protocol Preview:: -* The Meta-connection:: +* The UDP tunnel:: +* The meta-connection:: @end menu @c ================================================================== -@node Protocol Preview, The Meta-connection, The Connection, The Connection -@subsection A preview of the way the tinc works +@node The UDP tunnel, The meta-connection, The connection, The connection +@subsection The UDP tunnel -@cindex ethertap +@cindex virtual network device @cindex frame type The data itself is read from a character device file, the so-called -@emph{ethertap} device. This device is associated with a network -interface. Any data sent to this interface can be read from the device, -and any data written to the device gets sent from the interface. Data to -and from the device is formatted as if it were a normal ethernet card, -so a frame is preceded by two MAC addresses and a @emph{frame type} -field. - -So when tinc reads an ethernet frame from the device, it determines its -type. Right now, tinc can only handle Internet Protocol version 4 (IPv4) -frames. Plans to support other protocols are being made. When tinc knows -which type of frame it has read, it can also read the source and -destination address from it. - -Now it is time that the frame gets encrypted. Currently the only -encryption algorithm available is blowfish. +@emph{virtual network device}. This device is associated with a network +interface. Any data sent to this interface can be read from the device, +and any data written to the device gets sent from the interface. +There are two possible types of virtual network devices: +`tun' style, which are point-to-point devices which can only handle IPv4 and/or IPv6 packets, +and `tap' style, which are Ethernet devices and handle complete Ethernet frames. + +So when tinc reads an Ethernet frame from the device, it determines its +type. When tinc is in it's default routing mode, it can handle IPv4 and IPv6 +packets. Depending on the Subnet lines, it will send the packets off to their destination IP address. +In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery +to deduce the destination of the packets. +Since the latter modes only depend on the link layer information, +any protocol that runs over Ethernet is supported (for instance IPX and Appletalk). +However, only `tap' style devices provide this information. + +After the destination has been determined, +the packet will be compressed (optionally), +a sequence number will be added to the packet, +the packet will then be encrypted +and a message authentication code will be appended. @cindex encapsulating -When the encryption is ready, time has come to actually transport the -packet to the destination computer. We do this by sending the packet -over an UDP connection to the destination host. This is called +@cindex UDP +When that is done, time has come to actually transport the +packet to the destination computer. We do this by sending the packet +over an UDP connection to the destination host. This is called @emph{encapsulating}, the VPN packet (though now encrypted) is encapsulated in another IP datagram. When the destination receives this packet, the same thing happens, only -in reverse. So it does a decrypt on the contents of the UDP datagram, -and it writes the decrypted information to its own ethertap device. +in reverse. So it checks the message authentication code, decrypts the contents of the UDP datagram, +checks the sequence number +and writes the decrypted information to its own virtual network device. + +If the virtual network device is a `tun' device (a point-to-point tunnel), +there is no problem for the kernel to accept a packet. +However, if it is a `tap' device (this is the only available type on FreeBSD), +the destination MAC address must match that of the virtual network interface. +If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC +can not be known by the sending host. +tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface +and overwriting the destination MAC address of the received packet. + +In switch or hub modes ARP does work so the sender already knows the correct destination MAC address. +In those modes every interface should have a unique MAC address, so make sure they are not the same. +Because switch and hub modes rely on MAC addresses to function correctly, +these modes cannot be used on the following operating systems which don't have a `tap' style virtual network device: +OpenBSD, NetBSD, Darwin and Solaris. @c ================================================================== -@node The Meta-connection, , Protocol Preview, The Connection +@node The meta-connection, , The UDP tunnel, The connection @subsection The meta-connection -Having only an UDP connection available is not enough. Though suitable +Having only a UDP connection available is not enough. Though suitable for transmitting data, we want to be able to reliably send other -information, such as routing and encryption information to somebody. +information, such as routing and session key information to somebody. +@cindex TCP TCP is a better alternative, because it already contains protection against information being lost, unlike UDP. -So we establish two connections. One for the encrypted VPN data, and one -for other information, the meta-data. Hence, we call the second -connection the meta-connection. We can now be sure that the +So we establish two connections. One for the encrypted VPN data, and one +for other information, the meta-data. Hence, we call the second +connection the meta-connection. We can now be sure that the meta-information doesn't get lost on the way to another computer. @cindex data-protocol @cindex meta-protocol Like with any communication, we must have a protocol, so that everybody -knows what everything stands for, an how he should react. Because we -have two connections, we also have two protocols. The protocol used for +knows what everything stands for, and how she should react. Because we +have two connections, we also have two protocols. The protocol used for the UDP data is the ``data-protocol,'' the other one is the ``meta-protocol.'' The reason we don't use TCP for both protocols is that UDP is much -better for encapsulation, even while it is less reliable. The real +better for encapsulation, even while it is less reliable. The real problem is that when TCP would be used to encapsulate a TCP stream that's on the private network, for every packet sent there would be -three ACK's sent instead of just one. Furthermore, if there would be +three ACKs sent instead of just one. Furthermore, if there would be a timeout, both TCP streams would sense the timeout, and both would -start resending packets. +start re-sending packets. + @c ================================================================== -@node Security, , The Connection, Technical information +@node The meta-protocol, Security, The connection, Technical information +@section The meta-protocol + +The meta protocol is used to tie all tinc daemons together, and +exchange information about which tinc daemon serves which virtual +subnet. + +The meta protocol consists of requests that can be sent to the other +side. Each request has a unique number and several parameters. All +requests are represented in the standard ASCII character set. It is +possible to use tools such as telnet or netcat to connect to a tinc +daemon started with the --bypass-security option +and to read and write requests by hand, provided that one +understands the numeric codes sent. + +The authentication scheme is described in @ref{Authentication protocol}. After a +successful authentication, the server and the client will exchange all the +information about other tinc daemons and subnets they know of, so that both +sides (and all the other tinc daemons behind them) have their information +synchronised. + +@cindex ADD_EDGE +@cindex ADD_SUBNET +@example +daemon message +-------------------------------------------------------------------------- +origin ADD_EDGE node1 node2 21.32.43.54 655 222 0 + | | | | | +-> options + | | | | +----> weight + | | | +--------> UDP port of node2 + | | +----------------> real address of node2 + | +-------------------------> name of destination node + +-------------------------------> name of source node + +origin ADD_SUBNET node 192.168.1.0/24 + | | +--> prefixlength + | +--------> network address + +------------------> owner of this subnet +-------------------------------------------------------------------------- +@end example + +The ADD_EDGE messages are to inform other tinc daemons that a connection between +two nodes exist. The address of the destination node is available so that +VPN packets can be sent directly to that node. + +The ADD_SUBNET messages inform other tinc daemons that certain subnets belong +to certain nodes. tinc will use it to determine to which node a VPN packet has +to be sent. + +@cindex DEL_EDGE +@cindex DEL_SUBNET +@example +message +------------------------------------------------------------------ +DEL_EDGE node1 node2 + | +----> name of destination node + +----------> name of source node + +DEL_SUBNET node 192.168.1.0/24 + | | +--> prefixlength + | +--------> network address + +------------------> owner of this subnet +------------------------------------------------------------------ +@end example + +In case a connection between two daemons is closed or broken, DEL_EDGE messages +are sent to inform the other daemons of that fact. Each daemon will calculate a +new route to the the daemons, or mark them unreachable if there isn't any. + +@cindex REQ_KEY +@cindex ANS_KEY +@cindex KEY_CHANGED +@example +message +------------------------------------------------------------------ +REQ_KEY origin destination + | +--> name of the tinc daemon it wants the key from + +----------> name of the daemon that wants the key + +ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 + | | \______________/ | | +--> MAC length + | | | | +-----> digest algorithm + | | | +--------> cipher algorithm + | | +--> 128 bits key + | +--> name of the daemon that wants the key + +----------> name of the daemon that uses this key + +KEY_CHANGED origin + +--> daemon that has changed it's packet key +-------------------------------------------------------------------------- +@end example + +The keys used to encrypt VPN packets are not sent out directly. This is +because it would generate a lot of traffic on VPNs with many daemons, and +chances are that not every tinc daemon will ever send a packet to every +other daemon. Instead, if a daemon needs a key it sends a request for it +via the meta connection of the nearest hop in the direction of the +destination. + +@cindex PING +@cindex PONG +@example +daemon message +-------------------------------------------------------------------------- +origin PING +dest. PONG +-------------------------------------------------------------------------- +@end example + +There is also a mechanism to check if hosts are still alive. Since network +failures or a crash can cause a daemon to be killed without properly +shutting down the TCP connection, this is necessary to keep an up to date +connection list. PINGs are sent at regular intervals, except when there +is also some other traffic. A little bit of salt (random data) is added +with each PING and PONG message, to make sure that long sequences of PING/PONG +messages without any other traffic won't result in known plaintext. + +This basically covers what is sent over the meta connection by +tinc. + + +@c ================================================================== +@node Security, , The meta-protocol, Technical information @section About tinc's encryption and other security-related issues. -@cindex tinc +@cindex TINC @cindex Cabal tinc got its name from ``TINC,'' short for @emph{There Is No Cabal}; the -alleged Cabal was/is an organization that was said to keep an eye on the -entire Internet. As this is exactly what you @emph{don't} want, we named +alleged Cabal was/is an organisation that was said to keep an eye on the +entire Internet. As this is exactly what you @emph{don't} want, we named the tinc project after TINC. @cindex SVPN But in order to be ``immune'' to eavesdropping, you'll have to encrypt -your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does +your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. - -This chapter is a mixture of ideas, reasoning and explanation, please -don't take it too serious. +tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit +sequence numbers and 4 byte long message authentication codes to make sure +eavesdroppers cannot get and cannot change any information at all from the +packets they can intercept. The encryption algorithm and message authentication +algorithm can be changed in the configuration. The length of the message +authentication codes is also adjustable. The length of the key for the +encryption algorithm is always the default length used by OpenSSL. @menu -* Key Types:: -* Key Management:: -* Authentication:: -* Protection:: +* Authentication protocol:: +* Encryption of network packets:: @end menu + @c ================================================================== -@node Key Types, Key Management, Security, Security -@subsection Key Types -@c FIXME: check if I'm not talking nonsense +@node Authentication protocol, Encryption of network packets, Security, Security +@subsection Authentication protocol + +@cindex authentication +A new scheme for authentication in tinc has been devised, which offers some +improvements over the protocol used in 1.0pre2 and 1.0pre3. Explanation is +below. + +@cindex ID +@cindex META_KEY +@cindex CHALLENGE +@cindex CHAL_REPLY +@cindex ACK +@example +daemon message +-------------------------------------------------------------------------- +client -There are several types of encryption keys. Tinc uses two of them, -symmetric private keypairs and public/private keypairs. +server -Public/private keypairs are used in public key cryptography. It enables -someone to send out a public key with which other people can encrypt their -data. The encrypted data now can only be decrypted by the person who has -the private key that matches the public key. So, a public key only allows -@emph{other} people to send encrypted messages to you. This is very useful -in setting up private communications channels. Just send out your public key -and other people can talk to you in a secure way. But how can you know -the other person is who he says he is? +client ID client 12 + | +---> version + +-------> name of tinc daemon -For authentication itself tinc uses symmetric private keypairs, referred -to as a passphrase. The identity of each tinc daemon is defined by it's -passphrase (like you can be identified by your social security number). -Every tinc daemon that is allowed to connect to you has a copy of your -passphrase (hence symmetrical). +server ID server 12 + | +---> version + +-------> name of tinc daemon -It would also be possible to use public/private keypairs for authentication, -so that you could shout out your public key and don't need to keep it -secret (like the passphrase you would have to send to someone else). Also, -no one else has to know a private key from you. -Both forms have their pros and cons, and at the moment tinc just uses passphrases -(which are computationaly more efficient and perhaps in some way more -secure). +client META_KEY 5f0823a93e35b69e...7086ec7866ce582b + \_________________________________/ + +-> RSAKEYLEN bits totally random string S1, + encrypted with server's public RSA key -@c ================================================================== -@node Key Management, Authentication, Key Types, Security -@subsection Key Management -@c FIXME change for the current protocol +server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630 + \_________________________________/ + +-> RSAKEYLEN bits totally random string S2, + encrypted with client's public RSA key -@cindex Diffie-Hellman -You can't just send a private encryption key to your peer, because -somebody else might already be listening to you. So you'll have to -negotiate over a shared but secret key. One way to do this is by using -the ``Diffie-Hellman key exchange'' protocol -(@uref{http://www.rsa.com/rsalabs/faq/html/3-6-1.html}). The idea is as -follows. +From now on: + - the client will symmetrically encrypt outgoing traffic using S1 + - the server will symmetrically encrypt outgoing traffic using S2 -You have two participants A and B that want to agree over a shared -secret encryption key. Both parties have some large prime number p and a -generator g. These numbers may be known to the outside world, and hence -may be included in the source distribution. +client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0 + \_________________________________/ + +-> CHALLEN bits totally random string H1 -@cindex secret key -Both parties then generate a secret key. A generates a, and computes g^a -mod p. This is then sent to B; while B computes g^b mod p, and transmits -this to A, b being generated by B. Both a and b must be smaller than -p-1. +server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d57f + \_________________________________/ + +-> CHALLEN bits totally random string H2 -Both parties then calculate g^ab mod p = k. k is the new, shared, but -still secret key. +client CHAL_REPLY 816a86 + +-> 160 bits SHA1 of H2 -To obtain a key k of a sufficient length (128 bits in our vpnd), p -should be 2^129-1 or more. +server CHAL_REPLY 928ffe + +-> 160 bits SHA1 of H1 +After the correct challenge replies are received, both ends have proved +their identity. Further information is exchanged. -@c ================================================================== -@node Authentication, Protection, Key Management, Security -@subsection Authentication -@c FIXME: recheck - -@cindex man-in-the-middle attack -Because the Diffie-Hellman protocol is in itself vulnerable to the -``man-in-the-middle attack,'' we should introduce an authentication -system. +client ACK 655 123 0 + | | +-> options + | +----> estimated weight + +--------> listening port of client -We will let A transmit a passphrase that is also known to B encrypted -with g^a, before A sends this to B. This way, B can check whether A is -really A or just someone else. -B will never receive the real passphrase though, because it was -encrypted using public/private keypairs. This way there is no way an -imposter could steal A's passphrase. +server ACK 655 321 0 + | | +-> options + | +----> estimated weight + +--------> listening port of server +-------------------------------------------------------------------------- +@end example -@cindex passphrase -@c ehrmz... but we only use 1024 bits passphrases ourselves? [guus] -This passphrase should be 2304 bits for a symmetric encryption -system. But since an asymmetric system is more secure, we could do with -2048 bits. This only holds if the passphrase is very random. +This new scheme has several improvements, both in efficiency and security. + +First of all, the server sends exactly the same kind of messages over the wire +as the client. The previous versions of tinc first authenticated the client, +and then the server. This scheme even allows both sides to send their messages +simultaneously, there is no need to wait for the other to send something first. +This means that any calculations that need to be done upon sending or receiving +a message can also be done in parallel. This is especially important when doing +RSA encryption/decryption. Given that these calculations are the main part of +the CPU time spent for the authentication, speed is improved by a factor 2. + +Second, only one RSA encrypted message is sent instead of two. This reduces the +amount of information attackers can see (and thus use for a cryptographic +attack). It also improves speed by a factor two, making the total speedup a +factor 4. + +Third, and most important: +The symmetric cipher keys are exchanged first, the challenge is done +afterwards. In the previous authentication scheme, because a man-in-the-middle +could pass the challenge/chal_reply phase (by just copying the messages between +the two real tinc daemons), but no information was exchanged that was really +needed to read the rest of the messages, the challenge/chal_reply phase was of +no real use. The man-in-the-middle was only stopped by the fact that only after +the ACK messages were encrypted with the symmetric cipher. Potentially, it +could even send it's own symmetric key to the server (if it knew the server's +public key) and read some of the metadata the server would send it (it was +impossible for the mitm to read actual network packets though). The new scheme +however prevents this. + +This new scheme makes sure that first of all, symmetric keys are exchanged. The +rest of the messages are then encrypted with the symmetric cipher. Then, each +side can only read received messages if they have their private key. The +challenge is there to let the other side know that the private key is really +known, because a challenge reply can only be sent back if the challenge is +decrypted correctly, and that can only be done with knowledge of the private +key. + +Fourth: the first thing that is sent via the symmetric cipher encrypted +connection is a totally random string, so that there is no known plaintext (for +an attacker) in the beginning of the encrypted stream. -These passphrases could be stored in a file that is non-readable by -anyone else but root; e.g. @file{/etc/tinc/passphrases} with UID 0 -and permissions mode 700. -The only thing that needs to be taken care of is how A can securely send -a copy of it's passphrase to B if B doesn't have it yet. This could be -done via mail with PGP, but you should be really convinced of the -identity of the person who owns the email address you are sending this to. -Swapping floppy disks in real life might be the best way to do this! +@c ================================================================== +@node Encryption of network packets, , Authentication protocol, Security +@subsection Encryption of network packet +@cindex encryption +A data packet can only be sent if the encryption key is known to both +parties, and the connection is activated. If the encryption key is not +known, a request is sent to the destination using the meta connection +to retrieve it. The packet is stored in a queue while waiting for the +key to arrive. -@c ================================================================== -@node Protection, , Authentication, Security -@subsection Protecting your data +@cindex UDP +The UDP packet containing the network packet from the VPN has the following layout: -Now we have securely hidden our data. But a malicious cracker may still -bother you by randomly altering the encrypted data he intercepts. +@example +... | IP header | UDP header | seqno | VPN packet | MAC | UDP trailer + \___________________/\_____/ + | | + V +---> digest algorithm + Encrypted with symmetric cipher +@end example -@c FIXME what the hell is this all about? remove? IT +So, the entire VPN packet is encrypted using a symmetric cipher, including a 32 bits +sequence number that is added in front of the actual VPN packet, to act as a unique +IV for each packet and to prevent replay attacks. A message authentication code +is added to the UDP packet to prevent alteration of packets. By default the +first 4 bytes of the digest are used for this, but this can be changed using +the MACLength configuration variable. @c ================================================================== @node About us, Concept Index, Technical information, Top @@ -1240,8 +2050,8 @@ bother you by randomly altering the encrypted data he intercepts. @menu -* Contact Information:: -* Authors:: +* Contact Information:: +* Authors:: @end menu @@ -1249,11 +2059,15 @@ bother you by randomly altering the encrypted data he intercepts. @node Contact Information, Authors, About us, About us @section Contact information -tinc's main page is at @url{http://tinc.nl.linux.org/}, +@cindex website +tinc's website is at @url{http://tinc.nl.linux.org/}, this server is located in the Netherlands. -We have an IRC channel on the Open Projects IRC network. Connect to -@uref{http://openprojects.nu/services/irc.html, irc.openprojects.net}, +@cindex IRC +We have an IRC channel on the FreeNode and OFTC IRC networks. Connect to +@uref{http://www.freenode.net/, irc.freenode.net} +or +@uref{http://www.oftc.net/, irc.oftc.net} and join channel #tinc. @@ -1262,20 +2076,14 @@ and join channel #tinc. @section Authors @table @asis -@item Ivo Timmermans (zarq) (@email{itimmermans@@bigfoot.com}) -Main coder/hacker and maintainer of the package. - -@item Guus Sliepen (guus) -Originator of it all, co-author. - -@item Wessel Dankers (Ubiq) -General obfuscater of the code. - +@item Ivo Timmermans (zarq) (@email{ivo@@o2w.nl}) +@item Guus Sliepen (guus) (@email{guus@@sliepen.eu.org}) @end table -Thank you's to: Dekan, Emphyrio, vDong - -Greetings to: braque, Fluor, giggles, macro, smoke, tribbel +We have received a lot of valuable input from users. With their help, +tinc has become the flexible and robust tool that it is today. We have +composed a list of contributions, in the file called @file{THANKS} in +the source distribution. @c ================================================================== @@ -1290,4 +2098,3 @@ Greetings to: braque, Fluor, giggles, macro, smoke, tribbel @c ================================================================== @contents @bye - diff --git a/doc/tincd.8 b/doc/tincd.8.in similarity index 69% rename from doc/tincd.8 rename to doc/tincd.8.in index 831bbb1d..577e33a8 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8.in @@ -1,22 +1,25 @@ .Dd 2002-03-25 .Dt TINCD 8 .\" Manual page created by: -.\" Ivo Timmermans -.\" Guus Sliepen +.\" Ivo Timmermans +.\" Guus Sliepen .Sh NAME .Nm tincd .Nd tinc VPN daemon .Sh SYNOPSIS .Nm -.Op Fl cdDkKn -.Op Fl -bypass-security +.Op Fl cdDkKnL .Op Fl -config Ns = Ns Ar DIR -.Op Fl -debug Ns = Ns Ar LEVEL +.Op Fl -no-detach +.Op Fl -debug Ns Op = Ns Ar LEVEL +.Op Fl -kill Ns Op = Ns Ar SIGNAL +.Op Fl -net Ns = Ns Ar NETNAME .Op Fl -generate-keys Ns Op = Ns Ar BITS +.Op Fl -mlock +.Op Fl -logfile Ns Op = Ns Ar FILE +.Op Fl -pidfile Ns = Ns Ar FILE +.Op Fl -bypass-security .Op Fl -help -.Op Fl -kill Ns = Ns Ar SIGNAL -.Op Fl -net Ns = Ns Ar NETNAME -.Op Fl -no-detach .Op Fl -version .Sh DESCRIPTION This is the daemon of tinc, a secure virtual private network (VPN) project. @@ -31,37 +34,59 @@ If that succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc daemons that are part of the virtual private network. +Under Windows (not Cygwin) tinc will install itself as a service, +which will be restarted automatically after reboots. .Sh OPTIONS .Bl -tag -width indent -.It Fl -bypass-security -Disables encryption and authentication. -Only useful for debugging. .It Fl c, -config Ns = Ns Ar DIR -Read configuration options from -.Ar DIR . +Read configuration files from +.Ar DIR +instead of +.Pa @sysconfdir@/tinc/ . +.It Fl D, -no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. +If not mentioned otherwise, this will show log messages on the standard error output. .It Fl d, -debug Ns Op = Ns Ar LEVEL Increase debug level or set it to .Ar LEVEL (see below). -.It Fl K, -generate-keys Ns Op = Ns Ar BITS -Generate public/private RSA keypair and exit. -If -.Ar BITS -is omitted, the default length will be 1024 bits. -.It Fl -help -Display short list of options. .It Fl k, -kill Ns Op = Ns Ar SIGNAL Attempt to kill a running .Nm (optionally with the specified .Ar SIGNAL instead of SIGTERM) and exit. +Under Windows (not Cygwin) the optional argument is ignored, +the service will always be stopped and removed. .It Fl n, -net Ns = Ns Ar NETNAME Connect to net .Ar NETNAME . -.It Fl D, -no-detach -Don't fork and detach. -This will also disable the automatic restart mechanism for fatal errors. +.It Fl K, -generate-keys Ns Op = Ns Ar BITS +Generate public/private RSA keypair and exit. +If +.Ar BITS +is omitted, the default length will be 1024 bits. +.It Fl L, -mlock +Lock tinc into main memory. +This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. +.It Fl -logfile Ns Op = Ns Ar FILE +Write log entries to a file instead of to the system logging facility. +If +.Ar FILE +is omitted, the default is +.Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log. +.It Fl -pidfile Ns = Ns Ar FILE +Write PID to +.Ar FILE +instead of +.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid. +Under Windows this option will be ignored. +.It Fl -bypass-security +Disables encryption and authentication of the meta protocol. +Only useful for debugging. +.It Fl -help +Display short list of options. .It Fl -version Output version information and exit. .El @@ -80,7 +105,11 @@ and if didn't succeed to connect to an uplink the first time after it started, it defaults to the maximum time of 15 minutes. .It HUP -Closes all connections, rereads the configuration file and restarts the daemon. +Partially rereads configuration files. +Connections to hosts whose host config file are removed are closed. +New outgoing connections specified in +.Pa tinc.conf +will be made. .It INT Temporarily increases debug level to 5. Send this signal again to revert to the original level. @@ -105,7 +134,7 @@ It will also any serious error. .It 1 This will log all connections that are made with other tinc daemons. .It 2 -This will log status and error messages from other tinc daemons. +This will log status and error messages from scripts and other tinc daemons. .It 3 This will log all requests that are exchanged with other tinc daemons. These include authentication, key exchange and connection list updates. @@ -116,29 +145,11 @@ This will log all network traffic over the virtual private network. .El .Sh FILES .Bl -tag -width indent -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf -The configuration file for -.Nm . -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up -Script which is executed as soon as the virtual network device has been allocated. -Purpose is to further configure that device. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down -Script which is executed when -.Nm -exits. -Purpose is to cleanly shut down the virtual network device before it will be deallocated. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/* -The directory containing the host configuration files -used to authenticate other tinc daemons. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up -Script which is executed as soon as host -.Ar NAME -becomes reachable. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down -Script which is executed as soon as host -.Ar NAME -becomes unreachable. -.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid +.It Pa @sysconfdir@/tinc/ +Directory containing the configuration files tinc uses. +For more information, see +.Xr tinc.conf 5 . +.It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid The PID of the currently running .Nm is stored in this file. @@ -168,7 +179,7 @@ tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details. .Sh AUTHORS -.An "Ivo Timmermans" Aq itimmermans@bigfoot.com -.An "Guus Sliepen" Aq guus@sliepen.warande.net +.An "Ivo Timmermans" Aq ivo@o2w.nl +.An "Guus Sliepen" Aq guus@sliepen.eu.org .Pp And thanks to many others for their contributions to tinc! diff --git a/doc/tincinclude.texi.in b/doc/tincinclude.texi.in new file mode 100644 index 00000000..da4adc57 --- /dev/null +++ b/doc/tincinclude.texi.in @@ -0,0 +1,4 @@ +@set VERSION @VERSION@ +@set PACKAGE @PACKAGE@ +@set sysconfdir @sysconfdir@ +@set localstatedir @localstatedir@ diff --git a/lib/Makefile.am b/lib/Makefile.am index 082d4c55..33762121 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,17 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.9 2002/05/02 13:11:55 zarq Exp $ +# $Id: Makefile.am,v 1.10 2003/08/24 20:38:20 guus Exp $ -noinst_LIBRARIES = libtinc.a +noinst_LIBRARIES = libvpn.a -INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -I$(top_srcdir)/intl +INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -libtinc_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c \ - list.c avl_tree.c hooks.c dropin.c edge.c conf.c netutl.c logging.c connection.c subnet.c node.c graph.c event.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c fake-getaddrinfo.c fake-getnameinfo.c -libtinc_a_LIBADD = @LIBOBJS@ @ALLOCA@ -libtinc_a_DEPENDENCIES = $(libvpn_a_LIBADD) +libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ +libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h \ - hooks.h dropin.h edge.h net.h conf.h netutl.h logging.h connection.h subnet.h node.h graph.h event.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h gettext.h ipv6.h ipv4.h ethernet.h -EXTRA_DIST = README +EXTRA_DIST = diff --git a/lib/README b/lib/README deleted file mode 100644 index d842e59a..00000000 --- a/lib/README +++ /dev/null @@ -1 +0,0 @@ -The files in this directory were merely copied from fileutils 4.0. \ No newline at end of file diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 6ad4c991..43470a9d 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -1,9 +1,9 @@ /* avl_tree.c -- avl_ tree and linked list convenience Copyright (C) 1998 Michael H. Buselli - 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen - 2000,2001 Wessel Dankers + 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen + 2000-2003 Wessel Dankers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,16 +27,15 @@ Cleaned up and incorporated some of the ideas from the red-black tree library for inclusion into tinc (http://tinc.nl.linux.org/) by - Guus Sliepen . + Guus Sliepen . - $Id: avl_tree.c,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: avl_tree.c,v 1.3 2003/08/24 20:38:20 guus Exp $ */ -#include -#include -#include +#include "system.h" #include "avl_tree.h" +#include "xalloc.h" #ifdef AVL_COUNT #define AVL_NODE_COUNT(n) ((n) ? (n)->count : 0) @@ -53,671 +52,690 @@ #endif #ifndef AVL_DEPTH -int lg(unsigned int u) +static int lg(unsigned int u) __attribute__ ((__const__)); + +static int lg(unsigned int u) { - int r = 1; - if (!u) - return 0; - if (u & 0xffff0000) - { - u >>= 16; - r += 16; - } - if (u & 0x0000ff00) - { - u >>= 8; - r += 8; - } - if (u & 0x000000f0) - { - u >>= 4; - r += 4; - } - if (u & 0x0000000c) - { - u >>= 2; - r += 2; - } - if (u & 0x00000002) - r++; - return r; + int r = 1; + + if(!u) + return 0; + + if(u & 0xffff0000) { + u >>= 16; + r += 16; + } + + if(u & 0x0000ff00) { + u >>= 8; + r += 8; + } + + if(u & 0x000000f0) { + u >>= 4; + r += 4; + } + + if(u & 0x0000000c) { + u >>= 2; + r += 2; + } + + if(u & 0x00000002) + r++; + + return r; } #endif /* Internal helper functions */ -int avl_check_balance(avl_node_t *node) +static int avl_check_balance(const avl_node_t *node) { #ifdef AVL_DEPTH - int d; - d = R_AVL_DEPTH(node) - L_AVL_DEPTH(node); - return d < -1 ? -1 : d > 1 ? 1 : 0; + int d; + + d = R_AVL_DEPTH(node) - L_AVL_DEPTH(node); + + return d < -1 ? -1 : d > 1 ? 1 : 0; #else /* int d; * d = lg(AVL_R_COUNT(node)) - lg(AVL_L_COUNT(node)); * d = d<-1?-1:d>1?1:0; */ - int pl, r; + int pl, r; + + pl = lg(AVL_L_COUNT(node)); + r = AVL_R_COUNT(node); + + if(r >> pl + 1) + return 1; - pl = lg(AVL_L_COUNT(node)); - r = AVL_R_COUNT(node); + if(pl < 2 || r >> pl - 2) + return 0; - if (r >> pl + 1) - return 1; - if (pl < 2 || r >> pl - 2) - return 0; - return -1; + return -1; #endif } -void avl_rebalance(avl_tree_t *tree, avl_node_t *node) +static void avl_rebalance(avl_tree_t *tree, avl_node_t *node) { - avl_node_t *child; - avl_node_t *gchild; - avl_node_t *parent; - avl_node_t **superparent; + avl_node_t *child; + avl_node_t *gchild; + avl_node_t *parent; + avl_node_t **superparent; - parent = node; + parent = node; - while (node) - { - parent = node->parent; + while(node) { + parent = node->parent; - superparent = parent ? node == parent->left ? &parent->left : &parent->right : &tree->root; + superparent = + parent ? node == + parent->left ? &parent->left : &parent->right : &tree->root; - switch (avl_check_balance(node)) - { - case -1: - child = node->left; + switch (avl_check_balance(node)) { + case -1: + child = node->left; #ifdef AVL_DEPTH - if(L_AVL_DEPTH(child) >= R_AVL_DEPTH(child)) { + if(L_AVL_DEPTH(child) >= R_AVL_DEPTH(child)) { #else - if (AVL_L_COUNT(child) >= AVL_R_COUNT(child)) - { + if(AVL_L_COUNT(child) >= AVL_R_COUNT(child)) { #endif - node->left = child->right; - if (node->left) - node->left->parent = node; - child->right = node; - node->parent = child; - *superparent = child; - child->parent = parent; + node->left = child->right; + if(node->left) + node->left->parent = node; + + child->right = node; + node->parent = child; + *superparent = child; + child->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); #endif - } else - { - gchild = child->right; - node->left = gchild->right; - if (node->left) - node->left->parent = node; - child->right = gchild->left; - if (child->right) - child->right->parent = child; - gchild->right = node; - if (gchild->right) - gchild->right->parent = gchild; - gchild->left = child; - if (gchild->left) - gchild->left->parent = gchild; - *superparent = gchild; - gchild->parent = parent; + } else { + gchild = child->right; + node->left = gchild->right; + + if(node->left) + node->left->parent = node; + child->right = gchild->left; + + if(child->right) + child->right->parent = child; + gchild->right = node; + + if(gchild->right) + gchild->right->parent = gchild; + gchild->left = child; + + if(gchild->left) + gchild->left->parent = gchild; + *superparent = gchild; + + gchild->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); - gchild->count = AVL_CALC_COUNT(gchild); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); + gchild->count = AVL_CALC_COUNT(gchild); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); - gchild->depth = AVL_CALC_DEPTH(gchild); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); + gchild->depth = AVL_CALC_DEPTH(gchild); #endif - } - break; - case 1: - child = node->right; + } + break; + + case 1: + child = node->right; #ifdef AVL_DEPTH - if(R_AVL_DEPTH(child) >= L_AVL_DEPTH(child)) { + if(R_AVL_DEPTH(child) >= L_AVL_DEPTH(child)) { #else - if (AVL_R_COUNT(child) >= AVL_L_COUNT(child)) - { + if(AVL_R_COUNT(child) >= AVL_L_COUNT(child)) { #endif - node->right = child->left; - if (node->right) - node->right->parent = node; - child->left = node; - node->parent = child; - *superparent = child; - child->parent = parent; + node->right = child->left; + if(node->right) + node->right->parent = node; + child->left = node; + node->parent = child; + *superparent = child; + child->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); #endif - } else - { - gchild = child->left; - node->right = gchild->left; - if (node->right) - node->right->parent = node; - child->left = gchild->right; - if (child->left) - child->left->parent = child; - gchild->left = node; - if (gchild->left) - gchild->left->parent = gchild; - gchild->right = child; - if (gchild->right) - gchild->right->parent = gchild; - *superparent = gchild; - gchild->parent = parent; + } else { + gchild = child->left; + node->right = gchild->left; + + if(node->right) + node->right->parent = node; + child->left = gchild->right; + + if(child->left) + child->left->parent = child; + gchild->left = node; + + if(gchild->left) + gchild->left->parent = gchild; + gchild->right = child; + + if(gchild->right) + gchild->right->parent = gchild; + + *superparent = gchild; + gchild->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); - gchild->count = AVL_CALC_COUNT(gchild); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); + gchild->count = AVL_CALC_COUNT(gchild); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); - gchild->depth = AVL_CALC_DEPTH(gchild); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); + gchild->depth = AVL_CALC_DEPTH(gchild); #endif - } - break; - default: + } + break; + + default: #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); + node->count = AVL_CALC_COUNT(node); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); + node->depth = AVL_CALC_DEPTH(node); #endif - } - node = parent; - } + } + node = parent; + } } /* (De)constructors */ avl_tree_t *avl_alloc_tree(avl_compare_t compare, avl_action_t delete) { - avl_tree_t *tree; - - tree = xmalloc_and_zero(sizeof(avl_tree_t)); - tree->compare = compare; - tree->delete = delete; + avl_tree_t *tree; - return tree; + tree = xmalloc_and_zero(sizeof(avl_tree_t)); + tree->compare = compare; + tree->delete = delete; + + return tree; } void avl_free_tree(avl_tree_t *tree) { - free(tree); + free(tree); } avl_node_t *avl_alloc_node(void) { - avl_node_t *node; - - node = xmalloc_and_zero(sizeof(avl_node_t)); - - return node; + return (avl_node_t *)xmalloc_and_zero(sizeof(avl_node_t)); } void avl_free_node(avl_tree_t *tree, avl_node_t *node) { - if(node->data && tree->delete) - tree->delete(node->data); - free(node); + if(node->data && tree->delete) + tree->delete(node->data); + + free(node); } /* Searching */ void *avl_search(const avl_tree_t *tree, const void *data) { - avl_node_t *node; - - node = avl_search_node(tree, data); + avl_node_t *node; - return node?node->data:NULL; + node = avl_search_node(tree, data); + + return node ? node->data : NULL; } void *avl_search_closest(const avl_tree_t *tree, const void *data, int *result) { - avl_node_t *node; - - node = avl_search_closest_node(tree, data, result); + avl_node_t *node; + + node = avl_search_closest_node(tree, data, result); - return node?node->data:NULL; + return node ? node->data : NULL; } void *avl_search_closest_smaller(const avl_tree_t *tree, const void *data) { - avl_node_t *node; - - node = avl_search_closest_smaller_node(tree, data); + avl_node_t *node; - return node?node->data:NULL; + node = avl_search_closest_smaller_node(tree, data); + + return node ? node->data : NULL; } void *avl_search_closest_greater(const avl_tree_t *tree, const void *data) { - avl_node_t *node; - - node = avl_search_closest_greater_node(tree, data); + avl_node_t *node; + + node = avl_search_closest_greater_node(tree, data); - return node?node->data:NULL; + return node ? node->data : NULL; } avl_node_t *avl_search_node(const avl_tree_t *tree, const void *data) { - avl_node_t *node; - int result; - - node = avl_search_closest_node(tree, data, &result); - - return result?NULL:node; + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + return result ? NULL : node; } -avl_node_t *avl_search_closest_node(const avl_tree_t *tree, const void *data, int *result) +avl_node_t *avl_search_closest_node(const avl_tree_t *tree, const void *data, + int *result) { - avl_node_t *node; - int c; - - node = tree->root; - - if (!node) - { - if(result) - *result = 0; - return NULL; - } - - for (;;) - { - c = tree->compare(data, node->data); - - if (c < 0) - { - if (node->left) - node = node->left; - else - { - if(result) - *result = -1; - break; - } - } - else if (c > 0) - { - if (node->right) - node = node->right; - else - { - if(result) - *result = 1; - break; - } - } - else - { - if(result) - *result = 0; - break; - } - } - - return node; + avl_node_t *node; + int c; + + node = tree->root; + + if(!node) { + if(result) + *result = 0; + return NULL; + } + + for(;;) { + c = tree->compare(data, node->data); + + if(c < 0) { + if(node->left) + node = node->left; + else { + if(result) + *result = -1; + break; + } + } else if(c > 0) { + if(node->right) + node = node->right; + else { + if(result) + *result = 1; + break; + } + } else { + if(result) + *result = 0; + break; + } + } + + return node; } -avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *tree, const void *data) +avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *tree, + const void *data) { - avl_node_t *node; - int result; - - node = avl_search_closest_node(tree, data, &result); - - if(result < 0) - node = node->prev; - - return node; + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + if(result < 0) + node = node->prev; + + return node; } -avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, const void *data) +avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, + const void *data) { - avl_node_t *node; - int result; - - node = avl_search_closest_node(tree, data, &result); - - if(result > 0) - node = node->next; - - return node; + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + if(result > 0) + node = node->next; + + return node; } /* Insertion and deletion */ avl_node_t *avl_insert(avl_tree_t *tree, void *data) { - avl_node_t *closest, *new; - int result; - - if (!tree->root) - { - new = avl_alloc_node(); - new->data = data; - avl_insert_top(tree, new); - } - else - { - closest = avl_search_closest_node(tree, data, &result); - switch(result) - { - case -1: - new = avl_alloc_node(); - new->data = data; - avl_insert_before(tree, closest, new); - break; - case 1: - new = avl_alloc_node(); - new->data = data; - avl_insert_after(tree, closest, new); - break; - default: - return NULL; - } - } - + avl_node_t *closest, *new; + int result; + + if(!tree->root) { + new = avl_alloc_node(); + new->data = data; + avl_insert_top(tree, new); + } else { + closest = avl_search_closest_node(tree, data, &result); + + switch (result) { + case -1: + new = avl_alloc_node(); + new->data = data; + avl_insert_before(tree, closest, new); + break; + + case 1: + new = avl_alloc_node(); + new->data = data; + avl_insert_after(tree, closest, new); + break; + + default: + return NULL; + } + } + #ifdef AVL_COUNT - new->count = 1; + new->count = 1; #endif #ifdef AVL_DEPTH - new->depth = 1; + new->depth = 1; #endif - return new; + return new; } avl_node_t *avl_insert_node(avl_tree_t *tree, avl_node_t *node) { - avl_node_t *closest; - int result; - - if (!tree->root) - avl_insert_top(tree, node); - else - { - closest = avl_search_closest_node(tree, node->data, &result); - switch(result) - { - case -1: - avl_insert_before(tree, closest, node); - break; - case 1: - avl_insert_after(tree, closest, node); - break; - case 0: - return NULL; - } - } - + avl_node_t *closest; + int result; + + if(!tree->root) + avl_insert_top(tree, node); + else { + closest = avl_search_closest_node(tree, node->data, &result); + + switch (result) { + case -1: + avl_insert_before(tree, closest, node); + break; + + case 1: + avl_insert_after(tree, closest, node); + break; + + case 0: + return NULL; + } + } + #ifdef AVL_COUNT - node->count = 1; + node->count = 1; #endif #ifdef AVL_DEPTH - node->depth = 1; + node->depth = 1; #endif - return node; + return node; } void avl_insert_top(avl_tree_t *tree, avl_node_t *node) { - node->prev = node->next = node->parent = NULL; - tree->head = tree->tail = tree->root = node; + node->prev = node->next = node->parent = NULL; + tree->head = tree->tail = tree->root = node; } -void avl_insert_before(avl_tree_t *tree, avl_node_t *before, avl_node_t *node) +void avl_insert_before(avl_tree_t *tree, avl_node_t *before, + avl_node_t *node) { - if (!before) - return tree->tail ? avl_insert_after(tree, tree->tail, node) : avl_insert_top(tree, node); - - node->next = before; - node->parent = before; - node->prev = before->prev; - - if(before->left) - return avl_insert_after(tree, before->prev, node); - - if (before->prev) - before->prev->next = node; - else - tree->head = node; - - before->prev = node; - before->left = node; - - avl_rebalance(tree, before->parent); + if(!before) { + if(tree->tail) + avl_insert_after(tree, tree->tail, node); + else + avl_insert_top(tree, node); + return; + } + + node->next = before; + node->parent = before; + node->prev = before->prev; + + if(before->left) { + avl_insert_after(tree, before->prev, node); + return; + } + + if(before->prev) + before->prev->next = node; + else + tree->head = node; + + before->prev = node; + before->left = node; + + avl_rebalance(tree, before); } void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) { - if (!after) - return tree->head ? avl_insert_before(tree, tree->head, node) : avl_insert_top(tree, node); - - if(after->right) - return avl_insert_before(tree, after->next, node); - - node->prev = after; - node->parent = after; - node->next = after->next; - - if (after->next) - after->next->prev = node; - else - tree->tail = node; - - after->next = node; - after->right = node; - - avl_rebalance(tree, after->parent); + if(!after) { + if(tree->head) + avl_insert_before(tree, tree->head, node); + else + avl_insert_top(tree, node); + return; + } + + if(after->right) { + avl_insert_before(tree, after->next, node); + return; + } + + node->prev = after; + node->parent = after; + node->next = after->next; + + if(after->next) + after->next->prev = node; + else + tree->tail = node; + + after->next = node; + after->right = node; + + avl_rebalance(tree, after); } avl_node_t *avl_unlink(avl_tree_t *tree, void *data) { - avl_node_t *node; - - node = avl_search_node(tree, data); + avl_node_t *node; - if(node) - avl_unlink_node(tree, node); + node = avl_search_node(tree, data); - return node; + if(node) + avl_unlink_node(tree, node); + + return node; } void avl_unlink_node(avl_tree_t *tree, avl_node_t *node) { - avl_node_t *parent; - avl_node_t **superparent; - avl_node_t *subst, *left, *right; - avl_node_t *balnode; - - if (node->prev) - node->prev->next = node->next; - else - tree->head = node->next; - if (node->next) - node->next->prev = node->prev; - else - tree->tail = node->prev; - - parent = node->parent; - - superparent = parent ? node == parent->left ? &parent->left : &parent->right : &tree->root; - - left = node->left; - right = node->right; - if (!left) - { - *superparent = right; - if (right) - right->parent = parent; - balnode = parent; - } else if (!right) - { - *superparent = left; - left->parent = parent; - balnode = parent; - } else - { - subst = node->prev; - if (subst == left) - { - balnode = subst; - } else - { - balnode = subst->parent; - balnode->right = subst->left; - if (balnode->right) - balnode->right->parent = balnode; - subst->left = left; - left->parent = subst; - } - subst->right = right; - subst->parent = parent; - right->parent = subst; - *superparent = subst; - } - - avl_rebalance(tree, balnode); - - node->next = node->prev = node->parent = node->left = node->right = NULL; + avl_node_t *parent; + avl_node_t **superparent; + avl_node_t *subst, *left, *right; + avl_node_t *balnode; + + if(node->prev) + node->prev->next = node->next; + else + tree->head = node->next; + if(node->next) + node->next->prev = node->prev; + else + tree->tail = node->prev; + + parent = node->parent; + + superparent = + parent ? node == + parent->left ? &parent->left : &parent->right : &tree->root; + + left = node->left; + right = node->right; + if(!left) { + *superparent = right; + + if(right) + right->parent = parent; + + balnode = parent; + } else if(!right) { + *superparent = left; + left->parent = parent; + balnode = parent; + } else { + subst = node->prev; + + if(subst == left) { + balnode = subst; + } else { + balnode = subst->parent; + balnode->right = subst->left; + + if(balnode->right) + balnode->right->parent = balnode; + + subst->left = left; + left->parent = subst; + } + + subst->right = right; + subst->parent = parent; + right->parent = subst; + *superparent = subst; + } + + avl_rebalance(tree, balnode); + + node->next = node->prev = node->parent = node->left = node->right = NULL; #ifdef AVL_COUNT - node->count = 0; + node->count = 0; #endif #ifdef AVL_DEPTH - node->depth = 0; + node->depth = 0; #endif } void avl_delete_node(avl_tree_t *tree, avl_node_t *node) { - avl_unlink_node(tree, node); - avl_free_node(tree, node); + avl_unlink_node(tree, node); + avl_free_node(tree, node); } void avl_delete(avl_tree_t *tree, void *data) { - avl_node_t *node; + avl_node_t *node; - node = avl_search_node(tree, data); + node = avl_search_node(tree, data); - if (node) - avl_delete_node(tree, node); + if(node) + avl_delete_node(tree, node); } /* Fast tree cleanup */ void avl_delete_tree(avl_tree_t *tree) { - avl_node_t *node, *next; - - for(node = tree->root; node; node = next) - { - next = node->next; - avl_free_node(tree, node); - } - - avl_free_tree(tree); + avl_node_t *node, *next; + + for(node = tree->root; node; node = next) { + next = node->next; + avl_free_node(tree, node); + } + + avl_free_tree(tree); } /* Tree walking */ -void avl_foreach(avl_tree_t *tree, avl_action_t action) +void avl_foreach(const avl_tree_t *tree, avl_action_t action) { - avl_node_t *node, *next; - - for(node = tree->head; node; node = next) - { - next = node->next; - action(node->data); - } + avl_node_t *node, *next; + + for(node = tree->head; node; node = next) { + next = node->next; + action(node->data); + } } -void avl_foreach_node(avl_tree_t *tree, avl_action_t action) +void avl_foreach_node(const avl_tree_t *tree, avl_action_t action) { - avl_node_t *node, *next; - - for(node = tree->head; node; node = next) - { - next = node->next; - action(node); - } + avl_node_t *node, *next; + + for(node = tree->head; node; node = next) { + next = node->next; + action(node); + } } /* Indexing */ #ifdef AVL_COUNT -unsigned int avl_count(avl_tree_t *tree) +unsigned int avl_count(const avl_tree_t *tree) { - return AVL_NODE_COUNT(tree->root); + return AVL_NODE_COUNT(tree->root); } avl_node_t *avl_get_node(const avl_tree_t *tree, unsigned int index) { - avl_node_t *node; - unsigned int c; - - node = tree->root; - - while (node) - { - c = AVL_L_COUNT(node); - - if (index < c) - { - node = node->left; - } else if (index > c) - { - node = node->right; - index -= c + 1; - } else - { - return node; - } - } - - return NULL; + avl_node_t *node; + unsigned int c; + + node = tree->root; + + while(node) { + c = AVL_L_COUNT(node); + + if(index < c) { + node = node->left; + } else if(index > c) { + node = node->right; + index -= c + 1; + } else { + return node; + } + } + + return NULL; } unsigned int avl_index(const avl_node_t *node) { - avl_node_t *next; - unsigned int index; + avl_node_t *next; + unsigned int index; - index = AVL_L_COUNT(node); + index = AVL_L_COUNT(node); - while ((next = node->parent)) - { - if (node == next->right) - index += AVL_L_COUNT(next) + 1; - node = next; - } + while((next = node->parent)) { + if(node == next->right) + index += AVL_L_COUNT(next) + 1; + node = next; + } - return index; + return index; } #endif #ifdef AVL_DEPTH -unsigned int avl_depth(avl_tree_t *tree) +unsigned int avl_depth(const avl_tree_t *tree) { - return AVL_NODE_DEPTH(tree->root); + return AVL_NODE_DEPTH(tree->root); } #endif diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 9022097f..13ec3aa9 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -1,9 +1,9 @@ /* avl_tree.h -- header file for avl_tree.c Copyright (C) 1998 Michael H. Buselli - 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen - 2000,2001 Wessel Dankers + 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen + 2000-2003 Wessel Dankers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,9 +27,9 @@ Cleaned up and incorporated some of the ideas from the red-black tree library for inclusion into tinc (http://tinc.nl.linux.org/) by - Guus Sliepen . + Guus Sliepen . - $Id: avl_tree.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: avl_tree.h,v 1.3 2003/08/24 20:38:20 guus Exp $ */ @@ -37,54 +37,54 @@ #define __AVL_TREE_H__ #ifndef AVL_DEPTH - #ifndef AVL_COUNT - #define AVL_DEPTH - #endif +#ifndef AVL_COUNT +#define AVL_DEPTH +#endif #endif typedef struct avl_node_t { - /* Linked list part */ + /* Linked list part */ - struct avl_node_t *next; - struct avl_node_t *prev; + struct avl_node_t *next; + struct avl_node_t *prev; - /* Tree part */ + /* Tree part */ - struct avl_node_t *parent; - struct avl_node_t *left; - struct avl_node_t *right; + struct avl_node_t *parent; + struct avl_node_t *left; + struct avl_node_t *right; #ifdef AVL_COUNT - unsigned int count; + unsigned int count; #endif #ifdef AVL_DEPTH - unsigned char depth; + unsigned char depth; #endif - /* Payload */ + /* Payload */ - void *data; + void *data; } avl_node_t; -typedef int (*avl_compare_t) (const void *, const void *); -typedef void (*avl_action_t) (const void *); -typedef void (*avl_action_node_t) (const avl_node_t *); +typedef int (*avl_compare_t)(const void *, const void *); +typedef void (*avl_action_t)(const void *); +typedef void (*avl_action_node_t)(const avl_node_t *); typedef struct avl_tree_t { - /* Linked list part */ + /* Linked list part */ - avl_node_t *head; - avl_node_t *tail; + avl_node_t *head; + avl_node_t *tail; - /* Tree part */ + /* Tree part */ - avl_node_t *root; + avl_node_t *root; - avl_compare_t compare; - avl_action_t delete; + avl_compare_t compare; + avl_action_t delete; } avl_tree_t; @@ -128,18 +128,18 @@ extern avl_node_t *avl_search_closest_greater_node(const avl_tree_t *, const voi /* Tree walking */ -extern void avl_foreach(avl_tree_t *, avl_action_t); -extern void avl_foreach_node(avl_tree_t *, avl_action_t); +extern void avl_foreach(const avl_tree_t *, avl_action_t); +extern void avl_foreach_node(const avl_tree_t *, avl_action_t); /* Indexing */ #ifdef AVL_COUNT -extern unsigned int avl_count(avl_tree_t *); +extern unsigned int avl_count(const avl_tree_t *); extern avl_node_t *avl_get_node(const avl_tree_t *, unsigned int); extern unsigned int avl_index(const avl_node_t *); #endif #ifdef AVL_DEPTH -extern unsigned int avl_depth(avl_tree_t *); +extern unsigned int avl_depth(const avl_tree_t *); #endif -#endif /* __AVL_TREE_H__ */ +#endif /* __AVL_TREE_H__ */ diff --git a/lib/conf.c b/lib/conf.c deleted file mode 100644 index c3b55223..00000000 --- a/lib/conf.c +++ /dev/null @@ -1,269 +0,0 @@ -/* - conf.c -- configuration storage & retrieval code - Copyright (C) 1998 Robert van der Meulen - 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - 2000 Cris van Pelt - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: conf.c,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include /* for cp */ -#include - -#include "conf.h" -#include "netutl.h" /* for str2address */ -#include "logging.h" - -#include "system.h" - -avl_tree_t *config_tree; - -int pingtimeout = 0; /* seconds before timeout */ -char *confbase = NULL; /* directory in which all config files are */ -char *netname = NULL; /* name of the vpn network */ - -int config_compare(config_t *a, config_t *b) -{ - int result; - - result = strcasecmp(a->variable, b->variable); - - if(result) - return result; - - result = a->line - b->line; - - if(result) - return result; - else - return strcmp(a->file, b->file); -} - -void init_configuration(avl_tree_t **config_tree) -{ -cp - *config_tree = avl_alloc_tree((avl_compare_t)config_compare, (avl_action_t)free_config); -cp -} - -void exit_configuration(avl_tree_t **config_tree) -{ -cp - avl_delete_tree(*config_tree); - *config_tree = NULL; -cp -} - -config_t *new_config(void) -{ - config_t *cfg; -cp - cfg = (config_t *)xmalloc_and_zero(sizeof(*cfg)); - - return cfg; -} - -void free_config(config_t *cfg) -{ -cp - if(cfg->variable) - free(cfg->variable); - if(cfg->value) - free(cfg->value); - if(cfg->file) - free(cfg->file); - free(cfg); -cp -} - -void config_add(avl_tree_t *config_tree, config_t *cfg) -{ -cp - avl_insert(config_tree, cfg); -cp -} - -config_t *lookup_config(avl_tree_t *config_tree, char *variable) -{ - config_t cfg, *found; -cp - cfg.variable = variable; - cfg.file = ""; - cfg.line = 0; - - found = avl_search_closest_greater(config_tree, &cfg); - - if(!found) - return NULL; - - if(strcasecmp(found->variable, variable)) - return NULL; - - return found; -} - -config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) -{ - avl_node_t *node; - config_t *found; -cp - node = avl_search_node(config_tree, cfg); - - if(node) - { - if(node->next) - { - found = (config_t *)node->next->data; - if(!strcasecmp(found->variable, cfg->variable)) - return found; - } - } - - return NULL; -} - -int get_config_bool(config_t *cfg, int *result) -{ -cp - if(!cfg) - return 0; - - if(!strcasecmp(cfg->value, "yes")) - { - *result = 1; - return 1; - } - else if(!strcasecmp(cfg->value, "no")) - { - *result = 0; - return 1; - } - - syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - - return 0; -} - -int get_config_int(config_t *cfg, int *result) -{ -cp - if(!cfg) - return 0; - - if(sscanf(cfg->value, "%d", result) == 1) - return 1; - - syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; -} - -int get_config_string(config_t *cfg, char **result) -{ -cp - if(!cfg) - return 0; - - *result = xstrdup(cfg->value); - return 1; -} - -int get_config_address(config_t *cfg, struct addrinfo **result) -{ - struct addrinfo *ai; -cp - if(!cfg) - return 0; - - ai = str2addrinfo(cfg->value, NULL, 0); - - if(ai) - { - *result = ai; - return 1; - } - - syslog(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; -} - -int get_config_port(config_t *cfg, port_t *result) -{ -cp - if(!cfg) - return 0; - - if(sscanf(cfg->value, "%hu", result) == 1) - { - *result = htons(*result); - return 1; - } - - syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; -} - -int get_config_subnet(config_t *cfg, subnet_t **result) -{ - subnet_t *subnet; -cp - if(!cfg) - return 0; - - subnet = str2net(cfg->value); - - if(!subnet) - { - syslog(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; - } - - /* Teach newbies what subnets are... */ - - if(((subnet->type == SUBNET_IPV4) && maskcheck((char *)&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) && maskcheck((char *)&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) - { - syslog(LOG_ERR, _("Network address and prefix length do not match for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - free(subnet); - return 0; - } - - *result = subnet; - - return 1; -} - diff --git a/lib/connection.c b/lib/connection.c deleted file mode 100644 index 279ac345..00000000 --- a/lib/connection.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - connection.c -- connection list management - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: connection.c,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include - -#include -#include - -#include "net.h" /* Don't ask. */ -#include "netutl.h" -#include "config.h" -#include "conf.h" -#include -#include "subnet.h" -#include "logging.h" - -#include "xalloc.h" -#include "system.h" - -avl_tree_t *connection_tree; /* Meta connections */ - -int connection_compare(connection_t *a, connection_t *b) -{ - return a - b; -} - -void init_connections(void) -{ -cp - connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, NULL); -cp -} - -void exit_connections(void) -{ -cp - avl_delete_tree(connection_tree); -cp -} - -connection_t *new_connection(void) -{ - connection_t *c; -cp - c = (connection_t *)xmalloc_and_zero(sizeof(connection_t)); - - if(!c) - return NULL; - - gettimeofday(&c->start, NULL); -cp - return c; -} - -void free_connection(connection_t *c) -{ -cp - if(c->hostname) - free(c->hostname); - if(c->inkey) - free(c->inkey); - if(c->outkey) - free(c->outkey); - if(c->mychallenge) - free(c->mychallenge); - if(c->hischallenge) - free(c->hischallenge); - free(c); -cp -} - -void connection_add(connection_t *c) -{ -cp - avl_insert(connection_tree, c); -cp -} - -void connection_del(connection_t *c) -{ -cp - avl_delete(connection_tree, c); -cp -} - -void dump_connections(void) -{ - avl_node_t *node; - connection_t *c; -cp - syslog(LOG_DEBUG, _("Connections:")); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), - c->name, c->hostname, c->options, c->socket, c->status); - } - - syslog(LOG_DEBUG, _("End of connections.")); -cp -} diff --git a/lib/connection.h b/lib/connection.h deleted file mode 100644 index 6ce7f879..00000000 --- a/lib/connection.h +++ /dev/null @@ -1,141 +0,0 @@ -/* - connection.h -- header for connection.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: connection.h,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#ifndef __TINC_CONNECTION_H__ -#define __TINC_CONNECTION_H__ - -#include - -#include -#include - -#ifdef USE_OPENSSL -# ifdef HAVE_OPENSSL_EVP_H -# include -# else -# include -# endif - -# ifdef HAVE_OPENSSL_RSA_H -# include -# else -# include -# endif -#endif /* USE_OPENSSL */ - -#ifdef USE_GCRYPT -# include -#endif - -#include "net.h" -#include "conf.h" - -#include "node.h" -#include "edge.h" - -#define OPTION_INDIRECT 0x0001 -#define OPTION_TCPONLY 0x0002 - -typedef struct connection_status_t { - int pinged:1; /* sent ping */ - int active:1; /* 1 if active.. */ - int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ - int termreq:1; /* the termination of this connection was requested */ - int remove:1; /* Set to 1 if you want this connection removed */ - int timeout:1; /* 1 if gotten timeout */ - int encryptout:1; /* 1 if we can encrypt outgoing traffic */ - int decryptin:1; /* 1 if we have to decrypt incoming traffic */ - int mst:1; /* 1 if this connection is part of a minimum spanning tree */ - int unused:18; -} connection_status_t; - -typedef struct connection_t { - char *name; /* name he claims to have */ - - sockaddr_t address; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ - int protocol_version; /* used protocol */ - - int socket; /* socket used for this connection */ - long int options; /* options for this connection */ - struct connection_status_t status; /* status info */ - int estimated_weight; /* estimation for the weight of the edge for this connection */ - struct timeval start; /* time this connection was started, used for above estimation */ - struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ - - struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ - -#ifdef USE_OPENSSL - RSA *rsa_key; /* his public/private key */ - const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ - const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ - EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ - EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ - const EVP_MD *indigest; - const EVP_MD *outdigest; -#endif - -#ifdef USE_GCRYPT - GCRY_SEXP rsa_key; - GCRY_CIPHER_HD incipher; - GCRY_CIPHER_HD outcipher; - GCRY_CIPHER_HD inctx; - GCRY_CIPHER_HD outctx; - GCRY_MD_HD indigest; - GCRY_MD_HD outdigest; - /* FIXME */ -#endif - - char *inkey; /* His symmetric meta key + iv */ - char *outkey; /* Our symmetric meta key + iv */ - int inkeylength; /* Length of his key + iv */ - int outkeylength; /* Length of our key + iv */ - int inmaclength; - int outmaclength; - int incompression; - int outcompression; - char *mychallenge; /* challenge we received from him */ - char *hischallenge; /* challenge we sent to him */ - - char buffer[MAXBUFSIZE]; /* metadata input buffer */ - int buflen; /* bytes read into buffer */ - int tcplen; /* length of incoming TCPpacket */ - int allow_request; /* defined if there's only one request possible */ - - time_t last_ping_time; /* last time we saw some activity from the other end */ - - avl_tree_t *config_tree; /* Pointer to configuration tree belonging to him */ -} connection_t; - -extern avl_tree_t *connection_tree; - -extern void init_connections(void); -extern void exit_connections(void); -extern connection_t *new_connection(void); -extern void free_connection(connection_t *); -extern void connection_add(connection_t *); -extern void connection_del(connection_t *); -extern void dump_connections(void); -extern int read_connection_config(connection_t *); - -#endif /* __TINC_CONNECTION_H__ */ diff --git a/lib/dropin.c b/lib/dropin.c index 15ee90c1..11e6fddd 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -1,7 +1,7 @@ /* dropin.c -- a set of drop-in replacements for libc functions - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,23 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: dropin.c,v 1.3 2003/08/24 20:38:20 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include +#include "xalloc.h" #ifndef HAVE_DAEMON /* @@ -51,61 +40,55 @@ */ int daemon(int nochdir, int noclose) { - pid_t pid; - int fd; - - pid = fork(); - - /* Check if forking failed */ - if(pid < 0) - { - perror("fork"); - exit(-1); - } - - /* If we are the parent, terminate */ - if(pid) - exit(0); - - /* Detach by becoming the new process group leader */ - if(setsid() < 0) - { - perror("setsid"); - return -1; - } - - /* Change working directory to the root (to avoid keeping mount - points busy) */ - if(!nochdir) - { - chdir("/"); - } - - /* Redirect stdin/out/err to /dev/null */ - if(!noclose) - { - fd = open("/dev/null", O_RDWR); - - if(fd < 0) - { - perror("opening /dev/null"); - return -1; - } - else - { - dup2(fd, 0); - dup2(fd, 1); - dup2(fd, 2); - } - } - - return 0; +#ifdef HAVE_FORK + pid_t pid; + int fd; + + pid = fork(); + + /* Check if forking failed */ + if(pid < 0) { + perror("fork"); + exit(-1); + } + + /* If we are the parent, terminate */ + if(pid) + exit(0); + + /* Detach by becoming the new process group leader */ + if(setsid() < 0) { + perror("setsid"); + return -1; + } + + /* Change working directory to the root (to avoid keeping mount + points busy) */ + if(!nochdir) { + chdir("/"); + } + + /* Redirect stdin/out/err to /dev/null */ + if(!noclose) { + fd = open("/dev/null", O_RDWR); + + if(fd < 0) { + perror("opening /dev/null"); + return -1; + } else { + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + } + } + + return 0; +#else + return -1; +#endif } #endif - - - #ifndef HAVE_GET_CURRENT_DIR_NAME /* Replacement for the GNU get_current_dir_name function: @@ -116,56 +99,75 @@ int daemon(int nochdir, int noclose) */ char *get_current_dir_name(void) { - size_t size; - char *buf; - char *r; - - /* Start with 100 bytes. If this turns out to be insufficient to - contain the working directory, double the size. */ - size = 100; - buf = xmalloc(size); - - errno = 0; /* Success */ - r = getcwd(buf, size); - /* getcwd returns NULL and sets errno to ERANGE if the bufferspace - is insufficient to contain the entire working directory. */ - while(r == NULL && errno == ERANGE) - { - free(buf); - size <<= 1; /* double the size */ - buf = xmalloc(size); - r = getcwd(buf, size); - } - - return buf; + size_t size; + char *buf; + char *r; + + /* Start with 100 bytes. If this turns out to be insufficient to + contain the working directory, double the size. */ + size = 100; + buf = xmalloc(size); + + errno = 0; /* Success */ + r = getcwd(buf, size); + + /* getcwd returns NULL and sets errno to ERANGE if the bufferspace + is insufficient to contain the entire working directory. */ + while(r == NULL && errno == ERANGE) { + free(buf); + size <<= 1; /* double the size */ + buf = xmalloc(size); + r = getcwd(buf, size); + } + + return buf; } #endif #ifndef HAVE_ASPRINTF int asprintf(char **buf, const char *fmt, ...) { - int status; - va_list ap; - int len; - - len = 4096; - *buf = xmalloc(len); + int status; + va_list ap; + int len; - va_start(ap, fmt); - status = vsnprintf (*buf, len, fmt, ap); - va_end (ap); + len = 4096; + *buf = xmalloc(len); + + va_start(ap, fmt); + status = vsnprintf(*buf, len, fmt, ap); + va_end(ap); + + if(status >= 0) + *buf = xrealloc(*buf, status + 1); + + if(status > len - 1) { + len = status; + va_start(ap, fmt); + status = vsnprintf(*buf, len, fmt, ap); + va_end(ap); + } + + return status; +} +#endif + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday(struct timeval *tv, void *tz) { + tv->tv_sec = time(NULL); + tv->tv_usec = 0; + return 0; +} +#endif - if(status >= 0) - *buf = xrealloc(*buf, status); +#ifndef HAVE_RANDOM +#include - if(status > len-1) - { - len = status; - va_start(ap, fmt); - status = vsnprintf (*buf, len, fmt, ap); - va_end (ap); - } +long int random(void) { + long int x; + + RAND_pseudo_bytes((unsigned char *)&x, sizeof(x)); - return status; + return x; } #endif diff --git a/lib/dropin.h b/lib/dropin.h index 1f4157b9..8255d54c 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -1,7 +1,7 @@ /* dropin.h -- header file for dropin.c - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,22 +17,38 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: dropin.h,v 1.3 2003/08/24 20:38:20 guus Exp $ */ #ifndef __DROPIN_H__ #define __DROPIN_H__ +#include "fake-getaddrinfo.h" +#include "fake-getnameinfo.h" + #ifndef HAVE_DAEMON extern int daemon(int, int); #endif #ifndef HAVE_GET_CURRENT_DIR_NAME -extern char* get_current_dir_name(void); +extern char *get_current_dir_name(void); #endif #ifndef HAVE_ASPRINTF extern int asprintf(char **, const char *, ...); #endif -#endif /* __DROPIN_H__ */ +#ifndef HAVE_GETNAMEINFO +extern int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags); +#endif + +#ifndef HAVE_GETTIMEOFDAY +extern int gettimeofday(struct timeval *, void *); +#endif + +#ifndef HAVE_RANDOM +extern long int random(void); +#endif + +#endif /* __DROPIN_H__ */ diff --git a/lib/edge.c b/lib/edge.c deleted file mode 100644 index d959d514..00000000 --- a/lib/edge.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - edge.c -- edge tree management - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: edge.c,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include - -#include -#include - -#include "net.h" /* Don't ask. */ -#include "netutl.h" -#include "config.h" -#include "conf.h" -#include -#include "subnet.h" - -#include "xalloc.h" -#include "system.h" - -avl_tree_t *edge_tree; /* Tree with all known edges (replaces active_tree) */ -avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ - -int edge_compare(edge_t *a, edge_t *b) -{ - int result; - - result = strcmp(a->from.node->name, b->from.node->name); - - if(result) - return result; - else - return strcmp(a->to.node->name, b->to.node->name); -} - -/* Evil edge_compare() from a parallel universe ;) - -int edge_compare(edge_t *a, edge_t *b) -{ - int result; - - return (result = strcmp(a->from.node->name, b->from.node->name)) || (result = strcmp(a->to.node->name, b->to.node->name)), result; -} - -*/ - -int edge_name_compare(edge_t *a, edge_t *b) -{ - int result; - char *name_a1, *name_a2, *name_b1, *name_b2; - - if(strcmp(a->from.node->name, a->to.node->name) < 0) - name_a1 = a->from.node->name, name_a2 = a->to.node->name; - else - name_a1 = a->to.node->name, name_a2 = a->from.node->name; - - if(strcmp(b->from.node->name, b->to.node->name) < 0) - name_b1 = b->from.node->name, name_b2 = b->to.node->name; - else - name_b1 = b->to.node->name, name_b2 = b->from.node->name; - - result = strcmp(name_a1, name_b1); - - if(result) - return result; - else - return strcmp(name_a2, name_b2); -} - -int edge_weight_compare(edge_t *a, edge_t *b) -{ - int result; - - result = a->weight - b->weight; - - if(result) - return result; - else - return edge_name_compare(a, b); -} - -void init_edges(void) -{ -cp - edge_tree = avl_alloc_tree((avl_compare_t)edge_compare, NULL); - edge_weight_tree = avl_alloc_tree((avl_compare_t)edge_weight_compare, NULL); -cp -} - -avl_tree_t *new_edge_tree(void) -{ -cp - return avl_alloc_tree((avl_compare_t)edge_name_compare, NULL); -cp -} - -void free_edge_tree(avl_tree_t *edge_tree) -{ -cp - avl_delete_tree(edge_tree); -cp -} - -void exit_edges(void) -{ -cp - avl_delete_tree(edge_tree); -cp -} - -/* Creation and deletion of connection elements */ - -edge_t *new_edge(void) -{ - edge_t *e; -cp - e = (edge_t *)xmalloc_and_zero(sizeof(*e)); -cp - return e; -} - -void free_edge(edge_t *e) -{ -cp - free(e); -cp -} - -void edge_add(edge_t *e) -{ -cp - avl_insert(edge_tree, e); - avl_insert(edge_weight_tree, e); - avl_insert(e->from.node->edge_tree, e); - avl_insert(e->to.node->edge_tree, e); -cp -} - -void edge_del(edge_t *e) -{ -cp - avl_delete(edge_tree, e); - avl_delete(edge_weight_tree, e); - avl_delete(e->from.node->edge_tree, e); - avl_delete(e->to.node->edge_tree, e); -cp -} - -edge_t *lookup_edge(node_t *from, node_t *to) -{ - edge_t v, *result; -cp - v.from.node = from; - v.to.node = to; - - result = avl_search(edge_tree, &v); - - if(result) - return result; -cp - v.from.node = to; - v.to.node = from; - - return avl_search(edge_tree, &v); -} - -void dump_edges(void) -{ - avl_node_t *node; - edge_t *e; - char *from_udp, *to_udp; -cp - syslog(LOG_DEBUG, _("Edges:")); - - for(node = edge_tree->head; node; node = node->next) - { - e = (edge_t *)node->data; - from_udp = sockaddr2hostname(&e->from.udpaddress); - to_udp = sockaddr2hostname(&e->to.udpaddress); - syslog(LOG_DEBUG, _(" %s at %s - %s at %s options %lx weight %d"), - e->from.node->name, from_udp, - e->to.node->name, to_udp, - e->options, e->weight); - free(from_udp); - free(to_udp); - } - - syslog(LOG_DEBUG, _("End of edges.")); -cp -} diff --git a/lib/error.c b/lib/error.c deleted file mode 100644 index fd205f72..00000000 --- a/lib/error.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - error.c -- generalized error handling - Copyright (C) 2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: error.c,v 1.1 2000/10/19 20:56:49 zarq Exp $ -*/ - -#include "config.h" - -#include - -#ifdef STDC_HEADERS -# include -#endif - -#ifdef HAVE_SYSLOG_H -# include -#endif - -#include -#include - -void error(int severity, const char *message, ...) -{ - va_list v; - extern int detached; - - va_start(v, message); - -#ifdef HAVE_SYSLOG - if(detached) - { - syslog(LOG_ERR, _(message), v); - } - else -#endif /* HAVE_SYSLOG */ - { - vfprintf(stderr, _(message), v); - fputs("\n", stderr); - } - va_end(v); - - if(severity | ERR_FATAL) - exit(1); -} diff --git a/lib/error.h b/lib/error.h deleted file mode 100644 index 24874230..00000000 --- a/lib/error.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - error.h -- header file for error.h - Copyright (C) 2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: error.h,v 1.1 2000/10/19 20:56:49 zarq Exp $ -*/ - -#ifndef __TINC_ERROR_H__ -#define __TINC_ERROR_H__ - -#define ERR_IGNORE 00000 /* Ignore this error */ -#define ERR_FATAL 00001 /* Terminate program */ -#define ERR_UNLOAD 00002 /* Unload associated module */ -#define ERR_WARNING 01000 /* Warning message only */ -#define ERR_DEBUG 04000 /* Debug message */ - -extern void error(int severity, const char *message, ...); - -#endif /* __TINC_ERROR_H__ */ diff --git a/lib/ethernet.h b/lib/ethernet.h new file mode 100644 index 00000000..bda8a962 --- /dev/null +++ b/lib/ethernet.h @@ -0,0 +1,75 @@ +/* + ethernet.h -- missing Ethernet related definitions + Copyright (C) 2003 Ivo Timmermans + 2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: ethernet.h,v 1.2 2003/08/24 20:38:20 guus Exp $ +*/ + +#ifndef __TINC_ETHERNET_H__ +#define __TINC_ETHERNET_H__ + +#ifndef ETH_ALEN +#define ETH_ALEN 6 +#endif + +#ifndef ETHER_ADDR_LEN +#define ETHER_ADDR_LEN 6 +#endif + +#ifndef ARPHRD_ETHER +#define ARPHRD_ETHER 1 +#endif + +#ifndef ETHERTYPE_IP +#define ETHERTYPE_IP 0x0800 +#endif + +#ifndef HAVE_STRUCT_ARPHDR +struct arphdr { + unsigned short int ar_hrd; + unsigned short int ar_pro; + unsigned char ar_hln; + unsigned char ar_pln; + unsigned short int ar_op; +}; + +#define ARPOP_REQUEST 1 +#define ARPOP_REPLY 2 +#define ARPOP_RREQUEST 3 +#define ARPOP_RREPLY 4 +#define ARPOP_InREQUEST 8 +#define ARPOP_InREPLY 9 +#define ARPOP_NAK 10 +#endif + +#ifndef HAVE_STRUCT_ETHER_ARP +struct ether_arp { + struct arphdr ea_hdr; + uint8_t arp_sha[ETH_ALEN]; + uint8_t arp_spa[4]; + uint8_t arp_tha[ETH_ALEN]; + uint8_t arp_tpa[4]; +}; +#define arp_hrd ea_hdr.ar_hrd +#define arp_pro ea_hdr.ar_pro +#define arp_hln ea_hdr.ar_hln +#define arp_pln ea_hdr.ar_pln +#define arp_op ea_hdr.ar_op +#endif + +#endif /* __TINC_ETHERNET_H__ */ diff --git a/lib/fake-gai-errnos.h b/lib/fake-gai-errnos.h new file mode 100644 index 00000000..cd82d457 --- /dev/null +++ b/lib/fake-gai-errnos.h @@ -0,0 +1,15 @@ +/* + * fake library for ssh + * + * This file is included in getaddrinfo.c and getnameinfo.c. + * See getaddrinfo.c and getnameinfo.c. + */ + +/* $Id: fake-gai-errnos.h,v 1.2 2003/08/24 20:38:20 guus Exp $ */ + +/* for old netdb.h */ +#ifndef EAI_NODATA +#define EAI_NODATA 1 +#define EAI_MEMORY 2 +#define EAI_FAMILY 3 +#endif diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c new file mode 100644 index 00000000..161c826f --- /dev/null +++ b/lib/fake-getaddrinfo.c @@ -0,0 +1,104 @@ +/* + * fake library for ssh + * + * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). + * These funtions are defined in rfc2133. + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For exapmle, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#include "system.h" + +#include "ipv4.h" +#include "ipv6.h" +#include "fake-getaddrinfo.h" + +#ifndef HAVE_GAI_STRERROR +char *gai_strerror(int ecode) +{ + switch (ecode) { + case EAI_NODATA: + return "No address associated with hostname"; + case EAI_MEMORY: + return "Memory allocation failure"; + case EAI_FAMILY: + return "Address family not supported"; + default: + return "Unknown error"; + } +} +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void freeaddrinfo(struct addrinfo *ai) +{ + struct addrinfo *next; + + while(ai) { + next = ai->ai_next; + free(ai); + ai = next; + } +} +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETADDRINFO +static struct addrinfo *malloc_ai(uint16_t port, uint32_t addr) +{ + struct addrinfo *ai; + + ai = xmalloc_and_zero(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + + ai->ai_addr = (struct sockaddr *)(ai + 1); + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr->sa_family = ai->ai_family = AF_INET; + + ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; + ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; + + return ai; +} + +int getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res) +{ + struct addrinfo *prev = NULL; + struct hostent *hp; + struct in_addr in = {0}; + int i; + uint16_t port = 0; + + if(hints && hints->ai_family != AF_INET && hints->ai_family != AF_UNSPEC) + return EAI_FAMILY; + + if (servname) + port = htons(atoi(servname)); + + if (hints && hints->ai_flags & AI_PASSIVE) { + *res = malloc_ai(port, htonl(0x00000000)); + return 0; + } + + if (!hostname) { + *res = malloc_ai(port, htonl(0x7f000001)); + return 0; + } + + hp = gethostbyname(hostname); + + if(!hp || !hp->h_addr_list || !hp->h_addr_list[0]) + return EAI_NODATA; + + for (i = 0; hp->h_addr_list[i]; i++) { + *res = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr); + + if(prev) + prev->ai_next = *res; + + prev = *res; + } + + return 0; +} +#endif /* !HAVE_GETADDRINFO */ diff --git a/lib/fake-getaddrinfo.h b/lib/fake-getaddrinfo.h new file mode 100644 index 00000000..34b524ae --- /dev/null +++ b/lib/fake-getaddrinfo.h @@ -0,0 +1,49 @@ +/* $Id: fake-getaddrinfo.h,v 1.2 2003/08/24 20:38:20 guus Exp $ */ + +#ifndef _FAKE_GETADDRINFO_H +#define _FAKE_GETADDRINFO_H + +#include "fake-gai-errnos.h" + +#ifndef AI_PASSIVE +# define AI_PASSIVE 1 +# define AI_CANONNAME 2 +#endif + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST 2 +# define NI_NAMEREQD 4 +# define NI_NUMERICSERV 8 +#endif + +#ifndef AI_NUMERICHOST +#define AI_NUMERICHOST 4 +#endif + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +int getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res); +#endif /* !HAVE_GETADDRINFO */ + +#ifndef HAVE_GAI_STRERROR +char *gai_strerror(int ecode); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void freeaddrinfo(struct addrinfo *ai); +#endif /* !HAVE_FREEADDRINFO */ + +#endif /* _FAKE_GETADDRINFO_H */ diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c new file mode 100644 index 00000000..796efdf8 --- /dev/null +++ b/lib/fake-getnameinfo.c @@ -0,0 +1,55 @@ +/* + * fake library for ssh + * + * This file includes getnameinfo(). + * These funtions are defined in rfc2133. + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For exapmle, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#include "system.h" + +#include "fake-getnameinfo.h" +#include "fake-getaddrinfo.h" + +#ifndef HAVE_GETNAMEINFO + +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + struct hostent *hp; + int len; + + if(sa->sa_family != AF_INET) + return EAI_FAMILY; + + if(serv && servlen) { + len = snprintf(serv, servlen, "%d", ntohs(sin->sin_port)); + if(len < 0 || len >= servlen) + return EAI_MEMORY; + } + + if(!host || !hostlen) + return 0; + + if(flags & NI_NUMERICHOST) { + len = snprintf(host, hostlen, "%s", inet_ntoa(sin->sin_addr)); + if(len < 0 || len >= hostlen) + return EAI_MEMORY; + return 0; + } + + hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), AF_INET); + + if(!hp || !hp->h_name || !hp->h_name[0]) + return EAI_NODATA; + + len = snprintf(host, hostlen, "%s", hp->h_name); + if(len < 0 || len >= hostlen) + return EAI_MEMORY; + + return 0; +} +#endif /* !HAVE_GETNAMEINFO */ diff --git a/lib/fake-getnameinfo.h b/lib/fake-getnameinfo.h new file mode 100644 index 00000000..a95b081d --- /dev/null +++ b/lib/fake-getnameinfo.h @@ -0,0 +1,18 @@ +/* $Id: fake-getnameinfo.h,v 1.2 2003/08/24 20:38:20 guus Exp $ */ + +#ifndef _FAKE_GETNAMEINFO_H +#define _FAKE_GETNAMEINFO_H + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags); +#endif /* !HAVE_GETNAMEINFO */ + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#endif /* _FAKE_GETNAMEINFO_H */ diff --git a/lib/getopt.c b/lib/getopt.c index 300f86de..5e397baa 100644 --- a/lib/getopt.c +++ b/lib/getopt.c @@ -85,16 +85,7 @@ USA. */ #define getpid() GetCurrentProcessId() #endif -#ifndef _ -/* This is for other GNU distributions with internationalized messages. - When compiling libc, the _ macro is predefined. */ -#ifdef HAVE_LIBINTL_H -# include -# define _(msgid) gettext (msgid) -#else -# define _(msgid) (msgid) -#endif -#endif +#include "gettext.h" /* This version of `getopt' appears to the caller like standard Unix `getopt' but it behaves differently for the user, since it allows the user @@ -268,7 +259,7 @@ extern pid_t __libc_pid; is valid for the getopt call we must make sure that the ARGV passed to getopt is that one passed to the process. */ static void -__attribute__ ((unused)) +__attribute__ ((__unused__)) store_args_and_env (int argc, char *const *argv) { /* XXX This is no good solution. We should rather copy the args so diff --git a/lib/gettext.h b/lib/gettext.h new file mode 100644 index 00000000..a9074031 --- /dev/null +++ b/lib/gettext.h @@ -0,0 +1,79 @@ +/* Convenience header for conditional use of GNU . + Copyright (C) 1995-1998, 2000-2003 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Library General Public License as published + by the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + USA. */ + +#ifndef _LIBGETTEXT_H +#define _LIBGETTEXT_H 1 + +/* NLS can be disabled through the configure --disable-nls option. */ +#if ENABLE_NLS + +/* Get declarations of GNU message catalog functions. */ +# include +# include + +/* Shorthand notation */ + +# define _(Text) gettext (Text) + +#else + +/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which + chokes if dcgettext is defined as a macro. So include it now, to make + later inclusions of a NOP. We don't include + as well because people using "gettext.h" will not include , + and also including would fail on SunOS 4, whereas + is OK. */ +#if defined(__sun) +# include +#endif + +/* Disabled NLS. + The casts to 'const char *' serve the purpose of producing warnings + for invalid uses of the value returned from these functions. + On pre-ANSI systems without 'const', the config.h file is supposed to + contain "#define const". */ +# define gettext(Msgid) ((const char *) (Msgid)) +# define dgettext(Domainname, Msgid) ((const char *) (Msgid)) +# define dcgettext(Domainname, Msgid, Category) ((const char *) (Msgid)) +# define ngettext(Msgid1, Msgid2, N) \ + ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) +# define dngettext(Domainname, Msgid1, Msgid2, N) \ + ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) +# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \ + ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) +# define textdomain(Domainname) ((const char *) (Domainname)) +# define bindtextdomain(Domainname, Dirname) ((const char *) (Dirname)) +# define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset)) + +# define _(Text) Text +# define setlocale(Category, Locale) ((const char *) (Locale)) + +#endif + +/* A pseudo function call that serves as a marker for the automated + extraction of messages, but does not call gettext(). The run-time + translation is done at a different place in the code. + The argument, String, should be a literal string. Concatenated strings + and other string expressions won't work. + The macro's expansion is not parenthesized, so that it is suitable as + initializer for static 'char[]' or 'const char[]' variables. */ +#define gettext_noop(String) String + +#define N_(Text) Text + +#endif /* _LIBGETTEXT_H */ diff --git a/lib/graph.c b/lib/graph.c deleted file mode 100644 index f9532632..00000000 --- a/lib/graph.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - graph.c -- graph algorithms - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: graph.c,v 1.1 2002/05/02 11:50:07 zarq Exp $ -*/ - -/* We need to generate two trees from the graph: - - 1. A minimum spanning tree for broadcasts, - 2. A single-source shortest path tree for unicasts. - - Actually, the first one alone would suffice but would make unicast packets - take longer routes than necessary. - - For the MST algorithm we can choose from Prim's or Kruskal's. I personally - favour Kruskal's, because we make an extra AVL tree of edges sorted on - weights (metric). That tree only has to be updated when an edge is added or - removed, and during the MST algorithm we just have go linearly through that - tree, adding safe edges until #edges = #nodes - 1. The implementation here - however is not so fast, because I tried to avoid having to make a forest and - merge trees. - - For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a - simple breadth-first search is presented here. - - The SSSP algorithm will also be used to determine whether nodes are directly, - indirectly or not reachable from the source. It will also set the correct - destination address and port of a node if possible. -*/ - -#include "config.h" - -#include -#include -#include -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) - #include -#endif -#include - -#include -#include -#include - -#include "netutl.h" -#include "node.h" -#include "edge.h" -#include "connection.h" -#include "logging.h" - -#include "system.h" - -/* Implementation of Kruskal's algorithm. - Running time: O(EN) - Please note that sorting on weight is already done by add_edge(). -*/ - -void mst_kruskal(void) -{ - avl_node_t *node, *next; - edge_t *e; - node_t *n; - connection_t *c; - int nodes = 0; - int safe_edges = 0; - int skipped; - - /* Clear MST status on connections */ - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - c->status.mst = 0; - } - - /* Do we have something to do at all? */ - - if(!edge_weight_tree->head) - return; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Running Kruskal's algorithm:"); - - /* Clear visited status on nodes */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - n->status.visited = 0; - nodes++; - } - - /* Starting point */ - - ((edge_t *)edge_weight_tree->head->data)->from.node->status.visited = 1; - - /* Add safe edges */ - - for(skipped = 0, node = edge_weight_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; - - if(e->from.node->status.visited == e->to.node->status.visited) - { - skipped = 1; - continue; - } - - e->from.node->status.visited = 1; - e->to.node->status.visited = 1; - if(e->connection) - e->connection->status.mst = 1; - - safe_edges++; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from.node->name, e->to.node->name, e->weight); - - if(skipped) - { - next = edge_weight_tree->head; - continue; - } - } - - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, safe_edges); -} - -/* Implementation of a simple breadth-first search algorithm. - Running time: O(E) -*/ - -void sssp_bfs(void) -{ - avl_node_t *node, *from, *next, *to; - edge_t *e; - node_t *n; - halfconnection_t to_hc, from_hc; - avl_tree_t *todo_tree; - int indirect; - - todo_tree = avl_alloc_tree(NULL, NULL); - - /* Clear visited status on nodes */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - n->status.visited = 0; - n->status.indirect = 1; - } - - /* Begin with myself */ - - myself->status.visited = 1; - myself->status.indirect = 0; - myself->nexthop = myself; - myself->via = myself; - node = avl_alloc_node(); - node->data = myself; - avl_insert_top(todo_tree, node); - - /* Loop while todo_tree is filled */ - - while(todo_tree->head) - { - for(from = todo_tree->head; from; from = next) /* "from" is the node from which we start */ - { - next = from->next; - n = (node_t *)from->data; - - for(to = n->edge_tree->head; to; to = to->next) /* "to" is the edge connected to "from" */ - { - e = (edge_t *)to->data; - - if(e->from.node == n) /* "from_hc" is the halfconnection with .node == from */ - to_hc = e->to, from_hc = e->from; - else - to_hc = e->from, from_hc = e->to; - - /* Situation: - - / - / - ------(n)from_hc-----to_hc - \ - \ - - n->address is set to the to_hc.udpaddress of the edge left of n. - We are currently examining the edge right of n: - - - If from_hc.udpaddress != n->address, then to_hc.node is probably - not reachable for the nodes left of n. We do as if the indirectdata - flag is set on edge e. - - If edge e provides for better reachability of to_hc.node, update - to_hc.node and (re)add it to the todo_tree to (re)examine the reachability - of nodes behind it. - */ - - indirect = n->status.indirect || e->options & OPTION_INDIRECT || ((n != myself) && sockaddrcmp(&n->address, &from_hc.udpaddress)); - - if(to_hc.node->status.visited && (!to_hc.node->status.indirect || indirect)) - continue; - - to_hc.node->status.visited = 1; - to_hc.node->status.indirect = indirect; - to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; - to_hc.node->via = indirect ? n->via : to_hc.node; - to_hc.node->options = e->options; - if(sockaddrcmp(&to_hc.node->address, &to_hc.udpaddress)) - { - node = avl_unlink(node_udp_tree, to_hc.node); - to_hc.node->address = to_hc.udpaddress; - if(to_hc.node->hostname) - free(to_hc.node->hostname); - to_hc.node->hostname = sockaddr2hostname(&to_hc.udpaddress); - avl_insert_node(node_udp_tree, node); - } - node = avl_alloc_node(); - node->data = to_hc.node; - avl_insert_before(todo_tree, from, node); - } - - avl_delete_node(todo_tree, from); - } - } - - avl_free_tree(todo_tree); - - /* Check reachability status. */ - - for(node = node_tree->head; node; node = next) - { - next = node->next; - n = (node_t *)node->data; - - if(n->status.visited) - { - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); - n->status.reachable = 1; - run_hooks("node-visible", n); - } - } - else - { - if(n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); - n->status.reachable = 0; - n->status.validkey = 0; - n->status.waitingforkey = 0; - n->sent_seqno = 0; - run_hooks("node-invisible", n); - } - } - } -} - -void graph(void) -{ - mst_kruskal(); - sssp_bfs(); -} diff --git a/lib/hash.c b/lib/hash.c deleted file mode 100644 index 4963014e..00000000 --- a/lib/hash.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - hash.c -- Handle hash datastructures - Copyright (C) 2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: hash.c,v 1.1 2000/10/20 16:44:32 zarq Exp $ -*/ - -#include "config.h" - -/* - hash_delete - delete one element, indicated by key, from hash -*/ -int hash_delete(hash_t hash, char *key) -{ -} - -/* - hash_insert_maybe - insert an element into the hash, unless an element with the - same key already exists. -*/ -int hash_insert_maybe(hash_t hash, void *data, char *key) -{ - if(hash_retrieve(hash, key)) - { - } -} - -/* - hash_insert_or_update - - If an element indicated by key exists in the hash, update the - associated pointer. Otherwise, insert this pointer as a new - element. -*/ -int hash_insert_or_update(hash_t hash, void *data, char *key) -{ - -} - diff --git a/lib/hash.h b/lib/hash.h deleted file mode 100644 index 79a9626b..00000000 --- a/lib/hash.h +++ /dev/null @@ -1 +0,0 @@ -/* */ diff --git a/lib/hooks.h b/lib/hooks.h deleted file mode 100644 index 559b1443..00000000 --- a/lib/hooks.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - hooks.h -- header file for hooks.c - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: hooks.h,v 1.2 2002/05/07 14:48:41 zarq Exp $ -*/ - -#ifndef __TINC_HOOKS_H__ -#define __TINC_HOOKS_H__ - -#include - -typedef void (hook_function_t)(const char*,va_list); - -void run_hooks(const char *type, ...); -void add_hook(const char *type, hook_function_t *hook); -void del_hook(const char *type, hook_function_t *hook); - -#endif /* __TINC_HOOKS_H__ */ diff --git a/lib/ipv4.h b/lib/ipv4.h new file mode 100644 index 00000000..2c346ee9 --- /dev/null +++ b/lib/ipv4.h @@ -0,0 +1,132 @@ +/* + ipv4.h -- missing IPv4 related definitions + Copyright (C) 2003 Ivo Timmermans + 2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: ipv4.h,v 1.2 2003/08/24 20:38:20 guus Exp $ +*/ + +#ifndef __TINC_IPV4_H__ +#define __TINC_IPV4_H__ + +#ifndef AF_INET +#define AF_INET 2 +#endif + +#ifndef IPPROTO_ICMP +#define IPPROTO_ICMP 1 +#endif + +#ifndef ICMP_DEST_UNREACH +#define ICMP_DEST_UNREACH 3 +#endif + +#ifndef ICMP_NET_UNKNOWN +#define ICMP_NET_UNKNOWN 6 +#endif + +#ifndef ICMP_NET_UNREACH +#define ICMP_NET_UNREACH 0 +#endif + +#ifndef IP_MSS +#define IP_MSS 576 +#endif + +#ifndef HAVE_STRUCT_IP +struct ip { +#if __BYTE_ORDER == __LITTLE_ENDIAN + unsigned int ip_hl:4; + unsigned int ip_v:4; +#else + unsigned int ip_v:4; + unsigned int ip_hl:4; +#endif + uint8_t ip_tos; + uint16_t ip_len; + uint16_t ip_id; + uint16_t ip_off; +#define IP_RF 0x8000 +#define IP_DF 0x4000 +#define IP_MF 0x2000 +#define IP_OFFMASK 0x1fff + uint8_t ip_ttl; + uint8_t ip_p; + uint16_t ip_sum; + struct in_addr ip_src, ip_dst; +}; +#endif + +#ifndef HAVE_STRUCT_ICMP +struct icmp { + uint8_t icmp_type; + uint8_t icmp_code; + uint16_t icmp_cksum; + union { + uint8_t ih_pptr; + struct in_addr ih_gwaddr; + struct ih_idseq { + uint16_t icd_id; + uint16_t icd_seq; + } ih_idseq; + uint32_t ih_void; + + + struct ih_pmtu { + uint16_t ipm_void; + uint16_t ipm_nextmtu; + } ih_pmtu; + + struct ih_rtradv { + uint8_t irt_num_addrs; + uint8_t irt_wpa; + uint16_t irt_lifetime; + } ih_rtradv; + } icmp_hun; +#define icmp_pptr icmp_hun.ih_pptr +#define icmp_gwaddr icmp_hun.ih_gwaddr +#define icmp_id icmp_hun.ih_idseq.icd_id +#define icmp_seq icmp_hun.ih_idseq.icd_seq +#define icmp_void icmp_hun.ih_void +#define icmp_pmvoid icmp_hun.ih_pmtu.ipm_void +#define icmp_nextmtu icmp_hun.ih_pmtu.ipm_nextmtu +#define icmp_num_addrs icmp_hun.ih_rtradv.irt_num_addrs +#define icmp_wpa icmp_hun.ih_rtradv.irt_wpa +#define icmp_lifetime icmp_hun.ih_rtradv.irt_lifetime + union { + struct { + uint32_t its_otime; + uint32_t its_rtime; + uint32_t its_ttime; + } id_ts; + struct { + struct ip idi_ip; + } id_ip; + uint32_t id_mask; + uint8_t id_data[1]; + } icmp_dun; +#define icmp_otime icmp_dun.id_ts.its_otime +#define icmp_rtime icmp_dun.id_ts.its_rtime +#define icmp_ttime icmp_dun.id_ts.its_ttime +#define icmp_ip icmp_dun.id_ip.idi_ip +#define icmp_radv icmp_dun.id_radv +#define icmp_mask icmp_dun.id_mask +#define icmp_data icmp_dun.id_data +}; +#endif + +#endif /* __TINC_IPV4_H__ */ diff --git a/lib/ipv6.h b/lib/ipv6.h new file mode 100644 index 00000000..9946f8c8 --- /dev/null +++ b/lib/ipv6.h @@ -0,0 +1,120 @@ +/* + ipv6.h -- missing IPv6 related definitions + Copyright (C) 2003 Ivo Timmermans + 2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: ipv6.h,v 1.2 2003/08/24 20:38:20 guus Exp $ +*/ + +#ifndef __TINC_IPV6_H__ +#define __TINC_IPV6_H__ + +#ifndef AF_INET6 +#define AF_INET6 10 +#endif + +#ifndef IPPROTO_ICMPV6 +#define IPPROTO_ICMPV6 58 +#endif + +#ifndef HAVE_STRUCT_IN6_ADDR +struct in6_addr { + union { + uint8_t u6_addr8[16]; + uint16_t u6_addr16[8]; + uint32_t u6_addr32[4]; + } in6_u; +}; +#define s6_addr in6_u.u6_addr8 +#define s6_addr16 in6_u.u6_addr16 +#define s6_addr32 in6_u.u6_addr32 +#endif + +#ifndef HAVE_STRUCT_SOCKADDR_IN6 +struct sockaddr_in6 { + uint16_t sin6_family; + uint16_t sin6_port; + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; + uint32_t sin6_scope_id; +}; +#endif + +#ifndef IN6_IS_ADDR_V4MAPPED +#define IN6_IS_ADDR_V4MAPPED(a) \ + ((((__const uint32_t *) (a))[0] == 0) \ + && (((__const uint32_t *) (a))[1] == 0) \ + && (((__const uint32_t *) (a))[2] == htonl (0xffff))) +#endif + +#ifndef HAVE_STRUCT_IP6_HDR +struct ip6_hdr { + union { + struct ip6_hdrctl { + uint32_t ip6_un1_flow; + uint16_t ip6_un1_plen; + uint8_t ip6_un1_nxt; + uint8_t ip6_un1_hlim; + } ip6_un1; + uint8_t ip6_un2_vfc; + } ip6_ctlun; + struct in6_addr ip6_src; + struct in6_addr ip6_dst; +}; +#define ip6_vfc ip6_ctlun.ip6_un2_vfc +#define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow +#define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen +#define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt +#define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim +#define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim +#endif + +#ifndef HAVE_STRUCT_ICMP6_HDR +struct icmp6_hdr { + uint8_t icmp6_type; + uint8_t icmp6_code; + uint16_t icmp6_cksum; + union { + uint32_t icmp6_un_data32[1]; + uint16_t icmp6_un_data16[2]; + uint8_t icmp6_un_data8[4]; + } icmp6_dataun; +}; +#define ICMP6_DST_UNREACH_NOROUTE 0 +#define ICMP6_DST_UNREACH 1 +#define ICMP6_DST_UNREACH_ADDR 3 +#define ND_NEIGHBOR_SOLICIT 135 +#define ND_NEIGHBOR_ADVERT 136 +#endif + +#ifndef HAVE_STRUCT_ND_NEIGHBOR_SOLICIT +struct nd_neighbor_solicit { + struct icmp6_hdr nd_ns_hdr; + struct in6_addr nd_ns_target; +}; +#define ND_OPT_SOURCE_LINKADDR 1 +#define ND_OPT_TARGET_LINKADDR 2 +#endif + +#ifndef HAVE_STRUCT_ND_OPT_HDR +struct nd_opt_hdr { + uint8_t nd_opt_type; + uint8_t nd_opt_len; +}; +#endif + +#endif /* __TINC_IPV6_H__ */ diff --git a/lib/list.c b/lib/list.c index ae238514..2c08978a 100644 --- a/lib/list.c +++ b/lib/list.c @@ -1,7 +1,7 @@ /* list.c -- functions to deal with double linked lists - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,181 +17,170 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: list.c,v 1.3 2003/08/24 20:38:20 guus Exp $ */ -#include "config.h" - -#include - -#include -#include +#include "system.h" #include "list.h" +#include "xalloc.h" /* (De)constructors */ list_t *list_alloc(list_action_t delete) { - list_t *list; + list_t *list; - list = xmalloc_and_zero(sizeof(list_t)); - list->delete = delete; + list = xmalloc_and_zero(sizeof(list_t)); + list->delete = delete; - return list; + return list; } void list_free(list_t *list) { - free(list); + free(list); } list_node_t *list_alloc_node(void) { - list_node_t *node; - - node = xmalloc_and_zero(sizeof(list_node_t)); - - return node; + return (list_node_t *)xmalloc_and_zero(sizeof(list_node_t)); } void list_free_node(list_t *list, list_node_t *node) { - if(node->data && list->delete) - list->delete(node->data); - - free(node); + if(node->data && list->delete) + list->delete(node->data); + + free(node); } /* Insertion and deletion */ list_node_t *list_insert_head(list_t *list, void *data) { - list_node_t *node; - - node = list_alloc_node(); - - node->data = data; - node->prev = NULL; - node->next = list->head; - list->head = node; - - if(node->next) - node->next->prev = node; - else - list->tail = node; - - list->count++; - - return node; + list_node_t *node; + + node = list_alloc_node(); + + node->data = data; + node->prev = NULL; + node->next = list->head; + list->head = node; + + if(node->next) + node->next->prev = node; + else + list->tail = node; + + list->count++; + + return node; } list_node_t *list_insert_tail(list_t *list, void *data) { - list_node_t *node; - - node = list_alloc_node(); - - node->data = data; - node->next = NULL; - node->prev = list->tail; - list->tail = node; - - if(node->prev) - node->prev->next = node; - else - list->head = node; - - list->count++; - - return node; + list_node_t *node; + + node = list_alloc_node(); + + node->data = data; + node->next = NULL; + node->prev = list->tail; + list->tail = node; + + if(node->prev) + node->prev->next = node; + else + list->head = node; + + list->count++; + + return node; } void list_unlink_node(list_t *list, list_node_t *node) { - if(node->prev) - node->prev->next = node->next; - else - list->head = node->next; - - if(node->next) - node->next->prev = node->prev; - else - list->tail = node->prev; - - list->count--; + if(node->prev) + node->prev->next = node->next; + else + list->head = node->next; + + if(node->next) + node->next->prev = node->prev; + else + list->tail = node->prev; + + list->count--; } void list_delete_node(list_t *list, list_node_t *node) { - list_unlink_node(list, node); - list_free_node(list, node); + list_unlink_node(list, node); + list_free_node(list, node); } void list_delete_head(list_t *list) { - list_delete_node(list, list->head); + list_delete_node(list, list->head); } void list_delete_tail(list_t *list) { - list_delete_node(list, list->tail); + list_delete_node(list, list->tail); } /* Head/tail lookup */ void *list_get_head(list_t *list) { - if(list->head) - return list->head->data; - else - return NULL; + if(list->head) + return list->head->data; + else + return NULL; } void *list_get_tail(list_t *list) { - if(list->tail) - return list->tail->data; - else - return NULL; + if(list->tail) + return list->tail->data; + else + return NULL; } /* Fast list deletion */ void list_delete_list(list_t *list) { - list_node_t *node, *next; - - for(node = list->head; node; node = next) - { - next = node->next; - list_free_node(list, node); - } - - list_free(list); + list_node_t *node, *next; + + for(node = list->head; node; node = next) { + next = node->next; + list_free_node(list, node); + } + + list_free(list); } /* Traversing */ void list_foreach_node(list_t *list, list_action_node_t action) { - list_node_t *node, *next; + list_node_t *node, *next; - for(node = list->head; node; node = next) - { - next = node->next; - action(node); - } + for(node = list->head; node; node = next) { + next = node->next; + action(node); + } } void list_foreach(list_t *list, list_action_t action) { - list_node_t *node, *next; - - for(node = list->head; node; node = next) - { - next = node->next; - if(node->data) - action(node->data); - } + list_node_t *node, *next; + + for(node = list->head; node; node = next) { + next = node->next; + if(node->data) + action(node->data); + } } diff --git a/lib/list.h b/lib/list.h index 3f2a901c..620eeeca 100644 --- a/lib/list.h +++ b/lib/list.h @@ -1,7 +1,7 @@ /* list.h -- header file for list.c - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,39 +17,37 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: list.h,v 1.3 2003/08/24 20:38:20 guus Exp $ */ #ifndef __TINC_LIST_H__ #define __TINC_LIST_H__ -typedef struct list_node_t -{ - struct list_node_t *prev; - struct list_node_t *next; +typedef struct list_node_t { + struct list_node_t *prev; + struct list_node_t *next; - /* Payload */ + /* Payload */ - void *data; + void *data; } list_node_t; -typedef void (*list_action_t) (const void *); -typedef void (*list_action_node_t) (const list_node_t *); +typedef void (*list_action_t)(const void *); +typedef void (*list_action_node_t)(const list_node_t *); -typedef struct list_t -{ - list_node_t *head; - list_node_t *tail; - int count; +typedef struct list_t { + list_node_t *head; + list_node_t *tail; + int count; - /* Callbacks */ + /* Callbacks */ - list_action_t delete; + list_action_t delete; } list_t; /* (De)constructors */ -extern list_t *list_alloc(list_action_t); +extern list_t *list_alloc(list_action_t) __attribute__ ((__malloc__)); extern void list_free(list_t *); extern list_node_t *list_alloc_node(void); extern void list_free_node(list_t *, list_node_t *); @@ -79,4 +77,4 @@ extern void list_delete_list(list_t *); extern void list_foreach(list_t *, list_action_t); extern void list_foreach_node(list_t *, list_action_node_t); -#endif /* __TINC_LIST_H__ */ +#endif /* __TINC_LIST_H__ */ diff --git a/lib/logging.c b/lib/logging.c deleted file mode 100644 index b8206839..00000000 --- a/lib/logging.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - logging.c -- log messages to e.g. syslog - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: logging.c,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include - -#include - -#include "logging.h" - -avl_tree_t *log_hooks_tree = NULL; - -int debug_lvl = 0; - -int log_compare(const void *a, const void *b) -{ - if(a < b) - return -1; - if(a > b) - return 1; - return 0; -} - -void log(int level, int priority, char *fmt, ...) -{ - avl_node_t *avlnode; - va_list args; - - va_start(args, fmt); - for(avlnode = log_hooks_tree->head; avlnode; avlnode = avlnode->next) - { - assert(avlnode->data); - ((log_function_t*)(avlnode->data))(level, priority, fmt, args); - } - va_end(args); -} - -void log_add_hook(log_function_t *fn) -{ - if(!log_hooks_tree) - log_hooks_tree = avl_alloc_tree(log_compare, NULL); - - avl_insert(log_hooks_tree, (void*)fn); -} - -void log_del_hook(log_function_t *fn) -{ - avl_delete(log_hooks_tree, (void*)fn); -} - -void log_default(int level, int priority, char *fmt, va_list ap) -{ - if(debug_lvl >= level) - { - vfprintf(stderr, fmt, ap); - fprintf(stderr, "\n"); - } -} - -void log_syslog(int level, int priority, char *fmt, va_list ap) -{ - const int priorities[] = { LOG_DEBUG, LOG_INFO, LOG_NOTICE, LOG_ERR, LOG_CRIT }; - - if(debug_lvl >= level) - vsyslog(priorities[priority], fmt, ap); -} - -void tinc_syslog(int priority, char *fmt, ...) -{ - /* Mapping syslog prio -> tinc prio */ - const int priorities[] = { TLOG_CRITICAL, TLOG_CRITICAL, TLOG_CRITICAL, TLOG_ERROR, - TLOG_NOTICE, TLOG_NOTICE, TLOG_INFO, TLOG_DEBUG }; - avl_node_t *avlnode; - va_list args; - - va_start(args, fmt); - for(avlnode = log_hooks_tree->head; avlnode; avlnode = avlnode->next) - { - assert(avlnode->data); - ((log_function_t*)(avlnode->data))(0, priorities[priority], fmt, args); - } - va_end(args); -} diff --git a/lib/logging.h b/lib/logging.h deleted file mode 100644 index 60a48aa1..00000000 --- a/lib/logging.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - logging.h -- header for logging.c - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: logging.h,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#ifndef __TINC_LOGGING_H__ -#define __TINC_LOGGING_H__ - -#include - -enum { - TLOG_DEBUG, - TLOG_INFO, - TLOG_NOTICE, - TLOG_ERROR, - TLOG_CRITICAL -}; - -enum { - DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ - DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ - DEBUG_ERROR = 2, /* Show error messages received from other hosts */ - DEBUG_STATUS = 2, /* Show status messages received from other hosts */ - DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ - DEBUG_META = 4, /* Show contents of every request that is sent/received */ - DEBUG_TRAFFIC = 5, /* Show network traffic information */ - DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ - DEBUG_SCARY_THINGS = 10 /* You have been warned */ -}; - -typedef void (log_function_t)(int,int,char*,va_list); - -extern int debug_lvl; -extern avl_tree_t *log_hooks_tree; - -extern void log(int, int, char *, ...); -extern void log_add_hook(log_function_t *); -extern void log_del_hook(log_function_t *); -extern log_function_t log_default; -extern log_function_t log_syslog; -extern void tinc_syslog(int, char *, ...); - -#ifndef LOG_ERR /* Something from syslog.h */ -# define syslog tinc_syslog -#define LOG_EMERG 0 /* system is unusable */ -#define LOG_ALERT 1 /* action must be taken immediately */ -#define LOG_CRIT 2 /* critical conditions */ -#define LOG_ERR 3 /* error conditions */ -#define LOG_WARNING 4 /* warning conditions */ -#define LOG_NOTICE 5 /* normal but significant condition */ -#define LOG_INFO 6 /* informational */ -#define LOG_DEBUG 7 /* debug-level messages */ -#else -# warning dont include syslog! -#endif - -#endif /* __TINC_LOGGING_H__ */ diff --git a/lib/net.h b/lib/net.h deleted file mode 100644 index 2d5dae08..00000000 --- a/lib/net.h +++ /dev/null @@ -1,153 +0,0 @@ -/* - net.h -- header for net.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: net.h,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#ifndef __TINC_NET_H__ -#define __TINC_NET_H__ - -#include -#include -#include -#include - -#include "config.h" - -#ifdef ENABLE_JUMBOGRAMS - #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ - #define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ - #define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ -#else - #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ - #define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ - #define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ -#endif - -#define MAXSOCKETS 128 /* Overkill... */ - -#define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ - -typedef struct mac_t -{ - unsigned char x[6]; -} mac_t; - -typedef struct ipv4_t -{ - unsigned char x[4]; -} ipv4_t; - -typedef struct ip_mask_t { - ipv4_t address; - ipv4_t mask; -} ip_mask_t; - -typedef struct ipv6_t -{ - unsigned short x[8]; -} ipv6_t; - -typedef unsigned short port_t; - -typedef short length_t; - -typedef union { - struct sockaddr sa; - struct sockaddr_in in; - struct sockaddr_in6 in6; -} sockaddr_t; - -#ifdef SA_LEN -#define SALEN(s) SA_LEN(&s) -#else -#define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) -#endif - -typedef struct vpn_packet_t { - length_t len; /* the actual number of bytes in the `data' field */ - int priority; /* priority or TOS */ - unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ - unsigned char data[MAXSIZE]; -} vpn_packet_t; - -typedef struct queue_element_t { - void *packet; - struct queue_element_t *prev; - struct queue_element_t *next; -} queue_element_t; - -typedef struct packet_queue_t { - queue_element_t *head; - queue_element_t *tail; -} packet_queue_t; - -typedef struct outgoing_t { - char *name; - int timeout; - struct config_t *cfg; - struct addrinfo *ai; - struct addrinfo *aip; -} outgoing_t; - -typedef struct listen_socket_t { - int tcp; - int udp; - sockaddr_t sa; -} listen_socket_t; - -extern int maxtimeout; -extern int seconds_till_retry; -extern int addressfamily; - -extern char *request_name[]; -extern char *status_text[]; - -#include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ - -extern listen_socket_t listen_socket[MAXSOCKETS]; -extern int listen_sockets; -extern int keyexpires; -extern int keylifetime; -extern int do_prune; -extern int do_purge; -extern char *myport; -extern time_t now; - -extern void retry_outgoing(outgoing_t *); -extern void handle_incoming_vpn_data(int); -extern void finish_connecting(connection_t *); -extern void do_outgoing_connection(connection_t *); -extern int handle_new_meta_connection(int); -extern int setup_listen_socket(sockaddr_t *); -extern int setup_vpn_in_socket(sockaddr_t *); -extern void send_packet(struct node_t *, vpn_packet_t *); -extern void receive_packet(struct node_t *, vpn_packet_t *); -extern void receive_tcppacket(struct connection_t *, char *, int); -extern void broadcast_packet(struct node_t *, vpn_packet_t *); -extern int setup_network_connections(void); -extern void setup_outgoing_connection(struct outgoing_t *); -extern void try_outgoing_connections(void); -extern void close_network_connections(void); -extern void main_loop(void); -extern void terminate_connection(connection_t *, int); -extern void flush_queue(struct node_t *); -extern int read_rsa_public_key(struct connection_t *); - -#endif /* __TINC_NET_H__ */ diff --git a/lib/netutl.c b/lib/netutl.c deleted file mode 100644 index 2ce34410..00000000 --- a/lib/netutl.c +++ /dev/null @@ -1,247 +0,0 @@ -/* - netutl.c -- some supporting network utility code - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: netutl.c,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include "errno.h" -#include "conf.h" -#include "net.h" -#include "netutl.h" -#include "logging.h" - -#include "system.h" - -int hostnames = 0; - -/* - Turn a string into a struct addrinfo. - Return NULL on failure. -*/ -struct addrinfo *str2addrinfo(char *address, char *service, int socktype) -{ - struct addrinfo hint, *ai; - int err; -cp - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = addressfamily; - hint.ai_socktype = socktype; - - if((err = getaddrinfo(address, service, &hint, &ai))) - { - if(debug_lvl >= DEBUG_ERROR) - syslog(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, service, gai_strerror(err)); - cp_trace(); - return NULL; - } - -cp - return ai; -} - -sockaddr_t str2sockaddr(char *address, char *port) -{ - struct addrinfo hint, *ai; - sockaddr_t result; - int err; -cp - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = AF_UNSPEC; - hint.ai_flags = AI_NUMERICHOST; - hint.ai_socktype = SOCK_STREAM; - - if((err = getaddrinfo(address, port, &hint, &ai) || !ai)) - { - syslog(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); - } - - result = *(sockaddr_t *)ai->ai_addr; - freeaddrinfo(ai); -cp - return result; -} - -void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) -{ - char address[NI_MAXHOST]; - char port[NI_MAXSERV]; - char *scopeid; - int err; -cp - if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) - { - syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); - } - -#ifdef HAVE_LINUX - if((scopeid = strchr(address, '%'))) - *scopeid = '\0'; /* Descope. */ -#endif - - *addrstr = xstrdup(address); - *portstr = xstrdup(port); -cp -} - -char *sockaddr2hostname(sockaddr_t *sa) -{ - char *str; - char address[NI_MAXHOST] = "unknown"; - char port[NI_MAXSERV] = "unknown"; - int err; -cp - if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) - { - syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); - } - - asprintf(&str, _("%s port %s"), address, port); -cp - return str; -} - -int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) -{ - int result; -cp - result = a->sa.sa_family - b->sa.sa_family; - - if(result) - return result; - - switch(a->sa.sa_family) - { - case AF_UNSPEC: - return 0; - case AF_INET: - result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); - if(result) - return result; - return memcmp(&a->in.sin_port, &b->in.sin_port, sizeof(a->in.sin_port)); - case AF_INET6: - result = memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)); - if(result) - return result; - return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); - default: - syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); - cp_trace(); - raise(SIGFPE); - exit(0); - } -cp -} - -void sockaddrunmap(sockaddr_t *sa) -{ - if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) - { - sa->in.sin_addr.s_addr = ((uint32_t *)&sa->in6.sin6_addr)[3]; - sa->in.sin_family = AF_INET; - } -} - -/* Subnet mask handling */ - -int maskcmp(char *a, char *b, int masklen, int len) -{ - int i, m, result; -cp - for(m = masklen, i = 0; m >= 8; m -= 8, i++) - if((result = a[i] - b[i])) - return result; - - if(m) - return (a[i] & (0x100 - (1 << (8 - m)))) - (b[i] & (0x100 - (1 << (8 - m)))); - - return 0; -} - -void mask(char *a, int masklen, int len) -{ - int i; -cp - i = masklen / 8; - masklen %= 8; - - if(masklen) - a[i++] &= (0x100 - (1 << masklen)); - - for(; i < len; i++) - a[i] = 0; -} - -void maskcpy(char *a, char *b, int masklen, int len) -{ - int i, m; -cp - for(m = masklen, i = 0; m >= 8; m -= 8, i++) - a[i] = b[i]; - - if(m) - { - a[i] = b[i] & (0x100 - (1 << m)); - i++; - } - - for(; i < len; i++) - a[i] = 0; -} - -int maskcheck(char *a, int masklen, int len) -{ - int i; -cp - i = masklen / 8; - masklen %= 8; - - if(masklen) - if(a[i++] & (char)~(0x100 - (1 << masklen))) - return -1; - - for(; i < len; i++) - if(a[i] != 0) - return -1; - - return 0; -} diff --git a/lib/node.c b/lib/node.c deleted file mode 100644 index 47d346dc..00000000 --- a/lib/node.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - node.c -- node tree management - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: node.c,v 1.1 2002/04/28 12:46:25 zarq Exp $ -*/ - -#include "config.h" - -#include -#include - -#include -#include "node.h" -#include "netutl.h" -#include "net.h" -#include -#include -#include - -#include "logging.h" - -#include "system.h" - -avl_tree_t *node_tree; /* Known nodes, sorted by name */ -avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ - -node_t *myself; - -int node_compare(node_t *a, node_t *b) -{ - return strcmp(a->name, b->name); -} - -int node_udp_compare(node_t *a, node_t *b) -{ - int result; -cp - result = sockaddrcmp(&a->address, &b->address); - - if(result) - return result; - - return (a->name && b->name)?strcmp(a->name, b->name):0; -} - -void init_nodes(void) -{ -cp - node_tree = avl_alloc_tree((avl_compare_t)node_compare, NULL); - node_udp_tree = avl_alloc_tree((avl_compare_t)node_udp_compare, NULL); -cp -} - -void exit_nodes(void) -{ -cp - avl_delete_tree(node_tree); - avl_delete_tree(node_udp_tree); -cp -} - -node_t *new_node(void) -{ - node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); -cp - n->subnet_tree = new_subnet_tree(); - n->edge_tree = new_edge_tree(); - n->queue = list_alloc((list_action_t)free); -cp - return n; -} - -void free_node(node_t *n) -{ -cp - if(n->queue) - list_delete_list(n->queue); - if(n->name) - free(n->name); - if(n->hostname) - free(n->hostname); - if(n->key) - free(n->key); - if(n->subnet_tree) - free_subnet_tree(n->subnet_tree); - if(n->edge_tree) - free_edge_tree(n->edge_tree); - free(n); -cp -} - -void node_add(node_t *n) -{ -cp - avl_insert(node_tree, n); - avl_insert(node_udp_tree, n); - - run_hooks("node-add", n); -cp -} - -void node_del(node_t *n) -{ - avl_node_t *node, *next; - edge_t *e; - subnet_t *s; -cp - for(node = n->subnet_tree->head; node; node = next) - { - next = node->next; - s = (subnet_t *)node->data; - subnet_del(n, s); - } - - for(node = n->subnet_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; - edge_del(e); - } -cp - avl_delete(node_tree, n); - avl_delete(node_udp_tree, n); - - run_hooks("node-del", n); -cp -} - -node_t *lookup_node(char *name) -{ - node_t n; -cp - n.name = name; - return avl_search(node_tree, &n); -} - -node_t *lookup_node_udp(sockaddr_t *sa) -{ - node_t n; -cp - n.address = *sa; - n.name = NULL; - - return avl_search(node_udp_tree, &n); -} - -void dump_nodes(void) -{ - avl_node_t *node; - node_t *n; -cp - log(0, TLOG_DEBUG, - _("Nodes:")); - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; -#ifdef USE_OPENSSL - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), - n->name, n->hostname, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, - n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); -#endif -#ifdef USE_GCRYPT - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), - n->name, n->hostname, n->cipher?-1:0, n->digest?-1:0, n->maclength, n->compression, n->options, - n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); -#endif - } - - syslog(LOG_DEBUG, _("End of nodes.")); -cp -} diff --git a/lib/node.h b/lib/node.h deleted file mode 100644 index 3a2dbf46..00000000 --- a/lib/node.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - node.h -- header for node.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: node.h,v 1.2 2002/05/02 11:50:07 zarq Exp $ -*/ - -#ifndef __TINC_NODE_H__ -#define __TINC_NODE_H__ - -#ifdef USE_GCRYPT -#include -#endif - -#include - -#include "subnet.h" -#include "connection.h" - -typedef struct node_status_t { - int active:1; /* 1 if active.. */ - int validkey:1; /* 1 if we currently have a valid key for him */ - int waitingforkey:1; /* 1 if we already sent out a request */ - int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ - int reachable:1; /* 1 if this node is reachable in the graph */ - int indirect:1; /* 1 if this node is not directly reachable by us */ - int unused:26; -} node_status_t; - -typedef struct node_t { - char *name; /* name of this node */ - long int options; /* options turned on for this node */ - - sockaddr_t address; /* his real (internet) ip to send UDP packets to */ - char *hostname; /* the hostname of its real ip */ - - struct node_status_t status; - -#ifdef USE_OPENSSL - const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ -#endif -#ifdef USE_GCRYPT - GCRY_CIPHER_HD cipher; /* Cipher type for UDP packets */ -#endif - - char *key; /* Cipher key and iv */ - int keylength; /* Cipher key and iv length*/ - -#ifdef USE_OPENSSL - const EVP_MD *digest; /* Digest type for MAC */ -#endif -#ifdef USE_GCRYPT - GCRY_MD_HD digest; /* Digest type for MAC */ -#endif - - int maclength; /* Length of MAC */ - - int compression; /* Compressionlevel, 0 = no compression */ - - list_t *queue; /* Queue for packets awaiting to be encrypted */ - - struct node_t *nexthop; /* nearest node from us to him */ - struct node_t *via; /* next hop for UDP packets */ - - avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ - - avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ - - struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ - - unsigned int sent_seqno; /* Sequence number last sent to this node */ - unsigned int received_seqno; /* Sequence number last received from this node */ - - void *data; /* Interface details */ -} node_t; - -extern struct node_t *myself; -extern avl_tree_t *node_tree; -extern avl_tree_t *node_udp_tree; - -extern void init_nodes(void); -extern void exit_nodes(void); -extern node_t *new_node(void); -extern void free_node(node_t *); -extern void node_add(node_t *); -extern void node_del(node_t *); -extern node_t *lookup_node(char *); -extern node_t *lookup_node_udp(sockaddr_t *); -extern void dump_nodes(void); - -#endif /* __TINC_NODE_H__ */ diff --git a/lib/pidfile.c b/lib/pidfile.c index a954d18f..368dad45 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -25,16 +25,9 @@ * First version (v0.2) released */ -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "system.h" +#ifndef HAVE_MINGW /* read_pid * * Reads the specified pidfile and returns the read pid. @@ -135,4 +128,4 @@ int remove_pid (char *pidfile) { return unlink (pidfile); } - +#endif diff --git a/lib/pidfile.h b/lib/pidfile.h index 19d19c16..d428d48c 100644 --- a/lib/pidfile.h +++ b/lib/pidfile.h @@ -19,6 +19,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. */ +#ifndef HAVE_MINGW /* read_pid * * Reads the specified pidfile and returns the read pid. @@ -48,3 +49,4 @@ int write_pid (char *pidfile); * is returned */ int remove_pid (char *pidfile); +#endif diff --git a/lib/rbl.c b/lib/rbl.c deleted file mode 100644 index d2a2dc7f..00000000 --- a/lib/rbl.c +++ /dev/null @@ -1,596 +0,0 @@ -/* - rbl.c -- red-black tree + linked list convenience - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: rbl.c,v 1.2 2002/04/09 15:26:00 zarq Exp $ -*/ - -#include "config.h" - -#include -#include - -#include "rbl.h" -#include - -/* Allocate a new rbl node */ -rbl_t *new_rbl() -{ - return (rbl_t *)xmalloc_and_zero(sizeof(rbl_t)); -} - -/* Free a rbl node */ -void free_rbl(rbl_t *rbl) -{ - if(rbl->data && rbl->tree->delete) - rbl->tree->delete(rbl->data); - free(rbl); -} - -/* Allocate a new rbltree header */ -rbltree_t *new_rbltree(rbl_compare_t compare, rbl_action_t delete) -{ - rbltree_t *tree; - - tree = (rbltree_t *)xmalloc_and_zero(sizeof(rbltree_t)); - if(tree) - { - tree->compare = compare; - tree->delete = delete; - } - - return tree; -} - -/* Free a rbltree header */ -void free_rbltree(rbltree_t *tree) -{ - free(tree); -} - -/* Search closest match in the tree */ -rbl_t *rbl_search_closest_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl, *next; - int result; - - next = rbl = tree->top; - - while(next) - { - rbl = next; - - result = tree->compare(data, rbl->data); - - if(result < 0) - next = rbl->left; - else if(result > 0) - next = rbl->right; - else - break; - } - - return rbl; -} - -/* Search closest match in the tree */ -rbl_t *rbl_search_closest_greater_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_rbl(tree, data); - - if(rbl) - { - if(tree->compare(data, rbl->data) > 0) - rbl = rbl->next; - } - - return rbl; -} - -/* Search closest match in the tree */ -rbl_t *rbl_search_closest_smaller_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_rbl(tree, data); - - if(rbl) - { - if(tree->compare(data, rbl->data) < 0) - rbl = rbl->next; - } - - return rbl; -} - -void *rbl_search_closest(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -void *rbl_search_closest_greater(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_greater_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -void *rbl_search_closest_smaller(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_smaller_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -/* Search exact match or return NULL pointer */ -rbl_t *rbl_search_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - int result; - - rbl = tree->top; - - while(rbl) - { - result = tree->compare(data, rbl->data); - - if(result < 0) - rbl = rbl->left; - else if(result > 0) - rbl = rbl->right; - else - return rbl; - } - - return NULL; -} - -void *rbl_search(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -/* Red-black tree operations taken from Introduction to Algorithms, - Cormen, Leiserson & Rivest, chapter 14. -*/ - -void rbl_left_rotate(rbl_t *x) -{ - rbl_t *y; - - y = x->right; - x->right = y->left; - - if(y->left) - y->left->parent = x; - - y->parent = x->parent; - - if(!x->parent) - x->tree->top = y; - else - if(x == x->parent->left) - x->parent->left = y; - else - x->parent->right = y; - - y->left = x; - x->parent = y; -} - -void rbl_right_rotate(rbl_t *y) -{ - rbl_t *x; - - x = y->left; - y->left = x->right; - - if(x->right) - x->right->parent = y; - - x->parent = y->parent; - - if(!y->parent) - y->tree->top = x; - else - if(y == y->parent->right) - y->parent->right = x; - else - y->parent->left = x; - - x->right = y; - y->parent = x; -} - -/* Insert a node into the rbl tree */ -rbl_t *rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) -{ - rbl_t *closest, *x, *y; - int result; - - rbl->tree = tree; - - /* Binary tree and linked list insert */ - - if(tree->top) - { - closest = rbl_search_closest_rbl(tree, rbl->data); - result = tree->compare(rbl->data, closest->data); - if(result < 0) - { - closest->left = rbl; - - rbl->prev = closest->prev; - rbl->next = closest; - closest->prev = rbl; - - if(rbl->prev) - rbl->prev->next = rbl; - else - tree->head = rbl; - } - else if(result > 0) - { - closest->right = rbl; - - rbl->next = closest->next; - rbl->prev = closest; - closest->next = rbl; - - if(rbl->next) - rbl->next->prev = rbl; - else - tree->tail = rbl; - } - else - return closest; /* Ofcourse, we cannot add two identical things */ - - rbl->parent = closest; - } - else - { - tree->top = rbl; - tree->head = rbl; - tree->tail = rbl; - } - - /* Red-black part of insert */ - - x = rbl; - x->color = RBL_RED; - - while(x != tree->top && x->parent->color == RBL_RED) - { - if(x->parent == x->parent->parent->left) - { - y = x->parent->parent->right; - if(y && y->color == RBL_RED) - { - x->parent->color = RBL_BLACK; - y->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - x = x->parent->parent; - } - else - { - if(x == x->parent->right) - { - x = x->parent; - rbl_left_rotate(x); - } - x->parent->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - rbl_right_rotate(x->parent->parent); - } - } - else - { - y = x->parent->parent->left; - if(y && y->color == RBL_RED) - { - x->parent->color = RBL_BLACK; - y->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - x = x->parent->parent; - } - else - { - if(x == x->parent->left) - { - x = x->parent; - rbl_right_rotate(x); - } - x->parent->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - rbl_left_rotate(x->parent->parent); - } - } - } - - tree->top->color = RBL_BLACK; - return rbl; -} - -/* Create a new node and insert it into the tree */ -rbl_t *rbl_insert(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = new_rbl(); - rbl->data = data; - - if(rbl_insert_rbl(tree, rbl) == rbl) - return rbl; - else - { - free_rbl(rbl); - return NULL; - } -} - -/* Restore red-black property after violation due to a deletion */ -void rbl_delete_fixup(rbl_t *x) -{ - rbl_t *w; - - while(x != x->tree->top && x->color == RBL_BLACK) - { - if(x == x->parent->left) - { - w = x->parent->right; - if(w->color == RBL_RED) - { - w->color = RBL_BLACK; - x->parent->color = RBL_RED; - rbl_left_rotate(x->parent); - w = x->parent->right; - } - if(w->left->color == RBL_BLACK && w->right->color == RBL_BLACK) - { - w->color = RBL_RED; - x = x->parent; - } - else - { - if(w->right->color == RBL_BLACK) - { - w->left->color = RBL_BLACK; - w->color = RBL_RED; - rbl_right_rotate(w); - w = x->parent->right; - } - w->color = x->parent->color; - x->parent->color = RBL_BLACK; - w->right->color = RBL_BLACK; - rbl_left_rotate(x->parent); - x = x->tree->top; - } - } - else - { - w = x->parent->left; - if(w->color == RBL_RED) - { - w->color = RBL_BLACK; - x->parent->color = RBL_RED; - rbl_right_rotate(x->parent); - w = x->parent->left; - } - if(w->right->color == RBL_BLACK && w->left->color == RBL_BLACK) - { - w->color = RBL_RED; - x = x->parent; - } - else - { - if(w->left->color == RBL_BLACK) - { - w->right->color = RBL_BLACK; - w->color = RBL_RED; - rbl_left_rotate(w); - w = x->parent->left; - } - w->color = x->parent->color; - x->parent->color = RBL_BLACK; - w->left->color = RBL_BLACK; - rbl_right_rotate(x->parent); - x = x->tree->top; - } - } - } - - x->color = RBL_BLACK; -} - -/* Unlink node from the tree, but keep the node intact. */ -rbl_t *rbl_unlink_rbl(rbl_t *rbl) -{ - rbl_t *x, *y; - - /* Binary tree delete */ - - if(rbl->left && rbl->right) - y = rbl->next; - else - y = rbl; - - if(y->left) - x = y->left; - else - x = y->right; - - if(x) - x->parent = y->parent; - - if(!y->parent) - rbl->tree->top = x; - else - if(y == y->parent->left) - y->parent->left = x; - else - y->parent->right = x; - - if(y != rbl) - { - y->left = rbl->left; - y->right = rbl->right; - y->parent = rbl->parent; - if(rbl == rbl->parent->left) - rbl->parent->left = y; - else - rbl->parent->right = y; - } - - /* Linked list delete */ - - if(rbl->prev) - rbl->prev->next = rbl->next; - else - rbl->tree->head = rbl->next; - - if(rbl->next) - rbl->next->prev = rbl->prev; - else - rbl->tree->tail = rbl->prev; - - /* Red-black part of delete */ - - if(y->color == RBL_BLACK && x) - rbl_delete_fixup(x); - - return rbl; -} - -/* Search node in tree and unlink it */ -rbl_t *rbl_unlink(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_rbl(tree, data); - - if(rbl) - rbl_unlink_rbl(rbl); - - return rbl; -} - -/* Unlink node and free it */ -void rbl_delete_rbl(rbl_t *rbl) -{ - rbl_unlink_rbl(rbl); - free_rbl(rbl); -} - -/* Search node in tree, unlink and free it */ -void rbl_delete(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_unlink(tree, data); - - if(rbl) - free_rbl(rbl); -} - -/* Optimized unlinking for a complete tree */ -void rbl_unlink_rbltree(rbltree_t *tree) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - rbl->tree = NULL; - rbl->parent = NULL; - rbl->left = NULL; - rbl->right = NULL; - rbl->prev = NULL; - rbl->next = NULL; - } - - tree->top = NULL; - tree->head = NULL; - tree->tail = NULL; -} - -/* Optimized deletion for a complete tree */ -void rbl_delete_rbltree(rbltree_t *tree) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - free_rbl(rbl); - } - - tree->top = NULL; - tree->head = NULL; - tree->tail = NULL; -} - -/* Do action for each list entry (in order) - Deletion of entry for which action is called is allowed. - */ -void rbl_foreach(rbltree_t *tree, rbl_action_t action) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - action(rbl->data); - } -} - -void rbl_foreach_rbl(rbltree_t *tree, rbl_action_rbl_t action) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - action(rbl); - } -} diff --git a/lib/rbl.h b/lib/rbl.h deleted file mode 100644 index 906ae313..00000000 --- a/lib/rbl.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - rbl.h -- header file for rbl.c - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: rbl.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ -*/ - -#ifndef __RBL_H__ -#define __RBL_H__ - -#define RBL_FOREACH(tree,rbl) for(rbl = tree->head; rbl; rbl = rbl->next) - -typedef struct rbl_t -{ - /* 'red-black tree' part */ - - struct rbltree_t *tree; - - int color; - - struct rbl_t *parent; - struct rbl_t *left; - struct rbl_t *right; - - /* 'linked list' part */ - - struct rbl_t *prev; - struct rbl_t *next; - - /* payload */ - - void *data; - -} rbl_t; - -typedef int (*rbl_compare_t) (const void *, const void *); -typedef void (*rbl_action_t) (const void *); -typedef void (*rbl_action_rbl_t) (const struct rbl_t *); - -typedef struct rbltree_t -{ - /* callback functions */ - - rbl_compare_t compare; - rbl_action_t delete; - - /* tree part */ - - struct rbl_t *top; - - /* linked list */ - - struct rbl_t *head; - struct rbl_t *tail; - -} rbltree_t; - -enum color -{ - RBL_RED, - RBL_BLACK -} color; - -extern rbltree_t *new_rbltree(rbl_compare_t, rbl_action_t); -extern void free_rbltree(rbltree_t *); -extern rbl_t *new_rbl(void); -extern void free_rbl(rbl_t *); - -extern void *rbl_search(rbltree_t *, void *); -extern void *rbl_search_closest(rbltree_t *, void *); -extern void *rbl_search_closest_greater(rbltree_t *, void *); -extern void *rbl_search_closest_smaller(rbltree_t *, void *); -extern rbl_t *rbl_search_rbl(rbltree_t *, void *); -extern rbl_t *rbl_search_closest_rbl(rbltree_t *, void *); -extern rbl_t *rbl_search_closest_greater_rbl(rbltree_t *, void *); -extern rbl_t *rbl_search_closest_smaller_rbl(rbltree_t *, void *); -extern rbl_t *rbl_insert(rbltree_t *, void *); -extern rbl_t *rbl_unlink(rbltree_t *, void *); -extern void rbl_delete(rbltree_t *, void *); -extern rbl_t *rbl_insert_rbl(rbltree_t *, rbl_t *); -extern rbl_t *rbl_unlink_rbl(rbl_t *); -extern void rbl_delete_rbl(rbl_t *); -extern void rbl_unlink_rbltree(rbltree_t *); -extern void rbl_delete_rbltree(rbltree_t *); - -extern void rbl_foreach(rbltree_t *, rbl_action_t); -extern void rbl_foreach_rbl(rbltree_t *, rbl_action_rbl_t); - -#endif /* __RBL_H__ */ diff --git a/lib/subnet.c b/lib/subnet.c deleted file mode 100644 index fade7547..00000000 --- a/lib/subnet.c +++ /dev/null @@ -1,399 +0,0 @@ -/* - subnet.c -- handle subnet lookups and lists - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: subnet.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include "conf.h" -#include "net.h" -#include "node.h" -#include "subnet.h" -#include "netutl.h" -#include "logging.h" - -#include "system.h" - -/* lists type of subnet */ - -avl_tree_t *subnet_tree; - -/* Subnet comparison */ - -int subnet_compare_mac(subnet_t *a, subnet_t *b) -{ -cp - return memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); -} - -int subnet_compare_ipv4(subnet_t *a, subnet_t *b) -{ - int result; -cp - result = memcmp(&a->net.ipv4.address, &b->net.ipv4.address, sizeof(ipv4_t)); - - if(result) - return result; - - return a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; -} - -int subnet_compare_ipv6(subnet_t *a, subnet_t *b) -{ - int result; -cp - result = memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); - - if(result) - return result; - - return a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; -} - -int subnet_compare(subnet_t *a, subnet_t *b) -{ - int result; -cp - result = a->type - b->type; - - if(result) - return result; - - switch(a->type) - { - case SUBNET_MAC: - return subnet_compare_mac(a, b); - case SUBNET_IPV4: - return subnet_compare_ipv4(a, b); - case SUBNET_IPV6: - return subnet_compare_ipv6(a, b); - default: - syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), a->type); - cp_trace(); - exit(0); - } - - return 0; -} - -/* Initialising trees */ - -void init_subnets(void) -{ -cp - subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, (avl_action_t)free_subnet); -cp -} - -void exit_subnets(void) -{ -cp - avl_delete_tree(subnet_tree); -cp -} - -avl_tree_t *new_subnet_tree(void) -{ -cp - return avl_alloc_tree((avl_compare_t)subnet_compare, NULL); -cp -} - -void free_subnet_tree(avl_tree_t *subnet_tree) -{ -cp - avl_delete_tree(subnet_tree); -cp -} - -/* Allocating and freeing space for subnets */ - -subnet_t *new_subnet(void) -{ -cp - return (subnet_t *)xmalloc(sizeof(subnet_t)); -} - -void free_subnet(subnet_t *subnet) -{ -cp - free(subnet); -} - -/* Adding and removing subnets */ - -void subnet_add(node_t *n, subnet_t *subnet) -{ -cp - subnet->owner = n; - - avl_insert(subnet_tree, subnet); -cp - avl_insert(n->subnet_tree, subnet); - - run_hooks("subnet-add", subnet); -cp -} - -void subnet_del(node_t *n, subnet_t *subnet) -{ -cp - avl_delete(n->subnet_tree, subnet); -cp - avl_delete(subnet_tree, subnet); - - run_hooks("subnet-del", subnet); -cp -} - -/* Ascii representation of subnets */ - -subnet_t *str2net(char *subnetstr) -{ - int i, l; - subnet_t *subnet; - unsigned short int x[8]; -cp - subnet = new_subnet(); -cp - if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", - &x[0], &x[1], &x[2], &x[3], - &l) == 5) - { - subnet->type = SUBNET_IPV4; - subnet->net.ipv4.prefixlength = l; - for(i = 0; i < 4; i++) - subnet->net.ipv4.address.x[i] = x[i]; - return subnet; - } - - if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", - &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], - &l) == 9) - { - subnet->type = SUBNET_IPV6; - subnet->net.ipv6.prefixlength = l; - for(i = 0; i < 8; i++) - subnet->net.ipv6.address.x[i] = htons(x[i]); - return subnet; - } - - if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", - &x[0], &x[1], &x[2], &x[3]) == 4) - { - subnet->type = SUBNET_IPV4; - subnet->net.ipv4.prefixlength = 32; - for(i = 0; i < 4; i++) - subnet->net.ipv4.address.x[i] = x[i]; - return subnet; - } - - if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", - &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) - { - subnet->type = SUBNET_IPV6; - subnet->net.ipv6.prefixlength = 128; - for(i = 0; i < 8; i++) - subnet->net.ipv6.address.x[i] = htons(x[i]); - return subnet; - } - - if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", - &x[0], &x[1], &x[2], &x[3], &x[4], &x[5]) == 6) - { - subnet->type = SUBNET_MAC; - for(i = 0; i < 6; i++) - subnet->net.mac.address.x[i] = x[i]; - return subnet; - } - - free(subnet); - return NULL; -} - -char *net2str(subnet_t *subnet) -{ - char *netstr; -cp - switch(subnet->type) - { - case SUBNET_MAC: - asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx", - subnet->net.mac.address.x[0], - subnet->net.mac.address.x[1], - subnet->net.mac.address.x[2], - subnet->net.mac.address.x[3], - subnet->net.mac.address.x[4], - subnet->net.mac.address.x[5]); - break; - case SUBNET_IPV4: - asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", - subnet->net.ipv4.address.x[0], - subnet->net.ipv4.address.x[1], - subnet->net.ipv4.address.x[2], - subnet->net.ipv4.address.x[3], - subnet->net.ipv4.prefixlength); - break; - case SUBNET_IPV6: - asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", - ntohs(subnet->net.ipv6.address.x[0]), - ntohs(subnet->net.ipv6.address.x[1]), - ntohs(subnet->net.ipv6.address.x[2]), - ntohs(subnet->net.ipv6.address.x[3]), - ntohs(subnet->net.ipv6.address.x[4]), - ntohs(subnet->net.ipv6.address.x[5]), - ntohs(subnet->net.ipv6.address.x[6]), - ntohs(subnet->net.ipv6.address.x[7]), - subnet->net.ipv6.prefixlength); - break; - default: - syslog(LOG_ERR, _("net2str() was called with unknown subnet type %d, exitting!"), subnet->type); - cp_trace(); - exit(0); - } -cp - return netstr; -} - -/* Subnet lookup routines */ - -subnet_t *lookup_subnet(node_t *owner, subnet_t *subnet) -{ -cp - return avl_search(owner->subnet_tree, subnet); -} - -subnet_t *lookup_subnet_mac(mac_t *address) -{ - subnet_t subnet, *p; -cp - subnet.type = SUBNET_MAC; - memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); - - p = (subnet_t *)avl_search(subnet_tree, &subnet); -cp - return p; -} - -subnet_t *lookup_subnet_ipv4(ipv4_t *address) -{ - subnet_t subnet, *p; -cp - subnet.type = SUBNET_IPV4; - memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); - subnet.net.ipv4.prefixlength = 32; - - do - { - /* Go find subnet */ - - p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); - - /* Check if the found subnet REALLY matches */ -cp - if(p) - { - if(p->type != SUBNET_IPV4) - { - p = NULL; - break; - } - - if (!maskcmp((char *)address, (char *)&p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) - break; - else - { - /* Otherwise, see if there is a bigger enclosing subnet */ - - subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; - maskcpy((char *)&subnet.net.ipv4.address, (char *)&p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); - } - } - } while (p); -cp - return p; -} - -subnet_t *lookup_subnet_ipv6(ipv6_t *address) -{ - subnet_t subnet, *p; -cp - subnet.type = SUBNET_IPV6; - memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); - subnet.net.ipv6.prefixlength = 128; - - do - { - /* Go find subnet */ - - p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); - - /* Check if the found subnet REALLY matches */ - -cp - if(p) - { - if(p->type != SUBNET_IPV6) - return NULL; - - if (!maskcmp((char *)address, (char *)&p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) - break; - else - { - /* Otherwise, see if there is a bigger enclosing subnet */ - - subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; - maskcpy((char *)&subnet.net.ipv6.address, (char *)&p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); - } - } - } while (p); -cp - return p; -} - -void dump_subnets(void) -{ - char *netstr; - subnet_t *subnet; - avl_node_t *node; -cp - syslog(LOG_DEBUG, _("Subnet list:")); - for(node = subnet_tree->head; node; node = node->next) - { - subnet = (subnet_t *)node->data; - netstr = net2str(subnet); - syslog(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); - free(netstr); - } - syslog(LOG_DEBUG, _("End of subnet list.")); -cp -} diff --git a/lib/subnet.h b/lib/subnet.h deleted file mode 100644 index 7b20217b..00000000 --- a/lib/subnet.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - subnet.h -- header for subnet.c - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: subnet.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_SUBNET_H__ -#define __TINC_SUBNET_H__ - -#include "net.h" - -enum -{ - SUBNET_MAC = 0, - SUBNET_IPV4, - SUBNET_IPV6, - SUBNET_TYPES /* Guardian */ -}; - -typedef struct subnet_mac_t -{ - mac_t address; - time_t lastseen; -} subnet_mac_t; - -typedef struct subnet_ipv4_t -{ - ipv4_t address; - int prefixlength; -} subnet_ipv4_t; - -typedef struct subnet_ipv6_t -{ - ipv6_t address; - int prefixlength; -} subnet_ipv6_t; - -#include "node.h" - -typedef struct subnet_t { - struct node_t *owner; /* the owner of this subnet */ - struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ - - int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ - - /* And now for the actual subnet: */ - - union net - { - subnet_mac_t mac; - subnet_ipv4_t ipv4; - subnet_ipv6_t ipv6; - } net; - - void *data; /* Interface details */ -} subnet_t; - -extern subnet_t *new_subnet(void); -extern void free_subnet(subnet_t *); -extern void init_subnets(void); -extern void exit_subnets(void); -extern avl_tree_t *new_subnet_tree(void); -extern void free_subnet_tree(avl_tree_t *); -extern void subnet_add(struct node_t *, subnet_t *); -extern void subnet_del(struct node_t *, subnet_t *); -extern char *net2str(subnet_t *); -extern subnet_t *str2net(char *); -extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); -extern subnet_t *lookup_subnet_mac(mac_t *); -extern subnet_t *lookup_subnet_ipv4(ipv4_t *); -extern subnet_t *lookup_subnet_ipv6(ipv6_t *); -extern void dump_subnets(void); - -#endif /* __TINC_SUBNET_H__ */ diff --git a/lib/utils.c b/lib/utils.c index d79532b2..2e40ef58 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1,7 +1,7 @@ /* utils.c -- gathering of some stupid small functions - Copyright (C) 1999-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,15 +18,10 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#include -#include -#include +#include "system.h" -#include "config.h" - -#include -#include -#include +#include "../src/logger.h" +#include "utils.h" #ifdef ENABLE_TRACING volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; @@ -38,50 +33,70 @@ char *hexadecimals = "0123456789ABCDEF"; int charhex2bin(char c) { - if(isdigit(c)) - return c - '0'; - else - return toupper(c) - 'A' + 10; + if(isdigit(c)) + return c - '0'; + else + return toupper(c) - 'A' + 10; } void hex2bin(char *src, char *dst, int length) { - int i; - for(i=0; i=0; i--) - { - dst[i*2+1] = hexadecimals[(unsigned char)src[i] & 15]; - dst[i*2] = hexadecimals[(unsigned char)src[i]>>4]; - } + int i; + for(i = length - 1; i >= 0; i--) { + dst[i * 2 + 1] = hexadecimals[(unsigned char) src[i] & 15]; + dst[i * 2] = hexadecimals[(unsigned char) src[i] >> 4]; + } } #ifdef ENABLE_TRACING void cp_trace() { - syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", - cp_file[(cp_index+15)%16], cp_line[(cp_index+15)%16], - cp_file[(cp_index+14)%16], cp_line[(cp_index+14)%16], - cp_file[(cp_index+13)%16], cp_line[(cp_index+13)%16], - cp_file[(cp_index+12)%16], cp_line[(cp_index+12)%16], - cp_file[(cp_index+11)%16], cp_line[(cp_index+11)%16], - cp_file[(cp_index+10)%16], cp_line[(cp_index+10)%16], - cp_file[(cp_index+9)%16], cp_line[(cp_index+9)%16], - cp_file[(cp_index+8)%16], cp_line[(cp_index+8)%16], - cp_file[(cp_index+7)%16], cp_line[(cp_index+7)%16], - cp_file[(cp_index+6)%16], cp_line[(cp_index+6)%16], - cp_file[(cp_index+5)%16], cp_line[(cp_index+5)%16], - cp_file[(cp_index+4)%16], cp_line[(cp_index+4)%16], - cp_file[(cp_index+3)%16], cp_line[(cp_index+3)%16], - cp_file[(cp_index+2)%16], cp_line[(cp_index+2)%16], - cp_file[(cp_index+1)%16], cp_line[(cp_index+1)%16], - cp_file[cp_index], cp_line[cp_index] - ); + logger(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", + cp_file[(cp_index + 15) % 16], cp_line[(cp_index + 15) % 16], + cp_file[(cp_index + 14) % 16], cp_line[(cp_index + 14) % 16], + cp_file[(cp_index + 13) % 16], cp_line[(cp_index + 13) % 16], + cp_file[(cp_index + 12) % 16], cp_line[(cp_index + 12) % 16], + cp_file[(cp_index + 11) % 16], cp_line[(cp_index + 11) % 16], + cp_file[(cp_index + 10) % 16], cp_line[(cp_index + 10) % 16], + cp_file[(cp_index + 9) % 16], cp_line[(cp_index + 9) % 16], + cp_file[(cp_index + 8) % 16], cp_line[(cp_index + 8) % 16], + cp_file[(cp_index + 7) % 16], cp_line[(cp_index + 7) % 16], + cp_file[(cp_index + 6) % 16], cp_line[(cp_index + 6) % 16], + cp_file[(cp_index + 5) % 16], cp_line[(cp_index + 5) % 16], + cp_file[(cp_index + 4) % 16], cp_line[(cp_index + 4) % 16], + cp_file[(cp_index + 3) % 16], cp_line[(cp_index + 3) % 16], + cp_file[(cp_index + 2) % 16], cp_line[(cp_index + 2) % 16], + cp_file[(cp_index + 1) % 16], cp_line[(cp_index + 1) % 16], + cp_file[cp_index], cp_line[cp_index] + ); +} +#endif + +#if defined(HAVE_MINGW) || defined(HAVE_CYGWIN) +#ifdef HAVE_CYGWIN +#include +#endif + +char *winerror(int err) { + static char buf[1024], *newline; + + if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, sizeof(buf), NULL)) { + strncpy(buf, _("(unable to format errormessage)"), sizeof(buf)); + }; + + if((newline = strchr(buf, '\r'))) + *newline = '\0'; + + return buf; } #endif + diff --git a/lib/utils.h b/lib/utils.h index 1f7dd495..4b0ab3dd 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -1,7 +1,7 @@ /* utils.h -- header file for utils.c - Copyright (C) 1999-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,25 +21,26 @@ #ifndef __TINC_UTILS_H__ #define __TINC_UTILS_H__ -#include - -#define min(a,b) (((a)<(b))?(a):(b)) - #ifdef ENABLE_TRACING extern volatile int cp_line[]; extern volatile char *cp_file[]; extern volatile int cp_index; extern void cp_trace(void); - #define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } - #define ecp { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } +#define cp() { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } +#define ecp() { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } #else - #define cp - #define ecp - #define cp_trace() +#define cp() +#define ecp() +#define cp_trace() #endif extern void hex2bin(char *src, char *dst, int length); extern void bin2hex(char *src, char *dst, int length); -#endif /* __TINC_UTILS_H__ */ +#ifdef HAVE_MINGW +extern char *winerror(int); +#define strerror(x) ((x)>0?strerror(x):winerror(GetLastError())) +#endif + +#endif /* __TINC_UTILS_H__ */ diff --git a/lib/xalloc.h b/lib/xalloc.h index caf0f37d..7cb486a2 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -18,9 +18,9 @@ extern char *const xalloc_msg_memory_exhausted; /* FIXME: describe */ extern void (*xalloc_fail_func) (); -void *xmalloc PARAMS ((size_t n)); -void *xmalloc_and_zero PARAMS ((size_t n)); +void *xmalloc PARAMS ((size_t n)) __attribute__ ((__malloc__)); +void *xmalloc_and_zero PARAMS ((size_t n)) __attribute__ ((__malloc__)); void *xcalloc PARAMS ((size_t n, size_t s)); -void *xrealloc PARAMS ((void *p, size_t n)); +void *xrealloc PARAMS ((void *p, size_t n)) __attribute__ ((__malloc__)); -char *xstrdup PARAMS ((const char *s)); +char *xstrdup PARAMS ((const char *s)) __attribute__ ((__malloc__)); diff --git a/lib/xmalloc.c b/lib/xmalloc.c index e1ab3140..e7541bdd 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -32,15 +32,7 @@ void *realloc (); void free (); #endif -#if ENABLE_NLS -# include -# define _(Text) gettext (Text) -#else -# define textdomain(Domain) -# define _(Text) Text -#endif -#define N_(Text) Text - +#include "gettext.h" #include "xalloc.h" #ifndef EXIT_FAILURE diff --git a/m4/attribute.m4 b/m4/attribute.m4 new file mode 100644 index 00000000..58b83467 --- /dev/null +++ b/m4/attribute.m4 @@ -0,0 +1,25 @@ +dnl Check to find out whether function attributes are supported. +dnl If they are not, #define them to be nothing. + +AC_DEFUN(tinc_ATTRIBUTE, +[ + AC_CACHE_CHECK([for working $1 attribute], tinc_cv_attribute_$1, + [ + tempcflags="$CFLAGS" + CFLAGS="$CFLAGS -Wall -Werror" + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [void test(void) __attribute__ (($1)); + void test(void) { return; } + ], + )], + [tinc_cv_attribute_$1=yes], + [tinc_cv_attribute_$1=no] + ) + CFLAGS="$tempcflags" + ]) + + if test ${tinc_cv_attribute_$1} = no; then + AC_DEFINE([$1], [], [Defined if the $1 attribute is not supported.]) + fi +]) diff --git a/m4/lzo.m4 b/m4/lzo.m4 new file mode 100644 index 00000000..147318fe --- /dev/null +++ b/m4/lzo.m4 @@ -0,0 +1,39 @@ +dnl Check to find the lzo headers/libraries + +AC_DEFUN(tinc_LZO, +[ + tinc_ac_save_CPPFLAGS="$CPPFLAGS" + + AC_ARG_WITH(lzo, + AC_HELP_STRING([--with-lzo=DIR], [lzo base directory, or:]), + [lzo="$withval" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LIBS="$LIBS -L$withval/lib"] + ) + + AC_ARG_WITH(lzo-include, + AC_HELP_STRING([--with-lzo-include=DIR], [lzo headers directory]), + [lzo_include="$withval" + CFLAGS="$CFLAGS -I$withval" + CPPFLAGS="$CPPFLAGS -I$withval"] + ) + + AC_ARG_WITH(lzo-lib, + AC_HELP_STRING([--with-lzo-lib=DIR], [lzo library directory]), + [lzo_lib="$withval" + LIBS="$LIBS -L$withval"] + ) + + AC_CHECK_HEADERS(lzo1x.h, + [], + [AC_MSG_ERROR("lzo header files not found."); break] + ) + + CPPFLAGS="$tinc_ac_save_CPPFLAGS" + + AC_CHECK_LIB(lzo, lzo1x_1_compress, + [LIBS="$LIBS -llzo"], + [AC_MSG_ERROR("lzo libraries not found.")] + ) +]) diff --git a/m4/malloc.m4 b/m4/malloc.m4 index bd3cad46..a6b4c9a5 100644 --- a/m4/malloc.m4 +++ b/m4/malloc.m4 @@ -20,8 +20,7 @@ AC_DEFUN(jm_FUNC_MALLOC, fi dnl xmalloc.c requires that this symbol be defined so it doesn't dnl mistakenly use a broken malloc -- as it might if this test were omitted. - ac_kludge=HAVE_DONE_WORKING_MALLOC_CHECK - AC_DEFINE_UNQUOTED($ac_kludge) + AC_DEFINE(HAVE_DONE_WORKING_MALLOC_CHECK, 1, [Needed for xmalloc.c]) AC_CACHE_CHECK([for working malloc], jm_cv_func_working_malloc, [AC_TRY_RUN([ @@ -38,7 +37,8 @@ AC_DEFUN(jm_FUNC_MALLOC, jm_cv_func_working_malloc=no) ]) if test $jm_cv_func_working_malloc = no; then - LIBOBJS="$LIBOBJS malloc.o" - AC_DEFINE_UNQUOTED(malloc, rpl_malloc) + dnl This was: LIBOBJS="$LIBOBJS malloc.$ac_objext" + AC_LIBOBJ([malloc]) + AC_DEFINE(malloc, rpl_malloc, [Replacement malloc()]) fi ]) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 991f22f2..32e41de7 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -4,48 +4,63 @@ AC_DEFUN(tinc_OPENSSL, [ tinc_ac_save_CPPFLAGS="$CPPFLAGS" + AC_ARG_WITH(openssl, + AC_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]), + [openssl="$withval" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LIBS="$LIBS -L$withval/lib"] + ) + AC_ARG_WITH(openssl-include, - [ --with-openssl-include=DIR OpenSSL headers directory (without trailing /openssl)], + AC_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]), [openssl_include="$withval" CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(openssl-lib, - [ --with-openssl-lib=DIR OpenSSL library directory], + AC_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]), [openssl_lib="$withval" LIBS="$LIBS -L$withval"] ) AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, [], - [AC_MSG_ERROR("OpenSSL header files not found."); break] + [AC_MSG_ERROR([OpenSSL header files not found.]); break] ) CPPFLAGS="$tinc_ac_save_CPPFLAGS" - AC_CHECK_LIB(crypto, SHA1_version, - [LIBS="$LIBS -lcrypto"], - [AC_MSG_ERROR("OpenSSL libraries not found.")] - ) - - AC_CHECK_FUNCS(RAND_pseudo_bytes) - - AC_CHECK_FUNC(OpenSSL_add_all_algorithms, - [], - AC_CHECK_FUNC(SSLeay_add_all_algorithms, - [AC_DEFINE(HAVE_SSLEAY_ADD_ALL_ALGORITHMS)], - [AC_MSG_ERROR("Missing required OpenSSL functionality!")] +case $host_os in + *mingw*) + AC_CHECK_LIB(crypto, SHA1_version, + [LIBS="$LIBS -lcrypto -lgdi32"], + [AC_MSG_ERROR([OpenSSL libraries not found.])] + ) + ;; + *) + AC_CHECK_LIB(crypto, SHA1_version, + [LIBS="$LIBS -lcrypto"], + [AC_MSG_ERROR([OpenSSL libraries not found.])] ) - ) - AC_CHECK_FUNC(dlopen, - [], - AC_CHECK_LIB(dl, dlopen, - [LIBS="$LIBS -ldl"], - [AC_MSG_ERROR("OpenSSL depends on libdl.")] + AC_CHECK_FUNC(dlopen, + [], + [AC_CHECK_LIB(dl, dlopen, + [LIBS="$LIBS -ldl"], + [AC_MSG_ERROR([OpenSSL depends on libdl.]); break] + )] ) + ;; +esac + + AC_CHECK_FUNCS([RAND_pseudo_bytes EVP_EncryptInit_ex], , + [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break], ) - found_openssl=1 + AC_CHECK_DECL([OpenSSL_add_all_algorithms], , + [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break], + [#include ] + ) ]) diff --git a/m4/perl.m4 b/m4/perl.m4 deleted file mode 100644 index 0cc681cc..00000000 --- a/m4/perl.m4 +++ /dev/null @@ -1,39 +0,0 @@ -#serial 1 - -dnl From Jim Meyering. -dnl Find a new-enough version of Perl. -dnl - -AC_DEFUN(jm_PERL, -[ - dnl FIXME: don't hard-code 5.003 - dnl FIXME: should we cache the result? - AC_MSG_CHECKING([for perl5.003 or newer]) - if test "${PERL+set}" = set; then - # `PERL' is set in the user's environment. - candidate_perl_names="$PERL" - perl_specified=yes - else - candidate_perl_names='perl perl5' - perl_specified=no - fi - - found=no - AC_SUBST(PERL) - PERL="$missing_dir/missing perl" - for perl in $candidate_perl_names; do - # Run test in a subshell; some versions of sh will print an error if - # an executable is not found, even if stderr is redirected. - if ( $perl -e 'require 5.003' ) > /dev/null 2>&1; then - PERL=$perl - found=yes - break - fi - done - - AC_MSG_RESULT($found) - test $found = no && AC_MSG_WARN([ -*** You don't seem to have perl5.003 or newer installed. -*** Because of that, you may be unable to regenerate certain files -*** if you modify the sources from which they are derived.] ) -]) diff --git a/m4/realloc.m4 b/m4/realloc.m4 index aba19840..cae9c1f9 100644 --- a/m4/realloc.m4 +++ b/m4/realloc.m4 @@ -20,8 +20,7 @@ AC_DEFUN(jm_FUNC_REALLOC, fi dnl xmalloc.c requires that this symbol be defined so it doesn't dnl mistakenly use a broken realloc -- as it might if this test were omitted. - ac_kludge=HAVE_DONE_WORKING_REALLOC_CHECK - AC_DEFINE_UNQUOTED($ac_kludge) + AC_DEFINE(HAVE_DONE_WORKING_REALLOC_CHECK, 1, [Needed for xmalloc.c]) AC_CACHE_CHECK([for working realloc], jm_cv_func_working_realloc, [AC_TRY_RUN([ @@ -38,7 +37,8 @@ AC_DEFUN(jm_FUNC_REALLOC, jm_cv_func_working_realloc=no) ]) if test $jm_cv_func_working_realloc = no; then - LIBOBJS="$LIBOBJS realloc.o" - AC_DEFINE_UNQUOTED(realloc, rpl_realloc) + dnl This was: LIBOBJS="$LIBOBJS realloc.$ac_objext" + AC_LIBOBJ([realloc]) + AC_DEFINE(realloc, rpl_realloc, [Replacement realloc()]) fi ]) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 0bee1ce3..dcf3a152 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -2,38 +2,37 @@ dnl Check to find out whether the running kernel has support for TUN/TAP AC_DEFUN(tinc_TUNTAP, [ -AC_ARG_WITH(kernel, - [ --with-kernel=dir give the directory with kernel sources] - [ (default: /usr/src/linux)], - kerneldir="$withval", - kerneldir="/usr/src/linux" -) - -AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, -[ - AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], - [int a = IFF_TAP;], - if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", - [AC_TRY_COMPILE([#include ], - [int a = IFF_TAP;], - if_tun_h="default", - if_tun_h="no" - )] + AC_ARG_WITH(kernel, + AC_HELP_STRING([--with-kernel=DIR], [give the directory with kernel sources (default: /usr/src/linux)]), + kerneldir="$withval", + kerneldir="/usr/src/linux" ) - - if test $if_tun_h = no; then - tinc_cv_linux_if_tun_h=none - else - tinc_cv_linux_if_tun_h="$if_tun_h" - fi -]) - -if test $tinc_cv_linux_if_tun_h != none; then - AC_DEFINE(HAVE_TUNTAP) - if test $tinc_cv_linux_if_tun_h != default; then - AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h) + + AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, + [ + AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], + [int a = IFF_TAP;], + if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", + [AC_TRY_COMPILE([#include ], + [int a = IFF_TAP;], + if_tun_h="default", + if_tun_h="no" + )] + ) + + if test $if_tun_h = no; then + tinc_cv_linux_if_tun_h=none + else + tinc_cv_linux_if_tun_h="$if_tun_h" + fi + ]) + + if test $tinc_cv_linux_if_tun_h != none; then + AC_DEFINE(HAVE_TUNTAP, 1, [Universal tun/tap driver present]) + if test $tinc_cv_linux_if_tun_h != default; then + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h, [Location of if_tun.h]) + fi fi -fi -AC_SUBST(LINUX_IF_TUN_H) -AC_SUBST(HAVE_TUNTAP) + AC_SUBST(LINUX_IF_TUN_H) + AC_SUBST(HAVE_TUNTAP) ]) diff --git a/m4/zlib.m4 b/m4/zlib.m4 index d5fbc675..d6913263 100644 --- a/m4/zlib.m4 +++ b/m4/zlib.m4 @@ -4,15 +4,23 @@ AC_DEFUN(tinc_ZLIB, [ tinc_ac_save_CPPFLAGS="$CPPFLAGS" + AC_ARG_WITH(zlib, + AC_HELP_STRING([--with-zlib=DIR], [zlib base directory, or:]), + [zlib="$withval" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LIBS="$LIBS -L$withval/lib"] + ) + AC_ARG_WITH(zlib-include, - [ --with-zlib-include=DIR zlib headers directory], + AC_HELP_STRING([--with-zlib-include=DIR], [zlib headers directory]), [zlib_include="$withval" CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(zlib-lib, - [ --with-zlib-lib=DIR zlib library directory], + AC_HELP_STRING([--with-zlib-lib=DIR], [zlib library directory]), [zlib_lib="$withval" LIBS="$LIBS -L$withval"] ) diff --git a/redhat/.cvsignore b/redhat/.cvsignore deleted file mode 100644 index 6179e0db..00000000 --- a/redhat/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile Makefile.in diff --git a/redhat/Makefile.am b/redhat/Makefile.am deleted file mode 100644 index 1eaf7d6a..00000000 --- a/redhat/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -EXTRA_DIST = tinc tinc.spec diff --git a/redhat/README b/redhat/README deleted file mode 100644 index e8ed0dfa..00000000 --- a/redhat/README +++ /dev/null @@ -1,14 +0,0 @@ -To make tinc RPMs: - -copy tinc-???.tar.gz to /usr/src/redhat/SOURCES/ and run - - rpm -ba tinc.spec - -- and tinc.spec can be found in this directory. - -The rpm's will be placed in /usr/src/redhat/RPMS/i386 (e.g.). - - -Happy Hacking! - -Mads Kiilerich diff --git a/redhat/tinc b/redhat/tinc deleted file mode 100644 index d3a34dd7..00000000 --- a/redhat/tinc +++ /dev/null @@ -1,337 +0,0 @@ -#!/bin/sh -# -# tinc tincd VPN setup script -# -# chkconfig: 2345 46 54 -# -# version: 1.0.8 -# authors: Lubomir Bulej -# Mads Kiilerich -# -# description: This script parses tinc configuration files for networks given \ -# in /etc/tinc/nets.boot and for each of the networks it sets up \ -# the interface and static routes and starts the tinc daemon. -# -# processname: tincd - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 0 - -############################################################################# -# configuration & sanity checks - -TINCD=/usr/sbin/tincd -TCONF=/etc/tinc -TPIDS=/var/run -#DEBUG=-dddd - -NETSFILE=$TCONF/nets.boot - -# Check the daemon -if [ ! -x $TINCD ]; then - echo "**tinc: $TINCD does not exist or is not executable!" >&2 - exit -fi - -# Check if ip-route is installed -if [ ! -f /sbin/ip ]; then - echo "**tinc: ip-route utilities not installed!" >&2 - exit -fi - -# Check the kernel -if ! ip addr &> /dev/null; then - echo "**tinc: kernel not configured for use with ip-route!" >&2 - exit -fi - -# Check the configuration directory -if [ ! -d $TCONF ]; then - echo "**tinc: configuration directory ($TCONF) not found!" >&2 - exit -fi - -# Check nets.boot -if [ ! -f $NETSFILE ]; then - echo "**tinc: file with list of VPNs to start ($NETSFILE) not found!" >&2 - exit -fi - -# Load names of networks to be started -NETS="$(sed -e 's/#.*//; s/[[:space:]]//g; /^$/ d' $NETSFILE)" - - -############################################################################## -# prefix_to_mask Converts prefix length to netmask -# eg. 17 -> 255.255.128.0 -# $1 ... prefix - -prefix_to_mask () { - _MSK=""; _len="$1" - for _dot in "." "." "." " "; do - if [ ${_len} -ge 8 ]; then - _fld=8 - else - _fld="${_len}" - fi - - _MSK="${_MSK}$((255 & (255 << (8 - _fld))))${_dot}" - _len=$((_len - _fld)) - done - - echo ${_MSK} -} - - -############################################################################## -# mask_to_prefix Converts netmask to prefix length -# eg. 255.255.192.0 -> 18 -# $1 ... netmask - -mask_to_prefix () { - _LEN=0; _msk="$1" - for _tmp in 1 2 3 4; do - _fld=${_msk%%.*} - _msk=${_msk#*.} - - while [ ${_fld} -ne 0 ]; do - _fld=$(((_fld << 1) & 255)) - _LEN=$((_LEN + 1)) - done - done - - echo ${_LEN} -} - - -############################################################################## -# vpn_load () Loads VPN configuration -# -# $1 ... VPN to load - -vpn_load () { - CFG="$TCONF/$1/tinc.conf" - [ -f $CFG ] || { MSG="$CFG does not exist!"; return 1; } - - # load TINCD config - DEV="$(grep -i -e '^[[:space:]]*TapDevice' $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" - VPN="$(grep -i -e '^[[:space:]]*(MyOwnVPNIP|MyVirtualIP)' -E $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" - IFM="$(grep -i -e '^[[:space:]]*VPNMask' $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" - - # TapDevice syntax validation - [ -z "$DEV" ] && \ - { MSG="TapDevice required!"; return 1; } - [ $(echo $DEV | wc -l) -gt 1 ] && \ - { MSG="multiple TapDevice entries not allowed!"; return 1; } - echo $DEV | grep -q -x -E '/dev/tap[[:digit:]]+' || - { MSG="TapDevice should be in form /dev/tapX!"; return 1; } - - # MyOwnVPNIP/MyVirtualIP syntax validation - [ -z "$VPN" ] && \ - { MSG="MyOwnVPNIP/MyVirtualIP required!"; return 1; } - [ $(echo $VPN | wc -l) -gt 1 ] && \ - { MSG="multiple MyOwnVPNIP/MyVirtualIP entries not allowed!"; return 1; } - echo $VPN | grep -q -x -E \ - '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/[[:digit:]]{1,2}' || \ - { MSG="badly formed MyOwnVPNIP/MyVirtualIP address $VPN!"; return 1; } - - # VPNMask syntax validation - [ $(echo $IFM | wc -l) -gt 1 ] && \ - { MSG="multiple VPNMask entries not allowed!"; return 1; } - - - # device & IP address extraction - TAP=${DEV##*/} - NUM=${TAP#tap} - ADR=${VPN%%/*} - - # netmask is calculated from MyVirtualIP netmask prefix length, except when - # VPNMask is specified, in which case it is used instead of default prefix - - # VPNMask not specified - if [ -z "$IFM" ]; then - LEN=${VPN##*/} - MSK=$(prefix_to_mask $LEN) - - # VPNMask is prefix length, convert it to netmask for MSK - elif echo $IFM | grep -q -x -E '[[:digit:]]{1,2}'; then - VPN="$ADR/$IFM" - MSK=$(prefix_to_mask $IFM) - - # VPNMask is netmask, convert it to prefix length for VPN - elif echo $IFM | grep -q -x -E '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}'; then - VPN="$ADR/$(mask_to_prefix $IFM)" - MSK="$IFM" - - else - MSG="badly formed interface netmask (VPNMask=$IFM)!" - return 1 - fi - - - # Network & broadcast addresses - BRD=$(ipcalc --broadcast $ADR $MSK | cut -d"=" -f2) - NET=$(ipcalc --network $ADR $MSK | cut -d"=" -f2) - - # MAC address - MAC=$(printf "fe:fd:%0.2x:%0.2x:%0.2x:%0.2x" $(echo $ADR | { IFS=. ; read a b c d; echo $a $b $c $d; })) - - # debugging - # echo >&2 - # echo "VPN $VPN TAP $TAP NUM $NUM MAC $MAC IFM $IFM" >&2 - # echo "ADR $ADR MSK $MSK NET $NET BRD $BRD" >&2 - - return 0 -} - - -############################################################################## -# vpn_start () starts specified VPN -# -# $1 ... VPN to start - -vpn_start () { - MSG=""; ERR="" - vpn_load $1 || return 1 - - # create device file - if [ ! -c $DEV ]; then - [ -e $DEV ] && rm -f $DEV - mknod --mode=0600 $DEV c 36 $((16 + NUM)) - fi - - # load device module - ERR="$(insmod ethertap -o "ethertap$NUM" unit="$NUM" 2>&1 1> /dev/null)" || - { MSG="could not insmod ethertap as unit $NUM!"; return 2; } - - # configure the interface - ERR="$(ip link set $TAP address $MAC 2>&1)" || - { MSG="could not set address for device $TAP!"; return 3; } - - ERR="$(ip link set $TAP up 2>&1)" || - { MSG="could not bring up device $TAP!"; return 3; } - - ERR="$(ip addr add $VPN brd $BRD dev $TAP 2>&1)" || - { MSG="could not set IP address for device $TAP!"; return 3; } - - # start tincd - $TINCD --net="$1" $DEBUG || \ - { MSG="could not start daemon for network $1"; return 3; } - - # setup custom static routes - /etc/sysconfig/network-scripts/ifup-routes $TAP - - return 0 -} # vpn_start - - -############################################################################## -# vpn_stop () Stops specified VPN -# -# $1 ... VPN to stop - -vpn_stop () { - MSG=""; ERR="" - vpn_load $1 || return 1 - - # kill the tincd daemon - PID="$TPIDS/tinc.$1.pid" - if [ -f $PID ]; then - $TINCD --net="$1" --kill &> /dev/null - RET=$? - - if [ $RET -eq 0 ]; then - dly=0 - while [ $dly -le 5 ]; do - [ -f $PID ] || break - sleep 1; dly=$((dly + 1)) - done - fi - - # remove stale PID file - [ -f $PID ] && rm -f $PID - fi - - # bring the interface down - ip addr flush dev $TAP &> /dev/null - ip link set $TAP down &> /dev/null - - # remove ethertap module - rmmod "ethertap$NUM" &> /dev/null - - return 0 -} # vpn_stop - - -# Check if there is anything to start -if [ ! -z "$1" -a "$1" != "status" -a -z "$NETS" ]; then - echo "**tinc: no networks found in $NETSFILE!" >&2 - exit -fi - - -# See how we were called. -case "$1" in - start) - for vpn in $NETS; do - echo -n "Bringing up TINC network $vpn: " - vpn_start $vpn && \ - success "startup of network $vpn" || \ - failure "startup of network $vpn" - echo - - if [ ! -z "$MSG" ]; then - [ ! -z "$ERR" ] && echo "$ERR" >&2 - echo "**tinc: $MSG" >&2 - fi - done - - touch /var/lock/subsys/tinc - ;; - - stop) - for vpn in $NETS; do - echo -n "Shutting down TINC network $vpn: " - vpn_stop $vpn && \ - success "shutdown of network $vpn" || \ - failure "shutdown of network $vpn" - echo - - if [ ! -z "$MSG" ]; then - [ ! -z "$ERR" ] && echo "$ERR" >&2 - echo "**tinc: $MSG" >&2 - fi - done - - rm -f /var/lock/subsys/tinc - ;; - - status) - echo -n "Configured VPNs: " - for vpn in $NETS; do - PID="$TPIDS/tinc.$vpn.pid" - - [ -f $PID ] && PID="$(cat $PID)" || PID="-dead-" - ps ax | grep "^[[:space:]]*$PID" && STS="OK" || STS="DEAD" - echo -n "$vpn:$STS " - done - echo - ;; - - restart) - $0 stop - $0 start - ;; - - *) - echo "Usage: tinc {start|stop|status|restart}" - exit 1 -esac - -exit 0 diff --git a/redhat/tinc.spec b/redhat/tinc.spec deleted file mode 100644 index e5dfb76f..00000000 --- a/redhat/tinc.spec +++ /dev/null @@ -1,113 +0,0 @@ -Summary: tinc Virtual Private Network daemon -Name: tinc -Version: 1.0pre3 -Release: 1 -Copyright: GPL -Group: System Environment/Daemons -URL: http://tinc.nl.linux.org/ -Source0: %{name}-%{version}.tar.gz -Buildroot: /var/tmp/%{name}-%{version}-%{release} -Requires: iproute -# for building the package the following is required: -# /usr/bin/texi2html /usr/bin/patch - -%description -# taken from doc/tinc.texi -tinc is a Virtual Private Network (VPN) daemon that uses tunneling and -encryption to create a secure private network between hosts on the -Internet. - -Because the tunnel appears to the IP level network code as a normal -network device, there is no need to adapt any existing software. - -This tunneling allows VPN sites to share information with each other -over the Internet without exposing any information to others. - -See http://tinc.nl.linux.org/ - -%prep - -%setup -q -n %{name}-%{version} - -%build -./configure --prefix=/usr --sysconfdir=/etc -make -/usr/bin/texi2html doc/tinc.texi - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -gzip $RPM_BUILD_ROOT/usr/info/tinc.info - -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/ -cp redhat/tinc $RPM_BUILD_ROOT/etc/rc.d/init.d/ - -ME=my.vpn.ip.number -PEER=peer.vpn.ip.number -PEEREAL=peer.real.ip.number - -umask 077 -mkdir -p $RPM_BUILD_ROOT/etc/tinc/$PEER/passphrases -cat <$RPM_BUILD_ROOT/etc/tinc/$PEER/tinc.conf -# Sample tinc configuration. -# Insert your own ip numbers instead of the placeholders, -# and be sure to use your own passphrases. -# See man tinc.conf(5) tincd(8) genauth(8), info tinc and -# /usr/doc/%{name}-%{version}/tinc.conf.sample -TapDevice = /dev/tap0 -ConnectTo = $PEEREAL -MyVirtualIP = $ME/32 -AllowConnect = no -END -cat <$RPM_BUILD_ROOT/etc/tinc/$PEER/passphrases/local -1024 c1da5b633b428d783fec96ac89bb6bd4ed97ac673942706ba2240cde977158b7cd5f4055b7db70a7365d1f8df6a1a7c9dbb73f4e2bf8484fc14aee68d0f950e2bce82dd2a6386f040546a61e77cd1c25265ce03182e4e2c9a00ae0ea2f1f89ac04a10f7b67312187b5d2d74618803974ba6f053116b1460bc194c652dc28c84a -END -cat <$RPM_BUILD_ROOT/etc/tinc/$PEER/passphrases/$PEER -1024 9dff58799827c3ae73699d9d4029cf80ee4cfd3a8408495cdb68c78dec602c46f362aedeea80928384254bc7d0bfbf9756c0783b5ec9943161863530a8861947147d124286e8c46fd98af988c96ba65c63acefc01f6c03b6b8f7d9897acb02c083adb7416ee5ccbc19610a8b9ade2599d8f66e94c715f2e1a15054a78a3f3260 -END - -%clean -rm -rf $RPM_BUILD_ROOT - -%pre -%post - -/sbin/chkconfig --add tinc - -grep -q '^tinc[[:space:]]' /etc/services || patch -s /etc/services << END -*** services.org Tue Apr 18 13:22:22 2000 ---- services Tue Apr 18 13:24:19 2000 -*************** -*** 145,148 **** ---- 145,150 ---- - hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS - hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS -+ tinc 655/tcp TINC # tinc vpn -+ tinc 655/udp TINC # http://tinc.nl.linux.org/ - # - # UNIX specific services -END - -grep -q '^alias tap0' /etc/conf.modules || cat >> /etc/conf.modules << END -# tinc uses ethertap/netlink -alias tap0 ethertap -alias char-major-36 netlink_dev -END -/sbin/install-info /usr/info/tinc.info.gz /usr/info/dir - -%preun -/sbin/install-info --delete /usr/info/tinc.info.gz /usr/info/dir - -%postun - -%files -%doc AUTHORS ChangeLog NEWS README THANKS *.html doc/tinc.conf.sample -%config /etc/tinc/ -%attr(0755,root,root) /etc/rc.d/init.d/tinc -/usr/sbin/genauth -/usr/sbin/tincd -/usr/lib/tinc/ -/usr/man/man5/tinc.conf.5 -/usr/man/man8/genauth.8 -/usr/man/man8/tincd.8 -/usr/info/tinc.info.gz diff --git a/src/Makefile.am b/src/Makefile.am index eb7d3f21..5616c572 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,33 +1,31 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.12 2002/05/02 13:11:55 zarq Exp $ - -SUBDIRS = pokey +# $Id: Makefile.am,v 1.13 2003/08/24 20:38:23 guus Exp $ sbin_PROGRAMS = tincd -EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c +EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c mingw/device.c raw_socket/device.c + +tincd_SOURCES = conf.c connection.c edge.c event.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \ + net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ + protocol_key.c protocol_subnet.c route.c subnet.c tincd.c -tincd_SOURCES = read_conf.c device.c meta.c net_packet.c net_setup.c \ - net_socket.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ - protocol_key.c protocol_subnet.c route.c tincd.c net.c callbacks.c +nodist_tincd_SOURCES = device.c -INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl +DEFAULT_INCLUDES = -noinst_HEADERS = read_conf.h device.h meta.h process.h \ - protocol.h route.h callbacks.h +INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -LIBS = @LIBS@ @INTLLIBS@ +noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h logger.h meta.h net.h netutl.h node.h process.h \ + protocol.h route.h subnet.h + +LIBS = @LIBS@ @LIBINTL@ tincd_LDADD = \ - $(top_builddir)/lib/libtinc.a -lgcrypt + $(top_builddir)/lib/libvpn.a localedir = $(datadir)/locale -CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ - -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" +AM_CFLAGS = @CFLAGS@ -DCONFDIR=\"$(sysconfdir)\" -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" dist-hook: rm -f `find . -type l` - -lint: $(tincd_SOURCES) - lclint -nullassign -nullret +trytorecover +posixlib -skipansiheaders -skipposixheaders +gnuextensions -I/usr/include -I/usr/lib/gcc-lib/i386-linux/2.95.2/include -I. -I/home/zarq/p/tinc/cvs/cabal/src -I.. -I.. -I/home/zarq/p/tinc/cvs/cabal/lib -I/home/zarq/p/tinc/cvs/cabal/intl -D_POSIX_SOURCE -D__ELF__ -Dunix -D__i386__ -Dlinux -DHAVE_CONFIG_H -DPKGLIBDIR=/usr/local/lib/tinc -DCONFDIR=\"/usr/local/etc\" -DLOCALEDIR=\"/usr/local/share/locale\" $^ diff --git a/src/callbacks.c b/src/callbacks.c deleted file mode 100644 index b30e30d3..00000000 --- a/src/callbacks.c +++ /dev/null @@ -1,39 +0,0 @@ -#include "config.h" - -#include - -#include -#include - -#include "callbacks.h" -#include "process.h" - -#include "system.h" - -void hook_node_visible(const char *hooktype, va_list ap) -{ - char *name; - node_t *n; - - n = va_arg(ap, node_t*); - asprintf(&name, "hosts/%s-down", n->name); - execute_script(name); - free(name); -} - -void hook_node_invisible(const char *hooktype, va_list ap) -{ - char *name; - node_t *n; - - n = va_arg(ap, node_t*); - asprintf(&name, "hosts/%s-up", n->name); - execute_script(name); - free(name); -} - -void init_callbacks(void) -{ - add_hook("node-visible", hook_node_visible); - add_hook("node-invisible", hook_node_invisible); -} diff --git a/src/callbacks.h b/src/callbacks.h deleted file mode 100644 index 91d6321d..00000000 --- a/src/callbacks.h +++ /dev/null @@ -1,7 +0,0 @@ - -#ifndef __TINC_CALLBACKS_H__ -#define __TINC_CALLBACKS_H__ - -extern void init_callbacks(void); - -#endif /* __TINC_CALLBACKS_H__ */ diff --git a/src/conf.c b/src/conf.c new file mode 100644 index 00000000..52e291a8 --- /dev/null +++ b/src/conf.c @@ -0,0 +1,489 @@ +/* + conf.c -- configuration code + Copyright (C) 1998 Robert van der Meulen + 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen + 2000 Cris van Pelt + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: conf.c,v 1.14 2003/08/24 20:38:24 guus Exp $ +*/ + +#include "system.h" + +#include "avl_tree.h" +#include "conf.h" +#include "logger.h" +#include "netutl.h" /* for str2address */ +#include "utils.h" /* for cp */ +#include "xalloc.h" + +avl_tree_t *config_tree; + +int pingtimeout = 0; /* seconds before timeout */ +char *confbase = NULL; /* directory in which all config files are */ +char *netname = NULL; /* name of the vpn network */ + +static int config_compare(const config_t *a, const config_t *b) +{ + int result; + + result = strcasecmp(a->variable, b->variable); + + if(result) + return result; + + result = a->line - b->line; + + if(result) + return result; + else + return strcmp(a->file, b->file); +} + +void init_configuration(avl_tree_t ** config_tree) +{ + cp(); + + *config_tree = avl_alloc_tree((avl_compare_t) config_compare, (avl_action_t) free_config); +} + +void exit_configuration(avl_tree_t ** config_tree) +{ + cp(); + + avl_delete_tree(*config_tree); + *config_tree = NULL; +} + +config_t *new_config(void) +{ + cp(); + + return (config_t *) xmalloc_and_zero(sizeof(config_t)); +} + +void free_config(config_t *cfg) +{ + cp(); + + if(cfg->variable) + free(cfg->variable); + + if(cfg->value) + free(cfg->value); + + if(cfg->file) + free(cfg->file); + + free(cfg); +} + +void config_add(avl_tree_t *config_tree, config_t *cfg) +{ + cp(); + + avl_insert(config_tree, cfg); +} + +config_t *lookup_config(const avl_tree_t *config_tree, char *variable) +{ + config_t cfg, *found; + + cp(); + + cfg.variable = variable; + cfg.file = ""; + cfg.line = 0; + + found = avl_search_closest_greater(config_tree, &cfg); + + if(!found) + return NULL; + + if(strcasecmp(found->variable, variable)) + return NULL; + + return found; +} + +config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg) +{ + avl_node_t *node; + config_t *found; + + cp(); + + node = avl_search_node(config_tree, cfg); + + if(node) { + if(node->next) { + found = (config_t *) node->next->data; + + if(!strcasecmp(found->variable, cfg->variable)) + return found; + } + } + + return NULL; +} + +bool get_config_bool(const config_t *cfg, bool *result) +{ + cp(); + + if(!cfg) + return false; + + if(!strcasecmp(cfg->value, "yes")) { + *result = true; + return true; + } else if(!strcasecmp(cfg->value, "no")) { + *result = false; + return true; + } + + logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return false; +} + +bool get_config_int(const config_t *cfg, int *result) +{ + cp(); + + if(!cfg) + return false; + + if(sscanf(cfg->value, "%d", result) == 1) + return true; + + logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return false; +} + +bool get_config_string(const config_t *cfg, char **result) +{ + cp(); + + if(!cfg) + return false; + + *result = xstrdup(cfg->value); + + return true; +} + +bool get_config_address(const config_t *cfg, struct addrinfo **result) +{ + struct addrinfo *ai; + + cp(); + + if(!cfg) + return false; + + ai = str2addrinfo(cfg->value, NULL, 0); + + if(ai) { + *result = ai; + return true; + } + + logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return false; +} + +bool get_config_subnet(const config_t *cfg, subnet_t ** result) +{ + subnet_t *subnet; + + cp(); + + if(!cfg) + return false; + + subnet = str2net(cfg->value); + + if(!subnet) { + logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + return false; + } + + /* Teach newbies what subnets are... */ + + if(((subnet->type == SUBNET_IPV4) + && !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet->type == SUBNET_IPV6) + && !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { + logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + free(subnet); + return false; + } + + *result = subnet; + + return true; +} + +/* + Read exactly one line and strip the trailing newline if any. If the + file was on EOF, return NULL. Otherwise, return all the data in a + dynamically allocated buffer. + + If line is non-NULL, it will be used as an initial buffer, to avoid + unnecessary mallocing each time this function is called. If buf is + given, and buf needs to be expanded, the var pointed to by buflen + will be increased. +*/ +static char *readline(FILE * fp, char **buf, size_t *buflen) +{ + char *newline = NULL; + char *p; + char *line; /* The array that contains everything that has been read so far */ + char *idx; /* Read into this pointer, which points to an offset within line */ + size_t size, newsize; /* The size of the current array pointed to by line */ + size_t maxlen; /* Maximum number of characters that may be read with fgets. This is newsize - oldsize. */ + + if(feof(fp)) + return NULL; + + if(buf && buflen) { + size = *buflen; + line = *buf; + } else { + size = 100; + line = xmalloc(size); + } + + maxlen = size; + idx = line; + *idx = 0; + + for(;;) { + errno = 0; + p = fgets(idx, maxlen, fp); + + if(!p) { /* EOF or error */ + if(feof(fp)) + break; + + /* otherwise: error; let the calling function print an error message if applicable */ + free(line); + return NULL; + } + + newline = strchr(p, '\n'); + + if(!newline) { /* We haven't yet read everything to the end of the line */ + newsize = size << 1; + line = xrealloc(line, newsize); + idx = &line[size - 1]; + maxlen = newsize - size + 1; + size = newsize; + } else { + *newline = '\0'; /* kill newline */ + break; /* yay */ + } + } + + if(buf && buflen) { + *buflen = size; + *buf = line; + } + + return line; +} + +/* + Parse a configuration file and put the results in the configuration tree + starting at *base. +*/ +int read_config_file(avl_tree_t *config_tree, const char *fname) +{ + int err = -2; /* Parse error */ + FILE *fp; + char *buffer, *line; + char *variable, *value; + int lineno = 0; + int len; + bool ignore = false; + config_t *cfg; + size_t bufsize; + + cp(); + + fp = fopen(fname, "r"); + + if(!fp) { + logger(LOG_ERR, _("Cannot open config file %s: %s"), fname, + strerror(errno)); + return -3; + } + + bufsize = 100; + buffer = xmalloc(bufsize); + + for(;;) { + line = readline(fp, &buffer, &bufsize); + + if(!line) { + err = -1; + break; + } + + if(feof(fp)) { + err = 0; + break; + } + + lineno++; + + if(!*line || *line == '#') + continue; + + if(ignore) { + if(!strncmp(line, "-----END", 8)) + ignore = false; + continue; + } + + if(!strncmp(line, "-----BEGIN", 10)) { + ignore = true; + continue; + } + + variable = value = line; + + len = strcspn(value, "\t ="); + value += len; + value += strspn(value, "\t "); + if(*value == '=') { + value++; + value += strspn(value, "\t "); + } + variable[len] = '\0'; + + if(!*value) { + logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + variable, lineno, fname); + break; + } + + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = xstrdup(fname); + cfg->line = lineno; + + config_add(config_tree, cfg); + } + + free(buffer); + fclose(fp); + + return err; +} + +bool read_server_config() +{ + char *fname; + int x; + + cp(); + + asprintf(&fname, "%s/tinc.conf", confbase); + x = read_config_file(config_tree, fname); + + if(x == -1) { /* System error: complain */ + logger(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); + } + + free(fname); + + return x == 0; +} + +FILE *ask_and_open(const char *filename, const char *what, const char *mode) +{ + FILE *r; + char *directory; + char *fn; + + /* Check stdin and stdout */ + if(!isatty(0) || !isatty(1)) { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + fn = xstrdup(filename); + } else { + /* Ask for a file and/or directory name. */ + fprintf(stdout, _("Please enter a file to save %s to [%s]: "), + what, filename); + fflush(stdout); + + fn = readline(stdin, NULL, NULL); + + if(!fn) { + fprintf(stderr, _("Error while reading stdin: %s\n"), + strerror(errno)); + return NULL; + } + + if(!strlen(fn)) + /* User just pressed enter. */ + fn = xstrdup(filename); + } + +#ifdef HAVE_MINGW + if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) { +#else + if(fn[0] != '/') { +#endif + /* The directory is a relative path or a filename. */ + char *p; + + directory = get_current_dir_name(); + asprintf(&p, "%s/%s", directory, fn); + free(fn); + free(directory); + fn = p; + } + + umask(0077); /* Disallow everything for group and other */ + + /* Open it first to keep the inode busy */ + + r = fopen(fn, mode); + + if(!r) { + fprintf(stderr, _("Error opening file `%s': %s\n"), + fn, strerror(errno)); + free(fn); + return NULL; + } + + free(fn); + + return r; +} diff --git a/lib/conf.h b/src/conf.h similarity index 53% rename from lib/conf.h rename to src/conf.h index 49a7e531..e83a970f 100644 --- a/lib/conf.h +++ b/src/conf.h @@ -1,7 +1,7 @@ /* conf.h -- header for conf.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,49 +17,47 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.1 2002/04/28 12:46:25 zarq Exp $ + $Id: conf.h,v 1.11 2003/08/24 20:38:24 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ -#include -#include -#include -#include - -#include -#include "net.h" -#include "subnet.h" +#include "avl_tree.h" typedef struct config_t { - char *variable; - char *value; - char *file; - int line; + char *variable; + char *value; + char *file; + int line; } config_t; +#include "subnet.h" + extern avl_tree_t *config_tree; extern int pingtimeout; extern int maxtimeout; -extern int bypass_security; +extern bool bypass_security; extern char *confbase; extern char *netname; extern void init_configuration(avl_tree_t **); extern void exit_configuration(avl_tree_t **); -extern config_t *new_config(void); +extern config_t *new_config(void) __attribute__ ((__malloc__)); extern void free_config(config_t *); extern void config_add(avl_tree_t *, config_t *); -extern config_t *lookup_config(avl_tree_t *, char *); -extern config_t *lookup_config_next(avl_tree_t *, config_t *); -extern int get_config_bool(config_t *, int *); -extern int get_config_int(config_t *, int *); -extern int get_config_port(config_t *, port_t *); -extern int get_config_string(config_t *, char **); -extern int get_config_address(config_t *, struct addrinfo **); -struct subnet_t; /* Needed for next line. */ -extern int get_config_subnet(config_t *, struct subnet_t **); - -#endif /* __TINC_CONF_H__ */ +extern config_t *lookup_config(const avl_tree_t *, char *); +extern config_t *lookup_config_next(const avl_tree_t *, const config_t *); +extern bool get_config_bool(const config_t *, bool *); +extern bool get_config_int(const config_t *, int *); +extern bool get_config_string(const config_t *, char **); +extern bool get_config_address(const config_t *, struct addrinfo **); +extern bool get_config_subnet(const config_t *, struct subnet_t **); + +extern int read_config_file(avl_tree_t *, const char *); +extern bool read_server_config(void); +extern FILE *ask_and_open(const char *, const char *, const char *); +extern bool is_safe_path(const char *); + +#endif /* __TINC_CONF_H__ */ diff --git a/src/connection.c b/src/connection.c new file mode 100644 index 00000000..d970a9ae --- /dev/null +++ b/src/connection.c @@ -0,0 +1,143 @@ +/* + connection.c -- connection list management + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: connection.c,v 1.4 2003/08/24 20:38:24 guus Exp $ +*/ + +#include "system.h" + +#include "avl_tree.h" +#include "conf.h" +#include "list.h" +#include "logger.h" +#include "net.h" /* Don't ask. */ +#include "netutl.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" + +avl_tree_t *connection_tree; /* Meta connections */ +connection_t *broadcast; + +static int connection_compare(const connection_t *a, const connection_t *b) +{ + return (void *)a - (void *)b; +} + +void init_connections(void) +{ + cp(); + + connection_tree = avl_alloc_tree((avl_compare_t) connection_compare, NULL); + broadcast = new_connection(); + broadcast->name = xstrdup(_("everyone")); + broadcast->hostname = xstrdup(_("BROADCAST")); +} + +void exit_connections(void) +{ + cp(); + + avl_delete_tree(connection_tree); + free_connection(broadcast); +} + +connection_t *new_connection(void) +{ + connection_t *c; + + cp(); + + c = (connection_t *) xmalloc_and_zero(sizeof(connection_t)); + + if(!c) + return NULL; + + gettimeofday(&c->start, NULL); + + return c; +} + +void free_connection(connection_t *c) +{ + cp(); + + if(c->hostname) + free(c->hostname); + + if(c->inkey) + free(c->inkey); + + if(c->outkey) + free(c->outkey); + + if(c->mychallenge) + free(c->mychallenge); + + if(c->hischallenge) + free(c->hischallenge); + + free(c); +} + +void connection_add(connection_t *c) +{ + cp(); + + avl_insert(connection_tree, c); +} + +void connection_del(connection_t *c) +{ + cp(); + + avl_delete(connection_tree, c); +} + +void dump_connections(void) +{ + avl_node_t *node; + connection_t *c; + + cp(); + + logger(LOG_DEBUG, _("Connections:")); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + logger(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), + c->name, c->hostname, c->options, c->socket, *(uint32_t *)&c->status); + } + + logger(LOG_DEBUG, _("End of connections.")); +} + +bool read_connection_config(connection_t *c) +{ + char *fname; + int x; + + cp(); + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + x = read_config_file(c->config_tree, fname); + free(fname); + + return x == 0; +} diff --git a/src/connection.h b/src/connection.h new file mode 100644 index 00000000..0614b100 --- /dev/null +++ b/src/connection.h @@ -0,0 +1,110 @@ +/* + connection.h -- header for connection.c + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: connection.h,v 1.4 2003/08/24 20:38:24 guus Exp $ +*/ + +#ifndef __TINC_CONNECTION_H__ +#define __TINC_CONNECTION_H__ + +#include +#include + +#include "avl_tree.h" + +#define OPTION_INDIRECT 0x0001 +#define OPTION_TCPONLY 0x0002 + +typedef struct connection_status_t { + int pinged:1; /* sent ping */ + int active:1; /* 1 if active.. */ + int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ + int termreq:1; /* the termination of this connection was requested */ + int remove:1; /* Set to 1 if you want this connection removed */ + int timeout:1; /* 1 if gotten timeout */ + int encryptout:1; /* 1 if we can encrypt outgoing traffic */ + int decryptin:1; /* 1 if we have to decrypt incoming traffic */ + int mst:1; /* 1 if this connection is part of a minimum spanning tree */ + int unused:18; +} connection_status_t; + +#include "edge.h" +#include "list.h" +#include "net.h" +#include "node.h" + +typedef struct connection_t { + char *name; /* name he claims to have */ + + union sockaddr_t address; /* his real (internet) ip */ + char *hostname; /* the hostname of its real ip */ + int protocol_version; /* used protocol */ + + int socket; /* socket used for this connection */ + long int options; /* options for this connection */ + struct connection_status_t status; /* status info */ + int estimated_weight; /* estimation for the weight of the edge for this connection */ + struct timeval start; /* time this connection was started, used for above estimation */ + struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ + + struct node_t *node; /* node associated with the other end */ + struct edge_t *edge; /* edge associated with this connection */ + + RSA *rsa_key; /* his public/private key */ + const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ + const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ + EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ + EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ + char *inkey; /* His symmetric meta key + iv */ + char *outkey; /* Our symmetric meta key + iv */ + int inkeylength; /* Length of his key + iv */ + int outkeylength; /* Length of our key + iv */ + const EVP_MD *indigest; + const EVP_MD *outdigest; + int inmaclength; + int outmaclength; + int incompression; + int outcompression; + char *mychallenge; /* challenge we received from him */ + char *hischallenge; /* challenge we sent to him */ + + char buffer[MAXBUFSIZE]; /* metadata input buffer */ + int buflen; /* bytes read into buffer */ + int reqlen; /* length of incoming request */ + int tcplen; /* length of incoming TCPpacket */ + int allow_request; /* defined if there's only one request possible */ + + time_t last_ping_time; /* last time we saw some activity from the other end */ + + avl_tree_t *config_tree; /* Pointer to configuration tree belonging to him */ +} connection_t; + +extern avl_tree_t *connection_tree; +extern connection_t *broadcast; + +extern void init_connections(void); +extern void exit_connections(void); +extern connection_t *new_connection(void) __attribute__ ((__malloc__)); +extern void free_connection(connection_t *); +extern void connection_add(connection_t *); +extern void connection_del(connection_t *); +extern void dump_connections(void); +extern bool read_connection_config(connection_t *); + +#endif /* __TINC_CONNECTION_H__ */ diff --git a/src/cygwin/device.c b/src/cygwin/device.c new file mode 100644 index 00000000..9cbb00aa --- /dev/null +++ b/src/cygwin/device.c @@ -0,0 +1,290 @@ +/* + device.c -- Interaction with Windows tap driver in a Cygwin environment + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.2 2003/08/24 20:38:29 guus Exp $ +*/ + +#include "system.h" + +#include +#include + +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" + +#define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" + +#define USERMODEDEVICEDIR "\\\\.\\" +#define USERDEVICEDIR "\\??\\" +#define TAPSUFFIX ".tap" + +#define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) + +#define TAP_IOCTL_GET_LASTMAC TAP_CONTROL_CODE(0, METHOD_BUFFERED) +#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) +#define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) + +int device_fd = -1; +static HANDLE device_handle = INVALID_HANDLE_VALUE; +char *device = NULL; +char *iface = NULL; +char *device_info = NULL; + +int device_total_in = 0; +int device_total_out = 0; + +pid_t reader_pid; +int sp[2]; + +bool setup_device(void) +{ + HKEY key, key2; + int i; + + char regpath[1024]; + char adapterid[1024]; + char adaptername[1024]; + char tapname[1024]; + char gelukt = 0; + long len; + + bool found = false; + + cp(); + + get_config_string(lookup_config(config_tree, "Device"), &device); + get_config_string(lookup_config(config_tree, "Interface"), &iface); + + /* Open registry and look for network adapters */ + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CONTROL_NET, 0, KEY_READ, &key)) { + logger(LOG_ERR, _("Unable to read registry: %s"), winerror(GetLastError())); + return false; + } + + for (i = 0; ; i++) { + len = sizeof(adapterid); + if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) + break; + + /* Find out more about this adapter */ + + snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) + continue; + + len = sizeof(adaptername); + err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + + RegCloseKey(key2); + + if(err) + continue; + + if(device) { + if(!strcmp(device, adapterid)) { + found = true; + break; + } else + continue; + } + + if(iface) { + if(!strcmp(iface, adaptername)) { + found = true; + break; + } else + continue; + } + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid); + device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + if(device_handle != INVALID_HANDLE_VALUE) { + CloseHandle(device_handle); + found = true; + break; + } + } + + RegCloseKey(key); + + if(!found) { + logger(LOG_ERR, _("No Windows tap device found!")); + return false; + } + + if(!device) + device = xstrdup(adapterid); + + if(!iface) + iface = xstrdup(adaptername); + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device); + + /* Now we are going to open this device twice: once for reading and once for writing. + We do this because apparently it isn't possible to check for activity in the select() loop. + Furthermore I don't really know how to do it the "Windows" way. */ + + if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); + return false; + } + + /* The parent opens the tap device for writing. */ + + device_handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(device_handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open Windows tap device %s (%s) for writing: %s"), device, iface, winerror(GetLastError())); + return false; + } + + device_fd = sp[0]; + + /* Get MAC address from tap device */ + + if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + logger(LOG_ERR, _("Could not get MAC address from Windows tap device %s (%s): %s"), device, iface, winerror(GetLastError())); + return false; + } + + if(routing_mode == RMODE_ROUTER) { + overwrite_mac = 1; + } + + /* Now we start the child */ + + reader_pid = fork(); + + if(reader_pid == -1) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); + return false; + } + + if(!reader_pid) { + /* The child opens the tap device for reading, blocking. + It passes everything it reads to the socket. */ + + char buf[MTU]; + long lenin; + + CloseHandle(device_handle); + + device_handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + + if(device_handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open Windows tap device %s (%s) for reading: %s"), device, iface, winerror(GetLastError())); + buf[0] = 0; + write(sp[1], buf, 1); + exit(1); + } + + logger(LOG_DEBUG, _("Tap reader forked and running.")); + + /* Notify success */ + + buf[0] = 1; + write(sp[1], buf, 1); + + /* Pass packets */ + + for(;;) { + ReadFile(device_handle, buf, MTU, &lenin, NULL); + write(sp[1], buf, lenin); + } + } + + read(device_fd, &gelukt, 1); + if(gelukt != 1) { + logger(LOG_DEBUG, _("Tap reader failed!")); + return false; + } + + device_info = _("Windows tap device"); + + logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); + + return true; +} + +void close_device(void) +{ + cp(); + + close(sp[0]); + close(sp[1]); + CloseHandle(device_handle); + + kill(reader_pid, SIGKILL); +} + +bool read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = read(sp[0], packet->data, MTU)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return true; +} + +bool write_packet(vpn_packet_t *packet) +{ + long lenout; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(!WriteFile (device_handle, packet->data, packet->len, &lenout, NULL)) { + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, winerror(GetLastError())); + return false; + } + + device_total_out += packet->len; + + return true; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} diff --git a/src/darwin/device.c b/src/darwin/device.c new file mode 100644 index 00000000..ef2d7f3f --- /dev/null +++ b/src/darwin/device.c @@ -0,0 +1,118 @@ +/* + device.c -- Interaction with MacOS/X tun device + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.2 2003/08/24 20:38:29 guus Exp $ +*/ + +#include "system.h" + +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "utils.h" + +#define DEFAULT_DEVICE "/dev/tun0" + +int device_fd = -1; +char *device; +char *iface; +char *device_info; +int device_total_in = 0; +int device_total_out = 0; + +bool setup_device(void) +{ + cp(); + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return false; + } + + device_info = _("MacOS/X tun device"); + + logger(LOG_INFO, _("%s is a %s"), device, device_info); + + return true; +} + +void close_device(void) +{ + cp(); + + close(device_fd); +} + +bool read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + packet->data[12] = 0x08; + packet->data[13] = 0x00; + + packet->len = lenin + 14; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), + packet->len, device_info); + + return true; +} + +bool write_packet(vpn_packet_t *packet) +{ + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + device_total_out += packet->len; + + return true; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} diff --git a/src/device.h b/src/device.h index aa53395b..4762f1ea 100644 --- a/src/device.h +++ b/src/device.h @@ -1,7 +1,7 @@ /* net.h -- generic header for device.c - Copyright (C) 2001-2002 Ivo Timmermans - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,20 +17,23 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: device.h,v 1.3 2003/08/24 20:38:24 guus Exp $ */ #ifndef __TINC_DEVICE_H__ #define __TINC_DEVICE_H__ +#include "net.h" + extern int device_fd; extern char *device; -extern char *interface; -extern int setup_device(void); +extern char *iface; + +extern bool setup_device(void); extern void close_device(void); -extern int read_packet(vpn_packet_t *); -extern int write_packet(vpn_packet_t *); +extern bool read_packet(struct vpn_packet_t *); +extern bool write_packet(struct vpn_packet_t *); extern void dump_device_stats(void); -#endif /* __TINC_DEVICE_H__ */ +#endif /* __TINC_DEVICE_H__ */ diff --git a/src/edge.c b/src/edge.c new file mode 100644 index 00000000..97b3947b --- /dev/null +++ b/src/edge.c @@ -0,0 +1,162 @@ +/* + edge.c -- edge tree management + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: edge.c,v 1.4 2003/08/24 20:38:24 guus Exp $ +*/ + +#include "system.h" + +#include "avl_tree.h" +#include "edge.h" +#include "logger.h" +#include "netutl.h" +#include "node.h" +#include "utils.h" +#include "xalloc.h" + +avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ + +static int edge_compare(const edge_t *a, const edge_t *b) +{ + return strcmp(a->to->name, b->to->name); +} + +static int edge_weight_compare(const edge_t *a, const edge_t *b) +{ + int result; + + result = a->weight - b->weight; + + if(result) + return result; + + result = strcmp(a->from->name, b->from->name); + + if(result) + return result; + + return strcmp(a->to->name, b->to->name); +} + +void init_edges(void) +{ + cp(); + + edge_weight_tree = avl_alloc_tree((avl_compare_t) edge_weight_compare, NULL); +} + +avl_tree_t *new_edge_tree(void) +{ + cp(); + + return avl_alloc_tree((avl_compare_t) edge_compare, (avl_action_t) free_edge); +} + +void free_edge_tree(avl_tree_t *edge_tree) +{ + cp(); + + avl_delete_tree(edge_tree); +} + +void exit_edges(void) +{ + cp(); + + avl_delete_tree(edge_weight_tree); +} + +/* Creation and deletion of connection elements */ + +edge_t *new_edge(void) +{ + cp(); + + return (edge_t *) xmalloc_and_zero(sizeof(edge_t)); +} + +void free_edge(edge_t *e) +{ + cp(); + + sockaddrfree(&e->address); + + free(e); +} + +void edge_add(edge_t *e) +{ + cp(); + + avl_insert(edge_weight_tree, e); + avl_insert(e->from->edge_tree, e); + + e->reverse = lookup_edge(e->to, e->from); + + if(e->reverse) + e->reverse->reverse = e; +} + +void edge_del(edge_t *e) +{ + cp(); + + if(e->reverse) + e->reverse->reverse = NULL; + + avl_delete(edge_weight_tree, e); + avl_delete(e->from->edge_tree, e); +} + +edge_t *lookup_edge(node_t *from, node_t *to) +{ + edge_t v; + + cp(); + + v.from = from; + v.to = to; + + return avl_search(from->edge_tree, &v); +} + +void dump_edges(void) +{ + avl_node_t *node, *node2; + node_t *n; + edge_t *e; + char *address; + + cp(); + + logger(LOG_DEBUG, _("Edges:")); + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + for(node2 = n->edge_tree->head; node2; node2 = node2->next) { + e = (edge_t *) node2->data; + address = sockaddr2hostname(&e->address); + logger(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), + e->from->name, e->to->name, address, e->options, e->weight); + free(address); + } + } + + logger(LOG_DEBUG, _("End of edges.")); +} diff --git a/lib/edge.h b/src/edge.h similarity index 51% rename from lib/edge.h rename to src/edge.h index c2b2956e..a001d518 100644 --- a/lib/edge.h +++ b/src/edge.h @@ -1,7 +1,7 @@ /* edge.h -- header for edge.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,48 +17,40 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1 2002/04/28 12:46:25 zarq Exp $ + $Id: edge.h,v 1.4 2003/08/24 20:38:24 guus Exp $ */ #ifndef __TINC_EDGE_H__ #define __TINC_EDGE_H__ -#include - +#include "avl_tree.h" +#include "connection.h" #include "net.h" #include "node.h" -#include "connection.h" - -typedef struct halfconnection_t { - struct node_t *node; /* node associated with this end of the connection */ -/* sockaddr_t tcpaddress; */ /* real (internet) ip on this end of the meta connection */ - sockaddr_t udpaddress; /* real (internet) ip on this end of the vpn connection */ -} halfconnection_t; typedef struct edge_t { - struct halfconnection_t from; - struct halfconnection_t to; + struct node_t *from; + struct node_t *to; + sockaddr_t address; - long int options; /* options turned on for this edge */ - int weight; /* weight of this edge */ - - struct connection_t *connection; /* connection associated with this edge, if available */ + long int options; /* options turned on for this edge */ + int weight; /* weight of this edge */ - void *if_data; /* Interface data */ + struct connection_t *connection; /* connection associated with this edge, if available */ + struct edge_t *reverse; /* edge in the opposite direction, if available */ } edge_t; -extern avl_tree_t *edge_tree; /* Tree with all known edges (replaces active_tree) */ -extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ +extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ extern void init_edges(void); extern void exit_edges(void); -extern edge_t *new_edge(void); +extern edge_t *new_edge(void) __attribute__ ((__malloc__)); extern void free_edge(edge_t *); -extern avl_tree_t *new_edge_tree(void); +extern avl_tree_t *new_edge_tree(void) __attribute__ ((__malloc__)); extern void free_edge_tree(avl_tree_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); extern edge_t *lookup_edge(struct node_t *, struct node_t *); extern void dump_edges(void); -#endif /* __TINC_EDGE_H__ */ +#endif /* __TINC_EDGE_H__ */ diff --git a/src/encr.c b/src/encr.c deleted file mode 100644 index 8aae04b4..00000000 --- a/src/encr.c +++ /dev/null @@ -1,358 +0,0 @@ -/* - encr.c -- everything that deals with encryption - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: encr.c,v 1.13 2000/10/18 20:12:08 zarq Exp $ -*/ - -#include "config.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_GMP_H -# include -#else -# ifdef HAVE_GMP2_GMP_H -# include -# endif -#endif - -#include -#include - -#include - -#include "conf.h" -#include "encr.h" -#include "net.h" -#include "protocol.h" - -#include "system.h" - -#define ENCR_GENERATOR "0xd" -#define ENCR_PRIME "0x7fffffffffffffffffffffffffffffff" /* Mersenne :) */ - -char text_key[1000]; -char *my_public_key_base36; -int key_inited = 0, encryption_keylen; -mpz_t my_private_key, my_public_key, generator, shared_prime; -int my_key_expiry = (time_t)(-1); - -char* mypassphrase; -int mypassphraselen; - -int char_hex_to_bin(int c) -{ - if(isdigit(c)) - return c - '0'; - else - return tolower(c) - 'a' + 10; -} - -int str_hex_to_bin(unsigned char *bin, unsigned char *hex) -{ - int i = 0, j = 0, l = strlen(hex); -cp - if(l&1) - { - i = j = 1; - bin[0] = char_hex_to_bin(hex[0]); - } - for(; i < l; i+=2, j++) - bin[j] = (char_hex_to_bin(hex[i]) << 4) + char_hex_to_bin(hex[i+1]); -cp - return j&1?j+1:j; -} - -int read_passphrase(char *which, char **out) -{ - FILE *f; - config_t const *cfg; - char *filename; - int size; - extern char *confbase; - char *pp; -cp - if((cfg = get_config_val(passphrasesdir)) == NULL) - { - asprintf(&filename, "%spassphrases/%s", confbase, which); - } - else - { - asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which); - } - - if((f = fopen(filename, "rb")) == NULL) - { - if(debug_lvl > 1) - syslog(LOG_ERR, _("Could not open %s: %m"), filename); - return -1; - } - - fscanf(f, "%d ", &size); - if(size < 1 || size > (1<<15)) - { - syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size); - return -1; - } - - /* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */ - - pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */ - fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */ - fclose(f); - - *out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */ -cp - return str_hex_to_bin(*out, pp); -} - -int read_my_passphrase(void) -{ -cp - if((mypassphraselen = read_passphrase("local", &mypassphrase)) < 0) - return -1; -cp - return 0; -} - -int generate_private_key(void) -{ - FILE *f; - int i; - char *s; - config_t const *cfg; -cp - if((cfg = get_config_val(keyexpire)) == NULL) - my_key_expiry = (time_t)(time(NULL) + 3600); - else - my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - - if(debug_lvl > 1) - syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); - - if((f = fopen("/dev/urandom", "r")) == NULL) - { - syslog(LOG_ERR, _("Opening /dev/urandom failed: %m")); - return -1; - } - - s = xmalloc((2 * PRIVATE_KEY_LENGTH) + 1); - - for(i = 0; i < PRIVATE_KEY_LENGTH; i++) - sprintf(&s[i << 1], "%02x", fgetc(f)); - - s[2 * PRIVATE_KEY_LENGTH] = '\0'; - - mpz_set_str(my_private_key, s, 16); -cp - return 0; -} - -void calculate_public_key(void) -{ -cp - mpz_powm(my_public_key, generator, my_private_key, shared_prime); - my_public_key_base36 = mpz_get_str(NULL, 36, my_public_key); -cp -} - -unsigned char static_key[] = { 0x9c, 0xbf, 0x36, 0xa9, 0xce, 0x20, 0x1b, 0x8b, 0x67, 0x56, 0x21, 0x5d, 0x27, 0x1b, 0xd8, 0x7a }; - -int security_init(void) -{ -cp - mpz_init(my_private_key); - mpz_init(my_public_key); - mpz_init_set_str(shared_prime, ENCR_PRIME, 0); - mpz_init_set_str(generator, ENCR_GENERATOR, 0); - - if(read_my_passphrase() < 0) - return -1; - if(generate_private_key() < 0) - return -1; - - if(cipher_init(CIPHER_BLOWFISH) < 0) - return -1; - - calculate_public_key(); -cp - return 0; -} - -void set_shared_key(char *almost_key) -{ - char *tmp; - int len; - mpz_t ak, our_shared_key; -cp - mpz_init_set_str(ak, almost_key, 36); - mpz_init(our_shared_key); - mpz_powm(our_shared_key, ak, my_private_key, shared_prime); - - tmp = mpz_get_str(NULL, 16, our_shared_key); - len = str_hex_to_bin(text_key, tmp); - - cipher_set_key(&encryption_key, len, text_key); - key_inited = 1; - encryption_keylen = len; - - if(debug_lvl > 2) - syslog(LOG_INFO, _("Encryption key set to %s"), tmp); - - free(tmp); - mpz_clear(ak); - mpz_clear(our_shared_key); -cp -} - - -void encrypt_passphrase(passphrase_t *pp) -{ - char key[1000]; - char tmp[1000]; - unsigned char phrase[1000]; - int keylen; - int i; - BF_KEY bf_key; - -cp - mpz_get_str(tmp, 16, my_public_key); - keylen = str_hex_to_bin(key, tmp); - - cipher_set_key(&bf_key, keylen, key); - - low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT); - pp->len = ((mypassphraselen - 1) | 7) + 1; - pp->phrase = xmalloc((pp->len << 1) + 1); - - for(i = 0; i < pp->len; i++) - snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]); - - pp->phrase[(pp->len << 1) + 1] = '\0'; - - if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, text_key); -cp -} - -int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) -{ - char key[1000]; - char *tmp; - unsigned char phrase[1000]; - int keylen, pplen; - mpz_t pk; - unsigned char *out; - BF_KEY bf_key; - char *which; - char *meuk; -cp - mpz_init_set_str(pk, his_pubkey, 36); - tmp = mpz_get_str(NULL, 16, pk); - keylen = str_hex_to_bin(key, tmp); - out = xmalloc((cl->pp->len >> 1) + 3); - pplen = str_hex_to_bin(phrase, cl->pp->phrase); - - cipher_set_key(&bf_key, keylen, key); - low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT); - if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, text_key); - - asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); - if((pplen = read_passphrase(which, &meuk)) < 0) - return -1; - - if(memcmp(meuk, out, pplen)) - return -1; -cp - return 0; -} - -char *make_shared_key(char *pk) -{ - mpz_t tmp, res; - char *r; -cp - mpz_init_set_str(tmp, pk, 36); - mpz_init(res); - mpz_powm(res, tmp, my_private_key, shared_prime); - - r = mpz_get_str(NULL, 36, res); - - mpz_clear(res); - mpz_clear(tmp); -cp - return r; -} - -/* - free a key after overwriting it -*/ -void free_key(enc_key_t *k) -{ -cp - if(!k) - return; - if(k->key) - { - memset(k->key, (char)(-1), k->length); - free(k->key); - } - free(k); -cp -} - -void recalculate_encryption_keys(void) -{ - conn_list_t *p; - char *ek; -cp - for(p = conn_list; p != NULL; p = p->next) - { - if(!p->public_key || !p->public_key->key) - /* We haven't received a key from this host (yet). */ - continue; - ek = make_shared_key(p->public_key->key); - free_key(p->datakey); - p->datakey = xmalloc(sizeof(*p->datakey)); - p->datakey->length = strlen(ek); - p->datakey->expiry = p->public_key->expiry; - p->datakey->key = xmalloc(strlen(ek) + 1); - strcpy(p->datakey->key, ek); - } -cp -} - -void regenerate_keys(void) -{ -cp - generate_private_key(); - calculate_public_key(); - send_key_changed_all(); - recalculate_encryption_keys(); -cp -} diff --git a/src/encr.h b/src/encr.h deleted file mode 100644 index e9bc67e4..00000000 --- a/src/encr.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - encr.h -- header for encr.c - Copyright (C) 1998,1999,2000 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: encr.h,v 1.3 2000/10/18 20:12:08 zarq Exp $ -*/ - -#ifndef __TINC_ENCR_H__ -#define __TINC_ENCR_H__ - -#include "net.h" - -#define PRIVATE_KEY_BITS 128 -#define PRIVATE_KEY_LENGTH (PRIVATE_KEY_BITS >> 3) - -extern char *my_public_key_base36; -extern int my_key_expiry; - -extern int security_init(void); - -extern int send_portnumbers(int); -extern void set_shared_key(char *); -extern int send_passphrase(conn_list_t *); -extern int send_public_key(conn_list_t *); -extern int verify_passphrase(conn_list_t *, unsigned char *); -extern char *make_shared_key(char*); -extern void encrypt_passphrase(passphrase_t *pp); -extern void free_key(enc_key_t*); -extern void regenerate_keys(void); - -#endif /* __TINC_ENCR_H__ */ - diff --git a/lib/event.c b/src/event.c similarity index 51% rename from lib/event.c rename to src/event.c index 3c54c692..2396d478 100644 --- a/lib/event.c +++ b/src/event.c @@ -1,7 +1,7 @@ /* event.c -- event queue - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans + Copyright (C) 2002-2003 Guus Sliepen , + 2002-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,94 +17,89 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1 2002/05/02 13:11:55 zarq Exp $ + $Id: event.c,v 1.4 2003/08/24 20:38:24 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include +#include "system.h" +#include "avl_tree.h" #include "event.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" avl_tree_t *event_tree; extern time_t now; int id; -int event_compare(event_t *a, event_t *b) +static int event_compare(const event_t *a, const event_t *b) { - if(a->time > b->time) - return 1; - if(a->time < b->time) - return -1; - return a->id - b->id; + if(a->time > b->time) + return 1; + + if(a->time < b->time) + return -1; + + return a->id - b->id; } void init_events(void) { -cp - event_tree = avl_alloc_tree((avl_compare_t)event_compare, NULL); -cp + cp(); + + event_tree = avl_alloc_tree((avl_compare_t) event_compare, NULL); } void exit_events(void) { -cp - avl_delete_tree(event_tree); -cp + cp(); + + avl_delete_tree(event_tree); } event_t *new_event(void) { - event_t *event; -cp - event = (event_t *)xmalloc_and_zero(sizeof(*event)); -cp - return event; + cp(); + + return (event_t *) xmalloc_and_zero(sizeof(event_t)); } void free_event(event_t *event) { -cp - free(event); -cp + cp(); + + free(event); } void event_add(event_t *event) { -cp - event->id = ++id; - avl_insert(event_tree, event); -cp + cp(); + + event->id = ++id; + avl_insert(event_tree, event); } void event_del(event_t *event) { -cp - avl_delete(event_tree, event); -cp + cp(); + + avl_delete(event_tree, event); } event_t *get_expired_event(void) { - event_t *event; -cp - if(event_tree->head) - { - event = (event_t *)event_tree->head->data; - if(event->time < now) - { - avl_delete(event_tree, event); - return event; - } - } -cp - return NULL; + event_t *event; + + cp(); + + if(event_tree->head) { + event = (event_t *) event_tree->head->data; + + if(event->time < now) { + avl_delete(event_tree, event); + return event; + } + } + + return NULL; } diff --git a/lib/event.h b/src/event.h similarity index 73% rename from lib/event.h rename to src/event.h index df0c6d8c..0bc712c4 100644 --- a/lib/event.h +++ b/src/event.h @@ -1,7 +1,7 @@ /* event.h -- header for event.c - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans + Copyright (C) 2002-2003 Guus Sliepen , + 2002-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,32 +17,31 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1 2002/05/02 13:11:55 zarq Exp $ + $Id: event.h,v 1.4 2003/08/24 20:38:24 guus Exp $ */ #ifndef __TINC_EVENT_H__ #define __TINC_EVENT_H__ -#include -#include +#include "avl_tree.h" -avl_tree_t *event_tree; +extern avl_tree_t *event_tree; typedef void (*event_handler_t)(void *); typedef struct { - time_t time; - int id; - event_handler_t handler; - void *data; + time_t time; + int id; + event_handler_t handler; + void *data; } event_t; extern void init_events(void); extern void exit_events(void); -extern event_t *new_event(void); +extern event_t *new_event(void) __attribute__ ((__malloc__)); extern void free_event(event_t *); extern void event_add(event_t *); extern void event_del(event_t *); extern event_t *get_expired_event(void); -#endif /* __TINC_EVENT_H__ */ +#endif /* __TINC_EVENT_H__ */ diff --git a/src/graph.c b/src/graph.c new file mode 100644 index 00000000..31ead947 --- /dev/null +++ b/src/graph.c @@ -0,0 +1,292 @@ +/* + graph.c -- graph algorithms + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: graph.c,v 1.6 2003/08/24 20:38:24 guus Exp $ +*/ + +/* We need to generate two trees from the graph: + + 1. A minimum spanning tree for broadcasts, + 2. A single-source shortest path tree for unicasts. + + Actually, the first one alone would suffice but would make unicast packets + take longer routes than necessary. + + For the MST algorithm we can choose from Prim's or Kruskal's. I personally + favour Kruskal's, because we make an extra AVL tree of edges sorted on + weights (metric). That tree only has to be updated when an edge is added or + removed, and during the MST algorithm we just have go linearly through that + tree, adding safe edges until #edges = #nodes - 1. The implementation here + however is not so fast, because I tried to avoid having to make a forest and + merge trees. + + For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a + simple breadth-first search is presented here. + + The SSSP algorithm will also be used to determine whether nodes are directly, + indirectly or not reachable from the source. It will also set the correct + destination address and port of a node if possible. +*/ + +#include "system.h" + +#include "avl_tree.h" +#include "connection.h" +#include "device.h" +#include "edge.h" +#include "logger.h" +#include "netutl.h" +#include "node.h" +#include "process.h" +#include "utils.h" + +/* Implementation of Kruskal's algorithm. + Running time: O(EN) + Please note that sorting on weight is already done by add_edge(). +*/ + +void mst_kruskal(void) +{ + avl_node_t *node, *next; + edge_t *e; + node_t *n; + connection_t *c; + int nodes = 0; + int safe_edges = 0; + bool skipped; + + cp(); + + /* Clear MST status on connections */ + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + c->status.mst = false; + } + + /* Do we have something to do at all? */ + + if(!edge_weight_tree->head) + return; + + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, "Running Kruskal's algorithm:"); + + /* Clear visited status on nodes */ + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + n->status.visited = false; + nodes++; + } + + /* Starting point */ + + ((edge_t *) edge_weight_tree->head->data)->from->status.visited = true; + + /* Add safe edges */ + + for(skipped = false, node = edge_weight_tree->head; node; node = next) { + next = node->next; + e = (edge_t *) node->data; + + if(!e->reverse || e->from->status.visited == e->to->status.visited) { + skipped = true; + continue; + } + + e->from->status.visited = true; + e->to->status.visited = true; + + if(e->connection) + e->connection->status.mst = true; + + if(e->reverse->connection) + e->reverse->connection->status.mst = true; + + safe_edges++; + + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, + e->to->name, e->weight); + + if(skipped) { + skipped = false; + next = edge_weight_tree->head; + continue; + } + } + + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, + safe_edges); +} + +/* Implementation of a simple breadth-first search algorithm. + Running time: O(E) +*/ + +void sssp_bfs(void) +{ + avl_node_t *node, *from, *next, *to; + edge_t *e; + node_t *n; + avl_tree_t *todo_tree; + bool indirect; + char *name; + char *address, *port; + char *envp[7]; + int i; + + cp(); + + todo_tree = avl_alloc_tree(NULL, NULL); + + /* Clear visited status on nodes */ + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + n->status.visited = false; + n->status.indirect = true; + } + + /* Begin with myself */ + + myself->status.visited = true; + myself->status.indirect = false; + myself->nexthop = myself; + myself->via = myself; + node = avl_alloc_node(); + node->data = myself; + avl_insert_top(todo_tree, node); + + /* Loop while todo_tree is filled */ + + while(todo_tree->head) { + for(from = todo_tree->head; from; from = next) { /* "from" is the node from which we start */ + next = from->next; + n = (node_t *) from->data; + + for(to = n->edge_tree->head; to; to = to->next) { /* "to" is the edge connected to "from" */ + e = (edge_t *) to->data; + + if(!e->reverse) + continue; + + /* Situation: + + / + / + ------(n)-----(e->to) + \ + \ + + n->address is set to the e->address of the edge left of n to n. + We are currently examining the edge e right of n from n: + + - If e->reverse->address != n->address, then e->to is probably + not reachable for the nodes left of n. We do as if the indirectdata + flag is set on edge e. + - If edge e provides for better reachability of e->to, update + e->to and (re)add it to the todo_tree to (re)examine the reachability + of nodes behind it. + */ + + indirect = n->status.indirect || e->options & OPTION_INDIRECT + || ((n != myself) && sockaddrcmp(&n->address, &e->reverse->address)); + + if(e->to->status.visited + && (!e->to->status.indirect || indirect)) + continue; + + e->to->status.visited = true; + e->to->status.indirect = indirect; + e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop; + e->to->via = indirect ? n->via : e->to; + e->to->options = e->options; + + if(sockaddrcmp(&e->to->address, &e->address)) { + node = avl_unlink(node_udp_tree, e->to); + sockaddrfree(&e->to->address); + sockaddrcpy(&e->to->address, &e->address); + + if(e->to->hostname) + free(e->to->hostname); + + e->to->hostname = sockaddr2hostname(&e->to->address); + avl_insert_node(node_udp_tree, node); + } + + node = avl_alloc_node(); + node->data = e->to; + avl_insert_before(todo_tree, from, node); + } + + avl_delete_node(todo_tree, from); + } + } + + avl_free_tree(todo_tree); + + /* Check reachability status. */ + + for(node = node_tree->head; node; node = next) { + next = node->next; + n = (node_t *) node->data; + + if(n->status.visited != n->status.reachable) { + n->status.reachable = !n->status.reachable; + + if(n->status.reachable) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Node %s (%s) became reachable"), + n->name, n->hostname); + } else { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Node %s (%s) became unreachable"), + n->name, n->hostname); + } + + n->status.validkey = false; + n->status.waitingforkey = false; + + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); + asprintf(&envp[3], "NODE=%s", n->name); + sockaddr2str(&n->address, &address, &port); + asprintf(&envp[4], "REMOTEADDRESS=%s", address); + asprintf(&envp[5], "REMOTEPORT=%s", port); + envp[6] = NULL; + + asprintf(&name, + n->status.reachable ? "hosts/%s-up" : "hosts/%s-down", + n->name); + execute_script(name, envp); + + free(name); + free(address); + free(port); + + for(i = 0; i < 7; i++) + free(envp[i]); + } + } +} + +void graph(void) +{ + mst_kruskal(); + sssp_bfs(); +} diff --git a/lib/graph.h b/src/graph.h similarity index 81% rename from lib/graph.h rename to src/graph.h index b14841ea..ba578788 100644 --- a/lib/graph.h +++ b/src/graph.h @@ -1,7 +1,7 @@ /* graph.h -- header for graph.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.h,v 1.1 2002/05/02 11:50:07 zarq Exp $ + $Id: graph.h,v 1.4 2003/08/24 20:38:24 guus Exp $ */ extern void graph(void); diff --git a/src/logger.c b/src/logger.c new file mode 100644 index 00000000..6ea68846 --- /dev/null +++ b/src/logger.c @@ -0,0 +1,135 @@ +/* + logger.c -- logging code + Copyright (C) 2003 Guus Sliepen + 2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: logger.c,v 1.2 2003/08/24 20:38:24 guus Exp $ +*/ + +#include "system.h" + +#include "conf.h" +#include "logger.h" + +debug_t debug_level = DEBUG_NOTHING; +static logmode_t logmode = LOGMODE_STDERR; +static pid_t logpid; +extern char *logfilename; +static FILE *logfile = NULL; +#ifdef HAVE_MINGW +static HANDLE loghandle = NULL; +#endif +static const char *logident = NULL; + +void openlogger(const char *ident, logmode_t mode) { + logident = ident; + logmode = mode; + + switch(mode) { + case LOGMODE_STDERR: + logpid = getpid(); + break; + case LOGMODE_FILE: + logpid = getpid(); + logfile = fopen(logfilename, "a"); + if(!logfile) + logmode = LOGMODE_NULL; + break; + case LOGMODE_SYSLOG: +#ifdef HAVE_MINGW + loghandle = RegisterEventSource(NULL, logident); + if(!loghandle) + logmode = LOGMODE_NULL; + break; +#else +#ifdef HAVE_SYSLOG_H + openlog(logident, LOG_CONS | LOG_PID, LOG_DAEMON); + break; +#endif +#endif + case LOGMODE_NULL: + break; + } +} + +void logger(int priority, const char *format, ...) { + va_list ap; + + va_start(ap, format); + + switch(logmode) { + case LOGMODE_STDERR: + vfprintf(stderr, format, ap); + fprintf(stderr, "\n"); + fflush(stderr); + break; + case LOGMODE_FILE: + fprintf(logfile, "%ld %s[%d]: ", time(NULL), logident, logpid); + vfprintf(logfile, format, ap); + fprintf(logfile, "\n"); + fflush(logfile); + break; + case LOGMODE_SYSLOG: +#ifdef HAVE_MINGW + { + char message[4096]; + char *messages[] = {message}; + vsnprintf(message, sizeof(message), format, ap); + ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL); + } +#else +#ifdef HAVE_SYSLOG_H +#ifdef HAVE_VSYSLOG + vsyslog(priority, format, ap); +#else + { + char message[4096]; + vsnprintf(message, sizeof(message), format, ap); + syslog(priority, "%s", message); + } +#endif + break; +#endif +#endif + case LOGMODE_NULL: + break; + } + + va_end(ap); +} + +void closelogger(void) { + switch(logmode) { + case LOGMODE_FILE: + fclose(logfile); + break; + case LOGMODE_SYSLOG: +#ifdef HAVE_MINGW + DeregisterEventSource(loghandle); + break; +#else +#ifdef HAVE_SYSLOG_H + closelog(); + break; +#endif +#endif + case LOGMODE_NULL: + case LOGMODE_STDERR: + break; + break; + } +} diff --git a/src/logger.h b/src/logger.h new file mode 100644 index 00000000..9c20eada --- /dev/null +++ b/src/logger.h @@ -0,0 +1,55 @@ +#ifndef __TINC_LOGGER_H__ +#define __TINC_LOGGER_H__ + +typedef enum debug_t { + DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ + DEBUG_ALWAYS = 0, + DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ + DEBUG_ERROR = 2, /* Show error messages received from other hosts */ + DEBUG_STATUS = 2, /* Show status messages received from other hosts */ + DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ + DEBUG_META = 4, /* Show contents of every request that is sent/received */ + DEBUG_TRAFFIC = 5, /* Show network traffic information */ + DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ + DEBUG_SCARY_THINGS = 10 /* You have been warned */ +} debug_t; + +typedef enum logmode_t { + LOGMODE_NULL, + LOGMODE_STDERR, + LOGMODE_FILE, + LOGMODE_SYSLOG +} logmode_t; + +#ifdef HAVE_MINGW +#define LOG_EMERG EVENTLOG_ERROR_TYPE +#define LOG_ALERT EVENTLOG_ERROR_TYPE +#define LOG_CRIT EVENTLOG_ERROR_TYPE +#define LOG_ERR EVENTLOG_ERROR_TYPE +#define LOG_WARNING EVENTLOG_WARNING_TYPE +#define LOG_NOTICE EVENTLOG_INFORMATION_TYPE +#define LOG_INFO EVENTLOG_INFORMATION_TYPE +#define LOG_DEBUG EVENTLOG_INFORMATION_TYPE +#else +#ifndef HAVE_SYSLOG_H +enum { + LOG_EMERG, + LOG_ALERT, + LOG_CRIT, + LOG_ERR, + LOG_WARNING, + LOG_NOTICE, + LOG_INFO, + LOG_DEBUG, +}; +#endif +#endif + +extern debug_t debug_level; +extern void openlogger(const char *, logmode_t); +extern void logger(int, const char *, ...) __attribute__ ((__format__(printf, 2, 3))); +extern void closelogger(void); + +#define ifdebug(l) if(debug_level >= DEBUG_##l) + +#endif /* __TINC_LOGGER_H__ */ diff --git a/src/meta.c b/src/meta.c index 2c4b734f..dcb9ee24 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,7 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,204 +17,172 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.4 2002/04/28 12:46:26 zarq Exp $ + $Id: meta.c,v 1.5 2003/08/24 20:38:24 guus Exp $ */ -#include "config.h" -#include -#include - -#include -#include -#include -/* This line must be below the rest for FreeBSD */ -#include -#include +#include "system.h" #include -#include "net.h" +#include "avl_tree.h" #include "connection.h" -#include "system.h" +#include "logger.h" +#include "meta.h" +#include "net.h" #include "protocol.h" -#include "logging.h" +#include "system.h" +#include "utils.h" -int send_meta(connection_t *c, char *buffer, int length) +bool send_meta(connection_t *c, const char *buffer, int length) { - char *bufp; - int outlen; - char outbuf[MAXBUFSIZE]; -cp - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, - c->name, c->hostname); - - if(c->status.encryptout) - { -#ifdef USE_OPENSSL - EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); -#endif -#ifdef USE_GCRYPT - outlen = gcry_cipher_encrypt(c->outctx, outbuf, sizeof(outbuf), buffer, length); -#endif - bufp = outbuf; - length = outlen; - } - else - bufp = buffer; - - if(write(c->socket, bufp, length) < 0) - { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); - return -1; - } -cp - return 0; + const char *bufp; + int outlen; + char outbuf[MAXBUFSIZE]; + int result; + + cp(); + + ifdebug(META) logger(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + c->name, c->hostname); + + if(c->status.encryptout) { + EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); + bufp = outbuf; + length = outlen; + } else + bufp = buffer; + + while(length) { + result = send(c->socket, bufp, length, 0); + if(result <= 0) { + if(!errno || errno == EPIPE) { + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + c->name, c->hostname); + } else if(errno == EINTR) + continue; + else + logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, + c->hostname, strerror(errno)); + return false; + } + bufp += result; + length -= result; + } + + return true; } -void broadcast_meta(connection_t *from, char *buffer, int length) +void broadcast_meta(connection_t *from, const char *buffer, int length) { - avl_node_t *node; - connection_t *c; -cp - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c != from && c->status.active) - send_meta(c, buffer, length); - } -cp + avl_node_t *node; + connection_t *c; + + cp(); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c != from && c->status.active) + send_meta(c, buffer, length); + } } -int receive_meta(connection_t *c) +bool receive_meta(connection_t *c) { - int x, l = sizeof(x); - int oldlen, i; - int lenin, reqlen; - int decrypted = 0; - char inbuf[MAXBUFSIZE]; -cp - if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), - c->name, c->hostname); - return -1; - } - if(x) - { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - c->name, c->hostname, strerror(x)); - return -1; - } - - /* Strategy: - - Read as much as possible from the TCP socket in one go. - - Decrypt it. - - Check if a full request is in the input buffer. - - If yes, process request and remove it from the buffer, - then check again. - - If not, keep stuff in buffer and exit. - */ - - lenin = read(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen); - - if(lenin<=0) - { - if(lenin==0) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - c->name, c->hostname); - } - else - if(errno==EINTR) - return 0; - else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), - c->name, c->hostname, strerror(errno)); - - return -1; - } - - oldlen = c->buflen; - c->buflen += lenin; - - while(lenin) - { - /* Decrypt */ - - if(c->status.decryptin && !decrypted) - { -#ifdef USE_OPENSSL - EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); -#endif -#ifdef USE_GCRYPT - lenin = gcry_cipher_decrypt(c->inctx, inbuf, sizeof(inbuf), c->buffer + oldlen, lenin); -#endif - memcpy(c->buffer + oldlen, inbuf, lenin); - decrypted = 1; - } - - /* Are we receiving a TCPpacket? */ - - if(c->tcplen) - { - if(c->tcplen <= c->buflen) - { - receive_tcppacket(c, c->buffer, c->tcplen); - - c->buflen -= c->tcplen; - lenin -= c->tcplen; - memmove(c->buffer, c->buffer + c->tcplen, c->buflen); - oldlen = 0; - c->tcplen = 0; - continue; - } - else - { - break; - } - } - - /* Otherwise we are waiting for a request */ - - reqlen = 0; - - for(i = oldlen; i < c->buflen; i++) - { - if(c->buffer[i] == '\n') - { - c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ - reqlen = i + 1; - break; - } - } - - if(reqlen) - { - if(receive_request(c)) - return -1; - - c->buflen -= reqlen; - lenin -= reqlen; - memmove(c->buffer, c->buffer + reqlen, c->buflen); - oldlen = 0; - continue; - } - else - { - break; - } - } - - if(c->buflen >= MAXBUFSIZE) - { - syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), - c->name, c->hostname); - return -1; - } - - c->last_ping_time = now; -cp - return 0; + int oldlen, i; + int lenin, reqlen; + bool decrypted = false; + char inbuf[MAXBUFSIZE]; + + cp(); + + /* Strategy: + - Read as much as possible from the TCP socket in one go. + - Decrypt it. + - Check if a full request is in the input buffer. + - If yes, process request and remove it from the buffer, + then check again. + - If not, keep stuff in buffer and exit. + */ + + lenin = recv(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen, 0); + + if(lenin <= 0) { + if(!lenin || !errno) { + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + c->name, c->hostname); + } else if(errno == EINTR) + return true; + else + logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), + c->name, c->hostname, strerror(errno)); + + return false; + } + + oldlen = c->buflen; + c->buflen += lenin; + + while(lenin) { + /* Decrypt */ + + if(c->status.decryptin && !decrypted) { + EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); + memcpy(c->buffer + oldlen, inbuf, lenin); + decrypted = true; + } + + /* Are we receiving a TCPpacket? */ + + if(c->tcplen) { + if(c->tcplen <= c->buflen) { + receive_tcppacket(c, c->buffer, c->tcplen); + + c->buflen -= c->tcplen; + lenin -= c->tcplen; + memmove(c->buffer, c->buffer + c->tcplen, c->buflen); + oldlen = 0; + c->tcplen = 0; + continue; + } else { + break; + } + } + + /* Otherwise we are waiting for a request */ + + reqlen = 0; + + for(i = oldlen; i < c->buflen; i++) { + if(c->buffer[i] == '\n') { + c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + reqlen = i + 1; + break; + } + } + + if(reqlen) { + c->reqlen = reqlen; + if(!receive_request(c)) + return false; + + c->buflen -= reqlen; + lenin -= reqlen; + memmove(c->buffer, c->buffer + reqlen, c->buflen); + oldlen = 0; + continue; + } else { + break; + } + } + + if(c->buflen >= MAXBUFSIZE) { + logger(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + c->name, c->hostname); + return false; + } + + c->last_ping_time = now; + + return true; } diff --git a/src/meta.h b/src/meta.h index ff4d7044..4ee70c4e 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,7 +1,7 @@ /* meta.h -- header for meta.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: meta.h,v 1.3 2003/08/24 20:38:24 guus Exp $ */ #ifndef __TINC_META_H__ @@ -25,8 +25,8 @@ #include "connection.h" -extern int send_meta(connection_t *, const char *, int); -extern int broadcast_meta(connection_t *, const char *, int); -extern int receive_meta(connection_t *); +extern bool send_meta(struct connection_t *, const char *, int); +extern void broadcast_meta(struct connection_t *, const char *, int); +extern bool receive_meta(struct connection_t *); -#endif /* __TINC_META_H__ */ +#endif /* __TINC_META_H__ */ diff --git a/src/mingw/device.c b/src/mingw/device.c new file mode 100644 index 00000000..b1adf0c4 --- /dev/null +++ b/src/mingw/device.c @@ -0,0 +1,349 @@ +/* + device.c -- Interaction with Windows tap driver in a MinGW environment + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.2 2003/08/24 20:38:29 guus Exp $ +*/ + +#include "system.h" + +#include +#include + +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" + +#define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" + +#define USERMODEDEVICEDIR "\\\\.\\" +#define USERDEVICEDIR "\\??\\" +#define TAPSUFFIX ".tap" + +#define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) + +#define TAP_IOCTL_GET_LASTMAC TAP_CONTROL_CODE(0, METHOD_BUFFERED) +#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) +#define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) + +int device_fd = 0; +HANDLE device_handle = INVALID_HANDLE_VALUE; +char *device = NULL; +char *iface = NULL; +char *device_info = NULL; + +int device_total_in = 0; +int device_total_out = 0; + +extern char *myport; + +DWORD WINAPI tapreader(void *bla) { + int sock, err, status; + struct addrinfo *ai; + struct addrinfo hint = { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_DGRAM, + .ai_protocol = IPPROTO_UDP, + .ai_flags = 0, + }; + char buf[MTU]; + long len; + OVERLAPPED overlapped; + + /* Open a socket to the parent process */ + + err = getaddrinfo(NULL, myport, &hint, &ai); + + if(err || !ai) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(errno)); + return -1; + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + + freeaddrinfo(ai); + + if(sock < 0) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "socket", strerror(errno)); + return -1; + } + + if(connect(sock, ai->ai_addr, ai->ai_addrlen)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "connect", strerror(errno)); + return -1; + } + + logger(LOG_DEBUG, _("Tap reader running")); + + /* Read from tap device and send to parent */ + + overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); + + for(;;) { + overlapped.Offset = 0; + overlapped.OffsetHigh = 0; + ResetEvent(overlapped.hEvent); + + status = ReadFile(device_handle, buf, sizeof(buf), &len, &overlapped); + + if(!status) { + if(GetLastError() == ERROR_IO_PENDING) { + WaitForSingleObject(overlapped.hEvent, INFINITE); + if(!GetOverlappedResult(device_handle, &overlapped, &len, FALSE)) + continue; + } else { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } + } + + if(send(sock, buf, len, 0) <= 0) + return -1; + } +} + +bool setup_device(void) +{ + HKEY key, key2; + int i; + + char regpath[1024]; + char adapterid[1024]; + char adaptername[1024]; + char tapname[1024]; + long len; + + bool found = false; + + int sock, err; + HANDLE thread; + + struct addrinfo *ai; + struct addrinfo hint = { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_DGRAM, + .ai_protocol = IPPROTO_UDP, + .ai_flags = 0, + }; + + cp(); + + get_config_string(lookup_config(config_tree, "Device"), &device); + get_config_string(lookup_config(config_tree, "Interface"), &iface); + + /* Open registry and look for network adapters */ + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CONTROL_NET, 0, KEY_READ, &key)) { + logger(LOG_ERR, _("Unable to read registry: %s"), winerror(GetLastError())); + return false; + } + + for (i = 0; ; i++) { + len = sizeof(adapterid); + if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) + break; + + /* Find out more about this adapter */ + + snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) + continue; + + len = sizeof(adaptername); + err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + + RegCloseKey(key2); + + if(err) + continue; + + if(device) { + if(!strcmp(device, adapterid)) { + found = true; + break; + } else + continue; + } + + if(iface) { + if(!strcmp(iface, adaptername)) { + found = true; + break; + } else + continue; + } + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid); + device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0); + if(device_handle != INVALID_HANDLE_VALUE) { + found = true; + break; + } + } + + RegCloseKey(key); + + if(!found) { + logger(LOG_ERR, _("No Windows tap device found!")); + return false; + } + + if(!device) + device = xstrdup(adapterid); + + if(!iface) + iface = xstrdup(adaptername); + + /* Try to open the corresponding tap device */ + + if(device_handle == INVALID_HANDLE_VALUE) { + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device); + device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0); + } + + if(device_handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("%s (%s) is not a usable Windows tap device: %s"), device, iface, winerror(GetLastError())); + return false; + } + + /* Get MAC address from tap device */ + + if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + logger(LOG_ERR, _("Could not get MAC address from Windows tap device %s (%s): %s"), device, iface, winerror(GetLastError())); + return false; + } + + if(routing_mode == RMODE_ROUTER) { + overwrite_mac = 1; + } + + /* Create a listening socket */ + + err = getaddrinfo(NULL, myport, &hint, &ai); + + if(err || !ai) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(errno)); + return false; + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + + if(sock < 0) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "socket", strerror(errno)); + return false; + } + + if(bind(sock, ai->ai_addr, ai->ai_addrlen)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "bind", strerror(errno)); + return false; + } + + freeaddrinfo(ai); + + if(listen(sock, 1)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); + return false; + } + + /* Start the tap reader */ + + thread = CreateThread(NULL, 0, tapreader, NULL, 0, NULL); + + if(!thread) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "CreateThread", winerror(GetLastError())); + return false; + } + + /* Wait for the tap reader to connect back to us */ + + if((device_fd = accept(sock, NULL, 0)) == -1) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "accept", strerror(errno)); + return false; + } + + closesocket(sock); + + device_info = _("Windows tap device"); + + logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); + + return true; +} + +void close_device(void) +{ + cp(); + + CloseHandle(device_handle); +} + +bool read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return true; +} + +bool write_packet(vpn_packet_t *packet) +{ + long lenout; + OVERLAPPED overlapped = {0}; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(!WriteFile(device_handle, packet->data, packet->len, &lenout, &overlapped)) { + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, winerror(GetLastError())); + return false; + } + + device_total_out += packet->len; + + return true; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} diff --git a/src/net.c b/src/net.c index 67a94909..42c94013 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,213 +17,183 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.39 2002/04/28 12:46:26 zarq Exp $ + $Id: net.c,v 1.40 2003/08/24 20:38:24 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include +#include "system.h" #include -#include -#include -#include -#include - +#include "utils.h" +#include "avl_tree.h" #include "conf.h" #include "connection.h" +#include "device.h" +#include "event.h" +#include "graph.h" +#include "logger.h" #include "meta.h" #include "net.h" #include "netutl.h" #include "process.h" #include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" #include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" +#include "subnet.h" +#include "xalloc.h" -int do_purge = 0; -int sighup = 0; -int sigalrm = 0; +bool do_purge = false; +volatile bool running = false; time_t now = 0; /* Purge edges and subnets of unreachable nodes. Use carefully. */ -void purge(void) +static void purge(void) { - avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; - node_t *n; - edge_t *e; - subnet_t *s; - connection_t *c; -cp - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Purging unreachable nodes")); - - for(nnode = node_tree->head; nnode; nnode = nnext) - { - nnext = nnode->next; - n = (node_t *)nnode->data; - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); - - for(snode = n->subnet_tree->head; snode; snode = snext) - { - snext = snode->next; - s = (subnet_t *)snode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_subnet(c, s); - } - - subnet_del(n, s); - } - - for(enode = n->edge_tree->head; enode; enode = enext) - { - enext = enode->next; - e = (edge_t *)enode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_edge(c, e); - } - - edge_del(e); - } - - node_del(n); - } - } -cp + avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext; + node_t *n; + edge_t *e; + subnet_t *s; + + cp(); + + ifdebug(PROTOCOL) logger(LOG_DEBUG, _("Purging unreachable nodes")); + + /* Remove all edges and subnets owned by unreachable nodes. */ + + for(nnode = node_tree->head; nnode; nnode = nnext) { + nnext = nnode->next; + n = (node_t *) nnode->data; + + if(!n->status.reachable) { + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Purging node %s (%s)"), n->name, + n->hostname); + + for(snode = n->subnet_tree->head; snode; snode = snext) { + snext = snode->next; + s = (subnet_t *) snode->data; + send_del_subnet(broadcast, s); + subnet_del(n, s); + } + + for(enode = n->edge_tree->head; enode; enode = enext) { + enext = enode->next; + e = (edge_t *) enode->data; + send_del_edge(broadcast, e); + edge_del(e); + } + } + } + + /* Check if anyone else claims to have an edge to an unreachable node. If not, delete node. */ + + for(nnode = node_tree->head; nnode; nnode = nnext) { + nnext = nnode->next; + n = (node_t *) nnode->data; + + if(!n->status.reachable) { + for(enode = edge_weight_tree->head; enode; enode = enext) { + enext = enode->next; + e = (edge_t *) enode->data; + + if(e->to == n) + break; + } + + if(!enode) + node_del(n); + } + } } /* put all file descriptors in an fd_set array While we're at it, purge stuff that needs to be removed. */ -void build_fdset(fd_set *fs) +static int build_fdset(fd_set * fs) { - avl_node_t *node, *next; - connection_t *c; - int i; -cp - FD_ZERO(fs); - - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - - if(c->status.remove) - connection_del(c); - else - FD_SET(c->socket, fs); - } - - if(!connection_tree->head) - purge(); - - for(i = 0; i < listen_sockets; i++) - { - FD_SET(listen_socket[i].tcp, fs); - FD_SET(listen_socket[i].udp, fs); - } - - FD_SET(device_fd, fs); -cp + avl_node_t *node, *next; + connection_t *c; + int i, max = 0; + + cp(); + + FD_ZERO(fs); + + for(node = connection_tree->head; node; node = next) { + next = node->next; + c = (connection_t *) node->data; + + if(c->status.remove) { + connection_del(c); + if(!connection_tree->head) + purge(); + } else { + FD_SET(c->socket, fs); + if(c->socket > max) + max = c->socket; + } + } + + for(i = 0; i < listen_sockets; i++) { + FD_SET(listen_socket[i].tcp, fs); + if(listen_socket[i].tcp > max) + max = listen_socket[i].tcp; + FD_SET(listen_socket[i].udp, fs); + if(listen_socket[i].udp > max) + max = listen_socket[i].udp; + } + + FD_SET(device_fd, fs); + if(device_fd > max) + max = device_fd; + + return max; } /* Terminate a connection: - Close the socket - - Remove associated edge and tell other connections about it if report = 1 + - Remove associated edge and tell other connections about it if report = true - Check if we need to retry making an outgoing connection - Deactivate the host */ -void terminate_connection(connection_t *c, int report) +void terminate_connection(connection_t *c, bool report) { - avl_node_t *node; - connection_t *other; -cp - if(c->status.remove) - return; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), - c->name, c->hostname); - - c->status.remove = 1; - c->status.active = 0; - - if(c->node) - c->node->connection = NULL; - - if(c->socket) - close(c->socket); - - if(c->edge) - { - if(report) - { - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_edge(other, c->edge); - } - } - - edge_del(c->edge); - - /* Run MST and SSSP algorithms */ - - graph(); - } - - /* Check if this was our outgoing connection */ - - if(c->outgoing) - { - retry_outgoing(c->outgoing); - c->outgoing = NULL; - } -cp + cp(); + + if(c->status.remove) + return; + + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Closing connection with %s (%s)"), + c->name, c->hostname); + + c->status.remove = true; + c->status.active = false; + + if(c->node) + c->node->connection = NULL; + + if(c->socket) + closesocket(c->socket); + + if(c->edge) { + if(report) + send_del_edge(broadcast, c->edge); + + edge_del(c->edge); + + /* Run MST and SSSP algorithms */ + + graph(); + } + + /* Check if this was our outgoing connection */ + + if(c->outgoing) { + retry_outgoing(c->outgoing); + c->outgoing = NULL; + } } /* @@ -234,218 +204,232 @@ cp end does not reply in time, we consider them dead and close the connection. */ -void check_dead_connections(void) +static void check_dead_connections(void) { - avl_node_t *node, *next; - connection_t *c; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->last_ping_time + pingtimeout < now) - { - if(c->status.active) - { - if(c->status.pinged) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - c->name, c->hostname); - c->status.timeout = 1; - terminate_connection(c, 1); - } - else - { - send_ping(c); - } - } - else - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), - c->name, c->hostname); - terminate_connection(c, 0); - } - } - } -cp + avl_node_t *node, *next; + connection_t *c; + + cp(); + + for(node = connection_tree->head; node; node = next) { + next = node->next; + c = (connection_t *) node->data; + + if(c->last_ping_time + pingtimeout < now) { + if(c->status.active) { + if(c->status.pinged) { + ifdebug(CONNECTIONS) logger(LOG_INFO, _("%s (%s) didn't respond to PING"), + c->name, c->hostname); + c->status.timeout = true; + terminate_connection(c, true); + } else { + send_ping(c); + } + } else { + if(c->status.remove) { + logger(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), + c->name, c->hostname, *(uint32_t *)&c->status); + connection_del(c); + continue; + } + ifdebug(CONNECTIONS) logger(LOG_WARNING, _("Timeout from %s (%s) during authentication"), + c->name, c->hostname); + terminate_connection(c, false); + } + } + } } /* check all connections to see if anything happened on their sockets */ -void check_network_activity(fd_set *f) +static void check_network_activity(fd_set * f) { - connection_t *c; - avl_node_t *node; - int result, i; - int len = sizeof(result); - vpn_packet_t packet; -cp - if(FD_ISSET(device_fd, f)) - { - if(!read_packet(&packet)) - route_outgoing(&packet); - } - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - - if(c->status.remove) - continue; - - if(FD_ISSET(c->socket, f)) - { - if(c->status.connecting) - { - c->status.connecting = 0; - getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); - if(!result) - finish_connecting(c); - else - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); - close(c->socket); - do_outgoing_connection(c); - continue; - } - } - if(receive_meta(c) < 0) - { - terminate_connection(c, c->status.active); - continue; - } - } - } - - for(i = 0; i < listen_sockets; i++) - { - if(FD_ISSET(listen_socket[i].udp, f)) - handle_incoming_vpn_data(listen_socket[i].udp); - if(FD_ISSET(listen_socket[i].tcp, f)) - handle_new_meta_connection(listen_socket[i].tcp); - } -cp + connection_t *c; + avl_node_t *node; + int result, i; + int len = sizeof(result); + vpn_packet_t packet; + + cp(); + + if(FD_ISSET(device_fd, f)) { + if(read_packet(&packet)) + route_outgoing(&packet); + } + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c->status.remove) + continue; + + if(FD_ISSET(c->socket, f)) { + if(c->status.connecting) { + c->status.connecting = false; + getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); + + if(!result) + finish_connecting(c); + else { + ifdebug(CONNECTIONS) logger(LOG_DEBUG, + _("Error while connecting to %s (%s): %s"), + c->name, c->hostname, strerror(result)); + closesocket(c->socket); + do_outgoing_connection(c); + continue; + } + } + + if(!receive_meta(c)) { + terminate_connection(c, c->status.active); + continue; + } + } + } + + for(i = 0; i < listen_sockets; i++) { + if(FD_ISSET(listen_socket[i].udp, f)) + handle_incoming_vpn_data(listen_socket[i].udp); + + if(FD_ISSET(listen_socket[i].tcp, f)) + handle_new_meta_connection(listen_socket[i].tcp); + } } /* this is where it all happens... */ -void main_loop(void) +int main_loop(void) { - fd_set fset; - struct timeval tv; - int r; - time_t last_ping_check; - event_t *event; -cp - last_ping_check = now; - - srand(now); - - for(;;) - { - now = time(NULL); - - tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ - tv.tv_usec = 0; - - build_fdset(&fset); - - if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) - { - if(errno != EINTR && errno != EAGAIN) - { - syslog(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); - cp_trace(); - dump_connections(); - return; - } - - continue; - } - - check_network_activity(&fset); - - if(do_purge) - { - purge(); - do_purge = 0; - } - - /* Let's check if everybody is still alive */ - - if(last_ping_check + pingtimeout < now) - { - check_dead_connections(); - last_ping_check = now; - - if(routing_mode== RMODE_SWITCH) - age_mac(); - - age_past_requests(); - - /* Should we regenerate our key? */ - - if(keyexpires < now) - { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Regenerating symmetric key")); - -#ifdef USE_OPENSSL - RAND_pseudo_bytes(myself->key, myself->keylength); -#endif - send_key_changed(myself->connection, myself); - keyexpires = now + keylifetime; - } - } - - - while((event = get_expired_event())) - { - event->handler(event->data); - free(event); - } - - if(sigalrm) - { - syslog(LOG_INFO, _("Flushing event queue")); - - while(event_tree->head) - { - event = (event_t *)event_tree->head->data; - event->handler(event->data); - event_del(event); - } - sigalrm = 0; - } - - if(sighup) - { - sighup = 0; - close_network_connections(); - exit_configuration(&config_tree); - - syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds...")); - sleep(5); - - init_configuration(&config_tree); - - if(read_server_config()) - { - syslog(LOG_ERR, _("Unable to reread configuration file, exitting.")); - exit(1); - } - - if(setup_network_connections()) - return; - - continue; - } - } -cp + fd_set fset; + struct timeval tv; + int r, maxfd; + time_t last_ping_check, last_config_check; + event_t *event; + + cp(); + + last_ping_check = now; + last_config_check = now; + srand(now); + + running = true; + + while(running) { + now = time(NULL); + + tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ + tv.tv_usec = 0; + + maxfd = build_fdset(&fset); + + r = select(maxfd + 1, &fset, NULL, NULL, &tv); + + if(r < 0) { + if(errno != EINTR && errno != EAGAIN) { + logger(LOG_ERR, _("Error while waiting for input: %s"), + strerror(errno)); + cp_trace(); + dump_connections(); + return 1; + } + + continue; + } + + check_network_activity(&fset); + + if(do_purge) { + purge(); + do_purge = false; + } + + /* Let's check if everybody is still alive */ + + if(last_ping_check + pingtimeout < now) { + check_dead_connections(); + last_ping_check = now; + + if(routing_mode == RMODE_SWITCH) + age_mac(); + + age_past_requests(); + + /* Should we regenerate our key? */ + + if(keyexpires < now) { + ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); + + RAND_pseudo_bytes(myself->key, myself->keylength); + if(myself->cipher) + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + send_key_changed(broadcast, myself); + keyexpires = now + keylifetime; + } + } + + + while((event = get_expired_event())) { + event->handler(event->data); + free(event); + } + + if(sigalrm) { + logger(LOG_INFO, _("Flushing event queue")); + + while(event_tree->head) { + event = (event_t *) event_tree->head->data; + event->handler(event->data); + event_del(event); + } + sigalrm = false; + } + + if(sighup) { + connection_t *c; + avl_node_t *node; + char *fname; + struct stat s; + + sighup = false; + + /* Reread our own configuration file */ + + exit_configuration(&config_tree); + init_configuration(&config_tree); + + if(!read_server_config()) { + logger(LOG_ERR, _("Unable to reread configuration file, exitting.")); + return 1; + } + + /* Close connections to hosts that have a changed or deleted host config file */ + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c->outgoing) { + free(c->outgoing->name); + freeaddrinfo(c->outgoing->ai); + free(c->outgoing); + c->outgoing = NULL; + } + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + if(stat(fname, &s) || s.st_mtime > last_config_check) + terminate_connection(c, c->status.active); + free(fname); + } + + last_config_check = now; + + /* Try to make outgoing connections */ + + try_outgoing_connections(); + } + } + + return 0; } diff --git a/src/net.h b/src/net.h new file mode 100644 index 00000000..092b9dc9 --- /dev/null +++ b/src/net.h @@ -0,0 +1,158 @@ +/* + net.h -- header for net.c + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: net.h,v 1.13 2003/08/24 20:38:24 guus Exp $ +*/ + +#ifndef __TINC_NET_H__ +#define __TINC_NET_H__ + +#include + +#include "ipv6.h" + +#ifdef ENABLE_JUMBOGRAMS +#define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ +#else +#define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ +#endif + +#define MAXSIZE (MTU + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ +#define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) /* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */ + +#define MAXSOCKETS 128 /* Overkill... */ + +#define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ + +typedef struct mac_t { + uint8_t x[6]; +} mac_t; + +typedef struct ipv4_t { + uint8_t x[4]; +} ipv4_t; + +typedef struct ipv6_t { + uint16_t x[8]; +} ipv6_t; + +typedef short length_t; + +#define AF_UNKNOWN 0xFFFF + +struct sockaddr_unknown { + uint16_t family; + uint16_t pad1; + uint32_t pad2; + char *address; + char *port; +}; + +typedef union sockaddr_t { + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; + struct sockaddr_unknown unknown; +#ifdef HAVE_STRUCT_SOCKADDR_STORAGE + struct sockaddr_storage storage; +#endif +} sockaddr_t; + +#ifdef SA_LEN +#define SALEN(s) SA_LEN(&s) +#else +#define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) +#endif + +typedef struct vpn_packet_t { + length_t len; /* the actual number of bytes in the `data' field */ + int priority; /* priority or TOS */ + uint32_t seqno; /* 32 bits sequence number (network byte order of course) */ + uint8_t data[MAXSIZE]; +} vpn_packet_t; + +typedef struct queue_element_t { + void *packet; + struct queue_element_t *prev; + struct queue_element_t *next; +} queue_element_t; + +typedef struct packet_queue_t { + queue_element_t *head; + queue_element_t *tail; +} packet_queue_t; + +typedef struct listen_socket_t { + int tcp; + int udp; + sockaddr_t sa; +} listen_socket_t; + +#include "conf.h" + +typedef struct outgoing_t { + char *name; + int timeout; + struct config_t *cfg; + struct addrinfo *ai; + struct addrinfo *aip; +} outgoing_t; + +extern int maxtimeout; +extern int seconds_till_retry; +extern int addressfamily; + +extern listen_socket_t listen_socket[MAXSOCKETS]; +extern int listen_sockets; +extern int keyexpires; +extern int keylifetime; +extern bool do_prune; +extern bool do_purge; +extern char *myport; +extern time_t now; +extern EVP_CIPHER_CTX packet_ctx; + +/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ +#include "connection.h" +#include "node.h" + +extern void retry_outgoing(outgoing_t *); +extern void handle_incoming_vpn_data(int); +extern void finish_connecting(struct connection_t *); +extern void do_outgoing_connection(struct connection_t *); +extern bool handle_new_meta_connection(int); +extern int setup_listen_socket(const sockaddr_t *); +extern int setup_vpn_in_socket(const sockaddr_t *); +extern void send_packet(const struct node_t *, vpn_packet_t *); +extern void receive_tcppacket(struct connection_t *, char *, int); +extern void broadcast_packet(const struct node_t *, vpn_packet_t *); +extern bool setup_network_connections(void); +extern void setup_outgoing_connection(struct outgoing_t *); +extern void try_outgoing_connections(void); +extern void close_network_connections(void); +extern int main_loop(void); +extern void terminate_connection(struct connection_t *, bool); +extern void flush_queue(struct node_t *); +extern bool read_rsa_public_key(struct connection_t *); + +#ifndef HAVE_MINGW +#define closesocket(s) close(s) +#endif + +#endif /* __TINC_NET_H__ */ diff --git a/src/net_packet.c b/src/net_packet.c index 04b29789..9635faff 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1,7 +1,7 @@ /* net_packet.c -- Handles in- and outgoing VPN packets - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,458 +17,409 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.4 2002/04/28 12:46:26 zarq Exp $ + $Id: net_packet.c,v 1.5 2003/08/24 20:38:24 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include +#include "system.h" #include #include #include #include -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - #include +#include -#include -#include -#include -#include - +#include "avl_tree.h" #include "conf.h" #include "connection.h" -#include "meta.h" +#include "device.h" +#include "event.h" +#include "graph.h" +#include "list.h" +#include "logger.h" #include "net.h" #include "netutl.h" -#include "process.h" #include "protocol.h" -#include "subnet.h" -#include "graph.h" #include "process.h" #include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" int keylifetime = 0; int keyexpires = 0; +EVP_CIPHER_CTX packet_ctx; +static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; + #define MAX_SEQNO 1073741824 +static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +{ + if(level == 10) { + lzo_uint lzolen = MAXSIZE; + lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); + return lzolen; + } else if(level < 10) { + unsigned long destlen = MAXSIZE; + if(compress2(dest, &destlen, source, len, level) == Z_OK) + return destlen; + else + return -1; + } else { + lzo_uint lzolen = MAXSIZE; + lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem); + return lzolen; + } + + return -1; +} + +static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +{ + if(level > 9) { + lzo_uint lzolen = MAXSIZE; + if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) + return lzolen; + else + return -1; + } else { + unsigned long destlen = MAXSIZE; + if(uncompress(dest, &destlen, source, len) == Z_OK) + return destlen; + else + return -1; + } + + return -1; +} + /* VPN packet I/O */ -void receive_udppacket(node_t *n, vpn_packet_t *inpkt) +static void receive_packet(node_t *n, vpn_packet_t *packet) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt = pkt[0]; - int outlen, outpad; - long int complen = MTU + 12; - -#ifdef USE_OPENSSL - EVP_CIPHER_CTX ctx; - char hmac[EVP_MAX_MD_SIZE]; -#endif -#ifdef USE_GCRYPT - char *hmac; -#endif - -cp - /* Check the message authentication code */ - - if(myself->digest && myself->maclength) - { - inpkt->len -= myself->maclength; -#ifdef USE_OPENSSL - HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); -#endif -#ifdef USE_GCRYPT - hmac = xmalloc(gcry_md_get_algo_dlen(0)); /* myself->digest type */ - gcry_md_hash_buffer(0, hmac, (char *)&inpkt->seqno, inpkt->len); - /* FIXME */ -#endif - if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); - return; - } - } - - /* Decrypt the packet */ - - if(myself->cipher) - { - outpkt = pkt[nextpkt++]; - -#ifdef USE_OPENSSL - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); -#endif -#ifdef USE_GCRYPT - /* FIXME */ -#endif + cp(); - outpkt->len = outlen + outpad; - inpkt = outpkt; - } - - /* Check the sequence number */ - - inpkt->len -= sizeof(inpkt->seqno); - inpkt->seqno = ntohl(inpkt->seqno); - - if(inpkt->seqno <= n->received_seqno) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); - return; - } - - n->received_seqno = inpkt->seqno; - - if(n->received_seqno > MAX_SEQNO) - keyexpires = 0; - - /* Decompress the packet */ - - if(myself->compression) - { - outpkt = pkt[nextpkt++]; - - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) - { - syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } - - receive_packet(n, inpkt); -cp + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), + packet->len, n->name, n->hostname); + + route_incoming(n, packet); } -void receive_tcppacket(connection_t *c, char *buffer, int len) +static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { - vpn_packet_t outpkt; -cp - outpkt.len = len; - memcpy(outpkt.data, buffer, len); - - receive_packet(c->node, &outpkt); -cp + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + vpn_packet_t *outpkt = pkt[0]; + int outlen, outpad; + char hmac[EVP_MAX_MD_SIZE]; + int i; + + cp(); + + /* Check the message authentication code */ + + if(myself->digest && myself->maclength) { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, + (char *) &inpkt->seqno, inpkt->len, hmac, NULL); + + if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + n->name, n->hostname); + return; + } + } + + /* Decrypt the packet */ + + if(myself->cipher) { + outpkt = pkt[nextpkt++]; + +// EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, +// myself->key + myself->cipher->key_len); + EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL); + EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len); + EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; + } + + /* Check the sequence number */ + + inpkt->len -= sizeof(inpkt->seqno); + inpkt->seqno = ntohl(inpkt->seqno); + + if(inpkt->seqno != n->received_seqno + 1) { + if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) { + logger(LOG_WARNING, _("Lost %d packets from %s (%s)"), + inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); + + memset(n->late, 0, sizeof(n->late)); + } else if (inpkt->seqno <= n->received_seqno) { + if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { + logger(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), + n->name, n->hostname, inpkt->seqno, n->received_seqno); + } else + for(i = n->received_seqno + 1; i < inpkt->seqno; i++) + n->late[(inpkt->seqno / 8) % sizeof(n->late)] |= 1 << i % 8; + } + } + + n->received_seqno = inpkt->seqno; + n->late[(n->received_seqno / 8) % sizeof(n->late)] &= ~(1 << n->received_seqno % 8); + + if(n->received_seqno > MAX_SEQNO) + keyexpires = 0; + + /* Decompress the packet */ + + if(myself->compression) { + outpkt = pkt[nextpkt++]; + + if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) { + logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), + n->name, n->hostname); + return; + } + + inpkt = outpkt; + } + + receive_packet(n, inpkt); } -void receive_packet(node_t *n, vpn_packet_t *packet) +void receive_tcppacket(connection_t *c, char *buffer, int len) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); + vpn_packet_t outpkt; + + cp(); + + outpkt.len = len; + memcpy(outpkt.data, buffer, len); - route_incoming(n, packet); -cp + receive_packet(c->node, &outpkt); } -void send_udppacket(node_t *n, vpn_packet_t *inpkt) +static void send_udppacket(node_t *n, vpn_packet_t *inpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt; - int origlen; - int outlen, outpad; - long int complen = MTU + 12; - vpn_packet_t *copy; - static int priority = 0; - int origpriority; - int sock; - -#ifdef USE_OPENSSL - EVP_CIPHER_CTX ctx; -#endif - -cp - /* Make sure we have a valid key */ + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + vpn_packet_t *outpkt; + int origlen; + int outlen, outpad; + vpn_packet_t *copy; + static int priority = 0; + int origpriority; + int sock; - if(!n->status.validkey) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - n->name, n->hostname); + cp(); - /* Since packet is on the stack of handle_tap_input(), - we have to make a copy of it first. */ + /* Make sure we have a valid key */ - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); + if(!n->status.validkey) { + ifdebug(TRAFFIC) logger(LOG_INFO, + _("No valid key known yet for %s (%s), queueing packet"), + n->name, n->hostname); - list_insert_tail(n->queue, copy); + /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */ - if(n->queue->count > MAXQUEUELENGTH) - list_delete_head(n->queue); + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, inpkt, sizeof(vpn_packet_t)); - if(!n->status.waitingforkey) - send_req_key(n->nexthop->connection, myself, n); + list_insert_tail(n->queue, copy); - n->status.waitingforkey = 1; + if(n->queue->count > MAXQUEUELENGTH) + list_delete_head(n->queue); - return; - } + if(!n->status.waitingforkey) + send_req_key(n->nexthop->connection, myself, n); - origlen = inpkt->len; - origpriority = inpkt->priority; + n->status.waitingforkey = true; - /* Compress the packet */ + return; + } - if(n->compression) - { - outpkt = pkt[nextpkt++]; + origlen = inpkt->len; + origpriority = inpkt->priority; - if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) - { - syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } + /* Compress the packet */ - /* Add sequence number */ + if(n->compression) { + outpkt = pkt[nextpkt++]; - inpkt->seqno = htonl(++(n->sent_seqno)); - inpkt->len += sizeof(inpkt->seqno); + if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) { + logger(LOG_ERR, _("Error while compressing packet to %s (%s)"), + n->name, n->hostname); + return; + } - /* Encrypt the packet */ + inpkt = outpkt; + } - if(n->cipher) - { - outpkt = pkt[nextpkt++]; + /* Add sequence number */ -#ifdef USE_OPENSSL - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); -#endif -#ifdef USE_GCRYPT - gcry_cipher_ctl(n->cipher, GCRYCTL_SET_IV, n->key + n->keylength, n->keylength); - gcry_cipher_ctl(n->cipher, GCRYCTL_SET_KEY, n->key, n->keylength); - outlen = inpkt->len; - gcry_cipher_encrypt(n->cipher, (char *)&outpkt->seqno, outlen, (char *)&inpkt->seqno, inpkt->len); - /* FIXME */ -#endif + inpkt->seqno = htonl(++(n->sent_seqno)); + inpkt->len += sizeof(inpkt->seqno); - outpkt->len = outlen + outpad; - inpkt = outpkt; - } + /* Encrypt the packet */ - /* Add the message authentication code */ + if(n->cipher) { + outpkt = pkt[nextpkt++]; - if(n->digest && n->maclength) - { -#ifdef USE_OPENSSL - HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); -#endif -#ifdef USE_GCRYPT - char *hmac; - outlen = gcry_md_get_algo_dlen(0); - hmac = xmalloc(outlen); /* myself->digest type */ - gcry_md_ctl(n->digest, GCRYCTL_SET_KEY, n->key, n->keylength); - gcry_md_hash_buffer(0, hmac, (char *)&inpkt->seqno, inpkt->len); - memcpy((char *)&inpkt->seqno, hmac, outlen); - /* FIXME */ -#endif - inpkt->len += n->maclength; - } +// EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); + EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL); + EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len); + EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; + } + + /* Add the message authentication code */ + + if(n->digest && n->maclength) { + HMAC(n->digest, n->key, n->keylength, (char *) &inpkt->seqno, + inpkt->len, (char *) &inpkt->seqno + inpkt->len, &outlen); + inpkt->len += n->maclength; + } + + /* Determine which socket we have to use */ - /* Determine which socket we have to use */ + for(sock = 0; sock < listen_sockets; sock++) + if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) + break; - for(sock = 0; sock < listen_sockets; sock++) - if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) - break; + if(sock >= listen_sockets) + sock = 0; /* If none is available, just use the first and hope for the best. */ - if(sock >= listen_sockets) - sock = 0; /* If none is available, just use the first and hope for the best. */ - - /* Send the packet */ + /* Send the packet */ #if defined(SOL_IP) && defined(IP_TOS) - if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) - { - priority = origpriority; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); - } + if(priorityinheritance && origpriority != priority + && listen_socket[sock].sa.sa.sa_family == AF_INET) { + priority = origpriority; + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); + if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + logger(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); + } #endif - if((sendto(listen_socket[sock].udp, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) - { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), - n->name, n->hostname, strerror(errno)); - return; - } - - inpkt->len = origlen; -cp + if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { + logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); + return; + } + + inpkt->len = origlen; } /* send a packet to the given vpn ip. */ -void send_packet(node_t *n, vpn_packet_t *packet) +void send_packet(const node_t *n, vpn_packet_t *packet) { - node_t *via; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); - - if(n == myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_NOTICE, _("Packet is looping back to us!")); - } - - return; - } - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Node %s (%s) is not reachable"), - n->name, n->hostname); - return; - } - - via = (n->via == myself)?n->nexthop:n->via; - - if(via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, n->via->hostname); - - if((myself->options | via->options) & OPTION_TCPONLY) - { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); - } - else - send_udppacket(via, packet); + node_t *via; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, n->name, n->hostname); + + if(n == myself) { + ifdebug(TRAFFIC) logger(LOG_NOTICE, _("Packet is looping back to us!")); + return; + } + + if(!n->status.reachable) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Node %s (%s) is not reachable"), + n->name, n->hostname); + return; + } + + via = (n->via == myself) ? n->nexthop : n->via; + + if(via != n) + ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet to %s via %s (%s)"), + n->name, via->name, n->via->hostname); + + if((myself->options | via->options) & OPTION_TCPONLY) { + if(!send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, true); + } else + send_udppacket(via, packet); } /* Broadcast a packet using the minimum spanning tree */ -void broadcast_packet(node_t *from, vpn_packet_t *packet) +void broadcast_packet(const node_t *from, vpn_packet_t *packet) { - avl_node_t *node; - connection_t *c; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), - packet->len, from->name, from->hostname); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active && c->status.mst && c != from->nexthop->connection) - send_packet(c->node, packet); - } -cp + avl_node_t *node; + connection_t *c; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + packet->len, from->name, from->hostname); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c->status.active && c->status.mst && c != from->nexthop->connection) + send_packet(c->node, packet); + } } void flush_queue(node_t *n) { - list_node_t *node, *next; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); - - for(node = n->queue->head; node; node = next) - { - next = node->next; - send_udppacket(n, (vpn_packet_t *)node->data); - list_delete_node(n->queue, node); - } -cp + list_node_t *node, *next; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + + for(node = n->queue->head; node; node = next) { + next = node->next; + send_udppacket(n, (vpn_packet_t *) node->data); + list_delete_node(n->queue, node); + } } void handle_incoming_vpn_data(int sock) { - vpn_packet_t pkt; - int x, l = sizeof(x); - char *hostname; - sockaddr_t from; - socklen_t fromlen = sizeof(from); - node_t *n; -cp - if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), - __FILE__, __LINE__, sock, strerror(errno)); - cp_trace(); - exit(1); - } - if(x) - { - syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return; - } - - if((pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen)) <= 0) - { - syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); - return; - } - - sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ - - n = lookup_node_udp(&from); - - if(!n) - { - hostname = sockaddr2hostname(&from); - syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); - free(hostname); - return; - } - - if(n->connection) - n->connection->last_ping_time = now; - - receive_udppacket(n, &pkt); -cp -} + vpn_packet_t pkt; + char *hostname; + sockaddr_t from; + socklen_t fromlen = sizeof(from); + node_t *n; + cp(); + + pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + + if(pkt.len <= 0) { + logger(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); + return; + } + + sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ + + n = lookup_node_udp(&from); + + if(!n) { + hostname = sockaddr2hostname(&from); + logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), + hostname); + free(hostname); + return; + } + + if(n->connection) + n->connection->last_ping_time = now; + + receive_udppacket(n, &pkt); +} diff --git a/src/net_setup.c b/src/net_setup.c index 8a8c0bc9..f9de9eb5 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,622 +17,522 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.4 2002/04/28 12:46:26 zarq Exp $ + $Id: net_setup.c,v 1.5 2003/08/24 20:38:24 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include - -#ifdef USE_OPENSSL #include #include #include -#endif - -#ifdef USE_GCRYPT -#include -#endif - -#include -#include -#include -#include +#include "avl_tree.h" #include "conf.h" #include "connection.h" -#include "meta.h" +#include "device.h" +#include "event.h" +#include "graph.h" +#include "logger.h" #include "net.h" #include "netutl.h" #include "process.h" #include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" #include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" char *myport; -int read_rsa_public_key(connection_t *c) +bool read_rsa_public_key(connection_t *c) { - char *key; -#ifdef USE_OPENSSL - FILE *fp; - char *fname; -cp - if(!c->rsa_key) - c->rsa_key = RSA_new(); -#endif -cp - - /* First, check for simple PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) - { -#ifdef USE_OPENSSL - BN_hex2bn(&c->rsa_key->n, key); - BN_hex2bn(&c->rsa_key->e, "FFFF"); -#endif -#ifdef USE_GCRYPT - int rc = gcry_sexp_build(&c->rsa_key, NULL, "(public-key(rsa(n%s)(e%s)))", - key, "FFFF"); - if(!rc) - { - syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"), - rc, gcry_strerror(-1)); - return -1; + FILE *fp; + char *fname; + char *key; + + cp(); + + if(!c->rsa_key) { + c->rsa_key = RSA_new(); +// RSA_blinding_on(c->rsa_key, NULL); } -#endif - free(key); - return 0; - } - -#ifdef USE_OPENSSL - /* Else, check for PublicKeyFile statement and read it */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) - { - if(is_safe_path(fname)) - { - if((fp = fopen(fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - if(!c->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), - fname, strerror(errno)); - return -1; - } - return 0; - } - else - { - free(fname); - return -1; - } - } - - /* Else, check if a harnessed public key is in the config file */ - - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - if((fp = fopen(fname, "r"))) - { - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - } - - free(fname); - - if(c->rsa_key) - return 0; - else - { - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; - } -#endif -#ifdef USE_GCRYPT - syslog(LOG_ERR, _("Only PublicKey statements are supported when using gcrypt for now.")); - return -1; -#endif + + /* First, check for simple PublicKey statement */ + + if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) { + BN_hex2bn(&c->rsa_key->n, key); + BN_hex2bn(&c->rsa_key->e, "FFFF"); + free(key); + return true; + } + + /* Else, check for PublicKeyFile statement and read it */ + + if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { + fp = fopen(fname, "r"); + + if(!fp) { + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return false; + } + + free(fname); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + + if(c->rsa_key) + return true; /* Woohoo. */ + + /* If it fails, try PEM_read_RSA_PUBKEY. */ + fp = fopen(fname, "r"); + + if(!fp) { + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return false; + } + + free(fname); + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + + if(c->rsa_key) { +// RSA_blinding_on(c->rsa_key, NULL); + return true; + } + + logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return false; + } + + /* Else, check if a harnessed public key is in the config file */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + fp = fopen(fname, "r"); + + if(fp) { + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + } + + free(fname); + + if(c->rsa_key) + return true; + + /* Try again with PEM_read_RSA_PUBKEY. */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + fp = fopen(fname, "r"); + + if(fp) { + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); +// RSA_blinding_on(c->rsa_key, NULL); + fclose(fp); + } + + free(fname); + + if(c->rsa_key) + return true; + + logger(LOG_ERR, _("No public key for %s specified!"), c->name); + + return false; } -int read_rsa_private_key(void) +bool read_rsa_private_key(void) { -#ifdef USE_OPENSSL - FILE *fp; - char *fname; -#endif - char *key; -cp - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) - { -#ifdef USE_OPENSSL - myself->connection->rsa_key = RSA_new(); - BN_hex2bn(&myself->connection->rsa_key->d, key); - BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); -#endif -#ifdef USE_GCRYPT - int rc = gcry_sexp_build(&myself->connection->rsa_key, NULL, - "(public-key(rsa(n%s)(e%s)))", - key, "FFFF"); - if(!rc) - { - syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"), - rc, gcry_strerror(-1)); - return -1; + FILE *fp; + char *fname, *key; + struct stat s; + + cp(); + + if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + myself->connection->rsa_key = RSA_new(); +// RSA_blinding_on(myself->connection->rsa_key, NULL); + BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); + free(key); + return true; } + + if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + asprintf(&fname, "%s/rsa_key.priv", confbase); + + fp = fopen(fname, "r"); + + if(!fp) { + logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return false; + } + +#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN) + if(fstat(fileno(fp), &s)) { + logger(LOG_ERR, _("Could not stat RSA private key file `%s': %s'"), + fname, strerror(errno)); + free(fname); + return false; + } + + if(s.st_mode & ~0100700) + logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname); #endif - free(key); - return 0; - } - -#ifdef USE_OPENSSL - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) - asprintf(&fname, "%s/rsa_key.priv", confbase); - - if(is_safe_path(fname)) - { - if((fp = fopen(fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - if(!myself->connection->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), - fname, strerror(errno)); - return -1; - } - return 0; - } - - free(fname); - return -1; -#endif -#ifdef USE_GCRYPT - syslog(LOG_ERR, _("Only PrivateKey statements are supported when using gcrypt for now.")); - return -1; -#endif + + myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + + if(!myself->connection->rsa_key) { + logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + fname, strerror(errno)); + free(fname); + return false; + } + + free(fname); + return true; } /* Configure node_t myself and set up the local sockets (listen only) */ -int setup_myself(void) +bool setup_myself(void) { - config_t *cfg; - subnet_t *subnet; - char *name, *hostname, *mode, *afname, *cipher, *digest; - struct addrinfo hint, *ai, *aip; - int choice, err; -cp - myself = new_node(); - myself->connection = new_connection(); - init_configuration(&myself->connection->config_tree); - - asprintf(&myself->hostname, _("MYSELF")); - asprintf(&myself->connection->hostname, _("MYSELF")); - - myself->connection->options = 0; - myself->connection->protocol_version = PROT_CURRENT; - - if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */ - { - syslog(LOG_ERR, _("Name for tinc daemon required!")); - return -1; - } - - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for myself!")); - free(name); - return -1; - } - - myself->name = name; - myself->connection->name = xstrdup(name); - -cp - if(read_rsa_private_key()) - return -1; - - if(read_connection_config(myself->connection)) - { - syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); - return -1; - } - - if(read_rsa_public_key(myself->connection)) - return -1; -cp - - if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) - asprintf(&myport, "655"); - -/* Read in all the subnets specified in the host configuration file */ - - cfg = lookup_config(myself->connection->config_tree, "Subnet"); - - while(cfg) - { - if(!get_config_subnet(cfg, &subnet)) - return -1; - - subnet_add(myself, subnet); - - cfg = lookup_config_next(myself->connection->config_tree, cfg); - } - -cp - /* Check some options */ - - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(myself->options & OPTION_TCPONLY) - myself->options |= OPTION_INDIRECT; - - if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) - { - if(!strcasecmp(mode, "router")) - routing_mode = RMODE_ROUTER; - else if (!strcasecmp(mode, "switch")) - routing_mode = RMODE_SWITCH; - else if (!strcasecmp(mode, "hub")) - routing_mode = RMODE_HUB; - else - { - syslog(LOG_ERR, _("Invalid routing mode!")); - return -1; - } - free(mode); - } - else - routing_mode = RMODE_ROUTER; - - get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); + config_t *cfg; + subnet_t *subnet; + char *name, *hostname, *mode, *afname, *cipher, *digest; + char *address = NULL; + char *envp[5]; + struct addrinfo *ai, *aip, hint = {0}; + bool choice; + int i, err; + + cp(); + + myself = new_node(); + myself->connection = new_connection(); + init_configuration(&myself->connection->config_tree); + + asprintf(&myself->hostname, _("MYSELF")); + asprintf(&myself->connection->hostname, _("MYSELF")); + + myself->connection->options = 0; + myself->connection->protocol_version = PROT_CURRENT; + + if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ + logger(LOG_ERR, _("Name for tinc daemon required!")); + return false; + } + + if(!check_id(name)) { + logger(LOG_ERR, _("Invalid name for myself!")); + free(name); + return false; + } + + myself->name = name; + myself->connection->name = xstrdup(name); + + if(!read_rsa_private_key()) + return false; + + if(!read_connection_config(myself->connection)) { + logger(LOG_ERR, _("Cannot open host configuration file for myself!")); + return false; + } + + if(!read_rsa_public_key(myself->connection)) + return false; + + if(!get_config_string + (lookup_config(myself->connection->config_tree, "Port"), &myport)) + asprintf(&myport, "655"); + + /* Read in all the subnets specified in the host configuration file */ + + cfg = lookup_config(myself->connection->config_tree, "Subnet"); + + while(cfg) { + if(!get_config_subnet(cfg, &subnet)) + return false; + + subnet_add(myself, subnet); + + cfg = lookup_config_next(myself->connection->config_tree, cfg); + } + + /* Check some options */ + + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) + if(choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) + if(choice) + myself->options |= OPTION_TCPONLY; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) + if(choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) + if(choice) + myself->options |= OPTION_TCPONLY; + + if(myself->options & OPTION_TCPONLY) + myself->options |= OPTION_INDIRECT; + + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { + if(!strcasecmp(mode, "router")) + routing_mode = RMODE_ROUTER; + else if(!strcasecmp(mode, "switch")) + routing_mode = RMODE_SWITCH; + else if(!strcasecmp(mode, "hub")) + routing_mode = RMODE_HUB; + else { + logger(LOG_ERR, _("Invalid routing mode!")); + return false; + } + free(mode); + } else + routing_mode = RMODE_ROUTER; + + get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); + #if !defined(SOL_IP) || !defined(IP_TOS) - if(priorityinheritance) - syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); -#endif + if(priorityinheritance) + logger(LOG_WARNING, _("PriorityInheritance not supported on this platform")); +#endif + + if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) + macexpire = 600; + + if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { + if(maxtimeout <= 0) { + logger(LOG_ERR, _("Bogus maximum timeout!")); + return false; + } + } else + maxtimeout = 900; + + if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) { + if(!strcasecmp(afname, "IPv4")) + addressfamily = AF_INET; + else if(!strcasecmp(afname, "IPv6")) + addressfamily = AF_INET6; + else if(!strcasecmp(afname, "any")) + addressfamily = AF_UNSPEC; + else { + logger(LOG_ERR, _("Invalid address family!")); + return false; + } + free(afname); + } - if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) - macexpire= 600; - - if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) - { - if(maxtimeout <= 0) - { - syslog(LOG_ERR, _("Bogus maximum timeout!")); - return -1; - } - } - else - maxtimeout = 900; - - if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) - { - if(!strcasecmp(afname, "IPv4")) - addressfamily = AF_INET; - else if (!strcasecmp(afname, "IPv6")) - addressfamily = AF_INET6; - else if (!strcasecmp(afname, "any")) - addressfamily = AF_UNSPEC; - else - { - syslog(LOG_ERR, _("Invalid address family!")); - return -1; - } - free(afname); - } - else - addressfamily = AF_INET; - - get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); -cp - /* Generate packet encryption key */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) - { - if(!strcasecmp(cipher, "none")) - { -#ifdef USE_OPENSSL - myself->cipher = NULL; -#endif -#ifdef USE_GCRYPT - myself->cipher = gcry_cipher_open(GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0); -#endif - } - else - { -#ifdef USE_OPENSSL - if(!(myself->cipher = EVP_get_cipherbyname(cipher))) -#endif -#ifdef USE_GCRYPT - /* FIXME */ - myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0); - if(0) -#endif - { - syslog(LOG_ERR, _("Unrecognized cipher type!")); - return -1; - } - } - } - else - { -#ifdef USE_OPENSSL - myself->cipher = EVP_bf_cbc(); -#endif -#ifdef USE_GCRYPT - myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0); -#endif - } + get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); -#ifdef USE_OPENSSL - if(myself->cipher) - myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; -#endif -#ifdef USE_GCRYPT - if(myself->cipher) - myself->keylength = 16; /* FIXME */ -#endif - else - myself->keylength = 1; + /* Generate packet encryption key */ -#ifdef USE_OPENSSL - myself->connection->outcipher = EVP_bf_ofb(); -#endif -#ifdef USE_GCRYPT - /* FIXME: CHANGE this to something like aes - but openssl - compatibility mode for now */ - myself->connection->outcipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 0); -#endif + if(get_config_string + (lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) { + if(!strcasecmp(cipher, "none")) { + myself->cipher = NULL; + } else { + myself->cipher = EVP_get_cipherbyname(cipher); -#ifdef USE_OPENSSL - myself->key = (char *)xmalloc(myself->keylength); - RAND_pseudo_bytes(myself->key, myself->keylength); -#endif -#ifdef USE_GCYRPT - myself->key = gcry_random_bytes(myself->keylength, GCRY_WEAK_RANDOM); -#endif + if(!myself->cipher) { + logger(LOG_ERR, _("Unrecognized cipher type!")); + return false; + } + } + } else + myself->cipher = EVP_bf_cbc(); - if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) - keylifetime = 3600; + if(myself->cipher) + myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + else + myself->keylength = 1; - keyexpires = now + keylifetime; + myself->connection->outcipher = EVP_bf_ofb(); - /* Check if we want to use message authentication codes... */ + myself->key = (char *) xmalloc(myself->keylength); + RAND_pseudo_bytes(myself->key, myself->keylength); - if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) - { - if(!strcasecmp(digest, "none")) - { -#ifdef USE_OPENSSL - myself->digest = NULL; -#endif -#ifdef USE_GCRYPT - myself->digest = gcry_md_open(GCRY_MD_NONE, GCRY_MD_FLAG_HMAC); -#endif - } - else - { -#ifdef USE_OPENSSL - if(!(myself->digest = EVP_get_digestbyname(digest))) -#endif -#ifdef USE_GCRYPT - /* FIXME */ - if(!(myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC))) -#endif - { - syslog(LOG_ERR, _("Unrecognized digest type!")); - return -1; - } - } - } - else -#ifdef USE_OPENSSL - myself->digest = EVP_sha1(); -#endif -#ifdef USE_GCRYPT - myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); -#endif + if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) + keylifetime = 3600; -#ifdef USE_OPENSSL - myself->connection->outdigest = EVP_sha1(); -#endif -#ifdef USE_GCRYPT - myself->connection->outdigest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); -#endif + keyexpires = now + keylifetime; + + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + } - if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) - { - if(myself->digest) - { -#ifdef USE_OPENSSL - if(myself->maclength > myself->digest->md_size) - { - syslog(LOG_ERR, _("MAC length exceeds size of digest!")); - return -1; - } - else if (myself->maclength < 0) - { - syslog(LOG_ERR, _("Bogus MAC length!")); - return -1; - } -#endif -#ifdef USE_GCRYPT - /* FIXME */ - myself->maclength = 12; -#endif - } - } - else - myself->maclength = 4; - - myself->connection->outmaclength = 0; - - /* Compression */ - - if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) - { - if(myself->compression < 0 || myself->compression > 9) - { - syslog(LOG_ERR, _("Bogus compression level!")); - return -1; - } - } - else - myself->compression = 0; - - myself->connection->outcompression = 0; -cp - /* Done */ - - myself->nexthop = myself; - myself->via = myself; - myself->status.active = 1; - myself->status.reachable = 1; - node_add(myself); - - graph(); - -cp - /* Open sockets */ - - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = addressfamily; - hint.ai_socktype = SOCK_STREAM; - hint.ai_protocol = IPPROTO_TCP; - hint.ai_flags = AI_PASSIVE; - - if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); - return -1; - } - - for(aip = ai; aip; aip = aip->ai_next) - { - if((listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) - continue; - - if((listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) - continue; - - if(debug_lvl >= DEBUG_CONNECTIONS) - { - hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); - syslog(LOG_NOTICE, _("Listening on %s"), hostname); - free(hostname); + /* Check if we want to use message authentication codes... */ + + if(get_config_string + (lookup_config(myself->connection->config_tree, "Digest"), &digest)) { + if(!strcasecmp(digest, "none")) { + myself->digest = NULL; + } else { + myself->digest = EVP_get_digestbyname(digest); + + if(!myself->digest) { + logger(LOG_ERR, _("Unrecognized digest type!")); + return false; + } + } + } else + myself->digest = EVP_sha1(); + + myself->connection->outdigest = EVP_sha1(); + + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), + &myself->maclength)) { + if(myself->digest) { + if(myself->maclength > myself->digest->md_size) { + logger(LOG_ERR, _("MAC length exceeds size of digest!")); + return false; + } else if(myself->maclength < 0) { + logger(LOG_ERR, _("Bogus MAC length!")); + return false; + } + } + } else + myself->maclength = 4; + + myself->connection->outmaclength = 0; + + /* Compression */ + + if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), + &myself->compression)) { + if(myself->compression < 0 || myself->compression > 11) { + logger(LOG_ERR, _("Bogus compression level!")); + return false; + } + } else + myself->compression = 0; + + myself->connection->outcompression = 0; + + /* Done */ + + myself->nexthop = myself; + myself->via = myself; + myself->status.active = true; + myself->status.reachable = true; + node_add(myself); + + graph(); + + /* Open device */ + + if(!setup_device()) + return false; + + /* Run tinc-up script to further initialize the tap interface */ + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; + + execute_script("tinc-up", envp); + + for(i = 0; i < 5; i++) + free(envp[i]); + + /* Open sockets */ + + get_config_string(lookup_config(config_tree, "BindToAddress"), &address); + + hint.ai_family = addressfamily; + hint.ai_socktype = SOCK_STREAM; + hint.ai_protocol = IPPROTO_TCP; + hint.ai_flags = AI_PASSIVE; + + err = getaddrinfo(address, myport, &hint, &ai); + + if(err || !ai) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", + gai_strerror(err)); + return false; } - listen_socket[listen_sockets].sa.sa = *aip->ai_addr; - listen_sockets++; - } - - freeaddrinfo(ai); - - if(listen_sockets) - syslog(LOG_NOTICE, _("Ready")); - else - { - syslog(LOG_ERR, _("Unable to create any listening socket!")); - return -1; - } -cp - return 0; + listen_sockets = 0; + + for(aip = ai; aip; aip = aip->ai_next) { + listen_socket[listen_sockets].tcp = + setup_listen_socket((sockaddr_t *) aip->ai_addr); + + if(listen_socket[listen_sockets].tcp < 0) + continue; + + listen_socket[listen_sockets].udp = + setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); + + if(listen_socket[listen_sockets].udp < 0) + continue; + + ifdebug(CONNECTIONS) { + hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); + logger(LOG_NOTICE, _("Listening on %s"), hostname); + free(hostname); + } + + listen_socket[listen_sockets].sa.sa = *aip->ai_addr; + listen_sockets++; + } + + freeaddrinfo(ai); + + if(listen_sockets) + logger(LOG_NOTICE, _("Ready")); + else { + logger(LOG_ERR, _("Unable to create any listening socket!")); + return false; + } + + return true; } /* setup all initial network connections */ -int setup_network_connections(void) +bool setup_network_connections(void) { -cp - now = time(NULL); - - init_connections(); - init_subnets(); - init_nodes(); - init_edges(); - init_events(); - init_requests(); - - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) - { - if(pingtimeout < 1) - { - pingtimeout = 86400; - } - } - else - pingtimeout = 60; - - if(setup_device() < 0) - return -1; - - /* Run tinc-up script to further initialize the tap interface */ - execute_script("tinc-up"); - - if(setup_myself() < 0) - return -1; - - try_outgoing_connections(); -cp - return 0; + cp(); + + now = time(NULL); + + init_connections(); + init_subnets(); + init_nodes(); + init_edges(); + init_events(); + init_requests(); + + if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { + if(pingtimeout < 1) { + pingtimeout = 86400; + } + } else + pingtimeout = 60; + + if(!setup_myself()) + return false; + + try_outgoing_connections(); + + return true; } /* @@ -640,38 +540,49 @@ cp */ void close_network_connections(void) { - avl_node_t *node, *next; - connection_t *c; - int i; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->outgoing) - free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; - terminate_connection(c, 0); - } - - if(myself && myself->connection) - terminate_connection(myself->connection, 0); - - for(i = 0; i < listen_sockets; i++) - { - close(listen_socket[i].tcp); - close(listen_socket[i].udp); - } - - exit_requests(); - exit_events(); - exit_edges(); - exit_subnets(); - exit_nodes(); - exit_connections(); - - execute_script("tinc-down"); - - close_device(); -cp - return; + avl_node_t *node, *next; + connection_t *c; + char *envp[5]; + int i; + + cp(); + + for(node = connection_tree->head; node; node = next) { + next = node->next; + c = (connection_t *) node->data; + + if(c->outgoing) + free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; + terminate_connection(c, false); + } + + if(myself && myself->connection) + terminate_connection(myself->connection, false); + + for(i = 0; i < listen_sockets; i++) { + close(listen_socket[i].tcp); + close(listen_socket[i].udp); + } + + exit_requests(); + exit_events(); + exit_edges(); + exit_subnets(); + exit_nodes(); + exit_connections(); + + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; + + execute_script("tinc-down", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); + + close_device(); + + return; } diff --git a/src/net_socket.c b/src/net_socket.c index 6b7ba644..d624a87a 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -1,7 +1,7 @@ /* net_socket.c -- Handle various kinds of sockets. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,468 +17,419 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.3 2002/04/13 11:07:12 zarq Exp $ + $Id: net_socket.c,v 1.4 2003/08/24 20:38:25 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include - -#include -#include -#include -#include +#include "system.h" +#include "avl_tree.h" #include "conf.h" #include "connection.h" +#include "event.h" +#include "logger.h" #include "meta.h" #include "net.h" #include "netutl.h" -#include "process.h" #include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" +#include "utils.h" +#include "xalloc.h" -#include "system.h" +#ifdef WSAEINPROGRESS +#define EINPROGRESS WSAEINPROGRESS +#endif -int addressfamily = AF_INET; +int addressfamily = AF_UNSPEC; int maxtimeout = 900; int seconds_till_retry = 5; listen_socket_t listen_socket[MAXSOCKETS]; -int listen_sockets = 0; +int listen_sockets; /* Setup sockets */ -int setup_listen_socket(sockaddr_t *sa) +int setup_listen_socket(const sockaddr_t *sa) { - int nfd, flags; - char *addrstr; - int option; -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; - struct ifreq ifr; + int nfd, flags; + char *addrstr; + int option; + char *iface; +#ifdef SO_BINDTODEVICE + struct ifreq ifr; +#endif + + cp(); + + nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + + if(nfd < 0) { + logger(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); + return -1; + } + +#ifdef O_NONBLOCK + flags = fcntl(nfd, F_GETFL); + + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + closesocket(nfd); + logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + strerror(errno)); + return -1; + } #endif -cp - if((nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) - { - syslog(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); - return -1; - } - - /* Optimize TCP settings */ - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + + /* Optimize TCP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); #if defined(SOL_TCP) && defined(TCP_NODELAY) - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); #endif #if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY) - option = IPTOS_LOWDELAY; - setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); + option = IPTOS_LOWDELAY; + setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); #endif - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - { + if(get_config_string + (lookup_config(config_tree, "BindToInterface"), &iface)) { #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; - } + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); + + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { + closesocket(nfd); + logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, + strerror(errno)); + return -1; + } #else - syslog(LOG_WARNING, _("BindToDevice not supported on this platform")); + logger(LOG_WARNING, _("BindToInterface not supported on this platform")); #endif - } - - if(bind(nfd, &sa->sa, SALEN(sa->sa))) - { - close(nfd); - addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); - free(addrstr); - return -1; - } - - if(listen(nfd, 3)) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); - return -1; - } -cp - return nfd; + } + + if(bind(nfd, &sa->sa, SALEN(sa->sa))) { + closesocket(nfd); + addrstr = sockaddr2hostname(sa); + logger(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, + strerror(errno)); + free(addrstr); + return -1; + } + + if(listen(nfd, 3)) { + closesocket(nfd); + logger(LOG_ERR, _("System call `%s' failed: %s"), "listen", + strerror(errno)); + return -1; + } + + return nfd; } -int setup_vpn_in_socket(sockaddr_t *sa) +int setup_vpn_in_socket(const sockaddr_t *sa) { - int nfd, flags; - char *addrstr; - int option; + int nfd, flags; + char *addrstr; + int option; #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; - struct ifreq ifr; + char *iface; + struct ifreq ifr; +#endif + + cp(); + + nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP); + + if(nfd < 0) { + logger(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); + return -1; + } + +#ifdef O_NONBLOCK + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + closesocket(nfd); + logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + strerror(errno)); + return -1; + } #endif -cp - if((nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) - { - syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); - return -1; - } - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - { - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; + if(get_config_string + (lookup_config(config_tree, "BindToInterface"), &iface)) { + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); + + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { + closesocket(nfd); + logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, + strerror(errno)); + return -1; + } } - } #endif - if(bind(nfd, &sa->sa, SALEN(sa->sa))) - { - close(nfd); - addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); - free(addrstr); - return -1; - } -cp - return nfd; -} + if(bind(nfd, &sa->sa, SALEN(sa->sa))) { + closesocket(nfd); + addrstr = sockaddr2hostname(sa); + logger(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, + strerror(errno)); + free(addrstr); + return -1; + } -void retry_outgoing(outgoing_t *outgoing) -{ - event_t *event; -cp - outgoing->timeout += 5; - if(outgoing->timeout > maxtimeout) - outgoing->timeout = maxtimeout; - - event = new_event(); - event->handler = (event_handler_t)setup_outgoing_connection; - event->time = now + outgoing->timeout; - event->data = outgoing; - event_add(event); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); -cp + return nfd; } -int setup_outgoing_socket(connection_t *c) +void retry_outgoing(outgoing_t *outgoing) { - int option; -cp - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); - - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - - if(c->socket == -1) - { - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); - return -1; - } + event_t *event; - /* Optimize TCP settings */ + cp(); -#ifdef HAVE_LINUX - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + outgoing->timeout += 5; - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); -#endif - - /* Connect */ + if(outgoing->timeout > maxtimeout) + outgoing->timeout = maxtimeout; - if(connect(c->socket, &c->address.sa, SALEN(c->address.sa)) == -1) - { - close(c->socket); - syslog(LOG_ERR, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(errno)); - return -1; - } + event = new_event(); + event->handler = (event_handler_t) setup_outgoing_connection; + event->time = now + outgoing->timeout; + event->data = outgoing; + event_add(event); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); -cp - return 0; + ifdebug(CONNECTIONS) logger(LOG_NOTICE, + _("Trying to re-establish outgoing connection in %d seconds"), + outgoing->timeout); } - void finish_connecting(connection_t *c) { -cp - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); + cp(); - c->last_ping_time = now; + ifdebug(CONNECTIONS) logger(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); - send_id(c); -cp + c->last_ping_time = now; + + send_id(c); } void do_outgoing_connection(connection_t *c) { - char *address, *port; - int option, result, flags; -cp -begin: - if(!c->outgoing->ai) - { - if(!c->outgoing->cfg) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Could not set up a meta connection to %s"), c->name); - c->status.remove = 1; - retry_outgoing(c->outgoing); - return; - } + char *address, *port; + int option, result, flags; - get_config_string(c->outgoing->cfg, &address); + cp(); - if(!get_config_string(lookup_config(c->config_tree, "Port"), &port)) - asprintf(&port, "655"); +begin: + if(!c->outgoing->ai) { + if(!c->outgoing->cfg) { + ifdebug(CONNECTIONS) logger(LOG_ERR, _("Could not set up a meta connection to %s"), + c->name); + c->status.remove = true; + retry_outgoing(c->outgoing); + return; + } + + get_config_string(c->outgoing->cfg, &address); + + if(!get_config_string(lookup_config(c->config_tree, "Port"), &port)) + asprintf(&port, "655"); + + c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); + free(address); + free(port); + + c->outgoing->aip = c->outgoing->ai; + c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); + } - c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); - free(address); - free(port); + if(!c->outgoing->aip) { + freeaddrinfo(c->outgoing->ai); + c->outgoing->ai = NULL; + goto begin; + } - c->outgoing->aip = c->outgoing->ai; - c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); - } + memcpy(&c->address, c->outgoing->aip->ai_addr, + c->outgoing->aip->ai_addrlen); + c->outgoing->aip = c->outgoing->aip->ai_next; - if(!c->outgoing->aip) - { - freeaddrinfo(c->outgoing->ai); - c->outgoing->ai = NULL; - goto begin; - } + if(c->hostname) + free(c->hostname); - memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); - c->outgoing->aip = c->outgoing->aip->ai_next; + c->hostname = sockaddr2hostname(&c->address); - if(c->hostname) - free(c->hostname); + ifdebug(CONNECTIONS) logger(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, + c->hostname); - c->hostname = sockaddr2hostname(&c->address); + c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); + if(c->socket == -1) { + ifdebug(CONNECTIONS) logger(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, + strerror(errno)); + + goto begin; + } - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + /* Optimize TCP settings */ - if(c->socket == -1) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); +#if defined(SOL_TCP) && defined(TCP_NODELAY) + option = 1; + setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); +#endif - goto begin; - } +#if defined(SOL_IP) && defined(IP_TOS) + option = IPTOS_LOWDELAY; + setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); +#endif - /* Optimize TCP settings */ + /* Non-blocking */ -#ifdef HAVE_LINUX - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); +#ifdef O_NONBLOCK + flags = fcntl(c->socket, F_GETFL); - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); + if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { + logger(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); + } #endif - /* Non-blocking */ + /* Connect */ - flags = fcntl(c->socket, F_GETFL); + result = connect(c->socket, &c->address.sa, SALEN(c->address.sa)); - if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) - { - syslog(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); - } + if(result == -1) { + if(errno == EINPROGRESS) { + c->status.connecting = true; + return; + } - /* Connect */ + closesocket(c->socket); - result = connect(c->socket, &c->address.sa, SALEN(c->address.sa)); + ifdebug(CONNECTIONS) logger(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); - if(result == -1) - { - if(errno == EINPROGRESS) - { - c->status.connecting = 1; - return; + goto begin; } - close(c->socket); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + finish_connecting(c); - goto begin; - } - - finish_connecting(c); - return; -cp + return; } void setup_outgoing_connection(outgoing_t *outgoing) { - connection_t *c; - node_t *n; -cp - n = lookup_node(outgoing->name); - - if(n) - if(n->connection) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); - n->connection->outgoing = outgoing; - return; - } - - c = new_connection(); - c->name = xstrdup(outgoing->name); - c->outcipher = myself->connection->outcipher; - c->outdigest = myself->connection->outdigest; - c->outmaclength = myself->connection->outmaclength; - c->outcompression = myself->connection->outcompression; - - init_configuration(&c->config_tree); - read_connection_config(c); - - outgoing->cfg = lookup_config(c->config_tree, "Address"); - - if(!outgoing->cfg) - { - syslog(LOG_ERR, _("No address specified for %s"), c->name); - free_connection(c); - free(outgoing->name); - free(outgoing); - return; - } - - c->outgoing = outgoing; - c->last_ping_time = now; - - connection_add(c); - - do_outgoing_connection(c); + connection_t *c; + node_t *n; + + cp(); + + n = lookup_node(outgoing->name); + + if(n) + if(n->connection) { + ifdebug(CONNECTIONS) logger(LOG_INFO, _("Already connected to %s"), outgoing->name); + + n->connection->outgoing = outgoing; + return; + } + + c = new_connection(); + c->name = xstrdup(outgoing->name); + c->outcipher = myself->connection->outcipher; + c->outdigest = myself->connection->outdigest; + c->outmaclength = myself->connection->outmaclength; + c->outcompression = myself->connection->outcompression; + + init_configuration(&c->config_tree); + read_connection_config(c); + + outgoing->cfg = lookup_config(c->config_tree, "Address"); + + if(!outgoing->cfg) { + logger(LOG_ERR, _("No address specified for %s"), c->name); + free_connection(c); + free(outgoing->name); + free(outgoing); + return; + } + + c->outgoing = outgoing; + c->last_ping_time = now; + + connection_add(c); + + do_outgoing_connection(c); } /* accept a new tcp connect and create a new connection */ -int handle_new_meta_connection(int sock) +bool handle_new_meta_connection(int sock) { - connection_t *c; - sockaddr_t sa; - int fd, len = sizeof(sa); -cp - if((fd = accept(sock, &sa.sa, &len)) < 0) - { - syslog(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); - return -1; - } - - sockaddrunmap(&sa); - - c = new_connection(); - c->outcipher = myself->connection->outcipher; - c->outdigest = myself->connection->outdigest; - c->outmaclength = myself->connection->outmaclength; - c->outcompression = myself->connection->outcompression; - - c->address = sa; - c->hostname = sockaddr2hostname(&sa); - c->socket = fd; - c->last_ping_time = now; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection from %s"), c->hostname); - - connection_add(c); - - c->allow_request = ID; - send_id(c); -cp - return 0; + connection_t *c; + sockaddr_t sa; + int fd, len = sizeof(sa); + + cp(); + + fd = accept(sock, &sa.sa, &len); + + if(fd < 0) { + logger(LOG_ERR, _("Accepting a new connection failed: %s"), + strerror(errno)); + return false; + } + + sockaddrunmap(&sa); + + c = new_connection(); + c->outcipher = myself->connection->outcipher; + c->outdigest = myself->connection->outdigest; + c->outmaclength = myself->connection->outmaclength; + c->outcompression = myself->connection->outcompression; + + c->address = sa; + c->hostname = sockaddr2hostname(&sa); + c->socket = fd; + c->last_ping_time = now; + + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection from %s"), c->hostname); + + connection_add(c); + + c->allow_request = ID; + send_id(c); + + return true; } void try_outgoing_connections(void) { - static config_t *cfg = NULL; - char *name; - outgoing_t *outgoing; -cp - for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) - { - get_config_string(cfg, &name); - - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); - free(name); - continue; - } - - outgoing = xmalloc_and_zero(sizeof(*outgoing)); - outgoing->name = name; - setup_outgoing_connection(outgoing); - } + static config_t *cfg = NULL; + char *name; + outgoing_t *outgoing; + + cp(); + + for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; + cfg = lookup_config_next(config_tree, cfg)) { + get_config_string(cfg, &name); + + if(!check_id(name)) { + logger(LOG_ERR, + _("Invalid name for outgoing connection in %s line %d"), + cfg->file, cfg->line); + free(name); + continue; + } + + outgoing = xmalloc_and_zero(sizeof(*outgoing)); + outgoing->name = name; + setup_outgoing_connection(outgoing); + } } diff --git a/src/netutl.c b/src/netutl.c new file mode 100644 index 00000000..97186e96 --- /dev/null +++ b/src/netutl.c @@ -0,0 +1,304 @@ +/* + netutl.c -- some supporting network utility code + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: netutl.c,v 1.17 2003/08/24 20:38:25 guus Exp $ +*/ + +#include "system.h" + +#include "net.h" +#include "netutl.h" +#include "logger.h" +#include "utils.h" +#include "xalloc.h" + +bool hostnames = false; + +/* + Turn a string into a struct addrinfo. + Return NULL on failure. +*/ +struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) +{ + struct addrinfo *ai, hint = {0}; + int err; + + cp(); + + hint.ai_family = addressfamily; + hint.ai_socktype = socktype; + + err = getaddrinfo(address, service, &hint, &ai); + + if(err) { + logger(LOG_WARNING, _("Error looking up %s port %s: %s"), address, + service, gai_strerror(err)); + return NULL; + } + + return ai; +} + +sockaddr_t str2sockaddr(const char *address, const char *port) +{ + struct addrinfo *ai, hint = {0}; + sockaddr_t result; + int err; + + cp(); + + hint.ai_family = AF_UNSPEC; + hint.ai_flags = AI_NUMERICHOST; + hint.ai_socktype = SOCK_STREAM; + + err = getaddrinfo(address, port, &hint, &ai); + + if(err || !ai) { + ifdebug(SCARY_THINGS) + logger(LOG_DEBUG, "Unknown type address %s port %s", address, port); + result.sa.sa_family = AF_UNKNOWN; + result.unknown.address = xstrdup(address); + result.unknown.port = xstrdup(port); + return result; + } + + result = *(sockaddr_t *) ai->ai_addr; + freeaddrinfo(ai); + + return result; +} + +void sockaddr2str(const sockaddr_t *sa, char **addrstr, char **portstr) +{ + char address[NI_MAXHOST]; + char port[NI_MAXSERV]; + char *scopeid; + int err; + + cp(); + + if(sa->sa.sa_family == AF_UNKNOWN) { + *addrstr = xstrdup(sa->unknown.address); + *portstr = xstrdup(sa->unknown.port); + return; + } + + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV); + + if(err) { + logger(LOG_ERR, _("Error while translating addresses: %s"), + gai_strerror(err)); + cp_trace(); + raise(SIGFPE); + exit(0); + } + + scopeid = strchr(address, '%'); + + if(scopeid) + *scopeid = '\0'; /* Descope. */ + + *addrstr = xstrdup(address); + *portstr = xstrdup(port); +} + +char *sockaddr2hostname(const sockaddr_t *sa) +{ + char *str; + char address[NI_MAXHOST] = "unknown"; + char port[NI_MAXSERV] = "unknown"; + int err; + + cp(); + + if(sa->sa.sa_family == AF_UNKNOWN) { + asprintf(&str, _("%s port %s"), sa->unknown.address, sa->unknown.port); + return str; + } + + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), + hostnames ? 0 : (NI_NUMERICHOST | NI_NUMERICSERV)); + if(err) { + logger(LOG_ERR, _("Error while looking up hostname: %s"), + gai_strerror(err)); + } + + asprintf(&str, _("%s port %s"), address, port); + + return str; +} + +int sockaddrcmp(const sockaddr_t *a, const sockaddr_t *b) +{ + int result; + + cp(); + + result = a->sa.sa_family - b->sa.sa_family; + + if(result) + return result; + + switch (a->sa.sa_family) { + case AF_UNSPEC: + return 0; + + case AF_UNKNOWN: + result = strcmp(a->unknown.address, b->unknown.address); + + if(result) + return result; + + return strcmp(a->unknown.port, b->unknown.port); + + case AF_INET: + result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); + + if(result) + return result; + + return memcmp(&a->in.sin_port, &b->in.sin_port, sizeof(a->in.sin_port)); + + case AF_INET6: + result = memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)); + + if(result) + return result; + + return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); + + default: + logger(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), + a->sa.sa_family); + cp_trace(); + raise(SIGFPE); + exit(0); + } +} + +void sockaddrcpy(sockaddr_t *a, const sockaddr_t *b) { + cp(); + + if(b->sa.sa_family != AF_UNKNOWN) { + *a = *b; + } else { + a->unknown.family = AF_UNKNOWN; + a->unknown.address = xstrdup(b->unknown.address); + a->unknown.port = xstrdup(b->unknown.port); + } +} + +void sockaddrfree(sockaddr_t *a) { + cp(); + + if(a->sa.sa_family == AF_UNKNOWN) { + free(a->unknown.address); + free(a->unknown.port); + } +} + +void sockaddrunmap(sockaddr_t *sa) +{ + cp(); + + if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { + sa->in.sin_addr.s_addr = ((uint32_t *) & sa->in6.sin6_addr)[3]; + sa->in.sin_family = AF_INET; + } +} + +/* Subnet mask handling */ + +int maskcmp(const void *va, const void *vb, int masklen, int len) +{ + int i, m, result; + const char *a = va; + const char *b = vb; + + cp(); + + for(m = masklen, i = 0; m >= 8; m -= 8, i++) { + result = a[i] - b[i]; + if(result) + return result; + } + + if(m) + return (a[i] & (0x100 - (1 << (8 - m)))) - + (b[i] & (0x100 - (1 << (8 - m)))); + + return 0; +} + +void mask(void *va, int masklen, int len) +{ + int i; + char *a = va; + + cp(); + + i = masklen / 8; + masklen %= 8; + + if(masklen) + a[i++] &= (0x100 - (1 << masklen)); + + for(; i < len; i++) + a[i] = 0; +} + +void maskcpy(void *va, const void *vb, int masklen, int len) +{ + int i, m; + char *a = va; + const char *b = vb; + + cp(); + + for(m = masklen, i = 0; m >= 8; m -= 8, i++) + a[i] = b[i]; + + if(m) { + a[i] = b[i] & (0x100 - (1 << m)); + i++; + } + + for(; i < len; i++) + a[i] = 0; +} + +bool maskcheck(const void *va, int masklen, int len) +{ + int i; + const char *a = va; + + cp(); + + i = masklen / 8; + masklen %= 8; + + if(masklen && a[i++] & (0xff >> masklen)) + return false; + + for(; i < len; i++) + if(a[i] != 0) + return false; + + return true; +} diff --git a/lib/netutl.h b/src/netutl.h similarity index 50% rename from lib/netutl.h rename to src/netutl.h index 924f304b..9524e176 100644 --- a/lib/netutl.h +++ b/src/netutl.h @@ -1,7 +1,7 @@ /* netutl.h -- header file for netutl.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,30 +17,27 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.1 2002/04/28 12:46:25 zarq Exp $ + $Id: netutl.h,v 1.6 2003/08/24 20:38:25 guus Exp $ */ #ifndef __TINC_NETUTL_H__ #define __TINC_NETUTL_H__ -#include -#include -#include - #include "net.h" -extern int hostnames; +extern bool hostnames; -extern char *hostlookup(unsigned long); -extern struct addrinfo *str2addrinfo(char *, char *, int); -extern sockaddr_t str2sockaddr(char *, char *); -extern void sockaddr2str(sockaddr_t *, char **, char **); -extern char *sockaddr2hostname(sockaddr_t *); -extern int sockaddrcmp(sockaddr_t *, sockaddr_t *); +extern struct addrinfo *str2addrinfo(const char *, const char *, int); +extern sockaddr_t str2sockaddr(const char *, const char *); +extern void sockaddr2str(const sockaddr_t *, char **, char **); +extern char *sockaddr2hostname(const sockaddr_t *); +extern int sockaddrcmp(const sockaddr_t *, const sockaddr_t *); extern void sockaddrunmap(sockaddr_t *); -extern int maskcmp(char *, char *, int, int); -extern void maskcpy(char *, char *, int, int); -extern void mask(char *, int, int); -extern int maskcheck(char *, int, int); - -#endif /* __TINC_NETUTL_H__ */ +extern void sockaddrfree(sockaddr_t *); +extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *); +extern int maskcmp(const void *, const void *, int, int); +extern void maskcpy(void *, const void *, int, int); +extern void mask(void *, int, int); +extern bool maskcheck(const void *, int, int); + +#endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.c b/src/node.c new file mode 100644 index 00000000..cec3a48d --- /dev/null +++ b/src/node.c @@ -0,0 +1,190 @@ +/* + node.c -- node tree management + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: node.c,v 1.4 2003/08/24 20:38:25 guus Exp $ +*/ + +#include "system.h" + +#include "avl_tree.h" +#include "logger.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "utils.h" +#include "xalloc.h" + +avl_tree_t *node_tree; /* Known nodes, sorted by name */ +avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ + +node_t *myself; + +static int node_compare(const node_t *a, const node_t *b) +{ + return strcmp(a->name, b->name); +} + +static int node_udp_compare(const node_t *a, const node_t *b) +{ + int result; + + cp(); + + result = sockaddrcmp(&a->address, &b->address); + + if(result) + return result; + + return (a->name && b->name) ? strcmp(a->name, b->name) : 0; +} + +void init_nodes(void) +{ + cp(); + + node_tree = avl_alloc_tree((avl_compare_t) node_compare, (avl_action_t) free_node); + node_udp_tree = avl_alloc_tree((avl_compare_t) node_udp_compare, NULL); +} + +void exit_nodes(void) +{ + cp(); + + avl_delete_tree(node_udp_tree); + avl_delete_tree(node_tree); +} + +node_t *new_node(void) +{ + node_t *n = (node_t *) xmalloc_and_zero(sizeof(*n)); + + cp(); + + n->subnet_tree = new_subnet_tree(); + n->edge_tree = new_edge_tree(); + n->queue = list_alloc((list_action_t) free); + EVP_CIPHER_CTX_init(&n->packet_ctx); + + return n; +} + +void free_node(node_t *n) +{ + cp(); + + if(n->queue) + list_delete_list(n->queue); + + if(n->name) + free(n->name); + + if(n->hostname) + free(n->hostname); + + if(n->key) + free(n->key); + + if(n->subnet_tree) + free_subnet_tree(n->subnet_tree); + + if(n->edge_tree) + free_edge_tree(n->edge_tree); + + sockaddrfree(&n->address); + + EVP_CIPHER_CTX_cleanup(&n->packet_ctx); + + free(n); +} + +void node_add(node_t *n) +{ + cp(); + + avl_insert(node_tree, n); + avl_insert(node_udp_tree, n); +} + +void node_del(node_t *n) +{ + avl_node_t *node, *next; + edge_t *e; + subnet_t *s; + + cp(); + + for(node = n->subnet_tree->head; node; node = next) { + next = node->next; + s = (subnet_t *) node->data; + subnet_del(n, s); + } + + for(node = n->edge_tree->head; node; node = next) { + next = node->next; + e = (edge_t *) node->data; + edge_del(e); + } + + avl_delete(node_tree, n); + avl_delete(node_udp_tree, n); +} + +node_t *lookup_node(char *name) +{ + node_t n = {0}; + + cp(); + + n.name = name; + + return avl_search(node_tree, &n); +} + +node_t *lookup_node_udp(const sockaddr_t *sa) +{ + node_t n = {0}; + + cp(); + + n.address = *sa; + n.name = NULL; + + return avl_search(node_udp_tree, &n); +} + +void dump_nodes(void) +{ + avl_node_t *node; + node_t *n; + + cp(); + + logger(LOG_DEBUG, _("Nodes:")); + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), + n->name, n->hostname, n->cipher ? n->cipher->nid : 0, + n->digest ? n->digest->type : 0, n->maclength, n->compression, + n->options, *(uint32_t *)&n->status, n->nexthop ? n->nexthop->name : "-", + n->via ? n->via->name : "-"); + } + + logger(LOG_DEBUG, _("End of nodes.")); +} diff --git a/src/node.h b/src/node.h new file mode 100644 index 00000000..05055bbd --- /dev/null +++ b/src/node.h @@ -0,0 +1,90 @@ +/* + node.h -- header for node.c + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: node.h,v 1.4 2003/08/24 20:38:25 guus Exp $ +*/ + +#ifndef __TINC_NODE_H__ +#define __TINC_NODE_H__ + +#include "avl_tree.h" +#include "connection.h" +#include "list.h" +#include "subnet.h" + +typedef struct node_status_t { + int active:1; /* 1 if active.. */ + int validkey:1; /* 1 if we currently have a valid key for him */ + int waitingforkey:1; /* 1 if we already sent out a request */ + int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ + int reachable:1; /* 1 if this node is reachable in the graph */ + int indirect:1; /* 1 if this node is not directly reachable by us */ + int unused:26; +} node_status_t; + +typedef struct node_t { + char *name; /* name of this node */ + long int options; /* options turned on for this node */ + + sockaddr_t address; /* his real (internet) ip to send UDP packets to */ + char *hostname; /* the hostname of its real ip */ + + node_status_t status; + + const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ + char *key; /* Cipher key and iv */ + int keylength; /* Cipher key and iv length */ + EVP_CIPHER_CTX packet_ctx; /* Cipher context */ + + const EVP_MD *digest; /* Digest type for MAC */ + int maclength; /* Length of MAC */ + + int compression; /* Compressionlevel, 0 = no compression */ + + list_t *queue; /* Queue for packets awaiting to be encrypted */ + + struct node_t *nexthop; /* nearest node from us to him */ + struct node_t *via; /* next hop for UDP packets */ + + avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ + + avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ + + struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ + + uint32_t sent_seqno; /* Sequence number last sent to this node */ + uint32_t received_seqno; /* Sequence number last received from this node */ + unsigned char late[16]; /* Bitfield marking late packets */ +} node_t; + +extern struct node_t *myself; +extern avl_tree_t *node_tree; +extern avl_tree_t *node_udp_tree; + +extern void init_nodes(void); +extern void exit_nodes(void); +extern node_t *new_node(void) __attribute__ ((__malloc__)); +extern void free_node(node_t *); +extern void node_add(node_t *); +extern void node_del(node_t *); +extern node_t *lookup_node(char *); +extern node_t *lookup_node_udp(const sockaddr_t *); +extern void dump_nodes(void); + +#endif /* __TINC_NODE_H__ */ diff --git a/src/pokey/.cvsignore b/src/pokey/.cvsignore deleted file mode 100644 index 710487c1..00000000 --- a/src/pokey/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -*.o .libs .deps pokey Makefile.in Makefile diff --git a/src/pokey/Makefile.am b/src/pokey/Makefile.am deleted file mode 100644 index 48e9f498..00000000 --- a/src/pokey/Makefile.am +++ /dev/null @@ -1,30 +0,0 @@ -## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4 2002/05/02 13:11:55 zarq Exp $ - -sbin_PROGRAMS = pokey - -pokey_SOURCES = graph.c \ - interface.c meta.c net.c net_packet.c net_setup.c net_socket.c netutl.c \ - process.c protocol.c protocol_auth.c protocol_edge.c \ - protocol_misc.c protocol_key.c protocol_subnet.c route.c \ - pokey.c read_conf.c - -INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/src -I/usr/include/gtk-1.2 -I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/include/libglade-1.0 -I/usr/include/gnome-1.0 -I/usr/include/gnome-xml -I/usr/include/libglade-1.0 -I/usr/include/gnome-1.0 -DNEED_GNOMESUPPORT_H -I/usr/lib/gnome-libs/include -I/usr/include/glib-1.2 -I/usr/lib/glib/include -I/usr/include/orbit-1.0 -I/usr/include/gtk-1.2 -I/usr/X11R6/include - -noinst_HEADERS = device.h graph.h meta.h net.h netutl.h process.h \ - protocol.h route.h read_conf.h - -LIBS = @LIBS@ @INTLLIBS@ - -pokey_LDADD = \ - $(top_builddir)/lib/libtinc.a - -pokey_LDFLAGS = -L/usr/X11R6/lib -lglade-gnome -lglade -lgnome -lgnomeui -L/usr/lib -lglade-gnome -lglade -L/usr/lib -lxml -lz -rdynamic -L/usr/lib -L/usr/X11R6/lib -rdynamic -lgnomeui -lart_lgpl -lgdk_imlib -lSM -lICE -lgtk -lgdk -lgmodule -ldl -lXi -lXext -lX11 -lgnome -lgnomesupport -lesd -laudiofile -lm -ldb-3 -lglib -lxml -lz -lgtk -lgdk -lXi -lXext -lX11 -lm -lglib - -localedir = $(datadir)/locale - -CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ - -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" - -lint: $(tincd_SOURCES) - lclint -nullassign -nullret +trytorecover +posixlib -skipansiheaders -skipposixheaders +gnuextensions -I/usr/include -I/usr/lib/gcc-lib/i386-linux/2.95.2/include -I. -I/home/zarq/p/tinc/cvs/cabal/src -I.. -I.. -I/home/zarq/p/tinc/cvs/cabal/lib -I/home/zarq/p/tinc/cvs/cabal/intl -D_POSIX_SOURCE -D__ELF__ -Dunix -D__i386__ -Dlinux -DHAVE_CONFIG_H -DPKGLIBDIR=/usr/local/lib/tinc -DCONFDIR=\"/usr/local/etc\" -DLOCALEDIR=\"/usr/local/share/locale\" $^ diff --git a/src/pokey/array.c b/src/pokey/array.c deleted file mode 100644 index 9946ad17..00000000 --- a/src/pokey/array.c +++ /dev/null @@ -1,45 +0,0 @@ -#include -#include - -#include "myalloc.h" -#include "array.h" - -void *array_add(array_t *array, void *element) -{ - if(!array) - return NULL; - - if(array->allocated == 0) - { - array->allocated = 4; - array->data = xcalloc(array->allocated, sizeof(void*)); - array->elements = 0; - } - - if(array->elements >= array->allocated - 1) - { - int newalloc; - - newalloc = array->allocated << 1; - array->data = xrealloc(array->data, newalloc * sizeof(void*)); - array->allocated = newalloc; - } - - array->data[array->elements] = element; - array->elements++; - return element; -} - -array_t *array_create(void) -{ - array_t *r; - - r = xcalloc(1, sizeof(*r)); - return r; -} - -void array_free(array_t *array) -{ - free(array->data); - free(array); -} diff --git a/src/pokey/array.h b/src/pokey/array.h deleted file mode 100644 index a1a81c4b..00000000 --- a/src/pokey/array.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef __ARRAY_H__ -#define __ARRAY_H__ - -typedef struct array_t { - void **data; - int allocated; - int elements; -} array_t; - -#define array_get_ptr(array) ((array)->data) -#define array_get_nelts(array) ((array)->elements) -#define array_get_element(array, index) ((array)->data[(index)]) - -void *array_add(array_t *array, void *element); -array_t *array_create(void); -void array_free(array_t *array); - -#endif /* __ARRAY_H__ */ diff --git a/src/pokey/conf.h b/src/pokey/conf.h deleted file mode 100644 index cb1247b0..00000000 --- a/src/pokey/conf.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - conf.h -- header for conf.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: conf.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_CONF_H__ -#define __TINC_CONF_H__ - -#include -#include -#include - -#include -#include "net.h" -#include "subnet.h" - -typedef struct config_t { - char *variable; - char *value; - char *file; - int line; -} config_t; - -extern avl_tree_t *config_tree; - -extern int debug_lvl; -extern int pingtimeout; -extern int maxtimeout; -extern int bypass_security; -extern char *confbase; -extern char *netname; - -extern void init_configuration(avl_tree_t **); -extern void exit_configuration(avl_tree_t **); -extern config_t *new_config(void); -extern void free_config(config_t *); -extern void config_add(avl_tree_t *, config_t *); -extern config_t *lookup_config(avl_tree_t *, char *); -extern config_t *lookup_config_next(avl_tree_t *, config_t *); -extern int get_config_bool(config_t *, int *); -extern int get_config_int(config_t *, int *); -extern int get_config_port(config_t *, port_t *); -extern int get_config_string(config_t *, char **); -extern int get_config_address(config_t *, struct addrinfo **); -struct subnet_t; /* Needed for next line. */ -extern int get_config_subnet(config_t *, struct subnet_t **); - -extern int read_config_file(avl_tree_t *, const char *); -extern int read_server_config(void); -extern FILE *ask_and_safe_open(const char*, const char*, const char *); -extern int is_safe_path(const char *); - -#endif /* __TINC_CONF_H__ */ diff --git a/src/pokey/connection.h b/src/pokey/connection.h deleted file mode 100644 index 8f436969..00000000 --- a/src/pokey/connection.h +++ /dev/null @@ -1,120 +0,0 @@ -/* - connection.h -- header for connection.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: connection.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_CONNECTION_H__ -#define __TINC_CONNECTION_H__ - -#include - -#include -#include - -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif - -#include "net.h" -#include "conf.h" - -#include "node.h" -#include "edge.h" - -#define OPTION_INDIRECT 0x0001 -#define OPTION_TCPONLY 0x0002 - -typedef struct connection_status_t { - int pinged:1; /* sent ping */ - int active:1; /* 1 if active.. */ - int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ - int termreq:1; /* the termination of this connection was requested */ - int remove:1; /* Set to 1 if you want this connection removed */ - int timeout:1; /* 1 if gotten timeout */ - int encryptout:1; /* 1 if we can encrypt outgoing traffic */ - int decryptin:1; /* 1 if we have to decrypt incoming traffic */ - int mst:1; /* 1 if this connection is part of a minimum spanning tree */ - int unused:18; -} connection_status_t; - -typedef struct connection_t { - char *name; /* name he claims to have */ - - sockaddr_t address; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ - int protocol_version; /* used protocol */ - - int socket; /* socket used for this connection */ - long int options; /* options for this connection */ - struct connection_status_t status; /* status info */ - int estimated_weight; /* estimation for the weight of the edge for this connection */ - struct timeval start; /* time this connection was started, used for above estimation */ - struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ - - struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ - - RSA *rsa_key; /* his public/private key */ - const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ - const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ - EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ - EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ - char *inkey; /* His symmetric meta key + iv */ - char *outkey; /* Our symmetric meta key + iv */ - int inkeylength; /* Length of his key + iv */ - int outkeylength; /* Length of our key + iv */ - const EVP_MD *indigest; - const EVP_MD *outdigest; - int inmaclength; - int outmaclength; - int incompression; - int outcompression; - char *mychallenge; /* challenge we received from him */ - char *hischallenge; /* challenge we sent to him */ - - char buffer[MAXBUFSIZE]; /* metadata input buffer */ - int buflen; /* bytes read into buffer */ - int allow_request; /* defined if there's only one request possible */ - - time_t last_ping_time; /* last time we saw some activity from the other end */ - - avl_tree_t *config_tree; /* Pointer to configuration tree belonging to him */ -} connection_t; - -extern avl_tree_t *connection_tree; - -extern void init_connections(void); -extern void exit_connections(void); -extern connection_t *new_connection(void); -extern void free_connection(connection_t *); -extern void connection_add(connection_t *); -extern void connection_del(connection_t *); -extern void dump_connections(void); -extern int read_connection_config(connection_t *); - -#endif /* __TINC_CONNECTION_H__ */ diff --git a/src/pokey/device.h b/src/pokey/device.h deleted file mode 100644 index f705e3d0..00000000 --- a/src/pokey/device.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - net.h -- generic header for device.c - Copyright (C) 2001-2002 Ivo Timmermans - 2001-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: device.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_DEVICE_H__ -#define __TINC_DEVICE_H__ - -extern int device_fd; -extern char *device; -extern char *interface; - -extern int setup_device(void); -extern void close_device(void); -extern int read_packet(vpn_packet_t *); -extern int write_packet(vpn_packet_t *); -extern void dump_device_stats(void); - -#endif /* __TINC_DEVICE_H__ */ diff --git a/src/pokey/graph.c b/src/pokey/graph.c deleted file mode 100644 index 25b4a0ed..00000000 --- a/src/pokey/graph.c +++ /dev/null @@ -1,283 +0,0 @@ -/* - graph.c -- graph algorithms - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: graph.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -/* We need to generate two trees from the graph: - - 1. A minimum spanning tree for broadcasts, - 2. A single-source shortest path tree for unicasts. - - Actually, the first one alone would suffice but would make unicast packets - take longer routes than necessary. - - For the MST algorithm we can choose from Prim's or Kruskal's. I personally - favour Kruskal's, because we make an extra AVL tree of edges sorted on - weights (metric). That tree only has to be updated when an edge is added or - removed, and during the MST algorithm we just have go linearly through that - tree, adding safe edges until #edges = #nodes - 1. The implementation here - however is not so fast, because I tried to avoid having to make a forest and - merge trees. - - For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a - simple breadth-first search is presented here. - - The SSSP algorithm will also be used to determine whether nodes are directly, - indirectly or not reachable from the source. It will also set the correct - destination address and port of a node if possible. -*/ - -#include "config.h" -#include -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) - #include -#endif -#include - -#include -#include -#include - -#include "interface.h" -#include "netutl.h" -#include "node.h" -#include "edge.h" -#include "connection.h" -#include "logging.h" - -#include "system.h" - -/* Implementation of Kruskal's algorithm. - Running time: O(EN) - Please note that sorting on weight is already done by add_edge(). -*/ - -void mst_kruskal(void) -{ - avl_node_t *node, *next; - edge_t *e; - node_t *n; - connection_t *c; - int nodes = 0; - int safe_edges = 0; - int skipped; - - /* Clear MST status on connections */ - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - c->status.mst = 0; - } - - /* Do we have something to do at all? */ - - if(!edge_weight_tree->head) - return; - - log(DEBUG_SCARY_THINGS, TLOG_DEBUG, - _("Running Kruskal's algorithm:")); - - /* Clear visited status on nodes */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - n->status.visited = 0; - nodes++; - } - - /* Starting point */ - - ((edge_t *)edge_weight_tree->head->data)->from.node->status.visited = 1; - - /* Add safe edges */ - - for(skipped = 0, node = edge_weight_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; - - if(e->from.node->status.visited == e->to.node->status.visited) - { - skipped = 1; - continue; - } - - e->from.node->status.visited = 1; - e->to.node->status.visited = 1; - if(e->connection) - e->connection->status.mst = 1; - - safe_edges++; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from.node->name, e->to.node->name, e->weight); - - if(skipped) - { - next = edge_weight_tree->head; - continue; - } - } - - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, safe_edges); -} - -/* Implementation of a simple breadth-first search algorithm. - Running time: O(E) -*/ - -void sssp_bfs(void) -{ - avl_node_t *node, *from, *next, *to; - edge_t *e; - node_t *n; - halfconnection_t to_hc, from_hc; - avl_tree_t *todo_tree; - int indirect; - - todo_tree = avl_alloc_tree(NULL, NULL); - - /* Clear visited status on nodes */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - n->status.visited = 0; - n->status.indirect = 1; - } - - /* Begin with myself */ - - myself->status.visited = 1; - myself->status.indirect = 0; - myself->nexthop = myself; - myself->via = myself; - node = avl_alloc_node(); - node->data = myself; - avl_insert_top(todo_tree, node); - - /* Loop while todo_tree is filled */ - - while(todo_tree->head) - { - for(from = todo_tree->head; from; from = next) /* "from" is the node from which we start */ - { - next = from->next; - n = (node_t *)from->data; - - for(to = n->edge_tree->head; to; to = to->next) /* "to" is the edge connected to "from" */ - { - e = (edge_t *)to->data; - - if(e->from.node == n) /* "from_hc" is the halfconnection with .node == from */ - to_hc = e->to, from_hc = e->from; - else - to_hc = e->from, from_hc = e->to; - - /* Situation: - - / - / - ------(n)from_hc-----to_hc - \ - \ - - n->address is set to the to_hc.udpaddress of the edge left of n. - We are currently examining the edge right of n: - - - If from_hc.udpaddress != n->address, then to_hc.node is probably - not reachable for the nodes left of n. We do as if the indirectdata - flag is set on edge e. - - If edge e provides for better reachability of to_hc.node, update - to_hc.node and (re)add it to the todo_tree to (re)examine the reachability - of nodes behind it. - */ - - indirect = n->status.indirect || e->options & OPTION_INDIRECT || ((n != myself) && sockaddrcmp(&n->address, &from_hc.udpaddress)); - - if(to_hc.node->status.visited && (!to_hc.node->status.indirect || indirect)) - continue; - - to_hc.node->status.visited = 1; - to_hc.node->status.indirect = indirect; - to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; - to_hc.node->via = indirect ? n->via : to_hc.node; - to_hc.node->options = e->options; - if(sockaddrcmp(&to_hc.node->address, &to_hc.udpaddress)) - { - node = avl_unlink(node_udp_tree, to_hc.node); - to_hc.node->address = to_hc.udpaddress; - if(to_hc.node->hostname) - free(to_hc.node->hostname); - to_hc.node->hostname = sockaddr2hostname(&to_hc.udpaddress); - avl_insert_node(node_udp_tree, node); - } - node = avl_alloc_node(); - node->data = to_hc.node; - avl_insert_before(todo_tree, from, node); - } - - avl_delete_node(todo_tree, from); - } - } - - avl_free_tree(todo_tree); - - /* Check reachability status. */ - - for(node = node_tree->head; node; node = next) - { - next = node->next; - n = (node_t *)node->data; - - if(n->status.visited) - { - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Node %s (%s) became reachable"), n->name, n->hostname); - n->status.reachable = 1; - run_hooks("node-visible", n); - } - } - else - { - if(n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); - n->status.reachable = 0; - n->status.validkey = 0; - n->status.waitingforkey = 0; - n->sent_seqno = 0; - run_hooks("node-invisible", n); - } - } - } -} - -void graph(void) -{ - mst_kruskal(); - sssp_bfs(); -} diff --git a/src/pokey/graph.h b/src/pokey/graph.h deleted file mode 100644 index ec0ead69..00000000 --- a/src/pokey/graph.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - graph.h -- header for graph.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: graph.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_GRAPH_H__ -#define __TINC_GRAPH_H__ - -extern void graph(void); -extern void mst_kruskal(void); -extern void sssp_bfs(void); - -#endif /* __TINC_GRAPH_H__ */ diff --git a/src/pokey/interface.c b/src/pokey/interface.c deleted file mode 100644 index 706c5fab..00000000 --- a/src/pokey/interface.c +++ /dev/null @@ -1,1293 +0,0 @@ -/* - interface.c -- GTK+/GNOME interface functions - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: interface.c,v 1.5 2002/05/02 11:50:07 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include - -#define log mathlog -#include -#undef log - -#include -#include -#include -#include -#include -#include -#include - -#include "node.h" -#include "connection.h" -#include "edge.h" -#include "interface.h" -#include "logging.h" - -#include -#include - -#include "system.h" - -/* Node tree & main window stuff */ -static GladeXML *xml; -static GtkWidget *nodetree; -static GtkCTreeNode *hosts_ctn; - - -/* Graph canvas stuff */ -static GladeXML *canvas_xml; - -static GnomeCanvasGroup *edge_group = NULL; - -static int canvas_width; -static int canvas_height; - -static GtkWidget *canvas = NULL; - -static int canvas_visible = 0; - -int build_graph = 0; - -static GdkColormap *colormap = NULL; -static GdkColor timecolor; - -#define MAX_NODES 25 -#define K 10.0 - -#ifdef INFINITY -#undef INFINITY -#endif -#define INFINITY 1.0e10 - -node_t *nodes[MAX_NODES]; -double x[MAX_NODES]; -double y[MAX_NODES]; -double k[MAX_NODES][MAX_NODES]; -double d[MAX_NODES][MAX_NODES]; -double l[MAX_NODES][MAX_NODES]; -static const double epsilon = 0.001; - -static int inited = 0; - -static int number_of_nodes = 0; - -static double canvas_zoom = 1.00; - - -/* Log window stuff */ -#ifdef MAXBUFSIZE -#undef MAXBUFSIZE -#endif - -#define MAXBUFSIZE 1024 - -static int log_inited = 0; -static int follow_log = 1; - -static int keep_drawing = 1; - -static int log_visible = 0; -static GtkWidget *log_window = NULL; - - -void if_node_add(const char *hooktype, va_list ap); -void if_node_del(const char *hooktype, va_list ap); -void if_subnet_add(const char *hooktype, va_list ap); -void if_subnet_del(const char *hooktype, va_list ap); -void if_edge_add(const char *hooktype, va_list ap); -void if_edge_del(const char *hooktype, va_list ap); -void if_node_visible(const char *hooktype, va_list ap); -void if_node_invisible(const char *hooktype, va_list ap); - -void if_node_create(node_t *n); - -GtkWidget *create_canvas(void) -{ - canvas_xml = glade_xml_new(INTERFACE_FILE, "GraphWindow"); - if(!canvas_xml) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "GraphWindow"); - return NULL; - } - - canvas = glade_xml_get_widget(xml, "canvas1"); - if(!canvas) - { - fprintf(stderr, "Could not find widget `canvas1'\n"); - return NULL; - } - - gnome_canvas_set_scroll_region(GNOME_CANVAS(canvas), 0.0, 0.0, 700, 500); - - canvas_width = 300.0; - canvas_height = 500.0; - - return canvas; -} - -void log_gtk(int level, int priority, char *fmt, va_list ap) -{ - char buffer1[MAXBUFSIZE]; - char buffer2[MAXBUFSIZE]; - int len; - char *p; - struct tm *tm; - time_t t; - - if(!log_visible) - return; - - /* Use vsnprintf instead of vasprintf: faster, no memory - fragmentation, cleanup is automatic, and there is a limit on the - input buffer anyway */ - len = vsnprintf(buffer1, MAXBUFSIZE, fmt, ap); - - buffer1[MAXBUFSIZE-1] = '\0'; - if((p = strrchr(buffer1, '\n'))) - *p = '\0'; - - t = time(NULL); - tm = localtime(&t); - snprintf(buffer2, MAXBUFSIZE, "%02d:%02d:%02d ", - tm->tm_hour, tm->tm_min, tm->tm_sec); - - if(!colormap) - { - colormap = gdk_colormap_new(gdk_visual_get_system(), FALSE); - timecolor.red = 0xffff; - timecolor.green = 0; - timecolor.blue = 0; - if(gdk_colormap_alloc_color(colormap, &timecolor, FALSE, TRUE) != TRUE) - { - fprintf(stderr, "Failed to allocate color\n"); - exit(1); - } - } - - gtk_text_freeze(GTK_TEXT(log_window)); - - if(log_inited) - gtk_text_insert(GTK_TEXT(log_window), NULL, NULL, NULL, "\n", 1); - - gtk_text_insert(GTK_TEXT(log_window), NULL, &timecolor, NULL, buffer2, strlen(buffer2)); - gtk_text_insert(GTK_TEXT(log_window), NULL, NULL, NULL, buffer1, len); - gtk_text_thaw(GTK_TEXT(log_window)); - - log_inited = 1; - if(follow_log) -/* gtk_text_set_point(GTK_TEXT(w), -1); */ - gtk_editable_set_position(GTK_EDITABLE(log_window), gtk_text_get_length(GTK_TEXT(log_window))); -} - -void if_hostinfoclosebutton_clicked(GtkWidget *w, gpointer data) -{ - gtk_widget_destroy(GTK_WIDGET(data)); -} - -void update_hostinfo_dialog(GladeXML *x, node_t *n) -{ - GtkWidget *w; - char s[100]; - avl_node_t *avlnode; - char *l[1]; - - w = glade_xml_get_widget(x, "HostInfoNameEntry"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoNameEntry"); return; } - gtk_entry_set_text(GTK_ENTRY(w), n->name); - - w = glade_xml_get_widget(x, "HostInfoHostnameEntry"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoHostnameEntry"); return; } - gtk_entry_set_text(GTK_ENTRY(w), n->hostname); - - w = glade_xml_get_widget(x, "HostInfoPortEntry"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoPortEntry"); return; } -/* snprintf(s, sizeof(s)-1, "%hd", "0"); */ - gtk_entry_set_text(GTK_ENTRY(w), "port"); - - w = glade_xml_get_widget(x, "HostInfoVersionEntry"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoVersionEntry"); return; } - gtk_entry_set_text(GTK_ENTRY(w), n->name); - - w = glade_xml_get_widget(x, "HostInfoStatusEntry"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoStatusEntry"); return; } -/* snprintf(s, sizeof(s)-1, "%x", n->status); */ - gtk_entry_set_text(GTK_ENTRY(w), "0"); - - w = glade_xml_get_widget(x, "HostInfoActiveCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoActiveCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.active); - - w = glade_xml_get_widget(x, "HostInfoValidkeyCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoValidkeyCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.validkey); - - w = glade_xml_get_widget(x, "HostInfoWaitingforkeyCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoWaitingforkeyCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.waitingforkey); - - w = glade_xml_get_widget(x, "HostInfoVisitedCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoVisitedCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.visited); - - w = glade_xml_get_widget(x, "HostInfoReachableCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoReachableCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.reachable); - - w = glade_xml_get_widget(x, "HostInfoIndirectCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoIndirectCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.indirect); - - w = glade_xml_get_widget(x, "HostInfoVisibleCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoVisibleCheckbutton"); return; } -/* gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), n->status.visible); */ - - w = glade_xml_get_widget(x, "HostInfoTCPOnlyCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoTCPOnlyCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), (n->options & OPTION_TCPONLY) != 0); - - w = glade_xml_get_widget(x, "HostInfoIndirectdataCheckbutton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoIndirectdataCheckbutton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), (n->options & OPTION_INDIRECT) != 0); - -/* w = glade_xml_get_widget(x, "HostInfoWindow"); */ -/* if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostInfoWindow"); return; } */ -/* glade_xml_signal_connect_data(x, "on_HostInfoCloseButton_clicked", if_hostinfoclosebutton_clicked, (gpointer)w); */ - w = glade_xml_get_widget(x, "HostConnectionsCList"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "HostConnectionsCList"); return; } - for(avlnode = n->edge_tree->head; avlnode; avlnode = avlnode->next) - { - if(((edge_t*)(avlnode->data))->to.node == n) - l[0] = ((edge_t*)(avlnode->data))->from.node->name; - else - l[0] = ((edge_t*)(avlnode->data))->to.node->name; - gtk_clist_append(GTK_CLIST(w), l); - } -} - -void on_preferences1_activate(GtkMenuItem *mi, gpointer data) -{ - GtkWidget *w; - GladeXML *x; - - x = glade_xml_new(INTERFACE_FILE, "PropertyBox"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "PropertyBox"); - return; - } - - w = glade_xml_get_widget(x, "PropertyBox"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "PropertyBox"); return; } - glade_xml_signal_autoconnect(x); -} - -void on_logcontext_clear_activate(GtkMenuItem *mi, gpointer data) -{ - gtk_editable_delete_text(GTK_EDITABLE(log_window), 0, -1); /* Delete from 0 to end of buffer */ - log_inited = 0; -} - -void on_logcontext_follow_activate(GtkMenuItem *mi, gpointer data) -{ - follow_log = !follow_log; -} - -void on_logcontext_close1_activate(GtkMenuItem *mi, gpointer data) -{ - -} - -void on_messages_button_press_event(GtkWidget *w, GdkEventButton *event, gpointer data) -{ - GladeXML *x; - GtkWidget *menu; - - if (event->button == 3) - { - x = glade_xml_new(INTERFACE_FILE, "LogContextMenu"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "LogContextMenu"); - return; - } - - menu = glade_xml_get_widget(x, "LogContextMenu"); - if(!menu) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "LogContextMenu"); return; } - - glade_xml_signal_connect_data(x, "on_logcontext_clear_activate", on_logcontext_clear_activate, (gpointer)x); - glade_xml_signal_connect_data(x, "on_logcontext_follow_activate", on_logcontext_follow_activate, (gpointer)x); - w = glade_xml_get_widget(x, "LogContextFollow"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "LogContextFollow"); return; } - GTK_CHECK_MENU_ITEM(w)->active = follow_log; - gnome_popup_menu_do_popup_modal(menu, NULL, NULL, event, NULL); - gtk_widget_destroy(menu); - } -} - -void shuffle_nodes(void) -{ - avl_node_t *avlnode; - double newx, newy; - - for(avlnode = node_tree->head; avlnode; avlnode = avlnode->next) - { - newx = ((double)random()) / ((double)RAND_MAX) * 500.0; - newy = ((double)random()) / ((double)RAND_MAX) * 300.0; - ((struct if_node_data*)((node_t *)(avlnode->data))->data)->x = newx; - ((struct if_node_data*)((node_t *)(avlnode->data))->data)->y = newy; - - if(!((struct if_node_data*)((node_t*)(avlnode->data)))->visible) - continue; - - x[((struct if_node_data*)((node_t*)(avlnode->data))->data)->id] = newx; - y[((struct if_node_data*)((node_t*)(avlnode->data))->data)->id] = newy; - } - inited = 0; - build_graph = 1; -} - -void on_canvascontext_shuffle_activate(GtkMenuItem *mi, gpointer data) -{ - shuffle_nodes(); -} - -void on_canvascontext_keep_drawing_activate(GtkMenuItem *mi, gpointer data) -{ - GtkWidget *w; - - keep_drawing = !keep_drawing; - - /* No need to fuss with the checkbox in the menu, because that is - transient. Do need to update the checkbox at the bottom of the - window though. */ - w = glade_xml_get_widget(canvas_xml, "KeepDrawingButton"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "KeepDrawingButton"); return; } - gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(w), keep_drawing); -} - -void on_canvascontext_minus50_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom *= 0.50; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_canvascontext_minus25_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom *= 0.75; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_canvascontext_minus10_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom *= 0.90; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_canvascontext_default_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom = 1.00; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), 1.00); -} - -void on_canvascontext_plus10_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom *= 1.10; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_canvascontext_plus25_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom *= 1.25; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_canvascontext_plus50_activate(GtkMenuItem *mi, gpointer data) -{ - canvas_zoom *= 1.50; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_canvas_button_press_event(GtkWidget *w, GdkEventButton *event, gpointer data) -{ - GladeXML *x; - GtkWidget *menu; - - if (event->button == 3) - { - x = glade_xml_new(INTERFACE_FILE, "CanvasContextMenu"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "CanvasContextMenu"); - return; - } - - menu = glade_xml_get_widget(x, "CanvasContextMenu"); - if(!menu) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "CanvasContextMenu"); return; } - - glade_xml_signal_autoconnect(x); - glade_xml_signal_connect_data(x, "on_canvascontext_shuffle_activate", on_canvascontext_shuffle_activate, (gpointer)x); - glade_xml_signal_connect_data(x, "on_canvascontext_keep_drawing_activate", on_canvascontext_keep_drawing_activate, (gpointer)x); - w = glade_xml_get_widget(x, "CanvasContextKeepDrawing"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "CanvasContextKeepDrawing"); return; } - GTK_CHECK_MENU_ITEM(w)->active = keep_drawing; - gnome_popup_menu_do_popup_modal(menu, NULL, NULL, event, NULL); - gtk_widget_destroy(menu); - } -} - -void on_nodetree_button_press_event(GtkWidget *w, GdkEventButton *event, gpointer data) -{ - GtkCTreeNode *node; - int row, col; - gpointer lt; - GladeXML *x; - - gtk_clist_get_selection_info(GTK_CLIST(w), event->x, event->y, - &row, &col); - - node = gtk_ctree_node_nth(GTK_CTREE(w), row); - if(node == NULL) - return; - lt = gtk_ctree_node_get_row_data(GTK_CTREE(w), node); - if(event->type == GDK_2BUTTON_PRESS && event->button == 1) - { - /* Double left click on an item */ - if(lt == NULL) - /* this is only a branch, double click wil (un)expand. */ - return; - - if(GTK_CTREE_ROW(node)->parent == hosts_ctn) - { - x = ((struct if_node_data*)(((node_t*)lt)->data))->hi_xml = glade_xml_new(INTERFACE_FILE, "HostInfoWindow"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "HostInfoWindow"); - return; - } - glade_xml_signal_autoconnect(x); - update_hostinfo_dialog(x, (node_t*)lt); - } - else - { - log(0, TLOG_ERROR, - "WHERE did you click?!"); - } - /* so now we have access to all the data we want. */ -/* gldap_show_details(lt); */ - return; - } -/* else */ -/* if (event->button == 3) */ -/* { */ -/* GtkWidget *temp_menu; */ -/* temp_menu = gnome_popup_menu_new(data); */ -/* gnome_popup_menu_do_popup_modal(temp_menu, NULL, NULL, event, NULL); */ -/* gtk_widget_destroy(temp_menu); */ -/* } */ -} - -void on_exit1_activate(GtkMenuItem *mi, gpointer data) -{ - close_network_connections(); - gtk_exit(0); -} - -void on_about1_activate(GtkMenuItem *mi, gpointer data) -{ - GladeXML *x; - x = glade_xml_new(INTERFACE_FILE, "AboutWindow"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "AboutWindow"); - return; - } - glade_xml_signal_autoconnect(x); -} - -void on_graph_window1_activate(GtkMenuItem *mi, gpointer data) -{ - int i; - avl_node_t *avlnode; - double newx, newy; - - canvas_xml = glade_xml_new(INTERFACE_FILE, "GraphWindow"); - if(canvas_xml == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "GraphWindow"); - return; - } - glade_xml_signal_autoconnect(canvas_xml); - canvas = glade_xml_get_widget(canvas_xml, "canvas1"); - if(canvas == NULL) { log(0, TLOG_ERROR, _("Could not find widget `%s'"), "canvas1"); return; } - - for(i = 0, avlnode = node_tree->head; avlnode; avlnode = avlnode->next) - { - node_t *n = (node_t*)(avlnode->data); - - if(!((struct if_node_data*)(n->data))->item) - if_node_create(n); - - if(!n->status.reachable) - continue; - - newx = 250.0 + 200.0 * sin(i / 10.0 * M_PI); - newy = 150.0 - 100.0 * cos(i / 10.0 * M_PI); - gnome_canvas_item_move(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item), newx - ((struct if_node_data*)(n->data))->x, newy - ((struct if_node_data*)(n->data))->y); - ((struct if_node_data*)(n->data))->x = newx; - ((struct if_node_data*)(n->data))->y = newy; - - ((struct if_node_data*)(n->data))->id = i; - - gnome_canvas_item_show(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item)); - gnome_canvas_update_now(GNOME_CANVAS(canvas)); - nodes[i] = n; - i++; - } - - number_of_nodes = i; - - inited = 0; - build_graph = 1; - canvas_visible = 1; -} - -void on_log_window1_activate(GtkMenuItem *mi, gpointer data) -{ - GladeXML *x; - GtkWidget *w; - - x = glade_xml_new(INTERFACE_FILE, "LogWindow"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "LogWindow"); - return; - } - log_window = glade_xml_get_widget(x, "Messages"); - if(!log_window) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "Messages"); - return; - } - w = glade_xml_get_widget(x, "DebugLevelSpinbutton"); - if(!w) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "DebugLevelSpinbutton"); - return; - } - gtk_spin_button_set_value(GTK_SPIN_BUTTON(w), (float)debug_lvl); - - glade_xml_signal_autoconnect(x); - log_visible = 1; - log_add_hook(log_gtk); - log(0, TLOG_NOTICE, "Logging started.\n"); - -} - -void on_debug_level_changed(GtkSpinButton *sb, gpointer data) -{ - debug_lvl = gtk_spin_button_get_value_as_int(sb); -} - -void on_logwindow_close_clicked(GtkButton *b, gpointer data) -{ - GladeXML *x; - GtkWidget *w; - - x = glade_xml_new(INTERFACE_FILE, "LogWindow"); - if(x == NULL) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "LogWindow"); - return; - } - w = glade_xml_get_widget(x, "LogWindow"); - if(!w) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "LogWindow"); - return; - } - gtk_widget_destroy(w); -} - -void on_spinbutton2_changed(GtkSpinButton *sb, gpointer data) -{ - canvas_zoom = gtk_spin_button_get_value_as_float(sb) / 100.0; - gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), canvas_zoom); -} - -void on_checkbutton1_toggled(GtkCheckButton *cb, gpointer data) -{ - keep_drawing = !keep_drawing; -} - -void on_button19_clicked(GtkWidget *bt, GdkEventButton *ev, gpointer data) -{ - shuffle_nodes(); -} - -void on_button18_clicked(GtkWidget *bt, GdkEventButton *ev, gpointer data) -{ - GtkWidget *w; - - w = glade_xml_get_widget(canvas_xml, "GraphWindow"); - if(!w) { log(0, TLOG_ERROR, _("Couldn't find widget `%s'"), "GraphWindow"); return; } - gtk_object_destroy(GTK_OBJECT(w)); - build_graph = 0; - canvas_visible = 0; -} - -int init_interface(void) -{ - char *l[1]; - - glade_gnome_init(); - - xml = glade_xml_new("pokey.glade", "AppWindow"); - - if(!xml) - { - log(0, TLOG_ERROR, - _("Something bad happened while creating the interface.\n")); - return -1; - } - - nodetree = glade_xml_get_widget(xml, "NodeTree"); - if(!nodetree) - { - log(0, TLOG_ERROR, - _("Could not find widget `%s'"), - "NodeTree"); - return -1; - } - - gtk_clist_freeze(GTK_CLIST(nodetree)); - l[0] = _("Hosts"); - hosts_ctn = gtk_ctree_insert_node(GTK_CTREE(nodetree), - NULL, NULL, l, 1, - NULL, NULL, NULL, NULL, - FALSE, TRUE); - gtk_clist_thaw(GTK_CLIST(nodetree)); - - glade_xml_signal_autoconnect(xml); - - log_del_hook(log_default); - - add_hook("node-add", if_node_add); - add_hook("node-del", if_node_del); - add_hook("subnet-add", if_subnet_add); - add_hook("subnet-del", if_subnet_del); - add_hook("edge-add", if_edge_add); - add_hook("edge-del", if_edge_del); - add_hook("node-visible", if_node_visible); - add_hook("node-invisible", if_node_invisible); - - return 0; -} - -static gint item_event(GnomeCanvasItem *item, GdkEvent *event, gpointer data) -{ - static double item_x, old_x, new_x, item_y, old_y, new_y; - static int dragging = FALSE; - GdkCursor *fleur; - node_t *n; - - item_x = event->button.x; - item_y = event->button.y; - gnome_canvas_item_w2i(item->parent, &item_x, &item_y); - - switch(event->type) - { - case GDK_BUTTON_PRESS: - switch(event->button.button) - { - case 1: - old_x = item_x; - old_y = item_y; - - fleur = gdk_cursor_new(GDK_FLEUR); - gnome_canvas_item_grab(item, GDK_POINTER_MOTION_MASK | GDK_BUTTON_RELEASE_MASK, fleur, event->button.time); - gdk_cursor_destroy(fleur); - dragging = TRUE; - break; - - default: - break; - } - break; - - case GDK_MOTION_NOTIFY: - if(dragging && (event->motion.state & GDK_BUTTON1_MASK)) - { - new_x = item_x, - new_y = item_y; - gnome_canvas_item_move(item, new_x - old_x, new_y - old_y); - old_x = new_x; - old_y = new_y; - } - break; - - case GDK_BUTTON_RELEASE: - gnome_canvas_item_ungrab(item, event->button.time); - dragging = FALSE; - n = (node_t *)gtk_object_get_user_data(GTK_OBJECT(item)); - ((struct if_node_data*)(n->data))->x = item_x; - ((struct if_node_data*)(n->data))->y = item_y; - x[((struct if_node_data*)(n->data))->id] = item_x; - y[((struct if_node_data*)(n->data))->id] = item_y; - build_graph = 1; - break; - - default: - break; - } - return FALSE; -} - -void if_node_create(node_t *n) -{ - GnomeCanvasGroup *group; - - group = gnome_canvas_root(GNOME_CANVAS(canvas)); - group = GNOME_CANVAS_GROUP(gnome_canvas_item_new(group, - gnome_canvas_group_get_type(), - "x", 0.0, - "y", 0.0, - NULL)); - - gnome_canvas_item_new(group, gnome_canvas_ellipse_get_type(), - "x1", -30.0, - "y1", -08.0, - "x2", 30.0, - "y2", 08.0, - "fill_color_rgba", 0x5f9ea080, - "outline_color", "black", - "width_pixels", 0, - NULL); - - gnome_canvas_item_new(group, - gnome_canvas_text_get_type(), - "x", 0.0, - "y", 0.0, - "text", n->name, - "anchor", GTK_ANCHOR_CENTER, - "fill_color", "white", - "font", "-*-verdana-medium-r-*-*-10-*-*-*-*-*-iso8859-1", - NULL); - - ((struct if_node_data*)(n->data))->item = GNOME_CANVAS_ITEM(group); - ((struct if_node_data*)(n->data))->x = ((struct if_node_data*)(n->data))->y = 0.0; - gtk_object_set_user_data(GTK_OBJECT(group), (gpointer)n); - - gtk_signal_connect(GTK_OBJECT(((struct if_node_data*)(n->data))->item), "event", (GtkSignalFunc) item_event, NULL); - - gnome_canvas_item_hide(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item)); -} - -void if_node_visible(const char *hooktype, va_list ap) -{ - int i; - avl_node_t *avlnode; - double newx, newy; - node_t *n = va_arg(ap, node_t*); - - if(!n->data) - return; - - if(!((struct if_node_data*)(n->data))->item) - /* No GnomeCanvasItem has been created for this node yet */ - return; - - if(((struct if_node_data*)(n->data))->visible) - /* This node is already shown */ - return; - - ((struct if_node_data*)(n->data))->visible = 1; - - newx = 250.0 + 200.0 * sin(number_of_nodes / 10.0 * M_PI); - newy = 150.0 - 100.0 * cos(number_of_nodes / 10.0 * M_PI); - gnome_canvas_item_move(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item), newx - ((struct if_node_data*)(n->data))->x, newy - ((struct if_node_data*)(n->data))->y); - ((struct if_node_data*)(n->data))->x = newx; - ((struct if_node_data*)(n->data))->y = newy; - - for(i = 0, avlnode = node_tree->head; avlnode; avlnode = avlnode->next, i++) - { - if(!((struct if_node_data*)(((node_t*)(avlnode->data))->data))->visible) - continue; - - nodes[i] = (node_t *)(avlnode->data); - ((struct if_node_data*)(nodes[i]->data))->id = i; - } - number_of_nodes = i; - - gnome_canvas_item_show(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item)); - gnome_canvas_update_now(GNOME_CANVAS(canvas)); - - /* (Re)start calculations */ - inited = 0; - build_graph = 1; -} - -void if_node_invisible(const char *hooktype, va_list ap) -{ - int i; - avl_node_t *avlnode; - node_t *n = va_arg(ap, node_t*); - - if(!((struct if_node_data*)(n->data))->item) - return; - - if(!((struct if_node_data*)(n->data))->visible) - /* This node is already invisible */ - return; - - ((struct if_node_data*)(n->data))->visible = 0; - - for(i = 0, avlnode = node_tree->head; avlnode; avlnode = avlnode->next, i++) - { - if(!((struct if_node_data*)((node_t*)(avlnode->data))->data)->visible) - continue; - - nodes[i] = (node_t *)(avlnode->data); - ((struct if_node_data*)(nodes[i]->data))->id = i; - } - number_of_nodes = i; - - gnome_canvas_item_hide(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item)); - gnome_canvas_update_now(GNOME_CANVAS(canvas)); - - /* (Re)start calculations */ - inited = 0; - build_graph = 1; -} - -void if_node_add(const char *hooktype, va_list ap) -{ - node_t *n = va_arg(ap, node_t*); - char *l[1]; - struct if_node_data *nd; - - if(!xml) - return; - - nd = xmalloc_and_zero(sizeof(*nd)); - l[0] = n->name; - gtk_clist_freeze(GTK_CLIST(nodetree)); - nd->ctn = gtk_ctree_insert_node(GTK_CTREE(nodetree), - hosts_ctn, NULL, l, 1, - NULL, NULL, NULL, NULL, - FALSE, FALSE); - gtk_clist_thaw(GTK_CLIST(nodetree)); - gtk_ctree_node_set_row_data(GTK_CTREE(nodetree), nd->ctn, n); - - n->data = (void*)nd; - - if(canvas_visible) - { - if_node_create(n); - if_node_visible(hooktype, ap); - } -} - -void if_node_del(const char *hooktype, va_list ap) -{ - node_t *n = va_arg(ap, node_t*); - struct if_node_data *nd; - - nd = (struct if_node_data*)(n->data); - if(nd &&nd->ctn) - { - gtk_clist_freeze(GTK_CLIST(nodetree)); - gtk_ctree_remove_node(GTK_CTREE(nodetree), nd->ctn); - gtk_clist_thaw(GTK_CLIST(nodetree)); - } - - if(canvas_visible) - { - if_node_invisible(hooktype, ap); - } - - free(nd); - n->data = NULL; -} - -void if_subnet_add(const char *hooktype, va_list ap) -{ - char *l[1]; - subnet_t *subnet = va_arg(ap, subnet_t*); - struct if_subnet_data *sd; - GtkCTreeNode *parent; - - sd = xmalloc_and_zero(sizeof(*sd)); - l[0] = net2str(subnet); - parent = subnet->owner->data ? - ((struct if_subnet_data*)(subnet->owner->data))->ctn - : NULL; - - gtk_clist_freeze(GTK_CLIST(nodetree)); - sd->ctn = gtk_ctree_insert_node(GTK_CTREE(nodetree), - parent, NULL, l, 1, - NULL, NULL, NULL, NULL, - TRUE, FALSE); - gtk_clist_thaw(GTK_CLIST(nodetree)); - gtk_ctree_node_set_row_data(GTK_CTREE(nodetree), sd->ctn, subnet); - - subnet->data = (void*)sd; -} - -void if_subnet_del(const char *hooktype, va_list ap) -{ - subnet_t *subnet = va_arg(ap, subnet_t*); - struct if_subnet_data *sd; - - sd = (struct if_subnet_data*)(subnet->data); - if(sd && sd->ctn) - { - gtk_clist_freeze(GTK_CLIST(nodetree)); - gtk_ctree_remove_node(GTK_CTREE(nodetree), sd->ctn); - gtk_clist_thaw(GTK_CLIST(nodetree)); - } - - free(sd); - subnet->data = NULL; -} - -void redraw_edges(void) -{ - GnomeCanvasGroup *group; - GnomeCanvasPoints *points; - avl_node_t *avlnode; - edge_t *e; - struct if_node_data *fd, *td; - - if(edge_group) - gtk_object_destroy(GTK_OBJECT(edge_group)); - - group = gnome_canvas_root(GNOME_CANVAS(canvas)); - group = GNOME_CANVAS_GROUP(gnome_canvas_item_new(group, - gnome_canvas_group_get_type(), - "x", 0.0, - "y", 0.0, - NULL)); - - for(avlnode = edge_tree->head; avlnode; avlnode = avlnode->next) - { - e = (edge_t *)avlnode->data; - fd = (struct if_node_data*)(e->from.node->data); - td = (struct if_node_data*)(e->to.node->data); - -/* if(!e->from.node->status.visible || */ -/* !e->to.node->status.visible) */ -/* /\* We shouldn't draw this line *\/ */ -/* continue; */ - - points = gnome_canvas_points_new(2); - - points->coords[0] = fd->x; - points->coords[1] = fd->y; - points->coords[2] = td->x; - points->coords[3] = td->y; - gnome_canvas_item_new(group, - gnome_canvas_line_get_type(), - "points", points, - "fill_color_rgba", 0xe080c080, - "width_pixels", 2, - NULL); - gnome_canvas_points_unref(points); - } - - gnome_canvas_update_now(GNOME_CANVAS(canvas)); - - edge_group = group; -} - -void if_edge_add(const char *hooktype, va_list ap) -{ - redraw_edges(); - - inited = 0; - build_graph = 1; -} - -void if_edge_del(const char *hooktype, va_list ap) -{ - redraw_edges(); - - inited = 0; - build_graph = 1; -} - -void if_move_node(node_t *n, double dx, double dy) -{ - double newx, newy; - - newx = ((struct if_node_data*)(n->data))->x + dx; - newy = ((struct if_node_data*)(n->data))->y + dy; - gnome_canvas_item_move(GNOME_CANVAS_ITEM(((struct if_node_data*)(n->data))->item), newx - ((struct if_node_data*)(n->data))->x, newy - ((struct if_node_data*)(n->data))->y); - ((struct if_node_data*)(n->data))->x = newx; - ((struct if_node_data*)(n->data))->y = newy; -} - -#define X_MARGIN 50.0 -#define X_MARGIN_BUFFER 25.0 -#define Y_MARGIN 20.0 -#define Y_MARGIN_BUFFER 10.0 - -void set_zooming(void) -{ - int i; - double minx, miny, maxx, maxy; - static double ominx = 0.0, ominy = 0.0, omaxx = 0.0, omaxy = 0.0; - - minx = miny = maxx = maxy = 0.0; - for(i = 0; i < number_of_nodes; i++) - { - if(((struct if_node_data*)(nodes[i]->data))->x < minx) - minx = ((struct if_node_data*)(nodes[i]->data))->x; - else - if(((struct if_node_data*)(nodes[i]->data))->x > maxx) - maxx = ((struct if_node_data*)(nodes[i]->data))->x; - - if(((struct if_node_data*)(nodes[i]->data))->y < miny) - miny = ((struct if_node_data*)(nodes[i]->data))->y; - else - if(((struct if_node_data*)(nodes[i]->data))->y > maxy) - maxy = ((struct if_node_data*)(nodes[i]->data))->y; - } - - if(minx > ominx - X_MARGIN_BUFFER && ominx > minx) - minx = ominx; - if(maxx < omaxx + X_MARGIN_BUFFER && omaxx < maxx) - maxx = omaxx; - if(miny > ominy - Y_MARGIN_BUFFER && ominy > miny) - miny = ominy; - if(maxy < omaxy + Y_MARGIN_BUFFER && omaxy < maxy) - maxy = omaxy; - - ominx = minx; ominy = miny; omaxx = maxx; omaxy = maxy; - -/* ppux = canvas_width / (maxx - minx); */ -/* ppuy = canvas_height / (maxy - miny); */ -/* if(ppux < ppuy) */ -/* ppu = ppux; */ -/* else */ -/* ppu = ppuy; */ - -/* gnome_canvas_set_pixels_per_unit(GNOME_CANVAS(canvas), ppu); */ - gnome_canvas_set_scroll_region(GNOME_CANVAS(canvas), minx - X_MARGIN, miny - Y_MARGIN, maxx + X_MARGIN, maxy + Y_MARGIN); - gnome_canvas_update_now(GNOME_CANVAS(canvas)); -} - -double calculate_delta_m(int m) -{ - double dedxm, dedym, xmxi, ymyi; - int i; - - dedxm = dedym = 0.0; - for(i = 0; i < number_of_nodes; i++) - { - if(i == m) - continue; - - xmxi = x[m] - x[i]; - ymyi = y[m] - y[i]; - - dedxm += k[m][i] * (xmxi - ((l[m][i] * xmxi) / sqrt(xmxi * xmxi + ymyi * ymyi))); - dedym += k[m][i] * (xmxi - ((l[m][i] * xmxi) / sqrt(xmxi * xmxi + ymyi * ymyi))); - } - - return sqrt(dedxm * dedxm + dedym * dedym); -} - -void move_node(int m, double *dx, double *dy) -{ - double d2edxm2, d2edym2, d2edxmdym, dedxm, dedym; - double xmxi, ymyi, denominator; - int i; - - d2edxm2 = d2edym2 = d2edxmdym = dedxm = dedym = 0.0; - for(i = 0; i < number_of_nodes; i++) - { - if(i == m) - continue; - - xmxi = x[m] - x[i]; - ymyi = y[m] - y[i]; - - denominator = pow(sqrt(xmxi * xmxi + ymyi * ymyi), 3.0); - - d2edxm2 += k[m][i] * (1 - ((l[m][i] * ymyi * ymyi) / denominator)); - d2edxmdym += k[m][i] * l[m][i] * xmxi * ymyi / denominator; - d2edym2 += k[m][i] * (1 - ((l[m][i] * xmxi * xmxi) / denominator)); - dedxm += k[m][i] * (xmxi - ((l[m][i] * xmxi) / sqrt(xmxi * xmxi + ymyi * ymyi))); - dedym += k[m][i] * (ymyi - ((l[m][i] * ymyi) / sqrt(xmxi * xmxi + ymyi * ymyi))); - } - - denominator = ((d2edxm2 * d2edym2) - (d2edxmdym * d2edxmdym)); - *dx = (-(d2edym2 * dedxm) + (d2edxmdym * dedym)) / denominator; - *dy = ((d2edxmdym * dedxm) - (d2edxm2 * dedym)) / denominator; -} - -void if_build_graph(void) -{ - int i, j, p, max_i; - double delta_m, max_delta_m; - double dx, dy, s, L, min_d, old_x, old_y; - edge_t *e; - - if(!keep_drawing) - return; - - if(!inited) - { - for(i = 0; i < number_of_nodes; i++) - { - x[i] = ((struct if_node_data*)(nodes[i]->data))->x; - y[i] = ((struct if_node_data*)(nodes[i]->data))->y; - } - - /* Initialize Floyd */ - for(i = 0; i < number_of_nodes; i++) - { - d[i][i] = 0.0; - for(j = i + 1; j < number_of_nodes; j++) - { - e = lookup_edge(nodes[i], nodes[j]); - if(e) - d[i][j] = d[j][i] = (double)e->weight; - else - d[i][j] = d[j][i] = INFINITY; - } - } - - /* Floyd's shortest path algorithm */ - for(i = 0; i < number_of_nodes; i++) - { - for(j = 0; j < number_of_nodes; j++) - { - if(i == j) - continue; - - if(d[j][i] < INFINITY) - { - for(p = 0; p < number_of_nodes; p++) - { - if(d[i][j] < INFINITY) - { - s = d[j][i] + d[i][p]; - if(s < d[j][p]) - { - d[j][p] = s; - } - } - } - } - } - } - - min_d = INFINITY; - for(i = 0; i < number_of_nodes; i++) - for(j = i + 1; j < number_of_nodes; j++) - if(d[i][j] < min_d && d[i][j] > 0.0) - min_d = d[i][j]; - - L = 5.0 / sqrt(min_d + 1.0); - - for(i = 0; i < number_of_nodes; i++) - { - for(j = i + 1; j < number_of_nodes; j++) - { - d[i][j] = d[j][i] = sqrt(d[i][j]+1.0); - l[i][j] = l[j][i] = L * d[i][j]; - k[i][j] = k[j][i] = K / (d[i][j] * d[i][j]); - } - } - - inited = 1; - } - - max_delta_m = 0.0; - /* Find node with maximal local energy */ - for(i = 0; i < number_of_nodes; i++) - { - delta_m = calculate_delta_m(i); - if(delta_m > max_delta_m) - { - max_delta_m = delta_m; - max_i = i; - } - } - - if(max_delta_m <= epsilon) - { - fprintf(stderr, "Graph building is done; max_delta_m = %f\n", max_delta_m); - build_graph = 0; - } - else - { - int iter = 0, maxiter = 20; - delta_m = max_delta_m; - old_x = x[max_i]; - old_y = y[max_i]; - while(delta_m > epsilon && iter < maxiter) - { - move_node(max_i, &dx, &dy); - x[max_i] += dx; - y[max_i] += dy; - delta_m = calculate_delta_m(max_i); - iter++; - } - - if_move_node(nodes[max_i], x[max_i] - old_x, y[max_i] - old_y); - - redraw_edges(); - - set_zooming(); - } - -/* build_graph = 0; */ -} diff --git a/src/pokey/interface.h b/src/pokey/interface.h deleted file mode 100644 index 3720b227..00000000 --- a/src/pokey/interface.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - interface.h -- header for interface.c - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: interface.h,v 1.2 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_INTERFACE_H__ -#define __TINC_INTERFACE_H__ - -#include -#include -#include - -#include "node.h" -#include "edge.h" - -#define INTERFACE_FILE "pokey.glade" - -typedef struct graph_t { - struct graph_t *attractors[20]; - struct graph_t *repellors[20]; - int nat; - int nrp; - node_t *node; -} graph_t; - -struct if_subnet_data { - GnomeCanvasItem *item; /* The gnome canvas item associated with the line */ - GtkCTreeNode *ctn; -}; - -struct if_node_data { - double x, y; - int visible; - int id; - GnomeCanvasItem *item; - GtkCTreeNode *ctn; - GladeXML *hi_xml; -}; - -extern int build_graph; - -void if_build_graph(void); -int init_interface(void); - -#endif /* __TINC_INTERFACE_H__ */ diff --git a/src/pokey/logging.c b/src/pokey/logging.c deleted file mode 100644 index 81a4fda2..00000000 --- a/src/pokey/logging.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - logging.c -- log messages to e.g. syslog - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: logging.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include - -#include - -#include "logging.h" - -avl_tree_t *log_hooks_tree = NULL; - -int debug_lvl = 0; - -int log_compare(const void *a, const void *b) -{ - if(a < b) - return -1; - if(a > b) - return 1; - return 0; -} - -void log(int level, int priority, char *fmt, ...) -{ - avl_node_t *avlnode; - va_list args; - - va_start(args, fmt); - for(avlnode = log_hooks_tree->head; avlnode; avlnode = avlnode->next) - { - assert(avlnode->data); - ((log_function_t*)(avlnode->data))(level, priority, fmt, args); - } - va_end(args); -} - -void log_add_hook(log_function_t *fn) -{ - if(!log_hooks_tree) - log_hooks_tree = avl_alloc_tree(log_compare, NULL); - - avl_insert(log_hooks_tree, (void*)fn); -} - -void log_del_hook(log_function_t *fn) -{ - avl_delete(log_hooks_tree, (void*)fn); -} - -void log_default(int level, int priority, char *fmt, va_list ap) -{ - if(debug_lvl >= level) - vfprintf(stderr, fmt, ap); -} - -void log_syslog(int level, int priority, char *fmt, va_list ap) -{ - const int priorities[] = { LOG_DEBUG, LOG_INFO, LOG_NOTICE, LOG_ERR, LOG_CRIT }; - - if(debug_lvl >= level) - vsyslog(priorities[priority], fmt, ap); -} - -void tinc_syslog(int priority, char *fmt, ...) -{ - /* Mapping syslog prio -> tinc prio */ - const int priorities[] = { TLOG_CRITICAL, TLOG_CRITICAL, TLOG_CRITICAL, TLOG_ERROR, - TLOG_NOTICE, TLOG_NOTICE, TLOG_INFO, TLOG_DEBUG }; - avl_node_t *avlnode; - va_list args; - - va_start(args, fmt); - for(avlnode = log_hooks_tree->head; avlnode; avlnode = avlnode->next) - { - assert(avlnode->data); - ((log_function_t*)(avlnode->data))(0, priorities[priority], fmt, args); - } - va_end(args); -} diff --git a/src/pokey/meta.c b/src/pokey/meta.c deleted file mode 100644 index c3138e3a..00000000 --- a/src/pokey/meta.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - meta.c -- handle the meta communication - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: meta.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" -#include -#include - -#include -#include -#include -/* This line must be below the rest for FreeBSD */ -#include -#include - -#include - -#include "net.h" -#include "connection.h" -#include "interface.h" -#include "system.h" -#include "protocol.h" -#include "logging.h" - -int send_meta(connection_t *c, char *buffer, int length) -{ - char *bufp; - int outlen; - char outbuf[MAXBUFSIZE]; -cp - log(DEBUG_META, TLOG_DEBUG, - _("Sending %d bytes of metadata to %s (%s)"), - length, c->name, c->hostname); - - if(c->status.encryptout) - { - EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); - bufp = outbuf; - length = outlen; - } - else - bufp = buffer; - - if(write(c->socket, bufp, length) < 0) - { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); - return -1; - } -cp - return 0; -} - -void broadcast_meta(connection_t *from, char *buffer, int length) -{ - avl_node_t *node; - connection_t *c; -cp - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c != from && c->status.active) - send_meta(c, buffer, length); - } -cp -} - -int receive_meta(connection_t *c) -{ - int x, l = sizeof(x); - int oldlen, i; - int lenin, reqlen; - int decrypted = 0; - char inbuf[MAXBUFSIZE]; -cp - if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), - c->name, c->hostname); - return -1; - } - if(x) - { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - c->name, c->hostname, strerror(x)); - return -1; - } - - /* Strategy: - - Read as much as possible from the TCP socket in one go. - - Decrypt it. - - Check if a full request is in the input buffer. - - If yes, process request and remove it from the buffer, - then check again. - - If not, keep stuff in buffer and exit. - */ - - lenin = read(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen); - - if(lenin<=0) - { - if(lenin==0) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - c->name, c->hostname); - } - else - if(errno==EINTR) - return 0; - else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), - c->name, c->hostname, strerror(errno)); - - return -1; - } - - oldlen = c->buflen; - c->buflen += lenin; - - while(lenin) - { - /* Decrypt */ - - if(c->status.decryptin && !decrypted) - { - EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); - memcpy(c->buffer + oldlen, inbuf, lenin); - decrypted = 1; - } - - /* Otherwise we are waiting for a request */ - - reqlen = 0; - - for(i = oldlen; i < c->buflen; i++) - { - if(c->buffer[i] == '\n') - { - c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ - reqlen = i + 1; - break; - } - } - - if(reqlen) - { - if(receive_request(c)) - return -1; - - c->buflen -= reqlen; - lenin -= reqlen; - memmove(c->buffer, c->buffer + reqlen, c->buflen); - oldlen = 0; - continue; - } - else - { - break; - } - } - - if(c->buflen >= MAXBUFSIZE) - { - syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), - c->name, c->hostname); - return -1; - } - - c->last_ping_time = now; -cp - return 0; -} diff --git a/src/pokey/meta.h b/src/pokey/meta.h deleted file mode 100644 index 367cecfd..00000000 --- a/src/pokey/meta.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - meta.h -- header for meta.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: meta.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_META_H__ -#define __TINC_META_H__ - -#include "connection.h" - -extern int send_meta(connection_t *, const char *, int); -extern int broadcast_meta(connection_t *, const char *, int); -extern int receive_meta(connection_t *); - -#endif /* __TINC_META_H__ */ diff --git a/src/pokey/net.c b/src/pokey/net.c deleted file mode 100644 index 6ada741b..00000000 --- a/src/pokey/net.c +++ /dev/null @@ -1,467 +0,0 @@ -/* - net.c -- most of the network code - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: net.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include - -#include - -#include - -#include -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "connection.h" -#include "meta.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" - -int do_prune = 0; -int do_purge = 0; -int sighup = 0; -int sigalrm = 0; - -time_t now = 0; - -/* - put all file descriptors in an fd_set array -*/ -void build_fdset(fd_set *fs) -{ - avl_node_t *node; - connection_t *c; - int i; -cp - FD_ZERO(fs); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - FD_SET(c->socket, fs); - } - - for(i = 0; i < listen_sockets; i++) - { - FD_SET(listen_socket[i].tcp, fs); - FD_SET(listen_socket[i].udp, fs); - } -cp -} - -/* Purge edges and subnets of unreachable nodes. Use carefully. */ - -void purge(void) -{ - avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; - node_t *n; - edge_t *e; - subnet_t *s; - connection_t *c; -cp - log(DEBUG_PROTOCOL, TLOG_DEBUG, - _("Purging unreachable nodes")); - - for(nnode = node_tree->head; nnode; nnode = nnext) - { - nnext = nnode->next; - n = (node_t *)nnode->data; - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); - - for(snode = n->subnet_tree->head; snode; snode = snext) - { - snext = snode->next; - s = (subnet_t *)snode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_subnet(c, s); - } - - subnet_del(n, s); - } - - for(enode = n->edge_tree->head; enode; enode = enext) - { - enext = enode->next; - e = (edge_t *)enode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_edge(c, e); - } - - edge_del(e); - } - - node_del(n); - } - } -cp -} - -/* - Terminate a connection: - - Close the socket - - Remove associated edge and tell other connections about it if report = 1 - - Check if we need to retry making an outgoing connection - - Deactivate the host -*/ -void terminate_connection(connection_t *c, int report) -{ - avl_node_t *node; - connection_t *other; -cp - if(c->status.remove) - return; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), - c->name, c->hostname); - - c->status.remove = 1; - - if(c->socket) - close(c->socket); - - if(c->edge) - { - if(report) - { - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_edge(other, c->edge); - } - } - - edge_del(c->edge); - - /* Run MST and SSSP algorithms */ - - graph(); - } - - /* Check if this was our outgoing connection */ - - if(c->outgoing) - { - retry_outgoing(c->outgoing); - c->outgoing = NULL; - } - - /* Deactivate */ - - c->status.active = 0; - if(c->node) - c->node->connection = NULL; - do_prune = 1; -cp -} - -/* - Check if the other end is active. - If we have sent packets, but didn't receive any, - then possibly the other end is dead. We send a - PING request over the meta connection. If the other - end does not reply in time, we consider them dead - and close the connection. -*/ -void check_dead_connections(void) -{ - avl_node_t *node, *next; - connection_t *c; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->last_ping_time + pingtimeout < now) - { - if(c->status.active) - { - if(c->status.pinged) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - c->name, c->hostname); - c->status.timeout = 1; - terminate_connection(c, 1); - } - else - { - send_ping(c); - } - } - else - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), - c->name, c->hostname); - terminate_connection(c, 0); - } - } - } -cp -} - -/* - check all connections to see if anything - happened on their sockets -*/ -void check_network_activity(fd_set *f) -{ - connection_t *c; - avl_node_t *node; - int result, i; - int len = sizeof(result); -cp - for(i = 0; i < listen_sockets; i++) - { - if(FD_ISSET(listen_socket[i].tcp, f)) - handle_new_meta_connection(listen_socket[i].tcp); - } - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - - if(c->status.remove) - return; - - if(FD_ISSET(c->socket, f)) - { - if(c->status.connecting) - { - c->status.connecting = 0; - getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); - if(!result) - finish_connecting(c); - else - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); - close(c->socket); - do_outgoing_connection(c); - continue; - } - } - if(receive_meta(c) < 0) - { - terminate_connection(c, c->status.active); - return; - } - } - } -cp -} - -void prune_connections(void) -{ - connection_t *c; - avl_node_t *node, *next; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - - if(c->status.remove) - connection_del(c); - } - - if(!connection_tree->head) - purge(); -cp -} - -/* - this is where it all happens... -*/ -void main_loop(void) -{ - fd_set fset; - struct timeval tv; - int r; - time_t last_ping_check; - event_t *event; -cp - last_ping_check = now; - - srand(now); - - for(;;) - { - now = time(NULL); - -/* tv.tv_sec = 1 + (rand() & 7); /\* Approx. 5 seconds, randomized to prevent global synchronisation effects *\/ */ -/* tv.tv_usec = 0; */ - tv.tv_sec = 0; - tv.tv_usec = 50000; - - if(do_prune) - { - prune_connections(); - do_prune = 0; - } - - build_fdset(&fset); - - while(gtk_events_pending()) - if(gtk_main_iteration() == FALSE) - return; - - if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) - { - if(errno != EINTR) /* because of a signal */ - { - syslog(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); - return; - } - } - - if(r > 0) - check_network_activity(&fset); - - if(do_purge) - { - purge(); - do_purge = 0; - } - - /* Let's check if everybody is still alive */ - - if(last_ping_check + pingtimeout < now) - { - check_dead_connections(); - last_ping_check = now; - - if(routing_mode== RMODE_SWITCH) - age_mac(); - - age_past_requests(); - - /* Should we regenerate our key? */ - - if(keyexpires < now) - { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Regenerating symmetric key")); - - RAND_pseudo_bytes(myself->key, myself->keylength); - send_key_changed(myself->connection, myself); - keyexpires = now + keylifetime; - } - } - - - while((event = get_expired_event())) - { - event->handler(event->data); - free(event); - } - - if(sigalrm) - { - syslog(LOG_INFO, _("Flushing event queue")); - - while(event_tree->head) - { - event = (event_t *)event_tree->head->data; - event->handler(event->data); - event_del(event); - } - sigalrm = 0; - } - - if(sighup) - { - sighup = 0; - close_network_connections(); - exit_configuration(&config_tree); - - syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds...")); - sleep(5); - - init_configuration(&config_tree); - - if(read_server_config()) - { - syslog(LOG_ERR, _("Unable to reread configuration file, exitting.")); - exit(1); - } - - if(setup_network_connections()) - return; - - continue; - } - - if(build_graph) - if_build_graph(); - } -cp -} diff --git a/src/pokey/net.h b/src/pokey/net.h deleted file mode 100644 index e80126d4..00000000 --- a/src/pokey/net.h +++ /dev/null @@ -1,153 +0,0 @@ -/* - net.h -- header for net.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: net.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_NET_H__ -#define __TINC_NET_H__ - -#include -#include -#include -#include - -#include "config.h" - -#ifdef ENABLE_JUMBOGRAMS - #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ - #define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ - #define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ -#else - #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ - #define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ - #define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ -#endif - -#define MAXSOCKETS 128 /* Overkill... */ - -#define MAXQUEUELENGTH 8 - -typedef struct mac_t -{ - unsigned char x[6]; -} mac_t; - -typedef struct ipv4_t -{ - unsigned char x[4]; -} ipv4_t; - -typedef struct ip_mask_t { - ipv4_t address; - ipv4_t mask; -} ip_mask_t; - -typedef struct ipv6_t -{ - unsigned short x[8]; -} ipv6_t; - -typedef unsigned short port_t; - -typedef short length_t; - -typedef union { - struct sockaddr sa; - struct sockaddr_in in; - struct sockaddr_in6 in6; -} sockaddr_t; - -#ifdef SA_LEN -#define SALEN(s) SA_LEN(&s) -#else -#define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) -#endif - -typedef struct vpn_packet_t { - length_t len; /* the actual number of bytes in the `data' field */ - int priority; /* priority or TOS */ - unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ - unsigned char data[MAXSIZE]; -} vpn_packet_t; - -typedef struct queue_element_t { - void *packet; - struct queue_element_t *prev; - struct queue_element_t *next; -} queue_element_t; - -typedef struct packet_queue_t { - queue_element_t *head; - queue_element_t *tail; -} packet_queue_t; - -typedef struct outgoing_t { - char *name; - int timeout; - struct config_t *cfg; - struct addrinfo *ai; - struct addrinfo *aip; -} outgoing_t; - -typedef struct listen_socket_t { - int tcp; - int udp; - sockaddr_t sa; -} listen_socket_t; - -extern int maxtimeout; -extern int seconds_till_retry; -extern int addressfamily; - -extern char *request_name[]; -extern char *status_text[]; - -#include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ - -extern listen_socket_t listen_socket[MAXSOCKETS]; -extern int listen_sockets; -extern int keyexpires; -extern int keylifetime; -extern int do_prune; -extern int do_purge; -extern char *myport; -extern time_t now; - -extern void retry_outgoing(outgoing_t *); -extern void handle_incoming_vpn_data(int); -extern void finish_connecting(connection_t *); -extern void do_outgoing_connection(connection_t *); -extern int handle_new_meta_connection(int); -extern int setup_listen_socket(sockaddr_t *); -extern int setup_vpn_in_socket(sockaddr_t *); -extern void send_packet(struct node_t *, vpn_packet_t *); -extern void receive_packet(struct node_t *, vpn_packet_t *); -extern void receive_tcppacket(struct connection_t *, char *, int); -extern void broadcast_packet(struct node_t *, vpn_packet_t *); -extern int setup_network_connections(void); -extern void setup_outgoing_connection(struct outgoing_t *); -extern void try_outgoing_connections(void); -extern void close_network_connections(void); -extern void main_loop(void); -extern void terminate_connection(connection_t *, int); -extern void flush_queue(struct node_t *); -extern int read_rsa_public_key(struct connection_t *); - -#endif /* __TINC_NET_H__ */ diff --git a/src/pokey/net_packet.c b/src/pokey/net_packet.c deleted file mode 100644 index 4d9c07e1..00000000 --- a/src/pokey/net_packet.c +++ /dev/null @@ -1,429 +0,0 @@ -/* - net_packet.c -- Handles in- and outgoing VPN packets - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: net_packet.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include - -#include -#include -#include -#include - -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - -#include - -#include -#include -#include -#include - -#include "conf.h" -#include "connection.h" -#include "meta.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" - -int keylifetime = 0; -int keyexpires = 0; - -#define MAX_SEQNO 1073741824 - -/* VPN packet I/O */ - -void receive_udppacket(node_t *n, vpn_packet_t *inpkt) -{ - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt = pkt[0]; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - char hmac[EVP_MAX_MD_SIZE]; -cp - /* Check the message authentication code */ - - if(myself->digest && myself->maclength) - { - inpkt->len -= myself->maclength; - HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); - if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); - return; - } - } - - /* Decrypt the packet */ - - if(myself->cipher) - { - outpkt = pkt[nextpkt++]; - - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); - - outpkt->len = outlen + outpad; - inpkt = outpkt; - } - - /* Check the sequence number */ - - inpkt->len -= sizeof(inpkt->seqno); - inpkt->seqno = ntohl(inpkt->seqno); - - if(inpkt->seqno <= n->received_seqno) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); - return; - } - - n->received_seqno = inpkt->seqno; - - if(n->received_seqno > MAX_SEQNO) - keyexpires = 0; - - /* Decompress the packet */ - - if(myself->compression) - { - outpkt = pkt[nextpkt++]; - - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) - { - syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } - - receive_packet(n, inpkt); -cp -} - -void receive_tcppacket(connection_t *c, char *buffer, int len) -{ - vpn_packet_t outpkt; -cp - outpkt.len = len; - memcpy(outpkt.data, buffer, len); - - receive_packet(c->node, &outpkt); -cp -} - -void receive_packet(node_t *n, vpn_packet_t *packet) -{ -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); -cp -} - -void send_udppacket(node_t *n, vpn_packet_t *inpkt) -{ - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt; - int origlen; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - vpn_packet_t *copy; - static int priority = 0; - int origpriority; - int sock; -cp - /* Make sure we have a valid key */ - - if(!n->status.validkey) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - n->name, n->hostname); - - /* Since packet is on the stack of handle_tap_input(), - we have to make a copy of it first. */ - - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); - - list_insert_tail(n->queue, copy); - - if(n->queue->count > MAXQUEUELENGTH) - list_delete_head(n->queue); - - if(!n->status.waitingforkey) - send_req_key(n->nexthop->connection, myself, n); - - n->status.waitingforkey = 1; - - return; - } - - origlen = inpkt->len; - origpriority = inpkt->priority; - - /* Compress the packet */ - - if(n->compression) - { - outpkt = pkt[nextpkt++]; - - if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) - { - syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } - - /* Add sequence number */ - - inpkt->seqno = htonl(++(n->sent_seqno)); - inpkt->len += sizeof(inpkt->seqno); - - /* Encrypt the packet */ - - if(n->cipher) - { - outpkt = pkt[nextpkt++]; - - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); - - outpkt->len = outlen + outpad; - inpkt = outpkt; - } - - /* Add the message authentication code */ - - if(n->digest && n->maclength) - { - HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); - inpkt->len += n->maclength; - } - - /* Determine which socket we have to use */ - - for(sock = 0; sock < listen_sockets; sock++) - if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) - break; - - if(sock >= listen_sockets) - sock = 0; /* If none is available, just use the first and hope for the best. */ - - /* Send the packet */ - -#if defined(SOL_IP) && defined(IP_TOS) - if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) - { - priority = origpriority; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); - } -#endif - - if((sendto(listen_socket[sock].udp, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) - { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), - n->name, n->hostname, strerror(errno)); - return; - } - - inpkt->len = origlen; -cp -} - -/* - send a packet to the given vpn ip. -*/ -void send_packet(node_t *n, vpn_packet_t *packet) -{ - node_t *via; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); - - if(n == myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_NOTICE, _("Packet is looping back to us!")); - } - - return; - } - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Node %s (%s) is not reachable"), - n->name, n->hostname); - return; - } - - via = (n->via == myself)?n->nexthop:n->via; - - if(via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, n->via->hostname); - - if((myself->options | via->options) & OPTION_TCPONLY) - { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); - } - else - send_udppacket(via, packet); -} - -/* Broadcast a packet using the minimum spanning tree */ - -void broadcast_packet(node_t *from, vpn_packet_t *packet) -{ - avl_node_t *node; - connection_t *c; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), - packet->len, from->name, from->hostname); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active && c->status.mst && c != from->nexthop->connection) - send_packet(c->node, packet); - } -cp -} - -void flush_queue(node_t *n) -{ - list_node_t *node, *next; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); - - for(node = n->queue->head; node; node = next) - { - next = node->next; - send_udppacket(n, (vpn_packet_t *)node->data); - list_delete_node(n->queue, node); - } -cp -} - -void handle_incoming_vpn_data(int sock) -{ - vpn_packet_t pkt; - int x, l = sizeof(x); - char *hostname; - sockaddr_t from; - socklen_t fromlen = sizeof(from); - node_t *n; -cp - if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), - __FILE__, __LINE__, sock, strerror(errno)); - cp_trace(); - exit(1); - } - if(x) - { - syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return; - } - - if((pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen)) <= 0) - { - syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); - return; - } - - sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ - - n = lookup_node_udp(&from); - - if(!n) - { - hostname = sockaddr2hostname(&from); - syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); - free(hostname); - return; - } - - if(n->connection) - n->connection->last_ping_time = now; - - receive_udppacket(n, &pkt); -cp -} - diff --git a/src/pokey/net_setup.c b/src/pokey/net_setup.c deleted file mode 100644 index c44d2a95..00000000 --- a/src/pokey/net_setup.c +++ /dev/null @@ -1,546 +0,0 @@ -/* - net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: net_setup.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "connection.h" -#include "meta.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" - -char *myport; - -int read_rsa_public_key(connection_t *c) -{ - FILE *fp; - char *fname; - char *key; -cp - if(!c->rsa_key) - c->rsa_key = RSA_new(); - - /* First, check for simple PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) - { - BN_hex2bn(&c->rsa_key->n, key); - BN_hex2bn(&c->rsa_key->e, "FFFF"); - free(key); - return 0; - } - - /* Else, check for PublicKeyFile statement and read it */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) - { - if(is_safe_path(fname)) - { - if((fp = fopen(fname, "r")) == NULL) - { - log(0, TLOG_ERROR, - _("Error reading RSA public key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - if(!c->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), - fname, strerror(errno)); - return -1; - } - return 0; - } - else - { - free(fname); - return -1; - } - } - - /* Else, check if a harnessed public key is in the config file */ - - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - if((fp = fopen(fname, "r"))) - { - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - } - - free(fname); - - if(c->rsa_key) - return 0; - else - { - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; - } -} - -int read_rsa_private_key(void) -{ - FILE *fp; - char *fname, *key; -cp - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) - { - myself->connection->rsa_key = RSA_new(); - BN_hex2bn(&myself->connection->rsa_key->d, key); - BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); - free(key); - return 0; - } - - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) - asprintf(&fname, "%s/rsa_key.priv", confbase); - - if(is_safe_path(fname)) - { - if((fp = fopen(fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - if(!myself->connection->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), - fname, strerror(errno)); - return -1; - } - return 0; - } - - free(fname); - return -1; -} - -int check_rsa_key(RSA *rsa_key) -{ - char *test1, *test2, *test3; -cp - if(rsa_key->p && rsa_key->q) - { - if(RSA_check_key(rsa_key) != 1) - return -1; - } - else - { - test1 = xmalloc(RSA_size(rsa_key)); - test2 = xmalloc(RSA_size(rsa_key)); - test3 = xmalloc(RSA_size(rsa_key)); - - if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(memcmp(test1, test3, RSA_size(rsa_key))) - return -1; - } -cp - return 0; -} - -/* - Configure node_t myself and set up the local sockets (listen only) -*/ -int setup_myself(void) -{ - config_t *cfg; - subnet_t *subnet; - char *name, *mode, *afname, *cipher, *digest; - int choice; -cp - myself = new_node(); - myself->connection = new_connection(); - init_configuration(&myself->connection->config_tree); - - asprintf(&myself->hostname, _("MYSELF")); - asprintf(&myself->connection->hostname, _("MYSELF")); - - myself->connection->options = 0; - myself->connection->protocol_version = PROT_CURRENT; - - if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */ - { - syslog(LOG_ERR, _("Name for tinc daemon required!")); - return -1; - } - - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for myself!")); - free(name); - return -1; - } - - myself->name = name; - myself->connection->name = xstrdup(name); - -cp - if(read_rsa_private_key()) - return -1; - - if(read_connection_config(myself->connection)) - { - syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); - return -1; - } - - if(read_rsa_public_key(myself->connection)) - return -1; -cp - - if(check_rsa_key(myself->connection->rsa_key)) - { - syslog(LOG_ERR, _("Invalid public/private keypair!")); - return -1; - } - - if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) - asprintf(&myport, "655"); - -/* Read in all the subnets specified in the host configuration file */ - - cfg = lookup_config(myself->connection->config_tree, "Subnet"); - - while(cfg) - { - if(!get_config_subnet(cfg, &subnet)) - return -1; - - subnet_add(myself, subnet); - - cfg = lookup_config_next(myself->connection->config_tree, cfg); - } - -cp - /* Check some options */ - - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(myself->options & OPTION_TCPONLY) - myself->options |= OPTION_INDIRECT; - - if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) - { - if(!strcasecmp(mode, "router")) - routing_mode = RMODE_ROUTER; - else if (!strcasecmp(mode, "switch")) - routing_mode = RMODE_SWITCH; - else if (!strcasecmp(mode, "hub")) - routing_mode = RMODE_HUB; - else - { - syslog(LOG_ERR, _("Invalid routing mode!")); - return -1; - } - free(mode); - } - else - routing_mode = RMODE_ROUTER; - - get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); -#if !defined(SOL_IP) || !defined(IP_TOS) - if(priorityinheritance) - syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); -#endif - - if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) - macexpire= 600; - - if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) - { - if(maxtimeout <= 0) - { - syslog(LOG_ERR, _("Bogus maximum timeout!")); - return -1; - } - } - else - maxtimeout = 900; - - if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) - { - if(!strcasecmp(afname, "IPv4")) - addressfamily = AF_INET; - else if (!strcasecmp(afname, "IPv6")) - addressfamily = AF_INET6; - else if (!strcasecmp(afname, "any")) - addressfamily = AF_UNSPEC; - else - { - syslog(LOG_ERR, _("Invalid address family!")); - return -1; - } - free(afname); - } - else - addressfamily = AF_INET; - - get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); -cp - /* Generate packet encryption key */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) - { - if(!strcasecmp(cipher, "none")) - { - myself->cipher = NULL; - } - else - { - if(!(myself->cipher = EVP_get_cipherbyname(cipher))) - { - syslog(LOG_ERR, _("Unrecognized cipher type!")); - return -1; - } - } - } - else - myself->cipher = EVP_bf_cbc(); - - if(myself->cipher) - myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; - else - myself->keylength = 1; - - myself->connection->outcipher = EVP_bf_ofb(); - - myself->key = (char *)xmalloc(myself->keylength); - RAND_pseudo_bytes(myself->key, myself->keylength); - - if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) - keylifetime = 3600; - - keyexpires = now + keylifetime; - - /* Check if we want to use message authentication codes... */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) - { - if(!strcasecmp(digest, "none")) - { - myself->digest = NULL; - } - else - { - if(!(myself->digest = EVP_get_digestbyname(digest))) - { - syslog(LOG_ERR, _("Unrecognized digest type!")); - return -1; - } - } - } - else - myself->digest = EVP_sha1(); - - myself->connection->outdigest = EVP_sha1(); - - if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) - { - if(myself->digest) - { - if(myself->maclength > myself->digest->md_size) - { - syslog(LOG_ERR, _("MAC length exceeds size of digest!")); - return -1; - } - else if (myself->maclength < 0) - { - syslog(LOG_ERR, _("Bogus MAC length!")); - return -1; - } - } - } - else - myself->maclength = 4; - - myself->connection->outmaclength = 0; - - /* Compression */ - - if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) - { - if(myself->compression < 0 || myself->compression > 9) - { - syslog(LOG_ERR, _("Bogus compression level!")); - return -1; - } - } - else - myself->compression = 0; - - myself->connection->outcompression = 0; -cp - /* Done */ - - myself->nexthop = myself; - myself->via = myself; - myself->status.active = 1; - node_add(myself); - - graph(); - - syslog(LOG_NOTICE, _("Ready")); -cp - return 0; -} - -/* - setup all initial network connections -*/ -int setup_network_connections(void) -{ -cp - now = time(NULL); - - init_connections(); - init_subnets(); - init_nodes(); - init_edges(); - init_events(); - init_requests(); - - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) - { - if(pingtimeout < 1) - { - pingtimeout = 86400; - } - } - else - pingtimeout = 60; - - if(setup_myself() < 0) - return -1; - - try_outgoing_connections(); -cp - return 0; -} - -/* - close all open network connections -*/ -void close_network_connections(void) -{ - avl_node_t *node, *next; - connection_t *c; - int i; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->outgoing) - free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; - terminate_connection(c, 0); - } - - if(myself && myself->connection) - terminate_connection(myself->connection, 0); - - for(i = 0; i < listen_sockets; i++) - { - close(listen_socket[i].tcp); - close(listen_socket[i].udp); - } - - exit_requests(); - exit_events(); - exit_edges(); - exit_subnets(); - exit_nodes(); - exit_connections(); - -cp - return; -} diff --git a/src/pokey/net_socket.c b/src/pokey/net_socket.c deleted file mode 100644 index 81084f56..00000000 --- a/src/pokey/net_socket.c +++ /dev/null @@ -1,491 +0,0 @@ -/* - net_socket.c -- Handle various kinds of sockets. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: net_socket.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#ifdef HAVE_LINUX - #include - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include - -#include -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "connection.h" -#include "meta.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" -#include "device.h" -#include "event.h" -#include "logging.h" - -#include "system.h" - -int addressfamily = AF_INET; -int maxtimeout = 900; -int seconds_till_retry = 5; - -listen_socket_t listen_socket[MAXSOCKETS]; -int listen_sockets = 0; - -/* Setup sockets */ - -int setup_listen_socket(sockaddr_t *sa) -{ - int nfd, flags; - char *addrstr; - int option; -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; - struct ifreq ifr; -#endif -cp - if((nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) - { - log(0, TLOG_ERROR, - _("Creating metasocket failed: %s"), - strerror(errno)); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); - return -1; - } - - /* Optimize TCP settings */ - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); - -#if defined(SOL_TCP) && defined(TCP_NODELAY) - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); -#endif - -#if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY) - option = IPTOS_LOWDELAY; - setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); -#endif - - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - { -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; - } -#else - syslog(LOG_WARNING, _("BindToDevice not supported on this platform")); -#endif - } - - if(bind(nfd, &sa->sa, SALEN(sa->sa))) - { - close(nfd); - addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); - free(addrstr); - return -1; - } - - if(listen(nfd, 3)) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); - return -1; - } -cp - return nfd; -} - -int setup_vpn_in_socket(sockaddr_t *sa) -{ - int nfd, flags; - char *addrstr; - int option; -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; - struct ifreq ifr; -#endif -cp - if((nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) - { - syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); - return -1; - } - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); - -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - { - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; - } - } -#endif - - if(bind(nfd, &sa->sa, SALEN(sa->sa))) - { - close(nfd); - addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); - free(addrstr); - return -1; - } -cp - return nfd; -} - -void retry_outgoing(outgoing_t *outgoing) -{ - event_t *event; -cp - outgoing->timeout += 5; - if(outgoing->timeout > maxtimeout) - outgoing->timeout = maxtimeout; - - event = new_event(); - event->handler = (event_handler_t)setup_outgoing_connection; - event->time = now + outgoing->timeout; - event->data = outgoing; - event_add(event); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); -cp -} - -int setup_outgoing_socket(connection_t *c) -{ - int option; -cp - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); - - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - - if(c->socket == -1) - { - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); - return -1; - } - - /* Optimize TCP settings */ - -#ifdef HAVE_LINUX - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); - - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); -#endif - - /* Connect */ - - if(connect(c->socket, &c->address.sa, SALEN(c->address.sa)) == -1) - { - close(c->socket); - syslog(LOG_ERR, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(errno)); - return -1; - } - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); -cp - return 0; -} - - -void finish_connecting(connection_t *c) -{ -cp - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); - - c->last_ping_time = now; - - send_id(c); -cp -} - -void do_outgoing_connection(connection_t *c) -{ - char *address, *port; - int option, result, flags; -cp -begin: - if(!c->outgoing->ai) - { - if(!c->outgoing->cfg) - { - log(DEBUG_CONNECTIONS, TLOG_ERROR, - _("Could not set up a meta connection to %s"), - c->name); - c->status.remove = 1; - do_prune = 1; - retry_outgoing(c->outgoing); - return; - } - - get_config_string(c->outgoing->cfg, &address); - - if(!get_config_string(lookup_config(c->config_tree, "Port"), &port)) - asprintf(&port, "655"); - - c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); - free(address); - free(port); - - c->outgoing->aip = c->outgoing->ai; - c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); - } - - if(!c->outgoing->aip) - { - freeaddrinfo(c->outgoing->ai); - c->outgoing->ai = NULL; - goto begin; - } - - memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); - c->outgoing->aip = c->outgoing->aip->ai_next; - - if(c->hostname) - free(c->hostname); - - c->hostname = sockaddr2hostname(&c->address); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); - - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - - if(c->socket == -1) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); - - goto begin; - } - - /* Optimize TCP settings */ - -#ifdef HAVE_LINUX - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); - - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); -#endif - - /* Non-blocking */ - - flags = fcntl(c->socket, F_GETFL); - - if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) - { - syslog(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); - } - - /* Connect */ - - result = connect(c->socket, &c->address.sa, SALEN(c->address.sa)); - - if(result == -1) - { - if(errno == EINPROGRESS) - { - c->status.connecting = 1; - return; - } - - close(c->socket); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); - - goto begin; - } - - finish_connecting(c); - return; -cp -} - -void setup_outgoing_connection(outgoing_t *outgoing) -{ - connection_t *c; - node_t *n; -cp - n = lookup_node(outgoing->name); - - if(n) - if(n->connection) - { - log(DEBUG_CONNECTIONS, TLOG_INFO, - _("Already connected to %s"), - outgoing->name); - n->connection->outgoing = outgoing; - return; - } - - c = new_connection(); - c->name = xstrdup(outgoing->name); - c->outcipher = myself->connection->outcipher; - c->outdigest = myself->connection->outdigest; - c->outmaclength = myself->connection->outmaclength; - c->outcompression = myself->connection->outcompression; - - init_configuration(&c->config_tree); - read_connection_config(c); - - outgoing->cfg = lookup_config(c->config_tree, "Address"); - - if(!outgoing->cfg) - { - syslog(LOG_ERR, _("No address specified for %s"), c->name); - free_connection(c); - free(outgoing->name); - free(outgoing); - return; - } - - c->outgoing = outgoing; - c->last_ping_time = now; - - connection_add(c); - - do_outgoing_connection(c); -} - -/* - accept a new tcp connect and create a - new connection -*/ -int handle_new_meta_connection(int sock) -{ - connection_t *c; - sockaddr_t sa; - int fd, len = sizeof(sa); -cp - if((fd = accept(sock, &sa.sa, &len)) < 0) - { - syslog(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); - return -1; - } - - sockaddrunmap(&sa); - - c = new_connection(); - c->outcipher = myself->connection->outcipher; - c->outdigest = myself->connection->outdigest; - c->outmaclength = myself->connection->outmaclength; - c->outcompression = myself->connection->outcompression; - - c->address = sa; - c->hostname = sockaddr2hostname(&sa); - c->socket = fd; - c->last_ping_time = now; - - log(DEBUG_CONNECTIONS, TLOG_NOTICE, - _("Connection from %s"), - c->hostname); - - connection_add(c); - - c->allow_request = ID; - send_id(c); -cp - return 0; -} - -void try_outgoing_connections(void) -{ - static config_t *cfg = NULL; - char *name; - outgoing_t *outgoing; -cp - for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) - { - get_config_string(cfg, &name); - - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); - free(name); - continue; - } - - outgoing = xmalloc_and_zero(sizeof(*outgoing)); - outgoing->name = name; - setup_outgoing_connection(outgoing); - } -} diff --git a/src/pokey/netutl.c b/src/pokey/netutl.c deleted file mode 100644 index cb23574e..00000000 --- a/src/pokey/netutl.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - netutl.c -- some supporting network utility code - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: netutl.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "errno.h" -#include "interface.h" -#include "conf.h" -#include "net.h" -#include "netutl.h" -#include "logging.h" - -#include "system.h" - -int hostnames = 0; - -/* - Turn a string into a struct addrinfo. - Return NULL on failure. -*/ -struct addrinfo *str2addrinfo(char *address, char *service, int socktype) -{ - struct addrinfo hint, *ai; - int err; -cp - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = addressfamily; - hint.ai_socktype = socktype; - - if((err = getaddrinfo(address, service, &hint, &ai))) - { - log(DEBUG_ERROR, LOG_WARNING, - _("Error looking up %s port %s: %s\n"), - address, service, gai_strerror(err)); - cp_trace(); - return NULL; - } - -cp - return ai; -} - -sockaddr_t str2sockaddr(char *address, char *port) -{ - struct addrinfo hint, *ai; - sockaddr_t result; - int err; -cp - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = AF_UNSPEC; - hint.ai_flags = AI_NUMERICHOST; - hint.ai_socktype = SOCK_STREAM; - - if((err = getaddrinfo(address, port, &hint, &ai) || !ai)) - { - log(0, TLOG_ERROR, - _("Error looking up %s port %s: %s\n"), - address, port, gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); - } - - result = *(sockaddr_t *)ai->ai_addr; - freeaddrinfo(ai); -cp - return result; -} - -void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) -{ - char address[NI_MAXHOST]; - char port[NI_MAXSERV]; - char *scopeid; - int err; -cp - if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) - { - syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); - } - -#ifdef HAVE_LINUX - if((scopeid = strchr(address, '%'))) - *scopeid = '\0'; /* Descope. */ -#endif - - *addrstr = xstrdup(address); - *portstr = xstrdup(port); -cp -} - -char *sockaddr2hostname(sockaddr_t *sa) -{ - char *str; - char address[NI_MAXHOST] = "unknown"; - char port[NI_MAXSERV] = "unknown"; - int err; -cp - if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) - { - syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); - } - - asprintf(&str, _("%s port %s"), address, port); -cp - return str; -} - -int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) -{ - int result; -cp - result = a->sa.sa_family - b->sa.sa_family; - - if(result) - return result; - - switch(a->sa.sa_family) - { - case AF_UNSPEC: - return 0; - case AF_INET: - result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); - if(result) - return result; - return memcmp(&a->in.sin_port, &b->in.sin_port, sizeof(a->in.sin_port)); - case AF_INET6: - result = memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)); - if(result) - return result; - return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); - default: - syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); - cp_trace(); - raise(SIGFPE); - exit(0); - } -cp -} - -void sockaddrunmap(sockaddr_t *sa) -{ - if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) - { - sa->in.sin_addr.s_addr = ((uint32_t *)&sa->in6.sin6_addr)[3]; - sa->in.sin_family = AF_INET; - } -} - -/* Subnet mask handling */ - -int maskcmp(char *a, char *b, int masklen, int len) -{ - int i, m, result; -cp - for(m = masklen, i = 0; m >= 8; m -= 8, i++) - if((result = a[i] - b[i])) - return result; - - if(m) - return (a[i] & (0x100 - (m << 1))) - (b[i] & (0x100 - (m << 1))); - - return 0; -} - -void mask(char *a, int masklen, int len) -{ - int i; -cp - i = masklen / 8; - masklen %= 8; - - if(masklen) - a[i++] &= (0x100 - (masklen << 1)); - - for(; i < len; i++) - a[i] = 0; -} - -void maskcpy(char *a, char *b, int masklen, int len) -{ - int i, m; -cp - for(m = masklen, i = 0; m >= 8; m -= 8, i++) - a[i] = b[i]; - - if(m) - { - a[i] = b[i] & (0x100 - (m << 1)); - i++; - } - - for(; i < len; i++) - a[i] = 0; -} - -int maskcheck(char *a, int masklen, int len) -{ - int i; -cp - i = masklen / 8; - masklen %= 8; - - if(masklen) - if(a[i++] & ~(0x100 - (masklen << 1))) - return -1; - - for(; i < len; i++) - if(a[i] != 0) - return -1; - - return 0; -} diff --git a/src/pokey/netutl.h b/src/pokey/netutl.h deleted file mode 100644 index 7df29b9c..00000000 --- a/src/pokey/netutl.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - netutl.h -- header file for netutl.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: netutl.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_NETUTL_H__ -#define __TINC_NETUTL_H__ - -#include -#include -#include - -#include "net.h" - -extern int hostnames; - -extern char *hostlookup(unsigned long); -extern struct addrinfo *str2addrinfo(char *, char *, int); -extern sockaddr_t str2sockaddr(char *, char *); -extern void sockaddr2str(sockaddr_t *, char **, char **); -extern char *sockaddr2hostname(sockaddr_t *); -extern int sockaddrcmp(sockaddr_t *, sockaddr_t *); -extern void sockaddrunmap(sockaddr_t *); -extern int maskcmp(char *, char *, int, int); -extern void maskcpy(char *, char *, int, int); -extern void mask(char *, int, int); -extern int maskcheck(char *, int, int); - -#endif /* __TINC_NETUTL_H__ */ diff --git a/src/pokey/pokey.c b/src/pokey/pokey.c deleted file mode 100644 index 7e61c26e..00000000 --- a/src/pokey/pokey.c +++ /dev/null @@ -1,367 +0,0 @@ -/* - tincd.c -- the main file for tincd - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: pokey.c,v 1.3 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_SYS_IOCTL_H -# include -#endif - -#include -#include -#include -#include - -#include -#include - -#include -#include - -#include "conf.h" -#include "interface.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "logging.h" - -#include "system.h" - -/* The name this program was run with. */ -char *program_name; - -/* If nonzero, display usage information and exit. */ -int show_help; - -/* If nonzero, print the version on standard output and exit. */ -int show_version; - -/* If nonzero, it will attempt to kill a running tincd and exit. */ -int kill_tincd = 0; - -/* If nonzero, generate public/private keypair for this host/net. */ -int generate_keys = 0; - -/* If nonzero, use null ciphers and skip all key exchanges. */ -int bypass_security = 0; - -char *identname; /* program name for syslog */ -char *pidfilename; /* pid file location */ -char **g_argv; /* a copy of the cmdline arguments */ -char **environment; /* A pointer to the environment on startup */ - -/* GTK Interface */ -GladeXML *xml = NULL; - - -static struct option const long_options[] = -{ - { "config", required_argument, NULL, 'c' }, - { "kill", optional_argument, NULL, 'k' }, - { "net", required_argument, NULL, 'n' }, - { "help", no_argument, &show_help, 1 }, - { "version", no_argument, &show_version, 1 }, - { "no-detach", no_argument, &do_detach, 0 }, - { "generate-keys", optional_argument, NULL, 'K'}, - { "debug", optional_argument, NULL, 'd'}, - { "bypass-security", no_argument, &bypass_security, 1 }, - { NULL, 0, NULL, 0 } -}; - -static void -usage(int status) -{ - if(status != 0) - fprintf(stderr, _("Try `%s --help\' for more information.\n"), program_name); - else - { - printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" - " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" - " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); - printf(_("Report bugs to tinc@nl.linux.org.\n")); - } - exit(status); -} - -void -parse_options(int argc, char **argv, char **envp) -{ - int r; - int option_index = 0; - - while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF) - { - switch(r) - { - case 0: /* long option */ - break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'd': /* inc debug level */ - if(optarg) - debug_lvl = atoi(optarg); - else - debug_lvl++; - break; - case 'k': /* kill old tincds */ - kill_tincd = optarg?atoi(optarg):SIGTERM; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ - if(optarg) - { - generate_keys = atoi(optarg); - if(generate_keys < 512) - { - fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), - optarg); - usage(1); - } - generate_keys &= ~7; /* Round it to bytes */ - } - else - generate_keys = 1024; - break; - case '?': - usage(1); - default: - break; - } - } -} - -/* This function prettyprints the key generation process */ - -void indicator(int a, int b, void *p) -{ - switch(a) - { - case 0: - fprintf(stderr, "."); - break; - case 1: - fprintf(stderr, "+"); - break; - case 2: - fprintf(stderr, "-"); - break; - case 3: - switch(b) - { - case 0: - fprintf(stderr, " p\n"); - break; - case 1: - fprintf(stderr, " q\n"); - break; - default: - fprintf(stderr, "?"); - } - break; - default: - fprintf(stderr, "?"); - } -} - -/* - Generate a public/private RSA keypair, and ask for a file to store - them in. -*/ -int keygen(int bits) -{ - RSA *rsa_key; - FILE *f; - char *name = NULL; - char *filename; - - fprintf(stderr, _("Generating %d bits keys:\n"), bits); - rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); - - if(!rsa_key) - { - fprintf(stderr, _("Error during key generation!\n")); - return -1; - } - else - fprintf(stderr, _("Done.\n")); - - get_config_string(lookup_config(config_tree, "Name"), &name); - - if(name) - asprintf(&filename, "%s/hosts/%s", confbase, name); - else - asprintf(&filename, "%s/rsa_key.pub", confbase); - - if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) - return -1; - - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - - PEM_write_RSAPublicKey(f, rsa_key); - fclose(f); - free(filename); - - asprintf(&filename, "%s/rsa_key.priv", confbase); - if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) - return -1; - - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - - PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); - fclose(f); - free(filename); - - return 0; -} - -/* - Set all files and paths according to netname -*/ -void make_names(void) -{ - if(netname) - { - if(!pidfilename) - asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); - if(!confbase) - asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); - else - log(0, LOG_INFO, - _("Both netname and configuration directory given, using the latter...")); - if(!identname) - asprintf(&identname, "tinc.%s", netname); - } - else - { - if(!pidfilename) - pidfilename = LOCALSTATEDIR "/run/tinc.pid"; - if(!confbase) - asprintf(&confbase, "%s/tinc", CONFDIR); - if(!identname) - identname = "tinc"; - } -} - -int -main(int argc, char **argv, char **envp) -{ - char *fake_argv[] = { argv[0], NULL }; - program_name = argv[0]; - - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); - - environment = envp; - parse_options(argc, argv, envp); - - if(show_version) - { - printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); - - return 0; - } - - if(show_help) - usage(0); - - log_add_hook(log_default); - - gnome_init("Pokey", "0.0", 1, fake_argv); - - g_argv = argv; - - make_names(); - init_configuration(&config_tree); - - /* Slllluuuuuuurrrrp! */ -cp - RAND_load_file("/dev/urandom", 1024); - -#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS - SSLeay_add_all_algorithms(); -#else - OpenSSL_add_all_algorithms(); -#endif - -cp - if(read_server_config()) - exit(1); -cp - setup_signals(); - - if(init_interface()) - { - log(0, TLOG_ERROR, - _("Could not setup all necessary interface elements.\n")); - exit(1); - } - - if(!setup_network_connections()) - { - main_loop(); - cleanup_and_exit(1); - } - - log_add_hook(log_default); - - log(0, TLOG_ERROR, - _("Could not set up network connections")); - cp_trace(); - - return 1; -} diff --git a/src/pokey/pokey.glade b/src/pokey/pokey.glade deleted file mode 100644 index fbb6c22a..00000000 --- a/src/pokey/pokey.glade +++ /dev/null @@ -1,2070 +0,0 @@ - - - - - Pokey - pokey - - src - pixmaps - C - True - True - True - True - pokey.translatables - - - - GtkWindow - HostInfoWindow - Information about host - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - False - True - False - - - GtkVBox - vbox2 - False - 0 - - - GtkNotebook - notebook1 - True - True - True - GTK_POS_TOP - False - 2 - 2 - False - - 0 - True - True - - - - GtkVBox - vbox4 - False - 0 - - - GtkHBox - hbox2 - False - 0 - - 0 - True - True - - - - GtkTable - table3 - 7 - 2 - False - 0 - 0 - - 0 - True - True - - - - GtkLabel - label14 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 0 - 1 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label15 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 1 - 2 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label16 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 2 - 3 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label17 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 3 - 4 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label18 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 4 - 5 - 0 - 0 - False - False - False - False - True - False - - - - - GtkEntry - HostInfoNameEntry - True - False - True - 0 - - - 1 - 2 - 0 - 1 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - HostInfoHostnameEntry - True - False - True - 0 - - - 1 - 2 - 1 - 2 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - HostInfoPortEntry - True - False - True - 0 - - - 1 - 2 - 2 - 3 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - HostInfoVersionEntry - True - False - True - 0 - - - 1 - 2 - 3 - 4 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - HostInfoStatusEntry - True - False - True - 0 - - - 1 - 2 - 4 - 5 - 0 - 0 - True - False - False - False - True - False - - - - - GtkCheckButton - HostInfoTCPOnlyCheckbutton - True - - False - True - - 1 - 2 - 5 - 6 - 0 - 0 - False - False - False - False - True - False - - - - - GtkCheckButton - HostInfoIndirectdataCheckbutton - True - - False - True - - 1 - 2 - 6 - 7 - 0 - 0 - False - False - False - False - True - False - - - - - - GtkVBox - vbox5 - False - 0 - - 0 - True - True - - - - GtkCheckButton - HostInfoActiveCheckbutton - False - True - - False - True - - 0 - False - False - - - - - GtkCheckButton - HostInfoValidkeyCheckbutton - False - True - - False - True - - 0 - False - False - - - - - GtkCheckButton - HostInfoWaitingforkeyCheckbutton - False - True - - False - True - - 0 - False - False - - - - - GtkCheckButton - HostInfoVisitedCheckbutton - False - True - - False - True - - 0 - False - False - - - - - GtkCheckButton - HostInfoReachableCheckbutton - False - True - - False - True - - 0 - False - False - - - - - GtkCheckButton - HostInfoIndirectCheckbutton - False - True - - False - True - - 0 - False - False - - - - - GtkCheckButton - HostInfoVisibleCheckbutton - False - True - - False - True - - 0 - False - False - - - - - - - GtkHButtonBox - hbuttonbox3 - GTK_BUTTONBOX_SPREAD - 30 - 85 - 27 - 7 - 0 - - 0 - True - True - - - - GtkButton - KeyRegenButton - True - True - - GTK_RELIEF_NORMAL - - - - - - GtkLabel - Notebook:tab - label2 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - GtkHPaned - hpaned2 - 10 - 10 - - - GtkScrolledWindow - scrolledwindow4 - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_UPDATE_CONTINUOUS - GTK_UPDATE_CONTINUOUS - - True - False - - - - GtkCList - HostConnectionsCList - 150 - True - 1 - 80 - GTK_SELECTION_SINGLE - False - GTK_SHADOW_IN - - - GtkLabel - CList:title - label5 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - - - GtkVBox - vbox3 - False - 0 - - True - True - - - - GtkFrame - InformationFrame - - 0 - GTK_SHADOW_ETCHED_IN - - 0 - True - True - - - - GtkTable - table1 - 6 - 2 - False - 0 - 0 - - - GtkLabel - label8 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 0 - 1 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label9 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 1 - 2 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label10 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 2 - 3 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label11 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 3 - 4 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label12 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 4 - 5 - 0 - 0 - False - False - False - False - True - False - - - - - GtkLabel - label13 - - GTK_JUSTIFY_CENTER - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 5 - 6 - 0 - 0 - False - False - False - False - True - False - - - - - GtkEntry - entry4 - True - True - True - 0 - - - 1 - 2 - 0 - 1 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - entry5 - True - True - True - 0 - - - 1 - 2 - 1 - 2 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - entry6 - True - True - True - 0 - - - 1 - 2 - 2 - 3 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - entry7 - True - True - True - 0 - - - 1 - 2 - 4 - 5 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - entry8 - True - True - True - 0 - - - 1 - 2 - 3 - 4 - 0 - 0 - True - False - False - False - True - False - - - - - GtkEntry - entry9 - True - True - True - 0 - - - 1 - 2 - 5 - 6 - 0 - 0 - True - False - False - False - True - False - - - - - - - Placeholder - - - - Placeholder - - - - Placeholder - - - - Placeholder - - - - GtkHButtonBox - hbuttonbox2 - GTK_BUTTONBOX_SPREAD - 30 - 85 - 27 - 7 - 0 - - 0 - True - True - - - - GtkButton - button9 - True - True - - GTK_RELIEF_NORMAL - - - - GtkButton - button10 - True - True - - GTK_RELIEF_NORMAL - - - - GtkButton - button16 - True - True - - GTK_RELIEF_NORMAL - - - - - - - GtkLabel - Notebook:tab - label3 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - Placeholder - - - - GtkLabel - Notebook:tab - label4 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - - GtkHButtonBox - hbuttonbox1 - GTK_BUTTONBOX_END - 30 - 85 - 27 - 7 - 0 - - 0 - False - True - - - - GtkButton - HostInfoCloseButton - True - True - - clicked - gtk_widget_destroy - True - Sun, 14 Apr 2002 20:33:19 GMT - - GNOME_STOCK_BUTTON_CLOSE - GTK_RELIEF_NORMAL - - - - - - - GtkMenu - LogContextMenu - - - GtkPixmapMenuItem - LogContextClear - - activate - on_logcontext_clear_activate - Sun, 14 Apr 2002 15:09:39 GMT - - - False - GNOME_STOCK_MENU_TRASH - - - - GtkCheckMenuItem - LogContextFollow - - activate - on_logcontext_follow_activate - Sun, 14 Apr 2002 15:09:39 GMT - - - True - True - - - - GtkPixmapMenuItem - sluiten1 - - activate - on_logcontext_close_activate - Sat, 27 Apr 2002 17:28:04 GMT - - GNOMEUIINFO_MENU_CLOSE_ITEM - - - - - GtkMenu - CanvasContextMenu - - - GtkCheckMenuItem - CanvasContextKeepDrawing - - activate - on_canvascontext_keep_drawing_activate - Sun, 14 Apr 2002 16:50:37 GMT - - - True - True - - - - GtkMenuItem - CanvasContextShuffle - - activate - on_canvascontext_shuffle_activate - Sun, 14 Apr 2002 16:50:37 GMT - - - False - - - - GtkMenuItem - zoom1 - - False - - - GtkMenu - zoom1_menu - - - GtkMenuItem - -50%1 - - activate - on_canvascontext_minus50_activate - Mon, 15 Apr 2002 21:13:24 GMT - - - False - - - - GtkMenuItem - -25%1 - - activate - on_canvascontext_minus25_activate - Mon, 15 Apr 2002 21:13:24 GMT - - - False - - - - GtkMenuItem - -10%1 - - activate - on_canvascontext_minus10_activate - Mon, 15 Apr 2002 21:13:24 GMT - - - False - - - - GtkMenuItem - default1 - - activate - on_canvascontext_default_activate - Mon, 15 Apr 2002 21:13:25 GMT - - - False - - - - GtkMenuItem - +10%1 - - activate - on_canvascontext_plus10_activate - Mon, 15 Apr 2002 21:13:25 GMT - - - False - - - - GtkMenuItem - +25%1 - - activate - on_canvascontext_plus25_activate - Mon, 15 Apr 2002 21:13:25 GMT - - - False - - - - GtkMenuItem - +50%1 - - activate - on_canvascontext_plus50_activate - Mon, 15 Apr 2002 21:13:25 GMT - - - False - - - - - - GtkPixmapMenuItem - sluiten2 - - activate - on_canvascontext_close_activate - Sat, 27 Apr 2002 17:27:44 GMT - - GNOMEUIINFO_MENU_CLOSE_ITEM - - - - - GnomeAbout - AboutWindow - True - pokey2.xpm - Copyright 1998-2002 - Guus Sliepen <guus@sliepen.warande.net> -Ivo Timmermans <ivo@o2w.nl> - - tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to distribute it under certain conditions; see the file COPYING for details. - - - - GnomePropertyBox - PropertyBox - GTK_WIN_POS_NONE - False - False - False - False - - - GtkNotebook - GnomePropertyBox:notebook - notebook2 - True - True - True - GTK_POS_TOP - False - 2 - 2 - False - - 0 - True - True - - - - Placeholder - - - - GtkLabel - Notebook:tab - label19 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - GtkVBox - vbox6 - False - 0 - - - GtkFrame - frame1 - - 0 - GTK_SHADOW_ETCHED_IN - - 0 - True - True - - - - GtkHBox - hbox3 - True - 0 - - - GtkLabel - label26 - - GTK_JUSTIFY_LEFT - False - 0.5 - 0.5 - 0 - 0 - - 0 - True - True - - - - - GnomeColorPicker - LineColorPicker - True - - color_set - on_LineColorPicker_color_set - Tue, 16 Apr 2002 06:56:38 GMT - - True - False - Kies een kleur - - 0 - True - True - - - - - - - GtkFrame - frame2 - - 0 - GTK_SHADOW_ETCHED_IN - - 0 - True - True - - - - GtkTable - table5 - 3 - 2 - True - 0 - 0 - - - GtkLabel - label29 - - GTK_JUSTIFY_LEFT - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 0 - 1 - 0 - 0 - True - False - True - False - True - False - - - - - GtkLabel - label30 - - GTK_JUSTIFY_LEFT - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 1 - 2 - 0 - 0 - True - False - True - False - True - False - - - - - GtkLabel - label31 - - GTK_JUSTIFY_LEFT - False - 0 - 0.5 - 0 - 0 - - 0 - 1 - 2 - 3 - 0 - 0 - True - False - True - False - True - False - - - - - GnomeFontPicker - LabelFontPicker - True - - font_set - on_LabelFontPicker_font_set - Tue, 16 Apr 2002 06:56:46 GMT - - Selecteer een lettertype - AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz - GNOME_FONT_PICKER_MODE_PIXMAP - True - False - 14 - - 1 - 2 - 0 - 1 - 0 - 0 - True - False - True - False - True - False - - - - - GnomeColorPicker - LabelColorPicker - True - - color_set - on_LabelColorPicker_color_set - Tue, 16 Apr 2002 06:56:51 GMT - - True - False - Kies een kleur - - 1 - 2 - 1 - 2 - 0 - 0 - True - False - True - False - True - False - - - - - GnomeColorPicker - LabelBackgroundPicker - True - - color_set - on_LabelBackgroundPicker_color_set - Tue, 16 Apr 2002 06:56:58 GMT - - True - False - Kies een kleur - - 1 - 2 - 2 - 3 - 0 - 0 - True - False - True - False - True - False - - - - - - - - GtkLabel - Notebook:tab - label20 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - Placeholder - - - - GtkLabel - Notebook:tab - label21 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - - - GnomeApp - AppWindow - Pokey - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - False - True - False - True - - - GnomeDock - GnomeApp:dock - dock1 - True - - 0 - True - True - - - - GnomeDockItem - dockitem1 - GNOME_DOCK_TOP - 0 - 0 - 0 - True - True - False - True - False - GTK_SHADOW_NONE - - - GtkMenuBar - menubar2 - GTK_SHADOW_NONE - - - GtkMenuItem - file2 - GNOMEUIINFO_MENU_FILE_TREE - - - GtkMenu - file2_menu - - - GtkPixmapMenuItem - exit1 - - activate - on_exit1_activate - Mon, 29 Apr 2002 19:54:35 GMT - - GNOMEUIINFO_MENU_EXIT_ITEM - - - - - - GtkMenuItem - settings2 - GNOMEUIINFO_MENU_SETTINGS_TREE - - - GtkMenu - settings2_menu - - - GtkPixmapMenuItem - preferences1 - - activate - on_preferences1_activate - Sat, 27 Apr 2002 17:23:31 GMT - - GNOMEUIINFO_MENU_PREFERENCES_ITEM - - - - - - GtkMenuItem - vensters1 - GNOMEUIINFO_MENU_WINDOWS_TREE - - - GtkMenu - vensters1_menu - - - GtkMenuItem - log_window1 - - activate - on_log_window1_activate - Mon, 29 Apr 2002 16:56:02 GMT - - - False - - - - GtkMenuItem - graph_window1 - - activate - on_graph_window1_activate - Mon, 29 Apr 2002 16:56:02 GMT - - - False - - - - - - GtkMenuItem - help2 - GNOMEUIINFO_MENU_HELP_TREE - - - GtkMenu - help2_menu - - - GtkPixmapMenuItem - about1 - - activate - on_about1_activate - Sat, 27 Apr 2002 17:23:31 GMT - - GNOMEUIINFO_MENU_ABOUT_ITEM - - - - - - - - GtkScrolledWindow - GnomeDock:contents - scrolledwindow1 - 300 - 200 - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_UPDATE_CONTINUOUS - GTK_UPDATE_CONTINUOUS - - - GtkCTree - NodeTree - True - - button_press_event - on_nodetree_button_press_event - Sun, 14 Apr 2002 19:34:40 GMT - - 1 - 80 - GTK_SELECTION_SINGLE - False - GTK_SHADOW_IN - - - GtkLabel - CTree:title - label1 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - - - - - - GnomeAppBar - GnomeApp:appbar - appbar2 - True - True - - 0 - True - True - - - - - - GtkWindow - LogWindow - Log - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - False - True - False - - - GtkVBox - vbox7 - False - 0 - - - GtkScrolledWindow - scrolledwindow2 - GTK_POLICY_NEVER - GTK_POLICY_ALWAYS - GTK_UPDATE_CONTINUOUS - GTK_UPDATE_CONTINUOUS - - 0 - True - True - - - - GtkText - Messages - 500 - 300 - - button_press_event - on_messages_button_press_event - Sun, 14 Apr 2002 19:34:28 GMT - - False - - - - - - GtkHBox - hbox4 - False - 10 - - 0 - True - True - - - - GtkHBox - hbox5 - False - 9 - - 0 - True - True - - - - GtkLabel - label32 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - 0 - False - False - - - - - GtkSpinButton - DebugLevelSpinbutton - True - - changed - on_debug_level_changed - Mon, 29 Apr 2002 21:31:08 GMT - - 1 - 0 - True - GTK_UPDATE_IF_VALID - False - False - 1 - 0 - 1000 - 1 - 10 - 10 - - 0 - False - False - - - - - - GtkButton - button17 - True - - clicked - on_logwindow_close_clicked - Mon, 29 Apr 2002 21:37:37 GMT - - GNOME_STOCK_BUTTON_CLOSE - GTK_RELIEF_NORMAL - - 0 - False - False - - - - - - - - GtkWindow - GraphWindow - Graph - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - False - True - False - - - GtkVBox - vbox8 - False - 0 - - - GtkScrolledWindow - scrolledwindow3 - GTK_POLICY_ALWAYS - GTK_POLICY_ALWAYS - GTK_UPDATE_CONTINUOUS - GTK_UPDATE_CONTINUOUS - - 0 - True - True - - - - GnomeCanvas - canvas1 - 500 - 300 - True - - button_press_event - on_canvas_button_press_event - Sun, 14 Apr 2002 15:21:11 GMT - - True - 0 - 0 - 100 - 100 - 1 - - - - - GtkHBox - hbox6 - False - 0 - - 0 - False - False - - - - GtkHBox - hbox7 - False - 0 - - 0 - False - False - - - - GtkLabel - label33 - - GTK_JUSTIFY_CENTER - False - 0.5 - 0.5 - 0 - 0 - - 0 - False - False - - - - - GtkSpinButton - spinbutton2 - True - - changed - on_spinbutton2_changed - Wed, 01 May 2002 17:18:44 GMT - - 1 - 0 - True - GTK_UPDATE_IF_VALID - False - False - 100 - 1 - 1000 - 1 - 10 - 10 - - 0 - False - False - - - - - - GtkCheckButton - KeepDrawingButton - True - - toggled - on_checkbutton1_toggled - Wed, 01 May 2002 17:18:37 GMT - - - False - True - - 0 - False - False - - - - - GtkButton - button18 - True - - clicked - on_button18_clicked - Wed, 01 May 2002 17:18:25 GMT - - GNOME_STOCK_BUTTON_CLOSE - GTK_RELIEF_NORMAL - - 0 - False - False - GTK_PACK_END - - - - - GtkButton - button19 - True - - clicked - on_button19_clicked - Wed, 01 May 2002 17:18:19 GMT - - - GTK_RELIEF_NORMAL - - 0 - False - False - GTK_PACK_END - - - - - - - diff --git a/src/pokey/pokey2.xpm b/src/pokey/pokey2.xpm deleted file mode 100644 index b847f7fa..00000000 --- a/src/pokey/pokey2.xpm +++ /dev/null @@ -1,56 +0,0 @@ -/* XPM */ -static char * pokey2_xpm[] = { -"36 49 4 1", -" c None", -". c #000000", -"+ c #FFFFFF", -"@ c #E9A500", -" .......... ", -" ............. ", -" ................ ", -" ................. ", -" .................. ", -" ................... ", -" ..................... ", -" ........++............. ", -" .........++.............. ", -" ..+....+..++................ ", -" .++++++...+................. ", -" ....+.+...................... ", -" ..@@@@@@.++..................... ", -" .@@@@@@@@.+++..................... ", -"...........++++.................... ", -" .@@@@@@@@.++++.....................", -" .....@@@.++++.....................", -" .....+++++....................", -" .++++++++++...................", -" .++++++++++++..................", -" .++++++++++++..................", -" .+++++++++++++..................", -" .+++++++++++++..................", -" .+++++++++++++................. ", -" .+++++++++++++................. ", -" .+++++++++++++.....+........... ", -" .+++++++++++++.....+........... ", -" .++++++++++++++....+........... ", -" .++++++++++++++................ ", -" .++++++++++++++...+............ ", -" .++++++++++++++...+........... ", -" .++++++++++++++...+........... ", -" .++++++++++++++..++........... ", -" .++++++++++++++++++........... ", -" .++++++++++++++++++........... ", -" .++++++++++++++++++.......... ", -" .+++++++++++++++++.......... ", -" .++++++++++++++++........... ", -" .++++++++++++++++........... ", -" .++++++++++++++++........... ", -" .+++++++++++++++........... ", -" ..+++++++++++............. ", -" . .++++++++............... ", -" ..+++++.+............. ", -" ....+.++............ ", -" ................... ", -" .................... ", -" .............. .. ", -" . .. "}; diff --git a/src/pokey/process.c b/src/pokey/process.c deleted file mode 100644 index ef426cb6..00000000 --- a/src/pokey/process.c +++ /dev/null @@ -1,469 +0,0 @@ -/* - process.c -- process management functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: process.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "process.h" -#include "subnet.h" -#include "connection.h" -#include "logging.h" - -#include "system.h" - -/* If zero, don't detach from the terminal. */ -int do_detach = 1; - -extern char *identname; -extern char *pidfilename; -extern char **g_argv; - -sigset_t emptysigset; - -static int saved_debug_lvl = 0; - -extern int sighup; -extern int sigalrm; -extern int do_purge; - -void memory_full(int size) -{ - log(0, TLOG_ERROR, - _("Memory exhausted (couldn't allocate %d bytes), exitting."), - size); - cp_trace(); - exit(1); -} - -/* Some functions the less gifted operating systems might lack... */ - -#ifndef HAVE_FCLOSEALL -int fcloseall(void) -{ - fflush(stdin); - fflush(stdout); - fflush(stderr); - fclose(stdin); - fclose(stdout); - fclose(stderr); - return 0; -} -#endif - -/* - Close network connections, and terminate neatly -*/ -void cleanup_and_exit(int c) -{ -cp - close_network_connections(); - - syslog(LOG_NOTICE, _("Terminating")); - - closelog(); - exit(c); -} - -/* - check for an existing tinc for this net, and write pid to pidfile -*/ -int write_pidfile(void) -{ - int pid; -cp - if((pid = check_pid(pidfilename))) - { - if(netname) - fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), - netname, pid); - else - fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); - return 1; - } - - /* if it's locked, write-protected, or whatever */ - if(!write_pid(pidfilename)) - return 1; -cp - return 0; -} - -/* - kill older tincd for this net -*/ -int kill_other(int signal) -{ - int pid; -cp - if(!(pid = read_pid(pidfilename))) - { - if(netname) - fprintf(stderr, _("No other tincd is running for net `%s'.\n"), netname); - else - fprintf(stderr, _("No other tincd is running.\n")); - return 1; - } - - errno = 0; /* No error, sometimes errno is only changed on error */ - /* ESRCH is returned when no process with that pid is found */ - if(kill(pid, signal) && errno == ESRCH) - { - if(netname) - fprintf(stderr, _("The tincd for net `%s' is no longer running. "), netname); - else - fprintf(stderr, _("The tincd is no longer running. ")); - - fprintf(stderr, _("Removing stale lock file.\n")); - remove_pid(pidfilename); - } -cp - return 0; -} - -/* - Detach from current terminal, write pidfile, kill parent -*/ -int detach(void) -{ -cp - setup_signals(); - - /* First check if we can open a fresh new pidfile */ - - if(write_pidfile()) - return -1; - - /* If we succeeded in doing that, detach */ - - closelog(); - - if(do_detach) - { - if(daemon(0, 0) < 0) - { - fprintf(stderr, _("Couldn't detach from terminal: %s"), strerror(errno)); - return -1; - } - - /* Now UPDATE the pid in the pidfile, because we changed it... */ - - if(!write_pid(pidfilename)) - return -1; - } - - openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); - - if(debug_lvl > DEBUG_NOTHING) - log(0, TLOG_NOTICE, - _("tincd %s (%s %s) starting, debug level %d"), - VERSION, __DATE__, __TIME__, debug_lvl); - else - log(DEBUG_NOTHING, TLOG_NOTICE, - _("tincd %s starting"), - VERSION); - - xalloc_fail_func = memory_full; -cp - return 0; -} - -/* - Execute the program name, with sane environment. All output will be - redirected to syslog. -*/ -void _execute_script(const char *name) __attribute__ ((noreturn)); -void _execute_script(const char *name) -{ - char *scriptname; - char *s; -cp -#ifdef HAVE_UNSETENV - unsetenv("NETNAME"); - unsetenv("INTERFACE"); -#endif - - if(netname) - { - asprintf(&s, "NETNAME=%s", netname); - putenv(s); /* Don't free s! see man 3 putenv */ - } - - chdir("/"); - - asprintf(&scriptname, "%s/%s", confbase, name); - - /* Close all file descriptors */ - closelog(); /* <- this means we cannot use syslog() here anymore! */ - fcloseall(); - - execl(scriptname, NULL); - /* No return on success */ - - if(errno != ENOENT) /* Ignore if the file does not exist */ - exit(1); /* Some error while trying execl(). */ - else - exit(0); -} - -/* - Fork and execute the program pointed to by name. -*/ -int execute_script(const char *name) -{ - pid_t pid; - int status; -cp - if((pid = fork()) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return -1; - } - - if(pid) - { - log(DEBUG_STATUS, TLOG_INFO, - _("Executing script %s"), - name); - - if(waitpid(pid, &status, 0) == pid) - { - if(WIFEXITED(status)) /* Child exited by itself */ - { - if(WEXITSTATUS(status)) - { - syslog(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); - return -1; - } - else - return 0; - } - else if(WIFSIGNALED(status)) /* Child was killed by a signal */ - { - syslog(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), - pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); - return -1; - } - else /* Something strange happened */ - { - syslog(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); - return -1; - } - } - else - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); - return -1; - } - } -cp - /* Child here */ - - _execute_script(name); -} - - -/* - Signal handlers. -*/ - -RETSIGTYPE -sigterm_handler(int a) -{ - log(DEBUG_NOTHING, TLOG_NOTICE, - _("Got TERM signal")); - - cleanup_and_exit(0); -} - -RETSIGTYPE -sigquit_handler(int a) -{ - log(DEBUG_NOTHING, TLOG_NOTICE, - _("Got QUIT signal")); - cleanup_and_exit(0); -} - -RETSIGTYPE -fatal_signal_square(int a) -{ - syslog(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); - cp_trace(); - exit(1); -} - -RETSIGTYPE -fatal_signal_handler(int a) -{ - syslog(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); - cp_trace(); - - syslog(LOG_NOTICE, _("Not restarting.")); - exit(1); -} - -RETSIGTYPE -sighup_handler(int a) -{ - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got HUP signal")); - sighup = 1; -} - -RETSIGTYPE -sigint_handler(int a) -{ - if(saved_debug_lvl) - { - syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), - saved_debug_lvl); - debug_lvl = saved_debug_lvl; - saved_debug_lvl = 0; - } - else - { - syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), - debug_lvl); - saved_debug_lvl = debug_lvl; - debug_lvl = 5; - } -} - -RETSIGTYPE -sigalrm_handler(int a) -{ - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got ALRM signal")); - sigalrm = 1; -} - -RETSIGTYPE -sigusr1_handler(int a) -{ - dump_connections(); -} - -RETSIGTYPE -sigusr2_handler(int a) -{ - dump_nodes(); - dump_edges(); - dump_subnets(); -} - -RETSIGTYPE -sigwinch_handler(int a) -{ - extern int do_purge; - do_purge = 1; -} - -RETSIGTYPE -unexpected_signal_handler(int a) -{ - syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); - cp_trace(); -} - -RETSIGTYPE -ignore_signal_handler(int a) -{ - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - syslog(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); - cp_trace(); - } -} - -struct { - int signal; - void (*handler)(int); -} sighandlers[] = { - { SIGHUP, sighup_handler }, - { SIGTERM, sigterm_handler }, - { SIGQUIT, sigquit_handler }, - { SIGSEGV, fatal_signal_handler }, - { SIGBUS, fatal_signal_handler }, - { SIGILL, fatal_signal_handler }, - { SIGPIPE, ignore_signal_handler }, - { SIGINT, sigint_handler }, - { SIGUSR1, sigusr1_handler }, - { SIGUSR2, sigusr2_handler }, - { SIGCHLD, ignore_signal_handler }, - { SIGALRM, sigalrm_handler }, - { SIGWINCH, sigwinch_handler }, - { 0, NULL } -}; - -void -setup_signals(void) -{ - int i; - struct sigaction act; - - sigemptyset(&emptysigset); - act.sa_handler = NULL; - act.sa_mask = emptysigset; - act.sa_flags = 0; - - /* Set a default signal handler for every signal, errors will be - ignored. */ - for(i = 0; i < NSIG; i++) - { - if(!do_detach) - act.sa_handler = SIG_DFL; - else - act.sa_handler = unexpected_signal_handler; - sigaction(i, &act, NULL); - } - - /* If we didn't detach, allow coredumps */ - if(!do_detach) - sighandlers[3].handler = SIG_DFL; - - /* Then, for each known signal that we want to catch, assign a - handler to the signal, with error checking this time. */ - for(i = 0; sighandlers[i].signal; i++) - { - act.sa_handler = sighandlers[i].handler; - if(sigaction(sighandlers[i].signal, &act, NULL) < 0) - fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), - sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); - } -} diff --git a/src/pokey/process.h b/src/pokey/process.h deleted file mode 100644 index 251da686..00000000 --- a/src/pokey/process.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - process.h -- header file for process.c - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: process.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_PROCESS_H__ -#define __TINC_PROCESS_H__ - -#include "config.h" - -extern int do_detach; - -extern void setup_signals(void); -extern int execute_script(const char *); -extern int detach(void); -extern int kill_other(int); -extern void cleanup_and_exit(int); - -#endif /* __TINC_PROCESS_H__ */ diff --git a/src/pokey/protocol.c b/src/pokey/protocol.c deleted file mode 100644 index 57030d3d..00000000 --- a/src/pokey/protocol.c +++ /dev/null @@ -1,245 +0,0 @@ -/* - protocol.c -- handle the meta-protocol, basic functions - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol.c,v 1.2 2002/05/02 11:50:07 zarq Exp $ -*/ - -#include "config.h" - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include "conf.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "interface.h" -#include "logging.h" - -#include "system.h" - -avl_tree_t *past_request_tree; - -int check_id(char *id) -{ - int i; - - for (i = 0; i < strlen(id); i++) - if(!isalnum(id[i]) && id[i] != '_') - return -1; - - return 0; -} - -/* Generic request routines - takes care of logging and error - detection as well */ - -int send_request(connection_t *c, const char *format, ...) -{ - va_list args; - char buffer[MAXBUFSIZE]; - int len, request; - -cp - /* Use vsnprintf instead of vasprintf: faster, no memory - fragmentation, cleanup is automatic, and there is a limit on the - input buffer anyway */ - - va_start(args, format); - len = vsnprintf(buffer, MAXBUFSIZE, format, args); - va_end(args); - - if(len < 0 || len > MAXBUFSIZE-1) - { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_PROTOCOL) - { - sscanf(buffer, "%d", &request); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); - else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); - } - - buffer[len++] = '\n'; -cp - return send_meta(c, buffer, len); -} - -int receive_request(connection_t *c) -{ - int request; -cp - if(sscanf(c->buffer, "%d", &request) == 1) - { - if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) - { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), - c->name, c->hostname, c->buffer); - else - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - c->name, c->hostname); - - return -1; - } - else - { - if(debug_lvl >= DEBUG_PROTOCOL) - { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), - request_name[request], c->name, c->hostname, c->buffer); - else - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], c->name, c->hostname); - } - } - - if((c->allow_request != ALL) && (c->allow_request != request)) - { - syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); - return -1; - } - - if(request_handlers[request](c)) - /* Something went wrong. Probably scriptkiddies. Terminate. */ - { - syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), - request_name[request], c->name, c->hostname); - return -1; - } - } - else - { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - c->name, c->hostname); - return -1; - } -cp - return 0; -} - -int past_request_compare(past_request_t *a, past_request_t *b) -{ -cp - return strcmp(a->request, b->request); -} - -void free_past_request(past_request_t *r) -{ -cp - if(r->request) - free(r->request); - free(r); -cp -} - -void init_requests(void) -{ -cp - past_request_tree = avl_alloc_tree((avl_compare_t)past_request_compare, (avl_action_t)free_past_request); -cp -} - -void exit_requests(void) -{ -cp - avl_delete_tree(past_request_tree); -cp -} - -int seen_request(char *request) -{ - past_request_t p, *new; -cp - p.request = request; - - if(avl_search(past_request_tree, &p)) - { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Already seen request")); - return 1; - } - else - { - new = (past_request_t *)xmalloc(sizeof(*new)); - new->request = xstrdup(request); - new->firstseen = now; - avl_insert(past_request_tree, new); - return 0; - } -cp -} - -void age_past_requests(void) -{ - avl_node_t *node, *next; - past_request_t *p; - int left = 0, deleted = 0; -cp - for(node = past_request_tree->head; node; node = next) - { - next = node->next; - p = (past_request_t *)node->data; - if(p->firstseen + pingtimeout < now) - avl_delete_node(past_request_tree, node), deleted++; - else - left++; - } - - if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) - syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); -cp -} - -/* Jumptable for the request handlers */ - -int (*request_handlers[])(connection_t*) = { - id_h, metakey_h, challenge_h, chal_reply_h, ack_h, - status_h, error_h, termreq_h, - ping_h, pong_h, - /* add_node_h, del_node_h,*/ - add_subnet_h, del_subnet_h, - add_edge_h, del_edge_h, - key_changed_h, req_key_h, ans_key_h, -}; - -/* Request names */ - -char (*request_name[]) = { - "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", - "STATUS", "ERROR", "TERMREQ", - "PING", "PONG", - /* "ADD_NODE", "DEL_NODE",*/ - "ADD_SUBNET", "DEL_SUBNET", - "ADD_EDGE", "DEL_EDGE", - "KEY_CHANGED", "REQ_KEY", "ANS_KEY", -}; diff --git a/src/pokey/protocol.h b/src/pokey/protocol.h deleted file mode 100644 index 4fae2958..00000000 --- a/src/pokey/protocol.h +++ /dev/null @@ -1,120 +0,0 @@ -/* - protocol.h -- header for protocol.c - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol.h,v 1.2 2002/05/02 11:50:07 zarq Exp $ -*/ - -#ifndef __TINC_PROTOCOL_H__ -#define __TINC_PROTOCOL_H__ - -#include "net.h" -#include "node.h" -#include "subnet.h" - -/* Protocol version. Different versions are incompatible, - incompatible version have different protocols. - */ - -#define PROT_CURRENT 14 - -/* Request numbers */ - -enum { - ALL = -1, /* Guardian for allow_request */ - ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, - STATUS, ERROR, TERMREQ, - PING, PONG, - /* ADD_NODE, DEL_NODE,*/ - ADD_SUBNET, DEL_SUBNET, - ADD_EDGE, DEL_EDGE, - KEY_CHANGED, REQ_KEY, ANS_KEY, - PACKET, - LAST /* Guardian for the highest request number */ -}; - -typedef struct past_request_t { - char *request; - time_t firstseen; -} past_request_t; - -/* Maximum size of strings in a request */ - -#define MAX_STRING_SIZE 2048 -#define MAX_STRING "%2048s" - -/* Basic functions */ - -extern int send_request(connection_t*, const char*, ...); -extern int receive_request(connection_t *); -extern int check_id(char *); - -extern void init_requests(void); -extern void exit_requests(void); -extern int seen_request(char *); -extern void age_past_requests(void); - -/* Requests */ - -extern int send_id(connection_t *); -extern int send_metakey(connection_t *); -extern int send_challenge(connection_t *); -extern int send_chal_reply(connection_t *); -extern int send_ack(connection_t *); -extern int send_status(connection_t *, int, char *); -extern int send_error(connection_t *, int, char *); -extern int send_termreq(connection_t *); -extern int send_ping(connection_t *); -extern int send_pong(connection_t *); -/* extern int send_add_node(connection_t *, node_t *); */ -/* extern int send_del_node(connection_t *, node_t *); */ -extern int send_add_subnet(connection_t *, subnet_t *); -extern int send_del_subnet(connection_t *, subnet_t *); -extern int send_add_edge(connection_t *, edge_t *); -extern int send_del_edge(connection_t *, edge_t *); -extern int send_key_changed(connection_t *, node_t *); -extern int send_req_key(connection_t *, node_t *, node_t *); -extern int send_ans_key(connection_t *, node_t *, node_t *); -extern int send_tcppacket(connection_t *, vpn_packet_t *); - -/* Request handlers */ - -extern int (*request_handlers[])(connection_t *); - -extern int id_h(connection_t *); -extern int metakey_h(connection_t *); -extern int challenge_h(connection_t *); -extern int chal_reply_h(connection_t *); -extern int ack_h(connection_t *); -extern int status_h(connection_t *); -extern int error_h(connection_t *); -extern int termreq_h(connection_t *); -extern int ping_h(connection_t *); -extern int pong_h(connection_t *); -/* extern int add_node_h(connection_t *); */ -/* extern int del_node_h(connection_t *); */ -extern int add_subnet_h(connection_t *); -extern int del_subnet_h(connection_t *); -extern int add_edge_h(connection_t *); -extern int del_edge_h(connection_t *); -extern int key_changed_h(connection_t *); -extern int req_key_h(connection_t *); -extern int ans_key_h(connection_t *); -extern int tcppacket_h(connection_t *); - -#endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/pokey/protocol_auth.c b/src/pokey/protocol_auth.c deleted file mode 100644 index c94bad96..00000000 --- a/src/pokey/protocol_auth.c +++ /dev/null @@ -1,609 +0,0 @@ -/* - protocol_auth.c -- handle the meta-protocol, authentication - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol_auth.c,v 1.2 2002/05/02 11:50:07 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include - -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - -#include "conf.h" -#include "interface.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "node.h" -#include "edge.h" -#include "graph.h" -#include "logging.h" - -#include "system.h" - -int send_id(connection_t *c) -{ -cp - return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); -} - -int id_h(connection_t *c) -{ - char name[MAX_STRING_SIZE]; - int bla; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); - return -1; - } - - /* Check if identity is a valid name */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); - return -1; - } - - /* If we set c->name in advance, make sure we are connected to the right host */ - - if(c->name) - { - if(strcmp(c->name, name)) - { - syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); - return -1; - } - } - else - c->name = xstrdup(name); - - /* Check if version matches */ - - if(c->protocol_version != myself->connection->protocol_version) - { - syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), - c->name, c->hostname, c->protocol_version); - return -1; - } - - if(bypass_security) - { - if(!c->config_tree) - init_configuration(&c->config_tree); - c->allow_request = ACK; - return send_ack(c); - } - - if(!c->config_tree) - { - init_configuration(&c->config_tree); - - if((bla = read_connection_config(c))) - { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); - return -1; - } - } - - if(read_rsa_public_key(c)) - { - return -1; - } - - /* Check some options */ - - if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT) - c->options |= OPTION_INDIRECT; - - if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY) - c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - - c->allow_request = METAKEY; -cp - return send_metakey(c); -} - -int send_metakey(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len, x; -cp - len = RSA_size(c->rsa_key); - - /* Allocate buffers for the meta key */ - - if(!c->outkey) - c->outkey = xmalloc(len); - - if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); -cp - /* Copy random data to the buffer */ - - RAND_bytes(c->outkey, len); - - /* The message we send must be smaller than the modulus of the RSA key. - By definition, for a key of k bits, the following formula holds: - - 2^(k-1) <= modulus < 2^(k) - - Where ^ means "to the power of", not "xor". - This means that to be sure, we must choose our message < 2^(k-1). - This can be done by setting the most significant bit to zero. - */ - - c->outkey[0] &= 0x7F; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->outkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); - } - - /* Encrypt the random data - - We do not use one of the PKCS padding schemes here. - This is allowed, because we encrypt a totally random string - with a length equal to that of the modulus of the RSA key. - */ - - if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } -cp - /* Convert the encrypted random data to a hexadecimal formatted string */ - - bin2hex(buffer, buffer, len); - buffer[len*2] = '\0'; - - /* Send the meta key */ - - x = send_request(c, "%d %d %d %d %d %s", METAKEY, - c->outcipher?c->outcipher->nid:0, c->outdigest?c->outdigest->type:0, - c->outmaclength, c->outcompression, buffer); - - /* Further outgoing requests are encrypted with the key we just generated */ - - if(c->outcipher) - { - EVP_EncryptInit(c->outctx, c->outcipher, - c->outkey + len - c->outcipher->key_len, - c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len); - - c->status.encryptout = 1; - } -cp - return x; -} - -int metakey_h(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int cipher, digest, maclength, compression; - int len; -cp - if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); - return -1; - } -cp - len = RSA_size(myself->connection->rsa_key); - - /* Check if the length of the meta key is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); - return -1; - } - - /* Allocate buffers for the meta key */ -cp - if(!c->inkey) - c->inkey = xmalloc(len); - - if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); - - /* Convert the challenge from hexadecimal back to binary */ -cp - hex2bin(buffer,buffer,len); - - /* Decrypt the meta key */ -cp - if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->inkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); - } - - /* All incoming requests will now be encrypted. */ -cp - /* Check and lookup cipher and digest algorithms */ - - if(cipher) - { - c->incipher = EVP_get_cipherbynid(cipher); - if(!c->incipher) - { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); - return -1; - } - - EVP_DecryptInit(c->inctx, c->incipher, - c->inkey + len - c->incipher->key_len, - c->inkey + len - c->incipher->key_len - c->incipher->iv_len); - - c->status.decryptin = 1; - } - else - { - c->incipher = NULL; - } - - c->inmaclength = maclength; - - if(digest) - { - c->indigest = EVP_get_digestbynid(digest); - if(!c->indigest) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); - return -1; - } - - if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) - { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); - return -1; - } - } - else - { - c->indigest = NULL; - } - - c->incompression = compression; - - c->allow_request = CHALLENGE; -cp - return send_challenge(c); -} - -int send_challenge(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len, x; -cp - /* CHECKME: what is most reasonable value for len? */ - - len = RSA_size(c->rsa_key); - - /* Allocate buffers for the challenge */ - - if(!c->hischallenge) - c->hischallenge = xmalloc(len); -cp - /* Copy random data to the buffer */ - - RAND_bytes(c->hischallenge, len); - -cp - /* Convert to hex */ - - bin2hex(c->hischallenge, buffer, len); - buffer[len*2] = '\0'; - -cp - /* Send the challenge */ - - x = send_request(c, "%d %s", CHALLENGE, buffer); -cp - return x; -} - -int challenge_h(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); - return -1; - } - - len = RSA_size(myself->connection->rsa_key); - - /* Check if the length of the challenge is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); - return -1; - } - - /* Allocate buffers for the challenge */ - - if(!c->mychallenge) - c->mychallenge = xmalloc(len); - - /* Convert the challenge from hexadecimal back to binary */ - - hex2bin(buffer,c->mychallenge,len); - - c->allow_request = CHAL_REPLY; - - /* Rest is done by send_chal_reply() */ -cp - return send_chal_reply(c); -} - -int send_chal_reply(connection_t *c) -{ - char hash[EVP_MAX_MD_SIZE*2+1]; - EVP_MD_CTX ctx; -cp - /* Calculate the hash from the challenge we received */ - - EVP_DigestInit(&ctx, c->indigest); - EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)); - EVP_DigestFinal(&ctx, hash, NULL); - - /* Convert the hash to a hexadecimal formatted string */ - - bin2hex(hash,hash,c->indigest->md_size); - hash[c->indigest->md_size*2] = '\0'; - - /* Send the reply */ - -cp - return send_request(c, "%d %s", CHAL_REPLY, hash); -} - -int chal_reply_h(connection_t *c) -{ - char hishash[MAX_STRING_SIZE]; - char myhash[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); - return -1; - } - - /* Check if the length of the hash is all right */ - - if(strlen(hishash) != c->outdigest->md_size*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); - return -1; - } - - /* Convert the hash to binary format */ - - hex2bin(hishash, hishash, c->outdigest->md_size); - - /* Calculate the hash from the challenge we sent */ - - EVP_DigestInit(&ctx, c->outdigest); - EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); - EVP_DigestFinal(&ctx, myhash, NULL); - - /* Verify the incoming hash with the calculated hash */ - - if(memcmp(hishash, myhash, c->outdigest->md_size)) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); - hishash[SHA_DIGEST_LENGTH*2] = '\0'; - syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); - } - return -1; - } - - /* Identity has now been positively verified. - Send an acknowledgement with the rest of the information needed. - */ - - c->allow_request = ACK; -cp - return send_ack(c); -} - -int send_ack(connection_t *c) -{ - /* ACK message contains rest of the information the other end needs - to create node_t and edge_t structures. */ - - int x; - char *address, *port; - struct timeval now; -cp - /* Estimate weight */ - - gettimeofday(&now, NULL); - c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %d %lx", ACK, myport, address, c->estimated_weight, c->options); - free(address); - free(port); -cp - return x; -} - -void send_everything(connection_t *c) -{ - avl_node_t *node, *node2; - node_t *n; - subnet_t *s; - edge_t *e; - - /* Send all known subnets */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - - for(node2 = n->subnet_tree->head; node2; node2 = node2->next) - { - s = (subnet_t *)node2->data; - send_add_subnet(c, s); - } - } - - /* Send all known edges */ - - for(node = edge_tree->head; node; node = node->next) - { - e = (edge_t *)node->data; - - if(e == c->edge) - continue; - - send_add_edge(c, e); - } -} - -int ack_h(connection_t *c) -{ - char myaddress[MAX_STRING_SIZE]; - char hisport[MAX_STRING_SIZE]; - char *hisaddress, *dummy; - int weight; - long int options; - node_t *n; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %lx", hisport, myaddress, &weight, &options) != 4) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); - return -1; - } - - /* Check if we already have a node_t for him */ - - n = lookup_node(c->name); - - if(!n) - { - n = new_node(); - n->name = xstrdup(c->name); - node_add(n); - } - else - { - if(n->connection) - { - /* Oh dear, we already have a connection to this node. */ - log(DEBUG_CONNECTIONS, TLOG_DEBUG, - _("Established a second connection with %s (%s), closing old connection"), - n->name, n->hostname); - terminate_connection(n->connection, 0); - } - - /* FIXME: check if information in existing node matches that of the other end of this connection */ - } - - n->connection = c; - c->node = n; - c->options |= options; - - /* Create an edge_t for this connection */ - - c->edge = new_edge(); -cp - c->edge->from.node = myself; - /* c->edge->from.tcpaddress = str2sockaddr(address, port);*/ - c->edge->from.udpaddress = str2sockaddr(myaddress, myport); - c->edge->to.node = n; - /* c->edge->to.tcpaddress = c->address; */ - sockaddr2str(&c->address, &hisaddress, &dummy); - c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); - free(hisaddress); - free(dummy); - c->edge->weight = (weight + c->estimated_weight) / 2; - c->edge->connection = c; - c->edge->options = c->options; -cp - edge_add(c->edge); - - /* Activate this connection */ - - c->allow_request = ALL; - c->status.active = 1; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); - -cp - /* Send him everything we know */ - - send_everything(c); - - /* Notify others of this connection */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - - if(other->status.active && other != c) - send_add_edge(other, c->edge); - } - - /* Run MST and SSSP algorithms */ - - graph(); -cp - return 0; -} diff --git a/src/pokey/protocol_edge.c b/src/pokey/protocol_edge.c deleted file mode 100644 index 90c946c6..00000000 --- a/src/pokey/protocol_edge.c +++ /dev/null @@ -1,311 +0,0 @@ -/* - protocol_edge.c -- handle the meta-protocol, edges - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol_edge.c,v 1.2 2002/05/02 11:50:07 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "node.h" -#include "edge.h" -#include "graph.h" -#include "logging.h" - -#include "system.h" - -int send_add_edge(connection_t *c, edge_t *e) -{ - int x; - char *from_udpaddress, *from_udpport; - char *to_udpaddress, *to_udpport; -cp - /* sockaddr2str(&e->from.tcpaddress, &from_tcpaddress, &from_tcpport); */ - sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); - /* sockaddr2str(&e->to.tcpaddress, &to_tcpaddress, &to_tcpport); */ - sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); - x = send_request(c, "%d %lx %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), - e->from.node->name, from_udpaddress, from_udpport, - e->to.node->name, to_udpaddress, to_udpport, - e->options, e->weight); - /* free(from_tcpaddress); */ - /* free(from_tcpport); */ - free(from_udpaddress); - free(from_udpport); - /* free(to_tcpaddress); */ - /* free(to_tcpport); */ - free(to_udpaddress); - free(to_udpport); -cp - return x; -} - -int add_edge_h(connection_t *c) -{ - connection_t *other; - edge_t *e; - node_t *from, *to; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char from_address[MAX_STRING_SIZE]; - /* char from_tcpport[MAX_STRING_SIZE]; */ - char from_udpport[MAX_STRING_SIZE]; - char to_address[MAX_STRING_SIZE]; - /* char to_tcpport[MAX_STRING_SIZE]; */ - char to_udpport[MAX_STRING_SIZE]; - sockaddr_t from_udpaddress; - sockaddr_t to_udpaddress; - long int options; - int weight; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", - from_name, from_address, from_udpport, - to_name, to_address, to_udpport, - &options, &weight) != 8) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* Lookup nodes */ - - from = lookup_node(from_name); - - if(!from) - { - from = new_node(); - from->name = xstrdup(from_name); - node_add(from); - } - - to = lookup_node(to_name); - - if(!to) - { - to = new_node(); - to->name = xstrdup(to_name); - node_add(to); - } - - /* Convert addresses */ - - /* from_tcpaddress = str2sockaddr(from_address, from_tcpport); */ - from_udpaddress = str2sockaddr(from_address, from_udpport); - /* to_tcpaddress = str2sockaddr(to_address, to_tcpport); */ - to_udpaddress = str2sockaddr(to_address, to_udpport); - - /* Check if edge already exists */ - - e = lookup_edge(from, to); - - if(e) - { - if(e->weight != weight || e->options != options - || ((e->from.node == from) && (sockaddrcmp(&e->from.udpaddress, &from_udpaddress)|| sockaddrcmp(&e->to.udpaddress, &to_udpaddress))) - || ((e->from.node == to) && (sockaddrcmp(&e->from.udpaddress, &to_udpaddress) || sockaddrcmp(&e->to.udpaddress, &from_udpaddress))) - ) - { - if(from == myself || to == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - send_add_edge(c, e); - return 0; - } - else - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - edge_del(e); - } - } - else - return 0; - } - else if(from == myself || to == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); - e = new_edge(); - e->from.node = from; - e->to.node = to; - send_del_edge(c, e); - free_edge(e); - return 0; - } - - e = new_edge(); - e->from.node = from; - /* e->from.tcpaddress = from_tcpaddress; */ - e->from.udpaddress = from_udpaddress; - e->to.node = to; - /* e->to.tcpaddress = to_tcpaddress; */ - e->to.udpaddress = to_udpaddress; - e->options = options; - e->weight = weight; - edge_add(e); - - /* Tell the rest about the new edge */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } - - /* Run MST before or after we tell the rest? */ - - graph(); -cp - return 0; -} - -int send_del_edge(connection_t *c, edge_t *e) -{ -cp - return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), - e->from.node->name, e->to.node->name); -} - -int del_edge_h(connection_t *c) -{ - edge_t *e; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", - c->name, c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* Lookup nodes */ - - from = lookup_node(from_name); - - if(!from) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } - - to = lookup_node(to_name); - - if(!to) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } - - /* Check if edge exists */ - - e = lookup_edge(from, to); - - if(!e) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } - - if(e->from.node == myself || e->to.node == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); - send_add_edge(c, e); /* Send back a correction */ - return 0; - } - - /* Tell the rest about the deleted edge */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } - - /* Delete the edge */ - - edge_del(e); - - /* Run MST before or after we tell the rest? */ - - graph(); -cp - return 0; -} diff --git a/src/pokey/protocol_key.c b/src/pokey/protocol_key.c deleted file mode 100644 index 6ccf3664..00000000 --- a/src/pokey/protocol_key.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol_key.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "node.h" -#include "edge.h" -#include "logging.h" - -#include "system.h" - -int mykeyused = 0; - -int send_key_changed(connection_t *c, node_t *n) -{ - connection_t *other; - avl_node_t *node; -cp - /* Only send this message if some other daemon requested our key previously. - This reduces unnecessary key_changed broadcasts. - */ - - if(n == myself && !mykeyused) - return 0; - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%d %lx %s", KEY_CHANGED, random(), n->name); - } -cp - return 0; -} - -int key_changed_h(connection_t *c) -{ - char name[MAX_STRING_SIZE]; - avl_node_t *node; - connection_t *other; - node_t *n; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING, name) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", - c->name, c->hostname); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - n = lookup_node(name); - - if(!n) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", - c->name, c->hostname, name); - return -1; - } - - n->status.validkey = 0; - n->status.waitingforkey = 0; - n->sent_seqno = 0; - - /* Tell the others */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } -cp - return 0; -} - -int send_req_key(connection_t *c, node_t *from, node_t *to) -{ -cp - return send_request(c, "%d %s %s", REQ_KEY, - from->name, to->name); -} - -int req_key_h(connection_t *c) -{ - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Check if this key request is for us */ - - if(to == myself) /* Yes, send our own key back */ - { - mykeyused = 1; - from->received_seqno = 0; - send_ans_key(c, myself, from); - } - else - { -/* Proxy keys - if(to->status.validkey) - { - send_ans_key(c, to, from); - } - else -*/ - send_req_key(to->nexthop->connection, from, to); - } - -cp - return 0; -} - -int send_ans_key(connection_t *c, node_t *from, node_t *to) -{ - char key[MAX_STRING_SIZE]; -cp - bin2hex(from->key, key, from->keylength); - key[from->keylength * 2] = '\0'; -cp - return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, - from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength, from->compression); -} - -int ans_key_h(connection_t *c) -{ - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char key[MAX_STRING_SIZE]; - int cipher, digest, maclength, compression; - node_t *from, *to; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Forward it if necessary */ - - if(to != myself) - { - return send_request(to->nexthop->connection, "%s", c->buffer); - } - - /* Update our copy of the origin's packet key */ - - if(from->key) - free(from->key); - - from->key = xstrdup(key); - from->keylength = strlen(key) / 2; - hex2bin(from->key, from->key, from->keylength); - from->key[from->keylength] = '\0'; - - from->status.validkey = 1; - from->status.waitingforkey = 0; - - /* Check and lookup cipher and digest algorithms */ - - if(cipher) - { - from->cipher = EVP_get_cipherbynid(cipher); - if(!from->cipher) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); - return -1; - } - if(from->keylength != from->cipher->key_len + from->cipher->iv_len) - { - syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); - return -1; - } - } - else - { - from->cipher = NULL; - } - - from->maclength = maclength; - - if(digest) - { - from->digest = EVP_get_digestbynid(digest); - if(!from->digest) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); - return -1; - } - if(from->maclength > from->digest->md_size || from->maclength < 0) - { - syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); - return -1; - } - } - else - { - from->digest = NULL; - } - - from->compression = compression; -cp - return 0; -} diff --git a/src/pokey/protocol_misc.c b/src/pokey/protocol_misc.c deleted file mode 100644 index 40fdc621..00000000 --- a/src/pokey/protocol_misc.c +++ /dev/null @@ -1,182 +0,0 @@ -/* - protocol_misc.c -- handle the meta-protocol, miscellaneous functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol_misc.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include - -#include "conf.h" -#include "interface.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "logging.h" - -#include "system.h" - -/* Status and error notification routines */ - -int send_status(connection_t *c, int statusno, char *statusstring) -{ -cp - if(!statusstring) - statusstring = status_text[statusno]; -cp - return send_request(c, "%d %d %s", STATUS, statusno, statusstring); -} - -int status_h(connection_t *c) -{ - int statusno; - char statusstring[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", - c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_STATUS) - { - syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - c->name, c->hostname, status_text[statusno], statusstring); - } - -cp - return 0; -} - -int send_error(connection_t *c, int err, char *errstring) -{ -cp - if(!errstring) - errstring = strerror(err); - return send_request(c, "%d %d %s", ERROR, err, errstring); -} - -int error_h(connection_t *c) -{ - int err; - char errorstring[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", - c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_ERROR) - { - syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - c->name, c->hostname, strerror(err), errorstring); - } - - terminate_connection(c, c->status.active); -cp - return 0; -} - -int send_termreq(connection_t *c) -{ -cp - return send_request(c, "%d", TERMREQ); -} - -int termreq_h(connection_t *c) -{ -cp - terminate_connection(c, c->status.active); -cp - return 0; -} - -int send_ping(connection_t *c) -{ -cp - c->status.pinged = 1; - c->last_ping_time = now; -cp - return send_request(c, "%d", PING); -} - -int ping_h(connection_t *c) -{ -cp - return send_pong(c); -} - -int send_pong(connection_t *c) -{ -cp - return send_request(c, "%d", PONG); -} - -int pong_h(connection_t *c) -{ -cp - c->status.pinged = 0; - - /* Succesful connection, reset timeout if this is an outgoing connection. */ - - if(c->outgoing) - c->outgoing->timeout = 0; -cp - return 0; -} - -/* Sending and receiving packets via TCP */ - -int send_tcppacket(connection_t *c, vpn_packet_t *packet) -{ - int x; -cp - /* Evil hack. */ - - x = send_request(c, "%d %hd", PACKET, packet->len); - - if(x) - return x; -cp - return send_meta(c, packet->data, packet->len); -} - -/* Status strings */ - -char (*status_text[]) = { - "Warning", -}; - -/* Error strings */ - -char (*error_text[]) = { - "Error", -}; diff --git a/src/pokey/protocol_subnet.c b/src/pokey/protocol_subnet.c deleted file mode 100644 index 3cdc760c..00000000 --- a/src/pokey/protocol_subnet.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - protocol_subnet.c -- handle the meta-protocol, subnets - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol_subnet.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" -#include "interface.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "node.h" -#include "edge.h" -#include "graph.h" -#include "logging.h" - -#include "system.h" - -int send_add_subnet(connection_t *c, subnet_t *subnet) -{ - int x; - char *netstr; -cp - x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), - subnet->owner->name, netstr = net2str(subnet)); - free(netstr); -cp - return x; -} - -int add_subnet_h(connection_t *c) -{ - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - connection_t *other; - subnet_t *s; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); - return -1; - } - - /* Check if owner name is a valid */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* Check if the owner of the new subnet is in the connection list */ - - owner = lookup_node(name); - - if(!owner) - { - owner = new_node(); - owner->name = xstrdup(name); - node_add(owner); - } - - /* Check if we already know this subnet */ - - if(lookup_subnet(owner, s)) - { - free_subnet(s); - return 0; - } - - /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ - - if(owner == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); - s->owner = myself; - send_del_subnet(c, s); - return 0; - } - - /* If everything is correct, add the subnet to the list of the owner */ - - subnet_add(owner, s); - - /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } -cp - return 0; -} - -int send_del_subnet(connection_t *c, subnet_t *s) -{ - int x; - char *netstr; -cp - netstr = net2str(s); - x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); - free(netstr); -cp - return x; -} - -int del_subnet_h(connection_t *c) -{ - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - connection_t *other; - subnet_t *s, *find; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); - return -1; - } - - /* Check if owner name is a valid */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if the owner of the new subnet is in the connection list */ - - if(!(owner = lookup_node(name))) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return 0; - } - - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* If everything is correct, delete the subnet from the list of the owner */ - - s->owner = owner; - - find = lookup_subnet(owner, s); - - free_subnet(s); - - if(!find) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return 0; - } - - /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ - - if(owner == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); - send_add_subnet(c, find); - return 0; - } - - /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } - - /* Finally, delete it. */ - - subnet_del(owner, find); - -cp - return 0; -} diff --git a/src/pokey/route.c b/src/pokey/route.c deleted file mode 100644 index cd5946ce..00000000 --- a/src/pokey/route.c +++ /dev/null @@ -1,377 +0,0 @@ -/* - route.c -- routing - Copyright (C) 2000-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: route.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) - #include -#endif -#include -#include -#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD) - #include - #define ETHER_ADDR_LEN 6 -#else - #include -#endif -#include -#include -#include -#include -#include -#include - -#include - -#include "net.h" -#include "interface.h" -#include "connection.h" -#include "subnet.h" -#include "route.h" -#include "protocol.h" -#include "device.h" -#include "logging.h" - -#include "system.h" - -int routing_mode = RMODE_ROUTER; -int priorityinheritance = 0; -int macexpire = 600; -subnet_t mymac; - -void learn_mac(mac_t *address) -{ - subnet_t *subnet; - avl_node_t *node; - connection_t *c; -cp - subnet = lookup_subnet_mac(address); - - /* If we don't know this MAC address yet, store it */ - - if(!subnet || subnet->owner!=myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), - address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); - - subnet = new_subnet(); - subnet->type = SUBNET_MAC; - memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); - subnet_add(myself, subnet); - - /* And tell all other tinc daemons it's our MAC */ - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active) - send_add_subnet(c, subnet); - } - } - - subnet->net.mac.lastseen = now; -} - -void age_mac(void) -{ - subnet_t *s; - connection_t *c; - avl_node_t *node, *next, *node2; -cp - for(node = myself->subnet_tree->head; node; node = next) - { - next = node->next; - s = (subnet_t *)node->data; - if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), - s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); - for(node2 = connection_tree->head; node2; node2 = node2->next) - { - c = (connection_t *)node2->data; - if(c->status.active) - send_del_subnet(c, s); - } - subnet_del(myself, s); - } - } -cp -} - -node_t *route_mac(vpn_packet_t *packet) -{ - subnet_t *subnet; -cp - /* Learn source address */ - - learn_mac((mac_t *)(&packet->data[6])); - - /* Lookup destination address */ - - subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); - - if(subnet) - return subnet->owner; - else - return NULL; -} - -node_t *route_ipv4(vpn_packet_t *packet) -{ - subnet_t *subnet; -cp - if(priorityinheritance) - packet->priority = packet->data[15]; - - subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]); -cp - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), - packet->data[30], packet->data[31], packet->data[32], packet->data[33]); - } - - return NULL; - } -cp - return subnet->owner; -} - -node_t *route_ipv6(vpn_packet_t *packet) -{ - subnet_t *subnet; -cp - subnet = lookup_subnet_ipv6((ipv6_t *)&packet->data[38]); -cp - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(short unsigned int *)&packet->data[38]), - ntohs(*(short unsigned int *)&packet->data[40]), - ntohs(*(short unsigned int *)&packet->data[42]), - ntohs(*(short unsigned int *)&packet->data[44]), - ntohs(*(short unsigned int *)&packet->data[46]), - ntohs(*(short unsigned int *)&packet->data[48]), - ntohs(*(short unsigned int *)&packet->data[50]), - ntohs(*(short unsigned int *)&packet->data[52])); - } - - return NULL; - } -cp - return subnet->owner; -} - -unsigned short int inet_checksum(unsigned short int *data, int len, unsigned short int prevsum) -{ - unsigned long int checksum = prevsum ^ 0xFFFF; - - while(len--) - checksum += ntohs(*data++); - - while(checksum >> 16) - checksum = (checksum & 0xFFFF) + (checksum >> 16); - - return checksum ^ 0xFFFF; -} - -void route_neighborsol(vpn_packet_t *packet) -{ - struct ip6_hdr *hdr; - struct nd_neighbor_solicit *ns; - struct nd_opt_hdr *opt; - subnet_t *subnet; - short unsigned int checksum; - - struct { - struct in6_addr ip6_src; /* source address */ - struct in6_addr ip6_dst; /* destination address */ - uint32_t length; - uint8_t junk[4]; - } pseudo; - -cp - hdr = (struct ip6_hdr *)(packet->data + 14); - ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); - opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); - - /* First, snatch the source address from the neighbor solicitation packet */ - - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); - - /* Check if this is a valid neighbor solicitation request */ - - if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || - opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) - { - if(debug_lvl > DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); - } - return; - } - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); - - if(checksum) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); - return; - } - - /* Check if the IPv6 address exists on the VPN */ - - subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target); - - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(((uint16_t *)&ns->nd_ns_target)[0]), ntohs(((uint16_t *)&ns->nd_ns_target)[1]), ntohs(((uint16_t *)&ns->nd_ns_target)[2]), ntohs(((uint16_t *)&ns->nd_ns_target)[3]), - ntohs(((uint16_t *)&ns->nd_ns_target)[4]), ntohs(((uint16_t *)&ns->nd_ns_target)[5]), ntohs(((uint16_t *)&ns->nd_ns_target)[6]), ntohs(((uint16_t *)&ns->nd_ns_target)[7])); - } - - return; - } - - /* Check if it is for our own subnet */ - - if(subnet->owner == myself) - return; /* silently ignore */ - - /* Create neighbor advertation reply */ - - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ - memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ - - memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ - - ns->nd_ns_hdr.icmp6_cksum = 0; - ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; - opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); - - ns->nd_ns_hdr.icmp6_cksum = htons(checksum); -cp -} - -void route_arp(vpn_packet_t *packet) -{ - struct ether_arp *arp; - subnet_t *subnet; - unsigned char ipbuf[4]; -cp - /* First, snatch the source address from the ARP packet */ - - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); - - /* This routine generates replies to ARP requests. - You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). - Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) - */ - - arp = (struct ether_arp *)(packet->data + 14); - - /* Check if this is a valid ARP request */ - - if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || - ntohs(arp->arp_pro) != ETHERTYPE_IP || - (int) (arp->arp_hln) != ETHER_ADDR_LEN || - (int) (arp->arp_pln) != 4 || - ntohs(arp->arp_op) != ARPOP_REQUEST ) - { - if(debug_lvl > DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); - } - return; - } - - /* Check if the IPv4 address exists on the VPN */ - - subnet = lookup_subnet_ipv4((ipv4_t *)arp->arp_tpa); - - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), - arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], arp->arp_tpa[3]); - } - - return; - } - - /* Check if it is for our own subnet */ - - if(subnet->owner == myself) - return; /* silently ignore */ - - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ - memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ - memcpy(arp->arp_spa, ipbuf, 4); /* ... */ - - memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ - memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ - arp->arp_op = htons(ARPOP_REPLY); -cp -} - diff --git a/src/pokey/route.h b/src/pokey/route.h deleted file mode 100644 index af4ff7ab..00000000 --- a/src/pokey/route.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - route.h -- header file for route.c - Copyright (C) 2000-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: route.h,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#ifndef __TINC_ROUTE_H__ -#define __TINC_ROUTE_H__ - -enum -{ - RMODE_HUB = 0, - RMODE_SWITCH, - RMODE_ROUTER, -}; - -extern int routing_mode; -extern int priorityinheritance; -extern int macexpire; - -extern void age_mac(void); -extern void route_incoming(node_t *, vpn_packet_t *); -extern void route_outgoing(vpn_packet_t *); - -#endif /* __TINC_ROUTE_H__ */ diff --git a/src/process.c b/src/process.c index 3e3cd93d..b9888815 100644 --- a/src/process.c +++ b/src/process.c @@ -1,7 +1,7 @@ /* process.c -- process management functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,309 +17,418 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.4 2002/04/13 11:07:12 zarq Exp $ + $Id: process.c,v 1.5 2003/08/24 20:38:25 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" #include "conf.h" -#include "process.h" -#include "subnet.h" -#include "device.h" #include "connection.h" #include "device.h" -#include "logging.h" - -#include "system.h" +#include "edge.h" +#include "logger.h" +#include "node.h" +#include "pidfile.h" +#include "process.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" /* If zero, don't detach from the terminal. */ -int do_detach = 1; +bool do_detach = true; +bool sighup = false; +bool sigalrm = false; extern char *identname; extern char *pidfilename; extern char **g_argv; +extern bool use_logfile; +extern volatile bool running; sigset_t emptysigset; -static int saved_debug_lvl = 0; - -extern int sighup; -extern int sigalrm; -extern int do_purge; +static int saved_debug_level = -1; -void memory_full(int size) +static void memory_full(int size) { - log(0, TLOG_ERROR, - _("Memory exhausted (couldn't allocate %d bytes), exitting."), - size); - cp_trace(); - exit(1); + logger(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); + cp_trace(); + exit(1); } /* Some functions the less gifted operating systems might lack... */ #ifndef HAVE_FCLOSEALL -int fcloseall(void) +static int fcloseall(void) { - fflush(stdin); - fflush(stdout); - fflush(stderr); - fclose(stdin); - fclose(stdout); - fclose(stderr); - return 0; + fflush(stdin); + fflush(stdout); + fflush(stderr); + fclose(stdin); + fclose(stdout); + fclose(stderr); + return 0; } #endif -/* - Close network connections, and terminate neatly -*/ -void cleanup_and_exit(int c) +#ifdef HAVE_MINGW +extern char *identname; +extern char *program_name; +extern char **g_argv; + +static SC_HANDLE manager = NULL; +static SC_HANDLE service = NULL; +static SERVICE_STATUS status = {0}; +static SERVICE_STATUS_HANDLE statushandle = 0; + +bool install_service(void) { + char command[4096] = "\""; + char **argp; + bool space; + SERVICE_DESCRIPTION description = {"Virtual Private Network daemon"}; + + manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + if(!manager) { + logger(LOG_ERR, _("Could not open service manager: %s"), winerror(GetLastError())); + return false; + } + + if(!strchr(program_name, '\\')) { + GetCurrentDirectory(sizeof(command) - 1, command + 1); + strncat(command, "\\", sizeof(command)); + } + + strncat(command, program_name, sizeof(command)); + + strncat(command, "\"", sizeof(command)); + + for(argp = g_argv + 1; *argp; argp++) { + space = strchr(*argp, ' '); + strncat(command, " ", sizeof(command)); + + if(space) + strncat(command, "\"", sizeof(command)); + + strncat(command, *argp, sizeof(command)); + + if(space) + strncat(command, "\"", sizeof(command)); + } + + service = CreateService(manager, identname, identname, + SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, + command, "NDIS", NULL, NULL, NULL, NULL); + + if(!service) { + logger(LOG_ERR, _("Could not create %s service: %s"), identname, winerror(GetLastError())); + return false; + } + + ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &description); + + logger(LOG_INFO, _("%s service installed"), identname); + + if(!StartService(service, 0, NULL)) + logger(LOG_WARNING, _("Could not start %s service: %s"), identname, winerror(GetLastError())); + else + logger(LOG_INFO, _("%s service started"), identname); + + return true; +} + +bool remove_service(void) { + manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + if(!manager) { + logger(LOG_ERR, _("Could not open service manager: %s"), winerror(GetLastError())); + return false; + } + + service = OpenService(manager, identname, SERVICE_ALL_ACCESS); + + if(!service) { + logger(LOG_ERR, _("Could not open %s service: %s"), identname, winerror(GetLastError())); + return false; + } + + if(!ControlService(service, SERVICE_CONTROL_STOP, &status)) + logger(LOG_ERR, _("Could not stop %s service: %s"), identname, winerror(GetLastError())); + else + logger(LOG_INFO, _("%s service stopped"), identname); + + if(!DeleteService(service)) { + logger(LOG_ERR, _("Could not remove %s service: %s"), identname, winerror(GetLastError())); + return false; + } + + logger(LOG_INFO, _("%s service removed"), identname); + + return true; +} + +DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) { + switch(request) { + case SERVICE_CONTROL_STOP: + logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP"); + break; + case SERVICE_CONTROL_SHUTDOWN: + logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_SHUTDOWN"); + break; + default: + logger(LOG_WARNING, _("Got unexpected request %d"), request); + return ERROR_CALL_NOT_IMPLEMENTED; + } + + if(running) { + running = false; + status.dwWaitHint = 30000; + status.dwCurrentState = SERVICE_STOP_PENDING; + SetServiceStatus(statushandle, &status); + return NO_ERROR; + } else { + status.dwWaitHint = 0; + status.dwCurrentState = SERVICE_STOPPED; + SetServiceStatus(statushandle, &status); + exit(1); + } + +} + +VOID WINAPI run_service(DWORD argc, LPTSTR* argv) { -cp - close_network_connections(); + int err = 1; + extern int main2(int argc, char **argv); + + + status.dwServiceType = SERVICE_WIN32; + status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + status.dwWin32ExitCode = 0; + status.dwServiceSpecificExitCode = 0; + status.dwCheckPoint = 0; + + statushandle = RegisterServiceCtrlHandlerEx(identname, controlhandler, NULL); + + if (!statushandle) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "RegisterServiceCtrlHandlerEx", winerror(GetLastError())); + err = 1; + } else { + status.dwWaitHint = 30000; + status.dwCurrentState = SERVICE_START_PENDING; + SetServiceStatus(statushandle, &status); + + status.dwWaitHint = 0; + status.dwCurrentState = SERVICE_RUNNING; + SetServiceStatus(statushandle, &status); + + err = main2(argc, argv); - if(debug_lvl > DEBUG_NOTHING) - dump_device_stats(); + status.dwWaitHint = 0; + status.dwCurrentState = SERVICE_STOPPED; + //status.dwWin32ExitCode = err; + SetServiceStatus(statushandle, &status); + } + + return; +} - syslog(LOG_NOTICE, _("Terminating")); +bool init_service(void) { + SERVICE_TABLE_ENTRY services[] = { + {identname, run_service}, + {NULL, NULL} + }; + + if(!StartServiceCtrlDispatcher(services)) { + if(GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) { + return false; + } + else + logger(LOG_ERR, _("System call `%s' failed: %s"), "StartServiceCtrlDispatcher", winerror(GetLastError())); + } - closelog(); - exit(c); + return true; } +#endif +#ifndef HAVE_MINGW /* check for an existing tinc for this net, and write pid to pidfile */ -int write_pidfile(void) +static bool write_pidfile(void) { - int pid; -cp - if((pid = check_pid(pidfilename))) - { - if(netname) - fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), - netname, pid); - else - fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); - return 1; - } - - /* if it's locked, write-protected, or whatever */ - if(!write_pid(pidfilename)) - return 1; -cp - return 0; + int pid; + + cp(); + + pid = check_pid(pidfilename); + + if(pid) { + if(netname) + fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), + netname, pid); + else + fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); + return false; + } + + /* if it's locked, write-protected, or whatever */ + if(!write_pid(pidfilename)) + return false; + + return true; } +#endif /* kill older tincd for this net */ -int kill_other(int signal) +bool kill_other(int signal) { - int pid; -cp - if(!(pid = read_pid(pidfilename))) - { - if(netname) - fprintf(stderr, _("No other tincd is running for net `%s'.\n"), netname); - else - fprintf(stderr, _("No other tincd is running.\n")); - return 1; - } - - errno = 0; /* No error, sometimes errno is only changed on error */ - /* ESRCH is returned when no process with that pid is found */ - if(kill(pid, signal) && errno == ESRCH) - { - if(netname) - fprintf(stderr, _("The tincd for net `%s' is no longer running. "), netname); - else - fprintf(stderr, _("The tincd is no longer running. ")); - - fprintf(stderr, _("Removing stale lock file.\n")); - remove_pid(pidfilename); - } -cp - return 0; +#ifndef HAVE_MINGW + int pid; + + cp(); + + pid = read_pid(pidfilename); + + if(!pid) { + if(netname) + fprintf(stderr, _("No other tincd is running for net `%s'.\n"), + netname); + else + fprintf(stderr, _("No other tincd is running.\n")); + return false; + } + + errno = 0; /* No error, sometimes errno is only changed on error */ + + /* ESRCH is returned when no process with that pid is found */ + if(kill(pid, signal) && errno == ESRCH) { + if(netname) + fprintf(stderr, _("The tincd for net `%s' is no longer running. "), + netname); + else + fprintf(stderr, _("The tincd is no longer running. ")); + + fprintf(stderr, _("Removing stale lock file.\n")); + remove_pid(pidfilename); + } + + return true; +#else + return remove_service(); +#endif } /* Detach from current terminal, write pidfile, kill parent */ -int detach(void) +bool detach(void) { -cp - setup_signals(); + cp(); + + setup_signals(); + + /* First check if we can open a fresh new pidfile */ - /* First check if we can open a fresh new pidfile */ - - if(write_pidfile()) - return -1; +#ifndef HAVE_MINGW + if(!write_pidfile()) + return false; - /* If we succeeded in doing that, detach */ + /* If we succeeded in doing that, detach */ - closelog(); + closelogger(); +#endif - if(do_detach) - { - if(daemon(0, 0) < 0) - { - fprintf(stderr, _("Couldn't detach from terminal: %s"), strerror(errno)); - return -1; + if(do_detach) { +#ifndef HAVE_MINGW + if(daemon(0, 0)) { + fprintf(stderr, _("Couldn't detach from terminal: %s"), + strerror(errno)); + return false; + } + + /* Now UPDATE the pid in the pidfile, because we changed it... */ + + if(!write_pid(pidfilename)) + return false; +#else + if(!statushandle) + exit(install_service()); +#endif } - /* Now UPDATE the pid in the pidfile, because we changed it... */ - - if(!write_pid(pidfilename)) - return -1; - } - - openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); - log_add_hook(log_syslog); - log_del_hook(log_default); - - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), - VERSION, __DATE__, __TIME__, debug_lvl); - else - syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); - - xalloc_fail_func = memory_full; -cp - return 0; + openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); + + logger(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), + VERSION, __DATE__, __TIME__, debug_level); + + xalloc_fail_func = memory_full; + + return true; } -/* - Execute the program name, with sane environment. All output will be - redirected to syslog. -*/ -void _execute_script(const char *scriptname) __attribute__ ((noreturn)); -void _execute_script(const char *scriptname) +bool execute_script(const char *name, char **envp) { - char *s; -cp -#ifdef HAVE_UNSETENV - unsetenv("NETNAME"); - unsetenv("DEVICE"); - unsetenv("INTERFACE"); +#ifdef HAVE_SYSTEM + int status, len; + struct stat s; + char *scriptname; + + cp(); + +#ifndef HAVE_MINGW + len = asprintf(&scriptname, "\"%s/%s\"", confbase, name); +#else + len = asprintf(&scriptname, "\"%s/%s.bat\"", confbase, name); #endif + if(len < 0) + return false; - if(netname) - { - asprintf(&s, "NETNAME=%s", netname); - putenv(s); /* Don't free s! see man 3 putenv */ - } - - if(device) - { - asprintf(&s, "DEVICE=%s", device); - putenv(s); /* Don't free s! see man 3 putenv */ - } - - if(interface) - { - asprintf(&s, "INTERFACE=%s", interface); - putenv(s); /* Don't free s! see man 3 putenv */ - } - - chdir("/"); - - /* Close all file descriptors */ - closelog(); /* <- this means we cannot use syslog() here anymore! */ - fcloseall(); - - execl(scriptname, NULL); - /* No return on success */ - - if(errno != ENOENT) /* Ignore if the file does not exist */ - exit(1); /* Some error while trying execl(). */ - else - exit(0); -} + scriptname[len - 1] = '\0'; -/* - Fork and execute the program pointed to by name. -*/ -int execute_script(const char *name) -{ - pid_t pid; - int status; - struct stat s; - char *scriptname; -cp - asprintf(&scriptname, "%s/%s", confbase, name); - - /* First check if there is a script */ - - if(stat(scriptname, &s)) - return 0; - - if((pid = fork()) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return -1; - } - - if(pid) - { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Executing script %s"), name); - - free(scriptname); - - if(waitpid(pid, &status, 0) == pid) - { - if(WIFEXITED(status)) /* Child exited by itself */ - { - if(WEXITSTATUS(status)) - { - syslog(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); - return -1; - } - else - return 0; - } - else if(WIFSIGNALED(status)) /* Child was killed by a signal */ - { - syslog(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), - pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); - return -1; - } - else /* Something strange happened */ - { - syslog(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); - return -1; - } - } - else - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); - return -1; - } - } -cp - /* Child here */ - - _execute_script(scriptname); + /* First check if there is a script */ + + if(stat(scriptname + 1, &s)) + return true; + + ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); + +#ifdef HAVE_PUTENV + /* Set environment */ + + while(*envp) + putenv(*envp++); +#endif + + scriptname[len - 1] = '\"'; + status = system(scriptname); + + free(scriptname); + + /* Unset environment? */ + +#ifdef WEXITSTATUS + if(status != -1) { + if(WIFEXITED(status)) { /* Child exited by itself */ + if(WEXITSTATUS(status)) { + logger(LOG_ERR, _("Script %s exited with non-zero status %d"), + name, WEXITSTATUS(status)); + return false; + } + } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ + logger(LOG_ERR, _("Script %s was killed by signal %d (%s)"), + name, WTERMSIG(status), strsignal(WTERMSIG(status))); + return false; + } else { /* Something strange happened */ + logger(LOG_ERR, _("Script %s terminated abnormally"), name); + return false; + } + } else { + logger(LOG_ERR, _("System call `%s' failed: %s"), "system", strerror(errno)); + return false; + } +#endif +#endif + return true; } @@ -327,186 +436,164 @@ cp Signal handlers. */ -RETSIGTYPE -sigterm_handler(int a) +#ifndef HAVE_MINGW +static RETSIGTYPE sigterm_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got TERM signal")); - - cleanup_and_exit(0); + logger(LOG_NOTICE, _("Got %s signal"), "TERM"); + running = false; } -RETSIGTYPE -sigquit_handler(int a) +static RETSIGTYPE sigquit_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got QUIT signal")); - cleanup_and_exit(0); + logger(LOG_NOTICE, _("Got %s signal"), "QUIT"); + running = false; } -RETSIGTYPE -fatal_signal_square(int a) +static RETSIGTYPE fatal_signal_square(int a) { - syslog(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); - cp_trace(); - exit(1); + logger(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, + strsignal(a)); + cp_trace(); + exit(1); } -RETSIGTYPE -fatal_signal_handler(int a) +static RETSIGTYPE fatal_signal_handler(int a) { - struct sigaction act; - syslog(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); - cp_trace(); - - if(do_detach) - { - syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); - - act.sa_handler = fatal_signal_square; - act.sa_mask = emptysigset; - act.sa_flags = 0; - sigaction(SIGSEGV, &act, NULL); - - close_network_connections(); - sleep(5); - remove_pid(pidfilename); - execvp(g_argv[0], g_argv); - } - else - { - syslog(LOG_NOTICE, _("Not restarting.")); - exit(1); - } + struct sigaction act; + logger(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); + cp_trace(); + + if(do_detach) { + logger(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); + + act.sa_handler = fatal_signal_square; + act.sa_mask = emptysigset; + act.sa_flags = 0; + sigaction(SIGSEGV, &act, NULL); + + close_network_connections(); + sleep(5); + remove_pid(pidfilename); + execvp(g_argv[0], g_argv); + } else { + logger(LOG_NOTICE, _("Not restarting.")); + exit(1); + } } -RETSIGTYPE -sighup_handler(int a) +static RETSIGTYPE sighup_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got HUP signal")); - sighup = 1; + logger(LOG_NOTICE, _("Got %s signal"), "HUP"); + sighup = true; } -RETSIGTYPE -sigint_handler(int a) +static RETSIGTYPE sigint_handler(int a) { - if(saved_debug_lvl) - { - syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), - saved_debug_lvl); - debug_lvl = saved_debug_lvl; - saved_debug_lvl = 0; - } - else - { - syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), - debug_lvl); - saved_debug_lvl = debug_lvl; - debug_lvl = 5; - } + logger(LOG_NOTICE, _("Got %s signal"), "INT"); + + if(saved_debug_level != -1) { + logger(LOG_NOTICE, _("Reverting to old debug level (%d)"), + saved_debug_level); + debug_level = saved_debug_level; + saved_debug_level = -1; + } else { + logger(LOG_NOTICE, + _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), + debug_level); + saved_debug_level = debug_level; + debug_level = 5; + } } -RETSIGTYPE -sigalrm_handler(int a) +static RETSIGTYPE sigalrm_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got ALRM signal")); - sigalrm = 1; + logger(LOG_NOTICE, _("Got %s signal"), "ALRM"); + sigalrm = true; } -RETSIGTYPE -sigusr1_handler(int a) +static RETSIGTYPE sigusr1_handler(int a) { - dump_connections(); + dump_connections(); } -RETSIGTYPE -sigusr2_handler(int a) +static RETSIGTYPE sigusr2_handler(int a) { - dump_device_stats(); - dump_nodes(); - dump_edges(); - dump_subnets(); + dump_device_stats(); + dump_nodes(); + dump_edges(); + dump_subnets(); } -RETSIGTYPE -sigwinch_handler(int a) +static RETSIGTYPE sigwinch_handler(int a) { - extern int do_purge; - do_purge = 1; + do_purge = true; } -RETSIGTYPE -unexpected_signal_handler(int a) +static RETSIGTYPE unexpected_signal_handler(int a) { - syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); - cp_trace(); + logger(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + cp_trace(); } -RETSIGTYPE -ignore_signal_handler(int a) +static RETSIGTYPE ignore_signal_handler(int a) { - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - syslog(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); - cp_trace(); - } + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); } -struct { - int signal; - void (*handler)(int); +static struct { + int signal; + void (*handler)(int); } sighandlers[] = { - { SIGHUP, sighup_handler }, - { SIGTERM, sigterm_handler }, - { SIGQUIT, sigquit_handler }, - { SIGSEGV, fatal_signal_handler }, - { SIGBUS, fatal_signal_handler }, - { SIGILL, fatal_signal_handler }, - { SIGPIPE, ignore_signal_handler }, - { SIGINT, sigint_handler }, - { SIGUSR1, sigusr1_handler }, - { SIGUSR2, sigusr2_handler }, - { SIGCHLD, ignore_signal_handler }, - { SIGALRM, sigalrm_handler }, - { SIGWINCH, sigwinch_handler }, - { 0, NULL } + {SIGHUP, sighup_handler}, + {SIGTERM, sigterm_handler}, + {SIGQUIT, sigquit_handler}, + {SIGSEGV, fatal_signal_handler}, + {SIGBUS, fatal_signal_handler}, + {SIGILL, fatal_signal_handler}, + {SIGPIPE, ignore_signal_handler}, + {SIGINT, sigint_handler}, + {SIGUSR1, sigusr1_handler}, + {SIGUSR2, sigusr2_handler}, + {SIGCHLD, ignore_signal_handler}, + {SIGALRM, sigalrm_handler}, + {SIGWINCH, sigwinch_handler}, + {0, NULL} }; +#endif -void -setup_signals(void) +void setup_signals(void) { - int i; - struct sigaction act; - - sigemptyset(&emptysigset); - act.sa_handler = NULL; - act.sa_mask = emptysigset; - act.sa_flags = 0; - - /* Set a default signal handler for every signal, errors will be - ignored. */ - for(i = 0; i < NSIG; i++) - { - if(!do_detach) - act.sa_handler = SIG_DFL; - else - act.sa_handler = unexpected_signal_handler; - sigaction(i, &act, NULL); - } - - /* If we didn't detach, allow coredumps */ - if(!do_detach) - sighandlers[3].handler = SIG_DFL; - - /* Then, for each known signal that we want to catch, assign a - handler to the signal, with error checking this time. */ - for(i = 0; sighandlers[i].signal; i++) - { - act.sa_handler = sighandlers[i].handler; - if(sigaction(sighandlers[i].signal, &act, NULL) < 0) - fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), - sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); - } +#ifndef HAVE_MINGW + int i; + struct sigaction act; + + sigemptyset(&emptysigset); + act.sa_handler = NULL; + act.sa_mask = emptysigset; + act.sa_flags = 0; + + /* Set a default signal handler for every signal, errors will be + ignored. */ + for(i = 0; i < NSIG; i++) { + if(!do_detach) + act.sa_handler = SIG_DFL; + else + act.sa_handler = unexpected_signal_handler; + sigaction(i, &act, NULL); + } + + /* If we didn't detach, allow coredumps */ + if(!do_detach) + sighandlers[3].handler = SIG_DFL; + + /* Then, for each known signal that we want to catch, assign a + handler to the signal, with error checking this time. */ + for(i = 0; sighandlers[i].signal; i++) { + act.sa_handler = sighandlers[i].handler; + if(sigaction(sighandlers[i].signal, &act, NULL) < 0) + fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), + sighandlers[i].signal, strsignal(sighandlers[i].signal), + strerror(errno)); + } +#endif } diff --git a/src/process.h b/src/process.h index cd791cb5..cf8de253 100644 --- a/src/process.h +++ b/src/process.h @@ -1,7 +1,7 @@ /* process.h -- header file for process.c - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,20 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: process.h,v 1.3 2003/08/24 20:38:27 guus Exp $ */ #ifndef __TINC_PROCESS_H__ #define __TINC_PROCESS_H__ -#include "config.h" - -extern int do_detach; +extern bool do_detach; +extern bool sighup; +extern bool sigalrm; extern void setup_signals(void); -extern int execute_script(const char *); -extern int detach(void); -extern int kill_other(int); -extern void cleanup_and_exit(int); +extern bool execute_script(const char *, char **); +extern bool detach(void); +extern bool kill_other(int); -#endif /* __TINC_PROCESS_H__ */ +#endif /* __TINC_PROCESS_H__ */ diff --git a/src/protocol.c b/src/protocol.c index f3a7cea4..c7f4b561 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,7 +1,7 @@ /* protocol.c -- handle the meta-protocol, basic functions - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,228 +17,235 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.31 2002/04/13 11:07:12 zarq Exp $ + $Id: protocol.c,v 1.32 2003/08/24 20:38:27 guus Exp $ */ -#include "config.h" +#include "system.h" -#include +#include "conf.h" +#include "connection.h" +#include "logger.h" +#include "meta.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" -#include -#include -#include -#include -#include +/* Jumptable for the request handlers */ -#include -#include +static bool (*request_handlers[])(connection_t *) = { + id_h, metakey_h, challenge_h, chal_reply_h, ack_h, + status_h, error_h, termreq_h, + ping_h, pong_h, + add_subnet_h, del_subnet_h, + add_edge_h, del_edge_h, + key_changed_h, req_key_h, ans_key_h, tcppacket_h, +}; -#include "conf.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "logging.h" +/* Request names */ -#include "system.h" +static char (*request_name[]) = { + "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", + "STATUS", "ERROR", "TERMREQ", + "PING", "PONG", + "ADD_SUBNET", "DEL_SUBNET", + "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", +}; -avl_tree_t *past_request_tree; +static avl_tree_t *past_request_tree; -int check_id(char *id) +bool check_id(const char *id) { - int i; + for(; *id; id++) + if(!isalnum(*id) && *id != '_') + return false; - for (i = 0; i < strlen(id); i++) - if(!isalnum(id[i]) && id[i] != '_') - return -1; - - return 0; + return true; } /* Generic request routines - takes care of logging and error detection as well */ -int send_request(connection_t *c, const char *format, ...) +bool send_request(connection_t *c, const char *format, ...) +{ + va_list args; + char buffer[MAXBUFSIZE]; + int len, request; + + cp(); + + /* Use vsnprintf instead of vasprintf: faster, no memory + fragmentation, cleanup is automatic, and there is a limit on the + input buffer anyway */ + + va_start(args, format); + len = vsnprintf(buffer, MAXBUFSIZE, format, args); + va_end(args); + + if(len < 0 || len > MAXBUFSIZE - 1) { + logger(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), + c->name, c->hostname); + return false; + } + + ifdebug(PROTOCOL) { + sscanf(buffer, "%d", &request); + ifdebug(META) + logger(LOG_DEBUG, _("Sending %s to %s (%s): %s"), + request_name[request], c->name, c->hostname, buffer); + else + logger(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], + c->name, c->hostname); + } + + buffer[len++] = '\n'; + + if(c == broadcast) { + broadcast_meta(NULL, buffer, len); + return true; + } else + return send_meta(c, buffer, len); +} + +void forward_request(connection_t *from) { - va_list args; - char buffer[MAXBUFSIZE]; - int len, request; - -cp - /* Use vsnprintf instead of vasprintf: faster, no memory - fragmentation, cleanup is automatic, and there is a limit on the - input buffer anyway */ - - va_start(args, format); - len = vsnprintf(buffer, MAXBUFSIZE, format, args); - va_end(args); - - if(len < 0 || len > MAXBUFSIZE-1) - { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_PROTOCOL) - { - sscanf(buffer, "%d", &request); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); - else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); - } - - buffer[len++] = '\n'; -cp - return send_meta(c, buffer, len); + int request; + + cp(); + + ifdebug(PROTOCOL) { + sscanf(from->buffer, "%d", &request); + ifdebug(META) + logger(LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), + request_name[request], from->name, from->hostname, + from->buffer); + else + logger(LOG_DEBUG, _("Forwarding %s from %s (%s)"), + request_name[request], from->name, from->hostname); + } + + from->buffer[from->reqlen - 1] = '\n'; + + broadcast_meta(from, from->buffer, from->reqlen); } -int receive_request(connection_t *c) +bool receive_request(connection_t *c) { - int request; -cp - if(sscanf(c->buffer, "%d", &request) == 1) - { - if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) - { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), - c->name, c->hostname, c->buffer); - else - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - c->name, c->hostname); - - return -1; - } - else - { - if(debug_lvl >= DEBUG_PROTOCOL) - { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), - request_name[request], c->name, c->hostname, c->buffer); - else - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], c->name, c->hostname); - } + int request; + + cp(); + + if(sscanf(c->buffer, "%d", &request) == 1) { + if((request < 0) || (request >= LAST) || !request_handlers[request]) { + ifdebug(META) + logger(LOG_DEBUG, _("Unknown request from %s (%s): %s"), + c->name, c->hostname, c->buffer); + else + logger(LOG_ERR, _("Unknown request from %s (%s)"), + c->name, c->hostname); + + return false; + } else { + ifdebug(PROTOCOL) { + ifdebug(META) + logger(LOG_DEBUG, _("Got %s from %s (%s): %s"), + request_name[request], c->name, c->hostname, + c->buffer); + else + logger(LOG_DEBUG, _("Got %s from %s (%s)"), + request_name[request], c->name, c->hostname); + } + } + + if((c->allow_request != ALL) && (c->allow_request != request)) { + logger(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, + c->hostname); + return false; + } + + if(!request_handlers[request](c)) { + /* Something went wrong. Probably scriptkiddies. Terminate. */ + + logger(LOG_ERR, _("Error while processing %s from %s (%s)"), + request_name[request], c->name, c->hostname); + return false; + } + } else { + logger(LOG_ERR, _("Bogus data received from %s (%s)"), + c->name, c->hostname); + return false; } - if((c->allow_request != ALL) && (c->allow_request != request)) - { - syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); - return -1; - } - - if(request_handlers[request](c)) - /* Something went wrong. Probably scriptkiddies. Terminate. */ - { - syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), - request_name[request], c->name, c->hostname); - return -1; - } - } - else - { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - c->name, c->hostname); - return -1; - } -cp - return 0; + return true; } -int past_request_compare(past_request_t *a, past_request_t *b) +static int past_request_compare(const past_request_t *a, const past_request_t *b) { -cp - return strcmp(a->request, b->request); + return strcmp(a->request, b->request); } -void free_past_request(past_request_t *r) +static void free_past_request(past_request_t *r) { -cp - if(r->request) - free(r->request); - free(r); -cp + cp(); + + if(r->request) + free(r->request); + + free(r); } void init_requests(void) { -cp - past_request_tree = avl_alloc_tree((avl_compare_t)past_request_compare, (avl_action_t)free_past_request); -cp + cp(); + + past_request_tree = avl_alloc_tree((avl_compare_t) past_request_compare, (avl_action_t) free_past_request); } void exit_requests(void) { -cp - avl_delete_tree(past_request_tree); -cp + cp(); + + avl_delete_tree(past_request_tree); } -int seen_request(char *request) +bool seen_request(char *request) { - past_request_t p, *new; -cp - p.request = request; - - if(avl_search(past_request_tree, &p)) - { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Already seen request")); - return 1; - } - else - { - new = (past_request_t *)xmalloc(sizeof(*new)); - new->request = xstrdup(request); - new->firstseen = now; - avl_insert(past_request_tree, new); - return 0; - } -cp + past_request_t *new, p = {0}; + + cp(); + + p.request = request; + + if(avl_search(past_request_tree, &p)) { + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Already seen request")); + return true; + } else { + new = (past_request_t *) xmalloc(sizeof(*new)); + new->request = xstrdup(request); + new->firstseen = now; + avl_insert(past_request_tree, new); + return false; + } } void age_past_requests(void) { - avl_node_t *node, *next; - past_request_t *p; - int left = 0, deleted = 0; -cp - for(node = past_request_tree->head; node; node = next) - { - next = node->next; - p = (past_request_t *)node->data; - if(p->firstseen + pingtimeout < now) - avl_delete_node(past_request_tree, node), deleted++; - else - left++; - } - - if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) - syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); -cp -} + avl_node_t *node, *next; + past_request_t *p; + int left = 0, deleted = 0; -/* Jumptable for the request handlers */ + cp(); -int (*request_handlers[])(connection_t*) = { - id_h, metakey_h, challenge_h, chal_reply_h, ack_h, - status_h, error_h, termreq_h, - ping_h, pong_h, - add_subnet_h, del_subnet_h, - add_edge_h, del_edge_h, - key_changed_h, req_key_h, ans_key_h, - tcppacket_h, -}; + for(node = past_request_tree->head; node; node = next) { + next = node->next; + p = (past_request_t *) node->data; -/* Request names */ + if(p->firstseen + pingtimeout < now) + avl_delete_node(past_request_tree, node), deleted++; + else + left++; + } -char (*request_name[]) = { - "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", - "STATUS", "ERROR", "TERMREQ", - "PING", "PONG", - "ADD_SUBNET", "DEL_SUBNET", - "ADD_EDGE", "DEL_EDGE", - "KEY_CHANGED", "REQ_KEY", "ANS_KEY", - "PACKET", -}; + if(left || deleted) + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Aging past requests: deleted %d, left %d"), + deleted, left); +} diff --git a/src/protocol.h b/src/protocol.h index 58267918..0202af73 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -1,7 +1,7 @@ /* protocol.h -- header for protocol.c - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,40 +17,41 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.8 2002/04/28 12:46:26 zarq Exp $ + $Id: protocol.h,v 1.9 2003/08/24 20:38:27 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ #define __TINC_PROTOCOL_H__ -#include "net.h" -#include "node.h" -#include "subnet.h" - /* Protocol version. Different versions are incompatible, incompatible version have different protocols. */ -#define PROT_CURRENT 14 +#define PROT_CURRENT 17 + +/* Silly Windows */ + +#ifdef ERROR +#undef ERROR +#endif /* Request numbers */ -enum { - ALL = -1, /* Guardian for allow_request */ - ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, - STATUS, ERROR, TERMREQ, - PING, PONG, - /* ADD_NODE, DEL_NODE, */ - ADD_SUBNET, DEL_SUBNET, - ADD_EDGE, DEL_EDGE, - KEY_CHANGED, REQ_KEY, ANS_KEY, - PACKET, - LAST /* Guardian for the highest request number */ -}; +typedef enum request_t { + ALL = -1, /* Guardian for allow_request */ + ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, + STATUS, ERROR, TERMREQ, + PING, PONG, + ADD_SUBNET, DEL_SUBNET, + ADD_EDGE, DEL_EDGE, + KEY_CHANGED, REQ_KEY, ANS_KEY, + PACKET, + LAST /* Guardian for the highest request number */ +} request_t; typedef struct past_request_t { - char *request; - time_t firstseen; + char *request; + time_t firstseen; } past_request_t; /* Maximum size of strings in a request */ @@ -58,63 +59,63 @@ typedef struct past_request_t { #define MAX_STRING_SIZE 2048 #define MAX_STRING "%2048s" +#include "edge.h" +#include "net.h" +#include "node.h" +#include "subnet.h" + /* Basic functions */ -extern int send_request(connection_t*, const char*, ...); -extern int receive_request(connection_t *); -extern int check_id(char *); +extern bool send_request(struct connection_t *, const char *, ...) __attribute__ ((__format__(printf, 2, 3))); +extern void forward_request(struct connection_t *); +extern bool receive_request(struct connection_t *); +extern bool check_id(const char *); extern void init_requests(void); extern void exit_requests(void); -extern int seen_request(char *); +extern bool seen_request(char *); extern void age_past_requests(void); /* Requests */ -extern int send_id(connection_t *); -extern int send_metakey(connection_t *); -extern int send_challenge(connection_t *); -extern int send_chal_reply(connection_t *); -extern int send_ack(connection_t *); -extern int send_status(connection_t *, int, char *); -extern int send_error(connection_t *, int, char *); -extern int send_termreq(connection_t *); -extern int send_ping(connection_t *); -extern int send_pong(connection_t *); -/* extern int send_add_node(connection_t *, node_t *); */ -/* extern int send_del_node(connection_t *, node_t *); */ -extern int send_add_subnet(connection_t *, subnet_t *); -extern int send_del_subnet(connection_t *, subnet_t *); -extern int send_add_edge(connection_t *, edge_t *); -extern int send_del_edge(connection_t *, edge_t *); -extern int send_key_changed(connection_t *, node_t *); -extern int send_req_key(connection_t *, node_t *, node_t *); -extern int send_ans_key(connection_t *, node_t *, node_t *); -extern int send_tcppacket(connection_t *, vpn_packet_t *); +extern bool send_id(struct connection_t *); +extern bool send_metakey(struct connection_t *); +extern bool send_challenge(struct connection_t *); +extern bool send_chal_reply(struct connection_t *); +extern bool send_ack(struct connection_t *); +extern bool send_status(struct connection_t *, int, const char *); +extern bool send_error(struct connection_t *, int,const char *); +extern bool send_termreq(struct connection_t *); +extern bool send_ping(struct connection_t *); +extern bool send_pong(struct connection_t *); +extern bool send_add_subnet(struct connection_t *, const struct subnet_t *); +extern bool send_del_subnet(struct connection_t *, const struct subnet_t *); +extern bool send_add_edge(struct connection_t *, const struct edge_t *); +extern bool send_del_edge(struct connection_t *, const struct edge_t *); +extern bool send_key_changed(struct connection_t *, const struct node_t *); +extern bool send_req_key(struct connection_t *, const struct node_t *, const struct node_t *); +extern bool send_ans_key(struct connection_t *, const struct node_t *, const struct node_t *); +extern bool send_tcppacket(struct connection_t *, struct vpn_packet_t *); /* Request handlers */ -extern int (*request_handlers[])(connection_t *); - -extern int id_h(connection_t *); -extern int metakey_h(connection_t *); -extern int challenge_h(connection_t *); -extern int chal_reply_h(connection_t *); -extern int ack_h(connection_t *); -extern int status_h(connection_t *); -extern int error_h(connection_t *); -extern int termreq_h(connection_t *); -extern int ping_h(connection_t *); -extern int pong_h(connection_t *); -/* extern int add_node_h(connection_t *); */ -/* extern int del_node_h(connection_t *); */ -extern int add_subnet_h(connection_t *); -extern int del_subnet_h(connection_t *); -extern int add_edge_h(connection_t *); -extern int del_edge_h(connection_t *); -extern int key_changed_h(connection_t *); -extern int req_key_h(connection_t *); -extern int ans_key_h(connection_t *); -extern int tcppacket_h(connection_t *); - -#endif /* __TINC_PROTOCOL_H__ */ +extern bool id_h(struct connection_t *); +extern bool metakey_h(struct connection_t *); +extern bool challenge_h(struct connection_t *); +extern bool chal_reply_h(struct connection_t *); +extern bool ack_h(struct connection_t *); +extern bool status_h(struct connection_t *); +extern bool error_h(struct connection_t *); +extern bool termreq_h(struct connection_t *); +extern bool ping_h(struct connection_t *); +extern bool pong_h(struct connection_t *); +extern bool add_subnet_h(struct connection_t *); +extern bool del_subnet_h(struct connection_t *); +extern bool add_edge_h(struct connection_t *); +extern bool del_edge_h(struct connection_t *); +extern bool key_changed_h(struct connection_t *); +extern bool req_key_h(struct connection_t *); +extern bool ans_key_h(struct connection_t *); +extern bool tcppacket_h(struct connection_t *); + +#endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 4359fb54..360cf9c1 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,634 +17,550 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.4 2002/04/28 12:46:26 zarq Exp $ + $Id: protocol_auth.c,v 1.5 2003/08/24 20:38:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" -#ifdef USE_OPENSSL #include #include #include -#endif - -#ifdef USE_GCRYPT -#include -#endif - -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif +#include "avl_tree.h" #include "conf.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" #include "connection.h" -#include "node.h" #include "edge.h" #include "graph.h" -#include "logging.h" - -#include "system.h" +#include "logger.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" -int send_id(connection_t *c) +bool send_id(connection_t *c) { -cp - return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); + cp(); + + return send_request(c, "%d %s %d", ID, myself->connection->name, + myself->connection->protocol_version); } -int id_h(connection_t *c) +bool id_h(connection_t *c) { - char name[MAX_STRING_SIZE]; - int bla; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); - return -1; - } - - /* Check if identity is a valid name */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); - return -1; - } - - /* If we set c->name in advance, make sure we are connected to the right host */ - - if(c->name) - { - if(strcmp(c->name, name)) - { - syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); - return -1; - } - } - else - c->name = xstrdup(name); - - /* Check if version matches */ - - if(c->protocol_version != myself->connection->protocol_version) - { - syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), - c->name, c->hostname, c->protocol_version); - return -1; - } - - if(bypass_security) - { - if(!c->config_tree) - init_configuration(&c->config_tree); - c->allow_request = ACK; - return send_ack(c); - } - - if(!c->config_tree) - { - init_configuration(&c->config_tree); - - if((bla = read_connection_config(c))) - { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); - return -1; - } - } - - if(read_rsa_public_key(c)) - { - return -1; - } - - /* Check some options */ - - if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT) - c->options |= OPTION_INDIRECT; - - if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY) - c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - - c->allow_request = METAKEY; -cp - return send_metakey(c); + char name[MAX_STRING_SIZE]; + bool choice; + + cp(); + + if(sscanf(c->buffer, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, + c->hostname); + return false; + } + + /* Check if identity is a valid name */ + + if(!check_id(name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, + c->hostname, "invalid name"); + return false; + } + + /* If we set c->name in advance, make sure we are connected to the right host */ + + if(c->name) { + if(strcmp(c->name, name)) { + logger(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, + c->name); + return false; + } + } else + c->name = xstrdup(name); + + /* Check if version matches */ + + if(c->protocol_version != myself->connection->protocol_version) { + logger(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + c->name, c->hostname, c->protocol_version); + return false; + } + + if(bypass_security) { + if(!c->config_tree) + init_configuration(&c->config_tree); + c->allow_request = ACK; + return send_ack(c); + } + + if(!c->config_tree) { + init_configuration(&c->config_tree); + + if(!read_connection_config(c)) { + logger(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, + c->name); + return false; + } + } + + if(!read_rsa_public_key(c)) { + return false; + } + + /* Check some options */ + + if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &choice) && choice) || myself->options & OPTION_INDIRECT) + c->options |= OPTION_INDIRECT; + + if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) + c->options |= OPTION_TCPONLY | OPTION_INDIRECT; + + c->allow_request = METAKEY; + + return send_metakey(c); } -int send_metakey(connection_t *c) +bool send_metakey(connection_t *c) { - char buffer[MAX_STRING_SIZE]; - int len, x; -cp -#ifdef USE_OPENSSL - len = RSA_size(c->rsa_key); - - /* Allocate buffers for the meta key */ - - if(!c->outkey) - c->outkey = xmalloc(len); - - if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); -cp - /* Copy random data to the buffer */ - - RAND_bytes(c->outkey, len); -#endif - -#ifdef USE_GCRYPT - len = 123; /* FIXME: RSA key length */ - c->outkey = gcry_random_bytes(len, GCRY_WEAK_RANDOM); -#endif - - /* The message we send must be smaller than the modulus of the RSA key. - By definition, for a key of k bits, the following formula holds: - - 2^(k-1) <= modulus < 2^(k) - - Where ^ means "to the power of", not "xor". - This means that to be sure, we must choose our message < 2^(k-1). - This can be done by setting the most significant bit to zero. - */ - - c->outkey[0] &= 0x7F; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->outkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); - } - - /* Encrypt the random data - - We do not use one of the PKCS padding schemes here. - This is allowed, because we encrypt a totally random string - with a length equal to that of the modulus of the RSA key. - */ - -#ifdef USE_OPENSSL - if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } -#endif -cp - /* Convert the encrypted random data to a hexadecimal formatted string */ - -#ifdef USE_OPENSSL - bin2hex(buffer, buffer, len); -#endif - buffer[len*2] = '\0'; - - /* Send the meta key */ - -#ifdef USE_OPENSSL - x = send_request(c, "%d %d %d %d %d %s", METAKEY, - c->outcipher?c->outcipher->nid:0, c->outdigest?c->outdigest->type:0, - c->outmaclength, c->outcompression, buffer); -#endif - - /* Further outgoing requests are encrypted with the key we just generated */ - -#ifdef USE_OPENSSL - if(c->outcipher) - { - EVP_EncryptInit(c->outctx, c->outcipher, - c->outkey + len - c->outcipher->key_len, - c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len); - - c->status.encryptout = 1; - } -#endif -cp - return x; + char buffer[MAX_STRING_SIZE]; + int len; + bool x; + + cp(); + + len = RSA_size(c->rsa_key); + + /* Allocate buffers for the meta key */ + + if(!c->outkey) + c->outkey = xmalloc(len); + + if(!c->outctx) + c->outctx = xmalloc_and_zero(sizeof(*c->outctx)); + cp(); + /* Copy random data to the buffer */ + + RAND_bytes(c->outkey, len); + + /* The message we send must be smaller than the modulus of the RSA key. + By definition, for a key of k bits, the following formula holds: + + 2^(k-1) <= modulus < 2^(k) + + Where ^ means "to the power of", not "xor". + This means that to be sure, we must choose our message < 2^(k-1). + This can be done by setting the most significant bit to zero. + */ + + c->outkey[0] &= 0x7F; + + ifdebug(SCARY_THINGS) { + bin2hex(c->outkey, buffer, len); + buffer[len * 2] = '\0'; + logger(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), + buffer); + } + + /* Encrypt the random data + + We do not use one of the PKCS padding schemes here. + This is allowed, because we encrypt a totally random string + with a length equal to that of the modulus of the RSA key. + */ + + if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { + logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + c->name, c->hostname); + return false; + } + + /* Convert the encrypted random data to a hexadecimal formatted string */ + + bin2hex(buffer, buffer, len); + buffer[len * 2] = '\0'; + + /* Send the meta key */ + + x = send_request(c, "%d %d %d %d %d %s", METAKEY, + c->outcipher ? c->outcipher->nid : 0, + c->outdigest ? c->outdigest->type : 0, c->outmaclength, + c->outcompression, buffer); + + /* Further outgoing requests are encrypted with the key we just generated */ + + if(c->outcipher) { + EVP_EncryptInit(c->outctx, c->outcipher, + c->outkey + len - c->outcipher->key_len, + c->outkey + len - c->outcipher->key_len - + c->outcipher->iv_len); + + c->status.encryptout = true; + } + + return x; } -int metakey_h(connection_t *c) +bool metakey_h(connection_t *c) { - char buffer[MAX_STRING_SIZE]; - int cipher, digest, maclength, compression; - int len; -cp - if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); - return -1; - } -cp -#ifdef USE_OPENSSL - len = RSA_size(myself->connection->rsa_key); -#endif - - /* Check if the length of the meta key is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); - return -1; - } - - /* Allocate buffers for the meta key */ -cp - if(!c->inkey) - c->inkey = xmalloc(len); - -#ifdef USE_OPENSSL - if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); -#endif - - /* Convert the challenge from hexadecimal back to binary */ -cp - hex2bin(buffer,buffer,len); - - /* Decrypt the meta key */ -cp -#ifdef USE_OPENSSL - if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } -#endif - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->inkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); - } - - /* All incoming requests will now be encrypted. */ -cp - /* Check and lookup cipher and digest algorithms */ - - if(cipher) - { -#ifdef USE_OPENSSL - c->incipher = EVP_get_cipherbynid(cipher); - if(!c->incipher) - { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); - return -1; + char buffer[MAX_STRING_SIZE]; + int cipher, digest, maclength, compression; + int len; + + cp(); + + if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, + c->hostname); + return false; + } + + len = RSA_size(myself->connection->rsa_key); + + /* Check if the length of the meta key is all right */ + + if(strlen(buffer) != len * 2) { + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); + return false; + } + + /* Allocate buffers for the meta key */ + + if(!c->inkey) + c->inkey = xmalloc(len); + + if(!c->inctx) + c->inctx = xmalloc_and_zero(sizeof(*c->inctx)); + + /* Convert the challenge from hexadecimal back to binary */ + + hex2bin(buffer, buffer, len); + + /* Decrypt the meta key */ + + if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ + logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + c->name, c->hostname); + return false; } - EVP_DecryptInit(c->inctx, c->incipher, - c->inkey + len - c->incipher->key_len, - c->inkey + len - c->incipher->key_len - c->incipher->iv_len); - - c->status.decryptin = 1; -#endif - } - else - { - c->incipher = NULL; - } - - c->inmaclength = maclength; - - if(digest) - { -#ifdef USE_OPENSSL - c->indigest = EVP_get_digestbynid(digest); - if(!c->indigest) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); - return -1; + ifdebug(SCARY_THINGS) { + bin2hex(c->inkey, buffer, len); + buffer[len * 2] = '\0'; + logger(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } - - if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) - { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); - return -1; + + /* All incoming requests will now be encrypted. */ + + /* Check and lookup cipher and digest algorithms */ + + if(cipher) { + c->incipher = EVP_get_cipherbynid(cipher); + + if(!c->incipher) { + logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); + return false; + } + + EVP_DecryptInit(c->inctx, c->incipher, + c->inkey + len - c->incipher->key_len, + c->inkey + len - c->incipher->key_len - + c->incipher->iv_len); + + c->status.decryptin = true; + } else { + c->incipher = NULL; } -#endif - } - else - { - c->indigest = NULL; - } - - c->incompression = compression; - - c->allow_request = CHALLENGE; -cp - return send_challenge(c); + + c->inmaclength = maclength; + + if(digest) { + c->indigest = EVP_get_digestbynid(digest); + + if(!c->indigest) { + logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); + return false; + } + + if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { + logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); + return false; + } + } else { + c->indigest = NULL; + } + + c->incompression = compression; + + c->allow_request = CHALLENGE; + + return send_challenge(c); } -int send_challenge(connection_t *c) +bool send_challenge(connection_t *c) { - char buffer[MAX_STRING_SIZE]; - int len, x; -cp - /* CHECKME: what is most reasonable value for len? */ + char buffer[MAX_STRING_SIZE]; + int len; + + cp(); -#ifdef USE_OPENSSL - len = RSA_size(c->rsa_key); -#endif + /* CHECKME: what is most reasonable value for len? */ - /* Allocate buffers for the challenge */ + len = RSA_size(c->rsa_key); - if(!c->hischallenge) - c->hischallenge = xmalloc(len); -cp - /* Copy random data to the buffer */ + /* Allocate buffers for the challenge */ -#ifdef USE_OPENSSL - RAND_bytes(c->hischallenge, len); -#endif + if(!c->hischallenge) + c->hischallenge = xmalloc(len); -cp - /* Convert to hex */ + /* Copy random data to the buffer */ - bin2hex(c->hischallenge, buffer, len); - buffer[len*2] = '\0'; + RAND_bytes(c->hischallenge, len); -cp - /* Send the challenge */ + /* Convert to hex */ - x = send_request(c, "%d %s", CHALLENGE, buffer); -cp - return x; + bin2hex(c->hischallenge, buffer, len); + buffer[len * 2] = '\0'; + + /* Send the challenge */ + + return send_request(c, "%d %s", CHALLENGE, buffer); } -int challenge_h(connection_t *c) +bool challenge_h(connection_t *c) { - char buffer[MAX_STRING_SIZE]; - int len; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); - return -1; - } + char buffer[MAX_STRING_SIZE]; + int len; -#ifdef USE_OPENSSL - len = RSA_size(myself->connection->rsa_key); -#endif + cp(); - /* Check if the length of the challenge is all right */ + if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, + c->hostname); + return false; + } - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); - return -1; - } + len = RSA_size(myself->connection->rsa_key); - /* Allocate buffers for the challenge */ + /* Check if the length of the challenge is all right */ + + if(strlen(buffer) != len * 2) { + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, "wrong challenge length"); + return false; + } - if(!c->mychallenge) - c->mychallenge = xmalloc(len); + /* Allocate buffers for the challenge */ - /* Convert the challenge from hexadecimal back to binary */ + if(!c->mychallenge) + c->mychallenge = xmalloc(len); - hex2bin(buffer,c->mychallenge,len); + /* Convert the challenge from hexadecimal back to binary */ - c->allow_request = CHAL_REPLY; + hex2bin(buffer, c->mychallenge, len); - /* Rest is done by send_chal_reply() */ -cp - return send_chal_reply(c); + c->allow_request = CHAL_REPLY; + + /* Rest is done by send_chal_reply() */ + + return send_chal_reply(c); } -int send_chal_reply(connection_t *c) +bool send_chal_reply(connection_t *c) { -#ifdef USE_OPENSSL - char hash[EVP_MAX_MD_SIZE*2+1]; - EVP_MD_CTX ctx; -cp - /* Calculate the hash from the challenge we received */ + char hash[EVP_MAX_MD_SIZE * 2 + 1]; + EVP_MD_CTX ctx; + + cp(); + + /* Calculate the hash from the challenge we received */ - EVP_DigestInit(&ctx, c->indigest); - EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)); - EVP_DigestFinal(&ctx, hash, NULL); + EVP_DigestInit(&ctx, c->indigest); + EVP_DigestUpdate(&ctx, c->mychallenge, + RSA_size(myself->connection->rsa_key)); + EVP_DigestFinal(&ctx, hash, NULL); - /* Convert the hash to a hexadecimal formatted string */ + /* Convert the hash to a hexadecimal formatted string */ - bin2hex(hash,hash,c->indigest->md_size); - hash[c->indigest->md_size*2] = '\0'; + bin2hex(hash, hash, c->indigest->md_size); + hash[c->indigest->md_size * 2] = '\0'; - /* Send the reply */ + /* Send the reply */ -cp - return send_request(c, "%d %s", CHAL_REPLY, hash); -#endif -#ifdef USE_GCRYPT - return 0; -#endif + return send_request(c, "%d %s", CHAL_REPLY, hash); } -int chal_reply_h(connection_t *c) +bool chal_reply_h(connection_t *c) { -#ifdef USE_OPENSSL - char hishash[MAX_STRING_SIZE]; - char myhash[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); - return -1; - } - - /* Check if the length of the hash is all right */ - - if(strlen(hishash) != c->outdigest->md_size*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); - return -1; - } - - /* Convert the hash to binary format */ - - hex2bin(hishash, hishash, c->outdigest->md_size); - - /* Calculate the hash from the challenge we sent */ - - EVP_DigestInit(&ctx, c->outdigest); - EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); - EVP_DigestFinal(&ctx, myhash, NULL); - - /* Verify the incoming hash with the calculated hash */ - - if(memcmp(hishash, myhash, c->outdigest->md_size)) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); - hishash[SHA_DIGEST_LENGTH*2] = '\0'; - syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); - } - return -1; - } - - /* Identity has now been positively verified. - Send an acknowledgement with the rest of the information needed. - */ - -#endif - - c->allow_request = ACK; -cp - return send_ack(c); + char hishash[MAX_STRING_SIZE]; + char myhash[EVP_MAX_MD_SIZE]; + EVP_MD_CTX ctx; + + cp(); + + if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, + c->hostname); + return false; + } + + /* Check if the length of the hash is all right */ + + if(strlen(hishash) != c->outdigest->md_size * 2) { + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, _("wrong challenge reply length")); + return false; + } + + /* Convert the hash to binary format */ + + hex2bin(hishash, hishash, c->outdigest->md_size); + + /* Calculate the hash from the challenge we sent */ + + EVP_DigestInit(&ctx, c->outdigest); + EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); + EVP_DigestFinal(&ctx, myhash, NULL); + + /* Verify the incoming hash with the calculated hash */ + + if(memcmp(hishash, myhash, c->outdigest->md_size)) { + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, _("wrong challenge reply")); + + ifdebug(SCARY_THINGS) { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH * 2] = '\0'; + logger(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } + + return false; + } + + /* Identity has now been positively verified. + Send an acknowledgement with the rest of the information needed. + */ + + c->allow_request = ACK; + + return send_ack(c); } -int send_ack(connection_t *c) +bool send_ack(connection_t *c) { - /* ACK message contains rest of the information the other end needs - to create node_t and edge_t structures. */ - - int x; - char *address, *port; - struct timeval now; -cp - /* Estimate weight */ - - gettimeofday(&now, NULL); - c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %d %lx", ACK, myport, address, c->estimated_weight, c->options); - free(address); - free(port); -cp - return x; + /* ACK message contains rest of the information the other end needs + to create node_t and edge_t structures. */ + + struct timeval now; + + cp(); + + /* Estimate weight */ + + gettimeofday(&now, NULL); + c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; + + return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } -void send_everything(connection_t *c) +static void send_everything(connection_t *c) { - avl_node_t *node, *node2; - node_t *n; - subnet_t *s; - edge_t *e; - - /* Send all known subnets */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - - for(node2 = n->subnet_tree->head; node2; node2 = node2->next) - { - s = (subnet_t *)node2->data; - send_add_subnet(c, s); - } - } - - /* Send all known edges */ - - for(node = edge_tree->head; node; node = node->next) - { - e = (edge_t *)node->data; - - if(e == c->edge) - continue; - - send_add_edge(c, e); - } + avl_node_t *node, *node2; + node_t *n; + subnet_t *s; + edge_t *e; + + /* Send all known subnets and edges */ + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + + for(node2 = n->subnet_tree->head; node2; node2 = node2->next) { + s = (subnet_t *) node2->data; + send_add_subnet(c, s); + } + + for(node2 = n->edge_tree->head; node2; node2 = node2->next) { + e = (edge_t *) node2->data; + send_add_edge(c, e); + } + } } -int ack_h(connection_t *c) +bool ack_h(connection_t *c) { - char myaddress[MAX_STRING_SIZE]; - char hisport[MAX_STRING_SIZE]; - char *hisaddress, *dummy; - int weight; - long int options; - node_t *n; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %lx", hisport, myaddress, &weight, &options) != 4) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); - return -1; - } - - /* Check if we already have a node_t for him */ - - n = lookup_node(c->name); - - if(!n) - { - n = new_node(); - n->name = xstrdup(c->name); - node_add(n); - } - else - { - if(n->connection) - { - /* Oh dear, we already have a connection to this node. */ - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); - terminate_connection(n->connection, 0); - } - - /* FIXME: check if information in existing node matches that of the other end of this connection */ - } - - n->connection = c; - c->node = n; - c->options |= options; - - /* Create an edge_t for this connection */ - - c->edge = new_edge(); -cp - c->edge->from.node = myself; - c->edge->from.udpaddress = str2sockaddr(myaddress, myport); - c->edge->to.node = n; - sockaddr2str(&c->address, &hisaddress, &dummy); - c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); - free(hisaddress); - free(dummy); - c->edge->weight = (weight + c->estimated_weight) / 2; - c->edge->connection = c; - c->edge->options = c->options; -cp - edge_add(c->edge); - - /* Activate this connection */ - - c->allow_request = ALL; - c->status.active = 1; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); - -cp - /* Send him everything we know */ - - send_everything(c); - - /* Notify others of this connection */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - - if(other->status.active && other != c) - send_add_edge(other, c->edge); - } - - /* Run MST and SSSP algorithms */ - - graph(); -cp - return 0; + char hisport[MAX_STRING_SIZE]; + char *hisaddress, *dummy; + int weight; + long int options; + node_t *n; + + cp(); + + if(sscanf(c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, + c->hostname); + return false; + } + + /* Check if we already have a node_t for him */ + + n = lookup_node(c->name); + + if(!n) { + n = new_node(); + n->name = xstrdup(c->name); + node_add(n); + } else { + if(n->connection) { + /* Oh dear, we already have a connection to this node. */ + ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), + n->name, n->hostname); + terminate_connection(n->connection, false); + /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ + graph(); + } + } + + n->connection = c; + c->node = n; + c->options |= options; + + /* Activate this connection */ + + c->allow_request = ALL; + c->status.active = true; + + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, + c->hostname); + + /* Send him everything we know */ + + send_everything(c); + + /* Create an edge_t for this connection */ + + c->edge = new_edge(); + cp(); + c->edge->from = myself; + c->edge->to = n; + sockaddr2str(&c->address, &hisaddress, &dummy); + c->edge->address = str2sockaddr(hisaddress, hisport); + free(hisaddress); + free(dummy); + c->edge->weight = (weight + c->estimated_weight) / 2; + c->edge->connection = c; + c->edge->options = c->options; + + edge_add(c->edge); + + /* Notify everyone of the new edge */ + + send_add_edge(broadcast, c->edge); + + /* Run MST and SSSP algorithms */ + + graph(); + + return true; } diff --git a/src/protocol_edge.c b/src/protocol_edge.c index b9fec18a..4d4276ab 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -1,7 +1,7 @@ /* protocol_edge.c -- handle the meta-protocol, edges - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,282 +17,238 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.3 2002/04/13 11:07:12 zarq Exp $ + $Id: protocol_edge.c,v 1.4 2003/08/24 20:38:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" +#include "avl_tree.h" #include "conf.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" #include "connection.h" -#include "node.h" #include "edge.h" #include "graph.h" -#include "logging.h" - -#include "system.h" +#include "logger.h" +#include "meta.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" -int send_add_edge(connection_t *c, edge_t *e) +bool send_add_edge(connection_t *c, const edge_t *e) { - int x; - char *from_udpaddress, *from_udpport; - char *to_udpaddress, *to_udpport; -cp - sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); - sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); - x = send_request(c, "%d %lx %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), - e->from.node->name, from_udpaddress, from_udpport, - e->to.node->name, to_udpaddress, to_udpport, - e->options, e->weight); - free(from_udpaddress); - free(from_udpport); - free(to_udpaddress); - free(to_udpport); -cp - return x; + bool x; + char *address, *port; + + cp(); + + sockaddr2str(&e->address, &address, &port); + + x = send_request(c, "%d %lx %s %s %s %s %lx %d", ADD_EDGE, random(), + e->from->name, e->to->name, address, port, + e->options, e->weight); + free(address); + free(port); + + return x; } -int add_edge_h(connection_t *c) +bool add_edge_h(connection_t *c) { - connection_t *other; - edge_t *e; - node_t *from, *to; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char from_address[MAX_STRING_SIZE]; - char from_udpport[MAX_STRING_SIZE]; - char to_address[MAX_STRING_SIZE]; - char to_udpport[MAX_STRING_SIZE]; - sockaddr_t from_udpaddress; - sockaddr_t to_udpaddress; - long int options; - int weight; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", - from_name, from_address, from_udpport, - to_name, to_address, to_udpport, - &options, &weight) != 8) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* Lookup nodes */ - - from = lookup_node(from_name); - - if(!from) - { - from = new_node(); - from->name = xstrdup(from_name); - node_add(from); - } - - to = lookup_node(to_name); - - if(!to) - { - to = new_node(); - to->name = xstrdup(to_name); - node_add(to); - } - - /* Convert addresses */ - - from_udpaddress = str2sockaddr(from_address, from_udpport); - to_udpaddress = str2sockaddr(to_address, to_udpport); - - /* Check if edge already exists */ - - e = lookup_edge(from, to); - - if(e) - { - if(e->weight != weight || e->options != options - || ((e->from.node == from) && (sockaddrcmp(&e->from.udpaddress, &from_udpaddress)|| sockaddrcmp(&e->to.udpaddress, &to_udpaddress))) - || ((e->from.node == to) && (sockaddrcmp(&e->from.udpaddress, &to_udpaddress) || sockaddrcmp(&e->to.udpaddress, &from_udpaddress))) - ) - { - if(from == myself || to == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - send_add_edge(c, e); - return 0; - } - else - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - edge_del(e); - } - } - else - return 0; - } - else if(from == myself || to == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); - e = new_edge(); - e->from.node = from; - e->to.node = to; - send_del_edge(c, e); - free_edge(e); - return 0; - } - - e = new_edge(); - e->from.node = from; - e->from.udpaddress = from_udpaddress; - e->to.node = to; - e->to.udpaddress = to_udpaddress; - e->options = options; - e->weight = weight; - edge_add(e); - - /* Tell the rest about the new edge */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } - - /* Run MST before or after we tell the rest? */ - - graph(); -cp - return 0; + edge_t *e; + node_t *from, *to; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char to_address[MAX_STRING_SIZE]; + char to_port[MAX_STRING_SIZE]; + sockaddr_t address; + long int options; + int weight; + + cp(); + + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + from_name, to_name, to_address, to_port, &options, &weight) != 6) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, + c->hostname); + return false; + } + + /* Check if names are valid */ + + if(!check_id(from_name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + c->hostname, _("invalid name")); + return false; + } + + if(!check_id(to_name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + c->hostname, _("invalid name")); + return false; + } + + if(seen_request(c->buffer)) + return true; + + /* Lookup nodes */ + + from = lookup_node(from_name); + + if(!from) { + from = new_node(); + from->name = xstrdup(from_name); + node_add(from); + } + + to = lookup_node(to_name); + + if(!to) { + to = new_node(); + to->name = xstrdup(to_name); + node_add(to); + } + + /* Convert addresses */ + + address = str2sockaddr(to_address, to_port); + + /* Check if edge already exists */ + + e = lookup_edge(from, to); + + if(e) { + if(e->weight != weight || e->options != options || sockaddrcmp(&e->address, &address)) { + if(from == myself) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), + "ADD_EDGE", c->name, c->hostname); + send_add_edge(c, e); + return true; + } else { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), + "ADD_EDGE", c->name, c->hostname); + edge_del(e); + graph(); + } + } else + return true; + } else if(from == myself) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), + "ADD_EDGE", c->name, c->hostname); + e = new_edge(); + e->from = from; + e->to = to; + send_del_edge(c, e); + free_edge(e); + return true; + } + + e = new_edge(); + e->from = from; + e->to = to; + e->address = address; + e->options = options; + e->weight = weight; + edge_add(e); + + /* Tell the rest about the new edge */ + + forward_request(c); + + /* Run MST before or after we tell the rest? */ + + graph(); + + return true; } -int send_del_edge(connection_t *c, edge_t *e) +bool send_del_edge(connection_t *c, const edge_t *e) { -cp - return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), - e->from.node->name, e->to.node->name); + cp(); + + return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), + e->from->name, e->to->name); } -int del_edge_h(connection_t *c) +bool del_edge_h(connection_t *c) { - edge_t *e; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", - c->name, c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* Lookup nodes */ - - from = lookup_node(from_name); - - if(!from) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } - - to = lookup_node(to_name); - - if(!to) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } - - /* Check if edge exists */ - - e = lookup_edge(from, to); - - if(!e) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } - - if(e->from.node == myself || e->to.node == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); - send_add_edge(c, e); /* Send back a correction */ - return 0; - } - - /* Tell the rest about the deleted edge */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } - - /* Delete the edge */ - - edge_del(e); - - /* Run MST before or after we tell the rest? */ - - graph(); -cp - return 0; + edge_t *e; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; + + cp(); + + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, + c->hostname); + return false; + } + + /* Check if names are valid */ + + if(!check_id(from_name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + c->hostname, _("invalid name")); + return false; + } + + if(!check_id(to_name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + c->hostname, _("invalid name")); + return false; + } + + if(seen_request(c->buffer)) + return true; + + /* Lookup nodes */ + + from = lookup_node(from_name); + + if(!from) { + ifdebug(PROTOCOL) logger(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), + "DEL_EDGE", c->name, c->hostname); + return true; + } + + to = lookup_node(to_name); + + if(!to) { + ifdebug(PROTOCOL) logger(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), + "DEL_EDGE", c->name, c->hostname); + return true; + } + + /* Check if edge exists */ + + e = lookup_edge(from, to); + + if(!e) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), + "DEL_EDGE", c->name, c->hostname); + return true; + } + + if(e->from == myself) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + "DEL_EDGE", c->name, c->hostname); + send_add_edge(c, e); /* Send back a correction */ + return true; + } + + /* Tell the rest about the deleted edge */ + + forward_request(c); + + /* Delete the edge */ + + edge_del(e); + + /* Run MST before or after we tell the rest? */ + + graph(); + + return true; } diff --git a/src/protocol_key.c b/src/protocol_key.c index 1798edeb..6f64990a 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,280 +17,243 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.3 2002/04/28 12:46:26 zarq Exp $ + $Id: protocol_key.c,v 1.4 2003/08/24 20:38:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" -#include "conf.h" +#include "avl_tree.h" +#include "connection.h" +#include "logger.h" #include "net.h" #include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" #include "node.h" -#include "edge.h" - -#include "system.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" -int mykeyused = 0; +bool mykeyused = false; -int send_key_changed(connection_t *c, node_t *n) +bool send_key_changed(connection_t *c, const node_t *n) { - connection_t *other; - avl_node_t *node; -cp - /* Only send this message if some other daemon requested our key previously. - This reduces unnecessary key_changed broadcasts. - */ - - if(n == myself && !mykeyused) - return 0; - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%d %lx %s", KEY_CHANGED, random(), n->name); - } -cp - return 0; + cp(); + + /* Only send this message if some other daemon requested our key previously. + This reduces unnecessary key_changed broadcasts. + */ + + if(n == myself && !mykeyused) + return true; + + return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } -int key_changed_h(connection_t *c) +bool key_changed_h(connection_t *c) { - char name[MAX_STRING_SIZE]; - avl_node_t *node; - connection_t *other; - node_t *n; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING, name) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", - c->name, c->hostname); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - n = lookup_node(name); - - if(!n) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", - c->name, c->hostname, name); - return -1; - } - - n->status.validkey = 0; - n->status.waitingforkey = 0; - n->sent_seqno = 0; - - /* Tell the others */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } -cp - return 0; + char name[MAX_STRING_SIZE]; + node_t *n; + + cp(); + + if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", + c->name, c->hostname); + return false; + } + + if(seen_request(c->buffer)) + return true; + + n = lookup_node(name); + + if(!n) { + logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), + "KEY_CHANGED", c->name, c->hostname, name); + return false; + } + + n->status.validkey = false; + n->status.waitingforkey = false; + + /* Tell the others */ + + forward_request(c); + + return true; } -int send_req_key(connection_t *c, node_t *from, node_t *to) +bool send_req_key(connection_t *c, const node_t *from, const node_t *to) { -cp - return send_request(c, "%d %s %s", REQ_KEY, - from->name, to->name); + cp(); + + return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); } -int req_key_h(connection_t *c) +bool req_key_h(connection_t *c) { - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Check if this key request is for us */ - - if(to == myself) /* Yes, send our own key back */ - { - mykeyused = 1; - from->received_seqno = 0; - send_ans_key(c, myself, from); - } - else - { -/* Proxy keys - if(to->status.validkey) - { - send_ans_key(c, to, from); - } - else -*/ - send_req_key(to->nexthop->connection, from, to); - } + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; + + cp(); + + if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, + c->hostname); + return false; + } + + from = lookup_node(from_name); + + if(!from) { + logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + "REQ_KEY", c->name, c->hostname, from_name); + return false; + } + + to = lookup_node(to_name); + + if(!to) { + logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + "REQ_KEY", c->name, c->hostname, to_name); + return false; + } + + /* Check if this key request is for us */ -cp - return 0; + if(to == myself) { /* Yes, send our own key back */ + mykeyused = true; + from->received_seqno = 0; + memset(from->late, 0, sizeof(from->late)); + send_ans_key(c, myself, from); + } else { + send_req_key(to->nexthop->connection, from, to); + } + + return true; } -int send_ans_key(connection_t *c, node_t *from, node_t *to) +bool send_ans_key(connection_t *c, const node_t *from, const node_t *to) { - char key[MAX_STRING_SIZE]; -cp - bin2hex(from->key, key, from->keylength); - key[from->keylength * 2] = '\0'; -cp -#ifdef USE_OPENSSL - return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, - from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength, from->compression); -#endif -#ifdef USE_GCRYPT - return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, - from->name, to->name, key, from->cipher?-1:0, from->digest?-1:0, from->maclength, from->compression); -#endif + char key[MAX_STRING_SIZE]; + + cp(); + + bin2hex(from->key, key, from->keylength); + key[from->keylength * 2] = '\0'; + + return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, + from->name, to->name, key, + from->cipher ? from->cipher->nid : 0, + from->digest ? from->digest->type : 0, from->maclength, + from->compression); } -int ans_key_h(connection_t *c) +bool ans_key_h(connection_t *c) { - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char key[MAX_STRING_SIZE]; - int cipher, digest, maclength, compression; - node_t *from, *to; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Forward it if necessary */ - - if(to != myself) - { - return send_request(to->nexthop->connection, "%s", c->buffer); - } - - /* Update our copy of the origin's packet key */ - - if(from->key) - free(from->key); - - from->key = xstrdup(key); - from->keylength = strlen(key) / 2; - hex2bin(from->key, from->key, from->keylength); - from->key[from->keylength] = '\0'; - - from->status.validkey = 1; - from->status.waitingforkey = 0; - - /* Check and lookup cipher and digest algorithms */ - - if(cipher) - { -#ifdef USE_OPENSSL - from->cipher = EVP_get_cipherbynid(cipher); - if(!from->cipher) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); - return -1; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char key[MAX_STRING_SIZE]; + int cipher, digest, maclength, compression; + node_t *from, *to; + + cp(); + + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", + from_name, to_name, key, &cipher, &digest, &maclength, + &compression) != 7) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, + c->hostname); + return false; } - if(from->keylength != from->cipher->key_len + from->cipher->iv_len) - { - syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); - return -1; - } -#endif - } - else - { - from->cipher = NULL; - } - - from->maclength = maclength; - - if(digest) - { -#ifdef USE_OPENSSL - from->digest = EVP_get_digestbynid(digest); - if(!from->digest) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); - return -1; + + from = lookup_node(from_name); + + if(!from) { + logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + "ANS_KEY", c->name, c->hostname, from_name); + return false; } - if(from->maclength > from->digest->md_size || from->maclength < 0) - { - syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); - return -1; + + to = lookup_node(to_name); + + if(!to) { + logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + "ANS_KEY", c->name, c->hostname, to_name); + return false; + } + + /* Forward it if necessary */ + + if(to != myself) { + return send_request(to->nexthop->connection, "%s", c->buffer); } -#endif - } - else - { - from->digest = NULL; - } - - from->compression = compression; - - flush_queue(from); -cp - return 0; + + /* Update our copy of the origin's packet key */ + + if(from->key) + free(from->key); + + from->key = xstrdup(key); + from->keylength = strlen(key) / 2; + hex2bin(from->key, from->key, from->keylength); + from->key[from->keylength] = '\0'; + + from->status.validkey = true; + from->status.waitingforkey = false; + from->sent_seqno = 0; + + /* Check and lookup cipher and digest algorithms */ + + if(cipher) { + from->cipher = EVP_get_cipherbynid(cipher); + + if(!from->cipher) { + logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, + from->hostname); + return false; + } + + if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { + logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, + from->hostname); + return false; + } + } else { + from->cipher = NULL; + } + + from->maclength = maclength; + + if(digest) { + from->digest = EVP_get_digestbynid(digest); + + if(!from->digest) { + logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, + from->hostname); + return false; + } + + if(from->maclength > from->digest->md_size || from->maclength < 0) { + logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), + from->name, from->hostname); + return false; + } + } else { + from->digest = NULL; + } + + if(compression < 0 || compression > 11) { + logger(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); + return false; + } + + from->compression = compression; + + if(from->cipher) + EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + + flush_queue(from); + + return true; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index d99ef5b3..f463f282 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -1,7 +1,7 @@ /* protocol_misc.c -- handle the meta-protocol, miscellaneous functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,182 +17,165 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.3 2002/04/13 11:07:12 zarq Exp $ + $Id: protocol_misc.c,v 1.4 2003/08/24 20:38:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include +#include "system.h" #include "conf.h" +#include "connection.h" +#include "logger.h" +#include "meta.h" #include "net.h" #include "netutl.h" #include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "logging.h" - -#include "system.h" +#include "utils.h" /* Status and error notification routines */ -int send_status(connection_t *c, int statusno, char *statusstring) +bool send_status(connection_t *c, int statusno, const char *statusstring) { -cp - if(!statusstring) - statusstring = status_text[statusno]; -cp - return send_request(c, "%d %d %s", STATUS, statusno, statusstring); + cp(); + + if(!statusstring) + statusstring = "Status"; + + return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } -int status_h(connection_t *c) +bool status_h(connection_t *c) { - int statusno; - char statusstring[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", - c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_STATUS) - { - syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - c->name, c->hostname, status_text[statusno], statusstring); - } - -cp - return 0; + int statusno; + char statusstring[MAX_STRING_SIZE]; + + cp(); + + if(sscanf(c->buffer, "%*d %d " MAX_STRING, &statusno, statusstring) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", + c->name, c->hostname); + return false; + } + + ifdebug(STATUS) logger(LOG_NOTICE, _("Status message from %s (%s): %d: %s"), + c->name, c->hostname, statusno, statusstring); + + return true; } -int send_error(connection_t *c, int err, char *errstring) +bool send_error(connection_t *c, int err, const char *errstring) { -cp - if(!errstring) - errstring = strerror(err); - return send_request(c, "%d %d %s", ERROR, err, errstring); + cp(); + + if(!errstring) + errstring = "Error"; + + return send_request(c, "%d %d %s", ERROR, err, errstring); } -int error_h(connection_t *c) +bool error_h(connection_t *c) { - int err; - char errorstring[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", - c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_ERROR) - { - syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - c->name, c->hostname, strerror(err), errorstring); - } - - terminate_connection(c, c->status.active); -cp - return 0; + int err; + char errorstring[MAX_STRING_SIZE]; + + cp(); + + if(sscanf(c->buffer, "%*d %d " MAX_STRING, &err, errorstring) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", + c->name, c->hostname); + return false; + } + + ifdebug(ERROR) logger(LOG_NOTICE, _("Error message from %s (%s): %d: %s"), + c->name, c->hostname, err, errorstring); + + terminate_connection(c, c->status.active); + + return true; } -int send_termreq(connection_t *c) +bool send_termreq(connection_t *c) { -cp - return send_request(c, "%d", TERMREQ); + cp(); + + return send_request(c, "%d", TERMREQ); } -int termreq_h(connection_t *c) +bool termreq_h(connection_t *c) { -cp - terminate_connection(c, c->status.active); -cp - return 0; + cp(); + + terminate_connection(c, c->status.active); + + return true; } -int send_ping(connection_t *c) +bool send_ping(connection_t *c) { -cp - c->status.pinged = 1; - c->last_ping_time = now; -cp - return send_request(c, "%d", PING); + cp(); + + c->status.pinged = true; + c->last_ping_time = now; + + return send_request(c, "%d", PING); } -int ping_h(connection_t *c) +bool ping_h(connection_t *c) { -cp - return send_pong(c); + cp(); + + return send_pong(c); } -int send_pong(connection_t *c) +bool send_pong(connection_t *c) { -cp - return send_request(c, "%d", PONG); + cp(); + + return send_request(c, "%d", PONG); } -int pong_h(connection_t *c) +bool pong_h(connection_t *c) { -cp - c->status.pinged = 0; - - /* Succesful connection, reset timeout if this is an outgoing connection. */ - - if(c->outgoing) - c->outgoing->timeout = 0; -cp - return 0; + cp(); + + c->status.pinged = false; + + /* Succesful connection, reset timeout if this is an outgoing connection. */ + + if(c->outgoing) + c->outgoing->timeout = 0; + + return true; } /* Sending and receiving packets via TCP */ -int send_tcppacket(connection_t *c, vpn_packet_t *packet) +bool send_tcppacket(connection_t *c, vpn_packet_t *packet) { - int x; -cp - /* Evil hack. */ + cp(); - x = send_request(c, "%d %hd", PACKET, packet->len); + /* Evil hack. */ - if(x) - return x; -cp - return send_meta(c, packet->data, packet->len); + if(!send_request(c, "%d %hd", PACKET, packet->len)) + return false; + + return send_meta(c, packet->data, packet->len); } -int tcppacket_h(connection_t *c) +bool tcppacket_h(connection_t *c) { - short int len; -cp - if(sscanf(c->buffer, "%*d %hd", &len) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); - return -1; - } - - /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ - - c->tcplen = len; -cp - return 0; -} + short int len; -/* Status strings */ + cp(); -char (*status_text[]) = { - "Warning", -}; + if(sscanf(c->buffer, "%*d %hd", &len) != 1) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, + c->hostname); + return false; + } -/* Error strings */ + /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ -char (*error_text[]) = { - "Error", -}; + c->tcplen = len; + + return true; +} diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 2eade14f..b3e7e8cd 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -1,7 +1,7 @@ /* protocol_subnet.c -- handle the meta-protocol, subnets - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,221 +17,203 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.3 2002/04/13 11:07:12 zarq Exp $ + $Id: protocol_subnet.c,v 1.4 2003/08/24 20:38:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" #include "conf.h" +#include "connection.h" +#include "logger.h" #include "net.h" #include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" #include "node.h" -#include "edge.h" -#include "graph.h" -#include "logging.h" - -#include "system.h" +#include "protocol.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" -int send_add_subnet(connection_t *c, subnet_t *subnet) +bool send_add_subnet(connection_t *c, const subnet_t *subnet) { - int x; - char *netstr; -cp - x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), - subnet->owner->name, netstr = net2str(subnet)); - free(netstr); -cp - return x; + bool x; + char *netstr; + + cp(); + + x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), + subnet->owner->name, netstr = net2str(subnet)); + + free(netstr); + + return x; } -int add_subnet_h(connection_t *c) +bool add_subnet_h(connection_t *c) { - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - connection_t *other; - subnet_t *s; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); - return -1; - } - - /* Check if owner name is a valid */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* Check if the owner of the new subnet is in the connection list */ - - owner = lookup_node(name); - - if(!owner) - { - owner = new_node(); - owner->name = xstrdup(name); - node_add(owner); - } - - /* Check if we already know this subnet */ - - if(lookup_subnet(owner, s)) - { - free_subnet(s); - return 0; - } - - /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ - - if(owner == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); - s->owner = myself; - send_del_subnet(c, s); - return 0; - } - - /* If everything is correct, add the subnet to the list of the owner */ - - subnet_add(owner, s); - - /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } -cp - return 0; + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + subnet_t *s; + + cp(); + + if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, + c->hostname); + return false; + } + + /* Check if owner name is a valid */ + + if(!check_id(name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, + c->hostname, _("invalid name")); + return false; + } + + /* Check if subnet string is valid */ + + s = str2net(subnetstr); + + if(!s) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, + c->hostname, _("invalid subnet string")); + return false; + } + + if(seen_request(c->buffer)) + return true; + + /* Check if the owner of the new subnet is in the connection list */ + + owner = lookup_node(name); + + if(!owner) { + owner = new_node(); + owner->name = xstrdup(name); + node_add(owner); + } + + /* Check if we already know this subnet */ + + if(lookup_subnet(owner, s)) { + free_subnet(s); + return true; + } + + /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ + + if(owner == myself) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + "ADD_SUBNET", c->name, c->hostname); + s->owner = myself; + send_del_subnet(c, s); + return true; + } + + /* If everything is correct, add the subnet to the list of the owner */ + + subnet_add(owner, s); + + /* Tell the rest */ + + forward_request(c); + + return true; } -int send_del_subnet(connection_t *c, subnet_t *s) +bool send_del_subnet(connection_t *c, const subnet_t *s) { - int x; - char *netstr; -cp - netstr = net2str(s); - x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); - free(netstr); -cp - return x; + bool x; + char *netstr; + + cp(); + + netstr = net2str(s); + + x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); + + free(netstr); + + return x; } -int del_subnet_h(connection_t *c) +bool del_subnet_h(connection_t *c) { - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - connection_t *other; - subnet_t *s, *find; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); - return -1; - } - - /* Check if owner name is a valid */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if the owner of the new subnet is in the connection list */ - - if(!(owner = lookup_node(name))) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return 0; - } - - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - - if(seen_request(c->buffer)) - return 0; - - /* If everything is correct, delete the subnet from the list of the owner */ - - s->owner = owner; - - find = lookup_subnet(owner, s); - - free_subnet(s); - - if(!find) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return 0; - } - - /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ - - if(owner == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); - send_add_subnet(c, find); - return 0; - } - - /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } - - /* Finally, delete it. */ - - subnet_del(owner, find); - -cp - return 0; + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + subnet_t *s, *find; + + cp(); + + if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, + c->hostname); + return false; + } + + /* Check if owner name is a valid */ + + if(!check_id(name)) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, + c->hostname, _("invalid name")); + return false; + } + + /* Check if the owner of the new subnet is in the connection list */ + + owner = lookup_node(name); + + if(!owner) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), + "DEL_SUBNET", c->name, c->hostname, name); + return true; + } + + /* Check if subnet string is valid */ + + s = str2net(subnetstr); + + if(!s) { + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, + c->hostname, _("invalid subnet string")); + return false; + } + + if(seen_request(c->buffer)) + return true; + + /* If everything is correct, delete the subnet from the list of the owner */ + + s->owner = owner; + + find = lookup_subnet(owner, s); + + free_subnet(s); + + if(!find) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), + "DEL_SUBNET", c->name, c->hostname, name); + return true; + } + + /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ + + if(owner == myself) { + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + "DEL_SUBNET", c->name, c->hostname); + send_add_subnet(c, find); + return true; + } + + /* Tell the rest */ + + forward_request(c); + + /* Finally, delete it. */ + + subnet_del(owner, find); + + return true; } diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c new file mode 100644 index 00000000..25445201 --- /dev/null +++ b/src/raw_socket/device.c @@ -0,0 +1,154 @@ +/* + device.c -- raw socket + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.2 2003/08/24 20:38:31 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "logger.h" + +#include "system.h" + +int device_fd = -1; +char *device; +char *interface; +char ifrname[IFNAMSIZ]; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +bool setup_device(void) +{ + struct ifreq ifr; + struct sockaddr_ll sa; + + cp(); + + if(!get_config_string + (lookup_config(config_tree, "Interface"), &interface)) + interface = "eth0"; + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = interface; + + device_info = _("raw socket"); + + if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { + logger(LOG_ERR, _("Could not open %s: %s"), device_info, + strerror(errno)); + return false; + } + + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) { + close(device_fd); + logger(LOG_ERR, _("Can't find interface %s: %s"), interface, + strerror(errno)); + return false; + } + + memset(&sa, '0', sizeof(sa)); + sa.sll_family = AF_PACKET; + sa.sll_protocol = htons(ETH_P_ALL); + sa.sll_ifindex = ifr.ifr_ifindex; + + if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) { + logger(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); + return false; + } + + logger(LOG_INFO, _("%s is a %s"), device, device_info); + + return true; +} + +void close_device(void) +{ + cp(); + + close(device_fd); +} + +bool read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return true; +} + +bool write_packet(vpn_packet_t *packet) +{ + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data, packet->len) < 0) { + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return false; + } + + device_total_out += packet->len; + + return true; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} diff --git a/src/read_conf.c b/src/read_conf.c deleted file mode 100644 index c41fff01..00000000 --- a/src/read_conf.c +++ /dev/null @@ -1,411 +0,0 @@ -/* - read_conf.c -- read the configuration files - Copyright (C) 1998 Robert van der Meulen - 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - 2000 Cris van Pelt - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: read_conf.c,v 1.1 2002/04/28 12:46:26 zarq Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include /* for cp */ -#include - -#include "conf.h" -#include "netutl.h" /* for str2address */ -#include "logging.h" - -#include "system.h" - -/* - Read exactly one line and strip the trailing newline if any. If the - file was on EOF, return NULL. Otherwise, return all the data in a - dynamically allocated buffer. - - If line is non-NULL, it will be used as an initial buffer, to avoid - unnecessary mallocing each time this function is called. If buf is - given, and buf needs to be expanded, the var pointed to by buflen - will be increased. -*/ -char *readline(FILE *fp, char **buf, size_t *buflen) -{ - char *newline = NULL; - char *p; - char *line; /* The array that contains everything that has been read - so far */ - char *idx; /* Read into this pointer, which points to an offset - within line */ - size_t size, newsize; /* The size of the current array pointed to by - line */ - size_t maxlen; /* Maximum number of characters that may be read with - fgets. This is newsize - oldsize. */ - - if(feof(fp)) - return NULL; - - if((buf != NULL) && (buflen != NULL)) - { - size = *buflen; - line = *buf; - } - else - { - size = 100; - line = xmalloc(size); - } - - maxlen = size; - idx = line; - *idx = 0; - for(;;) - { - errno = 0; - p = fgets(idx, maxlen, fp); - if(p == NULL) /* EOF or error */ - { - if(feof(fp)) - break; - - /* otherwise: error; let the calling function print an error - message if applicable */ - free(line); - return NULL; - } - - newline = strchr(p, '\n'); - if(newline == NULL) - /* We haven't yet read everything to the end of the line */ - { - newsize = size << 1; - line = xrealloc(line, newsize); - idx = &line[size - 1]; - maxlen = newsize - size + 1; - size = newsize; - } - else - { - *newline = '\0'; /* kill newline */ - break; /* yay */ - } - } - - if((buf != NULL) && (buflen != NULL)) - { - *buflen = size; - *buf = line; - } - return line; -} - -/* - Parse a configuration file and put the results in the configuration tree - starting at *base. -*/ -int read_config_file(avl_tree_t *config_tree, const char *fname) -{ - int err = -2; /* Parse error */ - FILE *fp; - char *buffer, *line; - char *variable, *value; - int lineno = 0, ignore = 0; - config_t *cfg; - size_t bufsize; - -cp - if((fp = fopen (fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); - return -3; - } - - bufsize = 100; - buffer = xmalloc(bufsize); - - for(;;) - { - if((line = readline(fp, &buffer, &bufsize)) == NULL) - { - err = -1; - break; - } - - if(feof(fp)) - { - err = 0; - break; - } - - lineno++; - - if((variable = strtok(line, "\t =")) == NULL) - continue; /* no tokens on this line */ - - if(variable[0] == '#') - continue; /* comment: ignore */ - - if(!strcmp(variable, "-----BEGIN")) - ignore = 1; - - if(!ignore) - { - if(((value = strtok(NULL, "\t\n\r =")) == NULL) || value[0] == '#') - { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - variable, lineno, fname); - break; - } - - cfg = new_config(); - cfg->variable = xstrdup(variable); - cfg->value = xstrdup(value); - cfg->file = xstrdup(fname); - cfg->line = lineno; - - config_add(config_tree, cfg); - } - - if(!strcmp(variable, "-----END")) - ignore = 0; - } - - free(buffer); - fclose (fp); -cp - return err; -} - -int read_server_config() -{ - char *fname; - int x; -cp - asprintf(&fname, "%s/tinc.conf", confbase); - x = read_config_file(config_tree, fname); - if(x == -1) /* System error: complain */ - { - syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); - } - free(fname); -cp - return x; -} - -int isadir(const char* f) -{ - struct stat s; - - if(stat(f, &s) < 0) - return 0; - else - return S_ISDIR(s.st_mode); -} - -int is_safe_path(const char *file) -{ - char *p; - const char *f; - char x; - struct stat s; - char l[MAXBUFSIZE]; - - if(*file != '/') - { - syslog(LOG_ERR, _("`%s' is not an absolute path"), file); - return 0; - } - - p = strrchr(file, '/'); - - if(p == file) /* It's in the root */ - p++; - - x = *p; - *p = '\0'; - - f = file; -check1: - if(lstat(f, &s) < 0) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; - } - - f = l; - goto check1; - } - - *p = x; - f = file; - -check2: - if(lstat(f, &s) < 0 && errno != ENOENT) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(errno == ENOENT) - return 1; - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; - } - - f = l; - goto check2; - } - - if(s.st_mode & 0007) - { - /* Accessible by others */ - syslog(LOG_ERR, _("`%s' has unsecure permissions"), - f); - return 0; - } - - return 1; -} - -FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode) -{ - FILE *r; - char *directory; - char *fn; - - /* Check stdin and stdout */ - if(!isatty(0) || !isatty(1)) - { - /* Argh, they are running us from a script or something. Write - the files to the current directory and let them burn in hell - for ever. */ - fn = xstrdup(filename); - } - else - { - /* Ask for a file and/or directory name. */ - fprintf(stdout, _("Please enter a file to save %s to [%s]: "), - what, filename); - fflush(stdout); - - if((fn = readline(stdin, NULL, NULL)) == NULL) - { - fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno)); - return NULL; - } - - if(strlen(fn) == 0) - /* User just pressed enter. */ - fn = xstrdup(filename); - } - - if((strchr(fn, '/') == NULL) || (fn[0] != '/')) - { - /* The directory is a relative path or a filename. */ - char *p; - - directory = get_current_dir_name(); - asprintf(&p, "%s/%s", directory, fn); - free(fn); - free(directory); - fn = p; - } - - umask(0077); /* Disallow everything for group and other */ - - /* Open it first to keep the inode busy */ - if((r = fopen(fn, mode)) == NULL) - { - fprintf(stderr, _("Error opening file `%s': %s\n"), - fn, strerror(errno)); - free(fn); - return NULL; - } - - /* Then check the file for nasty attacks */ - if(!is_safe_path(fn)) /* Do not permit any directories that are - readable or writeable by other users. */ - { - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), - fn); - fclose(r); - free(fn); - return NULL; - } - - free(fn); - - return r; -} - -int read_connection_config(connection_t *c) -{ - char *fname; - int x; -cp - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - x = read_config_file(c->config_tree, fname); - free(fname); -cp - return x; -} diff --git a/src/read_conf.h b/src/read_conf.h deleted file mode 100644 index b8a7cd41..00000000 --- a/src/read_conf.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - conf.h -- header for conf.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: read_conf.h,v 1.2 2002/05/02 11:50:07 zarq Exp $ -*/ - -#ifndef __TINC_READ_CONF_H__ -#define __TINC_READ_CONF_H__ - -#include - -extern int read_config_file(avl_tree_t *, const char *); -extern int read_server_config(void); -extern FILE *ask_and_safe_open(const char*, const char*, const char *); -extern int is_safe_path(const char *); - -#endif /* __TINC_READ_CONF_H__ */ diff --git a/src/route.c b/src/route.c index 1d2eafaa..191765d6 100644 --- a/src/route.c +++ b/src/route.c @@ -1,7 +1,7 @@ /* route.c -- routing - Copyright (C) 2000-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,477 +17,620 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.3 2002/04/13 11:07:12 zarq Exp $ + $Id: route.c,v 1.4 2003/08/24 20:38:28 guus Exp $ */ -#include "config.h" +#include "system.h" -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) - #include +#ifdef HAVE_NET_ETHERNET_H +#include +#endif +#ifdef HAVE_NET_IF_ARP_H +#include #endif -#include -#include -#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD) - #include - #define ETHER_ADDR_LEN 6 -#else - #include +#ifdef HAVE_NETINET_IP_ICMP_H +#include #endif -#include +#ifdef HAVE_NETINET_ICMP6_H #include +#endif +#ifdef HAVE_NETINET_IF_ETHER_H #include -#include -#include -#include - -#include +#endif -#include "net.h" +#include "avl_tree.h" #include "connection.h" -#include "subnet.h" -#include "route.h" -#include "protocol.h" #include "device.h" -#include "logging.h" - -#include "system.h" +#include "ethernet.h" +#include "ipv4.h" +#include "ipv6.h" +#include "logger.h" +#include "net.h" +#include "protocol.h" +#include "route.h" +#include "subnet.h" +#include "utils.h" -int routing_mode = RMODE_ROUTER; -int priorityinheritance = 0; +rmode_t routing_mode = RMODE_ROUTER; +bool priorityinheritance = false; int macexpire = 600; -subnet_t mymac; +bool overwrite_mac = false; +mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; -void learn_mac(mac_t *address) +/* RFC 1071 */ + +static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) { - subnet_t *subnet; - avl_node_t *node; - connection_t *c; -cp - subnet = lookup_subnet_mac(address); - - /* If we don't know this MAC address yet, store it */ - - if(!subnet || subnet->owner!=myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), - address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); - - subnet = new_subnet(); - subnet->type = SUBNET_MAC; - memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); - subnet_add(myself, subnet); - - /* And tell all other tinc daemons it's our MAC */ - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active) - send_add_subnet(c, subnet); - } - } - - subnet->net.mac.lastseen = now; + uint16_t *p = data; + uint32_t checksum = prevsum ^ 0xFFFF; + + while(len >= 2) { + checksum += *p++; + len -= 2; + } + + if(len) + checksum += *(unsigned char *)p; + + while(checksum >> 16) + checksum = (checksum & 0xFFFF) + (checksum >> 16); + + return ~checksum; +} + +static bool ratelimit(void) { + static time_t lasttime = 0; + + if(lasttime == now) + return true; + + lasttime = now; + return false; +} + +static void learn_mac(mac_t *address) +{ + subnet_t *subnet; + avl_node_t *node; + connection_t *c; + + cp(); + + subnet = lookup_subnet_mac(address); + + /* If we don't know this MAC address yet, store it */ + + if(!subnet || subnet->owner != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), + address->x[0], address->x[1], address->x[2], address->x[3], + address->x[4], address->x[5]); + + subnet = new_subnet(); + subnet->type = SUBNET_MAC; + memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); + subnet_add(myself, subnet); + + /* And tell all other tinc daemons it's our MAC */ + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + if(c->status.active) + send_add_subnet(c, subnet); + } + } + + subnet->net.mac.lastseen = now; } void age_mac(void) { - subnet_t *s; - connection_t *c; - avl_node_t *node, *next, *node2; -cp - for(node = myself->subnet_tree->head; node; node = next) - { - next = node->next; - s = (subnet_t *)node->data; - if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), - s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); - for(node2 = connection_tree->head; node2; node2 = node2->next) - { - c = (connection_t *)node2->data; - if(c->status.active) - send_del_subnet(c, s); - } - subnet_del(myself, s); + subnet_t *s; + connection_t *c; + avl_node_t *node, *next, *node2; + + cp(); + + for(node = myself->subnet_tree->head; node; node = next) { + next = node->next; + s = (subnet_t *) node->data; + if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), + s->net.mac.address.x[0], s->net.mac.address.x[1], + s->net.mac.address.x[2], s->net.mac.address.x[3], + s->net.mac.address.x[4], s->net.mac.address.x[5]); + + for(node2 = connection_tree->head; node2; node2 = node2->next) { + c = (connection_t *) node2->data; + if(c->status.active) + send_del_subnet(c, s); + } + + subnet_del(myself, s); + } } - } -cp } -node_t *route_mac(vpn_packet_t *packet) +static node_t *route_mac(vpn_packet_t *packet) +{ + subnet_t *subnet; + + cp(); + + /* Learn source address */ + + learn_mac((mac_t *)(&packet->data[6])); + + /* Lookup destination address */ + + subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); + + if(subnet) + return subnet->owner; + else + return NULL; +} + +/* RFC 792 */ + +static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) { - subnet_t *subnet; -cp - /* Learn source address */ - - learn_mac((mac_t *)(&packet->data[6])); - - /* Lookup destination address */ - - subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); - - if(subnet) - return subnet->owner; - else - return NULL; + struct ip *hdr; + struct icmp *icmp; + + struct in_addr ip_src; + struct in_addr ip_dst; + uint32_t oldlen; + + if(ratelimit()) + return; + + cp(); + + hdr = (struct ip *)(packet->data + 14); + icmp = (struct icmp *)(packet->data + 14 + 20); + + /* Remember original source and destination */ + + memcpy(&ip_src, &hdr->ip_src, 4); + memcpy(&ip_dst, &hdr->ip_dst, 4); + oldlen = packet->len - 14; + + if(oldlen >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) + oldlen = IP_MSS - sizeof(*hdr) - sizeof(*icmp); + + /* Copy first part of original contents to ICMP message */ + + memmove(&icmp->icmp_ip, hdr, oldlen); + + /* Fill in IPv4 header */ + + hdr->ip_v = 4; + hdr->ip_hl = sizeof(*hdr) / 4; + hdr->ip_tos = 0; + hdr->ip_len = htons(20 + 8 + oldlen); + hdr->ip_id = 0; + hdr->ip_off = 0; + hdr->ip_ttl = 255; + hdr->ip_p = IPPROTO_ICMP; + hdr->ip_sum = 0; + memcpy(&hdr->ip_src, &ip_dst, 4); + memcpy(&hdr->ip_dst, &ip_src, 4); + + hdr->ip_sum = inet_checksum(hdr, 20, ~0); + + /* Fill in ICMP header */ + + icmp->icmp_type = ICMP_DEST_UNREACH; + icmp->icmp_code = code; + icmp->icmp_cksum = 0; + + icmp->icmp_cksum = inet_checksum(icmp, 8 + oldlen, ~0); + + packet->len = 14 + 20 + 8 + oldlen; + + write_packet(packet); } -node_t *route_ipv4(vpn_packet_t *packet) +static node_t *route_ipv4(vpn_packet_t *packet) { - subnet_t *subnet; -cp - if(priorityinheritance) - packet->priority = packet->data[15]; - - subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]); -cp - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), - packet->data[30], packet->data[31], packet->data[32], packet->data[33]); - } - - return NULL; - } -cp - return subnet->owner; + subnet_t *subnet; + + cp(); + + if(priorityinheritance) + packet->priority = packet->data[15]; + + subnet = lookup_subnet_ipv4((ipv4_t *) & packet->data[30]); + + if(!subnet) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), + packet->data[30], packet->data[31], packet->data[32], + packet->data[33]); + + route_ipv4_unreachable(packet, ICMP_NET_UNKNOWN); + return NULL; + } + + if(!subnet->owner->status.reachable) + route_ipv4_unreachable(packet, ICMP_NET_UNREACH); + + return subnet->owner; } -node_t *route_ipv6(vpn_packet_t *packet) +/* RFC 2463 */ + +static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) { - subnet_t *subnet; -cp - subnet = lookup_subnet_ipv6((ipv6_t *)&packet->data[38]); -cp - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(short unsigned int *)&packet->data[38]), - ntohs(*(short unsigned int *)&packet->data[40]), - ntohs(*(short unsigned int *)&packet->data[42]), - ntohs(*(short unsigned int *)&packet->data[44]), - ntohs(*(short unsigned int *)&packet->data[46]), - ntohs(*(short unsigned int *)&packet->data[48]), - ntohs(*(short unsigned int *)&packet->data[50]), - ntohs(*(short unsigned int *)&packet->data[52])); - } - - return NULL; - } -cp - return subnet->owner; + struct ip6_hdr *hdr; + struct icmp6_hdr *icmp; + uint16_t checksum; + + struct { + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ + uint32_t length; + uint32_t next; + } pseudo; + + if(ratelimit()) + return; + + cp(); + + hdr = (struct ip6_hdr *)(packet->data + 14); + icmp = (struct icmp6_hdr *)(packet->data + 14 + sizeof(*hdr)); + + /* Remember original source and destination */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_dst, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_src, 16); + pseudo.length = ntohs(hdr->ip6_plen) + sizeof(*hdr); + + if(pseudo.length >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) + pseudo.length = IP_MSS - sizeof(*hdr) - sizeof(*icmp); + + /* Copy first part of original contents to ICMP message */ + + memmove(((char *)icmp) + sizeof(*icmp), hdr, pseudo.length); + + /* Fill in IPv6 header */ + + hdr->ip6_flow = htonl(0x60000000UL); + hdr->ip6_plen = htons(sizeof(*icmp) + pseudo.length); + hdr->ip6_nxt = IPPROTO_ICMPV6; + hdr->ip6_hlim = 255; + memcpy(&hdr->ip6_dst, &pseudo.ip6_dst, 16); + memcpy(&hdr->ip6_src, &pseudo.ip6_src, 16); + + /* Fill in ICMP header */ + + icmp->icmp6_type = ICMP6_DST_UNREACH; + icmp->icmp6_code = code; + icmp->icmp6_cksum = 0; + + /* Create pseudo header */ + + pseudo.length = htonl(sizeof(*icmp) + pseudo.length); + pseudo.next = htonl(IPPROTO_ICMPV6); + + /* Generate checksum */ + + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(icmp, ntohl(pseudo.length), checksum); + + icmp->icmp6_cksum = checksum; + + packet->len = 14 + sizeof(*hdr) + ntohl(pseudo.length); + + write_packet(packet); } -unsigned short int inet_checksum(unsigned short int *data, int len, unsigned short int prevsum) +static node_t *route_ipv6(vpn_packet_t *packet) { - unsigned long int checksum = prevsum ^ 0xFFFF; + subnet_t *subnet; - while(len--) - checksum += ntohs(*data++); + cp(); - while(checksum >> 16) - checksum = (checksum & 0xFFFF) + (checksum >> 16); + subnet = lookup_subnet_ipv6((ipv6_t *) & packet->data[38]); + + if(!subnet) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(*(uint16_t *) & packet->data[38]), + ntohs(*(uint16_t *) & packet->data[40]), + ntohs(*(uint16_t *) & packet->data[42]), + ntohs(*(uint16_t *) & packet->data[44]), + ntohs(*(uint16_t *) & packet->data[46]), + ntohs(*(uint16_t *) & packet->data[48]), + ntohs(*(uint16_t *) & packet->data[50]), + ntohs(*(uint16_t *) & packet->data[52])); + route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); + + return NULL; + } - return checksum ^ 0xFFFF; + if(!subnet->owner->status.reachable) + route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_NOROUTE); + + return subnet->owner; } -void route_neighborsol(vpn_packet_t *packet) +/* RFC 2461 */ + +static void route_neighborsol(vpn_packet_t *packet) { - struct ip6_hdr *hdr; - struct nd_neighbor_solicit *ns; - struct nd_opt_hdr *opt; - subnet_t *subnet; - short unsigned int checksum; - - struct { - struct in6_addr ip6_src; /* source address */ - struct in6_addr ip6_dst; /* destination address */ - uint32_t length; - uint8_t junk[4]; - } pseudo; - -cp - hdr = (struct ip6_hdr *)(packet->data + 14); - ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); - opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); - - /* First, snatch the source address from the neighbor solicitation packet */ - - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); - - /* Check if this is a valid neighbor solicitation request */ - - if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || - opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) - { - if(debug_lvl > DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); - } - return; - } - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); - - if(checksum) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); - return; - } - - /* Check if the IPv6 address exists on the VPN */ - - subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target); - - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(((uint16_t *)&ns->nd_ns_target)[0]), ntohs(((uint16_t *)&ns->nd_ns_target)[1]), ntohs(((uint16_t *)&ns->nd_ns_target)[2]), ntohs(((uint16_t *)&ns->nd_ns_target)[3]), - ntohs(((uint16_t *)&ns->nd_ns_target)[4]), ntohs(((uint16_t *)&ns->nd_ns_target)[5]), ntohs(((uint16_t *)&ns->nd_ns_target)[6]), ntohs(((uint16_t *)&ns->nd_ns_target)[7])); - } - - return; - } - - /* Check if it is for our own subnet */ - - if(subnet->owner == myself) - return; /* silently ignore */ - - /* Create neighbor advertation reply */ - - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ - memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ - - memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ - - ns->nd_ns_hdr.icmp6_cksum = 0; - ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; - opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); - - ns->nd_ns_hdr.icmp6_cksum = htons(checksum); - - write_packet(packet); -cp + struct ip6_hdr *hdr; + struct nd_neighbor_solicit *ns; + struct nd_opt_hdr *opt; + subnet_t *subnet; + uint16_t checksum; + + struct { + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ + uint32_t length; + uint32_t next; + } pseudo; + + cp(); + + hdr = (struct ip6_hdr *)(packet->data + 14); + ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); + opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); + + /* First, snatch the source address from the neighbor solicitation packet */ + + if(overwrite_mac) + memcpy(mymac.x, packet->data + 6, 6); + + /* Check if this is a valid neighbor solicitation request */ + + if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || + opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); + return; + } + + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + pseudo.next = htonl(IPPROTO_ICMPV6); + + /* Generate checksum */ + + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); + + if(checksum) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); + return; + } + + /* Check if the IPv6 address exists on the VPN */ + + subnet = lookup_subnet_ipv6((ipv6_t *) & ns->nd_ns_target); + + if(!subnet) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(((uint16_t *) & ns->nd_ns_target)[0]), + ntohs(((uint16_t *) & ns->nd_ns_target)[1]), + ntohs(((uint16_t *) & ns->nd_ns_target)[2]), + ntohs(((uint16_t *) & ns->nd_ns_target)[3]), + ntohs(((uint16_t *) & ns->nd_ns_target)[4]), + ntohs(((uint16_t *) & ns->nd_ns_target)[5]), + ntohs(((uint16_t *) & ns->nd_ns_target)[6]), + ntohs(((uint16_t *) & ns->nd_ns_target)[7])); + + return; + } + + /* Check if it is for our own subnet */ + + if(subnet->owner == myself) + return; /* silently ignore */ + + /* Create neighbor advertation reply */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ + memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ + + memcpy((char *) opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ + + ns->nd_ns_hdr.icmp6_cksum = 0; + ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; + opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; + + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + pseudo.next = htonl(IPPROTO_ICMPV6); + + /* Generate checksum */ + + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); + + ns->nd_ns_hdr.icmp6_cksum = checksum; + + write_packet(packet); } -void route_arp(vpn_packet_t *packet) +/* RFC 826 */ + +static void route_arp(vpn_packet_t *packet) { - struct ether_arp *arp; - subnet_t *subnet; - unsigned char ipbuf[4]; -cp - /* First, snatch the source address from the ARP packet */ - - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); - - /* This routine generates replies to ARP requests. - You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). - Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) - */ - - arp = (struct ether_arp *)(packet->data + 14); - - /* Check if this is a valid ARP request */ - - if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || - ntohs(arp->arp_pro) != ETHERTYPE_IP || - (int) (arp->arp_hln) != ETHER_ADDR_LEN || - (int) (arp->arp_pln) != 4 || - ntohs(arp->arp_op) != ARPOP_REQUEST ) - { - if(debug_lvl > DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); - } - return; - } - - /* Check if the IPv4 address exists on the VPN */ - - subnet = lookup_subnet_ipv4((ipv4_t *)arp->arp_tpa); - - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), - arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], arp->arp_tpa[3]); - } - - return; - } - - /* Check if it is for our own subnet */ - - if(subnet->owner == myself) - return; /* silently ignore */ - - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ - memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ - memcpy(arp->arp_spa, ipbuf, 4); /* ... */ - - memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ - memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ - arp->arp_op = htons(ARPOP_REPLY); - - write_packet(packet); -cp + struct ether_arp *arp; + subnet_t *subnet; + uint8_t ipbuf[4]; + + cp(); + + /* First, snatch the source address from the ARP packet */ + + if(overwrite_mac) + memcpy(mymac.x, packet->data + 6, 6); + + /* This routine generates replies to ARP requests. + You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). + Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) + */ + + arp = (struct ether_arp *)(packet->data + 14); + + /* Check if this is a valid ARP request */ + + if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || ntohs(arp->arp_pro) != ETHERTYPE_IP || + arp->arp_hln != ETHER_ADDR_LEN || arp->arp_pln != 4 || ntohs(arp->arp_op) != ARPOP_REQUEST) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); + return; + } + + /* Check if the IPv4 address exists on the VPN */ + + subnet = lookup_subnet_ipv4((ipv4_t *) arp->arp_tpa); + + if(!subnet) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), + arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], + arp->arp_tpa[3]); + return; + } + + /* Check if it is for our own subnet */ + + if(subnet->owner == myself) + return; /* silently ignore */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ + memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ + memcpy(arp->arp_spa, ipbuf, 4); /* ... */ + + memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ + memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ + arp->arp_op = htons(ARPOP_REPLY); + + write_packet(packet); } void route_outgoing(vpn_packet_t *packet) { - unsigned short int type; - node_t *n = NULL; -cp - /* FIXME: multicast? */ - - switch(routing_mode) - { - case RMODE_ROUTER: - type = ntohs(*((unsigned short*)(&packet->data[12]))); - switch(type) - { - case 0x0800: - n = route_ipv4(packet); - break; - case 0x86DD: - if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) - { - route_neighborsol(packet); - return; - } - n = route_ipv6(packet); - break; - case 0x0806: - route_arp(packet); - return; - default: - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); - } - return; - } - if(n) - send_packet(n, packet); - break; - - case RMODE_SWITCH: - n = route_mac(packet); - if(n) - send_packet(n, packet); - else - broadcast_packet(myself, packet); - break; - - case RMODE_HUB: - broadcast_packet(myself, packet); - break; - } + uint16_t type; + node_t *n = NULL; + + cp(); + + /* FIXME: multicast? */ + + switch (routing_mode) { + case RMODE_ROUTER: + type = ntohs(*((uint16_t *)(&packet->data[12]))); + switch (type) { + case 0x0800: + n = route_ipv4(packet); + break; + + case 0x86DD: + if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { + route_neighborsol(packet); + return; + } + n = route_ipv6(packet); + break; + + case 0x0806: + route_arp(packet); + return; + + default: + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); + return; + } + if(n) + send_packet(n, packet); + break; + + case RMODE_SWITCH: + n = route_mac(packet); + if(n) + send_packet(n, packet); + else + broadcast_packet(myself, packet); + break; + + case RMODE_HUB: + broadcast_packet(myself, packet); + break; + } } void route_incoming(node_t *source, vpn_packet_t *packet) { - switch(routing_mode) - { - case RMODE_ROUTER: - { - node_t *n = NULL; - unsigned short int type; - - type = ntohs(*((unsigned short*)(&packet->data[12]))); - switch(type) - { - case 0x0800: - n = route_ipv4(packet); - break; - case 0x86DD: - n = route_ipv6(packet); - break; - default: - n = myself; - break; - } - - if(n) - { - if(n == myself) - { - memcpy(packet->data, mymac.net.mac.address.x, 6); - write_packet(packet); - } - else - send_packet(n, packet); - } - } - break; - case RMODE_SWITCH: - { - subnet_t *subnet; - - subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); - - if(subnet) - { - if(subnet->owner == myself) - write_packet(packet); - else - send_packet(subnet->owner, packet); - } - else - { - broadcast_packet(source, packet); - write_packet(packet); - } - } - break; - case RMODE_HUB: - broadcast_packet(source, packet); /* Spread it on */ - write_packet(packet); - break; - } + switch (routing_mode) { + case RMODE_ROUTER: + { + node_t *n = NULL; + uint16_t type; + + type = ntohs(*((uint16_t *)(&packet->data[12]))); + switch (type) { + case 0x0800: + n = route_ipv4(packet); + break; + + case 0x86DD: + n = route_ipv6(packet); + break; + + default: + n = myself; + break; + } + + if(n) { + if(n == myself) { + if(overwrite_mac) + memcpy(packet->data, mymac.x, 6); + write_packet(packet); + } else + send_packet(n, packet); + } + } + break; + + case RMODE_SWITCH: + { + subnet_t *subnet; + + subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); + + if(subnet) { + if(subnet->owner == myself) + write_packet(packet); + else + send_packet(subnet->owner, packet); + } else { + broadcast_packet(source, packet); + write_packet(packet); + } + } + break; + + case RMODE_HUB: + broadcast_packet(source, packet); /* Spread it on */ + write_packet(packet); + break; + } } diff --git a/src/route.h b/src/route.h index d954abb6..26c55eee 100644 --- a/src/route.h +++ b/src/route.h @@ -1,7 +1,7 @@ /* route.h -- header file for route.c - Copyright (C) 2000-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,25 +17,30 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.2 2002/04/09 15:26:01 zarq Exp $ + $Id: route.h,v 1.3 2003/08/24 20:38:28 guus Exp $ */ #ifndef __TINC_ROUTE_H__ #define __TINC_ROUTE_H__ -enum -{ - RMODE_HUB = 0, - RMODE_SWITCH, - RMODE_ROUTER, -}; +#include "net.h" +#include "node.h" -extern int routing_mode; -extern int priorityinheritance; +typedef enum rmode_t { + RMODE_HUB = 0, + RMODE_SWITCH, + RMODE_ROUTER, +} rmode_t; + +extern rmode_t routing_mode; +extern bool overwrite_mac; +extern bool priorityinheritance; extern int macexpire; +extern mac_t mymac; + extern void age_mac(void); -extern void route_incoming(node_t *, vpn_packet_t *); -extern void route_outgoing(vpn_packet_t *); +extern void route_incoming(struct node_t *, struct vpn_packet_t *); +extern void route_outgoing(struct vpn_packet_t *); -#endif /* __TINC_ROUTE_H__ */ +#endif /* __TINC_ROUTE_H__ */ diff --git a/src/subnet.c b/src/subnet.c new file mode 100644 index 00000000..b0c1e04e --- /dev/null +++ b/src/subnet.c @@ -0,0 +1,413 @@ +/* + subnet.c -- handle subnet lookups and lists + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: subnet.c,v 1.4 2003/08/24 20:38:28 guus Exp $ +*/ + +#include "system.h" + +#include "avl_tree.h" +#include "logger.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" + +/* lists type of subnet */ + +avl_tree_t *subnet_tree; + +/* Subnet comparison */ + +static int subnet_compare_mac(const subnet_t *a, const subnet_t *b) +{ + int result; + + result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); +} + +static int subnet_compare_ipv4(const subnet_t *a, const subnet_t *b) +{ + int result; + + result = memcmp(&a->net.ipv4.address, &b->net.ipv4.address, sizeof(ipv4_t)); + + if(result) + return result; + + result = a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); +} + +static int subnet_compare_ipv6(const subnet_t *a, const subnet_t *b) +{ + int result; + + result = memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); + + if(result) + return result; + + result = a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); +} + +static int subnet_compare(const subnet_t *a, const subnet_t *b) +{ + int result; + + result = a->type - b->type; + + if(result) + return result; + + switch (a->type) { + case SUBNET_MAC: + return subnet_compare_mac(a, b); + case SUBNET_IPV4: + return subnet_compare_ipv4(a, b); + case SUBNET_IPV6: + return subnet_compare_ipv6(a, b); + default: + logger(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), + a->type); + cp_trace(); + exit(0); + } + + return 0; +} + +/* Initialising trees */ + +void init_subnets(void) +{ + cp(); + + subnet_tree = avl_alloc_tree((avl_compare_t) subnet_compare, (avl_action_t) free_subnet); +} + +void exit_subnets(void) +{ + cp(); + + avl_delete_tree(subnet_tree); +} + +avl_tree_t *new_subnet_tree(void) +{ + cp(); + + return avl_alloc_tree((avl_compare_t) subnet_compare, NULL); +} + +void free_subnet_tree(avl_tree_t *subnet_tree) +{ + cp(); + + avl_delete_tree(subnet_tree); +} + +/* Allocating and freeing space for subnets */ + +subnet_t *new_subnet(void) +{ + cp(); + + return (subnet_t *) xmalloc_and_zero(sizeof(subnet_t)); +} + +void free_subnet(subnet_t *subnet) +{ + cp(); + + free(subnet); +} + +/* Adding and removing subnets */ + +void subnet_add(node_t *n, subnet_t *subnet) +{ + cp(); + + subnet->owner = n; + + avl_insert(subnet_tree, subnet); + avl_insert(n->subnet_tree, subnet); +} + +void subnet_del(node_t *n, subnet_t *subnet) +{ + cp(); + + avl_delete(n->subnet_tree, subnet); + avl_delete(subnet_tree, subnet); +} + +/* Ascii representation of subnets */ + +subnet_t *str2net(const char *subnetstr) +{ + int i, l; + subnet_t *subnet; + uint16_t x[8]; + + cp(); + + subnet = new_subnet(); + + if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", + &x[0], &x[1], &x[2], &x[3], &l) == 5) { + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.prefixlength = l; + + for(i = 0; i < 4; i++) + subnet->net.ipv4.address.x[i] = x[i]; + + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], + &l) == 9) { + subnet->type = SUBNET_IPV6; + subnet->net.ipv6.prefixlength = l; + + for(i = 0; i < 8; i++) + subnet->net.ipv6.address.x[i] = htons(x[i]); + + return subnet; + } + + if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", &x[0], &x[1], &x[2], &x[3]) == 4) { + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.prefixlength = 32; + + for(i = 0; i < 4; i++) + subnet->net.ipv4.address.x[i] = x[i]; + + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) { + subnet->type = SUBNET_IPV6; + subnet->net.ipv6.prefixlength = 128; + + for(i = 0; i < 8; i++) + subnet->net.ipv6.address.x[i] = htons(x[i]); + + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5]) == 6) { + subnet->type = SUBNET_MAC; + + for(i = 0; i < 6; i++) + subnet->net.mac.address.x[i] = x[i]; + + return subnet; + } + + free(subnet); + + return NULL; +} + +char *net2str(const subnet_t *subnet) +{ + char *netstr; + + cp(); + + switch (subnet->type) { + case SUBNET_MAC: + asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx", + subnet->net.mac.address.x[0], + subnet->net.mac.address.x[1], + subnet->net.mac.address.x[2], + subnet->net.mac.address.x[3], + subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); + break; + + case SUBNET_IPV4: + asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", + subnet->net.ipv4.address.x[0], + subnet->net.ipv4.address.x[1], + subnet->net.ipv4.address.x[2], + subnet->net.ipv4.address.x[3], subnet->net.ipv4.prefixlength); + break; + + case SUBNET_IPV6: + asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + ntohs(subnet->net.ipv6.address.x[0]), + ntohs(subnet->net.ipv6.address.x[1]), + ntohs(subnet->net.ipv6.address.x[2]), + ntohs(subnet->net.ipv6.address.x[3]), + ntohs(subnet->net.ipv6.address.x[4]), + ntohs(subnet->net.ipv6.address.x[5]), + ntohs(subnet->net.ipv6.address.x[6]), + ntohs(subnet->net.ipv6.address.x[7]), + subnet->net.ipv6.prefixlength); + break; + + default: + logger(LOG_ERR, + _("net2str() was called with unknown subnet type %d, exiting!"), + subnet->type); + cp_trace(); + exit(0); + } + + return netstr; +} + +/* Subnet lookup routines */ + +subnet_t *lookup_subnet(const node_t *owner, const subnet_t *subnet) +{ + cp(); + + return avl_search(owner->subnet_tree, subnet); +} + +subnet_t *lookup_subnet_mac(const mac_t *address) +{ + subnet_t *p, subnet = {0}; + + cp(); + + subnet.type = SUBNET_MAC; + subnet.net.mac.address = *address; + subnet.owner = NULL; + + p = (subnet_t *) avl_search(subnet_tree, &subnet); + + return p; +} + +subnet_t *lookup_subnet_ipv4(const ipv4_t *address) +{ + subnet_t *p, subnet = {0}; + + cp(); + + subnet.type = SUBNET_IPV4; + subnet.net.ipv4.address = *address; + subnet.net.ipv4.prefixlength = 32; + subnet.owner = NULL; + + do { + /* Go find subnet */ + + p = (subnet_t *) avl_search_closest_smaller(subnet_tree, &subnet); + + /* Check if the found subnet REALLY matches */ + + if(p) { + if(p->type != SUBNET_IPV4) { + p = NULL; + break; + } + + if(!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) + break; + else { + /* Otherwise, see if there is a bigger enclosing subnet */ + + subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; + maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); + } + } + } while(p); + + return p; +} + +subnet_t *lookup_subnet_ipv6(const ipv6_t *address) +{ + subnet_t *p, subnet = {0}; + + cp(); + + subnet.type = SUBNET_IPV6; + subnet.net.ipv6.address = *address; + subnet.net.ipv6.prefixlength = 128; + subnet.owner = NULL; + + do { + /* Go find subnet */ + + p = (subnet_t *) avl_search_closest_smaller(subnet_tree, &subnet); + + /* Check if the found subnet REALLY matches */ + + if(p) { + if(p->type != SUBNET_IPV6) + return NULL; + + if(!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) + break; + else { + /* Otherwise, see if there is a bigger enclosing subnet */ + + subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; + maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); + } + } + } while(p); + + return p; +} + +void dump_subnets(void) +{ + char *netstr; + subnet_t *subnet; + avl_node_t *node; + + cp(); + + logger(LOG_DEBUG, _("Subnet list:")); + + for(node = subnet_tree->head; node; node = node->next) { + subnet = (subnet_t *) node->data; + netstr = net2str(subnet); + logger(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); + free(netstr); + } + + logger(LOG_DEBUG, _("End of subnet list.")); +} diff --git a/src/subnet.h b/src/subnet.h new file mode 100644 index 00000000..dcf3b284 --- /dev/null +++ b/src/subnet.h @@ -0,0 +1,83 @@ +/* + subnet.h -- header for subnet.c + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: subnet.h,v 1.4 2003/08/24 20:38:28 guus Exp $ +*/ + +#ifndef __TINC_SUBNET_H__ +#define __TINC_SUBNET_H__ + +#include "net.h" + +typedef enum subnet_type_t { + SUBNET_MAC = 0, + SUBNET_IPV4, + SUBNET_IPV6, + SUBNET_TYPES /* Guardian */ +} subnet_type_t; + +typedef struct subnet_mac_t { + mac_t address; + time_t lastseen; +} subnet_mac_t; + +typedef struct subnet_ipv4_t { + ipv4_t address; + int prefixlength; +} subnet_ipv4_t; + +typedef struct subnet_ipv6_t { + ipv6_t address; + int prefixlength; +} subnet_ipv6_t; + +#include "node.h" + +typedef struct subnet_t { + struct node_t *owner; /* the owner of this subnet */ + struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ + + subnet_type_t type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ + + /* And now for the actual subnet: */ + + union net { + subnet_mac_t mac; + subnet_ipv4_t ipv4; + subnet_ipv6_t ipv6; + } net; +} subnet_t; + +extern subnet_t *new_subnet(void) __attribute__ ((__malloc__)); +extern void free_subnet(subnet_t *); +extern void init_subnets(void); +extern void exit_subnets(void); +extern avl_tree_t *new_subnet_tree(void) __attribute__ ((__malloc__)); +extern void free_subnet_tree(avl_tree_t *); +extern void subnet_add(struct node_t *, subnet_t *); +extern void subnet_del(struct node_t *, subnet_t *); +extern char *net2str(const subnet_t *); +extern subnet_t *str2net(const char *); +extern subnet_t *lookup_subnet(const struct node_t *, const subnet_t *); +extern subnet_t *lookup_subnet_mac(const mac_t *); +extern subnet_t *lookup_subnet_ipv4(const ipv4_t *); +extern subnet_t *lookup_subnet_ipv6(const ipv6_t *); +extern void dump_subnets(void); + +#endif /* __TINC_SUBNET_H__ */ diff --git a/src/tincd.c b/src/tincd.c index c732b7c2..10888845 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,59 +17,47 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.16 2002/05/02 11:50:07 zarq Exp $ + $Id: tincd.c,v 1.17 2003/08/24 20:38:29 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_SYS_IOCTL_H -# include +/* Darwin (MacOS/X) needs the following definition... */ +#ifndef _P1003_1B_VISIBLE +#define _P1003_1B_VISIBLE +#endif + +#ifdef HAVE_SYS_MMAN_H +#include #endif -#ifdef USE_OPENSSL #include #include #include #include -#endif -#ifdef USE_GCRYPT -#include -#endif +#include -#include -#include +#include -#include "callbacks.h" -#include "read_conf.h" +#include "conf.h" +#include "device.h" +#include "logger.h" #include "net.h" #include "netutl.h" #include "process.h" #include "protocol.h" -#include "subnet.h" -#include "logging.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" /* The name this program was run with. */ -char *program_name; +char *program_name = NULL; /* If nonzero, display usage information and exit. */ -int show_help; +bool show_help = false; /* If nonzero, print the version on standard output and exit. */ -int show_version; +bool show_version = false; /* If nonzero, it will attempt to kill a running tincd and exit. */ int kill_tincd = 0; @@ -78,332 +66,445 @@ int kill_tincd = 0; int generate_keys = 0; /* If nonzero, use null ciphers and skip all key exchanges. */ -int bypass_security = 0; - -char *identname; /* program name for syslog */ -char *pidfilename; /* pid file location */ -char **g_argv; /* a copy of the cmdline arguments */ -char **environment; /* A pointer to the environment on - startup */ - -static struct option const long_options[] = -{ - { "config", required_argument, NULL, 'c' }, - { "kill", optional_argument, NULL, 'k' }, - { "net", required_argument, NULL, 'n' }, - { "help", no_argument, &show_help, 1 }, - { "version", no_argument, &show_version, 1 }, - { "no-detach", no_argument, &do_detach, 0 }, - { "generate-keys", optional_argument, NULL, 'K'}, - { "debug", optional_argument, NULL, 'd'}, - { "bypass-security", no_argument, &bypass_security, 1 }, - { NULL, 0, NULL, 0 } +bool bypass_security = false; + +/* If nonzero, disable swapping for this process. */ +bool do_mlock = false; + +/* If nonzero, write log entries to a separate file. */ +bool use_logfile = false; + +char *identname = NULL; /* program name for syslog */ +char *pidfilename = NULL; /* pid file location */ +char *logfilename = NULL; /* log file location */ +char **g_argv; /* a copy of the cmdline arguments */ + +static int status; + +static struct option const long_options[] = { + {"config", required_argument, NULL, 'c'}, + {"kill", optional_argument, NULL, 'k'}, + {"net", required_argument, NULL, 'n'}, + {"help", no_argument, NULL, 1}, + {"version", no_argument, NULL, 2}, + {"no-detach", no_argument, NULL, 'D'}, + {"generate-keys", optional_argument, NULL, 'K'}, + {"debug", optional_argument, NULL, 'd'}, + {"bypass-security", no_argument, NULL, 3}, + {"mlock", no_argument, NULL, 'L'}, + {"logfile", optional_argument, NULL, 4}, + {"pidfile", required_argument, NULL, 5}, + {NULL, 0, NULL, 0} }; -static void -usage(int status) +#ifdef HAVE_MINGW +static struct WSAData wsa_state; +#endif + +static void usage(bool status) { - if(status != 0) - fprintf(stderr, _("Try `%s --help\' for more information.\n"), program_name); - else - { - printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" - " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" - " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); - printf(_("Report bugs to tinc@nl.linux.org.\n")); - } - exit(status); + if(status) + fprintf(stderr, _("Try `%s --help\' for more information.\n"), + program_name); + else { + printf(_("Usage: %s [option]...\n\n"), program_name); + printf(_(" -c, --config=DIR Read configuration options from DIR.\n" + " -D, --no-detach Don't fork and detach.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n" + " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -L, --mlock Lock tinc into main memory.\n" + " --logfile[=FILENAME] Write log entries to a logfile.\n" + " --pidfile=FILENAME Write PID to FILENAME.\n" + " --help Display this help and exit.\n" + " --version Output version information and exit.\n\n")); + printf(_("Report bugs to tinc@nl.linux.org.\n")); + } } -void -parse_options(int argc, char **argv, char **envp) +static bool parse_options(int argc, char **argv) { - int r; - int option_index = 0; - - while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF) - { - switch(r) - { - case 0: /* long option */ - break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'd': /* inc debug level */ - if(optarg) - debug_lvl = atoi(optarg); - else - debug_lvl++; - break; - case 'k': /* kill old tincds */ - if(optarg) - { - if(!strcasecmp(optarg, "HUP")) - kill_tincd = SIGHUP; - else if(!strcasecmp(optarg, "TERM")) - kill_tincd = SIGTERM; - else if(!strcasecmp(optarg, "KILL")) - kill_tincd = SIGKILL; - else if(!strcasecmp(optarg, "USR1")) - kill_tincd = SIGUSR1; - else if(!strcasecmp(optarg, "USR2")) - kill_tincd = SIGUSR2; - else if(!strcasecmp(optarg, "WINCH")) - kill_tincd = SIGWINCH; - else if(!strcasecmp(optarg, "INT")) - kill_tincd = SIGINT; - else if(!strcasecmp(optarg, "ALRM")) - kill_tincd = SIGALRM; - else - { - kill_tincd = atoi(optarg); - if(!kill_tincd) - { - fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); - usage(1); - } - } - } - else - kill_tincd = SIGTERM; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ - if(optarg) - { - generate_keys = atoi(optarg); - if(generate_keys < 512) - { - fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), - optarg); - usage(1); - } - generate_keys &= ~7; /* Round it to bytes */ - } - else - generate_keys = 1024; - break; - case '?': - usage(1); - default: - break; - } - } + int r; + int option_index = 0; + + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { + switch (r) { + case 0: /* long option */ + break; + + case 'c': /* config file */ + confbase = xstrdup(optarg); + break; + + case 'D': /* no detach */ + do_detach = false; + break; + + case 'L': /* no detach */ + do_mlock = true; + break; + + case 'd': /* inc debug level */ + if(optarg) + debug_level = atoi(optarg); + else + debug_level++; + break; + + case 'k': /* kill old tincds */ +#ifndef HAVE_MINGW + if(optarg) { + if(!strcasecmp(optarg, "HUP")) + kill_tincd = SIGHUP; + else if(!strcasecmp(optarg, "TERM")) + kill_tincd = SIGTERM; + else if(!strcasecmp(optarg, "KILL")) + kill_tincd = SIGKILL; + else if(!strcasecmp(optarg, "USR1")) + kill_tincd = SIGUSR1; + else if(!strcasecmp(optarg, "USR2")) + kill_tincd = SIGUSR2; + else if(!strcasecmp(optarg, "WINCH")) + kill_tincd = SIGWINCH; + else if(!strcasecmp(optarg, "INT")) + kill_tincd = SIGINT; + else if(!strcasecmp(optarg, "ALRM")) + kill_tincd = SIGALRM; + else { + kill_tincd = atoi(optarg); + + if(!kill_tincd) { + fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), + optarg); + usage(true); + return false; + } + } + } else + kill_tincd = SIGTERM; +#else + kill_tincd = 1; +#endif + break; + + case 'n': /* net name given */ + netname = xstrdup(optarg); + break; + + case 'K': /* generate public/private keypair */ + if(optarg) { + generate_keys = atoi(optarg); + + if(generate_keys < 512) { + fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), + optarg); + usage(true); + return false; + } + + generate_keys &= ~7; /* Round it to bytes */ + } else + generate_keys = 1024; + break; + + case 1: /* show help */ + show_help = true; + break; + + case 2: /* show version */ + show_version = true; + break; + + case 3: /* bypass security */ + bypass_security = true; + break; + + case 4: /* write log entries to a file */ + use_logfile = true; + if(optarg) + logfilename = xstrdup(optarg); + break; + + case 5: /* write PID to a file */ + pidfilename = xstrdup(optarg); + break; + + case '?': + usage(true); + return false; + + default: + break; + } + } + + return true; } /* This function prettyprints the key generation process */ -void indicator(int a, int b, void *p) +static void indicator(int a, int b, void *p) { - switch(a) - { - case 0: - fprintf(stderr, "."); - break; - case 1: - fprintf(stderr, "+"); - break; - case 2: - fprintf(stderr, "-"); - break; - case 3: - switch(b) - { - case 0: - fprintf(stderr, " p\n"); - break; - case 1: - fprintf(stderr, " q\n"); - break; - default: - fprintf(stderr, "?"); - } - break; - default: - fprintf(stderr, "?"); - } + switch (a) { + case 0: + fprintf(stderr, "."); + break; + + case 1: + fprintf(stderr, "+"); + break; + + case 2: + fprintf(stderr, "-"); + break; + + case 3: + switch (b) { + case 0: + fprintf(stderr, " p\n"); + break; + + case 1: + fprintf(stderr, " q\n"); + break; + + default: + fprintf(stderr, "?"); + } + break; + + default: + fprintf(stderr, "?"); + } } -#ifdef USE_OPENSSL /* Generate a public/private RSA keypair, and ask for a file to store them in. */ -int keygen(int bits) +static bool keygen(int bits) { - RSA *rsa_key; - FILE *f; - char *name = NULL; - char *filename; - - fprintf(stderr, _("Generating %d bits keys:\n"), bits); - rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); - - if(!rsa_key) - { - fprintf(stderr, _("Error during key generation!\n")); - return -1; - } - else - fprintf(stderr, _("Done.\n")); - - get_config_string(lookup_config(config_tree, "Name"), &name); + RSA *rsa_key; + FILE *f; + char *name = NULL; + char *filename; + + fprintf(stderr, _("Generating %d bits keys:\n"), bits); + rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); + + if(!rsa_key) { + fprintf(stderr, _("Error during key generation!\n")); + return false; + } else + fprintf(stderr, _("Done.\n")); + + asprintf(&filename, "%s/rsa_key.priv", confbase); + f = ask_and_open(filename, _("private RSA key"), "a"); + + if(!f) + return false; + +#ifdef HAVE_FCHMOD + /* Make it unreadable for others. */ + fchmod(fileno(f), 0600); +#endif + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - if(name) - asprintf(&filename, "%s/hosts/%s", confbase, name); - else - asprintf(&filename, "%s/rsa_key.pub", confbase); + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); + fclose(f); + free(filename); - if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) - return -1; + get_config_string(lookup_config(config_tree, "Name"), &name); - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + if(name) + asprintf(&filename, "%s/hosts/%s", confbase, name); + else + asprintf(&filename, "%s/rsa_key.pub", confbase); - PEM_write_RSAPublicKey(f, rsa_key); - fclose(f); - free(filename); + f = ask_and_open(filename, _("public RSA key"), "a"); - asprintf(&filename, "%s/rsa_key.priv", confbase); - if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) - return -1; + if(!f) + return false; - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); - fclose(f); - free(filename); + PEM_write_RSAPublicKey(f, rsa_key); + fclose(f); + free(filename); - return 0; + return true; } -#endif /* Set all files and paths according to netname */ -void make_names(void) +static void make_names(void) { - if(netname) - { - if(!pidfilename) - asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); - if(!confbase) - asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); - else - log(0, TLOG_INFO, _("Both netname and configuration directory given, using the latter...")); - if(!identname) - asprintf(&identname, "tinc.%s", netname); - } - else - { - if(!pidfilename) - pidfilename = LOCALSTATEDIR "/run/tinc.pid"; - if(!confbase) - asprintf(&confbase, "%s/tinc", CONFDIR); - if(!identname) - identname = "tinc"; - } +#ifdef HAVE_MINGW + HKEY key; + char installdir[1024] = ""; + long len = sizeof(installdir); +#endif + + if(netname) + asprintf(&identname, "tinc.%s", netname); + else + identname = xstrdup("tinc"); + +#ifdef HAVE_MINGW + if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) { + if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) { + if(!logfilename) + asprintf(&logfilename, "%s/log/%s.log", identname); + if(!confbase) { + if(netname) + asprintf(&confbase, "%s/%s", installdir, netname); + else + asprintf(&confbase, "%s", installdir); + } + } + RegCloseKey(key); + if(*installdir) + return; + } +#endif + + if(!pidfilename) + asprintf(&pidfilename, LOCALSTATEDIR "/run/%s.pid", identname); + + if(!logfilename) + asprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname); + + if(netname) { + if(!confbase) + asprintf(&confbase, CONFDIR "/tinc/%s", netname); + else + logger(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); + } else { + if(!confbase) + asprintf(&confbase, CONFDIR "/tinc"); + } } -int -main(int argc, char **argv, char **envp) +int main(int argc, char **argv) { - program_name = argv[0]; + program_name = argv[0]; + + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + + if(!parse_options(argc, argv)) + return 1; + + make_names(); + + if(show_version) { + printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, + VERSION, __DATE__, __TIME__, PROT_CURRENT); + printf(_("Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" + "See the AUTHORS file for a complete list.\n\n" + "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" + "and you are welcome to redistribute it under certain conditions;\n" + "see the file COPYING for details.\n")); + + return 0; + } + + if(show_help) { + usage(false); + return 0; + } + + if(kill_tincd) + return !kill_other(kill_tincd); + + openlogger("tinc", use_logfile?LOGMODE_FILE:LOGMODE_STDERR); + + /* Lock all pages into memory if requested */ + + if(do_mlock) +#ifdef HAVE_MLOCKALL + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", + strerror(errno)); +#else + { + logger(LOG_ERR, _("mlockall() not supported on this platform!")); +#endif + return -1; + } - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); + g_argv = argv; - environment = envp; - parse_options(argc, argv, envp); + init_configuration(&config_tree); - if(show_version) - { - printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); + /* Slllluuuuuuurrrrp! */ - return 0; - } + RAND_load_file("/dev/urandom", 1024); - if(show_help) - usage(0); + OpenSSL_add_all_algorithms(); - log_add_hook(log_default); + if(generate_keys) { + read_server_config(); + return !keygen(generate_keys); + } - g_argv = argv; + if(!read_server_config()) + return 1; - make_names(); - init_configuration(&config_tree); + if(lzo_init() != LZO_E_OK) { + logger(LOG_ERR, _("Error initializing LZO compressor!")); + return 1; + } - /* Slllluuuuuuurrrrp! */ -cp -#ifdef USE_OPENSSL - RAND_load_file("/dev/urandom", 1024); +#ifdef HAVE_MINGW + if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "WSAStartup", winerror(GetLastError())); + return 1; + } -#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS - SSLeay_add_all_algorithms(); -#else - OpenSSL_add_all_algorithms(); -#endif + if(!do_detach || !init_service()) + return main2(argc, argv); + else + return 1; +} -cp - if(generate_keys) - { - read_server_config(); - exit(keygen(generate_keys)); - } +int main2(int argc, char **argv) +{ #endif - if(kill_tincd) - exit(kill_other(kill_tincd)); - - if(read_server_config()) - exit(1); -cp - if(detach()) - exit(0); - - init_callbacks(); -cp - for(;;) - { - if(!setup_network_connections()) - { - main_loop(); - cleanup_and_exit(1); - } - - log(0, TLOG_ERROR, _("Unrecoverable error")); - cp_trace(); - - if(do_detach) - { - log(0, TLOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); - sleep(maxtimeout); - } - else - { - log(0, TLOG_ERROR, _("Not restarting.")); - exit(1); - } - } + if(!detach()) + return 1; + + + /* Setup sockets and open device. If it doesn't work, don't give up but try again. */ + + while(!setup_network_connections()) { + if(do_detach) { + logger(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + sleep(maxtimeout); + } else { + logger(LOG_ERR, _("Not restarting.")); + return 1; + } + } + + /* Start main loop. It only exits when tinc is killed. */ + + status = main_loop(); + + /* Shutdown properly. */ + + close_network_connections(); + + ifdebug(CONNECTIONS) + dump_device_stats(); + + logger(LOG_NOTICE, _("Terminating")); + return status; } diff --git a/system.h b/system.h index 51adca0b..e38fba19 100644 --- a/system.h +++ b/system.h @@ -1,6 +1,7 @@ /* - system.h -- header for locale settings - Copyright (C) 1998,99,2000 Ivo Timmermans + system.h -- system headers + Copyright (C) 1998-2003 Ivo Timmermans + 2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,33 +21,132 @@ #ifndef __TINC_SYSTEM_H__ #define __TINC_SYSTEM_H__ -/* Take care of NLS matters. -- from fileutils 4.0 */ +#include "config.h" -#if HAVE_LOCALE_H -# include +/* Include standard headers */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_STDBOOL_H +#include +#else +typedef int bool; +#define true 1 +#define false 0 #endif -#if !HAVE_SETLOCALE -# define setlocale(Category, Locale) /* empty */ + +#ifdef HAVE_TERMIOS_H +#include #endif -#if ENABLE_NLS -# include -# define _(Text) gettext (Text) -#else -# undef bindtextdomain -# define bindtextdomain(Domain, Directory) /* empty */ -# undef textdomain -# define textdomain(Domain) /* empty */ -# define _(Text) Text +#ifdef HAVE_INTTYPES_H +#include +#endif + +/* Include system specific headers */ + +#ifdef HAVE_SYSLOG_H +#include +#endif + +#ifdef HAVE_SYS_TIME_H +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#ifdef HAVE_SYS_FILE_H +#include +#endif + +#ifdef HAVE_SYS_WAIT_H +#include +#endif + +#ifdef HAVE_SYS_IOCTL_H +#include #endif -#define N_(Text) Text + +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ + +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NET_IF_H +#include +#endif + +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_NETINET_IP_H +#include +#endif + +#ifdef HAVE_NETINET_TCP_H +#include +#endif + +#ifdef HAVE_NETINET_IN6_H +#include +#endif + +#ifdef HAVE_NETINET_IP6_H +#include +#endif + +#ifdef HAVE_MINGW +#include +#include +#endif + +/* Include localisation support */ + +#include "gettext.h" #ifndef HAVE_STRSIGNAL # define strsignal(p) "" #endif /* Other functions */ -#include -#endif /* __TINC_SYSTEM_H__ */ +#include "dropin.h" +#ifndef HAVE_SOCKLEN_T +typedef int socklen_t; +#endif + +#endif /* __TINC_SYSTEM_H__ */ diff --git a/testing b/testing deleted file mode 100644 index 397b93d0..00000000 --- a/testing +++ /dev/null @@ -1,3 +0,0 @@ -testing 1 2 3 -moo -