Guus Sliepen [Mon, 9 Mar 2009 18:02:24 +0000 (19:02 +0100)]
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
doc/tinc.conf.5.in
doc/tinc.texi
po/nl.po
src/conf.c
src/connection.c
src/event.c
src/graph.c
src/net.c
src/net_packet.c
src/net_socket.c
src/node.c
src/node.h
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_key.c
src/protocol_misc.c
src/subnet.c
src/subnet.h
src/tincd.c
Guus Sliepen [Mon, 9 Mar 2009 13:04:31 +0000 (14:04 +0100)]
Use a simple Random Early Drop algorithm in send_tcppacket().
Guus Sliepen [Mon, 9 Mar 2009 12:48:54 +0000 (13:48 +0100)]
Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU. However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
Guus Sliepen [Thu, 5 Mar 2009 13:12:36 +0000 (14:12 +0100)]
Update THANKS and copyright information.
Guus Sliepen [Thu, 5 Mar 2009 12:34:13 +0000 (13:34 +0100)]
Allow weight to be assigned to Subnets.
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.
Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority. The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
Michael Tokarev [Sat, 28 Feb 2009 13:37:51 +0000 (16:37 +0300)]
Enable PMTUDiscovery only if BOTH sides wants it.
Don't enable PMTUDiscovery if at least one side does not support it.
Before it was enabled if at least one side supported it, now both are required.
Guus Sliepen [Tue, 17 Feb 2009 13:43:05 +0000 (14:43 +0100)]
Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
Michael Tokarev [Mon, 9 Feb 2009 22:51:10 +0000 (23:51 +0100)]
Allow tunnelserver to work with clients that have other peers.
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
Guus Sliepen [Tue, 3 Feb 2009 13:54:45 +0000 (14:54 +0100)]
Disable old RSA keys when generating new ones.
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
Guus Sliepen [Tue, 20 Jan 2009 13:21:50 +0000 (14:21 +0100)]
Validate Name before using it in a filename when generating a keypair.
Guus Sliepen [Tue, 20 Jan 2009 13:20:44 +0000 (14:20 +0100)]
Allow reading config files with CRLF endings on Unix systems.
Guus Sliepen [Tue, 20 Jan 2009 12:19:31 +0000 (13:19 +0100)]
Remove unused definitions from net.h.
Guus Sliepen [Tue, 20 Jan 2009 12:12:41 +0000 (13:12 +0100)]
Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
Guus Sliepen [Mon, 19 Jan 2009 22:17:28 +0000 (23:17 +0100)]
Add missing cleanup functions in close_network_connections().
Guus Sliepen [Mon, 19 Jan 2009 21:50:05 +0000 (22:50 +0100)]
Change flush_events() to expire_events().
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
Guus Sliepen [Fri, 9 Jan 2009 11:36:06 +0000 (12:36 +0100)]
Move free()s at the end om main() to the proper destructor functions.
Guus Sliepen [Sat, 3 Jan 2009 21:33:55 +0000 (22:33 +0100)]
Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
Guus Sliepen [Sat, 3 Jan 2009 21:06:10 +0000 (22:06 +0100)]
Consistently allocate device and iface variables on the heap.
This fixes a segfault when no Device has been specified and tinc exits, and it
would try to free() a static string. Thanks to Borg for spottin.
Guus Sliepen [Sat, 27 Dec 2008 10:09:43 +0000 (11:09 +0100)]
Update documentation for git.
Guus Sliepen [Fri, 26 Dec 2008 13:47:34 +0000 (13:47 +0000)]
Releasing 1.0.9.
Guus Sliepen [Fri, 26 Dec 2008 12:46:45 +0000 (12:46 +0000)]
Add missing parentheses in check for IPv4 multicast addresses.
Guus Sliepen [Tue, 23 Dec 2008 23:14:37 +0000 (23:14 +0000)]
Apply patch from Max Rijevski fixing a memory leak when closing connections.
It also cleans up more when stopping tinc, helping tools like valgrind.
Guus Sliepen [Tue, 23 Dec 2008 22:31:38 +0000 (22:31 +0000)]
Handle broadcast and multicast packets in router mode.
Multicast packets are treated as broadcast packets.
Based on a patch from Max Rijevski.
Guus Sliepen [Mon, 22 Dec 2008 21:49:23 +0000 (21:49 +0000)]
Update the manpage as well, and some whitespace to make its source more legible.
Guus Sliepen [Mon, 22 Dec 2008 21:29:21 +0000 (21:29 +0000)]
Update documentation.
- TCPOnly is not experimental.
- Do not mention old Linux kernels and Ethertap anymore.
- Document the DeviceType, PMTU and PMTUDiscovery options.
Guus Sliepen [Mon, 22 Dec 2008 20:35:45 +0000 (20:35 +0000)]
Enable PMTU discovery by default.
Guus Sliepen [Mon, 22 Dec 2008 20:27:52 +0000 (20:27 +0000)]
Update copyright information.
Guus Sliepen [Mon, 22 Dec 2008 19:43:49 +0000 (19:43 +0000)]
Update Dutch translation.
Guus Sliepen [Mon, 22 Dec 2008 19:40:40 +0000 (19:40 +0000)]
Make sure IPv6 sockets are IPv6 only.
This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
in use" message on Linux.
Guus Sliepen [Mon, 22 Dec 2008 19:33:37 +0000 (19:33 +0000)]
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
Guus Sliepen [Sun, 21 Dec 2008 16:19:31 +0000 (16:19 +0000)]
Treat virtual network device as tap if Mode = switch or hub.
On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
Guus Sliepen [Sun, 14 Dec 2008 12:47:26 +0000 (12:47 +0000)]
Move RSA key generation into the wrappers.
Guus Sliepen [Thu, 11 Dec 2008 20:49:14 +0000 (20:49 +0000)]
Make sure IPv6 sockets are IPv6 only.
Guus Sliepen [Thu, 11 Dec 2008 18:07:26 +0000 (18:07 +0000)]
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
Guus Sliepen [Thu, 11 Dec 2008 18:05:59 +0000 (18:05 +0000)]
Remove wrong checks.
Guus Sliepen [Thu, 11 Dec 2008 15:56:18 +0000 (15:56 +0000)]
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
Guus Sliepen [Thu, 11 Dec 2008 15:42:46 +0000 (15:42 +0000)]
Fix compiler warnings.
Guus Sliepen [Thu, 11 Dec 2008 15:21:40 +0000 (15:21 +0000)]
Backport fixes from trunk since revision 1555.
Guus Sliepen [Thu, 11 Dec 2008 14:44:44 +0000 (14:44 +0000)]
Use the crypto wrappers again instead of calling OpenSSL directly.
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
Guus Sliepen [Thu, 11 Dec 2008 14:43:13 +0000 (14:43 +0000)]
Move AC_GNU_SOURCE up to make autoconf happy.
Also bump libgcrypt dependency to 1.4.0, because that version supports the OFB cipher mode.
Guus Sliepen [Thu, 11 Dec 2008 14:03:52 +0000 (14:03 +0000)]
Only show meta connection related debug messages when debug level >= 4
Guus Sliepen [Thu, 11 Dec 2008 13:59:46 +0000 (13:59 +0000)]
Look in the configured sbin directory for the tincd binary.
Guus Sliepen [Fri, 5 Dec 2008 14:17:39 +0000 (14:17 +0000)]
Correct debug message.
Guus Sliepen [Tue, 18 Nov 2008 15:11:27 +0000 (15:11 +0000)]
Prevent freeing a NULL pointer when a hostname is unresolvable.
Guus Sliepen [Sat, 25 Oct 2008 19:54:00 +0000 (19:54 +0000)]
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
Guus Sliepen [Sat, 25 Oct 2008 18:10:08 +0000 (18:10 +0000)]
Fix reading configuration files that do not end with a newline.
Guus Sliepen [Fri, 14 Dec 2007 21:17:08 +0000 (21:17 +0000)]
Make sure the prefixlength of subnets is sane.
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
Scott Lamb [Thu, 8 Nov 2007 19:18:44 +0000 (19:18 +0000)]
Use a control socket directory to restrict access
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.
We could add a cryptographic handshake later if desired.
Scott Lamb [Wed, 7 Nov 2007 06:45:28 +0000 (06:45 +0000)]
Coding style corrections
Scott Lamb [Wed, 7 Nov 2007 02:51:24 +0000 (02:51 +0000)]
Reload configuration through control socket
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
Scott Lamb [Wed, 7 Nov 2007 02:50:58 +0000 (02:50 +0000)]
Retry connections through control socket
Scott Lamb [Wed, 7 Nov 2007 02:50:27 +0000 (02:50 +0000)]
Alter debugging levels through control socket
Scott Lamb [Wed, 7 Nov 2007 02:49:57 +0000 (02:49 +0000)]
Purge through the control socket
Scott Lamb [Wed, 7 Nov 2007 02:49:25 +0000 (02:49 +0000)]
Dump through control socket
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
Scott Lamb [Wed, 7 Nov 2007 02:48:33 +0000 (02:48 +0000)]
Fancier protocol for control socket
* pass error status back
* pass message boundaries
Scott Lamb [Wed, 7 Nov 2007 02:48:15 +0000 (02:48 +0000)]
Fix reload crash
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
Scott Lamb [Wed, 7 Nov 2007 02:48:00 +0000 (02:48 +0000)]
Update documentation to match tincctl changes
(Most of this was done in r1559, but it looks like tincctl.8.in got missed.)
Scott Lamb [Wed, 7 Nov 2007 02:47:05 +0000 (02:47 +0000)]
Temporarily revert to old crypto code
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)
This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
Guus Sliepen [Sat, 20 Oct 2007 11:21:44 +0000 (11:21 +0000)]
Prevent double free() of a used challenge nonce.
Guus Sliepen [Fri, 19 Oct 2007 19:07:30 +0000 (19:07 +0000)]
Fix meta data segfault when receiving a partial command.
Guus Sliepen [Fri, 19 Oct 2007 18:54:43 +0000 (18:54 +0000)]
Use a dummy function as the read callback for connection bufferevents. Should not be triggered.
Guus Sliepen [Fri, 19 Oct 2007 18:53:48 +0000 (18:53 +0000)]
Fix connection weight estimation.
Guus Sliepen [Tue, 4 Sep 2007 15:06:35 +0000 (15:06 +0000)]
Apply patch from Scott Lamb: Update documentation to match tincctl changes
Guus Sliepen [Tue, 4 Sep 2007 14:58:52 +0000 (14:58 +0000)]
Small fixes to make gcrypt routines compile.
Guus Sliepen [Tue, 4 Sep 2007 14:58:11 +0000 (14:58 +0000)]
Fix formatting of --help output.
Guus Sliepen [Tue, 4 Sep 2007 14:57:37 +0000 (14:57 +0000)]
Only check for libgcrypt if --with-gcrypt is used.
Guus Sliepen [Fri, 17 Aug 2007 22:09:00 +0000 (22:09 +0000)]
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
Scott Lamb [Fri, 20 Jul 2007 20:10:46 +0000 (20:10 +0000)]
const correctness
cipher_encrypt and cipher_decrypt should take "const void *" data
Scott Lamb [Wed, 18 Jul 2007 16:44:05 +0000 (16:44 +0000)]
Updated svn:ignores list for new symlinked sources and tincctl.
Scott Lamb [Wed, 18 Jul 2007 16:40:41 +0000 (16:40 +0000)]
Refresh po/POTFILES.in.
In particular, remove lib/pidfile.c which was causing failures. Also sort
for diffability with "find . -type f -name '*.c' | cut -c3- | sort" output.
Scott Lamb [Wed, 18 Jul 2007 16:40:29 +0000 (16:40 +0000)]
Revert to only requiring autoconf 2.59.
The new autoconf macros introduced at the same time (AC_GNU_SOURCE,
AC_FUNC_MALLOC, AC_FUNC_REALLOC) exist in the autoconf 2.59 documentation,
and autoconf 2.59 appears to still work. This is more convenient, as RHEL 5
ships with autoconf 2.59.
Guus Sliepen [Wed, 23 May 2007 13:45:49 +0000 (13:45 +0000)]
Finish crypto wrapping. Also provide wrappers for OpenSSL.
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
Guus Sliepen [Tue, 22 May 2007 23:41:22 +0000 (23:41 +0000)]
Some more crypto wrapper functions are needed.
Guus Sliepen [Tue, 22 May 2007 21:44:17 +0000 (21:44 +0000)]
Make sure the crypto wrapper functions can actually be compiled.
Guus Sliepen [Tue, 22 May 2007 21:32:48 +0000 (21:32 +0000)]
Create wrappers for the cryptographic operations used in tinc.
Implement them using libgcrypt.
Guus Sliepen [Sun, 20 May 2007 22:28:49 +0000 (22:28 +0000)]
Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption.
Guus Sliepen [Sat, 19 May 2007 22:23:02 +0000 (22:23 +0000)]
Use libevent for meta socket input/output buffering.
Guus Sliepen [Sat, 19 May 2007 16:21:52 +0000 (16:21 +0000)]
Use bufferevents to handle control socket buffering.
Guus Sliepen [Sat, 19 May 2007 15:21:26 +0000 (15:21 +0000)]
Implement "stop" command, and allow tincctl to retrieve a running tincd's PID.
Guus Sliepen [Sat, 19 May 2007 14:55:35 +0000 (14:55 +0000)]
Move key generation to tincctl.
Guus Sliepen [Sat, 19 May 2007 14:13:21 +0000 (14:13 +0000)]
Remove pidfile in favour of control socket.
Guus Sliepen [Sat, 19 May 2007 13:34:32 +0000 (13:34 +0000)]
Fix retrying outgoing connections.
Guus Sliepen [Sat, 19 May 2007 12:07:30 +0000 (12:07 +0000)]
We can safely delete a connection_t in terminate_connection() now.
Guus Sliepen [Fri, 18 May 2007 16:52:34 +0000 (16:52 +0000)]
Start of control socket implementation.
Guus Sliepen [Fri, 18 May 2007 11:54:16 +0000 (11:54 +0000)]
Update documentation.
Guus Sliepen [Fri, 18 May 2007 11:35:21 +0000 (11:35 +0000)]
Show branch version number.
Guus Sliepen [Fri, 18 May 2007 11:19:31 +0000 (11:19 +0000)]
More consistent variable naming.
Guus Sliepen [Fri, 18 May 2007 10:29:10 +0000 (10:29 +0000)]
Detect duplicate outgoing connections.
Guus Sliepen [Fri, 18 May 2007 10:05:26 +0000 (10:05 +0000)]
Use splay trees instead of AVL trees.
Guus Sliepen [Fri, 18 May 2007 10:00:00 +0000 (10:00 +0000)]
K&R style braces
Guus Sliepen [Fri, 18 May 2007 09:51:54 +0000 (09:51 +0000)]
Remove last references to the global variable "running".
Guus Sliepen [Fri, 18 May 2007 09:43:52 +0000 (09:43 +0000)]
Remove the last bits of the legacy main_loop().
Guus Sliepen [Fri, 18 May 2007 09:34:06 +0000 (09:34 +0000)]
Remove global variable "now".
Guus Sliepen [Thu, 17 May 2007 23:57:48 +0000 (23:57 +0000)]
Move key regeneration handling to net_setup.c.
Guus Sliepen [Thu, 17 May 2007 23:33:07 +0000 (23:33 +0000)]
Use libevent to handle key expiration.
Guus Sliepen [Thu, 17 May 2007 23:24:40 +0000 (23:24 +0000)]
Use libevent to age learned MAC addresses.
Guus Sliepen [Thu, 17 May 2007 23:14:42 +0000 (23:14 +0000)]
Use libevent to age past requests.
Guus Sliepen [Thu, 17 May 2007 23:04:02 +0000 (23:04 +0000)]
Redo SIGALRM handling.
Guus Sliepen [Thu, 17 May 2007 22:41:34 +0000 (22:41 +0000)]
Use libevent to handle all non-fatal signals.
Guus Sliepen [Thu, 17 May 2007 22:17:24 +0000 (22:17 +0000)]
Properly use the timeout_initialized() macro.