tinc
6 years agoInstall the bash completion file when running make install.
Guus Sliepen [Mon, 8 Oct 2018 20:12:23 +0000 (22:12 +0200)]
Install the bash completion file when running make install.

Closes #209 on GitHub.

6 years agoFix the compiler attribute test to work with Clang.
Guus Sliepen [Mon, 8 Oct 2018 19:27:08 +0000 (21:27 +0200)]
Fix the compiler attribute test to work with Clang.

Clang doesn't like the __nonnull__ attribute being applied to functions
that don't take pointer arguments, and this causes errors when running
the configure script.

6 years agoReleasing 1.1pre17. release-1.1pre17
Guus Sliepen [Mon, 8 Oct 2018 09:00:01 +0000 (11:00 +0200)]
Releasing 1.1pre17.

6 years agoUpdate THANKS.
Guus Sliepen [Sun, 7 Oct 2018 16:05:50 +0000 (18:05 +0200)]
Update THANKS.

6 years agoOpenBSD has a proper tap device.
Rafael Sadowski [Mon, 1 Oct 2018 13:14:24 +0000 (15:14 +0200)]
OpenBSD has a proper tap device.

6 years agoUpdate README and links to required libraries.
Guus Sliepen [Sun, 7 Oct 2018 11:41:23 +0000 (13:41 +0200)]
Update README and links to required libraries.

6 years agoDon't check for NULL-pointers before calling free().
Guus Sliepen [Sun, 7 Oct 2018 11:32:25 +0000 (13:32 +0200)]
Don't check for NULL-pointers before calling free().

6 years agoFix spelling errors.
Guus Sliepen [Sun, 7 Oct 2018 11:05:49 +0000 (13:05 +0200)]
Fix spelling errors.

Found by codespell.

6 years agoFix all warnings when compiling with -Wall -W -pedantic.
Guus Sliepen [Sat, 6 Oct 2018 21:31:05 +0000 (23:31 +0200)]
Fix all warnings when compiling with -Wall -W -pedantic.

6 years agoFix warnings from the Clang static analyzer.
Guus Sliepen [Sat, 6 Oct 2018 16:18:45 +0000 (18:18 +0200)]
Fix warnings from the Clang static analyzer.

6 years agoFix compiler warnings.
Guus Sliepen [Sat, 6 Oct 2018 15:51:41 +0000 (17:51 +0200)]
Fix compiler warnings.

6 years agoAdd a test for backwards compatibility with the legacy protocol.
Guus Sliepen [Sun, 9 Sep 2018 20:13:43 +0000 (22:13 +0200)]
Add a test for backwards compatibility with the legacy protocol.

6 years agoPrevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)
Guus Sliepen [Sun, 9 Sep 2018 16:19:15 +0000 (18:19 +0200)]
Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)

The legacy authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:

- Connections are no longer closed immediately on error, but put in
  a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
  initiator of a connection before sending a CHAL_REPLY of its own.
- Reduce the amount of connections per second accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
  rejected.

Just to be on the safe side:

- The new protocol now requires a valid SIG from the initiator of a
  connection before sending a SIG of its own.

6 years agoEnable AutoConnect by default.
Guus Sliepen [Sun, 24 Jun 2018 14:19:10 +0000 (16:19 +0200)]
Enable AutoConnect by default.

6 years agoRemove address cache debug messages printed to stderr.
Guus Sliepen [Sat, 23 Jun 2018 20:32:19 +0000 (22:32 +0200)]
Remove address cache debug messages printed to stderr.

6 years agoAvoid treating compressed MTU probes as having a negative length.
Guus Sliepen [Sat, 23 Jun 2018 20:26:12 +0000 (22:26 +0200)]
Avoid treating compressed MTU probes as having a negative length.

This was not harmful, but caused negative values being logged.

6 years agoPrint UDP RTT on its own line.
Guus Sliepen [Wed, 13 Jun 2018 20:41:02 +0000 (22:41 +0200)]
Print UDP RTT on its own line.

6 years agoMerge remote-tracking branch 'volth/release-1.1pre16-rtt' into 1.1
Guus Sliepen [Wed, 13 Jun 2018 20:23:27 +0000 (22:23 +0200)]
Merge remote-tracking branch 'volth/release-1.1pre16-rtt' into 1.1

Also, reformat the code and fix a compiler warning.

6 years agoAdd missing item and attribution to NEWS.
Guus Sliepen [Tue, 12 Jun 2018 18:50:58 +0000 (20:50 +0200)]
Add missing item and attribution to NEWS.

6 years agoRemove the ping test.
Guus Sliepen [Tue, 12 Jun 2018 18:50:37 +0000 (20:50 +0200)]
Remove the ping test.

This was kind of a hack. The ns-ping test is a much better test, although
it only works on Linux.

6 years agominor
volth [Wed, 13 Jun 2018 18:10:47 +0000 (18:10 +0000)]
minor

6 years agoexpose traffic stats to 'tinc info ___' and 'tinc dump nodes'
volth [Wed, 13 Jun 2018 14:12:02 +0000 (14:12 +0000)]
expose traffic stats to 'tinc info ___' and 'tinc dump nodes'

6 years agokeep track of round trip times of UDP pings
volth [Tue, 12 Jun 2018 21:17:30 +0000 (21:17 +0000)]
keep track of round trip times of UDP pings

6 years agoReleasing 1.1pre16. release-1.1pre16
Guus Sliepen [Tue, 12 Jun 2018 18:01:43 +0000 (20:01 +0200)]
Releasing 1.1pre16.

6 years agoRemove the wxPython GUI.
Guus Sliepen [Tue, 12 Jun 2018 17:47:02 +0000 (19:47 +0200)]
Remove the wxPython GUI.

This GUI is missing a lot of functionality, and won't be part of an 1.1.0
release. Therefore, it's being removed, and might be brought back after
1.1.0.

6 years agoFix compiling when support for UML sockets is enabled.
Oliver Freyermuth [Wed, 4 Apr 2018 20:01:52 +0000 (22:01 +0200)]
Fix compiling when support for UML sockets is enabled.

6 years agoReformat all code using astyle.
Guus Sliepen [Mon, 2 Apr 2018 14:49:06 +0000 (16:49 +0200)]
Reformat all code using astyle.

6 years agoAdd the ability to set a firewall mark on sockets.
Guus Sliepen [Mon, 2 Apr 2018 14:33:14 +0000 (16:33 +0200)]
Add the ability to set a firewall mark on sockets.

The FWMark option is added, when set it will use setsockopt(SOL_SOCKET, SO_MARK)
to set the given value as the mark on all sockets created by tinc.

Thanks to Olivier Tirat for submitting a similar patch in the past.

6 years agoFix invitation tests if port 655 is available.
Guus Sliepen [Mon, 2 Apr 2018 10:29:46 +0000 (12:29 +0200)]
Fix invitation tests if port 655 is available.

Running the "del Port" command when no Port is set returns an error. But
it is not necessary anyway since the later "set Port" command will
overwrite it.

6 years agoPrevent an infinite loop in get_recent_address().
Guus Sliepen [Fri, 30 Mar 2018 09:50:40 +0000 (11:50 +0200)]
Prevent an infinite loop in get_recent_address().

When a node is offline, but we still have edges to it that have the same
address as we already have in our address cache, an infinite loop would
happen in get_recent_address(), because we forgot to advance the pointer
in the list of known addresses, and kept looking at the same one over
and over.

Thanks to Sven-Haegar Koch for spotting the bug and providing
diagnostics.

6 years agoProperly implement tinc.texi's dependency on tincinclude.texi.
Guus Sliepen [Fri, 30 Mar 2018 09:38:22 +0000 (11:38 +0200)]
Properly implement tinc.texi's dependency on tincinclude.texi.

With this, make distcheck succeeds even without the info-in-builddir
option to AM_INIT_AUTOMAKE.

6 years agoWarn if we cannot reload the tincd when creating an invitation.
Guus Sliepen [Tue, 27 Mar 2018 20:54:15 +0000 (22:54 +0200)]
Warn if we cannot reload the tincd when creating an invitation.

6 years agoFix handling partial SPTPS messages in sptps_test.
Mike Sullivan [Mon, 26 Mar 2018 19:19:04 +0000 (14:19 -0500)]
Fix handling partial SPTPS messages in sptps_test.

6 years agoEnsure we call CloseServiceHandle() in case of errors.
Guus Sliepen [Tue, 6 Mar 2018 18:31:17 +0000 (19:31 +0100)]
Ensure we call CloseServiceHandle() in case of errors.

6 years agoReformat all code using astyle.
Guus Sliepen [Tue, 6 Mar 2018 18:24:14 +0000 (19:24 +0100)]
Reformat all code using astyle.

6 years agofix service removal.
Gjergji [Tue, 6 Mar 2018 10:10:41 +0000 (11:10 +0100)]
fix service removal.
Windows service was not removed until tincctl exits

6 years agoFix compatibility with LibreSSL and OpenSSL < 1.1.
Guus Sliepen [Wed, 28 Feb 2018 20:34:48 +0000 (21:34 +0100)]
Fix compatibility with LibreSSL and OpenSSL < 1.1.

Closes #184 on GitHub.

6 years agoTry to process all pending events after select().
Guus Sliepen [Wed, 28 Feb 2018 20:28:16 +0000 (21:28 +0100)]
Try to process all pending events after select().

If we break out of the loop every time at the first filedescriptor that
is read/writeable, we risk starving the other filedescriptors.

6 years agoCall WSAWaitForMultipleEvents() in a loop until we have checked all events.
Todd C. Miller [Tue, 27 Feb 2018 21:20:46 +0000 (14:20 -0700)]
Call WSAWaitForMultipleEvents() in a loop until we have checked all events.
WSAWaitForMultipleEvents() only returns the index of the first event that is read.  We need to call WSAWaitForMultipleEvents() repeatedly to check if other events are also ready.  Otherwise, a single busy event (such as the TAP device) can starve the other events.

6 years agoWork around a GCC bug that causes inet_checksum() to give wrong results.
Guus Sliepen [Tue, 27 Feb 2018 20:08:57 +0000 (21:08 +0100)]
Work around a GCC bug that causes inet_checksum() to give wrong results.

Valgrind reports the following bug:

==24877== Conditional jump or move depends on uninitialised value(s)
==24877==    at 0x12283E: inet_checksum (route.c:80)
==24877==    by 0x12283E: route_ipv6_unreachable (route.c:315)
==24877==    by 0x1236AC: route_ipv6 (route.c:751)
==24877==    by 0x1236AC: route (route.c:1160)
==24877==    by 0x113DE0: receive_tcppacket (net_packet.c:493)
==24877==    by 0x1119D4: receive_meta (meta.c:315)
==24877==    by 0x113288: handle_meta_connection_data (net.c:287)
==24877==    by 0x11A091: handle_meta_io (net_socket.c:491)
==24877==    by 0x10FB0C: event_loop (event.c:370)
==24877==    by 0x11362E: main_loop (net.c:489)
==24877==    by 0x10CACA: main (tincd.c:551)

Clearing the variable pseudo in route_ipv6_unreachable removes this error,
but the resulting checksum is still bad. If one instead adds a dummy
write that depends on checksum, the error goes away and the checksum is
correct.

6 years agoRevert "Unconditionally remove timeouts from the queue before calling the callback."
Guus Sliepen [Tue, 27 Feb 2018 18:11:38 +0000 (19:11 +0100)]
Revert "Unconditionally remove timeouts from the queue before calling the callback."

This reverts commit e8a60109fc91a42420ec626b63956771675f89b0.

6 years agoUnconditionally remove timeouts from the queue before calling the callback.
Guus Sliepen [Mon, 26 Feb 2018 21:19:43 +0000 (22:19 +0100)]
Unconditionally remove timeouts from the queue before calling the callback.

We are going to unlink the timeout from the splay tree anyway, so do it
unconditionally before the callback, instead of waiting until after the
callback to check whether or not to remove it based on its expiration
time.

6 years agoIn device_handle_read() we need to reset the read event on error or
Todd C. Miller [Thu, 22 Feb 2018 21:27:37 +0000 (14:27 -0700)]
In device_handle_read() we need to reset the read event on error or
it will keep firing.  This is easy to reproduce by suspending the
machine while tinc is running.

6 years agoUpdate the documentation of the control protocol.
Guus Sliepen [Wed, 21 Feb 2018 19:34:42 +0000 (20:34 +0100)]
Update the documentation of the control protocol.

6 years agoFix heap corruption on Windows exposed by the use-after free fix.
Todd C. Miller [Wed, 21 Feb 2018 03:18:38 +0000 (20:18 -0700)]
Fix heap corruption on Windows exposed by the use-after free fix.
reset_address_cache() could call free_known_addresses() on a struct
addrinfo * that was returned by getaddrinfo().  It seems safest to just
make a copy of the addresses returned by getaddrinfo() so we can always
use free_known_addresses() instead of trying to determine whether or
not we need to use freeaddrinfo().

6 years agoDocument the control protocol.
Guus Sliepen [Mon, 19 Feb 2018 19:41:21 +0000 (20:41 +0100)]
Document the control protocol.

6 years agoReduce memory allocations due to HMAC() and EVP_MD_*().
Guus Sliepen [Sun, 18 Feb 2018 15:51:06 +0000 (16:51 +0100)]
Reduce memory allocations due to HMAC() and EVP_MD_*().

HMAC() allocates a temporary buffer on the heap each time it is called.
Similarly, we called EVP_MD_CTX_create() every time we wanted to
calculate a hash. Use HMAC_CTX and EVP_MD_CTX variables to store the
state so no (re)allocations are necessary. HMAC() was called for every
legacy packet sent and received.

This issue was found thanks to heaptrack.

6 years agoReduce memory allocations due to zlib's uncompress().
Guus Sliepen [Sun, 18 Feb 2018 14:38:12 +0000 (15:38 +0100)]
Reduce memory allocations due to zlib's uncompress().

Everytime uncompress() is called, zlib allocates some buffer on the heap
and frees it again. When compression is enabled, this is the biggest source
of memory allocations in tinc. Instead of using this function, use
inflate(), which can store its state in a z_stream variable, which avoids
(re)allocating memory for every packet received.

This issue was found thanks to heaptrack.

6 years agoAdd code coverage testing support.
Guus Sliepen [Sun, 18 Feb 2018 14:33:36 +0000 (15:33 +0100)]
Add code coverage testing support.

Allows configure to be run with the --enable-code-coverage flag, allowing
one to run make check-code-coverage, which runs the test suite and produces
a code coverage report.

6 years agoReformat all code using astyle.
Guus Sliepen [Sat, 17 Feb 2018 13:39:29 +0000 (14:39 +0100)]
Reformat all code using astyle.

6 years agoFix a use-after-free bug in get_recent_address() and two related issues.
Todd C. Miller [Fri, 16 Feb 2018 21:17:39 +0000 (14:17 -0700)]
Fix a use-after-free bug in get_recent_address() and two related issues.
1) The sockaddr_t * returned may be part of memory freed by the call to
   freeaddrinfo().
2) The sockaddr_t * returned from a recently seen address not in the
   cache was cast from struct addrinfo *ai, not the struct sockaddr *
   inside of it.
3) In do_outgoing_connection(), when filling in the address in the
   connection_t, there is a buffer overflow (read, not write) if
   the sa returned by get_recent_address() didn't come from the
   cache of recently seen addresses.  That is, it was really a
   struct sockaddr * and not a sockaddr_t *.  This last was
   found by building tinc with address sanitizer.

6 years agoIn device_issue_read() there is no need to reset Offset and OffsetHigh
Todd C. Miller [Wed, 31 Jan 2018 21:55:20 +0000 (14:55 -0700)]
In device_issue_read() there is no need to reset Offset and OffsetHigh
to 0; they are only used for seekable files (not sockets).

Reset the write event before the call to WriteFile().  This is
consistent with how the read event is reset before ReadFile().

Clear device_write_packet.len() if WriteFile() fails with an error
other than ERROR_IO_PENDING; otherwise write_packet() will call
GetOverlappedResult() the next time it is run even though there is
no write in progress.

6 years agoWSAEVENT is a pointer, so we cannot simply return the different of two
Todd C. Miller [Tue, 23 Jan 2018 22:57:58 +0000 (15:57 -0700)]
WSAEVENT is a pointer, so we cannot simply return the different of two
events in io_compare(), which returns an int.  This can return the wrong
result for 64-bit executables.

6 years agoAdd some missing freeaddrinfo() calls to avoid leaking memory.
Todd C. Miller [Mon, 22 Jan 2018 17:27:16 +0000 (10:27 -0700)]
Add some missing freeaddrinfo() calls to avoid leaking memory.

6 years agoFix calling freeaddrinfo() on the wrong pointer.
Guus Sliepen [Mon, 22 Jan 2018 17:05:09 +0000 (18:05 +0100)]
Fix calling freeaddrinfo() on the wrong pointer.

Thanks to Todd C. Miller for finding this issue.

6 years agoMove ResetEvent() call before ReadFile().
Etienne Dechamps [Wed, 17 Jan 2018 19:37:53 +0000 (19:37 +0000)]
Move ResetEvent() call before ReadFile().

Commit 313a752 changed the Windows device code such that ResetEvent() is
called on the read OVERLAPPED structure before GetOverlappedResult(), as
opposed to before ReadFile(). In [1] Guus pointed out that this doesn't
make a ton of sense, and I agree with him; it must have been an
oversight on my part when I wrote this code.

Surprisingly, none of this makes any difference in my testing, at least
with the standard TAP 9.0.0.9 driver. Nevertheless, this code is
probably wrong and fixing it will make me sleep better at night.

[1]: https://www.tinc-vpn.org/pipermail/tinc/2018-January/005091.html

6 years agoFix "use of GNU empty initializer extension" warning.
Etienne Dechamps [Sun, 7 Jan 2018 14:48:08 +0000 (14:48 +0000)]
Fix "use of GNU empty initializer extension" warning.

6 years agoFix "void function should not return void expression" warning.
Etienne Dechamps [Sun, 7 Jan 2018 14:44:12 +0000 (14:44 +0000)]
Fix "void function should not return void expression" warning.

6 years agoFix AC_CHECK_DECLS usage in openssl.m4.
Etienne Dechamps [Sun, 7 Jan 2018 14:26:00 +0000 (14:26 +0000)]
Fix AC_CHECK_DECLS usage in openssl.m4.

See:

  https://www.gnu.org/software/autoconf/manual/autoconf-2.62/html_node/Generic-Declarations.html

"For each of the symbols (comma-separated list)"

When building with aggressive warning settings the current code results
in the following configure test code being generated:

  #ifndef OpenSSL_add_all_algorithms EVP_aes_256_cfb
  #ifdef __cplusplus
    (void) OpenSSL_add_all_algorithms EVP_aes_256_cfb;
  #else
    (void) OpenSSL_add_all_algorithms EVP_aes_256_cfb;
  #endif
  #endif

Which is obviously wrong and makes the configure check fail.

6 years agoAdd a cache of recently seen addresses.
Guus Sliepen [Fri, 5 Jan 2018 21:49:30 +0000 (22:49 +0100)]
Add a cache of recently seen addresses.

This maintains a cache file for each host we have communicated with, either
via TCP or UDP. The cache is used when trying to make outgoing connections,
and is updated whenever a successful TCP or UDP connection is established.
Up to 8 addresses are stored in the cache.

Currently, the cache is stored in /etc/tinc/NETNAME/cache. The directory
has to be manually created to opt in to this feature for now.

6 years agoFix all spelling errors found by codespell.
Guus Sliepen [Sat, 6 Jan 2018 19:46:22 +0000 (20:46 +0100)]
Fix all spelling errors found by codespell.

6 years agoDocument how to enable tinc at boot time using systemd.
Guus Sliepen [Sat, 6 Jan 2018 19:34:37 +0000 (20:34 +0100)]
Document how to enable tinc at boot time using systemd.

6 years agoDon't include generated files into the tarball.
Guus Sliepen [Sat, 6 Jan 2018 15:59:21 +0000 (16:59 +0100)]
Don't include generated files into the tarball.

6 years agoUpdate .gitignore.
Guus Sliepen [Sat, 6 Jan 2018 15:21:19 +0000 (16:21 +0100)]
Update .gitignore.

6 years agoEnsure the sptps-basic test doesn't fail during make distcheck.
Guus Sliepen [Sat, 6 Jan 2018 15:20:25 +0000 (16:20 +0100)]
Ensure the sptps-basic test doesn't fail during make distcheck.

6 years agoSet default systemd unit path to ${libdir}/systemd/system.
Guus Sliepen [Sat, 6 Jan 2018 15:20:03 +0000 (16:20 +0100)]
Set default systemd unit path to ${libdir}/systemd/system.

This installs systemd unit files into /usr/local, just like the binaries.
The systemd documentation claims to read this directory as well.

6 years agoRemove hardcoded paths from systemd unit files.
Guus Sliepen [Sat, 6 Jan 2018 15:17:35 +0000 (16:17 +0100)]
Remove hardcoded paths from systemd unit files.

Closes #160 on GitHub.

6 years agoMerge remote-tracking branch 'dechamps/ipip' into 1.1
Guus Sliepen [Fri, 5 Jan 2018 18:58:28 +0000 (19:58 +0100)]
Merge remote-tracking branch 'dechamps/ipip' into 1.1

6 years agoSupport MSS clamping for IP in IP (RFC 2003) packets.
Etienne Dechamps [Tue, 2 Jan 2018 09:55:26 +0000 (09:55 +0000)]
Support MSS clamping for IP in IP (RFC 2003) packets.

This change allows tinc MSS clamping to operate on TCP streams that are
inside an IP in IP tunnel.

6 years agoAdd missing newlines to some error messages.
Guus Sliepen [Fri, 5 Jan 2018 16:13:57 +0000 (17:13 +0100)]
Add missing newlines to some error messages.

6 years agoDocument that invitation files MUST always start with Name = ...
Guus Sliepen [Fri, 5 Jan 2018 16:13:25 +0000 (17:13 +0100)]
Document that invitation files MUST always start with Name = ...

6 years agoDon't warn about empty lines in invitation files.
Guus Sliepen [Fri, 5 Jan 2018 16:12:06 +0000 (17:12 +0100)]
Don't warn about empty lines in invitation files.

6 years agoDocument the --batch option.
Guus Sliepen [Mon, 18 Dec 2017 09:47:40 +0000 (10:47 +0100)]
Document the --batch option.

6 years agoAssume all IPPROTO_* macros exist.
Guus Sliepen [Sat, 16 Dec 2017 21:54:31 +0000 (22:54 +0100)]
Assume all IPPROTO_* macros exist.

7 years agoFix building documentation when using OpenBSD's make.
Guus Sliepen [Mon, 6 Nov 2017 21:52:17 +0000 (22:52 +0100)]
Fix building documentation when using OpenBSD's make.

7 years agoUpdate THANKS.
Guus Sliepen [Mon, 6 Nov 2017 21:49:41 +0000 (22:49 +0100)]
Update THANKS.

7 years agoConst correctness.
Guus Sliepen [Mon, 6 Nov 2017 21:44:12 +0000 (22:44 +0100)]
Const correctness.

7 years agoSupport autoconf's --runstatedir option.
Guus Sliepen [Mon, 6 Nov 2017 21:35:28 +0000 (22:35 +0100)]
Support autoconf's --runstatedir option.

Put the PID file in @runstatedir@ instead of @localstatedir@/run. This
requires autoconf 2.70, which is not released yet, so add a fallback to
use @localstatedir@/run if @runstatedir@ is not set.

7 years agoEnsure all parameters have names in header files.
Guus Sliepen [Mon, 6 Nov 2017 21:28:32 +0000 (22:28 +0100)]
Ensure all parameters have names in header files.

7 years agoRemove unused functions.
Guus Sliepen [Mon, 6 Nov 2017 21:27:57 +0000 (22:27 +0100)]
Remove unused functions.

7 years agoDon't log errors when autoconnecting fails and debuglevel is 0.
Guus Sliepen [Mon, 6 Nov 2017 20:46:17 +0000 (21:46 +0100)]
Don't log errors when autoconnecting fails and debuglevel is 0.

7 years agoIf we are using libncurses, also try to link with libtinfo.
Guus Sliepen [Thu, 26 Oct 2017 19:33:46 +0000 (21:33 +0200)]
If we are using libncurses, also try to link with libtinfo.

On some distributions, tinc might not be linked correctly if -ltinfo is
not explicitly specified.

7 years agoOnly forward SPTPS packets if Forwarding = internal.
Guus Sliepen [Wed, 25 Oct 2017 19:08:29 +0000 (21:08 +0200)]
Only forward SPTPS packets if Forwarding = internal.

This tries to match what is done for packets using the legacy protocol.
However, since SPTPS is end-to-end encrypted, Forwarding = kernel cannot
be implemented. In that case, we also drop the packets.

7 years agoReplace remaining sizeof foo with sizeof(foo).
Todd C. Miller [Wed, 25 Oct 2017 16:05:06 +0000 (10:05 -0600)]
Replace remaining sizeof foo with sizeof(foo).

7 years agoDisable PMTU discovery when TCPOnly is used.
Guus Sliepen [Mon, 23 Oct 2017 19:10:20 +0000 (21:10 +0200)]
Disable PMTU discovery when TCPOnly is used.

7 years agoAdd some information about the requirements of a chroot environment.
Guus Sliepen [Wed, 11 Oct 2017 17:30:17 +0000 (19:30 +0200)]
Add some information about the requirements of a chroot environment.

7 years agoEnsure "make distcheck" really runs without errors.
Guus Sliepen [Sun, 8 Oct 2017 19:32:12 +0000 (21:32 +0200)]
Ensure "make distcheck" really runs without errors.

7 years agoReformat all code using astyle.
Guus Sliepen [Sat, 7 Oct 2017 15:50:22 +0000 (17:50 +0200)]
Reformat all code using astyle.

7 years agoConvert sizeof foo to sizeof(foo).
Guus Sliepen [Sat, 7 Oct 2017 15:47:19 +0000 (17:47 +0200)]
Convert sizeof foo to sizeof(foo).

While technically sizeof is an operator and doesn't need the parentheses
around expressions it operates on, except if they are type names, code
formatters don't seem to handle this very well.

7 years agoUpdate all header guards.
Guus Sliepen [Sat, 7 Oct 2017 15:40:34 +0000 (17:40 +0200)]
Update all header guards.

Don't start with underscores, as those are reserved for system
libraries. Make sure all start with TINC_, and that they appear at
the top of the file.

7 years agoRemove unused/obsolete checks from configure.ac.
Guus Sliepen [Sat, 7 Oct 2017 14:51:32 +0000 (16:51 +0200)]
Remove unused/obsolete checks from configure.ac.

7 years agodoc: there is, not their is
Daniel Lublin [Thu, 5 Oct 2017 07:23:20 +0000 (09:23 +0200)]
doc: there is, not their is

7 years agoPrepare for automatic code formatting using Artistic Style.
Guus Sliepen [Tue, 3 Oct 2017 19:23:28 +0000 (21:23 +0200)]
Prepare for automatic code formatting using Artistic Style.

7 years agoUpdate THANKS.
Guus Sliepen [Sun, 1 Oct 2017 20:04:40 +0000 (22:04 +0200)]
Update THANKS.

7 years agoFix parsing of -b flag
Todd C. Miller [Thu, 28 Sep 2017 22:39:59 +0000 (16:39 -0600)]
Fix parsing of -b flag

Only the short -b option is missing, --batch works as expected.

7 years agoReleasing 1.1pre15. release-1.1pre15
Guus Sliepen [Sat, 2 Sep 2017 19:56:17 +0000 (21:56 +0200)]
Releasing 1.1pre15.

7 years agoDrop h and hh length modifiers from printf format strings.
Guus Sliepen [Sat, 2 Sep 2017 19:55:47 +0000 (21:55 +0200)]
Drop h and hh length modifiers from printf format strings.

7 years agoEnsure packet priority is cleared when sending PMTU probe replies.
Guus Sliepen [Sat, 2 Sep 2017 19:54:34 +0000 (21:54 +0200)]
Ensure packet priority is cleared when sending PMTU probe replies.

Found by the Clang static analyzer.

7 years agoFix a file descriptor leak when using an invitation.
Guus Sliepen [Sat, 2 Sep 2017 19:52:44 +0000 (21:52 +0200)]
Fix a file descriptor leak when using an invitation.

Found by cppcheck.

7 years agoFix a compiler warning.
Guus Sliepen [Sat, 2 Sep 2017 19:06:25 +0000 (21:06 +0200)]
Fix a compiler warning.