Guus Sliepen [Sat, 29 Jan 2011 09:49:44 +0000 (10:49 +0100)]
Fix typo spotted by Andrew Scheller.
Guus Sliepen [Wed, 12 Jan 2011 19:57:14 +0000 (20:57 +0100)]
Proper check and dropin replacement for usleep().
Guus Sliepen [Sun, 2 Jan 2011 16:25:24 +0000 (17:25 +0100)]
Update the NEWS.
Guus Sliepen [Sun, 2 Jan 2011 16:25:03 +0000 (17:25 +0100)]
Update the manual.
Guus Sliepen [Sun, 2 Jan 2011 16:24:23 +0000 (17:24 +0100)]
Document the behavior of "-n."
Guus Sliepen [Sun, 2 Jan 2011 15:59:42 +0000 (16:59 +0100)]
Remove unused variables.
Guus Sliepen [Sun, 2 Jan 2011 15:55:42 +0000 (16:55 +0100)]
Replace bogus #else with #endif.
Found by cppcheck, which complained about lenin not being initialized, but the
real problem is that reading packets would fail when using code compiled with
--tunemu on a normal tun device.
Guus Sliepen [Sun, 2 Jan 2011 15:52:36 +0000 (16:52 +0100)]
Limit field width when scanning PID file.
Cppcheck warns that scanf() might otherwise crash when presented with a huge,
bogus PID file.
Guus Sliepen [Sun, 2 Jan 2011 15:50:24 +0000 (16:50 +0100)]
Close all filedescriptors in Solaris close_device().
Guus Sliepen [Sun, 2 Jan 2011 14:02:23 +0000 (15:02 +0100)]
Always send MTU probes at least once every PingInterval.
Before, if MTU probes failed, tinc would stop sending probes until the next
time keys were regenerated (by default, once every hour). Now it continues to
send them every PingInterval, so it recovers faster from temporary failures.
Guus Sliepen [Sat, 20 Nov 2010 14:31:11 +0000 (14:31 +0000)]
Use setpriority() instead of nice() on UNIX-like systems.
The return value of nice() can not reliably indicate errors. The return value
of the setpriority() call is well-defined.
Guus Sliepen [Tue, 16 Nov 2010 16:28:41 +0000 (17:28 +0100)]
Attribution for Brandon Black.
Guus Sliepen [Tue, 16 Nov 2010 15:45:36 +0000 (16:45 +0100)]
Fix variable length array declaration.
Guus Sliepen [Sat, 13 Nov 2010 20:36:51 +0000 (21:36 +0100)]
Free replay window when freeing a node_t.
Guus Sliepen [Sat, 13 Nov 2010 20:34:59 +0000 (21:34 +0100)]
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
Brandon L Black [Sat, 13 Nov 2010 18:05:51 +0000 (12:05 -0600)]
Improved handling of queue-jumping packets on receive
Brandon L Black [Sat, 13 Nov 2010 18:05:50 +0000 (12:05 -0600)]
Configurable ReplayWindow size, zero disables
Brandon L Black [Sat, 13 Nov 2010 18:05:49 +0000 (12:05 -0600)]
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
Brandon L Black [Sat, 13 Nov 2010 18:05:48 +0000 (12:05 -0600)]
Experimental IFF_ONE_QUEUE support for Linux
Guus Sliepen [Sat, 13 Nov 2010 14:55:38 +0000 (15:55 +0100)]
Use variable length arrays instead of alloca().
Guus Sliepen [Sat, 13 Nov 2010 14:50:39 +0000 (15:50 +0100)]
Provide usleep() for Windows.
Guus Sliepen [Fri, 12 Nov 2010 10:38:05 +0000 (11:38 +0100)]
Don't use strlen() on a NULL pointer.
A bug introduced in commit
667b1bac77b134cf32c98d5dc25619e8c3303f52 caused tinc
to crash on startup.
Guus Sliepen [Fri, 12 Nov 2010 10:33:01 +0000 (11:33 +0100)]
Add short options -R and -U to the tincd(8) manpage.
Guus Sliepen [Tue, 2 Nov 2010 13:23:43 +0000 (14:23 +0100)]
Read error counter must be static.
Guus Sliepen [Tue, 2 Nov 2010 13:18:35 +0000 (14:18 +0100)]
Quit when there are too many consecutive errors on the tun/tap device.
Although transient errors sometimes happen on the tun/tap device (for example,
if the kernel is temporarily out of buffer space), there are situations where
the tun/tap device becomes permanently broken. Instead of endlessly spamming
the syslog, we now sleep an increasing amount of time between consecutive read
errors, and if reads still fail after 10 attempts (approximately 3 seconds),
tinc will quit.
Michael Tokarev [Sun, 24 Oct 2010 11:23:10 +0000 (15:23 +0400)]
Treat netname="." in a special way.
Treat netname "." in a special way as if there was no netname
specified. Before, f.e. tincd -n. -k didn't work as it tried
to open /var/run/tinc-.pid. Now -n. works as if there was no
-n option is specified.
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
Guus Sliepen [Fri, 22 Oct 2010 20:46:44 +0000 (22:46 +0200)]
Remove unused variables.
These were caused by commit
667b1bac77b134cf32c98d5dc25619e8c3303f52.
Guus Sliepen [Fri, 22 Oct 2010 20:43:50 +0000 (22:43 +0200)]
Abort disabling old PEM keys on I/O errors.
Guus Sliepen [Fri, 22 Oct 2010 20:42:21 +0000 (22:42 +0200)]
Ensure there is a newline character before a PEM key is written.
Guus Sliepen [Fri, 22 Oct 2010 11:40:04 +0000 (13:40 +0200)]
Attribution for Timothy Redaelli.
Guus Sliepen [Fri, 22 Oct 2010 11:17:42 +0000 (13:17 +0200)]
Attribution for Julien Muchembled.
Guus Sliepen [Fri, 22 Oct 2010 11:06:06 +0000 (13:06 +0200)]
Remove duplicate command-line option parsing.
Also fix parsing of command-line host configuration options for the local node.
Guus Sliepen [Fri, 22 Oct 2010 10:47:12 +0000 (12:47 +0200)]
Merge local host configuration with server configuration.
With some exceptions, tinc only accepted host configuration options for the
local node from the corresponding host configuration file. Although this is
documented, many people expect that they can also put those options in
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
local host configuration file.
Julien Muchembled [Fri, 3 Sep 2010 11:34:22 +0000 (13:34 +0200)]
New '-o' option to configure server or hosts from command line
Options given on the command line have precedence over configuration from files.
This can be useful, for example, for a roaming node, for which 'ConnectTo' and
<host>.Address depends on its location.
Guus Sliepen [Fri, 4 Jun 2010 14:03:19 +0000 (16:03 +0200)]
Do not append an address to ANS_KEY messages if we don't know any address.
This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.
Guus Sliepen [Fri, 4 Jun 2010 13:04:08 +0000 (15:04 +0200)]
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
Guus Sliepen [Fri, 4 Jun 2010 12:53:52 +0000 (14:53 +0200)]
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
In this situation, the two nodes will start fighting over the edges they announced.
When we have to contradict both ADD_EDGE and DEL_EDGE messages, we log a warning,
and with 25% chance per PingTimeout we quit.
Guus Sliepen [Fri, 7 May 2010 10:24:49 +0000 (12:24 +0200)]
Use strrchr() insteaad of rindex().
The latter function is deprecated, some build environments do not support.
Timothy Redaelli [Tue, 4 May 2010 13:43:48 +0000 (15:43 +0200)]
Fix warnings under BSD
Timothy Redaelli [Mon, 3 May 2010 22:27:44 +0000 (00:27 +0200)]
Fix warnings showed using -D_FORTIFY_SOURCE=2
Guus Sliepen [Sat, 1 May 2010 13:39:59 +0000 (15:39 +0200)]
Fix all warnings when compiling with mingw64.
Guus Sliepen [Sat, 1 May 2010 13:39:03 +0000 (15:39 +0200)]
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
Guus Sliepen [Sat, 1 May 2010 13:38:04 +0000 (15:38 +0200)]
Use intptr_t instead of long to store a pointer.
Guus Sliepen [Sat, 1 May 2010 13:37:11 +0000 (15:37 +0200)]
Define WINVER before including any other header file on Windows.
Guus Sliepen [Sat, 17 Apr 2010 10:01:38 +0000 (12:01 +0200)]
Fix reading configuration files that do not end with a newline. Again.
Guus Sliepen [Sun, 11 Apr 2010 18:40:20 +0000 (20:40 +0200)]
Releasing 1.0.13.
Guus Sliepen [Sun, 11 Apr 2010 17:47:44 +0000 (19:47 +0200)]
Mark Forwarding and DirectOnly options as being experimental.
Guus Sliepen [Sun, 11 Apr 2010 17:39:31 +0000 (19:39 +0200)]
Don't redefine MAX if it already exists.
Guus Sliepen [Sun, 11 Apr 2010 17:20:02 +0000 (19:20 +0200)]
Fixes for definitions under Windows.
Guus Sliepen [Sun, 11 Apr 2010 16:34:50 +0000 (18:34 +0200)]
Ensure subnet-up/down scripts are called after HUP when necessary.
Guus Sliepen [Sun, 11 Apr 2010 02:35:16 +0000 (04:35 +0200)]
Fix reloading Subnets when StrictSubnets is set.
Guus Sliepen [Sat, 10 Apr 2010 22:50:42 +0000 (00:50 +0200)]
Reload Subnets when getting a HUP signal and StrictSubnets is used.
Guus Sliepen [Sat, 10 Apr 2010 21:55:15 +0000 (23:55 +0200)]
Ensure ICMP_NET_ANO is defined.
Guus Sliepen [Sat, 3 Apr 2010 08:46:45 +0000 (09:46 +0100)]
Convert Port to numeric form before sending it to other nodes.
If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes. However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.
Sven-Haegar Koch [Wed, 10 Mar 2010 01:50:51 +0000 (02:50 +0100)]
Never delete Subnets when StrictSubnets is set
If a node is unreachable, and not connected to an edge anymore, it gets
deleted. When this happens its subnets are also removed, which should
not happen with StrictSubnets=yes.
Solution:
- do not remove subnets in src/net.c::purge(), we know that all subnets
in the list came from our hosts files.
I think here you got the check wrong by looking at the tunnelserver
code below it - with strictsubnets we still inform others but do not
remove the subnet from our data.
- do not remove nodes in net.c::purge() that still have subnets
attached.
Guus Sliepen [Wed, 10 Mar 2010 15:07:01 +0000 (16:07 +0100)]
Fix typo.
Guus Sliepen [Mon, 8 Mar 2010 20:44:32 +0000 (21:44 +0100)]
Log unauthorized Subnets when StrictSubnets is set.
Guus Sliepen [Mon, 8 Mar 2010 16:54:57 +0000 (17:54 +0100)]
ConnectTo does not mean tinc does not listen for incoming connections anymore.
Guus Sliepen [Tue, 2 Mar 2010 22:27:50 +0000 (23:27 +0100)]
Fixes for the Forwarding option.
Guus Sliepen [Tue, 2 Mar 2010 21:55:24 +0000 (22:55 +0100)]
Add the DirectOnly option.
When this option is enabled, packets that cannot be sent directly to the destination node,
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
Guus Sliepen [Tue, 2 Mar 2010 21:34:26 +0000 (22:34 +0100)]
Add the Forwarding option.
This determines if and how incoming packets that are not meant for the local
node are forwarded. It can either be off, internal (tinc forwards them itself,
as in previous versions), or kernel (packets are always sent to the TUN/TAP
device, letting the kernel sort them out).
Guus Sliepen [Mon, 1 Mar 2010 23:18:44 +0000 (00:18 +0100)]
Add the StrictSubnets option.
When this option is enabled, tinc will not accept dynamic updates of Subnets
from other nodes, but will only use Subnets read from local host config files
to build its routing table.
Guus Sliepen [Mon, 1 Mar 2010 22:44:56 +0000 (23:44 +0100)]
Preload all Subnets in TunnelServer mode.
This simplifies the logic in protocol_subnet.c.
Guus Sliepen [Mon, 1 Mar 2010 22:44:46 +0000 (23:44 +0100)]
Check for dirent.h.
Guus Sliepen [Mon, 1 Mar 2010 22:35:02 +0000 (23:35 +0100)]
Simplify reading lines from configuration files.
Instead of allocating storage for each line read, we now read into fixed-size
buffers on the stack. This fixes a case where a malformed configuration file
could crash tinc.
Guus Sliepen [Sun, 28 Feb 2010 17:20:13 +0000 (18:20 +0100)]
Clamp MSS to miminum MTU in both directions.
Clamp MSS of both incoming and outgoing packets, and use the minimum of the
PMTU of both directions when clamping.
Timothy Redaelli [Wed, 10 Feb 2010 13:52:15 +0000 (14:52 +0100)]
Add --disable-zlib configure option
Timothy Redaelli [Wed, 10 Feb 2010 12:24:33 +0000 (13:24 +0100)]
Add --disable-lzo configure option
Guus Sliepen [Wed, 3 Feb 2010 21:49:48 +0000 (22:49 +0100)]
Releasing 1.0.12.
Guus Sliepen [Wed, 3 Feb 2010 10:18:46 +0000 (11:18 +0100)]
Ensure peers with a meta connection always have our key.
This keeps UDP probes going, which in turn keeps NAT mappings alive.
Guus Sliepen [Tue, 2 Feb 2010 21:49:21 +0000 (22:49 +0100)]
Update copyright notices.
Guus Sliepen [Tue, 2 Feb 2010 21:22:27 +0000 (22:22 +0100)]
Try to set DF bit on BSDs as well.
Every operating system seems to have its own, slightly different way to disable
packet fragmentation. Emit a compiler warning when no suitable way is found.
On OpenBSD, it seems impossible to do it for IPv4.
Guus Sliepen [Tue, 2 Feb 2010 00:02:40 +0000 (01:02 +0100)]
Immediately exchange keys when establishing a meta connection.
This in turn will trigger PMTU discovery, and ensures nodes know each others
reflexive UDP address and port.
Guus Sliepen [Mon, 1 Feb 2010 23:51:44 +0000 (00:51 +0100)]
Determine peer's reflexive address and port when exchanging keys.
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.
Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
Guus Sliepen [Sat, 23 Jan 2010 17:48:01 +0000 (18:48 +0100)]
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request. However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
Guus Sliepen [Fri, 22 Jan 2010 20:59:40 +0000 (21:59 +0100)]
Run subnet-up/down scripts for local MAC addresses as well.
Guus Sliepen [Fri, 22 Jan 2010 20:47:26 +0000 (21:47 +0100)]
Fix subnet-up/down scripts being called with an empty SUBNET.
Commit
052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
scripts to be called with an empty, or possibly corrupted SUBNET variable when
a Subnet is added or removed while the owner is still online. In router mode,
this normally does not happen, but in switch mode this is normal.
Guus Sliepen [Sat, 16 Jan 2010 19:16:33 +0000 (20:16 +0100)]
Make MSS clamping configurable, but enabled by default.
It can either be set globally in tinc.conf, or per-node in host config files.
Guus Sliepen [Sat, 16 Jan 2010 18:32:33 +0000 (19:32 +0100)]
Also clamp MSS of TCP over IPv6 packets.
Guus Sliepen [Fri, 15 Jan 2010 22:41:14 +0000 (23:41 +0100)]
Optimise handling of select() returning <= 0.
Before, we immediately retried select() if it returned -1 and errno is EAGAIN
or EINTR, and if it returned 0 it would check for network events even if we
know there are none. Now, if -1 or 0 is returned we skip checking network
events, but we do check for timer and signal events.
Guus Sliepen [Fri, 15 Jan 2010 22:19:08 +0000 (23:19 +0100)]
Ping nodes immediately when receiving SIGALRM.
One reason to send the ALRM signal is to let tinc immediately try to connect to
outgoing nodes, for example when PPP or DHCP configuration of the outgoing
interface finished. Conversely, when the outgoing interface goes down one can
now send this signal to let tinc quickly detect that links are down too.
Guus Sliepen [Fri, 15 Jan 2010 12:42:37 +0000 (13:42 +0100)]
Clamp MSS of IPv4 SYN packets.
Some ISPs block the ICMP Fragmentation Needed packets that tinc sends. We
clamp the MSS of IPv4 SYN packets to prevent hosts behind those ISPs from
sending too large packets.
Guus Sliepen [Thu, 24 Dec 2009 11:42:21 +0000 (12:42 +0100)]
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
Guus Sliepen [Wed, 23 Dec 2009 18:51:55 +0000 (19:51 +0100)]
Use xstrdup() instead of xasprintf() to copy static strings.
Guus Sliepen [Wed, 23 Dec 2009 18:49:38 +0000 (19:49 +0100)]
Allow port to be specified in Address statements.
This allows one to connect to use more than one port number to connect to
another node. The syntax is now:
Address = <hostname> [<port>]
Guus Sliepen [Wed, 23 Dec 2009 18:22:06 +0000 (19:22 +0100)]
Do not fragment packets smaller than RFC defined minimum MTUs.
For IPv6, the minimum MTU is 1280 (RFC 2460), for IPv4 the minimum is actually
68, but this is such a low limit that it will probably hurt performance, so we
do as if it is 576 (the minimum packet size hosts should be able to handle, RFC
791). If we detect a path MTU smaller than those minima, and we have to handle
a packet that is bigger than the PMTU but smaller than those minima, we forward
them via TCP instead of fragmenting or returning ICMP packets.
Guus Sliepen [Tue, 8 Dec 2009 22:18:37 +0000 (22:18 +0000)]
Forget addresses of unreachable nodes.
We clear the cached address used for UDP connections when a node becomes
unreachable. This also prevents host-up scripts from passing the old, cached
address from when the host becomes reachable again from a different address.
Guus Sliepen [Sat, 28 Nov 2009 11:56:13 +0000 (11:56 +0000)]
Remove unused variable in lookup_subnet_*() functions.
Guus Sliepen [Sat, 28 Nov 2009 11:52:23 +0000 (11:52 +0000)]
When learning MAC addresses, only check our own Subnets for previous entries.
Before it would check all addresses, and not learn an address if another node
already claimed that address. This caused fast roaming to fail, the code from
commit
6f6f426b353596edca77829c0477268fc2fc1925 was never triggered.
Guus Sliepen [Sun, 1 Nov 2009 15:24:39 +0000 (16:24 +0100)]
Releasing 1.0.11.
Guus Sliepen [Sun, 1 Nov 2009 14:57:28 +0000 (15:57 +0100)]
Start a tinc service if it already exists.
Guus Sliepen [Tue, 27 Oct 2009 22:53:49 +0000 (23:53 +0100)]
Fast handoff of roaming MAC addresses.
In switch mode, if a known MAC address is claimed by a second node before it
expired at the first node, it is likely that this is because a computer has
roamed from the LAN of the first node to that of the second node. To ensure
packets for that computer are routed to the second node, the first node should
delete its corresponding Subnet as soon as possible, without waiting for the
normal expiry timeout.
Guus Sliepen [Sat, 24 Oct 2009 23:40:07 +0000 (01:40 +0200)]
Move socket error interpretation to utils.h.
Guus Sliepen [Sat, 24 Oct 2009 22:50:09 +0000 (00:50 +0200)]
Use WSAGetLastError() to determine cause of network errors on Windows.
This reduces log spam and lets path MTU discovery work faster.
Michael Tokarev [Sun, 18 Oct 2009 17:27:24 +0000 (21:27 +0400)]
Remove localedir leftovers.
Guus Sliepen [Sat, 24 Oct 2009 20:32:35 +0000 (22:32 +0200)]
Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
This ensures the DF bit on outgoing UDP packets gets set on Windows when path
MTU discovery is enabled, reducing fragmentation.
Guus Sliepen [Sat, 24 Oct 2009 19:53:01 +0000 (21:53 +0200)]
Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
Guus Sliepen [Sat, 24 Oct 2009 19:35:40 +0000 (21:35 +0200)]
Make maxmtu equal to minmtu when fixing the path MTU to a node.
This ensures MTU probes used to ping nodes are not too large, and prevents
restarting MTU probing unnecessarily.
Guus Sliepen [Sat, 24 Oct 2009 19:32:06 +0000 (21:32 +0200)]
Always reply to MTU probes via UDP.
It could sometime happen that a node would return MTU probes via TCP, which
does not make a lot of sense.
Guus Sliepen [Sat, 24 Oct 2009 18:54:44 +0000 (20:54 +0200)]
Allow UDP packets with an address different from the corresponding TCP connection.