Guus Sliepen [Tue, 27 Jul 2021 12:52:27 +0000 (14:52 +0200)]
Avoid trying to send an ANS_KEY request to unreachable nodes.
We could have a REQ_KEY coming from a node that is not reachable; either
because DEL_EDGEs have overtaken the REQ_KEY, or perhaps if TunnelServer
is used and some nodes have a different view of reachability.
Guus Sliepen [Tue, 27 Jul 2021 12:46:17 +0000 (14:46 +0200)]
Use inet_pton() to parse Subnets.
Nowadays all operating systems tinc runs on should support IPv6, so we
can rely on inet_pton() and inet_ntop() to convert IPv4 and IPv6
addresses. Use this instead of our own parsing code.
Guus Sliepen [Mon, 26 Aug 2019 10:57:03 +0000 (12:57 +0200)]
Releasing 1.0.36.
Guus Sliepen [Mon, 26 Aug 2019 09:22:53 +0000 (11:22 +0200)]
Add a missing check for a pathname being too long.
Guus Sliepen [Mon, 26 Aug 2019 09:15:59 +0000 (11:15 +0200)]
Reformat all code using astyle.
Guus Sliepen [Mon, 26 Aug 2019 09:15:26 +0000 (11:15 +0200)]
Fix spelling errors found by codespell.
Guus Sliepen [Mon, 26 Aug 2019 08:56:47 +0000 (10:56 +0200)]
Update THANKS.
Guus Sliepen [Thu, 11 Apr 2019 19:01:36 +0000 (21:01 +0200)]
Backport tinc 1.1's str2net() function.
The old function could get confused by short-hand IPv6 notation (using ::)
and mistake them for MAC addresses. The new code is more strict; it will
correctly handle all short-hand addresses, and will return an error when
an address has trailing garbage instead of ignoring it.
Guus Sliepen [Sat, 30 Mar 2019 16:16:14 +0000 (17:16 +0100)]
Update THANKS.
Rosen Penev [Wed, 12 Dec 2018 21:45:59 +0000 (13:45 -0800)]
Fix compilation without deprecated OpenSSL APIs
This is an optional part of OpenWrt designed to save space.
Rosen Penev [Wed, 12 Dec 2018 21:40:37 +0000 (13:40 -0800)]
Fix compilation when OpenSSL has no ENGINE support
This will be the case in OpenWrt soon.
Quentin Rameau [Wed, 28 Nov 2018 23:17:12 +0000 (00:17 +0100)]
Double-quote nodes in graphviz network file
This is needed for all nodes with a name starting with a digit,
otherwise the ID would be interpreted as a numeral.
Werner Schreiber [Wed, 10 Oct 2018 17:16:59 +0000 (19:16 +0200)]
Fix segfault when dest->mtu is 0.
Guus Sliepen [Thu, 11 Oct 2018 17:47:15 +0000 (19:47 +0200)]
Remove the call to RAND_load_file().
It might have been necessary for some very old version of OpenSSL, but
the currently minimum required version for tinc will do a proper
initialization of its PRNG automatically. LibreSSL of course does the
right thing too, and its RAND_load_file() is just a dummy.
Guus Sliepen [Fri, 5 Oct 2018 12:26:44 +0000 (14:26 +0200)]
Releasing 1.0.35.
Rafael Sadowski [Mon, 1 Oct 2018 13:14:24 +0000 (15:14 +0200)]
OpenBSD has a proper tap device.
Guus Sliepen [Sun, 23 Sep 2018 15:37:15 +0000 (17:37 +0200)]
Update README and links to required libraries.
Guus Sliepen [Sun, 23 Sep 2018 15:35:37 +0000 (17:35 +0200)]
Fix spelling errors.
Found by codespell.
Guus Sliepen [Sun, 23 Sep 2018 15:34:29 +0000 (17:34 +0200)]
Fix checks for Cygwin-related macros.
The search-and-replace done in commit
0466160 broke compilation on Cygwin.
Closes #198 on GitHub.
Guus Sliepen [Sun, 23 Sep 2018 14:59:00 +0000 (16:59 +0200)]
Update THANKS.
Guus Sliepen [Sun, 23 Sep 2018 13:49:38 +0000 (15:49 +0200)]
Don't check for NULL-pointers before calling free().
Guus Sliepen [Sun, 23 Sep 2018 13:48:54 +0000 (15:48 +0200)]
Fix two small memory leaks.
Found by valgrind.
Guus Sliepen [Sun, 23 Sep 2018 13:33:23 +0000 (15:33 +0200)]
Fix all warnings when compiling with -Wall -W -pedantic.
Guus Sliepen [Sun, 23 Sep 2018 13:21:26 +0000 (15:21 +0200)]
Check the return values from BN_hex2bn() and RAND_load_file().
Closes #205 on GitHub.
Closes #206 on GitHub.
Guus Sliepen [Sun, 23 Sep 2018 13:20:44 +0000 (15:20 +0200)]
Check the return value from snprintf().
Guus Sliepen [Sun, 9 Sep 2018 14:44:43 +0000 (16:44 +0200)]
Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
If a man-in-the-middle has intercepted the TCP connection it might be
able to force plaintext UDP packets between two nodes for up to
a PingInterval period.
Guus Sliepen [Sat, 8 Sep 2018 18:48:14 +0000 (20:48 +0200)]
Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)
The authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:
- Connections are no longer closed immediately on error, but put in
a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
initiator of a connection before sending a CHAL_REPLY of its own.
- Only a limited amount of connections per second are accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
rejected.
AMRI Amine [Sat, 1 Sep 2018 08:07:23 +0000 (09:07 +0100)]
Fixing typo
Guus Sliepen [Tue, 12 Jun 2018 14:27:45 +0000 (16:27 +0200)]
Releasing 1.0.34.
wangliushuai [Thu, 10 May 2018 10:34:26 +0000 (18:34 +0800)]
Remove redundant 'break'.
I'm henry wong, from Qihoo360 CodeSafe Team. We found a issue about dead
code.
Guus Sliepen [Fri, 30 Mar 2018 09:42:43 +0000 (11:42 +0200)]
Properly implement tinc.texi's dependency on tincinclude.texi.
With this, make distcheck succeeds even without the info-in-builddir
option to AM_INIT_AUTOMAKE.
Maximilian Stein [Mon, 15 Jan 2018 23:45:38 +0000 (00:45 +0100)]
Fix SEGFAULT when trying to connect to IPv6 peer in non-IPv6 environment
Using my tinc setup I observe spurious SEGFAULTs in the daemon process.
My configuration comprises a proxy (type exec) and the peer's address is
given by its domain name. The domain resolves to both IPv4 and IPv6.
As IPv6 is not working in my environment, all connection attempts to the
resolved IPv6 addresses fail. Sometimes, after such a failure, the
segfault occurs.
Apparently, the issue is caused by a use after free due to failing to
reset a pointer.
Guus Sliepen [Sat, 6 Jan 2018 19:42:45 +0000 (20:42 +0100)]
Fix all spelling errors found by codespell.
Guus Sliepen [Sat, 6 Jan 2018 19:34:37 +0000 (20:34 +0100)]
Document how to enable tinc at boot time using systemd.
Guus Sliepen [Sat, 6 Jan 2018 16:03:05 +0000 (17:03 +0100)]
Rename distro/ to systemd/.
Systemd service files are not supposed to be distribution-specific.
Guus Sliepen [Sat, 6 Jan 2018 15:58:54 +0000 (16:58 +0100)]
Make systemd service file handling identical to tinc 1.1.
This removes hardcoded paths from systemd unit files, and sets the default
systemd unit path to ${libdir}/systemd/system. The configure option is now
renamed to --with-systemd[=PATH]. These changes now also ensure that
make distcheck runs without any errors.
Closes #160 on GitHub.
Guus Sliepen [Sat, 16 Dec 2017 21:44:57 +0000 (22:44 +0100)]
Don't use SOL_IP and SOL_IPV6.
These macros do not exist on all platforms, instead one should use
IPPROTO_IP and IPPROTO_IPV6. This fixes a bug on macOS where the
IPV6_V6ONLY flag would not be applied and could result in IPv4 sockets
not working.
Guus Sliepen [Mon, 6 Nov 2017 07:13:03 +0000 (08:13 +0100)]
Fix #ifdefs that were broken due to commit
d178b58.
Guus Sliepen [Sat, 4 Nov 2017 18:52:08 +0000 (19:52 +0100)]
Fix building documentation when using OpenBSD's make.
Guus Sliepen [Sat, 4 Nov 2017 18:42:10 +0000 (19:42 +0100)]
Add missing thanks to the NEWS message.
Guus Sliepen [Sat, 4 Nov 2017 14:44:04 +0000 (15:44 +0100)]
Releasing 1.0.33.
Guus Sliepen [Sat, 4 Nov 2017 14:43:39 +0000 (15:43 +0100)]
Update THANKS.
Guus Sliepen [Sat, 4 Nov 2017 13:42:28 +0000 (14:42 +0100)]
Fix compilation errors when --enable-uml is used.
Guus Sliepen [Sat, 4 Nov 2017 13:28:21 +0000 (14:28 +0100)]
Const correctness.
Guus Sliepen [Sat, 4 Nov 2017 13:17:27 +0000 (14:17 +0100)]
Support autoconf's --runstatedir option.
Put the PID file in @runstatedir@ instead of @localstatedir@/run. This
requires autoconf 2.70, which is not released yet, so add a fallback to
use @localstatedir@/run if @runstatedir@ is not set.
Guus Sliepen [Sat, 4 Nov 2017 11:21:18 +0000 (12:21 +0100)]
Ensure all parameters have names in header files.
Guus Sliepen [Sat, 4 Nov 2017 11:20:50 +0000 (12:20 +0100)]
Remove unused functions.
Guus Sliepen [Fri, 3 Nov 2017 23:27:51 +0000 (00:27 +0100)]
Realign comments.
Guus Sliepen [Fri, 3 Nov 2017 23:20:32 +0000 (00:20 +0100)]
Fix all -Wall -W compiler warnings.
Guus Sliepen [Mon, 23 Oct 2017 19:10:20 +0000 (21:10 +0200)]
Disable PMTU discovery when TCPOnly is used.
Guus Sliepen [Wed, 11 Oct 2017 18:02:22 +0000 (20:02 +0200)]
Handle tun/tap device returning EPERM or EBUSY.
Often when tun/tap is used any errors during setup will be confuse tinc
and it will then assume it is an Ethertap device. Try to avoid this by
checking errno after a failed TUNSETIFF; if it's EPERM or EBUSY then
we can be sure it was not an Ethertap device, and we should report an
error instead.
Closes #157 on GitHub.
Guus Sliepen [Wed, 11 Oct 2017 17:30:17 +0000 (19:30 +0200)]
Add some information about the requirements of a chroot environment.
Guus Sliepen [Sun, 8 Oct 2017 19:37:19 +0000 (21:37 +0200)]
Fix some "make distcheck" errors.
The only issue left is the installation of systemd service files, which
is done to a custom data directory. Make distcheck calls install without
DESTDIR it seems, but running "make install" manually works fine.
Guus Sliepen [Sun, 8 Oct 2017 15:12:51 +0000 (17:12 +0200)]
Remove obsolete m4/README.
Guus Sliepen [Sat, 7 Oct 2017 21:30:04 +0000 (23:30 +0200)]
Remove more obsolete autoconf checks.
Guus Sliepen [Sat, 7 Oct 2017 21:20:36 +0000 (23:20 +0200)]
Unconditionally include stdbool.h and inttypes.h.
Guus Sliepen [Sat, 7 Oct 2017 21:14:58 +0000 (23:14 +0200)]
Don't call ERR_remove_state().
It's impossible to write portable code that properly cleans up after
OpenSSL without resulting in compile time warnings, so don't try.
Guus Sliepen [Sat, 7 Oct 2017 15:49:45 +0000 (17:49 +0200)]
Reformat all code using astyle.
Guus Sliepen [Sat, 7 Oct 2017 15:46:52 +0000 (17:46 +0200)]
Convert sizeof foo to sizeof(foo).
While technically sizeof is an operator and doesn't need the parentheses
around expressions it operates on, except if they are type names, code
formatters don't seem to handle this very well.
Guus Sliepen [Sat, 7 Oct 2017 15:17:21 +0000 (17:17 +0200)]
Update all header guards.
Don't start with underscores, as those are reserved for system
libraries. Make sure all start with TINC_, and that they appear at
the top of the file.
Guus Sliepen [Sat, 7 Oct 2017 14:59:30 +0000 (16:59 +0200)]
Remove xmalloc.c, backport xalloc.h from tinc 1.1.
We are requiring a C99-compliant compiler, so we don't need to work
around buggy malloc() implementations.
Guus Sliepen [Sat, 7 Oct 2017 14:54:52 +0000 (16:54 +0200)]
Use getcwd() instead of get_current_dir_name().
Guus Sliepen [Sat, 7 Oct 2017 14:51:13 +0000 (16:51 +0200)]
Remove unused/obsolete checks from configure.ac.
Guus Sliepen [Fri, 6 Oct 2017 19:40:03 +0000 (21:40 +0200)]
Fix a few minor memory leaks.
Guus Sliepen [Fri, 6 Oct 2017 19:39:24 +0000 (21:39 +0200)]
Use stack-allocated strings for temporary filenames.
Guus Sliepen [Fri, 6 Oct 2017 19:25:59 +0000 (21:25 +0200)]
Never remove items from cmdline_conf.
We should treat cmdline_conf as const, so we can call read_config_options()
more than once with prefix = NULL.
Closes #155 on GitHub.
Guus Sliepen [Tue, 3 Oct 2017 19:22:39 +0000 (21:22 +0200)]
Prepare for automatic code formatting using Artistic Style.
Guus Sliepen [Tue, 3 Oct 2017 19:07:09 +0000 (21:07 +0200)]
Give absolute path for #include to AC_CHECK_HEADERS().
Taken from Etienne Dechamp's patch to support VPATH builds for tinc 1.1.
Guus Sliepen [Tue, 3 Oct 2017 18:59:00 +0000 (20:59 +0200)]
Use AC_CONFIG_MACRO_DIR().
nemunaire [Wed, 27 Sep 2017 16:47:13 +0000 (18:47 +0200)]
Allow compilation from a build directory
Rafael Sadowski [Tue, 3 Oct 2017 08:23:37 +0000 (10:23 +0200)]
fix tinc.conf for OpenBSD
Guus Sliepen [Mon, 2 Oct 2017 18:54:57 +0000 (20:54 +0200)]
Fix a potential memory leak.
Found by the Clang static analyzer.
Guus Sliepen [Sun, 1 Oct 2017 20:04:35 +0000 (22:04 +0200)]
Udpate THANKS.
Guus Sliepen [Sat, 2 Sep 2017 14:31:04 +0000 (16:31 +0200)]
Releasing 1.0.32.
Guus Sliepen [Sun, 30 Jul 2017 14:14:14 +0000 (16:14 +0200)]
Don't try to bind Proxy = exec sockets to an address.
Guus Sliepen [Sun, 30 Jul 2017 14:11:56 +0000 (16:11 +0200)]
Set status.proxy_passed early for Proxy = exec.
Guus Sliepen [Sun, 30 Jul 2017 14:04:49 +0000 (16:04 +0200)]
Fix Proxy = exec.
Guus Sliepen [Tue, 27 Jun 2017 21:36:52 +0000 (23:36 +0200)]
Don't forget about outgoing connections on host file read errors.
If the host config file for an outgoing connection cannot be read, or if
it doesn't contain any Address, don't forget about the ConnectTo, but go
straight to MaxTimeout seconds for retries.
Guus Sliepen [Sun, 28 May 2017 10:42:25 +0000 (12:42 +0200)]
Set KillMode=mixed in the systemd service file.
This ensures only the main process is sent the SIGTERM, and not anything
else that might have started in the same control group, including the
tinc-down script.
Closes #145 on GitHub.
Guus Sliepen [Sun, 28 May 2017 10:25:53 +0000 (12:25 +0200)]
Move logging of "would block" messages to debug level 4.
Guus Sliepen [Thu, 27 Apr 2017 18:58:10 +0000 (20:58 +0200)]
Bind outgoing TCP sockets.
This is important for multi-homed users that want to ensure the source
address of outgoing TCP connections is the same as the address that tinc
is listening on.
Binding is done automatically if there is exactly one listening address
for a given address family.
Guus Sliepen [Wed, 19 Apr 2017 08:26:18 +0000 (10:26 +0200)]
Fix Solaris DeviceType = tap in router Mode.
Guus Sliepen [Sat, 8 Apr 2017 11:06:48 +0000 (13:06 +0200)]
Use getmsg()/putmsg() instead of read()/write() on Solaris.
This fixes a problem where read() returns packets from the IP layer before
fragmentation is done.
Guus Sliepen [Sat, 8 Apr 2017 11:05:11 +0000 (13:05 +0200)]
Use /dev/udp instead of /dev/ip on Solaris.
Guus Sliepen [Tue, 21 Mar 2017 20:48:08 +0000 (21:48 +0100)]
Merge remote-tracking branch 'VittGam/master'
Guus Sliepen [Mon, 20 Mar 2017 18:19:01 +0000 (19:19 +0100)]
Don't dereference myself->incipher if it's NULL.
This fixes #142 on GitHub.
Guus Sliepen [Sun, 15 Jan 2017 14:50:49 +0000 (15:50 +0100)]
Releasing 1.0.31.
Élie Bouttier [Mon, 31 Oct 2016 20:06:32 +0000 (21:06 +0100)]
Remove ExecStop in tinc@.service
This avoid tinc to receive SIGTERM twice (through ExecStop and through systemd
directly) which prevented tinc-down script to be executed.
Guus Sliepen [Sun, 30 Oct 2016 13:18:39 +0000 (14:18 +0100)]
Releasing 1.0.30.
Guus Sliepen [Sun, 30 Oct 2016 12:11:24 +0000 (13:11 +0100)]
Use CFB mode for meta-connections to improve security.
Guus Sliepen [Sat, 29 Oct 2016 20:14:45 +0000 (22:14 +0200)]
Use AES in CTR mode instead of OFB mode for meta-connections.
This gives a very nice speedup while preserving the stream characteristics.
Guus Sliepen [Sat, 29 Oct 2016 20:10:32 +0000 (22:10 +0200)]
Really fix byte budget calculation.
We want to use the underlying cipher's block length, but if it's a stream
mode this will be 1. In that case, use the IV length. Ensure we never get
a budget that cannot be stored in a 64 bits integer.
Thanks to Wessel Dankers for helping getting this right.
Guus Sliepen [Sat, 29 Oct 2016 18:56:43 +0000 (20:56 +0200)]
Fix bit shifting arithmetic so the code actually does what the last commit message says.
Guus Sliepen [Sat, 29 Oct 2016 17:51:35 +0000 (19:51 +0200)]
Enforce maximum amount of bytes sent/received on meta-connections.
This is sqrt(2^{block_length_in_bits}).
Guus Sliepen [Sat, 29 Oct 2016 13:24:34 +0000 (15:24 +0200)]
Use AES256 and SHA256 by default, also for the meta-connections.
At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.
The meta-protocol now always uses AES in OFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.
Guus Sliepen [Fri, 14 Oct 2016 12:44:06 +0000 (14:44 +0200)]
Delay sending the real ID request until after a proxy request is granted.
Guus Sliepen [Fri, 14 Oct 2016 12:27:49 +0000 (14:27 +0200)]
Log only the first line of a proxy request rejection message.
Guus Sliepen [Fri, 14 Oct 2016 12:27:19 +0000 (14:27 +0200)]
Fix proxy reply parsing broken by the previous commit.
Guus Sliepen [Thu, 13 Oct 2016 14:45:37 +0000 (16:45 +0200)]
Allow non-empty lines after status code from a HTTP proxy.
Vittorio Gambaletta (VittGam) [Wed, 12 Oct 2016 12:09:34 +0000 (14:09 +0200)]
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>