Fix all warnings when compiling with -Wall -W -pedantic.
Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738) The authentication protocol allows an oracle attack that could potentially be exploited. This commit contains several mitigations: - Connections are no longer closed immediately on error, but put in a "tarpit". - The authentication protocol now requires a valid CHAL_REPLY from the initiator of a connection before sending a CHAL_REPLY of its own. - Only a limited amount of connections per second are accepted. - Null ciphers or digests are no longer allowed in METAKEYs. - Connections that claim to have the same name as the local node are rejected.
Fix SEGFAULT when trying to connect to IPv6 peer in non-IPv6 environment Using my tinc setup I observe spurious SEGFAULTs in the daemon process. My configuration comprises a proxy (type exec) and the peer's address is given by its domain name. The domain resolves to both IPv4 and IPv6. As IPv6 is not working in my environment, all connection attempts to the resolved IPv6 addresses fail. Sometimes, after such a failure, the segfault occurs. Apparently, the issue is caused by a use after free due to failing to reset a pointer.
Reformat all code using astyle.
Convert sizeof foo to sizeof(foo). While technically sizeof is an operator and doesn't need the parentheses around expressions it operates on, except if they are type names, code formatters don't seem to handle this very well.
Fix compiler warnings about format string errors on BSD.
Update copyright notices.
Always call res_init() before getaddrinfo(). Unfortunately, glibc assumes that /etc/resolv.conf is a static file that never changes. Even on servers, /etc/resolv.conf might be a dynamically generated file, and we never know when it changes. So just call res_init() every time, so glibc uses up-to-date nameserver information.
FIx the autoconf checks for res_init().
Fix issues found by Coverity. Most of the problems found were resource leaks in error paths, some NULL pointer dereferences that do not happen in practice, and a few other issues. They have all been fixed now anyway.
Add an autoconf check for res_init().
reload /etc/resolv.conf in SIGALRM handler
Clean up child processes from proxy type exec.
Don't send PING requests on connections which are not active yet. This happened when sending an ALRM signal to a running tincd, which caused it to send PING requests on any connection, regardless of its status.
Check for writability when waiting for a socket to finish connecting. This causes daemons that make an outgoing connection to immediately send the ID message (or proxy handshake), as intended.
Fix some more compiler warnings.
Add support for multicast communication with UML/QEMU/KVM. DeviceType = multicast allows one to specify a multicast address and port with a Device statement. Tinc will then read/send packets to that multicast group instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM instances that are listening on the same group.
Always try next Address when an outgoing connection fails to authenticate. When making outgoing connections, tinc goes through the list of Addresses and tries all of them until one succeeds. However, before it would consider establishing a TCP connection a success, even when the authentication failed. This would be a problem if the first Address would point to a hostname and port combination that belongs to the wrong tinc node, or perhaps even to a non-tinc service, causing tinc to endlessly try this Address instead of moving to the next one. Problem found by Delf Eldkraft.
Update copyright notices.
Pass index into listen_socket[] to handle_incoming_vpn_data().