tinc_READLINE
tinc_ZLIB
tinc_LZO
+tinc_LZ4
AS_IF([test "x$enable_legacy_protocol" != "xno"],
[AS_IF([test -n "$with_libgcrypt"],
.Pp
The effect of this option is that the daemon will set its configuration root to
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / ,
-where
+where
.Ar NETNAME
is your argument to the
.Fl n
.Nm tinc
now looks for files in
.Pa @sysconfdir@/tinc/ ,
-instead of
+instead of
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / ;
the configuration file should be
.Pa @sysconfdir@/tinc/tinc.conf ,
.Pp
The variable names are case insensitive, and any spaces, tabs,
newlines and carriage returns are ignored.
-Note: it is not required that you put in the
+Note: it is not required that you put in the
.Li =
sign, but doing so improves readability.
If you leave it out, remember to replace it with at least one space character.
however the address given with the
.Va BindToAddress
option will also be used for outgoing connections. This is useful if your
-computer has more than one IPv4 or IPv6 address, and you want
+computer has more than one IPv4 or IPv6 address, and you want
.Nm tinc
to only use a specific one for outgoing packets.
.It Va BindToInterface Li = Ar interface Bq experimental
Packets are read from and written to this multicast socket.
This can be used to connect to UML, QEMU or KVM instances listening on the same multicast address.
Do NOT connect multiple
-.Nm tinc
+.Nm tinc
daemons to the same multicast address, this will very likely cause routing loops.
Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured.
.It fd
It must be unique for the virtual private network this daemon will connect to.
.Va Name
may only consist of alphanumeric and underscore characters (a-z, A-Z, 0-9 and _), and is case sensitive.
-If
+If
.Va Name
starts with a
.Li $ ,
.It Va PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv Pc
The file in which the private RSA key of this tinc daemon resides.
.It Va ProcessPriority Li = low | normal | high
-When this option is used the priority of the
+When this option is used the priority of the
.Nm tincd
process will be adjusted.
Increasing the priority may help to reduce latency and packet loss on the VPN.
.It Va Compression Li = Ar level Pq 0
This option sets the level of compression used for UDP packets.
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
-10 (fast lzo) and 11 (best lzo).
+10 (fast lzo), 11 (best lzo), and 12 (lz4).
.It Va Digest Li = Ar digest Pq sha1
The digest algorithm used to authenticate UDP packets.
Any digest supported by LibreSSL or OpenSSL is recognised.
.Pp
The scripts are started without command line arguments, but can make use of certain environment variables.
Under UNIX like operating systems the names of environment variables must be preceded by a
-.Li $
+.Li $
in scripts.
Under Windows, in
.Pa .bat
* LibreSSL/OpenSSL::
* zlib::
* LZO::
+* LZ4::
* libcurses::
* libreadline::
@end menu
default).
+@c ==================================================================
+@node LZ4
+@subsection LZ4
+
+@cindex LZ4
+Another form of compression is offered using the LZ4 library.
+
+The LZ4 codec is bundled with Tinc and built-in by default as
+compression level 12. Tinc can be linked to an external liblz4
+library by using the "--disable-lz4-builtin" configure switch.
+
+If LZ4 support is entirely disabled by passing "--disable-lz4" to the
+configure script, then the resulting binary will not work correctly
+on VPNs where LZ4 compression is used.
+
+
@c ==================================================================
@node libcurses
@subsection libcurses
@item Compression = <@var{level}> (0)
This option sets the level of compression used for UDP packets.
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
-10 (fast LZO) and 11 (best LZO).
+10 (fast LZO), 11 (best LZO), and 12 (LZ4).
@cindex Digest
@item Digest = <@var{digest}> (sha1)
--- /dev/null
+dnl lz4.m4: Tinc autoconf integration for the LZ4 codec.
+dnl Copyright 2015 Darik Horn <dajhorn@vanadac.com>.
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+dnl GNU General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License along
+dnl with this program; if not, write to the Free Software Foundation, Inc.,
+dnl 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+AC_DEFUN([tinc_LZ4], [
+
+ AC_ARG_ENABLE([lz4],
+ AS_HELP_STRING([--disable-lz4], [disable all lz4 compression support])
+ )
+
+ AC_ARG_ENABLE([lz4-builtin],
+ AS_HELP_STRING([--disable-lz4-builtin], [required to link an lz4 library])
+ )
+
+ AC_ARG_WITH(lz4,
+ AS_HELP_STRING([--with-lz4=DIR], [lz4 shared library prefix (eg: /usr/local)]),
+ [lz4="$withval" CPPFLAGS="$CPPFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib"]
+ )
+
+ AC_ARG_WITH(lz4-include,
+ AS_HELP_STRING([--with-lz4-include=DIR], [lz4 shared header directory]),
+ [lz4_include="$withval" CPPFLAGS="$CPPFLAGS -I$withval"]
+ )
+
+ AC_ARG_WITH(lz4-lib,
+ AS_HELP_STRING([--with-lz4-lib=DIR], [lz4 shared object directory]),
+ [lz4_lib="$withval" LDFLAGS="$LDFLAGS -L$withval"]
+ )
+
+ dnl Calling this early prevents autoconf lint.
+ AM_CONDITIONAL([CONFIGURE_LZ4_BUILTIN], [test "$enable_lz4_builtin" != 'no'])
+
+ AS_IF([test "$enable_lz4" != 'no' -a "$enable_lz4_builtin" != 'no' ], [
+ AC_DEFINE(HAVE_LZ4, 1, [Enable lz4 support.])
+ AC_DEFINE(HAVE_LZ4_BUILTIN, 1, [Enable lz4 builtin.])
+ AC_DEFINE(HAVE_LZ4_STATE, 1, [Enable lz4 external state features.])
+ AC_DEFINE(
+ [LZ4_compress_shim(a, b, c, d)],
+ [LZ4_compress_fast_extState(lz4_wrkmem, a, b, c, d, 0)],
+ [This is the best interface for the lz4 builtin.]
+ )
+ ],[
+ AS_IF([test "$enable_lz4" != 'no'], [
+ AC_CHECK_HEADERS(lz4.h, [
+ AC_DEFINE(LZ4_H, [<lz4.h>], [Location of lz4.h])
+
+ AC_CHECK_LIB(lz4, LZ4_compress_fast_extState, [
+ LIBS="$LIBS -llz4"
+ AC_DEFINE(HAVE_LZ4, 1, [Enable lz4 compression support.])
+ AC_DEFINE(HAVE_LZ4_STATE, 1, [Enable lz4 external state features.])
+ AC_DEFINE(
+ [LZ4_compress_shim(a, b, c, d)],
+ [LZ4_compress_fast_extState(lz4_wrkmem, a, b, c, d, 0)],
+ [The lz4-r129 library interface.]
+ )
+ break
+ ])
+
+ AC_CHECK_LIB(lz4, LZ4_compress_default, [
+ LIBS="$LIBS -llz4"
+ AC_DEFINE(HAVE_LZ4, 1, [Enable lz4 compression support.])
+ AC_DEFINE(
+ [LZ4_compress_shim(a, b, c, d)],
+ [LZ4_compress_default(a, b, c, d)],
+ [The lz4-r128 library interface.]
+ )
+ break
+ ])
+
+ AC_CHECK_LIB(lz4, LZ4_compress_limitedOutput, [
+ LIBS="$LIBS -llz4"
+ AC_DEFINE(HAVE_LZ4, 1, [Enable lz4 compression support.])
+ AC_DEFINE(
+ [LZ4_compress_shim(a, b, c, d)],
+ [LZ4_compress_limitedOutput(a, b, c, d)],
+ [The lz4-r59 library interface.]
+ )
+ AC_MSG_WARN("Using deprecated lz4-r59 interface.")
+ break
+ ])
+
+ ],[
+ AC_MSG_ERROR("lz4.h header file not found.")
+ break
+ ])
+
+ ])
+
+ ])
+
+])
chacha-poly1305/chacha-poly1305.c chacha-poly1305/chacha-poly1305.h \
chacha-poly1305/poly1305.c chacha-poly1305/poly1305.h
+if CONFIGURE_LZ4_BUILTIN
+lz4_SOURCES = lib/lz4/lz4.c lib/lz4/lz4.h
+else
+lz4_SOURCES =
+endif
+
tincd_SOURCES = \
address_cache.c address_cache.h \
autoconnect.c autoconnect.h \
ed25519/ecdh.c \
ed25519/ecdsa.c \
$(ed25519_SOURCES) \
- $(chacha_poly1305_SOURCES)
+ $(chacha_poly1305_SOURCES) \
+ $(lz4_SOURCES)
tinc_SOURCES = \
dropin.c dropin.h \
#include LZO1X_H
#endif
+#ifdef LZ4_H
+#include LZ4_H
+#endif
+
+#ifdef HAVE_LZ4_BUILTIN
+#include "lib/lz4/lz4.h"
+#endif
+
#include "address_cache.h"
#include "cipher.h"
#include "conf.h"
static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
#endif
+#ifdef HAVE_LZ4_BUILTIN
+static LZ4_stream_t lz4_stream;
+#else
+#ifdef HAVE_LZ4_STATE
+static void *lz4_state = NULL;
+#endif /* HAVE_LZ4_STATE */
+#endif /* HAVE_LZ4_BUILTIN */
+
static void send_udppacket(node_t *, vpn_packet_t *);
unsigned replaywin = 32;
}
static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
- if(level == 0) {
- memcpy(dest, source, len);
- return len;
- } else if(level == 10) {
-#ifdef HAVE_LZO
- lzo_uint lzolen = MAXSIZE;
- lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
- return lzolen;
+ switch(level) {
+#ifdef HAVE_LZ4
+
+ case 12:
+#ifdef HAVE_LZ4_BUILTIN
+ return LZ4_compress_fast_extState(&lz4_stream, (char *)source, (char *) dest, len, MAXSIZE, 0);
+
#else
- return 0;
-#endif
- } else if(level < 10) {
-#ifdef HAVE_ZLIB
- unsigned long destlen = MAXSIZE;
+#ifdef HAVE_LZ4_STATE
- if(compress2(dest, &destlen, source, len, level) == Z_OK) {
- return destlen;
- } else
-#endif
+ /* @FIXME: Put this in a better place, and free() it too. */
+ if(lz4_state == NULL) {
+ lz4_state = malloc(LZ4_sizeofState());
+ }
+
+ if(lz4_state == NULL) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Failed to allocate lz4_state, error: %i", errno);
return 0;
- } else {
+ }
+
+ return LZ4_compress_fast_extState(lz4_state, source, dest, len, MAXSIZE, 0);
+
+#else
+ return LZ4_compress_shim(source, dest, len, MAXSIZE);
+
+#endif /* HAVE_LZ4_STATE */
+#endif /* HAVE_LZ4_BUILTIN */
+#endif /* HAVE_LZ4 */
#ifdef HAVE_LZO
+
+ case 11: {
lzo_uint lzolen = MAXSIZE;
- lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
- return lzolen;
-#else
- return 0;
+
+ if(lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem) == LZO_E_OK) {
+ return lzolen;
+ } else {
+ return 0;
+ }
+ }
+
+ case 10: {
+ lzo_uint lzolen = MAXSIZE;
+
+ if(lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem) == LZO_E_OK) {
+ return lzolen;
+ } else {
+ return 0;
+ }
+ }
+
#endif
+#ifdef HAVE_ZLIB
+
+ case 9:
+ case 8:
+ case 7:
+ case 6:
+ case 5:
+ case 4:
+ case 3:
+ case 2:
+ case 1: {
+ unsigned long dest_len = MAXSIZE;
+
+ if(compress2(dest, (unsigned long *) &dest_len, source, len, level) == Z_OK) {
+ return dest_len;
+ } else {
+ return 0;
+ }
}
- return 0;
-}
+#endif
-static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
- if(level == 0) {
+ case 0:
memcpy(dest, source, len);
return len;
- } else if(level > 9) {
-#ifdef HAVE_LZO
- lzo_uint lzolen = MAXSIZE;
- if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) {
- return lzolen;
- } else
+ default:
+ return 0;
+ }
+}
+
+static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) {
+ switch(level) {
+#ifdef HAVE_LZ4
+
+ case 12:
+ return LZ4_decompress_safe((char *)source, (char *) dest, len, MAXSIZE);
+
#endif
+#ifdef HAVE_LZO
+
+ case 11:
+ case 10: {
+ lzo_uint dst_len = MAXSIZE;
+
+ if(lzo1x_decompress_safe(source, len, dest, (lzo_uint *) &dst_len, NULL) == LZO_E_OK) {
+ return dst_len;
+ } else {
return 0;
+ }
}
+#endif
#ifdef HAVE_ZLIB
- else {
+
+ case 9:
+ case 8:
+ case 7:
+ case 6:
+ case 5:
+ case 4:
+ case 3:
+ case 2:
+ case 1: {
unsigned long destlen = MAXSIZE;
static z_stream stream;
#endif
- return 0;
+ case 0:
+ memcpy(dest, source, len);
+ return len;
+
+ default:
+ return 0;
+ }
}
/* VPN packet I/O */
/* Compression */
if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
- if(myself->incompression < 0 || myself->incompression > 11) {
+ switch(myself->incompression) {
+ case 12:
+#ifdef HAVE_LZ4
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "LZ4 compression is unavailable on this node.");
+ return false;
+#endif
+
+ case 11:
+ case 10:
+#ifdef HAVE_LZO
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "LZO compression is unavailable on this node.");
+ return false;
+#endif
+
+ case 9:
+ case 8:
+ case 7:
+ case 6:
+ case 5:
+ case 4:
+ case 3:
+ case 2:
+ case 1:
+#ifdef HAVE_ZLIB
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "ZLIB compression is unavailable on this node.");
+ return false;
+#endif
+
+ case 0:
+ break;
+
+ default:
logger(DEBUG_ALWAYS, LOG_ERR, "Bogus compression level!");
+ logger(DEBUG_ALWAYS, LOG_ERR, "Compression level %i is unrecognized by this node.", myself->incompression);
return false;
}
} else {
from->status.validkey = false;
}
- if(compression < 0 || compression > 11) {
+ switch(compression) {
+ case 12:
+#ifdef HAVE_LZ4
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
+ logger(DEBUG_ALWAYS, LOG_ERR, "LZ4 compression is unavailable on this node.");
+ return true;
+#endif
+
+ case 11:
+ case 10:
+#ifdef HAVE_LZO
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
+ logger(DEBUG_ALWAYS, LOG_ERR, "LZO compression is unavailable on this node.");
+ return true;
+#endif
+
+ case 9:
+ case 8:
+ case 7:
+ case 6:
+ case 5:
+ case 4:
+ case 3:
+ case 2:
+ case 1:
+#ifdef HAVE_ZLIB
+ break;
+#else
+ logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
+ logger(DEBUG_ALWAYS, LOG_ERR, "ZLIB compression is unavailable on this node.");
+ return true;
+#endif
+
+ case 0:
+ break;
+
+ default:
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
+ logger(DEBUG_ALWAYS, LOG_ERR, "Compression level %i is unrecognized by this node.", compression);
return true;
}
#include LZO1X_H
#endif
+#ifdef LZ4_H
+#include LZ4_H
+#endif
+
#ifndef HAVE_MINGW
#include <pwd.h>
#include <grp.h>
projects / tinc / commitdiff