3 years agoReleasing 1.1pre15. release-1.1pre15
Guus Sliepen [Sat, 2 Sep 2017 19:56:17 +0000 (21:56 +0200)]
Releasing 1.1pre15.

3 years agoDrop h and hh length modifiers from printf format strings.
Guus Sliepen [Sat, 2 Sep 2017 19:55:47 +0000 (21:55 +0200)]
Drop h and hh length modifiers from printf format strings.

3 years agoEnsure packet priority is cleared when sending PMTU probe replies.
Guus Sliepen [Sat, 2 Sep 2017 19:54:34 +0000 (21:54 +0200)]
Ensure packet priority is cleared when sending PMTU probe replies.

Found by the Clang static analyzer.

3 years agoFix a file descriptor leak when using an invitation.
Guus Sliepen [Sat, 2 Sep 2017 19:52:44 +0000 (21:52 +0200)]
Fix a file descriptor leak when using an invitation.

Found by cppcheck.

3 years agoFix a compiler warning.
Guus Sliepen [Sat, 2 Sep 2017 19:06:25 +0000 (21:06 +0200)]
Fix a compiler warning.

3 years agoForce IPv4 for sptps-basic.test.
Guus Sliepen [Sat, 2 Sep 2017 15:24:05 +0000 (17:24 +0200)]
Force IPv4 for sptps-basic.test.

Allow forcing either IPv4 or IPv6 for sptps_test, and use IPv4 for the
sptps-basic test. Since sptps_test is only opening a single listening
socket, and you cannot control which address family it uses, this gets
around a problem where the listening side is using a different address
family than the one connecting to it.

3 years agoAdd missing break statements.
Guus Sliepen [Sat, 2 Sep 2017 15:04:25 +0000 (17:04 +0200)]
Add missing break statements.

3 years agoMake autoconnect try to heal network splits.
Guus Sliepen [Tue, 22 Aug 2017 18:51:44 +0000 (20:51 +0200)]
Make autoconnect try to heal network splits.

When we have less than three connections, we greedily try to connect to any
viable node. However, once we have three connections, try to connect to
nodes that we know of but that aren't reachable.

We also make sure that if there are 100 reachable nodes, and 1 unreachable
one, that not all 100 reachable nodes try to connect to the unreachable
at the same time.

3 years agoAdd LogLevel config option
pacien [Tue, 15 Aug 2017 17:56:06 +0000 (19:56 +0200)]
Add LogLevel config option

3 years agoForward-port tinc 1.0's handling of device errors.
Guus Sliepen [Thu, 27 Jul 2017 08:06:13 +0000 (10:06 +0200)]
Forward-port tinc 1.0's handling of device errors.

3 years agoAvoid infinite loop on EBADFD
volth [Thu, 27 Jul 2017 06:32:28 +0000 (06:32 +0000)]
Avoid infinite loop on EBADFD

On Linux network restart, Tinc can get into a loop writing millions of error messages "Error while reading from Linux tun/tap device (tun mode) /dev/net/tun: File descriptor in bad state" to the log. https://github.com/NixOS/nixpkgs/pull/27675

It should be somehow aborted.
Here is my quick hack.

3 years agoStore the invitation data after a succesful join.
Guus Sliepen [Sun, 9 Jul 2017 14:12:55 +0000 (16:12 +0200)]
Store the invitation data after a succesful join.

This can be used by the invitee to examine the file after a join, and
process it in different ways than the tinc CLI does.

3 years agoAdd configurable experation time for invitations.
Guus Sliepen [Sun, 9 Jul 2017 13:57:51 +0000 (15:57 +0200)]
Add configurable experation time for invitations.

3 years agoSet KillMode=mixed in the systemd service file.
Guus Sliepen [Sun, 28 May 2017 10:48:32 +0000 (12:48 +0200)]
Set KillMode=mixed in the systemd service file.

This ensures only the main process is sent the SIGTERM, and not anything
else that might have started in the same control group, including the
tinc-down script.

Closes #145 on GitHub.

3 years agoMove logging of "would block" messages to debug level 4.
Guus Sliepen [Sun, 28 May 2017 10:26:44 +0000 (12:26 +0200)]
Move logging of "would block" messages to debug level 4.

3 years agoRemove unused add_scalar function.
Guus Sliepen [Sun, 7 May 2017 13:29:22 +0000 (15:29 +0200)]
Remove unused add_scalar function.

3 years agoFix NULL pointer dereference in send_udp_info
thorkill [Thu, 4 May 2017 21:44:56 +0000 (23:44 +0200)]
Fix NULL pointer dereference in send_udp_info

3 years agoSanitize input in id_h - prevent integer overflows
thorkill [Mon, 1 May 2017 10:40:22 +0000 (12:40 +0200)]
Sanitize input in id_h - prevent integer overflows

3 years agoFix some minor issues found by cppcheck.
Guus Sliepen [Tue, 18 Apr 2017 18:09:38 +0000 (20:09 +0200)]
Fix some minor issues found by cppcheck.

3 years agoAdd field widths to sscanf() calls.
Guus Sliepen [Tue, 18 Apr 2017 18:09:08 +0000 (20:09 +0200)]
Add field widths to sscanf() calls.

Found by cppcheck.

3 years agoRemove dead stores.
Guus Sliepen [Tue, 18 Apr 2017 18:07:33 +0000 (20:07 +0200)]
Remove dead stores.

Found by the Clang static analyzer.

3 years agoAdd missing tinc stop command to the scripts test.
Guus Sliepen [Mon, 17 Apr 2017 14:05:30 +0000 (16:05 +0200)]
Add missing tinc stop command to the scripts test.

3 years agoFix tests on *BSD.
Guus Sliepen [Mon, 17 Apr 2017 11:54:02 +0000 (13:54 +0200)]
Fix tests on *BSD.

3 years agoFix segfault when adding environment variables.
Guus Sliepen [Mon, 17 Apr 2017 11:53:48 +0000 (13:53 +0200)]
Fix segfault when adding environment variables.

3 years agoFix compiler warnings on *BSD.
Guus Sliepen [Mon, 17 Apr 2017 11:07:15 +0000 (13:07 +0200)]
Fix compiler warnings on *BSD.

3 years agoMake sure realname is always initialized.
Guus Sliepen [Mon, 17 Apr 2017 11:02:39 +0000 (13:02 +0200)]
Make sure realname is always initialized.

3 years agoEnsure tests compile on *BSD.
Guus Sliepen [Mon, 17 Apr 2017 10:50:30 +0000 (12:50 +0200)]
Ensure tests compile on *BSD.

3 years agoUse getmsg()/putmsg() instead of read()/write() on Solaris.
Guus Sliepen [Sat, 8 Apr 2017 11:34:40 +0000 (13:34 +0200)]
Use getmsg()/putmsg() instead of read()/write() on Solaris.

This fixes a problem where read() returns packets from the IP layer before
fragmentation is done.

# Conflicts:
# src/solaris/device.c

3 years agoUse /dev/udp instead of /dev/ip on Solaris.
Guus Sliepen [Sat, 8 Apr 2017 11:31:04 +0000 (13:31 +0200)]
Use /dev/udp instead of /dev/ip on Solaris.

# Conflicts:
# src/solaris/device.c

3 years agoEnsure sptps_keypair and sptps_test get build for make check.
Guus Sliepen [Wed, 29 Mar 2017 06:08:56 +0000 (08:08 +0200)]
Ensure sptps_keypair and sptps_test get build for make check.

3 years agoUse instead of localhost to ensure tests are reproducible.
Guus Sliepen [Wed, 29 Mar 2017 06:08:19 +0000 (08:08 +0200)]
Use instead of localhost to ensure tests are reproducible.

3 years agoEnsure proper logging in the invite-offline test.
Guus Sliepen [Sun, 26 Mar 2017 15:54:37 +0000 (17:54 +0200)]
Ensure proper logging in the invite-offline test.

3 years agoAdd the scripts test.
Guus Sliepen [Sun, 26 Mar 2017 15:43:33 +0000 (17:43 +0200)]
Add the scripts test.

This test whether all the scripts are run with the right information in
the right order.

3 years agoUpdate .gitignore.
Guus Sliepen [Sun, 26 Mar 2017 14:48:02 +0000 (16:48 +0200)]
Update .gitignore.

3 years agoAdd the invite-offline test.
Guus Sliepen [Sun, 26 Mar 2017 14:47:54 +0000 (16:47 +0200)]
Add the invite-offline test.

This tests generating an invitation on the server while no tinc daemon is

3 years agoRemove superfluous sleep command in invite-join test.
Guus Sliepen [Sun, 26 Mar 2017 14:46:31 +0000 (16:46 +0200)]
Remove superfluous sleep command in invite-join test.

3 years agoUse unique ports for all tests.
Guus Sliepen [Sun, 26 Mar 2017 14:46:03 +0000 (16:46 +0200)]
Use unique ports for all tests.

3 years agoAdd DEBUG environment variable for scripts.
Guus Sliepen [Tue, 21 Mar 2017 20:25:27 +0000 (21:25 +0100)]
Add DEBUG environment variable for scripts.

This contains the current debug level used by tinc. Scripts can use it
to decide whether to log debugging information of their own.

Closes #138 on GitHub.

3 years agoPut script environment creation/deletion in functions.
Guus Sliepen [Tue, 21 Mar 2017 20:21:23 +0000 (21:21 +0100)]
Put script environment creation/deletion in functions.

This makes environment handling safer, and also has a single place where
we can add new environment variables that should be present for all

3 years agoroute: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Vittorio Gambaletta (VittGam) [Wed, 12 Oct 2016 11:52:17 +0000 (13:52 +0200)]
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
3 years agoMerge remote-tracking branch 'dechamps/sleep' into 1.1
Guus Sliepen [Mon, 20 Mar 2017 21:33:18 +0000 (22:33 +0100)]
Merge remote-tracking branch 'dechamps/sleep' into 1.1

3 years agoDon't try to use kill() on Windows.
Guus Sliepen [Mon, 20 Mar 2017 21:19:36 +0000 (22:19 +0100)]
Don't try to use kill() on Windows.

3 years agoAdd missing #defines used by fd_device.c.
Guus Sliepen [Mon, 20 Mar 2017 21:15:20 +0000 (22:15 +0100)]
Add missing #defines used by fd_device.c.

3 years agoUse free_known_addresses() to free memory allocated by get_known_addresses().
Guus Sliepen [Tue, 7 Mar 2017 18:19:19 +0000 (19:19 +0100)]
Use free_known_addresses() to free memory allocated by get_known_addresses().

We know what struct addrinfo looks like, but the standard says nothing
about how it is allocated. So we cannot trust freeaddrinfo() to work
correctly on the struct addrinfo list we allocated ourselves in
get_known_addresses(). To make a distinction by allocations from the
latter and from str2addrinfo(), we keep two pointers (*ai and *kai) in
struct outgoing, and use the freeing function that is appropriate for

3 years agoFix lost pointer trails in get_known_addresses().
Roman Savelyev [Tue, 7 Mar 2017 18:07:19 +0000 (19:07 +0100)]
Fix lost pointer trails in get_known_addresses().

3 years agoAdd fd_device
Pacien TRAN-GIRARD [Mon, 27 Feb 2017 19:56:55 +0000 (20:56 +0100)]
Add fd_device

3 years agoRemove the description of the LocalDiscoveryAddress option from the manual.
Guus Sliepen [Tue, 14 Feb 2017 19:51:43 +0000 (20:51 +0100)]
Remove the description of the LocalDiscoveryAddress option from the manual.

This option is no longer implemented.

3 years agoDon't build sptps_* binaries by default.
Guus Sliepen [Tue, 31 Jan 2017 11:05:03 +0000 (12:05 +0100)]
Don't build sptps_* binaries by default.

3 years agoFix potential segfault in the replacement vasprintf() function.
Guus Sliepen [Tue, 31 Jan 2017 11:03:27 +0000 (12:03 +0100)]
Fix potential segfault in the replacement vasprintf() function.

3 years agoFix address memory leaks in add_edge_h().
Etienne Dechamps [Sun, 18 Dec 2016 14:53:33 +0000 (14:53 +0000)]
Fix address memory leaks in add_edge_h().

Note that this is not as bad as it looks, because in practice
sockaddrfree() is a no-op for typical address types.

3 years agoClarify the flow of add_edge_h().
Etienne Dechamps [Sun, 18 Dec 2016 14:32:25 +0000 (14:32 +0000)]
Clarify the flow of add_edge_h().

This is an attempt at making the control flow through this function
easier to understand by rearranging branches and cutting back on
indentation levels.

This is a pure refactoring; there is no change in behavior.

3 years agoFix edge updates containing local address changes.
Etienne Dechamps [Sun, 18 Dec 2016 14:25:20 +0000 (14:25 +0000)]
Fix edge updates containing local address changes.

This commit fixes a logic bug in the edge update code where local
address changes are not taken into account if they are bundled in with
other changes. This bug breaks local discovery in some scenarios.

The regression was introduced by commit

3 years agoFix edge local addresses not being set when connections are established.
Etienne Dechamps [Sun, 18 Dec 2016 16:56:27 +0000 (16:56 +0000)]
Fix edge local addresses not being set when connections are established.

This bug prevented nodes from advertising their local addresses, thus
breaking local discovery.

The regression was introduced in

3 years agoOn Windows, don't cancel I/O when disabling the device.
Etienne Dechamps [Sat, 3 Dec 2016 23:13:46 +0000 (23:13 +0000)]
On Windows, don't cancel I/O when disabling the device.

I have observed cases where disable_device() can get stuck on the
GetOverlappedResult() call, especially when the computer is waking up
from sleep. This is problematic when combined with DeviceStandby=yes:

    other_side ( port 655) didn't respond to PING in 5 seconds
    Closing connection with other_side ( port 655)
    Disabling Windows tap device

gdb reveals the following stack trace:

    #0  0x77c7dd3c in ?? ()
    #1  0x7482aad0 in KERNELBASE!GetOverlappedResult () from C:\WINDOWS\SysWoW64\KernelBase.dll
    #2  0x0043c343 in disable_device () at mingw/device.c:244
    #3  0x0040fcee in device_disable () at net_setup.c:759
    #4  0x00405bb5 in check_reachability () at graph.c:292
    #5  0x00405be2 in graph () at graph.c:301
    #6  0x004088db in terminate_connection (c=0x4dea5c0, report=true) at net.c:108
    #7  0x00408aed in timeout_handler (data=0x5af0c0 <pingtimer>) at net.c:168
    #8  0x00403af8 in get_time_remaining (diff=0x2a8fd64) at event.c:239
    #9  0x00403b6c in event_loop () at event.c:303
    #10 0x00409904 in main_loop () at net.c:461
    #11 0x00424a95 in main2 (argc=6, argv=0x2b42a60) at tincd.c:489
    #12 0x00424788 in main (argc=6, argv=0x2b42a60) at tincd.c:416

This is with TAP-Win32 I suspect driver bugs related to sleep.
In any case, this commit fixes the issue by cancelling I/O only when the
entire tinc process is being gracefully shut down, as opposed to every
time the device is disabled. Thankfully, the driver seems to be
perfectly fine with this code issuing TAP_IOCTL_SET_MEDIA_STATUS ioctls
while there are I/O operations inflight.

3 years agoFix crash on Windows when a socket is available for both write and read.
Etienne Dechamps [Sat, 3 Dec 2016 22:52:30 +0000 (22:52 +0000)]
Fix crash on Windows when a socket is available for both write and read.

Currently, if both write and read events fire at the same time on a
socket, the Windows-specific event loop will call both the write and
read callbacks, in that order. Problem is, the write callback could have
deleted the io handle, which makes the next call to the write callback a
use-after-free typically resulting in a hard crash.

In practice, this issue is triggered quite easily by putting the
computer to sleep, which basically freezes the tinc process. When the
computer wakes up and the process resumes, all TCP connections are
suddenly gone; as a result, the following sequence of events might
appear in the logs:

    Metadata socket read error for node1 ( port 655): (10054) An existing connection was forcibly closed by the remote host.
    Closing connection with node1 ( port 655)
    Sending DEL_EDGE to everyone (BROADCAST): 13 4bf6 mynode node1
    Sending 43 bytes of metadata to node2 ( port 655)
    Could not send 10891 bytes of data to node2 ( port 655): (10054) An existing connection was forcibly closed by the remote host.a
    Closing connection with node2 ( port 655)

In this example the crash occurs because the socket to node2 was
signaled for reading *in addition* to writing, but since the connection
was terminated, the attempt to call the read callback crashed the

This commit fixes the problem by not even attempting to fire the write
callback when the write event on the socket is signaled - instead, we
just rely on the part of the event loop that simulates level-triggered
write events. Arguably that's even cleaner and faster, because the code
being removed was technically redundant - we have to go through that
write check loop anyway.

3 years agoEnforce maximum amount of bytes sent/received on meta-connections.
Guus Sliepen [Sun, 30 Oct 2016 14:19:12 +0000 (15:19 +0100)]
Enforce maximum amount of bytes sent/received on meta-connections.

This is 2^{block_length_in_bits / 2 - 1}.

3 years agoUse AES256 and SHA256 by default for the legacy protocol.
Guus Sliepen [Sun, 30 Oct 2016 14:17:52 +0000 (15:17 +0100)]
Use AES256 and SHA256 by default for the legacy protocol.

At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.

4 years agoFix typo in src/upnp.c.
Dennis Lan [Wed, 12 Oct 2016 11:35:39 +0000 (13:35 +0200)]
Fix typo in src/upnp.c.

4 years agotincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size...
Vittorio G (VittGam) [Tue, 11 Oct 2016 18:30:41 +0000 (20:30 +0200)]
tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.

Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
4 years agofsck: Fix ed25519 public key reading, and fclose usage.
Vittorio G (VittGam) [Tue, 11 Oct 2016 11:30:05 +0000 (13:30 +0200)]
fsck: Fix ed25519 public key reading, and fclose usage.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
4 years agoLog warnings about dropped packets only with debug level 5 or higher.
Guus Sliepen [Tue, 26 Jul 2016 14:47:45 +0000 (16:47 +0200)]
Log warnings about dropped packets only with debug level 5 or higher.

4 years agoFix error handling when setting up the UDP socket.
Etienne Dechamps [Thu, 14 Jul 2016 18:15:35 +0000 (19:15 +0100)]
Fix error handling when setting up the UDP socket.

Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.

The regression was introduced in

4 years agoFix compiling with OpenSSL < 1.1.0.
Guus Sliepen [Fri, 24 Jun 2016 09:22:24 +0000 (11:22 +0200)]
Fix compiling with OpenSSL < 1.1.0.

4 years agoAdd missing m4 files.
Guus Sliepen [Fri, 24 Jun 2016 09:22:11 +0000 (11:22 +0200)]
Add missing m4 files.

ax_cflags_warn_all.m4 depends on them.

4 years agoFix potential memory leaks found by the Clang static analyzer.
Guus Sliepen [Thu, 23 Jun 2016 13:59:43 +0000 (15:59 +0200)]
Fix potential memory leaks found by the Clang static analyzer.

4 years agoFix warnings from the Clang static analyzer.
Guus Sliepen [Thu, 23 Jun 2016 13:59:16 +0000 (15:59 +0200)]
Fix warnings from the Clang static analyzer.

These are all false positives or harmless dead stores.

4 years agoForce nul-termination of strings after vsnprintf().
Guus Sliepen [Thu, 23 Jun 2016 13:26:58 +0000 (15:26 +0200)]
Force nul-termination of strings after vsnprintf().

Apparently, on Windows this function might not always be properly

4 years agoUse EVP_MD_CTX_destroy() instead of _free().
Guus Sliepen [Wed, 22 Jun 2016 21:08:30 +0000 (23:08 +0200)]
Use EVP_MD_CTX_destroy() instead of _free().

Thanks to azrdev for pointing out the build failure on Fedora 23.

4 years agoCheck return value of RSA_generate_key_ex().
Guus Sliepen [Wed, 22 Jun 2016 15:42:25 +0000 (17:42 +0200)]
Check return value of RSA_generate_key_ex().

4 years agoAdd -Wall to CFLAGS.
Guus Sliepen [Wed, 22 Jun 2016 15:35:12 +0000 (17:35 +0200)]
Add -Wall to CFLAGS.

4 years agoEnsure compatibility with OpenSSL 1.1.0.
Guus Sliepen [Wed, 22 Jun 2016 14:32:05 +0000 (16:32 +0200)]
Ensure compatibility with OpenSSL 1.1.0.

4 years agoFix the previous commit.
Guus Sliepen [Sun, 5 Jun 2016 13:20:57 +0000 (15:20 +0200)]
Fix the previous commit.

4 years agoPreserve IPv6 scope_id in edges.
Guus Sliepen [Sun, 5 Jun 2016 12:47:21 +0000 (14:47 +0200)]
Preserve IPv6 scope_id in edges.

When creating an edge after authenticating a peer, we copy the
address used for the TCP connection, but change the port to that used
for UDP. But the way we did it discarded the scope_id for IPv6
addresses. This prevented UDP communication from working correctly when
connecting to a peer on the same LAN using an IPv6 link-local address.

Thanks to Rafał Leśniak for pointing out this issue.

4 years agofix check in cmd_pid() for failure to connect to tincd
Sean McVeigh [Sat, 21 May 2016 21:38:14 +0000 (17:38 -0400)]
fix check in cmd_pid() for failure to connect to tincd

4 years agocheck for daemon pid existence before trying to connect to the control socket, and...
Sean McVeigh [Sat, 21 May 2016 21:25:18 +0000 (17:25 -0400)]
check for daemon pid existence before trying to connect to the control socket, and clean up stale files otherwise.

4 years agoAdded comments and unfold deep "if"-construct in timeout_handler
lemoer [Thu, 19 May 2016 15:24:31 +0000 (17:24 +0200)]
Added comments and unfold deep "if"-construct in timeout_handler

4 years agoPrevent tincd from sending packets to unexpecting nodes
thorkill [Thu, 19 May 2016 13:48:15 +0000 (15:48 +0200)]
Prevent tincd from sending packets to unexpecting nodes

Make tincd recognize when it was asleep and close connections to it's
peers. This happens when e.g. RoadWarrior has been suspended for
"longer" time period. After resume, it will start to communicate
with it's peers using the contextes it had before suspend.

On the other side, the nodes closed the connections since PingTimeout
and/or TCP connection went down.

Sending data to such unaware (sptps mostly) nodes will cause
havoc in the logs. Misleading the developers to wrong assumptions
that something is wrong with sptps.

# Conflicts:
# src/net.c

4 years agoSend PKT_PROBE only when handshake has been done already.
thorkill [Wed, 11 May 2016 17:27:05 +0000 (19:27 +0200)]
Send PKT_PROBE only when handshake has been done already.

4 years agoReleasing 1.1pre14. release-1.1pre14
Guus Sliepen [Sun, 1 May 2016 18:35:26 +0000 (20:35 +0200)]
Releasing 1.1pre14.

4 years agoRevert "Remove tinc.service, it is not necessary."
Guus Sliepen [Sun, 1 May 2016 10:07:44 +0000 (12:07 +0200)]
Revert "Remove tinc.service, it is not necessary."

This reverts commit 0b6f84f96eeed20a0d771fedb72c0e19941adb7e. Although
systemd does automatically provide a "tinc.slice" when there is only a
tinc@.service template, it doesn't quite work the same way as

4 years agoReleasing 1.1pre13. release-1.1pre13
Guus Sliepen [Sat, 30 Apr 2016 18:55:12 +0000 (20:55 +0200)]
Releasing 1.1pre13.

4 years agoAutoConnect now only chooses from nodes for which we know an address.
Guus Sliepen [Sat, 30 Apr 2016 18:05:22 +0000 (20:05 +0200)]
AutoConnect now only chooses from nodes for which we know an address.

Based partially on work from Rafał Leśniak.

4 years agoRemove tinc.service, it is not necessary.
Guus Sliepen [Sat, 30 Apr 2016 16:08:31 +0000 (18:08 +0200)]
Remove tinc.service, it is not necessary.

Thanks to Alexander Ried for pointing out that if you have
tinc@.service template, systemd will provide a default slice containing
all instances of that template. So "systemctl start tinc" will still do
what we want it to do.

4 years agoFix BSD tun device support.
Guus Sliepen [Wed, 27 Apr 2016 18:30:36 +0000 (20:30 +0200)]
Fix BSD tun device support.

This was broken by a botched merge from the master branch in commit d7f6737.

4 years agoReleasing 1.1pre12. release-1.1pre12
Guus Sliepen [Sun, 24 Apr 2016 11:23:06 +0000 (13:23 +0200)]
Releasing 1.1pre12.

4 years agoDon't check file permissions on Windows during fsck.
Guus Sliepen [Sat, 23 Apr 2016 19:39:53 +0000 (21:39 +0200)]
Don't check file permissions on Windows during fsck.

4 years agoFix starting tinc as a service on Windows.
Guus Sliepen [Sat, 23 Apr 2016 19:32:42 +0000 (21:32 +0200)]
Fix starting tinc as a service on Windows.

Don't assume tincd.exe is in the working directory, especially now that
chdir() is called very early. We use GetModuleFileName() instead.

4 years agoFix a compiler warning on Windows.
Guus Sliepen [Sat, 23 Apr 2016 19:32:29 +0000 (21:32 +0200)]
Fix a compiler warning on Windows.

4 years agoFix possible read of freed memory when verifying the signature of a file.
Guus Sliepen [Sat, 23 Apr 2016 15:28:30 +0000 (17:28 +0200)]
Fix possible read of freed memory when verifying the signature of a file.

4 years agoHave "tinc fsck" recognize Ed25519PublicKey statements.
Guus Sliepen [Sat, 23 Apr 2016 15:20:08 +0000 (17:20 +0200)]
Have "tinc fsck" recognize Ed25519PublicKey statements.

4 years agoMove documentation of invitations to the manual.
Guus Sliepen [Sat, 23 Apr 2016 14:05:41 +0000 (16:05 +0200)]
Move documentation of invitations to the manual.

4 years agoFix the "network" command in tinc shell.
Guus Sliepen [Sun, 17 Apr 2016 16:11:04 +0000 (18:11 +0200)]
Fix the "network" command in tinc shell.

4 years agoSpeed up AutoConnect at startup.
Guus Sliepen [Sun, 17 Apr 2016 15:06:11 +0000 (17:06 +0200)]
Speed up AutoConnect at startup.

Call periodic_handler() immediately at startup. Also, don't try to
connect to ourself.

4 years agoDon't call terminate_connection(myself->connection).
Guus Sliepen [Sun, 17 Apr 2016 14:23:31 +0000 (16:23 +0200)]
Don't call terminate_connection(myself->connection).

It doesn't do anything except give a confusing error message that we are
closing the connection to ourself. Replace it with connection_del().
This also fixes a double free.

4 years agoHandle special characters in sptps_test only if the --special option is given.
Guus Sliepen [Sun, 17 Apr 2016 14:01:49 +0000 (16:01 +0200)]
Handle special characters in sptps_test only if the --special option is given.

sptps_test treats lines starting with #, ^ and $ specially, in order to
test the SPTPS protocol. However, this should only be done if explicitly
requested, otherwise it can unexpectedly fail.

4 years agoAdd stricter checks for netnames.
Guus Sliepen [Sun, 17 Apr 2016 12:38:37 +0000 (14:38 +0200)]
Add stricter checks for netnames.

When passing a NetName via an invitation, we don't allow any characters
that are unsafe (either because they could cause shells to expand things,
or because they are not allowed on some filesystems).

Also, warn when tinc is started with unsafe netnames.

4 years agoUse ifconfig_header().
Guus Sliepen [Sun, 17 Apr 2016 12:36:29 +0000 (14:36 +0200)]
Use ifconfig_header().

4 years agoChdir() to the configuration directory instead of /.
Guus Sliepen [Sun, 17 Apr 2016 12:04:57 +0000 (14:04 +0200)]
Chdir() to the configuration directory instead of /.

4 years agoAdd a test for tinc-up creation from invitations.
Guus Sliepen [Sun, 17 Apr 2016 11:56:37 +0000 (13:56 +0200)]
Add a test for tinc-up creation from invitations.

4 years agoFix compiler warnings.
Guus Sliepen [Sun, 17 Apr 2016 11:55:36 +0000 (13:55 +0200)]
Fix compiler warnings.