oweals/tinc.git
12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Tue, 26 Jun 2012 11:24:20 +0000 (13:24 +0200)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
NEWS
README
configure.in
lib/utils.c
src/linux/device.c
src/meta.c
src/net.h
src/net_setup.c
src/net_socket.c
src/protocol.c
src/protocol_auth.c
src/tincd.c

12 years agoReleasing 1.0.19. release-1.0.19
Guus Sliepen [Mon, 25 Jun 2012 17:45:51 +0000 (19:45 +0200)]
Releasing 1.0.19.

12 years agoFix crash when using Broadcast = direct.
Guus Sliepen [Mon, 25 Jun 2012 17:03:54 +0000 (19:03 +0200)]
Fix crash when using Broadcast = direct.

12 years agoFix compiler warnings.
Guus Sliepen [Mon, 25 Jun 2012 17:01:51 +0000 (19:01 +0200)]
Fix compiler warnings.

12 years ago#include <winsock2.h> on Windows.
Guus Sliepen [Mon, 25 Jun 2012 13:01:42 +0000 (15:01 +0200)]
#include <winsock2.h> on Windows.

MinGW complained about it not being included.

12 years agoSmall fixes in proxy code.
Guus Sliepen [Mon, 25 Jun 2012 13:00:24 +0000 (15:00 +0200)]
Small fixes in proxy code.

12 years agoDon't forget to send a newline when forwarding requests.
Guus Sliepen [Sun, 13 May 2012 20:16:42 +0000 (22:16 +0200)]
Don't forget to send a newline when forwarding requests.

12 years agoadd (errnum) in front of windows error messages
Michael Tokarev [Fri, 4 May 2012 12:41:47 +0000 (16:41 +0400)]
add (errnum) in front of windows error messages

On localized, non-English versions of windows, it is
common to have two active charsets -- for console applications
and for GUI applications, together with localized error messages
returned by windows.  But two charsets are rarely compatible,
so sending the same byte sequence to console and to windows
event log makes one or another to be unreadable.  So at least
include the error number, this way it will be possible to
lookup the actual error test using external ways.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
12 years agoAlways pass request strings to other functions as const char *.
Guus Sliepen [Tue, 8 May 2012 14:44:15 +0000 (16:44 +0200)]
Always pass request strings to other functions as const char *.

12 years agofree_connection_partially(): also reset remote protocol version infos
Sven-Haegar Koch [Sun, 22 Apr 2012 01:44:28 +0000 (03:44 +0200)]
free_connection_partially(): also reset remote protocol version infos

The used remote protocol can change between two reconnects, aka if
the remote side has enabled/disabled for example their ExperimentalProtocols
setting.

12 years agoSilence SPTPS log messages, reduce them from DEBUG_ALWAYS to DEBUG_META.
Sven-Haegar Koch [Sun, 22 Apr 2012 01:05:29 +0000 (03:05 +0200)]
Silence SPTPS log messages, reduce them from DEBUG_ALWAYS to DEBUG_META.

12 years agoterminate_connection(): delete non-outgoing (aka incoming) connections.
Sven-Haegar Koch [Sun, 22 Apr 2012 00:55:06 +0000 (02:55 +0200)]
terminate_connection(): delete non-outgoing (aka incoming) connections.

12 years agoLabel control connections for log output as "<control>", not "<unknown>".
Sven-Haegar Koch [Sat, 21 Apr 2012 01:44:24 +0000 (03:44 +0200)]
Label control connections for log output as "<control>", not "<unknown>".

12 years agofree_connection_partially(): Avoid possible use-after-free for c->hischallenge
Sven-Haegar Koch [Fri, 20 Apr 2012 23:59:01 +0000 (01:59 +0200)]
free_connection_partially(): Avoid possible use-after-free for c->hischallenge

12 years agoterminate_connection(): only kill c->node->connection if it is pointing
Sven-Haegar Koch [Fri, 20 Apr 2012 23:51:36 +0000 (01:51 +0200)]
terminate_connection(): only kill c->node->connection if it is pointing
to the same connection

12 years agoterminate_connection(): Avoid use-after-free and double-free for
Sven-Haegar Koch [Thu, 19 Apr 2012 22:24:38 +0000 (00:24 +0200)]
terminate_connection(): Avoid use-after-free and double-free for
already freed edge structure.

12 years agoDocument new proxy types.
Guus Sliepen [Thu, 19 Apr 2012 13:56:08 +0000 (15:56 +0200)]
Document new proxy types.

12 years agoAdd support for proxying through an external command.
Guus Sliepen [Thu, 19 Apr 2012 13:18:31 +0000 (15:18 +0200)]
Add support for proxying through an external command.

Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.

12 years agoAdd support for SOCKS 5 proxies.
Guus Sliepen [Thu, 19 Apr 2012 12:10:54 +0000 (14:10 +0200)]
Add support for SOCKS 5 proxies.

This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.

12 years agoAdd basic support for SOCKS 4 and HTTP CONNECT proxies.
Guus Sliepen [Wed, 18 Apr 2012 21:19:40 +0000 (23:19 +0200)]
Add basic support for SOCKS 4 and HTTP CONNECT proxies.

When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.

12 years agoAllow broadcast packets to be sent directly instead of via the MST.
Guus Sliepen [Sun, 15 Apr 2012 23:57:25 +0000 (01:57 +0200)]
Allow broadcast packets to be sent directly instead of via the MST.

When the "Broadcast = direct" option is used, broadcast packets are not sent
and forwarded via the Minimum Spanning Tree to all nodes, but are sent directly
to all nodes that can be reached in one hop.

One use for this is to allow running ad-hoc routing protocols, such as OLSR, on
top of tinc.

12 years agoUpdate README to reflect that only OpenSSL is currently supported.
Guus Sliepen [Sun, 15 Apr 2012 23:16:59 +0000 (01:16 +0200)]
Update README to reflect that only OpenSSL is currently supported.

12 years agoAdd autoconf checks for OpenSSL's elliptic curve functions.
Guus Sliepen [Sun, 15 Apr 2012 23:14:59 +0000 (01:14 +0200)]
Add autoconf checks for OpenSSL's elliptic curve functions.

12 years agoecdh & ecdsa: avoid some possible memory leaks in error conditions.
Sven-Haegar Koch [Sat, 14 Apr 2012 00:28:43 +0000 (02:28 +0200)]
ecdh & ecdsa: avoid some possible memory leaks in error conditions.

12 years agoRemove confusing error message for failed reading in ECDSA keys.
Sven-Haegar Koch [Sat, 14 Apr 2012 00:02:11 +0000 (02:02 +0200)]
Remove confusing error message for failed reading in ECDSA keys.

Most likeley the error is that there just is no valid key inside the used
host file, and in this case errno just contains a random value from the
last previously failed call.

12 years agosptps_stop(): clear pointers after free to avoid double free.
Sven-Haegar Koch [Sat, 14 Apr 2012 00:29:32 +0000 (02:29 +0200)]
sptps_stop(): clear pointers after free to avoid double free.

sptps_stop() may get called twice on some failed connection setups.

12 years agoAllow environment variables to be used for Name.
Guus Sliepen [Thu, 29 Mar 2012 15:45:25 +0000 (16:45 +0100)]
Allow environment variables to be used for Name.

When the Name starts with a $, the rest will be interpreted as the name of an
environment variable containing the real Name. When Name is $HOST, but this
environment variable does not exist, gethostname() will be used to set the
Name. In both cases, illegal characters will be converted to underscores.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Mon, 26 Mar 2012 18:06:39 +0000 (19:06 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
src/logger.c
src/net_setup.c

12 years agoAdd support for systemd style socket activation.
Guus Sliepen [Mon, 26 Mar 2012 13:46:09 +0000 (14:46 +0100)]
Add support for systemd style socket activation.

If the LISTEN_FDS environment variable is set and tinc is run in the
foreground, tinc will use filedescriptors 3 to 3 + LISTEN_FDS for its listening
TCP sockets. For now, tinc will create matching listening UDP sockets itself.

There is no dependency on systemd or on libsystemd-daemon.

12 years agoRemove newline from log message.
Guus Sliepen [Mon, 26 Mar 2012 13:45:20 +0000 (14:45 +0100)]
Remove newline from log message.

12 years agoconfigure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
Anthony G. Basile [Mon, 26 Mar 2012 10:29:40 +0000 (06:29 -0400)]
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH

The current configure.in file does not correctly make use of these
macros.  The resulting configure file will therefore enable an item
even if --disable-FEATURE is given.  This patch restores the intended
behavior.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Sun, 25 Mar 2012 22:35:31 +0000 (23:35 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
NEWS
README
configure.in
src/Makefile.am
src/conf.c
src/conf.h
src/connection.c
src/net.c
src/tincd.c

12 years agoSupport :: in IPv6 Subnets.
Guus Sliepen [Sun, 25 Mar 2012 21:54:36 +0000 (22:54 +0100)]
Support :: in IPv6 Subnets.

12 years agoReleasing 1.0.18. release-1.0.18
Guus Sliepen [Sun, 25 Mar 2012 14:32:26 +0000 (15:32 +0100)]
Releasing 1.0.18.

12 years agoMark DecrementTTL option experimental.
Guus Sliepen [Sun, 25 Mar 2012 14:30:58 +0000 (15:30 +0100)]
Mark DecrementTTL option experimental.

12 years agoFix return type of vde_recv() as well.
Guus Sliepen [Sun, 25 Mar 2012 14:17:50 +0000 (15:17 +0100)]
Fix return type of vde_recv() as well.

In this case it is not really necessary as the conversion to int will already
take care of ensuring the return value is treated as signed.

12 years agoDocument OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
Guus Sliepen [Sun, 25 Mar 2012 13:55:56 +0000 (14:55 +0100)]
Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.

12 years agoFix some more compiler warnings.
Guus Sliepen [Sun, 25 Mar 2012 13:46:50 +0000 (14:46 +0100)]
Fix some more compiler warnings.

12 years agoFix return value type of vde_send().
Guus Sliepen [Sun, 25 Mar 2012 13:00:21 +0000 (14:00 +0100)]
Fix return value type of vde_send().

The libvdeplug_dyn.h header file incorrectly declares the return type of
vde_send() to size_t, while in reality it is ssize_t.

12 years agoFix compiler warnings.
Guus Sliepen [Sun, 25 Mar 2012 12:58:14 +0000 (13:58 +0100)]
Fix compiler warnings.

12 years agoAllow scoped addresses to be used for IPv6 multicast socket.
Guus Sliepen [Sun, 25 Mar 2012 12:42:10 +0000 (13:42 +0100)]
Allow scoped addresses to be used for IPv6 multicast socket.

12 years agoAdd #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
Guus Sliepen [Sun, 25 Mar 2012 12:40:55 +0000 (13:40 +0100)]
Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.

12 years agoSet default value of DecrementTTL to "no".
Guus Sliepen [Fri, 23 Mar 2012 12:18:36 +0000 (13:18 +0100)]
Set default value of DecrementTTL to "no".

Decrementing the TTL causes IPv6 to fail when Mode = switch, and there may be
other unforeseen side-effects.

12 years agoAdd support for multicast communication with UML/QEMU/KVM.
Guus Sliepen [Wed, 21 Mar 2012 16:00:53 +0000 (17:00 +0100)]
Add support for multicast communication with UML/QEMU/KVM.

DeviceType = multicast allows one to specify a multicast address and port with
a Device statement. Tinc will then read/send packets to that multicast group
instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM
instances that are listening on the same group.

12 years agoAllow a port to be specified in BindToAddress statements.
Guus Sliepen [Wed, 21 Mar 2012 12:20:15 +0000 (13:20 +0100)]
Allow a port to be specified in BindToAddress statements.

This can be used to let tinc listen on multiple ports for incoming connections.

12 years agoAlways try next Address when an outgoing connection fails to authenticate.
Guus Sliepen [Tue, 20 Mar 2012 22:49:16 +0000 (23:49 +0100)]
Always try next Address when an outgoing connection fails to authenticate.

When making outgoing connections, tinc goes through the list of Addresses and
tries all of them until one succeeds. However, before it would consider
establishing a TCP connection a success, even when the authentication failed.
This would be a problem if the first Address would point to a hostname and port
combination that belongs to the wrong tinc node, or perhaps even to a non-tinc
service, causing tinc to endlessly try this Address instead of moving to the
next one.

Problem found by Delf Eldkraft.

12 years agoMake sure the signature also covers the session label.
Guus Sliepen [Sun, 18 Mar 2012 20:24:46 +0000 (21:24 +0100)]
Make sure the signature also covers the session label.

12 years agoStart documenting the SPTPS protocol.
Guus Sliepen [Sun, 18 Mar 2012 19:38:48 +0000 (20:38 +0100)]
Start documenting the SPTPS protocol.

12 years agoDon't send an ACK message after the first key exchange in the SPTPS protocol.
Guus Sliepen [Sun, 18 Mar 2012 16:46:30 +0000 (17:46 +0100)]
Don't send an ACK message after the first key exchange in the SPTPS protocol.

12 years agoTest SPTPS messages sent while key renegotation is in progress.
Guus Sliepen [Sun, 18 Mar 2012 16:42:43 +0000 (17:42 +0100)]
Test SPTPS messages sent while key renegotation is in progress.

12 years agoAdd datagram mode to the SPTPS protocol.
Guus Sliepen [Sun, 18 Mar 2012 15:42:02 +0000 (16:42 +0100)]
Add datagram mode to the SPTPS protocol.

* Everything is identical except the headers of the records.
* Instead of sending explicit message length and having an implicit sequence
  number, datagram mode has an implicit message length and an explicit sequence
  number.
* The sequence number is used to set the most significant bytes of the counter.

12 years agoAllow CTR mode counter to be set to a specific value.
Guus Sliepen [Sun, 18 Mar 2012 15:41:13 +0000 (16:41 +0100)]
Allow CTR mode counter to be set to a specific value.

12 years agoReleasing 1.0.17. release-1.0.17
Guus Sliepen [Sat, 10 Mar 2012 12:31:36 +0000 (13:31 +0100)]
Releasing 1.0.17.

12 years agoUpdate copyright notices.
Guus Sliepen [Sat, 10 Mar 2012 12:23:08 +0000 (13:23 +0100)]
Update copyright notices.

12 years agoMake sure disabling old RSA keys works on Windows.
Guus Sliepen [Thu, 8 Mar 2012 22:23:39 +0000 (23:23 +0100)]
Make sure disabling old RSA keys works on Windows.

Seeking in files and rewriting parts of them does not seem to work properly on
Windows. Instead, when old RSA keys are found when generating new ones, the
file containing the old keys is copied to a temporary file where the changes
are made, and that file is renamed back to the original filename. On Windows,
we cannot atomically replace files with a rename(), so we need to move the
original file out of the way first. If anything fails, the new code will warn
that the user has to solve the problem by hand.

12 years agoAdd missing ICMP6 message type definitions.
Guus Sliepen [Thu, 8 Mar 2012 21:19:20 +0000 (22:19 +0100)]
Add missing ICMP6 message type definitions.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Thu, 8 Mar 2012 20:15:08 +0000 (21:15 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
src/net_packet.c

12 years agoAccept Subnets passed with the -o option when StrictSubnets = yes.
Guus Sliepen [Wed, 7 Mar 2012 09:40:06 +0000 (10:40 +0100)]
Accept Subnets passed with the -o option when StrictSubnets = yes.

12 years agoOnly log errors sending UDP packets when debug level >= 5.
Guus Sliepen [Fri, 2 Mar 2012 15:09:58 +0000 (16:09 +0100)]
Only log errors sending UDP packets when debug level >= 5.

Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.

12 years agoAllow log messages to be captured by tincctl.
Guus Sliepen [Sun, 26 Feb 2012 17:37:36 +0000 (18:37 +0100)]
Allow log messages to be captured by tincctl.

This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.

12 years agoDon't close control connections when handling a reload command.
Guus Sliepen [Sun, 26 Feb 2012 15:56:53 +0000 (16:56 +0100)]
Don't close control connections when handling a reload command.

Because this would terminate the connection while the control message
handler was still running, it would lead to a segmentation fault later
on.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Sun, 26 Feb 2012 15:27:13 +0000 (16:27 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

12 years agoOnly use broadcast at the start of the PMTU discovery phase.
Guus Sliepen [Sun, 26 Feb 2012 15:23:02 +0000 (16:23 +0100)]
Only use broadcast at the start of the PMTU discovery phase.

For local peer discovery, only a handful of packets are necessary for
peers to detect each other.

12 years agoLet tincctl use the NETNAME environment variable if no -n option is given.
Guus Sliepen [Sun, 26 Feb 2012 11:39:46 +0000 (12:39 +0100)]
Let tincctl use the NETNAME environment variable if no -n option is given.

This allows administrators who frequently want to work with one tinc
network to omit the -n option. Since the NETNAME variable is set by
tincd when executing scripts, this makes it slightly easier to use
tincctl from within scripts.

12 years agoEnsure all SPTPS functions are prefixed with sptps_.
Guus Sliepen [Sun, 26 Feb 2012 11:33:16 +0000 (12:33 +0100)]
Ensure all SPTPS functions are prefixed with sptps_.

12 years agoGo back to breadth first search for path finding.
Guus Sliepen [Sat, 25 Feb 2012 22:03:09 +0000 (23:03 +0100)]
Go back to breadth first search for path finding.

If 1.1.x nodes using Dijkstra's algorithm are mixed with 1.0.x nodes using BFS,
then routing loops can occur.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Sat, 25 Feb 2012 21:52:57 +0000 (22:52 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

12 years agoStricter checks against routing loops.
Guus Sliepen [Sat, 25 Feb 2012 21:11:30 +0000 (22:11 +0100)]
Stricter checks against routing loops.

If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.

12 years agoDon't send ICMP Time Exceeded messages for other Time Exceeded messages.
Guus Sliepen [Sat, 25 Feb 2012 20:46:18 +0000 (21:46 +0100)]
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.

That would be silly.

12 years agoUse SPTPS when ExperimentalProtocol is enabled.
Guus Sliepen [Sat, 25 Feb 2012 17:25:21 +0000 (18:25 +0100)]
Use SPTPS when ExperimentalProtocol is enabled.

12 years agoApply HMAC after encryption.
Guus Sliepen [Sat, 25 Feb 2012 14:18:15 +0000 (15:18 +0100)]
Apply HMAC after encryption.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Thu, 23 Feb 2012 12:26:01 +0000 (13:26 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
src/net.c
src/net_packet.c
src/net_socket.c

12 years agoAdd LocalDiscovery option which tries to detect peers on the local network.
Guus Sliepen [Wed, 22 Feb 2012 22:17:43 +0000 (23:17 +0100)]
Add LocalDiscovery option which tries to detect peers on the local network.

Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.

12 years agoPass index into listen_socket[] to handle_incoming_vpn_data().
Guus Sliepen [Wed, 22 Feb 2012 13:37:56 +0000 (14:37 +0100)]
Pass index into listen_socket[] to handle_incoming_vpn_data().

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Wed, 22 Feb 2012 13:23:59 +0000 (14:23 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
NEWS
README
configure.in
doc/tincd.8.in
src/Makefile.am
src/bsd/device.c
src/connection.c
src/connection.h
src/cygwin/device.c
src/device.h
src/dropin.h
src/linux/device.c
src/mingw/device.c
src/net.c
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/process.c
src/protocol.c
src/protocol_key.c
src/raw_socket_device.c
src/route.c
src/solaris/device.c
src/tincd.c
src/uml_device.c

12 years agoRemove useless warning about signature length being shorter than expected.
Guus Sliepen [Tue, 21 Feb 2012 22:19:51 +0000 (23:19 +0100)]
Remove useless warning about signature length being shorter than expected.

12 years agoUse only one hash algorithm (SHA512) in the PRF.
Guus Sliepen [Tue, 21 Feb 2012 22:17:12 +0000 (23:17 +0100)]
Use only one hash algorithm (SHA512) in the PRF.

On some platforms, OpenSSL by default does not support the Whirlpool algorithm.

12 years agoAdd missing ICMP message type definitions.
Nick Hibma [Tue, 21 Feb 2012 14:26:58 +0000 (15:26 +0100)]
Add missing ICMP message type definitions.

12 years agoFix check for raw socket support.
Guus Sliepen [Tue, 21 Feb 2012 13:06:55 +0000 (14:06 +0100)]
Fix check for raw socket support.

Also, move some variables so there are no compiler warnings about unused
variables when there is no support for raw sockets.

12 years agoFix a bug that caused tinc to ignore all but the last listening socket.
Guus Sliepen [Tue, 21 Feb 2012 12:31:21 +0000 (13:31 +0100)]
Fix a bug that caused tinc to ignore all but the last listening socket.

12 years agoDocument the command line flag -o and provide --option as well.
Guus Sliepen [Tue, 21 Feb 2012 12:13:40 +0000 (13:13 +0100)]
Document the command line flag -o and provide --option as well.

12 years agoMove initialization of char *priority up to prevent freeing an uninitialized pointer.
Guus Sliepen [Tue, 21 Feb 2012 10:39:21 +0000 (11:39 +0100)]
Move initialization of char *priority up to prevent freeing an uninitialized pointer.

12 years agoAllow disabling of broadcast packets.
Guus Sliepen [Mon, 20 Feb 2012 16:19:00 +0000 (17:19 +0100)]
Allow disabling of broadcast packets.

The Broadcast option can be used to cause tinc to drop all broadcast and
multicast packets. This option might be expanded in the future to selectively
allow only some broadcast packet types.

12 years agoRename connection_t *broadcast to everyone.
Guus Sliepen [Mon, 20 Feb 2012 16:12:48 +0000 (17:12 +0100)]
Rename connection_t *broadcast to everyone.

12 years agoDon't bind outgoing TCP sockets anymore.
Guus Sliepen [Mon, 20 Feb 2012 15:52:53 +0000 (16:52 +0100)]
Don't bind outgoing TCP sockets anymore.

The code introduced in commit 41a05f59ba2c3eb5caab555f096ed1b9fbe69ee3 is not
needed anymore, since tinc has been able to handle UDP packets from a different
source address than those of the TCP packets since 1.0.10.  When using multiple
BindToAddress statements, this code does not make sense anymore, we do want the
kernel to choose the source address on its own.

12 years agoDecrement TTL of incoming packets.
Guus Sliepen [Mon, 20 Feb 2012 15:34:02 +0000 (16:34 +0100)]
Decrement TTL of incoming packets.

Tinc will now, by default, decrement the TTL field of incoming IPv4 and IPv6
packets, before forwarding them to the virtual network device or to another
node. Packets with a TTL value of zero will be dropped, and an ICMP Time
Exceeded message will be sent back.

This behaviour can be disabled using the DecrementTTL option.

12 years agoOnly compile raw socket code when it is supported on that platform.
Guus Sliepen [Mon, 20 Feb 2012 14:44:52 +0000 (15:44 +0100)]
Only compile raw socket code when it is supported on that platform.

12 years agoMerge branch 'master' of black:tinc
Guus Sliepen [Sat, 18 Feb 2012 13:31:08 +0000 (14:31 +0100)]
Merge branch 'master' of black:tinc

12 years agoAllow setting DeviceType to tun or tap on Linux.
Guus Sliepen [Sat, 18 Feb 2012 13:37:52 +0000 (14:37 +0100)]
Allow setting DeviceType to tun or tap on Linux.

12 years agoSend packets back using the same socket as they were received on.
Guus Sliepen [Sat, 18 Feb 2012 10:48:21 +0000 (11:48 +0100)]
Send packets back using the same socket as they were received on.

12 years agoMerge branch 'master' of black:tinc
Guus Sliepen [Sat, 18 Feb 2012 10:43:00 +0000 (11:43 +0100)]
Merge branch 'master' of black:tinc

12 years agoAllow multiple BindToAddress statements.
Guus Sliepen [Fri, 17 Feb 2012 15:25:00 +0000 (16:25 +0100)]
Allow multiple BindToAddress statements.

12 years agoSet FD_CLOEXEC flag on all sockets.
Guus Sliepen [Fri, 17 Feb 2012 15:13:38 +0000 (16:13 +0100)]
Set FD_CLOEXEC flag on all sockets.

Scripts called by tinc would inherit its open filedescriptors. This could
be a problem if other long-running daemons are started from those scripts,
if those daemons would not close all filedescriptors before going into the
background.

Problem found and solution suggested by Nick Hibma.

12 years agoFix a few small memory leaks.
Guus Sliepen [Mon, 26 Dec 2011 22:11:27 +0000 (23:11 +0100)]
Fix a few small memory leaks.

12 years agoFix compiler warnings.
Guus Sliepen [Mon, 26 Dec 2011 22:04:40 +0000 (23:04 +0100)]
Fix compiler warnings.

12 years agoAllow linking with multiple device drivers.
Guus Sliepen [Sun, 4 Dec 2011 00:20:59 +0000 (01:20 +0100)]
Allow linking with multiple device drivers.

Apart from the platform specific tun/tap driver, link with the dummy and
raw_socket devices, and optionally with support for UML and VDE devices.
At runtime, the DeviceType option can be used to select which driver to
use.

12 years agoFix a few small memory leaks.
Guus Sliepen [Sat, 3 Dec 2011 20:59:47 +0000 (21:59 +0100)]
Fix a few small memory leaks.

12 years agoAdd vde/device.c to the tarball.
Guus Sliepen [Sun, 27 Nov 2011 11:13:16 +0000 (12:13 +0100)]
Add vde/device.c to the tarball.

12 years agoFix compilation of VDE and UML interfaces.
Guus Sliepen [Sun, 27 Nov 2011 11:12:34 +0000 (12:12 +0100)]
Fix compilation of VDE and UML interfaces.

13 years agoExchange ACK records to indicate switch to new keys.
Guus Sliepen [Thu, 6 Oct 2011 13:32:12 +0000 (15:32 +0200)]
Exchange ACK records to indicate switch to new keys.

This allow application records to be sent while key renegotiation is still
happening.