oweals/tinc.git
8 years agoEnforce maximum amount of bytes sent/received on meta-connections.
Guus Sliepen [Sun, 30 Oct 2016 14:19:12 +0000 (15:19 +0100)]
Enforce maximum amount of bytes sent/received on meta-connections.

This is 2^{block_length_in_bits / 2 - 1}.

8 years agoUse AES256 and SHA256 by default for the legacy protocol.
Guus Sliepen [Sun, 30 Oct 2016 14:17:52 +0000 (15:17 +0100)]
Use AES256 and SHA256 by default for the legacy protocol.

At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in CFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.

8 years agoFix typo in src/upnp.c.
Dennis Lan [Wed, 12 Oct 2016 11:35:39 +0000 (13:35 +0200)]
Fix typo in src/upnp.c.

8 years agotincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size...
Vittorio G (VittGam) [Tue, 11 Oct 2016 18:30:41 +0000 (20:30 +0200)]
tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.

Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
8 years agofsck: Fix ed25519 public key reading, and fclose usage.
Vittorio G (VittGam) [Tue, 11 Oct 2016 11:30:05 +0000 (13:30 +0200)]
fsck: Fix ed25519 public key reading, and fclose usage.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
8 years agoLog warnings about dropped packets only with debug level 5 or higher.
Guus Sliepen [Tue, 26 Jul 2016 14:47:45 +0000 (16:47 +0200)]
Log warnings about dropped packets only with debug level 5 or higher.

8 years agoFix error handling when setting up the UDP socket.
Etienne Dechamps [Thu, 14 Jul 2016 18:15:35 +0000 (19:15 +0100)]
Fix error handling when setting up the UDP socket.

Due to this typo, if tinc managed to set up the TCP socket but not the
UDP socket, it would continue anyway.

The regression was introduced in
6bc5d626a8726fc23365ee705761a3c666a08ad4.

8 years agoFix compiling with OpenSSL < 1.1.0.
Guus Sliepen [Fri, 24 Jun 2016 09:22:24 +0000 (11:22 +0200)]
Fix compiling with OpenSSL < 1.1.0.

8 years agoAdd missing m4 files.
Guus Sliepen [Fri, 24 Jun 2016 09:22:11 +0000 (11:22 +0200)]
Add missing m4 files.

ax_cflags_warn_all.m4 depends on them.

8 years agoFix potential memory leaks found by the Clang static analyzer.
Guus Sliepen [Thu, 23 Jun 2016 13:59:43 +0000 (15:59 +0200)]
Fix potential memory leaks found by the Clang static analyzer.

8 years agoFix warnings from the Clang static analyzer.
Guus Sliepen [Thu, 23 Jun 2016 13:59:16 +0000 (15:59 +0200)]
Fix warnings from the Clang static analyzer.

These are all false positives or harmless dead stores.

8 years agoForce nul-termination of strings after vsnprintf().
Guus Sliepen [Thu, 23 Jun 2016 13:26:58 +0000 (15:26 +0200)]
Force nul-termination of strings after vsnprintf().

Apparently, on Windows this function might not always be properly
terminated.

8 years agoUse EVP_MD_CTX_destroy() instead of _free().
Guus Sliepen [Wed, 22 Jun 2016 21:08:30 +0000 (23:08 +0200)]
Use EVP_MD_CTX_destroy() instead of _free().

Thanks to azrdev for pointing out the build failure on Fedora 23.

8 years agoCheck return value of RSA_generate_key_ex().
Guus Sliepen [Wed, 22 Jun 2016 15:42:25 +0000 (17:42 +0200)]
Check return value of RSA_generate_key_ex().

8 years agoAdd -Wall to CFLAGS.
Guus Sliepen [Wed, 22 Jun 2016 15:35:12 +0000 (17:35 +0200)]
Add -Wall to CFLAGS.

8 years agoEnsure compatibility with OpenSSL 1.1.0.
Guus Sliepen [Wed, 22 Jun 2016 14:32:05 +0000 (16:32 +0200)]
Ensure compatibility with OpenSSL 1.1.0.

8 years agoFix the previous commit.
Guus Sliepen [Sun, 5 Jun 2016 13:20:57 +0000 (15:20 +0200)]
Fix the previous commit.

8 years agoPreserve IPv6 scope_id in edges.
Guus Sliepen [Sun, 5 Jun 2016 12:47:21 +0000 (14:47 +0200)]
Preserve IPv6 scope_id in edges.

When creating an edge after authenticating a peer, we copy the
address used for the TCP connection, but change the port to that used
for UDP. But the way we did it discarded the scope_id for IPv6
addresses. This prevented UDP communication from working correctly when
connecting to a peer on the same LAN using an IPv6 link-local address.

Thanks to Rafał Leśniak for pointing out this issue.

8 years agofix check in cmd_pid() for failure to connect to tincd
Sean McVeigh [Sat, 21 May 2016 21:38:14 +0000 (17:38 -0400)]
fix check in cmd_pid() for failure to connect to tincd

8 years agocheck for daemon pid existence before trying to connect to the control socket, and...
Sean McVeigh [Sat, 21 May 2016 21:25:18 +0000 (17:25 -0400)]
check for daemon pid existence before trying to connect to the control socket, and clean up stale files otherwise.

8 years agoAdded comments and unfold deep "if"-construct in timeout_handler
lemoer [Thu, 19 May 2016 15:24:31 +0000 (17:24 +0200)]
Added comments and unfold deep "if"-construct in timeout_handler

8 years agoPrevent tincd from sending packets to unexpecting nodes
thorkill [Thu, 19 May 2016 13:48:15 +0000 (15:48 +0200)]
Prevent tincd from sending packets to unexpecting nodes

Make tincd recognize when it was asleep and close connections to it's
peers. This happens when e.g. RoadWarrior has been suspended for
"longer" time period. After resume, it will start to communicate
with it's peers using the contextes it had before suspend.

On the other side, the nodes closed the connections since PingTimeout
and/or TCP connection went down.

Sending data to such unaware (sptps mostly) nodes will cause
havoc in the logs. Misleading the developers to wrong assumptions
that something is wrong with sptps.

# Conflicts:
# src/net.c

8 years agoSend PKT_PROBE only when handshake has been done already.
thorkill [Wed, 11 May 2016 17:27:05 +0000 (19:27 +0200)]
Send PKT_PROBE only when handshake has been done already.

8 years agoReleasing 1.1pre14. release-1.1pre14
Guus Sliepen [Sun, 1 May 2016 18:35:26 +0000 (20:35 +0200)]
Releasing 1.1pre14.

8 years agoRevert "Remove tinc.service, it is not necessary."
Guus Sliepen [Sun, 1 May 2016 10:07:44 +0000 (12:07 +0200)]
Revert "Remove tinc.service, it is not necessary."

This reverts commit 0b6f84f96eeed20a0d771fedb72c0e19941adb7e. Although
systemd does automatically provide a "tinc.slice" when there is only a
tinc@.service template, it doesn't quite work the same way as
tinc.service.

8 years agoReleasing 1.1pre13. release-1.1pre13
Guus Sliepen [Sat, 30 Apr 2016 18:55:12 +0000 (20:55 +0200)]
Releasing 1.1pre13.

8 years agoAutoConnect now only chooses from nodes for which we know an address.
Guus Sliepen [Sat, 30 Apr 2016 18:05:22 +0000 (20:05 +0200)]
AutoConnect now only chooses from nodes for which we know an address.

Based partially on work from Rafał Leśniak.

8 years agoRemove tinc.service, it is not necessary.
Guus Sliepen [Sat, 30 Apr 2016 16:08:31 +0000 (18:08 +0200)]
Remove tinc.service, it is not necessary.

Thanks to Alexander Ried for pointing out that if you have
tinc@.service template, systemd will provide a default slice containing
all instances of that template. So "systemctl start tinc" will still do
what we want it to do.

8 years agoFix BSD tun device support.
Guus Sliepen [Wed, 27 Apr 2016 18:30:36 +0000 (20:30 +0200)]
Fix BSD tun device support.

This was broken by a botched merge from the master branch in commit d7f6737.

8 years agoReleasing 1.1pre12. release-1.1pre12
Guus Sliepen [Sun, 24 Apr 2016 11:23:06 +0000 (13:23 +0200)]
Releasing 1.1pre12.

8 years agoDon't check file permissions on Windows during fsck.
Guus Sliepen [Sat, 23 Apr 2016 19:39:53 +0000 (21:39 +0200)]
Don't check file permissions on Windows during fsck.

8 years agoFix starting tinc as a service on Windows.
Guus Sliepen [Sat, 23 Apr 2016 19:32:42 +0000 (21:32 +0200)]
Fix starting tinc as a service on Windows.

Don't assume tincd.exe is in the working directory, especially now that
chdir() is called very early. We use GetModuleFileName() instead.

8 years agoFix a compiler warning on Windows.
Guus Sliepen [Sat, 23 Apr 2016 19:32:29 +0000 (21:32 +0200)]
Fix a compiler warning on Windows.

8 years agoFix possible read of freed memory when verifying the signature of a file.
Guus Sliepen [Sat, 23 Apr 2016 15:28:30 +0000 (17:28 +0200)]
Fix possible read of freed memory when verifying the signature of a file.

8 years agoHave "tinc fsck" recognize Ed25519PublicKey statements.
Guus Sliepen [Sat, 23 Apr 2016 15:20:08 +0000 (17:20 +0200)]
Have "tinc fsck" recognize Ed25519PublicKey statements.

8 years agoMove documentation of invitations to the manual.
Guus Sliepen [Sat, 23 Apr 2016 14:05:41 +0000 (16:05 +0200)]
Move documentation of invitations to the manual.

8 years agoFix the "network" command in tinc shell.
Guus Sliepen [Sun, 17 Apr 2016 16:11:04 +0000 (18:11 +0200)]
Fix the "network" command in tinc shell.

8 years agoSpeed up AutoConnect at startup.
Guus Sliepen [Sun, 17 Apr 2016 15:06:11 +0000 (17:06 +0200)]
Speed up AutoConnect at startup.

Call periodic_handler() immediately at startup. Also, don't try to
connect to ourself.

8 years agoDon't call terminate_connection(myself->connection).
Guus Sliepen [Sun, 17 Apr 2016 14:23:31 +0000 (16:23 +0200)]
Don't call terminate_connection(myself->connection).

It doesn't do anything except give a confusing error message that we are
closing the connection to ourself. Replace it with connection_del().
This also fixes a double free.

8 years agoHandle special characters in sptps_test only if the --special option is given.
Guus Sliepen [Sun, 17 Apr 2016 14:01:49 +0000 (16:01 +0200)]
Handle special characters in sptps_test only if the --special option is given.

sptps_test treats lines starting with #, ^ and $ specially, in order to
test the SPTPS protocol. However, this should only be done if explicitly
requested, otherwise it can unexpectedly fail.

8 years agoAdd stricter checks for netnames.
Guus Sliepen [Sun, 17 Apr 2016 12:38:37 +0000 (14:38 +0200)]
Add stricter checks for netnames.

When passing a NetName via an invitation, we don't allow any characters
that are unsafe (either because they could cause shells to expand things,
or because they are not allowed on some filesystems).

Also, warn when tinc is started with unsafe netnames.

8 years agoUse ifconfig_header().
Guus Sliepen [Sun, 17 Apr 2016 12:36:29 +0000 (14:36 +0200)]
Use ifconfig_header().

8 years agoChdir() to the configuration directory instead of /.
Guus Sliepen [Sun, 17 Apr 2016 12:04:57 +0000 (14:04 +0200)]
Chdir() to the configuration directory instead of /.

8 years agoAdd a test for tinc-up creation from invitations.
Guus Sliepen [Sun, 17 Apr 2016 11:56:37 +0000 (13:56 +0200)]
Add a test for tinc-up creation from invitations.

8 years agoFix compiler warnings.
Guus Sliepen [Sun, 17 Apr 2016 11:55:36 +0000 (13:55 +0200)]
Fix compiler warnings.

8 years agoFix gateway parsing in invitation files.
Guus Sliepen [Sun, 17 Apr 2016 11:55:18 +0000 (13:55 +0200)]
Fix gateway parsing in invitation files.

8 years agoAllow gateways to be specified for routes.
Guus Sliepen [Sun, 17 Apr 2016 11:23:01 +0000 (13:23 +0200)]
Allow gateways to be specified for routes.

Also improve the variable names, and ensure the % symbols in
%INTERFACE% are properly quoted.

8 years agoMove some stray #includes.
Guus Sliepen [Sat, 16 Apr 2016 23:13:56 +0000 (01:13 +0200)]
Move some stray #includes.

8 years agoGenerate a tinc-up script from an invitation.
Guus Sliepen [Sat, 16 Apr 2016 23:13:27 +0000 (01:13 +0200)]
Generate a tinc-up script from an invitation.

This adds the ability for an invitation to provision an invitee with a
tinc-up script. This is quite strictly controlled; only address configuration
and routes are supported by adding "Ifconfig" and "Route" statements to
the invitation file. The "tinc join" command will generate a tinc-up script
from those statements, and will ask before enabling the tinc-up script.

8 years agoDocument how invitation files work.
Guus Sliepen [Sat, 16 Apr 2016 20:06:47 +0000 (22:06 +0200)]
Document how invitation files work.

This should eventually be merged in to tinc.texi.

8 years agoStop using SOL_TCP, SOL_IP and SOL_IPV6.
Guus Sliepen [Fri, 15 Apr 2016 14:56:56 +0000 (16:56 +0200)]
Stop using SOL_TCP, SOL_IP and SOL_IPV6.

Instead, use IPPROTO_TCP, _IP and _IPv6. This fixes an issue on OS X where
it didn't create an UDP socket that listened on IPv4.

8 years agoFix crash at startup when Device is not specified on OS X.
Guus Sliepen [Fri, 15 Apr 2016 14:30:45 +0000 (16:30 +0200)]
Fix crash at startup when Device is not specified on OS X.

8 years agoFix conditional checking of tun/tap headers on DragonFly BSD.
Guus Sliepen [Fri, 15 Apr 2016 12:27:52 +0000 (14:27 +0200)]
Fix conditional checking of tun/tap headers on DragonFly BSD.

8 years agoFix some compiler warnings from MinGW.
Guus Sliepen [Fri, 15 Apr 2016 10:42:30 +0000 (12:42 +0200)]
Fix some compiler warnings from MinGW.

8 years agoFix generation of version_git.h for some versions of BSD make.
Guus Sliepen [Fri, 15 Apr 2016 10:30:01 +0000 (12:30 +0200)]
Fix generation of version_git.h for some versions of BSD make.

In order to support VPATH builds, we have to use ${srcdir}/version.c as
the target for the rule that depends on the generation of version_git.h.
When not doing a VPATH build, ${srcdir} expands to ".", so the target
will be "./version.c". However, on some BSDs, make does not understand
that "./version.c" is the same as "version.c", and therefore it doesn't
trigger generating version_git.h when trying to build version.o. (It
works fine if you do a VPATH build, and OpenBSD's make does the right
thing in all cases.)

The trick is to have version.c depend on ${srcdir}/version.c. Of course,
Linux's make knows this is nonsense and will complain about a circular
dependency, so add this rule only on BSD platforms.

8 years agoFix a non-working cast to get rid of a compiler warning.
Guus Sliepen [Fri, 15 Apr 2016 10:29:31 +0000 (12:29 +0200)]
Fix a non-working cast to get rid of a compiler warning.

8 years agoDon't use HAVE_SYSTEM, the autoconf check was removed.
Guus Sliepen [Fri, 15 Apr 2016 09:38:56 +0000 (11:38 +0200)]
Don't use HAVE_SYSTEM, the autoconf check was removed.

8 years agoRemove use of strcpy() and sprintf().
Guus Sliepen [Fri, 15 Apr 2016 09:25:18 +0000 (11:25 +0200)]
Remove use of strcpy() and sprintf().

Even though they were safe, compilers like to warn about them nowadays.

8 years agoDon't assume sa.sa_family is a short int.
Guus Sliepen [Fri, 15 Apr 2016 09:10:50 +0000 (11:10 +0200)]
Don't assume sa.sa_family is a short int.

Because FreeBSD's compiler complained about it.

8 years agoAdd version_git.h and sample-config.tar.gz to CLEANFILES.
Guus Sliepen [Fri, 15 Apr 2016 09:00:14 +0000 (11:00 +0200)]
Add version_git.h and sample-config.tar.gz to CLEANFILES.

8 years agoMake some platform-specific header checks conditional.
Guus Sliepen [Thu, 14 Apr 2016 21:51:18 +0000 (23:51 +0200)]
Make some platform-specific header checks conditional.

Don't check for linux/if_tun.h on BSD platforms for example.

8 years agoRemove support for Windows 2000 and anything that doesn't support getaddrinfo().
Guus Sliepen [Thu, 14 Apr 2016 21:24:22 +0000 (23:24 +0200)]
Remove support for Windows 2000 and anything that doesn't support getaddrinfo().

8 years agoRemove checks for non-C99 compliant compilers.
Guus Sliepen [Thu, 14 Apr 2016 21:10:59 +0000 (23:10 +0200)]
Remove checks for non-C99 compliant compilers.

8 years agoFix version_get.h generation on BSD.
Guus Sliepen [Thu, 14 Apr 2016 21:01:18 +0000 (23:01 +0200)]
Fix version_get.h generation on BSD.

It doesn't like .PHONY rules that are actually doing stuff. So make a really
phony rule that does nothing and depend in it in the version_git.h rule.

8 years agoFix typo in Makefile.am.
Guus Sliepen [Thu, 14 Apr 2016 20:59:42 +0000 (22:59 +0200)]
Fix typo in Makefile.am.

8 years agoUse getcwd() instead of get_current_dir_name().
Guus Sliepen [Thu, 14 Apr 2016 15:29:25 +0000 (17:29 +0200)]
Use getcwd() instead of get_current_dir_name().

8 years agoReplace usleep() with nanosleep().
Guus Sliepen [Thu, 14 Apr 2016 15:20:36 +0000 (17:20 +0200)]
Replace usleep() with nanosleep().

8 years agoFix compiling under MinGW.
Guus Sliepen [Thu, 14 Apr 2016 15:05:10 +0000 (17:05 +0200)]
Fix compiling under MinGW.

8 years agoRemove checks for headers and functions that are in C99.
Guus Sliepen [Thu, 14 Apr 2016 15:03:01 +0000 (17:03 +0200)]
Remove checks for headers and functions that are in C99.

8 years agoMake text files Markdown-compatible.
Guus Sliepen [Wed, 13 Apr 2016 13:34:16 +0000 (15:34 +0200)]
Make text files Markdown-compatible.

8 years agoUpdate .gitignore.
Guus Sliepen [Mon, 11 Apr 2016 13:28:26 +0000 (15:28 +0200)]
Update .gitignore.

8 years agoRemove elliptic curve stubs from gcrypt/, add PRF implementation.
Guus Sliepen [Mon, 11 Apr 2016 13:27:08 +0000 (15:27 +0200)]
Remove elliptic curve stubs from gcrypt/, add PRF implementation.

8 years agoReally don't compile getopt*.c if the system provides getopt_long().
Guus Sliepen [Fri, 8 Apr 2016 15:49:49 +0000 (17:49 +0200)]
Really don't compile getopt*.c if the system provides getopt_long().

8 years agoEnable silent builds by default.
Guus Sliepen [Sat, 9 Apr 2016 20:17:47 +0000 (22:17 +0200)]
Enable silent builds by default.

Cleaner build messages make it easier to spot compiler warnings and errors.
Use make V=1 to get the verbose output back.

# Conflicts:
# configure.ac
# doc/Makefile.am

8 years agoUpdate links in the documentation.
Guus Sliepen [Sun, 10 Apr 2016 13:04:59 +0000 (15:04 +0200)]
Update links in the documentation.

# Conflicts:
# doc/tinc.conf.5.in
# doc/tinc.texi
# src/avl_tree.c
# src/avl_tree.h

8 years agoExplicitly mention that LibreSSL can be used as well.
Guus Sliepen [Sun, 10 Apr 2016 12:47:21 +0000 (14:47 +0200)]
Explicitly mention that LibreSSL can be used as well.

# Conflicts:
# doc/tinc.texi
# m4/openssl.m4

8 years agoUpdate support for BSD tun/tap devices, add support for OS X utun interfaces.
Guus Sliepen [Mon, 11 Apr 2016 12:49:51 +0000 (14:49 +0200)]
Update support for BSD tun/tap devices, add support for OS X utun interfaces.

8 years agoUpdate "now" after connect() when making outgoing connections.
Guus Sliepen [Sun, 1 Nov 2015 20:07:56 +0000 (21:07 +0100)]
Update "now" after connect() when making outgoing connections.

It could be that address resolution takes a long time, don't let that
count against a connection. This is especially important when using a
nameserver from the VPN.

# Conflicts:
# src/net_socket.c

8 years agoNever call putenv() with data on the stack.
Guus Sliepen [Sun, 3 May 2015 18:06:12 +0000 (20:06 +0200)]
Never call putenv() with data on the stack.

Even though we are using putenv() here to remove items from the
environment, there is no guarantee that putenv() doesn't add the
argument to the environment anyway. In that case, we have to make sure
that it doesn't go away. We also don't want a memory leak, so keep a
list of things we unputenv()ed around, so we can reuse things.

Thanks to Poul-Henning Kamp for pointing out this problem.

# Conflicts:
# src/process.c

8 years agoFix --logfile without a filename on Windows.
Guus Sliepen [Tue, 14 Apr 2015 09:20:24 +0000 (11:20 +0200)]
Fix --logfile without a filename on Windows.

On Windows, the log filename now defaults to "tinc.log" in the same
directory as tinc.conf.

# Conflicts:
# src/tincd.c

8 years agoSupport ToS/DiffServ for IPv6 meta and UDP connections.
Guus Sliepen [Sun, 10 Apr 2016 15:22:41 +0000 (17:22 +0200)]
Support ToS/DiffServ for IPv6 meta and UDP connections.

Also remember ToS/DiffServ priority for each socket individually. This
is a port of commits c72e237 and 042a6c1.

8 years agoUse iface instead of interface.
Guus Sliepen [Fri, 8 Apr 2016 16:09:30 +0000 (18:09 +0200)]
Use iface instead of interface.

This was accidentally added in commit 2f03a5d.

8 years agoUpdate THANKS.
Guus Sliepen [Sun, 10 Apr 2016 15:01:04 +0000 (17:01 +0200)]
Update THANKS.

8 years agoUpdate .gitignore.
Guus Sliepen [Sun, 10 Apr 2016 14:51:03 +0000 (16:51 +0200)]
Update .gitignore.

8 years agoDon't compile getopt*.c if the system provides getopt_long().
Guus Sliepen [Fri, 8 Apr 2016 15:49:49 +0000 (17:49 +0200)]
Don't compile getopt*.c if the system provides getopt_long().

# Conflicts:
# configure.ac
# src/Makefile.am
# src/tincd.c

8 years agoFix typo.
Guus Sliepen [Sun, 10 Apr 2016 14:38:45 +0000 (16:38 +0200)]
Fix typo.

Found by LunarShaddow.

8 years agore-arrange include sequence to avoid a mingw introduced bug.
LunarShaddow [Mon, 7 Mar 2016 07:43:04 +0000 (15:43 +0800)]
re-arrange include sequence to avoid a mingw introduced bug.
refers: https://www.cygwin.com/ml/cygwin/2012-12/msg00194.html

# Conflicts:
# src/cygwin/device.c

8 years agofix typo
LunarShaddow [Mon, 7 Mar 2016 07:42:34 +0000 (15:42 +0800)]
fix typo

8 years agoFix for botched cherry-pick commit 60fb230.
Guus Sliepen [Sun, 28 Feb 2016 15:38:49 +0000 (16:38 +0100)]
Fix for botched cherry-pick commit 60fb230.

8 years agoAdd warnings for bad combinations of Device and Interface.
Guus Sliepen [Sat, 27 Feb 2016 13:46:01 +0000 (14:46 +0100)]
Add warnings for bad combinations of Device and Interface.

On Linux, the name of the tun/tap interface can be set freely. However,
on most other operating systems, tinc cannot change the name of the
interface. In those situations, it is possible to specify a Device and
an Interface that conflict with each other. On BSD, this can cause
$INTERFACE to be set incorrectly, on Windows, this results in a
potentially unreliable way in which a TAP-Win32 interface is selected.

# Conflicts:
# src/bsd/device.c

8 years agoSmall fixes for the documentation.
Guus Sliepen [Sat, 27 Feb 2016 13:22:36 +0000 (14:22 +0100)]
Small fixes for the documentation.

# Conflicts:
# doc/tinc.texi

8 years agoClarify that scripts are called synchronously.
Guus Sliepen [Sat, 27 Feb 2016 13:21:53 +0000 (14:21 +0100)]
Clarify that scripts are called synchronously.

# Conflicts:
# doc/tinc.conf.5.in
# doc/tinc.texi

8 years agoFix forwarding of edge updates.
Guus Sliepen [Sun, 28 Feb 2016 15:28:28 +0000 (16:28 +0100)]
Fix forwarding of edge updates.

Commit e4670fc accidentily prevented ADD_EDGE messages from propagating
in some cases.

8 years agoImprove performance of edge updates.
Guus Sliepen [Sat, 27 Feb 2016 13:18:20 +0000 (14:18 +0100)]
Improve performance of edge updates.

8 years agoRemove forward declaration for do_decrement_ttl.
Vittorio Gambaletta (VittGam) [Fri, 25 Sep 2015 14:51:51 +0000 (16:51 +0200)]
Remove forward declaration for do_decrement_ttl.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c

8 years agos/broadcast_packet_helper/route_broadcast/
Vittorio Gambaletta (VittGam) [Fri, 25 Sep 2015 13:35:28 +0000 (15:35 +0200)]
s/broadcast_packet_helper/route_broadcast/

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c

8 years agoFix DecrementTTL option for packets destined to the local node.
Vittorio Gambaletta (VittGam) [Fri, 25 Sep 2015 02:52:25 +0000 (04:52 +0200)]
Fix DecrementTTL option for packets destined to the local node.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c

8 years agoTry to reply with node address only when decrementing the TTL.
Vittorio Gambaletta (VittGam) [Fri, 4 Sep 2015 15:04:03 +0000 (17:04 +0200)]
Try to reply with node address only when decrementing the TTL.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
8 years agoFix source IP address for ICMP unreachable packets generated by tinc.
Vittorio Gambaletta (VittGam) [Fri, 4 Sep 2015 02:00:57 +0000 (04:00 +0200)]
Fix source IP address for ICMP unreachable packets generated by tinc.

Try to send ICMP unreachable replies from an address assigned to the
local machine, instead of the destination address of the original
packet.

The address is found by looking up the route towards the sender of
the packet that generated the error; in usual configurations, this
is the tinc interface.

This also fixes the traceroute display in mtr when using the
DecrementTTL option.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c

8 years agoFix DecrementTTL option.
Vittorio Gambaletta (VittGam) [Thu, 3 Sep 2015 14:02:50 +0000 (16:02 +0200)]
Fix DecrementTTL option.

The option was not actually working, as it could be seen on traceroute or mtr.

The problem is that it was checking if the TTL was < 1 (so equal to 0) before decrementing it.

This meant that a packet with a TTL of 1 was being sent with a TTL of 0 on the VPN, instead of being discarded with the ICMP error message.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c