Guus Sliepen [Sun, 11 May 2014 15:11:02 +0000 (17:11 +0200)]
Remove the warnings when IP_DONTFRAGMENT/IPV6-DONTFRAG is not supported.
There is nothing we can do about it, and tinc will run fine anyway.
Guus Sliepen [Sun, 11 May 2014 15:09:25 +0000 (17:09 +0200)]
FIx the autoconf checks for res_init().
Guus Sliepen [Sun, 11 May 2014 15:07:44 +0000 (17:07 +0200)]
Fix a bug that could prevent tinc from starting correctly on Windows.
Guus Sliepen [Sun, 11 May 2014 14:35:37 +0000 (16:35 +0200)]
Drop h and hh length modifiers from printf format strings.
C already guarantees that chars and shorts get passed as int. The few uses in tinc are mainly
to print fields of struct addrinfo, and fields like ai_family have different sizes on different
platforms, which actually caused some warnings to be generated.
Guus Sliepen [Tue, 6 May 2014 20:34:06 +0000 (22:34 +0200)]
Fix a few more issues found by Coverity.
Guus Sliepen [Tue, 6 May 2014 20:12:47 +0000 (22:12 +0200)]
Fix a few more issues found by Coverity.
Guus Sliepen [Tue, 6 May 2014 19:40:25 +0000 (21:40 +0200)]
Fix warnings found by GCC 4.9.
Too many arguments for format string in a few error messages.
Guus Sliepen [Tue, 6 May 2014 19:34:26 +0000 (21:34 +0200)]
Fix issues found by Coverity.
Most of the problems found were resource leaks in error paths, some NULL
pointer dereferences that do not happen in practice, and a few other issues.
They have all been fixed now anyway.
Guus Sliepen [Tue, 6 May 2014 10:39:59 +0000 (12:39 +0200)]
Nexthop calculation should always use the shortest path.
When tinc runs the graph algorithms and updates the nexthop and via pointers,
it uses a breadth-first search, but it can sometimes revisit nodes that have
already been visited if the previous path is marked as being indirect, and
there is a longer path that is "direct". The via pointer should be updated in
this case, because this points to the closest hop to the destination that can
be reached directly. However, the nexthop pointer should not be updated.
This fixes a bug where there could potentially be a routing loop if a node in
the graph has an edge with the indirect flag set, and some other edge without
that flag, the indirect edge is part of the minimum spanning tree, and a
broadcast packet is being sent.
Steffan Karger [Tue, 29 Apr 2014 20:03:43 +0000 (22:03 +0200)]
Check RAND_bytes() return value, fail when getting random fails.
When RAND_bytes() does not return success, the buffer contents cannot be
used. This patch makes sure the return code is checked, and the connection
fails when keys or challenges cannot be trusted.
Signed-off-by: Steffan Karger <steffan@karger.me>
Steffan Karger [Tue, 29 Apr 2014 18:28:05 +0000 (20:28 +0200)]
Use cryptographically strong random when generating keys.
From the OpenSSL manual:
"Byte sequences generated by RAND_pseudo_bytes() will be unique
if they are of sufficient length, but are not necessarily unpredictable."
So, replace these call with RAND_bytes() to get cryptographically strong
key material.
Signed-off-by: Steffan Karger <steffan@karger.me>
Steffan Karger [Tue, 29 Apr 2014 20:13:03 +0000 (22:13 +0200)]
Use constant time memcmp() when comparing packet HMACs.
This eliminates a timing side channel vulnerability, which could
potentially allow an attacker to compute a valid HMAC, and insert arbitrary
ciphertext data into the connection. If an attacker also identifies packets
with a plaintext it can guess (e.g. small packets every 1s are probably
pings), the attacker can xor the ciphertext to mangle the packet to
arbitrary plaintext. Although this type of attack is rarely seen in the
wild, it is generally considered technically viable.
Signed-off-by: Steffan Karger <steffan@karger.me>
Loic Dachary [Tue, 29 Apr 2014 14:49:09 +0000 (16:49 +0200)]
fix documentation typo
Signed-off-by: Loic Dachary <loic@dachary.org>
Guus Sliepen [Fri, 25 Apr 2014 15:12:07 +0000 (17:12 +0200)]
Add an autoconf check for res_init().
Armin Fisslthaler [Fri, 25 Apr 2014 12:44:06 +0000 (14:44 +0200)]
reload /etc/resolv.conf in SIGALRM handler
Guus Sliepen [Wed, 9 Apr 2014 14:31:52 +0000 (16:31 +0200)]
Merge pull request #14 from luckyhacky/master
Updated android build instruction
luckyhacky [Tue, 8 Apr 2014 21:02:57 +0000 (23:02 +0200)]
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
Guus Sliepen [Mon, 7 Apr 2014 19:45:12 +0000 (21:45 +0200)]
Remove useless variable 'hard' from try_harder().
Vilbrekin [Tue, 11 Mar 2014 22:03:43 +0000 (23:03 +0100)]
Update android build instructions. Disable PIE as this is not supported on some devices.
Guus Sliepen [Fri, 7 Feb 2014 15:34:08 +0000 (16:34 +0100)]
Handle errors from TAP-Win32/64 adapter in a better way.
Before, the tapreader thread would just exit immediately after encountering the
first error, without notifying the main thread. Now, the tapreader thead never
exits itself, but tells the main thread to stop when more than ten errors are
encountered in a row.
Guus Sliepen [Fri, 7 Feb 2014 18:48:11 +0000 (19:48 +0100)]
Attribution for various contributors.
Guus Sliepen [Thu, 16 Jan 2014 13:02:56 +0000 (14:02 +0100)]
Clarify StrictSubnets.
Guus Sliepen [Fri, 27 Dec 2013 11:14:58 +0000 (12:14 +0100)]
Remove or lower the priority of some debug messages.
Florent Clairambault [Thu, 26 Dec 2013 22:21:33 +0000 (23:21 +0100)]
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
Florent Clairambault [Thu, 26 Dec 2013 22:05:17 +0000 (23:05 +0100)]
Adding "conf.d" configuration dir support.
Any file matching the pattern /etc/tinc/$NETWORK/conf.d/$NAME.conf will be parsed after the tinc.conf file.
Guus Sliepen [Tue, 10 Dec 2013 16:02:52 +0000 (17:02 +0100)]
Don't enable -fstack-protector-all.
It is not supported on all architectures and is problematic on some
platforms.
Guus Sliepen [Tue, 10 Dec 2013 16:00:16 +0000 (17:00 +0100)]
Guus Sliepen [Sat, 7 Dec 2013 21:54:02 +0000 (22:54 +0100)]
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
Conflicts:
src/solaris/device.c
Guus Sliepen [Sat, 7 Dec 2013 21:20:10 +0000 (22:20 +0100)]
Stricter check for raw socket support.
Guus Sliepen [Sat, 7 Dec 2013 21:19:39 +0000 (22:19 +0100)]
Include <limits.h> for PATH_MAX.
Guus Sliepen [Sat, 7 Dec 2013 20:52:41 +0000 (21:52 +0100)]
Update support for Solaris.
Adds support for the latest TAP driver from
http://www.whiteboard.ne.jp/~admin2/tuntap/, so tinc now also works in switch
mode on Solaris 11.
Conflicts:
src/solaris/device.c
Guus Sliepen [Tue, 10 Dec 2013 09:17:05 +0000 (10:17 +0100)]
Enable compiler hardening flags by default.
Check whether the compiler supports hardening flags and enable them unless
--disable-hardening is specified.
Guus Sliepen [Thu, 5 Dec 2013 13:30:41 +0000 (14:30 +0100)]
If no Port is specified, set myport to actual port of first listening socket.
If the Port statement is not used, there are two other ways to let tinc listen
on a non-default port: either by specifying one or more BindToAddress
statements including port numbers, or by starting it from systemd with socket
activation. Tinc announces its own port to other nodes, but before it only
announced what was set using the Port statement.
Guus Sliepen [Thu, 5 Dec 2013 13:30:00 +0000 (14:30 +0100)]
Mention in the manual that multiple Address staments are allowed.
Guus Sliepen [Sat, 19 Oct 2013 15:35:20 +0000 (17:35 +0200)]
Releasing 1.0.23.
Guus Sliepen [Fri, 18 Oct 2013 15:05:35 +0000 (17:05 +0200)]
Clean up child processes from proxy type exec.
Guus Sliepen [Sun, 6 Oct 2013 13:32:55 +0000 (15:32 +0200)]
Add description of IffOneQueue and MaxTimeout to the info manual.
Guus Sliepen [Sun, 29 Sep 2013 16:16:36 +0000 (18:16 +0200)]
Get rid of the splay tree implementation.
This is used in the 1.1 branch but not in 1.0.x.
Guus Sliepen [Sun, 29 Sep 2013 16:06:13 +0000 (18:06 +0200)]
Modernize the build system.
Recent versions of autoconf and automake were giving a lot of warnings. This is
sort of a backport of similar build system changes from the 1.1 banch:
- Fix all autoconf/automake warnings.
- Merge lib/ into src/.
- Don't use symlinks for device.c any more, but use automake conditionals.
- Use explicit paths to local header files.
- Get rid of alloca.c/malloc.c/memcmp.c/realloc.c.
Guus Sliepen [Fri, 27 Sep 2013 08:43:56 +0000 (10:43 +0200)]
Fix typos in the documentation.
Thanks to Thomas Sattler for finding and reporting them.
Guus Sliepen [Fri, 27 Sep 2013 07:43:39 +0000 (09:43 +0200)]
Fix segfault when Name = $HOST but $HOST is not set.
Guus Sliepen [Wed, 25 Sep 2013 19:24:05 +0000 (21:24 +0200)]
Don't send PING requests on connections which are not active yet.
This happened when sending an ALRM signal to a running tincd, which caused it
to send PING requests on any connection, regardless of its status.
Guus Sliepen [Sun, 1 Sep 2013 09:43:10 +0000 (11:43 +0200)]
Check for writability when waiting for a socket to finish connecting.
This causes daemons that make an outgoing connection to immediately send the ID
message (or proxy handshake), as intended.
Guus Sliepen [Tue, 13 Aug 2013 20:05:08 +0000 (22:05 +0200)]
Releasing 1.0.22.
Guus Sliepen [Tue, 13 Aug 2013 18:53:05 +0000 (20:53 +0200)]
Update copyright notices.
Guus Sliepen [Thu, 8 Aug 2013 15:40:43 +0000 (17:40 +0200)]
Don't echo broadcast packets back when Broadcast = direct.
Guus Sliepen [Wed, 17 Jul 2013 16:08:58 +0000 (18:08 +0200)]
Don't use vasprintf() anymore on Windows.
Windows doesn't actually support it, but MinGW provides it. However, with some versions of
MinGW it doesn't work correctly. Instead, we vsnprintf() to a local buffer and xstrdup() the
results.
Etienne Dechamps [Sat, 13 Jul 2013 22:34:42 +0000 (23:34 +0100)]
Fix combination of Mode = router and DeviceType = tap on Linux.
I believe I have found a bug in tinc on Linux when it is used with
Mode = router and DeviceType = tap. This combination is useful because
it allows global broadcast packets to be used in router mode. However,
when tinc receives a packet in this situation, it needs to make sure its
destination MAC address matches the address of the TAP adapter, which is
typically not the case since the sending node doesn't know the MAC
address of the recipient. Unfortunately, this is not the case on Linux,
which breaks connectivity.
Guus Sliepen [Fri, 5 Jul 2013 18:51:27 +0000 (20:51 +0200)]
Set $NAME when calling host-up/down and subnet-up/down scripts.
Guus Sliepen [Sat, 8 Jun 2013 11:44:29 +0000 (13:44 +0200)]
Fix a typo.
Guus Sliepen [Thu, 30 May 2013 14:43:20 +0000 (16:43 +0200)]
Better optional argument handling.
Some options can take an optional argument. However, in this case GNU getopt
requires that the optional argument is right next to the option without
whitespace inbetween. If there is whitespace, getopt will treat it as a
non-option argument, but tinc ignored those without a warning. Now tinc will
allow optional arguments with whitespace inbetween, and will give an error when
it encounters any other non-option arguments.
Guus Sliepen [Mon, 22 Apr 2013 12:12:07 +0000 (14:12 +0200)]
Releasing 1.0.21.
Guus Sliepen [Fri, 12 Apr 2013 15:15:05 +0000 (17:15 +0200)]
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Normally all requests sent via the meta connections are checked so that they
cannot be larger than the input buffer. However, when packets are forwarded via
meta connections, they are copied into a packet buffer without checking whether
it fits into it. Since the packet buffer is allocated on the stack, this in
effect allows an authenticated remote node to cause a stack overflow.
This issue was found by Martin Schobert.
Guus Sliepen [Sun, 3 Mar 2013 20:06:25 +0000 (21:06 +0100)]
Releasing 1.0.20.
Guus Sliepen [Sun, 3 Mar 2013 19:51:36 +0000 (20:51 +0100)]
Fix detection of rejected SOCKS5 proxy requests.
Guus Sliepen [Sun, 3 Mar 2013 19:44:18 +0000 (20:44 +0100)]
Fix compiler warnings on Windows.
Guus Sliepen [Thu, 7 Feb 2013 13:23:31 +0000 (14:23 +0100)]
Don't send proxy requests for incoming connections.
Guus Sliepen [Wed, 6 Feb 2013 13:34:39 +0000 (14:34 +0100)]
Fix segmentation fault when trying to connect via a SOCKS5 proxy.
Guus Sliepen [Thu, 31 Jan 2013 15:03:24 +0000 (16:03 +0100)]
Fix a compiler warning.
Guus Sliepen [Thu, 31 Jan 2013 14:58:33 +0000 (15:58 +0100)]
Detect increases in PMTU.
Tinc never restarts PMTU discovery unless a node becomes unreachable. However,
it can be that the PMTU was very low during the initial discovery, but has
increased later. To detect this, tinc now tries to send an extra packet every
PingInterval, with a size slightly higher than the currently known PMTU. If
this packet is succesfully received back, we partially restart PMTU discovery
to find out the new maximum.
Guus Sliepen [Sun, 20 Jan 2013 14:16:13 +0000 (15:16 +0100)]
Make sure PriorityInheritance also works in switch mode.
Guus Sliepen [Sun, 16 Dec 2012 14:36:06 +0000 (15:36 +0100)]
Fix support for tunemu on iOS devices.
The actual code was fine but the #ifdefs tested for the wrong preprocessor
variable.
Guus Sliepen [Wed, 14 Nov 2012 09:44:35 +0000 (10:44 +0100)]
Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
Guus Sliepen [Tue, 13 Nov 2012 14:05:41 +0000 (15:05 +0100)]
Send broadcast packets using a random socket, and properly support IPv6.
Before it would always use the first socket, and always send an IPv4 broadcast packet. That
works fine in a lot of situations, but it is better to try all sockets, and to send IPv6 packets
on IPv6 sockets. This is especially important for users that are on IPv6-only networks or that
have multiple physical network interfaces, although in the latter case it probably requires
them to use the ListenAddress variable to create a separate socket for each interface.
Conflicts:
src/net_packet.c
Guus Sliepen [Tue, 13 Nov 2012 14:01:43 +0000 (15:01 +0100)]
Don't take the address of a variable whose scope is about to disappear.
Conflicts:
src/net_packet.c
Guus Sliepen [Sun, 11 Nov 2012 18:01:28 +0000 (19:01 +0100)]
Fix configure script help text for --enable options.
Guus Sliepen [Sun, 11 Nov 2012 17:53:23 +0000 (18:53 +0100)]
Mention in the manual that support for LZO and zlib can be disabled.
Guus Sliepen [Sat, 10 Nov 2012 22:45:22 +0000 (23:45 +0100)]
Make sure PMTU discovery works in switch mode with VLAN tags.
Before, when tinc saw a packet larger than the PMTU with a VLAN tag, it would
not know what to do with it, and would just forward it via TCP. Now, tinc
handles 802.1q packets correctly, as long as there is only one tag.
Guus Sliepen [Sat, 10 Nov 2012 22:13:05 +0000 (23:13 +0100)]
Using alloca() for a constant sized buffer is very silly.
Cppcheck said using alloca() in the 21st century is silly anyway.
Guus Sliepen [Wed, 17 Oct 2012 11:51:02 +0000 (13:51 +0200)]
Fix warnings from groff.
Conflicts:
doc/tinc.conf.5.in
doc/tincctl.8.in
Guus Sliepen [Thu, 11 Oct 2012 20:21:30 +0000 (22:21 +0200)]
Clear status and options fields of unreachable nodes.
Conflicts:
src/graph.c
Guus Sliepen [Tue, 9 Oct 2012 19:02:49 +0000 (21:02 +0200)]
Clear Ethernet header when reading packets from a tun device.
This fixes a warning from valgrind about uninitialized bytes, which were being
sent to other nodes.
Guus Sliepen [Sun, 7 Oct 2012 15:53:41 +0000 (17:53 +0200)]
Fix warnings from cppcheck.
Guus Sliepen [Sat, 6 Oct 2012 19:05:02 +0000 (21:05 +0200)]
Clear connection options and status fields in free_connection_partially().
Most fields should be zero when reusing a connection. In particular, when an
outgoing connection to a node which is reachable on more than one address is
made, the second connection to that node will have status.encryptout set but
outctx will be NULL, causing a NULL pointer dereference when
EVP_EncryptUpdate() is called in send_meta() when it shouldn't.
Guus Sliepen [Sun, 30 Sep 2012 11:45:47 +0000 (13:45 +0200)]
Add strict checks to hex to binary conversions.
The main goal is to catch misuse of the obsolete PrivateKey and PublicKey
statements.
Guus Sliepen [Sun, 30 Sep 2012 11:45:39 +0000 (13:45 +0200)]
Attribution for Martin Schürrer.
Martin Schürrer [Sun, 30 Sep 2012 00:04:55 +0000 (02:04 +0200)]
Output details of encryption errors
Guus Sliepen [Thu, 27 Sep 2012 15:19:02 +0000 (17:19 +0200)]
Fix links in documenation.
Guus Sliepen [Mon, 24 Sep 2012 12:56:00 +0000 (14:56 +0200)]
Don't ignore Makefile.am.
Guus Sliepen [Mon, 24 Sep 2012 12:02:07 +0000 (14:02 +0200)]
Attribution for Vil Brekin and some code style cleanups.
Vilbrekin [Sat, 25 Aug 2012 18:32:38 +0000 (20:32 +0200)]
Android cross-compilation instructions.
Vilbrekin [Sat, 25 Aug 2012 18:01:11 +0000 (20:01 +0200)]
Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
Vilbrekin [Sat, 25 Aug 2012 17:59:26 +0000 (19:59 +0200)]
Add basic .gitignore file, cleaning (most) files generated by autotools.
Vilbrekin [Sat, 25 Aug 2012 17:14:00 +0000 (19:14 +0200)]
Replace hard-code with new ScriptsInterpreter configuration property.
This new setting allows choosing a custom script interpreter used for the various tinc callbacks.
If none is specified, the script itself is called as executable (as before).
This is particularly useful when storing tinc configuration and script on a mount point with no-exec attribute.
Vilbrekin [Wed, 22 Aug 2012 08:46:24 +0000 (10:46 +0200)]
Basic patch for android cross-compilation.
Commented non-existing functions in android NDK.
Prefix scripts execution with shell binary to allow execution on no-exec mount points.
Everyything is currently hard coded, while it should use pre-compiler variables...
Guus Sliepen [Fri, 27 Jul 2012 20:43:01 +0000 (22:43 +0200)]
Also clarify hostnames=[yes|no] in tinc.conf(5).
Mesar Hameed [Tue, 24 Jul 2012 06:18:50 +0000 (07:18 +0100)]
Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
Guus Sliepen [Thu, 12 Jul 2012 09:32:08 +0000 (11:32 +0200)]
Update THANKS file.
Guus Sliepen [Thu, 12 Jul 2012 09:30:56 +0000 (11:30 +0200)]
Document how to load the tap driver on FreeBSD.
Guus Sliepen [Thu, 12 Jul 2012 09:25:11 +0000 (11:25 +0200)]
Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
Guus Sliepen [Mon, 25 Jun 2012 17:45:51 +0000 (19:45 +0200)]
Releasing 1.0.19.
Guus Sliepen [Mon, 25 Jun 2012 17:03:54 +0000 (19:03 +0200)]
Fix crash when using Broadcast = direct.
Guus Sliepen [Mon, 25 Jun 2012 17:01:51 +0000 (19:01 +0200)]
Fix compiler warnings.
Guus Sliepen [Mon, 25 Jun 2012 13:01:42 +0000 (15:01 +0200)]
#include <winsock2.h> on Windows.
MinGW complained about it not being included.
Guus Sliepen [Mon, 25 Jun 2012 13:00:24 +0000 (15:00 +0200)]
Small fixes in proxy code.
Michael Tokarev [Fri, 4 May 2012 12:41:47 +0000 (16:41 +0400)]
add (errnum) in front of windows error messages
On localized, non-English versions of windows, it is
common to have two active charsets -- for console applications
and for GUI applications, together with localized error messages
returned by windows. But two charsets are rarely compatible,
so sending the same byte sequence to console and to windows
event log makes one or another to be unreadable. So at least
include the error number, this way it will be possible to
lookup the actual error test using external ways.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Guus Sliepen [Thu, 19 Apr 2012 13:56:08 +0000 (15:56 +0200)]
Document new proxy types.
Guus Sliepen [Thu, 19 Apr 2012 13:18:31 +0000 (15:18 +0200)]
Add support for proxying through an external command.
Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.
Guus Sliepen [Thu, 19 Apr 2012 12:10:54 +0000 (14:10 +0200)]
Add support for SOCKS 5 proxies.
This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.
Guus Sliepen [Wed, 18 Apr 2012 21:19:40 +0000 (23:19 +0200)]
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.