oweals/tinc.git
6 years agoPrevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)
Guus Sliepen [Sun, 9 Sep 2018 14:44:43 +0000 (16:44 +0200)]
Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)

If a man-in-the-middle has intercepted the TCP connection it might be
able to force plaintext UDP packets between two nodes for up to
a PingInterval period.

6 years agoPrevent oracle attacks (CVE-2018-16737, CVE-2018-16738)
Guus Sliepen [Sat, 8 Sep 2018 18:48:14 +0000 (20:48 +0200)]
Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)

The authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:

- Connections are no longer closed immediately on error, but put in
  a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
  initiator of a connection before sending a CHAL_REPLY of its own.
- Only a limited amount of connections per second are accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
  rejected.

6 years agoFixing typo
AMRI Amine [Sat, 1 Sep 2018 08:07:23 +0000 (09:07 +0100)]
Fixing typo

6 years agoReleasing 1.0.34. release-1.0.34
Guus Sliepen [Tue, 12 Jun 2018 14:27:45 +0000 (16:27 +0200)]
Releasing 1.0.34.

6 years agoRemove redundant 'break'.
wangliushuai [Thu, 10 May 2018 10:34:26 +0000 (18:34 +0800)]
Remove redundant 'break'.

I'm henry wong, from Qihoo360 CodeSafe Team. We found a issue about dead
code.

6 years agoProperly implement tinc.texi's dependency on tincinclude.texi.
Guus Sliepen [Fri, 30 Mar 2018 09:42:43 +0000 (11:42 +0200)]
Properly implement tinc.texi's dependency on tincinclude.texi.

With this, make distcheck succeeds even without the info-in-builddir
option to AM_INIT_AUTOMAKE.

6 years agoFix SEGFAULT when trying to connect to IPv6 peer in non-IPv6 environment
Maximilian Stein [Mon, 15 Jan 2018 23:45:38 +0000 (00:45 +0100)]
Fix SEGFAULT when trying to connect to IPv6 peer in non-IPv6 environment

Using my tinc setup I observe spurious SEGFAULTs in the daemon process.

My configuration comprises a proxy (type exec) and the peer's address is
given by its domain name. The domain resolves to both IPv4 and IPv6.
As IPv6 is not working in my environment, all connection attempts to the
resolved IPv6 addresses fail. Sometimes, after such a failure, the
segfault occurs.

Apparently, the issue is caused by a use after free due to failing to
reset a pointer.

6 years agoFix all spelling errors found by codespell.
Guus Sliepen [Sat, 6 Jan 2018 19:42:45 +0000 (20:42 +0100)]
Fix all spelling errors found by codespell.

6 years agoDocument how to enable tinc at boot time using systemd.
Guus Sliepen [Sat, 6 Jan 2018 19:34:37 +0000 (20:34 +0100)]
Document how to enable tinc at boot time using systemd.

6 years agoRename distro/ to systemd/.
Guus Sliepen [Sat, 6 Jan 2018 16:03:05 +0000 (17:03 +0100)]
Rename distro/ to systemd/.

Systemd service files are not supposed to be distribution-specific.

6 years agoMake systemd service file handling identical to tinc 1.1.
Guus Sliepen [Sat, 6 Jan 2018 15:58:54 +0000 (16:58 +0100)]
Make systemd service file handling identical to tinc 1.1.

This removes hardcoded paths from systemd unit files, and sets the default
systemd unit path to ${libdir}/systemd/system. The configure option is now
renamed to --with-systemd[=PATH]. These changes now also ensure that
make distcheck runs without any errors.

Closes #160 on GitHub.

6 years agoDon't use SOL_IP and SOL_IPV6.
Guus Sliepen [Sat, 16 Dec 2017 21:44:57 +0000 (22:44 +0100)]
Don't use SOL_IP and SOL_IPV6.

These macros do not exist on all platforms, instead one should use
IPPROTO_IP and IPPROTO_IPV6. This fixes a bug on macOS where the
IPV6_V6ONLY flag would not be applied and could result in IPv4 sockets
not working.

7 years agoFix #ifdefs that were broken due to commit d178b58.
Guus Sliepen [Mon, 6 Nov 2017 07:13:03 +0000 (08:13 +0100)]
Fix #ifdefs that were broken due to commit d178b58.

7 years agoFix building documentation when using OpenBSD's make.
Guus Sliepen [Sat, 4 Nov 2017 18:52:08 +0000 (19:52 +0100)]
Fix building documentation when using OpenBSD's make.

7 years agoAdd missing thanks to the NEWS message.
Guus Sliepen [Sat, 4 Nov 2017 18:42:10 +0000 (19:42 +0100)]
Add missing thanks to the NEWS message.

7 years agoReleasing 1.0.33. release-1.0.33
Guus Sliepen [Sat, 4 Nov 2017 14:44:04 +0000 (15:44 +0100)]
Releasing 1.0.33.

7 years agoUpdate THANKS.
Guus Sliepen [Sat, 4 Nov 2017 14:43:39 +0000 (15:43 +0100)]
Update THANKS.

7 years agoFix compilation errors when --enable-uml is used.
Guus Sliepen [Sat, 4 Nov 2017 13:42:28 +0000 (14:42 +0100)]
Fix compilation errors when --enable-uml is used.

7 years agoConst correctness.
Guus Sliepen [Sat, 4 Nov 2017 13:28:21 +0000 (14:28 +0100)]
Const correctness.

7 years agoSupport autoconf's --runstatedir option.
Guus Sliepen [Sat, 4 Nov 2017 13:17:27 +0000 (14:17 +0100)]
Support autoconf's --runstatedir option.

Put the PID file in @runstatedir@ instead of @localstatedir@/run. This
requires autoconf 2.70, which is not released yet, so add a fallback to
use @localstatedir@/run if @runstatedir@ is not set.

7 years agoEnsure all parameters have names in header files.
Guus Sliepen [Sat, 4 Nov 2017 11:21:18 +0000 (12:21 +0100)]
Ensure all parameters have names in header files.

7 years agoRemove unused functions.
Guus Sliepen [Sat, 4 Nov 2017 11:20:50 +0000 (12:20 +0100)]
Remove unused functions.

7 years agoRealign comments.
Guus Sliepen [Fri, 3 Nov 2017 23:27:51 +0000 (00:27 +0100)]
Realign comments.

7 years agoFix all -Wall -W compiler warnings.
Guus Sliepen [Fri, 3 Nov 2017 23:20:32 +0000 (00:20 +0100)]
Fix all -Wall -W compiler warnings.

7 years agoDisable PMTU discovery when TCPOnly is used.
Guus Sliepen [Mon, 23 Oct 2017 19:10:20 +0000 (21:10 +0200)]
Disable PMTU discovery when TCPOnly is used.

7 years agoHandle tun/tap device returning EPERM or EBUSY.
Guus Sliepen [Wed, 11 Oct 2017 18:02:22 +0000 (20:02 +0200)]
Handle tun/tap device returning EPERM or EBUSY.

Often when tun/tap is used any errors during setup will be confuse tinc
and it will then assume it is an Ethertap device. Try to avoid this by
checking errno after a failed TUNSETIFF; if it's EPERM or EBUSY then
we can be sure it was not an Ethertap device, and we should report an
error instead.

Closes #157 on GitHub.

7 years agoAdd some information about the requirements of a chroot environment.
Guus Sliepen [Wed, 11 Oct 2017 17:30:17 +0000 (19:30 +0200)]
Add some information about the requirements of a chroot environment.

7 years agoFix some "make distcheck" errors.
Guus Sliepen [Sun, 8 Oct 2017 19:37:19 +0000 (21:37 +0200)]
Fix some "make distcheck" errors.

The only issue left is the installation of systemd service files, which
is done to a custom data directory. Make distcheck calls install without
DESTDIR it seems, but running "make install" manually works fine.

7 years agoRemove obsolete m4/README.
Guus Sliepen [Sun, 8 Oct 2017 15:12:51 +0000 (17:12 +0200)]
Remove obsolete m4/README.

7 years agoRemove more obsolete autoconf checks.
Guus Sliepen [Sat, 7 Oct 2017 21:30:04 +0000 (23:30 +0200)]
Remove more obsolete autoconf checks.

7 years agoUnconditionally include stdbool.h and inttypes.h.
Guus Sliepen [Sat, 7 Oct 2017 21:20:36 +0000 (23:20 +0200)]
Unconditionally include stdbool.h and inttypes.h.

7 years agoDon't call ERR_remove_state().
Guus Sliepen [Sat, 7 Oct 2017 21:14:58 +0000 (23:14 +0200)]
Don't call ERR_remove_state().

It's impossible to write portable code that properly cleans up after
OpenSSL without resulting in compile time warnings, so don't try.

7 years agoReformat all code using astyle.
Guus Sliepen [Sat, 7 Oct 2017 15:49:45 +0000 (17:49 +0200)]
Reformat all code using astyle.

7 years agoConvert sizeof foo to sizeof(foo).
Guus Sliepen [Sat, 7 Oct 2017 15:46:52 +0000 (17:46 +0200)]
Convert sizeof foo to sizeof(foo).

While technically sizeof is an operator and doesn't need the parentheses
around expressions it operates on, except if they are type names, code
formatters don't seem to handle this very well.

7 years agoUpdate all header guards.
Guus Sliepen [Sat, 7 Oct 2017 15:17:21 +0000 (17:17 +0200)]
Update all header guards.

Don't start with underscores, as those are reserved for system
libraries. Make sure all start with TINC_, and that they appear at
the top of the file.

7 years agoRemove xmalloc.c, backport xalloc.h from tinc 1.1.
Guus Sliepen [Sat, 7 Oct 2017 14:59:30 +0000 (16:59 +0200)]
Remove xmalloc.c, backport xalloc.h from tinc 1.1.

We are requiring a C99-compliant compiler, so we don't need to work
around buggy malloc() implementations.

7 years agoUse getcwd() instead of get_current_dir_name().
Guus Sliepen [Sat, 7 Oct 2017 14:54:52 +0000 (16:54 +0200)]
Use getcwd() instead of get_current_dir_name().

7 years agoRemove unused/obsolete checks from configure.ac.
Guus Sliepen [Sat, 7 Oct 2017 14:51:13 +0000 (16:51 +0200)]
Remove unused/obsolete checks from configure.ac.

7 years agoFix a few minor memory leaks.
Guus Sliepen [Fri, 6 Oct 2017 19:40:03 +0000 (21:40 +0200)]
Fix a few minor memory leaks.

7 years agoUse stack-allocated strings for temporary filenames.
Guus Sliepen [Fri, 6 Oct 2017 19:39:24 +0000 (21:39 +0200)]
Use stack-allocated strings for temporary filenames.

7 years agoNever remove items from cmdline_conf.
Guus Sliepen [Fri, 6 Oct 2017 19:25:59 +0000 (21:25 +0200)]
Never remove items from cmdline_conf.

We should treat cmdline_conf as const, so we can call read_config_options()
more than once with prefix = NULL.

Closes #155 on GitHub.

7 years agoPrepare for automatic code formatting using Artistic Style.
Guus Sliepen [Tue, 3 Oct 2017 19:22:39 +0000 (21:22 +0200)]
Prepare for automatic code formatting using Artistic Style.

7 years agoGive absolute path for #include to AC_CHECK_HEADERS().
Guus Sliepen [Tue, 3 Oct 2017 19:07:09 +0000 (21:07 +0200)]
Give absolute path for #include to AC_CHECK_HEADERS().

Taken from Etienne Dechamp's patch to support VPATH builds for tinc 1.1.

7 years agoUse AC_CONFIG_MACRO_DIR().
Guus Sliepen [Tue, 3 Oct 2017 18:59:00 +0000 (20:59 +0200)]
Use AC_CONFIG_MACRO_DIR().

7 years agoAllow compilation from a build directory
nemunaire [Wed, 27 Sep 2017 16:47:13 +0000 (18:47 +0200)]
Allow compilation from a build directory

7 years agofix tinc.conf for OpenBSD
Rafael Sadowski [Tue, 3 Oct 2017 08:23:37 +0000 (10:23 +0200)]
fix tinc.conf for OpenBSD

7 years agoFix a potential memory leak.
Guus Sliepen [Mon, 2 Oct 2017 18:54:57 +0000 (20:54 +0200)]
Fix a potential memory leak.

Found by the Clang static analyzer.

7 years agoUdpate THANKS.
Guus Sliepen [Sun, 1 Oct 2017 20:04:35 +0000 (22:04 +0200)]
Udpate THANKS.

7 years agoReleasing 1.0.32. release-1.0.32
Guus Sliepen [Sat, 2 Sep 2017 14:31:04 +0000 (16:31 +0200)]
Releasing 1.0.32.

7 years agoDon't try to bind Proxy = exec sockets to an address.
Guus Sliepen [Sun, 30 Jul 2017 14:14:14 +0000 (16:14 +0200)]
Don't try to bind Proxy = exec sockets to an address.

7 years agoSet status.proxy_passed early for Proxy = exec.
Guus Sliepen [Sun, 30 Jul 2017 14:11:56 +0000 (16:11 +0200)]
Set status.proxy_passed early for Proxy = exec.

7 years agoFix Proxy = exec.
Guus Sliepen [Sun, 30 Jul 2017 14:04:49 +0000 (16:04 +0200)]
Fix Proxy = exec.

7 years agoDon't forget about outgoing connections on host file read errors.
Guus Sliepen [Tue, 27 Jun 2017 21:36:52 +0000 (23:36 +0200)]
Don't forget about outgoing connections on host file read errors.

If the host config file for an outgoing connection cannot be read, or if
it doesn't contain any Address, don't forget about the ConnectTo, but go
straight to MaxTimeout seconds for retries.

7 years agoSet KillMode=mixed in the systemd service file.
Guus Sliepen [Sun, 28 May 2017 10:42:25 +0000 (12:42 +0200)]
Set KillMode=mixed in the systemd service file.

This ensures only the main process is sent the SIGTERM, and not anything
else that might have started in the same control group, including the
tinc-down script.

Closes #145 on GitHub.

7 years agoMove logging of "would block" messages to debug level 4.
Guus Sliepen [Sun, 28 May 2017 10:25:53 +0000 (12:25 +0200)]
Move logging of "would block" messages to debug level 4.

7 years agoBind outgoing TCP sockets.
Guus Sliepen [Thu, 27 Apr 2017 18:58:10 +0000 (20:58 +0200)]
Bind outgoing TCP sockets.

This is important for multi-homed users that want to ensure the source
address of outgoing TCP connections is the same as the address that tinc
is listening on.

Binding is done automatically if there is exactly one listening address
for a given address family.

7 years agoFix Solaris DeviceType = tap in router Mode.
Guus Sliepen [Wed, 19 Apr 2017 08:26:18 +0000 (10:26 +0200)]
Fix Solaris DeviceType = tap in router Mode.

7 years agoUse getmsg()/putmsg() instead of read()/write() on Solaris.
Guus Sliepen [Sat, 8 Apr 2017 11:06:48 +0000 (13:06 +0200)]
Use getmsg()/putmsg() instead of read()/write() on Solaris.

This fixes a problem where read() returns packets from the IP layer before
fragmentation is done.

7 years agoUse /dev/udp instead of /dev/ip on Solaris.
Guus Sliepen [Sat, 8 Apr 2017 11:05:11 +0000 (13:05 +0200)]
Use /dev/udp instead of /dev/ip on Solaris.

7 years agoMerge remote-tracking branch 'VittGam/master'
Guus Sliepen [Tue, 21 Mar 2017 20:48:08 +0000 (21:48 +0100)]
Merge remote-tracking branch 'VittGam/master'

7 years agoDon't dereference myself->incipher if it's NULL.
Guus Sliepen [Mon, 20 Mar 2017 18:19:01 +0000 (19:19 +0100)]
Don't dereference myself->incipher if it's NULL.

This fixes #142 on GitHub.

7 years agoReleasing 1.0.31. release-1.0.31
Guus Sliepen [Sun, 15 Jan 2017 14:50:49 +0000 (15:50 +0100)]
Releasing 1.0.31.

8 years agoRemove ExecStop in tinc@.service
Élie Bouttier [Mon, 31 Oct 2016 20:06:32 +0000 (21:06 +0100)]
Remove ExecStop in tinc@.service

This avoid tinc to receive SIGTERM twice (through ExecStop and through systemd
directly) which prevented tinc-down script to be executed.

8 years agoReleasing 1.0.30. release-1.0.30
Guus Sliepen [Sun, 30 Oct 2016 13:18:39 +0000 (14:18 +0100)]
Releasing 1.0.30.

8 years agoUse CFB mode for meta-connections to improve security.
Guus Sliepen [Sun, 30 Oct 2016 12:11:24 +0000 (13:11 +0100)]
Use CFB mode for meta-connections to improve security.

8 years agoUse AES in CTR mode instead of OFB mode for meta-connections.
Guus Sliepen [Sat, 29 Oct 2016 20:14:45 +0000 (22:14 +0200)]
Use AES in CTR mode instead of OFB mode for meta-connections.

This gives a very nice speedup while preserving the stream characteristics.

8 years agoReally fix byte budget calculation.
Guus Sliepen [Sat, 29 Oct 2016 20:10:32 +0000 (22:10 +0200)]
Really fix byte budget calculation.

We want to use the underlying cipher's block length, but if it's a stream
mode this will be 1. In that case, use the IV length. Ensure we never get
a budget that cannot be stored in a 64 bits integer.

Thanks to Wessel Dankers for helping getting this right.

8 years agoFix bit shifting arithmetic so the code actually does what the last commit message...
Guus Sliepen [Sat, 29 Oct 2016 18:56:43 +0000 (20:56 +0200)]
Fix bit shifting arithmetic so the code actually does what the last commit message says.

8 years agoEnforce maximum amount of bytes sent/received on meta-connections.
Guus Sliepen [Sat, 29 Oct 2016 17:51:35 +0000 (19:51 +0200)]
Enforce maximum amount of bytes sent/received on meta-connections.

This is sqrt(2^{block_length_in_bits}).

8 years agoUse AES256 and SHA256 by default, also for the meta-connections.
Guus Sliepen [Sat, 29 Oct 2016 13:24:34 +0000 (15:24 +0200)]
Use AES256 and SHA256 by default, also for the meta-connections.

At the start of the decade, there were still distributions that shipped
with versions of OpenSSL that did not support these algorithms. By now
everyone should support them. The old defaults were Blowfish and SHA1,
both of which are not considered secure anymore.

The meta-protocol now always uses AES in OFB mode, but the key length
will adapt to the one specified by the Cipher option. The digest for the
meta-protocol is hardcoded to SHA256.

8 years agoDelay sending the real ID request until after a proxy request is granted.
Guus Sliepen [Fri, 14 Oct 2016 12:44:06 +0000 (14:44 +0200)]
Delay sending the real ID request until after a proxy request is granted.

8 years agoLog only the first line of a proxy request rejection message.
Guus Sliepen [Fri, 14 Oct 2016 12:27:49 +0000 (14:27 +0200)]
Log only the first line of a proxy request rejection message.

8 years agoFix proxy reply parsing broken by the previous commit.
Guus Sliepen [Fri, 14 Oct 2016 12:27:19 +0000 (14:27 +0200)]
Fix proxy reply parsing broken by the previous commit.

8 years agoAllow non-empty lines after status code from a HTTP proxy.
Guus Sliepen [Thu, 13 Oct 2016 14:45:37 +0000 (16:45 +0200)]
Allow non-empty lines after status code from a HTTP proxy.

8 years agoroute: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Vittorio Gambaletta (VittGam) [Wed, 12 Oct 2016 12:09:34 +0000 (14:09 +0200)]
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
8 years agoReleasing 1.0.29. release-1.0.29
Guus Sliepen [Sun, 9 Oct 2016 13:42:14 +0000 (15:42 +0200)]
Releasing 1.0.29.

8 years agoFix compiler warnings about format string errors on BSD.
Guus Sliepen [Sun, 9 Oct 2016 13:16:42 +0000 (15:16 +0200)]
Fix compiler warnings about format string errors on BSD.

8 years agoFix possibly unitialized variable.
Guus Sliepen [Sun, 9 Oct 2016 13:09:52 +0000 (15:09 +0200)]
Fix possibly unitialized variable.

8 years agoAdd ax_require_defined.m4.
Guus Sliepen [Sun, 9 Oct 2016 12:38:35 +0000 (14:38 +0200)]
Add ax_require_defined.m4.

8 years agoAdd a copy of ax_append_flag.m4.
Guus Sliepen [Tue, 27 Sep 2016 12:18:20 +0000 (14:18 +0200)]
Add a copy of ax_append_flag.m4.

This is a dependency of ax_cflags_warn_all.m4.

8 years agoLog warnings about dropped packets only with debug level 5 or higher.
Guus Sliepen [Tue, 26 Jul 2016 14:47:02 +0000 (16:47 +0200)]
Log warnings about dropped packets only with debug level 5 or higher.

8 years agoForce nul-termination of strings after vsnprintf().
Guus Sliepen [Thu, 23 Jun 2016 13:32:47 +0000 (15:32 +0200)]
Force nul-termination of strings after vsnprintf().

Apparently, on Windows this function might not always be properly
terminated.

8 years agoCheck return value of RSA_generate_key_ex().
Guus Sliepen [Wed, 22 Jun 2016 15:42:13 +0000 (17:42 +0200)]
Check return value of RSA_generate_key_ex().

8 years agoAdd -Wall to CFLAGS.
Guus Sliepen [Wed, 22 Jun 2016 15:38:06 +0000 (17:38 +0200)]
Add -Wall to CFLAGS.

8 years agoEnsure compatibility with OpenSSL 1.1.0.
Guus Sliepen [Wed, 15 Jun 2016 09:12:09 +0000 (11:12 +0200)]
Ensure compatibility with OpenSSL 1.1.0.

8 years agoPreserve IPv6 scope_id in edges.
Guus Sliepen [Sun, 5 Jun 2016 13:23:07 +0000 (15:23 +0200)]
Preserve IPv6 scope_id in edges.

When creating an edge after authenticating a peer, we copy the address
used for the TCP connection, but change the port to that used for UDP.
But the way we did it discarded the scope_id for IPv6 addresses. This
prevented UDP communication from working correctly when connecting to a
peer on the same LAN using an IPv6 link-local address.

Thanks to Rafał Leśniak for pointing out this issue.

8 years agoReleasing 1.0.28. release-1.0.28
Guus Sliepen [Sun, 10 Apr 2016 13:08:01 +0000 (15:08 +0200)]
Releasing 1.0.28.

8 years agoUpdate links in the documentation.
Guus Sliepen [Sun, 10 Apr 2016 13:04:59 +0000 (15:04 +0200)]
Update links in the documentation.

8 years agoExplicitly mention that LibreSSL can be used as well.
Guus Sliepen [Sun, 10 Apr 2016 12:47:21 +0000 (14:47 +0200)]
Explicitly mention that LibreSSL can be used as well.

8 years agoEnsure the service files are in the tarball.
Guus Sliepen [Sun, 10 Apr 2016 12:30:20 +0000 (14:30 +0200)]
Ensure the service files are in the tarball.

8 years agoUpdate .gitignore.
Guus Sliepen [Sun, 10 Apr 2016 12:13:53 +0000 (14:13 +0200)]
Update .gitignore.

8 years agoAdd systemd service files.
Guus Sliepen [Sun, 10 Apr 2016 12:13:44 +0000 (14:13 +0200)]
Add systemd service files.

8 years agoReally remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
Guus Sliepen [Sun, 10 Apr 2016 11:41:54 +0000 (13:41 +0200)]
Really remove use of __DATE__ and __TIME__ to facilitate reproducible builds.

8 years agoFix compiling bsd/device.c on systems without utun.
Guus Sliepen [Sun, 10 Apr 2016 11:40:42 +0000 (13:40 +0200)]
Fix compiling bsd/device.c on systems without utun.

8 years agoReleasing 1.0.27. release-1.0.27
Guus Sliepen [Sat, 9 Apr 2016 22:50:15 +0000 (00:50 +0200)]
Releasing 1.0.27.

8 years agoAdd support for OS X utun interfaces.
Guus Sliepen [Sat, 9 Apr 2016 22:05:13 +0000 (00:05 +0200)]
Add support for OS X utun interfaces.

8 years agoEnable silent builds by default.
Guus Sliepen [Sat, 9 Apr 2016 20:17:47 +0000 (22:17 +0200)]
Enable silent builds by default.

Cleaner build messages make it easier to spot compiler warnings and errors.
Use make V=1 to get the verbose output back.

8 years agoUse SIOCGIFADDR on BSDs that support it.
Guus Sliepen [Sat, 9 Apr 2016 16:40:09 +0000 (18:40 +0200)]
Use SIOCGIFADDR on BSDs that support it.

8 years agoUse devname() if available to support devfs cloning on BSD.
Guus Sliepen [Sat, 9 Apr 2016 16:39:40 +0000 (18:39 +0200)]
Use devname() if available to support devfs cloning on BSD.

Some BSD flavors allow opening /dev/tun and/or /dev/tap, which automatically
create a new tun or tap interface with an unused number. To find out which
number the interface got, you have to call devname() on the device file
that was opened.

The semantics are different from the way Linux's /dev/tun works though.
In particular, after closing the device, the interface will continue to exist.
Restarting tincd would cause the old interface to stay around, and a new
one to be created. One could add a tinc-down script with the following line:

ifconfig $INTERFACE destroy

But that is still no guarantee that restarting tinc will give you the same
interface. So the default tun and tap device will stay /dev/tun0 and /dev/tap0
for all BSD flavors to avoid surprises for existing users.

8 years agoEvery BSD flavor has a tap device nowadays.
Guus Sliepen [Sat, 9 Apr 2016 16:30:48 +0000 (18:30 +0200)]
Every BSD flavor has a tap device nowadays.