Fix compilation without deprecated OpenSSL APIs This is an optional part of OpenWrt designed to save space.
Fix checks for Cygwin-related macros. The search-and-replace done in commit 0466160 broke compilation on Cygwin. Closes #198 on GitHub.
Fix all warnings when compiling with -Wall -W -pedantic.
Fix #ifdefs that were broken due to commit d178b58.
Fix all -Wall -W compiler warnings.
Disable PMTU discovery when TCPOnly is used.
Reformat all code using astyle.
Convert sizeof foo to sizeof(foo). While technically sizeof is an operator and doesn't need the parentheses around expressions it operates on, except if they are type names, code formatters don't seem to handle this very well.
Don't dereference myself->incipher if it's NULL. This fixes #142 on GitHub.
Use CFB mode for meta-connections to improve security.
Use AES in CTR mode instead of OFB mode for meta-connections. This gives a very nice speedup while preserving the stream characteristics.
Use AES256 and SHA256 by default, also for the meta-connections. At the start of the decade, there were still distributions that shipped with versions of OpenSSL that did not support these algorithms. By now everyone should support them. The old defaults were Blowfish and SHA1, both of which are not considered secure anymore. The meta-protocol now always uses AES in OFB mode, but the key length will adapt to the one specified by the Cipher option. The digest for the meta-protocol is hardcoded to SHA256.
Ensure compatibility with OpenSSL 1.1.0.
Add ability to use proxies to connect to hostnames when there is no nameserver. This adds support for SOCKS4a, and enhances the support for SOCKS5 and HTTP.
Don't try to call res_init() if ./configure told us it doesn't exist.
Update copyright notices.
Always call res_init() before getaddrinfo(). Unfortunately, glibc assumes that /etc/resolv.conf is a static file that never changes. Even on servers, /etc/resolv.conf might be a dynamically generated file, and we never know when it changes. So just call res_init() every time, so glibc uses up-to-date nameserver information.
Support ToS/DiffServ priority handling for IPv6 meta and UDP connections.
Configure minimum reconnect timeouts. Enable the configuration of minimum reconnect timeout via a configuration directive "MinTimeout". This functionality is missing in the default tinc stable distribution. The minimum timeout is, in code, set to 0 seconds. This patch makes it configurable. You might ask yourself why is that needed at all ? Well, we've been using tinc with success for quite some time in a cross DC setup. Tinc is used to create a virtual network switch and to connect our distributed database nodes into a virtual local network. Our database nodes exchange information, synchronize and do failover over the created tinc-backed network. Every now and then, when a node has a physical networking issue and is unreachable by some or all neighboring nodes, tinc will relay traffic over reachable neighboring nodes and thus save our cluster. But, sometimes, especially when BGP route changes take place, minor outages of physical connectivity towards some nodes may cause tinc to become as reliable as packet-loss is :). Tinc is fast, it can and does re-establish a lost connection in a jiffy, but it cannot detect the reason for the loss of the connection. A re-established connection might last for a few seconds (ping timeout) to get lost again just because the packet loss is huge at that time. Then it reconnects again and the story repeats itself. This process keeps repeating until the physical network stabilizes. Packet loss on a physical link means disaster in a database replication scenario. In such cases it is better for tinc to remain disconnected from the unreachable/destabilized nodes for some time and relay traffic over the reachable (unaffected) nodes then to use an unreliable route. This patch enables us to slow down the re-connection process and eliminate application level issues we had.
Fixed tinc-up script calling on Win32. It was called too early. Simple sleep fixes the issue.