Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738) The authentication protocol allows an oracle attack that could potentially be exploited. This commit contains several mitigations: - Connections are no longer closed immediately on error, but put in a "tarpit". - The authentication protocol now requires a valid CHAL_REPLY from the initiator of a connection before sending a CHAL_REPLY of its own. - Only a limited amount of connections per second are accepted. - Null ciphers or digests are no longer allowed in METAKEYs. - Connections that claim to have the same name as the local node are rejected.
Don't use SOL_IP and SOL_IPV6. These macros do not exist on all platforms, instead one should use IPPROTO_IP and IPPROTO_IPV6. This fixes a bug on macOS where the IPV6_V6ONLY flag would not be applied and could result in IPv4 sockets not working.
Reformat all code using astyle.
Convert sizeof foo to sizeof(foo). While technically sizeof is an operator and doesn't need the parentheses around expressions it operates on, except if they are type names, code formatters don't seem to handle this very well.
Don't try to bind Proxy = exec sockets to an address.
Set status.proxy_passed early for Proxy = exec.
Don't forget about outgoing connections on host file read errors. If the host config file for an outgoing connection cannot be read, or if it doesn't contain any Address, don't forget about the ConnectTo, but go straight to MaxTimeout seconds for retries.
Bind outgoing TCP sockets. This is important for multi-homed users that want to ensure the source address of outgoing TCP connections is the same as the address that tinc is listening on. Binding is done automatically if there is exactly one listening address for a given address family.
Update copyright notices.
Add ability to use proxies to connect to hostnames when there is no nameserver. This adds support for SOCKS4a, and enhances the support for SOCKS5 and HTTP.
Update "now" after connect() when making outgoing connections. It could be that address resolution takes a long time, don't let that count against a connection. This is especially important when using a nameserver from the VPN.
Support ToS/DiffServ priority handling for IPv6 meta and UDP connections.
Configure minimum reconnect timeouts. Enable the configuration of minimum reconnect timeout via a configuration directive "MinTimeout". This functionality is missing in the default tinc stable distribution. The minimum timeout is, in code, set to 0 seconds. This patch makes it configurable. You might ask yourself why is that needed at all ? Well, we've been using tinc with success for quite some time in a cross DC setup. Tinc is used to create a virtual network switch and to connect our distributed database nodes into a virtual local network. Our database nodes exchange information, synchronize and do failover over the created tinc-backed network. Every now and then, when a node has a physical networking issue and is unreachable by some or all neighboring nodes, tinc will relay traffic over reachable neighboring nodes and thus save our cluster. But, sometimes, especially when BGP route changes take place, minor outages of physical connectivity towards some nodes may cause tinc to become as reliable as packet-loss is :). Tinc is fast, it can and does re-establish a lost connection in a jiffy, but it cannot detect the reason for the loss of the connection. A re-established connection might last for a few seconds (ping timeout) to get lost again just because the packet loss is huge at that time. Then it reconnects again and the story repeats itself. This process keeps repeating until the physical network stabilizes. Packet loss on a physical link means disaster in a database replication scenario. In such cases it is better for tinc to remain disconnected from the unreachable/destabilized nodes for some time and relay traffic over the reachable (unaffected) nodes then to use an unreliable route. This patch enables us to slow down the re-connection process and eliminate application level issues we had.
Remove the warnings when IP_DONTFRAGMENT/IPV6-DONTFRAG is not supported. There is nothing we can do about it, and tinc will run fine anyway.
Fix a few more issues found by Coverity.
Fix issues found by Coverity. Most of the problems found were resource leaks in error paths, some NULL pointer dereferences that do not happen in practice, and a few other issues. They have all been fixed now anyway.
Remove or lower the priority of some debug messages.
Fix compiler warnings on Windows.
Don't send proxy requests for incoming connections.
Fix compiler warnings.