7 years agoEnable compiler hardening flags by default.
Guus Sliepen [Tue, 10 Dec 2013 09:17:05 +0000 (10:17 +0100)]
Enable compiler hardening flags by default.

Check whether the compiler supports hardening flags and enable them unless
--disable-hardening is specified.

7 years agoIf no Port is specified, set myport to actual port of first listening socket.
Guus Sliepen [Thu, 5 Dec 2013 13:30:41 +0000 (14:30 +0100)]
If no Port is specified, set myport to actual port of first listening socket.

If the Port statement is not used, there are two other ways to let tinc listen
on a non-default port: either by specifying one or more BindToAddress
statements including port numbers, or by starting it from systemd with socket
activation. Tinc announces its own port to other nodes, but before it only
announced what was set using the Port statement.

7 years agoMention in the manual that multiple Address staments are allowed.
Guus Sliepen [Thu, 5 Dec 2013 13:30:00 +0000 (14:30 +0100)]
Mention in the manual that multiple Address staments are allowed.

8 years agoReleasing 1.0.23. release-1.0.23
Guus Sliepen [Sat, 19 Oct 2013 15:35:20 +0000 (17:35 +0200)]
Releasing 1.0.23.

8 years agoClean up child processes from proxy type exec.
Guus Sliepen [Fri, 18 Oct 2013 15:05:35 +0000 (17:05 +0200)]
Clean up child processes from proxy type exec.

8 years agoAdd description of IffOneQueue and MaxTimeout to the info manual.
Guus Sliepen [Sun, 6 Oct 2013 13:32:55 +0000 (15:32 +0200)]
Add description of IffOneQueue and MaxTimeout to the info manual.

8 years agoGet rid of the splay tree implementation.
Guus Sliepen [Sun, 29 Sep 2013 16:16:36 +0000 (18:16 +0200)]
Get rid of the splay tree implementation.

This is used in the 1.1 branch but not in 1.0.x.

8 years agoModernize the build system.
Guus Sliepen [Sun, 29 Sep 2013 16:06:13 +0000 (18:06 +0200)]
Modernize the build system.

Recent versions of autoconf and automake were giving a lot of warnings. This is
sort of a backport of similar build system changes from the 1.1 banch:

- Fix all autoconf/automake warnings.
- Merge lib/ into src/.
- Don't use symlinks for device.c any more, but use automake conditionals.
- Use explicit paths to local header files.
- Get rid of alloca.c/malloc.c/memcmp.c/realloc.c.

8 years agoFix typos in the documentation.
Guus Sliepen [Fri, 27 Sep 2013 08:43:56 +0000 (10:43 +0200)]
Fix typos in the documentation.

Thanks to Thomas Sattler for finding and reporting them.

8 years agoFix segfault when Name = $HOST but $HOST is not set.
Guus Sliepen [Fri, 27 Sep 2013 07:43:39 +0000 (09:43 +0200)]
Fix segfault when Name = $HOST but $HOST is not set.

8 years agoDon't send PING requests on connections which are not active yet.
Guus Sliepen [Wed, 25 Sep 2013 19:24:05 +0000 (21:24 +0200)]
Don't send PING requests on connections which are not active yet.

This happened when sending an ALRM signal to a running tincd, which caused it
to send PING requests on any connection, regardless of its status.

8 years agoCheck for writability when waiting for a socket to finish connecting.
Guus Sliepen [Sun, 1 Sep 2013 09:43:10 +0000 (11:43 +0200)]
Check for writability when waiting for a socket to finish connecting.

This causes daemons that make an outgoing connection to immediately send the ID
message (or proxy handshake), as intended.

8 years agoReleasing 1.0.22. release-1.0.22
Guus Sliepen [Tue, 13 Aug 2013 20:05:08 +0000 (22:05 +0200)]
Releasing 1.0.22.

8 years agoUpdate copyright notices.
Guus Sliepen [Tue, 13 Aug 2013 18:53:05 +0000 (20:53 +0200)]
Update copyright notices.

8 years agoDon't echo broadcast packets back when Broadcast = direct.
Guus Sliepen [Thu, 8 Aug 2013 15:40:43 +0000 (17:40 +0200)]
Don't echo broadcast packets back when Broadcast = direct.

8 years agoDon't use vasprintf() anymore on Windows.
Guus Sliepen [Wed, 17 Jul 2013 16:08:58 +0000 (18:08 +0200)]
Don't use vasprintf() anymore on Windows.

Windows doesn't actually support it, but MinGW provides it. However, with some versions of
MinGW it doesn't work correctly. Instead, we vsnprintf() to a local buffer and xstrdup() the

8 years agoFix combination of Mode = router and DeviceType = tap on Linux.
Etienne Dechamps [Sat, 13 Jul 2013 22:34:42 +0000 (23:34 +0100)]
Fix combination of Mode = router and DeviceType = tap on Linux.

I believe I have found a bug in tinc on Linux when it is used with
Mode = router and DeviceType = tap. This combination is useful because
it allows global broadcast packets to be used in router mode. However,
when tinc receives a packet in this situation, it needs to make sure its
destination MAC address matches the address of the TAP adapter, which is
typically not the case since the sending node doesn't know the MAC
address of the recipient. Unfortunately, this is not the case on Linux,
which breaks connectivity.

8 years agoSet $NAME when calling host-up/down and subnet-up/down scripts.
Guus Sliepen [Fri, 5 Jul 2013 18:51:27 +0000 (20:51 +0200)]
Set $NAME when calling host-up/down and subnet-up/down scripts.

8 years agoFix a typo.
Guus Sliepen [Sat, 8 Jun 2013 11:44:29 +0000 (13:44 +0200)]
Fix a typo.

8 years agoBetter optional argument handling.
Guus Sliepen [Thu, 30 May 2013 14:43:20 +0000 (16:43 +0200)]
Better optional argument handling.

Some options can take an optional argument. However, in this case GNU getopt
requires that the optional argument is right next to the option without
whitespace inbetween. If there is whitespace, getopt will treat it as a
non-option argument, but tinc ignored those without a warning. Now tinc will
allow optional arguments with whitespace inbetween, and will give an error when
it encounters any other non-option arguments.

8 years agoReleasing 1.0.21. release-1.0.21
Guus Sliepen [Mon, 22 Apr 2013 12:12:07 +0000 (14:12 +0200)]
Releasing 1.0.21.

8 years agoDrop packets forwarded via TCP if they are too big (CVE-2013-1428).
Guus Sliepen [Fri, 12 Apr 2013 15:15:05 +0000 (17:15 +0200)]
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

Normally all requests sent via the meta connections are checked so that they
cannot be larger than the input buffer. However, when packets are forwarded via
meta connections, they are copied into a packet buffer without checking whether
it fits into it. Since the packet buffer is allocated on the stack, this in
effect allows an authenticated remote node to cause a stack overflow.

This issue was found by Martin Schobert.

8 years agoReleasing 1.0.20. release-1.0.20
Guus Sliepen [Sun, 3 Mar 2013 20:06:25 +0000 (21:06 +0100)]
Releasing 1.0.20.

8 years agoFix detection of rejected SOCKS5 proxy requests.
Guus Sliepen [Sun, 3 Mar 2013 19:51:36 +0000 (20:51 +0100)]
Fix detection of rejected SOCKS5 proxy requests.

8 years agoFix compiler warnings on Windows.
Guus Sliepen [Sun, 3 Mar 2013 19:44:18 +0000 (20:44 +0100)]
Fix compiler warnings on Windows.

8 years agoDon't send proxy requests for incoming connections.
Guus Sliepen [Thu, 7 Feb 2013 13:23:31 +0000 (14:23 +0100)]
Don't send proxy requests for incoming connections.

8 years agoFix segmentation fault when trying to connect via a SOCKS5 proxy.
Guus Sliepen [Wed, 6 Feb 2013 13:34:39 +0000 (14:34 +0100)]
Fix segmentation fault when trying to connect via a SOCKS5 proxy.

8 years agoFix a compiler warning.
Guus Sliepen [Thu, 31 Jan 2013 15:03:24 +0000 (16:03 +0100)]
Fix a compiler warning.

8 years agoDetect increases in PMTU.
Guus Sliepen [Thu, 31 Jan 2013 14:58:33 +0000 (15:58 +0100)]
Detect increases in PMTU.

Tinc never restarts PMTU discovery unless a node becomes unreachable. However,
it can be that the PMTU was very low during the initial discovery, but has
increased later. To detect this, tinc now tries to send an extra packet every
PingInterval, with a size slightly higher than the currently known PMTU. If
this packet is succesfully received back, we partially restart PMTU discovery
to find out the new maximum.

8 years agoMake sure PriorityInheritance also works in switch mode.
Guus Sliepen [Sun, 20 Jan 2013 14:16:13 +0000 (15:16 +0100)]
Make sure PriorityInheritance also works in switch mode.

8 years agoFix support for tunemu on iOS devices.
Guus Sliepen [Sun, 16 Dec 2012 14:36:06 +0000 (15:36 +0100)]
Fix support for tunemu on iOS devices.

The actual code was fine but the #ifdefs tested for the wrong preprocessor

9 years agoRemove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
Guus Sliepen [Wed, 14 Nov 2012 09:44:35 +0000 (10:44 +0100)]
Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.

9 years agoSend broadcast packets using a random socket, and properly support IPv6.
Guus Sliepen [Tue, 13 Nov 2012 14:05:41 +0000 (15:05 +0100)]
Send broadcast packets using a random socket, and properly support IPv6.

Before it would always use the first socket, and always send an IPv4 broadcast packet. That
works fine in a lot of situations, but it is better to try all sockets, and to send IPv6 packets
on IPv6 sockets. This is especially important for users that are on IPv6-only networks or that
have multiple physical network interfaces, although in the latter case it probably requires
them to use the ListenAddress variable to create a separate socket for each interface.


9 years agoDon't take the address of a variable whose scope is about to disappear.
Guus Sliepen [Tue, 13 Nov 2012 14:01:43 +0000 (15:01 +0100)]
Don't take the address of a variable whose scope is about to disappear.


9 years agoFix configure script help text for --enable options.
Guus Sliepen [Sun, 11 Nov 2012 18:01:28 +0000 (19:01 +0100)]
Fix configure script help text for --enable options.

9 years agoMention in the manual that support for LZO and zlib can be disabled.
Guus Sliepen [Sun, 11 Nov 2012 17:53:23 +0000 (18:53 +0100)]
Mention in the manual that support for LZO and zlib can be disabled.

9 years agoMake sure PMTU discovery works in switch mode with VLAN tags.
Guus Sliepen [Sat, 10 Nov 2012 22:45:22 +0000 (23:45 +0100)]
Make sure PMTU discovery works in switch mode with VLAN tags.

Before, when tinc saw a packet larger than the PMTU with a VLAN tag, it would
not know what to do with it, and would just forward it via TCP. Now, tinc
handles 802.1q packets correctly, as long as there is only one tag.

9 years agoUsing alloca() for a constant sized buffer is very silly.
Guus Sliepen [Sat, 10 Nov 2012 22:13:05 +0000 (23:13 +0100)]
Using alloca() for a constant sized buffer is very silly.

Cppcheck said using alloca() in the 21st century is silly anyway.

9 years agoFix warnings from groff.
Guus Sliepen [Wed, 17 Oct 2012 11:51:02 +0000 (13:51 +0200)]
Fix warnings from groff.


9 years agoClear status and options fields of unreachable nodes.
Guus Sliepen [Thu, 11 Oct 2012 20:21:30 +0000 (22:21 +0200)]
Clear status and options fields of unreachable nodes.


9 years agoClear Ethernet header when reading packets from a tun device.
Guus Sliepen [Tue, 9 Oct 2012 19:02:49 +0000 (21:02 +0200)]
Clear Ethernet header when reading packets from a tun device.

This fixes a warning from valgrind about uninitialized bytes, which were being
sent to other nodes.

9 years agoFix warnings from cppcheck.
Guus Sliepen [Sun, 7 Oct 2012 15:53:41 +0000 (17:53 +0200)]
Fix warnings from cppcheck.

9 years agoClear connection options and status fields in free_connection_partially().
Guus Sliepen [Sat, 6 Oct 2012 19:05:02 +0000 (21:05 +0200)]
Clear connection options and status fields in free_connection_partially().

Most fields should be zero when reusing a connection. In particular, when an
outgoing connection to a node which is reachable on more than one address is
made, the second connection to that node will have status.encryptout set but
outctx will be NULL, causing a NULL pointer dereference when
EVP_EncryptUpdate() is called in send_meta() when it shouldn't.

9 years agoAdd strict checks to hex to binary conversions.
Guus Sliepen [Sun, 30 Sep 2012 11:45:47 +0000 (13:45 +0200)]
Add strict checks to hex to binary conversions.

The main goal is to catch misuse of the obsolete PrivateKey and PublicKey

9 years agoAttribution for Martin Schürrer.
Guus Sliepen [Sun, 30 Sep 2012 11:45:39 +0000 (13:45 +0200)]
Attribution for Martin Schürrer.

9 years agoOutput details of encryption errors
Martin Schürrer [Sun, 30 Sep 2012 00:04:55 +0000 (02:04 +0200)]
Output details of encryption errors

9 years agoFix links in documenation.
Guus Sliepen [Thu, 27 Sep 2012 15:19:02 +0000 (17:19 +0200)]
Fix links in documenation.

9 years agoDon't ignore Makefile.am.
Guus Sliepen [Mon, 24 Sep 2012 12:56:00 +0000 (14:56 +0200)]
Don't ignore Makefile.am.

9 years agoAttribution for Vil Brekin and some code style cleanups.
Guus Sliepen [Mon, 24 Sep 2012 12:02:07 +0000 (14:02 +0200)]
Attribution for Vil Brekin and some code style cleanups.

9 years agoAndroid cross-compilation instructions.
Vilbrekin [Sat, 25 Aug 2012 18:32:38 +0000 (20:32 +0200)]
Android cross-compilation instructions.

9 years agoUse __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compila...
Vilbrekin [Sat, 25 Aug 2012 18:01:11 +0000 (20:01 +0200)]
Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.

9 years agoAdd basic .gitignore file, cleaning (most) files generated by autotools.
Vilbrekin [Sat, 25 Aug 2012 17:59:26 +0000 (19:59 +0200)]
Add basic .gitignore file, cleaning (most) files generated by autotools.

9 years agoReplace hard-code with new ScriptsInterpreter configuration property.
Vilbrekin [Sat, 25 Aug 2012 17:14:00 +0000 (19:14 +0200)]
Replace hard-code with new ScriptsInterpreter configuration property.

This new setting allows choosing a custom script interpreter used for the various tinc callbacks.
If none is specified, the script itself is called as executable (as before).
This is particularly useful when storing tinc configuration and script on a mount point with no-exec attribute.

9 years agoBasic patch for android cross-compilation.
Vilbrekin [Wed, 22 Aug 2012 08:46:24 +0000 (10:46 +0200)]
Basic patch for android cross-compilation.

Commented non-existing functions in android NDK.
Prefix scripts execution with shell binary to allow execution on no-exec mount points.
Everyything is currently hard coded, while it should use pre-compiler variables...

9 years agoAlso clarify hostnames=[yes|no] in tinc.conf(5).
Guus Sliepen [Fri, 27 Jul 2012 20:43:01 +0000 (22:43 +0200)]
Also clarify hostnames=[yes|no] in tinc.conf(5).

9 years agoMinor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for...
Mesar Hameed [Tue, 24 Jul 2012 06:18:50 +0000 (07:18 +0100)]
Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.

9 years agoUpdate THANKS file.
Guus Sliepen [Thu, 12 Jul 2012 09:32:08 +0000 (11:32 +0200)]
Update THANKS file.

9 years agoDocument how to load the tap driver on FreeBSD.
Guus Sliepen [Thu, 12 Jul 2012 09:30:56 +0000 (11:30 +0200)]
Document how to load the tap driver on FreeBSD.

9 years agoUse /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
Guus Sliepen [Thu, 12 Jul 2012 09:25:11 +0000 (11:25 +0200)]
Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.

9 years agoReleasing 1.0.19. release-1.0.19
Guus Sliepen [Mon, 25 Jun 2012 17:45:51 +0000 (19:45 +0200)]
Releasing 1.0.19.

9 years agoFix crash when using Broadcast = direct.
Guus Sliepen [Mon, 25 Jun 2012 17:03:54 +0000 (19:03 +0200)]
Fix crash when using Broadcast = direct.

9 years agoFix compiler warnings.
Guus Sliepen [Mon, 25 Jun 2012 17:01:51 +0000 (19:01 +0200)]
Fix compiler warnings.

9 years ago#include <winsock2.h> on Windows.
Guus Sliepen [Mon, 25 Jun 2012 13:01:42 +0000 (15:01 +0200)]
#include <winsock2.h> on Windows.

MinGW complained about it not being included.

9 years agoSmall fixes in proxy code.
Guus Sliepen [Mon, 25 Jun 2012 13:00:24 +0000 (15:00 +0200)]
Small fixes in proxy code.

9 years agoadd (errnum) in front of windows error messages
Michael Tokarev [Fri, 4 May 2012 12:41:47 +0000 (16:41 +0400)]
add (errnum) in front of windows error messages

On localized, non-English versions of windows, it is
common to have two active charsets -- for console applications
and for GUI applications, together with localized error messages
returned by windows.  But two charsets are rarely compatible,
so sending the same byte sequence to console and to windows
event log makes one or another to be unreadable.  So at least
include the error number, this way it will be possible to
lookup the actual error test using external ways.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
9 years agoDocument new proxy types.
Guus Sliepen [Thu, 19 Apr 2012 13:56:08 +0000 (15:56 +0200)]
Document new proxy types.

9 years agoAdd support for proxying through an external command.
Guus Sliepen [Thu, 19 Apr 2012 13:18:31 +0000 (15:18 +0200)]
Add support for proxying through an external command.

Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.

9 years agoAdd support for SOCKS 5 proxies.
Guus Sliepen [Thu, 19 Apr 2012 12:10:54 +0000 (14:10 +0200)]
Add support for SOCKS 5 proxies.

This only covers outgoing TCP connections, and supports only
username/password authentication or no authentication.

9 years agoAdd basic support for SOCKS 4 and HTTP CONNECT proxies.
Guus Sliepen [Wed, 18 Apr 2012 21:19:40 +0000 (23:19 +0200)]
Add basic support for SOCKS 4 and HTTP CONNECT proxies.

When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.

9 years agoAllow broadcast packets to be sent directly instead of via the MST.
Guus Sliepen [Sun, 15 Apr 2012 23:57:25 +0000 (01:57 +0200)]
Allow broadcast packets to be sent directly instead of via the MST.

When the "Broadcast = direct" option is used, broadcast packets are not sent
and forwarded via the Minimum Spanning Tree to all nodes, but are sent directly
to all nodes that can be reached in one hop.

One use for this is to allow running ad-hoc routing protocols, such as OLSR, on
top of tinc.

9 years agoAllow environment variables to be used for Name.
Guus Sliepen [Thu, 29 Mar 2012 15:45:25 +0000 (16:45 +0100)]
Allow environment variables to be used for Name.

When the Name starts with a $, the rest will be interpreted as the name of an
environment variable containing the real Name. When Name is $HOST, but this
environment variable does not exist, gethostname() will be used to set the
Name. In both cases, illegal characters will be converted to underscores.

9 years agoAdd support for systemd style socket activation.
Guus Sliepen [Mon, 26 Mar 2012 13:46:09 +0000 (14:46 +0100)]
Add support for systemd style socket activation.

If the LISTEN_FDS environment variable is set and tinc is run in the
foreground, tinc will use filedescriptors 3 to 3 + LISTEN_FDS for its listening
TCP sockets. For now, tinc will create matching listening UDP sockets itself.

There is no dependency on systemd or on libsystemd-daemon.

9 years agoRemove newline from log message.
Guus Sliepen [Mon, 26 Mar 2012 13:45:20 +0000 (14:45 +0100)]
Remove newline from log message.

9 years agoconfigure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
Anthony G. Basile [Mon, 26 Mar 2012 10:29:40 +0000 (06:29 -0400)]
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH

The current configure.in file does not correctly make use of these
macros.  The resulting configure file will therefore enable an item
even if --disable-FEATURE is given.  This patch restores the intended

9 years agoSupport :: in IPv6 Subnets.
Guus Sliepen [Sun, 25 Mar 2012 21:54:36 +0000 (22:54 +0100)]
Support :: in IPv6 Subnets.

9 years agoReleasing 1.0.18. release-1.0.18
Guus Sliepen [Sun, 25 Mar 2012 14:32:26 +0000 (15:32 +0100)]
Releasing 1.0.18.

9 years agoMark DecrementTTL option experimental.
Guus Sliepen [Sun, 25 Mar 2012 14:30:58 +0000 (15:30 +0100)]
Mark DecrementTTL option experimental.

9 years agoFix return type of vde_recv() as well.
Guus Sliepen [Sun, 25 Mar 2012 14:17:50 +0000 (15:17 +0100)]
Fix return type of vde_recv() as well.

In this case it is not really necessary as the conversion to int will already
take care of ensuring the return value is treated as signed.

9 years agoDocument OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
Guus Sliepen [Sun, 25 Mar 2012 13:55:56 +0000 (14:55 +0100)]
Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.

9 years agoFix some more compiler warnings.
Guus Sliepen [Sun, 25 Mar 2012 13:46:50 +0000 (14:46 +0100)]
Fix some more compiler warnings.

9 years agoFix return value type of vde_send().
Guus Sliepen [Sun, 25 Mar 2012 13:00:21 +0000 (14:00 +0100)]
Fix return value type of vde_send().

The libvdeplug_dyn.h header file incorrectly declares the return type of
vde_send() to size_t, while in reality it is ssize_t.

9 years agoFix compiler warnings.
Guus Sliepen [Sun, 25 Mar 2012 12:58:14 +0000 (13:58 +0100)]
Fix compiler warnings.

9 years agoAllow scoped addresses to be used for IPv6 multicast socket.
Guus Sliepen [Sun, 25 Mar 2012 12:42:10 +0000 (13:42 +0100)]
Allow scoped addresses to be used for IPv6 multicast socket.

9 years agoAdd #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
Guus Sliepen [Sun, 25 Mar 2012 12:40:55 +0000 (13:40 +0100)]
Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.

9 years agoSet default value of DecrementTTL to "no".
Guus Sliepen [Fri, 23 Mar 2012 12:18:36 +0000 (13:18 +0100)]
Set default value of DecrementTTL to "no".

Decrementing the TTL causes IPv6 to fail when Mode = switch, and there may be
other unforeseen side-effects.

9 years agoAdd support for multicast communication with UML/QEMU/KVM.
Guus Sliepen [Wed, 21 Mar 2012 16:00:53 +0000 (17:00 +0100)]
Add support for multicast communication with UML/QEMU/KVM.

DeviceType = multicast allows one to specify a multicast address and port with
a Device statement. Tinc will then read/send packets to that multicast group
instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM
instances that are listening on the same group.

9 years agoAllow a port to be specified in BindToAddress statements.
Guus Sliepen [Wed, 21 Mar 2012 12:20:15 +0000 (13:20 +0100)]
Allow a port to be specified in BindToAddress statements.

This can be used to let tinc listen on multiple ports for incoming connections.

9 years agoAlways try next Address when an outgoing connection fails to authenticate.
Guus Sliepen [Tue, 20 Mar 2012 22:49:16 +0000 (23:49 +0100)]
Always try next Address when an outgoing connection fails to authenticate.

When making outgoing connections, tinc goes through the list of Addresses and
tries all of them until one succeeds. However, before it would consider
establishing a TCP connection a success, even when the authentication failed.
This would be a problem if the first Address would point to a hostname and port
combination that belongs to the wrong tinc node, or perhaps even to a non-tinc
service, causing tinc to endlessly try this Address instead of moving to the
next one.

Problem found by Delf Eldkraft.

9 years agoReleasing 1.0.17. release-1.0.17
Guus Sliepen [Sat, 10 Mar 2012 12:31:36 +0000 (13:31 +0100)]
Releasing 1.0.17.

9 years agoUpdate copyright notices.
Guus Sliepen [Sat, 10 Mar 2012 12:23:08 +0000 (13:23 +0100)]
Update copyright notices.

9 years agoMake sure disabling old RSA keys works on Windows.
Guus Sliepen [Thu, 8 Mar 2012 22:23:39 +0000 (23:23 +0100)]
Make sure disabling old RSA keys works on Windows.

Seeking in files and rewriting parts of them does not seem to work properly on
Windows. Instead, when old RSA keys are found when generating new ones, the
file containing the old keys is copied to a temporary file where the changes
are made, and that file is renamed back to the original filename. On Windows,
we cannot atomically replace files with a rename(), so we need to move the
original file out of the way first. If anything fails, the new code will warn
that the user has to solve the problem by hand.

9 years agoAdd missing ICMP6 message type definitions.
Guus Sliepen [Thu, 8 Mar 2012 21:19:20 +0000 (22:19 +0100)]
Add missing ICMP6 message type definitions.

9 years agoAccept Subnets passed with the -o option when StrictSubnets = yes.
Guus Sliepen [Wed, 7 Mar 2012 09:40:06 +0000 (10:40 +0100)]
Accept Subnets passed with the -o option when StrictSubnets = yes.

9 years agoOnly log errors sending UDP packets when debug level >= 5.
Guus Sliepen [Fri, 2 Mar 2012 15:09:58 +0000 (16:09 +0100)]
Only log errors sending UDP packets when debug level >= 5.

Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.

9 years agoOnly use broadcast at the start of the PMTU discovery phase.
Guus Sliepen [Sun, 26 Feb 2012 15:23:02 +0000 (16:23 +0100)]
Only use broadcast at the start of the PMTU discovery phase.

For local peer discovery, only a handful of packets are necessary for
peers to detect each other.

9 years agoStricter checks against routing loops.
Guus Sliepen [Sat, 25 Feb 2012 21:11:30 +0000 (22:11 +0100)]
Stricter checks against routing loops.

If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.

9 years agoDon't send ICMP Time Exceeded messages for other Time Exceeded messages.
Guus Sliepen [Sat, 25 Feb 2012 20:46:18 +0000 (21:46 +0100)]
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.

That would be silly.

9 years agoAdd LocalDiscovery option which tries to detect peers on the local network.
Guus Sliepen [Wed, 22 Feb 2012 22:17:43 +0000 (23:17 +0100)]
Add LocalDiscovery option which tries to detect peers on the local network.

Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.

9 years agoPass index into listen_socket[] to handle_incoming_vpn_data().
Guus Sliepen [Wed, 22 Feb 2012 13:37:56 +0000 (14:37 +0100)]
Pass index into listen_socket[] to handle_incoming_vpn_data().

9 years agoAdd missing ICMP message type definitions.
Nick Hibma [Tue, 21 Feb 2012 14:26:58 +0000 (15:26 +0100)]
Add missing ICMP message type definitions.