It is common practice to change keys at regular intervals to make it even harder for crackers,
even though it is thought to be nearly impossible to crack a single key.
+.It Va LocalDiscovery Li = yes | no Po no Pc Bq experimental
+When enabled,
+.Nm tinc
+will try to detect peers that are on the same local network.
+This will allow direct communication using LAN addresses, even if both peers are behind a NAT
+and they only ConnectTo a third node outside the NAT,
+which normally would prevent the peers from learning each other's LAN address.
+
+.Pp
+Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
+This feature may not work in all possible situations.
+
.It Va MACExpire Li = Ar seconds Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when
Under Windows, this variable is used to select which network interface will be used.
If you specified a Device, this variable is almost always already correctly set.
+@cindex LocalDiscovery
+@item LocalDiscovery = <yes | no> (no) [experimental]
+When enabled, tinc will try to detect peers that are on the same local network.
+This will allow direct communication using LAN addresses, even if both peers are behind a NAT
+and they only ConnectTo a third node outside the NAT,
+which normally would prevent the peers from learning each other's LAN address.
+
+Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
+This feature may not work in all possible situations.
+
@cindex Mode
@item Mode = <router|switch|hub> (router)
This option selects the way packets are routed to other daemons.
myself->status.visited = true;
myself->status.indirect = false;
myself->nexthop = myself;
+ myself->prevedge = NULL;
myself->via = myself;
list_insert_head(todo_list, myself);
e->to->status.visited = true;
e->to->status.indirect = indirect;
e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop;
+ e->to->prevedge = e;
e->to->via = indirect ? n->via : e->to;
e->to->options = e->options;
extern int seconds_till_retry;
extern int addressfamily;
extern unsigned replaywin;
+extern bool localdiscovery;
extern listen_socket_t listen_socket[MAXSOCKETS];
extern int listen_sockets;
static void send_udppacket(node_t *, vpn_packet_t *);
unsigned replaywin = 16;
+bool localdiscovery = false;
#define MAX_SEQNO 1073741824
-// mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
-// mtuprobes == 31: sleep pinginterval seconds
-// mtuprobes == 32: send 1 burst, sleep pingtimeout second
-// mtuprobes == 33: no response from other side, restart PMTU discovery process
+/* mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
+ mtuprobes == 31: sleep pinginterval seconds
+ mtuprobes == 32: send 1 burst, sleep pingtimeout second
+ mtuprobes == 33: no response from other side, restart PMTU discovery process
+
+ Probes are sent in batches of three, with random sizes between the lower and
+ upper boundaries for the MTU thus far discovered.
+
+ In case local discovery is enabled, a fourth packet is added to each batch,
+ which will be broadcast to the local network.
+*/
static void send_mtu_probe_handler(int fd, short events, void *data) {
node_t *n = data;
timeout = pingtimeout;
}
- for(i = 0; i < 3; i++) {
+ for(i = 0; i < 3 + localdiscovery; i++) {
if(n->maxmtu <= n->minmtu)
len = n->maxmtu;
else
memset(packet.data, 0, 14);
randomize(packet.data + 14, len - 14);
packet.len = len;
- packet.priority = 0;
+ packet.priority = i < 3 ? 0 : -1;
ifdebug(TRAFFIC) logger(LOG_INFO, "Sending MTU probe length %d to %s (%s)", len, n->name, n->hostname);
/* Send the packet */
+ struct sockaddr *sa;
+ socklen_t sl;
+ int sock;
+
+ /* Overloaded use of priority field: -1 means local broadcast */
+
+ if(origpriority == -1 && n->prevedge) {
+ struct sockaddr_in in;
+ in.sin_family = AF_INET;
+ in.sin_addr.s_addr = -1;
+ in.sin_port = n->prevedge->address.in.sin_port;
+ sa = (struct sockaddr *)∈
+ sl = sizeof in;
+ sock = 0;
+ } else {
+ if(origpriority == -1)
+ origpriority = 0;
+
+ sa = &(n->address.sa);
+ sl = SALEN(n->address.sa);
+ sock = n->sock;
+ }
+
#if defined(SOL_IP) && defined(IP_TOS)
if(priorityinheritance && origpriority != priority
&& listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
}
#endif
- if(sendto(listen_socket[n->sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa)) < 0 && !sockwouldblock(sockerrno)) {
+ if(sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, sa, sl) < 0 && !sockwouldblock(sockerrno)) {
if(sockmsgsize(sockerrno)) {
if(n->maxmtu >= origlen)
n->maxmtu = origlen - 1;
if(hard)
last_hard_try = now;
+ last_hard_try = now;
return n;
}
get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly);
get_config_bool(lookup_config(config_tree, "StrictSubnets"), &strictsubnets);
get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
+ get_config_bool(lookup_config(config_tree, "LocalDiscovery"), &localdiscovery);
strictsubnets |= tunnelserver;
if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) {
option = 1;
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof option);
+ setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof option);
if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf)))
logger(LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, strerror(errno));
int distance;
struct node_t *nexthop; /* nearest node from us to him */
+ struct edge_t *prevedge; /* nearest node from him to us */
struct node_t *via; /* next hop for UDP packets */
splay_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */
projects / meshlink / commitdiff