-Main tinc authors:
-
-- Guus Sliepen <guus@tinc-vpn.org>
-- Ivo Timmermans (inactive)
-
-Significant code contributions from:
-
-- Brandon Black <blblack@gmail.com>
-- Etienne Dechamps <etienne@edechamps.fr>
-- Florian Forster <octo@verplant.org>
-- Grzegorz Dymarek <gregd72002@googlemail.com>
-- Julien Muchembled <jm@jmuchemb.eu>
-- Loïc Grenié <loic.grenie@gmail.com>
-- Max Rijevski <maksuf@gmail.com>
-- Michael Tokarev <mjt@tls.msk.ru>
-- Scott Lamb <slamb@slamb.org>
-- Sven-Haegar Koch <haegar@sdinet.de>
-- Timothy Redaelli <timothy@redaelli.eu>
-
-These files are from other sources:
-
-* lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from
- the syslog 1.3 sources.
-
-* src/bsd/tunemu.c and tunemu.h are by Friedrich Schöller
- <friedrich.schoeller@gmail.com>
-
-Also some of the macro files in the directory m4, and their
-accompanying files in lib, were taken from GNU fileutils.
-
-Please see the file THANKS for a list of all contributors to tinc.
+Guus Sliepen <guus@meshlink.io>
-Copyright (C) 1998-2014 Ivo Timmermans, Guus Sliepen and others.
-See the AUTHORS file for a complete list.
+Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
-The following applies to tinc:
+The following applies to MeshLink:
This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed. You may provide binary
packages linked to the OpenSSL libraries, provided that all other requirements
of the GPL are met.
-
-The following applies to the LZO library:
-
- Hereby I grant a special exception to the tinc VPN project
- (http://tinc.nl.linux.org/) to link the LZO library with the OpenSSL library
- (http://www.openssl.org).
-
- Markus F.X.J. Oberhumer
-
-When tinc is compiled with the --enable-tunemu option, the resulting binary
-falls under the GPL version 3 or later.
-
-
-Version 1.1pre10 February 7 2014
+Version 0.1
- * Added a benchmark tool (sptps_speed) for the new protocol.
-
- * Fixed a crash when using Name = $HOST while $HOST is not set.
-
- * Use AES-256-GCM for the new protocol.
-
- * Updated support for Solaris.
-
- * Allow running tincd without a private ECDSA key present when
- ExperimentalProtocol is not explicitly set.
-
- * Enable various compiler hardening flags by default.
-
- * Added support for a "conf.d" configuration directory.
-
- * Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when
- tinc-gui is run in a 64-bits Python environment.
-
- * Added a "ListenAddress" option, which like BindToAddress adds more listening
- address/ports, but doesn't bind to them for outgoing sockets.
-
- * Make invitations work better when the "invite" and "join" commands are not
- run interactively.
-
- * When creating meta-connections to a node for which no Address statement is
- specified, try to use addresses learned from other nodes.
-
-Thanks to Dennis Joachimsthaler and Florent Clairambault for their contribution
-to this version of tinc.
-
-Version 1.1pre9 September 8 2013
-
- * The UNIX socket is now created before tinc-up is called.
-
- * Windows users can now use any extension that is in %PATHEXT% for scripts,
- not only .bat.
-
- * Outgoing sockets are bound to the address of the listening sockets again,
- when there is no ambiguity.
-
- * Added invitation-created and invitation-accepted scripts.
-
- * Invited nodes now learn of the Mode and Broadcast settings of the VPN.
-
- * Joining a VPN with an invitation now also works on Windows.
-
- * The port number tincd is listening on is now always included in the
- invitation URL.
-
- * A running tincd is now correctly informed when a new invitation has been
- generated.
-
- * Several bug fixes for the new protocol.
-
- * Added a test suite.
-
-Thanks to Etienne Dechamps for his contribution to this version of tinc.
-
-Version 1.1pre8 August 13 2013
-
- * ExperimentalProtocol is now enabled by default.
-
- * Added an invitation protocol that makes it easy to invite new nodes.
-
- * Added the LocalDiscoveryAddress option to change the broadcast address used
- to find local nodes.
-
- * Limit the rate of incoming meta-connections.
-
- * Many small bug fixes and code cleanups.
-
-Thanks to Etienne Dechamps and Sven-Haegar Koch for their contributions to this
-version of tinc.
-
-Version 1.1pre7 April 22 2013
-
- * Fixed large latencies on Windows.
-
- * Renamed the tincctl tool to tinc.
-
- * Simplified changing the configuration using the tinc tool.
-
- * Added a full description of the ExperimentalProtocol to the manual.
-
- * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
-
-Thanks to Martin Schobert for auditing tinc and reporting the vulnerability.
-
-Version 1.1pre6 February 20 2013
-
- * Fixed tincd exitting immediately on Windows.
-
- * Detect PMTU increases.
-
- * Fixed crashes when using a SOCKS5 proxy.
-
- * Fixed control connection when using a proxy.
-
-Version 1.1pre5 January 20 2013
-
- * Fixed long delays and possible hangs on Windows.
-
- * Fixed support for the tunemu device on iOS, the UML and VDE devices.
-
- * Small improvements to the documentation and error messages.
-
- * Fixed broadcast packets not reaching the whole VPN.
-
- * Tincctl now connects via a UNIX socket to the tincd on platforms that
- support this.
-
- * The PriorityInheritance option now also works in switch mode.
-
-Version 1.1pre4 December 5 2012
-
- * Added the "AutoConnect" option which will let tinc automatically select
- which nodes to connect to.
-
- * Improved performance of VLAN-tagged IP traffic inside the VPN.
-
- * Ensured LocalDiscovery works with multiple BindToAddress statements and/or
- IPv6-only LANs.
-
- * Dropped dependency on libevent.
-
- * Fixed Windows version not reading packets from the TAP adapter.
-
-Version 1.1pre3 October 14 2012
-
- * New experimental protocol:
- * Uses 521 bit ECDSA keys for authentication.
- * Uses AES-256-CTR and HMAC-SHA256.
- * Always provides perfect forward secrecy.
- * Used for both meta-connections and VPN packets.
- * VPN packets are encrypted end-to-end.
-
- * Many improvements to tincctl:
- * "config" command shows/adds/changes configuration variables.
- * "export" and "import" commands help exchange configuration files.
- * "init" command sets up initial configuration files.
- * "info" command shows details about a node, subnet or address.
- * "log" command shows live log messages.
- * Without a command it acts as a shell, with history and TAB completion.
- * Improved starting/stopping tincd.
- * Improved graph output.
-
- * When trying to directly send UDP packets to a node for which multiple
- addresses are known, all of them are tried.
-
- * Many small fixes, code cleanups and documentation updates.
-
-Version 1.1pre2 July 17 2011
-
- * .cookie files are renamed to .pid files, which are compatible with 1.0.x.
-
- * Experimental protocol enhancements that can be enabled with the option
- ExperimentalProtocol = yes:
-
- * Ephemeral ECDH key exchange will be used for both the meta protocol and
- UDP session keys.
- * Key exchanges are signed with ECDSA.
- * ECDSA public keys are automatically exchanged after RSA authentication if
- nodes do not know each other's ECDSA public key yet.
-
-Version 1.1pre1 June 25 2011
-
- * Control interface allows control of a running tinc daemon. Used by:
- * tincctl, a commandline utility
- * tinc-gui, a preliminary GUI implemented in Python/wxWidgets
-
- * Code cleanups and reorganization.
-
- * Repleacable cryptography backend, currently supports OpenSSL and libgcrypt.
-
- * Use libevent to handle I/O events and timeouts.
-
- * Use splay trees instead of AVL trees to manage internal datastructures.
-
- Thanks to Scott Lamb and Sven-Haegar Koch for their contributions to this
- version of tinc.
-
-Version 1.0.22 August 13 2013
-
- * Fixed the combination of Mode = router and DeviceType = tap.
-
- * The $NAME variable is now set in subnet-up/down scripts.
-
- * Tinc now gives an error when unknown options are given on the command line.
-
- * Tinc now correctly handles a space between a short command line option and
- an optional argument.
-
-Thanks to Etienne Dechamps for his contribution to this version of tinc.
-
-Version 1.0.21 April 22 2013
-
- * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
-
-Thanks to Martin Schobert for auditing tinc and reporting this vulnerability.
-
-Version 1.0.20 March 03 2013
-
- * Use /dev/tap0 by default on FreeBSD and NetBSD when using switch mode.
-
- * Minor improvements and clarifications in the documentation.
-
- * Allow tinc to be cross-compiled with Android's NDK.
-
- * The discovered PMTU is now also applied to VLAN tagged traffic.
-
- * The LocalDiscovery option now makes use of all addresses tinc is bound to.
-
- * Fixed support for tunemu on iOS devices.
-
- * The PriorityInheritance option now also works with switch mode.
-
- * Fixed tinc crashing when using a SOCKS5 proxy.
-
-Thanks to Mesar Hameed, Vilbrekin and Martin Schürrer for their contributions
-to this version of tinc.
-
-Version 1.0.19 June 25 2012
-
- * Allow :: notation in IPv6 Subnets.
-
- * Add support for systemd style socket activation.
-
- * Allow environment variables to be used for the Name option.
-
- * Add basic support for SOCKS proxies, HTTP proxies, and proxying through an
- external command.
-
-Version 1.0.18 March 25 2012
-
- * Fixed IPv6 in switch mode by turning off DecrementTTL by default.
-
- * Allow a port number to be specified in BindToAddress, which also allows tinc
- to listen on multiple ports.
-
- * Add support for multicast communication with UML/QEMU/KVM.
-
-Version 1.0.17 March 10 2012
-
- * The DeviceType option can now be used to select dummy, raw socket, UML and
- VDE devices without needing to recompile tinc.
-
- * Allow multiple BindToAddress statements.
-
- * Decrement TTL value of IPv4 and IPv6 packets.
-
- * Add LocalDiscovery option allowing tinc to detect peers that are behind the
- same NAT.
-
- * Accept Subnets passed with the -o option when StrictSubnets = yes.
-
- * Disabling old RSA keys when generating new ones now also works properly on
- Windows.
-
-Version 1.0.16 July 23 2011
-
- * Fixed a performance issue with TCP communication under Windows.
-
- * Fixed code that, during network outages, would cause tinc to exit when it
- thought two nodes with identical Names were on the VPN.
-
-Version 1.0.15 June 24 2011
-
- * Improved logging to file.
-
- * Reduced amount of process wakeups on platforms which support pselect().
-
- * Fixed ProcessPriority option under Windows.
-
- Thanks to Loïc Grenié for his contribution to this version of tinc.
-
-Version 1.0.14 May 8 2011
-
- * Fixed reading configuration files that do not end with a newline. Again.
-
- * Allow arbitrary configuration options being specified on the command line.
-
- * Allow all options in both tinc.conf and the local host config file.
-
- * Configurable replay window, UDP send and receive buffers for performance tuning.
-
- * Try harder to get UDP communication back after falling back to TCP.
-
- * Initial support for attaching tinc to a VDE switch.
-
- * DragonFly BSD support.
-
- * Allow linking with OpenSSL 1.0.0.
-
- Thanks to Brandon Black, Julien Muchembled, Michael Tokarev, Rumko and Timothy
- Redaelli for their contributions to this version of tinc.
-
-Version 1.0.13 Apr 11 2010
-
- * Allow building tinc without LZO and/or Zlib.
-
- * Clamp MSS of TCP packets in both directions.
-
- * Experimental StrictSubnets, Forwarding and DirectOnly options,
- giving more control over information and packets received from/sent to other
- nodes.
-
- * Ensure tinc never sends symbolic names for ports over the wire.
-
-Version 1.0.12 Feb 3 2010
-
- * Really allow fast roaming of hosts to other nodes in a switched VPN.
-
- * Fixes missing or incorrect environment variables when calling host-up/down
- and subnet-up/down scripts in some cases.
-
- * Allow port to be specified in Address statements.
-
- * Clamp MSS of TCP packets to the discovered path MTU.
-
- * Let two nodes behind NAT learn each others current UDP address and port via
- a third node, potentially allowing direct communications in a similar way to
- STUN.
-
-Version 1.0.11 Nov 1 2009
-
- * Fixed potential crash when the HUP signal is sent.
-
- * Fixes handling of weighted Subnets in switch and hub modes, preventing
- unnecessary broadcasts.
-
- * Works around a MinGW bug that caused packets to Windows nodes to always be
- sent via TCP.
-
- * Improvements to the PMTU discovery code, especially on Windows.
-
- * Use UDP again in certain cases where 1.0.10 was too conservative and fell
- back to TCP unnecessarily.
-
- * Allow fast roaming of hosts to other nodes in a switched VPN.
-
-Version 1.0.10 Oct 18 2009
-
- * Fixed potential crashes during shutdown and (in rare conditions) when other
- nodes disconnected from the VPN.
-
- * Improved NAT handling: tinc now copes with mangled port numbers, and will
- automatically fall back to TCP if direct UDP connection between nodes is not
- possible. The TCPOnly option should not have to be used anymore.
-
- * Allow configuration files with CRLF line endings to be read on UNIX.
-
- * Disable old RSA keys when generating new ones, and raise the default size of
- new RSA keys to 2048 bits.
-
- * Many fixes in the path MTU discovery code, especially when Compression is
- being used.
-
- * Tinc can now drop privileges and/or chroot itself.
-
- * The TunnelServer code now just ignores information from clients instead of
- disconnecting them.
-
- * Improved performance on Windows by using the new ProcessPriority option and
- by making the handling of packets received from the TAP-Win32 adapter more
- efficient.
-
- * Code cleanups: tinc now follows the C99 standard, copyright headers have
- been updated to include patch authors, checkpoint tracing and localisation
- features have been removed.
-
- * Support for (jailbroken) iPhone and iPod Touch has been added.
-
- Thanks to Florian Forster, Grzegorz Dymarek and especially Michael Tokarev for
- their contributions to this version of tinc.
-
-Version 1.0.9 Dec 26 2008
-
- * Fixed tinc as a service under Windows 2003.
-
- * Fixed reading configuration files that do not end with a newline.
-
- * Fixed crashes in situations where hostnames could not be resolved or hosts
- would disconnect at the same time as session keys were exchanged.
-
- * Improved default settings of tun and tap devices on BSD platforms.
-
- * Make IPv6 sockets bind only to IPv6 on Linux.
-
- * Enable path MTU discovery by default.
-
- * Fixed a memory leak that occured when connections were closed.
-
- Thanks to Max Rijevski for his contributions to this version of tinc.
-
-Version 1.0.8 May 16 2007
-
- * Fixed some memory and resource leaks.
-
- * Made network sockets non-blocking under Windows.
-
- Thanks to Scott Lamb and "dnk" for their contributions to this version of tinc.
-
-Version 1.0.7 Jan 5 2007
-
- * Fixed a bug that caused slow network speeds on Windows.
-
- * Fixed a bug that caused tinc unable to write packets to the tun device on
- OpenBSD.
-
-Version 1.0.6 Dec 18 2006
-
- * More flexible detection of the LZO libraries when compiling.
-
- * Fixed a bug where broadcasts in switch and hub modes sometimes would not
- work anymore when part of the VPN had become disconnected from the rest.
-
-Version 1.0.5 Nov 14 2006
-
- * Lots of small fixes.
-
- * Broadcast packets no longer grow in size with each hop. This should
- fix switch mode (again).
-
- * Generic host-up and host-down scripts.
-
- * Optionally dump graph in graphviz format to a file or a script.
-
- * Support LZO 2.0 and later.
-
- Thanks to Scott Lamb for his contributions to this version of tinc.
-
-Version 1.0.4 May 4 2005
-
- * Fix switch and hub modes.
-
- * Optionally start scripts when a Subnet becomes (un)reachable.
-
-Version 1.0.3 Nov 11 2004
-
- * Show error message when failing to write a PID file.
-
- * Ignore spaces at end of lines in config files.
-
- * Fix handling of late packets.
-
- * Unify BSD tun/tap device handling. This allows IPv6 on tun devices and
- anything on tap devices as long as the underlying OS supports it.
-
- * Handle IPv6 on Solaris tun devices.
-
- * Allow tinc to work properly under Windows XP SP2.
-
- * Allow VLAN tagged Ethernet frames in switch and hub mode.
-
- * Experimental PMTUDiscovery, TunnelServer and BlockingTCP options.
-
-Version 1.0.2 Nov 8 2003
-
- * Fix address and hostname resolving under Windows.
-
- * Remove warnings about non-existing scripts and unsupported address families.
-
- * Use the event logger under Windows.
-
- * Fix quoting of filenames and command line arguments under Windows.
-
- * Strict checks for length incoming network packets and return values of
- cryptographic functions,
-
- * Fix a bug in metadata handling that made the tinc daemon abort.
-
-Version 1.0.1 Aug 14 2003
-
- * Allow empty lines in config files.
-
- * Fix handling of spaces and backslashes in filenames under native Windows.
-
- * Allow scripts to be executed under native Windows.
-
- * Update documentation, make it less Linux specific.
-
-Version 1.0 Aug 4 2003
-
- * Lots of small bugfixes and code cleanups.
-
- * Throughput doubled and latency reduced.
-
- * Added support for LZO compression.
-
- * No need to set MAC address or disable ARP anymore.
-
- * Added support for Windows 2000 and XP, both natively and in a Cygwin
- environment.
-
-Version 1.0pre8 Sep 16 2002
-
- * More fixes for subnets with prefixlength undivisible by 8.
-
- * Added support for NetBSD and MacOS/X.
-
- * Switched from undirected graphs to directed graphs to avoid certain race
- conditions and improve scalability.
-
- * Generalized broadcasting and forwarding of protocol messages.
-
- * Cleanup of source code.
-
-Version 1.0pre7 Apr 7 2002
-
- * Don't do blocking read()s when getting a signal.
-
- * Remove RSA key checking code, since it sometimes thinks perfectly good RSA
- keys are bad.
-
- * Fix handling of subnets when prefixlength isn't divisible by 8.
-
-Version 1.0pre6 Mar 27 2002
-
- * Improvement of redundant links:
- * Non-blocking connects.
- * Protocol broadcast messages can no longer go into an infinite loop.
- * Graph algorithm updated to look harder for direct connections.
-
- * Good support for routing IPv6 packets over the VPN. Works on Linux,
- FreeBSD, possibly OpenBSD but not on Solaris.
-
- * Support for tunnels over IPv6 networks. Works on all supported
- operating systems.
-
- * Optional compression of UDP connections using zlib.
-
- * Optionally let UDP connections inherit TOS field of tunneled packets.
-
- * Optionally start scripts when certain hosts become (un)reachable.
-
-Version 1.0pre5 Feb 9 2002
-
- * Security enhancements:
- * Added sequence number and optional message authentication code to
- the packets.
- * Configurable encryption cipher and digest algorithms.
-
- * More robust handling of dis- and reconnects.
-
- * Added a "switch" and a "hub" mode to allow bridging setups.
-
- * Preliminary support for routing of IPv6 packets.
-
- * Supports Linux, FreeBSD, OpenBSD and Solaris.
-
-Version 1.0pre4 Jan 17 2001
-
- * Updated documentation; the documentation now reflects the
- configuration as it is.
-
- * Some internal changes to make tinc scale better for large
- networks, such as using AVL trees instead of linked lists for the
- connection list.
-
- * RSA keys can be stored in separate files if needed. See the
- documentation for more information.
-
- * Tinc has now been reported to run on Linux PowerPC and FreeBSD x86.
-
-Version 1.0pre3 Oct 31 2000
-
- * The protocol has been redesigned, and although some details are
- still under discussion, this is secure. Care has been taken to
- resist most, if not all, attacks.
-
- * Unfortunately this protocol is not compatible with earlier versions,
- nor are earlier versions compatible with this version. Because the
- older protocol has huge security flaws, we feel that not
- implementing backwards compatibility is justified.
-
- * Some data about the protocol:
- * It uses public/private RSA keys for authentication (this is the
- actual fix for the security hole).
- * All cryptographic functions have been taken out of tinc, instead
- it uses the OpenSSL library functions.
- * Offers support for multiple subnets per tinc daemon.
-
- * New is also the support for the universal tun/tap device. This
- means better portability to FreeBSD and Solaris.
-
- * Tinc is tested to compile on Solaris, Linux x86, Linux alpha.
-
- * Tinc now uses the OpenSSL library for cryptographic operations.
- More information on getting and installing OpenSSL is in the manual.
- This also means that the GMP library is no longer required.
-
- * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
- Carrasco provided us with a Spanish translation of the manual.
-
-Version 1.0pre2 May 31 2000
-
- * This version has been internationalized; and a Dutch translation has
- been included.
-
- * Two configuration variables have been added:
- * VpnMask - the IP network mask for the entire VPN, not just our
- subnet (as given by MyVirtualIP). The Redhat and Debian packages
- use this variable in their system startup scripts, but it is
- ignored by tinc.
- * Hostnames - if set to `yes', look up the names of IP addresses
- trying to connect to us. Default set to `no', to prevent lockups
- during lookups.
-
- * The system startup scripts for Debian and Redhat use
- /etc/tinc/nets.boot to find out which networks need to be started
- during system boot.
-
- * Fixes to prevent denial of service attacks by sending random data
- after connecting (and even when the connection has been established),
- either random garbage or just nonsensical protocol fields.
-
- * Tinc will retry to connect upon startup, does not quit if it doesn't
- work the first time.
-
- * Hosts that are disconnected implicitly if we lose a connection get
- deleted from the internal list, to prevent hogging eachother with
- add and delete requests when the connection is restored.
-
-Version 1.0pre1 May 12 2000
-
- * New meta-protocol
-
- * Various other bugfixes
-
- * Documentation updates
-
-Version 0.3.3 Feb 9 2000
-
- * Fixed bug that made tinc stop working with latest kernels
-
- * Updated the manual
-
-Version 0.3.2 Nov 12 1999
-
- * No more `Invalid filedescriptor' when working with multiple
- connections.
-
- * Forward unknown packets to uplink.
-
-Version 0.3.1 Oct 20 1999
-
- * Fixed a bug where tinc would exit without a trace.
-
-Version 0.3 Aug 20 1999
-
- * Pings now work immediately.
-
- * All packet sizes get transmitted correctly.
-
-Version 0.2.26 Aug 15 1999
-
- * Fixed some remaining bugs.
-
- * --sysconfdir works with configure.
-
- * Last version before 0.3.
-
-Version 0.2.25 Aug 8 1999
-
- * Improved stability, going towards 0.3 now.
-
-Version 0.2.24 Aug 7 1999
-
- * Added key aging, there's a new config variable, KeyExpire.
-
- * Updated man and info pages.
-
-Version 0.2.23 Aug 5 1999
-
- * All known bugs fixed, this is a candidate for 0.3.
-
-Version 0.2.22 Apr 11 1999
-
- * Multiconnection thing is now working nearly perfect :)
-
-Version 0.2.21 Apr 10 1999
-
- * You shouldn't notice a thing, but a lot has changed wrt key
-management - except that it refuses to talk to versions < 0.2.20
-
-Version 0.2.19 Apr 3 1999
-
- * Don't install a libcipher.so.
-
-Version 0.2.18 Apr 3 1999
-
- * Blowfish library dynamically loaded upon execution.
-
- * Included Eric Young's IDEA library.
-
-Version 0.2.17 Apr 1 1999
-
- * Tincd now re-executes itself in case of a segmentation fault.
-
-Version 0.2.16 Apr 1 1999
-
- * Wrote tincd.conf(5) man page, which still needs a lot of work.
-
- * Config file now accepts and tolerates spaces, and any integer base
- for integer variables, and better error reporting. See
- doc/tincd.conf.sample for an example.
-
-Version 0.2.15 Mar 29 1999
-
- * Fixed bugs.
-
-Version 0.2.14 Feb 10 1999
-
- * Added --timeout flag and PingTimeout configuration.
- * Did some first syslog cleanup work.
-
-Version 0.2.13 Jan 23 1999
-
- * Bugfixes.
-
-Version 0.2.12 Jan 23 1999
-
- * Fixed nauseating bug so that it would crash whenever a connection
- got lost.
-
-Version 0.2.11 Jan 22 1999
-
- * Framework for multiple connections has been done.
-
- * Simple manpage for tincd.
-
-Version 0.2.10 Jan 18 1999
-
- * Passphrase support added.
-
-Version 0.2.9 Jan 13 1999
-
- * Bugs fixed.
-
-Version 0.2.8 Jan 11 1999
-
- * A reworked protocol version.
-
- * A ping/pong system.
-
- * More reliable networking code.
-
- * Automatic reconnection.
-
- * Still does not work with more than one connection :)
-
- * Strips MAC addresses before sending, so there's less overhead, and
- less redundancy.
-
-Version 0.2.7 Jan 3 1999
-
- * Several updates to make extending more easy.
-
-Version 0.2.6 Dec 20 1998
-
- * Point-to-Point connections have been established, including
- Blowfish encryption and a secret key-exchange.
-
-Version 0.2.5 Dec 16 1998
-
- * Project renamed to tinc, in honour of TINC.
-
-Version 0.2.4 Dec 16 1998
-
- * Now it really does ;)
-
-Version 0.2.3 Nov 24 1998
-
- * It sort of works now.
-
-Version 0.2.2 Nov 20 1998
-
- * Uses GNU gmp.
-
-Version 0.2.1 Nov 14 1998
-
- * Bare version.
+ * Initial version of the MeshLink library.
-This is the README file for tinc version 1.1pre10. Installation
-instructions may be found in the INSTALL file.
+This is the README file for the MeshLink library. Installation instructions may
+be found in the INSTALL file.
-tinc is Copyright (C) 1998-2014 by:
-
-Ivo Timmermans,
-Guus Sliepen <guus@tinc-vpn.org>,
-and others.
-
-For a complete list of authors see the AUTHORS file.
+MeshLink is Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version. See the file COPYING for more details.
+To obtain a license to use this library in commercial software, please contact
+sales@meshlink.io.
-This is a pre-release
----------------------
-
-Please note that this is NOT a stable release. Until version 1.1.0 is released,
-please use one of the 1.0.x versions if you need a stable version of tinc.
-
-Although tinc 1.1 will be protocol compatible with tinc 1.0.x, the
-functionality of the tinc program may still change, and the control socket
-protocol is not fixed yet.
-
-
-Security statement
-------------------
-
-This version uses an experimental and unfinished cryptographic protocol. Use it
-at your own risk.
+This is not a finished version
+------------------------------
-Compatibility
--------------
-
-Version 1.1pre10 is compatible with 1.0pre8, 1.0 and later, but not with older
-versions of tinc.
-
-When the ExperimentalProtocol option is used, tinc is still compatible with
-1.0.X and 1.1pre10 itself, but not with any other 1.1preX version.
+Please do not use this library yet.
Requirements
------------
-In order to compile tinc, you will need a GNU C compiler environment. Please
+In order to compile MeshLink, you will need a GNU C compiler environment. Please
ensure you have the latest stable versions of all the required libraries:
- OpenSSL (http://www.openssl.org/) version 1.0.0 or later, with support for
The following libraries are used by default, but can be disabled if necessary:
- zlib (http://www.gzip.org/zlib/)
-- lzo (http://www.oberhumer.com/opensource/lzo/)
-- ncurses (http://invisible-island.net/ncurses/)
-- readline (ftp://ftp.gnu.org/pub/gnu/readline/)
-
Features
--------
-Tinc is a peer-to-peer VPN daemon that supports VPNs with an arbitrary number
-of nodes. Instead of configuring tunnels, you give tinc the location and
-public key of a few nodes in the VPN. After making the initial connections to
-those nodes, tinc will learn about all other nodes on the VPN, and will make
-connections automatically. When direct connections are not possible, data will
-be forwarded by intermediate nodes.
-
-By default, nodes authenticate each other using 2048 bit RSA (or 521 bit
-ECDSA*) keys. Traffic is encrypted using Blowfish in CBC mode (or AES-256 in
-GCM mode*), authenticated using HMAC-SHA1 (or GCM*), and is protected against
-replay attacks.
-
-*) When using the ExperimentalProtocol option.
-
-Tinc fully supports IPv6.
-
-Tinc can operate in several routing modes. In the default mode, "router", every
-node is associated with one or more IPv4 and/or IPv6 Subnets. The other two
-modes, "switch" and "hub", let the tinc daemons work together to form a virtual
-Ethernet network switch or hub.
+MeshLink is a library that allows applications to connect to other instances of
+itself, and exchange messages in a secure way. MeshLink provides end-to-end
+encryption and authentication of messages with perfect forward secrecy. The
+MeshLink library starts its own thread which handles all network
+communications. The application only needs to register callbacks to get
+notified of incoming messages and other important events.
-Normally, when started tinc will detach and run in the background. In a native
-Windows environment this means tinc will intall itself as a service, which will
-restart after reboots. To prevent tinc from detaching or running as a service,
-use the -D option.
+Other noteworthy features are:
-The status of the VPN can be queried using the "tinc" command, which connects
-to a running tinc daemon via a control connection. The same tool also makes it
-easy to start and stop tinc, and to change its configuration.
+- IPv6 support
+- NAT traversal (requires at least one node that is not behind a NAT)
+- Ed25519 keys (TBD)
+- AES-256-GCM encryption and message authentication
-Quick how-o cross compile tinc for android (done from $HOME/android/):
+Quick how-to cross compile MeshLink for android (done from $HOME/android/):
- Download android NDK and setup local ARM toolchain:
wget http://dl.google.com/android/ndk/android-ndk-r8b-linux-x86.tar.bz2
./Configure dist
make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib
-- Clone and cross-compile tinc:
-git clone git://tinc-vpn.org/tinc
-cd tinc
+- Clone and cross-compile MeshLink:
+git clone git://meshlink.io/meshlink
+cd meshlink
autoreconf -fsi
CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc ./configure --host=arm-linux --disable-lzo --with-openssl-lib=$HOME/android/openssl-1.0.1c --with-openssl-include=$HOME/android/openssl-1.0.1c/include/
make -j5
-Before you can start compiling tinc from a fresh git clone, you have
+Before you can start compiling MeshLink from a fresh git clone, you have
to install the very latest versions of the following packages:
- OpenSSL
- zlib
-- lzo
- GCC
- automake
- autoconf
-- ncurses or PDCurses
-- readline
Then you have to let the autotools create all the autogenerated files, using
this command:
+++ /dev/null
-We would like to thank the following people for their contributions to tinc:
-
-* Alexander Reil and Gemeinde Berg
-* Allesandro Gatti
-* Andreas van Cranenburgh
-* Anthony G. Basile
-* Armijn Hemel
-* Brandon Black
-* Cheng LI
-* Cris van Pelt
-* Darius Jahandarie
-* Delf Eldkraft
-* Dennis Joachimsthaler
-* dnk
-* Enrique Zanardi
-* Erik Tews
-* Etienne Dechamps
-* Florent Clairambault
-* Flynn Marquardt
-* Gary Kessler and Claudia Gonzalez
-* Grzegorz Dymarek
-* Hans Bayle
-* Ivo van Dong
-* James Cook
-* James MacLean
-* Jamie Briggs
-* Jason Harper
-* Jelle de Jong
-* Jeroen Ubbink
-* Jerome Etienne
-* Julien Muchembled
-* Lavrans Laading
-* Loïc Grenié
-* LubomÃr Bulej
-* Mads Kiilerich
-* Marc A. Lehmann
-* Mark Glines
-* Mark Petryk
-* Markus Goetz
-* Martin Kihlgren
-* Martin Schobert
-* Martin Schürrer
-* Matias Carrasco
-* Max Rijevski
-* Menno Smits
-* Mesar Hameed
-* Michael Tokarev
-* Miles Nordin
-* Nick Hibma
-* Nick Patavalis
-* Paul Littlefield
-* Philipp Babel
-* Robert van der Meulen
-* Rumko
-* Scott Lamb
-* Sven-Haegar Koch
-* Teemu Kiviniemi
-* Timothy Redaelli
-* Tonnerre Lombard
-* Vil Brekin
-* Wessel Dankers
-* Wouter van Heyst
-
-And everyone we forgot (if we did, please let us know). Thank you!
-
-Ivo Timmermans
-Guus Sliepen
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-AC_INIT([tinc], [1.1pre10])
-AC_CONFIG_SRCDIR([src/tincd.c])
+AC_INIT([MeshLink], [0.1])
+AC_CONFIG_SRCDIR([src/libmeshlink.c])
AC_GNU_SOURCE
AM_INIT_AUTOMAKE([check-news std-options subdir-objects -Wall])
AC_CONFIG_HEADERS([config.h])
;;
*bsd*)
bsd=true
- AC_MSG_WARN("Unknown BSD variant, tinc might not compile or work!")
+ AC_MSG_WARN("Unknown BSD variant, MeshLink might not compile or work!")
AC_DEFINE(HAVE_BSD, 1, [Unknown BSD variant])
;;
*cygwin*)
AC_HEADER_TIME
AC_STRUCT_TM
-tinc_ATTRIBUTE(__malloc__)
-tinc_ATTRIBUTE(__warn_unused_result__)
+MeshLink_ATTRIBUTE(__malloc__)
+MeshLink_ATTRIBUTE(__warn_unused_result__)
AC_CHECK_TYPES([socklen_t, struct ether_header, struct arphdr, struct ether_arp, struct in_addr, struct addrinfo, struct ip, struct icmp, struct in6_addr, struct sockaddr_in6, struct ip6_hdr, struct icmp6_hdr, struct nd_neighbor_solicit, struct nd_opt_hdr], , ,
[#include "src/have.h"]
dnl These are defined in files in m4/
-tinc_ZLIB
-tinc_LZO
+MeshLink_ZLIB
-tinc_OPENSSL
+MeshLink_OPENSSL
AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile m4/Makefile test/Makefile])
This document describes how nodes in a VPN find and connect to eachother and
maintain a stable network.
- Copyright 2001-2006 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright 2001-2006 Guus Sliepen <guus@meshlink.io>
Permission is granted to make and distribute verbatim copies of
this documentation provided the copyright notice and this
This is the network infrastructure documentation for tinc, a Virtual Private
Network daemon.
- Copyright 2001-2006 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright 2001-2006 Guus Sliepen <guus@meshlink.io>
Permission is granted to make and distribute verbatim copies of
this documentation provided the copyright notice and this
This is the protocol documentation for tinc, a Virtual Private Network daemon.
- Copyright 2000-2006 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright 2000-2006 Guus Sliepen <guus@meshlink.io>,
2000-2005 Ivo Timmmermans
Permission is granted to make and distribute verbatim copies of
This is the security documentation for tinc, a Virtual Private Network daemon.
- Copyright 2001-2006 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright 2001-2006 Guus Sliepen <guus@meshlink.io>,
2001-2006 Wessel Dankers <wsl@tinc-vpn.org>
Permission is granted to make and distribute verbatim copies of
+++ /dev/null
-# Sample host configuration file
-
-# The real IP address of this tinc host. Can be used by other tinc hosts.
-Address = 123.234.35.67
-
-# Portnumber for incoming connections. Default is 655.
-Port = 655
-
-# Subnet on the virtual private network that is local for this host.
-Subnet = 192.168.1.0/24
-
-# The public key generated by `tincd -n example -K' is stored here
------BEGIN RSA PUBLIC KEY-----
-...
------END RSA PUBLIC KEY-----
+++ /dev/null
-# Sample host configuration file
-# This file was generated by host beta.
-
-# The real IP address of this tinc host. Can be used by other tinc hosts.
-Address = 123.45.67.189
-
-# Portnumber for incoming connections. Default is 655.
-Port = 6500
-
-# Subnet on the virtual private network that is local for this host.
-Subnet = 192.168.2.0/24
-
-# The public key generated by `tincd -n example -K' is stored here
------BEGIN RSA PUBLIC KEY-----
-...
------END RSA PUBLIC KEY-----
+++ /dev/null
-# Generate this file with `tincd -n example -K`
+++ /dev/null
-#!/bin/sh
-# This file closes down the tap device.
-
-ifconfig $INTERFACE down
+++ /dev/null
-#!/bin/sh
-# This file sets up the tap device.
-# It gives you the freedom to do anything you want with it.
-# Use the correct name for the tap device:
-# The environment variable $INTERFACE is set to the right name
-# on most platforms, but if it doesn't work try to set it manually.
-
-# Give it the right ip and netmask. Remember, the subnet of the
-# tap device must be larger than that of the individual Subnets
-# as defined in the host configuration file!
-ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
+++ /dev/null
-# Sample tinc configuration file
-
-# This is a comment.
-# Spaces and tabs are eliminated.
-# The = sign isn't strictly necessary any longer, though you may want
-# to leave it in as it improves readability :)
-# Variable names are treated case insensitive.
-
-# The name of this tinc host. Required.
-Name = alpha
-
-# The internet host to connect with.
-# Comment these out to make yourself a listen-only connection
-# You must use the name of another tinc host.
-# May be used multiple times for redundance.
-ConnectTo = beta
-
-# The tap device tinc will use.
-# Default is /dev/tap0 for ethertap or FreeBSD,
-# /dev/tun0 for Solaris and OpenBSD,
-# and /dev/net/tun for Linux tun/tap device.
-Device = /dev/net/tun
dnl Check to find out whether function attributes are supported.
dnl If they are not, #define them to be nothing.
-AC_DEFUN([tinc_ATTRIBUTE],
+AC_DEFUN([MeshLink_ATTRIBUTE],
[
- AC_CACHE_CHECK([for working $1 attribute], tinc_cv_attribute_$1,
+ AC_CACHE_CHECK([for working $1 attribute], MeshLink_cv_attribute_$1,
[
tempcflags="$CFLAGS"
CFLAGS="$CFLAGS -Wall -Werror"
void test(void) { return; }
],
)],
- [tinc_cv_attribute_$1=yes],
- [tinc_cv_attribute_$1=no]
+ [MeshLink_cv_attribute_$1=yes],
+ [MeshLink_cv_attribute_$1=no]
)
CFLAGS="$tempcflags"
])
- if test ${tinc_cv_attribute_$1} = no; then
+ if test ${MeshLink_cv_attribute_$1} = no; then
AC_DEFINE([$1], [], [Defined if the $1 attribute is not supported.])
fi
])
+++ /dev/null
-dnl Check to find the lzo headers/libraries
-
-AC_DEFUN([tinc_LZO],
-[
- AC_ARG_ENABLE([lzo],
- AS_HELP_STRING([--disable-lzo], [disable lzo compression support]))
- AS_IF([test "x$enable_lzo" != "xno"], [
- AC_DEFINE(HAVE_LZO, 1, [enable lzo compression support])
- AC_ARG_WITH(lzo,
- AS_HELP_STRING([--with-lzo=DIR], [lzo base directory, or:]),
- [lzo="$withval"
- CPPFLAGS="$CPPFLAGS -I$withval/include"
- LDFLAGS="$LDFLAGS -L$withval/lib"]
- )
-
- AC_ARG_WITH(lzo-include,
- AS_HELP_STRING([--with-lzo-include=DIR], [lzo headers directory]),
- [lzo_include="$withval"
- CPPFLAGS="$CPPFLAGS -I$withval"]
- )
-
- AC_ARG_WITH(lzo-lib,
- AS_HELP_STRING([--with-lzo-lib=DIR], [lzo library directory]),
- [lzo_lib="$withval"
- LDFLAGS="$LDFLAGS -L$withval"]
- )
-
- AC_CHECK_LIB(lzo2, lzo1x_1_compress,
- [LIBS="$LIBS -llzo2"],
- [AC_CHECK_LIB(lzo, lzo1x_1_compress,
- [LIBS="$LIBS -llzo"],
- [AC_MSG_ERROR("lzo libraries not found."); break]
- )]
- )
-
- AC_CHECK_HEADERS(lzo/lzo1x.h,
- [AC_DEFINE(LZO1X_H, [<lzo/lzo1x.h>], [Location of lzo1x.h])],
- [AC_CHECK_HEADERS(lzo2/lzo1x.h,
- [AC_DEFINE(LZO1X_H, [<lzo2/lzo1x.h>], [Location of lzo1x.h])],
- [AC_CHECK_HEADERS(lzo1x.h,
- [AC_DEFINE(LZO1X_H, [<lzo1x.h>], [Location of lzo1x.h])],
- [AC_MSG_ERROR("lzo header files not found."); break]
- )]
- )]
- )
- ])
-])
dnl Check to find the OpenSSL headers/libraries
-AC_DEFUN([tinc_OPENSSL],
+AC_DEFUN([MeshLink_OPENSSL],
[
case $host_os in
*mingw*)
dnl Check to find the zlib headers/libraries
-AC_DEFUN([tinc_ZLIB],
+AC_DEFUN([MeshLink_ZLIB],
[
AC_ARG_ENABLE([zlib],
AS_HELP_STRING([--disable-zlib], [disable zlib compression support]))
debug_level = 5;
node_t* remotenode = new_node();
-char *remotename = "nameofremotenode";
+char *remotename = "ml";
//TODO: change this, calling a function that returns node_t
remotenode->name = malloc(16);
ecdsa.h \
ecdsagen.h \
edge.c edge.h \
- ethernet.h \
event.c event.h \
fake-gai-errnos.h \
fake-getaddrinfo.c fake-getaddrinfo.h \
fake-getnameinfo.c fake-getnameinfo.h \
- getopt.c getopt.h \
- getopt1.c \
graph.c graph.h \
hash.c hash.h \
have.h \
- ipv4.h \
- ipv6.h \
list.c list.h \
logger.c logger.h \
meta.c meta.h \
protocol_key.c \
protocol_misc.c \
route.c route.h \
- rsa.h \
- rsagen.h \
splay_tree.c splay_tree.h \
sptps.c sptps.h \
system.h \
openssl/ecdh.c \
openssl/ecdsa.c \
openssl/ecdsagen.c \
- openssl/prf.c \
- openssl/rsa.c \
- openssl/rsagen.c
+ openssl/prf.c
sptps_test_SOURCES += \
openssl/cipher.c \
openssl/crypto.c \
/*
buffer.c -- buffer management
- Copyright (C) 2011 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
cipher.h -- header file cipher.c
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
extern size_t cipher_keylength(const cipher_t *);
extern void cipher_get_key(const cipher_t *, void *);
extern bool cipher_set_key(cipher_t *, void *, bool) __attribute__ ((__warn_unused_result__));
-extern bool cipher_set_key_from_rsa(cipher_t *, void *, size_t, bool) __attribute__ ((__warn_unused_result__));
extern bool cipher_set_counter(cipher_t *, const void *, size_t) __attribute__ ((__warn_unused_result__));
extern bool cipher_set_counter_key(cipher_t *, void *) __attribute__ ((__warn_unused_result__));
extern bool cipher_encrypt(cipher_t *, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) __attribute__ ((__warn_unused_result__));
/*
conf.c -- configuration code
- Copyright (C) 1998 Robert van der Meulen
- 1998-2005 Ivo Timmermans
- 2000 Cris van Pelt
- 2010-2011 Julien Muchembled <jm@jmuchemb.eu>
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
- 2013 Florent Clairambault <florent@clairambault.fr>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
int pinginterval = 0; /* seconds between pings */
int pingtimeout = 0; /* seconds to wait for response */
-list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
static int config_compare(const config_t *a, const config_t *b) {
int result;
if(result)
return result;
- /* give priority to command line options */
- result = !b->file - !a->file;
- if (result)
- return result;
-
result = a->line - b->line;
if(result)
if(!*value) {
const char err[] = "No value for variable";
- if (fname)
- logger(DEBUG_ALWAYS, LOG_ERR, "%s `%s' on line %d while reading config file %s",
- err, variable, lineno, fname);
- else
- logger(DEBUG_ALWAYS, LOG_ERR, "%s `%s' in command line option %d",
- err, variable, lineno);
+ logger(DEBUG_ALWAYS, LOG_ERR, "%s `%s' on line %d while reading config file %s",
+ err, variable, lineno, fname);
return NULL;
}
cfg = new_config();
cfg->variable = xstrdup(variable);
cfg->value = xstrdup(value);
- cfg->file = fname ? xstrdup(fname) : NULL;
+ cfg->file = xstrdup(fname);
cfg->line = lineno;
return cfg;
return result;
}
-void read_config_options(splay_tree_t *config_tree, const char *prefix) {
- size_t prefix_len = prefix ? strlen(prefix) : 0;
-
- for(const list_node_t *node = cmdline_conf->tail; node; node = node->prev) {
- const config_t *cfg = node->data;
- config_t *new;
-
- if(!prefix) {
- if(strchr(cfg->variable, '.'))
- continue;
- } else {
- if(strncmp(prefix, cfg->variable, prefix_len) ||
- cfg->variable[prefix_len] != '.')
- continue;
- }
-
- new = new_config();
- if(prefix)
- new->variable = xstrdup(cfg->variable + prefix_len + 1);
- else
- new->variable = xstrdup(cfg->variable);
- new->value = xstrdup(cfg->value);
- new->file = NULL;
- new->line = cfg->line;
-
- config_add(config_tree, new);
- }
-}
-
bool read_server_config(void) {
char *fname;
bool x;
- //read_config_options(config_tree, NULL);
-
xasprintf(&fname, "%s" SLASH "tinc.conf", confbase);
errno = 0;
x = read_config_file(config_tree, fname);
- // We will try to read the conf files in the "conf.d" dir
- if (x) {
- char * dname;
- xasprintf(&dname, "%s" SLASH "conf.d", confbase);
- DIR *dir = opendir (dname);
- // If we can find this dir
- if (dir) {
- struct dirent *ep;
- // We list all the files in it
- while (x && (ep = readdir (dir))) {
- size_t l = strlen(ep->d_name);
- // And we try to read the ones that end with ".conf"
- if (l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) {
- free(fname);
- xasprintf(&fname, "%s" SLASH "%s", dname, ep->d_name);
- x = read_config_file(config_tree, fname);
- }
- }
- closedir (dir);
- }
- free(dname);
- }
-
if(!x && errno)
logger(DEBUG_ALWAYS, LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno));
char *fname;
bool x;
- //read_config_options(config_tree, name);
-
xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, name);
x = read_config_file(config_tree, fname);
free(fname);
/*
conf.h -- header for conf.c
- Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
extern int pingtimeout;
extern int maxtimeout;
extern bool bypass_security;
-extern list_t *cmdline_conf;
extern void init_configuration(splay_tree_t **);
extern void exit_configuration(splay_tree_t **);
/*
connection.c -- connection list management
- Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2000-2005 Ivo Timmermans
- 2008 Max Rijevski <maksuf@gmail.com>
+ Copyright (C) 2000-2013 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "connection.h"
#include "list.h"
#include "logger.h"
-#include "rsa.h"
#include "utils.h"
#include "xalloc.h"
if(!c)
return;
- cipher_close(c->incipher);
- digest_close(c->indigest);
- cipher_close(c->outcipher);
- digest_close(c->outdigest);
-
sptps_stop(&c->sptps);
ecdsa_free(c->ecdsa);
- rsa_free(c->rsa);
-
- free(c->hischallenge);
buffer_clear(&c->inbuf);
buffer_clear(&c->outbuf);
/*
connection.h -- header for connection.c
- Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2000-2005 Ivo Timmermans
+ Copyright (C) 2000-2013 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "buffer.h"
#include "cipher.h"
#include "digest.h"
-#include "rsa.h"
#include "list.h"
#include "sptps.h"
unsigned int unused_termreq:1; /* the termination of this connection was requested */
unsigned int remove_unused:1; /* Set to 1 if you want this connection removed */
unsigned int timeout_unused:1; /* 1 if gotten timeout */
- unsigned int encryptout:1; /* 1 if we can encrypt outgoing traffic */
- unsigned int decryptin:1; /* 1 if we have to decrypt incoming traffic */
+ unsigned int unused_encryptout:1; /* 1 if we can encrypt outgoing traffic */
+ unsigned int unused_decryptin:1; /* 1 if we have to decrypt incoming traffic */
unsigned int mst:1; /* 1 if this connection is part of a minimum spanning tree */
unsigned int control:1; /* 1 if this is a control connection */
unsigned int pcap:1; /* 1 if this is a control connection requesting packet capture */
struct node_t *node; /* node associated with the other end */
struct edge_t *edge; /* edge associated with this connection */
- rsa_t *rsa; /* his public RSA key */
ecdsa_t *ecdsa; /* his public ECDSA key */
- cipher_t *incipher; /* Cipher he will use to send data to us */
- cipher_t *outcipher; /* Cipher we will use to send data to him */
- digest_t *indigest;
- digest_t *outdigest;
sptps_t sptps;
- int inmaclength;
- int outmaclength;
int incompression;
int outcompression;
- char *hischallenge; /* The challenge we sent to him */
-
struct buffer_t inbuf;
struct buffer_t outbuf;
io_t io; /* input/output event on this metadata connection */
/*
crypto.h -- header for crypto.c
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
digest.h -- header file digest.c
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
dropin.c -- a set of drop-in replacements for libc functions
- Copyright (C) 2000-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
dropin.h -- header file for dropin.c
- Copyright (C) 2000-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
ecdh.h -- header file for ecdh.c
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
ecdsa.h -- ECDSA key handling
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
ecdsagen.h -- ECDSA key generation and export
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
edge.c -- edge tree management
- Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2000-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
edge.h -- header for edge.c
- Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
- 2001-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
+++ /dev/null
-/*
- ethernet.h -- missing Ethernet related definitions
- Copyright (C) 2005 Ivo Timmermans
- 2006 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef __TINC_ETHERNET_H__
-#define __TINC_ETHERNET_H__
-
-#ifndef ETH_ALEN
-#define ETH_ALEN 6
-#endif
-
-#ifndef ARPHRD_ETHER
-#define ARPHRD_ETHER 1
-#endif
-
-#ifndef ETH_P_IP
-#define ETH_P_IP 0x0800
-#endif
-
-#ifndef ETH_P_ARP
-#define ETH_P_ARP 0x0806
-#endif
-
-#ifndef ETH_P_IPV6
-#define ETH_P_IPV6 0x86DD
-#endif
-
-#ifndef ETH_P_8021Q
-#define ETH_P_8021Q 0x8100
-#endif
-
-#ifndef HAVE_STRUCT_ETHER_HEADER
-struct ether_header {
- uint8_t ether_dhost[ETH_ALEN];
- uint8_t ether_shost[ETH_ALEN];
- uint16_t ether_type;
-} __attribute__ ((__packed__));
-#endif
-
-#ifndef HAVE_STRUCT_ARPHDR
-struct arphdr {
- uint16_t ar_hrd;
- uint16_t ar_pro;
- uint8_t ar_hln;
- uint8_t ar_pln;
- uint16_t ar_op;
-} __attribute__ ((__packed__));
-
-#define ARPOP_REQUEST 1
-#define ARPOP_REPLY 2
-#define ARPOP_RREQUEST 3
-#define ARPOP_RREPLY 4
-#define ARPOP_InREQUEST 8
-#define ARPOP_InREPLY 9
-#define ARPOP_NAK 10
-#endif
-
-#ifndef HAVE_STRUCT_ETHER_ARP
-struct ether_arp {
- struct arphdr ea_hdr;
- uint8_t arp_sha[ETH_ALEN];
- uint8_t arp_spa[4];
- uint8_t arp_tha[ETH_ALEN];
- uint8_t arp_tpa[4];
-} __attribute__ ((__packed__));
-#define arp_hrd ea_hdr.ar_hrd
-#define arp_pro ea_hdr.ar_pro
-#define arp_hln ea_hdr.ar_hln
-#define arp_pln ea_hdr.ar_pln
-#define arp_op ea_hdr.ar_op
-#endif
-
-#endif /* __TINC_ETHERNET_H__ */
/*
event.c -- I/O, timeout and signal event handling
- Copyright (C) 2012-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
event.h -- I/O, timeout and signal event handling
- Copyright (C) 2012-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "system.h"
-#include "ipv4.h"
-#include "ipv6.h"
#include "fake-getaddrinfo.h"
#include "xalloc.h"
+++ /dev/null
-/* Getopt for GNU.
- NOTE: getopt is now part of the C library, so if you don't know what
- "Keep this file name-space clean" means, talk to roland@gnu.ai.mit.edu
- before changing it!
-
- Copyright (C) 1987, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97
- Free Software Foundation, Inc.
-
-NOTE: The canonical source of this file is maintained with the GNU C Library.
-Bugs can be reported to bug-glibc@prep.ai.mit.edu.
-
-This program is free software; you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by the
-Free Software Foundation; either version 2, or (at your option) any
-later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-\f
-/* This tells Alpha OSF/1 not to define a getopt prototype in <stdio.h>.
- Ditto for AIX 3.2 and <stdlib.h>. */
-#ifndef _NO_PROTO
-#define _NO_PROTO
-#endif
-
-#ifdef HAVE_CONFIG_H
-#include "../config.h"
-#endif
-
-#if !defined (__STDC__) || !__STDC__
-/* This is a separate conditional since some stdc systems
- reject `defined (const)'. */
-#ifndef const
-#define const
-#endif
-#endif
-
-#include <stdio.h>
-
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif
-
-/* Comment out all this code if we are using the GNU C Library, and are not
- actually compiling the library itself. This code is part of the GNU C
- Library, but also included in many other GNU distributions. Compiling
- and linking in this code is a waste when using the GNU C library
- (especially if it is a shared library). Rather than having every GNU
- program understand `configure --with-gnu-libc' and omit the object files,
- it is simpler to just do this in the source for each such file. */
-
-#define GETOPT_INTERFACE_VERSION 2
-#if !defined (_LIBC) && defined (__GLIBC__) && __GLIBC__ >= 2
-#include <gnu-versions.h>
-#if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
-#define ELIDE_CODE
-#endif
-#endif
-
-#ifndef ELIDE_CODE
-
-
-/* This needs to come after some library #include
- to get __GNU_LIBRARY__ defined. */
-#ifdef __GNU_LIBRARY__
-/* Don't include stdlib.h for non-GNU C libraries because some of them
- contain conflicting prototypes for getopt. */
-#include <stdlib.h>
-#include <unistd.h>
-#endif /* GNU C library. */
-
-#ifdef VMS
-#include <unixlib.h>
-#if HAVE_STRING_H - 0
-#include <string.h>
-#endif
-#endif
-
-#if defined (WIN32) && !defined (__CYGWIN32__)
-/* It's not Unix, really. See? Capital letters. */
-#include <windows.h>
-#define getpid() GetCurrentProcessId()
-#endif
-
-/* This version of `getopt' appears to the caller like standard Unix `getopt'
- but it behaves differently for the user, since it allows the user
- to intersperse the options with the other arguments.
-
- As `getopt' works, it permutes the elements of ARGV so that,
- when it is done, all the options precede everything else. Thus
- all application programs are extended to handle flexible argument order.
-
- Setting the environment variable POSIXLY_CORRECT disables permutation.
- Then the behavior is completely standard.
-
- GNU application programs can use a third alternative mode in which
- they can distinguish the relative order of options and other arguments. */
-
-#include "getopt.h"
-
-/* For communication from `getopt' to the caller.
- When `getopt' finds an option that takes an argument,
- the argument value is returned here.
- Also, when `ordering' is RETURN_IN_ORDER,
- each non-option ARGV-element is returned here. */
-
-char *optarg = NULL;
-
-/* Index in ARGV of the next element to be scanned.
- This is used for communication to and from the caller
- and for communication between successive calls to `getopt'.
-
- On entry to `getopt', zero means this is the first call; initialize.
-
- When `getopt' returns -1, this is the index of the first of the
- non-option elements that the caller should itself scan.
-
- Otherwise, `optind' communicates from one call to the next
- how much of ARGV has been scanned so far. */
-
-/* 1003.2 says this must be 1 before any call. */
-int optind = 1;
-
-/* Formerly, initialization of getopt depended on optind==0, which
- causes problems with re-calling getopt as programs generally don't
- know that. */
-
-int __getopt_initialized = 0;
-
-/* The next char to be scanned in the option-element
- in which the last option character we returned was found.
- This allows us to pick up the scan where we left off.
-
- If this is zero, or a null string, it means resume the scan
- by advancing to the next ARGV-element. */
-
-static char *nextchar;
-
-/* Callers store zero here to inhibit the error message
- for unrecognized options. */
-
-int opterr = 1;
-
-/* Set to an option character which was unrecognized.
- This must be initialized on some systems to avoid linking in the
- system's own getopt implementation. */
-
-int optopt = '?';
-
-/* Describe how to deal with options that follow non-option ARGV-elements.
-
- If the caller did not specify anything,
- the default is REQUIRE_ORDER if the environment variable
- POSIXLY_CORRECT is defined, PERMUTE otherwise.
-
- REQUIRE_ORDER means don't recognize them as options;
- stop option processing when the first non-option is seen.
- This is what Unix does.
- This mode of operation is selected by either setting the environment
- variable POSIXLY_CORRECT, or using `+' as the first character
- of the list of option characters.
-
- PERMUTE is the default. We permute the contents of ARGV as we scan,
- so that eventually all the non-options are at the end. This allows options
- to be given in any order, even with programs that were not written to
- expect this.
-
- RETURN_IN_ORDER is an option available to programs that were written
- to expect options and other ARGV-elements in any order and that care about
- the ordering of the two. We describe each non-option ARGV-element
- as if it were the argument of an option with character code 1.
- Using `-' as the first character of the list of option characters
- selects this mode of operation.
-
- The special argument `--' forces an end of option-scanning regardless
- of the value of `ordering'. In the case of RETURN_IN_ORDER, only
- `--' can cause `getopt' to return -1 with `optind' != ARGC. */
-
-static enum
-{
- REQUIRE_ORDER, PERMUTE, RETURN_IN_ORDER
-} ordering;
-
-/* Value of POSIXLY_CORRECT environment variable. */
-static char *posixly_correct;
-\f
-#ifdef __GNU_LIBRARY__
-/* We want to avoid inclusion of string.h with non-GNU libraries
- because there are many ways it can cause trouble.
- On some systems, it contains special magic macros that don't work
- in GCC. */
-#include <string.h>
-#define my_index strchr
-#else
-
-/* Avoid depending on library functions or files
- whose names are inconsistent. */
-
-char *getenv ();
-
-static char *
-my_index (str, chr)
- const char *str;
- int chr;
-{
- while (*str)
- {
- if (*str == chr)
- return (char *) str;
- str++;
- }
- return 0;
-}
-
-/* If using GCC, we can safely declare strlen this way.
- If not using GCC, it is ok not to declare it. */
-#ifdef __GNUC__
-/* Note that Motorola Delta 68k R3V7 comes with GCC but not stddef.h.
- That was relevant to code that was here before. */
-#if !defined (__STDC__) || !__STDC__
-/* gcc with -traditional declares the built-in strlen to return int,
- and has done so at least since version 2.4.5. -- rms. */
-extern int strlen (const char *);
-#endif /* not __STDC__ */
-#endif /* __GNUC__ */
-
-#endif /* not __GNU_LIBRARY__ */
-\f
-/* Handle permutation of arguments. */
-
-/* Describe the part of ARGV that contains non-options that have
- been skipped. `first_nonopt' is the index in ARGV of the first of them;
- `last_nonopt' is the index after the last of them. */
-
-static int first_nonopt;
-static int last_nonopt;
-
-#ifdef _LIBC
-/* Bash 2.0 gives us an environment variable containing flags
- indicating ARGV elements that should not be considered arguments. */
-
-/* Defined in getopt_init.c */
-extern char *__getopt_nonoption_flags;
-
-static int nonoption_flags_max_len;
-static int nonoption_flags_len;
-
-static int original_argc;
-static char *const *original_argv;
-
-extern pid_t __libc_pid;
-
-/* Make sure the environment variable bash 2.0 puts in the environment
- is valid for the getopt call we must make sure that the ARGV passed
- to getopt is that one passed to the process. */
-static void
-__attribute__ ((__unused__))
-store_args_and_env (int argc, char *const *argv)
-{
- /* XXX This is no good solution. We should rather copy the args so
- that we can compare them later. But we must not use malloc(3). */
- original_argc = argc;
- original_argv = argv;
-}
-text_set_element (__libc_subinit, store_args_and_env);
-
-# define SWAP_FLAGS(ch1, ch2) \
- if (nonoption_flags_len > 0) \
- { \
- char __tmp = __getopt_nonoption_flags[ch1]; \
- __getopt_nonoption_flags[ch1] = __getopt_nonoption_flags[ch2]; \
- __getopt_nonoption_flags[ch2] = __tmp; \
- }
-#else /* !_LIBC */
-# define SWAP_FLAGS(ch1, ch2)
-#endif /* _LIBC */
-
-/* Exchange two adjacent subsequences of ARGV.
- One subsequence is elements [first_nonopt,last_nonopt)
- which contains all the non-options that have been skipped so far.
- The other is elements [last_nonopt,optind), which contains all
- the options processed since those non-options were skipped.
-
- `first_nonopt' and `last_nonopt' are relocated so that they describe
- the new indices of the non-options in ARGV after they are moved. */
-
-#if defined (__STDC__) && __STDC__
-static void exchange (char **);
-#endif
-
-static void
-exchange (argv)
- char **argv;
-{
- int bottom = first_nonopt;
- int middle = last_nonopt;
- int top = optind;
- char *tem;
-
- /* Exchange the shorter segment with the far end of the longer segment.
- That puts the shorter segment into the right place.
- It leaves the longer segment in the right place overall,
- but it consists of two parts that need to be swapped next. */
-
-#ifdef _LIBC
- /* First make sure the handling of the `__getopt_nonoption_flags'
- string can work normally. Our top argument must be in the range
- of the string. */
- if (nonoption_flags_len > 0 && top >= nonoption_flags_max_len)
- {
- /* We must extend the array. The user plays games with us and
- presents new arguments. */
- char *new_str = malloc (top + 1);
- if (new_str == NULL)
- nonoption_flags_len = nonoption_flags_max_len = 0;
- else
- {
- memcpy (new_str, __getopt_nonoption_flags, nonoption_flags_max_len);
- memset (&new_str[nonoption_flags_max_len], '\0',
- top + 1 - nonoption_flags_max_len);
- nonoption_flags_max_len = top + 1;
- __getopt_nonoption_flags = new_str;
- }
- }
-#endif
-
- while (top > middle && middle > bottom)
- {
- if (top - middle > middle - bottom)
- {
- /* Bottom segment is the short one. */
- int len = middle - bottom;
- register int i;
-
- /* Swap it with the top part of the top segment. */
- for (i = 0; i < len; i++)
- {
- tem = argv[bottom + i];
- argv[bottom + i] = argv[top - (middle - bottom) + i];
- argv[top - (middle - bottom) + i] = tem;
- SWAP_FLAGS (bottom + i, top - (middle - bottom) + i);
- }
- /* Exclude the moved bottom segment from further swapping. */
- top -= len;
- }
- else
- {
- /* Top segment is the short one. */
- int len = top - middle;
- register int i;
-
- /* Swap it with the bottom part of the bottom segment. */
- for (i = 0; i < len; i++)
- {
- tem = argv[bottom + i];
- argv[bottom + i] = argv[middle + i];
- argv[middle + i] = tem;
- SWAP_FLAGS (bottom + i, middle + i);
- }
- /* Exclude the moved top segment from further swapping. */
- bottom += len;
- }
- }
-
- /* Update records for the slots the non-options now occupy. */
-
- first_nonopt += (optind - last_nonopt);
- last_nonopt = optind;
-}
-
-/* Initialize the internal data when the first call is made. */
-
-#if defined (__STDC__) && __STDC__
-static const char *_getopt_initialize (int, char *const *, const char *);
-#endif
-static const char *
-_getopt_initialize (argc, argv, optstring)
- int argc;
- char *const *argv;
- const char *optstring;
-{
- /* Start processing options with ARGV-element 1 (since ARGV-element 0
- is the program name); the sequence of previously skipped
- non-option ARGV-elements is empty. */
-
- first_nonopt = last_nonopt = optind;
-
- nextchar = NULL;
-
- posixly_correct = getenv ("POSIXLY_CORRECT");
-
- /* Determine how to handle the ordering of options and nonoptions. */
-
- if (optstring[0] == '-')
- {
- ordering = RETURN_IN_ORDER;
- ++optstring;
- }
- else if (optstring[0] == '+')
- {
- ordering = REQUIRE_ORDER;
- ++optstring;
- }
- else if (posixly_correct != NULL)
- ordering = REQUIRE_ORDER;
- else
- ordering = PERMUTE;
-
-#ifdef _LIBC
- if (posixly_correct == NULL
- && argc == original_argc && argv == original_argv)
- {
- if (nonoption_flags_max_len == 0)
- {
- if (__getopt_nonoption_flags == NULL
- || __getopt_nonoption_flags[0] == '\0')
- nonoption_flags_max_len = -1;
- else
- {
- const char *orig_str = __getopt_nonoption_flags;
- int len = nonoption_flags_max_len = strlen (orig_str);
- if (nonoption_flags_max_len < argc)
- nonoption_flags_max_len = argc;
- __getopt_nonoption_flags =
- (char *) malloc (nonoption_flags_max_len);
- if (__getopt_nonoption_flags == NULL)
- nonoption_flags_max_len = -1;
- else
- {
- memcpy (__getopt_nonoption_flags, orig_str, len);
- memset (&__getopt_nonoption_flags[len], '\0',
- nonoption_flags_max_len - len);
- }
- }
- }
- nonoption_flags_len = nonoption_flags_max_len;
- }
- else
- nonoption_flags_len = 0;
-#endif
-
- return optstring;
-}
-\f
-/* Scan elements of ARGV (whose length is ARGC) for option characters
- given in OPTSTRING.
-
- If an element of ARGV starts with '-', and is not exactly "-" or "--",
- then it is an option element. The characters of this element
- (aside from the initial '-') are option characters. If `getopt'
- is called repeatedly, it returns successively each of the option characters
- from each of the option elements.
-
- If `getopt' finds another option character, it returns that character,
- updating `optind' and `nextchar' so that the next call to `getopt' can
- resume the scan with the following option character or ARGV-element.
-
- If there are no more option characters, `getopt' returns -1.
- Then `optind' is the index in ARGV of the first ARGV-element
- that is not an option. (The ARGV-elements have been permuted
- so that those that are not options now come last.)
-
- OPTSTRING is a string containing the legitimate option characters.
- If an option character is seen that is not listed in OPTSTRING,
- return '?' after printing an error message. If you set `opterr' to
- zero, the error message is suppressed but we still return '?'.
-
- If a char in OPTSTRING is followed by a colon, that means it wants an arg,
- so the following text in the same ARGV-element, or the text of the following
- ARGV-element, is returned in `optarg'. Two colons mean an option that
- wants an optional arg; if there is text in the current ARGV-element,
- it is returned in `optarg', otherwise `optarg' is set to zero.
-
- If OPTSTRING starts with `-' or `+', it requests different methods of
- handling the non-option ARGV-elements.
- See the comments about RETURN_IN_ORDER and REQUIRE_ORDER, above.
-
- Long-named options begin with `--' instead of `-'.
- Their names may be abbreviated as long as the abbreviation is unique
- or is an exact match for some defined option. If they have an
- argument, it follows the option name in the same ARGV-element, separated
- from the option name by a `=', or else the in next ARGV-element.
- When `getopt' finds a long-named option, it returns 0 if that option's
- `flag' field is nonzero, the value of the option's `val' field
- if the `flag' field is zero.
-
- The elements of ARGV aren't really const, because we permute them.
- But we pretend they're const in the prototype to be compatible
- with other systems.
-
- LONGOPTS is a vector of `struct option' terminated by an
- element containing a name which is zero.
-
- LONGIND returns the index in LONGOPT of the long-named option found.
- It is only valid when a long-named option has been found by the most
- recent call.
-
- If LONG_ONLY is nonzero, '-' as well as '--' can introduce
- long-named options. */
-
-int
-_getopt_internal (argc, argv, optstring, longopts, longind, long_only)
- int argc;
- char *const *argv;
- const char *optstring;
- const struct option *longopts;
- int *longind;
- int long_only;
-{
- optarg = NULL;
-
- if (optind == 0 || !__getopt_initialized)
- {
- if (optind == 0)
- optind = 1; /* Don't scan ARGV[0], the program name. */
- optstring = _getopt_initialize (argc, argv, optstring);
- __getopt_initialized = 1;
- }
-
- /* Test whether ARGV[optind] points to a non-option argument.
- Either it does not have option syntax, or there is an environment flag
- from the shell indicating it is not an option. The later information
- is only used when the used in the GNU libc. */
-#ifdef _LIBC
-#define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0' \
- || (optind < nonoption_flags_len \
- && __getopt_nonoption_flags[optind] == '1'))
-#else
-#define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0')
-#endif
-
- if (nextchar == NULL || *nextchar == '\0')
- {
- /* Advance to the next ARGV-element. */
-
- /* Give FIRST_NONOPT & LAST_NONOPT rational values if OPTIND has been
- moved back by the user (who may also have changed the arguments). */
- if (last_nonopt > optind)
- last_nonopt = optind;
- if (first_nonopt > optind)
- first_nonopt = optind;
-
- if (ordering == PERMUTE)
- {
- /* If we have just processed some options following some non-options,
- exchange them so that the options come first. */
-
- if (first_nonopt != last_nonopt && last_nonopt != optind)
- exchange ((char **) argv);
- else if (last_nonopt != optind)
- first_nonopt = optind;
-
- /* Skip any additional non-options
- and extend the range of non-options previously skipped. */
-
- while (optind < argc && NONOPTION_P)
- optind++;
- last_nonopt = optind;
- }
-
- /* The special ARGV-element `--' means premature end of options.
- Skip it like a null option,
- then exchange with previous non-options as if it were an option,
- then skip everything else like a non-option. */
-
- if (optind != argc && !strcmp (argv[optind], "--"))
- {
- optind++;
-
- if (first_nonopt != last_nonopt && last_nonopt != optind)
- exchange ((char **) argv);
- else if (first_nonopt == last_nonopt)
- first_nonopt = optind;
- last_nonopt = argc;
-
- optind = argc;
- }
-
- /* If we have done all the ARGV-elements, stop the scan
- and back over any non-options that we skipped and permuted. */
-
- if (optind == argc)
- {
- /* Set the next-arg-index to point at the non-options
- that we previously skipped, so the caller will digest them. */
- if (first_nonopt != last_nonopt)
- optind = first_nonopt;
- return -1;
- }
-
- /* If we have come to a non-option and did not permute it,
- either stop the scan or describe it to the caller and pass it by. */
-
- if (NONOPTION_P)
- {
- if (ordering == REQUIRE_ORDER)
- return -1;
- optarg = argv[optind++];
- return 1;
- }
-
- /* We have found another option-ARGV-element.
- Skip the initial punctuation. */
-
- nextchar = (argv[optind] + 1
- + (longopts != NULL && argv[optind][1] == '-'));
- }
-
- /* Decode the current option-ARGV-element. */
-
- /* Check whether the ARGV-element is a long option.
-
- If long_only and the ARGV-element has the form "-f", where f is
- a valid short option, don't consider it an abbreviated form of
- a long option that starts with f. Otherwise there would be no
- way to give the -f short option.
-
- On the other hand, if there's a long option "fubar" and
- the ARGV-element is "-fu", do consider that an abbreviation of
- the long option, just like "--fu", and not "-f" with arg "u".
-
- This distinction seems to be the most useful approach. */
-
- if (longopts != NULL
- && (argv[optind][1] == '-'
- || (long_only && (argv[optind][2] || !my_index (optstring, argv[optind][1])))))
- {
- char *nameend;
- const struct option *p;
- const struct option *pfound = NULL;
- int exact = 0;
- int ambig = 0;
- int indfound = -1;
- int option_index;
-
- for (nameend = nextchar; *nameend && *nameend != '='; nameend++)
- /* Do nothing. */ ;
-
- /* Test all long options for either exact match
- or abbreviated matches. */
- for (p = longopts, option_index = 0; p->name; p++, option_index++)
- if (!strncmp (p->name, nextchar, nameend - nextchar))
- {
- if ((unsigned int) (nameend - nextchar)
- == (unsigned int) strlen (p->name))
- {
- /* Exact match found. */
- pfound = p;
- indfound = option_index;
- exact = 1;
- break;
- }
- else if (pfound == NULL)
- {
- /* First nonexact match found. */
- pfound = p;
- indfound = option_index;
- }
- else
- /* Second or later nonexact match found. */
- ambig = 1;
- }
-
- if (ambig && !exact)
- {
- if (opterr)
- fprintf (stderr, "%s: option `%s' is ambiguous\n",
- argv[0], argv[optind]);
- nextchar += strlen (nextchar);
- optind++;
- optopt = 0;
- return '?';
- }
-
- if (pfound != NULL)
- {
- option_index = indfound;
- optind++;
- if (*nameend)
- {
- /* Don't test has_arg with >, because some C compilers don't
- allow it to be used on enums. */
- if (pfound->has_arg)
- optarg = nameend + 1;
- else
- {
- if (opterr)
- {
- if (argv[optind - 1][1] == '-')
- /* --option */
- fprintf (stderr,
- "%s: option `--%s' doesn't allow an argument\n",
- argv[0], pfound->name);
- else
- /* +option or -option */
- fprintf (stderr,
- "%s: option `%c%s' doesn't allow an argument\n",
- argv[0], argv[optind - 1][0], pfound->name);
- }
-
- nextchar += strlen (nextchar);
-
- optopt = pfound->val;
- return '?';
- }
- }
- else if (pfound->has_arg == 1)
- {
- if (optind < argc)
- optarg = argv[optind++];
- else
- {
- if (opterr)
- fprintf (stderr,
- "%s: option `%s' requires an argument\n",
- argv[0], argv[optind - 1]);
- nextchar += strlen (nextchar);
- optopt = pfound->val;
- return optstring[0] == ':' ? ':' : '?';
- }
- }
- nextchar += strlen (nextchar);
- if (longind != NULL)
- *longind = option_index;
- if (pfound->flag)
- {
- *(pfound->flag) = pfound->val;
- return 0;
- }
- return pfound->val;
- }
-
- /* Can't find it as a long option. If this is not getopt_long_only,
- or the option starts with '--' or is not a valid short
- option, then it's an error.
- Otherwise interpret it as a short option. */
- if (!long_only || argv[optind][1] == '-'
- || my_index (optstring, *nextchar) == NULL)
- {
- if (opterr)
- {
- if (argv[optind][1] == '-')
- /* --option */
- fprintf (stderr, "%s: unrecognized option `--%s'\n",
- argv[0], nextchar);
- else
- /* +option or -option */
- fprintf (stderr, "%s: unrecognized option `%c%s'\n",
- argv[0], argv[optind][0], nextchar);
- }
- nextchar = (char *) "";
- optind++;
- optopt = 0;
- return '?';
- }
- }
-
- /* Look at and handle the next short option-character. */
-
- {
- char c = *nextchar++;
- char *temp = my_index (optstring, c);
-
- /* Increment `optind' when we start to process its last character. */
- if (*nextchar == '\0')
- ++optind;
-
- if (temp == NULL || c == ':')
- {
- if (opterr)
- {
- if (posixly_correct)
- /* 1003.2 specifies the format of this message. */
- fprintf (stderr, "%s: illegal option -- %c\n",
- argv[0], c);
- else
- fprintf (stderr, "%s: invalid option -- %c\n",
- argv[0], c);
- }
- optopt = c;
- return '?';
- }
- /* Convenience. Treat POSIX -W foo same as long option --foo */
- if (temp[0] == 'W' && temp[1] == ';')
- {
- char *nameend;
- const struct option *p;
- const struct option *pfound = NULL;
- int exact = 0;
- int ambig = 0;
- int indfound = 0;
- int option_index;
-
- /* This is an option that requires an argument. */
- if (*nextchar != '\0')
- {
- optarg = nextchar;
- /* If we end this ARGV-element by taking the rest as an arg,
- we must advance to the next element now. */
- optind++;
- }
- else if (optind == argc)
- {
- if (opterr)
- {
- /* 1003.2 specifies the format of this message. */
- fprintf (stderr, "%s: option requires an argument -- %c\n",
- argv[0], c);
- }
- optopt = c;
- if (optstring[0] == ':')
- c = ':';
- else
- c = '?';
- return c;
- }
- else
- /* We already incremented `optind' once;
- increment it again when taking next ARGV-elt as argument. */
- optarg = argv[optind++];
-
- /* optarg is now the argument, see if it's in the
- table of longopts. */
-
- for (nextchar = nameend = optarg; *nameend && *nameend != '='; nameend++)
- /* Do nothing. */ ;
-
- /* Test all long options for either exact match
- or abbreviated matches. */
- for (p = longopts, option_index = 0; p->name; p++, option_index++)
- if (!strncmp (p->name, nextchar, nameend - nextchar))
- {
- if ((unsigned int) (nameend - nextchar) == strlen (p->name))
- {
- /* Exact match found. */
- pfound = p;
- indfound = option_index;
- exact = 1;
- break;
- }
- else if (pfound == NULL)
- {
- /* First nonexact match found. */
- pfound = p;
- indfound = option_index;
- }
- else
- /* Second or later nonexact match found. */
- ambig = 1;
- }
- if (ambig && !exact)
- {
- if (opterr)
- fprintf (stderr, "%s: option `-W %s' is ambiguous\n",
- argv[0], argv[optind]);
- nextchar += strlen (nextchar);
- optind++;
- return '?';
- }
- if (pfound != NULL)
- {
- option_index = indfound;
- if (*nameend)
- {
- /* Don't test has_arg with >, because some C compilers don't
- allow it to be used on enums. */
- if (pfound->has_arg)
- optarg = nameend + 1;
- else
- {
- if (opterr)
- fprintf (stderr,
- "%s: option `-W %s' doesn't allow an argument\n",
- argv[0], pfound->name);
-
- nextchar += strlen (nextchar);
- return '?';
- }
- }
- else if (pfound->has_arg == 1)
- {
- if (optind < argc)
- optarg = argv[optind++];
- else
- {
- if (opterr)
- fprintf (stderr,
- "%s: option `%s' requires an argument\n",
- argv[0], argv[optind - 1]);
- nextchar += strlen (nextchar);
- return optstring[0] == ':' ? ':' : '?';
- }
- }
- nextchar += strlen (nextchar);
- if (longind != NULL)
- *longind = option_index;
- if (pfound->flag)
- {
- *(pfound->flag) = pfound->val;
- return 0;
- }
- return pfound->val;
- }
- nextchar = NULL;
- return 'W'; /* Let the application handle it. */
- }
- if (temp[1] == ':')
- {
- if (temp[2] == ':')
- {
- /* This is an option that accepts an argument optionally. */
- if (*nextchar != '\0')
- {
- optarg = nextchar;
- optind++;
- }
- else
- optarg = NULL;
- nextchar = NULL;
- }
- else
- {
- /* This is an option that requires an argument. */
- if (*nextchar != '\0')
- {
- optarg = nextchar;
- /* If we end this ARGV-element by taking the rest as an arg,
- we must advance to the next element now. */
- optind++;
- }
- else if (optind == argc)
- {
- if (opterr)
- {
- /* 1003.2 specifies the format of this message. */
- fprintf (stderr,
- "%s: option requires an argument -- %c\n",
- argv[0], c);
- }
- optopt = c;
- if (optstring[0] == ':')
- c = ':';
- else
- c = '?';
- }
- else
- /* We already incremented `optind' once;
- increment it again when taking next ARGV-elt as argument. */
- optarg = argv[optind++];
- nextchar = NULL;
- }
- }
- return c;
- }
-}
-
-int
-getopt (argc, argv, optstring)
- int argc;
- char *const *argv;
- const char *optstring;
-{
- return _getopt_internal (argc, argv, optstring,
- (const struct option *) 0,
- (int *) 0,
- 0);
-}
-
-#endif /* Not ELIDE_CODE. */
-\f
-#ifdef TEST
-
-/* Compile with -DTEST to make an executable for use in testing
- the above definition of `getopt'. */
-
-int
-main (argc, argv)
- int argc;
- char **argv;
-{
- int c;
- int digit_optind = 0;
-
- while (1)
- {
- int this_option_optind = optind ? optind : 1;
-
- c = getopt (argc, argv, "abc:d:0123456789");
- if (c == -1)
- break;
-
- switch (c)
- {
- case '0':
- case '1':
- case '2':
- case '3':
- case '4':
- case '5':
- case '6':
- case '7':
- case '8':
- case '9':
- if (digit_optind != 0 && digit_optind != this_option_optind)
- printf ("digits occur in two different argv-elements.\n");
- digit_optind = this_option_optind;
- printf ("option %c\n", c);
- break;
-
- case 'a':
- printf ("option a\n");
- break;
-
- case 'b':
- printf ("option b\n");
- break;
-
- case 'c':
- printf ("option c with value `%s'\n", optarg);
- break;
-
- case '?':
- break;
-
- default:
- printf ("?? getopt returned character code 0%o ??\n", c);
- }
- }
-
- if (optind < argc)
- {
- printf ("non-option ARGV-elements: ");
- while (optind < argc)
- printf ("%s ", argv[optind++]);
- printf ("\n");
- }
-
- exit (0);
-}
-
-#endif /* TEST */
+++ /dev/null
-/* Declarations for getopt.
- Copyright (C) 1989,90,91,92,93,94,96,97 Free Software Foundation, Inc.
-
-NOTE: The canonical source of this file is maintained with the GNU C Library.
-Bugs can be reported to bug-glibc@prep.ai.mit.edu.
-
-This program is free software; you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by the
-Free Software Foundation; either version 2, or (at your option) any
-later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef _GETOPT_H
-#define _GETOPT_H 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* For communication from `getopt' to the caller.
- When `getopt' finds an option that takes an argument,
- the argument value is returned here.
- Also, when `ordering' is RETURN_IN_ORDER,
- each non-option ARGV-element is returned here. */
-
-extern char *optarg;
-
-/* Index in ARGV of the next element to be scanned.
- This is used for communication to and from the caller
- and for communication between successive calls to `getopt'.
-
- On entry to `getopt', zero means this is the first call; initialize.
-
- When `getopt' returns -1, this is the index of the first of the
- non-option elements that the caller should itself scan.
-
- Otherwise, `optind' communicates from one call to the next
- how much of ARGV has been scanned so far. */
-
-extern int optind;
-
-/* Callers store zero here to inhibit the error message `getopt' prints
- for unrecognized options. */
-
-extern int opterr;
-
-/* Set to an option character which was unrecognized. */
-
-extern int optopt;
-
-/* Describe the long-named options requested by the application.
- The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
- of `struct option' terminated by an element containing a name which is
- zero.
-
- The field `has_arg' is:
- no_argument (or 0) if the option does not take an argument,
- required_argument (or 1) if the option requires an argument,
- optional_argument (or 2) if the option takes an optional argument.
-
- If the field `flag' is not NULL, it points to a variable that is set
- to the value given in the field `val' when the option is found, but
- left unchanged if the option is not found.
-
- To have a long-named option do something other than set an `int' to
- a compiled-in constant, such as set a value from `optarg', set the
- option's `flag' field to zero and its `val' field to a nonzero
- value (the equivalent single-letter option character, if there is
- one). For long options that have a zero `flag' field, `getopt'
- returns the contents of the `val' field. */
-
-struct option
-{
-#if defined (__STDC__) && __STDC__
- const char *name;
-#else
- char *name;
-#endif
- /* has_arg can't be an enum because some compilers complain about
- type mismatches in all the code that assumes it is an int. */
- int has_arg;
- int *flag;
- int val;
-};
-
-/* Names for the values of the `has_arg' field of `struct option'. */
-
-#define no_argument 0
-#define required_argument 1
-#define optional_argument 2
-
-#if defined (__STDC__) && __STDC__
-#ifdef __GNU_LIBRARY__
-/* Many other libraries have conflicting prototypes for getopt, with
- differences in the consts, in stdlib.h. To avoid compilation
- errors, only prototype getopt for the GNU C library. */
-extern int getopt (int argc, char *const *argv, const char *shortopts);
-#else /* not __GNU_LIBRARY__ */
-extern int getopt ();
-#endif /* __GNU_LIBRARY__ */
-extern int getopt_long (int argc, char *const *argv, const char *shortopts,
- const struct option *longopts, int *longind);
-extern int getopt_long_only (int argc, char *const *argv,
- const char *shortopts,
- const struct option *longopts, int *longind);
-
-/* Internal only. Users should not call this directly. */
-extern int _getopt_internal (int argc, char *const *argv,
- const char *shortopts,
- const struct option *longopts, int *longind,
- int long_only);
-#else /* not __STDC__ */
-extern int getopt ();
-extern int getopt_long ();
-extern int getopt_long_only ();
-
-extern int _getopt_internal ();
-#endif /* __STDC__ */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _GETOPT_H */
+++ /dev/null
-/* getopt_long and getopt_long_only entry points for GNU getopt.
- Copyright (C) 1987,88,89,90,91,92,93,94,96,97 Free Software Foundation, Inc.
-
-NOTE: The canonical source of this file is maintained with the GNU C Library.
-Bugs can be reported to bug-glibc@prep.ai.mit.edu.
-
-This program is free software; you can redistribute it and/or modify it
-under the terms of the GNU General Public License as published by the
-Free Software Foundation; either version 2, or (at your option) any
-later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-\f
-#ifdef HAVE_CONFIG_H
-#include "../config.h"
-#endif
-
-#include "getopt.h"
-
-#if !defined (__STDC__) || !__STDC__
-/* This is a separate conditional since some stdc systems
- reject `defined (const)'. */
-#ifndef const
-#define const
-#endif
-#endif
-
-#include <stdio.h>
-
-/* Comment out all this code if we are using the GNU C Library, and are not
- actually compiling the library itself. This code is part of the GNU C
- Library, but also included in many other GNU distributions. Compiling
- and linking in this code is a waste when using the GNU C library
- (especially if it is a shared library). Rather than having every GNU
- program understand `configure --with-gnu-libc' and omit the object files,
- it is simpler to just do this in the source for each such file. */
-
-#define GETOPT_INTERFACE_VERSION 2
-#if !defined (_LIBC) && defined (__GLIBC__) && __GLIBC__ >= 2
-#include <gnu-versions.h>
-#if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
-#define ELIDE_CODE
-#endif
-#endif
-
-#ifndef ELIDE_CODE
-
-
-/* This needs to come after some library #include
- to get __GNU_LIBRARY__ defined. */
-#ifdef __GNU_LIBRARY__
-#include <stdlib.h>
-#endif
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-int
-getopt_long (argc, argv, options, long_options, opt_index)
- int argc;
- char *const *argv;
- const char *options;
- const struct option *long_options;
- int *opt_index;
-{
- return _getopt_internal (argc, argv, options, long_options, opt_index, 0);
-}
-
-/* Like getopt_long, but '-' as well as '--' can indicate a long option.
- If an option that starts with '-' (not '--') doesn't match a long option,
- but does match a short option, it is parsed as a short option
- instead. */
-
-int
-getopt_long_only (argc, argv, options, long_options, opt_index)
- int argc;
- char *const *argv;
- const char *options;
- const struct option *long_options;
- int *opt_index;
-{
- return _getopt_internal (argc, argv, options, long_options, opt_index, 1);
-}
-
-
-#endif /* Not ELIDE_CODE. */
-\f
-#ifdef TEST
-
-#include <stdio.h>
-
-int
-main (argc, argv)
- int argc;
- char **argv;
-{
- int c;
- int digit_optind = 0;
-
- while (1)
- {
- int this_option_optind = optind ? optind : 1;
- int option_index = 0;
- static struct option long_options[] =
- {
- {"add", 1, 0, 0},
- {"append", 0, 0, 0},
- {"delete", 1, 0, 0},
- {"verbose", 0, 0, 0},
- {"create", 0, 0, 0},
- {"file", 1, 0, 0},
- {0, 0, 0, 0}
- };
-
- c = getopt_long (argc, argv, "abc:d:0123456789",
- long_options, &option_index);
- if (c == -1)
- break;
-
- switch (c)
- {
- case 0:
- printf ("option %s", long_options[option_index].name);
- if (optarg)
- printf (" with arg %s", optarg);
- printf ("\n");
- break;
-
- case '0':
- case '1':
- case '2':
- case '3':
- case '4':
- case '5':
- case '6':
- case '7':
- case '8':
- case '9':
- if (digit_optind != 0 && digit_optind != this_option_optind)
- printf ("digits occur in two different argv-elements.\n");
- digit_optind = this_option_optind;
- printf ("option %c\n", c);
- break;
-
- case 'a':
- printf ("option a\n");
- break;
-
- case 'b':
- printf ("option b\n");
- break;
-
- case 'c':
- printf ("option c with value `%s'\n", optarg);
- break;
-
- case 'd':
- printf ("option d with value `%s'\n", optarg);
- break;
-
- case '?':
- break;
-
- default:
- printf ("?? getopt returned character code 0%o ??\n", c);
- }
- }
-
- if (optind < argc)
- {
- printf ("non-option ARGV-elements: ");
- while (optind < argc)
- printf ("%s ", argv[optind++]);
- printf ("\n");
- }
-
- exit (0);
-}
-
-#endif /* TEST */
/*
graph.c -- graph algorithms
- Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2001-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
n->name, n->hostname);
}
- if(experimental && OPTION_VERSION(n->options) >= 2)
- n->status.sptps = true;
-
/* TODO: only clear status.validkey if node is unreachable? */
n->status.validkey = false;
- if(n->status.sptps) {
- sptps_stop(&n->sptps);
- n->status.waitingforkey = false;
- }
+ sptps_stop(&n->sptps);
+ n->status.waitingforkey = false;
n->last_req_key = 0;
n->status.udp_confirmed = false;
memset(&n->status, 0, sizeof n->status);
n->options = 0;
} else if(n->connection) {
- if(n->status.sptps) {
- if(n->connection->outgoing)
- send_req_key(n);
- } else {
- send_ans_key(n);
- }
+ if(n->connection->outgoing)
+ send_req_key(n);
}
}
}
/*
graph.h -- header for graph.c
- Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
- 2001-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
hash.c -- hash table management
- Copyright (C) 2012-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
hash.h -- header file for hash.c
- Copyright (C) 2012 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
have.h -- include headers which are known to exist
- Copyright (C) 1998-2005 Ivo Timmermans
- 2003-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include <net/if_types.h>
#endif
-#ifdef HAVE_NET_IF_TUN_H
-#include <net/if_tun.h>
-#endif
-
-#ifdef HAVE_NET_TUN_IF_TUN_H
-#include <net/tun/if_tun.h>
-#endif
-
-#ifdef HAVE_NET_IF_TAP_H
-#include <net/if_tap.h>
-#endif
-
-#ifdef HAVE_NET_TAP_IF_TAP_H
-#include <net/tap/if_tap.h>
-#endif
-
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#include <netinet/ip6.h>
#endif
-#ifdef HAVE_NET_ETHERNET_H
-#include <net/ethernet.h>
-#endif
-
-#ifdef HAVE_NET_IF_ARP_H
-#include <net/if_arp.h>
-#endif
-
-#ifdef HAVE_NETINET_IP_ICMP_H
-#include <netinet/ip_icmp.h>
-#endif
-
-#ifdef HAVE_NETINET_ICMP6_H
-#include <netinet/icmp6.h>
-#endif
-
-#ifdef HAVE_NETINET_IF_ETHER_H
-#include <netinet/if_ether.h>
-#endif
-
#ifdef HAVE_MINGW
#define SLASH "\\"
#else
/*
invitation.c -- Create and accept invitations
- Copyright (C) 2013-2014 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "ecdsagen.h"
#include "invitation.h"
#include "netutl.h"
-#include "rsagen.h"
#include "sptps.h"
#include "tincctl.h"
#include "utils.h"
sptps_send_record(&sptps, 1, b64key, strlen(b64key));
free(b64key);
-
- rsa_t *rsa = rsa_generate(2048, 0x1001);
- xasprintf(&filename, "%s" SLASH "rsa_key.priv", confbase);
- f = fopenmask(filename, "w", 0600);
-
- rsa_write_pem_private_key(rsa, f);
- fclose(f);
-
- rsa_write_pem_public_key(rsa, fh);
- fclose(fh);
-
ecdsa_free(key);
- rsa_free(rsa);
check_port(name);
/*
invitation.h -- header for invitation.c.
- Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
+++ /dev/null
-/*
- ipv4.h -- missing IPv4 related definitions
- Copyright (C) 2005 Ivo Timmermans
- 2006-2012 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef __TINC_IPV4_H__
-#define __TINC_IPV4_H__
-
-#ifndef AF_INET
-#define AF_INET 2
-#endif
-
-#ifndef IPPROTO_ICMP
-#define IPPROTO_ICMP 1
-#endif
-
-#ifndef ICMP_DEST_UNREACH
-#define ICMP_DEST_UNREACH 3
-#endif
-
-#ifndef ICMP_FRAG_NEEDED
-#define ICMP_FRAG_NEEDED 4
-#endif
-
-#ifndef ICMP_NET_UNKNOWN
-#define ICMP_NET_UNKNOWN 6
-#endif
-
-#ifndef ICMP_TIME_EXCEEDED
-#define ICMP_TIME_EXCEEDED 11
-#endif
-
-#ifndef ICMP_EXC_TTL
-#define ICMP_EXC_TTL 0
-#endif
-
-#ifndef ICMP_NET_UNREACH
-#define ICMP_NET_UNREACH 0
-#endif
-
-#ifndef ICMP_NET_ANO
-#define ICMP_NET_ANO 9
-#endif
-
-#ifndef IP_MSS
-#define IP_MSS 576
-#endif
-
-#ifndef HAVE_STRUCT_IP
-struct ip {
-#if __BYTE_ORDER == __LITTLE_ENDIAN
- unsigned int ip_hl:4;
- unsigned int ip_v:4;
-#else
- unsigned int ip_v:4;
- unsigned int ip_hl:4;
-#endif
- uint8_t ip_tos;
- uint16_t ip_len;
- uint16_t ip_id;
- uint16_t ip_off;
-#define IP_RF 0x8000
-#define IP_DF 0x4000
-#define IP_MF 0x2000
- uint8_t ip_ttl;
- uint8_t ip_p;
- uint16_t ip_sum;
- struct in_addr ip_src, ip_dst;
-} __attribute__ ((__packed__));
-#endif
-
-#ifndef IP_OFFMASK
-#define IP_OFFMASK 0x1fff
-#endif
-
-#ifndef HAVE_STRUCT_ICMP
-struct icmp {
- uint8_t icmp_type;
- uint8_t icmp_code;
- uint16_t icmp_cksum;
- union {
- uint8_t ih_pptr;
- struct in_addr ih_gwaddr;
- struct ih_idseq {
- uint16_t icd_id;
- uint16_t icd_seq;
- } ih_idseq;
- uint32_t ih_void;
-
-
- struct ih_pmtu {
- uint16_t ipm_void;
- uint16_t ipm_nextmtu;
- } ih_pmtu;
-
- struct ih_rtradv {
- uint8_t irt_num_addrs;
- uint8_t irt_wpa;
- uint16_t irt_lifetime;
- } ih_rtradv;
- } icmp_hun;
-#define icmp_pptr icmp_hun.ih_pptr
-#define icmp_gwaddr icmp_hun.ih_gwaddr
-#define icmp_id icmp_hun.ih_idseq.icd_id
-#define icmp_seq icmp_hun.ih_idseq.icd_seq
-#define icmp_void icmp_hun.ih_void
-#define icmp_pmvoid icmp_hun.ih_pmtu.ipm_void
-#define icmp_nextmtu icmp_hun.ih_pmtu.ipm_nextmtu
-#define icmp_num_addrs icmp_hun.ih_rtradv.irt_num_addrs
-#define icmp_wpa icmp_hun.ih_rtradv.irt_wpa
-#define icmp_lifetime icmp_hun.ih_rtradv.irt_lifetime
- union {
- struct {
- uint32_t its_otime;
- uint32_t its_rtime;
- uint32_t its_ttime;
- } id_ts;
- struct {
- struct ip idi_ip;
- } id_ip;
- uint32_t id_mask;
- uint8_t id_data[1];
- } icmp_dun;
-#define icmp_otime icmp_dun.id_ts.its_otime
-#define icmp_rtime icmp_dun.id_ts.its_rtime
-#define icmp_ttime icmp_dun.id_ts.its_ttime
-#define icmp_ip icmp_dun.id_ip.idi_ip
-#define icmp_radv icmp_dun.id_radv
-#define icmp_mask icmp_dun.id_mask
-#define icmp_data icmp_dun.id_data
-} __attribute__ ((__packed__));
-#endif
-
-#endif /* __TINC_IPV4_H__ */
+++ /dev/null
-/*
- ipv6.h -- missing IPv6 related definitions
- Copyright (C) 2005 Ivo Timmermans
- 2006-2012 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef __TINC_IPV6_H__
-#define __TINC_IPV6_H__
-
-#ifndef AF_INET6
-#define AF_INET6 10
-#endif
-
-#ifndef IPPROTO_ICMPV6
-#define IPPROTO_ICMPV6 58
-#endif
-
-#ifndef HAVE_STRUCT_IN6_ADDR
-struct in6_addr {
- union {
- uint8_t u6_addr8[16];
- uint16_t u6_addr16[8];
- uint32_t u6_addr32[4];
- } in6_u;
-} __attribute__ ((__packed__));
-#define s6_addr in6_u.u6_addr8
-#define s6_addr16 in6_u.u6_addr16
-#define s6_addr32 in6_u.u6_addr32
-#endif
-
-#ifndef HAVE_STRUCT_SOCKADDR_IN6
-struct sockaddr_in6 {
- uint16_t sin6_family;
- uint16_t sin6_port;
- uint32_t sin6_flowinfo;
- struct in6_addr sin6_addr;
- uint32_t sin6_scope_id;
-} __attribute__ ((__packed__));
-#endif
-
-#ifndef IN6_IS_ADDR_V4MAPPED
-#define IN6_IS_ADDR_V4MAPPED(a) \
- ((((__const uint32_t *) (a))[0] == 0) \
- && (((__const uint32_t *) (a))[1] == 0) \
- && (((__const uint32_t *) (a))[2] == htonl (0xffff)))
-#endif
-
-#ifndef HAVE_STRUCT_IP6_HDR
-struct ip6_hdr {
- union {
- struct ip6_hdrctl {
- uint32_t ip6_un1_flow;
- uint16_t ip6_un1_plen;
- uint8_t ip6_un1_nxt;
- uint8_t ip6_un1_hlim;
- } ip6_un1;
- uint8_t ip6_un2_vfc;
- } ip6_ctlun;
- struct in6_addr ip6_src;
- struct in6_addr ip6_dst;
-} __attribute__ ((__packed__));
-#define ip6_vfc ip6_ctlun.ip6_un2_vfc
-#define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow
-#define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen
-#define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt
-#define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim
-#define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim
-#endif
-
-#ifndef HAVE_STRUCT_ICMP6_HDR
-struct icmp6_hdr {
- uint8_t icmp6_type;
- uint8_t icmp6_code;
- uint16_t icmp6_cksum;
- union {
- uint32_t icmp6_un_data32[1];
- uint16_t icmp6_un_data16[2];
- uint8_t icmp6_un_data8[4];
- } icmp6_dataun;
-} __attribute__ ((__packed__));
-#define ICMP6_DST_UNREACH_NOROUTE 0
-#define ICMP6_DST_UNREACH 1
-#define ICMP6_PACKET_TOO_BIG 2
-#define ICMP6_TIME_EXCEEDED 3
-#define ICMP6_DST_UNREACH_ADMIN 1
-#define ICMP6_DST_UNREACH_ADDR 3
-#define ICMP6_TIME_EXCEED_TRANSIT 0
-#define ND_NEIGHBOR_SOLICIT 135
-#define ND_NEIGHBOR_ADVERT 136
-#define icmp6_data32 icmp6_dataun.icmp6_un_data32
-#define icmp6_data16 icmp6_dataun.icmp6_un_data16
-#define icmp6_data8 icmp6_dataun.icmp6_un_data8
-#define icmp6_mtu icmp6_data32[0]
-#endif
-
-#ifndef HAVE_STRUCT_ND_NEIGHBOR_SOLICIT
-struct nd_neighbor_solicit {
- struct icmp6_hdr nd_ns_hdr;
- struct in6_addr nd_ns_target;
-} __attribute__ ((__packed__));
-#define ND_OPT_SOURCE_LINKADDR 1
-#define ND_OPT_TARGET_LINKADDR 2
-#define nd_ns_type nd_ns_hdr.icmp6_type
-#define nd_ns_code nd_ns_hdr.icmp6_code
-#define nd_ns_cksum nd_ns_hdr.icmp6_cksum
-#define nd_ns_reserved nd_ns_hdr.icmp6_data32[0]
-#endif
-
-#ifndef HAVE_STRUCT_ND_OPT_HDR
-struct nd_opt_hdr {
- uint8_t nd_opt_type;
- uint8_t nd_opt_len;
-} __attribute__ ((__packed__));
-#endif
-
-#endif /* __TINC_IPV6_H__ */
/*
libmeshlink.h -- Tincd Library
- Copyright (C) 2014 Guus Sliepen <guus@tinc-vpn.org> Saverio Proto <zioproto@gmail.com>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io> Saverio Proto <zioproto@gmail.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "libmeshlink.h"
-#include LZO1X_H
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
return true;
}
-/*
- Generate a public/private RSA keypair, and ask for a file to store
- them in.
-*/
-bool rsa_keygen(int bits, bool ask) {
- rsa_t *key;
- FILE *f;
- char *pubname, *privname;
-
- fprintf(stderr, "Generating %d bits keys:\n", bits);
-
- if(!(key = rsa_generate(bits, 0x10001))) {
- fprintf(stderr, "Error during key generation!\n");
- return false;
- } else
- fprintf(stderr, "Done.\n");
-
- xasprintf(&privname, "%s" SLASH "rsa_key.priv", confbase);
- f = ask_and_open(privname, "private RSA key", "a", ask, 0600);
- free(privname);
-
- if(!f)
- return false;
-
- if(!rsa_write_pem_private_key(key, f)) {
- fprintf(stderr, "Error writing private key!\n");
- fclose(f);
- rsa_free(key);
- return false;
- }
-
- fclose(f);
-
- if(name)
- xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name);
- else
- xasprintf(&pubname, "%s" SLASH "rsa_key.pub", confbase);
-
- f = ask_and_open(pubname, "public RSA key", "a", ask, 0666);
- free(pubname);
-
- if(!f)
- return false;
-
- if(!rsa_write_pem_public_key(key, f)) {
- fprintf(stderr, "Error writing public key!\n");
- fclose(f);
- rsa_free(key);
- return false;
- }
-
- fclose(f);
- rsa_free(key);
-
- return true;
-}
-
static bool try_bind(int port) {
struct addrinfo *ai = NULL;
struct addrinfo hint = {
fprintf(f, "Name = %s\n", name);
fclose(f);
- if(!rsa_keygen(2048, false) || !ecdsa_keygen(false))
+ if(!ecdsa_keygen(false))
return false;
check_port(name);
if(!read_server_config())
return false;
-#ifdef HAVE_LZO
- if(lzo_init() != LZO_E_OK) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error initializing LZO compressor!");
- return false;
- }
-#endif
-
//char *priority = NULL; //shoud be not needed in libmeshlink
#ifdef HAVE_MLOCKALL
crypto_exit();
exit_configuration(&config_tree);
- free(cmdline_conf);
return status;
/*
libmeshlink.h -- Tincd Library
- Copyright (C) 2014 Guus Sliepen <guus@tinc-vpn.org> Saverio Proto <zioproto@gmail.com>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io> Saverio Proto <zioproto@gmail.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
list.c -- functions to deal with double linked lists
- Copyright (C) 2000-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
list.h -- header file for list.c
- Copyright (C) 2000-2005 Ivo Timmermans
- 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
logger.c -- logging code
- Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
- 2004-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
logger.h -- header file for logger.c
- Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
meta.c -- handle the meta communication
- Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2000-2005 Ivo Timmermans
- 2006 Scott Lamb <slamb@slamb.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>,
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length,
c->name, c->hostname);
- if(c->protocol_minor >= 2)
- return sptps_send_record(&c->sptps, 0, buffer, length);
-
- /* Add our data to buffer */
- if(c->status.encryptout) {
- size_t outlen = length;
-
- if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting metadata to %s (%s)",
- c->name, c->hostname);
- return false;
- }
- } else {
- buffer_add(&c->outbuf, buffer, length);
- }
-
- io_set(&c->io, IO_READ | IO_WRITE);
-
- return true;
+ return sptps_send_record(&c->sptps, 0, buffer, length);
}
void broadcast_meta(connection_t *from, const char *buffer, int length) {
return false;
}
- do {
- if(c->protocol_minor >= 2)
- return sptps_receive_data(&c->sptps, bufp, inlen);
-
- if(!c->status.decryptin) {
- endp = memchr(bufp, '\n', inlen);
- if(endp)
- endp++;
- else
- endp = bufp + inlen;
-
- buffer_add(&c->inbuf, bufp, endp - bufp);
-
- inlen -= endp - bufp;
- bufp = endp;
- } else {
- size_t outlen = inlen;
-
- if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting metadata from %s (%s)",
- c->name, c->hostname);
- return false;
- }
-
- inlen = 0;
- }
-
- while(c->inbuf.len) {
- /* Are we receiving a TCPpacket? */
-
- if(c->tcplen) {
- char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
- if(!tcpbuffer)
- break;
-
- if(!c->node) {
- if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
- if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
- logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
- } else {
- logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
- return false;
- }
- } else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
- if(tcpbuffer[0] != 5) {
- logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
- return false;
- }
- if(tcpbuffer[1] == (char)0xff) {
- logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
- return false;
- }
- if(tcpbuffer[2] != 5) {
- logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
- return false;
- }
- if(tcpbuffer[3] == 0) {
- logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
- } else {
- logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
- return false;
- }
- } else {
- logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
- abort();
- }
- } else {
- if(c->allow_request == ALL) {
- receive_tcppacket(c, tcpbuffer, c->tcplen);
- } else {
- logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
- return false;
- }
- }
-
- c->tcplen = 0;
- }
-
- /* Otherwise we are waiting for a request */
-
- char *request = buffer_readline(&c->inbuf);
- if(request) {
- bool result = receive_request(c, request);
- if(!result)
- return false;
- continue;
- } else {
- break;
- }
- }
- } while(inlen);
-
- return true;
+ return sptps_receive_data(&c->sptps, bufp, inlen);
}
/*
meta.h -- header for meta.c
- Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
- 2000-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
net.c -- most of the network code
- Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
- 2006 Scott Lamb <slamb@slamb.org>
- 2011 Loïc Grenié <loic.grenie@gmail.com>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Purging node %s (%s)", n->name, n->hostname);
for splay_each(edge_t, e, n->edge_tree) {
- if(!tunnelserver)
- send_del_edge(everyone, e);
+ send_del_edge(everyone, e);
edge_del(e);
}
}
c->node->connection = NULL;
if(c->edge) {
- if(report && !tunnelserver)
+ if(report)
send_del_edge(everyone, c->edge);
edge_del(c->edge);
edge_t *e;
e = lookup_edge(c->node, myself);
if(e) {
- if(!tunnelserver)
- send_del_edge(everyone, e);
+ send_del_edge(everyone, e);
edge_del(e);
}
}
return EINVAL;
}
- read_config_options(config_tree, NULL);
-
xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, myself->name);
read_config_file(config_tree, fname);
free(fname);
/*
net.h -- header for net.c
- Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#ifndef __TINC_NET_H__
#define __TINC_NET_H__
-#include "ipv6.h"
#include "cipher.h"
#include "digest.h"
#include "event.h"
extern listen_socket_t listen_socket[MAXSOCKETS];
extern int listen_sockets;
extern int keylifetime;
-extern int udp_rcvbuf;
-extern int udp_sndbuf;
extern int max_connection_burst;
extern bool do_prune;
extern char *myport;
extern void terminate_connection(struct connection_t *, bool);
extern bool node_read_ecdsa_public_key(struct node_t *);
extern bool read_ecdsa_public_key(struct connection_t *);
-extern bool read_rsa_public_key(struct connection_t *);
extern void send_mtu_probe(struct node_t *);
extern void handle_device_data(void *, int);
extern void handle_meta_connection_data(struct connection_t *);
/*
net_packet.c -- Handles in- and outgoing VPN packets
- Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
- 2010 Timothy Redaelli <timothy@redaelli.eu>
- 2010 Brandon Black <blblack@gmail.com>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include <zlib.h>
#endif
-#ifdef HAVE_LZO
-#include LZO1X_H
-#endif
-
#include "cipher.h"
#include "conf.h"
#include "connection.h"
#include "crypto.h"
#include "digest.h"
-#include "ethernet.h"
#include "graph.h"
#include "logger.h"
#include "net.h"
#include "xalloc.h"
int keylifetime = 0;
-#ifdef HAVE_LZO
-static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS];
-#endif
static void send_udppacket(node_t *, vpn_packet_t *);
}
static void mtu_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
- if(!packet->data[0]) {
- logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe request %d from %s (%s)", packet->len, n->name, n->hostname);
+ logger(DEBUG_TRAFFIC, LOG_INFO, "Got MTU probe length %d from %s (%s)", packet->len, n->name, n->hostname);
+ if(!packet->data[0]) {
/* It's a probe request, send back a reply */
- /* Type 2 probe replies were introduced in protocol 17.3 */
- if ((n->options >> 24) == 3) {
- uint8_t* data = packet->data;
- *data++ = 2;
- uint16_t len16 = htons(len); memcpy(data, &len16, 2); data += 2;
- struct timeval now;
- gettimeofday(&now, NULL);
- uint32_t sec = htonl(now.tv_sec); memcpy(data, &sec, 4); data += 4;
- uint32_t usec = htonl(now.tv_usec); memcpy(data, &usec, 4); data += 4;
- packet->len = data - packet->data;
- } else {
- /* Legacy protocol: n won't understand type 2 probe replies. */
- packet->data[0] = 1;
- }
+ packet->data[0] = 1;
/* Temporarily set udp_confirmed, so that the reply is sent
back exactly the way it came in. */
send_udppacket(n, packet);
n->status.udp_confirmed = udp_confirmed;
} else {
- length_t probelen = len;
- if (packet->data[0] == 2) {
- if (len < 3)
- logger(DEBUG_TRAFFIC, LOG_WARNING, "Received invalid (too short) MTU probe reply from %s (%s)", n->name, n->hostname);
- else {
- uint16_t probelen16; memcpy(&probelen16, packet->data + 1, 2); probelen = ntohs(probelen16);
- }
- }
- logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d MTU probe reply %d from %s (%s)", packet->data[0], probelen, n->name, n->hostname);
-
/* It's a valid reply: now we know bidirectional communication
is possible using the address and socket that the reply
packet used. */
/* If we haven't established the PMTU yet, restart the discovery process. */
if(n->mtuprobes > 30) {
- if (probelen == n->maxmtu + 8) {
+ if (len == n->maxmtu + 8) {
logger(DEBUG_TRAFFIC, LOG_INFO, "Increase in PMTU to %s (%s) detected, restarting PMTU discovery", n->name, n->hostname);
n->maxmtu = MTU;
n->mtuprobes = 10;
/* If applicable, raise the minimum supported MTU */
- if(probelen > n->maxmtu)
- probelen = n->maxmtu;
- if(n->minmtu < probelen)
- n->minmtu = probelen;
+ if(len > n->maxmtu)
+ len = n->maxmtu;
+ if(n->minmtu < len)
+ n->minmtu = len;
/* Calculate RTT and bandwidth.
The RTT is the time between the MTU probe burst was sent and the first
reply is received. The bandwidth is measured using the time between the
- arrival of the first and third probe reply (or type 2 probe requests).
+ arrival of the first and third probe reply.
*/
struct timeval now, diff;
gettimeofday(&now, NULL);
timersub(&now, &n->probe_time, &diff);
-
- struct timeval probe_timestamp = now;
- if (packet->data[0] == 2 && packet->len >= 11) {
- uint32_t sec; memcpy(&sec, packet->data + 3, 4);
- uint32_t usec; memcpy(&usec, packet->data + 7, 4);
- probe_timestamp.tv_sec = ntohl(sec);
- probe_timestamp.tv_usec = ntohl(usec);
- }
n->probe_counter++;
if(n->probe_counter == 1) {
n->rtt = diff.tv_sec + diff.tv_usec * 1e-6;
- n->probe_time = probe_timestamp;
+ n->probe_time = now;
} else if(n->probe_counter == 3) {
- struct timeval probe_timestamp_diff;
- timersub(&probe_timestamp, &n->probe_time, &probe_timestamp_diff);
- n->bandwidth = 2.0 * probelen / (probe_timestamp_diff.tv_sec + probe_timestamp_diff.tv_usec * 1e-6);
+ n->bandwidth = 2.0 * len / (diff.tv_sec + diff.tv_usec * 1e-6);
logger(DEBUG_TRAFFIC, LOG_DEBUG, "%s (%s) RTT %.2f ms, burst bandwidth %.3f Mbit/s, rx packet loss %.2f %%", n->name, n->hostname, n->rtt * 1e3, n->bandwidth * 8e-6, n->packetloss * 1e2);
}
}
memcpy(dest, source, len);
return len;
} else if(level == 10) {
-#ifdef HAVE_LZO
- lzo_uint lzolen = MAXSIZE;
- lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem);
- return lzolen;
-#else
return -1;
-#endif
} else if(level < 10) {
#ifdef HAVE_ZLIB
unsigned long destlen = MAXSIZE;
#endif
return -1;
} else {
-#ifdef HAVE_LZO
- lzo_uint lzolen = MAXSIZE;
- lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem);
- return lzolen;
-#else
return -1;
-#endif
}
return -1;
memcpy(dest, source, len);
return len;
} else if(level > 9) {
-#ifdef HAVE_LZO
- lzo_uint lzolen = MAXSIZE;
- if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK)
- return lzolen;
- else
-#endif
return -1;
}
#ifdef HAVE_ZLIB
}
static bool try_mac(node_t *n, const vpn_packet_t *inpkt) {
- if(n->status.sptps)
- return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
-
- if(!digest_active(n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest))
- return false;
-
- return digest_verify(n->indigest, &inpkt->seqno, inpkt->len - digest_length(n->indigest), (const char *)&inpkt->seqno + inpkt->len - digest_length(n->indigest));
+ return sptps_verify_datagram(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
}
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
vpn_packet_t *outpkt = pkt[0];
size_t outlen;
- if(n->status.sptps) {
- if(!n->sptps.state) {
- if(!n->status.waitingforkey) {
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
- send_req_key(n);
- } else {
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
- }
- return;
+ if(!n->sptps.state) {
+ if(!n->status.waitingforkey) {
+ logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but we haven't exchanged keys yet", n->name, n->hostname);
+ send_req_key(n);
+ } else {
+ logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
}
- sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
return;
}
-
- if(!cipher_active(n->incipher)) {
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got packet from %s (%s) but he hasn't got our key yet", n->name, n->hostname);
- return;
- }
-
- /* Check packet length */
-
- if(inpkt->len < sizeof inpkt->seqno + digest_length(n->indigest)) {
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got too short packet from %s (%s)",
- n->name, n->hostname);
- return;
- }
-
- /* Check the message authentication code */
-
- if(digest_active(n->indigest)) {
- inpkt->len -= digest_length(n->indigest);
- if(!digest_verify(n->indigest, &inpkt->seqno, inpkt->len, (const char *)&inpkt->seqno + inpkt->len)) {
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Got unauthenticated packet from %s (%s)", n->name, n->hostname);
- return;
- }
- }
- /* Decrypt the packet */
-
- if(cipher_active(n->incipher)) {
- outpkt = pkt[nextpkt++];
- outlen = MAXSIZE;
-
- if(!cipher_decrypt(n->incipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Error decrypting packet from %s (%s)", n->name, n->hostname);
- return;
- }
-
- outpkt->len = outlen;
- inpkt = outpkt;
- }
-
- /* Check the sequence number */
-
- inpkt->len -= sizeof inpkt->seqno;
- inpkt->seqno = ntohl(inpkt->seqno);
-
- if(replaywin) {
- if(inpkt->seqno != n->received_seqno + 1) {
- if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
- if(n->farfuture++ < replaywin >> 2) {
- logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
- n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
- return;
- }
- logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
- inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
- memset(n->late, 0, replaywin);
- } else if (inpkt->seqno <= n->received_seqno) {
- if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
- logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
- n->name, n->hostname, inpkt->seqno, n->received_seqno);
- return;
- }
- } else {
- for(int i = n->received_seqno + 1; i < inpkt->seqno; i++)
- n->late[(i / 8) % replaywin] |= 1 << i % 8;
- }
- }
-
- n->farfuture = 0;
- n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
- }
-
- if(inpkt->seqno > n->received_seqno)
- n->received_seqno = inpkt->seqno;
-
- n->received++;
-
- if(n->received_seqno > MAX_SEQNO)
- regenerate_key();
-
- /* Decompress the packet */
-
- length_t origlen = inpkt->len;
-
- if(n->incompression) {
- outpkt = pkt[nextpkt++];
-
- if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, n->incompression)) < 0) {
- logger(DEBUG_TRAFFIC, LOG_ERR, "Error while uncompressing packet from %s (%s)",
- n->name, n->hostname);
- return;
- }
-
- inpkt = outpkt;
-
- origlen -= MTU/64 + 20;
- }
-
- inpkt->priority = 0;
-
- if(!inpkt->data[12] && !inpkt->data[13])
- mtu_probe_h(n, inpkt, origlen);
- else
- receive_packet(n, inpkt);
+ sptps_receive_data(&n->sptps, (char *)&inpkt->seqno, inpkt->len);
}
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
return;
}
- if(n->status.sptps)
- return send_sptps_packet(n, origpkt);
-
- /* Make sure we have a valid key */
-
- if(!n->status.validkey) {
- logger(DEBUG_TRAFFIC, LOG_INFO,
- "No valid key known yet for %s (%s), forwarding via TCP",
- n->name, n->hostname);
-
- if(n->last_req_key + 10 <= now.tv_sec) {
- send_req_key(n);
- n->last_req_key = now.tv_sec;
- }
-
- send_tcppacket(n->nexthop->connection, origpkt);
-
- return;
- }
-
- if(n->options & OPTION_PMTU_DISCOVERY && inpkt->len > n->minmtu && (inpkt->data[12] | inpkt->data[13])) {
- logger(DEBUG_TRAFFIC, LOG_INFO,
- "Packet for %s (%s) larger than minimum MTU, forwarding via %s",
- n->name, n->hostname, n != n->nexthop ? n->nexthop->name : "TCP");
-
- if(n != n->nexthop)
- send_packet(n->nexthop, origpkt);
- else
- send_tcppacket(n->nexthop->connection, origpkt);
-
- return;
- }
-
- /* Compress the packet */
-
- if(n->outcompression) {
- outpkt = pkt[nextpkt++];
-
- if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->outcompression)) < 0) {
- logger(DEBUG_TRAFFIC, LOG_ERR, "Error while compressing packet to %s (%s)",
- n->name, n->hostname);
- return;
- }
-
- inpkt = outpkt;
- }
-
- /* Add sequence number */
-
- inpkt->seqno = htonl(++(n->sent_seqno));
- inpkt->len += sizeof inpkt->seqno;
-
- /* Encrypt the packet */
-
- if(cipher_active(n->outcipher)) {
- outpkt = pkt[nextpkt++];
- outlen = MAXSIZE;
-
- if(!cipher_encrypt(n->outcipher, &inpkt->seqno, inpkt->len, &outpkt->seqno, &outlen, true)) {
- logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
- goto end;
- }
-
- outpkt->len = outlen;
- inpkt = outpkt;
- }
-
- /* Add the message authentication code */
-
- if(digest_active(n->outdigest)) {
- if(!digest_create(n->outdigest, &inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len)) {
- logger(DEBUG_TRAFFIC, LOG_ERR, "Error while encrypting packet to %s (%s)", n->name, n->hostname);
- goto end;
- }
-
- inpkt->len += digest_length(n->outdigest);
- }
-
- /* Send the packet */
-
- const sockaddr_t *sa;
- int sock;
-
- if(n->status.broadcast)
- choose_broadcast_address(n, &sa, &sock);
- else
- choose_udp_address(n, &sa, &sock);
-
-#if defined(SOL_IP) && defined(IP_TOS)
- if(priorityinheritance && origpriority != priority
- && listen_socket[n->sock].sa.sa.sa_family == AF_INET) {
- priority = origpriority;
- logger(DEBUG_TRAFFIC, LOG_DEBUG, "Setting outgoing packet priority to %d", priority);
- if(setsockopt(listen_socket[n->sock].udp.fd, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setsockopt", strerror(errno));
- }
-#endif
-
- if(sendto(listen_socket[sock].udp.fd, (char *) &inpkt->seqno, inpkt->len, 0, &sa->sa, SALEN(sa->sa)) < 0 && !sockwouldblock(sockerrno)) {
- if(sockmsgsize(sockerrno)) {
- if(n->maxmtu >= origlen)
- n->maxmtu = origlen - 1;
- if(n->mtu >= origlen)
- n->mtu = origlen - 1;
- } else
- logger(DEBUG_TRAFFIC, LOG_WARNING, "Error sending packet to %s (%s): %s", n->name, n->hostname, sockstrerror(sockerrno));
- }
-
-end:
- origpkt->len = origlen;
+ return send_sptps_packet(n, origpkt);
}
bool send_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
node_t *via;
if(n == myself) {
- if(overwrite_mac)
- memcpy(packet->data, mymac.x, ETH_ALEN);
n->out_packets++;
n->out_bytes += packet->len;
// TODO: send to application
n->out_packets++;
n->out_bytes += packet->len;
- if(n->status.sptps) {
- send_sptps_packet(n, packet);
- return;
- }
-
- via = (packet->priority == -1 || n->via == myself) ? n->nexthop : n->via;
-
- if(via != n)
- logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet to %s via %s (%s)",
- n->name, via->name, n->via->hostname);
-
- if(packet->priority == -1 || ((myself->options | via->options) & OPTION_TCPONLY)) {
- if(!send_tcppacket(via->connection, packet))
- terminate_connection(via->connection, true);
- } else
- send_udppacket(via, packet);
+ send_sptps_packet(n, packet);
+ return;
}
/* Broadcast a packet using the minimum spanning tree */
if(from != myself)
send_packet(myself, packet);
- // In TunnelServer mode, do not forward broadcast packets.
- // The MST might not be valid and create loops.
- if(tunnelserver || broadcast_mode == BMODE_NONE)
- return;
-
logger(DEBUG_TRAFFIC, LOG_INFO, "Broadcasting packet of %d bytes from %s (%s)",
packet->len, from->name, from->hostname);
/*
net_setup.c -- Setup.
- Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
- 2006 Scott Lamb <slamb@slamb.org>
- 2010 Brandon Black <blblack@gmail.com>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "netutl.h"
#include "protocol.h"
#include "route.h"
-#include "rsa.h"
#include "utils.h"
#include "xalloc.h"
return c->ecdsa;
}
-bool read_rsa_public_key(connection_t *c) {
- if(ecdsa_active(c->ecdsa))
- return true;
-
- FILE *fp;
- char *fname;
- char *n;
-
- /* First, check for simple PublicKey statement */
-
- if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) {
- c->rsa = rsa_set_hex_public_key(n, "FFFF");
- free(n);
- return c->rsa;
- }
-
- /* Else, check for PublicKeyFile statement and read it */
-
- if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
- xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
-
- fp = fopen(fname, "r");
-
- if(!fp) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
- free(fname);
- return false;
- }
-
- c->rsa = rsa_read_pem_public_key(fp);
- fclose(fp);
-
- if(!c->rsa)
- logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno));
- free(fname);
- return c->rsa;
-}
-
static bool read_ecdsa_private_key(void) {
FILE *fp;
char *fname;
return invitation_key;
}
-static bool read_rsa_private_key(void) {
- FILE *fp;
- char *fname;
- char *n, *d;
-
- /* First, check for simple PrivateKey statement */
-
- if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) {
- if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!");
- free(d);
- return false;
- }
- myself->connection->rsa = rsa_set_hex_private_key(n, "FFFF", d);
- free(n);
- free(d);
- return myself->connection->rsa;
- }
-
- /* Else, check for PrivateKeyFile statement and read it */
-
- if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
- xasprintf(&fname, "%s" SLASH "rsa_key.priv", confbase);
-
- fp = fopen(fname, "r");
-
- if(!fp) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s",
- fname, strerror(errno));
- free(fname);
- return false;
- }
-
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
- struct stat s;
-
- if(fstat(fileno(fp), &s)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
- free(fname);
- return false;
- }
-
- if(s.st_mode & ~0100700)
- logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
-#endif
-
- myself->connection->rsa = rsa_read_pem_private_key(fp);
- fclose(fp);
-
- if(!myself->connection->rsa)
- logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno));
- free(fname);
- return myself->connection->rsa;
-}
-
static timeout_t keyexpire_timeout;
static void keyexpire_handler(void *data) {
myself->options |= PROT_MINOR << 24;
- if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) {
- experimental = read_ecdsa_private_key();
- if(!experimental)
- logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
- } else {
- if(experimental && !read_ecdsa_private_key())
- return false;
- }
-
- if(!read_rsa_private_key())
+ if(!read_ecdsa_private_key())
return false;
/* Ensure myport is numeric */
if(!setup_myself_reloadable())
return false;
- get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
-
if(get_config_int(lookup_config(config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
if(max_connection_burst <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
}
}
- if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
- if(udp_rcvbuf <= 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
- return false;
- }
- }
-
- if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
- if(udp_sndbuf <= 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
- return false;
- }
- }
-
int replaywin_int;
if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
if(replaywin_int < 0) {
sptps_replaywin = replaywin;
}
- /* Generate packet encryption key */
-
- if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher))
- cipher = xstrdup("blowfish");
-
- if(!strcasecmp(cipher, "none")) {
- myself->incipher = NULL;
- } else if(!(myself->incipher = cipher_open_by_name(cipher))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
- return false;
- }
-
- free(cipher);
-
timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval){keylifetime, rand() % 100000});
- /* Check if we want to use message authentication codes... */
-
- int maclength = 4;
- get_config_int(lookup_config(config_tree, "MACLength"), &maclength);
-
- if(maclength < 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
- return false;
- }
-
- if(!get_config_string(lookup_config(config_tree, "Digest"), &digest))
- digest = xstrdup("sha1");
-
- if(!strcasecmp(digest, "none")) {
- myself->indigest = NULL;
- } else if(!(myself->indigest = digest_open_by_name(digest, maclength))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
- return false;
- }
-
- free(digest);
-
/* Compression */
if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
myself->via = myself;
myself->status.reachable = true;
myself->last_state_change = now.tv_sec;
- myself->status.sptps = experimental;
node_add(myself);
graph();
/*
net_socket.c -- Handle various kinds of sockets.
- Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
- 2006 Scott Lamb <slamb@slamb.org>
- 2009 Florian Forster <octo@verplant.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
int addressfamily = AF_UNSPEC;
int maxtimeout = 900;
int seconds_till_retry = 5;
-int udp_rcvbuf = 0;
-int udp_sndbuf = 0;
int max_connection_burst = 100;
listen_socket_t listen_socket[MAXSOCKETS];
#endif
}
-static bool bind_to_interface(int sd) {
- char *iface;
-
-#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
- struct ifreq ifr;
- int status;
-#endif /* defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) */
-
- if(!get_config_string (lookup_config (config_tree, "BindToInterface"), &iface))
- return true;
-
-#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
- memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
- ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
-
- status = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr));
- if(status) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
- strerror(errno));
- return false;
- }
-#else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
- logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
-#endif
-
- return true;
-}
-
static bool bind_to_address(connection_t *c) {
int s = -1;
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof option);
setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof option);
- if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf)))
- logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, strerror(errno));
-
- if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf)))
- logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, strerror(errno));
-
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
if(sa->sa.sa_family == AF_INET6)
setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
#warning No way to disable IPv6 fragmentation
#endif
- if (!bind_to_interface(nfd)) {
- closesocket(nfd);
- return -1;
- }
-
if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
closesocket(nfd);
addrstr = sockaddr2hostname(sa);
setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof option);
#endif
- bind_to_interface(c->socket);
bind_to_address(c);
}
c->status.connecting = true;
c->name = xstrdup(outgoing->name);
- c->outcipher = myself->connection->outcipher;
- c->outdigest = myself->connection->outdigest;
- c->outmaclength = myself->connection->outmaclength;
c->outcompression = myself->connection->outcompression;
c->last_ping_time = now.tv_sec;
c = new_connection();
c->name = xstrdup("<unknown>");
- c->outcipher = myself->connection->outcipher;
- c->outdigest = myself->connection->outdigest;
- c->outmaclength = myself->connection->outmaclength;
c->outcompression = myself->connection->outcompression;
c->address = sa;
/*
netutl.c -- some supporting network utility code
- Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
netutl.h -- header file for netutl.c
- Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
node.c -- node tree management
- Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2001-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>,
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
sockaddrfree(&n->address);
- cipher_close(n->incipher);
- digest_close(n->indigest);
- cipher_close(n->outcipher);
- digest_close(n->outdigest);
-
ecdsa_free(n->ecdsa);
sptps_stop(&n->sptps);
/*
node.h -- header for node.c
- Copyright (C) 2001-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2001-2005 Ivo Timmermans
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
unsigned int visited:1; /* 1 if this node has been visited by one of the graph algorithms */
unsigned int reachable:1; /* 1 if this node is reachable in the graph */
unsigned int indirect:1; /* 1 if this node is not directly reachable by us */
- unsigned int sptps:1; /* 1 if this node supports SPTPS */
+ unsigned int unused_sptps:1; /* 1 if this node supports SPTPS */
unsigned int udp_confirmed:1; /* 1 if the address is one that we received UDP traffic on */
unsigned int broadcast:1; /* 1 if the next UDP packet should be broadcast to the local network */
unsigned int unused:23;
ecdsa_t *ecdsa; /* His public ECDSA key */
sptps_t sptps;
- cipher_t *incipher; /* Cipher for UDP packets */
- digest_t *indigest; /* Digest for UDP packets */
-
- cipher_t *outcipher; /* Cipher for UDP packets */
- digest_t *outdigest; /* Digest for UDP packets */
-
int incompression; /* Compressionlevel, 0 = no compression */
int outcompression; /* Compressionlevel, 0 = no compression */
uint32_t received; /* Total valid packets received from this node */
uint32_t prev_received_seqno;
uint32_t prev_received;
- uint32_t farfuture; /* Packets in a row that have arrived from the far future */
unsigned char* late; /* Bitfield marking late packets */
length_t mtu; /* Maximum size of packets to send to this node */
/*
cipher.c -- Symmetric block cipher handling
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
crypto.c -- Cryptographic miscellaneous functions and initialisation
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
digest.c -- Digest handling
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
digest.h -- header file digest.c
- Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
ecdh.c -- Diffie-Hellman key exchange handling
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
ecdsa.c -- ECDSA key handling
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
ecdsagen.c -- ECDSA key generation and export
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
prf.c -- Pseudo-Random Function for key material generation
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
+++ /dev/null
-/*
- rsa.c -- RSA key handling
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "../system.h"
-
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-#define __TINC_RSA_INTERNAL__
-typedef RSA rsa_t;
-
-#include "../logger.h"
-#include "../rsa.h"
-
-// Set RSA keys
-
-rsa_t *rsa_set_hex_public_key(char *n, char *e) {
- rsa_t *rsa = RSA_new();
- if(!rsa)
- return NULL;
-
- if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e)) {
- RSA_free(rsa);
- return false;
- }
-
- return rsa;
-}
-
-rsa_t *rsa_set_hex_private_key(char *n, char *e, char *d) {
- rsa_t *rsa = RSA_new();
- if(!rsa)
- return NULL;
-
- if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e) || BN_hex2bn(&rsa->d, d) != strlen(d)) {
- RSA_free(rsa);
- return false;
- }
-
- return rsa;
-}
-
-// Read PEM RSA keys
-
-rsa_t *rsa_read_pem_public_key(FILE *fp) {
- rsa_t *rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL);
-
- if(!rsa) {
- rewind(fp);
- rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);
- }
-
- if(!rsa)
- logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read RSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
-
- return rsa;
-}
-
-rsa_t *rsa_read_pem_private_key(FILE *fp) {
- rsa_t *rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
-
- if(!rsa)
- logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read RSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
-
- return rsa;
-}
-
-size_t rsa_size(rsa_t *rsa) {
- return RSA_size(rsa);
-}
-
-bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) {
- if(RSA_public_encrypt(len, in, out, rsa, RSA_NO_PADDING) == len)
- return true;
-
- logger(DEBUG_ALWAYS, LOG_ERR, "Unable to perform RSA encryption: %s", ERR_error_string(ERR_get_error(), NULL));
- return false;
-}
-
-bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) {
- if(RSA_private_decrypt(len, in, out, rsa, RSA_NO_PADDING) == len)
- return true;
-
- logger(DEBUG_ALWAYS, LOG_ERR, "Unable to perform RSA decryption: %s", ERR_error_string(ERR_get_error(), NULL));
- return false;
-}
-
-bool rsa_active(rsa_t *rsa) {
- return rsa;
-}
-
-void rsa_free(rsa_t *rsa) {
- if(rsa)
- RSA_free(rsa);
-}
+++ /dev/null
-/*
- rsagen.c -- RSA key generation and export
- Copyright (C) 2008-2013 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#include "../system.h"
-
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-#define __TINC_RSA_INTERNAL__
-typedef RSA rsa_t;
-
-#include "../logger.h"
-#include "../rsagen.h"
-
-/* This function prettyprints the key generation process */
-
-static void indicator(int a, int b, void *p) {
- switch (a) {
- case 0:
- fprintf(stderr, ".");
- break;
-
- case 1:
- fprintf(stderr, "+");
- break;
-
- case 2:
- fprintf(stderr, "-");
- break;
-
- case 3:
- switch (b) {
- case 0:
- fprintf(stderr, " p\n");
- break;
-
- case 1:
- fprintf(stderr, " q\n");
- break;
-
- default:
- fprintf(stderr, "?");
- }
- break;
-
- default:
- fprintf(stderr, "?");
- }
-}
-
-// Generate RSA key
-
-rsa_t *rsa_generate(size_t bits, unsigned long exponent) {
- return RSA_generate_key(bits, exponent, indicator, NULL);
-}
-
-// Write PEM RSA keys
-
-bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) {
- return PEM_write_RSAPublicKey(fp, rsa);
-}
-
-bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
- return PEM_write_RSAPrivateKey(fp, rsa, NULL, NULL, 0, NULL, NULL);
-}
/*
prf.h -- header file for prf.c
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
protocol.c -- handle the meta-protocol, basic functions
- Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "utils.h"
#include "xalloc.h"
-bool tunnelserver = false;
-bool experimental = true;
-
/* Jumptable for the request handlers */
static bool (*request_handlers[])(connection_t *, const char *) = {
- id_h, metakey_h, challenge_h, chal_reply_h, ack_h,
+ id_h, NULL, NULL, NULL /* metakey_h, challenge_h, chal_reply_h */, ack_h,
status_h, error_h, termreq_h,
ping_h, pong_h,
NULL, NULL, //add_subnet_h, del_subnet_h,
/*
protocol.h -- header for protocol.c
- Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
time_t firstseen;
} past_request_t;
-extern bool tunnelserver;
-extern bool experimental;
-
extern ecdsa_t *invitation_key;
/* Maximum size of strings in a request.
/* Requests */
extern bool send_id(struct connection_t *);
-extern bool send_metakey(struct connection_t *);
-extern bool send_metakey_ec(struct connection_t *);
-extern bool send_challenge(struct connection_t *);
-extern bool send_chal_reply(struct connection_t *);
extern bool send_ack(struct connection_t *);
extern bool send_status(struct connection_t *, int, const char *);
extern bool send_error(struct connection_t *, int, const char *);
/* Request handlers */
extern bool id_h(struct connection_t *, const char *);
-extern bool metakey_h(struct connection_t *, const char *);
-extern bool challenge_h(struct connection_t *, const char *);
-extern bool chal_reply_h(struct connection_t *, const char *);
extern bool ack_h(struct connection_t *, const char *);
extern bool status_h(struct connection_t *, const char *);
extern bool error_h(struct connection_t *, const char *);
/*
protocol_auth.c -- handle the meta-protocol, authentication
- Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "node.h"
#include "prf.h"
#include "protocol.h"
-#include "rsa.h"
#include "sptps.h"
#include "utils.h"
#include "xalloc.h"
bool send_id(connection_t *c) {
gettimeofday(&c->start, NULL);
- int minor = 0;
-
- if(experimental) {
- if(c->outgoing && !read_ecdsa_public_key(c))
- minor = 1;
- else
- minor = myself->connection->protocol_minor;
- }
+ int minor = myself->connection->protocol_minor;
if(proxytype && c->outgoing)
if(!send_proxyrequest(c))
return send_ack(c);
}
- if(!experimental)
- c->protocol_minor = 0;
-
if(!c->config_tree) {
init_configuration(&c->config_tree);
return false;
}
- if(experimental)
- read_ecdsa_public_key(c);
+ read_ecdsa_public_key(c);
} else {
if(c->protocol_minor && !ecdsa_active(c->ecdsa))
c->protocol_minor = 1;
c->allow_request = METAKEY;
- if(c->protocol_minor >= 2) {
- c->allow_request = ACK;
- char label[25 + strlen(myself->name) + strlen(c->name)];
-
- if(c->outgoing)
- snprintf(label, sizeof label, "tinc TCP key expansion %s %s", myself->name, c->name);
- else
- snprintf(label, sizeof label, "tinc TCP key expansion %s %s", c->name, myself->name);
-
- return sptps_start(&c->sptps, c, c->outgoing, false, myself->connection->ecdsa, c->ecdsa, label, sizeof label, send_meta_sptps, receive_meta_sptps);
- } else {
- return send_metakey(c);
- }
-}
-
-bool send_metakey(connection_t *c) {
- if(!read_rsa_public_key(c))
- return false;
-
- if(!(c->outcipher = cipher_open_blowfish_ofb()))
- return false;
-
- if(!(c->outdigest = digest_open_sha1(-1)))
- return false;
-
- size_t len = rsa_size(c->rsa);
- char key[len];
- char enckey[len];
- char hexkey[2 * len + 1];
-
- /* Create a random key */
-
- randomize(key, len);
-
- /* The message we send must be smaller than the modulus of the RSA key.
- By definition, for a key of k bits, the following formula holds:
-
- 2^(k-1) <= modulus < 2^(k)
-
- Where ^ means "to the power of", not "xor".
- This means that to be sure, we must choose our message < 2^(k-1).
- This can be done by setting the most significant bit to zero.
- */
-
- key[0] &= 0x7F;
-
- if(!cipher_set_key_from_rsa(c->outcipher, key, len, true))
- return false;
-
- if(debug_level >= DEBUG_SCARY_THINGS) {
- bin2hex(key, hexkey, len);
- logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Generated random meta key (unencrypted): %s", hexkey);
- }
-
- /* Encrypt the random data
-
- We do not use one of the PKCS padding schemes here.
- This is allowed, because we encrypt a totally random string
- with a length equal to that of the modulus of the RSA key.
- */
-
- if(!rsa_public_encrypt(c->rsa, key, len, enckey)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
- return false;
- }
-
- /* Convert the encrypted random data to a hexadecimal formatted string */
-
- bin2hex(enckey, hexkey, len);
-
- /* Send the meta key */
-
- bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
- cipher_get_nid(c->outcipher),
- digest_get_nid(c->outdigest), c->outmaclength,
- c->outcompression, hexkey);
-
- c->status.encryptout = true;
- return result;
-}
-
-bool metakey_h(connection_t *c, const char *request) {
- char hexkey[MAX_STRING_SIZE];
- int cipher, digest, maclength, compression;
- size_t len = rsa_size(myself->connection->rsa);
- char enckey[len];
- char key[len];
-
- if(sscanf(request, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, hexkey) != 5) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "METAKEY", c->name, c->hostname);
- return false;
- }
-
- /* Convert the challenge from hexadecimal back to binary */
-
- int inlen = hex2bin(hexkey, enckey, sizeof enckey);
-
- /* Check if the length of the meta key is all right */
-
- if(inlen != len) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong keylength");
- return false;
- }
-
- /* Decrypt the meta key */
-
- if(!rsa_private_decrypt(myself->connection->rsa, enckey, len, key)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during decryption of meta key for %s (%s)", c->name, c->hostname);
- return false;
- }
-
- if(debug_level >= DEBUG_SCARY_THINGS) {
- bin2hex(key, hexkey, len);
- logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Received random meta key (unencrypted): %s", hexkey);
- }
-
- /* Check and lookup cipher and digest algorithms */
-
- if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
- return false;
- }
-
- if(!(c->indigest = digest_open_by_nid(digest, -1))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
- return false;
- }
-
- c->status.decryptin = true;
-
- c->allow_request = CHALLENGE;
-
- return send_challenge(c);
-}
-
-bool send_challenge(connection_t *c) {
- size_t len = rsa_size(c->rsa);
- char buffer[len * 2 + 1];
-
- if(!c->hischallenge)
- c->hischallenge = xrealloc(c->hischallenge, len);
-
- /* Copy random data to the buffer */
-
- randomize(c->hischallenge, len);
-
- /* Convert to hex */
-
- bin2hex(c->hischallenge, buffer, len);
-
- /* Send the challenge */
-
- return send_request(c, "%d %s", CHALLENGE, buffer);
-}
-
-bool challenge_h(connection_t *c, const char *request) {
- char buffer[MAX_STRING_SIZE];
- size_t len = rsa_size(myself->connection->rsa);
- size_t digestlen = digest_length(c->indigest);
- char digest[digestlen];
-
- if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name, c->hostname);
- return false;
- }
-
- /* Convert the challenge from hexadecimal back to binary */
-
- int inlen = hex2bin(buffer, buffer, sizeof buffer);
-
- /* Check if the length of the challenge is all right */
-
- if(inlen != len) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge length");
- return false;
- }
-
- /* Calculate the hash from the challenge we received */
-
- if(!digest_create(c->indigest, buffer, len, digest))
- return false;
-
- /* Convert the hash to a hexadecimal formatted string */
-
- bin2hex(digest, buffer, digestlen);
-
- /* Send the reply */
-
- c->allow_request = CHAL_REPLY;
-
- return send_request(c, "%d %s", CHAL_REPLY, buffer);
-}
-
-bool chal_reply_h(connection_t *c, const char *request) {
- char hishash[MAX_STRING_SIZE];
-
- if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
- c->hostname);
- return false;
- }
-
- /* Convert the hash to binary format */
-
- int inlen = hex2bin(hishash, hishash, sizeof hishash);
-
- /* Check if the length of the hash is all right */
-
- if(inlen != digest_length(c->outdigest)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
- return false;
- }
-
-
- /* Verify the hash */
-
- if(!digest_verify(c->outdigest, c->hischallenge, rsa_size(c->rsa), hishash)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
- return false;
- }
-
- /* Identity has now been positively verified.
- Send an acknowledgement with the rest of the information needed.
- */
-
- free(c->hischallenge);
- c->hischallenge = NULL;
c->allow_request = ACK;
+ char label[25 + strlen(myself->name) + strlen(c->name)];
- return send_ack(c);
-}
-
-static bool send_upgrade(connection_t *c) {
- /* Special case when protocol_minor is 1: the other end is ECDSA capable,
- * but doesn't know our key yet. So send it now. */
-
- char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
-
- if(!pubkey)
- return false;
+ if(c->outgoing)
+ snprintf(label, sizeof label, "tinc TCP key expansion %s %s", myself->name, c->name);
+ else
+ snprintf(label, sizeof label, "tinc TCP key expansion %s %s", c->name, myself->name);
- bool result = send_request(c, "%d %s", ACK, pubkey);
- free(pubkey);
- return result;
+ return sptps_start(&c->sptps, c, c->outgoing, false, myself->connection->ecdsa, c->ecdsa, label, sizeof label, send_meta_sptps, receive_meta_sptps);
}
bool send_ack(connection_t *c) {
- if(c->protocol_minor == 1)
- return send_upgrade(c);
-
/* ACK message contains rest of the information the other end needs
to create node_t and edge_t structures. */
if(!get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight))
get_config_int(lookup_config(config_tree, "Weight"), &c->estimated_weight);
- return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, (c->options & 0xffffff) | (experimental ? (PROT_MINOR << 24) : 0));
+ return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, (c->options & 0xffffff) | (PROT_MINOR << 24));
}
static void send_everything(connection_t *c) {
}
}
-static bool upgrade_h(connection_t *c, const char *request) {
- char pubkey[MAX_STRING_SIZE];
-
- if(sscanf(request, "%*d " MAX_STRING, pubkey) != 1) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name, c->hostname);
- return false;
- }
-
- if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
- logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
- return false;
- }
-
- logger(DEBUG_ALWAYS, LOG_INFO, "Got ECDSA public key from %s (%s), upgrading!", c->name, c->hostname);
- append_config_file(c->name, "ECDSAPublicKey", pubkey);
- c->allow_request = TERMREQ;
- return send_termreq(c);
-}
-
bool ack_h(connection_t *c, const char *request) {
- if(c->protocol_minor == 1)
- return upgrade_h(c, request);
-
char hisport[MAX_STRING_SIZE];
char *hisaddress;
int weight, mtu;
/* Notify everyone of the new edge */
- if(tunnelserver)
- send_add_edge(c, c->edge);
- else
- send_add_edge(everyone, c->edge);
+ send_add_edge(everyone, c->edge);
/* Run MST and SSSP algorithms */
/*
protocol_edge.c -- handle the meta-protocol, edges
- Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
- 2009 Michael Tokarev <mjt@corpit.ru>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
from = lookup_node(from_name);
to = lookup_node(to_name);
- if(tunnelserver &&
- from != myself && from != c->node &&
- to != myself && to != c->node) {
- /* ignore indirect edge registrations for tunnelserver */
- logger(DEBUG_PROTOCOL, LOG_WARNING,
- "Ignoring indirect %s from %s (%s)",
- "ADD_EDGE", c->name, c->hostname);
- return true;
- }
-
if(!from) {
from = new_node();
from->name = xstrdup(from_name);
/* Tell the rest about the new edge */
- if(!tunnelserver)
- forward_request(c, request);
+ forward_request(c, request);
/* Run MST before or after we tell the rest? */
from = lookup_node(from_name);
to = lookup_node(to_name);
- if(tunnelserver &&
- from != myself && from != c->node &&
- to != myself && to != c->node) {
- /* ignore indirect edge registrations for tunnelserver */
- logger(DEBUG_PROTOCOL, LOG_WARNING,
- "Ignoring indirect %s from %s (%s)",
- "DEL_EDGE", c->name, c->hostname);
- return true;
- }
-
if(!from) {
logger(DEBUG_PROTOCOL, LOG_ERR, "Got %s from %s (%s) which does not appear in the edge tree",
"DEL_EDGE", c->name, c->hostname);
/* Tell the rest about the deleted edge */
- if(!tunnelserver)
- forward_request(c, request);
+ forward_request(c, request);
/* Delete the edge */
if(!to->status.reachable) {
e = lookup_edge(to, myself);
if(e) {
- if(!tunnelserver)
- send_del_edge(everyone, e);
+ send_del_edge(everyone, e);
edge_del(e);
}
}
/*
protocol_key.c -- handle the meta-protocol, key exchange
- Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
void send_key_changed(void) {
send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
- /* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
-
- for list_each(connection_t, c, connection_list)
- if(c->status.active && c->node && c->node->status.reachable && !c->node->status.sptps)
- send_ans_key(c->node);
-
/* Force key exchange for connections using SPTPS */
- if(experimental) {
- for splay_each(node_t, n, node_tree)
- if(n->status.reachable && n->status.validkey && n->status.sptps)
- sptps_force_kex(&n->sptps);
- }
+ for splay_each(node_t, n, node_tree)
+ if(n->status.reachable && n->status.validkey)
+ sptps_force_kex(&n->sptps);
}
bool key_changed_h(connection_t *c, const char *request) {
return true;
}
- if(!n->status.sptps) {
- n->status.validkey = false;
- n->last_req_key = 0;
- }
-
/* Tell the others */
- if(!tunnelserver)
- forward_request(c, request);
+ forward_request(c, request);
return true;
}
}
bool send_req_key(node_t *to) {
- if(to->status.sptps) {
- if(!node_read_ecdsa_public_key(to)) {
- logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname);
- send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
- return true;
- }
-
- if(to->sptps.label)
- logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
-
- char label[25 + strlen(myself->name) + strlen(to->name)];
- snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
- sptps_stop(&to->sptps);
- to->status.validkey = false;
- to->status.waitingforkey = true;
- to->last_req_key = now.tv_sec;
- to->incompression = myself->incompression;
- return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record);
+ if(!node_read_ecdsa_public_key(to)) {
+ logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname);
+ send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
+ return true;
}
- return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
+ if(to->sptps.label)
+ logger(DEBUG_ALWAYS, LOG_DEBUG, "send_req_key(%s) called while sptps->label != NULL!", to->name);
+
+ char label[25 + strlen(myself->name) + strlen(to->name)];
+ snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
+ sptps_stop(&to->sptps);
+ to->status.validkey = false;
+ to->status.waitingforkey = true;
+ to->last_req_key = now.tv_sec;
+ to->incompression = myself->incompression;
+ return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record);
}
/* REQ_KEY is overloaded to allow arbitrary requests to be routed between two nodes. */
if(to == myself) { /* Yes */
/* Is this an extended REQ_KEY message? */
- if(experimental && reqno)
+ if(reqno)
return req_key_ext_h(c, request, from, reqno);
/* No, just send our key back */
send_ans_key(from);
} else {
- if(tunnelserver)
- return true;
-
if(!to->status.reachable) {
logger(DEBUG_PROTOCOL, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
"REQ_KEY", c->name, c->hostname, to_name);
}
bool send_ans_key(node_t *to) {
- if(to->status.sptps)
- abort();
-
- size_t keylen = cipher_keylength(myself->incipher);
- char key[keylen * 2 + 1];
-
- cipher_close(to->incipher);
- digest_close(to->indigest);
-
- to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher));
- to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest));
- to->incompression = myself->incompression;
-
- if(!to->incipher || !to->indigest)
- abort();
-
- randomize(key, keylen);
- if(!cipher_set_key(to->incipher, key, false))
- abort();
- if(!digest_set_key(to->indigest, key, keylen))
- abort();
-
- bin2hex(key, key, keylen);
-
- // Reset sequence number and late packet window
- mykeyused = true;
- to->received_seqno = 0;
- to->received = 0;
- if(replaywin) memset(to->late, 0, replaywin);
-
- return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
- myself->name, to->name, key,
- cipher_get_nid(to->incipher),
- digest_get_nid(to->indigest),
- (int)digest_length(to->indigest),
- to->incompression);
+ abort();
}
bool ans_key_h(connection_t *c, const char *request) {
/* Forward it if necessary */
if(to != myself) {
- if(tunnelserver)
- return true;
-
if(!to->status.reachable) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
"ANS_KEY", c->name, c->hostname, to_name);
}
/* Don't use key material until every check has passed. */
- cipher_close(from->outcipher);
- digest_close(from->outdigest);
from->status.validkey = false;
if(compression < 0 || compression > 11) {
/* SPTPS or old-style key exchange? */
- if(from->status.sptps) {
- char buf[strlen(key)];
- int len = b64decode(key, buf, strlen(key));
-
- if(!len || !sptps_receive_data(&from->sptps, buf, len))
- logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
-
- if(from->status.validkey) {
- if(*address && *port) {
- logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
- sockaddr_t sa = str2sockaddr(address, port);
- update_node_udp(from, &sa);
- }
-
- if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
- send_mtu_probe(from);
- }
-
- return true;
- }
-
- /* Check and lookup cipher and digest algorithms */
+ char buf[strlen(key)];
+ int len = b64decode(key, buf, strlen(key));
- if(cipher) {
- if(!(from->outcipher = cipher_open_by_nid(cipher))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
- return false;
- }
- } else {
- from->outcipher = NULL;
- }
+ if(!len || !sptps_receive_data(&from->sptps, buf, len))
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
- if(digest) {
- if(!(from->outdigest = digest_open_by_nid(digest, maclength))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
- return false;
+ if(from->status.validkey) {
+ if(*address && *port) {
+ logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
+ sockaddr_t sa = str2sockaddr(address, port);
+ update_node_udp(from, &sa);
}
- } else {
- from->outdigest = NULL;
- }
-
- if(maclength != digest_length(from->outdigest)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname);
- return false;
- }
-
- /* Process key */
-
- keylen = hex2bin(key, key, sizeof key);
-
- if(keylen != cipher_keylength(from->outcipher)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
- return true;
- }
- /* Update our copy of the origin's packet key */
-
- if(!cipher_set_key(from->outcipher, key, true))
- return false;
- if(!digest_set_key(from->outdigest, key, keylen))
- return false;
-
- from->status.validkey = true;
- from->sent_seqno = 0;
-
- if(*address && *port) {
- logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
- sockaddr_t sa = str2sockaddr(address, port);
- update_node_udp(from, &sa);
+ if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
+ send_mtu_probe(from);
}
- if(from->options & OPTION_PMTU_DISCOVERY && !(from->options & OPTION_TCPONLY))
- send_mtu_probe(from);
-
return true;
}
/*
protocol_misc.c -- handle the meta-protocol, miscellaneous functions
- Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
route.c -- routing
- Copyright (C) 2000-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
bool directonly = false;
bool priorityinheritance = false;
int macexpire = 600;
-bool overwrite_mac = false;
mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}};
bool pcap = false;
/*
route.h -- header file for route.c
- Copyright (C) 2000-2005 Ivo Timmermans
- 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
extern bmode_t broadcast_mode;
extern bool decrement_ttl;
extern bool directonly;
-extern bool overwrite_mac;
extern bool priorityinheritance;
extern int macexpire;
extern bool pcap;
+++ /dev/null
-/*
- rsa.h -- RSA key handling
- Copyright (C) 2007-2013 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef __TINC_RSA_H__
-#define __TINC_RSA_H__
-
-#ifndef __TINC_RSA_INTERNAL__
-typedef struct rsa rsa_t;
-#endif
-
-extern void rsa_free(rsa_t *rsa);
-extern rsa_t *rsa_set_hex_public_key(char *n, char *e) __attribute__ ((__malloc__));
-extern rsa_t *rsa_set_hex_private_key(char *n, char *e, char *d) __attribute__ ((__malloc__));
-extern rsa_t *rsa_read_pem_public_key(FILE *fp) __attribute__ ((__malloc__));
-extern rsa_t *rsa_read_pem_private_key(FILE *fp) __attribute__ ((__malloc__));
-extern size_t rsa_size(rsa_t *rsa);
-extern bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) __attribute__ ((__warn_unused_result__));
-extern bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) __attribute__ ((__warn_unused_result__));
-
-#endif
+++ /dev/null
-/*
- rsagen.h -- RSA key generation and export
- Copyright (C) 2008-2013 Guus Sliepen <guus@tinc-vpn.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-
-#ifndef __TINC_RSAGEN_H__
-#define __TINC_RSAGEN_H__
-
-#include "rsa.h"
-
-extern rsa_t *rsa_generate(size_t bits, unsigned long exponent) __attribute__ ((__malloc__));
-extern bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) __attribute__ ((__warn_unused_result__));
-extern bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) __attribute__ ((__warn_unused_result__));
-
-#endif
/*
splay_tree.c -- splay tree and linked list convenience
- Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
splay_tree.h -- header file for splay_tree.c
- Copyright (C) 2004-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
sptps.c -- Simple Peer-to-Peer Security
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
- 2010 Brandon L. Black <blblack@gmail.com>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
if(s->replaywin) {
if(seqno != s->inseqno) {
if(seqno >= s->inseqno + s->replaywin * 8) {
- // Prevent packets that jump far ahead of the queue from causing many others to be dropped.
- if(s->farfuture++ < s->replaywin >> 2)
- return error(s, EIO, "Packet is %d seqs in the future, dropped (%u)\n", seqno - s->inseqno, s->farfuture);
-
- // Unless we have seen lots of them, in which case we consider the others lost.
+ // TODO: Prevent packets that jump far ahead of the queue from causing many others to be dropped.
warning(s, "Lost %d packets\n", seqno - s->inseqno);
// Mark all packets in the replay window as being late.
memset(s->late, 255, s->replaywin);
// Mark the current packet as not being late.
s->late[(seqno / 8) % s->replaywin] &= ~(1 << seqno % 8);
- s->farfuture = 0;
}
if(seqno >= s->inseqno)
/*
sptps.h -- Simple Peer-to-Peer Security
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
uint32_t inseqno;
uint32_t received;
unsigned int replaywin;
- unsigned int farfuture;
char *late;
bool outstate;
/*
sptps_speed.c -- SPTPS benchmark
- Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
sptps_test.c -- Simple Peer-to-Peer Security test program
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
" -R, --replay-window N Set replay window to N bytes.\n"
" -v, --verbose Display debug messages.\n"
"\n");
- fprintf(stderr, "Report bugs to tinc@tinc-vpn.org.\n");
+ fprintf(stderr, "Report bugs to bugs@meshlink.io.\n");
}
int main(int argc, char *argv[]) {
/*
system.h -- system headers
- Copyright (C) 1998-2005 Ivo Timmermans
- 2003-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
tincctl.c -- Controlling a running tincd
- Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
" join INVITATION Join a VPN using an INVITIATION\n"
" network [NETNAME] List all known networks, or switch to the one named NETNAME.\n"
"\n");
- printf("Report bugs to tinc@tinc-vpn.org.\n");
+ printf("Report bugs to bugs@meshlink.io.\n");
}
}
{"ScriptsInterpreter", VAR_SERVER},
{"StrictSubnets", VAR_SERVER},
{"TunnelServer", VAR_SERVER},
- {"UDPRcvBuf", VAR_SERVER},
- {"UDPSndBuf", VAR_SERVER},
{"VDEGroup", VAR_SERVER},
{"VDEPort", VAR_SERVER},
/* Host configuration */
/*
tincctl.h -- header for tincctl.c.
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
tincd.c -- the main file for tincd
- Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
- 2008 Max Rijevski <maksuf@gmail.com>
- 2009 Michael Tokarev <mjt@tls.msk.ru>
- 2010 Julien Muchembled <jm@jmuchemb.eu>
- 2010 Timothy Redaelli <timothy@redaelli.eu>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include <sys/mman.h>
#endif
-#ifdef HAVE_LZO
-#include LZO1X_H
-#endif
-
#ifndef HAVE_MINGW
#include <pwd.h>
#include <grp.h>
/* If nonzero, use null ciphers and skip all key exchanges. */
bool bypass_security = false;
-#ifdef HAVE_MLOCKALL
-/* If nonzero, disable swapping for this process. */
-static bool do_mlock = false;
-#endif
-
-#ifndef HAVE_MINGW
-/* If nonzero, chroot to netdir after startup. */
-static bool do_chroot = false;
-
-/* If !NULL, do setuid to given user after startup */
-static const char *switchuser = NULL;
-#endif
-
char **g_argv; /* a copy of the cmdline arguments */
static int status = 1;
{"no-detach", no_argument, NULL, 'D'},
{"debug", optional_argument, NULL, 'd'},
{"bypass-security", no_argument, NULL, 3},
- {"mlock", no_argument, NULL, 'L'},
- {"chroot", no_argument, NULL, 'R'},
- {"user", required_argument, NULL, 'U'},
{"option", required_argument, NULL, 'o'},
{NULL, 0, NULL, 0}
};
" -D, --no-detach Don't fork and detach.\n"
" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
" -n, --net=NETNAME Connect to net NETNAME.\n"
-#ifdef HAVE_MLOCKALL
- " -L, --mlock Lock tinc into main memory.\n"
-#endif
" --bypass-security Disables meta protocol security, for debugging.\n"
" -o, --option[HOST.]KEY=VALUE Set global/host configuration value.\n"
-#ifndef HAVE_MINGW
- " -R, --chroot chroot to NET dir at startup.\n"
- " -U, --user=USER setuid to given USER at startup.\n"
-#endif
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n");
- printf("Report bugs to tinc@tinc-vpn.org.\n");
+ printf("Report bugs to bugs@meshlink.io.\n");
}
}
int option_index = 0;
int lineno = 0;
- cmdline_conf = list_alloc((list_action_t)free_config);
-
while((r = getopt_long(argc, argv, "c:DLd::n:o:RU:", long_options, &option_index)) != EOF) {
switch (r) {
case 0: /* long option */
confbase = xstrdup(optarg);
break;
- case 'L': /* no detach */
-#ifndef HAVE_MLOCKALL
- logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
- return false;
-#else
- do_mlock = true;
- break;
-#endif
-
case 'd': /* increase debug level */
if(!optarg && optind < argc && *argv[optind] != '-')
optarg = argv[optind++];
debug_level++;
break;
- case 'o': /* option */
- cfg = parse_config_line(optarg, NULL, ++lineno);
- if (!cfg)
- return false;
- list_insert_tail(cmdline_conf, cfg);
- break;
-
-#ifdef HAVE_MINGW
- case 'R':
- case 'U':
- logger(DEBUG_ALWAYS, LOG_ERR, "The %s option is not supported on this platform.", argv[optind - 1]);
- return false;
-#else
- case 'R': /* chroot to NETNAME dir */
- do_chroot = true;
- break;
-
- case 'U': /* setuid to USER */
- switchuser = optarg;
- break;
-#endif
-
case 1: /* show help */
show_help = true;
break;
return true;
}
-static bool drop_privs(void) {
-#ifndef HAVE_MINGW
- uid_t uid = 0;
- if (switchuser) {
- struct passwd *pw = getpwnam(switchuser);
- if (!pw) {
- logger(DEBUG_ALWAYS, LOG_ERR, "unknown user `%s'", switchuser);
- return false;
- }
- uid = pw->pw_uid;
- if (initgroups(switchuser, pw->pw_gid) != 0 ||
- setgid(pw->pw_gid) != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s",
- "initgroups", strerror(errno));
- return false;
- }
-#ifndef __ANDROID__
-// Not supported in android NDK
- endgrent();
- endpwent();
-#endif
- }
- if (do_chroot) {
- tzset(); /* for proper timestamps in logs */
- if (chroot(confbase) != 0 || chdir("/") != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s",
- "chroot", strerror(errno));
- return false;
- }
- free(confbase);
- confbase = xstrdup("");
- }
- if (switchuser)
- if (setuid(uid) != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s",
- "setuid", strerror(errno));
- return false;
- }
-#endif
- return true;
-}
-
-#ifdef HAVE_MINGW
-# define setpriority(level) !SetPriorityClass(GetCurrentProcess(), (level))
-#else
-# define NORMAL_PRIORITY_CLASS 0
-# define BELOW_NORMAL_PRIORITY_CLASS 10
-# define HIGH_PRIORITY_CLASS -10
-# define setpriority(level) (setpriority(PRIO_PROCESS, 0, (level)))
-#endif
-
int main(int argc, char **argv) {
if(!parse_options(argc, argv))
return 1;
if(!read_server_config())
return 1;
-#ifdef HAVE_LZO
- if(lzo_init() != LZO_E_OK) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error initializing LZO compressor!");
- return 1;
- }
-#endif
-
char *priority = NULL;
-#ifdef HAVE_MLOCKALL
- /* Lock all pages into memory if requested.
- * This has to be done after daemon()/fork() so it works for child.
- * No need to do that in parent as it's very short-lived. */
- if(do_mlock && mlockall(MCL_CURRENT | MCL_FUTURE) != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "mlockall",
- strerror(errno));
- return 1;
- }
-#endif
-
/* Setup sockets. */
if(!setup_network())
goto end;
- /* Change process priority */
-
- if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
- if(!strcasecmp(priority, "Normal")) {
- if (setpriority(NORMAL_PRIORITY_CLASS) != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno));
- goto end;
- }
- } else if(!strcasecmp(priority, "Low")) {
- if (setpriority(BELOW_NORMAL_PRIORITY_CLASS) != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno));
- goto end;
- }
- } else if(!strcasecmp(priority, "High")) {
- if (setpriority(HIGH_PRIORITY_CLASS) != 0) {
- logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno));
- goto end;
- }
- } else {
- logger(DEBUG_ALWAYS, LOG_ERR, "Invalid priority `%s`!", priority);
- goto end;
- }
- }
-
- /* drop privileges */
- if (!drop_privs())
- goto end;
-
/* Start main loop. It only exits when tinc is killed. */
logger(DEBUG_ALWAYS, LOG_NOTICE, "Ready");
crypto_exit();
exit_configuration(&config_tree);
- free(cmdline_conf);
return status;
}
/*
utils.c -- gathering of some stupid small functions
- Copyright (C) 1999-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
utils.h -- header file for utils.c
- Copyright (C) 1999-2005 Ivo Timmermans
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/*
xalloc.h -- malloc and related fuctions with out of memory checking
- Copyright (C) 1990, 91, 92, 93, 94, 95, 96, 97 Free Software Foundation, Inc.
- Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., Foundation,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
#ifndef __TINC_XALLOC_H__
#define __TINC_XALLOC_H__
/*
pong.c -- ICMP echo reply generator
- Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2013 Guus Sliepen <guus@meshlink.io>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
projects / meshlink / commitdiff