Before, we vere returning false (and causing disconnect of the
client) in case of tunnelserver and the client sending DEL_SUBNET
for non-his subnet or for subnet which owner isn't in our connection
list.
After the mentioned change to add_subnet_h() that routine does not
add such indirect owners to the connection list anymore, so that
was ok (owner == NULL and we return true).
But if we too has a connection with the node about which the client
is sending DEL_SUBNET notification, say, because that client lost
connection with that other node, we'll disconnect this client from
us too, returning false for indirect DEL_SUBNET.
Fix that by allowing and ignoring indirect DEL_SUBNET in tunnelserver
mode.
Also rearranged the function a bit, to match add_subnet_h() (in
particular, syntax-check everything first, see if we've seen this
request before).
Michael Tokarev [Mon, 18 May 2009 12:49:39 +0000 (16:49 +0400)]
bugfix: move mlock to after detach() so it works for child, not parent
mlock()/mlockall() are not persistent across fork(), and it's
done in parent process before daemon() which does fork(). So
basically, current --mlock does nothing useful.
Move mlock() to after detach() so it works for child process
instead of parent.
Also, check if the platform supports mlock right when processing
options (since else we'll have to die after startup, not at
startup, the error message will be in log only).
Michael Tokarev [Mon, 18 May 2009 12:28:55 +0000 (16:28 +0400)]
bugfix: initialize pid (as read from pidfile) to zero
If we didn't read any number from a pid file, we'll return
an unitialized variable to the caller, and it will treat
that garbage as a pid of a process (possible to kill).
Michael Tokarev [Mon, 18 May 2009 12:25:41 +0000 (16:25 +0400)]
Implement privilege dropping
Add two options, -R/--chroot and -U/--user=user, to chroot to the
config directory (where tinc.conf is located) and to perform
setuid to the user specified, after all the initialization is done.
What's left is handling of pid file since we can't remove it anymore.
Michael Tokarev [Mon, 18 May 2009 12:25:10 +0000 (16:25 +0400)]
Rename setup_network_connections() and split out try_outgoing_connections()
In preparation of chroot/setuid operations, split out call to
try_outgoing_connections() from setup_network_connections()
(which was the last call in setup_network_connections()).
This is because dropping privileges should be done in-between
setup_network_connections() and try_outgoing_connections().
This patch renames setup_network_connections() to setup_network()
and moves call to try_outgoing_connections() into main routine.
Handle UDP packets from different and ports than advertised.
Previously, tinc used a fixed address and port for each node for UDP packet
exchange. The port was the one advertised by that node as its listening port.
However, due to NAT the port might be different. Now, tinc sends a different
session key to each node. This way, the sending node can be determined from
incoming packets by checking the MAC against all session keys. If a match is
found, the address and port for that node are updated.
Guus Sliepen [Mon, 9 Mar 2009 12:48:54 +0000 (13:48 +0100)]
Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU. However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
Guus Sliepen [Thu, 5 Mar 2009 12:34:13 +0000 (13:34 +0100)]
Allow weight to be assigned to Subnets.
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.
Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority. The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
Guus Sliepen [Tue, 17 Feb 2009 13:43:05 +0000 (14:43 +0100)]
Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
Michael Tokarev [Mon, 9 Feb 2009 22:51:10 +0000 (23:51 +0100)]
Allow tunnelserver to work with clients that have other peers.
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
Guus Sliepen [Tue, 3 Feb 2009 13:54:45 +0000 (14:54 +0100)]
Disable old RSA keys when generating new ones.
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
Guus Sliepen [Tue, 20 Jan 2009 12:12:41 +0000 (13:12 +0100)]
Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
Guus Sliepen [Mon, 19 Jan 2009 21:50:05 +0000 (22:50 +0100)]
Change flush_events() to expire_events().
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
Guus Sliepen [Sat, 3 Jan 2009 21:33:55 +0000 (22:33 +0100)]
Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
Guus Sliepen [Mon, 22 Dec 2008 21:29:21 +0000 (21:29 +0000)]
Update documentation.
- TCPOnly is not experimental.
- Do not mention old Linux kernels and Ethertap anymore.
- Document the DeviceType, PMTU and PMTUDiscovery options.
Guus Sliepen [Thu, 11 Dec 2008 14:44:44 +0000 (14:44 +0000)]
Use the crypto wrappers again instead of calling OpenSSL directly.
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
Scott Lamb [Wed, 7 Nov 2007 02:47:05 +0000 (02:47 +0000)]
Temporarily revert to old crypto code
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)
This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
Scott Lamb [Wed, 18 Jul 2007 16:40:29 +0000 (16:40 +0000)]
Revert to only requiring autoconf 2.59.
The new autoconf macros introduced at the same time (AC_GNU_SOURCE,
AC_FUNC_MALLOC, AC_FUNC_REALLOC) exist in the autoconf 2.59 documentation,
and autoconf 2.59 appears to still work. This is more convenient, as RHEL 5
ships with autoconf 2.59.
Guus Sliepen [Wed, 23 May 2007 13:45:49 +0000 (13:45 +0000)]
Finish crypto wrapping. Also provide wrappers for OpenSSL.
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.