Guus Sliepen [Fri, 18 Dec 2009 00:15:25 +0000 (01:15 +0100)]
Fix packet authentication.
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
Guus Sliepen [Tue, 8 Dec 2009 22:18:37 +0000 (22:18 +0000)]
Forget addresses of unreachable nodes.
We clear the cached address used for UDP connections when a node becomes
unreachable. This also prevents host-up scripts from passing the old, cached
address from when the host becomes reachable again from a different address.
Guus Sliepen [Sat, 28 Nov 2009 11:52:23 +0000 (11:52 +0000)]
When learning MAC addresses, only check our own Subnets for previous entries.
Before it would check all addresses, and not learn an address if another node
already claimed that address. This caused fast roaming to fail, the code from
commit 6f6f426b353596edca77829c0477268fc2fc1925 was never triggered.
Guus Sliepen [Sat, 7 Nov 2009 22:43:25 +0000 (23:43 +0100)]
Use the TCP socket infrastructure for control sockets.
The control socket code was completely different from how meta connections are
handled, resulting in lots of extra code to handle requests. Also, not every
operating system has UNIX sockets, so we have to resort to another type of
sockets or pipes for those anyway. To reduce code duplication and make control
sockets work the same on all platforms, we now just connect to the TCP port
where tincd is already listening on.
To authenticate, the program that wants to control a running tinc daemon must
send the contents of a cookie file. The cookie is a random 256 bits number that
is regenerated every time tincd starts. The cookie file should only be readable
by the same user that can start a tincd.
Instead of the binary-ish protocol previously used, we now use an ASCII
protocol similar to that of the meta connections, but this can still change.
Guus Sliepen [Sat, 7 Nov 2009 13:35:48 +0000 (14:35 +0100)]
Better integration of libevent in build system.
Since event.h is not part of tinc, we include it in have.h were all other
system header files are included. We also ensure -levent comes before -lgdi32
when compiling with MinGW, apparently it doesn't work when the order is
reversed.
Guus Sliepen [Thu, 5 Nov 2009 22:29:28 +0000 (23:29 +0100)]
Make sure the 1.1 branch compiles in a MinGW environment.
UNIX domain sockets, of course, don't exist on Windows. For now, when compiling
tinc in a MinGW environment, try to use a TCP socket bound to localhost as an
alternative.
Guus Sliepen [Tue, 27 Oct 2009 22:53:49 +0000 (23:53 +0100)]
Fast handoff of roaming MAC addresses.
In switch mode, if a known MAC address is claimed by a second node before it
expired at the first node, it is likely that this is because a computer has
roamed from the LAN of the first node to that of the second node. To ensure
packets for that computer are routed to the second node, the first node should
delete its corresponding Subnet as soon as possible, without waiting for the
normal expiry timeout.
Guus Sliepen [Sat, 24 Oct 2009 19:53:01 +0000 (21:53 +0200)]
Forward packets to not directly reachable hosts via UDP if possible.
If MTU probing discovered a node was not reachable via UDP, packets for it were
forwarded to the next hop, but always via TCP, even if the next hop was
reachable via UDP. This is now fixed by retrying to send the packet using
send_packet() if the destination is not the same as the nexthop.
Guus Sliepen [Sat, 24 Oct 2009 14:15:24 +0000 (16:15 +0200)]
Use uint32_t instead of long int for connection options.
Options should have a fixed width anyway, but this also fixes a possible MinGW
compiler bug where %lx tries to print a 64 bit value, even though a long int is
only 32 bits.
Guus Sliepen [Tue, 20 Oct 2009 20:33:16 +0000 (22:33 +0200)]
Handle weighted Subnets in switch and hub modes.
We now handle MAC Subnets in exactly the same way as IPv4 and IPv6 Subnets.
This also fixes a problem that causes unncessary broadcasting of unicast
packets in VPNs where some daemons run 1.0.10 and some run other versions.
Guus Sliepen [Tue, 20 Oct 2009 20:14:47 +0000 (22:14 +0200)]
Fix a possible crash when sending the HUP signal.
When the HUP signal is sent while some outgoing connections have not been made
yet, or are being retried, a NULL pointer could be dereferenced resulting in
tinc crashing. We fix this by more careful handling of outgoing_ts, and by
deleting all connections that have not been fully activated yet at the HUP
signal is received.
Guus Sliepen [Mon, 12 Oct 2009 20:14:47 +0000 (22:14 +0200)]
Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
This device works like /dev/tun on Linux, automatically creating a new tap
interface when a program opens it. We now pass the actual name of the newly
created interface in $INTERFACE.
Guus Sliepen [Sun, 11 Oct 2009 16:57:58 +0000 (18:57 +0200)]
Use MTU probes to regularly ping other nodes over UDP.
This keeps NAT mappings for UDP alive, and will also detect when a node is not
reachable via UDP anymore or if the path MTU is decreasing. Tinc will fall back
to TCP if the node has become unreachable.
If UDP communication is impossible, we stop sending probes, but we retry if it
changes its keys.
We also decouple the UDP and TCP ping mechanisms completely, to ensure tinc
properly detects failure of either method.
Guus Sliepen [Sun, 11 Oct 2009 13:46:52 +0000 (15:46 +0200)]
Small updates to the documentation.
Mention that TCPOnly is not necessary anymore since tinc will autodetect
whether it can send via UDP or not. Also mention the WEIGHT environment
variable and the new default value (2048 bits) of RSA keys.
Guus Sliepen [Sun, 11 Oct 2009 12:20:14 +0000 (14:20 +0200)]
Ensure that the texinfo manual can be converted to HTML.
The top node was made conditional with the @iftex command, since it should not
appear in PostScript and PDF output. However, it is still necessary for
texi2html, so we have to use @ifnottex instead.
Texi2html also complains about the use of @cindex in the copyright statement,
so we remove that.
Guus Sliepen [Sun, 11 Oct 2009 11:56:04 +0000 (13:56 +0200)]
Revert "Raise default crypto algorithms to AES256 and SHA256."
Although it would be better to have the new defaults, only the most recent
releases of most of the platforms supported by tinc come with a version of
OpenSSL that supports SHA256. To ensure people can compile tinc and that nodes
can interact with each other, we revert the default back to Blowfish and SHA1.
Apparently they were once necessary, but autoconf now includes them
automatically. Some of them are not used anymore, and this caused make dist to
fail.
Git's log and blame tools were used to find out which files had significant
contributions from authors who sent in patches that were applied before we used
git.
This feature is not necessary anymore since we have tools like valgrind today
that can catch stack overflow errors before they make a backtrace in gdb
impossible.
- Update year numbers in copyright headers.
- Add copyright information for Michael Tokarev and Florian Forster to the
copyright headers of files to which they have contributed significantly.
- Mention Michael and Florian in AUTHORS.
- Mention that tinc is GPLv3 or later if compiled with the --enable-tunemu
flag.
Send large packets we cannot handle properly via TCP.
During the path MTU discovery phase, we might not know the maximum MTU yet, but
we do know a safe minimum. If we encounter a packet that is larger than that
the minimum, we now send it via TCP instead to ensure it arrives. We also
allow large packets that we cannot fragment or create ICMP replies for to be
sent via TCP.
Use a mutex to allow the TAP reader to process packets faster on Windows.
The TAP-Win32 device is not a socket, and select() under Windows only works
with sockets. Tinc used a separate thread to read from the TAP-Win32 device,
and passed this via a local socket to the main thread which could then select()
from it. We now use a global mutex, which is only unlocked when the main thread
is waiting for select(), to allow the TAP reader thread to process packets
directly.
Raise default crypto algorithms to AES256 and SHA256.
In light of the recent improvements of attacks on SHA1, the default hash
algorithm in tinc is now SHA256. At the same time, the default symmetric
encryption algorithm has been changed to AES256.
This allows us to use getaddrinfo(), getnameinfo() and related functions, which
allow tinc to make connections over existing IPv6 networks. These functions are
not available on Windows 2000 however. By default, support is enabled, but when
compiling for Windows 2000 the configure switch --with-windows2000 should be
used.
Since getaddrinfo() et al. are not functions but macros on Windows, we have to
use AC_CHECK_DECLS() instead of AC_CHECK_FUNCS() in configure.in.
We used both rand() and random() in our code. Since it returns an int, we have
to use %x in our format strings instead of %lx. This fixes a crash under
Windows when cross-compiling tinc with a recent version of MinGW.
Apparently it's impolite to ask GCC to subtract two pointers.
If two pointers do not belong to the same array, pointer subtraction gives
nonsensical results, depending on the level of optimisation and the
architecture one is compiling for. It is apparently not just subtracting the
pointer values and dividing by the size of the object, but uses some kind of
higher magic not intended for mere mortals. GCC will not warn about this at
all. Casting to void * is also a no-no, because then GCC does warn that strict
aliasing rules are being broken. The only safe way to query the ordering of two
pointers is to use the (in)equality operators.
The unsafe implementation of connection_compare() has probably caused the "old
connection_t for ... still lingering" messages. Our implementation of AVL trees
is augmented with a doubly linked list, which is normally what is traversed.
Only when deleting an old connection the tree itself is traversed.
Handle unicast packets larger than PMTU in switch mode.
If PMTUDiscovery is enabled, and we see a unicast packet that is larger than
the path MTU in switch mode, treat it just like we would do in router mode.
Allow PMTUDiscovery in switch and hub modes again.
PMTUDiscovery was disabled in commit d5b56bbba56480b5565ffb38496175a7c1df60ac
because tinc did not handle packets larger than the path MTU in switch and hub
modes. We now allow it again in preparation of proper support, but default to
off.
Put Subnet weight in a separate environment variable.
Commit 5674bba5c54c1aee3a4ac5b3aba6b3ebded91bbc introduced weighted Subnets,
but the weight was included in the SUBNET variable passed to subnet-up/down
scripts. This makes it harder to use in those scripts. The weight is now
stripped from the SUBNET variable and put in the WEIGHT variabel.
Grzegorz Dymarek noted that tinc segfaults at the stat() call in
execute_script() on the iPhone. We can omit the stat() call for the moment,
the subsequent call to system() will fail with just a warning.
This is a slightly modified patch from Grzegorz Dymarek that allows tinc to use
the tunemu device, which allows tinc to be compiled for iPhones and recent
iPods. To enable support for tunemu, the --enable-tunemu option has to be used
when running the configure script.
Tinc is licensed under the GPL version 2 or later. To ensure autoconf does not
install the wrong license if COPYING is missing, we have to put the right one
in place.
These functions wrap asprintf() and vasprintf(), and check the return value. If
the function failed, tinc will exit with an error message, similar to xmalloc()
and friends.
Always remove a node from the UDP tree before freeing it.
Valgrind caught tinc reading free'd memory during a purge(). This was caused by
first removing it from the main node tree, which will already call free_node(),
and then removing it from the UDP tree. This might cause spurious segmentation
faults.
Guus Sliepen [Thu, 11 Jun 2009 17:26:34 +0000 (19:26 +0200)]
Do not log errors when recvfrom() returns EAGAIN or EINTR.
Although we select() before we call recvfrom(), it sometimes happens that
select() tells us we can read but a subsequent read fails anyway. This is
harmless.
Guus Sliepen [Thu, 11 Jun 2009 16:36:08 +0000 (18:36 +0200)]
Don't try to send MTU probes to unreachable nodes.
If there is an outstanding MTU probe event for a node which is not reachable
anymore, a UDP packet would be sent to that node, which caused a key request to
be sent to that node, which triggered a NULL pointer dereference. Probes and
other UDP packets to unreachable nodes are now dropped.