Otherwise, the call to daemon() could close filedescriptors in use by libevent
itself; for example if it uses kqueue or epoll instead of a select() or poll()
backend.
Guus Sliepen [Tue, 26 Jun 2012 12:22:57 +0000 (14:22 +0200)]
Fix crash when handling the ALRM signal.
In retry() the function do_outgoing_connection() is called, which can delete
items from the connection_tree, so when walking the tree we must first save the
pointer to the next item.
Michael Tokarev [Fri, 4 May 2012 12:41:47 +0000 (16:41 +0400)]
add (errnum) in front of windows error messages
On localized, non-English versions of windows, it is
common to have two active charsets -- for console applications
and for GUI applications, together with localized error messages
returned by windows. But two charsets are rarely compatible,
so sending the same byte sequence to console and to windows
event log makes one or another to be unreadable. So at least
include the error number, this way it will be possible to
lookup the actual error test using external ways.
free_connection_partially(): also reset remote protocol version infos
The used remote protocol can change between two reconnects, aka if
the remote side has enabled/disabled for example their ExperimentalProtocols
setting.
Add support for proxying through an external command.
Proxy type "exec" can be used to have an external script or binary set
up an outgoing connection. Standard input and output will be used to
exchange data with the external command. The variables REMOTEADDRESS and
REMOTEPORT are set to the intended destination address and port.
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
When the Proxy option is used, outgoing connections will be made via the
specified proxy. There is no support for authentication methods or for having
the proxy forward incoming connections, and there is no attempt to proxy UDP.
Allow broadcast packets to be sent directly instead of via the MST.
When the "Broadcast = direct" option is used, broadcast packets are not sent
and forwarded via the Minimum Spanning Tree to all nodes, but are sent directly
to all nodes that can be reached in one hop.
One use for this is to allow running ad-hoc routing protocols, such as OLSR, on
top of tinc.
Remove confusing error message for failed reading in ECDSA keys.
Most likeley the error is that there just is no valid key inside the used
host file, and in this case errno just contains a random value from the
last previously failed call.
Guus Sliepen [Thu, 29 Mar 2012 15:45:25 +0000 (16:45 +0100)]
Allow environment variables to be used for Name.
When the Name starts with a $, the rest will be interpreted as the name of an
environment variable containing the real Name. When Name is $HOST, but this
environment variable does not exist, gethostname() will be used to set the
Name. In both cases, illegal characters will be converted to underscores.
Guus Sliepen [Mon, 26 Mar 2012 13:46:09 +0000 (14:46 +0100)]
Add support for systemd style socket activation.
If the LISTEN_FDS environment variable is set and tinc is run in the
foreground, tinc will use filedescriptors 3 to 3 + LISTEN_FDS for its listening
TCP sockets. For now, tinc will create matching listening UDP sockets itself.
There is no dependency on systemd or on libsystemd-daemon.
The current configure.in file does not correctly make use of these
macros. The resulting configure file will therefore enable an item
even if --disable-FEATURE is given. This patch restores the intended
behavior.
Guus Sliepen [Wed, 21 Mar 2012 16:00:53 +0000 (17:00 +0100)]
Add support for multicast communication with UML/QEMU/KVM.
DeviceType = multicast allows one to specify a multicast address and port with
a Device statement. Tinc will then read/send packets to that multicast group
instead of to a tun/tap device. This allows interaction with UML, QEMU and KVM
instances that are listening on the same group.
Guus Sliepen [Tue, 20 Mar 2012 22:49:16 +0000 (23:49 +0100)]
Always try next Address when an outgoing connection fails to authenticate.
When making outgoing connections, tinc goes through the list of Addresses and
tries all of them until one succeeds. However, before it would consider
establishing a TCP connection a success, even when the authentication failed.
This would be a problem if the first Address would point to a hostname and port
combination that belongs to the wrong tinc node, or perhaps even to a non-tinc
service, causing tinc to endlessly try this Address instead of moving to the
next one.
Guus Sliepen [Sun, 18 Mar 2012 15:42:02 +0000 (16:42 +0100)]
Add datagram mode to the SPTPS protocol.
* Everything is identical except the headers of the records.
* Instead of sending explicit message length and having an implicit sequence
number, datagram mode has an implicit message length and an explicit sequence
number.
* The sequence number is used to set the most significant bytes of the counter.
Guus Sliepen [Thu, 8 Mar 2012 22:23:39 +0000 (23:23 +0100)]
Make sure disabling old RSA keys works on Windows.
Seeking in files and rewriting parts of them does not seem to work properly on
Windows. Instead, when old RSA keys are found when generating new ones, the
file containing the old keys is copied to a temporary file where the changes
are made, and that file is renamed back to the original filename. On Windows,
we cannot atomically replace files with a rename(), so we need to move the
original file out of the way first. If anything fails, the new code will warn
that the user has to solve the problem by hand.