Guus Sliepen [Mon, 9 Mar 2009 12:48:54 +0000 (13:48 +0100)]
Disable PMTUDiscovery in switch and hub modes.
In switch and hub modes, tinc does not generate ICMP packets in response to
packets that are larger than the path MTU. However, if PMTUDiscovery is
enabled, the IP_MTU_DISCOVER and IPV6_MTU_DISCOVER option is set on the UDP
sockets, which causes all UDP packets to be sent with the DF bit set, causing
large packets to be dropped, even if they would otherwise be routed fine.
Guus Sliepen [Thu, 5 Mar 2009 12:34:13 +0000 (13:34 +0100)]
Allow weight to be assigned to Subnets.
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.
Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority. The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
Guus Sliepen [Tue, 17 Feb 2009 13:43:05 +0000 (14:43 +0100)]
Handle neighbor solicitation requests without link layer addresses.
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
Michael Tokarev [Mon, 9 Feb 2009 22:51:10 +0000 (23:51 +0100)]
Allow tunnelserver to work with clients that have other peers.
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
Guus Sliepen [Tue, 3 Feb 2009 13:54:45 +0000 (14:54 +0100)]
Disable old RSA keys when generating new ones.
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
Guus Sliepen [Tue, 20 Jan 2009 12:12:41 +0000 (13:12 +0100)]
Use a global list to track outgoing connections.
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
Guus Sliepen [Mon, 19 Jan 2009 21:50:05 +0000 (22:50 +0100)]
Change flush_events() to expire_events().
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
Guus Sliepen [Sat, 3 Jan 2009 21:33:55 +0000 (22:33 +0100)]
Only send packets via UDP if UDP communication is possible.
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
Guus Sliepen [Mon, 22 Dec 2008 21:29:21 +0000 (21:29 +0000)]
Update documentation.
- TCPOnly is not experimental.
- Do not mention old Linux kernels and Ethertap anymore.
- Document the DeviceType, PMTU and PMTUDiscovery options.
Guus Sliepen [Fri, 5 Jan 2007 04:49:02 +0000 (04:49 +0000)]
Fix generic BSD tun device to write only the actual packet length.
Due to a copy&paste bug, it tried to write a packet with the maximum size.
This was not a problem until the maximum size was increased to support VLANs.
Guus Sliepen [Wed, 3 Jan 2007 18:18:54 +0000 (18:18 +0000)]
Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
It's a wonder it ever worked before. The socket that is created is not of a
datagram type, therefore packet boundaries were not preserved, which becomes
a problem as soon as the TAP-Win32 device receives packets in fast succession.
Guus Sliepen [Sat, 16 Dec 2006 16:40:09 +0000 (16:40 +0000)]
Remove the test for linux/if_tun.h.
It has been available for years on any decent Linux distribution.
Although linux/if_tun.h is now required to compile tinc,
you can still run it on systems which only support Ethertap.
Guus Sliepen [Wed, 9 Aug 2006 22:31:10 +0000 (22:31 +0000)]
memcpy() addresses from packet headers before calling the lookup functions.
This probably fixes a problem on the ARM architecture that causes tinc to fail to lookup IPv4 addresses.
Guus Sliepen [Thu, 19 Jan 2006 17:13:18 +0000 (17:13 +0000)]
Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
This helps coalescing multiple send_meta() commands into one TCP packet.
Also limit the size of the output buffer before dropping PACKETs.