From c70f52087bf6f7514684bbc859b83aec2ca17ae4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 May 2003 21:13:18 +0000 Subject: [PATCH] - Per-node EVP_CIPHER_CTX to avoid initialisation overhead. - LZO compression, thanks to Teemu Kiviniemi. - Updated dutch translation. --- THANKS | 2 + configure.in | 3 +- po/nl.po | 267 +++++++++++++++++++++++---------------------- src/net.c | 3 +- src/net.h | 9 +- src/net_packet.c | 65 +++++++++-- src/net_setup.c | 5 +- src/node.c | 5 +- src/node.h | 5 +- src/protocol_key.c | 9 +- 10 files changed, 218 insertions(+), 155 deletions(-) diff --git a/THANKS b/THANKS index e58c4289..9eef8a57 100644 --- a/THANKS +++ b/THANKS @@ -23,6 +23,8 @@ We would like to thank * Ivo van Dong (for help during the early versions of tinc) * Jeroen Ubbink (for help testing tinc on Free- and NetBSD) * LarstiQ (for help testing tinc on MacOS/X) + * Marc A. Lehmann (for bitching and valid criticism) + * Teemu Kiviniemi (for his lzo compression patch) for their help, support and ideas. Thank you guys! diff --git a/configure.in b/configure.in index 0477c213..83e1faec 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.60 2003/01/17 00:43:56 guus Exp $ +dnl $Id: configure.in,v 1.13.2.61 2003/05/06 21:13:13 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -154,6 +154,7 @@ dnl These are defined in files in m4/ tinc_TUNTAP tinc_OPENSSL tinc_ZLIB +tinc_LZO dnl Check if support for jumbograms is requested AC_ARG_ENABLE(jumbograms, diff --git a/po/nl.po b/po/nl.po index c7dc27b7..ca8dfefa 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-09-15 15:51+0200\n" -"PO-Revision-Date: 2002-09-15 15:51+0200\n" +"POT-Creation-Date: 2003-05-06 23:10+0200\n" +"PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -138,37 +138,37 @@ msgstr " %s op %s opties %lx socket %d status %04x" msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:51 +#: src/meta.c:52 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:62 +#: src/meta.c:67 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:97 +#: src/meta.c:105 #, c-format msgid "This is a bug: %s:%d: %d:%s %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" -#: src/meta.c:103 +#: src/meta.c:111 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:122 +#: src/meta.c:130 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:127 +#: src/meta.c:135 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:190 +#: src/meta.c:198 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -182,238 +182,240 @@ msgstr "Verwijderen onbereikbare nodes" msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:177 +#: src/net.c:188 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:231 +#: src/net.c:242 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:240 +#: src/net.c:251 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:246 +#: src/net.c:257 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:289 src/net_socket.c:279 +#: src/net.c:300 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:341 +#: src/net.c:353 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:373 +#: src/net.c:385 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:388 +#: src/net.c:401 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:403 -msgid "Rereading configuration file and restarting in 5 seconds..." -msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." - -#: src/net.c:410 +#: src/net.c:425 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:110 +#: src/net_packet.c:154 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:139 +#: src/net_packet.c:184 #, c-format -msgid "Got late or replayed packet from %s (%s), seqno %d" -msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" +msgid "Lost %d packets from %s (%s)" +msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:155 +#: src/net_packet.c:190 +#, c-format +msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" +msgstr "" +"Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" + +#: src/net_packet.c:210 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:184 +#: src/net_packet.c:238 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:212 +#: src/net_packet.c:265 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:244 +#: src/net_packet.c:295 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:296 +#: src/net_packet.c:347 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:299 src/net_setup.c:476 src/net_socket.c:110 +#: src/net_packet.c:350 src/net_setup.c:485 src/net_socket.c:110 #: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:375 src/process.c:265 #: src/process.c:295 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:305 +#: src/net_packet.c:356 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:323 +#: src/net_packet.c:374 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:328 +#: src/net_packet.c:379 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:335 +#: src/net_packet.c:386 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:344 +#: src/net_packet.c:395 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:364 +#: src/net_packet.c:415 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:382 +#: src/net_packet.c:433 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:403 +#: src/net_packet.c:454 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:410 +#: src/net_packet.c:461 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:417 +#: src/net_packet.c:468 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:427 +#: src/net_packet.c:478 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:108 src/net_setup.c:125 +#: src/net_setup.c:110 src/net_setup.c:127 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:138 +#: src/net_setup.c:142 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:177 +#: src/net_setup.c:182 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:204 +#: src/net_setup.c:210 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:216 +#: src/net_setup.c:222 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:246 src/net_setup.c:247 +#: src/net_setup.c:252 src/net_setup.c:253 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:253 +#: src/net_setup.c:259 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:258 +#: src/net_setup.c:264 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:270 +#: src/net_setup.c:276 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:326 +#: src/net_setup.c:332 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:337 +#: src/net_setup.c:343 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:347 +#: src/net_setup.c:353 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:361 +#: src/net_setup.c:367 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:380 +#: src/net_setup.c:386 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:412 +#: src/net_setup.c:421 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:426 +#: src/net_setup.c:435 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:429 +#: src/net_setup.c:438 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:444 +#: src/net_setup.c:453 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:498 +#: src/net_setup.c:507 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:509 +#: src/net_setup.c:518 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:511 +#: src/net_setup.c:520 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -428,8 +430,8 @@ msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" #: src/net_socket.c:142 -msgid "BindToDevice not supported on this platform" -msgstr "BindToDevice wordt niet ondersteund op dit platform" +msgid "BindToInterface not supported on this platform" +msgstr "BindToInterface wordt niet ondersteund op dit platform" #: src/net_socket.c:149 #, c-format @@ -451,57 +453,57 @@ msgstr "Kan niet aan %s/udp binden: %s" msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:252 src/net_socket.c:350 -#, c-format -msgid "Trying to connect to %s (%s)" -msgstr "Poging tot verbinden met %s (%s)" - -#: src/net_socket.c:258 src/net_socket.c:357 -#, c-format -msgid "Creating socket for %s failed: %s" -msgstr "Aanmaken socket voor %s mislukt: %s" - -#: src/net_socket.c:285 src/net_socket.c:296 +#: src/net_socket.c:250 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:314 +#: src/net_socket.c:268 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:380 +#: src/net_socket.c:304 +#, c-format +msgid "Trying to connect to %s (%s)" +msgstr "Poging tot verbinden met %s (%s)" + +#: src/net_socket.c:311 +#, c-format +msgid "Creating socket for %s failed: %s" +msgstr "Aanmaken socket voor %s mislukt: %s" + +#: src/net_socket.c:334 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:396 +#: src/net_socket.c:350 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:418 +#: src/net_socket.c:372 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:437 +#: src/net_socket.c:391 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:467 +#: src/net_socket.c:421 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:486 +#: src/net_socket.c:440 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:510 +#: src/net_socket.c:464 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -601,17 +603,17 @@ msgstr "Verzoek reeds gezien" msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" -#: src/protocol_auth.c:72 src/protocol_auth.c:230 src/protocol_auth.c:362 -#: src/protocol_auth.c:426 src/protocol_auth.c:531 src/protocol_edge.c:82 -#: src/protocol_edge.c:195 src/protocol_key.c:70 src/protocol_key.c:112 -#: src/protocol_key.c:175 src/protocol_misc.c:63 src/protocol_misc.c:94 +#: src/protocol_auth.c:72 src/protocol_auth.c:228 src/protocol_auth.c:355 +#: src/protocol_auth.c:419 src/protocol_auth.c:524 src/protocol_edge.c:82 +#: src/protocol_edge.c:196 src/protocol_key.c:70 src/protocol_key.c:112 +#: src/protocol_key.c:176 src/protocol_misc.c:63 src/protocol_misc.c:94 #: src/protocol_misc.c:188 src/protocol_subnet.c:71 src/protocol_subnet.c:162 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" #: src/protocol_auth.c:80 src/protocol_edge.c:90 src/protocol_edge.c:96 -#: src/protocol_edge.c:203 src/protocol_edge.c:209 src/protocol_subnet.c:79 +#: src/protocol_edge.c:204 src/protocol_edge.c:210 src/protocol_subnet.c:79 #: src/protocol_subnet.c:89 src/protocol_subnet.c:170 #: src/protocol_subnet.c:191 #, c-format @@ -638,62 +640,62 @@ msgstr "Ander %s heeft onbekende identiteit (%s)" msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:188 src/protocol_auth.c:260 +#: src/protocol_auth.c:188 src/protocol_auth.c:257 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:240 src/protocol_auth.c:372 src/protocol_auth.c:434 -#: src/protocol_auth.c:452 +#: src/protocol_auth.c:238 src/protocol_auth.c:365 src/protocol_auth.c:427 +#: src/protocol_auth.c:445 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:268 +#: src/protocol_auth.c:265 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:280 +#: src/protocol_auth.c:276 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:301 src/protocol_key.c:242 +#: src/protocol_auth.c:296 src/protocol_key.c:243 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:307 +#: src/protocol_auth.c:301 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:435 +#: src/protocol_auth.c:428 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:453 +#: src/protocol_auth.c:446 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:458 +#: src/protocol_auth.c:451 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:548 +#: src/protocol_auth.c:541 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:564 +#: src/protocol_auth.c:559 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:204 -#: src/protocol_edge.c:210 src/protocol_subnet.c:80 src/protocol_subnet.c:171 +#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:205 +#: src/protocol_edge.c:211 src/protocol_subnet.c:80 src/protocol_subnet.c:171 msgid "invalid name" msgstr "ongeldige naam" @@ -708,17 +710,17 @@ msgstr "" msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:148 +#: src/protocol_edge.c:149 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:223 src/protocol_edge.c:232 src/protocol_edge.c:243 +#: src/protocol_edge.c:224 src/protocol_edge.c:233 src/protocol_edge.c:244 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:250 src/protocol_subnet.c:118 src/protocol_subnet.c:218 +#: src/protocol_edge.c:251 src/protocol_subnet.c:118 src/protocol_subnet.c:218 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" @@ -728,14 +730,14 @@ msgstr "Kreeg %s van %s (%s) voor onszelf" msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:120 src/protocol_key.c:183 +#: src/protocol_key.c:120 src/protocol_key.c:184 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:128 src/protocol_key.c:191 +#: src/protocol_key.c:128 src/protocol_key.c:192 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -743,21 +745,26 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:222 +#: src/protocol_key.c:223 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:228 +#: src/protocol_key.c:229 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:248 +#: src/protocol_key.c:249 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" +#: src/protocol_key.c:258 +#, c-format +msgid "Node %s (%s) uses bogus compression level!" +msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" + #: src/protocol_misc.c:69 #, c-format msgid "Status message from %s (%s): %s: %s" @@ -928,16 +935,16 @@ msgstr "" msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:419 +#: src/tincd.c:427 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:423 +#: src/tincd.c:431 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:426 src/process.c:353 +#: src/tincd.c:434 src/process.c:353 msgid "Not restarting." msgstr "Geen herstart." @@ -1081,22 +1088,22 @@ msgstr "Signaal %d (%s) genegeerd" msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:84 +#: src/route.c:117 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:118 +#: src/route.c:151 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:167 +#: src/route.c:261 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:188 +#: src/route.c:354 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1105,19 +1112,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:248 +#: src/route.c:407 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:268 +#: src/route.c:426 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:278 +#: src/route.c:436 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1126,25 +1133,25 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:357 +#: src/route.c:516 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:368 +#: src/route.c:527 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:426 +#: src/route.c:585 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:172 +#: src/node.c:175 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:176 +#: src/node.c:179 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1153,7 +1160,7 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:183 +#: src/node.c:186 msgid "End of nodes." msgstr "Einde van nodes." @@ -1170,12 +1177,12 @@ msgstr " %s naar %s op %s opties %lx gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:268 +#: src/graph.c:267 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:271 +#: src/graph.c:270 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" diff --git a/src/net.c b/src/net.c index a20de41f..582c90a5 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.185 2003/04/19 11:12:45 guus Exp $ + $Id: net.c,v 1.35.4.186 2003/05/06 21:13:14 guus Exp $ */ #include "config.h" @@ -385,6 +385,7 @@ void main_loop(void) syslog(LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); send_key_changed(broadcast, myself); keyexpires = now + keylifetime; } diff --git a/src/net.h b/src/net.h index d6527343..6d2677bf 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $ + $Id: net.h,v 1.9.4.57 2003/05/06 21:13:17 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -37,14 +37,13 @@ #ifdef ENABLE_JUMBOGRAMS #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ -#define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ -#define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ #else #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ -#define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ -#define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ #endif +#define MAXSIZE (MTU + 4 + 8 + 64 + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ +#define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) /* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */ + #define MAXSOCKETS 128 /* Overkill... */ #define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ diff --git a/src/net_packet.c b/src/net_packet.c index 724eaa33..e4c4c10a 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.27 2003/04/18 21:18:36 guus Exp $ + $Id: net_packet.c,v 1.1.2.28 2003/05/06 21:13:17 guus Exp $ */ #include "config.h" @@ -56,6 +56,7 @@ #include #include +#include #include #include @@ -81,9 +82,51 @@ int keylifetime = 0; int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; +char lzo_wrkmem[MAXSIZE]; + #define MAX_SEQNO 1073741824 +length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +{ + if(level == 10) { + lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); + return lzolen; + } else if(level < 10) { + unsigned long destlen; + if(compress2(dest, &destlen, source, len, level) == Z_OK) + return destlen; + else + return -1; + } else { + lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem); + return lzolen; + } + + return -1; +} + +length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +{ + if(level > 9) { + lzo_uint lzolen = sizeof(lzo_wrkmem); + if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) + return lzolen; + else + return -1; + } else { + unsigned long destlen; + if(uncompress(dest, &destlen, source, len) == Z_OK) + return destlen; + else + return -1; + } + + return -1; +} + /* VPN packet I/O */ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -119,8 +162,9 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, - myself->key + myself->cipher->key_len); +// EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, +// myself->key + myself->cipher->key_len); + EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL); EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); @@ -162,13 +206,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->compression) { outpkt = pkt[nextpkt++]; - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) { + if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) { syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); return; } - outpkt->len = complen; inpkt = outpkt; } @@ -248,15 +291,12 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->compression) { outpkt = pkt[nextpkt++]; - if(compress2 - (outpkt->data, &complen, inpkt->data, inpkt->len, - n->compression) != Z_OK) { + if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) { syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); return; } - outpkt->len = complen; inpkt = outpkt; } @@ -270,10 +310,11 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; - EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, +// EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); + EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL); + EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); outpkt->len = outlen + outpad; inpkt = outpkt; diff --git a/src/net_setup.c b/src/net_setup.c index fcbc8c5d..44d0c744 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $ + $Id: net_setup.c,v 1.1.2.31 2003/05/06 21:13:17 guus Exp $ */ #include "config.h" @@ -406,6 +406,7 @@ int setup_myself(void) keyexpires = now + keylifetime; EVP_CIPHER_CTX_init(&packet_ctx); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); /* Check if we want to use message authentication codes... */ @@ -448,7 +449,7 @@ int setup_myself(void) if(get_config_int (lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { - if(myself->compression < 0 || myself->compression > 9) { + if(myself->compression < 0 || myself->compression > 11) { syslog(LOG_ERR, _("Bogus compression level!")); return -1; } diff --git a/src/node.c b/src/node.c index e68c7359..48a4ebd8 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.18 2002/09/09 22:32:49 guus Exp $ + $Id: node.c,v 1.1.2.19 2003/05/06 21:13:17 guus Exp $ */ #include "config.h" @@ -83,6 +83,7 @@ node_t *new_node(void) n->subnet_tree = new_subnet_tree(); n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t) free); + EVP_CIPHER_CTX_init(&n->packet_ctx); return n; } @@ -109,6 +110,8 @@ void free_node(node_t *n) if(n->edge_tree) free_edge_tree(n->edge_tree); + EVP_CIPHER_CTX_cleanup(&n->packet_ctx); + free(n); } diff --git a/src/node.h b/src/node.h index 6e5e68eb..800c6dee 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.21 2003/04/18 21:18:36 guus Exp $ + $Id: node.h,v 1.1.2.22 2003/05/06 21:13:18 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -54,7 +54,8 @@ typedef struct node_t { const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length */ - + EVP_CIPHER_CTX packet_ctx; /* Cipher context */ + const EVP_MD *digest; /* Digest type for MAC */ int maclength; /* Length of MAC */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 786a8a17..0ecad9ba 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.15 2003/04/18 21:18:36 guus Exp $ + $Id: protocol_key.c,v 1.1.4.16 2003/05/06 21:13:18 guus Exp $ */ #include "config.h" @@ -254,8 +254,15 @@ int ans_key_h(connection_t *c) from->digest = NULL; } + if(compression < 0 || compression > 11) { + syslog(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); + return -1; + } + from->compression = compression; + EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + flush_queue(from); return 0; -- 2.39.5