tinc 0.3.3 vs. 1.0pre2

Axel Müller axel.mueller at i2c-systems.com
Fri Jun 23 14:55:31 CEST 2000 

Hi Ivo,

--On Freitag, 23. Juni 2000 01:15 +0200 Ivo Timmermans <zarq at icicle.yi.org> 
wrote:

> I'm not sure I fully understand your patch.
This is not so important since I'm trying to get 1.0pre2 running.
Although I had no luck so far, I'll point out what's going wrong at the end 
of this mail.

> For instance, you force a
> key exchange when the connection is made, but not when a key is
> regenerated.  Is this intentional?
I did not look much into key regeneration of tinc. The reason to force this 
immediate key exchange was to save time. If I think it over again now, it 
doesn't really save time ;-(

> The parameter `proxymode' was removed in pre2, because it wouldn't
> work.  It was there for all wrong reasons anyway, and implemented in
> the wrong way.  I will re-introduce it under another name, so that the
> intention is clear (NoDirectData for instance).
In the scenario in which we use tinc this feature is crucial. That's why I 
modified tinc 0.3.3 which we are still running. As soon as you have VPN 
(tinc outgoing) clients accessing whole networks through a VPN (tinc 
incoming) server you have to tell the VPN client to send everything to the 
VPN server (proxy) reagardless if this is a know VPN destination.

> And defining the syslog levels would sure make sense, I think I will
> copy your practise here.
>From practical experience I would appreciate that. Currently there is no 
meaning behind log levels. Having a meaning one can easily set the proper 
log level. I would also add some more log messages, i.e. which 
configuration file tinc read after startup etc.. I already added some of 
them in the version I'm using.

> The metaprotocol definition was removed because it was just after a
> rewrite of the protocol, so the specification was obsolete, and it
> needs a rewrite.
Since I'm stuck with a meta protocol error right now it would help a lot to 
have the spec.

> As for contributing to tinc, any help is appreciated.
I thought that way ;-)
(although I have to admit that I'm not a C expert ...)

> Are you
> subscribed to the mailing list(s)?  (tinc at nl.linux.org and
> tinc-devel at nl.linux.org, send an email to majordomo at nl.linux.org.)
I did it today.

> We
> have some ideas for the future, and I'm now putting up a bug tracking
> system for tinc.
In our company we set up Bugzilla for that.


*** Problems with tinc 1.0pre2 ***
Since there is nothing like the ProxyMode you tried to introduce I have to 
modify netutl.c like I did for tinc 0.3.3 (which is working fine that way):

diff -u tinc-1.0pre2/src/netutl.c tinc-1.0pre2-i2c/src/netutl.c
--- tinc-1.0pre2/src/netutl.c   Wed May 31 20:23:06 2000
+++ tinc-1.0pre2-i2c/src/netutl.c       Fri Jun 23 14:14:42 2000
@@ -56,6 +56,9 @@
   for(p = conn_list; p != NULL; p = p->next)
     if(((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask)) && 
p->status.active)
       return p;
+  p = conn_list;
+  if(p->status.outgoing)
+    return p;
 cp
   return NULL;
 }

This small patch causes everything to be sent to the uplink if we have an 
outgoing connection.
Although this working fine with tinc 0.3.3 it does not work with 1.0pre1 or 
1.0pre2.
Below is the log of a test I did with 1.0pre2 running on both ends:

Jun 23 14:20:43 tomcat tinc[15012]: tincd 1.0pre2 (Jun 23 2000 14:15:07) 
starting, debug level 3.
Jun 23 14:20:43 tomcat tinc[15012]: Generating 128 bits keys.
Jun 23 14:20:43 tomcat tinc[15012]: Ready: listening on port 655.
Jun 23 14:20:43 tomcat tinc[15012]: Connected to 212.79.9.74:655
Jun 23 14:20:43 tomcat tinc[15012]: got 
BASIC_INFO(655,192.168.9.1,255.255.255.0)
Jun 23 14:20:43 tomcat tinc[15012]: Peer uses protocol version 6
Jun 23 14:20:43 tomcat tinc[15012]: Opening UDP socket to 212.79.9.74
Jun 23 14:20:43 tomcat tinc[15012]: Send BASIC_INFO to 212.79.9.74
Jun 23 14:20:55 tomcat tinc[15012]: Sending out request for public key to 
192.168.9.1
Jun 23 14:20:55 tomcat tinc[15012]: Metadata socket read error: Invalid 
argument
Jun 23 14:20:55 tomcat tinc[15012]: Closing connection with 212.79.9.74.
Jun 23 14:20:55 tomcat tinc[15012]: Send TERMREQ to 192.168.9.1
Jun 23 14:20:55 tomcat tinc[15012]: Try to re-establish outgoing connection 
in 5 seconds.
Jun 23 14:20:56 tomcat tinc[15012]: Got SEGV signal after netutl.c line 51. 
Trying to re-execute.
Jun 23 14:20:56 tomcat tinc[15012]: Terminating.
Jun 23 14:20:56 tomcat tinc[15015]: tincd 1.0pre2 (Jun 23 2000 14:15:07) 
starting, debug level 3.
Jun 23 14:20:56 tomcat tinc[15015]: Generating 128 bits keys.
Jun 23 14:20:56 tomcat tinc[15015]: Ready: listening on port 655.
Jun 23 14:20:56 tomcat tinc[15015]: Connected to 212.79.9.74:655
Jun 23 14:20:56 tomcat tinc[15015]: got 
BASIC_INFO(655,192.168.9.1,255.255.255.0)
Jun 23 14:20:56 tomcat tinc[15015]: Peer uses protocol version 6
Jun 23 14:20:56 tomcat tinc[15015]: Opening UDP socket to 212.79.9.74
Jun 23 14:20:56 tomcat tinc[15015]: Send BASIC_INFO to 212.79.9.74
Jun 23 14:20:57 tomcat tinc[15015]: Sending out request for public key to 
192.168.9.1
Jun 23 14:20:57 tomcat tinc[15015]: Metadata socket read error: Invalid 
argument
Jun 23 14:20:57 tomcat tinc[15015]: Closing connection with 212.79.9.74.
Jun 23 14:20:57 tomcat tinc[15015]: Send TERMREQ to 192.168.9.1
Jun 23 14:20:57 tomcat tinc[15015]: Try to re-establish outgoing connection 
in 5 seconds.
Jun 23 14:21:02 tomcat tinc[15015]: Connected to 212.79.9.74:655
Jun 23 14:21:02 tomcat tinc[15015]: got 
BASIC_INFO(655,192.168.9.1,255.255.255.0)
Jun 23 14:21:02 tomcat tinc[15015]: Peer uses protocol version 6
Jun 23 14:21:02 tomcat tinc[15015]: Opening UDP socket to 212.79.9.74
Jun 23 14:21:02 tomcat tinc[15015]: Send BASIC_INFO to 212.79.9.74

Any idea? Anything else I should test?

P.S.: What are the "cp" at the beginning and end of each function about?

Axel

---
TINC development list, tinc-devel at nl.linux.org
Archive: http://mail.nl.linux.org/tinc-devel/

More information about the Tinc-devel mailing list