"Unauthorized request" messages after tinc update

Nikolaus Rath Nikolaus at rath.org
Thu Sep 26 02:43:37 CEST 2013 

Guus Sliepen <guus-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org> writes:
> On Wed, Sep 25, 2013 at 09:37:54AM -0700, Nikolaus Rath wrote:
>
>> > That's very strange. It looks like there is a PING message in a buffer
>> > somewhere that is being received by ebox instead of the ID message. I have
>> > never seen this before...
> [...]
>> > Which version of tinc is thinkpad running? Could you run tincd there as well
>> > with -d4, and copy&paste the log from that one as well when the
>> > problem occurs?
>> 
>> Here you go (note that the ebox times are UTC, but the hspc times are Europe/Berlin):
>
> Ok, so this is where ebox gets a PING request during authentication:
>
>> 2013-09-24 07:41:48 tinc.rath[28298]: Got PING from hspc (87.173.107.130 port 57503): 8
>> 2013-09-24 07:41:48 tinc.rath[28298]: Unauthorized request from hspc (87.173.107.130 port 57503)
>
> And here is the culprit:
>
>> 2013-09-24 09:41:48 tinc.rath[1413]: Got ALRM signal
>> 2013-09-24 09:41:48 tinc.rath[1413]: Flushing event queue
>> 2013-09-24 09:41:48 tinc.rath[1413]: Sending PING to ebox (23.92.25.96 port 655): 8
>
> Tinc is responding to the ALRM signal by sending a PING to all nodes it has a
> meta connection to. It is of course a bug to do this for connections that have
> not finished authenticating yet, I have fixed it now.

Great, thanks!

> Unfortunately, there is no workaround, for 1.0.16 or 1.0.19, except
> for not sending ALRM signals to tinc (but I assume you have a good
> reason for doing so).

Not personally, but the debian packaging includes a hook script
(/etc/network/if-up.d/tinc) that sends ALRM to tinc whenever a new
interface comes up. The rationale probably being that this is a good
time for tinc to retry any connections.


> On Mon, 26 Aug 2013 18:57:42 -0700, Nikolaus Rath wrote:
>
>> I recently upgraded the two other clients from tinc 1.0.11 to tinc 1.0.16.
>
> And indeed the reason that you see this bug now is because it was introduced in
> 1.0.12. Anyway, thank you for patiently waiting for the error to occur again
> and logging everything!

No problem at all. Thank you for working on tinc!


Best,

   -Nikolaus

-- 
 »Time flies like an arrow, fruit flies like a Banana.«

  PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C

More information about the tinc mailing list