tinc
13 years agoIntroducing the Big Tinc Lock.
Guus Sliepen [Fri, 14 Jan 2011 21:18:59 +0000 (22:18 +0100)]
Introducing the Big Tinc Lock.

Now that tinc is multi-threaded, we need some form of synchronisation.  For
now, there is a single mutex which we lock whenever we do something with global
data structures. The main thread, from which timer events are handled, is
always locked unless it is sleeping for the next event, the other threads
receive incoming I/O unlocked, and lock to process the received data.

In the future more fine-grained locking should be used, probably in the form of
rwlocks, or lockless algorithms (maybe RCU).

13 years agoProper check and dropin replacement for usleep().
Guus Sliepen [Fri, 14 Jan 2011 20:22:46 +0000 (21:22 +0100)]
Proper check and dropin replacement for usleep().

13 years agoUse usleep() instead of sleep().
Guus Sliepen [Fri, 14 Jan 2011 20:22:02 +0000 (21:22 +0100)]
Use usleep() instead of sleep().

13 years agoUpdate NEWS.
Guus Sliepen [Fri, 14 Jan 2011 20:19:37 +0000 (21:19 +0100)]
Update NEWS.

13 years agoRemove dependency on libevent, add -pthread when necessary.
Guus Sliepen [Fri, 14 Jan 2011 20:18:21 +0000 (21:18 +0100)]
Remove dependency on libevent, add -pthread when necessary.

13 years agoAdd a copy of tinc 1.0's event infrastructure.
Guus Sliepen [Fri, 14 Jan 2011 19:35:40 +0000 (20:35 +0100)]
Add a copy of tinc 1.0's event infrastructure.

13 years agoUse tinc 1.0's event infrastructure to handle timeouts.
Guus Sliepen [Fri, 14 Jan 2011 19:28:52 +0000 (20:28 +0100)]
Use tinc 1.0's event infrastructure to handle timeouts.

This removes the necessity for libevent.

13 years agoUse threads for TCP listening sockets.
Guus Sliepen [Fri, 14 Jan 2011 17:03:09 +0000 (18:03 +0100)]
Use threads for TCP listening sockets.

13 years agoRemove use of bufferevents and evbuffers.
Guus Sliepen [Fri, 14 Jan 2011 16:34:48 +0000 (17:34 +0100)]
Remove use of bufferevents and evbuffers.

13 years agoUse threads for TCP connections.
Guus Sliepen [Fri, 14 Jan 2011 16:09:29 +0000 (17:09 +0100)]
Use threads for TCP connections.

This is a minimal conversion which does not yet get rid of bufferevents and
evbuffers in connection_ts.

13 years agoUse thread for tun device.
Guus Sliepen [Fri, 14 Jan 2011 15:37:24 +0000 (16:37 +0100)]
Use thread for tun device.

13 years agoCancel threads to ensure they abort blocking I/O operations.
Guus Sliepen [Fri, 14 Jan 2011 15:15:03 +0000 (16:15 +0100)]
Cancel threads to ensure they abort blocking I/O operations.

13 years agoUse threads for UDP sockets.
Guus Sliepen [Fri, 14 Jan 2011 15:00:22 +0000 (16:00 +0100)]
Use threads for UDP sockets.

13 years agoAdd simple thread and mutex wrappers.
Guus Sliepen [Fri, 14 Jan 2011 14:17:55 +0000 (15:17 +0100)]
Add simple thread and mutex wrappers.

13 years agoDo not try to dereference myself->connection->config_tree.
Guus Sliepen [Fri, 19 Nov 2010 12:26:20 +0000 (12:26 +0000)]
Do not try to dereference myself->connection->config_tree.

This was a bug introduced due to an incomplete merge (commit
ff71f289022ccb91abc2726f16522d55b5ccf0f6).

13 years agoMerge branch 'master' into 1.1
Guus Sliepen [Fri, 19 Nov 2010 12:22:48 +0000 (12:22 +0000)]
Merge branch 'master' into 1.1

Conflicts:
src/net_packet.c
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_key.c

13 years agoAttribution for Brandon Black.
Guus Sliepen [Tue, 16 Nov 2010 16:28:41 +0000 (17:28 +0100)]
Attribution for Brandon Black.

13 years agoFix variable length array declaration.
Guus Sliepen [Tue, 16 Nov 2010 15:45:36 +0000 (16:45 +0100)]
Fix variable length array declaration.

13 years agoFree replay window when freeing a node_t.
Guus Sliepen [Sat, 13 Nov 2010 20:36:51 +0000 (21:36 +0100)]
Free replay window when freeing a node_t.

13 years agoFix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
Guus Sliepen [Sat, 13 Nov 2010 20:34:59 +0000 (21:34 +0100)]
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.

13 years agoImproved handling of queue-jumping packets on receive
Brandon L Black [Sat, 13 Nov 2010 18:05:51 +0000 (12:05 -0600)]
Improved handling of queue-jumping packets on receive

13 years agoConfigurable ReplayWindow size, zero disables
Brandon L Black [Sat, 13 Nov 2010 18:05:50 +0000 (12:05 -0600)]
Configurable ReplayWindow size, zero disables

13 years agoConfigurable SO_RCVBUF/SO_SNDBUF for the UDP socket
Brandon L Black [Sat, 13 Nov 2010 18:05:49 +0000 (12:05 -0600)]
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket

13 years agoExperimental IFF_ONE_QUEUE support for Linux
Brandon L Black [Sat, 13 Nov 2010 18:05:48 +0000 (12:05 -0600)]
Experimental IFF_ONE_QUEUE support for Linux

13 years agoUse variable length arrays instead of alloca().
Guus Sliepen [Sat, 13 Nov 2010 14:55:38 +0000 (15:55 +0100)]
Use variable length arrays instead of alloca().

13 years agoProvide usleep() for Windows.
Guus Sliepen [Sat, 13 Nov 2010 14:50:39 +0000 (15:50 +0100)]
Provide usleep() for Windows.

13 years agoLink tincctl with dropin.o.
Guus Sliepen [Sat, 13 Nov 2010 14:46:19 +0000 (15:46 +0100)]
Link tincctl with dropin.o.

13 years agoMerge branch 'master' into 1.1
Guus Sliepen [Fri, 12 Nov 2010 15:15:29 +0000 (16:15 +0100)]
Merge branch 'master' into 1.1

Conflicts:
doc/tincd.8.in
lib/pidfile.c
src/graph.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/node.h
src/protocol_auth.c
src/protocol_key.c
src/tincd.c

13 years agoDon't use strlen() on a NULL pointer.
Guus Sliepen [Fri, 12 Nov 2010 10:38:05 +0000 (11:38 +0100)]
Don't use strlen() on a NULL pointer.

A bug introduced in commit 667b1bac77b134cf32c98d5dc25619e8c3303f52 caused tinc
to crash on startup.

13 years agoAdd short options -R and -U to the tincd(8) manpage.
Guus Sliepen [Fri, 12 Nov 2010 10:33:01 +0000 (11:33 +0100)]
Add short options -R and -U to the tincd(8) manpage.

14 years agoRead error counter must be static.
Guus Sliepen [Tue, 2 Nov 2010 13:23:43 +0000 (14:23 +0100)]
Read error counter must be static.

14 years agoQuit when there are too many consecutive errors on the tun/tap device.
Guus Sliepen [Tue, 2 Nov 2010 13:18:35 +0000 (14:18 +0100)]
Quit when there are too many consecutive errors on the tun/tap device.

Although transient errors sometimes happen on the tun/tap device (for example,
if the kernel is temporarily out of buffer space), there are situations where
the tun/tap device becomes permanently broken. Instead of endlessly spamming
the syslog, we now sleep an increasing amount of time between consecutive read
errors, and if reads still fail after 10 attempts (approximately 3 seconds),
tinc will quit.

14 years agoTreat netname="." in a special way.
Michael Tokarev [Sun, 24 Oct 2010 11:23:10 +0000 (15:23 +0400)]
Treat netname="." in a special way.

Treat netname "." in a special way as if there was no netname
specified.  Before, f.e. tincd -n. -k didn't work as it tried
to open /var/run/tinc-.pid.  Now -n. works as if there was no
-n option is specified.

Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
14 years agoRemove unused variables.
Guus Sliepen [Fri, 22 Oct 2010 20:46:44 +0000 (22:46 +0200)]
Remove unused variables.

These were caused by commit 667b1bac77b134cf32c98d5dc25619e8c3303f52.

14 years agoAbort disabling old PEM keys on I/O errors.
Guus Sliepen [Fri, 22 Oct 2010 20:43:50 +0000 (22:43 +0200)]
Abort disabling old PEM keys on I/O errors.

14 years agoEnsure there is a newline character before a PEM key is written.
Guus Sliepen [Fri, 22 Oct 2010 20:42:21 +0000 (22:42 +0200)]
Ensure there is a newline character before a PEM key is written.

14 years agoAttribution for Timothy Redaelli.
Guus Sliepen [Fri, 22 Oct 2010 11:40:04 +0000 (13:40 +0200)]
Attribution for Timothy Redaelli.

14 years agoAttribution for Julien Muchembled.
Guus Sliepen [Fri, 22 Oct 2010 11:17:42 +0000 (13:17 +0200)]
Attribution for Julien Muchembled.

14 years agoRemove duplicate command-line option parsing.
Guus Sliepen [Fri, 22 Oct 2010 11:06:06 +0000 (13:06 +0200)]
Remove duplicate command-line option parsing.

Also fix parsing of command-line host configuration options for the local node.

14 years agoMerge local host configuration with server configuration.
Guus Sliepen [Fri, 22 Oct 2010 10:47:12 +0000 (12:47 +0200)]
Merge local host configuration with server configuration.

With some exceptions, tinc only accepted host configuration options for the
local node from the corresponding host configuration file. Although this is
documented, many people expect that they can also put those options in
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
local host configuration file.

14 years agoNew '-o' option to configure server or hosts from command line
Julien Muchembled [Fri, 3 Sep 2010 11:34:22 +0000 (13:34 +0200)]
New '-o' option to configure server or hosts from command line

Options given on the command line have precedence over configuration from files.

This can be useful, for example, for a roaming node, for which 'ConnectTo' and
<host>.Address depends on its location.

14 years agoDo not append an address to ANS_KEY messages if we don't know any address.
Guus Sliepen [Fri, 4 Jun 2010 14:03:19 +0000 (16:03 +0200)]
Do not append an address to ANS_KEY messages if we don't know any address.

This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.

14 years agoUse 64 bit counters to keep track of bytes sent/received from the virtual network...
Guus Sliepen [Fri, 4 Jun 2010 13:04:08 +0000 (15:04 +0200)]
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.

14 years agoDetect and prevent two nodes with the same Name being on the VPN simultaneously.
Guus Sliepen [Fri, 4 Jun 2010 12:53:52 +0000 (14:53 +0200)]
Detect and prevent two nodes with the same Name being on the VPN simultaneously.

In this situation, the two nodes will start fighting over the edges they announced.
When we have to contradict both ADD_EDGE and DEL_EDGE messages, we log a warning,
and with 25% chance per PingTimeout we quit.

14 years agoUse strrchr() insteaad of rindex().
Guus Sliepen [Fri, 7 May 2010 10:24:49 +0000 (12:24 +0200)]
Use strrchr() insteaad of rindex().

The latter function is deprecated, some build environments do not support.

14 years agoFix warnings under BSD
Timothy Redaelli [Tue, 4 May 2010 13:43:48 +0000 (15:43 +0200)]
Fix warnings under BSD

14 years agoFix warnings showed using -D_FORTIFY_SOURCE=2
Timothy Redaelli [Mon, 3 May 2010 22:27:44 +0000 (00:27 +0200)]
Fix warnings showed using -D_FORTIFY_SOURCE=2

14 years agoFix all warnings when compiling with mingw64.
Guus Sliepen [Sat, 1 May 2010 13:39:59 +0000 (15:39 +0200)]
Fix all warnings when compiling with mingw64.

14 years agoOpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
Guus Sliepen [Sat, 1 May 2010 13:39:03 +0000 (15:39 +0200)]
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.

14 years agoUse intptr_t instead of long to store a pointer.
Guus Sliepen [Sat, 1 May 2010 13:38:04 +0000 (15:38 +0200)]
Use intptr_t instead of long to store a pointer.

14 years agoDefine WINVER before including any other header file on Windows.
Guus Sliepen [Sat, 1 May 2010 13:37:11 +0000 (15:37 +0200)]
Define WINVER before including any other header file on Windows.

14 years agoRemove obsolete lib/ directory.
Guus Sliepen [Fri, 30 Apr 2010 21:18:22 +0000 (23:18 +0200)]
Remove obsolete lib/ directory.

14 years agoDo not try to free NULL pointers.
Guus Sliepen [Fri, 30 Apr 2010 21:13:02 +0000 (23:13 +0200)]
Do not try to free NULL pointers.

14 years agoUse correct digest length when checking a received key.
Guus Sliepen [Fri, 30 Apr 2010 21:11:48 +0000 (23:11 +0200)]
Use correct digest length when checking a received key.

14 years agoAdd missing return statement.
Guus Sliepen [Sat, 17 Apr 2010 10:33:36 +0000 (12:33 +0200)]
Add missing return statement.

14 years agoFix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.
Guus Sliepen [Sat, 17 Apr 2010 10:33:15 +0000 (12:33 +0200)]
Fix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.

14 years agoMerge branch 'master' into 1.1
Guus Sliepen [Sat, 17 Apr 2010 10:21:53 +0000 (12:21 +0200)]
Merge branch 'master' into 1.1

Conflicts:
NEWS
README
configure.in
src/net.c
src/net.h

14 years agoFix experimental GUI when reading hexadecimal values.
Guus Sliepen [Sat, 17 Apr 2010 10:03:08 +0000 (12:03 +0200)]
Fix experimental GUI when reading hexadecimal values.

14 years agoFix reading configuration files that do not end with a newline. Again.
Guus Sliepen [Sat, 17 Apr 2010 10:01:38 +0000 (12:01 +0200)]
Fix reading configuration files that do not end with a newline. Again.

14 years agoReleasing 1.0.13. release-1.0.13
Guus Sliepen [Sun, 11 Apr 2010 18:40:20 +0000 (20:40 +0200)]
Releasing 1.0.13.

14 years agoMark Forwarding and DirectOnly options as being experimental.
Guus Sliepen [Sun, 11 Apr 2010 17:47:44 +0000 (19:47 +0200)]
Mark Forwarding and DirectOnly options as being experimental.

14 years agoDon't redefine MAX if it already exists.
Guus Sliepen [Sun, 11 Apr 2010 17:39:31 +0000 (19:39 +0200)]
Don't redefine MAX if it already exists.

14 years agoFixes for definitions under Windows.
Guus Sliepen [Sun, 11 Apr 2010 17:20:02 +0000 (19:20 +0200)]
Fixes for definitions under Windows.

14 years agoEnsure subnet-up/down scripts are called after HUP when necessary.
Guus Sliepen [Sun, 11 Apr 2010 16:34:50 +0000 (18:34 +0200)]
Ensure subnet-up/down scripts are called after HUP when necessary.

14 years agoFix reloading Subnets when StrictSubnets is set.
Guus Sliepen [Sun, 11 Apr 2010 02:35:16 +0000 (04:35 +0200)]
Fix reloading Subnets when StrictSubnets is set.

14 years agoReload Subnets when getting a HUP signal and StrictSubnets is used.
Guus Sliepen [Sat, 10 Apr 2010 22:50:42 +0000 (00:50 +0200)]
Reload Subnets when getting a HUP signal and StrictSubnets is used.

14 years agoEnsure ICMP_NET_ANO is defined.
Guus Sliepen [Sat, 10 Apr 2010 21:55:15 +0000 (23:55 +0200)]
Ensure ICMP_NET_ANO is defined.

14 years agoConvert Port to numeric form before sending it to other nodes.
Guus Sliepen [Sat, 3 Apr 2010 08:46:45 +0000 (09:46 +0100)]
Convert Port to numeric form before sending it to other nodes.

If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes.  However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.

14 years agoFixed metadata protokoll corruption on forwarded requests
Sven-Haegar Koch [Wed, 31 Mar 2010 01:56:53 +0000 (03:56 +0200)]
Fixed metadata protokoll corruption on forwarded requests

When forwarding a metadata request through forward_request() we were
adding the required newline char to our buffer, but then sending the
data without it - this results in the forwarded request and the next one
to be garbled together.

Additionally while at it add a warning comment that request string is
not zero terminated anymore after a call to the forward_request()
function - for now this is ok as it is not used by any caller after this.

14 years agoDemote all LOG_EMERG to LOG_ERR, spamming all xterms is bad.
Sven-Haegar Koch [Fri, 26 Mar 2010 16:25:18 +0000 (17:25 +0100)]
Demote all LOG_EMERG to LOG_ERR, spamming all xterms is bad.

14 years agoREADME.git: tinc 1.1 needs libevent
Sven-Haegar Koch [Fri, 26 Mar 2010 15:54:13 +0000 (16:54 +0100)]
README.git: tinc 1.1 needs libevent

14 years agoFunction flush_meta() does not exist anymore.
Sven-Haegar Koch [Sun, 28 Mar 2010 15:51:26 +0000 (17:51 +0200)]
Function flush_meta() does not exist anymore.

14 years agoAdd missing AC_CHECK_HEADERS([dirent.h]) to configure.in
Sven-Haegar Koch [Fri, 26 Mar 2010 16:07:30 +0000 (17:07 +0100)]
Add missing AC_CHECK_HEADERS([dirent.h]) to configure.in

14 years agoFixed 1.0 miss-merges
Sven-Haegar Koch [Fri, 26 Mar 2010 16:18:04 +0000 (17:18 +0100)]
Fixed 1.0 miss-merges

14 years agoMerge branch 'master' into 1.1
Sven-Haegar Koch [Fri, 26 Mar 2010 15:51:03 +0000 (16:51 +0100)]
Merge branch 'master' into 1.1

Conflicts:
NEWS
README
configure.in
have.h
src/conf.c
src/conf.h
src/net.c
src/net_packet.c
src/protocol_key.c
src/protocol_subnet.c
src/route.c
src/tincd.c

14 years agoNever delete Subnets when StrictSubnets is set
Sven-Haegar Koch [Wed, 10 Mar 2010 01:50:51 +0000 (02:50 +0100)]
Never delete Subnets when StrictSubnets is set

If a node is unreachable, and not connected to an edge anymore, it gets
deleted. When this happens its subnets are also removed, which should
not happen with StrictSubnets=yes.

Solution:
- do not remove subnets in src/net.c::purge(), we know that all subnets
  in the list came from our hosts files.
  I think here you got the check wrong by looking at the tunnelserver
  code below it - with strictsubnets we still inform others but do not
  remove the subnet from our data.
- do not remove nodes in net.c::purge() that still have subnets
  attached.

14 years agoFix typo.
Guus Sliepen [Wed, 10 Mar 2010 15:07:01 +0000 (16:07 +0100)]
Fix typo.

14 years agoLog unauthorized Subnets when StrictSubnets is set.
Guus Sliepen [Mon, 8 Mar 2010 20:44:32 +0000 (21:44 +0100)]
Log unauthorized Subnets when StrictSubnets is set.

14 years agoConnectTo does not mean tinc does not listen for incoming connections anymore.
Guus Sliepen [Mon, 8 Mar 2010 16:54:57 +0000 (17:54 +0100)]
ConnectTo does not mean tinc does not listen for incoming connections anymore.

14 years agoFixes for the Forwarding option.
Guus Sliepen [Tue, 2 Mar 2010 22:27:50 +0000 (23:27 +0100)]
Fixes for the Forwarding option.

14 years agoAdd the DirectOnly option.
Guus Sliepen [Tue, 2 Mar 2010 21:55:24 +0000 (22:55 +0100)]
Add the DirectOnly option.

When this option is enabled, packets that cannot be sent directly to the destination node,
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.

14 years agoAdd the Forwarding option.
Guus Sliepen [Tue, 2 Mar 2010 21:34:26 +0000 (22:34 +0100)]
Add the Forwarding option.

This determines if and how incoming packets that are not meant for the local
node are forwarded.  It can either be off, internal (tinc forwards them itself,
as in previous versions), or kernel (packets are always sent to the TUN/TAP
device, letting the kernel sort them out).

14 years agoAdd the StrictSubnets option.
Guus Sliepen [Mon, 1 Mar 2010 23:18:44 +0000 (00:18 +0100)]
Add the StrictSubnets option.

When this option is enabled, tinc will not accept dynamic updates of Subnets
from other nodes, but will only use Subnets read from local host config files
to build its routing table.

14 years agoPreload all Subnets in TunnelServer mode.
Guus Sliepen [Mon, 1 Mar 2010 22:44:56 +0000 (23:44 +0100)]
Preload all Subnets in TunnelServer mode.

This simplifies the logic in protocol_subnet.c.

14 years agoCheck for dirent.h.
Guus Sliepen [Mon, 1 Mar 2010 22:44:46 +0000 (23:44 +0100)]
Check for dirent.h.

14 years agoSimplify reading lines from configuration files.
Guus Sliepen [Mon, 1 Mar 2010 22:35:02 +0000 (23:35 +0100)]
Simplify reading lines from configuration files.

Instead of allocating storage for each line read, we now read into fixed-size
buffers on the stack. This fixes a case where a malformed configuration file
could crash tinc.

14 years agoClamp MSS to miminum MTU in both directions.
Guus Sliepen [Sun, 28 Feb 2010 17:20:13 +0000 (18:20 +0100)]
Clamp MSS to miminum MTU in both directions.

Clamp MSS of both incoming and outgoing packets, and use the minimum of the
PMTU of both directions when clamping.

14 years agoAdd --disable-zlib configure option
Timothy Redaelli [Wed, 10 Feb 2010 13:52:15 +0000 (14:52 +0100)]
Add --disable-zlib configure option

14 years agoAdd --disable-lzo configure option
Timothy Redaelli [Wed, 10 Feb 2010 12:24:33 +0000 (13:24 +0100)]
Add --disable-lzo configure option

14 years agoReleasing 1.0.12. release-1.0.12
Guus Sliepen [Wed, 3 Feb 2010 21:49:48 +0000 (22:49 +0100)]
Releasing 1.0.12.

14 years agoEnsure peers with a meta connection always have our key.
Guus Sliepen [Wed, 3 Feb 2010 10:18:46 +0000 (11:18 +0100)]
Ensure peers with a meta connection always have our key.

This keeps UDP probes going, which in turn keeps NAT mappings alive.

14 years agoUpdate copyright notices.
Guus Sliepen [Tue, 2 Feb 2010 21:49:21 +0000 (22:49 +0100)]
Update copyright notices.

14 years agoTry to set DF bit on BSDs as well.
Guus Sliepen [Tue, 2 Feb 2010 21:22:27 +0000 (22:22 +0100)]
Try to set DF bit on BSDs as well.

Every operating system seems to have its own, slightly different way to disable
packet fragmentation. Emit a compiler warning when no suitable way is found.
On OpenBSD, it seems impossible to do it for IPv4.

14 years agoImmediately exchange keys when establishing a meta connection.
Guus Sliepen [Tue, 2 Feb 2010 00:02:40 +0000 (01:02 +0100)]
Immediately exchange keys when establishing a meta connection.

This in turn will trigger PMTU discovery, and ensures nodes know each others
reflexive UDP address and port.

14 years agoDetermine peer's reflexive address and port when exchanging keys.
Guus Sliepen [Mon, 1 Feb 2010 23:51:44 +0000 (00:51 +0100)]
Determine peer's reflexive address and port when exchanging keys.

To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.

Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.

14 years agoBe liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
Guus Sliepen [Sat, 23 Jan 2010 17:48:01 +0000 (18:48 +0100)]
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.

When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request.  However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.

14 years agoRun subnet-up/down scripts for local MAC addresses as well.
Guus Sliepen [Fri, 22 Jan 2010 20:59:40 +0000 (21:59 +0100)]
Run subnet-up/down scripts for local MAC addresses as well.

14 years agoFix subnet-up/down scripts being called with an empty SUBNET.
Guus Sliepen [Fri, 22 Jan 2010 20:47:26 +0000 (21:47 +0100)]
Fix subnet-up/down scripts being called with an empty SUBNET.

Commit 052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
scripts to be called with an empty, or possibly corrupted SUBNET variable when
a Subnet is added or removed while the owner is still online. In router mode,
this normally does not happen, but in switch mode this is normal.

14 years agoMake MSS clamping configurable, but enabled by default.
Guus Sliepen [Sat, 16 Jan 2010 19:16:33 +0000 (20:16 +0100)]
Make MSS clamping configurable, but enabled by default.

It can either be set globally in tinc.conf, or per-node in host config files.

14 years agoAlso clamp MSS of TCP over IPv6 packets.
Guus Sliepen [Sat, 16 Jan 2010 18:32:33 +0000 (19:32 +0100)]
Also clamp MSS of TCP over IPv6 packets.