Guus Sliepen [Fri, 14 Jan 2011 21:18:59 +0000 (22:18 +0100)]
Introducing the Big Tinc Lock.
Now that tinc is multi-threaded, we need some form of synchronisation. For
now, there is a single mutex which we lock whenever we do something with global
data structures. The main thread, from which timer events are handled, is
always locked unless it is sleeping for the next event, the other threads
receive incoming I/O unlocked, and lock to process the received data.
In the future more fine-grained locking should be used, probably in the form of
rwlocks, or lockless algorithms (maybe RCU).
Guus Sliepen [Fri, 14 Jan 2011 20:22:46 +0000 (21:22 +0100)]
Proper check and dropin replacement for usleep().
Guus Sliepen [Fri, 14 Jan 2011 20:22:02 +0000 (21:22 +0100)]
Use usleep() instead of sleep().
Guus Sliepen [Fri, 14 Jan 2011 20:19:37 +0000 (21:19 +0100)]
Update NEWS.
Guus Sliepen [Fri, 14 Jan 2011 20:18:21 +0000 (21:18 +0100)]
Remove dependency on libevent, add -pthread when necessary.
Guus Sliepen [Fri, 14 Jan 2011 19:35:40 +0000 (20:35 +0100)]
Add a copy of tinc 1.0's event infrastructure.
Guus Sliepen [Fri, 14 Jan 2011 19:28:52 +0000 (20:28 +0100)]
Use tinc 1.0's event infrastructure to handle timeouts.
This removes the necessity for libevent.
Guus Sliepen [Fri, 14 Jan 2011 17:03:09 +0000 (18:03 +0100)]
Use threads for TCP listening sockets.
Guus Sliepen [Fri, 14 Jan 2011 16:34:48 +0000 (17:34 +0100)]
Remove use of bufferevents and evbuffers.
Guus Sliepen [Fri, 14 Jan 2011 16:09:29 +0000 (17:09 +0100)]
Use threads for TCP connections.
This is a minimal conversion which does not yet get rid of bufferevents and
evbuffers in connection_ts.
Guus Sliepen [Fri, 14 Jan 2011 15:37:24 +0000 (16:37 +0100)]
Use thread for tun device.
Guus Sliepen [Fri, 14 Jan 2011 15:15:03 +0000 (16:15 +0100)]
Cancel threads to ensure they abort blocking I/O operations.
Guus Sliepen [Fri, 14 Jan 2011 15:00:22 +0000 (16:00 +0100)]
Use threads for UDP sockets.
Guus Sliepen [Fri, 14 Jan 2011 14:17:55 +0000 (15:17 +0100)]
Add simple thread and mutex wrappers.
Guus Sliepen [Fri, 19 Nov 2010 12:26:20 +0000 (12:26 +0000)]
Do not try to dereference myself->connection->config_tree.
This was a bug introduced due to an incomplete merge (commit
ff71f289022ccb91abc2726f16522d55b5ccf0f6).
Guus Sliepen [Fri, 19 Nov 2010 12:22:48 +0000 (12:22 +0000)]
Merge branch 'master' into 1.1
Conflicts:
src/net_packet.c
src/openssl/rsagen.h
src/protocol_auth.c
src/protocol_key.c
Guus Sliepen [Tue, 16 Nov 2010 16:28:41 +0000 (17:28 +0100)]
Attribution for Brandon Black.
Guus Sliepen [Tue, 16 Nov 2010 15:45:36 +0000 (16:45 +0100)]
Fix variable length array declaration.
Guus Sliepen [Sat, 13 Nov 2010 20:36:51 +0000 (21:36 +0100)]
Free replay window when freeing a node_t.
Guus Sliepen [Sat, 13 Nov 2010 20:34:59 +0000 (21:34 +0100)]
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
Brandon L Black [Sat, 13 Nov 2010 18:05:51 +0000 (12:05 -0600)]
Improved handling of queue-jumping packets on receive
Brandon L Black [Sat, 13 Nov 2010 18:05:50 +0000 (12:05 -0600)]
Configurable ReplayWindow size, zero disables
Brandon L Black [Sat, 13 Nov 2010 18:05:49 +0000 (12:05 -0600)]
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
Brandon L Black [Sat, 13 Nov 2010 18:05:48 +0000 (12:05 -0600)]
Experimental IFF_ONE_QUEUE support for Linux
Guus Sliepen [Sat, 13 Nov 2010 14:55:38 +0000 (15:55 +0100)]
Use variable length arrays instead of alloca().
Guus Sliepen [Sat, 13 Nov 2010 14:50:39 +0000 (15:50 +0100)]
Provide usleep() for Windows.
Guus Sliepen [Sat, 13 Nov 2010 14:46:19 +0000 (15:46 +0100)]
Link tincctl with dropin.o.
Guus Sliepen [Fri, 12 Nov 2010 15:15:29 +0000 (16:15 +0100)]
Merge branch 'master' into 1.1
Conflicts:
doc/tincd.8.in
lib/pidfile.c
src/graph.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/node.h
src/protocol_auth.c
src/protocol_key.c
src/tincd.c
Guus Sliepen [Fri, 12 Nov 2010 10:38:05 +0000 (11:38 +0100)]
Don't use strlen() on a NULL pointer.
A bug introduced in commit
667b1bac77b134cf32c98d5dc25619e8c3303f52 caused tinc
to crash on startup.
Guus Sliepen [Fri, 12 Nov 2010 10:33:01 +0000 (11:33 +0100)]
Add short options -R and -U to the tincd(8) manpage.
Guus Sliepen [Tue, 2 Nov 2010 13:23:43 +0000 (14:23 +0100)]
Read error counter must be static.
Guus Sliepen [Tue, 2 Nov 2010 13:18:35 +0000 (14:18 +0100)]
Quit when there are too many consecutive errors on the tun/tap device.
Although transient errors sometimes happen on the tun/tap device (for example,
if the kernel is temporarily out of buffer space), there are situations where
the tun/tap device becomes permanently broken. Instead of endlessly spamming
the syslog, we now sleep an increasing amount of time between consecutive read
errors, and if reads still fail after 10 attempts (approximately 3 seconds),
tinc will quit.
Michael Tokarev [Sun, 24 Oct 2010 11:23:10 +0000 (15:23 +0400)]
Treat netname="." in a special way.
Treat netname "." in a special way as if there was no netname
specified. Before, f.e. tincd -n. -k didn't work as it tried
to open /var/run/tinc-.pid. Now -n. works as if there was no
-n option is specified.
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
Guus Sliepen [Fri, 22 Oct 2010 20:46:44 +0000 (22:46 +0200)]
Remove unused variables.
These were caused by commit
667b1bac77b134cf32c98d5dc25619e8c3303f52.
Guus Sliepen [Fri, 22 Oct 2010 20:43:50 +0000 (22:43 +0200)]
Abort disabling old PEM keys on I/O errors.
Guus Sliepen [Fri, 22 Oct 2010 20:42:21 +0000 (22:42 +0200)]
Ensure there is a newline character before a PEM key is written.
Guus Sliepen [Fri, 22 Oct 2010 11:40:04 +0000 (13:40 +0200)]
Attribution for Timothy Redaelli.
Guus Sliepen [Fri, 22 Oct 2010 11:17:42 +0000 (13:17 +0200)]
Attribution for Julien Muchembled.
Guus Sliepen [Fri, 22 Oct 2010 11:06:06 +0000 (13:06 +0200)]
Remove duplicate command-line option parsing.
Also fix parsing of command-line host configuration options for the local node.
Guus Sliepen [Fri, 22 Oct 2010 10:47:12 +0000 (12:47 +0200)]
Merge local host configuration with server configuration.
With some exceptions, tinc only accepted host configuration options for the
local node from the corresponding host configuration file. Although this is
documented, many people expect that they can also put those options in
tinc.conf. Tinc now internally merges the contents of both tinc.conf and the
local host configuration file.
Julien Muchembled [Fri, 3 Sep 2010 11:34:22 +0000 (13:34 +0200)]
New '-o' option to configure server or hosts from command line
Options given on the command line have precedence over configuration from files.
This can be useful, for example, for a roaming node, for which 'ConnectTo' and
<host>.Address depends on its location.
Guus Sliepen [Fri, 4 Jun 2010 14:03:19 +0000 (16:03 +0200)]
Do not append an address to ANS_KEY messages if we don't know any address.
This would let tinc raise an exception when an ANS_KEY request crossed a
DEL_EDGE request for the node sending the key.
Guus Sliepen [Fri, 4 Jun 2010 13:04:08 +0000 (15:04 +0200)]
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
Guus Sliepen [Fri, 4 Jun 2010 12:53:52 +0000 (14:53 +0200)]
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
In this situation, the two nodes will start fighting over the edges they announced.
When we have to contradict both ADD_EDGE and DEL_EDGE messages, we log a warning,
and with 25% chance per PingTimeout we quit.
Guus Sliepen [Fri, 7 May 2010 10:24:49 +0000 (12:24 +0200)]
Use strrchr() insteaad of rindex().
The latter function is deprecated, some build environments do not support.
Timothy Redaelli [Tue, 4 May 2010 13:43:48 +0000 (15:43 +0200)]
Fix warnings under BSD
Timothy Redaelli [Mon, 3 May 2010 22:27:44 +0000 (00:27 +0200)]
Fix warnings showed using -D_FORTIFY_SOURCE=2
Guus Sliepen [Sat, 1 May 2010 13:39:59 +0000 (15:39 +0200)]
Fix all warnings when compiling with mingw64.
Guus Sliepen [Sat, 1 May 2010 13:39:03 +0000 (15:39 +0200)]
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
Guus Sliepen [Sat, 1 May 2010 13:38:04 +0000 (15:38 +0200)]
Use intptr_t instead of long to store a pointer.
Guus Sliepen [Sat, 1 May 2010 13:37:11 +0000 (15:37 +0200)]
Define WINVER before including any other header file on Windows.
Guus Sliepen [Fri, 30 Apr 2010 21:18:22 +0000 (23:18 +0200)]
Remove obsolete lib/ directory.
Guus Sliepen [Fri, 30 Apr 2010 21:13:02 +0000 (23:13 +0200)]
Do not try to free NULL pointers.
Guus Sliepen [Fri, 30 Apr 2010 21:11:48 +0000 (23:11 +0200)]
Use correct digest length when checking a received key.
Guus Sliepen [Sat, 17 Apr 2010 10:33:36 +0000 (12:33 +0200)]
Add missing return statement.
Guus Sliepen [Sat, 17 Apr 2010 10:33:15 +0000 (12:33 +0200)]
Guus Sliepen [Sat, 17 Apr 2010 10:21:53 +0000 (12:21 +0200)]
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
configure.in
src/net.c
src/net.h
Guus Sliepen [Sat, 17 Apr 2010 10:03:08 +0000 (12:03 +0200)]
Fix experimental GUI when reading hexadecimal values.
Guus Sliepen [Sat, 17 Apr 2010 10:01:38 +0000 (12:01 +0200)]
Fix reading configuration files that do not end with a newline. Again.
Guus Sliepen [Sun, 11 Apr 2010 18:40:20 +0000 (20:40 +0200)]
Releasing 1.0.13.
Guus Sliepen [Sun, 11 Apr 2010 17:47:44 +0000 (19:47 +0200)]
Mark Forwarding and DirectOnly options as being experimental.
Guus Sliepen [Sun, 11 Apr 2010 17:39:31 +0000 (19:39 +0200)]
Don't redefine MAX if it already exists.
Guus Sliepen [Sun, 11 Apr 2010 17:20:02 +0000 (19:20 +0200)]
Fixes for definitions under Windows.
Guus Sliepen [Sun, 11 Apr 2010 16:34:50 +0000 (18:34 +0200)]
Ensure subnet-up/down scripts are called after HUP when necessary.
Guus Sliepen [Sun, 11 Apr 2010 02:35:16 +0000 (04:35 +0200)]
Fix reloading Subnets when StrictSubnets is set.
Guus Sliepen [Sat, 10 Apr 2010 22:50:42 +0000 (00:50 +0200)]
Reload Subnets when getting a HUP signal and StrictSubnets is used.
Guus Sliepen [Sat, 10 Apr 2010 21:55:15 +0000 (23:55 +0200)]
Ensure ICMP_NET_ANO is defined.
Guus Sliepen [Sat, 3 Apr 2010 08:46:45 +0000 (09:46 +0100)]
Convert Port to numeric form before sending it to other nodes.
If one uses a symbolic name for the Port option, tinc will send that name
literally to other nodes. However, it is not guaranteed that all nodes have
the same contents in /etc/services, or have such a file at all.
Sven-Haegar Koch [Wed, 31 Mar 2010 01:56:53 +0000 (03:56 +0200)]
Fixed metadata protokoll corruption on forwarded requests
When forwarding a metadata request through forward_request() we were
adding the required newline char to our buffer, but then sending the
data without it - this results in the forwarded request and the next one
to be garbled together.
Additionally while at it add a warning comment that request string is
not zero terminated anymore after a call to the forward_request()
function - for now this is ok as it is not used by any caller after this.
Sven-Haegar Koch [Fri, 26 Mar 2010 16:25:18 +0000 (17:25 +0100)]
Demote all LOG_EMERG to LOG_ERR, spamming all xterms is bad.
Sven-Haegar Koch [Fri, 26 Mar 2010 15:54:13 +0000 (16:54 +0100)]
README.git: tinc 1.1 needs libevent
Sven-Haegar Koch [Sun, 28 Mar 2010 15:51:26 +0000 (17:51 +0200)]
Function flush_meta() does not exist anymore.
Sven-Haegar Koch [Fri, 26 Mar 2010 16:07:30 +0000 (17:07 +0100)]
Add missing AC_CHECK_HEADERS([dirent.h]) to configure.in
Sven-Haegar Koch [Fri, 26 Mar 2010 16:18:04 +0000 (17:18 +0100)]
Fixed 1.0 miss-merges
Sven-Haegar Koch [Fri, 26 Mar 2010 15:51:03 +0000 (16:51 +0100)]
Merge branch 'master' into 1.1
Conflicts:
NEWS
README
configure.in
have.h
src/conf.c
src/conf.h
src/net.c
src/net_packet.c
src/protocol_key.c
src/protocol_subnet.c
src/route.c
src/tincd.c
Sven-Haegar Koch [Wed, 10 Mar 2010 01:50:51 +0000 (02:50 +0100)]
Never delete Subnets when StrictSubnets is set
If a node is unreachable, and not connected to an edge anymore, it gets
deleted. When this happens its subnets are also removed, which should
not happen with StrictSubnets=yes.
Solution:
- do not remove subnets in src/net.c::purge(), we know that all subnets
in the list came from our hosts files.
I think here you got the check wrong by looking at the tunnelserver
code below it - with strictsubnets we still inform others but do not
remove the subnet from our data.
- do not remove nodes in net.c::purge() that still have subnets
attached.
Guus Sliepen [Wed, 10 Mar 2010 15:07:01 +0000 (16:07 +0100)]
Fix typo.
Guus Sliepen [Mon, 8 Mar 2010 20:44:32 +0000 (21:44 +0100)]
Log unauthorized Subnets when StrictSubnets is set.
Guus Sliepen [Mon, 8 Mar 2010 16:54:57 +0000 (17:54 +0100)]
ConnectTo does not mean tinc does not listen for incoming connections anymore.
Guus Sliepen [Tue, 2 Mar 2010 22:27:50 +0000 (23:27 +0100)]
Fixes for the Forwarding option.
Guus Sliepen [Tue, 2 Mar 2010 21:55:24 +0000 (22:55 +0100)]
Add the DirectOnly option.
When this option is enabled, packets that cannot be sent directly to the destination node,
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
Guus Sliepen [Tue, 2 Mar 2010 21:34:26 +0000 (22:34 +0100)]
Add the Forwarding option.
This determines if and how incoming packets that are not meant for the local
node are forwarded. It can either be off, internal (tinc forwards them itself,
as in previous versions), or kernel (packets are always sent to the TUN/TAP
device, letting the kernel sort them out).
Guus Sliepen [Mon, 1 Mar 2010 23:18:44 +0000 (00:18 +0100)]
Add the StrictSubnets option.
When this option is enabled, tinc will not accept dynamic updates of Subnets
from other nodes, but will only use Subnets read from local host config files
to build its routing table.
Guus Sliepen [Mon, 1 Mar 2010 22:44:56 +0000 (23:44 +0100)]
Preload all Subnets in TunnelServer mode.
This simplifies the logic in protocol_subnet.c.
Guus Sliepen [Mon, 1 Mar 2010 22:44:46 +0000 (23:44 +0100)]
Check for dirent.h.
Guus Sliepen [Mon, 1 Mar 2010 22:35:02 +0000 (23:35 +0100)]
Simplify reading lines from configuration files.
Instead of allocating storage for each line read, we now read into fixed-size
buffers on the stack. This fixes a case where a malformed configuration file
could crash tinc.
Guus Sliepen [Sun, 28 Feb 2010 17:20:13 +0000 (18:20 +0100)]
Clamp MSS to miminum MTU in both directions.
Clamp MSS of both incoming and outgoing packets, and use the minimum of the
PMTU of both directions when clamping.
Timothy Redaelli [Wed, 10 Feb 2010 13:52:15 +0000 (14:52 +0100)]
Add --disable-zlib configure option
Timothy Redaelli [Wed, 10 Feb 2010 12:24:33 +0000 (13:24 +0100)]
Add --disable-lzo configure option
Guus Sliepen [Wed, 3 Feb 2010 21:49:48 +0000 (22:49 +0100)]
Releasing 1.0.12.
Guus Sliepen [Wed, 3 Feb 2010 10:18:46 +0000 (11:18 +0100)]
Ensure peers with a meta connection always have our key.
This keeps UDP probes going, which in turn keeps NAT mappings alive.
Guus Sliepen [Tue, 2 Feb 2010 21:49:21 +0000 (22:49 +0100)]
Update copyright notices.
Guus Sliepen [Tue, 2 Feb 2010 21:22:27 +0000 (22:22 +0100)]
Try to set DF bit on BSDs as well.
Every operating system seems to have its own, slightly different way to disable
packet fragmentation. Emit a compiler warning when no suitable way is found.
On OpenBSD, it seems impossible to do it for IPv4.
Guus Sliepen [Tue, 2 Feb 2010 00:02:40 +0000 (01:02 +0100)]
Immediately exchange keys when establishing a meta connection.
This in turn will trigger PMTU discovery, and ensures nodes know each others
reflexive UDP address and port.
Guus Sliepen [Mon, 1 Feb 2010 23:51:44 +0000 (00:51 +0100)]
Determine peer's reflexive address and port when exchanging keys.
To help peers that are behind NAT connect to each other directly via UDP, they
need to know the exact external address and port that they use. Keys exchanged
between NATted peers necessarily go via a third node, which knows this address
and port, and can append this information to the keys, which is in turned used
by the peers.
Since PMTU discovery will immediately trigger UDP communication from both sides
to each other, this should allow direct communication between peers behind
full, address-restricted and port-restricted cone NAT.
Guus Sliepen [Sat, 23 Jan 2010 17:48:01 +0000 (18:48 +0100)]
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
When we got a key request for or from a node we don't know, we disconnected the
node that forwarded us that request. However, especially in TunnelServer mode,
disconnecting does not help. We now ignore such requests, but since there is no
way of telling the original sender that the request was dropped, we now retry
sending REQ_KEY requests when we don't get an ANS_KEY back.
Guus Sliepen [Fri, 22 Jan 2010 20:59:40 +0000 (21:59 +0100)]
Run subnet-up/down scripts for local MAC addresses as well.
Guus Sliepen [Fri, 22 Jan 2010 20:47:26 +0000 (21:47 +0100)]
Fix subnet-up/down scripts being called with an empty SUBNET.
Commit
052ff8b2c598358d1c5febaa9f9f5fc5d384cfd3 contained a bug that causes
scripts to be called with an empty, or possibly corrupted SUBNET variable when
a Subnet is added or removed while the owner is still online. In router mode,
this normally does not happen, but in switch mode this is normal.
Guus Sliepen [Sat, 16 Jan 2010 19:16:33 +0000 (20:16 +0100)]
Make MSS clamping configurable, but enabled by default.
It can either be set globally in tinc.conf, or per-node in host config files.
Guus Sliepen [Sat, 16 Jan 2010 18:32:33 +0000 (19:32 +0100)]
Also clamp MSS of TCP over IPv6 packets.