Guus Sliepen [Mon, 11 Apr 2016 13:28:26 +0000 (15:28 +0200)]
Update .gitignore.
Guus Sliepen [Mon, 11 Apr 2016 13:27:08 +0000 (15:27 +0200)]
Remove elliptic curve stubs from gcrypt/, add PRF implementation.
Guus Sliepen [Fri, 8 Apr 2016 15:49:49 +0000 (17:49 +0200)]
Really don't compile getopt*.c if the system provides getopt_long().
Guus Sliepen [Sat, 9 Apr 2016 20:17:47 +0000 (22:17 +0200)]
Enable silent builds by default.
Cleaner build messages make it easier to spot compiler warnings and errors.
Use make V=1 to get the verbose output back.
# Conflicts:
# configure.ac
# doc/Makefile.am
Guus Sliepen [Sun, 10 Apr 2016 13:04:59 +0000 (15:04 +0200)]
Update links in the documentation.
# Conflicts:
# doc/tinc.conf.5.in
# doc/tinc.texi
# src/avl_tree.c
# src/avl_tree.h
Guus Sliepen [Sun, 10 Apr 2016 12:47:21 +0000 (14:47 +0200)]
Explicitly mention that LibreSSL can be used as well.
# Conflicts:
# doc/tinc.texi
# m4/openssl.m4
Guus Sliepen [Mon, 11 Apr 2016 12:49:51 +0000 (14:49 +0200)]
Update support for BSD tun/tap devices, add support for OS X utun interfaces.
Guus Sliepen [Sun, 1 Nov 2015 20:07:56 +0000 (21:07 +0100)]
Update "now" after connect() when making outgoing connections.
It could be that address resolution takes a long time, don't let that
count against a connection. This is especially important when using a
nameserver from the VPN.
# Conflicts:
# src/net_socket.c
Guus Sliepen [Sun, 3 May 2015 18:06:12 +0000 (20:06 +0200)]
Never call putenv() with data on the stack.
Even though we are using putenv() here to remove items from the
environment, there is no guarantee that putenv() doesn't add the
argument to the environment anyway. In that case, we have to make sure
that it doesn't go away. We also don't want a memory leak, so keep a
list of things we unputenv()ed around, so we can reuse things.
Thanks to Poul-Henning Kamp for pointing out this problem.
# Conflicts:
# src/process.c
Guus Sliepen [Tue, 14 Apr 2015 09:20:24 +0000 (11:20 +0200)]
Fix --logfile without a filename on Windows.
On Windows, the log filename now defaults to "tinc.log" in the same
directory as tinc.conf.
# Conflicts:
# src/tincd.c
Guus Sliepen [Sun, 10 Apr 2016 15:22:41 +0000 (17:22 +0200)]
Support ToS/DiffServ for IPv6 meta and UDP connections.
Also remember ToS/DiffServ priority for each socket individually. This
is a port of commits
c72e237 and
042a6c1.
Guus Sliepen [Fri, 8 Apr 2016 16:09:30 +0000 (18:09 +0200)]
Use iface instead of interface.
This was accidentally added in commit
2f03a5d.
Guus Sliepen [Sun, 10 Apr 2016 15:01:04 +0000 (17:01 +0200)]
Update THANKS.
Guus Sliepen [Sun, 10 Apr 2016 14:51:03 +0000 (16:51 +0200)]
Update .gitignore.
Guus Sliepen [Fri, 8 Apr 2016 15:49:49 +0000 (17:49 +0200)]
Don't compile getopt*.c if the system provides getopt_long().
# Conflicts:
# configure.ac
# src/Makefile.am
# src/tincd.c
Guus Sliepen [Sun, 10 Apr 2016 14:38:45 +0000 (16:38 +0200)]
Fix typo.
Found by LunarShaddow.
LunarShaddow [Mon, 7 Mar 2016 07:43:04 +0000 (15:43 +0800)]
re-arrange include sequence to avoid a mingw introduced bug.
refers: https://www.cygwin.com/ml/cygwin/2012-12/msg00194.html
# Conflicts:
# src/cygwin/device.c
LunarShaddow [Mon, 7 Mar 2016 07:42:34 +0000 (15:42 +0800)]
fix typo
Guus Sliepen [Sun, 28 Feb 2016 15:38:49 +0000 (16:38 +0100)]
Fix for botched cherry-pick commit
60fb230.
Guus Sliepen [Sat, 27 Feb 2016 13:46:01 +0000 (14:46 +0100)]
Add warnings for bad combinations of Device and Interface.
On Linux, the name of the tun/tap interface can be set freely. However,
on most other operating systems, tinc cannot change the name of the
interface. In those situations, it is possible to specify a Device and
an Interface that conflict with each other. On BSD, this can cause
$INTERFACE to be set incorrectly, on Windows, this results in a
potentially unreliable way in which a TAP-Win32 interface is selected.
# Conflicts:
# src/bsd/device.c
Guus Sliepen [Sat, 27 Feb 2016 13:22:36 +0000 (14:22 +0100)]
Small fixes for the documentation.
# Conflicts:
# doc/tinc.texi
Guus Sliepen [Sat, 27 Feb 2016 13:21:53 +0000 (14:21 +0100)]
Clarify that scripts are called synchronously.
# Conflicts:
# doc/tinc.conf.5.in
# doc/tinc.texi
Guus Sliepen [Sun, 28 Feb 2016 15:28:28 +0000 (16:28 +0100)]
Fix forwarding of edge updates.
Commit
e4670fc accidentily prevented ADD_EDGE messages from propagating
in some cases.
Guus Sliepen [Sat, 27 Feb 2016 13:18:20 +0000 (14:18 +0100)]
Improve performance of edge updates.
Vittorio Gambaletta (VittGam) [Fri, 25 Sep 2015 14:51:51 +0000 (16:51 +0200)]
Remove forward declaration for do_decrement_ttl.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
Vittorio Gambaletta (VittGam) [Fri, 25 Sep 2015 13:35:28 +0000 (15:35 +0200)]
s/broadcast_packet_helper/route_broadcast/
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
Vittorio Gambaletta (VittGam) [Fri, 25 Sep 2015 02:52:25 +0000 (04:52 +0200)]
Fix DecrementTTL option for packets destined to the local node.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
Vittorio Gambaletta (VittGam) [Fri, 4 Sep 2015 15:04:03 +0000 (17:04 +0200)]
Try to reply with node address only when decrementing the TTL.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Vittorio Gambaletta (VittGam) [Fri, 4 Sep 2015 02:00:57 +0000 (04:00 +0200)]
Fix source IP address for ICMP unreachable packets generated by tinc.
Try to send ICMP unreachable replies from an address assigned to the
local machine, instead of the destination address of the original
packet.
The address is found by looking up the route towards the sender of
the packet that generated the error; in usual configurations, this
is the tinc interface.
This also fixes the traceroute display in mtr when using the
DecrementTTL option.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
Vittorio Gambaletta (VittGam) [Thu, 3 Sep 2015 14:02:50 +0000 (16:02 +0200)]
Fix DecrementTTL option.
The option was not actually working, as it could be seen on traceroute or mtr.
The problem is that it was checking if the TTL was < 1 (so equal to 0) before decrementing it.
This meant that a packet with a TTL of 1 was being sent with a TTL of 0 on the VPN, instead of being discarded with the ICMP error message.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
# Conflicts:
# src/route.c
Guus Sliepen [Sun, 28 Feb 2016 14:48:19 +0000 (15:48 +0100)]
Use nostdinc instead of overriding DEFAULT_INCLUDES.
Guus Sliepen [Sun, 5 Jul 2015 14:03:03 +0000 (16:03 +0200)]
Only check for -fno-strict-overflow if -fwrapv does not work.
Guus Sliepen [Sun, 28 Feb 2016 14:39:41 +0000 (15:39 +0100)]
Update .gitignore.
Guus Sliepen [Tue, 26 Jan 2016 23:09:29 +0000 (00:09 +0100)]
Add the ability to sign and verify files.
Guus Sliepen [Sun, 17 Jan 2016 22:29:23 +0000 (23:29 +0100)]
Merge remote-tracking branch 'mweinelt/tinc-gui' into 1.1
Guus Sliepen [Thu, 14 Jan 2016 14:07:22 +0000 (15:07 +0100)]
Only add a reflexive address when we're sure it's working.
Guus Sliepen [Thu, 10 Dec 2015 15:45:05 +0000 (16:45 +0100)]
Use static buffers for recvmmsg(), initialize them only as needed.
As suggested by Michael Tokarev.
Guus Sliepen [Thu, 10 Dec 2015 15:30:32 +0000 (16:30 +0100)]
Add support for recvmmsg().
Based on a patch from Samuel Thibault and input from Michael Tokarev.
Guus Sliepen [Thu, 26 Nov 2015 10:29:54 +0000 (11:29 +0100)]
list_delete() already free()s the deleted element.
Guus Sliepen [Tue, 24 Nov 2015 15:48:44 +0000 (16:48 +0100)]
Don't leave dead outgoing_t's in the outgoing_list.
If an outgoing connection cannot be made because no address is known for
it, it should be removed from the outgoing_list, otherwise it will
prevent it from being re-added later when we do know addresses for it.
Etienne Dechamps [Sun, 22 Nov 2015 18:57:59 +0000 (18:57 +0000)]
Add upnp.h to tincd SOURCES.
This was missing from
513bffe1fee07bcbcb50691e221874adc1507857.
Etienne Dechamps [Sun, 22 Nov 2015 17:14:14 +0000 (17:14 +0000)]
Don't unset validkey when receiving SPTPS handshakes over ANS_KEY.
This fixes a hairy race condition that was introduced in
1e89a63f1638e43dee79afbb18d5f733b27d830b, which changed
the underlying transport of handshake packets from REQ_KEY to ANS_KEY.
Unfortunately, what I missed in that commit is, on the receiving side,
there is a slight difference between req_key_h() and ans_key_h():
indeed, the latter resets validkey to false.
The reason why this is not a problem during typical operation is
because the normal SPTPS key regeneration procedure looks like this:
KEX ->
<- KEX
SIG ->
<- SIG
All these messages are sent over ANS_KEY, therefore the receiving side
will unset validkey. However, that's typically not a problem in practice
because upon reception of the last message (SIG), SPTPS will call
sptps_receive_record(), which will set validkey to true again, and
everything works out fine in the end.
However, that was the *typical* scenario. Now let's assume that the
SPTPS channel is in active use at the same time key regeneration
happens. Specifically, let's assume a normal VPN data packet sneaks in
during the key regeneration procedure:
KEX ->
<- KEX
<- (SPTPS packet, over TCP or UDP)
<- KEX (wtf?)
SIG -> (refused with Invalid packet seqno: XXX != 0)
At this point, both nodes are extremely confused and the SPTPS channel
becomes unusable with various errors being thrown on both sides. The
channel will stay down until automatic SPTPS channel restart kicks in
after 10 seconds.
(Note: the above is just an example - the race can occur on either side
whenever a packet is sent during the period of time between KEX and SIG
messages are received by the node sending the packet.)
I've seen this race occur in the wild - it is very likely to occur if
key regeneration occurs on a heavily loaded channel. It can be
reproduced fairly easily by setting KeyExpire to a short value (a few
seconds) and then running something like ping -f foobar -i 0.01.
The reason why this occurs is because tinc's TX code path triggers the
following:
- send_packet()
- try_tx()
- try_tx_sptps()
- validkey is false because we just received an ANS_KEY message
- waitingforkey is false because it's not used for key regeneration
- send_req_key()
- SPTPS channel restart (sptps_stop(), sptps_start()).
Obviously, it all goes downhill from there and the two nodes get very
confused quickly (for example the seqno gets reset, hence the error
messages).
This commit fixes the issue by keeping validkey set when SPTPS data is
received over ANS_KEY messages.
Guus Sliepen [Sat, 21 Nov 2015 18:41:14 +0000 (19:41 +0100)]
Update THANKS file.
Etienne Dechamps [Sun, 15 Nov 2015 17:42:14 +0000 (17:42 +0000)]
Try to ensure we build correctly against various libminiupnpc versions.
Unfortunately, libminiupnpc has a somewhat... "peculiar" approach to
backwards compatibility for their API, where they reserve the right to
make breaking changes when they feel like it, forcing users to resort
to #ifdefs to ensure they use the correct API. Sigh.
Previously, tinc would only build against API versions <= 13, because I
was doing my initial development using miniupnpc-1.9.
20140610 which is
the version that ships with Debian. The changes in this commit are
required for tinc to build against more recent versions, from
1.9.
20150730 to the latest one at the time of this commit, 1.9.
20151026.
Etienne Dechamps [Sun, 15 Nov 2015 15:30:01 +0000 (15:30 +0000)]
Allow tinc to be built with miniupnpc on Windows.
Contrary to what I expected, it so happens that modern versions of MinGW
include an implementation of pthread natively by default, so there is no
need to introduce Win32-specific threading code. This means the only
changes required to make UPnP work on Windows are just build parameter
tuning.
This commit forces MinGW to be built statically. This makes linking
against miniupnpc simpler (otherwise we would have to handle the mess
of dllimport & co.) and it also prevents libwinpthread from being linked
dynamically (which it is by default), as this would require additional
DLLs to be distributed. Since static linking is how tinc is
traditionally built on Windows, I don't expect this to be a big deal.
Etienne Dechamps [Sun, 15 Nov 2015 13:40:07 +0000 (13:40 +0000)]
Add UPnP support to tincd.
This commit makes tincd capable of discovering UPnP-IGD devices on the
local network, and add mappings (port redirects) for its TCP and/or UDP
port.
The goal is to improve reliability and performance of tinc with nodes
sitting behind home routers that support UPnP, by making it less reliant
on UDP Hole Punching, which is prone to failure when "hostile" NATs are
involved.
The way this is implemented is by leveraging the libminiupnpc library,
which we have just added a new dependency on. We use pthread to run the
UPnP client code in a dedicated thread; we can't use the tinc event loop
because libminiupnpc doesn't have a non-blocking API.
Etienne Dechamps [Sat, 14 Nov 2015 14:47:42 +0000 (14:47 +0000)]
Add a new optional dependency on the miniupnpc library.
The miniupnpc library is a lightweight UPnP-IGD client.
http://miniupnp.free.fr/
Contrary to other libraries, this dependency is disabled by default.
This is because the library is somewhat obscure and is only tangentially
useful, so enabling it by default would probably annoy most users.
Etienne Dechamps [Sat, 7 Nov 2015 11:04:13 +0000 (11:04 +0000)]
Make sure the packet source MAC address is always set.
When tinc is used in router mode with a TAP device, Ethernet (MAC)
headers are not present in packets flowing over the VPN; it is the
node's responsibility to fill out this header before handing the
packet over to the TAP interface (which expects such headers).
Currently, tinc fills out the destination MAC address of the packet
(otherwise the host would not recognize the packets, and nothing would
work), but it does not fill out the source MAC address. In practice this
doesn't seem to cause any real issues (the host doesn't care about the
source address), but it does look weird when looking at the packets with
a sniffer, and it also result in the following valgrind warning:
==13651== Syscall param write(buf) points to uninitialised byte(s)
==13651== at 0x5C4B620: __write_nocancel (syscall-template.S:81)
==13651== by 0x1445AA: write_packet (device.c:183)
==13651== by 0x118C7C: send_packet (net_packet.c:1259)
==13651== by 0x12B70A: route_ipv4 (route.c:443)
==13651== by 0x12D5F8: route (route.c:971)
==13651== by 0x1152BC: receive_packet (net_packet.c:250)
==13651== by 0x117E1B: receive_sptps_record (net_packet.c:904)
==13651== by 0x1309A8: sptps_receive_data_datagram (sptps.c:488)
==13651== by 0x130A90: sptps_receive_data (sptps.c:508)
==13651== by 0x115569: receive_udppacket (net_packet.c:286)
==13651== by 0x119856: handle_incoming_vpn_data (net_packet.c:1499)
==13651== by 0x10F3DA: event_loop (event.c:287)
==13651== Address 0xffeffea3a is on thread 1's stack
==13651== in frame #6, created by receive_sptps_record (net_packet.c:821)
==13651==
This commit fixes the issue by filling out the source MAC address. It is
generated by negating the last byte of the device MAC address, which is
consistent with what route_arp() does.
In addition, this commit stops route_arp() from filling out the Ethernet
header of the packet - this is the responsibility of send_packet(), not
route().
Etienne Dechamps [Wed, 4 Nov 2015 19:18:12 +0000 (19:18 +0000)]
Revert "Cache node IDs in a hash table for faster lookups."
This reverts commit
c2319e90b16962fe899bc60abc8af0e2542bb176.
As a general principle, I do not believe it is worthwhile to cache
nodes. Sure, it brings lookup time down from O(log n) to O(1), but
considering that the scalability target of tinc is around 1000 nodes
and log2(1000) is 10, that looks like premature optimization; tree
lookups should already be very fast. Therefore, I believe it makes sense
to remove the cache as a code cleanup initiative.
Etienne Dechamps [Wed, 4 Nov 2015 19:07:14 +0000 (19:07 +0000)]
Use a splay tree for node UDP addresses in order to avoid collisions.
This commit replaces the node UDP address hash table "cache" with a
full-blown splay tree, aligning it with node_tree (name-indexed) and
node_id_tree (ID-indexed).
I'm doing this for two reasons. The first reason is to make sure we
don't suddenly degrade to O(n) performance when two "hot" nodes end up
in the same hash table bucket (collision).
The second, and most important, reason, has to do with the fact that
the hash table that was being used overrides elements that collide.
Indeed, it turns out that there is one scenario in which the contents of
node_udp_cache has *correctness* implications, not just performance
implications. This has to do with the way handle_incoming_vpn_data() is
implemented.
Assume the following topology:
A <-> B <-> C
Now let's consider the perspective of tincd running on B, and let's
assume the following is true:
- All nodes are using the 1.1 protocol with node IDs and relaying
support.
- Nodes A and C have UDP addresses that hash to the same value.
- Node C "wins" in the node_udp_cache (i.e. it overwrites A in the
cache).
- Node A has a "dynamic" UDP address (i.e. an UDP address that has been
detected dynamically and cannot be deduced from edge addresses).
Then, before this commit, A would be unable to relay packets through B.
This is because handle_incoming_vpn_data() will fall back to
try_harder(), which won't be able to match any edge addresses, doesn't
check the dynamic UDP addresses, and won't be able to match any keys
because this is a relayed packet which is encrypted with C's key, not
B's. As a result, tinc will fail to match the source of the packet and
will drop the packet with a "Received UDP packet from unknown source"
message.
I have seen this happen in the wild; it is actually quite likely to
occur when there are more than a handful of nodes because node_udp_cache
only has 256 buckets, making collisions quite likely. This problem is
quite severe because it can completely prevent all packet communication
between nodes - indeed, if node A tries to initiate some communication
with C, it will use relaying at first, until C responds and helps A
establish direct communication with it (e.g. hole punching). If relaying
is broken, C will not help establish direct communication, and as a
result no packets can make it through at all.
The bug can be reproduced fairly easily by reproducing the topology
above while changing the (hardcoded) node_udp_cache size to 1 to force a
collision. One will quickly observe various issues when trying to make A
talk to C. Setting IndirectData on B will make the issue even more
severe and prevent all communication.
Arguably, another way to fix this problem is to make try_harder()
compare the packet's source address to each node's dynamic UDP
addresses. However, I do not like this solution because if two "hot"
nodes are contending on the same hash bucket, try_harder() will be
called very often and packet routing performance will degrade closer to
O(N) (where N is the total number of nodes in the graph). Using a more
appropriate data structure fixes the bug without introducing this
performance problem.
Guus Sliepen [Mon, 26 Oct 2015 12:46:30 +0000 (13:46 +0100)]
Avoid undefined behavior.
Left shifts of negative values is undefined in C. This happens a lot in
the
Ed25519 code. Cast to unsigned first, then cast the result back to
signed where necessary.
Martin Weinelt [Mon, 28 Sep 2015 04:34:15 +0000 (06:34 +0200)]
tinc-gui: Properly initialize class attributes for VPN in __init__
Martin Weinelt [Mon, 28 Sep 2015 03:54:17 +0000 (05:54 +0200)]
tinc-gui: Use ArgumentParser, default to python2
Martin Weinelt [Mon, 28 Sep 2015 03:34:22 +0000 (05:34 +0200)]
tinc-gui: Fix GetListCtrl method name in SuperListCtrl
wxPython wrongly expects camelcase method names, this however
is against PEP8
Martin Weinelt [Mon, 28 Sep 2015 03:31:59 +0000 (05:31 +0200)]
tinc-gui: Update Node object to correctly parse responses
The application was expecting a different respoonse from tinc
and wouldn't properly it, and thus not start at all.
Martin Weinelt [Mon, 28 Sep 2015 03:20:03 +0000 (05:20 +0200)]
tinc-gui: Reformat codebase according to PEP8
Guus Sliepen [Fri, 25 Sep 2015 08:06:18 +0000 (10:06 +0200)]
Fix a few memory leaks in the CLI found by AddressSanitizer.
Guus Sliepen [Fri, 25 Sep 2015 08:05:24 +0000 (10:05 +0200)]
Fix struct node_status_t.
Although not a problem for tinc internally, the size of the struct was 12
bytes instead of 4, causing some problems when interpreting the value
received from tincd by the CLI.
Guus Sliepen [Thu, 24 Sep 2015 20:20:00 +0000 (22:20 +0200)]
Replace bare if statements with AS_IF in configure.ac.
Guus Sliepen [Thu, 24 Sep 2015 19:53:49 +0000 (21:53 +0200)]
Optionally install systemd service files.
If --with-systemd is given when running the configure script, two
systemd service files will be installed. There is a template
tinc@.service, which can be used to control individual instances of
tinc. For example:
systemctl enable tinc@foo
Will create an instance for tinc with netname foo. There is also a
tinc.service, which can be used to start and stop all instances at once.
Guus Sliepen [Thu, 24 Sep 2015 15:10:25 +0000 (17:10 +0200)]
Add -I m4 back to ACLOCAL_AMFLAGS.
In commit
b7b5d51, AC_CONFIG_MACRO_DIRS([m4]) was added to configure.ac,
which is the current proper way of including the m4 directory. However,
old versions of autoconf ignore it and need the -I m4 statement in
Makefile.am. Both the old and new way of indicating that the m4/
directory should be included can coexist.
Nathan Stratton Treadway [Sat, 12 Sep 2015 14:33:52 +0000 (16:33 +0200)]
Fix invalid checksum generation.
Use equation 3 given in RFC 1624 and the UpdateTTL() example function given
RFC 1141.
# Conflicts:
# src/route.c
Guus Sliepen [Wed, 22 Jul 2015 12:33:56 +0000 (14:33 +0200)]
In sssp_bfs(), never try to update myself.
thorkill [Sun, 19 Jul 2015 16:53:29 +0000 (18:53 +0200)]
Do not access e->to->prevedge if not defined
In some cases - mostly when e->to == myself the prevedge is set to NULL,
causing invalid memory access. In rare cases this may lead to malformed mst
or segfaults.
Guus Sliepen [Wed, 15 Jul 2015 13:12:53 +0000 (15:12 +0200)]
Use AC_CONFIG_MACRO_DIR() instead of _DIRS().
The former is guaranteed to work with autoconf 2.58 and later, and we
don't have multiple m4 directories anyway.
Guus Sliepen [Sun, 12 Jul 2015 14:31:32 +0000 (16:31 +0200)]
Fix the PRF function when compiling without OpenSSL.
thorkill [Tue, 7 Jul 2015 21:14:08 +0000 (23:14 +0200)]
Prevent tinc from forgeting e->local_address
If ADD_EDGE came from tinc version 1.0.x local_address.sa.sa_family is set to 0.
If it came from tinc version 1.1.x forwarded for older verion it will be 255 - AF_UNKNOWN.
thorkill [Tue, 7 Jul 2015 19:19:26 +0000 (21:19 +0200)]
Make sure we do not allocate new edge when talking to old nodes and the same edge already exists
When tinc gets ADD_EDGE from older versions it will allocate
new edge in protocol_edge.c:189 due to missed case in lines 149-171 where
local_address is not defined.
Guus Sliepen [Sun, 12 Jul 2015 11:08:34 +0000 (13:08 +0200)]
Make subnet caches static.
thorkill [Tue, 30 Jun 2015 17:11:45 +0000 (19:11 +0200)]
Included missing names.h
Guus Sliepen [Sun, 12 Jul 2015 11:05:51 +0000 (13:05 +0200)]
Use AC_CONFIG_MACRO_DIRS([m4]).
Guus Sliepen [Sun, 12 Jul 2015 10:55:13 +0000 (12:55 +0200)]
Remove unused code that caused warnings about an uninitialized variable.
thorkill [Sun, 28 Jun 2015 22:23:13 +0000 (00:23 +0200)]
Removed double break;
Guus Sliepen [Sun, 12 Jul 2015 10:33:07 +0000 (12:33 +0200)]
Fix undefined behaviour when left-shifting signed integers.
Found by -fsanitize=undefined.
Guus Sliepen [Sat, 4 Jul 2015 15:53:11 +0000 (17:53 +0200)]
Call sockaddrfree(&e->local_address) in free_edge() instead of exit_edges().
The proper place to clean up resources of objects is in their
destructor. This makes sure proper cleanup when edge_del() is called as
well. At exit, free_edge() is called on all edges by free_edge_tree(),
which is called by exit_nodes().
Guus Sliepen [Sat, 4 Jul 2015 15:51:05 +0000 (17:51 +0200)]
Coalesce two if statements that check for the same thing.
Jo-Philipp Wich [Thu, 18 Jun 2015 21:58:31 +0000 (23:58 +0200)]
fix musl compatibility
Let configure include sys/if_tun.h when testing for netinet/if_ether.h
to detect the Kernel/libc header conflict on musl.
After this patch, configure will correctly detect netinet/if_ether.h as
unusable and the subsequent compilation will not attempt to use it.
Conflicts:
src/have.h
Guus Sliepen [Sat, 4 Jul 2015 15:18:40 +0000 (17:18 +0200)]
Don't #include OpenSSL headers when compiling without OpenSSL.
thorkill [Sat, 4 Jul 2015 01:21:01 +0000 (03:21 +0200)]
Cleanup local_address in protocol_edge.c
In line 131 local_address has been defined,
but the memory was never freed on return.
thorkill [Sat, 4 Jul 2015 00:39:12 +0000 (02:39 +0200)]
Cleanup edges stored in edge_weight_tree on exit
protocol_edge.c: 131 defines local_address using str2sockaddr
str2sockaddr() allocates memory which has to be freed on exit.
thorkill [Fri, 3 Jul 2015 22:29:36 +0000 (00:29 +0200)]
Fixed 2 leaks in setup_myself()
Florian Klink [Thu, 2 Jul 2015 10:35:42 +0000 (12:35 +0200)]
setup_outgoing_connection: log to LOG_DEBUG on if no known address
With AutoConnect = yes, tinc tries to establish connections to known hosts.
However, you could have set no Address for this host, which is perfectly fine
(as long as there is at least one bootstrap node with an address or a local
discovered node already part of the network)
So log this to LOG_DEBUG
Florian Klink [Thu, 2 Jul 2015 10:35:41 +0000 (12:35 +0200)]
(read|append)_config_file: log open errors as LOG_DEBUG
In a "decentrally managed vpn" it is very likely that host config
files for some reachable nodes do not exist. Currently, tinc
fills the logs with "Cannot open config file" messages.
This commit changes the log level to LOG_DEBUG so
syslog doesn't get filled by default.
Etienne Dechamps [Sat, 20 Jun 2015 10:41:20 +0000 (11:41 +0100)]
Protect against callbacks removing items from the io tree.
The definition of the splay_each() macro is somewhat complicated for
syntactic reasons. Here's what it does in a more readable way:
for (splay_node_t* node = tree->head; node;) {
type* item = node->data;
splay_node_t* next = node->next;
// RUN USER BLOCK with (item)
node = next;
}
list_each() works in the same way. Since node->next is saved before the
user block runs, this construct supports removing the current item from
within the user block. However, what it does *not* support is removing
*other items* from within the user block, especially the next item.
Indeed, that will invalide the next pointer in the above loop and
therefore result in an invalid pointer dereference.
Unfortunately, there is at least one code path where that unsupported
operation happens. It is located in ack_h(), where the authentication
protocol code detects a double connection (i.e. being connected to
another node twice). Running in the context of a socket read event, this
code will happily terminate the *other* metaconnection, resulting in its
socket being removed from the io tree. If, by misfortune, this other
metaconnection happened to have the next socket FD number (which is
quite possible due to FD reuse - albeit unlikely), and was part of the
io tree (which is quite likely because if that connection is stuck, it
will most likely have pending writes) then this will result in the next
pending io item being destroyed. Invalid pointer dereference ensues.
I did a quick audit of other uses of splay_each() and list_each() and
I believe this is the only scenario in which this "next pointer
invalidation" problem can occur in practice. While this bug has been
there since at least
6bc5d626a8726fc23365ee705761a3c666a08ad4 (November
2012), if not sooner, it happens quite rarely due to the very specific
set of conditions required to trigger it. Nevertheless, it does manage
to crash my central production nodes every other week or so.
Dato Simó [Tue, 16 Jun 2015 23:44:45 +0000 (20:44 -0300)]
Fix typo in tinc.texi.
Guus Sliepen [Wed, 10 Jun 2015 21:42:17 +0000 (23:42 +0200)]
Fix crash is sptps_logger().
Unfortunately, sptps_logger() cannot know if s->handle is pointing to a
connection_t or a node_t. But it needs to print name and hostname in
both cases. So make sure both types have name and hostname fields at the
start with the same offset.
Guus Sliepen [Sun, 7 Jun 2015 21:20:14 +0000 (23:20 +0200)]
Fix alignment of output of sptps_speed.
Guus Sliepen [Sun, 7 Jun 2015 21:14:48 +0000 (23:14 +0200)]
Fix receiving SPTPS data in sptps_speed and sptps_test.
The sptps_receive_data() was changed in commit
d237efd to only process
one SPTPS record from a stream input. So now we have to put a loop
around it to ensure we process everything.
Guus Sliepen [Sun, 7 Jun 2015 20:50:05 +0000 (22:50 +0200)]
Fix warnings about missing return value checks.
In some harmless places, checks for the return value of ECDSA and RSA
key generation and verification was omitted. Add them to keep the
compiler happy and to warn end users in case something is wrong.
Guus Sliepen [Sun, 7 Jun 2015 20:25:22 +0000 (22:25 +0200)]
Fix autoconf check for function attributes.
GCC warns when a function attribute has no effect. The autoconf check
turns warnings about attributes into errors, therefore thinking that
they did not work. The reason was that the test function returned void,
which is not suitable for checking both __malloc__ and
__warn_unused_result__.
Guus Sliepen [Sun, 31 May 2015 21:51:39 +0000 (23:51 +0200)]
Fix missing return value caused by the previous commit.
Etienne Dechamps [Sun, 31 May 2015 19:19:48 +0000 (20:19 +0100)]
Don't try to relay packets to unreachable nodes.
It is not unusual for tinc to receive SPTPS packets to be relayed to
nodes that just became unreachable, due to state propagation delays in
the metagraph.
Unfortunately, the current code doesn't handle that situation correctly,
and still tries to relay the packet to the unreachable node. This
typically ends up segfaulting.
This commit fixes the issue by checking for reachability before relaying
the packet.
Etienne Dechamps [Sun, 24 May 2015 08:49:16 +0000 (09:49 +0100)]
Fix invalid pointer use in get_my_hostname().
clang-3.7 warnings surfaced an actual bug:
invitation.c:185:5: error: address of array 'filename' will always evaluate to 'true'
[-Werror,-Wpointer-bool-conversion]
if(filename) {
~~ ^~~~~~~~
The regression was introduced in
3ccdf50beb6b2d3f2730bdc66006b43190537cde.
Etienne Dechamps [Sun, 24 May 2015 08:45:09 +0000 (09:45 +0100)]
Fix wrong format string type in send_sptps_tcppacket().
This issue was found through a clang-3.7 warning:
protocol_misc.c:167:46: error: format specifies type 'short' but the argument has type 'int'
[-Werror,-Wformat]
if(!send_request(c, "%d %hd", SPTPS_PACKET, len))
~~~ ^~~
%d
Etienne Dechamps [Sat, 23 May 2015 16:24:05 +0000 (17:24 +0100)]
Don't set up an ongoing connection to myself.
It is entirely possible that the configuration file could contain a
ConnectTo statement refering to its own name; that's a reasonable
scenario when one deploys semi-automatically generated tinc.conf files.
Amusingly, tinc does not like that at all, and actually sets up an
outgoing_t structure to myself (which obviously makes no sense). This is
mostly benign, though it does result in non-sensical "Already connected
to myself" messages every retry interval.
However, that also makes things blow up in close_network_connections(),
because there we delete the entire outgoing list and *then* the myself
node, which still has a reference to the freshly deleted outgoing
structure. Boom.
Etienne Dechamps [Sat, 23 May 2015 09:24:00 +0000 (10:24 +0100)]
Fix crashes when trying unreachable nodes.
timeout_handler() calls try_tx(c->node) when c->edge exists.
Unfortunately, the existence of c->edge is not enough to conclude that
the node is reachable.
In fact, during connection establishment, there is a short period of
time where we create an edge for the node at the other end of the
metaconnection, but we don't have one from the other side yet.
Unfortunately, if timeout_handler() runs during that short time
window, it will call try_tx() on an unreachable node, which makes
things explode because that function is not prepared to handle that
case.
A typical symptom of this race condition is a hard SEGFAULT while trying
to send packets using metaconnections that don't exist, due to
n->nexthop containing garbage.
This patch fixes the issue by making try_tx() check for reachability,
and then making all code paths use try_tx() instead of the more
specialized methods so that they go through the check.
This regression was introduced in
eb7a0db18ea71a44999d6a37b4b179dac0ed9bc7.
Guus Sliepen [Thu, 21 May 2015 09:09:01 +0000 (11:09 +0200)]
Update copyright notices.
Guus Sliepen [Thu, 21 May 2015 09:06:38 +0000 (11:06 +0200)]
Set the CLOEXEC flag on the umbilical socket.
Guus Sliepen [Wed, 20 May 2015 19:28:54 +0000 (21:28 +0200)]
Use socketpair() instead of pipe() for the umbilical.
This prepares for a possible conversion of the umbilical socket to a
control socket.
Guus Sliepen [Wed, 20 May 2015 19:25:06 +0000 (21:25 +0200)]
Don't write log messages to the umbilical pipe if we don't detach.
If we run in the foreground and are started by the CLI, this would
otherwise cause the first few log messages to appear twice.