MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
- $Id$
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
char *myport;
-bool read_rsa_public_key(connection_t *c)
-{
+bool read_rsa_public_key(connection_t *c) {
FILE *fp;
char *fname;
char *key;
- cp();
-
if(!c->rsa_key) {
c->rsa_key = RSA_new();
// RSA_blinding_on(c->rsa_key, NULL);
/* Else, check if a harnessed public key is in the config file */
- asprintf(&fname, "%s/hosts/%s", confbase, c->name);
+ xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
fp = fopen(fname, "r");
if(fp) {
/* Try again with PEM_read_RSA_PUBKEY. */
- asprintf(&fname, "%s/hosts/%s", confbase, c->name);
+ xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
fp = fopen(fname, "r");
if(fp) {
return false;
}
-bool read_rsa_private_key(void)
-{
+bool read_rsa_private_key(void) {
FILE *fp;
char *fname, *key, *pubkey;
struct stat s;
- cp();
-
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) {
logger(LOG_ERR, _("PrivateKey used but no PublicKey found!"));
}
if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
- asprintf(&fname, "%s/rsa_key.priv", confbase);
+ xasprintf(&fname, "%s/rsa_key.priv", confbase);
fp = fopen(fname, "r");
/*
Configure node_t myself and set up the local sockets (listen only)
*/
-bool setup_myself(void)
-{
+bool setup_myself(void) {
config_t *cfg;
subnet_t *subnet;
char *name, *hostname, *mode, *afname, *cipher, *digest;
bool choice;
int i, err;
- cp();
-
myself = new_node();
myself->connection = new_connection();
init_configuration(&myself->connection->config_tree);
- asprintf(&myself->hostname, _("MYSELF"));
- asprintf(&myself->connection->hostname, _("MYSELF"));
+ xasprintf(&myself->hostname, _("MYSELF"));
+ xasprintf(&myself->connection->hostname, _("MYSELF"));
myself->connection->options = 0;
myself->connection->protocol_version = PROT_CURRENT;
return false;
if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
- asprintf(&myport, "655");
+ xasprintf(&myport, "655");
/* Read in all the subnets specified in the host configuration file */
} else
routing_mode = RMODE_ROUTER;
- if(routing_mode == RMODE_ROUTER)
- if(!get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) || choice)
- myself->options |= OPTION_PMTU_DISCOVERY;
+ // Enable PMTUDiscovery by default if we are in router mode.
+
+ choice = routing_mode == RMODE_ROUTER;
+ get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
+ if(choice)
+ myself->options |= OPTION_PMTU_DISCOVERY;
get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
#if !defined(SOL_IP) || !defined(IP_TOS)
if(priorityinheritance)
- logger(LOG_WARNING, _("PriorityInheritance not supported on this platform"));
+ logger(LOG_WARNING, _("%s not supported on this platform"), "PriorityInheritance");
#endif
if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
}
}
} else
- myself->incipher = EVP_bf_cbc();
+ myself->incipher = EVP_aes_256_cbc();
if(myself->incipher)
myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
else
myself->inkeylength = 1;
- myself->connection->outcipher = EVP_bf_ofb();
+ myself->connection->outcipher = EVP_aes_256_ofb();
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
}
}
} else
- myself->indigest = EVP_sha1();
+ myself->indigest = EVP_sha256();
- myself->connection->outdigest = EVP_sha1();
+ myself->connection->outdigest = EVP_sha256();
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
if(myself->indigest) {
return false;
/* Run tinc-up script to further initialize the tap interface */
- asprintf(&envp[0], "NETNAME=%s", netname ? : "");
- asprintf(&envp[1], "DEVICE=%s", device ? : "");
- asprintf(&envp[2], "INTERFACE=%s", iface ? : "");
- asprintf(&envp[3], "NAME=%s", myself->name);
+ xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
+ xasprintf(&envp[1], "DEVICE=%s", device ? : "");
+ xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
+ xasprintf(&envp[3], "NAME=%s", myself->name);
envp[4] = NULL;
execute_script("tinc-up", envp);
}
/*
- setup all initial network connections
+ initialize network
*/
-bool setup_network_connections(void)
-{
- cp();
-
+bool setup_network(void) {
now = time(NULL);
init_events();
if(!setup_myself())
return false;
- try_outgoing_connections();
-
return true;
}
/*
close all open network connections
*/
-void close_network_connections(void)
-{
+void close_network_connections(void) {
avl_node_t *node, *next;
connection_t *c;
char *envp[5];
int i;
- cp();
-
for(node = connection_tree->head; node; node = next) {
next = node->next;
c = node->data;
close(listen_socket[i].udp);
}
- asprintf(&envp[0], "NETNAME=%s", netname ? : "");
- asprintf(&envp[1], "DEVICE=%s", device ? : "");
- asprintf(&envp[2], "INTERFACE=%s", iface ? : "");
- asprintf(&envp[3], "NAME=%s", myself->name);
+ xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
+ xasprintf(&envp[1], "DEVICE=%s", device ? : "");
+ xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
+ xasprintf(&envp[3], "NAME=%s", myself->name);
envp[4] = NULL;
exit_requests();
if(myport) free(myport);
- EVP_CIPHER_CTX_cleanup(&packet_ctx);
-
for(i = 0; i < 4; i++)
free(envp[i]);
projects / tinc / blobdiff