X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=a6fd3d06f3729fbf6481b51c634472348293c0dc;hp=752677941e4ad4d4953f1e8d8eba6f0c4ee031de;hb=5dde6461a321ee47b06e33f8203f2acf00a31a51;hpb=3308d13e7e3bf20cfeaf6f2ab17228a9820cea66

diff --git a/src/net_setup.c b/src/net_setup.c
index 75267794..a6fd3d06 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -13,11 +13,9 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-    $Id$
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
 #include "system.h"
@@ -46,8 +44,7 @@
 
 char *myport;
 
-bool read_rsa_public_key(connection_t *c)
-{
+bool read_rsa_public_key(connection_t *c) {
 	FILE *fp;
 	char *fname;
 	char *key;
@@ -113,7 +110,7 @@ bool read_rsa_public_key(connection_t *c)
 
 	/* Else, check if a harnessed public key is in the config file */
 
-	asprintf(&fname, "%s/hosts/%s", confbase, c->name);
+	xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
 	fp = fopen(fname, "r");
 
 	if(fp) {
@@ -128,7 +125,7 @@ bool read_rsa_public_key(connection_t *c)
 
 	/* Try again with PEM_read_RSA_PUBKEY. */
 
-	asprintf(&fname, "%s/hosts/%s", confbase, c->name);
+	xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
 	fp = fopen(fname, "r");
 
 	if(fp) {
@@ -147,8 +144,7 @@ bool read_rsa_public_key(connection_t *c)
 	return false;
 }
 
-bool read_rsa_private_key(void)
-{
+bool read_rsa_private_key(void) {
 	FILE *fp;
 	char *fname, *key, *pubkey;
 	struct stat s;
@@ -171,7 +167,7 @@ bool read_rsa_private_key(void)
 	}
 
 	if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
-		asprintf(&fname, "%s/rsa_key.priv", confbase);
+		xasprintf(&fname, "%s/rsa_key.priv", confbase);
 
 	fp = fopen(fname, "r");
 
@@ -211,8 +207,7 @@ bool read_rsa_private_key(void)
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
-bool setup_myself(void)
-{
+bool setup_myself(void) {
 	config_t *cfg;
 	subnet_t *subnet;
 	char *name, *hostname, *mode, *afname, *cipher, *digest;
@@ -228,8 +223,8 @@ bool setup_myself(void)
 	myself->connection = new_connection();
 	init_configuration(&myself->connection->config_tree);
 
-	asprintf(&myself->hostname, _("MYSELF"));
-	asprintf(&myself->connection->hostname, _("MYSELF"));
+	xasprintf(&myself->hostname, _("MYSELF"));
+	xasprintf(&myself->connection->hostname, _("MYSELF"));
 
 	myself->connection->options = 0;
 	myself->connection->protocol_version = PROT_CURRENT;
@@ -257,7 +252,7 @@ bool setup_myself(void)
 		return false;
 
 	if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
-		asprintf(&myport, "655");
+		xasprintf(&myport, "655");
 
 	/* Read in all the subnets specified in the host configuration file */
 
@@ -306,15 +301,18 @@ bool setup_myself(void)
 	} else
 		routing_mode = RMODE_ROUTER;
 
-	if(routing_mode == RMODE_ROUTER)
-		if(!get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) || choice)
-			myself->options |= OPTION_PMTU_DISCOVERY;
+	// Enable PMTUDiscovery by default if we are in router mode.
+
+	choice = routing_mode == RMODE_ROUTER;
+	get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
+	if(choice)	
+		myself->options |= OPTION_PMTU_DISCOVERY;
 
 	get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
 
 #if !defined(SOL_IP) || !defined(IP_TOS)
 	if(priorityinheritance)
-		logger(LOG_WARNING, _("PriorityInheritance not supported on this platform"));
+		logger(LOG_WARNING, _("%s not supported on this platform"), "PriorityInheritance");
 #endif
 
 	if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
@@ -359,14 +357,14 @@ bool setup_myself(void)
 			}
 		}
 	} else
-		myself->incipher = EVP_bf_cbc();
+		myself->incipher = EVP_aes_256_cbc();
 
 	if(myself->incipher)
 		myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
 	else
 		myself->inkeylength = 1;
 
-	myself->connection->outcipher = EVP_bf_ofb();
+	myself->connection->outcipher = EVP_aes_256_ofb();
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
@@ -387,9 +385,9 @@ bool setup_myself(void)
 			}
 		}
 	} else
-		myself->indigest = EVP_sha1();
+		myself->indigest = EVP_sha256();
 
-	myself->connection->outdigest = EVP_sha1();
+	myself->connection->outdigest = EVP_sha256();
 
 	if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength)) {
 		if(myself->indigest) {
@@ -433,10 +431,10 @@ bool setup_myself(void)
 		return false;
 
 	/* Run tinc-up script to further initialize the tap interface */
-	asprintf(&envp[0], "NETNAME=%s", netname ? : "");
-	asprintf(&envp[1], "DEVICE=%s", device ? : "");
-	asprintf(&envp[2], "INTERFACE=%s", iface ? : "");
-	asprintf(&envp[3], "NAME=%s", myself->name);
+	xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
+	xasprintf(&envp[1], "DEVICE=%s", device ? : "");
+	xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
+	xasprintf(&envp[3], "NAME=%s", myself->name);
 	envp[4] = NULL;
 
 	execute_script("tinc-up", envp);
@@ -503,10 +501,9 @@ bool setup_myself(void)
 }
 
 /*
-  setup all initial network connections
+  initialize network
 */
-bool setup_network_connections(void)
-{
+bool setup_network(void) {
 	cp();
 
 	now = time(NULL);
@@ -536,16 +533,13 @@ bool setup_network_connections(void)
 	if(!setup_myself())
 		return false;
 
-	try_outgoing_connections();
-
 	return true;
 }
 
 /*
   close all open network connections
 */
-void close_network_connections(void)
-{
+void close_network_connections(void) {
 	avl_node_t *node, *next;
 	connection_t *c;
 	char *envp[5];
@@ -573,10 +567,10 @@ void close_network_connections(void)
 		close(listen_socket[i].udp);
 	}
 
-	asprintf(&envp[0], "NETNAME=%s", netname ? : "");
-	asprintf(&envp[1], "DEVICE=%s", device ? : "");
-	asprintf(&envp[2], "INTERFACE=%s", iface ? : "");
-	asprintf(&envp[3], "NAME=%s", myself->name);
+	xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
+	xasprintf(&envp[1], "DEVICE=%s", device ? : "");
+	xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
+	xasprintf(&envp[3], "NAME=%s", myself->name);
 	envp[4] = NULL;
 
 	exit_requests();
@@ -590,8 +584,6 @@ void close_network_connections(void)
 
 	if(myport) free(myport);
 
-	EVP_CIPHER_CTX_cleanup(&packet_ctx);
-
 	for(i = 0; i < 4; i++)
 		free(envp[i]);