From: Guus Sliepen Date: Fri, 1 Mar 2002 14:25:10 +0000 (+0000) Subject: Document and clean up MAC address expiry. X-Git-Tag: release-1.0pre6~60 X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=ab90fa9bd1a653a330be7ef11293000721a0e7b4 Document and clean up MAC address expiry. --- diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 7633dca9..4de7c6de 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -165,6 +165,12 @@ Currently this option only affects the Linux tun/tap device. This option controls the period the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. +.It Va MACExpire Li = Ar period Pq 600 +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when +.Va Mode +is set to +.Qq switch . .It Va MaxTimeout Li = Ar period Pq 900 This is the maximum delay before trying to reconnect to other tinc daemons. .It Va Mode Li = router | switch | hub Pq router @@ -183,7 +189,7 @@ at the cost of frequent broadcast ARP requests and routing table updates. .It hub This mode is almost the same as the switch mode, but instead every packet will be broadcast to the other daemons -while no routing table is created. +while no routing table is managed. .El .It Va Name Li = Ar name Bq required This is the name which identifies this tinc daemon. diff --git a/doc/tinc.texi b/doc/tinc.texi index dba07540..abbfeb31 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ +$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ +$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -813,13 +813,15 @@ Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this @cindex switch @item switch In this mode the MAC addresses of the packets on the VPN will be used to -dynamically create a routing table just like a network switch does. -Unicast, multicast and broadcast packets of every ethernet protocol are supported in this mode +dynamically create a routing table just like an Ethernet switch does. +Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode at the cost of frequent broadcast ARP requests and routing table updates. @cindex hub @item hub -In this mode every packet will be broadcast to the other daemons. +This mode is almost the same as the switch mode, but instead +every packet will be broadcast to the other daemons +while no routing table is managed. @end table @cindex KeyExpire @@ -829,6 +831,11 @@ are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. +@cindex MACExpire +@item MACExpire = (600) +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when Mode is set to "switch". + @cindex Name @item @strong{Name = } This is a symbolic name for this connection. It can be anything diff --git a/po/nl.po b/po/nl.po index 56d9b72a..65d44258 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-01 14:19+0100\n" +"POT-Creation-Date: 2002-03-01 15:22+0100\n" "PO-Revision-Date: 2002-03-01 14:19+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -172,53 +172,53 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:114 +#: src/net.c:116 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:124 +#: src/net.c:126 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:178 +#: src/net.c:180 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beƫindigen verbinding met %s (%s)" -#: src/net.c:249 +#: src/net.c:248 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:262 +#: src/net.c:261 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:315 src/net_socket.c:246 +#: src/net.c:314 src/net_socket.c:246 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:377 +#: src/net.c:378 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:411 +#: src/net.c:413 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:428 +#: src/net.c:430 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:445 +#: src/net.c:447 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:452 +#: src/net.c:454 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beƫindigen" @@ -259,7 +259,7 @@ msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:270 src/net_setup.c:476 src/net_socket.c:99 +#: src/net_packet.c:270 src/net_setup.c:479 src/net_socket.c:99 #: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258 #: src/process.c:293 #, c-format @@ -369,44 +369,44 @@ msgstr "Ongeldig publiek/priv msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:335 +#: src/net_setup.c:338 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:352 +#: src/net_setup.c:355 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:374 +#: src/net_setup.c:377 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:409 +#: src/net_setup.c:412 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:425 +#: src/net_setup.c:428 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:430 +#: src/net_setup.c:433 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:446 +#: src/net_setup.c:449 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:491 +#: src/net_setup.c:494 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:501 +#: src/net_setup.c:504 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:504 +#: src/net_setup.c:507 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -1028,17 +1028,22 @@ msgstr "Signaal %d (%s) genegeerd" msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:70 +#: src/route.c:71 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:120 +#: src/route.c:104 +#, c-format +msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" +msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" + +#: src/route.c:149 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:140 +#: src/route.c:169 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1047,16 +1052,16 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:184 +#: src/route.c:213 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:197 +#: src/route.c:226 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:249 +#: src/route.c:278 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" diff --git a/src/net.c b/src/net.c index a1b17052..722e8ccd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.160 2002/03/01 14:09:31 guus Exp $ + $Id: net.c,v 1.35.4.161 2002/03/01 14:25:10 guus Exp $ */ #include "config.h" @@ -402,7 +402,7 @@ cp check_dead_connections(); last_ping_check = now; - if(routing_mode != RMODE_ROUTER) + if(routing_mode== RMODE_SWITCH) age_mac(); /* Should we regenerate our key? */ diff --git a/src/route.c b/src/route.c index d76bd9bd..77fb7d17 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.26 2002/03/01 14:09:31 guus Exp $ + $Id: route.c,v 1.1.2.27 2002/03/01 14:25:10 guus Exp $ */ #include "config.h" @@ -100,6 +100,9 @@ cp s = (subnet_t *)node->data; if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), + s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); for(node2 = connection_tree->head; node2; node2 = node2->next) { c = (connection_t *)node2->data;