Guus Sliepen [Sun, 18 Feb 2018 14:38:12 +0000 (15:38 +0100)]
Reduce memory allocations due to zlib's uncompress().
Everytime uncompress() is called, zlib allocates some buffer on the heap
and frees it again. When compression is enabled, this is the biggest source
of memory allocations in tinc. Instead of using this function, use
inflate(), which can store its state in a z_stream variable, which avoids
(re)allocating memory for every packet received.
This issue was found thanks to heaptrack.
Guus Sliepen [Sun, 18 Feb 2018 14:33:36 +0000 (15:33 +0100)]
Add code coverage testing support.
Allows configure to be run with the --enable-code-coverage flag, allowing
one to run make check-code-coverage, which runs the test suite and produces
a code coverage report.
Guus Sliepen [Sat, 17 Feb 2018 13:39:29 +0000 (14:39 +0100)]
Reformat all code using astyle.
Todd C. Miller [Fri, 16 Feb 2018 21:17:39 +0000 (14:17 -0700)]
Fix a use-after-free bug in get_recent_address() and two related issues.
1) The sockaddr_t * returned may be part of memory freed by the call to
freeaddrinfo().
2) The sockaddr_t * returned from a recently seen address not in the
cache was cast from struct addrinfo *ai, not the struct sockaddr *
inside of it.
3) In do_outgoing_connection(), when filling in the address in the
connection_t, there is a buffer overflow (read, not write) if
the sa returned by get_recent_address() didn't come from the
cache of recently seen addresses. That is, it was really a
struct sockaddr * and not a sockaddr_t *. This last was
found by building tinc with address sanitizer.
Todd C. Miller [Wed, 31 Jan 2018 21:55:20 +0000 (14:55 -0700)]
In device_issue_read() there is no need to reset Offset and OffsetHigh
to 0; they are only used for seekable files (not sockets).
Reset the write event before the call to WriteFile(). This is
consistent with how the read event is reset before ReadFile().
Clear device_write_packet.len() if WriteFile() fails with an error
other than ERROR_IO_PENDING; otherwise write_packet() will call
GetOverlappedResult() the next time it is run even though there is
no write in progress.
Todd C. Miller [Tue, 23 Jan 2018 22:57:58 +0000 (15:57 -0700)]
WSAEVENT is a pointer, so we cannot simply return the different of two
events in io_compare(), which returns an int. This can return the wrong
result for 64-bit executables.
Todd C. Miller [Mon, 22 Jan 2018 17:27:16 +0000 (10:27 -0700)]
Add some missing freeaddrinfo() calls to avoid leaking memory.
Guus Sliepen [Mon, 22 Jan 2018 17:05:09 +0000 (18:05 +0100)]
Fix calling freeaddrinfo() on the wrong pointer.
Thanks to Todd C. Miller for finding this issue.
Etienne Dechamps [Wed, 17 Jan 2018 19:37:53 +0000 (19:37 +0000)]
Move ResetEvent() call before ReadFile().
Commit
313a752 changed the Windows device code such that ResetEvent() is
called on the read OVERLAPPED structure before GetOverlappedResult(), as
opposed to before ReadFile(). In [1] Guus pointed out that this doesn't
make a ton of sense, and I agree with him; it must have been an
oversight on my part when I wrote this code.
Surprisingly, none of this makes any difference in my testing, at least
with the standard TAP 9.0.0.9 driver. Nevertheless, this code is
probably wrong and fixing it will make me sleep better at night.
[1]: https://www.tinc-vpn.org/pipermail/tinc/2018-January/005091.html
Etienne Dechamps [Sun, 7 Jan 2018 14:48:08 +0000 (14:48 +0000)]
Fix "use of GNU empty initializer extension" warning.
Etienne Dechamps [Sun, 7 Jan 2018 14:44:12 +0000 (14:44 +0000)]
Fix "void function should not return void expression" warning.
Etienne Dechamps [Sun, 7 Jan 2018 14:26:00 +0000 (14:26 +0000)]
Fix AC_CHECK_DECLS usage in openssl.m4.
See:
https://www.gnu.org/software/autoconf/manual/autoconf-2.62/html_node/Generic-Declarations.html
"For each of the symbols (comma-separated list)"
When building with aggressive warning settings the current code results
in the following configure test code being generated:
#ifndef OpenSSL_add_all_algorithms EVP_aes_256_cfb
#ifdef __cplusplus
(void) OpenSSL_add_all_algorithms EVP_aes_256_cfb;
#else
(void) OpenSSL_add_all_algorithms EVP_aes_256_cfb;
#endif
#endif
Which is obviously wrong and makes the configure check fail.
Guus Sliepen [Fri, 5 Jan 2018 21:49:30 +0000 (22:49 +0100)]
Add a cache of recently seen addresses.
This maintains a cache file for each host we have communicated with, either
via TCP or UDP. The cache is used when trying to make outgoing connections,
and is updated whenever a successful TCP or UDP connection is established.
Up to 8 addresses are stored in the cache.
Currently, the cache is stored in /etc/tinc/NETNAME/cache. The directory
has to be manually created to opt in to this feature for now.
Guus Sliepen [Sat, 6 Jan 2018 19:46:22 +0000 (20:46 +0100)]
Fix all spelling errors found by codespell.
Guus Sliepen [Sat, 6 Jan 2018 19:34:37 +0000 (20:34 +0100)]
Document how to enable tinc at boot time using systemd.
Guus Sliepen [Sat, 6 Jan 2018 15:59:21 +0000 (16:59 +0100)]
Don't include generated files into the tarball.
Guus Sliepen [Sat, 6 Jan 2018 15:21:19 +0000 (16:21 +0100)]
Update .gitignore.
Guus Sliepen [Sat, 6 Jan 2018 15:20:25 +0000 (16:20 +0100)]
Ensure the sptps-basic test doesn't fail during make distcheck.
Guus Sliepen [Sat, 6 Jan 2018 15:20:03 +0000 (16:20 +0100)]
Set default systemd unit path to ${libdir}/systemd/system.
This installs systemd unit files into /usr/local, just like the binaries.
The systemd documentation claims to read this directory as well.
Guus Sliepen [Sat, 6 Jan 2018 15:17:35 +0000 (16:17 +0100)]
Remove hardcoded paths from systemd unit files.
Closes #160 on GitHub.
Guus Sliepen [Fri, 5 Jan 2018 18:58:28 +0000 (19:58 +0100)]
Merge remote-tracking branch 'dechamps/ipip' into 1.1
Etienne Dechamps [Tue, 2 Jan 2018 09:55:26 +0000 (09:55 +0000)]
Support MSS clamping for IP in IP (RFC 2003) packets.
This change allows tinc MSS clamping to operate on TCP streams that are
inside an IP in IP tunnel.
Guus Sliepen [Fri, 5 Jan 2018 16:13:57 +0000 (17:13 +0100)]
Add missing newlines to some error messages.
Guus Sliepen [Fri, 5 Jan 2018 16:13:25 +0000 (17:13 +0100)]
Document that invitation files MUST always start with Name = ...
Guus Sliepen [Fri, 5 Jan 2018 16:12:06 +0000 (17:12 +0100)]
Don't warn about empty lines in invitation files.
Guus Sliepen [Mon, 18 Dec 2017 09:47:40 +0000 (10:47 +0100)]
Document the --batch option.
Guus Sliepen [Sat, 16 Dec 2017 21:54:31 +0000 (22:54 +0100)]
Assume all IPPROTO_* macros exist.
Guus Sliepen [Mon, 6 Nov 2017 21:52:17 +0000 (22:52 +0100)]
Fix building documentation when using OpenBSD's make.
Guus Sliepen [Mon, 6 Nov 2017 21:49:41 +0000 (22:49 +0100)]
Update THANKS.
Guus Sliepen [Mon, 6 Nov 2017 21:44:12 +0000 (22:44 +0100)]
Const correctness.
Guus Sliepen [Mon, 6 Nov 2017 21:35:28 +0000 (22:35 +0100)]
Support autoconf's --runstatedir option.
Put the PID file in @runstatedir@ instead of @localstatedir@/run. This
requires autoconf 2.70, which is not released yet, so add a fallback to
use @localstatedir@/run if @runstatedir@ is not set.
Guus Sliepen [Mon, 6 Nov 2017 21:28:32 +0000 (22:28 +0100)]
Ensure all parameters have names in header files.
Guus Sliepen [Mon, 6 Nov 2017 21:27:57 +0000 (22:27 +0100)]
Remove unused functions.
Guus Sliepen [Mon, 6 Nov 2017 20:46:17 +0000 (21:46 +0100)]
Don't log errors when autoconnecting fails and debuglevel is 0.
Guus Sliepen [Thu, 26 Oct 2017 19:33:46 +0000 (21:33 +0200)]
If we are using libncurses, also try to link with libtinfo.
On some distributions, tinc might not be linked correctly if -ltinfo is
not explicitly specified.
Guus Sliepen [Wed, 25 Oct 2017 19:08:29 +0000 (21:08 +0200)]
Only forward SPTPS packets if Forwarding = internal.
This tries to match what is done for packets using the legacy protocol.
However, since SPTPS is end-to-end encrypted, Forwarding = kernel cannot
be implemented. In that case, we also drop the packets.
Todd C. Miller [Wed, 25 Oct 2017 16:05:06 +0000 (10:05 -0600)]
Replace remaining sizeof foo with sizeof(foo).
Guus Sliepen [Mon, 23 Oct 2017 19:10:20 +0000 (21:10 +0200)]
Disable PMTU discovery when TCPOnly is used.
Guus Sliepen [Wed, 11 Oct 2017 17:30:17 +0000 (19:30 +0200)]
Add some information about the requirements of a chroot environment.
Guus Sliepen [Sun, 8 Oct 2017 19:32:12 +0000 (21:32 +0200)]
Ensure "make distcheck" really runs without errors.
Guus Sliepen [Sat, 7 Oct 2017 15:50:22 +0000 (17:50 +0200)]
Reformat all code using astyle.
Guus Sliepen [Sat, 7 Oct 2017 15:47:19 +0000 (17:47 +0200)]
Convert sizeof foo to sizeof(foo).
While technically sizeof is an operator and doesn't need the parentheses
around expressions it operates on, except if they are type names, code
formatters don't seem to handle this very well.
Guus Sliepen [Sat, 7 Oct 2017 15:40:34 +0000 (17:40 +0200)]
Update all header guards.
Don't start with underscores, as those are reserved for system
libraries. Make sure all start with TINC_, and that they appear at
the top of the file.
Guus Sliepen [Sat, 7 Oct 2017 14:51:32 +0000 (16:51 +0200)]
Remove unused/obsolete checks from configure.ac.
Daniel Lublin [Thu, 5 Oct 2017 07:23:20 +0000 (09:23 +0200)]
doc: there is, not their is
Guus Sliepen [Tue, 3 Oct 2017 19:23:28 +0000 (21:23 +0200)]
Prepare for automatic code formatting using Artistic Style.
Guus Sliepen [Sun, 1 Oct 2017 20:04:40 +0000 (22:04 +0200)]
Update THANKS.
Todd C. Miller [Thu, 28 Sep 2017 22:39:59 +0000 (16:39 -0600)]
Fix parsing of -b flag
Only the short -b option is missing, --batch works as expected.
Guus Sliepen [Sat, 2 Sep 2017 19:56:17 +0000 (21:56 +0200)]
Releasing 1.1pre15.
Guus Sliepen [Sat, 2 Sep 2017 19:55:47 +0000 (21:55 +0200)]
Drop h and hh length modifiers from printf format strings.
Guus Sliepen [Sat, 2 Sep 2017 19:54:34 +0000 (21:54 +0200)]
Ensure packet priority is cleared when sending PMTU probe replies.
Found by the Clang static analyzer.
Guus Sliepen [Sat, 2 Sep 2017 19:52:44 +0000 (21:52 +0200)]
Fix a file descriptor leak when using an invitation.
Found by cppcheck.
Guus Sliepen [Sat, 2 Sep 2017 19:06:25 +0000 (21:06 +0200)]
Fix a compiler warning.
Guus Sliepen [Sat, 2 Sep 2017 15:24:05 +0000 (17:24 +0200)]
Force IPv4 for sptps-basic.test.
Allow forcing either IPv4 or IPv6 for sptps_test, and use IPv4 for the
sptps-basic test. Since sptps_test is only opening a single listening
socket, and you cannot control which address family it uses, this gets
around a problem where the listening side is using a different address
family than the one connecting to it.
Guus Sliepen [Sat, 2 Sep 2017 15:04:25 +0000 (17:04 +0200)]
Add missing break statements.
Guus Sliepen [Tue, 22 Aug 2017 18:51:44 +0000 (20:51 +0200)]
Make autoconnect try to heal network splits.
When we have less than three connections, we greedily try to connect to any
viable node. However, once we have three connections, try to connect to
nodes that we know of but that aren't reachable.
We also make sure that if there are 100 reachable nodes, and 1 unreachable
one, that not all 100 reachable nodes try to connect to the unreachable
at the same time.
pacien [Tue, 15 Aug 2017 17:56:06 +0000 (19:56 +0200)]
Add LogLevel config option
Guus Sliepen [Thu, 27 Jul 2017 08:06:13 +0000 (10:06 +0200)]
Forward-port tinc 1.0's handling of device errors.
volth [Thu, 27 Jul 2017 06:32:28 +0000 (06:32 +0000)]
Avoid infinite loop on EBADFD
On Linux network restart, Tinc can get into a loop writing millions of error messages "Error while reading from Linux tun/tap device (tun mode) /dev/net/tun: File descriptor in bad state" to the log. https://github.com/NixOS/nixpkgs/pull/27675
It should be somehow aborted.
Here is my quick hack.
Guus Sliepen [Sun, 9 Jul 2017 14:12:55 +0000 (16:12 +0200)]
Store the invitation data after a succesful join.
This can be used by the invitee to examine the file after a join, and
process it in different ways than the tinc CLI does.
Guus Sliepen [Sun, 9 Jul 2017 13:57:51 +0000 (15:57 +0200)]
Add configurable experation time for invitations.
Guus Sliepen [Sun, 28 May 2017 10:48:32 +0000 (12:48 +0200)]
Set KillMode=mixed in the systemd service file.
This ensures only the main process is sent the SIGTERM, and not anything
else that might have started in the same control group, including the
tinc-down script.
Closes #145 on GitHub.
Guus Sliepen [Sun, 28 May 2017 10:26:44 +0000 (12:26 +0200)]
Move logging of "would block" messages to debug level 4.
Guus Sliepen [Sun, 7 May 2017 13:29:22 +0000 (15:29 +0200)]
Remove unused add_scalar function.
thorkill [Thu, 4 May 2017 21:44:56 +0000 (23:44 +0200)]
Fix NULL pointer dereference in send_udp_info
thorkill [Mon, 1 May 2017 10:40:22 +0000 (12:40 +0200)]
Sanitize input in id_h - prevent integer overflows
Guus Sliepen [Tue, 18 Apr 2017 18:09:38 +0000 (20:09 +0200)]
Fix some minor issues found by cppcheck.
Guus Sliepen [Tue, 18 Apr 2017 18:09:08 +0000 (20:09 +0200)]
Add field widths to sscanf() calls.
Found by cppcheck.
Guus Sliepen [Tue, 18 Apr 2017 18:07:33 +0000 (20:07 +0200)]
Remove dead stores.
Found by the Clang static analyzer.
Guus Sliepen [Mon, 17 Apr 2017 14:05:30 +0000 (16:05 +0200)]
Add missing tinc stop command to the scripts test.
Guus Sliepen [Mon, 17 Apr 2017 11:54:02 +0000 (13:54 +0200)]
Fix tests on *BSD.
Guus Sliepen [Mon, 17 Apr 2017 11:53:48 +0000 (13:53 +0200)]
Fix segfault when adding environment variables.
Guus Sliepen [Mon, 17 Apr 2017 11:07:15 +0000 (13:07 +0200)]
Fix compiler warnings on *BSD.
Guus Sliepen [Mon, 17 Apr 2017 11:02:39 +0000 (13:02 +0200)]
Make sure realname is always initialized.
Guus Sliepen [Mon, 17 Apr 2017 10:50:30 +0000 (12:50 +0200)]
Ensure tests compile on *BSD.
Guus Sliepen [Sat, 8 Apr 2017 11:34:40 +0000 (13:34 +0200)]
Use getmsg()/putmsg() instead of read()/write() on Solaris.
This fixes a problem where read() returns packets from the IP layer before
fragmentation is done.
# Conflicts:
# src/solaris/device.c
Guus Sliepen [Sat, 8 Apr 2017 11:31:04 +0000 (13:31 +0200)]
Use /dev/udp instead of /dev/ip on Solaris.
# Conflicts:
# src/solaris/device.c
Guus Sliepen [Wed, 29 Mar 2017 06:08:56 +0000 (08:08 +0200)]
Ensure sptps_keypair and sptps_test get build for make check.
Guus Sliepen [Wed, 29 Mar 2017 06:08:19 +0000 (08:08 +0200)]
Use 127.0.0.1 instead of localhost to ensure tests are reproducible.
Guus Sliepen [Sun, 26 Mar 2017 15:54:37 +0000 (17:54 +0200)]
Ensure proper logging in the invite-offline test.
Guus Sliepen [Sun, 26 Mar 2017 15:43:33 +0000 (17:43 +0200)]
Add the scripts test.
This test whether all the scripts are run with the right information in
the right order.
Guus Sliepen [Sun, 26 Mar 2017 14:48:02 +0000 (16:48 +0200)]
Update .gitignore.
Guus Sliepen [Sun, 26 Mar 2017 14:47:54 +0000 (16:47 +0200)]
Add the invite-offline test.
This tests generating an invitation on the server while no tinc daemon is
running.
Guus Sliepen [Sun, 26 Mar 2017 14:46:31 +0000 (16:46 +0200)]
Remove superfluous sleep command in invite-join test.
Guus Sliepen [Sun, 26 Mar 2017 14:46:03 +0000 (16:46 +0200)]
Use unique ports for all tests.
Guus Sliepen [Tue, 21 Mar 2017 20:25:27 +0000 (21:25 +0100)]
Add DEBUG environment variable for scripts.
This contains the current debug level used by tinc. Scripts can use it
to decide whether to log debugging information of their own.
Closes #138 on GitHub.
Guus Sliepen [Tue, 21 Mar 2017 20:21:23 +0000 (21:21 +0100)]
Put script environment creation/deletion in functions.
This makes environment handling safer, and also has a single place where
we can add new environment variables that should be present for all
scripts.
Vittorio Gambaletta (VittGam) [Wed, 12 Oct 2016 11:52:17 +0000 (13:52 +0200)]
route: Support ToS/DiffServ priority inheritance when routing IPv6 packets.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Guus Sliepen [Mon, 20 Mar 2017 21:33:18 +0000 (22:33 +0100)]
Merge remote-tracking branch 'dechamps/sleep' into 1.1
Guus Sliepen [Mon, 20 Mar 2017 21:19:36 +0000 (22:19 +0100)]
Don't try to use kill() on Windows.
Guus Sliepen [Mon, 20 Mar 2017 21:15:20 +0000 (22:15 +0100)]
Add missing #defines used by fd_device.c.
Guus Sliepen [Tue, 7 Mar 2017 18:19:19 +0000 (19:19 +0100)]
Use free_known_addresses() to free memory allocated by get_known_addresses().
We know what struct addrinfo looks like, but the standard says nothing
about how it is allocated. So we cannot trust freeaddrinfo() to work
correctly on the struct addrinfo list we allocated ourselves in
get_known_addresses(). To make a distinction by allocations from the
latter and from str2addrinfo(), we keep two pointers (*ai and *kai) in
struct outgoing, and use the freeing function that is appropriate for
each.
Roman Savelyev [Tue, 7 Mar 2017 18:07:19 +0000 (19:07 +0100)]
Fix lost pointer trails in get_known_addresses().
Pacien TRAN-GIRARD [Mon, 27 Feb 2017 19:56:55 +0000 (20:56 +0100)]
Add fd_device
Guus Sliepen [Tue, 14 Feb 2017 19:51:43 +0000 (20:51 +0100)]
Remove the description of the LocalDiscoveryAddress option from the manual.
This option is no longer implemented.
Guus Sliepen [Tue, 31 Jan 2017 11:05:03 +0000 (12:05 +0100)]
Don't build sptps_* binaries by default.
Guus Sliepen [Tue, 31 Jan 2017 11:03:27 +0000 (12:03 +0100)]
Fix potential segfault in the replacement vasprintf() function.
Etienne Dechamps [Sun, 18 Dec 2016 14:53:33 +0000 (14:53 +0000)]
Fix address memory leaks in add_edge_h().
Note that this is not as bad as it looks, because in practice
sockaddrfree() is a no-op for typical address types.
Etienne Dechamps [Sun, 18 Dec 2016 14:32:25 +0000 (14:32 +0000)]
Clarify the flow of add_edge_h().
This is an attempt at making the control flow through this function
easier to understand by rearranging branches and cutting back on
indentation levels.
This is a pure refactoring; there is no change in behavior.
Etienne Dechamps [Sun, 18 Dec 2016 14:25:20 +0000 (14:25 +0000)]
Fix edge updates containing local address changes.
This commit fixes a logic bug in the edge update code where local
address changes are not taken into account if they are bundled in with
other changes. This bug breaks local discovery in some scenarios.
The regression was introduced by commit
e4670fc4a0576eb76f1807ce29fa9455dd247632.