Guus Sliepen [Sun, 27 Jun 2021 17:16:53 +0000 (19:16 +0200)]
Update THANKS.
Guus Sliepen [Sun, 27 Jun 2021 15:23:30 +0000 (17:23 +0200)]
Update copyright notices.
Guus Sliepen [Sun, 27 Jun 2021 15:12:06 +0000 (17:12 +0200)]
Fix usage of @code and @samp commands.
Guus Sliepen [Sun, 27 Jun 2021 14:52:03 +0000 (16:52 +0200)]
Fix spelling errors.
Found by codespell.
pacien [Tue, 8 Sep 2020 23:24:28 +0000 (01:24 +0200)]
tincctl: restrict umask argument for FORTIFY
`umask(mode)` calls that do not verify `(mode & 0777) == mode` are
rejected when the libc FORTIFY checks are enabled [1].
The unrestricted `~perms` was indeed making this assertion fail.
[1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404
Guus Sliepen [Sun, 27 Jun 2021 14:19:37 +0000 (16:19 +0200)]
Don't try to forward packets to a node we don't have a key for.
If we got a packet that's meant to be relayed, don't call
sptps_send_data() if we don't have a valid key yet for the desination
node, but do keep trying to get a working connection to that node. Based
on a patch from thorkill.
Guus Sliepen [Sun, 27 Jun 2021 14:06:58 +0000 (16:06 +0200)]
Fix for the event loop on Windows.
The code did not take into account that the return value of
WSAWaitForMultipleEvents() is the offset into the event array plus
WSA_WAIT_EVENT_0.
Based on a patch from arsh0r.
Guus Sliepen [Sun, 27 Jun 2021 14:01:52 +0000 (16:01 +0200)]
Log errors when add_edge() fails to insert into the edge trees.
This should never happen, but if it does we want to have it at least
logged instead of causing issues later on.
Based on a patch from arsh0r.
Guus Sliepen [Sun, 27 Jun 2021 13:36:44 +0000 (15:36 +0200)]
Fix the check for sys/un.h.
Guus Sliepen [Sun, 27 Jun 2021 13:31:49 +0000 (15:31 +0200)]
Don't compile support for Device=fd on platforms that do not support UNIX sockets.
Guus Sliepen [Sun, 27 Jun 2021 13:02:13 +0000 (15:02 +0200)]
Fix compiler warnings.
Guus Sliepen [Sun, 27 Jun 2021 12:55:23 +0000 (14:55 +0200)]
Fix warnings from autoconf.
Bump the minimum required version of autoconf to 2.69, and avoid using
macros it warns are obsolete.
Guus Sliepen [Tue, 22 Jun 2021 20:36:13 +0000 (22:36 +0200)]
Fix warnings from GCC about VLAs.
Guus Sliepen [Tue, 22 Jun 2021 20:35:50 +0000 (22:35 +0200)]
Reformat the code using astyle.
Ilia Pavlikhin [Tue, 24 Sep 2019 15:34:12 +0000 (15:34 +0000)]
Add Subnet checking to tinc cli
Ilia Pavlikhin [Tue, 24 Sep 2019 11:26:52 +0000 (11:26 +0000)]
Fix infinity loop when network address and
prefix do not match
Aaron LI [Sun, 5 Apr 2020 11:07:42 +0000 (19:07 +0800)]
Use auto-clone device /dev/{tun,tap} as default on FreeBSD/DragonFly
DragonFly BSD doesn't pre-create `/dev/tunX` or `/dev/tapX` devices
anymore since 2019-Jul-31 [0]. So it's better to use the auto-clone
device `/dev/tun` or `/dev/tap` as the default TUN or TAP device.
The TUN/TAP device has the same behavior on DragonFly BSD and FreeBSD.
See also pull request: https://github.com/DragonFlyBSD/DeltaPorts/pull/925
[0] https://github.com/DragonFlyBSD/DragonFlyBSD/commit/
f1e9a4fff5aaac2be3a291dbfea94f94755991b8
Rosen Penev [Fri, 2 Apr 2021 21:36:39 +0000 (14:36 -0700)]
fix compilation without deprecated OpenSSL APIs
This was fixed for 1.0 but missing for 1.1.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Guus Sliepen [Mon, 21 Sep 2020 21:22:18 +0000 (23:22 +0200)]
Fix segfault when failing to read random numbers.
Because the result of read() was incorrectly stored in an unsigned
variable, an error reading from the random number generator device would
result in an infinite loop that would start writing out of bounds and
eventually corrupt the stack.
leptonyu [Sun, 15 Mar 2020 01:39:42 +0000 (01:39 +0000)]
fix macos build
Guus Sliepen [Mon, 20 Jan 2020 20:12:17 +0000 (21:12 +0100)]
Include stddef.h if available.
This is necessary to compile fd_device.c.
pacien [Mon, 20 Jan 2020 12:58:13 +0000 (13:58 +0100)]
fd_device: allow fd to be passed through a unix socket
New restrictions on the Android OS forbid direct leaking of file descriptors.
This patch allows the tinc daemon to have an fd and the associated
permissions transferred to it through a Unix domain socket.
Guus Sliepen [Wed, 17 Jul 2019 23:49:48 +0000 (01:49 +0200)]
Try harder to connect to unreachable nodes.
Guus Sliepen [Wed, 17 Jul 2019 23:33:38 +0000 (01:33 +0200)]
Don't keep an address cache in an outgoing_t.
Address caches are associated with nodes, so just use the address cache
in the node_t struct. Also ensure we always have opened an address cache in
setup_outgoing_connection().
Thanks to admincheg for finding this issue.
Guus Sliepen [Wed, 17 Jul 2019 22:31:54 +0000 (00:31 +0200)]
Disable AutoConnect in the ns-ping test.
Guus Sliepen [Wed, 17 Jul 2019 22:31:11 +0000 (00:31 +0200)]
Avoid void pointer arithmetic.
Maciej S. Szmigiero [Tue, 16 Apr 2019 13:00:50 +0000 (15:00 +0200)]
Fix strict aliasing violation in inet_checksum()
inet_checksum() accesses packet data as an array of uint16_t, but the
packet data can be for example of "anonymous struct pseudo" type from
route_ipv6_unreachable().
This type isn't a compatible type with uint16_t so a strict aliasing
violation occurs and causes the checksum to be computed incorrectly.
Fix this by using the memcpy() idiom to read the packet data as an array of
uint16_t in inet_checksum() (this should be understood by compilers and
optimized accordingly, so no actual copy occurs).
Maciej S. Szmigiero [Tue, 16 Apr 2019 12:19:48 +0000 (14:19 +0200)]
Revert "Work around a GCC bug that causes inet_checksum() to give wrong results."
This reverts commit
7c73cb3ace6659df58ec2382b8d47bb521dad886.
Andreas Rammhold [Thu, 28 Feb 2019 19:38:14 +0000 (20:38 +0100)]
fix: use EVP_DecryptUpdate while decrypting
With OpenSSL versions 1.0.2r & 1.1.1b there were changes in regards to
how OpenSSL treats misuse of Encrypt/Decrypt EVP methods in the opposite
case. E.g. using the encrypt methods in a decrypt context. OpenSSL now
returns an error in these situations. [1]
Since tinc used the EVP_EncryptUpdate function in the cipher_decrypt
function the new sanity check was triggered causing tinc to be unusable
with said OpenSSL versions.
[1] https://github.com/openssl/openssl/pull/7852
Guus Sliepen [Tue, 18 Dec 2018 16:44:08 +0000 (17:44 +0100)]
Prevent large amounts of UDP probes being sent consecutively.
We cannot reset udp_ping_sent to zero when we receive a valid reply to
an UDP probe, because that would cause a new one to be sent immediately
in try_udp(). Instead, add a bit to node_status_t to keep track of whether we
have a UDP probe that's waiting for a reply.
Thanks to Ronny Nilsson for spotting the source of the problem.
Guus Sliepen [Fri, 30 Nov 2018 13:47:52 +0000 (14:47 +0100)]
Fix the scripts test.
This was broken because of the changes in commit
44f3023.
Guus Sliepen [Fri, 30 Nov 2018 13:41:55 +0000 (14:41 +0100)]
Double-quote node names in dump graph output.
This is needed for all nodes with a name starting with a digit,
otherwise the IDÂ would be interpreted as a numeral.
Based on the patch from Quentin Rameau for tinc 1.0.
Fabian Maurer [Mon, 19 Nov 2018 21:11:10 +0000 (22:11 +0100)]
Generate tinc-up.bat on windows
Fabian Maurer [Mon, 19 Nov 2018 21:05:13 +0000 (22:05 +0100)]
Fix interface spelling
Guus Sliepen [Mon, 22 Oct 2018 18:34:19 +0000 (20:34 +0200)]
Handle DOS line endings in invitation files.
Guus Sliepen [Mon, 22 Oct 2018 18:31:37 +0000 (20:31 +0200)]
Attempt to make the test suite work with Windows executables.
The test suite still assumes a POSIX shell to run the tests, but now handles
the case when the executables themselves are (cross-)compiled for Windows,
with a .exe extension. Also, DOS line endings must be converted to UNIX
line endings in some cases.
Some tests now pass on Linux+Wine, but others do not, mainly due to Wine
not handling services very well.
Guus Sliepen [Mon, 22 Oct 2018 15:20:30 +0000 (17:20 +0200)]
Prevent sptps_test from sending overly large UDP packets.
This fixes the test suite on macOS, which has a lo0 interface with an MTU
of 16384, which is smaller than the maximum packet size we could send.
Guus Sliepen [Mon, 22 Oct 2018 15:01:08 +0000 (17:01 +0200)]
Make sure the stop command works on Windows if tincd is running in the foreground.
Guus Sliepen [Mon, 22 Oct 2018 14:53:12 +0000 (16:53 +0200)]
Drop support for Cygwin.
Tinc can be built as a native Windows binary using MinGW, and should support
all of the features that the Cygwin version did.
Guus Sliepen [Sun, 21 Oct 2018 14:24:10 +0000 (16:24 +0200)]
Fix compiling test binaries on Windows.
Guus Sliepen [Sun, 21 Oct 2018 14:23:45 +0000 (16:23 +0200)]
Fix warnings when compiling for Windows.
Guus Sliepen [Thu, 18 Oct 2018 19:41:52 +0000 (21:41 +0200)]
Skip the legacy protocol test if that protocol is disabled.
Guus Sliepen [Thu, 18 Oct 2018 15:19:47 +0000 (17:19 +0200)]
Allow "tinc --force join" to accept all variables sent in an invitaiton.
Guus Sliepen [Thu, 18 Oct 2018 15:17:20 +0000 (17:17 +0200)]
Make more variables safe for use in invitations.
When writing one's own invitation files, more variables are now accepted
by the invitee. The goal is to allow anything that doesn't interfere
with the existing network configuration of the invitee and that doesn't
cause any unexpected behaviour, such as starting running commands.
Werner Schreiber [Wed, 10 Oct 2018 17:16:59 +0000 (19:16 +0200)]
Fix segfault when dest->mtu is 0.
Guus Sliepen [Thu, 18 Oct 2018 14:42:18 +0000 (16:42 +0200)]
Fix building with --disable-legacy-protocol.
Guus Sliepen [Thu, 18 Oct 2018 14:15:19 +0000 (16:15 +0200)]
Reformat the code using astyle.
Guus Sliepen [Thu, 18 Oct 2018 13:59:24 +0000 (15:59 +0200)]
Check all Address statements when making outgoing connections.
The logic in get_recent_address() caused tinc to only consider the first
Address statement that could be resolved to one or more IP addresses.
Guus Sliepen [Thu, 18 Oct 2018 14:10:32 +0000 (16:10 +0200)]
Use the onlink flag when adding routes on Linux.
As reported by iczero, adding gateway routes on Linux can fail if the
gateway address is not reachable yet, either because the interface is
down, or if the gateway address is not inside any route that already is
added or is being added to that interface. By adding the onlink flag,
iproute2 will just add the route without questions.
iczero [Wed, 17 Oct 2018 05:58:52 +0000 (22:58 -0700)]
Fix tinc-up generation on windows
- use `%INTERFACE%` instead of `$INTERFACE` on windows
- correct typo in `netsh interface` (was `netsh inetface`)
- remove `static` when setting ipv6 address
Shengjing Zhu [Wed, 10 Oct 2018 07:00:47 +0000 (15:00 +0800)]
Fix manpage mdoc syntax
Guus Sliepen [Mon, 8 Oct 2018 20:12:23 +0000 (22:12 +0200)]
Install the bash completion file when running make install.
Closes #209 on GitHub.
Guus Sliepen [Mon, 8 Oct 2018 19:27:08 +0000 (21:27 +0200)]
Fix the compiler attribute test to work with Clang.
Clang doesn't like the __nonnull__ attribute being applied to functions
that don't take pointer arguments, and this causes errors when running
the configure script.
Guus Sliepen [Mon, 8 Oct 2018 09:00:01 +0000 (11:00 +0200)]
Releasing 1.1pre17.
Guus Sliepen [Sun, 7 Oct 2018 16:05:50 +0000 (18:05 +0200)]
Update THANKS.
Rafael Sadowski [Mon, 1 Oct 2018 13:14:24 +0000 (15:14 +0200)]
OpenBSD has a proper tap device.
Guus Sliepen [Sun, 7 Oct 2018 11:41:23 +0000 (13:41 +0200)]
Update README and links to required libraries.
Guus Sliepen [Sun, 7 Oct 2018 11:32:25 +0000 (13:32 +0200)]
Don't check for NULL-pointers before calling free().
Guus Sliepen [Sun, 7 Oct 2018 11:05:49 +0000 (13:05 +0200)]
Fix spelling errors.
Found by codespell.
Guus Sliepen [Sat, 6 Oct 2018 21:31:05 +0000 (23:31 +0200)]
Fix all warnings when compiling with -Wall -W -pedantic.
Guus Sliepen [Sat, 6 Oct 2018 16:18:45 +0000 (18:18 +0200)]
Fix warnings from the Clang static analyzer.
Guus Sliepen [Sat, 6 Oct 2018 15:51:41 +0000 (17:51 +0200)]
Fix compiler warnings.
Guus Sliepen [Sun, 9 Sep 2018 20:13:43 +0000 (22:13 +0200)]
Add a test for backwards compatibility with the legacy protocol.
Guus Sliepen [Sun, 9 Sep 2018 16:19:15 +0000 (18:19 +0200)]
Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)
The legacy authentication protocol allows an oracle attack that could
potentially be exploited. This commit contains several mitigations:
- Connections are no longer closed immediately on error, but put in
a "tarpit".
- The authentication protocol now requires a valid CHAL_REPLY from the
initiator of a connection before sending a CHAL_REPLY of its own.
- Reduce the amount of connections per second accepted.
- Null ciphers or digests are no longer allowed in METAKEYs.
- Connections that claim to have the same name as the local node are
rejected.
Just to be on the safe side:
- The new protocol now requires a valid SIG from the initiator of a
connection before sending a SIG of its own.
Guus Sliepen [Sun, 24 Jun 2018 14:19:10 +0000 (16:19 +0200)]
Enable AutoConnect by default.
Guus Sliepen [Sat, 23 Jun 2018 20:32:19 +0000 (22:32 +0200)]
Remove address cache debug messages printed to stderr.
Guus Sliepen [Sat, 23 Jun 2018 20:26:12 +0000 (22:26 +0200)]
Avoid treating compressed MTU probes as having a negative length.
This was not harmful, but caused negative values being logged.
Guus Sliepen [Wed, 13 Jun 2018 20:41:02 +0000 (22:41 +0200)]
Print UDP RTT on its own line.
Guus Sliepen [Wed, 13 Jun 2018 20:23:27 +0000 (22:23 +0200)]
Merge remote-tracking branch 'volth/release-1.1pre16-rtt' into 1.1
Also, reformat the code and fix a compiler warning.
Guus Sliepen [Tue, 12 Jun 2018 18:50:58 +0000 (20:50 +0200)]
Add missing item and attribution to NEWS.
Guus Sliepen [Tue, 12 Jun 2018 18:50:37 +0000 (20:50 +0200)]
Remove the ping test.
This was kind of a hack. The ns-ping test is a much better test, although
it only works on Linux.
volth [Wed, 13 Jun 2018 18:10:47 +0000 (18:10 +0000)]
minor
volth [Wed, 13 Jun 2018 14:12:02 +0000 (14:12 +0000)]
expose traffic stats to 'tinc info ___' and 'tinc dump nodes'
volth [Tue, 12 Jun 2018 21:17:30 +0000 (21:17 +0000)]
keep track of round trip times of UDP pings
Guus Sliepen [Tue, 12 Jun 2018 18:01:43 +0000 (20:01 +0200)]
Releasing 1.1pre16.
Guus Sliepen [Tue, 12 Jun 2018 17:47:02 +0000 (19:47 +0200)]
Remove the wxPython GUI.
This GUI is missing a lot of functionality, and won't be part of an 1.1.0
release. Therefore, it's being removed, and might be brought back after
1.1.0.
Oliver Freyermuth [Wed, 4 Apr 2018 20:01:52 +0000 (22:01 +0200)]
Fix compiling when support for UML sockets is enabled.
Guus Sliepen [Mon, 2 Apr 2018 14:49:06 +0000 (16:49 +0200)]
Reformat all code using astyle.
Guus Sliepen [Mon, 2 Apr 2018 14:33:14 +0000 (16:33 +0200)]
Add the ability to set a firewall mark on sockets.
The FWMark option is added, when set it will use setsockopt(SOL_SOCKET, SO_MARK)
to set the given value as the mark on all sockets created by tinc.
Thanks to Olivier Tirat for submitting a similar patch in the past.
Guus Sliepen [Mon, 2 Apr 2018 10:29:46 +0000 (12:29 +0200)]
Fix invitation tests if port 655 is available.
Running the "del Port" command when no Port is set returns an error. But
it is not necessary anyway since the later "set Port" command will
overwrite it.
Guus Sliepen [Fri, 30 Mar 2018 09:50:40 +0000 (11:50 +0200)]
Prevent an infinite loop in get_recent_address().
When a node is offline, but we still have edges to it that have the same
address as we already have in our address cache, an infinite loop would
happen in get_recent_address(), because we forgot to advance the pointer
in the list of known addresses, and kept looking at the same one over
and over.
Thanks to Sven-Haegar Koch for spotting the bug and providing
diagnostics.
Guus Sliepen [Fri, 30 Mar 2018 09:38:22 +0000 (11:38 +0200)]
Properly implement tinc.texi's dependency on tincinclude.texi.
With this, make distcheck succeeds even without the info-in-builddir
option to AM_INIT_AUTOMAKE.
Guus Sliepen [Tue, 27 Mar 2018 20:54:15 +0000 (22:54 +0200)]
Warn if we cannot reload the tincd when creating an invitation.
Mike Sullivan [Mon, 26 Mar 2018 19:19:04 +0000 (14:19 -0500)]
Fix handling partial SPTPS messages in sptps_test.
Guus Sliepen [Tue, 6 Mar 2018 18:31:17 +0000 (19:31 +0100)]
Ensure we call CloseServiceHandle() in case of errors.
Guus Sliepen [Tue, 6 Mar 2018 18:24:14 +0000 (19:24 +0100)]
Reformat all code using astyle.
Gjergji [Tue, 6 Mar 2018 10:10:41 +0000 (11:10 +0100)]
fix service removal.
Windows service was not removed until tincctl exits
Guus Sliepen [Wed, 28 Feb 2018 20:34:48 +0000 (21:34 +0100)]
Fix compatibility with LibreSSL and OpenSSL < 1.1.
Closes #184 on GitHub.
Guus Sliepen [Wed, 28 Feb 2018 20:28:16 +0000 (21:28 +0100)]
Try to process all pending events after select().
If we break out of the loop every time at the first filedescriptor that
is read/writeable, we risk starving the other filedescriptors.
Todd C. Miller [Tue, 27 Feb 2018 21:20:46 +0000 (14:20 -0700)]
Call WSAWaitForMultipleEvents() in a loop until we have checked all events.
WSAWaitForMultipleEvents() only returns the index of the first event that is read. We need to call WSAWaitForMultipleEvents() repeatedly to check if other events are also ready. Otherwise, a single busy event (such as the TAP device) can starve the other events.
Guus Sliepen [Tue, 27 Feb 2018 20:08:57 +0000 (21:08 +0100)]
Work around a GCC bug that causes inet_checksum() to give wrong results.
Valgrind reports the following bug:
==24877== Conditional jump or move depends on uninitialised value(s)
==24877== at 0x12283E: inet_checksum (route.c:80)
==24877== by 0x12283E: route_ipv6_unreachable (route.c:315)
==24877== by 0x1236AC: route_ipv6 (route.c:751)
==24877== by 0x1236AC: route (route.c:1160)
==24877== by 0x113DE0: receive_tcppacket (net_packet.c:493)
==24877== by 0x1119D4: receive_meta (meta.c:315)
==24877== by 0x113288: handle_meta_connection_data (net.c:287)
==24877== by 0x11A091: handle_meta_io (net_socket.c:491)
==24877== by 0x10FB0C: event_loop (event.c:370)
==24877== by 0x11362E: main_loop (net.c:489)
==24877== by 0x10CACA: main (tincd.c:551)
Clearing the variable pseudo in route_ipv6_unreachable removes this error,
but the resulting checksum is still bad. If one instead adds a dummy
write that depends on checksum, the error goes away and the checksum is
correct.
Guus Sliepen [Tue, 27 Feb 2018 18:11:38 +0000 (19:11 +0100)]
Revert "Unconditionally remove timeouts from the queue before calling the callback."
This reverts commit
e8a60109fc91a42420ec626b63956771675f89b0.
Guus Sliepen [Mon, 26 Feb 2018 21:19:43 +0000 (22:19 +0100)]
Unconditionally remove timeouts from the queue before calling the callback.
We are going to unlink the timeout from the splay tree anyway, so do it
unconditionally before the callback, instead of waiting until after the
callback to check whether or not to remove it based on its expiration
time.
Todd C. Miller [Thu, 22 Feb 2018 21:27:37 +0000 (14:27 -0700)]
In device_handle_read() we need to reset the read event on error or
it will keep firing. This is easy to reproduce by suspending the
machine while tinc is running.
Guus Sliepen [Wed, 21 Feb 2018 19:34:42 +0000 (20:34 +0100)]
Update the documentation of the control protocol.
Todd C. Miller [Wed, 21 Feb 2018 03:18:38 +0000 (20:18 -0700)]
Fix heap corruption on Windows exposed by the use-after free fix.
reset_address_cache() could call free_known_addresses() on a struct
addrinfo * that was returned by getaddrinfo(). It seems safest to just
make a copy of the addresses returned by getaddrinfo() so we can always
use free_known_addresses() instead of trying to determine whether or
not we need to use freeaddrinfo().
Guus Sliepen [Mon, 19 Feb 2018 19:41:21 +0000 (20:41 +0100)]
Document the control protocol.
Guus Sliepen [Sun, 18 Feb 2018 15:51:06 +0000 (16:51 +0100)]
Reduce memory allocations due to HMAC() and EVP_MD_*().
HMAC() allocates a temporary buffer on the heap each time it is called.
Similarly, we called EVP_MD_CTX_create() every time we wanted to
calculate a hash. Use HMAC_CTX and EVP_MD_CTX variables to store the
state so no (re)allocations are necessary. HMAC() was called for every
legacy packet sent and received.
This issue was found thanks to heaptrack.
Guus Sliepen [Sun, 18 Feb 2018 14:38:12 +0000 (15:38 +0100)]
Reduce memory allocations due to zlib's uncompress().
Everytime uncompress() is called, zlib allocates some buffer on the heap
and frees it again. When compression is enabled, this is the biggest source
of memory allocations in tinc. Instead of using this function, use
inflate(), which can store its state in a z_stream variable, which avoids
(re)allocating memory for every packet received.
This issue was found thanks to heaptrack.
Guus Sliepen [Sun, 18 Feb 2018 14:33:36 +0000 (15:33 +0100)]
Add code coverage testing support.
Allows configure to be run with the --enable-code-coverage flag, allowing
one to run make check-code-coverage, which runs the test suite and produces
a code coverage report.