Guus Sliepen [Sun, 3 Jul 2011 13:26:58 +0000 (15:26 +0200)]
Add PRF to derive key material from the ECDH shared secret.
It is modelled after the pseudorandom function from RFC4346 (TLS 1.1), the only
significant change is the use of SHA512 and Whirlpool instead of MD5 and SHA1.
Guus Sliepen [Sun, 3 Jul 2011 11:17:28 +0000 (13:17 +0200)]
Support ECDH key exchange.
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
Guus Sliepen [Mon, 27 Jun 2011 19:52:23 +0000 (21:52 +0200)]
Preliminary implementation of Elliptic Curve Diffie-Hellman Ephemeral key exchange.
Guus Sliepen [Sun, 26 Jun 2011 11:15:44 +0000 (13:15 +0200)]
Add manpage for tinc-gui.
Guus Sliepen [Sun, 26 Jun 2011 11:14:48 +0000 (13:14 +0200)]
Remove debug messages that were printed to stdout.
Guus Sliepen [Sun, 26 Jun 2011 10:59:11 +0000 (12:59 +0200)]
Update documentation to mention pidfiles instead of controlcookies.
Guus Sliepen [Sun, 26 Jun 2011 10:58:50 +0000 (12:58 +0200)]
Don't react to escape character in tincctl top.
Not only the ESC key generates an escape character, but many other keys
do as well, such as arrow keys.
Guus Sliepen [Sun, 26 Jun 2011 10:51:25 +0000 (12:51 +0200)]
Use pidfile in tinc-gui as well.
Guus Sliepen [Sat, 25 Jun 2011 20:20:39 +0000 (22:20 +0200)]
Really stable sorting of tincctl top output.
Guus Sliepen [Sat, 25 Jun 2011 19:38:59 +0000 (21:38 +0200)]
Add +git to the version string.
Guus Sliepen [Sat, 25 Jun 2011 19:35:27 +0000 (21:35 +0200)]
Make pid files backwards compatible and add address of listening socket.
The pid is now written first, so that a version 1.0.x tincd can be used to stop
a running version 1.1 tincd. Getsockname() is used to determine the address of
the first listening socket, so that tincctl can connect to the local tincd even
if AddressFamily = ipv6, or if BindToAddress or BindToInterface is used.
Guus Sliepen [Sat, 25 Jun 2011 19:21:36 +0000 (21:21 +0200)]
Rename controlcookie file to pidfile.
Guus Sliepen [Sat, 25 Jun 2011 19:16:13 +0000 (21:16 +0200)]
Don't call exit_control() if we didn't do init_control().
Guus Sliepen [Sat, 25 Jun 2011 18:20:07 +0000 (20:20 +0200)]
Re-add support for SIGALRM.
Guus Sliepen [Sat, 25 Jun 2011 15:39:02 +0000 (17:39 +0200)]
Merge Tinc.py into tinc-gui to simplify make install.
Autoconf/automake's Python support is strange.
Guus Sliepen [Sat, 25 Jun 2011 15:11:05 +0000 (17:11 +0200)]
Thank Scott Lamb, Sven-Haegar Koch and Loïc Grenié in the NEWS file.
Guus Sliepen [Sat, 25 Jun 2011 15:08:40 +0000 (17:08 +0200)]
Ensure the right files end up in the tarball after make dist.
Guus Sliepen [Sat, 25 Jun 2011 13:28:54 +0000 (15:28 +0200)]
Releasing 1.1pre1.
Guus Sliepen [Sat, 25 Jun 2011 13:28:13 +0000 (15:28 +0200)]
Ensure that the texinfo manual can be converted to HTML.
Somehow commit
2c30af6c90926340a89748c63cc453b1c0b5a589 was not properly
merged.
Guus Sliepen [Sat, 25 Jun 2011 12:52:47 +0000 (14:52 +0200)]
Update manpages and info manual.
Guus Sliepen [Fri, 24 Jun 2011 22:32:45 +0000 (00:32 +0200)]
Add Makefile.am in gui/.
This ensures the gui source will be included in the tarball with make dist,
and will be installed with make install.
Guus Sliepen [Fri, 24 Jun 2011 22:06:06 +0000 (00:06 +0200)]
Don't use AM_CONDITIONAL for CURSES.
For some reason, this doesn't work when cross-compiling for Windows.
Guus Sliepen [Fri, 24 Jun 2011 20:49:18 +0000 (22:49 +0200)]
Don't call event_del() from the mtuevent handler, always send_mtu_probe() in ans_key_h().
Guus Sliepen [Fri, 24 Jun 2011 20:10:03 +0000 (22:10 +0200)]
Delete mtuevent if it is not used.
Keeping it around prevents ans_key_h() from restarting PMTU discovery.
Guus Sliepen [Fri, 24 Jun 2011 19:40:55 +0000 (21:40 +0200)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
src/Makefile.am
Guus Sliepen [Fri, 24 Jun 2011 12:50:20 +0000 (14:50 +0200)]
Releasing 1.0.15.
Guus Sliepen [Fri, 24 Jun 2011 10:27:04 +0000 (12:27 +0200)]
Remove redundant @CFLAGS@ from AM_CFLAGS.
Guus Sliepen [Tue, 21 Jun 2011 21:08:05 +0000 (23:08 +0200)]
No need to check for pselect() in tinc 1.1.
Guus Sliepen [Tue, 21 Jun 2011 21:06:53 +0000 (23:06 +0200)]
Only log UDP address changes at the appropriate debug levels.
Guus Sliepen [Mon, 6 Jun 2011 19:19:30 +0000 (21:19 +0200)]
Reopen log file after SIGHUP.
This was missed by the previous merge.
Guus Sliepen [Mon, 6 Jun 2011 18:42:15 +0000 (20:42 +0200)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
configure.in
doc/tincd.8.in
lib/pidfile.c
lib/pidfile.h
lib/xalloc.h
lib/xmalloc.c
src/conf.c
src/conf.h
src/connection.c
src/connection.h
src/event.c
src/graph.c
src/graph.h
src/net.c
src/net.h
src/node.h
src/openssl/crypto.c
src/process.c
src/protocol.c
src/protocol_key.c
src/route.c
Guus Sliepen [Mon, 6 Jun 2011 18:12:33 +0000 (20:12 +0200)]
Clean up digests when freeing a connection_t.
Guus Sliepen [Mon, 6 Jun 2011 14:26:11 +0000 (16:26 +0200)]
Improved --logfile option.
Instead of UNIX time, the log messages now start with the time in RFC3339
format, which human-readable and still easy for the computer to parse and sort.
The HUP signal will also cause the log file to be closed and reopened, which is
useful when log rotation is used. If there is an error while opening the log
file, this is logged to stderr.
Guus Sliepen [Sat, 4 Jun 2011 09:27:54 +0000 (11:27 +0200)]
Attribution for Loïc Grenié.
Loïc Grenié [Sat, 4 Jun 2011 07:05:23 +0000 (09:05 +0200)]
Nearly tickless tinc.
Use pselect instead of select in main_loop (if available). This lets
tincd sleeps as long as there is nothing to do.
Guus Sliepen [Fri, 3 Jun 2011 13:50:20 +0000 (15:50 +0200)]
Don't ignore SIGCHLD, system() needs it.
But we do ignore SIGPIPE, and tinc 1.0.x signals that are no longer used
(SIGUSR1 and SIGUSR2), since the default handler of these signals is to
terminate tincd immediately.
Guus Sliepen [Thu, 2 Jun 2011 22:46:56 +0000 (00:46 +0200)]
Fix format strings for Windows.
Windows doesn't like %zd, so cast (s)size_t to int. Also, some shorts were
incorrectly printed with %d instead of %hd.
Guus Sliepen [Thu, 2 Jun 2011 22:34:30 +0000 (00:34 +0200)]
Use send() when writing to sockets, and the return type is ssize_t.
Guus Sliepen [Thu, 2 Jun 2011 21:40:27 +0000 (23:40 +0200)]
Small fixes for Windows.
Guus Sliepen [Thu, 2 Jun 2011 20:14:53 +0000 (22:14 +0200)]
Even simpler signal handling.
Guus Sliepen [Thu, 2 Jun 2011 19:29:11 +0000 (21:29 +0200)]
Remove debugging message that was accidentily left in.
Guus Sliepen [Thu, 2 Jun 2011 19:16:57 +0000 (21:16 +0200)]
Don't treat packets coming in via TCP as having zero length.
Guus Sliepen [Thu, 2 Jun 2011 19:14:50 +0000 (21:14 +0200)]
Fix nodes joining the VPN after tincctl top started.
Guus Sliepen [Thu, 2 Jun 2011 18:48:18 +0000 (20:48 +0200)]
Make traffic statistics more readable with configurable scaling.
Guus Sliepen [Thu, 2 Jun 2011 18:27:16 +0000 (20:27 +0200)]
More stable sorting in tincctl top.
Although we use qsort(), which is not guaranteed to be stable, resorting the
previously sorted array is more stable than recreating and resorting the array
each time.
Guus Sliepen [Thu, 2 Jun 2011 16:22:26 +0000 (18:22 +0200)]
Fix some compiler and cppcheck warnings.
Guus Sliepen [Thu, 2 Jun 2011 16:07:50 +0000 (18:07 +0200)]
Remove support for the Ethertap device.
Guus Sliepen [Thu, 2 Jun 2011 15:57:53 +0000 (17:57 +0200)]
Remove unused functions and variables.
Guus Sliepen [Thu, 2 Jun 2011 15:55:29 +0000 (17:55 +0200)]
Don't #include <alloca.h> anymore.
Guus Sliepen [Thu, 2 Jun 2011 15:53:35 +0000 (17:53 +0200)]
Drop the GNU memcmp.c implementation.
Guus Sliepen [Thu, 2 Jun 2011 15:45:06 +0000 (17:45 +0200)]
Drop the GNU malloc.c, realloc.c, and xmalloc.c.
We live in the 21st century, and we require C99 semantics, so we do not need to
work around buggy libcs. The xmalloc() and related functions are now static
inline functions.
Guus Sliepen [Thu, 2 Jun 2011 15:14:30 +0000 (17:14 +0200)]
Simplify signal handling.
We don't override any signal handlers anymore except those for SIGPIPE and
SIGCHLD. Fatal signals (SIGSEGV, SIGBUS etc.) will terminate tincd and
optionally dump core. The previous behaviour was to terminate gracefully and
try to restart, but that usually failed and made any core dump useless.
Guus Sliepen [Sun, 29 May 2011 20:34:19 +0000 (22:34 +0200)]
Remove outgoing event in free_connection().
Guus Sliepen [Sun, 29 May 2011 20:14:35 +0000 (22:14 +0200)]
Initialise priority field to zero for packets read from the VPN interface.
Guus Sliepen [Sun, 29 May 2011 20:12:37 +0000 (22:12 +0200)]
Cosmetic fix when pressing 's' in tincctl top.
Guus Sliepen [Sun, 29 May 2011 20:10:54 +0000 (22:10 +0200)]
Show hostname and port in error message when connecting to a running tincd.
Sven-Haegar Koch [Sun, 29 May 2011 19:53:21 +0000 (21:53 +0200)]
do_outgoing_connection() may delete a failed connection, and the structure
must not be accessed afterwards.
Sven-Haegar Koch [Sun, 29 May 2011 19:35:31 +0000 (21:35 +0200)]
src/net_socket.c bind_to_address(): Use after free in error path.
Guus Sliepen [Sun, 29 May 2011 12:41:05 +0000 (14:41 +0200)]
Allow tincctl to connect to something besides localhost.
This would allow tincctl to connect to a remote tincd, or to a local tincd that
isn't listening on localhost, for example if it is using the BindToInterface or
BindToAddress options.
Guus Sliepen [Sat, 28 May 2011 21:46:56 +0000 (23:46 +0200)]
Remove a few unnecessary #includes.
Some spotted by Michael Tokarev.
Guus Sliepen [Sat, 28 May 2011 21:42:18 +0000 (23:42 +0200)]
Remove newlines from log messages.
Guus Sliepen [Sat, 28 May 2011 21:36:52 +0000 (23:36 +0200)]
Fix sparse warnings and add an extra sprinkling of const.
This is more or less the equivalent of Sven-Haegar Koch's fixes in the 1.1
branch.
Sven-Haegar Koch [Sat, 28 May 2011 01:48:07 +0000 (03:48 +0200)]
fgets() returns NULL on error, not < 0
Sven-Haegar Koch [Sat, 28 May 2011 01:46:39 +0000 (03:46 +0200)]
sparse fixup: warning: Using plain integer as NULL pointer
Sven-Haegar Koch [Sat, 28 May 2011 01:57:20 +0000 (03:57 +0200)]
sparse fixup: warning: non-ANSI function declaration of function '...'
Sven-Haegar Koch [Sat, 28 May 2011 01:56:06 +0000 (03:56 +0200)]
sparse fixup: warning: symbol '...' was not declared. Should it be static?
Sven-Haegar Koch [Sat, 28 May 2011 01:12:03 +0000 (03:12 +0200)]
sparse fixup: error: too many arguments for function send_key_changed
Sven-Haegar Koch [Sat, 28 May 2011 01:08:31 +0000 (03:08 +0200)]
sparse fixup: error: dubious one-bit signed bitfield
Sven-Haegar Koch [Sat, 28 May 2011 00:57:40 +0000 (02:57 +0200)]
Use same definition for xalloc_fail_func as is really used.
Sven-Haegar Koch [Fri, 27 May 2011 23:36:10 +0000 (01:36 +0200)]
Removed two newlines from the end of log messages which created empty lines.
Sven-Haegar Koch [Fri, 27 May 2011 23:33:45 +0000 (01:33 +0200)]
Fixed error logging on "Input buffer full" condition.
Guus Sliepen [Sun, 22 May 2011 13:56:04 +0000 (15:56 +0200)]
Make return value of SetPriorityClass() behave the same as setpriority().
Guus Sliepen [Sun, 22 May 2011 12:17:30 +0000 (14:17 +0200)]
Add the ability to dump all traffic going through route() over a control connection.
One can get the packet stream in pcap format, which can be decoded using
tcpdump, for example:
tincctl -n <netname> pcap | tcpdump -r -
Guus Sliepen [Sun, 22 May 2011 12:02:27 +0000 (14:02 +0200)]
Reset tcplen after use.
Guus Sliepen [Sun, 22 May 2011 11:15:27 +0000 (13:15 +0200)]
Check if an event is initialized before calling event_del().
Libevent prints a warning to stderr if we do that.
Guus Sliepen [Sun, 22 May 2011 11:15:05 +0000 (13:15 +0200)]
Always compact the buffer if it has reached MAXBUFSIZE.
Guus Sliepen [Sun, 22 May 2011 10:56:51 +0000 (12:56 +0200)]
Compact input buffer before trying to read instead of after.
Also log an error when the input buffer contains more than MAXBUFSIZE bytes
already, instead of silently claiming the other side closed the connection.
Guus Sliepen [Tue, 17 May 2011 08:58:22 +0000 (10:58 +0200)]
Fix some compiler warnings.
Guus Sliepen [Tue, 17 May 2011 08:57:30 +0000 (10:57 +0200)]
Use GetItemCount() on ListCtrls instead of directly accessing ItemCount.
Guus Sliepen [Mon, 16 May 2011 07:48:19 +0000 (09:48 +0200)]
Add top.h.
Guus Sliepen [Mon, 16 May 2011 07:46:54 +0000 (09:46 +0200)]
Add tincctl.h.
Guus Sliepen [Sun, 15 May 2011 14:30:13 +0000 (16:30 +0200)]
Nicer top command.
- Configurable refresh interval.
- Switch between cumulative count or current rate.
- Configurable sorting.
Guus Sliepen [Sun, 15 May 2011 14:29:54 +0000 (16:29 +0200)]
Allow inserting items in the middle of a list.
Guus Sliepen [Sun, 15 May 2011 11:16:48 +0000 (13:16 +0200)]
Add a very primitive "top" command to tincctl.
Guus Sliepen [Sun, 15 May 2011 10:06:21 +0000 (12:06 +0200)]
Add an autoconf check for the curses library.
Guus Sliepen [Sun, 15 May 2011 09:59:13 +0000 (11:59 +0200)]
Dump traffic statistics over control sockets.
Guus Sliepen [Sat, 14 May 2011 22:42:29 +0000 (00:42 +0200)]
Add per-node traffic counters.
Guus Sliepen [Sat, 14 May 2011 20:30:23 +0000 (22:30 +0200)]
Several fixes for the buffer code.
Guus Sliepen [Sat, 14 May 2011 17:20:56 +0000 (19:20 +0200)]
Remove use of bufferevent and eventbuffers, use our own buffering instead.
Guus Sliepen [Sat, 14 May 2011 17:15:04 +0000 (19:15 +0200)]
Add simple buffer management code.
Libevent 2.0's buffer code is not completely backward compatible with 1.4's.
In order to not (mis)use it anymore, we implement it ourselves. The buffers
are automatically expanding when necessary. When consuming data from the
buffer, no memmove()s are performed. Only when adding to the buffer would
write past the end do we shift everything back to the start.
Guus Sliepen [Sat, 14 May 2011 09:52:35 +0000 (11:52 +0200)]
Fix check for event initialization due to the merge.
Guus Sliepen [Fri, 13 May 2011 10:37:26 +0000 (12:37 +0200)]
Reorder checks for libraries to allow ./configure LDFLAGS=-static.
OpenSSL depends on libdl and libz. When linking dynamically, libcrypto will
automatically link with the other two libraries. However, when linking
statically, these libraries need to be specified explicitly while linking. By
moving the autoconf checks for libdl and libz before those for libcrypto, we
ensure the latter test will be done with the proper libraries.
Guus Sliepen [Mon, 9 May 2011 19:35:14 +0000 (21:35 +0200)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts:
NEWS
README
configure.in
doc/tincd.8.in
lib/pidfile.c
src/bsd/device.c
src/dropin.h
src/net.c
src/net_packet.c
src/node.c
src/process.c
src/tincd.c
Guus Sliepen [Sun, 8 May 2011 21:17:46 +0000 (23:17 +0200)]
Releasing 1.0.14.
Guus Sliepen [Sun, 8 May 2011 21:12:44 +0000 (23:12 +0200)]
Include <inttypes.h> when using intptr_t.
Guus Sliepen [Sun, 8 May 2011 21:12:06 +0000 (23:12 +0200)]
Ensure proper linking with OpenSSL with recent versions of MinGW.
Guus Sliepen [Sun, 8 May 2011 19:22:20 +0000 (21:22 +0200)]
Update THANKS and copyright information.
Guus Sliepen [Sun, 8 May 2011 19:06:06 +0000 (21:06 +0200)]
Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
The latter function disappeared, and wasn't actually used in tinc, so now we
check on a function that we do use.
Guus Sliepen [Sun, 8 May 2011 10:40:44 +0000 (12:40 +0200)]
Always use the default signal handler for ABRT signals.
This will allow coredumps to be generated when tinc is daemonized.
Also add the -kABRT option.
Guus Sliepen [Sun, 8 May 2011 10:16:26 +0000 (12:16 +0200)]
Increase threshold for detecting two nodes with the same Name.
In commit
4a21aabada23d1d2c8a10f54dd7248171c4ec82f, code was added to detect
contradicting ADD_EDGE and DEL_EDGE messages being sent, which is an indication
of two nodes with the same Name connected to the same VPN. However, these
contradictory messages can also happen when there is a network partitioning. In
the former case a loop happens which causes many contradictory message, while
in the latter case only a few of those messages will be sent. So, now we
increase the threshold to at least 10 of both ADD_EDGE and DEL_EDGE messages.