1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
|
Version 1.0.24 May 11 2014
------------------------------------------------------------------------
Guus Sliepen (26):
Mention in the manual that multiple Address staments are allowed.
If no Port is specified, set myport to actual port of first listening socket.
Enable compiler hardening flags by default.
Update support for Solaris.
Include <limits.h> for PATH_MAX.
Stricter check for raw socket support.
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
Don't enable -fstack-protector-all.
Remove or lower the priority of some debug messages.
Clarify StrictSubnets.
Attribution for various contributors.
Handle errors from TAP-Win32/64 adapter in a better way.
Remove useless variable 'hard' from try_harder().
Merge pull request #14 from luckyhacky/master
Add an autoconf check for res_init().
Nexthop calculation should always use the shortest path.
Fix issues found by Coverity.
Fix warnings found by GCC 4.9.
Fix a few more issues found by Coverity.
Fix a few more issues found by Coverity.
Drop h and hh length modifiers from printf format strings.
Fix a bug that could prevent tinc from starting correctly on Windows.
FIx the autoconf checks for res_init().
Remove the warnings when IP_DONTFRAGMENT/IPV6-DONTFRAG is not supported.
Releasing 1.0.24.
Steffan Karger (3):
Use constant time memcmp() when comparing packet HMACs.
Use cryptographically strong random when generating keys.
Check RAND_bytes() return value, fail when getting random fails.
Florent Clairambault (2):
Adding "conf.d" configuration dir support.
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
Armin Fisslthaler (1):
reload /etc/resolv.conf in SIGALRM handler
Loic Dachary (1):
fix documentation typo
Vilbrekin (1):
Update android build instructions. Disable PIE as this is not supported on some devices.
luckyhacky (1):
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
Version 1.0.23 October 19 2013
------------------------------------------------------------------------
Guus Sliepen (9):
Check for writability when waiting for a socket to finish connecting.
Don't send PING requests on connections which are not active yet.
Fix segfault when Name = $HOST but $HOST is not set.
Fix typos in the documentation.
Modernize the build system.
Get rid of the splay tree implementation.
Add description of IffOneQueue and MaxTimeout to the info manual.
Clean up child processes from proxy type exec.
Releasing 1.0.23.
Version 1.0.22 August 13 2013
------------------------------------------------------------------------
Guus Sliepen (7):
Better optional argument handling.
Fix a typo.
Set $NAME when calling host-up/down and subnet-up/down scripts.
Don't use vasprintf() anymore on Windows.
Don't echo broadcast packets back when Broadcast = direct.
Update copyright notices.
Releasing 1.0.22.
Etienne Dechamps (1):
Fix combination of Mode = router and DeviceType = tap on Linux.
Version 1.0.21 April 22 2013
------------------------------------------------------------------------
Guus Sliepen (2):
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Releasing 1.0.21.
Version 1.0.20 March 03 2013
------------------------------------------------------------------------
Guus Sliepen (30):
Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
Document how to load the tap driver on FreeBSD.
Update THANKS file.
Also clarify hostnames=[yes|no] in tinc.conf(5).
Attribution for Vil Brekin and some code style cleanups.
Don't ignore Makefile.am.
Fix links in documenation.
Attribution for Martin Schürrer.
Add strict checks to hex to binary conversions.
Clear connection options and status fields in free_connection_partially().
Fix warnings from cppcheck.
Clear Ethernet header when reading packets from a tun device.
Clear status and options fields of unreachable nodes.
Fix warnings from groff.
Using alloca() for a constant sized buffer is very silly.
Make sure PMTU discovery works in switch mode with VLAN tags.
Mention in the manual that support for LZO and zlib can be disabled.
Fix configure script help text for --enable options.
Don't take the address of a variable whose scope is about to disappear.
Send broadcast packets using a random socket, and properly support IPv6.
Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
Fix support for tunemu on iOS devices.
Make sure PriorityInheritance also works in switch mode.
Detect increases in PMTU.
Fix a compiler warning.
Fix segmentation fault when trying to connect via a SOCKS5 proxy.
Don't send proxy requests for incoming connections.
Fix compiler warnings on Windows.
Fix detection of rejected SOCKS5 proxy requests.
Releasing 1.0.20.
Vilbrekin (5):
Basic patch for android cross-compilation.
Replace hard-code with new ScriptsInterpreter configuration property.
Add basic .gitignore file, cleaning (most) files generated by autotools.
Use __ANDROID__ define rather than dirty hard-code to allow android NDK cross-compilation.
Android cross-compilation instructions.
Martin Schürrer (1):
Output details of encryption errors
Mesar Hameed (1):
Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes.
Version 1.0.19 June 25 2012
------------------------------------------------------------------------
Guus Sliepen (14):
Support :: in IPv6 Subnets.
Remove newline from log message.
Add support for systemd style socket activation.
Allow environment variables to be used for Name.
Allow broadcast packets to be sent directly instead of via the MST.
Add basic support for SOCKS 4 and HTTP CONNECT proxies.
Add support for SOCKS 5 proxies.
Add support for proxying through an external command.
Document new proxy types.
Small fixes in proxy code.
#include <winsock2.h> on Windows.
Fix compiler warnings.
Fix crash when using Broadcast = direct.
Releasing 1.0.19.
Anthony G. Basile (1):
configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
Michael Tokarev (1):
add (errnum) in front of windows error messages
Version 1.0.18 March 25 2012
------------------------------------------------------------------------
Guus Sliepen (13):
Always try next Address when an outgoing connection fails to authenticate.
Allow a port to be specified in BindToAddress statements.
Add support for multicast communication with UML/QEMU/KVM.
Set default value of DecrementTTL to "no".
Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
Allow scoped addresses to be used for IPv6 multicast socket.
Fix compiler warnings.
Fix return value type of vde_send().
Fix some more compiler warnings.
Document OpenBSD "ifconfig link0" and Linux "ip tuntap" commands.
Fix return type of vde_recv() as well.
Mark DecrementTTL option experimental.
Releasing 1.0.18.
Version 1.0.17 March 10 2012
------------------------------------------------------------------------
Guus Sliepen (32):
Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
Return false instead of void when there is an error.
Fix compilation of VDE and UML interfaces.
Add vde/device.c to the tarball.
Fix a few small memory leaks.
Allow linking with multiple device drivers.
Set FD_CLOEXEC flag on all sockets.
Allow multiple BindToAddress statements.
Merge branch 'master' of black:tinc
Send packets back using the same socket as they were received on.
Allow setting DeviceType to tun or tap on Linux.
Merge branch 'master' of black:tinc
Only compile raw socket code when it is supported on that platform.
Decrement TTL of incoming packets.
Don't bind outgoing TCP sockets anymore.
Rename connection_t *broadcast to everyone.
Allow disabling of broadcast packets.
Move initialization of char *priority up to prevent freeing an uninitialized pointer.
Document the command line flag -o and provide --option as well.
Fix a bug that caused tinc to ignore all but the last listening socket.
Fix check for raw socket support.
Pass index into listen_socket[] to handle_incoming_vpn_data().
Add LocalDiscovery option which tries to detect peers on the local network.
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
Stricter checks against routing loops.
Only use broadcast at the start of the PMTU discovery phase.
Only log errors sending UDP packets when debug level >= 5.
Accept Subnets passed with the -o option when StrictSubnets = yes.
Add missing ICMP6 message type definitions.
Make sure disabling old RSA keys works on Windows.
Update copyright notices.
Releasing 1.0.17.
Nick Hibma (1):
Add missing ICMP message type definitions.
Version 1.0.16 July 23 2011
------------------------------------------------------------------------
Guus Sliepen (4):
Make code to detect two nodes with the same Name less triggerhappy.
Flush output buffer in send_tcppacket().
Use usleep() instead of sleep(), MinGW complained.
Releasing 1.0.16.
Version 1.0.15 June 24 2011
------------------------------------------------------------------------
Guus Sliepen (9):
Reorder checks for libraries to allow ./configure LDFLAGS=-static.
Make return value of SetPriorityClass() behave the same as setpriority().
Fix sparse warnings and add an extra sprinkling of const.
Remove newlines from log messages.
Remove a few unnecessary #includes.
Attribution for Loïc Grenié.
Improved --logfile option.
Remove redundant @CFLAGS@ from AM_CFLAGS.
Releasing 1.0.15.
Loïc Grenié (1):
Nearly tickless tinc.
Version 1.0.14 May 08 2011
------------------------------------------------------------------------
Guus Sliepen (48):
Fix reading configuration files that do not end with a newline. Again.
Define WINVER before including any other header file on Windows.
Use intptr_t instead of long to store a pointer.
OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
Fix all warnings when compiling with mingw64.
Use strrchr() insteaad of rindex().
Detect and prevent two nodes with the same Name being on the VPN simultaneously.
Use 64 bit counters to keep track of bytes sent/received from the virtual network interface.
Do not append an address to ANS_KEY messages if we don't know any address.
Merge local host configuration with server configuration.
Remove duplicate command-line option parsing.
Attribution for Julien Muchembled.
Attribution for Timothy Redaelli.
Ensure there is a newline character before a PEM key is written.
Abort disabling old PEM keys on I/O errors.
Remove unused variables.
Quit when there are too many consecutive errors on the tun/tap device.
Read error counter must be static.
Add short options -R and -U to the tincd(8) manpage.
Don't use strlen() on a NULL pointer.
Provide usleep() for Windows.
Use variable length arrays instead of alloca().
Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
Free replay window when freeing a node_t.
Fix variable length array declaration.
Attribution for Brandon Black.
Use setpriority() instead of nice() on UNIX-like systems.
Always send MTU probes at least once every PingInterval.
Close all filedescriptors in Solaris close_device().
Limit field width when scanning PID file.
Replace bogus #else with #endif.
Remove unused variables.
Document the behavior of "-n."
Update the manual.
Update the NEWS.
Proper check and dropin replacement for usleep().
Fix typo spotted by Andrew Scheller.
Add support for VDE through libvdeplug.
Fix spurious misidentification of incoming UDP packets.
Prevent anything from updating our own UDP address.
Do not set indirect flag on edges from nodes with multiple addresses.
Increase threshold for detecting two nodes with the same Name.
Always use the default signal handler for ABRT signals.
Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
Update THANKS and copyright information.
Ensure proper linking with OpenSSL with recent versions of MinGW.
Include <inttypes.h> when using intptr_t.
Releasing 1.0.14.
Brandon L Black (4):
Experimental IFF_ONE_QUEUE support for Linux
Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
Configurable ReplayWindow size, zero disables
Improved handling of queue-jumping packets on receive
Julien Muchembled (2):
New '-o' option to configure server or hosts from command line
Fix command-line '-o' option for host configuration
Timothy Redaelli (2):
Fix warnings showed using -D_FORTIFY_SOURCE=2
Fix warnings under BSD
Michael Tokarev (1):
Treat netname="." in a special way.
Rumko (1):
DragonFlyBSD support
Version 1.0.13 April 11 2010
------------------------------------------------------------------------
Guus Sliepen (20):
Clamp MSS to miminum MTU in both directions.
Simplify reading lines from configuration files.
Check for dirent.h.
Preload all Subnets in TunnelServer mode.
Add the StrictSubnets option.
Add the Forwarding option.
Add the DirectOnly option.
Fixes for the Forwarding option.
ConnectTo does not mean tinc does not listen for incoming connections anymore.
Log unauthorized Subnets when StrictSubnets is set.
Fix typo.
Convert Port to numeric form before sending it to other nodes.
Ensure ICMP_NET_ANO is defined.
Reload Subnets when getting a HUP signal and StrictSubnets is used.
Fix reloading Subnets when StrictSubnets is set.
Ensure subnet-up/down scripts are called after HUP when necessary.
Fixes for definitions under Windows.
Don't redefine MAX if it already exists.
Mark Forwarding and DirectOnly options as being experimental.
Releasing 1.0.13.
Timothy Redaelli (2):
Add --disable-lzo configure option
Add --disable-zlib configure option
Sven-Haegar Koch (1):
Never delete Subnets when StrictSubnets is set
Version 1.0.12 February 03 2010
------------------------------------------------------------------------
Guus Sliepen (21):
When learning MAC addresses, only check our own Subnets for previous entries.
Remove unused variable in lookup_subnet_*() functions.
Forget addresses of unreachable nodes.
Do not fragment packets smaller than RFC defined minimum MTUs.
Allow port to be specified in Address statements.
Use xstrdup() instead of xasprintf() to copy static strings.
Allow Port and PMTUDiscovery options in tinc.conf, always enable PMTUDiscovery by default.
Clamp MSS of IPv4 SYN packets.
Ping nodes immediately when receiving SIGALRM.
Optimise handling of select() returning <= 0.
Also clamp MSS of TCP over IPv6 packets.
Make MSS clamping configurable, but enabled by default.
Fix subnet-up/down scripts being called with an empty SUBNET.
Run subnet-up/down scripts for local MAC addresses as well.
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests.
Determine peer's reflexive address and port when exchanging keys.
Immediately exchange keys when establishing a meta connection.
Try to set DF bit on BSDs as well.
Update copyright notices.
Ensure peers with a meta connection always have our key.
Releasing 1.0.12.
Version 1.0.11 November 01 2009
------------------------------------------------------------------------
Guus Sliepen (16):
Fix a possible crash when sending the HUP signal.
Starting to work towards 1.0.11.
Handle weighted Subnets in switch and hub modes.
Clarify and increase level of log message about MTU probes to unreachable nodes.
Add dummy device.
Use uint32_t instead of long int for connection options.
Allow UDP packets with an address different from the corresponding TCP connection.
Always reply to MTU probes via UDP.
Make maxmtu equal to minmtu when fixing the path MTU to a node.
Forward packets to not directly reachable hosts via UDP if possible.
Use IP_DONTFRAGMENT instead of IP_MTU_DISCOVER on Windows.
Use WSAGetLastError() to determine cause of network errors on Windows.
Move socket error interpretation to utils.h.
Fast handoff of roaming MAC addresses.
Start a tinc service if it already exists.
Releasing 1.0.11.
Michael Tokarev (1):
Remove localedir leftovers.
Version 1.0.10 October 18 2009
------------------------------------------------------------------------
Guus Sliepen (78):
Update documentation for git.
Consistently allocate device and iface variables on the heap.
Only send packets via UDP if UDP communication is possible.
Move free()s at the end om main() to the proper destructor functions.
Change flush_events() to expire_events().
Add missing cleanup functions in close_network_connections().
Use a global list to track outgoing connections.
Remove unused definitions from net.h.
Allow reading config files with CRLF endings on Unix systems.
Validate Name before using it in a filename when generating a keypair.
Disable old RSA keys when generating new ones.
Handle neighbor solicitation requests without link layer addresses.
Allow weight to be assigned to Subnets.
Update THANKS and copyright information.
Disable PMTUDiscovery in switch and hub modes.
Use a simple Random Early Drop algorithm in send_tcppacket().
Handle UDP packets from different and ports than advertised.
If PMTUDiscovery is not set, do not forward packets via TCP unnecessarily.
Fix link to Mattias Nissler's tun/tap driver for MacOS/X.
Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66.
Use xrealloc instead of if(ptr) ptr = xmalloc().
Add declaration for sockaddrcmp_noport().
Use packet size before decompression to calculate path MTU.
Do not forward broadcast packets when TunnelServer is enabled.
Add ProcessPriority option.
Add some const where appropriate.
Properly set HMAC length for incoming packets.
Don't try to send MTU probes to unreachable nodes.
Remove pending MTU probe events when a node's reachability status changes.
Do not log errors when recvfrom() returns EAGAIN or EINTR.
Change level of some debug messages, zero pointer after freeing hostname.
Always remove a node from the UDP tree before freeing it.
Add xasprintf() and xvasprintf().
Check the return value of fscanf() when reading a PID file.
Replace asprintf() by xasprintf().
UNIX signal numbers start at 1.
Ensure tinc compiles with gcc -std=c99.
Convert bitfields to integers in a safe way.
Add the GPL license to the repository.
Another safe bitfield conversion.
Add support for iPhones and recent iPods.
Don't stat() on iPhone/iPod.
Put Subnet weight in a separate environment variable.
Allow PMTUDiscovery in switch and hub modes again.
Handle unicast packets larger than PMTU in switch mode.
Remove superfluous call to avl_delete().
Apparently it's impolite to ask GCC to subtract two pointers.
Use only rand(), not random().
Also do not use drand48(), it is not available on Windows.
Allow compiling for Windows XP and higher.
Remove dropin random() function, as it is not used anymore.
Use access() instead of stat() for checking whether scripts exist.
Raise default crypto algorithms to AES256 and SHA256.
Remove extra {.
Use a mutex to allow the TAP reader to process packets faster on Windows.
Raise default RSA key length to 2048 bits.
Send large packets we cannot handle properly via TCP.
Update copyright information.
Remove all occurences of $Id$.
Remove Ivo's old email addresses.
Update the address of the Free Software Foundation in all copyright headers.
K&R style braces.
Remove checkpoint tracing.
Drop support for localisation.
Add more authors to the copyright headers.
Update the NEWS.
Remove autogenerated files from EXTRA_DIST.
Don't disconnect clients in TunnelServer mode who send unauthorised ADD_SUBNETs.
Remove code duplication when checking ADD_EDGE/DEL_EDGE messages.
Revert "Raise default crypto algorithms to AES256 and SHA256."
Ensure that the texinfo manual can be converted to HTML.
Small updates to the documentation.
Use MTU probes to regularly ping other nodes over UDP.
Allow the cloning /dev/tap interface to be used on FreeBSD and NetBSD.
Remove debugging message when reading packets from a BSD device.
Include missing header.
Fix description of the WEIGHT environment variable.
Releasing 1.0.10.
Michael Tokarev (17):
Allow tunnelserver to work with clients that have other peers.
Enable PMTUDiscovery only if BOTH sides wants it.
Rename setup_network_connections() and split out try_outgoing_connections()
Implement privilege dropping
bugfix: initialize pid (as read from pidfile) to zero
bugfix: move mlock to after detach() so it works for child, not parent
bugfix: chdir(/) after chroot
change error messages in droppriv code to match the rest
format 'not supported on this platform' error message
TunnelServer: Don't disconnect client on DEL_SUBNET too
ignore indirect edge registrations in tunnelserver mode
don't log every strange packet coming to the UDP port
Fix ans_key exchange in recent changes
tunnelserver: log which ADD_SUBNET was refused
cleanup setpriority thing to make it readable
try outgoing connections before chroot/drop_privs
Remove extra semicolon in my definition of setpriority()
Florian Forster (2):
src/linux/device.c: Fix segfault when running without `--net'.
src/net_socket.c: Bind outgoing TCP sockets to `BindToAddress'.
Borg (1):
Removed last gettext function.
Version 1.0.9 December 26 2008
------------------------------------------------------------------------
Guus Sliepen (18):
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
Make sure the prefixlength of subnets is sane.
Fix reading configuration files that do not end with a newline.
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
Prevent freeing a NULL pointer when a hostname is unresolvable.
Correct debug message.
Treat virtual network device as tap if Mode = switch or hub.
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
Make sure IPv6 sockets are IPv6 only.
Update Dutch translation.
Update copyright information.
Enable PMTU discovery by default.
Update documentation.
Update the manpage as well, and some whitespace to make its source more legible.
Handle broadcast and multicast packets in router mode.
Apply patch from Max Rijevski fixing a memory leak when closing connections.
Add missing parentheses in check for IPv4 multicast addresses.
Releasing 1.0.9.
Version 1.0.8 May 16 2007
------------------------------------------------------------------------
Guus Sliepen (8):
Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM.
Apply patch from Scott Lamb fixing some memory and resource leaks.
Close the proper filedescriptor (if it exists).
Apply patch from "dnk" making sockets non-blocking under Windows.
Make sure connection->name is never NULL.
Update dutch translation.
Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski.
Releasing 1.0.8.
Version 1.0.7 January 05 2007
------------------------------------------------------------------------
Guus Sliepen (7):
Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
Tapreader socket should be bound to localhost only.
Fix generic BSD tun device to write only the actual packet length.
rename() cannot replace existing files on Windows.
No things to do for the 1.0 branch except bugfixing.
Update copyright notices.
Releasing 1.0.7.
Version 1.0.6 December 18 2006
------------------------------------------------------------------------
Guus Sliepen (13):
Make sure resolved addressed for outgoing connections are freed, if there are any.
Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h.
When building the minimum spanning tree, make sure we start from a reachable node.
Use the correct next pointer.
Remove unnecessary stuff from configure.in.
Remove old Spanish translation.
Fix rule that creates html version of manpages.
Use standard autoconf macros instead of our own.
We do properly check for malloc and realloc.
Remove the test for linux/if_tun.h.
Do a simple test for linux/if_tun.h instead of no test at all.
Prevent compiler warnings about redefinition of EAI_FAMILY on FreeBSD 6.1.
Releasing 1.0.6.
Version 1.0.5 November 14 2006
------------------------------------------------------------------------
Guus Sliepen (32):
Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
Add alloca.h to the list of necessary header files.
Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh.
EVP_Cleanup() when quitting.
Apply patch from Scott Lamb unifying configuration of TCP socket options.
Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
Make sure $NAME is set correctly when executing tinc-down script.
Missing #include.
Export flush_meta().
Fix signedness compiler warnings.
Fix a bug in handling prefixlengths that are not a multiple of 4.
Update copyright notices, remove Ivo's email address.
Restore length of the original packet in send_udppacket().
Use memcpy() to copy sockaddrs returned by getaddrinfo().
Add generic host-up and host-down scripts.
Do not break strict aliasing of status_t structs.
Fix format string warnings.
Remove unused variables.
Remove unused parameter from maskcmp().
Remove unused variable.
memcpy() addresses from packet headers before calling the lookup functions.
The "active" bit in node.status is not used.
Added graph dumping ability based on Markus Goetz's patch.
popen() requires pclose().
Support and autodetect LZO version 2.0 and later.
Support and autodetect LZO version 2.0 and later.
Document GraphDumpFile option.
Update Dutch translation.
Nodes use events, so event system should be initialised first and destroyed last.
When deleting an entire tree, start at head, not at root.
EWOULDBLOCK does not exist on platforms without O_NONBLOCK
Releasing 1.0.5.
Version 1.0.4 May 04 2005
------------------------------------------------------------------------
Guus Sliepen (17):
Make sure broadcast packet reach the local network interface.
Fix splay tree code.
subnet-up/down hooks
subnet-up/down hooks, use list_t for the todo list.
Small fix.
Free memory used by connection_t after it is deleted from the connection tree.
Use the proper free function.
Correct size argument for strncat().
Nodes should only be in the node_udp_tree if they are reachable.
Don't try to add a non-existing node back to the node_udp_tree.
Remove unused (and potentially segfaulting) net2str() call.
Be on the safe side with initialisation of c->name.
Searching through splay trees may change the tree variable.
Several splay tree fixes.
Describe subnet-up/down scripts in documentation.
Update copyright notices.
Releasing 1.0.4.
Version 1.0.3 November 11 2004
------------------------------------------------------------------------
Guus Sliepen (77):
Removed items in TODO list that are already implemented. Only two items
Applied patch from Jamie Briggs for bash2 conformance.
Added another semicolon for bash2 compliance (thanks to Jamie Briggs)
Adding even more stuff from the CABAL branch.
Synchronise HEAD with CABAL branch.
This will become 2.0.
Some device.c files weren't synchronised.
Makevars file was accidentily removed.
Forgot to synchronise po/ directory...
Add description of new authentication scheme.
Add Opaque option which prevent information from being forwarded to certain nodes.
Replace Opaque and Strict options with a TunnelServer option.
Complain if pid file cannot be created.
Read MaxTimeout from tinc.conf like the manpage says.
Missing space between words.
Don't retry if configuration is wrong from the beginning.
Fix proxy-neighborsolicitation.
Code beautification, start of multicast support.
Forget multicast. Always inline some function.
Let tinc figure out the exact MTU of the link.
More sensible name, and try to set PMTU discovery on IPv6 sockets as well.
Describe the TunnelServer and PMTUDiscovery options.
Better name, show probed MTU in dump.
Improvements for PMTU discovery and IPv4 packet fragmentation.
Missing definitions.
Small fixes for PMTU discovery.
Don't forget to update destination MAC address.
Small updates.
Remove autogen.sh, the autoreconf program does exactly that.
Replace cvs-clean with a much better svn-clean.
Remove CVS related cruft.
Eat trailing whitespace in config files.
Only read our public key if it wasn't already in the private key file.
Updating dutch translation.
Even better svn-clean command.
Applied Martin Kihlgren's IdentityGenerosity patch,
Fix declaration of update_node_address().
Use Subversion to create ChangeLog, better svn-clean rule.
Revert Martin Kihlgren's patch, it doesn't work the way it should.
Move CABAL branch to its rightful place: the trunk.
Update copyrights, links, email addresses and let Subversion update $Id$ keywords.
Increase MTU by 4 bytes to allow VLAN tagged Ethernet frames in hub and switch mode.
Clean up environment after executing scripts.
Handle timeouts during connecting the same way as other errors.
Added UML network socket handling.
Don't set $INTERFACE automatically, don't quit on EINTR/EAGAIN.
Marking potential late packets was in the wrong place.
Remove duplicate #include "system.h"
Move all #ifdef HAVE_HEADER_H #include <header.h> to have.h,
Fix several #includes.
strndupa() is too arcane for some environments.
Allow tinc to work with the latest TAP-Win32 driver.
Correct return value.
Don't let tinc service depend on NDIS component.
Support alternative tun/tap driver from http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
Generic device driver for *BSD and MacOS/X
static
Check for sys/uio.h, net/if_tun.h and net/if_tap.h
Don't include .svn directory in sample configuration.
Splay trees.
Hoopjumping to get the default directories in the manuals properly.
Update to make it compile again.
Fixed another bug in late packet handling.
Hopefully this really fixes late packet handling.
Missing check for NULL-pointer.
Use the generic BSD tun/tap code.
Fix order of arguments for tar.
Let compiler decide when to inline.
Support tunneling IPv6 on Solaris.
Add BlockingTCP option, useful when using TCPOnly on slow or congested links.
Update documentation.
Set BSD tuns to broadcast mode. On OpenBSD, this enables IPv6 on the tun device!
Remove duplication.
Updated dutch translation.
Short readme about how to compile tinc from a Subversion checkout.
Add more people who have contributed to tinc.
Releasing 1.0.3.
Ivo Timmermans (52):
Check for __gmpz_powm for libgmp3.
Changed version number to 1.0pre3.
Autogenerated by gettextize.
Bring head revision up to date with cabal (try #3)
Add check for the syslog function
Generalized error handling functions
Add all the new files to the sources list for the utility library
New function: xalloc_and_zero()
Generalized list and hash handling functions
First try to create a graphical frontend for tinc configuration
Updating HEAD branch #1; removing obsolete files.
Updating HEAD branch #2; removing debian/ dir.
Updating HEAD branch #3; more obsolete files removed.
Updating HEAD branch #4; Merging CABAL -> HEAD.
Updating HEAD branch #5; Last files from CABAL.
Ok, I forgot these ;)
More updates
More...
Last bits (hopefully)
Main pokey interface files.
Pokey interface definition
Write src/pokey/Makefile
Also compile in pokey/
Remove debug level declaration
Update copyright info
Remove debug_lvl
New logging system to replace syslog() calls with a generic function.
Rename log_message to log
Add syslog() wrapper
Add syslog wrapper
Some magic
Added priority definitions from syslog.h
log_default_hook was renamed to log_default
Added prototype for log_syslog
Use logging.h instead of syslog.h
Compile in logging.c
Things to ignore...
Use new logging system
Include logging.h
Renamed libvpn to libtinc
Rename libvpn to libtinc
...
Print newline when writing to stderr
*** empty log message ***
Moving files, first attempt at gcrypt compatibility, more interface
Commit diff test
Another file moved; random interface stuff.
Callbacks
Moved event.c/h
test
test 2
Hm.
Wessel Dankers (5):
Initial revision. Lots of loose ends, not usable yet.
added bit on config file, split up sections, added Id: tag
Added extra bit about keys.
More about keys
This file is now only in the CABAL revision.
cvs2svn (1):
This commit was generated by cvs2svn to compensate for changes in r1352,
Version 1.0.2 November 08 2003
------------------------------------------------------------------------
Guus Sliepen (47):
Simplify fake getname/addrinfo() functions, possibly fixing freeing a NULL pointer.
stat() batch files under Windows.
Don't getsockopt() SO_ERROR. We get the error from send()/recv() anyway.
Fix fake getnameinfo() and check more arguments.
Fix --logfile under Windows.
Use the event log under Windows.
Compilation fix.
Do what the SDK documentation tells.
If we're not in main_loop() and the service is stopped, exit immediately.
Allow tinc to handle unknown type addresses from other tinc daemons.
Don't overwrite the first " when installing a service.
Add checkpoints.
When purging nodes, only delete them if nobody references them anymore.
Remove debug message.
Add license exception from Markus Oberhumer.
Remove old edges from unreachable nodes to us. This prevents the hosts/NAME-up
We don't have to tell GCC how to cast.
Prevent multiple inclusions.
Remove pidfile when exitting.
Update translations.
Check for short packets from the tun/tap device and from other tinc daemons.
Generate keys with 0x10001 as public exponent, which has less prime factors
Better length checks.
Copy structs from packets to the stack before using them, to prevent
const
Ethernet protocol types.
Unused variable in struct.
Don't confuse users with "Address family not supported" warnings.
Use CPPFLAGS, LDFLAGS and LIBS as appropiate.
PIDs are of type pid_t, and use %ld when reading/writing them to the pidfile.
Make sure type of AF_UNKNOWN is sa_family_t.
Forgot to #include "xalloc.h"
Update missing definitions, structs describing headers get __packed__ attribute.
Missing declaration.
Set media status for newer TAP-Win32 driver.
Some platforms don't know sa_family_t or define it other than uint16_t.
Update documentation.
Fix ASCII art.
Check return value of EVP_* functions, and check if length before en/decryption
Check all EVP_ function calls.
Parentheses in the wrong spots.
Fix bug that could lead to an assertion failure in libcrypto when multiple
Small fixes in documentation.
Fix another bug in meta.c.
Update dutch translation.
Add missing definitions.
Release notes for 1.0.2
Version 1.0.1 August 14 2003
------------------------------------------------------------------------
Guus Sliepen (24):
Windows uses backslashes...
Tell windows to be patient.
Remove unused stuff from doc/.
Correct error message when remote host closed connection.
Simplify execute_script(). It will probably work under Windows as well.
Allow empty lines in config files.
Make rule for sample-config.tar.gz.
Readd quotes.
Typo.
Better error messages under Windows.
Log error first, try to close later.
Quote when needed and don't try stuff that doesn't work under Windows.
Under Windows, the installation directory can be found in the registry.
Better error checking and reporting.
Small things.
Simpler checking of permissions on private RSA key and other fixes.
Check for fchmod().
Only system() needs script name quoted.
Update documentation.
Add a description for the Service control panel.
Updated dutch translation.
Small fixes.
Fix permissions check for rsa_key.priv.
Update.
Version 1.0 August 08 2003
------------------------------------------------------------------------
Guus Sliepen (111):
Thank some more people.
Run graph() after edge_del() when updating an edge.
Add documentation for BindToAddress.
Fix PriorityInheritance.
PrivateKeyFile instead of PrivateKey.
Run graph algorithm when replacing a second connection from the same host
Add $NAME for tinc-up/down scripts.
- Fix indentation in some places.
Various fixes for autoconf and OpenSSL 0.9.7 and a missing header.
Make sure send_meta() writes everything.
Typo.
- Avoid memory leak caused by OpenSSL 0.9.7a.
- Speed up checksumming
Don't copy more than necessary.
Checksums must also work for uneven number of bytes.
HUP signal now closes connections to hosts if their host config file is
Better handling of late packets.
Make sure outgoing_t is completely freed.
- Per-node EVP_CIPHER_CTX to avoid initialisation overhead.
Small fixes to make LZO compression work.
Small fixes.
Fix links.
Fix warning and add missing checks for LZO library.
Call make_names() before doing anything else.
If we have a Linux tun/tap device and we are in router mode, open the device
AddressFamily is "any" by default.
Remove mymac stuff from device.c.
Fixes from Wessel Danker's libavl.
More braces to make gcc happy.
Update documentation.
Update dutch translation.
Typo and conversion to UTF-8.
There are two lzo compression levels.
Really make tinc default to any addressfamily.
This subtle pointer arithmetic thingy is (I'm very sure of it) the cause
- simplify configure.in
Check for IPv6 header files.
Define logger(), cleans up source code and allows us to write log entries
Sprinkling the source with static and attributes.
Provide all missing IPv6 definitions in lib/ipv6.h.
Actually add ipv6.h.
More missing definitions.
More missing IPv6 definitions and autoconf checks to make sure it compiles
Simplify logging, update copyrights and some minor cleanups.
Update copyrights.
Removing distribution specific files from CVS.
Format string checking for logger().
Export mymac.
Make use of the CIPE driver. Woohoo, tinc for Windows!
Windows headers declare a struct interface somewhere.
Big header file cleanup: everything that has to do with standard system
Even more missing definitions.
Remove all #ifndefs from route.c
Update all device.c files.
Check for ethernet/ipv4/ipv6 related structures.
Use iface instead of interface because it might already be declared in
Oops.
No UNIX style permissions under Windows.
Be consistent.
Oops.
Check for sys/mman.h.
Use functions from logger.c
Copy cygwin driver to mingw directory. It doesn't work (yet).
Add section about configuring Cygwin and CIPE on Windows.
Option to specify pidfile location.
Use bools and enums where appropriate.
Run setup_device() after parsing configuration but before claiming we're ready.
Don't initialise a CIPHER_CTX if cipher == NULL.
Sprinkle around a lot of const and some C99 initialisers.
More generic handling of tap device under Windows.
More checks for missing functions.
Fix compile errors and warnings.
Update dutch translation and make sure all device drivers are included in
Update configure scripts.
Make sure it works.
Make sure (at least) the MinGW device driver works.
Native Windows support.
Cleanups.
Update documentation and remove stuff that's too outdated.
Remove doc/es/ and src/device.c from the distribution.
No C99 initialisers, gcc 2.95.3 doesn't like it.
Replacement for stdbool.h
Prevent definitions from messing up attributes.
Check if the compiler knows about the __malloc__ attribute.
Wrong argument.
Remove forgotten braces.
No easy way to properly detect header files...
Woops!
Wrong function...
Prevent system headers from including our own headers.
Allow whitespace in values.
Oops.
Windows has no symbolic links as we know it.
When compiling with MinGW, link with ws2_32.
Install tinc as a service under Windows (MinGW). Remove cleanup_and_exit(),
Error messages.
Cleanups and error messages.
Missing include.
Oops.
Updated dutch translation.
Explain how tinc detaches and how it is "killed" under Windows.
Typo and another thing to think about.
Clean up last part of main().
Old gcc compilers don't like declarations in the middle of a function.
Cygwin needs windows.h.
Keep Windows happy.
Remove newlines from log messages.
Update dutch translation
Simplify translation
Use our own port when connecting to ourself.
Sync CABAL branch with release-1_0 branch.
Ivo Timmermans (2):
Fix saving of debug level for startup level 0
Call RSA_blinding_on(), as advised in the paper on
Wessel Dankers (1):
its: Engels voor "van het" - 3e persoon enkelvoud, genitief, onzijdig
Version 1.0pre8 September 16 2002
------------------------------------------------------------------------
Guus Sliepen (73):
Support for MaxOS/X.
Add BindToAddress variable, similar to the late BindToIP.
Added Nick Patavalis for his RedHat package.
Informative log message if execl() failed.
Fix very stupid bug in node_del(), which might have caused corruption of
Only purge once when there are no more connections.
Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts
Make it work correctly with NetBSD tun device.
Use correct includes on NetBSD.
Cleanup:
Use inttypes.h instead of stdint.h.
- netinet/* include files depend on netinet/in_systm.h.
Added Darwin (MacOS/X) tun device handling.
Use darwin/device.c when compiling on MacOS/X.
Include darwin/device.c in distribution.
Autoconf cleanup. Works for both 2.13 and 2.53, although running autoconf
Add configuration details for NetBSD and Darwin (MacOS/X).
Reset listen_sockets after SIGHUP.
Update comments about IPv6 autoconfiguration.
s/sliepen.warande.net/sliepen.eu.org/g
Fix for prefixlengths of 32 (IPv4) and 128 (IPv6) bits.
Allow list of environment variables to be passed to execute_script().
Allow identical subnets from different owners.
Clear subnets before using them.
Started port to Cygwin.
Added stub device.c for Cygwin.
Include complete fake-getname/addrinfo from OpenSSH.
Allow tincd to be locked into main memory.
Don't bother to chown, and correctly document ConnectTo.
Added support for raw sockets. This can be used instead of tun/tap devices.
Gettext 1.11.5 compatibility.
Check for ranlib.
Replacement for the current routing algorithm.
Make sure setlocale() is available.
Drop graph and edge stuff. Use new node stuff instead.
A reachable node is always more preferable to an unreachable one...
Woops.
Reduce KEY_CHANGED traffic.
Prevent looping DEL_NODE/ADD_NODE messages after a node disconnects.
Don't forget to set prevhop to myself for new connections.
Just ignore wrong ADD_NODEs instead of replying with a DEL_NODE, in the
Revert to edge and graph stuff. This time, use a directed graph.
Small fixes.
Generalized request broadcasting/forwarding.
Updated dutch translation.
Small updates.
Run autopoint and libtoolize before creating initial makefiles.
Add missing headers.
Typo.
Only reset seqno's when a key is sent or received.
Remove global edge_tree.
edge_weight_compare() shouldn't rely on edge_compare().
Reset the *correct* seqnos.
Fix MST algorithm.
Why don't these connection_t's get cleaned up?
Cleanups:
Switch to K&R style indentation.
Switch to K&R style indentation.
Remove redundant spaces.
Let GCC check format string and arguments of send_request().
Fix compiler warnings.
Clean up after indent.
Link with libintl if necessary.
Fix placement of #include "config.h"
Make sure malloc() is declared.
What was I thinking?
MacOS/X needs #define _P1003_1B_VISIBLE in order to use mlockall().
port_t isn't used anymore and conflicts with MacOS/X headers.
Small fixes so tinc compiles out of the box on SunOS 5.8
Updated dutch translation.
Use /dev/net/tun as default for tun/tap device under Linux.
Update documentation.
Remarks about 1.0pre8 release.
Ivo Timmermans (9):
Put #ifndef checks for HAVE_RAND_PSEUDO_BYTES in the correct places.
Typo
OSX support
getnameinfo fixes
Add /sw/{include,lib} to search paths if they exist
Include a few more header files
Include netbsd's device.c in make dist
Added Alessandro Gatti
Added AM_MAINTAINER_MODE
Wessel Dankers (1):
This should work much better.
Version 1.0pre7 April 09 2002
------------------------------------------------------------------------
Guus Sliepen (9):
Make configure --help output look nicer.
Don't check_network_activity() if select() is interrupted by a signal.
check_rsa() is broken, I don't know why, just remove it for now.
Fix maskcheck() and maskcmp().
Automake forgets about depcomp, remind it.
masklength is better known as prefixlength.
masklength is better known as prefixlength
Updated dutch translation.
Remarks about 1.0pre7 release.
Version 1.0pre6 March 27 2002
------------------------------------------------------------------------
Guus Sliepen (91):
Forgot to merge new files from pre5.
Last bits of the merger.
Sensible defaults for $INTERFACE.
- If no PrivateKeyFile is specified, /etc/tinc/netname/rsa_key.priv is assumed.
Small fix.
Added support for packet compression, thanks to Mark Glines.
Don't use sa_sigaction (which NetBSD doesn't like) at all if we don't use siginfo.
Get rid of sys/signal.h.
Added device.c for NetBSD, actually a copy of the OpenBSD one.
Add check for NetBSD.
- Non-blocking connect()s.
Fix segfault when receiving HUP signal.
Use AF_UNSPEC for listening sockets if AddressFamily = any.
Forward packets in router mode.
Fix maskcmp() and maskcpy().
Cache results of lookup_subnet_...().
Protocol now also exchanges cipher/digest/maclength/compression for the
Preserve inpkt->len, needed for broadcasts.
- Use gai_strerror() where appropriate
- Change SA_LEN to SALEN, former one is already defined on some platforms.
Tweaking IPv6 support.
Allow multiple listening sockets.
Fix send_request() bug.
Make BindToInterface work.
Fix listening sockets.
If "PriorityInheritance = yes" is specified in tinc.conf, the value of the
Create/bind TCP and UDP listening sockets in pairs.
Updated documentation.
Updated dutch translation.
- Global time_t now, so that we don't have to call time() too often.
Document and clean up MAC address expiry.
Woops.
Check if BindToDevice and PriorityInheritance are supported.
Fix forwarding of IPv6 packets.
po/POTFILES and po/Makefile should not be generated by configure.
Autodetect $MAKE/gmake/make.
Small fixes to improve portability.
Don't retry to make outgoing connections when exitting.
Cleanups, spelling fixes, allow symbol names for signals (-k option),
prune_connections() before build_fdset().
Try to reply to neighbor solicitation requests.
New strategy: forward icmp6 neighbor solicitations to intended target.
Simplified implementation of Kruskal's minimum spanning tree algorithm.
Packet sequence number/authentication warnings only if debug_lvl >= 5.
Remove silly cache thingy.
Put #ifdef NEIGHBORSOL around corresponding code.
Revert changes to Kruskal's algo.
Neighbor solicitation requests now work (I think).
Oops, don't forget to actually put the checksum in the response packet.
Different way of detecting neighbor solicitation requests.
Typo.
Unmap v4mapped sockaddrs.
Only unmap IPv6 addresses.
#define s6_addr32, needed for FreeBSD.
Fix #define s6_addr32.
Remember sockaddrs of listening sockets, use appropriate one when sending
Cleanup.
Don't use s6_addr[16|32] anymore.
Updated dutch translation.
Updated SSSP algorithm to automatically detect indirect links (if a node uses
Put a break on requests that run around in circles.
- Added support for jumbograms.
Fix add_edge_h().
Fix compiler warnings, strictly use long int and %lx for options.
send_ack() was broken.
free() request strings when deleting past requests from the tree.
Don't run graph algorithms if no edge is deleted in terminate_connection().
Reset retry timeout when receiving the first PONG, not right after receiving the ACK.
Don't try to execute scripts unless they exist.
Execute hosts/name-up when a node becomes reachable, and hosts/name-down
Set $INTERFACE correctly when using ethertap while compiled with tun/tap support.
Updated dutch translation.
Respect type field.
OpenBSD tun device uses address family number instead of Ethernet type.
Configuration variables were still handled case sensitively.
Set myself->status.reachable.
Updated documentation.
Tell a little bit more about security.
Send REQ_KEY only once until ANS_KEY has arrived.
Fix execute_script().
Small correction.
Merge do_prune() with build_fdset(). Probably fixes the invalid filedescriptor error.
Extend list_t with the number of elements in the list.
Limit the amount of packets in a queue to 8.
Small updates.
Remove cruft.
Recent automake uses $(AMTAR) instead of $(TAR)
Remove symlink to device.c when doing a make dist.
Fix format strings.
Update dutch translation.
Update with information about the pre6 release.
Version 1.0pre5 February 10 2002
------------------------------------------------------------------------
Guus Sliepen (109):
Small fixes to allow correct compilation under FreeBSD (tested with 4.3)
Make sure Solaris is happy too.
Fix subnet_lookup() for overlapping subnets. Needs rethinking.
Added proxy-arp support. No more ifconfig -arp needed. Works like a charm
- tinc can now act as a switch or a hub too (as opposed to a router only)
Changed some stuff to allow correct generation of po/Makefile after a
Updated dutch translation.
- This oneliner removes the need for ifconfig tap? hw ether fe:fd:0:0:0:0
Fix bug where lookup_subnet_ipv4() could go into an infinite loop.
You can now put an option "Mode" in tinc.conf, and choose from:
Add missing? counting of total_socket_in.
Log and warn about duplicate subnet_add()'s for the same subnet.
Fixes to make switching work between hosts that have no meta-connection.
Save configure cache more often.
Changed drastically because it didn't work correctly:
Only reset seconds_till_retry when we activate the outgoing connection.
Woops - big bug in send_key_changed fixed.
- Solaris compile fixes
Check for and add -ldl.
Remove #warnings I used for debugging stuff.
Reinstated search for if_tun.h in kernel source tree, because apparently
Spanish translation removed. Nobody maintains it, and it is severely
ABOUT-NLS is created by autogen.sh.
Don't build Spanish translation.
Execute tinc-down BEFORE tap device is closed. This is a. more symmetric
es.po revived.
Also remove po/Makefile.in.in, which is generated by autogen.sh.
Log error if two hosts connect with same IP/port tuple.
Fix gcc 3.0 warnings.
Check for dlopen in standard libraries first (needed for DEC OSF).
It appears that autogen.sh doesn't like es.po if it isn't mentioned in
Update of RedHat build scripts.
Dutch translation updated.
More items marked as done.
Fix printf format bug.
Fix compiler warning.
Check for all potential duplicate entries in the id tree.
- Always use <openssl/include.h> instead of just <include.h>
Don't load table of verbose OpenSSL errormessages.
Correct inclusion of standard if_tun.h header file.
Split connection list into two lists:
Correctly use the active_tree.
Remove all unnecessary status.meta and status.active checks.
Added purge_tree for connection_t's which are no longer in the connection,
Updated terminate_connection() so you can choose if DEL_HOSTs should be
Always close all sockets in terminate_connection().
Woohoo! tinc now compiles, runs and actually *works* on Solaris!
Started writing a document about how daemons connect to each other.
Described problem in more detail.
Small update.
Correctie.
Written down a possible solution.
Discuss how sending ADD_EDGEs would be better than sending ADD_HOSTs.
More on edges.
Don't use %m in fprintf().
Write public key to rsa_key.pub instead of rsa_key.priv (if not host
The val variable in a config_t is never used as a long.
Explicitly log which type of tunnel device is used.
Don't send DEL_HOSTs when !status.meta
Fix signed comparison bug in lookup_subnet_ipv4().
Remove IndirectData support for now, new implementation will be added
Revised reconnection mechanism, always try out all ConnectTo lines.
Optional signal number for -k option.
config_t* is a const parameter in get_config_val().
- Try old TUN/TAP ioctl() request if the one from if_tun.h fails.
Not only keep track of nexthop, but also of lastbutonehop. If destination cl
Show next- and lastbutonehop when dumping connectionlist to syslog.
Try next connectto instead of the same over and over.
Fill in next- and lastbutonehop for myself.
- Renamed lastbutonehop to prevhop.
Fix bug where tinc would crash because of a portscan or a connection from a
- Use ping timeout mechanism to close connections that don't authenticate
Fix bug when dropping an old connection in favour of a new one from the
Updated dutch translation.
Started implementing doc/CONNECTIVITY.
Small corrections.
Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a
Removed everything from connection.c that has already been moved to node.c and
Revamp configuration handling:
More updates to new node/vertex/connection combo.
- Split tap device stuff out of net.[ch]
Added FreeBSD tap device handling.
Solaris tun device handling cleaned up a bit and added.
Forgot to remove some old #ifdef stuff.
Added OpenBSD tun device handling. Untested though.
Forgot the tun specific stuff.
Support new files (node/vertex/device.[ch]) and OpenBSD.
Big bad commit:
Make sure everything links.
Various small fixes to make tinc runnable again.
What was I thinking? s/vertex/edge/g.
- More s/vertex/edge/g
- More changes needed for Kruskal's algorithm
Working version of Kruskal's algorithm. The running time is very bad though.
Various fixes, tinc is now somewhat capable of actually working again.
More updates to protocol handlers and reimplemented terminate_connection().
- Small fixes to graph algorithms
Don't forget to read public RSA key when making an outgoing connection.
Show cfg->variable instead of cfg->value when complaining about wrong type.
Avoid connecting to another node twice, and check name of outgoing connections.
Some very small fixes
Use PEM functions as suggested by OpenSSL docs.
Several bugfixes.
*** empty log message ***
Be liberal in what you accept: allow unknown edges to be deleted.
Correctly check if subnet owner exists.
Various fixes needed for Solaris.
More fixes for Solaris.
Merging of the entire pre5 branch.
Ivo Timmermans (32):
New make target: `make release'
Changed version number to 1.0-cvs
Don't distribute autogen.sh in a release
Don't include the debian/ dir in a release
Small fix to make it compile again
Killing tincd with SIGINT causes it to toggle between the current
Check for getaddrinfo
Check for getnameinfo, gai_strerror, freeaddrinfo
Credit OpenSSH
Check for struct addrinfo
Deprecated get_config_ip and get_config_port
Use struct addrinfo in connection_t to hold all host data such as IP
Changed prototype for lookup_connection to use struct addrinfo
Changed lookup_connection to use struct addrinfo
Removed definitions of ipv4_t, ipv6_t, port_t
Obsoleted all IP<x> types in favor of struct addrinfo
Changed to use struct addrinfo where needed.
get_config_{ip,port} removed.
Don't compile/link netutl.c.
Obsoleted.
Don't include netutl.h.
(re)added port to struct node_t
Added HAVE_STRUCT_ADDRINFO
Added dropin replacements for get*info and helper functions.
First part of rewriting things to use struct addrinfo.
lookup_node_udp changed.
Don't include netutl.h.
route_ipv4 and route_ipv6 replaced by route_ip.
get_config_subnet needs to be fixed.
Fixed silly typo: "np" instead of "no"
Don't include netutl.h.
Conversion to struct addrinfo is almost complete for this file.
Wessel Dankers (1):
make is not always GNU make.
Version 1.0pre4 May 25 2001
------------------------------------------------------------------------
Guus Sliepen (97):
Porting to FreeBSD:
- Added balanced tree management stuff as well. (It is not finished yet.)
- Simplified do_detach
- Removed stray @INCLUDE@ (how did that get there?)
- Fixed searching
- Implemented deletions
- Fix tree head/tail upon insertion
- Fixed a lot of small things. Tested everything except deletions.
- Deletion also works now.
- Small fixes
- Integrate rbl trees into tinc.
- Proper initialization of rbltree structures.
- Various small fixes.
- More fixes.
- Check for NULL tree->delete callback
- Cleaned up and checked for some more NULL pointers in rbl.c
- Write pidfile AFTER detaching...
- No more %as.
- Work with the correct key buffer in ans_key_h
- More porting to FreeBSD and Solaris.
- Fixed all (except 2) compiler warnings gcc -Wall gave.
- #include <stdlib.h> instead of <malloc.h>
- Don't link with -ldl anymore
Another big & bad commit:
- Added Armijn to the list
- Added daemon() replacement.
- Use only one socket for all UDP traffic (for compatibility)
- Don't even think about using sscanf with %as anymore
- AVL tree routines: faster than RBL, and also more stable.
- Doubled size of trace buffer for easier debugging.
- Let user choose whether keys are in the config files or separate
- Updated dutch translation.
- Check and follow symlinks in is_safe_path
- Changed license of AVL tree library to GPL.
- Updated manual pages.
- Updated texinfo manual.
- Typo.
- Changed list routines to give it the same look'n'feel as the rbl and
- Reinstated a queue for outgoing packets.
- Added header file for route.c. The routing routines in it are not used
- Description of protocol and authentication updated.
- It's 2001, all copyright notices are updated.
- Fixed IPv6 subnet lookup routine.
- Added indirectdata and tcponly functionality.
- Squashed another nasty bug.
- Sign was wrong in search_closest_smaller/greater
- Cleaned up subnet_t
- Only send out DEL_HOSTs for hosts with a meta connection
Added sample configuration directory.
- Copy entire sample-config directory to /etc/tinc/example upon installing.
- Allow ASN1 style keys to be in the config files.
FreeBSD compile fixes (thanks to XeF4)
Fix memory leak in avl_insert() if item was already inserted.
Updated dutch translation.
Removed another local definition of the variable "errno"
Added .cvsignore files to get rid of warnings and prevent autogenerated
Ignore file for src/
- Updated CVS_CREATED to remove intl/ directory and some other
Added description of the proposed new authentication scheme.
Corrected check for errors after read() calls.
Add missing \n.
Free node->data and node, not node->data twice.
Copy packets before putting them in the queue.
Encrypt network packets in CBC mode instead of CFB mode.
Implemented new authentication scheme from doc/SECURITY2.
Added process.c to the translated files.
- Make sure METAKEY is smaller than the modulus of the RSA key
Don't forget to reconnect if outgoing connection fails during
- Fixed Interface option (untested)
Removed lots of compiler warnings.
Removed compiler warning.
Various small fixes.
Added explaination of our key exchange using RSA encryption.
- route.c is now used to determine destination
Updated translation.
Added a description of what is going on in net.c and route.c, and how
Fixed a race condition triggered by receive_meta() and the new
Fixed bug in setup_signals() that would make tinc die when unexpected
Ignore alarm signals if we do not need to respond to them.
Check indirectdata option before forwarding certain requests.
Depend on new ssl package and install alias for universal TUN/TAP module.
Correctly cycle through ConnectTo variables.
- s/ip_t/ipv4_t/g
- Make sure correct information is supplied for both old kernels (with
More revisions to the documentation:
Changed URL from kernelnotes.org to linuxdoc.org.
Add randomness to PING/PONG packets to prevent crypto attacks on quiet
Since this is incompatible with some earlier versions, PROT_CURRENT is
All features for 1.0 are implemented now, we just have to check the
Only send key_changed if it was previously requested.
Small fixes:
Small corrections to the manuals.
With recent kernels the tun device file is located in /dev/net.
TCPonly now works (in a relatively clean way too).
Merged PROTOCOL, NETWORK and SECURITY2 with the texinfo manual.
Documents are merged. Now we only need to check the ports and the TCPonly
Fix sample configuration to show keys in PEM format and correct tapdevice.
Ivo Timmermans (88):
Add a check for openssl that accepts explicit file locations.
Identify version as 1.0pre4-cvs
Better checks for OpenSSL. I think it can now detect almost all conceivable installations.
Oops, small error.
Get rid of the annoying empty line
Also check for rand.h and err.h. If any of these files does not
Also check for sha.h.
Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during
Let the output from an executed script in execute_script() go to
List management and manipulation routines.
Keep a list of running children, and in each loop in main_loop(),
Move all process-related functions into process.c.
New function: xmalloc_and_zero, which initialises the allocated memory
Delete struct ifr
Move more functions from tincd.c into process.c.
Use proper prototypes.
Added this release
More function and header checks
Also include process.h
Get rid of all libtool references at once. libtool was only used by
Honor the --localstatedir option to configure, instead of hardcoded /var.
Add more checks to ensure that filedescriptors are right in
Declare fd.
Do not use the C library's daemon() call.
Do not check for the daemon() system call
Do not attempt to retreive ChangeLog information only from the CABAL
Set localstatedir to /var
Use cvs2cl instead of rcs2log to generate the ChangeLog.
Set CFLAGS to -O2 -Wall when running configure
Alter CFLAGS, somehow INCLUDES doesn't propagate properly. Still
Set errno to 0 before trying to kill the other process.
Explain how to tell configure where OpenSSL lives.
Call autogen.sh instead of configure alone; and make cvs-clean instead
Add default tinc-up and tinc-down scripts for a Debian system. These
Updated Spanish translation, provided by Enrique Zanardi.
Give an error message if daemon() failed.
Check for the function strsignal, and define it to "" if it is not
Sort items to either 1.0 or future release goals.
Use sigaction to set signal handlers, the previous commit (1.1.2.16)
Save RSA public and private keys to a separate file, instead of
dropin.c/h contain a set of drop-in replacements for non-standard C
Check for get_current_dir_name. There is a replacement function in
Added a check for a scanf that knows about %as.
Implemented a readline() function that will read an entire line into a
xstrdup now takes a const pointer as an argument.
Use readline() in read_config_file() instead of fgets.
Also free the pointer returned by readline().
Updated Dutch translation
Implemented is_safe_path, and extended ask_and_safe_open.
Read the PEM file pointed to by the configuration directive
The file is safe if it doesn't exist.
In readline(): initialise the line to zero length;
Better error checking when reading the RSA private key.
Avoid printing duplicate messages from read_rsa_keys
New function read_rsa_public_key();
All full stops have two spaces after them. (Silly commit, I know.)
Tagged `Storing private key in separate file' as done.
readline() accepts two extra parameters, buf and buflen, to avoid
Use buffer instead of line in read_config_file(), line may be assigned
Stated that distributing executables linked with OpenSSL is permitted
Include COPYING.README in the distribution.
Added documentation merger
Sort configuration directives
Option -d accepts an argument to set the debug level immediately.
Massive long awaited documentation update. It's not finished yet,
Oops. I did some VERY wrong things with readline(). Fixed now.
Tiny bits of code beautifying
Install a file in /etc/modutils/tinc, containing all necessary aliases
Ported it back to /bin/sh.
Give a warning about having to re-create the keys
Re-introduced MyVirtualIP and VpnMask, as dummy options.
Various small changes.
Include autogen.sh (needed for the Debian package).
Forget router.c
Added lint target, requires lclint.
Fix error reporting of read_config
Set Architecture to `any'
Change version to 1.0pre4
Second draft of the release notes
Merged documentation with various updates I had lying around
Get the Debian changelog up to date
Get the PO files up to date with the current source
Fixed some errors
Distribute the sample config as a .tar.gz
Unpack sample-config.tar.gz when installing
More files to ignore in CVS
tinc_TUNTAP now substitutes the values outside the AC_CACHE_CHECK
Authentication done
Wessel Dankers (1):
Important bugfix in avl_insert_before() and avl_insert_after()
Version 1.0pre3 November 09 2000
------------------------------------------------------------------------
Guus Sliepen (119):
Debian init.d script automatically sets tap device's MTU to 1448 now.
First step for implementation of the "indirectdata" directive. This should
If we have "indirectdata" flag set, we only send data to our uplink.
Large cleanup:
Added CVS Id tags to header files.
- Log possible spoofing attacks.
Hostnames are back!
Hostlookup() is actually being called now.
- More verbose connection list
Fixes some hostlookups. Fixes indirectdata for real now (hopefully).
- Indirectdata finally REALLY REALLY works now!
- Moved all connection messages to debug level 1, without -d's only the
- Fixed KEY_CHANGED notification. A lot of notify_others() calls were
- Fixed indirectdata=no problem
- Improved handling of errors on connection attempts.
- Purge old connections that are ADD_HOSTed.
- Fixes a silly little insignificant buglet.
- Extra check op EINTR bij inlezen requests
- Fixed some spelling errors.
- Fixed missing " in nl.po
- Fixed a message in nl.po
- Added log message when SIGCHLD is received ("thanks" to Ivo van Dong)
- Updated Dutch translation.
- Removed all IP_ADDR_S macros, because gettext doesn't like them. Each
- New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will
- Fixed memory leak.
- Removed segfault bug in conf.c (must have been there for ages!)
- Instead of logging an error when remote end closes the connection,
- Made tinc even more silent if no -d flag is given at all.
- Added documentation for the protocols (most important the meta protocol)
- Removed a single unused bit from status_bits_t.
- Updated PROTOCOL (a bit)
- Forgot to mention ourselves in the tincd manual page! :)
- Added Spanish translation from Enrique Zanardi.
- Updated THANKS file
- Delayed address resolving for ConnectTo lines in configuration file to
- Fixed typo.
- Added experimental hackish tunneling-over-TCP support.
- Lots o' buglets fixed (-Wall helps)
Fixed PACKET read loop.
Removed calling add_queue for tcponly packets.
- Added date/time of build and protocol number to --version output.
- Moved TCP packet reception to meta handler: less kludgy and less buggy!
- Reinstated O_NONBLOCK for meta socket
- Added two extra configuration options, Interface and InterfaceIP, to
Fixed all sprintf() spl01ts.
Ran update-po and updated dutch translation.
Commented on some size calculations.
Updated the manual:
Updated tinc.conf manual.
Fix rules (thanks to Laurence)
- Use strerror() instead of sys_errlist[] for increased portability
- New protocol. Will break everything else for now.
- Added more function skeletons for the new protocol.
- Lots of functions added for the new protocol.
- Some key exchange stuff. (Last commit before going to bed.)
- Fixed modulo in keylength check
- Lots of small changes.
Added document about the used cryptographic algorithms and the reasons
- Included authentication scheme from protocol.c
- Updated authentication scheme.
- Severe code reduction and simplification of challenge requests
- Removed options "string" stuff. It was a bad idea...
- Very detailed example of the authentication phase.
- Added meta.c which contains functions to send, receive and broadcast
- Added subnet handling code
Removing cipher directory (all will be covered by OpenSSL).
Big and bad commit of my current tree...
- Changed genauth to produce rsa keypairs instead of random passphrases.
- Generalized config file parsing to support multiple configuration trees.
- Fixing-things pass: every source file compiles into an object file now,
- Second fixing-things pass: it even links now.
- The daemon actually runs now (somewhat)
Corrected #ifdefs for tun/tap support.
- Fixing little things
- More fixing. Tinc daemons can now even create activated connections.
- Seed the PRNG using /dev/random before generating the keys.
- tinc now really does public/private key encryption! It even works, whee!
- Made Makefile.am stub for doc/es/
- Removed last reference to genauth from Makefile.am
- Fixed all debug levels.
- route.c will contain the routing logic.
- Lots of little stuff modified
- Updated subnet list handling. Subnets are added to two lists now, the
- Lots of small fixes
- Fixed offsets when reading/writing from/to tap device
- Override destination ethernet address on incoming packets with
- Very big cleanup.
- Fixed ans_key_h
- Hit people who can't figure out subnet address/mask pairs with a
- Enforce correct order of authentication requests
- Moved connlist stuff to the proper header file.
- Updated dutch translation.
- Removed old encr stuff
- Small fixes
- Use CFB mode for encrypting packets: it works and we don't need padding.
- Finishing touch: encrypt the meta connections
- Small cleanups
- Fixed some spelling mistakes and terminology here and there.
- Update.
Removed config file parsing and interface setup. This will be handled by
- Removed unused MAC strip/add functions.
- Removed even more warnings.
- Resolve scriptname after fork()
- Removed manpage for no longer existing genauth.
- connlist.c added to translation
- Don't forget to set packet cipher for added hosts.
- Forward keys in hex notation, not as binary data.
- Check for packets that are looping back.
- Simplified ping mechanism.
- Prepended config_ to all configuration option names, because it confused
Changed execution of tinc-up:
- Open UDP connection for all known hosts. Comments please.
Porting to SunOS 5.8:
Porting to SunOS 5.8:
- Fixed --config
- Applied Jamie Brigg's patch (close sockets after error)
- Add Jamie :)
- Make checkpoint tracing a compile time option (off by default)
Ivo Timmermans (77):
Alphabetized the list, added Lubom�r Bulej, removed Sander Smeenk and Tijs van Bakel, put merits after all names.
Don't touch VPNMASK if it's defined, otherwise use $MSK.
These files are created by gettextize (run by autogen.sh) (should have known that).
Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries.
Merge changes from 1.6-1.8.
Configuration directive `IndirectData'.
Changed version number to 1.0pre3.
Version 1.0pre3.
Removed Free Software Foundation copyright, because Guus Sliepen contributed significantly.
Oops, and mention Guus too.
Include the Spanish translation in the distribution/build process.
(Quoting Laurence Lane:)
Also chomp $VPNMASK
Added a rule to create an rpm
Changed CVSROOT path in `make ChangeLog'
Link with OpenSSL crypto libraries instead of own blowfish library
Updated text, removed protocol flowchart
Include openssl/blowfish.h
Support for -lsocket and -lnsl on SunOS
Correct filenames for passphrases given in the example
Add Guus' name and shift out old protocol requests
Better checks for SunOS libraries
Added some structures and types that are needed for the overhaul.
New directive: Name.
First round of needed fixes after the overhaul
Second round of fixes
Added Spanish translation of the docs by Matias Carrasco
Many updates, parts rewritten, added, shuffled around.
Link with OpenSSL, forget libGMP
Updated new requirements, pointers to the manual
Don't look for GMP header files
Update Depends lines to reflect the dependencies on OpenSSL
Fix `Requirements'-section for GMP and OpenSSL libraries.
Add CVS id lines
Add checks for the presence of the universal tun/tap device driver.
Wrap the tun/tap code in #ifdef HAVE_TUNTAP
Linearized checks for if_tun.h
Really #include the if_tun.h files now
Output doc/es/Makefile
Process subdir es/
Don't declare cp_file and cp_line in xmalloc()
Get the head revision up to date with cabal
Changed changelog
Include linux/sockios.h and net/if.h anyway, regardless of the value of HAVE_TUNTAP.
read_server_config: Check for result of read_config_file.
Oops, echelon change committed to cabal... :)
Skip the check for Linux kernel sources
This file is no longer needed.
- Synchronized changelog with the package's changelog.
Do not include $(top_srcdir)/cipher, it does no longer exist.
Added a perl example to turn an IP address into a MAC address.
Only check for linux/if_tun.h once
Changed `I' to `We' - small change, lots of difference :)
More exhaustive list of changes - perhaps it can be worded differently?
Change wsl to Wessel's name and email address in the ChangeLog creation
Mention fileutils, add a pointer to THANKS for more details
Changed a few messages wrt. system calls; updated and changed the Dutch translation a bit.
Don't include shlibs, as it no longer exists.
Oops, and include doc-base.tinc (new file).
- If necessary, patch po/Makefile.in from po-Makefile.in.in.diff to
Minor cosmetic change.
Save the environment on startup.
Run the scripts tinc-up and tinc-down from a separate function, which
Warnings removal pass: always include config.h first; add a few
Small change to the way the environment is copied.
Use putenv() instead of clumsy do-it-yourself in execute_script.
Do not include the passphrases directory
In execute_script:
Add route.c to the list of source files.
Updated Dutch translation
Build-depends on libtool
Build-Depends on gettext
Final release notes added, also edited release notes for 1.0pre2 to what the announcement on the mailing list looked like.
Wrapped text to 70 (72?) columns for easy reading
Bop version number to 1.0pre3-1
Updates, updates
Add prototype for destroy_queue
Wessel Dankers (3):
File added to CABAL (hopefully)
Grrr, recommit
Added architecture section, made a start with the kernel section.
Version 1.0pre2 May 31 2000
------------------------------------------------------------------------
Ivo Timmermans (56):
Deleted the protocol description.
Perl version of the system startup script.
Only print an error with send_termreq if debug_lvl is 2 or more.
Add check for mpz_powm in libgmp3.
Version 1.0pre1-0.1.
Changed version to 1.0pre2.
Give IP address instead of hex number when connecting tcp socket failed.
Add shlibs control file for the blowfish library.
Inserted useful content.
Add initscript, tincd->tinc.
Add description, better dependancies.
Mention both upstream authors.
tincd->tinc
.deb version number 1.0pre2-0.4.
Updated to newer version.
Exit with zero status if is empty.
Unlimited length in the config file, thanks to Cris van Pelt.
Depend on perl5.
*** empty log message ***
Look if the tap devices exist before bluntly remaking them.
Use the new VpnMask directive to add a route to the rest of the VPN.
This file is generated with dpkg-buildpackage.
Read /etc/tinc/nets.boot to find the networks that have to be started.
Create a default /etc/tinc/nets.boot after installation, containing all directories under /etc/tinc by default.
Version 1.0pre2-0.3
Don't distribute the file files.
Find networks in instead of .
Include postinst in the distribution.
Errors will not terminate the script or result in a nonzero exit code.
Updated copyright notice.
Fixed typo.
Mask the vpn net with the vpn netmask, route would give an error if the netmask didn't match the net.
When VpnMask is not present in the config file, silently use $MSK as vpnmask.
Add an example of using VpnMask.
Use /etc/tinc/example as a base directory for an example. /etc/tinc/example/README points to /usr/share/doc/tinc/README.Debian.
Create an empty /etc/tinc/nets.boot.
Updated by Lubomir Bulej and Mads Kiilerich: it uses /etc/tinc/nets.boot and the VpnMask directive in the config files.
Internationalization of tinc.
Include intl/ directory in the list of subdirs.
Include system.h and ABOUT-NLS.
Update acconfig.h to include values for gettext inclusion.
Include GNU gettext checks.
Define LOCALEDIR in CFLAGS.
Dutch translation of tinc.
Bounds check for request id (between 0 and 255).
Updated changes list for version 1.0pre2.
Added new configuration directive `Hostnames', which controls the resolving of IP addresses to hostnames.
When a connection is terminated, all hosts that are still connected get notified of the lost connections.
In terminate_connection, only send a notification to hosts that are directly connected to us. (DEL_HOST gets forwarded automatically.)
Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients.
Include news for 1.0pre2.
Tell about /etc/tinc/nets.boot.
Updated Dutch translation.
Version 1.0pre2-1.
Handle locale settings.
Miscellaneous copyright updates.
Guus Sliepen (16):
Proxymode removed.
Cleanups.
Changed ping behaviour (backwards compatible). If we don't have any data
Fixed typos.
Test for existence of configured tinc networks. This will also make
Stub for VpnMask config directive.
TODO file reinstated:
VpnMask truely works now.
Typo.
Fixed last typo. Init.d now uses ifconfig command to set both the tap's IP
Documentation updates. Removed all references to configuration variable
Fix for a DoS attack:
Fixed typos. When terminating a connection, it's status is not only set to
Made tinc persistent. If no outgoing connection can be established right
Terminate a connection on any error. Furthermore, disallow del_host,
Only activate a connection upon receiving it's public key if it's an
Version 1.0pre1 May 08 2000
------------------------------------------------------------------------
Ivo Timmermans (84):
Get rid of the message `zxnrbl\'.
Upon regeneration, free the old encryption key `securely\' by overwriting it.
Kill the parent after any error conditions in detach().
Ignore SIGCHLD.
New option -D, don't detach.
Moved to version number 1.0.
Only one round of reading bits out of urandom;
Pass the requested size from xmalloc() and xrealloc() on to xalloc_fail_func()
Check for an illegal length of passphrase in read_passphrase().
Check if stdout is a terminal, if so, print a verbose message.
Default passphrase length of 1024, added -h/--help options.
Submitted by Mads Kiilerich.
New manpage for genauth.
Updated manpages.
Address for bugreports changed to tinc@nl.linux.org.
Include the directory redhat in the build process.
Include genauth.8 in the distribution.
Submitted changes by Mads Kiilerich.
A short notice from Mads Kiilerich.
Keep make dist(dir) happy.
Added cvs-clean.
These files are not needed in release 1.0.
Don't compile in `idea'.
Don't include idea/idea.h.
Don't try to create cipher/idea/Makefile.
The shell script autogen.sh can create all these removed files, but be
s/Gnome/tinc/g
This file is obsolete, most of the ideas are already in echelon.
Remove check for bigendianness.
Don't define HAVE_NAMESPACES and HAVE_STL.
Use `make ChangeLog' to create this file from the CVS logs.
Remove test for GNOME.
Changes largely from Mads Kiilerich.
Added Mads Kiilerich, removed Guus Sliepen.
*** empty log message ***
Generate this Makefile.am from Makefile.am.in.
Contributed by Mads Kiilerich.
Spelling fixes.
Delete all the files that are created by autogen.sh on a `make cvs-clean'.
Propagate CFLAGS from configure to gcc.
Don't include TODO in the dist.
Remove ChangeLog with a `make cvs-clean'.
Initial CVS.
*** empty log message ***
Create a ChangeLog file, automake requires it.
*** empty log message ***
Debug level tweaking.
From Mads Kiilerich.
The make command is in /usr/bin.
Add an entry to dir.
Omit TODO.
Version to 1.0pre1;
Filled in the details, license from libblowfish copied.
Updated version number to 1.0.
Default config file name is tinc.conf, and pidfile is tinc.pid.
More updates wrt. the change from tincd->tinc.
Added `deb' target.
Filled up the protocol structs with unused bytes.
Got rid of the nasty hacks... and replaced it by another one.
Initially, the vpn_mask of a connection is 255.255.255.255 to avoid confusion with lookup_conn.
Replaced check for status.active by status.dataopen in check_network_activity.
New way of handling the meta protocol.
Read public keys the right way (tm).
Removed debug messages.
Read one less byte from an ANS_KEY request.
Send one less byte from an ANS_KEY request.
Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility.
Key forwarding, write one byte extra.
Committed by Lubom�r Bulej.
Updates by Mads Kiilerich.
Committed by Mads Kiilerich.
Fixed meta protocol.
More tincd->tinc updates.
Mentioned new metaprotocol.
Fix a typo, better handling of the info document. (from Mads Kiilerich)
Don't use error.h or error(), put #error in front of cpp errors.
getopt_long() support for platforms that don't have it.
Include stdio.h for fprintf.
More for getopt support.
Check for the existance of libdl.
Don't link in libdl.
Include sys/types.h.
Copied most of the code from the redhat script.
Added semicolons required by bash2 (Mads Kiilerich).
Guus Sliepen (18):
Added extra checks for desynchronized connection lists. Hopefully this will
Bug found! Wrong pointer was used for handling multiple ADD_HOST requests
Added checkpoints to beginning and ending of every function.
Packet queues fixed. They caused the trouble when resending keys.
Fixed typo and removed some unnecessary variables.
When trying to talk to a host that is in the netmask of a tinc server but
Converted every &variable[0] to variable.
Cleanups:
Removed write_n() function.
Oops! Reference to write_n() removed and changed into neat write() call.
Meta protocol overhaul. Tinc is now incompatible with previous versions,
Fixed small mistake that would prevent forwarding requests.
Previous fix fixed. Meta protocol should be really flawless from now on!
Replaced sprintf() by safer snprintf(), removed possible buffer overflow
Outgoing packets now use network byte order in header.
Fixes typo and UDP network byte order.
Squashed gcc warning.
Added new config variable "ProxyMode". If enabled, all outgoing packets
|
