chiark / gitweb /
6 years agokeys/ Only warn if all master keys are expired.
Mark Wooding [Fri, 12 Jul 2013 09:32:11 +0000 (10:32 +0100)]
keys/ Only warn if all master keys are expired.

Otherwise you get pestered throughout the rollover period.

6 years agoUse the new mLib macros for discarding uninteresting error codes.
Mark Wooding [Sat, 22 Jun 2013 16:09:05 +0000 (17:09 +0100)]
Use the new mLib macros for discarding uninteresting error codes.

6 years agoclient/tripectl.c: Fix stupid format-string bugs.
Mark Wooding [Sat, 22 Jun 2013 16:08:15 +0000 (17:08 +0100)]
client/tripectl.c: Fix stupid format-string bugs.

Possibly exploitable, but tripe's admin interface isn't usually a
security boundary.

6 years agodebian/control: Fix `pkstream' dependency on `fwd'.
Mark Wooding [Sat, 22 Jun 2013 14:55:06 +0000 (15:55 +0100)]
debian/control: Fix `pkstream' dependency on `fwd'.

It hasn't been called `fw' for many years.

6 years agoUse the new `mLib' annotations on varargs functions.
Mark Wooding [Sat, 22 Jun 2013 14:37:36 +0000 (15:37 +0100)]
Use the new `mLib' annotations on varargs functions.

This caught a couple of bugs just fixed.

6 years agoUpdate dependencies on mLib.
Mark Wooding [Sat, 22 Jun 2013 14:49:32 +0000 (15:49 +0100)]
Update dependencies on mLib.

6 years agoFix some format and other varargs errors.
Mark Wooding [Sat, 22 Jun 2013 14:33:03 +0000 (15:33 +0100)]
Fix some format and other varargs errors.

6 years agodebian: Drop CDBS in favour of plain Debhelper.
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)]
debian: Drop CDBS in favour of plain Debhelper.

6 years Some random formatting tweaks.
Mark Wooding [Sun, 2 Jun 2013 14:49:39 +0000 (15:49 +0100)] Some random formatting tweaks.

6 years `Better' broken attempt to find Wireshark plugin dir.
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)] `Better' broken attempt to find Wireshark plugin dir.

In that it actually succeeds on at least one system.

6 years agoserver/ Awk string indexing starts at 1.
Mark Wooding [Wed, 19 Jun 2013 18:58:17 +0000 (19:58 +0100)]
server/ Awk string indexing starts at 1.

Mawk returns a string of length n - 1 if you ask for `substr(s, 0, n)'.
This causes mismatches in the filter which is supposed to remove
spurious warnings, resulting in spurious test failures.

6 years agoserver/tun-slip.c: Fix signed/unsigned char mismatch.
Mark Wooding [Wed, 19 Jun 2013 09:31:20 +0000 (10:31 +0100)]
server/tun-slip.c: Fix signed/unsigned char mismatch.

6 years agoinit/tripe.conf: Fix erroneous variable `mode' instead of `sockmode.'
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)]
init/tripe.conf: Fix erroneous variable `mode' instead of `sockmode.'

6 years agoserver: Compare MAC tags in constant time. 1.0.0pre13
Mark Wooding [Mon, 27 May 2013 21:59:19 +0000 (22:59 +0100)]
server: Compare MAC tags in constant time.

This fixes a timing attack.  If an adversary can watch the timestamp on
the server's log, then it might be possible to determine how much of a
forged packet's MAC is invalid, and thereby figure out one byte at a

This requires the new constant-time comparison function in Catacomb, so
update the dependencies.

This is release 1.0.0pre13.

6 years agopy/ Sort out the `SelIOWatcher.iterate' commentary.
Mark Wooding [Sun, 19 May 2013 18:36:52 +0000 (19:36 +0100)]
py/ Sort out the `SelIOWatcher.iterate' commentary.

It's not strictly true that `SelIOWatcher.iterate' isn't used by
`TripeCommandDispatcher', because the latter's `mainloop' method calls
it; but that's not something you need to care about unless you're also
using the service implementation framework.

6 years agopy/ More-or-less consistent quoting in docstrings.
Mark Wooding [Sun, 19 May 2013 18:25:18 +0000 (19:25 +0100)]
py/ More-or-less consistent quoting in docstrings.

6 years agopy/ Complete the docstring for `TripeCommandDispatcher'.
Mark Wooding [Sun, 19 May 2013 18:24:34 +0000 (19:24 +0100)]
py/ Complete the docstring for `TripeCommandDispatcher'.

6 years agoMerge branch 'master' of
Mark Wooding [Sat, 4 May 2013 21:47:33 +0000 (22:47 +0100)]
Merge branch 'master' of

* 'master' of
  server/keymgmt.c: Refactor key loading.

6 years agoserver/keymgmt.c: Refactor key loading.
Mark Wooding [Wed, 17 Apr 2013 19:51:01 +0000 (20:51 +0100)]
server/keymgmt.c: Refactor key loading.

The old code was rather formulaic and ripe for some abstraction.  The
new version is built out of some slightly hairy macros; the prototype is
in `udpkey'.  There is a small reduction in the raw size of the code,
but the main benefit is the better factoring.

Setting up of the public key slot `kd->kpub' is now done by the
individual methods rather than in `loadpriv'.  This makes it possible to
keep the on-error-cleanup code common between the private and public
key-loading methods, so we only need a single copy of the boilerplate.
There's still only one copy of this code in the source.

6 years agokeys/: New `check' command to remind about keys about to expire. 1.0.0pre12.2
Mark Wooding [Thu, 7 Feb 2013 10:27:51 +0000 (10:27 +0000)]
keys/: New `check' command to remind about keys about to expire.

This is version 1.0.0pre12.2.

6 years agodebian: Get Wireshark version from the right place. 1.0.0pre12.1
Mark Wooding [Sat, 12 Jan 2013 22:32:29 +0000 (22:32 +0000)]
debian: Get Wireshark version from the right place.

This is version 1.0.0pre12.1.

6 years agoExplicit close-down notifications. 1.0.0pre12
Mark Wooding [Sat, 5 Jan 2013 07:52:43 +0000 (07:52 +0000)]
Explicit close-down notifications.

Suppose I have a mobile device, and I roam from one peer to another in
the same organization.  The old peer will continue to believe that I'm
connected through it until it notices, some time later, that pings
aren't getting through to me; it will therefore be sending packets to me
through its broken tunnel.  Suppose further that the organization is
using some dynamic routing protocol in order to propagate information
about how packets to me ought to be routed: then, this old peer will be
continuing to advertise its broken route to me, and all hosts closer to
the old peer than the new one will use the wrong route, until the
connection gets pinged out.

We can fix this by having the mobile peer send some explicit
notification.  It doesn't have to be completely reliable, fortunately.
This change touches a fair few pieces of the code, but in simple ways.

  * `connect' grows a new command to map a user name to a peer name.

  * `watch' grows the ability to issue a `disconnect' command.

  * The default `' file passes an explicit argument in its
    `connect' SSH rune, and adds a `disconnect' rune with a different
    action argument.

  * The contributed `knock' script knows about these new actions, and
    how to pass them about.  This is pretty much a rewrite, but it was a
    very simple program before.

6 years agosvc/conntrack{,.8}.in: Better diagnostics.
Mark Wooding [Sat, 15 Dec 2012 19:16:22 +0000 (19:16 +0000)]
svc/conntrack{,.8}.in: Better diagnostics.

Add some debugging output, and improve the notifications.  I recently
had a problem which I thought might have been conntrack misbehaving, but
I couldn't tell.  It turns out that conntrack was innocent, but this
will help in future cases.

6 years agosvc/ Insert missing dedent in notification list.
Mark Wooding [Sat, 15 Dec 2012 19:15:57 +0000 (19:15 +0000)]
svc/ Insert missing dedent in notification list.

6 years agoRelease 1.0.0pre11.1. 1.0.0pre11.1
Mark Wooding [Sat, 15 Dec 2012 14:14:47 +0000 (14:14 +0000)]
Release 1.0.0pre11.1.

6 years agoserver/admin.c, server/ Fix PEERINFO segfault.
Mark Wooding [Sat, 15 Dec 2012 13:40:57 +0000 (13:40 +0000)]
server/admin.c, server/ Fix PEERINFO segfault.

It's allowed for p_privtag to return null, so just trying to print it is
a bad idea.  This introduces a protocol change, since there is no single
tag chosen in the absence of `-priv' or `-t' options -- instead, there's
a search list; this is represented with the special tag `(default)'.

6 years agoserver/keymgmt.c: Fix warning message to match documentation.
Mark Wooding [Sat, 15 Dec 2012 14:10:42 +0000 (14:10 +0000)]
server/keymgmt.c: Fix warning message to match documentation.

6 years agoserver/ Document `-priv' option to ADD command.
Mark Wooding [Sat, 15 Dec 2012 14:11:41 +0000 (14:11 +0000)]
server/ Document `-priv' option to ADD command.

This should have been added as part of fe2a5dcf...

6 years Fix include path tweaking.
Mark Wooding [Tue, 16 Oct 2012 19:08:37 +0000 (20:08 +0100)] Fix include path tweaking.

For some reason, the include directories were set in CPPFLAGS rather
than AM_CPPFLAGS, which is just a mistake.

Also, astonishingly, the makefile botched adding $(top_builddir)/config
to the include path.  This obviously never worked.  Fortunately,
Automake magically included the correct path by itself, so just remove
the embarrassing mistake and pretend it never happened.

6 years, Build pathmtu unconditionally.
Mark Wooding [Tue, 16 Oct 2012 00:35:41 +0000 (01:35 +0100)], Build pathmtu unconditionally.

It's notionally portable nowadays, so shouldn't be restricted to Linux

7 years agodebian/changelog: Prepare for release. 1.0.0pre11
Mark Wooding [Wed, 21 Mar 2012 16:25:08 +0000 (16:25 +0000)]
debian/changelog: Prepare for release.

7 years agoMerge branch 'mdw/multi-priv'
Mark Wooding [Tue, 18 Sep 2012 02:32:53 +0000 (03:32 +0100)]
Merge branch 'mdw/multi-priv'

* mdw/multi-priv:
  server/, t/keyring-*: New tests for key management.
  Allow different peer associations to use different private keys.
  server: Use the new kdata system.
  server/{keymgmt.c,tripe.h}: Unify public and private key handling.
  server/keyexch.c: Prefix crypto-details trace messages correctly.
  server/{keymgmt.c,}: Improve key-management errors.
  admin.c (a_format): New function formats token sequences to strings.


7 years agoMerge branch 'mdw/backoff'
Mark Wooding [Tue, 18 Sep 2012 02:30:28 +0000 (03:30 +0100)]
Merge branch 'mdw/backoff'

* mdw/backoff:
  server/ Test key exchange and retransmit with a flaky network.
  server/ Add a retry loop in `COMMS_EPING'.
  proxy: Add a `drop' filter to randomly discard packets.
  server/keyexch.c: Randomized exponential retransmit backoff.
  server/keyexch.c: Use high-resolution `struct timeval' timers.
  server/{keyexch.c,keyset.c}: Eliminate `ks_tregen'.
  server/{keyexch.c,keyset.c}: Move timing parameters to tripe.h.


7 years agopathmtu/pathmtu.c: Fix search algorithm.
Mark Wooding [Mon, 17 Sep 2012 13:31:08 +0000 (14:31 +0100)]
pathmtu/pathmtu.c: Fix search algorithm.

Turns out I can't write a binary search algorithm.  Fiddle with it so
that it doesn't get stuck sometimes.  Some of the bounds management is a
little tricky, so add some documentation and assertions to make sure
that everything is as expected.

7 years agoserver/, t/keyring-*: New tests for key management.
Mark Wooding [Thu, 26 Jan 2012 00:09:25 +0000 (00:09 +0000)]
server/, t/keyring-*: New tests for key management.

Ensure that everything works when different peer associations use
different private keys, and when the keys, algorithms and groups change
under our feet.

This involves adding a new peer to the keyrings, and inventing a new
keyring.  More interestingly, it also involves plumbing together a
network of three peers, which is where the earlier refactoring of the
test communications machinery pays off.

7 years agoAllow different peer associations to use different private keys.
Mark Wooding [Wed, 25 Jan 2012 23:49:47 +0000 (23:49 +0000)]
Allow different peer associations to use different private keys.

Add a `peertag' slot to the `peerspec' structure stating which private
key to use; a null pointer means to use the default `tag_priv'.  Add a
`p_privtag' function to retrieve the private key tag to use.

The ADD command now has a `-priv' option which sets this slot
appropriately.  The `connect' service fetches a `priv' key. from the
database to set this option.

7 years agoserver: Use the new kdata system.
Mark Wooding [Wed, 25 Jan 2012 23:18:20 +0000 (23:18 +0000)]
server: Use the new kdata system.

Challenges use the algorithms associated with the master key.  This will
continue to be the case, since there isn't a specific private or public
key to associate with the challenge.

It looks like the keyexch subsystem has been turned upside-down, but
apart from the initialization and key refresh it's all just a matter of
adding the necessary indirections into group and algorithm lookups.

Since algorithms are now (logically, at least) distinct for different
peer associations, allow a `peer' argument to the ALGS command, and pass
the correct information to the ifup script so that it can calculate the
MTU properly.

At this point, we no longer need the compatibility interface in keymgmt,
so remove it, and the molly-guard preventing updates to the master key.

7 years agoserver/{keymgmt.c,tripe.h}: Unify public and private key handling.
Mark Wooding [Wed, 25 Jan 2012 10:30:11 +0000 (10:30 +0000)]
server/{keymgmt.c,tripe.h}: Unify public and private key handling.

We introduce a new `kdata' object which represents a particular instance
of a key and remembers all sorts of useful things about it including its
name, associated algorithms, and so on.  It can represent either a
public or private key, since the only difference is whether it has a
private scalar.  These kdata objects are reference counted and exposed
to callers, though the old interface is, for now, retained for

Internally, the private/public split is pushed quite far down using a
`keyhalf' structure to keep track of the differences between the two

There's a layer of caching and continuity management.  Each key tag maps
to a `knode' object which represents all the versions (i.e., different
kdata representations) of that key, and allows you to find the current
version.  A kdata object has a reference back to its home knode.

Since private keys are handled (mostly) in the same way as public keys,
there can also be multiple versions of private keys, and multiple
different private keys.  The code maintains a `preferred' private key,
and exports a pointer to its kdata as `master'.

As mentioned, there are some compatibility interfaces in place at the
moment, which maintain the old global key information and prevent
inconsistencies.  For example, currently the `master' kdata is only
allowed to advance if its group matches the previous one.  The plan is
to remove this global information, and allow peers to use different
versions of different private keys; peers will be responsible for
ensuring the consistency of the keys they use, and will be able to do
this without interfering with each other.

7 years agoserver/keyexch.c: Prefix crypto-details trace messages correctly.
Mark Wooding [Wed, 25 Jan 2012 00:43:14 +0000 (00:43 +0000)]
server/keyexch.c: Prefix crypto-details trace messages correctly.

7 years agoserver/{keymgmt.c,}: Improve key-management errors.
Mark Wooding [Wed, 25 Jan 2012 00:31:28 +0000 (00:31 +0000)]
server/{keymgmt.c,}: Improve key-management errors.

Many of the errors are rather vague and not well documented.  Overhaul
the way that errors are reported and propagated in the keymgmt subsystem
and document all of the various error conditions in detail.

7 years agoadmin.c (a_format): New function formats token sequences to strings.
Mark Wooding [Tue, 24 Jan 2012 02:00:38 +0000 (02:00 +0000)]
admin.c (a_format): New function formats token sequences to strings.

This will be useful for building fragments of messages to be assembled
by higher-level functions.

7 years agoserver/peer.c, server/ Handle NAT swapping over peer addresses.
Mark Wooding [Mon, 7 May 2012 13:37:05 +0000 (14:37 +0100)]
server/peer.c, server/ Handle NAT swapping over peer addresses.

Previously, we'd notice when a mobile peer switched address (e.g., due
to NAT) to one that wasn't currently known; but it seems that some
particularly awful NAT boxes will actually swap over the addresses
assigned to two peers on the wrong side of it.  The static hub peer will
see this as a bunch of decryption failures but not do anything about
it.  Eventually the mobile peers will notice a ping timeout and
reconnect, but this can take a while.

So, when we get a decryption failure from a mobile peer, see whether any
other mobile peers are interested in it.

7 years agopkstream/pkstream.c: Have `-b' affect the listening mode too.
Mark Wooding [Mon, 7 May 2012 12:31:44 +0000 (13:31 +0100)]
pkstream/pkstream.c: Have `-b' affect the listening mode too.

7 years agoserver/, t/keyring-*: Handle three-party tests.
Mark Wooding [Mon, 7 May 2012 11:42:12 +0000 (12:42 +0100)]
server/, t/keyring-*: Handle three-party tests.

This involves a new Autotest macro WITH_3TRIPES and a new party in each
of the keyrings.

7 years agoserver/, t/keyring-*: Rename test keyrings.
Mark Wooding [Thu, 26 Jan 2012 00:04:09 +0000 (00:04 +0000)]
server/, t/keyring-*: Rename test keyrings.

We're going to be playing games with these which will change which
groups they use, so naming them after the groups is silly.

Also switch the prime group to use a smaller field (catacomb-ll-160-1024
specifically) because the primality checking takes ages and we don't
actually need any security.

7 years agoserver/peer.c: Handle mobile peers switching addresses.
Mark Wooding [Mon, 7 May 2012 11:29:33 +0000 (12:29 +0100)]
server/peer.c: Handle mobile peers switching addresses.

Previously, we would track a mobile peer if it changed its address to
one that wasn't currently in use by any peer; but it seems that some
benighted NAT boxes will actually mix up the addresses assigned to
active peers, so we must spot the decryption errors and try to match
them up again.

7 years agoserver/peer.c: Delay updating peer stats.
Mark Wooding [Sun, 6 May 2012 23:31:03 +0000 (00:31 +0100)]
server/peer.c: Delay updating peer stats.

Previously we'd update as soon as we'd found a peer, but that's not
quite right.  We're going to have p_decrypt change our mind about which
peer this if we get a decryption error, so it'd be bad if we'd
prematurely updated the wrong peer.

7 years agoserver/peer.c: Only scan mobile peers when source address is unknown.
Mark Wooding [Sun, 6 May 2012 23:27:20 +0000 (00:27 +0100)]
server/peer.c: Only scan mobile peers when source address is unknown.

7 years agocontrib/ Login script for establishing dynamic associations.
Mark Wooding [Wed, 25 Apr 2012 20:14:16 +0000 (21:14 +0100)]
contrib/ Login script for establishing dynamic associations.

7 years agocontrib/README: Fix missing description of the `greet' tool.
Mark Wooding [Wed, 25 Apr 2012 20:10:50 +0000 (21:10 +0100)]
contrib/README: Fix missing description of the `greet' tool.

7 years agoinit/ Look for the socket in the correct place.
Mark Wooding [Wed, 25 Apr 2012 20:09:38 +0000 (21:09 +0100)]
init/ Look for the socket in the correct place.

If TRIPESOCK is a relative name then the script would look for it
relative to the current directory rather than the correct TRIPEDIR

7 years agocontrib/ Grotty script to send a TrIPE greeting packet.
Mark Wooding [Mon, 23 Apr 2012 17:11:11 +0000 (18:11 +0100)]
contrib/ Grotty script to send a TrIPE greeting packet.

Useful for testing.

7 years agoinit/ Install `tripe.conf' as data, not executable.
Mark Wooding [Mon, 23 Apr 2012 17:07:01 +0000 (18:07 +0100)]
init/ Install `tripe.conf' as data, not executable.

7 years agoserver/peer.c: Fix `unknown-category' message.
Mark Wooding [Mon, 23 Apr 2012 17:06:12 +0000 (18:06 +0100)]
server/peer.c: Fix `unknown-category' message.

A missing comma caused adjacent-string-literal pasting.

7 years agosvc/ Fix startup scan to initialize unwatched connections.
Mark Wooding [Mon, 23 Apr 2012 16:49:30 +0000 (17:49 +0100)]
svc/ Fix startup scan to initialize unwatched connections.

There's no point defining connection parameters for a peer unless
something's going to act on them, and that something is watch(8).  On
startup (the `--startup' switch), we're meant to notice existing peers
(probably established by connect(8)) and ensure that they're set up
properly.  This initial pass over the peer list is done by
Pinger.rescan, which /usually/ is interested only in watched peers that
need pinging.  It therefore ignores unwatched peers, with the result
that pre-existing unwatched peers are left unconfigured.  Subsequent
peers are detected through the notification mechanism and processed by
the addpeers function which works correctly.

Now, if startup is set, Pinger.rescan tracks all peers and invokes
addpeer on them.

The code relies on the fact that a startup scan is done only once, when
the peer list is empty.  Otherwise it'll reconfigure existing peers,
which is probably a mistake.

7 years agosvc/ Add some debugging output to the `rescan' function.
Mark Wooding [Mon, 23 Apr 2012 16:45:48 +0000 (17:45 +0100)]
svc/ Add some debugging output to the `rescan' function.

Slightly easier to keep track of what's going on.

7 years agodebian/rules: Throw the contrib scripts into `examples'.
Mark Wooding [Fri, 16 Mar 2012 09:47:50 +0000 (09:47 +0000)]
debian/rules: Throw the contrib scripts into `examples'.

7 years agosvc/ Explicitly tag routes as `static'.
Mark Wooding [Thu, 22 Mar 2012 00:28:59 +0000 (00:28 +0000)]
svc/ Explicitly tag routes as `static'.

Otherwise BIRD, in particular, ignores the routes, which is a shame
because we'd ideally like it to propagate them.

7 years agopeerdb/ Set passive peers as mobile by default.
Mark Wooding [Wed, 21 Mar 2012 21:41:11 +0000 (21:41 +0000)]
peerdb/ Set passive peers as mobile by default.

7 years agosvc/ Bring up the interface before adding routes.
Mark Wooding [Wed, 21 Mar 2012 19:04:27 +0000 (19:04 +0000)]
svc/ Bring up the interface before adding routes.

It doesn't work the other way around.  Except when I was testing it, for
some reason.

7 years agoserver/ Test key exchange and retransmit with a flaky network.
Mark Wooding [Wed, 1 Feb 2012 22:56:55 +0000 (22:56 +0000)]
server/ Test key exchange and retransmit with a flaky network.

Aha!  A use for `tripe-mitm'!

7 years agoserver/ Add a retry loop in `COMMS_EPING'.
Mark Wooding [Wed, 1 Feb 2012 22:55:57 +0000 (22:55 +0000)]
server/ Add a retry loop in `COMMS_EPING'.

We will want to test this in the context of an unreliable network later.

7 years agoproxy: Add a `drop' filter to randomly discard packets.
Mark Wooding [Wed, 1 Feb 2012 21:29:56 +0000 (21:29 +0000)]
proxy: Add a `drop' filter to randomly discard packets.

I'm surprised there wasn't one of these already.

7 years agoserver/keyexch.c: Randomized exponential retransmit backoff.
Mark Wooding [Wed, 1 Feb 2012 21:13:01 +0000 (21:13 +0000)]
server/keyexch.c: Randomized exponential retransmit backoff.

Rather than retrying after a constant delay, increase the delay by a
constant factor.  We now start with a smaller retransmit interval, and
cap at a fairly long wait.  Also introduce a random `wobble'
proportional to the delay in order to prevent a server being hammered by
a swarm of clients acting in unison if it comes back after an outage.

7 years agoserver/keyexch.c: Use high-resolution `struct timeval' timers.
Mark Wooding [Wed, 1 Feb 2012 21:10:56 +0000 (21:10 +0000)]
server/keyexch.c: Use high-resolution `struct timeval' timers.

7 years agoserver/{keyexch.c,keyset.c}: Eliminate `ks_tregen'.
Mark Wooding [Wed, 1 Feb 2012 21:04:30 +0000 (21:04 +0000)]
server/{keyexch.c,keyset.c}: Eliminate `ks_tregen'.

Instead, compute the regeneration time directly.

7 years agoserver/{keyexch.c,keyset.c}: Move timing parameters to tripe.h.
Mark Wooding [Wed, 1 Feb 2012 20:59:31 +0000 (20:59 +0000)]
server/{keyexch.c,keyset.c}: Move timing parameters to tripe.h.

Now everyone can use them.

7 years agopathmtu/pathmtu.{c,}: New algorithms for path-MTU discovery.
Mark Wooding [Wed, 21 Mar 2012 16:05:00 +0000 (16:05 +0000)]
pathmtu/pathmtu.{c,}: New algorithms for path-MTU discovery.

Implement path-MTU discovery using raw sockets rather than Linux's fancy
socket options.  This should improve portability to other systems.

This involves splitting the logic which chooses probe sizes and
determines the resulting MTU from the underlying machinery which
manufactures packets and collects results.

7 years agosvc/ Don't track the local IP address any more.
Mark Wooding [Mon, 27 Jun 2011 13:47:04 +0000 (14:47 +0100)]
svc/ Don't track the local IP address any more.

If we need to change the peer name, we still need a full renegotiation;
otherwise we can let the mobile-peer machinery deal with us.  This will,
with a little luck, result in a smoother handover when a mobile peer
roams between networks (or gets screwed by NAT).

7 years agoNew peer option `-mobile': follow rapid IP address and port changes.
Mark Wooding [Mon, 27 Jun 2011 02:26:00 +0000 (03:26 +0100)]
New peer option `-mobile': follow rapid IP address and port changes.

Mobile devices on 3G networks can change apparent IP address and port
numbers rapidly.  If any peer has the `-mobile' flag (PSF_MOBILE) set,
and a MSG_PACKET message arrives from an unexpected source, see if any
of the `-mobile' peers can decrypt it: if so, update the peer's address
rather than rejecting the packet.

This is inefficient because it involves a linear search of the peer
list.  If this turns out to be a problem, we can make some protocol
changes (e.g., inserting a peer hint into the packet) later.

Note that an adversary can deny service by capturing legitimate packets
from a mobile source and sending them on with a different address.  The
peer will assume that the target's address has changed.  But to make
this work effectively, the adversary's packet has to reach the target
before (or instead of) the legitimate one, or else the bogus packet will
be rejected for having a duplicate sequence number.  The next packet
received unmodified from the source will switch the target's idea of the
source's address back again anyway.  An adversary who can consistently
prevent packets from being delivered can trivially deny service anyway,
so this isn't actually much of a concern.

7 years agoserver: Repurpose the flags in `peerspec'.
Mark Wooding [Mon, 27 Jun 2011 08:41:02 +0000 (09:41 +0100)]
server: Repurpose the flags in `peerspec'.

They're now general flags, though they share the bottom bits of the
space with key-exchange flags.  This is just a preliminary refactoring:
we'll be adding some peer-specific flags later.

7 years agoserver/tripe.h: Allow `break' from FOREACH_PEER.
Mark Wooding [Mon, 27 Jun 2011 13:08:11 +0000 (14:08 +0100)]
server/tripe.h: Allow `break' from FOREACH_PEER.

The body was wrapped in do ... while (0); so we have to remove this.

7 years agoserver/keyset.c: Return more informative error codes from ks_decrypt.
Mark Wooding [Mon, 27 Jun 2011 08:31:48 +0000 (09:31 +0100)]
server/keyset.c: Return more informative error codes from ks_decrypt.

Also, do what the commentary says and return zero and break the output
buffer if it's not big enough, rather than returning KSERR_DECRYPT.

The new error codes allow callers to make more sensible decisions about
whether to continue to search for other keys which might work better.

7 years agosvc/ Support IPv6 address configuration.
Mark Wooding [Mon, 19 Mar 2012 22:15:41 +0000 (22:15 +0000)]
svc/ Support IPv6 address configuration.

This switches the script to use the ip(8) utility for all of its

7 years agoinit/ Pass the `-m' option through to the server.
Mark Wooding [Fri, 16 Mar 2012 01:21:19 +0000 (01:21 +0000)]
init/ Pass the `-m' option through to the server.

Unfortunately, tripectl(1) doesn't understand it.

7 years agoDon't try to change gid unless we're privileged.
Mark Wooding [Fri, 16 Mar 2012 01:17:31 +0000 (01:17 +0000)]
Don't try to change gid unless we're privileged.

This affects both tripe(8) and tripectl(1).  The options are still
useful, since they determine the ownership of the administration socket.

This is a result of a long-standing error by the author, who assumed
that it was possible to setgid(2) to any existing supplementary group.

7 years agocontrib: Add the Maemo init config for upstart.
Mark Wooding [Fri, 16 Mar 2012 00:01:55 +0000 (00:01 +0000)]
contrib: Add the Maemo init config for upstart.

7 years agocontrib: Do proper substitutions on contrib files.
Mark Wooding [Fri, 16 Mar 2012 00:15:38 +0000 (00:15 +0000)]
contrib: Do proper substitutions on contrib files.

7 years agocontrib/: New directory for random occasionally-useful stuff.
Mark Wooding [Wed, 14 Mar 2012 20:57:07 +0000 (20:57 +0000)]
contrib/: New directory for random occasionally-useful stuff.

7 years agoAllow the caller to configure the administration socket permissions.
Mark Wooding [Wed, 14 Mar 2012 19:24:42 +0000 (19:24 +0000)]
Allow the caller to configure the administration socket permissions.

Now we can have a group of server administrators.

As part of this, move the change of permissions after the change of
ownership to avoid a brief window where the wrong group might have
access to the socket.

7 years agoserver/admin.c (a_init): Abort if we can't set socket permissions.
Mark Wooding [Wed, 14 Mar 2012 19:22:14 +0000 (19:22 +0000)]
server/admin.c (a_init): Abort if we can't set socket permissions.

I don't think sending a message to trace really captures the severity
of the situation adequately.

7 years agoserver/admin.c (a_init): Restore the old umask after creating the socket.
Mark Wooding [Wed, 14 Mar 2012 19:18:07 +0000 (19:18 +0000)]
server/admin.c (a_init): Restore the old umask after creating the socket.

7 years Only check SLIP on distcheck.
Mark Wooding [Mon, 27 Jun 2011 13:20:37 +0000 (14:20 +0100)] Only check SLIP on distcheck.

The other drivers aren't even slightly portable.

7 years agoIgnore boring return codes properly.
Mark Wooding [Wed, 14 Mar 2012 18:50:01 +0000 (18:50 +0000)]
Ignore boring return codes properly.

The warning about variables assigned values and then ignored is useful,
as are warnings about ignored return codes sometimes.  But sometimes
ignoring things really is the right answer.

7 years agoserver/privsep.c: Bring SIGCHLD handler in-line.
Mark Wooding [Tue, 13 Mar 2012 02:30:57 +0000 (02:30 +0000)]
server/privsep.c: Bring SIGCHLD handler in-line.

7 years agoclient/tripectl.c: Unblock SIGCHLD in child.
Mark Wooding [Tue, 13 Mar 2012 02:27:13 +0000 (02:27 +0000)]
client/tripectl.c: Unblock SIGCHLD in child.

Otherwise it accumulates zombies like they're going out of fashion.

7 years agoserver/ Refactor communications test stuff.
Mark Wooding [Wed, 25 Jan 2012 23:59:07 +0000 (23:59 +0000)]
server/ Refactor communications test stuff.

More exciting testing will want many of the same hacks.

Also improve the handling of race conditions which may issue warnings:
annotate the server log with custom warnings which instruct a filter to
strip out expected warning messages.

7 years agoserver/ Work around strace's attempt to overwrite core files.
Mark Wooding [Fri, 20 Jan 2012 01:23:41 +0000 (01:23 +0000)]
server/ Work around strace's attempt to overwrite core files.

When strace sees its child process die from a signal, it sends itself
the same signal in order to propagate the exit status accurately.
Unfortunately, if the child process left a core dump, it gets
overwritten by a useless core dump showing how strace committed suicide.

Work around this by running strace in a subdirectory and getting the
child process to run back in the parent.

Also see Debian bug #656389.

7 years agoserver/ Whitespace fixing.
Mark Wooding [Fri, 20 Jan 2012 01:23:04 +0000 (01:23 +0000)]
server/ Whitespace fixing.

Didn't have whitespace-mode turned on by default for this stuff.

7 years, wireshark/ Leave CFLAGS and CPPFLAGS to user.
Mark Wooding [Fri, 20 Jan 2012 01:19:03 +0000 (01:19 +0000)], wireshark/ Leave CFLAGS and CPPFLAGS to user.

Only fiddle with AM_CFLAGS, so that users can use CFLAGS to do stuff
like set debugging and fiddle with optimization settings.  This turns
out to be a bit fiddly because Autoconf doesn't really understand this

7 years agopriv/ Hack `libpriv' so that parallel builds work.
Mark Wooding [Wed, 18 Jan 2012 22:54:56 +0000 (22:54 +0000)]
priv/ Hack `libpriv' so that parallel builds work.

The library `libpriv.a' is built here, but the `libpriv' variable is set
to `$(top_builddir)/priv/libpriv.a' instead, which doesn't match.  The
result is that a parallel build might try to link the helper before
building the library, find that the library (found via the variable)
doesn't exist, and fail.

Fix this by hardwiring the library name locally, since we know where
it's meant to be.  I'd override the variable value but Automake is
petty and prints warnings if I do that.

7 years agoserver/tun-slip.c: Treat ESC END as an error, and junk the packet.
Mark Wooding [Sat, 14 Jan 2012 20:01:52 +0000 (20:01 +0000)]
server/tun-slip.c: Treat ESC END as an error, and junk the packet.

The code already treats ESC ESC as an error, so this is for consistency.

8 years agoserver/admin.c: Use p_tag to fetch the key tag.
Mark Wooding [Mon, 27 Jun 2011 09:10:23 +0000 (10:10 +0100)]
server/admin.c: Use p_tag to fetch the key tag.

It might be null: p_tag knows what to do.

8 years agoserver/ Various minor cleanups.
Mark Wooding [Mon, 27 Jun 2011 08:03:48 +0000 (09:03 +0100)]
server/ Various minor cleanups.

  * Remove stray `Keep' from comment.

  * Remove redundant `/' separator from a filename.

  * Fix `3<&1' to `3>&1', because it reflects the data flow better.

8 years agoserver/ Fix TRIPECTL_INTERACT argument order.
Mark Wooding [Mon, 27 Jun 2011 07:57:21 +0000 (08:57 +0100)]
server/ Fix TRIPECTL_INTERACT argument order.

For some reason, the TRIPECTL_INTERACT macro reverses its arguments,
making the first be an argument to `tripectl' and the second be the
script to connect to it.  Only neither call site actually passes the
second argument; instead, both of them pass the script in the first.
Since actually the script begins with a newline, it gets run after
`tripectl' finishes in the same side of the coprocess lash-up.

I have no idea how this has ever worked in the past.  I certainly know
that it doesn't work any more.  So fix it.

8 years agoinit/ Whitespace fixups.
Mark Wooding [Mon, 27 Jun 2011 01:09:20 +0000 (02:09 +0100)]
init/ Whitespace fixups.

8 years agoclient/tripectl.c, debian: Fix logging privileges disaster.
Mark Wooding [Mon, 27 Jun 2011 01:00:42 +0000 (02:00 +0100)]
client/tripectl.c, debian: Fix logging privileges disaster.

Previous behaviour: tripectl starts as root, opens logfile, starts tripe
server, drops privileges, logs happily to file, receives signal,
attempts to open new logfile, and fails miserably.  It therefore
continues logging to the old logfile, which may well have been deleted
by this point.

New behaviour: fix Debianization to put logs in a /var/log/tripe
directory, and arrange for this to be writable by the tripe user; create
the log file after dropping privileges.  If tripectl can't open the log,
it fails, and the tripe server quits due to EOF on stdin.

8 years agoVersion 1.0.0pre10. 1.0.0pre10
Mark Wooding [Fri, 22 Apr 2011 15:48:51 +0000 (16:48 +0100)]
Version 1.0.0pre10.

8 years agosvc/conntrack: Add magic `down' peer tags.
Mark Wooding [Fri, 22 Apr 2011 15:41:38 +0000 (16:41 +0100)]
svc/conntrack: Add magic `down' peer tags.

The tags `down' and `down/ANYTHING' mean that no peer from the group
should be selected.

8 years agoserver/keymgmt.c: Trivial whitespace fix.
Mark Wooding [Sun, 10 Apr 2011 21:04:17 +0000 (22:04 +0100)]
server/keymgmt.c: Trivial whitespace fix.