chiark / gitweb /
tripe
2 years agoMakefile.am: Some reformatting.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
Makefile.am: Some reformatting.

2 years agovars.am: Some reformatting.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
vars.am: Some reformatting.

2 years agoconfigure.ac, debian/: Overhaul Wireshark plugin build machinery.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
configure.ac, debian/: Overhaul Wireshark plugin build machinery.

  * Depend on the a newish version of Wireshark because I couldn't find
    out where the API changes happened.

  * It seems that Wireshark actually does provide a `pkg-config'
    dropping now, so I can use it rather than complaining about how it's
    not there.

2 years agokeys/tripe-keys.in: Remove unrecognized files from `base-dir'.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.in: Remove unrecognized files from `base-dir'.

In a sensible system, these turn out to be mostly signature files made
by old versions of the master key which don't exist any more.

You might want to think about making `upload-hook' delete the
corresponding files at the file server.

2 years agokeys/tripe-keys.8.in: `tripe-keys upload' can really upload things.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.8.in: `tripe-keys upload' can really upload things.

Mention the `upload-hook' configuration knob rather than the comment
about how it can't be done.

2 years agowireshark/packet-tripe.c: Catch up with Wireshark API changes.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
wireshark/packet-tripe.c: Catch up with Wireshark API changes.

  * Apparently `check_col' is now just dead, and its functionality
    included in the various `col_set_mumble' functions.

  * It seems that `dissector_add' has turned into `dissector_add_uint',
    and a number of other functions, for different field types, have
    been added.

This isn't well tested.

2 years agoUse new Catacomb `rand_quick' to gather entropy from other fast sources.
Mark Wooding [Sat, 4 Jun 2016 15:39:48 +0000 (16:39 +0100)]
Use new Catacomb `rand_quick' to gather entropy from other fast sources.

This requires a very shiny Catcomb.  I can make the dependency softer if
necessary.

2 years agoserver/: Rename `TIMER' to `QUICKRAND'.
Mark Wooding [Sat, 4 Jun 2016 15:31:10 +0000 (16:31 +0100)]
server/: Rename `TIMER' to `QUICKRAND'.

The purpose of the `TIMER' is to feed the entropy a small quantity of
entropy on a regular basis.  Encoding the implementation in the name was
an error which this commit fixes.

3 years agoserver/tripe.8.in: Fix misformatting.
Mark Wooding [Sat, 14 May 2016 10:08:35 +0000 (11:08 +0100)]
server/tripe.8.in: Fix misformatting.

3 years agoRelease 1.0.0pre18. 1.0.0pre18
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
Release 1.0.0pre18.

3 years agodebian/control: Fix the dependencies.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
debian/control: Fix the dependencies.

  * Fix up the Build-Depends.  The Python requirements for the
    architecture-independent packages are quite heavy, so split out
    Build-Depends-Indep.

  * Add detailed version information to the various build and runtime
    dependencies.

  * Observe that `tripe-keys' depends on curl(1) to run, so we need it
    at build time for testing, and the `tripe-keys' package needs it at
    runtime.

3 years agodebian/source/format: Apparently you're meant to have one of these now.
Mark Wooding [Fri, 19 Feb 2016 19:51:19 +0000 (19:51 +0000)]
debian/source/format: Apparently you're meant to have one of these now.

3 years agoconfigure.ac, Makefile.am: More subsetting based on module availability.
Mark Wooding [Sat, 20 Feb 2016 17:17:51 +0000 (17:17 +0000)]
configure.ac, Makefile.am: More subsetting based on module availability.

Also check the mLib and CDB modules.

3 years agotripe-service.7: Move manual page to server/.
Mark Wooding [Sun, 24 Apr 2016 22:30:30 +0000 (23:30 +0100)]
tripe-service.7: Move manual page to server/.

The stuff in svc/ isn't always built, but the manpage should always
exist because it describes general conventions.

3 years agoserver/admin.c (a_vformat): Fix uses of `va_arg' to dereference `ap'.
Mark Wooding [Fri, 19 Feb 2016 22:31:20 +0000 (22:31 +0000)]
server/admin.c (a_vformat): Fix uses of `va_arg' to dereference `ap'.

This is the missing half of the earlier patch; without it, we get
instant crashes on i386 (but, oddly, no warnings anywhere).

3 years agoserver/admin.c: Pass captured `va_list' consistently by reference.
Mark Wooding [Fri, 19 Feb 2016 21:42:57 +0000 (21:42 +0000)]
server/admin.c: Pass captured `va_list' consistently by reference.

On amd64, they're secretly arrays, and once one's decayed into a
pointer to a strange thing, there's no getting it back again.

3 years agoPortability: Use `socklen_t' throughout, if available.
Mark Wooding [Fri, 19 Feb 2016 21:41:04 +0000 (21:41 +0000)]
Portability: Use `socklen_t' throughout, if available.

Silly amd64 people, not using `size_t'.

3 years agoserver/tests.at (AWAIT_KXDONE): Ignore warnings and trace.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (AWAIT_KXDONE): Ignore warnings and trace.

If the waiting loop receive a message it doesn't understand, it bails
and the rest of the test continues, usually before the peers have
actually completed their key exchange.

3 years agoserver/tests.at (AWAIT_KXDONE): Ignore the correct server messages.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (AWAIT_KXDONE): Ignore the correct server messages.

The old code told arranged for both peers to ignore complains about
unexpected packets from the /first/ peer, with the predictable result
that the first peer complains about unexpected packets from the second
and the test fails spuriously.

3 years agoserver/tests.at (server retry): Use the new `WITH_STRACE' macro.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (server retry): Use the new `WITH_STRACE' macro.

Now we don't necessarily need strace(1) installed at build time.

It's now the responsibility of `WITH_STRACE' to clear away the strace(1)
process if there is one.  There's now too much process hierarchy in
between the wait and the child for us to wait on the proxy process
itself.  It doesn't really matter much, fortunately.

3 years agoserver/tests.at: Make the strace options better.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at: Make the strace options better.

  * `-ff' to split the traces for different processes out into separate
    files.  This is mostly good because it removes the confusing
    interleaving of blocking system calls issued from concurrently
    running processes.

  * `-tt' to print high-resolution timestamps on each line, for
    correlating the traces now they've been separated.

  * `-v' to print out full dumps of environments and other such things.

  * `-s1024' to print the whole of longish strings.

3 years agoserver/tests.at (TRIPE): Set command-line trace options from environment.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (TRIPE): Set command-line trace options from environment.

If you set `TRIPE_TEST_TRACEOPTS' then tracing is turned on with the
appropriate options.  The obvious value is `A'.

3 years agoserver/tests.at (WITH_TRIPEX): Strip early tracing from the stderr file.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (WITH_TRIPEX): Strip early tracing from the stderr file.

So we end up with a `...full' version.

3 years agoserver/tests.at (WITH_STRACE): Factor out the strace(1) machinery.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (WITH_STRACE): Factor out the strace(1) machinery.

There's very little noticeable difference in the behaviour: the (usually
empty) directory created for strace(1) to scribble its corefile has a
different name.  The new macro takes care of running the caller's
command in the correct directory, so the (only, currently) call site
doesn't need to worry about that any more.

3 years agopriv/helper.c (lose): Tag as NORETURN.
Mark Wooding [Mon, 1 Jun 2015 17:17:44 +0000 (18:17 +0100)]
priv/helper.c (lose): Tag as NORETURN.

3 years agoserver/keyexch.c: Always quote the peer name in `KXSTART' notifications.
Mark Wooding [Wed, 27 May 2015 18:43:07 +0000 (19:43 +0100)]
server/keyexch.c: Always quote the peer name in `KXSTART' notifications.

I missed the separate notification which is issued when a corked
exchange is uncorked.

4 years agoRelease 1.0.0pre17.1. 1.0.0pre17.1
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
Release 1.0.0pre17.1.

4 years agoserver/tests.at (AWAIT_KXDONE): More warning suppressions.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
server/tests.at (AWAIT_KXDONE): More warning suppressions.

Slow hosts (e.g., Scratchbox, under emulation) can trigger warnings in
both directions, and also `unexpected-challenge', depending on how far
the key exchange has progressed by the time the other end gets the
`FORCEKX' command.

4 years agoserver/tests.at (AWAIT_KXDONE): Deliver POP to the correct place.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
server/tests.at (AWAIT_KXDONE): Deliver POP to the correct place.

In fact, BNAME and BDIR are always the same in the current test script
-- the silly games are always played with ANAME and ADIR -- but that's
just luck.

4 years agoRelease 1.0.0pre17. 1.0.0pre17
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
Release 1.0.0pre17.

4 years agoclient/tripectl.c: New option `-W' to set `WATCH' list.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
client/tripectl.c: New option `-W' to set `WATCH' list.

4 years agobuild, debian: Add a suffix to the main TrIPE-specific manpages.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
build, debian: Add a suffix to the main TrIPE-specific manpages.

This keeps the service documentation, in particular, out of the general
namespace where things might conflict with it.

The general-purpose utilities `pkstream' and `pathmtu' are not affected
by this change.

4 years agosvc/connect.in (cmd_kick): Call the right function.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
svc/connect.in (cmd_kick): Call the right function.

4 years agocontrib/sshsvc.conf: Include configuration file for `sshsvc-mkauthkeys'.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
contrib/sshsvc.conf: Include configuration file for `sshsvc-mkauthkeys'.

4 years agocontrib/knock.in: Can now be called from an ordinary shell.
Mark Wooding [Fri, 24 Apr 2015 09:11:23 +0000 (10:11 +0100)]
contrib/knock.in: Can now be called from an ordinary shell.

The script can now pick up information from environment variables rather
than the forced command, which makes the `tripe' user much more sane.
This also fits a little better with `sshsvc-mkauthkeys'.

4 years agopeerdb/peers.in, svc/connect.8.in: Tweak dead-peer-detection parameters.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
peerdb/peers.in, svc/connect.8.in: Tweak dead-peer-detection parameters.

They're now different between dynamic and passive peers.  The manual
explains why they're set the way they are and provides some vaguely
useful commentary.

Also rearrange the other parameters a bit, now that we have multiple
inheritance.

4 years agopeerdb/tripe-newpeers.in, peerdb/peers.in.5.in: Multiple inheritance.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
peerdb/tripe-newpeers.in, peerdb/peers.in.5.in: Multiple inheritance.

Allow a section to `@inherit' from more than one other section.  All
traversals of the inheritance dag which find a value must report the
same one.  Cycles are diagnosed when they're encountered, but not
otherwise.

4 years agopeerdb/tripe-newpeers.in: Sort the output so that testing is easier.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
peerdb/tripe-newpeers.in: Sort the output so that testing is easier.

4 years agosvc/conntrack.8.in: Fix the manpage heading!
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
svc/conntrack.8.in: Fix the manpage heading!

4 years agopeerdb/peers.in.5.in: The magic is spelled `@inherit', not `@inherits'.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
peerdb/peers.in.5.in: The magic is spelled `@inherit', not `@inherits'.

4 years agoRelease 1.0.0pre16.2. 1.0.0pre16.2
Mark Wooding [Sat, 14 Mar 2015 19:37:30 +0000 (19:37 +0000)]
Release 1.0.0pre16.2.

4 years agosrc/tripe-ifup.in: Hack IPv6 up on VPN interfaces.
Mark Wooding [Sat, 14 Mar 2015 19:03:00 +0000 (19:03 +0000)]
src/tripe-ifup.in: Hack IPv6 up on VPN interfaces.

It seems that some devices try to turn off IPv6 on all interfaces if
they can't figure out a route.  But we know how to take care of
ourselves, and we want IPv6 over our VPN even if we can't do it
globally.

I'm thinking specifically of ConnMan on Jolla phones here, but there are
probably others.

4 years agosvc/tripe-ifup.in: Better error handling.
Mark Wooding [Sat, 14 Mar 2015 14:39:42 +0000 (14:39 +0000)]
svc/tripe-ifup.in: Better error handling.

Don't give up as soon as a network configuration command fails.  That
tends to leave the device's routing in a hopelessly broken state.
Instead, catch errors, report them via the server, and issue a slightly
different notification on completion.

4 years agosvc/tripe-ifup.in: Trim prefix length from IPv6 address used as gateway.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
svc/tripe-ifup.in: Trim prefix length from IPv6 address used as gateway.

Because IPv6 doesn't deal with point-to-point connections well, it's
common to use little networks.  But then the user needs to associate a
prefix length with the address, and we have to strip it off when adding
routes which use the address as a gateway.

4 years agoRelease 1.0.0pre16.1. 1.0.0pre16.1
Mark Wooding [Tue, 17 Feb 2015 21:34:14 +0000 (21:34 +0000)]
Release 1.0.0pre16.1.

4 years agoserver/keymgmt.c (km_samealgsp): Make sure the bulk transforms match.
Mark Wooding [Tue, 17 Feb 2015 21:20:12 +0000 (21:20 +0000)]
server/keymgmt.c (km_samealgsp): Make sure the bulk transforms match.

Getting this wrong would cause a communication failure which is
annoyingly difficult to debug.

4 years agoserver/tripe-admin.5.in: No, DAEMON doesn't issue a warning.
Mark Wooding [Tue, 17 Feb 2015 21:10:00 +0000 (21:10 +0000)]
server/tripe-admin.5.in: No, DAEMON doesn't issue a warning.

4 years agoRelease 1.0.0pre16. 1.0.0pre16
Mark Wooding [Sun, 20 Jul 2014 13:53:18 +0000 (14:53 +0100)]
Release 1.0.0pre16.

4 years agodebian/control: Build-Depends on mLib 2.2.2, for dstr_putf `%.*s' fix.
Mark Wooding [Sun, 20 Jul 2014 13:53:18 +0000 (14:53 +0100)]
debian/control: Build-Depends on mLib 2.2.2, for dstr_putf `%.*s' fix.

Otherwise the server segfaults on an `ALGS' admin request.  This causes
a failure in the test suite.

4 years agokeys/tripe-keys.in: Compare configuration files properly when updating.
Mark Wooding [Sun, 20 Jul 2014 13:53:18 +0000 (14:53 +0100)]
keys/tripe-keys.in: Compare configuration files properly when updating.

For some stupid reason, Python's `filecmp' module defaults to comparing
files using stat(2) rather then actually reading them.  I must have been
having a stupid day when I read the documentation because it didn't
occur to me that it could be that deranged.  But apparently it is, so we
must set `thip, crinkle, and spoit' to `no'.

It compares files too?

4 years agocontrib/, vars.am: systemd service definitions.
Mark Wooding [Sun, 20 Jul 2014 13:53:18 +0000 (14:53 +0100)]
contrib/, vars.am: systemd service definitions.

4 years agoImprove server logging.
Mark Wooding [Sun, 20 Jul 2014 13:52:26 +0000 (14:52 +0100)]
Improve server logging.

  * The client can now log to stdout or stderr easily.  Annoyingly,
    `-f/dev/stderr' doesn't work if running privilege-separated, so
    provide some handy magic tokens.

  * The init scripts now have configuration for writing to syslog.

4 years agoinit/tripe-init.in, contrib/tripe-upstart.in: Reformat startup rune.
Mark Wooding [Sun, 20 Jul 2014 13:51:15 +0000 (14:51 +0100)]
init/tripe-init.in, contrib/tripe-upstart.in: Reformat startup rune.

  * The old ${var+-O}${var} rune was kind of pointless: rewrite it as
    ${var+-O$var} instead.

  * Remove other pointless braces.

  * Group the addr/port and user/group options together.

4 years agosvc/connect.in: Only check the configuration database once a minute.
Mark Wooding [Sun, 20 Jul 2014 12:50:28 +0000 (13:50 +0100)]
svc/connect.in: Only check the configuration database once a minute.

I think this is quite often enough, and more is likely to drain the
battery of mobile devices unacceptably.

4 years agosvc/conntrack.in: Monitor class for ConnMan.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
svc/conntrack.in: Monitor class for ConnMan.

As used in Sailfish.

4 years agoserver/tests.at: Don't run strace(1) unconditionally.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
server/tests.at: Don't run strace(1) unconditionally.

It slows things down, might not be available, and doesn't work in
Scratchbox (because QEmu doesn't implement ptrace(2)).

4 years agosvc/conntrack.in: Update NetworkManager protocol handling.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
svc/conntrack.in: Update NetworkManager protocol handling.

All of the state codes have changed because XDG.

4 years agosvc/conntrack.in (straddr): Handle `None' as a packed address.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
svc/conntrack.in (straddr): Handle `None' as a packed address.

4 years agomon/tripemon.in: Add per-peer key selection and mobile options.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: Add per-peer key selection and mobile options.

4 years agomon/tripemon.in: Show per-peer crypto details in peer info sheet.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: Show per-peer crypto details in peer info sheet.

4 years agomon/tripemon.in: New `TrivialWindow' class: dismiss with Escape.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: New `TrivialWindow' class: dismiss with Escape.

Now it's easier to dismiss all of those random little dialogues.

4 years agomon/tripemon.in: Support the new-style bindings for Gtk and friends.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: Support the new-style bindings for Gtk and friends.

This is a fair amount of tedious work, especially if we want to keep
compatibility with the old versions of things.

Highlights:

  * There are separate modules now for GLib and GObject, as in the
    underlying C libraries; the old Python bindings merged the two
    together.

  * Gtk enumerations and flags now live in their own classes, so we dig
    them out for compatibility.

  * Because the new bindings are dynamically generated from
    introspection data, they don't make allowances for (say) `raise'
    being a Python reserved word.

  * Some functions which used to have default arguments no longer do, so
    we have to call them the hard way.

4 years agomon/tripemon.in: Highlight entry background when contents are invalid.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: Highlight entry background when contents are invalid.

This shows up much better than the foreground.

4 years agomon/tripemon.in: Remove spurious argument.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: Remove spurious argument.

Not sure how this passed even cursory testing.

4 years agomon/tripemon.in: `connect' service's `list' command is now `list-active'.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
mon/tripemon.in: `connect' service's `list' command is now `list-active'.

4 years agomon/tripemon.in: Whitespace fixing.
Mark Wooding [Sat, 19 Jul 2014 00:59:26 +0000 (01:59 +0100)]
mon/tripemon.in: Whitespace fixing.

4 years agoserver/: New `implicit-IV' transform (`iiv').
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
server/: New `implicit-IV' transform (`iiv').

The new transform has two advantages over the existing `v0' transform:

  * it doesn't need to transmit an explicit IV, so it adds less overhead
    to messages being sent; and

  * it's entirely deterministic, getting variation from the input
    sequence number rather than randomness, which (a) improves
    performance a bit by not exercising the cryptographic random number
    generator, and (b) eliminates a kleptographic channel.

This change triggers a bug in mLib 2.2.1 and earlier: `dstr_putf'
doesn't handle `%.*s' correctly.

4 years agoserver/: Prepare an interface for multiple bulk-crypto transforms.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
server/: Prepare an interface for multiple bulk-crypto transforms.

The current bulk-crypto transform is rather old-fashioned (though in
most formal senses secure).  It is neither as efficient as it could
be (in terms of overhead); nor does it provide privacy properties which
are as good as I'd like.  So it would be good to be able to replace it
with something better.

There's now a table of named transforms.  It only has one entry, `v0',
which is compatible with previous versions, but we now have all of the
machinery necessary to add new transforms later.

There are also some minor improvements to the tracing of cryptographic
details (notably: reporting the types of messages being encrypted and
decrypted); and an interface change for @ks_encrypt@ and @ks_decrypt@,
which are now allowed to corrupt @buf_u@ in the course of their
operation.

4 years agoserver/tripe-admin.5.in: Remove spurious punctuation.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
server/tripe-admin.5.in: Remove spurious punctuation.

4 years ago.gitattributes: New file; highlight bad whitespace properly in Python.
Mark Wooding [Sun, 20 Jul 2014 00:37:54 +0000 (01:37 +0100)]
.gitattributes: New file; highlight bad whitespace properly in Python.

4 years agopeerdb/tripe-newpeers.in: Don't start duplicate resolver queries.
Mark Wooding [Sat, 19 Jul 2014 16:22:37 +0000 (17:22 +0100)]
peerdb/tripe-newpeers.in: Don't start duplicate resolver queries.

Resolver queries are indexed by query domain name.  Previously, if we
find another place which wants the same name resolved, we'd overwrite
the existing query with the new one, which causes the old one to be
cancelled (despite it possibly having made progress).

(This also avoids tickling a bug in mLib's handling of aborted queries,
fixed separately.)

4 years agoserver/tun-*.c: Factor out the (very similar) TUN-like drivers.
Mark Wooding [Mon, 2 Jun 2014 21:55:32 +0000 (22:55 +0100)]
server/tun-*.c: Factor out the (very similar) TUN-like drivers.

5 years agopathmtu/pathmtu.c: Use IP_PMTUDISC_PROBE for sending the lookups.
Mark Wooding [Sat, 3 May 2014 19:04:44 +0000 (20:04 +0100)]
pathmtu/pathmtu.c: Use IP_PMTUDISC_PROBE for sending the lookups.

Linux's behaviour is very strange if you set IP_PMTUDISC_DO.  Suppose we
have this situation:

host A <-1500-> router B <-1432-> ... <-1500-> host Z

We send a 1500-byte probe from A.  Router B sends back `fragmentation
needed' with maximum size 1432.  Linux reports EMSGSIZE back to us, but
when we read IP_MTU, we get 1500 again.  OK: we send another probe with
1500, for old times' sake, but the write(2) fails with EMSGSIZE.  At
this point we give up and try binary search.  The next size we try is
1038, but write(2) fails again, inexplicably.  Subsequent binary search
succeeds, so we end up with an MTU of 1037.  This is too small for IPv6.

Using IP_PMTUDISC_PROBE instead seems to prevent Linux from being
hopeless at write(2) time.

5 years agoRelease 1.0.0pre15. 1.0.0pre15
Mark Wooding [Sat, 19 Apr 2014 13:35:06 +0000 (14:35 +0100)]
Release 1.0.0pre15.

5 years agosvc/tripe-ifup.in: Allow netmasks on local and remote inside addresses.
Mark Wooding [Sat, 19 Apr 2014 13:28:58 +0000 (14:28 +0100)]
svc/tripe-ifup.in: Allow netmasks on local and remote inside addresses.

This is necessary to allow IPv6 hosts to be in little subnets of their
own, which in turn lets us work around a stupid bug in Linux's IPv6
route caching and path-MTU handling.

5 years agoserver/{admin,peer}.c: Fix build failures when tracing is disabled.
Mark Wooding [Tue, 11 Mar 2014 14:32:44 +0000 (14:32 +0000)]
server/{admin,peer}.c: Fix build failures when tracing is disabled.

I don't check this often enough.

5 years agoserver/chal.c: Don't load sequence number twice.
Mark Wooding [Tue, 11 Mar 2014 14:32:12 +0000 (14:32 +0000)]
server/chal.c: Don't load sequence number twice.

This is especially embarrassing because the only other reason the
sequence number is loaded is for a trace message.  This was discovered
from compiler warning about `seq' being unused when tracing is disabled.

5 years agoRelease 1.0.0pre14. 1.0.0pre14
Mark Wooding [Tue, 28 Jan 2014 15:39:33 +0000 (15:39 +0000)]
Release 1.0.0pre14.

5 years agoMerge branch 'mdw/svc-merge'
Mark Wooding [Tue, 28 Jan 2014 15:27:27 +0000 (15:27 +0000)]
Merge branch 'mdw/svc-merge'

* mdw/svc-merge:
  debian/tripe-peer-services.postinst: Retire the old `watch' service.
  Merge the `connect' and `watch' services.
  svc/watch.in: Rename some of the functions.
  svc/watch.in: Use the `Peer' object from `connect' to carry information.

5 years agodebian/tripe-peer-services.postinst: Retire the old `watch' service.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
debian/tripe-peer-services.postinst: Retire the old `watch' service.

Stop the service, if necessary, and clear away its symbolic link.

5 years agoMerge the `connect' and `watch' services.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
Merge the `connect' and `watch' services.

The result is called `connect', because that's the one which provided
scripted external interface.  But it's best looked at as a merge of
pieces of `connect' into `watch', followed by a rename.

5 years agosvc/watch.in: Rename some of the functions.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
svc/watch.in: Rename some of the functions.

Functions which run commands are now called `run_...'.  The `addpeer'
and `delpeer' functions are now `adoptpeer' and `disownpeer', to make
way for like-named methods from `connect'.

5 years agosvc/watch.in: Use the `Peer' object from `connect' to carry information.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
svc/watch.in: Use the `Peer' object from `connect' to carry information.

The `get' method is slightly improved to do type conversions.

This replaces the ad-hoc use of dictionaries.  The code is somewhat
cleaner as a result, and very slightly longer.  But most importantly it
paves the way for a merge of these two services.

5 years agodebian/tripe-peer-services.postinst: Fix stupid typo.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
debian/tripe-peer-services.postinst: Fix stupid typo.

5 years agokeys/tripe-keys.in: Improve reporting of usage errors.
Mark Wooding [Thu, 9 Jan 2014 08:53:12 +0000 (08:53 +0000)]
keys/tripe-keys.in: Improve reporting of usage errors.

  * Report a readable error for a mis-typed command name, rather than a
    Python exception backtrace.

  * Diagnose arguments to a command which expects none correctly.

  * Remove the `UsageError' exception, which was never caught and is now
    unused.

5 years agodebian/tripe-peer-services.postinst: New script to restart services.
Mark Wooding [Fri, 12 Jul 2013 23:49:00 +0000 (00:49 +0100)]
debian/tripe-peer-services.postinst: New script to restart services.

When the TrIPE suite is upgraded, the service package isn't usually in a
fit state when the server is restarted, so the services don't start
properly.  The answer is to have the services restarted explicitly by
their own `postinst' script.

5 years agokeys/tripe-keys.in: Only warn if all master keys are expired.
Mark Wooding [Fri, 12 Jul 2013 09:32:11 +0000 (10:32 +0100)]
keys/tripe-keys.in: Only warn if all master keys are expired.

Otherwise you get pestered throughout the rollover period.

5 years agoUse the new mLib macros for discarding uninteresting error codes.
Mark Wooding [Sat, 22 Jun 2013 16:09:05 +0000 (17:09 +0100)]
Use the new mLib macros for discarding uninteresting error codes.

5 years agoclient/tripectl.c: Fix stupid format-string bugs.
Mark Wooding [Sat, 22 Jun 2013 16:08:15 +0000 (17:08 +0100)]
client/tripectl.c: Fix stupid format-string bugs.

Possibly exploitable, but tripe's admin interface isn't usually a
security boundary.

5 years agodebian/control: Fix `pkstream' dependency on `fwd'.
Mark Wooding [Sat, 22 Jun 2013 14:55:06 +0000 (15:55 +0100)]
debian/control: Fix `pkstream' dependency on `fwd'.

It hasn't been called `fw' for many years.

5 years agoUse the new `mLib' annotations on varargs functions.
Mark Wooding [Sat, 22 Jun 2013 14:37:36 +0000 (15:37 +0100)]
Use the new `mLib' annotations on varargs functions.

This caught a couple of bugs just fixed.

5 years agoUpdate dependencies on mLib.
Mark Wooding [Sat, 22 Jun 2013 14:49:32 +0000 (15:49 +0100)]
Update dependencies on mLib.

5 years agoFix some format and other varargs errors.
Mark Wooding [Sat, 22 Jun 2013 14:33:03 +0000 (15:33 +0100)]
Fix some format and other varargs errors.

5 years agodebian: Drop CDBS in favour of plain Debhelper.
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)]
debian: Drop CDBS in favour of plain Debhelper.

5 years agoconfigure.ac: Some random formatting tweaks.
Mark Wooding [Sun, 2 Jun 2013 14:49:39 +0000 (15:49 +0100)]
configure.ac: Some random formatting tweaks.

5 years agoconfigure.ac: `Better' broken attempt to find Wireshark plugin dir.
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)]
configure.ac: `Better' broken attempt to find Wireshark plugin dir.

In that it actually succeeds on at least one system.

5 years agoserver/tests.at: Awk string indexing starts at 1.
Mark Wooding [Wed, 19 Jun 2013 18:58:17 +0000 (19:58 +0100)]
server/tests.at: Awk string indexing starts at 1.

Mawk returns a string of length n - 1 if you ask for `substr(s, 0, n)'.
This causes mismatches in the filter which is supposed to remove
spurious warnings, resulting in spurious test failures.

5 years agoserver/tun-slip.c: Fix signed/unsigned char mismatch.
Mark Wooding [Wed, 19 Jun 2013 09:31:20 +0000 (10:31 +0100)]
server/tun-slip.c: Fix signed/unsigned char mismatch.

5 years agoinit/tripe.conf: Fix erroneous variable `mode' instead of `sockmode.'
Mark Wooding [Fri, 14 Jun 2013 19:43:15 +0000 (20:43 +0100)]
init/tripe.conf: Fix erroneous variable `mode' instead of `sockmode.'

5 years agoserver: Compare MAC tags in constant time. 1.0.0pre13
Mark Wooding [Mon, 27 May 2013 21:59:19 +0000 (22:59 +0100)]
server: Compare MAC tags in constant time.

This fixes a timing attack.  If an adversary can watch the timestamp on
the server's log, then it might be possible to determine how much of a
forged packet's MAC is invalid, and thereby figure out one byte at a
time.

This requires the new constant-time comparison function in Catacomb, so
update the dependencies.

This is release 1.0.0pre13.