chiark / gitweb /
Mark Wooding [Wed, 25 Jan 2012 00:31:28 +0000 (00:31 +0000)]
server/{keymgmt.c,tripe-admin.5.in}: Improve key-management errors.
Many of the errors are rather vague and not well documented. Overhaul
the way that errors are reported and propagated in the keymgmt subsystem
and document all of the various error conditions in detail.
Mark Wooding [Tue, 24 Jan 2012 02:00:38 +0000 (02:00 +0000)]
admin.c (a_format): New function formats token sequences to strings.
This will be useful for building fragments of messages to be assembled
by higher-level functions.
Mark Wooding [Mon, 7 May 2012 13:37:05 +0000 (14:37 +0100)]
server/peer.c, server/tests.at: Handle NAT swapping over peer addresses.
Previously, we'd notice when a mobile peer switched address (e.g., due
to NAT) to one that wasn't currently known; but it seems that some
particularly awful NAT boxes will actually swap over the addresses
assigned to two peers on the wrong side of it. The static hub peer will
see this as a bunch of decryption failures but not do anything about
it. Eventually the mobile peers will notice a ping timeout and
reconnect, but this can take a while.
So, when we get a decryption failure from a mobile peer, see whether any
other mobile peers are interested in it.
Mark Wooding [Mon, 7 May 2012 12:31:44 +0000 (13:31 +0100)]
pkstream/pkstream.c: Have `-b' affect the listening mode too.
Mark Wooding [Mon, 7 May 2012 11:42:12 +0000 (12:42 +0100)]
server/tests.at, t/keyring-*: Handle three-party tests.
This involves a new Autotest macro WITH_3TRIPES and a new party in each
of the keyrings.
Mark Wooding [Thu, 26 Jan 2012 00:04:09 +0000 (00:04 +0000)]
server/tests.at, t/keyring-*: Rename test keyrings.
We're going to be playing games with these which will change which
groups they use, so naming them after the groups is silly.
Also switch the prime group to use a smaller field (catacomb-ll-160-1024
specifically) because the primality checking takes ages and we don't
actually need any security.
Mark Wooding [Mon, 7 May 2012 11:29:33 +0000 (12:29 +0100)]
server/peer.c: Handle mobile peers switching addresses.
Previously, we would track a mobile peer if it changed its address to
one that wasn't currently in use by any peer; but it seems that some
benighted NAT boxes will actually mix up the addresses assigned to
active peers, so we must spot the decryption errors and try to match
them up again.
Mark Wooding [Sun, 6 May 2012 23:31:03 +0000 (00:31 +0100)]
server/peer.c: Delay updating peer stats.
Previously we'd update as soon as we'd found a peer, but that's not
quite right. We're going to have p_decrypt change our mind about which
peer this if we get a decryption error, so it'd be bad if we'd
prematurely updated the wrong peer.
Mark Wooding [Sun, 6 May 2012 23:27:20 +0000 (00:27 +0100)]
server/peer.c: Only scan mobile peers when source address is unknown.
Mark Wooding [Wed, 25 Apr 2012 20:14:16 +0000 (21:14 +0100)]
contrib/knock.in: Login script for establishing dynamic associations.
Mark Wooding [Wed, 25 Apr 2012 20:10:50 +0000 (21:10 +0100)]
contrib/README: Fix missing description of the `greet' tool.
Mark Wooding [Wed, 25 Apr 2012 20:09:38 +0000 (21:09 +0100)]
init/tripe-init.in: Look for the socket in the correct place.
If TRIPESOCK is a relative name then the script would look for it
relative to the current directory rather than the correct TRIPEDIR
directory.
Mark Wooding [Mon, 23 Apr 2012 17:11:11 +0000 (18:11 +0100)]
contrib/greet.in: Grotty script to send a TrIPE greeting packet.
Useful for testing.
Mark Wooding [Mon, 23 Apr 2012 17:07:01 +0000 (18:07 +0100)]
init/Makefile.am: Install `tripe.conf' as data, not executable.
Mark Wooding [Mon, 23 Apr 2012 17:06:12 +0000 (18:06 +0100)]
server/peer.c: Fix `unknown-category' message.
A missing comma caused adjacent-string-literal pasting.
Mark Wooding [Mon, 23 Apr 2012 16:49:30 +0000 (17:49 +0100)]
svc/watch.in: Fix startup scan to initialize unwatched connections.
There's no point defining connection parameters for a peer unless
something's going to act on them, and that something is watch(8). On
startup (the `--startup' switch), we're meant to notice existing peers
(probably established by connect(8)) and ensure that they're set up
properly. This initial pass over the peer list is done by
Pinger.rescan, which /usually/ is interested only in watched peers that
need pinging. It therefore ignores unwatched peers, with the result
that pre-existing unwatched peers are left unconfigured. Subsequent
peers are detected through the notification mechanism and processed by
the addpeers function which works correctly.
Now, if startup is set, Pinger.rescan tracks all peers and invokes
addpeer on them.
The code relies on the fact that a startup scan is done only once, when
the peer list is empty. Otherwise it'll reconfigure existing peers,
which is probably a mistake.
Mark Wooding [Mon, 23 Apr 2012 16:45:48 +0000 (17:45 +0100)]
svc/watch.in: Add some debugging output to the `rescan' function.
Slightly easier to keep track of what's going on.
Mark Wooding [Fri, 16 Mar 2012 09:47:50 +0000 (09:47 +0000)]
debian/rules: Throw the contrib scripts into `examples'.
Mark Wooding [Thu, 22 Mar 2012 00:28:59 +0000 (00:28 +0000)]
svc/tripe-ifup.in: Explicitly tag routes as `static'.
Otherwise BIRD, in particular, ignores the routes, which is a shame
because we'd ideally like it to propagate them.
Mark Wooding [Wed, 21 Mar 2012 21:41:11 +0000 (21:41 +0000)]
peerdb/peers.in: Set passive peers as mobile by default.
Mark Wooding [Wed, 21 Mar 2012 19:04:27 +0000 (19:04 +0000)]
svc/tripe-ifup.in: Bring up the interface before adding routes.
It doesn't work the other way around. Except when I was testing it, for
some reason.
Mark Wooding [Wed, 21 Mar 2012 16:05:00 +0000 (16:05 +0000)]
pathmtu/pathmtu.{c,1.in}: New algorithms for path-MTU discovery.
Implement path-MTU discovery using raw sockets rather than Linux's fancy
socket options. This should improve portability to other systems.
This involves splitting the logic which chooses probe sizes and
determines the resulting MTU from the underlying machinery which
manufactures packets and collects results.
Mark Wooding [Mon, 27 Jun 2011 13:47:04 +0000 (14:47 +0100)]
svc/conntrack.in: Don't track the local IP address any more.
If we need to change the peer name, we still need a full renegotiation;
otherwise we can let the mobile-peer machinery deal with us. This will,
with a little luck, result in a smoother handover when a mobile peer
roams between networks (or gets screwed by NAT).
Mark Wooding [Mon, 27 Jun 2011 02:26:00 +0000 (03:26 +0100)]
New peer option `-mobile': follow rapid IP address and port changes.
Mobile devices on 3G networks can change apparent IP address and port
numbers rapidly. If any peer has the `-mobile' flag (PSF_MOBILE) set,
and a MSG_PACKET message arrives from an unexpected source, see if any
of the `-mobile' peers can decrypt it: if so, update the peer's address
rather than rejecting the packet.
This is inefficient because it involves a linear search of the peer
list. If this turns out to be a problem, we can make some protocol
changes (e.g., inserting a peer hint into the packet) later.
Note that an adversary can deny service by capturing legitimate packets
from a mobile source and sending them on with a different address. The
peer will assume that the target's address has changed. But to make
this work effectively, the adversary's packet has to reach the target
before (or instead of) the legitimate one, or else the bogus packet will
be rejected for having a duplicate sequence number. The next packet
received unmodified from the source will switch the target's idea of the
source's address back again anyway. An adversary who can consistently
prevent packets from being delivered can trivially deny service anyway,
so this isn't actually much of a concern.
Mark Wooding [Mon, 27 Jun 2011 08:41:02 +0000 (09:41 +0100)]
server: Repurpose the flags in `peerspec'.
They're now general flags, though they share the bottom bits of the
space with key-exchange flags. This is just a preliminary refactoring:
we'll be adding some peer-specific flags later.
Mark Wooding [Mon, 27 Jun 2011 13:08:11 +0000 (14:08 +0100)]
server/tripe.h: Allow `break' from FOREACH_PEER.
The body was wrapped in do ... while (0); so we have to remove this.
Mark Wooding [Mon, 27 Jun 2011 08:31:48 +0000 (09:31 +0100)]
server/keyset.c: Return more informative error codes from ks_decrypt.
Also, do what the commentary says and return zero and break the output
buffer if it's not big enough, rather than returning KSERR_DECRYPT.
The new error codes allow callers to make more sensible decisions about
whether to continue to search for other keys which might work better.
Mark Wooding [Mon, 19 Mar 2012 22:15:41 +0000 (22:15 +0000)]
svc/tripe-ifup.in: Support IPv6 address configuration.
This switches the script to use the ip(8) utility for all of its
configuration.
Mark Wooding [Fri, 16 Mar 2012 01:21:19 +0000 (01:21 +0000)]
init/tripe-init.in: Pass the `-m' option through to the server.
Unfortunately, tripectl(1) doesn't understand it.
Mark Wooding [Fri, 16 Mar 2012 01:17:31 +0000 (01:17 +0000)]
Don't try to change gid unless we're privileged.
This affects both tripe(8) and tripectl(1). The options are still
useful, since they determine the ownership of the administration socket.
This is a result of a long-standing error by the author, who assumed
that it was possible to setgid(2) to any existing supplementary group.
Mark Wooding [Fri, 16 Mar 2012 00:01:55 +0000 (00:01 +0000)]
contrib: Add the Maemo init config for upstart.
Mark Wooding [Fri, 16 Mar 2012 00:15:38 +0000 (00:15 +0000)]
contrib: Do proper substitutions on contrib files.
Mark Wooding [Wed, 14 Mar 2012 20:57:07 +0000 (20:57 +0000)]
contrib/: New directory for random occasionally-useful stuff.
Mark Wooding [Wed, 14 Mar 2012 19:24:42 +0000 (19:24 +0000)]
Allow the caller to configure the administration socket permissions.
Now we can have a group of server administrators.
As part of this, move the change of permissions after the change of
ownership to avoid a brief window where the wrong group might have
access to the socket.
Mark Wooding [Wed, 14 Mar 2012 19:22:14 +0000 (19:22 +0000)]
server/admin.c (a_init): Abort if we can't set socket permissions.
I don't think sending a message to trace really captures the severity
of the situation adequately.
Mark Wooding [Wed, 14 Mar 2012 19:18:07 +0000 (19:18 +0000)]
server/admin.c (a_init): Restore the old umask after creating the socket.
Mark Wooding [Mon, 27 Jun 2011 13:20:37 +0000 (14:20 +0100)]
Makefile.am: Only check SLIP on distcheck.
The other drivers aren't even slightly portable.
Mark Wooding [Wed, 14 Mar 2012 18:50:01 +0000 (18:50 +0000)]
Ignore boring return codes properly.
The warning about variables assigned values and then ignored is useful,
as are warnings about ignored return codes sometimes. But sometimes
ignoring things really is the right answer.
Mark Wooding [Tue, 13 Mar 2012 02:30:57 +0000 (02:30 +0000)]
server/privsep.c: Bring SIGCHLD handler in-line.
Mark Wooding [Tue, 13 Mar 2012 02:27:13 +0000 (02:27 +0000)]
client/tripectl.c: Unblock SIGCHLD in child.
Otherwise it accumulates zombies like they're going out of fashion.
Mark Wooding [Wed, 25 Jan 2012 23:59:07 +0000 (23:59 +0000)]
server/tests.at: Refactor communications test stuff.
More exciting testing will want many of the same hacks.
Also improve the handling of race conditions which may issue warnings:
annotate the server log with custom warnings which instruct a filter to
strip out expected warning messages.
Mark Wooding [Fri, 20 Jan 2012 01:23:41 +0000 (01:23 +0000)]
server/tests.at: Work around strace's attempt to overwrite core files.
When strace sees its child process die from a signal, it sends itself
the same signal in order to propagate the exit status accurately.
Unfortunately, if the child process left a core dump, it gets
overwritten by a useless core dump showing how strace committed suicide.
Work around this by running strace in a subdirectory and getting the
child process to run back in the parent.
Also see Debian bug #656389.
Mark Wooding [Fri, 20 Jan 2012 01:23:04 +0000 (01:23 +0000)]
server/tests.at: Whitespace fixing.
Didn't have whitespace-mode turned on by default for this stuff.
Mark Wooding [Fri, 20 Jan 2012 01:19:03 +0000 (01:19 +0000)]
configure.ac, wireshark/Makefile.am: Leave CFLAGS and CPPFLAGS to user.
Only fiddle with AM_CFLAGS, so that users can use CFLAGS to do stuff
like set debugging and fiddle with optimization settings. This turns
out to be a bit fiddly because Autoconf doesn't really understand this
stuff.
Mark Wooding [Wed, 18 Jan 2012 22:54:56 +0000 (22:54 +0000)]
priv/Makefile.am: Hack `libpriv' so that parallel builds work.
The library `libpriv.a' is built here, but the `libpriv' variable is set
to `$(top_builddir)/priv/libpriv.a' instead, which doesn't match. The
result is that a parallel build might try to link the helper before
building the library, find that the library (found via the variable)
doesn't exist, and fail.
Fix this by hardwiring the library name locally, since we know where
it's meant to be. I'd override the variable value but Automake is
petty and prints warnings if I do that.
Mark Wooding [Sat, 14 Jan 2012 20:01:52 +0000 (20:01 +0000)]
server/tun-slip.c: Treat ESC END as an error, and junk the packet.
The code already treats ESC ESC as an error, so this is for consistency.
Mark Wooding [Mon, 27 Jun 2011 09:10:23 +0000 (10:10 +0100)]
server/admin.c: Use p_tag to fetch the key tag.
It might be null: p_tag knows what to do.
Mark Wooding [Mon, 27 Jun 2011 08:03:48 +0000 (09:03 +0100)]
server/tests.at: Various minor cleanups.
* Remove stray `Keep' from comment.
* Remove redundant `/' separator from a filename.
* Fix `3<&1' to `3>&1', because it reflects the data flow better.
Mark Wooding [Mon, 27 Jun 2011 07:57:21 +0000 (08:57 +0100)]
server/tests.at: Fix TRIPECTL_INTERACT argument order.
For some reason, the TRIPECTL_INTERACT macro reverses its arguments,
making the first be an argument to `tripectl' and the second be the
script to connect to it. Only neither call site actually passes the
second argument; instead, both of them pass the script in the first.
Since actually the script begins with a newline, it gets run after
`tripectl' finishes in the same side of the coprocess lash-up.
I have no idea how this has ever worked in the past. I certainly know
that it doesn't work any more. So fix it.
Mark Wooding [Mon, 27 Jun 2011 01:09:20 +0000 (02:09 +0100)]
init/tripe-init.in: Whitespace fixups.
Mark Wooding [Mon, 27 Jun 2011 01:00:42 +0000 (02:00 +0100)]
client/tripectl.c, debian: Fix logging privileges disaster.
Previous behaviour: tripectl starts as root, opens logfile, starts tripe
server, drops privileges, logs happily to file, receives signal,
attempts to open new logfile, and fails miserably. It therefore
continues logging to the old logfile, which may well have been deleted
by this point.
New behaviour: fix Debianization to put logs in a /var/log/tripe
directory, and arrange for this to be writable by the tripe user; create
the log file after dropping privileges. If tripectl can't open the log,
it fails, and the tripe server quits due to EOF on stdin.
Mark Wooding [Fri, 22 Apr 2011 15:48:51 +0000 (16:48 +0100)]
Version 1.0.0pre10.
Mark Wooding [Fri, 22 Apr 2011 15:41:38 +0000 (16:41 +0100)]
svc/conntrack: Add magic `down' peer tags.
The tags `down' and `down/ANYTHING' mean that no peer from the group
should be selected.
Mark Wooding [Sun, 10 Apr 2011 21:04:17 +0000 (22:04 +0100)]
server/keymgmt.c: Trivial whitespace fix.
Mark Wooding [Sat, 22 May 2010 11:43:56 +0000 (12:43 +0100)]
Build system: Use Automake 1.11 `silent-rules'.
This makes warnings much easier to spot in the build transcript.
Mark Wooding [Sat, 22 May 2010 11:42:46 +0000 (12:42 +0100)]
Various C files: Ignore write errors of UDP and IP datagrams.
These packets are expected to go missing periodically and everyone will
cope. Unfortunately, GCC wants us to do something with the return code
from write(2), so we explicitly assign it to a write-only variable and
hope that its data-flow analysis is done after it checks for return-code
ignoring.
Mark Wooding [Sat, 22 May 2010 11:40:34 +0000 (12:40 +0100)]
server/tun-slip.c, server/tripe-admin.5.in: Handle write errors.
The error handling here is a little delicate. SLIP pipes are marked
nonblocking, so that a slow driver won't hold up the server. We ignore
EWOULDBLOCK/EAGAIN on the grounds that a dropped packet isn't particularly
disastrous and SLIP is pretty good at resynchronizing. Other errors
break the tunnel; we issue a warning and stop bothering to write
packets at all until the interface is released and reassigned. Obviously
dynamic interfaces will be discarded completely; static ones might be
left broken, but at least we'll retry.
Also, add the new warning to the documentation, since write errors weren't
previously something we worried about.
Mark Wooding [Sat, 22 May 2010 11:04:06 +0000 (12:04 +0100)]
server/tun-slip: Refactor state handling somewhat.
Introduce a new ST_MASK which masks off the state-machine bits. Use this
when reading SL_END or when setting ST_EOF, so as to preserve any other
state bits which might happen to have been set. Not that I'm promising
anything...
Mark Wooding [Sat, 22 May 2010 11:33:19 +0000 (12:33 +0100)]
server/tun-*.c: Include tunnel name in read-error warnings.
For some reason, all of these messages omit the tunnel name, which is
contrary to the documentation (and unlike all of the other tunnel
warning messages).
Mark Wooding [Sat, 22 May 2010 09:13:18 +0000 (10:13 +0100)]
More minor cleanups.
* priv/helper.c: Fix `itrace' comment header.
* server/tripe.h: Remove unused type `admin_greetop'.
Mark Wooding [Wed, 19 May 2010 23:46:53 +0000 (00:46 +0100)]
priv: Remove references to transferring `tunnel_ops *' pointers.
None of that happens since the helper became a separate executable;
instead, tunnel driver names are passed. I've taken the opportunity to
fix other fossils in the privilege-separation commentary.
No substantive changes.
Mark Wooding [Mon, 17 May 2010 19:28:01 +0000 (20:28 +0100)]
debian/changelog: Another version.
Mark Wooding [Mon, 17 May 2010 16:14:09 +0000 (17:14 +0100)]
Disassociate public key tags from peer names.
Peer names are being used for too much now. Originally, they /only/
identified the public key. The peer management services muddy the issue
greatly by mapping peer names to database records.
I propose to resolve this mess in favour of the peer management
services. The ADD command now takes an optional argument naming the
public key to use to authenticate the peer (defaulting to the peer name,
as before). The `connect' service consults the peer database to find
which key to pass to the server.
This change modifies the server to support a new `-key' option to ADD,
and use the value of this option in preference to the peer name if it's
supplied. It also updates the `connect' service to use this option if
necessary. Finally, there's documentation of the various protocol and
database structure changes, and a small tweak to the test suite to make
sure the whole thing stands a chance of working.
Mark Wooding [Mon, 17 May 2010 16:35:50 +0000 (17:35 +0100)]
svc/conntrack: Make the kickpeers coroutine more robust.
There are inevitable races between where conntrack enumerates the peers
and when it submits the commands to modify the list. Also, there's no
guarantee that `connect' -- which we use for initiating peer connections
-- is running at all. So trap exceptions from the relevant commands and
issue warnings as appropriate.
Mark Wooding [Mon, 17 May 2010 16:34:53 +0000 (17:34 +0100)]
svc/conntrack.8.in: Document the D-Bus connection state notifications.
These probably aren't very useful for other services, but they're useful
for diagnostics.
Mark Wooding [Mon, 17 May 2010 16:12:51 +0000 (17:12 +0100)]
peerdb/peers.in.5.in: Fix formatting.
It seems that there's some missing text around here. This probably
wants filling in before we commit this.
Mark Wooding [Sat, 15 May 2010 19:08:13 +0000 (20:08 +0100)]
Tag version 1.0.0pre8.1.
Mark Wooding [Sat, 15 May 2010 18:42:08 +0000 (19:42 +0100)]
py/rmcr.py: Handle stray exceptions from coroutines more sensibly.
With a little luck this means that they won't just vanish silently.
Mark Wooding [Sat, 15 May 2010 18:41:07 +0000 (19:41 +0100)]
svc/conntrack.in: Force reconnection on local IP address changes.
ICd or NetworkManager might roam to a new network, and tell us about it;
but if we decided that we wanted to stick with the same peer
specification then our peer will continue with the wrong IP address until
watch gets a ping timeout.
Of course, this doesn't trap other reasons we might change IP addresses
without anyone noticing, such as roaming to a different 3G NAT thingummy.
Mark Wooding [Sat, 15 May 2010 18:35:57 +0000 (19:35 +0100)]
svc/conntrack.in: Fix DBusManager._reconnect to accept bus argument.
The disconnection upcall gets given an argument, whether it wants one
or not. Accept and ignore it.
Mark Wooding [Sat, 15 May 2010 18:34:56 +0000 (19:34 +0100)]
svc/conntrack.in: Better diagnostic equipment for D-Bus reconnection.
Send out notifications about the D-Bus connection status. Also, inspect
some environment variables and decide which bus to connect to, so that
I can have it connect to a special test bus which I can bounce up and
down without destroying the world.
Mark Wooding [Sat, 15 May 2010 18:29:06 +0000 (19:29 +0100)]
svc/conntrack.in: Keep the D-Bus monitor alive.
Turns out nothing actually tried to keep the monitor alive. After a
(rather random) interval, the bus just got dropped and we didn't get
any more notifications from anyone.
Stash it in a global variable.
Mark Wooding [Sun, 9 May 2010 14:33:22 +0000 (15:33 +0100)]
debian/changelog: Long overdue for a new version.
Mark Wooding [Sun, 9 May 2010 14:06:18 +0000 (15:06 +0100)]
python: Better diagnostics for coroutines.
Provide meaningful names for coroutines, and report switches in the
debug output.
Mark Wooding [Sat, 8 May 2010 23:58:19 +0000 (00:58 +0100)]
svc/conntrack.in: New service to track connection status.
Works through D-Bus and suchlike overly modern things.
Mark Wooding [Sun, 9 May 2010 11:49:44 +0000 (12:49 +0100)]
svc/watch.in: Bug fix: addpeer on correct coroutine.
Mark Wooding [Sun, 9 May 2010 11:36:30 +0000 (12:36 +0100)]
svc/watch.in: Check that the crypto is working in adopted peers.
Previously we only checked for transport. This can leave a duff peer
running without being fixed. The downside is that this may end up
repeatedly kicking a no-hoper connection. Treat crypto setup failure as
grounds for reconnection.
Mark Wooding [Sat, 8 May 2010 13:46:52 +0000 (14:46 +0100)]
python: Refactoring of I/O events and suchlike.
There are a number of problems with the current arrangement.
* The service manager main loop is tied to getting I/O events through
mLib. There's a new service coming up which wants to collect D-Bus
signals, and that involves using the glib event loop instead.
* Some services seem to (still) have coroutine scheduling bugs:
they're calling functions from the wrong coroutine. The utilities
in tripemon would be useful, but they're tied to the glib event
loop.
So here's the proposed fix.
* SelCommandDispatcher is a mistake. Split its functionality out into
a separate class which can be plugged into TripeConnection or one of
its descendants, so that clients which want a glib-based dispatcher
can replace it without having to overturn the class hierarchy.
* Move the scheduling utilities (`idly', `aside') from tripemon into
tripe.py. Make them available from services by providing a main
loop in TripeConnection.
A few more wrinkles.
* `idly' is renamed `defer' because that's what it does now: rather
than waiting until there are no events incoming, it clears the decks
of all deferred operations before looking for more events.
* The interface of `spawn' has changed. You provide a function to
call in a new coroutine rather than a freshly minted coroutine that
needs hacking. All uses of `spawn' fit this pattern, so it's not a
big deal, but it's worth mentioning.
Mark Wooding [Sat, 8 May 2010 18:43:18 +0000 (19:43 +0100)]
py/rmcr.py: More useful diagnostics for uncaught exceptions.
Well, at least if you turn debugging on.
Mark Wooding [Mon, 19 Apr 2010 21:01:00 +0000 (22:01 +0100)]
debian: Lintian fixes.
* Build-Depends on python-central.
* tripe Depends on udev.
* tripe-wireshark needs shlibs:Depends. (This doesn't seem to work,
though.)
Lots more work to go on this, though.
Mark Wooding [Mon, 19 Apr 2010 21:01:00 +0000 (22:01 +0100)]
pkstream/pkstream.1.in: Fix synopsis misformatting.
A trailing tab got clobbered in
e04c2d50fd96f3f31bc96851c55c6efecc10469c
and this messed up the formatting. Restore the tab and put `\c' after
it to make this not go wrong again.
Mark Wooding [Mon, 19 Apr 2010 21:01:00 +0000 (22:01 +0100)]
build: Install some more files to their eventual locations.
Install the base peers.in file as ${configdir}/peers.d/10base as a
convenience to users. It's correct to clobber the user's old file,
since there's a fierce warning at the top of the file. (Make the
warning more fierce.)
Install the startup script configuration file (but not the script
itself), only if there isn't one already. This prevents us from
overwriting a user's customized configuration.
To prevent distcheck from failing, change the default of `initconfig' to
be ${sysconfdir}/tripe.conf; this is probably the right thing anyway.
Mark Wooding [Mon, 19 Apr 2010 21:01:00 +0000 (22:01 +0100)]
init: Add some rudimentary support for SLIP interfaces.
This isn't strictly necessary, but it's probaby good form for those
systems which aren't as fortunate.
Mark Wooding [Mon, 19 Apr 2010 21:00:59 +0000 (22:00 +0100)]
init/tripe-init.in: Make init script more readable.
Restyle to follow newer commenting conventions. Reorganize the
pre-flight check into a single `case' rather than nested ones. Also add
an LSB header to shut up annoying warnings.
Mark Wooding [Mon, 19 Apr 2010 21:00:59 +0000 (22:00 +0100)]
debian: Run the server as `tripe' rather than `root'.
We have the fancy privilege separation machinery now, so we might as
well actually use it. This involves (a) slightly hacking the
/etc/default/tripe file to set the user and group, and (b) actually
creating the necessary user and group accounts in the postinst script.
Mark Wooding [Mon, 19 Apr 2010 21:00:59 +0000 (22:00 +0100)]
README: Rewrite.
The old version was almost completely useless. The new one is much more
informative, though maybe a little on the chatty side.
Mark Wooding [Mon, 19 Apr 2010 21:00:59 +0000 (22:00 +0100)]
init/tripe.conf: Reformat, and make comments more useful (and truthful).
Mark Wooding [Mon, 19 Apr 2010 21:00:59 +0000 (22:00 +0100)]
Make `tripe' be the default key type.
Rather than using the key type to tell us which key-exchange group type
to use, read it out of an attribute on the key. This makes the whole
finding keys thing much simpler to explain (although the code becomes
slightly more complicated). Fall back to the old behaviour of parsing
the group type out of the key type if there's no attribute.
Reorganize the tripe(8) manual page somewhat. Remove the tutorial-ish
part, which is now out of place and not very useful; there's a proper
Texinfo manual coming soon.
Mark Wooding [Mon, 19 Apr 2010 21:00:59 +0000 (22:00 +0100)]
Build: Kill $(mkdir_p); use $(MKDIR_P).
Remove definition from vars.am; use MKDIR_P in Makefiles.
Mark Wooding [Mon, 19 Apr 2010 21:41:50 +0000 (22:41 +0100)]
server/tun-slip.c: Pass correct stdout to child process.
Botched when introducing mdup in
b9537f3be...
Mark Wooding [Fri, 5 Jun 2009 15:13:16 +0000 (16:13 +0100)]
tripemon: Major reworking to use new module and coroutines.
The old version was a bit of a crock, really. This one's slightly
shorter, as well as probably being easier to maintain (which is
surprising, given the brain-wrenching nature of the flow control).
Mark Wooding [Mon, 19 Apr 2010 20:11:05 +0000 (21:11 +0100)]
svc: Peer management services.
* connect arranges to connect to named peers, and respond to incoming
connections.
* watch detects newly added peers, and configures interfaces and makes
outgoing connections accordingly.
Also update the init script so as to start services found in
/etc/tripe/services.
Mark Wooding [Mon, 19 Apr 2010 20:11:04 +0000 (21:11 +0100)]
init: Introduce the peer database.
Our services will require information about the various possible peers.
This is held in a CDB file with an open-ended format, and constructed
from a text database by a Python utility tripe-newpeers.
This stuff doesn't yet have a Debian package to live in. That will
appear in a few patches' time.
Mark Wooding [Mon, 19 Apr 2010 20:11:04 +0000 (21:11 +0100)]
py: New Python module for writing services and suchlike
Also rmcr: coroutines in terms of threads.
Other changes:
* The new module uses Python 2.4 features, so make sure we have that
version.
Mark Wooding [Mon, 19 Apr 2010 20:11:04 +0000 (21:11 +0100)]
doc/tripe-service.5: New manpage describing service providers.
General command-line and documentation conventions, that sort of thing.
Mark Wooding [Sun, 20 Dec 2009 23:15:13 +0000 (23:15 +0000)]
server/tripe-admin.5.in: Change `recognise' to `recognize' etc.
Oxford spellings, you know.
Mark Wooding [Sun, 20 Dec 2009 23:13:44 +0000 (23:13 +0000)]
server/tripe-admin.5.in: Document `unknown-jobid' error code.
Not quite sure how come this was omitted in the first place.
Mark Wooding [Sun, 20 Dec 2009 23:11:35 +0000 (23:11 +0000)]
server/tripe-admin.5.in: Some typo fixes.
Mark Wooding [Sun, 4 Jan 2009 17:48:43 +0000 (17:48 +0000)]
Use new mdup(3mLib) function.
It makes descriptor juggling much more reliable. Increase version
requirement on mLib to 2.1.0.
Mark Wooding [Sat, 3 Jan 2009 20:35:29 +0000 (20:35 +0000)]
pathmtu: Reset the timeout on each packet.
Linux actually has the correct behaviour and updates the timeout
argument to reflect the time remaining. Unfortunately we don't actually
want to do that. So reset it each time.