Hi,
There are several issues with tinc that need to be fixed:
- IndirectData: currect protocol "masquerades" hosts which have
IndirectData
set. This is bad, because you can't do loop detection anymore, and it
requires a lot of dirty code to do the masquerading properly.
- Loop detection: request handlers must be revised to break the right
connections upon detecting a loop.
- Reconnection timeout: must be randomised to avoid global synchronisation
effects (especially when there are potential loops).
- Reconnection algorithm: must continue to try all ConnectTo lines until they
are all connected.
- Subnets: identical subnets must be allowed to prevent corruption of the main
subnet tree.
- Connection timeout detection: should be revisited, because it sometimes takes
a very long time for tinc to detect a dead link.
- Key exchange: also regenerate symmetric cypher keys for the TCP connections
(currently we only do that for UDP packets).
Comments? Ideas? More bugs?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.warande.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :
http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20010829/18e2ab10/attachment.pgp
