search for: debug_always

...1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 2b32359..7756247 100644 --- a/src/conf.c +++ b/src/conf.c @@ -298,7 +298,7 @@ bool read_config_file(splay_tree_t *config_tree, const char *fname) { fp = fopen(fname, "r"); if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Cannot open config file %s: %s", fname, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Cannot open config file %s: %s", fname, strerror(errno)); return false; } @@ -423,7 +423,7 @@ bool append_config_file(const char *name, const char *key, const char *va...

Thanks for the info, that is very helpful. It does look like that change got back-ported to master, albeit in a different form. I'll take a look at how OpenVPN does its windows device I/O. - todd

...a/src/net_socket.c b/src/net_socket.c index 526d382..97d6c44 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -617,7 +617,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) { if(n) outgoing->aip = outgoing->ai = get_known_addresses(n); if(!outgoing->ai) { - logger(DEBUG_ALWAYS, LOG_ERR, "No address known for %s", outgoing->name); + logger(DEBUG_ALWAYS, LOG_DEBUG, "No address known for %s", outgoing->name); return; } } -- 2.4.4

...aste whitespace damaged) diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 06dafbc..e2d4bfc 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char *request) { if(strictsubnets) { logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s", "ADD_SUBNET", c->name, c->hostname, subnetstr); + /* Disabled forwarding of unauthorized subnets! forward_request(c, request); + */...

...t a/src/protocol_subnet.c b/src/protocol_subnet.c > index 06dafbc..e2d4bfc 100644 > --- a/src/protocol_subnet.c > +++ b/src/protocol_subnet.c > @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char > *request) { > if(strictsubnets) { > logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized > %s from %s (%s): %s", > "ADD_SUBNET", c->name, c->hostname, > subnetstr); > + /* Disabled forwarding of unauthorized subnets! > forward_request(c, request);...

...t a/src/protocol_subnet.c b/src/protocol_subnet.c > index 06dafbc..e2d4bfc 100644 > --- a/src/protocol_subnet.c > +++ b/src/protocol_subnet.c > @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char > *request) { > if(strictsubnets) { > logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized > %s from %s (%s): %s", > "ADD_SUBNET", c->name, c->hostname, > subnetstr); > + /* Disabled forwarding of unauthorized subnets! > forward_request(c, request);...

...MSG_DONTWAIT, NULL); +#else + pkt[0].offset = 0; + int len = recvfrom(ls->udp.fd, DATA(&pkt[0]), MAXSIZE, 0, &addr[0].sa, &addrlen); +#endif + +#ifdef HAVE_RECVMMSG + if(num < 0) +#else + if(len <= 0 || len > MAXSIZE) +#endif + { if(!sockwouldblock(sockerrno)) logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno)); return; } - pkt.len = len; - - sockaddrunmap(&addr); /* Some braindead IPv6 implementations do stupid things. */ - - // Try to figure out who sent this packet. - - node_t *n = lookup_node_udp(&addr); - - if(...

...]), MAXSIZE, 0, &addr[0].sa, &addrlen); > +#endif > + > +#ifdef HAVE_RECVMMSG > + if(num < 0) > +#else > + if(len <= 0 || len > MAXSIZE) > +#endif > + { > if(!sockwouldblock(sockerrno)) > logger(DEBUG_ALWAYS, LOG_ERR, "Receiving packet failed: %s", sockstrerror(sockerrno)); > return; > } > > - pkt.len = len; > - > - sockaddrunmap(&addr); /* Some braindead IPv6 implementations do stupid things. */ > - > - // Try to figure ou...

TL;DR: a proposal for a new tinc feature that allows nodes to filter ADD_SUBNET messages based on the metaconnection on which they are received, so that nodes can't impersonate each other's VPN Subnets. Similar to StrictSubnets in spirit, but way more flexible. BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK In terms of metaconnections (I'm not discussing data tunnels here), one of