-- cgit v1.2.3 From cf6655a6e29d23132190b6c04c08ab372214b9a4 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 7 Feb 2014 19:07:48 +0000 Subject: * inital commit for RAIL mode - added information about it at manpage - updated output for --help * white space cleanups * updated copyright header --- ChangeLog | 10 ++++-- LICENSE | 4 +-- README | 20 ++++++------ doc/Makefile | 20 ++++++------ doc/uanytun.8 | 45 ++++++++++++++++++-------- doc/uanytun.8.txt | 85 ++++++++++++++++++++++++++++++-------------------- src/Makefile | 4 +-- src/auth_algo.c | 30 +++++++++--------- src/auth_algo.h | 4 +-- src/bsd/tun.c | 32 +++++++++---------- src/cipher.c | 36 ++++++++++----------- src/cipher.h | 4 +-- src/configure | 2 +- src/daemon.h | 5 ++- src/datatypes.h | 4 +-- src/encrypted_packet.c | 6 ++-- src/encrypted_packet.h | 4 +-- src/init_crypt.h | 8 ++--- src/key_derivation.c | 18 +++++------ src/key_derivation.h | 4 +-- src/linux/tun.c | 40 ++++++++++++------------ src/log.c | 10 +++--- src/log.h | 4 +-- src/log_targets.h | 20 ++++++------ src/options.c | 20 ++++++------ src/options.h | 4 +-- src/plain_packet.c | 8 ++--- src/plain_packet.h | 6 ++-- src/seq_window.c | 16 +++++----- src/seq_window.h | 4 +-- src/sig_handler.c | 4 +-- src/sig_handler.h | 4 +-- src/string_list.c | 8 ++--- src/string_list.h | 4 +-- src/sysexec.c | 8 ++--- src/sysexec.h | 4 +-- src/tun.h | 6 ++-- src/tun_helper.h | 6 ++-- src/uanytun.c | 42 ++++++++++++------------- src/udp.c | 23 +++++++------- src/udp.h | 4 +-- 41 files changed, 315 insertions(+), 275 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33d4752..ba6fa1c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +201?.??.?? -- Version 0.?.? + +* added RAIL mode + 2010.02.16 -- Version 0.3.3 * added -v|--version option @@ -18,11 +22,11 @@ * improved script execution * added signal handling without races * all log_targets print time now too - + 2009.05.01 -- Version 0.3 * updated to new protocol specification (extended label and crypto role) - Mind that due this protocol changes this version is incompatible to older + Mind that due this protocol changes this version is incompatible to older version of anytun and uanytun * the auth tag length can now be configured * added extended logging support (syslog, file, stdout and stderr) @@ -40,7 +44,7 @@ * fixed bug which prevents the daemon from using the right cipher key when using a key derivation rate other than 1 - + 2009.01.11 -- Version 0.2 * added crypto support using libgcrypt or openssl diff --git a/LICENSE b/LICENSE index 1406bb5..caee980 100644 --- a/LICENSE +++ b/LICENSE @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2008 Christian Pointner + * + * Copyright (C) 2007-2014 Christian Pointner * * This file is part of uAnytun. * diff --git a/README b/README index b9eee04..10c3b10 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt or the openssl-crypto library. +The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -11,7 +11,7 @@ Linux (this includes Debian with FreeBSD Kernel) using libgcrypt: - + build-essential libgcrypt11-dev @@ -46,7 +46,7 @@ if you want to rebuild the manpage: textproc/libxslt textproc/docbook-xsl sysutils/readlink - misc/getopt + misc/getopt @@ -75,7 +75,7 @@ using ssl crypto library: # ./configure --use-ssl-crypto # make -Notes: +Notes: - try './configure --help' for further information - if using openssl pre 0.9.8 you have to disable passphrase because openssl had no SHA256 implementation prior to this @@ -110,20 +110,20 @@ Usage: init.d script ------------- -The init.d script can be used to start uanytun at boot time. It searches for +The init.d script can be used to start uanytun at boot time. It searches for configuration files which reside at $CONFIG_DIR. For each instance of uanytun which should be started there must be a directory containing at least a file named config. This file must contain all command line parameter which should be used when starting the daemon. One line for each parameter. Empty lines and lines starting with # are ignored. Besides the config file there may be a script -named post-up.sh which will be called when the tun/tap device comes up. +named post-up.sh which will be called when the tun/tap device comes up. This is an example of how the init.d script can be used to start uanytun: # /etc/init.d/uanytun start client1 p2p-a In this case the script will start 2 instances of uanytun using the config files -$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. +$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. If no instance name is specified the script will use the file $CONFIG_DIR/autostart -to determine which instances to start or stop. This file must contain a list -of instance names which should be used when no names are specified at the command +to determine which instances to start or stop. This file must contain a list +of instance names which should be used when no names are specified at the command line. One line for each name. Empty lines and lines starting with # are ignored. diff --git a/doc/Makefile b/doc/Makefile index b5eecb8..f2b6ac9 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -13,9 +13,9 @@ ## message authentication based on the methodes used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. -## ## -## Copyright (C) 2007-2010 Christian Pointner +## +## Copyright (C) 2007-2014 Christian Pointner ## ## This file is part of uAnytun. ## @@ -35,21 +35,21 @@ VERSION=$(shell cat ../version) -.PHONY: clean +.PHONY: clean all: manpage uanytun.8: uanytun.8.txt - a2x -f manpage $< - @ sed -i -e 's/\[FIXME: source\]/uanytun ${VERSION}/' $@ - @ sed -i -e 's/\[FIXME: manual\]/uanytun user manual/' $@ - @ sed -i -e 's/^uanytun$$/\\fBuanytun\\fR/' $@ - @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $@ + a2x -f manpage $< + @ sed -i -e 's/\[FIXME: source\]/uanytun ${VERSION}/' $@ + @ sed -i -e 's/\[FIXME: manual\]/uanytun user manual/' $@ + @ sed -i -e 's/^uanytun$$/\\fBuanytun\\fR/' $@ + @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $@ manpage: uanytun.8 clean: - rm -f uanytun.8.xml + rm -f uanytun.8.xml realclean: clean - rm -f uanytun.8 + rm -f uanytun.8 diff --git a/doc/uanytun.8 b/doc/uanytun.8 index aae36cb..4e60f6b 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -1,13 +1,22 @@ '\" t .\" Title: uanytun .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 12/14/2010 -.\" Manual: uanytun user manual -.\" Source: uanytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 02/07/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "UANYTUN" "8" "12/14/2010" "uanytun trunk" "uanytun user manual" +.TH "UANYTUN" "8" "02/07/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -33,9 +42,9 @@ uanytun \- micro anycast tunneling daemon [ \fB\-L|\-\-log\fR :[,[,[\&.\&.]]] ] [ \fB\-U|\-\-debug\fR ] [ \fB\-i|\-\-interface\fR ] - [ \fB\-p|\-\-port\fR ] + [ \fB\-p|\-\-port\fR [:] ] [ \fB\-r|\-\-remote\-host\fR ] - [ \fB\-o|\-\-remote\-port\fR ] + [ \fB\-o|\-\-remote\-port\fR [:] ] [ \fB\-4|\-\-ipv4\-only\fR ] [ \fB\-6|\-\-ipv6\-only\fR ] [ \fB\-d|\-\-dev\fR ] @@ -139,9 +148,13 @@ to run in debug mode\&. It implicits This IP address is used as the sender address for outgoing packets\&. The default is to not use a special inteface and just bind on all interfaces\&. .RE .PP -\fB\-p, \-\-port \fR\fB\fI\fR\fR +\fB\-p, \-\-port \fR\fB\fI[:]\fR\fR .RS 4 -The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. default: 4444 +The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. The default port is 4444\&. You can also specify a port range which enables +\fBRAIL\fR +mode\&. See section +\fBRAIL\fR +below to find out what this is\&. .RE .PP \fB\-r, \-\-remote\-host \fR\fB\fI\fR\fR @@ -149,9 +162,12 @@ The local UDP port that is used to send and receive the payload data\&. The two This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&. .RE .PP -\fB\-o, \-\-remote\-port \fR\fB\fI\fR\fR +\fB\-o, \-\-remote\-port \fR\fB\fI[:]\fR\fR .RS 4 -The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&. +The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&. When RAIL mode is enabled the port range must be of the same length as the range defined with +\fB\-p, \-\-port\fR\&. See section +\fBRAIL\fR +below for more information about this mode\&. .RE .PP \fB\-4, \-\-ipv4\-only\fR @@ -216,7 +232,7 @@ does not support synchronisation it can\(cqt be used as an anycast endpoint ther .RS 4 seqence window size -Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI\fR\fR @@ -359,6 +375,9 @@ The number of bytes to use for the auth tag\&. This value defaults to 10 bytes u \fInull\fR auth algo is used in which case it defaults to 0\&. .RE +.SH "RAIL" +.sp +\fBRAIL\fR stands for Redundant Array of Inexpensive Links\&. Like RAID spreads the blocks of a disk volume over multiple physical disks, \fBRAIL\fR will spread the UDP packets over multiple physical links\&. More precisly for each packet \fBuAnytun\fR reads, from the TUN/TAP device, it will send out multiple UDP packets\&. All of those to the same host but with different destination ports\&. Using policy\-based routing mechanisms these packets can now be seperated and sent out on several interfaces\&. The server\-side will then pick the first of the packets that arrives and discards all others\&. For this to work the size of the sequence window (\fB\-w\fR) must not be set to 0\&. As soon as the server\-side learns the remote endpoints of all or some of the links it will as well send multiple UDP packets for each payload packet\&. .SH "EXAMPLES" .SS "P2P Setup between two unicast enpoints:" .sp @@ -417,4 +436,4 @@ Christian Pointner Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2008\-2010 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2008\-2014 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index 1ebed47..5a75bcb 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -21,9 +21,9 @@ uanytun [ -L|--log :[,[,[..]]] ] [ -U|--debug ] [ -i|--interface ] - [ -p|--port ] + [ -p|--port [:] ] [ -r|--remote-host ] - [ -o|--remote-port ] + [ -o|--remote-port [:] ] [ -4|--ipv4-only ] [ -6|--ipv6-only ] [ -d|--dev ] @@ -51,9 +51,9 @@ DESCRIPTION (SATP). It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode. The main difference is that anycast enables the setup of tunnels between an arbitrary combination of anycast, unicast -and multicast hosts. Unlike Anytun which is a full featured implementation -uAnytun has no support for multiple connections or synchronisation. It is a -small single threaded implementation intended to act as a client on small +and multicast hosts. Unlike Anytun which is a full featured implementation +uAnytun has no support for multiple connections or synchronisation. It is a +small single threaded implementation intended to act as a client on small platforms. @@ -69,7 +69,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username ''*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname ''*:: @@ -77,30 +77,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot ''*:: - Instruct *uAnytun* to run in a chroot jail. The default is + Instruct *uAnytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid *:: - Instruct *uAnytun* to write it's pid to this file. The default is + Instruct *uAnytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target has its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more than once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,uanytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters - 'stderr';; log to standard error, parameters + 'stderr';; log to standard error, parameters *-U, --debug*:: - This option instructs *uAnytun* to run in debug mode. It implicits *-D* + This option instructs *uAnytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -110,10 +110,12 @@ passed to the daemon: packets. The default is to not use a special inteface and just bind on all interfaces. -*-p, --port ''*:: +*-p, --port '[:]'*:: The local UDP port that is used to send and receive the payload data. The two tunnel endpoints can use different - ports. default: 4444 + ports. The default port is 4444. + You can also specify a port range which enables *RAIL* mode. See section + *RAIL* below to find out what this is. *-r, --remote-host ''*:: This option can be used to specify the remote tunnel @@ -122,11 +124,14 @@ passed to the daemon: an address, it is automatically determined after receiving the first data packet. -*-o, --remote-port ''*:: +*-o, --remote-port '[:]'*:: The UDP port used for payload data by the remote host (specified with -p on the remote host). If you do not specify a port, it is automatically determined after receiving the first data packet. + When RAIL mode is enabled the port range must be of the same length + as the range defined with *-p, --port*. + See section *RAIL* below for more information about this mode. *-4, --ipv4-only*:: Resolv to IPv4 addresses only. The default is to resolv both @@ -155,7 +160,7 @@ passed to the daemon: '';; the prefix length of the network *-x, --post-up-script '