From af411283fa6f27ee19547882bf403ff34cb73d5e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 29 Jun 2014 01:09:50 +0000 Subject: added license exception for OpenSSL --- AUTHORS | 1 + ChangeLog | 1 + LICENSE | 19 +++- LICENSE.OpenSSL | 186 ++++++++++++++++++++++++++++++++++++ doc/Makefile | 19 +++- doc/anyrtpproxy.8.txt | 29 +++--- doc/anytun-config.8 | 23 +++-- doc/anytun-config.8.txt | 36 +++---- doc/anytun-controld.8 | 21 ++-- doc/anytun-controld.8.txt | 29 +++--- doc/anytun-showtables.8 | 23 +++-- doc/anytun-showtables.8.txt | 10 +- doc/anytun.8 | 23 +++-- doc/anytun.8.txt | 58 +++++------ src/Makefile | 19 +++- src/anyrtpproxy/Makefile | 17 +++- src/anyrtpproxy/anyrtpproxy.cpp | 17 +++- src/anyrtpproxy/callIdQueue.cpp | 17 +++- src/anyrtpproxy/callIdQueue.h | 17 +++- src/anyrtpproxy/commandHandler.cpp | 17 +++- src/anyrtpproxy/commandHandler.h | 17 +++- src/anyrtpproxy/connectionList.cpp | 17 +++- src/anyrtpproxy/connectionList.h | 17 +++- src/anyrtpproxy/options.cpp | 17 +++- src/anyrtpproxy/options.h | 17 +++- src/anyrtpproxy/portWindow.cpp | 17 +++- src/anyrtpproxy/portWindow.h | 17 +++- src/anyrtpproxy/rtpSession.cpp | 17 +++- src/anyrtpproxy/rtpSession.h | 17 +++- src/anyrtpproxy/rtpSessionTable.cpp | 18 +++- src/anyrtpproxy/rtpSessionTable.h | 17 +++- src/anyrtpproxy/syncRtpCommand.cpp | 18 +++- src/anyrtpproxy/syncRtpCommand.h | 18 +++- src/anytun-config.cpp | 17 +++- src/anytun-controld.cpp | 17 +++- src/anytun-showtables.cpp | 17 +++- src/anytun.cpp | 17 +++- src/anytunError.cpp | 17 +++- src/anytunError.h | 17 +++- src/authAlgo.cpp | 17 +++- src/authAlgo.h | 18 +++- src/authAlgoFactory.cpp | 17 +++- src/authAlgoFactory.h | 17 +++- src/bsd/tunDevice.cpp | 17 +++- src/buffer.cpp | 17 +++- src/buffer.h | 17 +++- src/cipher.cpp | 17 +++- src/cipher.h | 18 +++- src/cipherFactory.cpp | 17 +++- src/cipherFactory.h | 18 +++- src/configure | 17 +++- src/connectionList.cpp | 17 +++- src/connectionList.h | 17 +++- src/connectionParam.cpp | 17 +++- src/connectionParam.h | 18 +++- src/cryptinit.hpp | 17 +++- src/datatypes.h | 17 +++- src/deviceConfig.hpp | 17 +++- src/encryptedPacket.cpp | 17 +++- src/encryptedPacket.h | 17 +++- src/endian.h | 17 +++- src/keyDerivation.cpp | 17 +++- src/keyDerivation.h | 17 +++- src/keyDerivationFactory.cpp | 17 +++- src/keyDerivationFactory.h | 17 +++- src/linux/tunDevice.cpp | 17 +++- src/log.cpp | 17 +++- src/log.h | 17 +++- src/logTargets.cpp | 17 +++- src/logTargets.h | 17 +++- src/networkAddress.cpp | 17 +++- src/networkAddress.h | 17 +++- src/networkPrefix.cpp | 17 +++- src/networkPrefix.h | 17 +++- src/nullDaemon.cpp | 17 +++- src/nullDaemon.h | 17 +++- src/options.cpp | 17 +++- src/options.h | 17 +++- src/packetSource.cpp | 17 +++- src/packetSource.h | 17 +++- src/plainPacket.cpp | 17 +++- src/plainPacket.h | 17 +++- src/posix/posixDaemon.cpp | 17 +++- src/posix/posixDaemon.h | 17 +++- src/posix/signalHandler.hpp | 17 +++- src/posix/sysExec.hpp | 18 +++- src/resolver.cpp | 17 +++- src/resolver.h | 17 +++- src/routingTable.cpp | 18 +++- src/routingTable.h | 17 +++- src/routingTree.hpp | 17 +++- src/routingTreeNode.cpp | 17 +++- src/routingTreeNode.h | 17 +++- src/seqWindow.cpp | 17 +++- src/seqWindow.h | 17 +++- src/signalController.cpp | 17 +++- src/signalController.h | 17 +++- src/syncBuffer.cpp | 17 +++- src/syncBuffer.h | 17 +++- src/syncClient.cpp | 18 +++- src/syncClient.h | 18 +++- src/syncCommand.cpp | 18 +++- src/syncCommand.h | 18 +++- src/syncConnectionCommand.cpp | 18 +++- src/syncConnectionCommand.h | 17 +++- src/syncOnConnect.hpp | 17 +++- src/syncQueue.cpp | 17 +++- src/syncQueue.h | 17 +++- src/syncRouteCommand.cpp | 18 +++- src/syncRouteCommand.h | 18 +++- src/syncServer.cpp | 17 +++- src/syncServer.h | 17 +++- src/syncTcpConnection.cpp | 17 +++- src/syncTcpConnection.h | 18 +++- src/sysExec.cpp | 17 +++- src/sysExec.h | 17 +++- src/threadUtils.hpp | 18 +++- src/tunDevice.h | 17 +++- src/win32/registryKey.cpp | 17 +++- src/win32/registryKey.h | 18 +++- src/win32/signalHandler.hpp | 17 +++- src/win32/signalServiceHandler.hpp | 17 +++- src/win32/sysExec.hpp | 18 +++- src/win32/tunDevice.cpp | 17 +++- src/win32/winService.cpp | 17 +++- src/win32/winService.h | 17 +++- 126 files changed, 2065 insertions(+), 339 deletions(-) create mode 100644 LICENSE.OpenSSL diff --git a/AUTHORS b/AUTHORS index 6d7339f..7a38e49 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,3 +1,4 @@ +Markus Grüneis Othmar Gsenger Erwin Nindl Christian Pointner diff --git a/ChangeLog b/ChangeLog index 106374d..4a89c6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2014.??.?? -- Version 0.3.5 +* added an exception to the license which allows linking with OpenSSL * added support for clang * added libnettle as additional crypto library option diff --git a/LICENSE b/LICENSE index f7b3f5b..1ec6984 100644 --- a/LICENSE +++ b/LICENSE @@ -11,7 +11,7 @@ * tunneling and relaying of packets of any protocol. * * - * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, + * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. @@ -27,8 +27,23 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with anytun. If not, see . + * along with Anytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ + + GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 diff --git a/LICENSE.OpenSSL b/LICENSE.OpenSSL new file mode 100644 index 0000000..4b57596 --- /dev/null +++ b/LICENSE.OpenSSL @@ -0,0 +1,186 @@ +/* + * uAnytun + * + * uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation uAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methods used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2014 Christian Pointner + * + * This file is part of uAnytun. + * + * uAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * uAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + * + */ + +Certain source files in this program permit linking with the OpenSSL +library (http://www.openssl.org), which otherwise wouldn't be allowed +under the GPL. For purposes of identifying OpenSSL, most source files +giving this permission limit it to versions of OpenSSL having a license +identical to that listed in this file (LICENSE.OpenSSL). It is not +necessary for the copyright years to match between this file and the +OpenSSL version in question. However, note that because this file is +an extension of the license statements of these source files, this file +may not be changed except with permission from all copyright holders +of source files in this program which reference this file. + + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ diff --git a/doc/Makefile b/doc/Makefile index e94cbac..4d5f9a2 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -11,7 +11,7 @@ ## tunneling and relaying of packets of any protocol. ## ## -## Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, +## Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl, ## Christian Pointner ## ## This file is part of Anytun. @@ -27,13 +27,26 @@ ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License -## along with anytun. If not, see . +## along with Anytun. If not, see . +## +## In addition, as a special exception, the copyright holders give +## permission to link the code of portions of this program with the +## OpenSSL library under certain conditions as described in each +## individual source file, and distribute linked combinations +## including the two. +## You must obey the GNU General Public License in all respects +## for all of the code used other than OpenSSL. If you modify +## file(s) with this exception, you may extend this exception to your +## version of the file(s), but you are not obligated to do so. If you +## do not wish to do so, delete this exception statement from your +## version. If you delete this exception statement from all source +## files in the program, then also delete it here. ## VERSION=$(shell cat ../version) MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8 -XML := $(MANPAGES:%.8=%.8.xml) +XML := $(MANPAGES:%.8=%.8.xml) .PHONY: clean realclean diff --git a/doc/anyrtpproxy.8.txt b/doc/anyrtpproxy.8.txt index a92d2e6..4f29906 100644 --- a/doc/anyrtpproxy.8.txt +++ b/doc/anyrtpproxy.8.txt @@ -31,7 +31,7 @@ DESCRIPTION *anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses the same control protocol than rtpproxy though it can be controled through the nathelper -plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun* +plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun* to sync the session information among all anycast instances. @@ -61,16 +61,16 @@ OPTIONS The local address and port to listen on for control messages from openser *-p, --port-range *:: - A pool of ports which should be used by *anyrtpproxy* to relay RTP packets. + A pool of ports which should be used by *anyrtpproxy* to relay RTP packets. The range may not overlap between the anycast instances *-n, --nat*:: Allow to learn the remote address and port in order to handle clients behind nat. - This option should only be enabled if the source is authenticated (i.e. through - *anytun*) + This option should only be enabled if the source is authenticated (i.e. through + *anytun*) *-o, --no-nat-once*:: - Disable learning of remote address and port in case the first packet does not + Disable learning of remote address and port in case the first packet does not come from the client which is specified by openser during configuration. Invoking this parameter increases the security level of the system but in case of nat needs a working nat transversal such as stun. @@ -79,13 +79,13 @@ OPTIONS local unicast(sync) port to bind to + This port is used by anycast hosts to synchronize information about tunnel endpoints. No payload data is transmitted via this port. + - It is possible to obtain a list of active connections by telnetting into - this port. This port is read-only and unprotected by default. It is advised + It is possible to obtain a list of active connections by telnetting into + this port. This port is read-only and unprotected by default. It is advised to protect this port using firewall rules and, eventually, IPsec. *-M, --sync-hosts :,[:[...]]*:: remote hosts to sync with + - Here, one has to specify all unicast IP addresses of all + Here, one has to specify all unicast IP addresses of all other anycast hosts that comprise the anycast tunnel endpoint. EXAMPLES @@ -94,7 +94,7 @@ EXAMPLES Anycast Setup with 3 instances: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -On the host with unicast hostname unicast1.anycast.anytun.org and anycast +On the host with unicast hostname unicast1.anycast.anytun.org and anycast hostname anycast.anytun.org: -------------------------------------------------------------------------------------- # anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \ @@ -142,9 +142,8 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian -Pointner. This program is free software: you can redistribute it -and/or modify it under the terms of the GNU General Public License -as published by the Free Software Foundation, either version 3 of -the License, or any later version. - +Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl +and Christian Pointner. This program is free software: you can +redistribute it and/or modify it under the terms of the GNU General +Public License as published by the Free Software Foundation, either +version 3 of the License, or any later version. diff --git a/doc/anytun-config.8 b/doc/anytun-config.8 index 5facb41..aec19e8 100644 --- a/doc/anytun-config.8 +++ b/doc/anytun-config.8 @@ -1,13 +1,22 @@ '\" t .\" Title: anytun-config .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/11/2010 -.\" Manual: anytun-config user manual -.\" Source: anytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 06/29/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN\-CONFIG" "8" "02/11/2010" "anytun trunk" "anytun-config user manual" +.TH "ANYTUN\-CONFIG" "8" "06/29/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -121,7 +130,7 @@ the multiplex id to use\&. default: 0 .RS 4 seqence window size -Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI\fR\fR @@ -228,4 +237,4 @@ Othmar Gsenger Erwin Nindl Christian Poi Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2007\-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/anytun-config.8.txt b/doc/anytun-config.8.txt index 1aebf9a..1b27208 100644 --- a/doc/anytun-config.8.txt +++ b/doc/anytun-config.8.txt @@ -38,21 +38,21 @@ OPTIONS *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target hast its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more the once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,anytun-config,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters - 'stderr';; log to standard error, parameters + 'stderr';; log to standard error, parameters *-U, --debug*:: - This option instructs *Anytun* to run in debug mode. It implicits *-D* + This option instructs *Anytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -100,7 +100,7 @@ OPTIONS *-k, --kd--prf ''*:: key derivation pseudo random function + - The pseudo random function which is used for calculating the + The pseudo random function which is used for calculating the session keys and session salt. + Possible values: @@ -113,16 +113,16 @@ OPTIONS *-e, --role ''*:: SATP uses different session keys for inbound and outbound traffic. The role parameter is used to determine which keys to use for outbound or - inbound packets. On both sides of a vpn connection different roles have - to be used. Possible values are *left* and *right*. You may also use - *alice* or *server* as a replacement for *left* and *bob* or *client* as + inbound packets. On both sides of a vpn connection different roles have + to be used. Possible values are *left* and *right*. You may also use + *alice* or *server* as a replacement for *left* and *bob* or *client* as a replacement for *right*. By default *left* is used. *-E, --passphrase ''*:: This passphrase is used to generate the master key and master salt. - For the master key the last n bits of the SHA256 digest of the - passphrase (where n is the length of the master key in bits) is used. - The master salt gets generated with the SHA1 digest. + For the master key the last n bits of the SHA256 digest of the + passphrase (where n is the length of the master key in bits) is used. + The master salt gets generated with the SHA1 digest. You may force a specific key and or salt by using *--key* and *--salt*. *-K, --key ''*:: @@ -143,10 +143,10 @@ EXAMPLES Add a client with Connection ID (Mux) 12 and add 2 Routes to this client ------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------------ # anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \ -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable ------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------------ BUGS ---- @@ -174,8 +174,8 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian -Pointner. This program is free software: you can redistribute it -and/or modify it under the terms of the GNU General Public License -as published by the Free Software Foundation, either version 3 of -the License, or any later version. +Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl +and Christian Pointner. This program is free software: you can +redistribute it and/or modify it under the terms of the GNU General +Public License as published by the Free Software Foundation, either +version 3 of the License, or any later version. diff --git a/doc/anytun-controld.8 b/doc/anytun-controld.8 index cfcdf41..59388a0 100644 --- a/doc/anytun-controld.8 +++ b/doc/anytun-controld.8 @@ -1,13 +1,22 @@ '\" t .\" Title: anytun-controld .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/11/2010 -.\" Manual: anytun-controld user manual -.\" Source: anytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 06/29/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN\-CONTROLD" "8" "02/11/2010" "anytun trunk" "anytun-controld user manual" +.TH "ANYTUN\-CONTROLD" "8" "06/29/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -136,4 +145,4 @@ Othmar Gsenger Erwin Nindl Christian Poi Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2007\-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/anytun-controld.8.txt b/doc/anytun-controld.8.txt index 6c7a3d8..96ac3e3 100644 --- a/doc/anytun-controld.8.txt +++ b/doc/anytun-controld.8.txt @@ -36,7 +36,7 @@ OPTIONS instead of becoming a daemon which is the default. *-u, --username ''*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname ''*:: @@ -44,30 +44,30 @@ OPTIONS The default is to not drop privileges. *-C, --chroot ''*:: - Instruct *anytun-controld* to run in a chroot jail. The default is + Instruct *anytun-controld* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid ''*:: - Instruct *anytun-controld* to write it's pid to this file. The default is + Instruct *anytun-controld* to write it's pid to this file. The default is to not create a pid file. *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target hast its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more the once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,anytun-controld,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters - 'stderr';; log to standard error, parameters + 'stderr';; log to standard error, parameters *-U, --debug*:: - This option instructs *Anytun* to run in debug mode. It implicits *-D* + This option instructs *Anytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -77,10 +77,10 @@ OPTIONS *-X, --control-host '[:]'*:: fetch the config from this host. The default is not to use a control - host and therefore this is empty. Mind that the port can be omitted + host and therefore this is empty. Mind that the port can be omitted in which case port 2323 is used. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address - from the port, eg.: [::1]:1234. If you want to use the default port + from the port, eg.: [::1]:1234. If you want to use the default port [ and ] can be omitted. @@ -110,9 +110,8 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian -Pointner. This program is free software: you can redistribute it -and/or modify it under the terms of the GNU General Public License -as published by the Free Software Foundation, either version 3 of -the License, or any later version. - +Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl +and Christian Pointner. This program is free software: you can +redistribute it and/or modify it under the terms of the GNU General +Public License as published by the Free Software Foundation, either +version 3 of the License, or any later version. diff --git a/doc/anytun-showtables.8 b/doc/anytun-showtables.8 index 4d91bc0..334b4dd 100644 --- a/doc/anytun-showtables.8 +++ b/doc/anytun-showtables.8 @@ -1,13 +1,22 @@ '\" t .\" Title: anytun-showtables .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/11/2010 -.\" Manual: anytun-showtables user manual -.\" Source: anytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 06/29/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN\-SHOWTABLES" "8" "02/11/2010" "anytun trunk" "anytun-showtables user manual" +.TH "ANYTUN\-SHOWTABLES" "8" "06/29/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -39,7 +48,7 @@ Print routing table stored in local file .RS 4 .\} .nf -# perl \-ne \'chomp; print\' < routingtable | \&./anytun\-showtables +# perl \-ne \*(Aqchomp; print\*(Aq < routingtable | \&./anytun\-showtables .fi .if n \{\ .RE @@ -70,4 +79,4 @@ Othmar Gsenger Erwin Nindl Christian Poi Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2007\-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/anytun-showtables.8.txt b/doc/anytun-showtables.8.txt index 13070a4..ea74998 100644 --- a/doc/anytun-showtables.8.txt +++ b/doc/anytun-showtables.8.txt @@ -65,8 +65,8 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian -Pointner. This program is free software: you can redistribute it -and/or modify it under the terms of the GNU General Public License -as published by the Free Software Foundation, either version 3 of -the License, or any later version. +Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl +and Christian Pointner. This program is free software: you can +redistribute it and/or modify it under the terms of the GNU General +Public License as published by the Free Software Foundation, either +version 3 of the License, or any later version. diff --git a/doc/anytun.8 b/doc/anytun.8 index 3b6aa79..e2d5061 100644 --- a/doc/anytun.8 +++ b/doc/anytun.8 @@ -1,13 +1,22 @@ '\" t .\" Title: anytun .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/11/2010 -.\" Manual: anytun user manual -.\" Source: anytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 06/29/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN" "8" "02/11/2010" "anytun trunk" "anytun user manual" +.TH "ANYTUN" "8" "06/29/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -253,7 +262,7 @@ Each anycast tunnel endpoint needs a uniqe sender id (1, 2, 3, \&...)\&. It is n .RS 4 seqence window size -Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI\fR\fR @@ -496,4 +505,4 @@ Othmar Gsenger Erwin Nindl Christian Poi Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2007\-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/anytun.8.txt b/doc/anytun.8.txt index 00d3e91..7896dcd 100644 --- a/doc/anytun.8.txt +++ b/doc/anytun.8.txt @@ -68,7 +68,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username ''*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname ''*:: @@ -76,30 +76,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot ''*:: - Instruct *Anytun* to run in a chroot jail. The default is + Instruct *Anytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid ''*:: - Instruct *Anytun* to write it's pid to this file. The default is + Instruct *Anytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target hast its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more the once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,anytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters - 'stderr';; log to standard error, parameters + 'stderr';; log to standard error, parameters *-U, --debug*:: - This option instructs *Anytun* to run in debug mode. It implicits *-D* + This option instructs *Anytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -144,7 +144,7 @@ passed to the daemon: This option is only needed for tunnel endpoints consisting of multiple anycast hosts. The unicast IP address of the anycast host can be used here. This is needed for - communication with the other anycast hosts. The default is to + communication with the other anycast hosts. The default is to not use a special inteface and just bind on all interfaces. However this is only the case if synchronisation is active see *--sync-port*. @@ -170,15 +170,15 @@ passed to the daemon: disabled and therefore this is empty. Mind that the port can be omitted in which case port 2323 is used. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address - from the port, eg.: [::1]:1234. If you want to use the default port + from the port, eg.: [::1]:1234. If you want to use the default port [ and ] can be omitted. *-X, --control-host '[:]'*:: fetch the config from this host. The default is not to use a control - host and therefore this is empty. Mind that the port can be omitted + host and therefore this is empty. Mind that the port can be omitted in which case port 2323 is used. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address - from the port, eg.: [::1]:1234. If you want to use the default port + from the port, eg.: [::1]:1234. If you want to use the default port [ and ] can be omitted. *-d, --dev ''*:: @@ -200,7 +200,7 @@ passed to the daemon: '';; the prefix length of the network *-x, --post-up-script '