diff options
| author | Christian Pointner <equinox@anytun.org> | 2014-06-08 18:41:58 +0000 |
|---|---|---|
| committer | Christian Pointner <equinox@anytun.org> | 2014-06-08 18:41:58 +0000 |
| commit | 1604cea7467a76866dcf4efc067d910712a869a0 (patch) | |
| tree | 1aabbd79088761c025a0e45a7acfee96caff2e13 | |
| parent | fixed errnous copy of remote end (diff) | |
merged most changes from rail branch to trunk
41 files changed, 412 insertions, 347 deletions
@@ -1,3 +1,8 @@ +2014.06.08 -- Version 0.3.5 + +* fixed build issues for clang +* refactored the multi socket support + 2010.02.16 -- Version 0.3.3 * added -v|--version option @@ -18,11 +23,11 @@ * improved script execution * added signal handling without races * all log_targets print time now too - + 2009.05.01 -- Version 0.3 * updated to new protocol specification (extended label and crypto role) - Mind that due this protocol changes this version is incompatible to older + Mind that due this protocol changes this version is incompatible to older version of anytun and uanytun * the auth tag length can now be configured * added extended logging support (syslog, file, stdout and stderr) @@ -40,7 +45,7 @@ * fixed bug which prevents the daemon from using the right cipher key when using a key derivation rate other than 1 - + 2009.01.11 -- Version 0.2 * added crypto support using libgcrypt or openssl @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt or the openssl-crypto library. +The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -11,7 +11,7 @@ Linux (this includes Debian with FreeBSD Kernel) using libgcrypt: - + build-essential libgcrypt11-dev @@ -46,7 +46,7 @@ if you want to rebuild the manpage: textproc/libxslt textproc/docbook-xsl sysutils/readlink - misc/getopt + misc/getopt @@ -75,7 +75,7 @@ using ssl crypto library: # ./configure --use-ssl-crypto # make -Notes: +Notes: - try './configure --help' for further information - if using openssl pre 0.9.8 you have to disable passphrase because openssl had no SHA256 implementation prior to this @@ -110,20 +110,20 @@ Usage: init.d script ------------- -The init.d script can be used to start uanytun at boot time. It searches for +The init.d script can be used to start uanytun at boot time. It searches for configuration files which reside at $CONFIG_DIR. For each instance of uanytun which should be started there must be a directory containing at least a file named config. This file must contain all command line parameter which should be used when starting the daemon. One line for each parameter. Empty lines and lines starting with # are ignored. Besides the config file there may be a script -named post-up.sh which will be called when the tun/tap device comes up. +named post-up.sh which will be called when the tun/tap device comes up. This is an example of how the init.d script can be used to start uanytun: # /etc/init.d/uanytun start client1 p2p-a In this case the script will start 2 instances of uanytun using the config files -$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. +$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. If no instance name is specified the script will use the file $CONFIG_DIR/autostart -to determine which instances to start or stop. This file must contain a list -of instance names which should be used when no names are specified at the command +to determine which instances to start or stop. This file must contain a list +of instance names which should be used when no names are specified at the command line. One line for each name. Empty lines and lines starting with # are ignored. diff --git a/doc/Makefile b/doc/Makefile index b5eecb8..3a1a672 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -13,9 +13,9 @@ ## message authentication based on the methodes used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. -## ## -## Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> +## +## Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> ## ## This file is part of uAnytun. ## @@ -35,7 +35,7 @@ VERSION=$(shell cat ../version) -.PHONY: clean +.PHONY: clean all: manpage diff --git a/doc/uanytun.8 b/doc/uanytun.8 index aae36cb..977f3e9 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -1,13 +1,22 @@ '\" t .\" Title: uanytun .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/> -.\" Date: 12/14/2010 -.\" Manual: uanytun user manual -.\" Source: uanytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 06/08/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "UANYTUN" "8" "12/14/2010" "uanytun trunk" "uanytun user manual" +.TH "UANYTUN" "8" "06/08/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -216,7 +225,7 @@ does not support synchronisation it can\(cqt be used as an anycast endpoint ther .RS 4 seqence window size -Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR @@ -370,7 +379,7 @@ auth algo is used in which case it defaults to 0\&. \fBHost A:\fR .RS 4 .sp -uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e left +uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E have_a_very_safe_and_productive_day \-e left .RE .sp .it 1 an-trap @@ -381,7 +390,7 @@ uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ct \fBHost B:\fR .RS 4 .sp -uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e right +uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E have_a_very_safe_and_productive_day \-e right .RE .SS "One unicast and one anycast tunnel endpoint:" .sp @@ -417,4 +426,4 @@ Christian Pointner <equinox@anytun\&.org> Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2008\-2010 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2008\-2014 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index 1ebed47..ed978d4 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -51,9 +51,9 @@ DESCRIPTION (SATP). It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode. The main difference is that anycast enables the setup of tunnels between an arbitrary combination of anycast, unicast -and multicast hosts. Unlike Anytun which is a full featured implementation -uAnytun has no support for multiple connections or synchronisation. It is a -small single threaded implementation intended to act as a client on small +and multicast hosts. Unlike Anytun which is a full featured implementation +uAnytun has no support for multiple connections or synchronisation. It is a +small single threaded implementation intended to act as a client on small platforms. @@ -69,7 +69,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username '<username>'*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname '<groupname>'*:: @@ -77,30 +77,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot '<path>'*:: - Instruct *uAnytun* to run in a chroot jail. The default is + Instruct *uAnytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid <filename>*:: - Instruct *uAnytun* to write it's pid to this file. The default is + Instruct *uAnytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target has its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more than once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,uanytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]] 'file';; log to file, parameters <level>[,<path>] 'stdout';; log to standard output, parameters <level> - 'stderr';; log to standard error, parameters <level> + 'stderr';; log to standard error, parameters <level> *-U, --debug*:: - This option instructs *uAnytun* to run in debug mode. It implicits *-D* + This option instructs *uAnytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -155,7 +155,7 @@ passed to the daemon: '<prefix>';; the prefix length of the network *-x, --post-up-script '<script>'*:: - This option instructs *uAnytun* to run this script after the interface + This option instructs *uAnytun* to run this script after the interface is created. By default no script will be executed. *-m, --mux '<mux-id>'*:: @@ -164,9 +164,9 @@ passed to the daemon: *-s, --sender-id '<sender id>'*:: Each anycast tunnel endpoint needs a unique sender id (1, 2, 3, ...). It is needed to distinguish the senders - in case of replay attacks. As *uAnytun* does not support - synchronisation it can't be used as an anycast endpoint therefore - this option is quite useless but implemented for compatibility + in case of replay attacks. As *uAnytun* does not support + synchronisation it can't be used as an anycast endpoint therefore + this option is quite useless but implemented for compatibility reasons. default: 0 *-w, --window-size '<window size>'*:: @@ -185,7 +185,7 @@ passed to the daemon: *-k, --kd--prf '<kd-prf type>'*:: key derivation pseudo random function + - The pseudo random function which is used for calculating the + The pseudo random function which is used for calculating the session keys and session salt. + Possible values: @@ -198,16 +198,16 @@ passed to the daemon: *-e, --role '<role>'*:: SATP uses different session keys for inbound and outbound traffic. The role parameter is used to determine which keys to use for outbound or - inbound packets. On both sides of a vpn connection different roles have - to be used. Possible values are 'left' and 'right'. You may also use - 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as + inbound packets. On both sides of a vpn connection different roles have + to be used. Possible values are 'left' and 'right'. You may also use + 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as a replacement for 'right'. By default 'left' is used. *-E, --passphrase '<pass phrase>'*:: This passphrase is used to generate the master key and master salt. - For the master key the last n bits of the SHA256 digest of the - passphrase (where n is the length of the master key in bits) is used. - The master salt gets generated with the SHA1 digest. + For the master key the last n bits of the SHA256 digest of the + passphrase (where n is the length of the master key in bits) is used. + The master salt gets generated with the SHA1 digest. You may force a specific key and or salt by using *--key* and *--salt*. *-K, --key '<master key>'*:: @@ -236,7 +236,7 @@ passed to the daemon: *-a, --auth-algo '<algo type>'*:: message authentication algorithm + This option sets the message authentication algorithm. + - If HMAC-SHA1 is used, the packet length is increased. The additional bytes + If HMAC-SHA1 is used, the packet length is increased. The additional bytes contain the authentication data. see *--auth-tag-length* for more info. + Possible values: @@ -244,8 +244,8 @@ passed to the daemon: 'sha1';; HMAC-SHA1, default value *-b, --auth-tag-length '<length>'*:: - The number of bytes to use for the auth tag. This value defaults to 10 bytes - unless the 'null' auth algo is used in which case it defaults to 0. + The number of bytes to use for the auth tag. This value defaults to 10 bytes + unless the 'null' auth algo is used in which case it defaults to 0. EXAMPLES @@ -257,17 +257,18 @@ P2P Setup between two unicast enpoints: Host A: ^^^^^^^ -uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \ +uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 -E have_a_very_safe_and_productive_day -e left Host B: ^^^^^^^ -uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \ +uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 -E have_a_very_safe_and_productive_day -e right + One unicast and one anycast tunnel endpoint: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - + Unicast tunnel endpoint: ^^^^^^^^^^^^^^^^^^^^^^^^ @@ -281,6 +282,7 @@ have to use *Anytun* for that job. BUGS ---- + Most likely there are some bugs in *uAnytun*. If you find a bug, please let the developers know at uanytun@anytun.org. Of course, patches are preferred. @@ -300,7 +302,7 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2008-2010 Christian Pointner. This program is free -software: you can redistribute it and/or modify it under the terms -of the GNU General Public License as published by the Free Software +Copyright \(C) 2008-2014 Christian Pointner. This program is free +software: you can redistribute it and/or modify it under the terms +of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. diff --git a/src/Makefile b/src/Makefile index 5ed36d9..6653b60 100644 --- a/src/Makefile +++ b/src/Makefile @@ -13,9 +13,9 @@ ## message authentication based on the methodes used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. -## ## -## Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> +## +## Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> ## ## This file is part of uAnytun. ## diff --git a/src/auth_algo.c b/src/auth_algo.c index b148946..db87e7a 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -50,7 +50,7 @@ auth_algo_type_t auth_algo_get_type(const char* type) return aa_null; else if(!strcmp(type, "sha1")) return aa_sha1; - + return aa_unknown; } @@ -65,7 +65,7 @@ u_int32_t auth_algo_get_max_length(const char* type) int auth_algo_init(auth_algo_t* aa, const char* type) { - if(!aa) + if(!aa) return -1; aa->type_ = auth_algo_get_type(type); @@ -103,7 +103,7 @@ void auth_algo_close(auth_algo_t* aa) void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { - if(!aa) + if(!aa) return; if(aa->type_ == aa_null) @@ -118,7 +118,7 @@ void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { - if(!aa) + if(!aa) return 0; if(aa->type_ == aa_null) @@ -159,7 +159,7 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; - } + } #else HMAC_CTX_init(¶ms->ctx_); HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); @@ -181,7 +181,7 @@ void auth_algo_sha1_close(auth_algo_t* aa) gcry_md_close(params->handle_); #else HMAC_CTX_cleanup(¶ms->ctx_); -#endif +#endif free(aa->params_); } @@ -212,8 +212,8 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); return; - } - + } + gcry_md_reset(params->handle_); gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); @@ -260,7 +260,7 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); return -1; - } + } gcry_md_reset(params->handle_); gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); @@ -280,11 +280,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(length > SHA1_LENGTH) { u_int32_t i; for(i=0; i < (encrypted_packet_get_auth_tag_length(packet) - SHA1_LENGTH); ++i) - if(tag[i]) return 0; + if(tag[i]) return 0; } - + int result = memcmp(&tag[encrypted_packet_get_auth_tag_length(packet) - length], &hmac[SHA1_LENGTH - length], length); - + if(result) return 0; diff --git a/src/auth_algo.h b/src/auth_algo.h index 1007955..d911ca8 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/bsd/tun.c b/src/bsd/tun.c index a995c35..734c3d8 100644 --- a/src/bsd/tun.c +++ b/src/bsd/tun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -58,9 +58,9 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix) { - if(!dev) + if(!dev) return -1; - + tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400); dev->actual_name_ = NULL; @@ -109,7 +109,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons tun_close(dev); return -2; } - + dev->fd_ = open(device_file_tmp, O_RDWR); free(device_file_tmp); if(dev->fd_ >= 0) @@ -125,7 +125,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons log_printf(ERROR, "can't open device file dynamically: no unused node left"); else log_printf(ERROR, "can't open device file (%s): %s", device_file, strerror(errno)); - + tun_close(dev); return -1; } @@ -164,18 +164,18 @@ int tun_init_post(tun_device_t* dev) dev->with_pi_ = 1; if(dev->type_ == TYPE_TAP) dev->with_pi_ = 0; - - struct tuninfo ti; + + struct tuninfo ti; if(ioctl(dev->fd_, TUNGIFINFO, &ti) < 0) { log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno)); return -1; - } + } ti.flags |= IFF_MULTICAST; if(dev->type_ == TYPE_TUN) ti.flags &= ~IFF_POINTOPOINT; - + if(ioctl(dev->fd_, TUNSIFINFO, &ti) < 0) { log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno)); return -1; @@ -199,20 +199,20 @@ int tun_init_post(tun_device_t* dev) if(ioctl(dev->fd_, TUNSLMODE, &arg) < 0) { log_printf(ERROR, "can't disable link-layer mode for interface: %s", strerror(errno)); return -1; - } + } arg = 1; if(ioctl(dev->fd_, TUNSIFHEAD, &arg) < 0) { log_printf(ERROR, "can't enable multi-af mode for interface: %s", strerror(errno)); return -1; - } + } arg = IFF_BROADCAST; arg |= IFF_MULTICAST; if(ioctl(dev->fd_, TUNSIFMODE, &arg) < 0) { log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno)); return -1; - } + } } return 0; @@ -268,7 +268,7 @@ int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len) { struct iovec iov[2]; u_int32_t type; - + iov[0].iov_base = &type; iov[0].iov_len = sizeof(type); iov[1].iov_base = buf; @@ -292,13 +292,13 @@ int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len) struct iovec iov[2]; u_int32_t type; struct ip *hdr = (struct ip*)buf; - + type = 0; if(hdr->ip_v == 4) type = htonl(AF_INET); else type = htonl(AF_INET6); - + iov[0].iov_base = &type; iov[0].iov_len = sizeof(type); iov[1].iov_base = buf; diff --git a/src/cipher.c b/src/cipher.c index 427ce9a..d6eae57 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -47,7 +47,7 @@ int cipher_init(cipher_t* c, const char* type) { - if(!c) + if(!c) return -1; c->key_length_ = 0; @@ -61,7 +61,7 @@ int cipher_init(cipher_t* c, const char* type) if(type[7] == 0) { c->key_length_ = C_AESCTR_DEFAULT_KEY_LENGTH; } - else if(type[7] != '-') + else if(type[7] != '-') return -1; else { const char* tmp = &type[8]; @@ -113,12 +113,12 @@ void cipher_close(cipher_t* c) int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - if(!c) + if(!c) return -1; - int32_t len; + int32_t len; if(c->type_ == c_null) - len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in), + len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in), encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out)); #ifndef NO_CRYPT else if(c->type_ == c_aes_ctr) @@ -134,7 +134,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, if(len < 0) return 0; - encrypted_packet_set_sender_id(out, sender_id); + encrypted_packet_set_sender_id(out, sender_id); encrypted_packet_set_seq_nr(out, seq_nr); encrypted_packet_set_mux(out, mux); @@ -145,10 +145,10 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out) { - if(!c) + if(!c) return -1; - int32_t len; + int32_t len; if(c->type_ == c_null) len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in), plain_packet_get_packet(out), plain_packet_get_length(out)); @@ -163,11 +163,11 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, log_printf(ERROR, "unknown cipher type"); return -1; } - + if(len < 0) return 0; - plain_packet_set_length(out, len); + plain_packet_set_length(out, len); return 0; } @@ -176,7 +176,7 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen) { - memcpy(out, in, (ilen < olen) ? ilen : olen); + memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; } @@ -227,7 +227,7 @@ int cipher_aesctr_init(cipher_t* c) if(err) { log_printf(ERROR, "failed to open cipher: %s", gcry_strerror(err)); return -1; - } + } #endif return 0; @@ -241,10 +241,8 @@ void cipher_aesctr_close(cipher_t* c) if(c->params_) { #ifndef USE_SSL_CRYPTO cipher_aesctr_param_t* params = c->params_; - if(params->handle_) - gcry_cipher_close(params->handle_); + gcry_cipher_close(params->handle_); #endif - free(c->params_); } } @@ -253,7 +251,7 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir { if(!c || !c->params_) return -1; - + cipher_aesctr_param_t* params = c->params_; int ret = key_derivation_generate(kd, dir, LABEL_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH); @@ -286,7 +284,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di int ret = key_derivation_generate(kd, dir, LABEL_ENC, seq_nr, c->key_.buf_, c->key_.length_); if(ret < 0) return ret; - + #ifdef USE_SSL_CRYPTO ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { @@ -306,7 +304,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di log_printf(ERROR, "failed to calculate cipher CTR"); return ret; } - + #ifndef USE_SSL_CRYPTO err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { @@ -329,6 +327,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif - return (ilen < olen) ? ilen : olen; + return (ilen < olen) ? ilen : olen; } #endif diff --git a/src/cipher.h b/src/cipher.h index e33d815..4582a46 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/configure b/src/configure index d2f60a8..542b4b4 100755 --- a/src/configure +++ b/src/configure @@ -16,7 +16,7 @@ # tunneling and relaying of packets of any protocol. # # -# Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> +# Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> # # This file is part of uAnytun. # @@ -60,6 +60,7 @@ print_usage() { echo " --no-manpage dont't install manpage" echo " --examplesdir=<DIR> the path to the examples files (default: $PREFIX/share/examples)" echo " --no-examples dont't install example files" + echo " --use-gcrypt use libgcrypt (this is the default)" echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt" echo " --no-crypto disable crypto at all (only NULL cipher)" echo " --disable-passphrase disable master key and salt passphrase" @@ -97,6 +98,9 @@ do --no-examples) INSTALLEXAMPLES=0 ;; + --use-gcrypt) + CRYPTO_LIB='gcrypt' + ;; --use-ssl-crypto) CRYPTO_LIB='ssl' ;; diff --git a/src/daemon.h b/src/daemon.h index 9e6f1b2..05fa83e 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -172,4 +172,3 @@ void daemonize() } #endif - diff --git a/src/datatypes.h b/src/datatypes.h index 0105062..a374022 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c index 12f04ef..801d8e6 100644 --- a/src/encrypted_packet.c +++ b/src/encrypted_packet.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -188,7 +188,7 @@ mux_t encrypted_packet_get_mux(encrypted_packet_t* packet) { if(!packet) return 0; - + return MUX_T_NTOH(packet->data_.header_.mux_); } diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h index 4afe323..fcd16ab 100644 --- a/src/encrypted_packet.h +++ b/src/encrypted_packet.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/init_crypt.h b/src/init_crypt.h index 2461a54..848f9d7 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -54,7 +54,7 @@ int init_crypt() #define MIN_GCRYPT_VERSION "1.2.0" -int init_crypt() +int init_crypt() { if(!gcry_check_version(MIN_GCRYPT_VERSION)) { log_printf(NOTICE, "invalid Version of libgcrypt, should be >= %s", MIN_GCRYPT_VERSION); @@ -81,7 +81,7 @@ int init_crypt() int init_crypt() { -// nothing here +// nothing here return 0; } diff --git a/src/key_derivation.c b/src/key_derivation.c index 8e6e95a..a9c4f6d 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -48,7 +48,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len) { - if(!kd) + if(!kd) return -1; kd->role_ = role; @@ -62,7 +62,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, con if(type[7] == 0) { kd->key_length_ = KD_AESCTR_DEFAULT_KEY_LENGTH; } - else if(type[7] != '-') + else if(type[7] != '-') return -1; else { const char* tmp = &type[8]; @@ -127,7 +127,7 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr if(kd->master_key_.buf_) { log_printf(WARNING, "master key and passphrase provided, ignoring passphrase"); return 0; - } + } log_printf(NOTICE, "using passphrase to generate master key"); if(!key_length || (key_length % 8)) { @@ -183,7 +183,7 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph if(kd->master_salt_.buf_) { log_printf(WARNING, "master salt and passphrase provided, ignoring passphrase"); return 0; - } + } log_printf(NOTICE, "using passphrase to generate master salt"); if(!salt_length || (salt_length % 8)) { @@ -247,7 +247,7 @@ void key_derivation_close(key_derivation_t* kd) int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) { - if(!kd || !key) + if(!kd || !key) return -1; if(label >= LABEL_NIL) { @@ -361,7 +361,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) if(err) { log_printf(ERROR, "failed to open key derivation cipher: %s", gcry_strerror(err)); return -1; - } + } err = gcry_cipher_setkey(params->handle_, kd->master_key_.buf_, kd->master_key_.length_); if(err) { @@ -457,6 +457,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di memset(key, 0, len); AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif - + return 0; } diff --git a/src/key_derivation.h b/src/key_derivation.h index d037157..5268faf 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/linux/tun.c b/src/linux/tun.c index 43370f0..acd823e 100644 --- a/src/linux/tun.c +++ b/src/linux/tun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -59,44 +59,44 @@ #include "sysexec.h" int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix){ - if(!dev) + if(!dev) return -1; - + tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400); dev->actual_name_ = NULL; - dev->fd_ = open(DEFAULT_DEVICE, O_RDWR); - if(dev->fd_ < 0) { + dev->fd_ = open(DEFAULT_DEVICE, O_RDWR); + if(dev->fd_ < 0) { log_printf(ERROR, "can't open device file (%s): %s", DEFAULT_DEVICE, strerror(errno)); tun_close(dev); return -1; } - struct ifreq ifr; - memset(&ifr, 0, sizeof(ifr)); + struct ifreq ifr; + memset(&ifr, 0, sizeof(ifr)); if(dev->type_ == TYPE_TUN) { ifr.ifr_flags = IFF_TUN; dev->with_pi_ = 1; - } + } else if(dev->type_ == TYPE_TAP) { ifr.ifr_flags = IFF_TAP | IFF_NO_PI; dev->with_pi_ = 0; - } + } else { log_printf(ERROR, "unable to recognize type of device (tun or tap)"); tun_close(dev); return -1; } - if(dev_name) - strncpy(ifr.ifr_name, dev_name, IFNAMSIZ); + if(dev_name) + strncpy(ifr.ifr_name, dev_name, IFNAMSIZ); - if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) { - dev->actual_name_ = strdup(ifr.ifr_name); - } else if(!ioctl(dev->fd_, (('T' << 8) | 202), &ifr)) { - dev->actual_name_ = strdup(ifr.ifr_name); - } else { + if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) { + dev->actual_name_ = strdup(ifr.ifr_name); + } else if(!ioctl(dev->fd_, (('T' << 8) | 202), &ifr)) { + dev->actual_name_ = strdup(ifr.ifr_name); + } else { log_printf(ERROR, "tun/tap device ioctl failed: %s", strerror(errno)); tun_close(dev); return -1; @@ -147,7 +147,7 @@ int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len) { struct iovec iov[2]; struct tun_pi tpi; - + iov[0].iov_base = &tpi; iov[0].iov_len = sizeof(tpi); iov[1].iov_base = buf; @@ -171,13 +171,13 @@ int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len) struct iovec iov[2]; struct tun_pi tpi; struct iphdr *hdr = (struct iphdr *)buf; - + tpi.flags = 0; if(hdr->version == 4) tpi.proto = htons(ETH_P_IP); else tpi.proto = htons(ETH_P_IPV6); - + iov[0].iov_base = &tpi; iov[0].iov_len = sizeof(tpi); iov[1].iov_base = buf; @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -85,7 +85,7 @@ int log_targets_target_exists(log_targets_t* targets, log_target_type_t type) if(tmp->type_ == type) return 1; tmp = tmp->next_; - } + } return 0; } @@ -148,7 +148,7 @@ int log_targets_add(log_targets_t* targets, const char* conf) log_target_t* tmp = targets->first_; while(tmp->next_) tmp = tmp->next_; - + tmp->next_ = new_target; } return 0; @@ -248,7 +248,7 @@ void log_print_hex_dump(log_prio_t prio, const u_int8_t* buf, u_int32_t len) if(offset < 0) return; char* ptr = &msg[offset]; - + for(i=0; i < len; i++) { if(((i+1)*3) >= (MSG_LENGTH_MAX - offset)) break; @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/log_targets.h b/src/log_targets.h index 4a19d8e..babe1d1 100644 --- a/src/log_targets.h +++ b/src/log_targets.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -42,7 +42,7 @@ static char* get_time_formatted() { char* time_string; time_t t = time(NULL); - if(t < 0) + if(t < 0) time_string = "<time read error>"; else { time_string = ctime(&t); @@ -79,7 +79,7 @@ int log_target_syslog_init(log_target_t* self, const char* conf) { if(!self || (conf && conf[0] == 0)) return -1; - + self->param_ = malloc(sizeof(log_target_syslog_param_t)); if(!self->param_) return -2; @@ -95,7 +95,7 @@ int log_target_syslog_init(log_target_t* self, const char* conf) if(!len) { free(self->param_); return -1; - } + } logname = malloc(len+1); if(logname) { strncpy(logname, conf, len); @@ -116,13 +116,13 @@ int log_target_syslog_init(log_target_t* self, const char* conf) ((log_target_syslog_param_t*)(self->param_))->facility_ = DAEMON; return 0; } - + if(end[1] == 0 || end[1] == ',') { free(logname); free(self->param_); return -1; } - + const char* start = end + 1; end = strchr(start, ','); int i; @@ -157,7 +157,7 @@ void log_target_syslog_log(log_target_t* self, log_prio_t prio, const char* msg) if(!self || !self->param_ || !self->opened_) return; - syslog((prio + 2) | ((log_target_syslog_param_t*)(self->param_))->facility_, "%s", msg); + syslog((prio + 2) | ((log_target_syslog_param_t*)(self->param_))->facility_, "%s", msg); } void log_target_syslog_close(log_target_t* self) @@ -209,7 +209,7 @@ int log_target_file_init(log_target_t* self, const char* conf) { if(!self || (conf && conf[0] == 0)) return -1; - + self->param_ = malloc(sizeof(log_target_file_param_t)); if(!self->param_) return -2; @@ -224,7 +224,7 @@ int log_target_file_init(log_target_t* self, const char* conf) if(!len) { free(self->param_); return -1; - } + } logfilename = malloc(len+1); if(logfilename) { strncpy(logfilename, conf, len); diff --git a/src/options.c b/src/options.c index 331a3c3..199d49c 100644 --- a/src/options.c +++ b/src/options.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -152,9 +152,9 @@ int options_parse_hex_string(const char* hex, buffer_t* buffer) if(hex_len%2) return 1; - if(buffer->buf_) + if(buffer->buf_) free(buffer->buf_); - + buffer->length_ = hex_len/2; buffer->buf_ = malloc(buffer->length_); if(!buffer->buf_) { @@ -189,7 +189,7 @@ int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg) free(str); return 1; } - + ifcfg->prefix_length_ = atoi(ptr); ifcfg->net_addr_ = strdup(str); free(str); @@ -209,7 +209,6 @@ int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg) return 1; } - int options_parse(options_t* opt, int argc, char* argv[]) { if(!opt) @@ -225,7 +224,9 @@ int options_parse(options_t* opt, int argc, char* argv[]) argc--; +#ifndef NO_CRYPT char* role = NULL; +#endif int i, ipv4_only = 0, ipv6_only = 0; for(i=1; argc > 0; ++i) { @@ -268,7 +269,7 @@ int options_parse(options_t* opt, int argc, char* argv[]) PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_) PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_) #endif - else + else return i; } if(ipv4_only && ipv6_only) @@ -308,13 +309,13 @@ void options_parse_post(options_t* opt) return; #ifndef NO_CRYPT - if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") && + if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") && strcmp(opt->kd_prf_, "null")) { if(opt->kd_prf_) free(opt->kd_prf_); opt->kd_prf_ = strdup("null"); } - if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) && + if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) && !strcmp(opt->kd_prf_, "null")) { log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!"); } diff --git a/src/options.h b/src/options.h index 66c9e99..699f2c7 100644 --- a/src/options.h +++ b/src/options.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/plain_packet.c b/src/plain_packet.c index 29ba5fe..53bddb9 100644 --- a/src/plain_packet.c +++ b/src/plain_packet.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -77,7 +77,7 @@ void plain_packet_set_length(plain_packet_t* packet, u_int32_t len) { if(!packet) return; - + if(len > PLAIN_PACKET_SIZE_MAX) len = PLAIN_PACKET_SIZE_MAX - sizeof(payload_type_t); else if(len < sizeof(payload_type_t)) @@ -85,7 +85,7 @@ void plain_packet_set_length(plain_packet_t* packet, u_int32_t len) else len -= sizeof(payload_type_t); - packet->payload_length_ = len; + packet->payload_length_ = len; } u_int8_t* plain_packet_get_payload(plain_packet_t* packet) diff --git a/src/plain_packet.h b/src/plain_packet.h index 0dc62b7..54c0f8d 100644 --- a/src/plain_packet.h +++ b/src/plain_packet.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -41,7 +41,7 @@ #define PAYLOAD_TYPE_TAP 0x6558 #define PAYLOAD_TYPE_TUN 0x0000 #define PAYLOAD_TYPE_TUN4 0x0800 -#define PAYLOAD_TYPE_TUN6 0x86DD +#define PAYLOAD_TYPE_TUN6 0x86DD #define PAYLOAD_TYPE_UNKNOWN 0xFFFF struct plain_packet_struct { diff --git a/src/seq_window.c b/src/seq_window.c index 0f58adb..55be299 100644 --- a/src/seq_window.c +++ b/src/seq_window.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -67,9 +67,11 @@ void seq_win_clear(seq_win_t* win) free(to_free); } + + win->first_ = NULL; } -seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, window_size_t size) +static seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, window_size_t size) { if(!size) return NULL; @@ -81,7 +83,7 @@ seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, wind e->sender_id_ = sender_id; e->max_ = max; e->pos_ = 0; - e->window_ = malloc(sizeof(seq_nr_t)*size); + e->window_ = malloc(sizeof((*e->window_))*size); if(!e->window_) { free(e); return NULL; @@ -152,12 +154,12 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr ptr->max_ -= SEQ_NR_MAX/2; else if(shifted == 2) ptr->max_ += SEQ_NR_MAX/2; - + return 0; } - + seq_nr_t diff = ptr->max_ - seq_nr; - window_size_t pos = diff > ptr->pos_ ? ptr->pos_ + win->size_ : ptr->pos_; + window_size_t pos = diff > ptr->pos_ ? ptr->pos_ + win->size_ : ptr->pos_; pos -= diff; if(shifted == 1) @@ -170,7 +172,7 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr return ret; } ptr = ptr->next_; - } + } if(!win->first_) { win->first_ = seq_win_new_element(sender_id, seq_nr, win->size_); if(!win->first_) @@ -184,7 +186,7 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr if(!ptr->next_) return -2; } - + return 0; } @@ -204,7 +206,7 @@ void seq_win_print(seq_win_t* win) printf("O"); else printf("."); - + if(i) i--; else diff --git a/src/seq_window.h b/src/seq_window.h index b699ee9..51bb1eb 100644 --- a/src/seq_window.h +++ b/src/seq_window.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -53,7 +53,6 @@ typedef struct seq_win_struct seq_win_t; int seq_win_init(seq_win_t* win, window_size_t size); void seq_win_clear(seq_win_t* win); -seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, window_size_t size); int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr); void seq_win_print(seq_win_t* win); diff --git a/src/sig_handler.c b/src/sig_handler.c index 7c5c695..69b96e3 100644 --- a/src/sig_handler.c +++ b/src/sig_handler.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -129,7 +129,7 @@ int signal_handle() case SIGINT: log_printf(NOTICE, "SIG-Int caught, exitting"); return_value = 1; break; case SIGQUIT: log_printf(NOTICE, "SIG-Quit caught, exitting"); return_value = 1; break; case SIGTERM: log_printf(NOTICE, "SIG-Term caught, exitting"); return_value = 1; break; - case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); break; + case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); return_value = 2; break; case SIGUSR1: log_printf(NOTICE, "SIG-Usr1 caught"); break; case SIGUSR2: log_printf(NOTICE, "SIG-Usr2 caught"); break; default: log_printf(WARNING, "unknown signal %d caught, ignoring", sig); break; diff --git a/src/sig_handler.h b/src/sig_handler.h index 8219618..749c80d 100644 --- a/src/sig_handler.h +++ b/src/sig_handler.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/string_list.c b/src/string_list.c index 5e0ddf8..260dd92 100644 --- a/src/string_list.c +++ b/src/string_list.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -43,7 +43,7 @@ void string_list_init(string_list_t* list) { if(!list) return; - + list->first_ = NULL; } @@ -104,7 +104,7 @@ void string_list_print(string_list_t* list, const char* head, const char* tail) { if(!list) return; - + string_list_element_t* tmp = list->first_; while(tmp) { printf("%s%s%s", head, tmp->string_, tail); diff --git a/src/string_list.h b/src/string_list.h index 9e210ae..2e29822 100644 --- a/src/string_list.h +++ b/src/string_list.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/sysexec.c b/src/sysexec.c index 708d8d0..1191401 100644 --- a/src/sysexec.c +++ b/src/sysexec.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -82,7 +82,7 @@ int uanytun_exec(const char* script, char* const argv[], char* const evp[]) log_printf(WARNING, "can't open stderr"); } execve(script, argv, evp); - // if execve returns, an error occurred, but logging doesn't work + // if execve returns, an error occurred, but logging doesn't work // because we closed all file descriptors, so just write errno to // pipe and call exit int ret = write(pipefd[1], (void*)(&errno), sizeof(errno)); @@ -107,7 +107,7 @@ int uanytun_exec(const char* script, char* const argv[], char* const evp[]) } } if(WIFEXITED(status)) - log_printf(NOTICE, "script '%s' returned %d", script, WEXITSTATUS(status)); + log_printf(NOTICE, "script '%s' returned %d", script, WEXITSTATUS(status)); else if(WIFSIGNALED(status)) log_printf(NOTICE, "script '%s' terminated after signal %d", script, WTERMSIG(status)); else diff --git a/src/sysexec.h b/src/sysexec.h index faed8eb..7527584 100644 --- a/src/sysexec.h +++ b/src/sysexec.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -57,7 +57,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons int tun_init_post(tun_device_t* dev); void tun_do_ifconfig(tun_device_t* dev); void tun_close(tun_device_t* dev); - + int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len); int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len); diff --git a/src/tun_helper.h b/src/tun_helper.h index 9d55267..6417d1c 100644 --- a/src/tun_helper.h +++ b/src/tun_helper.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -92,7 +92,7 @@ const char* tun_get_type_string(tun_device_t* dev) { if(!dev || dev->fd_ < 0) return ""; - + switch(dev->type_) { case TYPE_UNDEF: return "undef"; break; diff --git a/src/uanytun.c b/src/uanytun.c index 29fa17d..7cfb97d 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -72,7 +72,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_ log_printf(ERROR, "could not initialize cipher of type %s", opt->cipher_); return ret; } - + #ifndef NO_CRYPT ret = auth_algo_init(aa, opt->auth_algo_); if(ret) { @@ -104,7 +104,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_ } int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packet_t* plain_packet, encrypted_packet_t* encrypted_packet, - cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t seq_nr) + cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t* seq_nr) { plain_packet_set_payload_length(plain_packet, -1); encrypted_packet_set_length(encrypted_packet, -1); @@ -114,25 +114,25 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe log_printf(ERROR, "error on reading from device: %s", strerror(errno)); return 0; } - + plain_packet_set_payload_length(plain_packet, len); - + if(dev->type_ == TYPE_TUN) plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TUN); else if(dev->type_ == TYPE_TAP) - plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP); + plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP); else plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN); - if(!sock->remote_end_set_) + if(!udp_has_remote(sock)) return 0; - - cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); - + + cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, *seq_nr, opt->sender_id_, opt->mux_); + (*seq_nr)++; #ifndef NO_CRYPT auth_algo_generate(aa, kd, kd_outbound, encrypted_packet); #endif - + len = udp_write(sock, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet)); if(len == -1) log_printf(ERROR, "error on sending udp packet: %s", strerror(errno)); @@ -153,58 +153,48 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl if(len == -1) { log_printf(ERROR, "error on receiving udp packet: %s", strerror(errno)); return 0; - } - else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) { + } else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) { log_printf(WARNING, "received packet is too short"); return 0; } encrypted_packet_set_length(encrypted_packet, len); + if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { + log_printf(WARNING, "wrong mux value, discarding packet"); + return 0; + } + #ifndef NO_CRYPT if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) { log_printf(WARNING, "wrong authentication tag, discarding packet"); return 0; } #endif - - if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { - log_printf(WARNING, "wrong mux value, discarding packet"); - return 0; - } - + int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { log_printf(WARNING, "detected replay attack, discarding packet"); return 0; - } - else if(result < 0) { + } else if(result < 0) { log_printf(ERROR, "memory error at sequence window"); return -2; } - - udp_set_active_sock(sock, fd); - if(remote.len_ != sock->remote_end_.len_ || memcmp(&(remote.addr_), &(sock->remote_end_.addr_), remote.len_)) { - memcpy(&(sock->remote_end_.addr_), &(remote.addr_), remote.len_); - sock->remote_end_.len_ = remote.len_; - sock->remote_end_set_ = 1; - char* addrstring = udp_endpoint_to_string(remote); - log_printf(NOTICE, "autodetected remote host changed %s", addrstring); - free(addrstring); - } + + udp_update_remote(sock, fd, &remote); if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) { log_printf(WARNING, "ignoring packet with zero length payload"); return 0; } - int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); - if(ret) + int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); + if(ret) return ret; - + len = tun_write(dev, plain_packet_get_payload(plain_packet), plain_packet_get_payload_length(plain_packet)); if(len == -1) log_printf(ERROR, "error on writing to device: %s", strerror(errno)); - + return 0; } @@ -231,7 +221,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) FD_ZERO(&readfds); FD_SET(dev->fd_, &readfds); - int nfds = udp_init_fd_set(sock, &readfds); + int nfds = udp_fill_fd_set(sock, &readfds); nfds = dev->fd_ > nfds ? dev->fd_ : nfds; int return_value = 0; @@ -254,15 +244,21 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) continue; if(FD_ISSET(sig_fd, &readyfds)) { - if(signal_handle()) { - return_value = 1; + return_value = signal_handle(); + if(return_value == 1) break; + else if(return_value == 2) { + seq_win_clear(&seq_win); + seq_nr = 0; + log_printf(NOTICE, "sequence window cleared"); + return_value = 0; } + else + return_value = 0; } if(FD_ISSET(dev->fd_, &readyfds)) { - return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, seq_nr); - seq_nr++; + return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_nr); if(return_value) break; } @@ -270,7 +266,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) udp_socket_t* s = sock->socks_; while(s) { if(FD_ISSET(s->fd_, &readyfds)) { - return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); + return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); if(return_value) break; } @@ -312,7 +308,7 @@ int main(int argc, char* argv[]) options_print_version(); } - if(ret != -2 && ret != -5) + if(ret != -2 && ret != -5) options_print_usage(); if(ret == -1 || ret == -5) @@ -332,7 +328,7 @@ int main(int argc, char* argv[]) case -4: fprintf(stderr, "this log target is only allowed once: '%s', exitting\n", tmp->string_); break; default: fprintf(stderr, "syntax error near: '%s', exitting\n", tmp->string_); break; } - + options_clear(&opt); log_close(); exit(ret); @@ -387,15 +383,8 @@ int main(int argc, char* argv[]) exit(ret); } - if(opt.remote_addr_) { - if(!udp_set_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_)) { - char* remote_string = udp_get_remote_end_string(&sock); - if(remote_string) { - log_printf(NOTICE, "set remote end to: %s", remote_string); - free(remote_string); - } - } - } + if(opt.remote_addr_) + udp_resolv_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_); FILE* pid_file = NULL; @@ -421,7 +410,7 @@ int main(int argc, char* argv[]) options_clear(&opt); log_close(); exit(-1); - } + } if(opt.daemonize_) { pid_t oldpid = getpid(); @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -52,17 +52,8 @@ #include <arpa/inet.h> #include <netinet/in.h> -int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type) +static int udp_resolv_local(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type, unsigned int* idx) { - if(!sock || !port) - return -1; - - sock->socks_ = NULL; - sock->active_sock_ = NULL; - memset(&(sock->remote_end_.addr_), 0, sizeof(sock->remote_end_.addr_)); - sock->remote_end_.len_ = sizeof(sock->remote_end_.addr_); - sock->remote_end_set_ = 0; - struct addrinfo hints, *res; res = NULL; @@ -89,7 +80,8 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ } struct addrinfo* r = res; - udp_socket_t* prev_sock = NULL; + udp_socket_t* prev_sock = sock->socks_; + while(prev_sock && prev_sock->next_) prev_sock = prev_sock->next_; while(r) { udp_socket_t* new_sock = malloc(sizeof(udp_socket_t)); if(!new_sock) { @@ -100,7 +92,11 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ } memset(&(new_sock->local_end_.addr_), 0, sizeof(new_sock->local_end_.addr_)); new_sock->local_end_.len_ = sizeof(new_sock->local_end_.addr_); + memset(&(new_sock->remote_end_.addr_), 0, sizeof(new_sock->remote_end_.addr_)); + new_sock->remote_end_.len_ = sizeof(new_sock->remote_end_.addr_); + new_sock->remote_end_set_ = 0; new_sock->next_ = NULL; + new_sock->idx_ = (*idx)++; if(!sock->socks_) { sock->socks_ = new_sock; @@ -110,7 +106,7 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ prev_sock->next_ = new_sock; prev_sock = new_sock; } - + memcpy(&(new_sock->local_end_.addr_), r->ai_addr, r->ai_addrlen); new_sock->local_end_.len_ = r->ai_addrlen; new_sock->fd_ = socket(new_sock->local_end_.addr_.ss_family, SOCK_DGRAM, 0); @@ -134,10 +130,10 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ udp_close(sock); return -1; } - - char* local_string = udp_endpoint_to_string(new_sock->local_end_); + + char* local_string = udp_endpoint_to_string(&(new_sock->local_end_)); if(local_string) { - log_printf(NOTICE, "listening on: %s", local_string); + log_printf(NOTICE, "socket[%d] listening on: %s", new_sock->idx_, local_string); free(local_string); } @@ -145,11 +141,26 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ } freeaddrinfo(res); + return 0; +} + +int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type) +{ + if(!sock || !port) + return -1; + + sock->socks_ = NULL; + sock->active_sock_ = NULL; + + unsigned int idx = 0; + int ret = udp_resolv_local(sock, local_addr, port, resolv_type, &idx); + if(ret) + return ret; return 0; } -int udp_init_fd_set(udp_t* sock, fd_set* set) +int udp_fill_fd_set(udp_t* sock, fd_set* set) { int max_fd = 0; @@ -163,13 +174,28 @@ int udp_init_fd_set(udp_t* sock, fd_set* set) return max_fd; } -int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) +int udp_has_remote(udp_t* sock) { - if(!sock || !remote_addr || !port) - return -1; + if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_) + return 0; + + udp_socket_t* s = sock->socks_; + while(s) { + if(s->remote_end_set_) + return 1; + s = s->next_; + } + + return 0; +} +int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) +{ struct addrinfo hints, *res; + if(!sock || !remote_addr || !port) + return -1; + res = NULL; memset (&hints, 0, sizeof (hints)); hints.ai_socktype = SOCK_DGRAM; @@ -189,38 +215,71 @@ int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resol log_printf(ERROR, "getaddrinfo returned no address for %s:%s", remote_addr, port); return -1; } - memcpy(&(sock->remote_end_.addr_), res->ai_addr, res->ai_addrlen); - sock->remote_end_.len_ = res->ai_addrlen; - sock->remote_end_set_ = 1; - if(!sock->active_sock_) { + int found = 0; + struct addrinfo* r = res; + while(r) { udp_socket_t* s = sock->socks_; while(s) { - if(s->local_end_.addr_.ss_family == res->ai_family) { + if(s->local_end_.addr_.ss_family == r->ai_family && !(s->remote_end_set_)) { sock->active_sock_ = s; break; } s = s->next_; } - } + if(s) { + memcpy(&(s->remote_end_.addr_), r->ai_addr, r->ai_addrlen); + s->remote_end_.len_ = r->ai_addrlen; + s->remote_end_set_ = 1; + found = 1; + char* remote_string = udp_endpoint_to_string(&(s->remote_end_)); + if(remote_string) { + log_printf(NOTICE, "socket[%d] set remote end to: %s", s->idx_, remote_string); + free(remote_string); + } + break; + } + + r = r->ai_next; + } freeaddrinfo(res); + if(!found) + log_printf(WARNING, "no remote address for '%s' found that fits any of the local address families", remote_addr); + return 0; } -void udp_set_active_sock(udp_t* sock, int fd) +void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote) { - if(!sock || (sock->active_sock_ && sock->active_sock_->fd_ == fd)) + if(!sock) return; - udp_socket_t* s = sock->socks_; - while(s) { - if(s->fd_ == fd) { - sock->active_sock_ = s; - return; + if(!(sock->active_sock_) || sock->active_sock_->fd_ != fd) { + udp_socket_t* s = sock->socks_; + while(s) { + if(s->fd_ == fd) { + sock->active_sock_ = s; + break; + } + s = s->next_; + } + } + + if(!remote) + return; + + if(sock->active_sock_) { + if(remote->len_ != sock->active_sock_->remote_end_.len_ || + memcmp(&(remote->addr_), &(sock->active_sock_->remote_end_.addr_), remote->len_)) { + memcpy(&(sock->active_sock_->remote_end_.addr_), &(remote->addr_), remote->len_); + sock->active_sock_->remote_end_.len_ = remote->len_; + sock->active_sock_->remote_end_set_ = 1; + char* addrstring = udp_endpoint_to_string(remote); + log_printf(NOTICE, "socket[%d] autodetected remote host changed %s", sock->active_sock_->idx_, addrstring); + free(addrstring); } - s = s->next_; } } @@ -232,56 +291,53 @@ void udp_close(udp_t* sock) while(sock->socks_) { if(sock->socks_->fd_ > 0) close(sock->socks_->fd_); - + udp_socket_t*s = sock->socks_; sock->socks_ = sock->socks_->next_; - + free(s); } sock->socks_ = NULL; + sock->active_sock_ = NULL; } -char* udp_endpoint_to_string(udp_endpoint_t e) +char* udp_endpoint_to_string(udp_endpoint_t* e) { + if(!e) + return strdup("<null>"); + char addrstr[INET6_ADDRSTRLEN + 1], portstr[6], *ret; char addrport_sep = ':'; - - switch(e.addr_.ss_family) + + switch(e->addr_.ss_family) { case AF_INET: addrport_sep = ':'; break; case AF_INET6: addrport_sep = '.'; break; case AF_UNSPEC: return NULL; - default: return strdup("unknown address type"); + default: return strdup("<unknown address type>"); } - int errcode = getnameinfo((struct sockaddr *)&(e.addr_), e.len_, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST | NI_NUMERICSERV); + int errcode = getnameinfo((struct sockaddr *)&(e->addr_), e->len_, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST | NI_NUMERICSERV); if (errcode != 0) return NULL; int len = asprintf(&ret, "%s%c%s", addrstr, addrport_sep ,portstr); if(len == -1) return NULL; return ret; } -char* udp_get_remote_end_string(udp_t* sock) -{ - if(!sock || !sock->remote_end_set_) - return NULL; - return udp_endpoint_to_string(sock->remote_end_); -} - int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end) { - if(!sock || !remote_end) + if(!sock || !buf || !remote_end) return -1; return recvfrom(fd, buf, len, 0, (struct sockaddr *)&(remote_end->addr_), &(remote_end->len_)); } + int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len) { - if(!sock || !sock->remote_end_set_ || !sock->active_sock_) + if(!sock || !buf || !sock->active_sock_ || !sock->active_sock_->remote_end_set_) return 0; - return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->remote_end_.addr_), sock->remote_end_.len_); + return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->active_sock_->remote_end_.addr_), sock->active_sock_->remote_end_.len_); } - @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -48,7 +48,10 @@ typedef struct { struct udp_socket_struct { int fd_; + unsigned int idx_; udp_endpoint_t local_end_; + udp_endpoint_t remote_end_; + int remote_end_set_; struct udp_socket_struct* next_; }; typedef struct udp_socket_struct udp_socket_t; @@ -56,19 +59,17 @@ typedef struct udp_socket_struct udp_socket_t; struct udp_struct { udp_socket_t* socks_; udp_socket_t* active_sock_; - udp_endpoint_t remote_end_; - int remote_end_set_; }; typedef struct udp_struct udp_t; int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type); -int udp_init_fd_set(udp_t* sock, fd_set* set); -int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); -void udp_set_active_sock(udp_t* sock, int fd); +int udp_fill_fd_set(udp_t* sock, fd_set* set); +int udp_has_remote(udp_t* sock); +int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); +void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote); void udp_close(udp_t* sock); -char* udp_endpoint_to_string(udp_endpoint_t e); -char* udp_get_remote_end_string(udp_t* sock); +char* udp_endpoint_to_string(udp_endpoint_t* e); int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end); int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len); |