summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-28 11:16:23 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-28 11:16:23 +0000
commitbd105ce7b32e4223da7c9eb1de2d25e643fe5b01 (patch)
tree31da28f464f41cdf739ffcd27d19623a57a0561f
parentcleanup (diff)
deactivated option for ld_kdr
cleanup at options parser and manpage
-rw-r--r--doc/uanytun.8.txt108
-rw-r--r--src/cipher.h2
-rw-r--r--src/options.c32
-rw-r--r--src/options.h4
4 files changed, 69 insertions, 77 deletions
diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt
index bb58f87..dc1b934 100644
--- a/doc/uanytun.8.txt
+++ b/doc/uanytun.8.txt
@@ -17,22 +17,21 @@ SYNOPSIS
[ *-P|--write-pid* <filename> ]
[ *-i|--interface* <ip-address> ]
[ *-p|--port* <port> ]
+[ *-s|--sender-id* <sender id> ]
[ *-r|--remote-host* <hostname|ip> ]
[ *-o|--remote-port* <port> ]
[ *-d|--dev* <name> ]
[ *-t|--type* <tun|tap> ]
[ *-n|--ifconfig* <local> <remote|netmask> ]
[ *-x|--post-up-script* <script> ]
-[ *-s|--sender-id* <sender id> ]
-[ *-w|--window-size* <window size> ]
[ *-m|--mux* <mux-id> ]
-[ *-c|--cipher* <cipher type> ]
-[ *-a|--auth-algo* <algo type> ]
+[ *-w|--window-size* <window size> ]
[ *-k|--kd-prf* <kd-prf type> ]
-[ *-l|--ld-kdr* <ld-kdr> ]
[ *-E|--passphrase <pass phrase> ]
[ *-K|--key* <master key> ]
[ *-A|--salt* <master salt> ]
+[ *-c|--cipher* <cipher type> ]
+[ *-a|--auth-algo* <algo type> ]
DESCRIPTION
-----------
@@ -97,6 +96,15 @@ The local UDP port that is used to send and receive the
payload data. The two tunnel endpoints can use different
ports. default: 4444
+-s|--sender-id <sender id>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Each anycast tunnel endpoint needs a uniqe sender id
+(1, 2, 3, ...). It is needed to distinguish the senders
+in case of replay attacks. As *uAnytun* does not support
+synchronisation it can't be used as an anycast endpoint therefore
+this option is quite useless. default: 0
+
-r|--remote-host <hostname|ip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -143,13 +151,14 @@ tunnels, tun for IP tunnels.
*<remote|netmask>* the remote IP address (tun) or netmask (tap)
In tap/Ethernet tunnel mode:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The local IP address and subnet mask of the tunnel
interface, in ifconfig style. The remote tunnel endpoint
has to use a different IP address in the same subnet.
In tun/IP tunnel mode:
+^^^^^^^^^^^^^^^^^^^^^^
The local IP address of the tunnel interface and the
IP address of the tunnel interface on the remote tunnel
@@ -161,14 +170,10 @@ endpoint.
This option instructs *uAnytun* to run this script after the interface
is created. By default no script will be executed.
--s|--sender-id <sender id>
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-m|--mux <mux-id>
+~~~~~~~~~~~~~~~~~
-Each anycast tunnel endpoint needs a uniqe sender id
-(1, 2, 3, ...). It is needed to distinguish the senders
-in case of replay attacks. As *uAnytun* does not support
-synchronisation it can't be used as an anycast endpoint therefore
-this option is quite useless. default: 0
+the multiplex id to use. default: 0
-w|--window-size <window size>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -187,41 +192,6 @@ by filtering packets according to their secuence number.
By default the sequence window is disabled and therefore a
window size of 0 is used.
--m|--mux <mux-id>
-~~~~~~~~~~~~~~~~~
-
-the multiplex id to use. default: 0
-
--c|--cipher <cipher type>
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-payload encryption algorithm
-
-Encryption algorithm used for encrypting the payload
-
-Possible values:
-
-* *null* - no encryption
-* *aes-ctr* - AES in counter mode with 128 Bits, default value
-* *aes-ctr-128* - AES in counter mode with 128 Bits
-* *aes-ctr-192* - AES in counter mode with 192 Bits
-* *aes-ctr-256* - AES in counter mode with 256 Bits
-
--a|--auth-algo <algo type>
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-message authentication algorithm
-
-This option sets the message authentication algorithm.
-
-Possible values:
-
-* *null* - no message authentication
-* *sha1* - HMAC-SHA1, default value
-
-If HMAC-SHA1 is used, the packet length is increased by
-10 bytes. These 10 bytes contain the authentication data.
-
-k|--kd--prf <kd-prf type>
~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -238,17 +208,6 @@ Possible values:
* *aes-ctr-192* - AES in counter mode with 192 Bits
* *aes-ctr-256* - AES in counter mode with 256 Bits
--l|--ld-kdr <ld-kdr>
-~~~~~~~~~~~~~~~~~~~~
-
-The log2 of the key derivation rate. This is used by the key
-derivation to determine how ofen a new session key has to be
-generated. A value of -1 means to generate only one key and use
-it forever. The default is 0 which means to calculate a new key
-for every packet. A value of 1 would tell the key derivation
-to generate a new key after 2 packets, for 2 its 4 packets and
-so on.
-
-E|--passphrase <pass phrase>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -276,6 +235,37 @@ Master salt in hexadecimal notation, eg
01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
of 28 characters (14 bytes).
+-c|--cipher <cipher type>
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+payload encryption algorithm
+
+Encryption algorithm used for encrypting the payload
+
+Possible values:
+
+* *null* - no encryption
+* *aes-ctr* - AES in counter mode with 128 Bits, default value
+* *aes-ctr-128* - AES in counter mode with 128 Bits
+* *aes-ctr-192* - AES in counter mode with 192 Bits
+* *aes-ctr-256* - AES in counter mode with 256 Bits
+
+-a|--auth-algo <algo type>
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+message authentication algorithm
+
+This option sets the message authentication algorithm.
+
+Possible values:
+
+* *null* - no message authentication
+* *sha1* - HMAC-SHA1, default value
+
+If HMAC-SHA1 is used, the packet length is increased by
+10 bytes. These 10 bytes contain the authentication data.
+
+
EXAMPLES
--------
diff --git a/src/cipher.h b/src/cipher.h
index 995315b..555b97a 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -43,6 +43,8 @@
#endif
#include "key_derivation.h"
#else
+enum key_store_dir_enum { kd_inbound = 0, kd_outbound = 1 };
+typedef enum key_store_dir_enum key_store_dir_t;
typedef u_int8_t key_derivation_t;
#endif
diff --git a/src/options.c b/src/options.c
index 8876017..db7d4e1 100644
--- a/src/options.c
+++ b/src/options.c
@@ -186,25 +186,25 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_STRING_PARAM("-P","--write-pid", opt->pid_file_)
PARSE_STRING_PARAM("-i","--interface", opt->local_addr_)
PARSE_STRING_PARAM("-p","--port", opt->local_port_)
+ PARSE_INT_PARAM("-s","--sender-id", opt->sender_id_)
PARSE_STRING_PARAM("-r","--remote-host", opt->remote_addr_)
PARSE_STRING_PARAM("-o","--remote-port", opt->remote_port_)
PARSE_STRING_PARAM("-d","--dev", opt->dev_name_)
PARSE_STRING_PARAM("-t","--type", opt->dev_type_)
PARSE_STRING_PARAM2("-n","--ifconfig", opt->ifconfig_param_local_, opt->ifconfig_param_remote_netmask_)
PARSE_STRING_PARAM("-x","--post-up-script", opt->post_up_script_)
- PARSE_INT_PARAM("-s","--sender-id", opt->sender_id_)
PARSE_INT_PARAM("-m","--mux", opt->mux_)
PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
#ifndef NO_CRYPT
- PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
- PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
- PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
+// PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
#ifndef NO_PASSPHRASE
PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
#endif
PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
+ PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
+ PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
#endif
else
return i;
@@ -240,9 +240,9 @@ void options_default(options_t* opt)
opt->username_ = strdup("nobody");
opt->chroot_dir_ = strdup("/var/run/uanytun");
opt->pid_file_ = NULL;
- opt->sender_id_ = 0;
opt->local_addr_ = NULL;
opt->local_port_ = strdup("4444");
+ opt->sender_id_ = 0;
opt->remote_addr_ = NULL;
opt->remote_port_ = strdup("4444");
opt->dev_name_ = NULL;
@@ -250,17 +250,17 @@ void options_default(options_t* opt)
opt->ifconfig_param_local_ = NULL;
opt->ifconfig_param_remote_netmask_ = NULL;
opt->post_up_script_ = NULL;
+ opt->mux_ = 0;
opt->seq_window_size_ = 0;
#ifndef NO_CRYPT
- opt->cipher_ = strdup("aes-ctr");
opt->kd_prf_ = strdup("aes-ctr");
opt->ld_kdr_ = 0;
- opt->auth_algo_ = strdup("sha1");
opt->passphrase_ = NULL;
+ opt->cipher_ = strdup("aes-ctr");
+ opt->auth_algo_ = strdup("sha1");
#else
opt->cipher_ = strdup("null");
#endif
- opt->mux_ = 0;
opt->key_.buf_ = NULL;
opt->key_.length_ = 0;
opt->salt_.buf_ = NULL;
@@ -301,10 +301,10 @@ void options_clear(options_t* opt)
if(opt->cipher_)
free(opt->cipher_);
#ifndef NO_CRYPT
- if(opt->kd_prf_)
- free(opt->kd_prf_);
if(opt->auth_algo_)
free(opt->auth_algo_);
+ if(opt->kd_prf_)
+ free(opt->kd_prf_);
if(opt->passphrase_)
free(opt->passphrase_);
#endif
@@ -325,6 +325,7 @@ void options_print_usage()
printf(" [-P|--write-pid] <path> write pid to this file\n");
printf(" [-i|--interface] <ip-address> local ip address to bind to\n");
printf(" [-p|--port] <port> local port to bind to\n");
+ printf(" [-s|--sender-id ] <sender id> the sender id to use\n");
printf(" [-r|--remote-host] <hostname|ip> remote host\n");
printf(" [-o|--remote-port] <port> remote port\n");
printf(" [-d|--dev] <name> device name\n");
@@ -332,19 +333,18 @@ void options_print_usage()
printf(" [-n|--ifconfig] <local> the local address for the tun/tap device\n");
printf(" <remote|netmask> the remote address(tun) or netmask(tap)\n");
printf(" [-x|--post-up-script] <script> script gets called after interface is created\n");
- printf(" [-s|--sender-id ] <sender id> the sender id to use\n");
- printf(" [-w|--window-size] <window size> seqence number window size\n");
printf(" [-m|--mux] <mux-id> the multiplex id to use\n");
+ printf(" [-w|--window-size] <window size> seqence number window size\n");
#ifndef NO_CRYPT
- printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
- printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
- printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
+// printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
#ifndef NO_PASSPHRASE
printf(" [-E|--passphrase] <pass phrase> a passprhase to generate master key and salt from\n");
#endif
printf(" [-K|--key] <master key> master key to use for encryption\n");
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
+ printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
+ printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
#endif
}
@@ -358,6 +358,7 @@ void options_print(options_t* opt)
printf("pid_file: '%s'\n", opt->pid_file_);
printf("local_addr: '%s'\n", opt->local_addr_);
printf("local_port: '%s'\n", opt->local_port_);
+ printf("sender_id: %d\n", opt->sender_id_);
printf("remote_addr: '%s'\n", opt->remote_addr_);
printf("remote_port: '%s'\n", opt->remote_port_);
printf("dev_name: '%s'\n", opt->dev_name_);
@@ -365,7 +366,6 @@ void options_print(options_t* opt)
printf("ifconfig_local: '%s'\n", opt->ifconfig_param_local_);
printf("ifconfig_remote_netmask: '%s'\n", opt->ifconfig_param_remote_netmask_);
printf("post_up_script: '%s'\n", opt->post_up_script_);
- printf("sender_id: %d\n", opt->sender_id_);
printf("mux: %d\n", opt->mux_);
printf("seq_window_size: %d\n", opt->seq_window_size_);
printf("cipher: '%s'\n", opt->cipher_);
diff --git a/src/options.h b/src/options.h
index ecaf3a3..b1695a8 100644
--- a/src/options.h
+++ b/src/options.h
@@ -42,9 +42,9 @@ struct options_struct {
char* username_;
char* chroot_dir_;
char* pid_file_;
- sender_id_t sender_id_;
char* local_addr_;
char* local_port_;
+ sender_id_t sender_id_;
char* remote_addr_;
char* remote_port_;
char* dev_name_;
@@ -52,6 +52,7 @@ struct options_struct {
char* ifconfig_param_local_;
char* ifconfig_param_remote_netmask_;
char* post_up_script_;
+ mux_t mux_;
window_size_t seq_window_size_;
char* cipher_;
#ifndef NO_CRYPT
@@ -60,7 +61,6 @@ struct options_struct {
char* auth_algo_;
char* passphrase_;
#endif
- mux_t mux_;
buffer_t key_;
buffer_t salt_;
};