diff options
41 files changed, 315 insertions, 275 deletions
@@ -1,3 +1,7 @@ +201?.??.?? -- Version 0.?.? + +* added RAIL mode + 2010.02.16 -- Version 0.3.3 * added -v|--version option @@ -18,11 +22,11 @@ * improved script execution * added signal handling without races * all log_targets print time now too - + 2009.05.01 -- Version 0.3 * updated to new protocol specification (extended label and crypto role) - Mind that due this protocol changes this version is incompatible to older + Mind that due this protocol changes this version is incompatible to older version of anytun and uanytun * the auth tag length can now be configured * added extended logging support (syslog, file, stdout and stderr) @@ -40,7 +44,7 @@ * fixed bug which prevents the daemon from using the right cipher key when using a key derivation rate other than 1 - + 2009.01.11 -- Version 0.2 * added crypto support using libgcrypt or openssl @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt or the openssl-crypto library. +The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -11,7 +11,7 @@ Linux (this includes Debian with FreeBSD Kernel) using libgcrypt: - + build-essential libgcrypt11-dev @@ -46,7 +46,7 @@ if you want to rebuild the manpage: textproc/libxslt textproc/docbook-xsl sysutils/readlink - misc/getopt + misc/getopt @@ -75,7 +75,7 @@ using ssl crypto library: # ./configure --use-ssl-crypto # make -Notes: +Notes: - try './configure --help' for further information - if using openssl pre 0.9.8 you have to disable passphrase because openssl had no SHA256 implementation prior to this @@ -110,20 +110,20 @@ Usage: init.d script ------------- -The init.d script can be used to start uanytun at boot time. It searches for +The init.d script can be used to start uanytun at boot time. It searches for configuration files which reside at $CONFIG_DIR. For each instance of uanytun which should be started there must be a directory containing at least a file named config. This file must contain all command line parameter which should be used when starting the daemon. One line for each parameter. Empty lines and lines starting with # are ignored. Besides the config file there may be a script -named post-up.sh which will be called when the tun/tap device comes up. +named post-up.sh which will be called when the tun/tap device comes up. This is an example of how the init.d script can be used to start uanytun: # /etc/init.d/uanytun start client1 p2p-a In this case the script will start 2 instances of uanytun using the config files -$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. +$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. If no instance name is specified the script will use the file $CONFIG_DIR/autostart -to determine which instances to start or stop. This file must contain a list -of instance names which should be used when no names are specified at the command +to determine which instances to start or stop. This file must contain a list +of instance names which should be used when no names are specified at the command line. One line for each name. Empty lines and lines starting with # are ignored. diff --git a/doc/Makefile b/doc/Makefile index b5eecb8..f2b6ac9 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -13,9 +13,9 @@ ## message authentication based on the methodes used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. -## ## -## Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> +## +## Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> ## ## This file is part of uAnytun. ## @@ -35,21 +35,21 @@ VERSION=$(shell cat ../version) -.PHONY: clean +.PHONY: clean all: manpage uanytun.8: uanytun.8.txt - a2x -f manpage $< - @ sed -i -e 's/\[FIXME: source\]/uanytun ${VERSION}/' $@ - @ sed -i -e 's/\[FIXME: manual\]/uanytun user manual/' $@ - @ sed -i -e 's/^uanytun$$/\\fBuanytun\\fR/' $@ - @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $@ + a2x -f manpage $< + @ sed -i -e 's/\[FIXME: source\]/uanytun ${VERSION}/' $@ + @ sed -i -e 's/\[FIXME: manual\]/uanytun user manual/' $@ + @ sed -i -e 's/^uanytun$$/\\fBuanytun\\fR/' $@ + @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $@ manpage: uanytun.8 clean: - rm -f uanytun.8.xml + rm -f uanytun.8.xml realclean: clean - rm -f uanytun.8 + rm -f uanytun.8 diff --git a/doc/uanytun.8 b/doc/uanytun.8 index aae36cb..4e60f6b 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -1,13 +1,22 @@ '\" t .\" Title: uanytun .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/> -.\" Date: 12/14/2010 -.\" Manual: uanytun user manual -.\" Source: uanytun trunk +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 02/07/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "UANYTUN" "8" "12/14/2010" "uanytun trunk" "uanytun user manual" +.TH "UANYTUN" "8" "02/07/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -33,9 +42,9 @@ uanytun \- micro anycast tunneling daemon [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]] ] [ \fB\-U|\-\-debug\fR ] [ \fB\-i|\-\-interface\fR <ip\-address> ] - [ \fB\-p|\-\-port\fR <port> ] + [ \fB\-p|\-\-port\fR <port>[:<port>] ] [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ] - [ \fB\-o|\-\-remote\-port\fR <port> ] + [ \fB\-o|\-\-remote\-port\fR <port>[:<port>] ] [ \fB\-4|\-\-ipv4\-only\fR ] [ \fB\-6|\-\-ipv6\-only\fR ] [ \fB\-d|\-\-dev\fR <name> ] @@ -139,9 +148,13 @@ to run in debug mode\&. It implicits This IP address is used as the sender address for outgoing packets\&. The default is to not use a special inteface and just bind on all interfaces\&. .RE .PP -\fB\-p, \-\-port \fR\fB\fI<port>\fR\fR +\fB\-p, \-\-port \fR\fB\fI<port>[:<port>]\fR\fR .RS 4 -The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. default: 4444 +The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. The default port is 4444\&. You can also specify a port range which enables +\fBRAIL\fR +mode\&. See section +\fBRAIL\fR +below to find out what this is\&. .RE .PP \fB\-r, \-\-remote\-host \fR\fB\fI<hostname|ip>\fR\fR @@ -149,9 +162,12 @@ The local UDP port that is used to send and receive the payload data\&. The two This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&. .RE .PP -\fB\-o, \-\-remote\-port \fR\fB\fI<port>\fR\fR +\fB\-o, \-\-remote\-port \fR\fB\fI<port>[:<port>]\fR\fR .RS 4 -The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&. +The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&. When RAIL mode is enabled the port range must be of the same length as the range defined with +\fB\-p, \-\-port\fR\&. See section +\fBRAIL\fR +below for more information about this mode\&. .RE .PP \fB\-4, \-\-ipv4\-only\fR @@ -216,7 +232,7 @@ does not support synchronisation it can\(cqt be used as an anycast endpoint ther .RS 4 seqence window size -Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR @@ -359,6 +375,9 @@ The number of bytes to use for the auth tag\&. This value defaults to 10 bytes u \fInull\fR auth algo is used in which case it defaults to 0\&. .RE +.SH "RAIL" +.sp +\fBRAIL\fR stands for Redundant Array of Inexpensive Links\&. Like RAID spreads the blocks of a disk volume over multiple physical disks, \fBRAIL\fR will spread the UDP packets over multiple physical links\&. More precisly for each packet \fBuAnytun\fR reads, from the TUN/TAP device, it will send out multiple UDP packets\&. All of those to the same host but with different destination ports\&. Using policy\-based routing mechanisms these packets can now be seperated and sent out on several interfaces\&. The server\-side will then pick the first of the packets that arrives and discards all others\&. For this to work the size of the sequence window (\fB\-w\fR) must not be set to 0\&. As soon as the server\-side learns the remote endpoints of all or some of the links it will as well send multiple UDP packets for each payload packet\&. .SH "EXAMPLES" .SS "P2P Setup between two unicast enpoints:" .sp @@ -417,4 +436,4 @@ Christian Pointner <equinox@anytun\&.org> Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2008\-2010 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2008\-2014 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index 1ebed47..5a75bcb 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -21,9 +21,9 @@ uanytun [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ] [ -U|--debug ] [ -i|--interface <ip-address> ] - [ -p|--port <port> ] + [ -p|--port <port>[:<port>] ] [ -r|--remote-host <hostname|ip> ] - [ -o|--remote-port <port> ] + [ -o|--remote-port <port>[:<port>] ] [ -4|--ipv4-only ] [ -6|--ipv6-only ] [ -d|--dev <name> ] @@ -51,9 +51,9 @@ DESCRIPTION (SATP). It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode. The main difference is that anycast enables the setup of tunnels between an arbitrary combination of anycast, unicast -and multicast hosts. Unlike Anytun which is a full featured implementation -uAnytun has no support for multiple connections or synchronisation. It is a -small single threaded implementation intended to act as a client on small +and multicast hosts. Unlike Anytun which is a full featured implementation +uAnytun has no support for multiple connections or synchronisation. It is a +small single threaded implementation intended to act as a client on small platforms. @@ -69,7 +69,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username '<username>'*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname '<groupname>'*:: @@ -77,30 +77,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot '<path>'*:: - Instruct *uAnytun* to run in a chroot jail. The default is + Instruct *uAnytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid <filename>*:: - Instruct *uAnytun* to write it's pid to this file. The default is + Instruct *uAnytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target has its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more than once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,uanytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]] 'file';; log to file, parameters <level>[,<path>] 'stdout';; log to standard output, parameters <level> - 'stderr';; log to standard error, parameters <level> + 'stderr';; log to standard error, parameters <level> *-U, --debug*:: - This option instructs *uAnytun* to run in debug mode. It implicits *-D* + This option instructs *uAnytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -110,10 +110,12 @@ passed to the daemon: packets. The default is to not use a special inteface and just bind on all interfaces. -*-p, --port '<port>'*:: +*-p, --port '<port>[:<port>]'*:: The local UDP port that is used to send and receive the payload data. The two tunnel endpoints can use different - ports. default: 4444 + ports. The default port is 4444. + You can also specify a port range which enables *RAIL* mode. See section + *RAIL* below to find out what this is. *-r, --remote-host '<hostname|ip>'*:: This option can be used to specify the remote tunnel @@ -122,11 +124,14 @@ passed to the daemon: an address, it is automatically determined after receiving the first data packet. -*-o, --remote-port '<port>'*:: +*-o, --remote-port '<port>[:<port>]'*:: The UDP port used for payload data by the remote host (specified with -p on the remote host). If you do not specify a port, it is automatically determined after receiving the first data packet. + When RAIL mode is enabled the port range must be of the same length + as the range defined with *-p, --port*. + See section *RAIL* below for more information about this mode. *-4, --ipv4-only*:: Resolv to IPv4 addresses only. The default is to resolv both @@ -155,7 +160,7 @@ passed to the daemon: '<prefix>';; the prefix length of the network *-x, --post-up-script '<script>'*:: - This option instructs *uAnytun* to run this script after the interface + This option instructs *uAnytun* to run this script after the interface is created. By default no script will be executed. *-m, --mux '<mux-id>'*:: @@ -164,9 +169,9 @@ passed to the daemon: *-s, --sender-id '<sender id>'*:: Each anycast tunnel endpoint needs a unique sender id (1, 2, 3, ...). It is needed to distinguish the senders - in case of replay attacks. As *uAnytun* does not support - synchronisation it can't be used as an anycast endpoint therefore - this option is quite useless but implemented for compatibility + in case of replay attacks. As *uAnytun* does not support + synchronisation it can't be used as an anycast endpoint therefore + this option is quite useless but implemented for compatibility reasons. default: 0 *-w, --window-size '<window size>'*:: @@ -185,7 +190,7 @@ passed to the daemon: *-k, --kd--prf '<kd-prf type>'*:: key derivation pseudo random function + - The pseudo random function which is used for calculating the + The pseudo random function which is used for calculating the session keys and session salt. + Possible values: @@ -198,16 +203,16 @@ passed to the daemon: *-e, --role '<role>'*:: SATP uses different session keys for inbound and outbound traffic. The role parameter is used to determine which keys to use for outbound or - inbound packets. On both sides of a vpn connection different roles have - to be used. Possible values are 'left' and 'right'. You may also use - 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as + inbound packets. On both sides of a vpn connection different roles have + to be used. Possible values are 'left' and 'right'. You may also use + 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as a replacement for 'right'. By default 'left' is used. *-E, --passphrase '<pass phrase>'*:: This passphrase is used to generate the master key and master salt. - For the master key the last n bits of the SHA256 digest of the - passphrase (where n is the length of the master key in bits) is used. - The master salt gets generated with the SHA1 digest. + For the master key the last n bits of the SHA256 digest of the + passphrase (where n is the length of the master key in bits) is used. + The master salt gets generated with the SHA1 digest. You may force a specific key and or salt by using *--key* and *--salt*. *-K, --key '<master key>'*:: @@ -236,7 +241,7 @@ passed to the daemon: *-a, --auth-algo '<algo type>'*:: message authentication algorithm + This option sets the message authentication algorithm. + - If HMAC-SHA1 is used, the packet length is increased. The additional bytes + If HMAC-SHA1 is used, the packet length is increased. The additional bytes contain the authentication data. see *--auth-tag-length* for more info. + Possible values: @@ -244,8 +249,22 @@ passed to the daemon: 'sha1';; HMAC-SHA1, default value *-b, --auth-tag-length '<length>'*:: - The number of bytes to use for the auth tag. This value defaults to 10 bytes - unless the 'null' auth algo is used in which case it defaults to 0. + The number of bytes to use for the auth tag. This value defaults to 10 bytes + unless the 'null' auth algo is used in which case it defaults to 0. + +RAIL +---- + +*RAIL* stands for Redundant Array of Inexpensive Links. Like RAID spreads +the blocks of a disk volume over multiple physical disks, *RAIL* will spread the +UDP packets over multiple physical links. More precisly for each packet *uAnytun* +reads, from the TUN/TAP device, it will send out multiple UDP packets. All of those to +the same host but with different destination ports. Using policy-based routing mechanisms +these packets can now be seperated and sent out on several interfaces. +The server-side will then pick the first of the packets that arrives and discards all others. +For this to work the size of the sequence window (*-w*) must not be set to 0. +As soon as the server-side learns the remote endpoints of all or some of the links it will +as well send multiple UDP packets for each payload packet. EXAMPLES @@ -267,7 +286,7 @@ uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ct One unicast and one anycast tunnel endpoint: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - + Unicast tunnel endpoint: ^^^^^^^^^^^^^^^^^^^^^^^^ @@ -300,7 +319,7 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2008-2010 Christian Pointner. This program is free -software: you can redistribute it and/or modify it under the terms -of the GNU General Public License as published by the Free Software +Copyright \(C) 2008-2014 Christian Pointner. This program is free +software: you can redistribute it and/or modify it under the terms +of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. diff --git a/src/Makefile b/src/Makefile index 5ed36d9..6653b60 100644 --- a/src/Makefile +++ b/src/Makefile @@ -13,9 +13,9 @@ ## message authentication based on the methodes used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. -## ## -## Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> +## +## Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> ## ## This file is part of uAnytun. ## diff --git a/src/auth_algo.c b/src/auth_algo.c index b148946..a71b639 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -1,4 +1,4 @@ -/* +w/* * uAnytun * * uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -50,7 +50,7 @@ auth_algo_type_t auth_algo_get_type(const char* type) return aa_null; else if(!strcmp(type, "sha1")) return aa_sha1; - + return aa_unknown; } @@ -65,7 +65,7 @@ u_int32_t auth_algo_get_max_length(const char* type) int auth_algo_init(auth_algo_t* aa, const char* type) { - if(!aa) + if(!aa) return -1; aa->type_ = auth_algo_get_type(type); @@ -103,7 +103,7 @@ void auth_algo_close(auth_algo_t* aa) void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { - if(!aa) + if(!aa) return; if(aa->type_ == aa_null) @@ -118,7 +118,7 @@ void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { - if(!aa) + if(!aa) return 0; if(aa->type_ == aa_null) @@ -159,7 +159,7 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; - } + } #else HMAC_CTX_init(¶ms->ctx_); HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); @@ -181,7 +181,7 @@ void auth_algo_sha1_close(auth_algo_t* aa) gcry_md_close(params->handle_); #else HMAC_CTX_cleanup(¶ms->ctx_); -#endif +#endif free(aa->params_); } @@ -212,8 +212,8 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); return; - } - + } + gcry_md_reset(params->handle_); gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); @@ -260,7 +260,7 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); return -1; - } + } gcry_md_reset(params->handle_); gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); @@ -280,11 +280,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(length > SHA1_LENGTH) { u_int32_t i; for(i=0; i < (encrypted_packet_get_auth_tag_length(packet) - SHA1_LENGTH); ++i) - if(tag[i]) return 0; + if(tag[i]) return 0; } - + int result = memcmp(&tag[encrypted_packet_get_auth_tag_length(packet) - length], &hmac[SHA1_LENGTH - length], length); - + if(result) return 0; diff --git a/src/auth_algo.h b/src/auth_algo.h index 1007955..d911ca8 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/bsd/tun.c b/src/bsd/tun.c index a995c35..734c3d8 100644 --- a/src/bsd/tun.c +++ b/src/bsd/tun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -58,9 +58,9 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix) { - if(!dev) + if(!dev) return -1; - + tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400); dev->actual_name_ = NULL; @@ -109,7 +109,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons tun_close(dev); return -2; } - + dev->fd_ = open(device_file_tmp, O_RDWR); free(device_file_tmp); if(dev->fd_ >= 0) @@ -125,7 +125,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons log_printf(ERROR, "can't open device file dynamically: no unused node left"); else log_printf(ERROR, "can't open device file (%s): %s", device_file, strerror(errno)); - + tun_close(dev); return -1; } @@ -164,18 +164,18 @@ int tun_init_post(tun_device_t* dev) dev->with_pi_ = 1; if(dev->type_ == TYPE_TAP) dev->with_pi_ = 0; - - struct tuninfo ti; + + struct tuninfo ti; if(ioctl(dev->fd_, TUNGIFINFO, &ti) < 0) { log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno)); return -1; - } + } ti.flags |= IFF_MULTICAST; if(dev->type_ == TYPE_TUN) ti.flags &= ~IFF_POINTOPOINT; - + if(ioctl(dev->fd_, TUNSIFINFO, &ti) < 0) { log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno)); return -1; @@ -199,20 +199,20 @@ int tun_init_post(tun_device_t* dev) if(ioctl(dev->fd_, TUNSLMODE, &arg) < 0) { log_printf(ERROR, "can't disable link-layer mode for interface: %s", strerror(errno)); return -1; - } + } arg = 1; if(ioctl(dev->fd_, TUNSIFHEAD, &arg) < 0) { log_printf(ERROR, "can't enable multi-af mode for interface: %s", strerror(errno)); return -1; - } + } arg = IFF_BROADCAST; arg |= IFF_MULTICAST; if(ioctl(dev->fd_, TUNSIFMODE, &arg) < 0) { log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno)); return -1; - } + } } return 0; @@ -268,7 +268,7 @@ int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len) { struct iovec iov[2]; u_int32_t type; - + iov[0].iov_base = &type; iov[0].iov_len = sizeof(type); iov[1].iov_base = buf; @@ -292,13 +292,13 @@ int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len) struct iovec iov[2]; u_int32_t type; struct ip *hdr = (struct ip*)buf; - + type = 0; if(hdr->ip_v == 4) type = htonl(AF_INET); else type = htonl(AF_INET6); - + iov[0].iov_base = &type; iov[0].iov_len = sizeof(type); iov[1].iov_base = buf; diff --git a/src/cipher.c b/src/cipher.c index 427ce9a..5040686 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -47,7 +47,7 @@ int cipher_init(cipher_t* c, const char* type) { - if(!c) + if(!c) return -1; c->key_length_ = 0; @@ -61,7 +61,7 @@ int cipher_init(cipher_t* c, const char* type) if(type[7] == 0) { c->key_length_ = C_AESCTR_DEFAULT_KEY_LENGTH; } - else if(type[7] != '-') + else if(type[7] != '-') return -1; else { const char* tmp = &type[8]; @@ -113,12 +113,12 @@ void cipher_close(cipher_t* c) int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - if(!c) + if(!c) return -1; - int32_t len; + int32_t len; if(c->type_ == c_null) - len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in), + len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in), encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out)); #ifndef NO_CRYPT else if(c->type_ == c_aes_ctr) @@ -134,7 +134,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, if(len < 0) return 0; - encrypted_packet_set_sender_id(out, sender_id); + encrypted_packet_set_sender_id(out, sender_id); encrypted_packet_set_seq_nr(out, seq_nr); encrypted_packet_set_mux(out, mux); @@ -145,10 +145,10 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out) { - if(!c) + if(!c) return -1; - int32_t len; + int32_t len; if(c->type_ == c_null) len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in), plain_packet_get_packet(out), plain_packet_get_length(out)); @@ -163,11 +163,11 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, log_printf(ERROR, "unknown cipher type"); return -1; } - + if(len < 0) return 0; - plain_packet_set_length(out, len); + plain_packet_set_length(out, len); return 0; } @@ -176,7 +176,7 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen) { - memcpy(out, in, (ilen < olen) ? ilen : olen); + memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; } @@ -227,7 +227,7 @@ int cipher_aesctr_init(cipher_t* c) if(err) { log_printf(ERROR, "failed to open cipher: %s", gcry_strerror(err)); return -1; - } + } #endif return 0; @@ -253,7 +253,7 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir { if(!c || !c->params_) return -1; - + cipher_aesctr_param_t* params = c->params_; int ret = key_derivation_generate(kd, dir, LABEL_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH); @@ -286,7 +286,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di int ret = key_derivation_generate(kd, dir, LABEL_ENC, seq_nr, c->key_.buf_, c->key_.length_); if(ret < 0) return ret; - + #ifdef USE_SSL_CRYPTO ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { @@ -306,7 +306,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di log_printf(ERROR, "failed to calculate cipher CTR"); return ret; } - + #ifndef USE_SSL_CRYPTO err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { @@ -329,6 +329,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif - return (ilen < olen) ? ilen : olen; + return (ilen < olen) ? ilen : olen; } #endif diff --git a/src/cipher.h b/src/cipher.h index e33d815..4582a46 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/configure b/src/configure index d2f60a8..90a5739 100755 --- a/src/configure +++ b/src/configure @@ -16,7 +16,7 @@ # tunneling and relaying of packets of any protocol. # # -# Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> +# Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> # # This file is part of uAnytun. # diff --git a/src/daemon.h b/src/daemon.h index 9e6f1b2..05fa83e 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -172,4 +172,3 @@ void daemonize() } #endif - diff --git a/src/datatypes.h b/src/datatypes.h index 0105062..a374022 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c index 12f04ef..801d8e6 100644 --- a/src/encrypted_packet.c +++ b/src/encrypted_packet.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -188,7 +188,7 @@ mux_t encrypted_packet_get_mux(encrypted_packet_t* packet) { if(!packet) return 0; - + return MUX_T_NTOH(packet->data_.header_.mux_); } diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h index 4afe323..fcd16ab 100644 --- a/src/encrypted_packet.h +++ b/src/encrypted_packet.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/init_crypt.h b/src/init_crypt.h index 2461a54..848f9d7 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -54,7 +54,7 @@ int init_crypt() #define MIN_GCRYPT_VERSION "1.2.0" -int init_crypt() +int init_crypt() { if(!gcry_check_version(MIN_GCRYPT_VERSION)) { log_printf(NOTICE, "invalid Version of libgcrypt, should be >= %s", MIN_GCRYPT_VERSION); @@ -81,7 +81,7 @@ int init_crypt() int init_crypt() { -// nothing here +// nothing here return 0; } diff --git a/src/key_derivation.c b/src/key_derivation.c index 8e6e95a..a9c4f6d 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -48,7 +48,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len) { - if(!kd) + if(!kd) return -1; kd->role_ = role; @@ -62,7 +62,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, con if(type[7] == 0) { kd->key_length_ = KD_AESCTR_DEFAULT_KEY_LENGTH; } - else if(type[7] != '-') + else if(type[7] != '-') return -1; else { const char* tmp = &type[8]; @@ -127,7 +127,7 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr if(kd->master_key_.buf_) { log_printf(WARNING, "master key and passphrase provided, ignoring passphrase"); return 0; - } + } log_printf(NOTICE, "using passphrase to generate master key"); if(!key_length || (key_length % 8)) { @@ -183,7 +183,7 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph if(kd->master_salt_.buf_) { log_printf(WARNING, "master salt and passphrase provided, ignoring passphrase"); return 0; - } + } log_printf(NOTICE, "using passphrase to generate master salt"); if(!salt_length || (salt_length % 8)) { @@ -247,7 +247,7 @@ void key_derivation_close(key_derivation_t* kd) int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) { - if(!kd || !key) + if(!kd || !key) return -1; if(label >= LABEL_NIL) { @@ -361,7 +361,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) if(err) { log_printf(ERROR, "failed to open key derivation cipher: %s", gcry_strerror(err)); return -1; - } + } err = gcry_cipher_setkey(params->handle_, kd->master_key_.buf_, kd->master_key_.length_); if(err) { @@ -457,6 +457,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di memset(key, 0, len); AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif - + return 0; } diff --git a/src/key_derivation.h b/src/key_derivation.h index d037157..5268faf 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/linux/tun.c b/src/linux/tun.c index 43370f0..acd823e 100644 --- a/src/linux/tun.c +++ b/src/linux/tun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -59,44 +59,44 @@ #include "sysexec.h" int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix){ - if(!dev) + if(!dev) return -1; - + tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400); dev->actual_name_ = NULL; - dev->fd_ = open(DEFAULT_DEVICE, O_RDWR); - if(dev->fd_ < 0) { + dev->fd_ = open(DEFAULT_DEVICE, O_RDWR); + if(dev->fd_ < 0) { log_printf(ERROR, "can't open device file (%s): %s", DEFAULT_DEVICE, strerror(errno)); tun_close(dev); return -1; } - struct ifreq ifr; - memset(&ifr, 0, sizeof(ifr)); + struct ifreq ifr; + memset(&ifr, 0, sizeof(ifr)); if(dev->type_ == TYPE_TUN) { ifr.ifr_flags = IFF_TUN; dev->with_pi_ = 1; - } + } else if(dev->type_ == TYPE_TAP) { ifr.ifr_flags = IFF_TAP | IFF_NO_PI; dev->with_pi_ = 0; - } + } else { log_printf(ERROR, "unable to recognize type of device (tun or tap)"); tun_close(dev); return -1; } - if(dev_name) - strncpy(ifr.ifr_name, dev_name, IFNAMSIZ); + if(dev_name) + strncpy(ifr.ifr_name, dev_name, IFNAMSIZ); - if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) { - dev->actual_name_ = strdup(ifr.ifr_name); - } else if(!ioctl(dev->fd_, (('T' << 8) | 202), &ifr)) { - dev->actual_name_ = strdup(ifr.ifr_name); - } else { + if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) { + dev->actual_name_ = strdup(ifr.ifr_name); + } else if(!ioctl(dev->fd_, (('T' << 8) | 202), &ifr)) { + dev->actual_name_ = strdup(ifr.ifr_name); + } else { log_printf(ERROR, "tun/tap device ioctl failed: %s", strerror(errno)); tun_close(dev); return -1; @@ -147,7 +147,7 @@ int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len) { struct iovec iov[2]; struct tun_pi tpi; - + iov[0].iov_base = &tpi; iov[0].iov_len = sizeof(tpi); iov[1].iov_base = buf; @@ -171,13 +171,13 @@ int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len) struct iovec iov[2]; struct tun_pi tpi; struct iphdr *hdr = (struct iphdr *)buf; - + tpi.flags = 0; if(hdr->version == 4) tpi.proto = htons(ETH_P_IP); else tpi.proto = htons(ETH_P_IPV6); - + iov[0].iov_base = &tpi; iov[0].iov_len = sizeof(tpi); iov[1].iov_base = buf; @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -85,7 +85,7 @@ int log_targets_target_exists(log_targets_t* targets, log_target_type_t type) if(tmp->type_ == type) return 1; tmp = tmp->next_; - } + } return 0; } @@ -148,7 +148,7 @@ int log_targets_add(log_targets_t* targets, const char* conf) log_target_t* tmp = targets->first_; while(tmp->next_) tmp = tmp->next_; - + tmp->next_ = new_target; } return 0; @@ -248,7 +248,7 @@ void log_print_hex_dump(log_prio_t prio, const u_int8_t* buf, u_int32_t len) if(offset < 0) return; char* ptr = &msg[offset]; - + for(i=0; i < len; i++) { if(((i+1)*3) >= (MSG_LENGTH_MAX - offset)) break; @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/log_targets.h b/src/log_targets.h index 4a19d8e..babe1d1 100644 --- a/src/log_targets.h +++ b/src/log_targets.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -42,7 +42,7 @@ static char* get_time_formatted() { char* time_string; time_t t = time(NULL); - if(t < 0) + if(t < 0) time_string = "<time read error>"; else { time_string = ctime(&t); @@ -79,7 +79,7 @@ int log_target_syslog_init(log_target_t* self, const char* conf) { if(!self || (conf && conf[0] == 0)) return -1; - + self->param_ = malloc(sizeof(log_target_syslog_param_t)); if(!self->param_) return -2; @@ -95,7 +95,7 @@ int log_target_syslog_init(log_target_t* self, const char* conf) if(!len) { free(self->param_); return -1; - } + } logname = malloc(len+1); if(logname) { strncpy(logname, conf, len); @@ -116,13 +116,13 @@ int log_target_syslog_init(log_target_t* self, const char* conf) ((log_target_syslog_param_t*)(self->param_))->facility_ = DAEMON; return 0; } - + if(end[1] == 0 || end[1] == ',') { free(logname); free(self->param_); return -1; } - + const char* start = end + 1; end = strchr(start, ','); int i; @@ -157,7 +157,7 @@ void log_target_syslog_log(log_target_t* self, log_prio_t prio, const char* msg) if(!self || !self->param_ || !self->opened_) return; - syslog((prio + 2) | ((log_target_syslog_param_t*)(self->param_))->facility_, "%s", msg); + syslog((prio + 2) | ((log_target_syslog_param_t*)(self->param_))->facility_, "%s", msg); } void log_target_syslog_close(log_target_t* self) @@ -209,7 +209,7 @@ int log_target_file_init(log_target_t* self, const char* conf) { if(!self || (conf && conf[0] == 0)) return -1; - + self->param_ = malloc(sizeof(log_target_file_param_t)); if(!self->param_) return -2; @@ -224,7 +224,7 @@ int log_target_file_init(log_target_t* self, const char* conf) if(!len) { free(self->param_); return -1; - } + } logfilename = malloc(len+1); if(logfilename) { strncpy(logfilename, conf, len); diff --git a/src/options.c b/src/options.c index 331a3c3..d3116ba 100644 --- a/src/options.c +++ b/src/options.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -152,9 +152,9 @@ int options_parse_hex_string(const char* hex, buffer_t* buffer) if(hex_len%2) return 1; - if(buffer->buf_) + if(buffer->buf_) free(buffer->buf_); - + buffer->length_ = hex_len/2; buffer->buf_ = malloc(buffer->length_); if(!buffer->buf_) { @@ -189,7 +189,7 @@ int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg) free(str); return 1; } - + ifcfg->prefix_length_ = atoi(ptr); ifcfg->net_addr_ = strdup(str); free(str); @@ -268,7 +268,7 @@ int options_parse(options_t* opt, int argc, char* argv[]) PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_) PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_) #endif - else + else return i; } if(ipv4_only && ipv6_only) @@ -308,13 +308,13 @@ void options_parse_post(options_t* opt) return; #ifndef NO_CRYPT - if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") && + if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") && strcmp(opt->kd_prf_, "null")) { if(opt->kd_prf_) free(opt->kd_prf_); opt->kd_prf_ = strdup("null"); } - if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) && + if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) && !strcmp(opt->kd_prf_, "null")) { log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!"); } @@ -433,14 +433,14 @@ void options_print_usage() printf(" [-C|--chroot] <path> chroot to this directory\n"); printf(" [-P|--write-pid] <path> write pid to this file\n"); printf(" [-i|--interface] <ip-address> local ip address to bind to\n"); - printf(" [-p|--port] <port> local port to bind to\n"); + printf(" [-p|--port] <port> local port to bind to (use port:port for range - RAIL)\n"); printf(" [-s|--sender-id ] <sender id> the sender id to use\n"); printf(" [-L|--log] <target>:<level>[,<param1>[,<param2>..]]\n"); printf(" add a log target, can be invoked several times\n"); printf(" [-U|--debug] don't daemonize and log to stdout with maximum log level\n"); printf(" [-r|--remote-host] <hostname|ip> remote host\n"); - printf(" [-o|--remote-port] <port> remote port\n"); + printf(" [-o|--remote-port] <port> remote port (use port:port for range - RAIL)\n"); printf(" [-4|--ipv4-only] always resolv IPv4 addresses\n"); printf(" [-6|--ipv6-only] always resolv IPv6 addresses\n"); printf(" [-d|--dev] <name> device name\n"); diff --git a/src/options.h b/src/options.h index 66c9e99..699f2c7 100644 --- a/src/options.h +++ b/src/options.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/plain_packet.c b/src/plain_packet.c index 29ba5fe..53bddb9 100644 --- a/src/plain_packet.c +++ b/src/plain_packet.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -77,7 +77,7 @@ void plain_packet_set_length(plain_packet_t* packet, u_int32_t len) { if(!packet) return; - + if(len > PLAIN_PACKET_SIZE_MAX) len = PLAIN_PACKET_SIZE_MAX - sizeof(payload_type_t); else if(len < sizeof(payload_type_t)) @@ -85,7 +85,7 @@ void plain_packet_set_length(plain_packet_t* packet, u_int32_t len) else len -= sizeof(payload_type_t); - packet->payload_length_ = len; + packet->payload_length_ = len; } u_int8_t* plain_packet_get_payload(plain_packet_t* packet) diff --git a/src/plain_packet.h b/src/plain_packet.h index 0dc62b7..54c0f8d 100644 --- a/src/plain_packet.h +++ b/src/plain_packet.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -41,7 +41,7 @@ #define PAYLOAD_TYPE_TAP 0x6558 #define PAYLOAD_TYPE_TUN 0x0000 #define PAYLOAD_TYPE_TUN4 0x0800 -#define PAYLOAD_TYPE_TUN6 0x86DD +#define PAYLOAD_TYPE_TUN6 0x86DD #define PAYLOAD_TYPE_UNKNOWN 0xFFFF struct plain_packet_struct { diff --git a/src/seq_window.c b/src/seq_window.c index 0f58adb..3a1355f 100644 --- a/src/seq_window.c +++ b/src/seq_window.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -152,12 +152,12 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr ptr->max_ -= SEQ_NR_MAX/2; else if(shifted == 2) ptr->max_ += SEQ_NR_MAX/2; - + return 0; } - + seq_nr_t diff = ptr->max_ - seq_nr; - window_size_t pos = diff > ptr->pos_ ? ptr->pos_ + win->size_ : ptr->pos_; + window_size_t pos = diff > ptr->pos_ ? ptr->pos_ + win->size_ : ptr->pos_; pos -= diff; if(shifted == 1) @@ -170,7 +170,7 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr return ret; } ptr = ptr->next_; - } + } if(!win->first_) { win->first_ = seq_win_new_element(sender_id, seq_nr, win->size_); if(!win->first_) @@ -184,7 +184,7 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr if(!ptr->next_) return -2; } - + return 0; } @@ -204,7 +204,7 @@ void seq_win_print(seq_win_t* win) printf("O"); else printf("."); - + if(i) i--; else diff --git a/src/seq_window.h b/src/seq_window.h index b699ee9..3a5478e 100644 --- a/src/seq_window.h +++ b/src/seq_window.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/sig_handler.c b/src/sig_handler.c index 7c5c695..c596339 100644 --- a/src/sig_handler.c +++ b/src/sig_handler.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/sig_handler.h b/src/sig_handler.h index 8219618..749c80d 100644 --- a/src/sig_handler.h +++ b/src/sig_handler.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/string_list.c b/src/string_list.c index 5e0ddf8..260dd92 100644 --- a/src/string_list.c +++ b/src/string_list.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -43,7 +43,7 @@ void string_list_init(string_list_t* list) { if(!list) return; - + list->first_ = NULL; } @@ -104,7 +104,7 @@ void string_list_print(string_list_t* list, const char* head, const char* tail) { if(!list) return; - + string_list_element_t* tmp = list->first_; while(tmp) { printf("%s%s%s", head, tmp->string_, tail); diff --git a/src/string_list.h b/src/string_list.h index 9e210ae..2e29822 100644 --- a/src/string_list.h +++ b/src/string_list.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * diff --git a/src/sysexec.c b/src/sysexec.c index 708d8d0..1191401 100644 --- a/src/sysexec.c +++ b/src/sysexec.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -82,7 +82,7 @@ int uanytun_exec(const char* script, char* const argv[], char* const evp[]) log_printf(WARNING, "can't open stderr"); } execve(script, argv, evp); - // if execve returns, an error occurred, but logging doesn't work + // if execve returns, an error occurred, but logging doesn't work // because we closed all file descriptors, so just write errno to // pipe and call exit int ret = write(pipefd[1], (void*)(&errno), sizeof(errno)); @@ -107,7 +107,7 @@ int uanytun_exec(const char* script, char* const argv[], char* const evp[]) } } if(WIFEXITED(status)) - log_printf(NOTICE, "script '%s' returned %d", script, WEXITSTATUS(status)); + log_printf(NOTICE, "script '%s' returned %d", script, WEXITSTATUS(status)); else if(WIFSIGNALED(status)) log_printf(NOTICE, "script '%s' terminated after signal %d", script, WTERMSIG(status)); else diff --git a/src/sysexec.h b/src/sysexec.h index faed8eb..7527584 100644 --- a/src/sysexec.h +++ b/src/sysexec.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -57,7 +57,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons int tun_init_post(tun_device_t* dev); void tun_do_ifconfig(tun_device_t* dev); void tun_close(tun_device_t* dev); - + int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len); int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len); diff --git a/src/tun_helper.h b/src/tun_helper.h index 9d55267..6417d1c 100644 --- a/src/tun_helper.h +++ b/src/tun_helper.h @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -92,7 +92,7 @@ const char* tun_get_type_string(tun_device_t* dev) { if(!dev || dev->fd_ < 0) return ""; - + switch(dev->type_) { case TYPE_UNDEF: return "undef"; break; diff --git a/src/uanytun.c b/src/uanytun.c index d804d05..1317de1 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -72,7 +72,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_ log_printf(ERROR, "could not initialize cipher of type %s", opt->cipher_); return ret; } - + #ifndef NO_CRYPT ret = auth_algo_init(aa, opt->auth_algo_); if(ret) { @@ -114,25 +114,25 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe log_printf(ERROR, "error on reading from device: %s", strerror(errno)); return 0; } - + plain_packet_set_payload_length(plain_packet, len); - + if(dev->type_ == TYPE_TUN) plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TUN); else if(dev->type_ == TYPE_TAP) - plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP); + plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP); else plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN); if(!sock->remote_end_set_) return 0; - - cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); - + + cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); + #ifndef NO_CRYPT auth_algo_generate(aa, kd, kd_outbound, encrypted_packet); #endif - + len = udp_write(sock, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet)); if(len == -1) log_printf(ERROR, "error on sending udp packet: %s", strerror(errno)); @@ -166,12 +166,12 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl return 0; } #endif - + if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { log_printf(WARNING, "wrong mux value, discarding packet"); return 0; } - + int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { log_printf(WARNING, "detected replay attack, discarding packet"); @@ -181,7 +181,7 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl log_printf(ERROR, "memory error at sequence window"); return -2; } - + udp_set_active_sock(sock, fd); if(remote.len_ != sock->remote_end_.len_ || memcmp(&(remote.addr_), &(sock->remote_end_.addr_), remote.len_)) { memcpy(&(sock->remote_end_.addr_), &(remote.addr_), remote.len_); @@ -196,14 +196,14 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl return 0; } - int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); - if(ret) + int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); + if(ret) return ret; - + len = tun_write(dev, plain_packet_get_payload(plain_packet), plain_packet_get_payload_length(plain_packet)); if(len == -1) log_printf(ERROR, "error on writing to device: %s", strerror(errno)); - + return 0; } @@ -269,7 +269,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) udp_socket_t* s = sock->socks_; while(s) { if(FD_ISSET(s->fd_, &readyfds)) { - return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); + return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); if(return_value) break; } @@ -311,7 +311,7 @@ int main(int argc, char* argv[]) options_print_version(); } - if(ret != -2 && ret != -5) + if(ret != -2 && ret != -5) options_print_usage(); if(ret == -1 || ret == -5) @@ -331,7 +331,7 @@ int main(int argc, char* argv[]) case -4: fprintf(stderr, "this log target is only allowed once: '%s', exitting\n", tmp->string_); break; default: fprintf(stderr, "syntax error near: '%s', exitting\n", tmp->string_); break; } - + options_clear(&opt); log_close(); exit(ret); @@ -420,7 +420,7 @@ int main(int argc, char* argv[]) options_clear(&opt); log_close(); exit(-1); - } + } if(opt.daemonize_) { pid_t oldpid = getpid(); @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * @@ -54,7 +54,7 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type) { - if(!sock || !port) + if(!sock || !port) return -1; sock->socks_ = NULL; @@ -110,7 +110,7 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ prev_sock->next_ = new_sock; prev_sock = new_sock; } - + memcpy(&(new_sock->local_end_.addr_), r->ai_addr, r->ai_addrlen); new_sock->local_end_.len_ = r->ai_addrlen; new_sock->fd_ = socket(new_sock->local_end_.addr_.ss_family, SOCK_DGRAM, 0); @@ -134,7 +134,7 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ udp_close(sock); return -1; } - + char* local_string = udp_endpoint_to_string(new_sock->local_end_); if(local_string) { log_printf(NOTICE, "listening on: %s", local_string); @@ -165,7 +165,7 @@ int udp_init_fd_set(udp_t* sock, fd_set* set) int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) { - if(!sock || !remote_addr || !port) + if(!sock || !remote_addr || !port) return -1; struct addrinfo hints, *res; @@ -232,10 +232,10 @@ void udp_close(udp_t* sock) while(sock->socks_) { if(sock->socks_->fd_ > 0) close(sock->socks_->fd_); - + udp_socket_t*s = sock->socks_; sock->socks_ = sock->socks_->next_; - + free(s); } sock->socks_ = NULL; @@ -245,13 +245,13 @@ char* udp_endpoint_to_string(udp_endpoint_t e) { char addrstr[INET6_ADDRSTRLEN + 1], portstr[6], *ret; char addrport_sep = ':'; - + switch(e.addr_.ss_family) { case AF_INET: addrport_sep = ':'; break; case AF_INET6: addrport_sep = '.'; break; case AF_UNSPEC: return NULL; - default: return strdup("unknown address type"); + default: return strdup("unknown address type"); } int errcode = getnameinfo((struct sockaddr *)&(e.addr_), e.len_, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST | NI_NUMERICSERV); @@ -268,7 +268,7 @@ char* udp_get_remote_end_string(udp_t* sock) return udp_endpoint_to_string(sock->remote_end_); } - + int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end) { if(!sock || !remote_end) @@ -284,4 +284,3 @@ int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len) return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->remote_end_.addr_), sock->remote_end_.len_); } - @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org> + * + * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org> * * This file is part of uAnytun. * |