From cf6655a6e29d23132190b6c04c08ab372214b9a4 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 7 Feb 2014 19:07:48 +0000 Subject: * inital commit for RAIL mode - added information about it at manpage - updated output for --help * white space cleanups * updated copyright header --- src/uanytun.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index d804d05..1317de1 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -13,9 +13,9 @@ * message authentication based on the methodes used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2010 Christian Pointner + * + * Copyright (C) 2007-2014 Christian Pointner * * This file is part of uAnytun. * @@ -72,7 +72,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_ log_printf(ERROR, "could not initialize cipher of type %s", opt->cipher_); return ret; } - + #ifndef NO_CRYPT ret = auth_algo_init(aa, opt->auth_algo_); if(ret) { @@ -114,25 +114,25 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe log_printf(ERROR, "error on reading from device: %s", strerror(errno)); return 0; } - + plain_packet_set_payload_length(plain_packet, len); - + if(dev->type_ == TYPE_TUN) plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TUN); else if(dev->type_ == TYPE_TAP) - plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP); + plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP); else plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN); if(!sock->remote_end_set_) return 0; - - cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); - + + cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); + #ifndef NO_CRYPT auth_algo_generate(aa, kd, kd_outbound, encrypted_packet); #endif - + len = udp_write(sock, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet)); if(len == -1) log_printf(ERROR, "error on sending udp packet: %s", strerror(errno)); @@ -166,12 +166,12 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl return 0; } #endif - + if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { log_printf(WARNING, "wrong mux value, discarding packet"); return 0; } - + int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { log_printf(WARNING, "detected replay attack, discarding packet"); @@ -181,7 +181,7 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl log_printf(ERROR, "memory error at sequence window"); return -2; } - + udp_set_active_sock(sock, fd); if(remote.len_ != sock->remote_end_.len_ || memcmp(&(remote.addr_), &(sock->remote_end_.addr_), remote.len_)) { memcpy(&(sock->remote_end_.addr_), &(remote.addr_), remote.len_); @@ -196,14 +196,14 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl return 0; } - int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); - if(ret) + int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); + if(ret) return ret; - + len = tun_write(dev, plain_packet_get_payload(plain_packet), plain_packet_get_payload_length(plain_packet)); if(len == -1) log_printf(ERROR, "error on writing to device: %s", strerror(errno)); - + return 0; } @@ -269,7 +269,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) udp_socket_t* s = sock->socks_; while(s) { if(FD_ISSET(s->fd_, &readyfds)) { - return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); + return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); if(return_value) break; } @@ -311,7 +311,7 @@ int main(int argc, char* argv[]) options_print_version(); } - if(ret != -2 && ret != -5) + if(ret != -2 && ret != -5) options_print_usage(); if(ret == -1 || ret == -5) @@ -331,7 +331,7 @@ int main(int argc, char* argv[]) case -4: fprintf(stderr, "this log target is only allowed once: '%s', exitting\n", tmp->string_); break; default: fprintf(stderr, "syntax error near: '%s', exitting\n", tmp->string_); break; } - + options_clear(&opt); log_close(); exit(ret); @@ -420,7 +420,7 @@ int main(int argc, char* argv[]) options_clear(&opt); log_close(); exit(-1); - } + } if(opt.daemonize_) { pid_t oldpid = getpid(); -- cgit v1.2.3 From 5d24910be65973162960748d03bed221b63e3bc7 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 9 Feb 2014 13:25:44 +0000 Subject: refactored name --- src/uanytun.c | 2 +- src/udp.c | 2 +- src/udp.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 1317de1..a0265d5 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -387,7 +387,7 @@ int main(int argc, char* argv[]) } if(opt.remote_addr_) { - if(!udp_set_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_)) { + if(!udp_resolv_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_)) { char* remote_string = udp_get_remote_end_string(&sock); if(remote_string) { log_printf(NOTICE, "set remote end to: %s", remote_string); diff --git a/src/udp.c b/src/udp.c index 6173f7f..b75a8e6 100644 --- a/src/udp.c +++ b/src/udp.c @@ -163,7 +163,7 @@ int udp_init_fd_set(udp_t* sock, fd_set* set) return max_fd; } -int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) +int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) { if(!sock || !remote_addr || !port) return -1; diff --git a/src/udp.h b/src/udp.h index ca2a00a..284d41f 100644 --- a/src/udp.h +++ b/src/udp.h @@ -63,7 +63,7 @@ typedef struct udp_struct udp_t; int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type); int udp_init_fd_set(udp_t* sock, fd_set* set); -int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); +int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); void udp_set_active_sock(udp_t* sock, int fd); void udp_close(udp_t* sock); -- cgit v1.2.3 From 8f720015cbec4c29b8264c126875bcef5c0a08a3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 9 Feb 2014 13:43:13 +0000 Subject: remote end is now stored at every sock --- src/uanytun.c | 17 ++++++++++------- src/udp.c | 22 ++++++++++++---------- src/udp.h | 4 ++-- 3 files changed, 24 insertions(+), 19 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index a0265d5..3473b24 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -124,7 +124,7 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe else plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN); - if(!sock->remote_end_set_) + if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_) return 0; cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); @@ -183,12 +183,15 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl } udp_set_active_sock(sock, fd); - if(remote.len_ != sock->remote_end_.len_ || memcmp(&(remote.addr_), &(sock->remote_end_.addr_), remote.len_)) { - memcpy(&(sock->remote_end_.addr_), &(remote.addr_), remote.len_); - sock->remote_end_set_ = 1; - char* addrstring = udp_endpoint_to_string(remote); - log_printf(NOTICE, "autodetected remote host changed %s", addrstring); - free(addrstring); + if(sock->active_sock_) { + if(remote.len_ != sock->active_sock_->remote_end_.len_ || + memcmp(&(remote.addr_), &(sock->active_sock_->remote_end_.addr_), remote.len_)) { + memcpy(&(sock->active_sock_->remote_end_.addr_), &(remote.addr_), remote.len_); + sock->active_sock_->remote_end_set_ = 1; + char* addrstring = udp_endpoint_to_string(remote); + log_printf(NOTICE, "autodetected remote host changed %s", addrstring); + free(addrstring); + } } if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) { diff --git a/src/udp.c b/src/udp.c index b75a8e6..883e9fc 100644 --- a/src/udp.c +++ b/src/udp.c @@ -59,9 +59,6 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ sock->socks_ = NULL; sock->active_sock_ = NULL; - memset(&(sock->remote_end_.addr_), 0, sizeof(sock->remote_end_.addr_)); - sock->remote_end_.len_ = sizeof(sock->remote_end_.addr_); - sock->remote_end_set_ = 0; struct addrinfo hints, *res; @@ -100,6 +97,9 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ } memset(&(new_sock->local_end_.addr_), 0, sizeof(new_sock->local_end_.addr_)); new_sock->local_end_.len_ = sizeof(new_sock->local_end_.addr_); + memset(&(new_sock->remote_end_.addr_), 0, sizeof(new_sock->remote_end_.addr_)); + new_sock->remote_end_.len_ = sizeof(new_sock->remote_end_.addr_); + new_sock->remote_end_set_ = 0; new_sock->next_ = NULL; if(!sock->socks_) { @@ -189,9 +189,6 @@ int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, re log_printf(ERROR, "getaddrinfo returned no address for %s:%s", remote_addr, port); return -1; } - memcpy(&(sock->remote_end_.addr_), res->ai_addr, res->ai_addrlen); - sock->remote_end_.len_ = res->ai_addrlen; - sock->remote_end_set_ = 1; if(!sock->active_sock_) { udp_socket_t* s = sock->socks_; @@ -203,6 +200,11 @@ int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, re s = s->next_; } } + if(sock->active_sock_) { + memcpy(&(sock->active_sock_->remote_end_.addr_), res->ai_addr, res->ai_addrlen); + sock->active_sock_->remote_end_.len_ = res->ai_addrlen; + sock->active_sock_->remote_end_set_ = 1; + } freeaddrinfo(res); @@ -263,10 +265,10 @@ char* udp_endpoint_to_string(udp_endpoint_t e) char* udp_get_remote_end_string(udp_t* sock) { - if(!sock || !sock->remote_end_set_) + if(!sock || !sock->active_sock_->remote_end_set_) return NULL; - return udp_endpoint_to_string(sock->remote_end_); + return udp_endpoint_to_string(sock->active_sock_->remote_end_); } int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end) @@ -279,8 +281,8 @@ int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len) { - if(!sock || !sock->remote_end_set_ || !sock->active_sock_) + if(!sock || !sock->active_sock_ || !sock->active_sock_->remote_end_set_) return 0; - return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->remote_end_.addr_), sock->remote_end_.len_); + return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->active_sock_->remote_end_.addr_), sock->active_sock_->remote_end_.len_); } diff --git a/src/udp.h b/src/udp.h index 284d41f..2684c13 100644 --- a/src/udp.h +++ b/src/udp.h @@ -49,6 +49,8 @@ typedef struct { struct udp_socket_struct { int fd_; udp_endpoint_t local_end_; + udp_endpoint_t remote_end_; + int remote_end_set_; struct udp_socket_struct* next_; }; typedef struct udp_socket_struct udp_socket_t; @@ -56,8 +58,6 @@ typedef struct udp_socket_struct udp_socket_t; struct udp_struct { udp_socket_t* socks_; udp_socket_t* active_sock_; - udp_endpoint_t remote_end_; - int remote_end_set_; }; typedef struct udp_struct udp_t; -- cgit v1.2.3 From 72fa004f63e49103512ba3c29836f2cdeda19423 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 9 Feb 2014 23:12:44 +0000 Subject: moved remote end handling and active sock to udp.c --- src/uanytun.c | 14 ++------------ src/udp.c | 56 ++++++++++++++++++++++++++++++++++++++++++-------------- src/udp.h | 5 +++-- 3 files changed, 47 insertions(+), 28 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 3473b24..674e7bb 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -124,7 +124,7 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe else plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN); - if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_) + if(!udp_has_remote(sock)) return 0; cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); @@ -182,17 +182,7 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl return -2; } - udp_set_active_sock(sock, fd); - if(sock->active_sock_) { - if(remote.len_ != sock->active_sock_->remote_end_.len_ || - memcmp(&(remote.addr_), &(sock->active_sock_->remote_end_.addr_), remote.len_)) { - memcpy(&(sock->active_sock_->remote_end_.addr_), &(remote.addr_), remote.len_); - sock->active_sock_->remote_end_set_ = 1; - char* addrstring = udp_endpoint_to_string(remote); - log_printf(NOTICE, "autodetected remote host changed %s", addrstring); - free(addrstring); - } - } + udp_update_remote(sock, fd, &remote); if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) { log_printf(WARNING, "ignoring packet with zero length payload"); diff --git a/src/udp.c b/src/udp.c index 883e9fc..e774ef4 100644 --- a/src/udp.c +++ b/src/udp.c @@ -135,7 +135,7 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ return -1; } - char* local_string = udp_endpoint_to_string(new_sock->local_end_); + char* local_string = udp_endpoint_to_string(&(new_sock->local_end_)); if(local_string) { log_printf(NOTICE, "listening on: %s", local_string); free(local_string); @@ -163,6 +163,14 @@ int udp_init_fd_set(udp_t* sock, fd_set* set) return max_fd; } +int udp_has_remote(udp_t* sock) +{ + if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_) + return 0; + + return 1; +} + int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) { if(!sock || !remote_addr || !port) @@ -211,18 +219,35 @@ int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, re return 0; } -void udp_set_active_sock(udp_t* sock, int fd) +void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote) { - if(!sock || (sock->active_sock_ && sock->active_sock_->fd_ == fd)) + if(!sock) return; - udp_socket_t* s = sock->socks_; - while(s) { - if(s->fd_ == fd) { - sock->active_sock_ = s; - return; + if(!(sock->active_sock_) || sock->active_sock_->fd_ == fd) { + udp_socket_t* s = sock->socks_; + while(s) { + if(s->fd_ == fd) { + sock->active_sock_ = s; + break; + } + s = s->next_; + } + } + + if(!remote) + return; + + if(sock->active_sock_) { + if(remote->len_ != sock->active_sock_->remote_end_.len_ || + memcmp(&(remote->addr_), &(sock->active_sock_->remote_end_.addr_), remote->len_)) { + memcpy(&(sock->active_sock_->remote_end_.addr_), &(remote->addr_), remote->len_); + sock->active_sock_->remote_end_.len_ = remote->len_; + sock->active_sock_->remote_end_set_ = 1; + char* addrstring = udp_endpoint_to_string(remote); + log_printf(NOTICE, "autodetected remote host changed %s", addrstring); + free(addrstring); } - s = s->next_; } } @@ -243,20 +268,23 @@ void udp_close(udp_t* sock) sock->socks_ = NULL; } -char* udp_endpoint_to_string(udp_endpoint_t e) +char* udp_endpoint_to_string(udp_endpoint_t* e) { + if(!e) + return strdup(""); + char addrstr[INET6_ADDRSTRLEN + 1], portstr[6], *ret; char addrport_sep = ':'; - switch(e.addr_.ss_family) + switch(e->addr_.ss_family) { case AF_INET: addrport_sep = ':'; break; case AF_INET6: addrport_sep = '.'; break; case AF_UNSPEC: return NULL; - default: return strdup("unknown address type"); + default: return strdup(""); } - int errcode = getnameinfo((struct sockaddr *)&(e.addr_), e.len_, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST | NI_NUMERICSERV); + int errcode = getnameinfo((struct sockaddr *)&(e->addr_), e->len_, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST | NI_NUMERICSERV); if (errcode != 0) return NULL; int len = asprintf(&ret, "%s%c%s", addrstr, addrport_sep ,portstr); if(len == -1) return NULL; @@ -268,7 +296,7 @@ char* udp_get_remote_end_string(udp_t* sock) if(!sock || !sock->active_sock_->remote_end_set_) return NULL; - return udp_endpoint_to_string(sock->active_sock_->remote_end_); + return udp_endpoint_to_string(&(sock->active_sock_->remote_end_)); } int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end) diff --git a/src/udp.h b/src/udp.h index 2684c13..ffc87d6 100644 --- a/src/udp.h +++ b/src/udp.h @@ -63,11 +63,12 @@ typedef struct udp_struct udp_t; int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type); int udp_init_fd_set(udp_t* sock, fd_set* set); +int udp_has_remote(udp_t* sock); int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); -void udp_set_active_sock(udp_t* sock, int fd); +void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote); void udp_close(udp_t* sock); -char* udp_endpoint_to_string(udp_endpoint_t e); +char* udp_endpoint_to_string(udp_endpoint_t* e); char* udp_get_remote_end_string(udp_t* sock); int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end); -- cgit v1.2.3 From acbad345d0ae2c197e51ec66c9b9c0e0a1cd991e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 10 Feb 2014 00:05:52 +0000 Subject: improved handling of sequence numbers (only increment if packet is sent) --- src/uanytun.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 674e7bb..5b30b54 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -104,7 +104,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_ } int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packet_t* plain_packet, encrypted_packet_t* encrypted_packet, - cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t seq_nr) + cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t* seq_nr) { plain_packet_set_payload_length(plain_packet, -1); encrypted_packet_set_length(encrypted_packet, -1); @@ -127,8 +127,8 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe if(!udp_has_remote(sock)) return 0; - cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); - + cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, *seq_nr, opt->sender_id_, opt->mux_); + (*seq_nr)++; #ifndef NO_CRYPT auth_algo_generate(aa, kd, kd_outbound, encrypted_packet); #endif @@ -253,8 +253,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) } if(FD_ISSET(dev->fd_, &readyfds)) { - return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, seq_nr); - seq_nr++; + return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_nr); if(return_value) break; } -- cgit v1.2.3 From 5c9ae52239d7185b98a3eed64899fbce73942706 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 10 Feb 2014 01:28:44 +0000 Subject: moved less invasive check for mux value to the top --- src/uanytun.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 5b30b54..edb0bfe 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -153,13 +153,17 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl if(len == -1) { log_printf(ERROR, "error on receiving udp packet: %s", strerror(errno)); return 0; - } - else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) { + } else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) { log_printf(WARNING, "received packet is too short"); return 0; } encrypted_packet_set_length(encrypted_packet, len); + if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { + log_printf(WARNING, "wrong mux value, discarding packet"); + return 0; + } + #ifndef NO_CRYPT if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) { log_printf(WARNING, "wrong authentication tag, discarding packet"); @@ -167,17 +171,11 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl } #endif - if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) { - log_printf(WARNING, "wrong mux value, discarding packet"); - return 0; - } - int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { log_printf(WARNING, "detected replay attack, discarding packet"); return 0; - } - else if(result < 0) { + } else if(result < 0) { log_printf(ERROR, "memory error at sequence window"); return -2; } -- cgit v1.2.3 From 0b0b66bdeab69e0cd95f657ddee5bab5c0c7187c Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 10 Feb 2014 19:54:17 +0000 Subject: added explicit option for RAIL mode --- doc/uanytun.8 | 18 ++++++++++++++---- doc/uanytun.8.txt | 7 ++++++- src/options.c | 5 ++++- src/options.h | 1 + src/uanytun.c | 2 +- src/udp.c | 6 +++++- src/udp.h | 3 ++- 7 files changed, 33 insertions(+), 9 deletions(-) (limited to 'src/uanytun.c') diff --git a/doc/uanytun.8 b/doc/uanytun.8 index 4e60f6b..4fe8184 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -2,12 +2,12 @@ .\" Title: uanytun .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 02/07/2014 +.\" Date: 02/10/2014 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" -.TH "UANYTUN" "8" "02/07/2014" "\ \&" "\ \&" +.TH "UANYTUN" "8" "02/10/2014" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -43,6 +43,7 @@ uanytun \- micro anycast tunneling daemon [ \fB\-U|\-\-debug\fR ] [ \fB\-i|\-\-interface\fR ] [ \fB\-p|\-\-port\fR [:] ] + [ \fB\-Y|\-\-rail\-mode\fR ] [ \fB\-r|\-\-remote\-host\fR ] [ \fB\-o|\-\-remote\-port\fR [:] ] [ \fB\-4|\-\-ipv4\-only\fR ] @@ -150,9 +151,18 @@ This IP address is used as the sender address for outgoing packets\&. The defaul .PP \fB\-p, \-\-port \fR\fB\fI[:]\fR\fR .RS 4 -The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. The default port is 4444\&. You can also specify a port range which enables +The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. The default port is 4444\&. In \fBRAIL\fR -mode\&. See section +mode you must specify a port range\&. See section +\fBRAIL\fR +below to find out what this is\&. +.RE +.PP +\fB\-Y, \-\-rail\-mode\fR +.RS 4 +This option instructs +\fBuAnytun\fR +to run in RAIL mode\&. See section \fBRAIL\fR below to find out what this is\&. .RE diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index 5a75bcb..5bb236f 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -22,6 +22,7 @@ uanytun [ -U|--debug ] [ -i|--interface ] [ -p|--port [:] ] + [ -Y|--rail-mode ] [ -r|--remote-host ] [ -o|--remote-port [:] ] [ -4|--ipv4-only ] @@ -114,7 +115,11 @@ passed to the daemon: The local UDP port that is used to send and receive the payload data. The two tunnel endpoints can use different ports. The default port is 4444. - You can also specify a port range which enables *RAIL* mode. See section + In *RAIL* mode you must specify a port range. See section + *RAIL* below to find out what this is. + +*-Y, --rail-mode*:: + This option instructs *uAnytun* to run in RAIL mode. See section *RAIL* below to find out what this is. *-r, --remote-host ''*:: diff --git a/src/options.c b/src/options.c index 3271c06..240a286 100644 --- a/src/options.c +++ b/src/options.c @@ -209,7 +209,6 @@ int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg) return 1; } - int options_parse(options_t* opt, int argc, char* argv[]) { if(!opt) @@ -246,6 +245,7 @@ int options_parse(options_t* opt, int argc, char* argv[]) PARSE_INT_PARAM("-s","--sender-id", opt->sender_id_) PARSE_STRING_LIST("-L","--log", opt->log_targets_) PARSE_BOOL_PARAM("-U", "--debug", opt->debug_) + PARSE_BOOL_PARAM("-Y", "--rail-mode", opt->rail_mode_) PARSE_STRING_PARAM("-r","--remote-host", opt->remote_addr_) PARSE_STRING_PARAM("-o","--remote-port", opt->remote_port_) PARSE_BOOL_PARAM("-4","--ipv4-only", ipv4_only) @@ -347,6 +347,7 @@ void options_default(options_t* opt) opt->local_addr_ = NULL; opt->local_port_ = strdup("4444"); opt->sender_id_ = 0; + opt->rail_mode_ = 0; opt->remote_addr_ = NULL; opt->remote_port_ = strdup("4444"); opt->resolv_addr_type_ = ANY; @@ -439,6 +440,7 @@ void options_print_usage() printf(" add a log target, can be invoked several times\n"); printf(" [-U|--debug] don't daemonize and log to stdout with maximum log level\n"); + printf(" [-Y|--rail-mode] enable RAIL mode\n"); printf(" [-r|--remote-host] remote host\n"); printf(" [-o|--remote-port] [:] remote port (use port:port for range - RAIL)\n"); printf(" [-4|--ipv4-only] always resolv IPv4 addresses\n"); @@ -487,6 +489,7 @@ void options_print(options_t* opt) printf("local_addr: '%s'\n", opt->local_addr_); printf("local_port: '%s'\n", opt->local_port_); printf("sender_id: %d\n", opt->sender_id_); + printf("rail-mode: %s\n", !opt->rail_mode_ ? "false" : "true"); printf("remote_addr: '%s'\n", opt->remote_addr_); printf("remote_port: '%s'\n", opt->remote_port_); printf("resolv_addr_type: "); diff --git a/src/options.h b/src/options.h index 699f2c7..05f1c21 100644 --- a/src/options.h +++ b/src/options.h @@ -62,6 +62,7 @@ struct options_struct { char* local_addr_; char* local_port_; sender_id_t sender_id_; + int rail_mode_; char* remote_addr_; char* remote_port_; resolv_addr_type_t resolv_addr_type_; diff --git a/src/uanytun.c b/src/uanytun.c index edb0bfe..c23294c 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -367,7 +367,7 @@ int main(int argc, char* argv[]) udp_t sock; - ret = udp_init(&sock, opt.local_addr_, opt.local_port_, opt.resolv_addr_type_); + ret = udp_init(&sock, opt.local_addr_, opt.local_port_, opt.resolv_addr_type_, opt.rail_mode_); if(ret) { log_printf(ERROR, "error on udp_init, exitting"); tun_close(&dev); diff --git a/src/udp.c b/src/udp.c index e774ef4..f81dee7 100644 --- a/src/udp.c +++ b/src/udp.c @@ -52,13 +52,14 @@ #include #include -int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type) +int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type, int rail_mode) { if(!sock || !port) return -1; sock->socks_ = NULL; sock->active_sock_ = NULL; + sock->rail_mode_ = rail_mode; struct addrinfo hints, *res; @@ -146,6 +147,9 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ freeaddrinfo(res); + if(sock->rail_mode_) + log_printf(NOTICE, "RAIL mode enabled"); + return 0; } diff --git a/src/udp.h b/src/udp.h index ffc87d6..8f54ed4 100644 --- a/src/udp.h +++ b/src/udp.h @@ -58,10 +58,11 @@ typedef struct udp_socket_struct udp_socket_t; struct udp_struct { udp_socket_t* socks_; udp_socket_t* active_sock_; + int rail_mode_; }; typedef struct udp_struct udp_t; -int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type); +int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type, int rail_mode); int udp_init_fd_set(udp_t* sock, fd_set* set); int udp_has_remote(udp_t* sock); int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); -- cgit v1.2.3 From 935e861444060673e40204f435e01ffe18a0d63e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 11 Feb 2014 20:24:50 +0000 Subject: depending on rail mode call update_remote before or after seq_window check --- src/uanytun.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index c23294c..6ebd721 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -171,6 +171,9 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl } #endif + if(sock->rail_mode_) + udp_update_remote(sock, fd, &remote); + int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { log_printf(WARNING, "detected replay attack, discarding packet"); @@ -180,7 +183,8 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl return -2; } - udp_update_remote(sock, fd, &remote); + if(!sock->rail_mode_) + udp_update_remote(sock, fd, &remote); if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) { log_printf(WARNING, "ignoring packet with zero length payload"); -- cgit v1.2.3 From f32ba56f0e81554647c34935862928351df4f7ea Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 13 Feb 2014 21:02:43 +0000 Subject: removed useless remote_end_to_string added rail version vor udp_write --- src/uanytun.c | 11 ++--------- src/udp.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++------------ src/udp.h | 1 - 3 files changed, 48 insertions(+), 22 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 6ebd721..75d21ce 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -380,15 +380,8 @@ int main(int argc, char* argv[]) exit(ret); } - if(opt.remote_addr_) { - if(!udp_resolv_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_)) { - char* remote_string = udp_get_remote_end_string(&sock); - if(remote_string) { - log_printf(NOTICE, "set remote end to: %s", remote_string); - free(remote_string); - } - } - } + if(opt.remote_addr_) + udp_resolv_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_); FILE* pid_file = NULL; diff --git a/src/udp.c b/src/udp.c index 635b310..43b2cfe 100644 --- a/src/udp.c +++ b/src/udp.c @@ -209,10 +209,17 @@ int udp_init_fd_set(udp_t* sock, fd_set* set) int udp_has_remote(udp_t* sock) { - if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_) + if(!sock->rail_mode_ && (!sock->active_sock_ || !sock->active_sock_->remote_end_set_)) return 0; - return 1; + udp_socket_t* s = sock->socks_; + while(s) { + if(s->remote_end_set_) + return 1; + s = s->next_; + } + + return 0; } int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type) @@ -259,6 +266,11 @@ int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, re memcpy(&(sock->active_sock_->remote_end_.addr_), r->ai_addr, r->ai_addrlen); sock->active_sock_->remote_end_.len_ = r->ai_addrlen; sock->active_sock_->remote_end_set_ = 1; + char* remote_string = udp_endpoint_to_string(&(sock->active_sock_->remote_end_)); + if(remote_string) { + log_printf(NOTICE, "set remote end to: %s", remote_string); + free(remote_string); + } break; } @@ -343,26 +355,48 @@ char* udp_endpoint_to_string(udp_endpoint_t* e) return ret; } -char* udp_get_remote_end_string(udp_t* sock) -{ - if(!sock || !(sock->active_sock_) || !(sock->active_sock_->remote_end_set_)) - return NULL; - - return udp_endpoint_to_string(&(sock->active_sock_->remote_end_)); -} int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end) { - if(!sock || !remote_end) + if(!sock || !buf || !remote_end) return -1; return recvfrom(fd, buf, len, 0, (struct sockaddr *)&(remote_end->addr_), &(remote_end->len_)); } -int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len) + +static int udp_write_active_sock(udp_t* sock, u_int8_t* buf, u_int32_t len) { - if(!sock || !sock->active_sock_ || !sock->active_sock_->remote_end_set_) + if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_) return 0; return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->active_sock_->remote_end_.addr_), sock->active_sock_->remote_end_.len_); } + +static int udp_write_rail(udp_t* sock, u_int8_t* buf, u_int32_t len) +{ + int i=0; + + udp_socket_t* s = sock->socks_; + while(s) { + if(s->remote_end_set_) { + sendto(s->fd_, buf, len, 0, (struct sockaddr *)&(s->remote_end_.addr_), s->remote_end_.len_); + i++; + } + s = s->next_; + } + + log_printf(DEBUG, "sent %d Bytes to %d sockets", len, i); + return len; +} + +int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len) +{ + if(!sock || !buf) + return 0; + + if(sock->rail_mode_) + return udp_write_rail(sock, buf, len); + + return udp_write_active_sock(sock, buf, len); +} diff --git a/src/udp.h b/src/udp.h index 8f54ed4..5b74c2d 100644 --- a/src/udp.h +++ b/src/udp.h @@ -70,7 +70,6 @@ void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote); void udp_close(udp_t* sock); char* udp_endpoint_to_string(udp_endpoint_t* e); -char* udp_get_remote_end_string(udp_t* sock); int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end); int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len); -- cgit v1.2.3 From 11bf4cad5161328ace3da83554ca93c6e9d16892 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 13 Feb 2014 23:09:40 +0000 Subject: clearing sequence window when receiving SIGHUP --- src/sig_handler.c | 2 +- src/uanytun.c | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/sig_handler.c b/src/sig_handler.c index c596339..69b96e3 100644 --- a/src/sig_handler.c +++ b/src/sig_handler.c @@ -129,7 +129,7 @@ int signal_handle() case SIGINT: log_printf(NOTICE, "SIG-Int caught, exitting"); return_value = 1; break; case SIGQUIT: log_printf(NOTICE, "SIG-Quit caught, exitting"); return_value = 1; break; case SIGTERM: log_printf(NOTICE, "SIG-Term caught, exitting"); return_value = 1; break; - case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); break; + case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); return_value = 2; break; case SIGUSR1: log_printf(NOTICE, "SIG-Usr1 caught"); break; case SIGUSR2: log_printf(NOTICE, "SIG-Usr2 caught"); break; default: log_printf(WARNING, "unknown signal %d caught, ignoring", sig); break; diff --git a/src/uanytun.c b/src/uanytun.c index 75d21ce..bb573d7 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -248,10 +248,16 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) continue; if(FD_ISSET(sig_fd, &readyfds)) { - if(signal_handle()) { - return_value = 1; + return_value = signal_handle(); + if(return_value == 1) break; + else if(return_value == 2) { + seq_win_clear(&seq_win); + log_printf(NOTICE, "sequence window cleared"); + return_value = 0; } + else + return_value = 0; } if(FD_ISSET(dev->fd_, &readyfds)) { -- cgit v1.2.3 From b42ea191d55a7a98c7ba0373d92eaea663b5d350 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 13 Feb 2014 23:50:34 +0000 Subject: renamed udp fd_set function --- src/uanytun.c | 2 +- src/udp.c | 2 +- src/udp.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index bb573d7..3f21cfa 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -225,7 +225,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) FD_ZERO(&readfds); FD_SET(dev->fd_, &readfds); - int nfds = udp_init_fd_set(sock, &readfds); + int nfds = udp_fill_fd_set(sock, &readfds); nfds = dev->fd_ > nfds ? dev->fd_ : nfds; int return_value = 0; diff --git a/src/udp.c b/src/udp.c index 1257b07..a556923 100644 --- a/src/udp.c +++ b/src/udp.c @@ -195,7 +195,7 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_ return 0; } -int udp_init_fd_set(udp_t* sock, fd_set* set) +int udp_fill_fd_set(udp_t* sock, fd_set* set) { int max_fd = 0; diff --git a/src/udp.h b/src/udp.h index 355a761..3e81650 100644 --- a/src/udp.h +++ b/src/udp.h @@ -64,7 +64,7 @@ struct udp_struct { typedef struct udp_struct udp_t; int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type, int rail_mode); -int udp_init_fd_set(udp_t* sock, fd_set* set); +int udp_fill_fd_set(udp_t* sock, fd_set* set); int udp_has_remote(udp_t* sock); int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type); void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote); -- cgit v1.2.3 From 804b774416f86f358897345f1d15674ff46d7acf Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 19 Feb 2014 22:42:18 +0000 Subject: also resetting seq_nr on HUP signal --- src/uanytun.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 3f21cfa..392c055 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -253,6 +253,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt) break; else if(return_value == 2) { seq_win_clear(&seq_win); + seq_nr = 0; log_printf(NOTICE, "sequence window cleared"); return_value = 0; } -- cgit v1.2.3 From 963cfb6b627555c85e3f4cc871b2d9058075858f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 19 Feb 2014 23:10:41 +0000 Subject: disable replay attack warning when in rail mode --- src/uanytun.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/uanytun.c') diff --git a/src/uanytun.c b/src/uanytun.c index 392c055..3453a38 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -176,7 +176,8 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet)); if(result > 0) { - log_printf(WARNING, "detected replay attack, discarding packet"); + if(!(sock->rail_mode_)) + log_printf(WARNING, "detected replay attack, discarding packet"); return 0; } else if(result < 0) { log_printf(ERROR, "memory error at sequence window"); -- cgit v1.2.3 From d201613b477106ba85e32845542d5f73163fe5d5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 29 Jun 2014 15:53:21 +0000 Subject: merged trunk changes to rail branch --- ChangeLog | 7 ++- LICENSE | 18 +++++++- README | 14 ++++-- doc/Makefile | 15 +++++- src/Makefile | 15 +++++- src/auth_algo.c | 77 +++++++++++++++++++++---------- src/auth_algo.h | 31 ++++++++++--- src/bsd/tun.c | 15 +++++- src/cipher.c | 62 +++++++++++++++++++------ src/cipher.h | 31 ++++++++++--- src/configure | 29 ++++++++++-- src/daemon.h | 15 +++++- src/datatypes.h | 15 +++++- src/encrypted_packet.c | 15 +++++- src/encrypted_packet.h | 15 +++++- src/init_crypt.h | 41 +++++++++++++---- src/key_derivation.c | 122 +++++++++++++++++++++++++++++++++---------------- src/key_derivation.h | 31 ++++++++++--- src/linux/tun.c | 15 +++++- src/log.c | 15 +++++- src/log.h | 15 +++++- src/log_targets.h | 15 +++++- src/options.c | 15 +++++- src/options.h | 15 +++++- src/plain_packet.c | 15 +++++- src/plain_packet.h | 15 +++++- src/seq_window.c | 17 ++++++- src/seq_window.h | 15 +++++- src/sig_handler.c | 15 +++++- src/sig_handler.h | 15 +++++- src/string_list.c | 15 +++++- src/string_list.h | 15 +++++- src/sysexec.c | 15 +++++- src/sysexec.h | 15 +++++- src/tun.h | 15 +++++- src/tun_helper.h | 15 +++++- src/uanytun.c | 15 +++++- src/udp.c | 15 +++++- src/udp.h | 15 +++++- 39 files changed, 738 insertions(+), 147 deletions(-) (limited to 'src/uanytun.c') diff --git a/ChangeLog b/ChangeLog index 4022f95..18ad3b8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,12 @@ * added RAIL mode -2014.06.08 -- Version 0.3.5 +2014.06.21 -- Version 0.3.5 + +* added support for libnettle as crypt library +* added an exception to the license which allows linking with OpenSSL + +2014.06.08 -- Version 0.3.4 * fixed build issues for clang * refactored the multi socket support diff --git a/LICENSE b/LICENSE index caee980..8146513 100644 --- a/LICENSE +++ b/LICENSE @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,7 +31,23 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + * */ + + GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 diff --git a/README b/README index 10c3b10..e2e0d75 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt, libnettle or the openssl-crypto +library. The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -20,7 +20,13 @@ using ssl crypto library: build-essential libssl-dev +using nettle crypto library: + + build-essential + nettle-dev + if you want clang as compiler + clang if you want to rebuild the manpage: @@ -56,10 +62,9 @@ Installation Getting the source via subversion: ---------------------------------- -svn co https://svn.anytun.org/uanytun/trunk uanytun +svn co http://svn.anytun.org/uanytun/trunk uanytun cd uanytun - Building from source -------------------- @@ -75,6 +80,7 @@ using ssl crypto library: # ./configure --use-ssl-crypto # make + Notes: - try './configure --help' for further information - if using openssl pre 0.9.8 you have to disable passphrase diff --git a/doc/Makefile b/doc/Makefile index 3a1a672..1e4b315 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -10,7 +10,7 @@ ## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel ## mode and allows tunneling of every ETHER TYPE protocol (e.g. ## ethernet, ip, arp ...). satp directly includes cryptography and -## message authentication based on the methodes used by SRTP. It is +## message authentication based on the methods used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. ## @@ -32,6 +32,19 @@ ## You should have received a copy of the GNU General Public License ## along with uAnytun. If not, see . ## +## In addition, as a special exception, the copyright holders give +## permission to link the code of portions of this program with the +## OpenSSL library under certain conditions as described in each +## individual source file, and distribute linked combinations +## including the two. +## You must obey the GNU General Public License in all respects +## for all of the code used other than OpenSSL. If you modify +## file(s) with this exception, you may extend this exception to your +## version of the file(s), but you are not obligated to do so. If you +## do not wish to do so, delete this exception statement from your +## version. If you delete this exception statement from all source +## files in the program, then also delete it here. +## VERSION=$(shell cat ../version) diff --git a/src/Makefile b/src/Makefile index 6653b60..feccbaa 100644 --- a/src/Makefile +++ b/src/Makefile @@ -10,7 +10,7 @@ ## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel ## mode and allows tunneling of every ETHER TYPE protocol (e.g. ## ethernet, ip, arp ...). satp directly includes cryptography and -## message authentication based on the methodes used by SRTP. It is +## message authentication based on the methods used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. ## @@ -32,6 +32,19 @@ ## You should have received a copy of the GNU General Public License ## along with uAnytun. If not, see . ## +## In addition, as a special exception, the copyright holders give +## permission to link the code of portions of this program with the +## OpenSSL library under certain conditions as described in each +## individual source file, and distribute linked combinations +## including the two. +## You must obey the GNU General Public License in all respects +## for all of the code used other than OpenSSL. If you modify +## file(s) with this exception, you may extend this exception to your +## version of the file(s), but you are not obligated to do so. If you +## do not wish to do so, delete this exception statement from your +## version. If you delete this exception statement from all source +## files in the program, then also delete it here. +## ifneq ($(MAKECMDGOALS),distclean) include include.mk diff --git a/src/auth_algo.c b/src/auth_algo.c index db87e7a..ac102c7 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -152,17 +165,19 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(!aa->params_) return -2; +#if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; + HMAC_CTX_init(¶ms->ctx_); + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default auth_algo_sha1_param_t* params = aa->params_; - -#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; } -#else - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); #endif return 0; @@ -174,13 +189,15 @@ void auth_algo_sha1_close(auth_algo_t* aa) return; if(aa->params_) { +#if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; + HMAC_CTX_cleanup(¶ms->ctx_); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default auth_algo_sha1_param_t* params = aa->params_; - -#ifndef USE_SSL_CRYPTO if(params->handle_) gcry_md_close(params->handle_); -#else - HMAC_CTX_cleanup(¶ms->ctx_); #endif free(aa->params_); @@ -207,7 +224,19 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -218,12 +247,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); @@ -255,7 +278,19 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return 0; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -266,12 +301,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); diff --git a/src/auth_algo.h b/src/auth_algo.h index d911ca8..d1e5178 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,15 +31,30 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_auth_algo_h_INCLUDED #define UANYTUN_auth_algo_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include -#else +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#else // USE_GCRYPT is the default +#include #endif #include "key_derivation.h" #include "encrypted_packet.h" @@ -66,10 +81,12 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di #define SHA1_LENGTH 20 struct auth_algo_sha1_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_md_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) HMAC_CTX ctx_; +#elif defined(USE_NETTLE) + struct hmac_sha1_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_md_hd_t handle_; #endif }; typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t; diff --git a/src/bsd/tun.c b/src/bsd/tun.c index 734c3d8..a469c58 100644 --- a/src/bsd/tun.c +++ b/src/bsd/tun.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/cipher.c b/src/cipher.c index d6eae57..f87e2cf 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -39,6 +52,9 @@ #include "encrypted_packet.h" #include "cipher.h" +#if defined(USE_NETTLE) +#include +#endif #include "log.h" @@ -210,7 +226,11 @@ int cipher_aesctr_init(cipher_t* c) if(!c->params_) return -2; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + // nothing here +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default int algo; switch(c->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -239,7 +259,11 @@ void cipher_aesctr_close(cipher_t* c) return; if(c->params_) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + // nothing here +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default cipher_aesctr_param_t* params = c->params_; gcry_cipher_close(params->handle_); #endif @@ -285,13 +309,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di if(ret < 0) return ret; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { - log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret); + log_printf(ERROR, "failed to set cipher key (code: %d)", ret); return -1; } -#else +#elif defined(USE_NETTLE) + aes_set_encrypt_key(¶ms->ctx_, c->key_.length_, c->key_.buf_); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err)); @@ -305,7 +331,21 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return ret; } -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#elif defined(USE_NETTLE) + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, (ilen < olen) ? ilen : olen, out, in); +#else // USE_GCRYPT is the default err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err)); @@ -317,14 +357,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err)); return -1; } -#else - if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set cipher CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return (ilen < olen) ? ilen : olen; diff --git a/src/cipher.h b/src/cipher.h index 4582a46..570df8d 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,16 +31,31 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_cipher_h_INCLUDED #define UANYTUN_cipher_h_INCLUDED #ifndef NO_CRYPT -#ifndef USE_SSL_CRYPTO -#include -#else +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#else // USE_GCRYPT is the default +#include #endif #include "key_derivation.h" #else @@ -94,11 +109,13 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union { typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t; struct cipher_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + struct aes_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif cipher_aesctr_ctr_t ctr_; }; diff --git a/src/configure b/src/configure index 542b4b4..16d5cc7 100755 --- a/src/configure +++ b/src/configure @@ -11,7 +11,7 @@ # tunnel endpoints. It has less protocol overhead than IPSec in Tunnel # mode and allows tunneling of every ETHER TYPE protocol (e.g. # ethernet, ip, arp ...). satp directly includes cryptography and -# message authentication based on the methodes used by SRTP. It is +# message authentication based on the methods used by SRTP. It is # intended to deliver a generic, scaleable and secure solution for # tunneling and relaying of packets of any protocol. # @@ -33,6 +33,19 @@ # You should have received a copy of the GNU General Public License # along with uAnytun. If not, see . # +# In addition, as a special exception, the copyright holders give +# permission to link the code of portions of this program with the +# OpenSSL library under certain conditions as described in each +# individual source file, and distribute linked combinations +# including the two. +# You must obey the GNU General Public License in all respects +# for all of the code used other than OpenSSL. If you modify +# file(s) with this exception, you may extend this exception to your +# version of the file(s), but you are not obligated to do so. If you +# do not wish to do so, delete this exception statement from your +# version. If you delete this exception statement from all source +# files in the program, then also delete it here. +# TARGET=`uname -s` EBUILD_COMPAT=0 @@ -61,7 +74,8 @@ print_usage() { echo " --examplesdir= the path to the examples files (default: $PREFIX/share/examples)" echo " --no-examples dont't install example files" echo " --use-gcrypt use libgcrypt (this is the default)" - echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt" + echo " --use-nettle use libnettle instead of libgcrypt" + echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" echo " --no-crypto disable crypto at all (only NULL cipher)" echo " --disable-passphrase disable master key and salt passphrase" echo " --enable-passphrase enable master key and salt passphrase" @@ -101,6 +115,9 @@ do --use-gcrypt) CRYPTO_LIB='gcrypt' ;; + --use-nettle) + CRYPTO_LIB='nettle' + ;; --use-ssl-crypto) CRYPTO_LIB='ssl' ;; @@ -169,8 +186,14 @@ esac case $CRYPTO_LIB in gcrypt) + CFLAGS=$CFLAGS' -DUSE_GCRYPT' LDFLAGS=$LDFLAGS' -lgcrypt' - echo "using libgcrypt library" + echo "using gcrypt library" + ;; + nettle) + CFLAGS=$CFLAGS' -DUSE_NETTLE' + LDFLAGS=$LDFLAGS' -lnettle' + echo "using nettle library" ;; ssl) CFLAGS=$CFLAGS' -DUSE_SSL_CRYPTO' diff --git a/src/daemon.h b/src/daemon.h index 05fa83e..9a477a7 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_daemon_h_INCLUDED diff --git a/src/datatypes.h b/src/datatypes.h index a374022..58434c8 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_datatypes_h_INCLUDED diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c index 801d8e6..2d46f40 100644 --- a/src/encrypted_packet.c +++ b/src/encrypted_packet.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h index fcd16ab..3f66f12 100644 --- a/src/encrypted_packet.h +++ b/src/encrypted_packet.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_encrypted_packet_h_INCLUDED diff --git a/src/init_crypt.h b/src/init_crypt.h index 848f9d7..b0c6a49 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_init_crypt_h_INCLUDED @@ -48,7 +61,23 @@ int init_crypt() #else -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + +int init_crypt() +{ +// nothing here + return 0; +} + +#elif defined(USE_NETTLE) + +int init_crypt() +{ +// nothing here + return 0; +} + +#else // USE_GCRYPT is the default #include @@ -77,14 +106,6 @@ int init_crypt() return 0; } -#else - -int init_crypt() -{ -// nothing here - return 0; -} - #endif diff --git a/src/key_derivation.c b/src/key_derivation.c index a9c4f6d..f2d8548 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,14 +31,31 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" #include "key_derivation.h" -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#include +#include #endif #include "log.h" @@ -135,30 +152,39 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -1; } -#ifndef USE_SSL_CRYPTO - if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { -#else +#if defined(USE_SSL_CRYPTO) if(key_length > (SHA256_DIGEST_LENGTH * 8)) { +#elif defined(USE_NETTLE) + if(key_length > (SHA256_DIGEST_SIZE * 8)) { +#else // USE_GCRYPT is the default + if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { #endif log_printf(ERROR, "master key too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); -#else +#if defined(USE_SSL_CRYPTO) digest.length_ = SHA256_DIGEST_LENGTH; +#elif defined(USE_NETTLE) + digest.length_ = SHA256_DIGEST_SIZE; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); -#else +#if defined(USE_SSL_CRYPTO) SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#elif defined(USE_NETTLE) + struct sha256_ctx ctx; + sha256_init(&ctx); + sha256_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha256_digest(&ctx, digest.length_, digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_key_.length_ = key_length/8; @@ -191,29 +217,38 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph return -1; } -#ifndef USE_SSL_CRYPTO - if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { -#else +#if defined(USE_SSL_CRYPTO) if(salt_length > (SHA_DIGEST_LENGTH * 8)) { +#elif defined(USE_NETTLE) + if(salt_length > (SHA1_DIGEST_SIZE * 8)) { +#else // USE_GCRYPT is the default + if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { #endif log_printf(ERROR, "master salt too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); -#else +#if defined(USE_SSL_CRYPTO) digest.length_ = SHA_DIGEST_LENGTH; +#elif defined(USE_NETTLE) + digest.length_ = SHA1_DIGEST_SIZE; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); -#else +#if defined(USE_SSL_CRYPTO) SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#elif defined(USE_NETTLE) + struct sha1_ctx ctx; + sha1_init(&ctx); + sha1_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha1_digest(&ctx, digest.length_, digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_salt_.length_ = salt_length/8; @@ -330,7 +365,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) return -2; key_derivation_aesctr_param_t* params = kd->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT params->handle_ = 0; #endif @@ -345,7 +380,15 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) } #endif -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); + if(ret) { + log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); + return -1; + } +#elif defined(USE_NETTLE) + aes_set_encrypt_key(¶ms->ctx_, kd->master_key_.length_, kd->master_key_.buf_); +#else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -368,12 +411,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err)); return -1; } -#else - int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); - if(ret) { - log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); - return -1; - } #endif return 0; @@ -385,7 +422,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd) return; if(kd->params_) { -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT key_derivation_aesctr_param_t* params = kd->params_; if(params->handle_) gcry_cipher_close(params->handle_); @@ -428,7 +465,23 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di return -1; } -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + memset(key, 0, len); + AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#elif defined(USE_NETTLE) + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + memset(key, 0, len); + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, len, key, key); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err)); @@ -447,15 +500,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err)); return -1; } -#else - if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return 0; diff --git a/src/key_derivation.h b/src/key_derivation.h index 5268faf..0f0942e 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,15 +31,30 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_key_derivation_h_INCLUDED #define UANYTUN_key_derivation_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include -#else +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#else // USE_GCRYPT is the default +#include #endif #include "options.h" @@ -103,11 +118,13 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t; struct key_derivation_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + struct aes_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif key_derivation_aesctr_ctr_t ctr_; }; diff --git a/src/linux/tun.c b/src/linux/tun.c index acd823e..c77cea1 100644 --- a/src/linux/tun.c +++ b/src/linux/tun.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #define _GNU_SOURCE diff --git a/src/log.c b/src/log.c index 5659d3a..b094d49 100644 --- a/src/log.c +++ b/src/log.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/log.h b/src/log.h index a87286d..9f89b4c 100644 --- a/src/log.h +++ b/src/log.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_log_h_INCLUDED diff --git a/src/log_targets.h b/src/log_targets.h index babe1d1..a0a774b 100644 --- a/src/log_targets.h +++ b/src/log_targets.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_log_targets_h_INCLUDED diff --git a/src/options.c b/src/options.c index 4b5df26..f12eb1b 100644 --- a/src/options.c +++ b/src/options.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/options.h b/src/options.h index 05f1c21..fa4d554 100644 --- a/src/options.h +++ b/src/options.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_options_h_INCLUDED diff --git a/src/plain_packet.c b/src/plain_packet.c index 53bddb9..868ebd8 100644 --- a/src/plain_packet.c +++ b/src/plain_packet.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/plain_packet.h b/src/plain_packet.h index 54c0f8d..5b79c39 100644 --- a/src/plain_packet.h +++ b/src/plain_packet.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_plain_packet_h_INCLUDED diff --git a/src/seq_window.c b/src/seq_window.c index 55be299..2d225a4 100644 --- a/src/seq_window.c +++ b/src/seq_window.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" @@ -201,7 +214,7 @@ void seq_win_print(seq_win_t* win) while(ptr) { printf(" [%u]: (%u)-", ptr->sender_id_, ptr->max_); window_size_t i = ptr->pos_; - while(1) { + for(;;) { if(ptr->window_[i]) printf("O"); else diff --git a/src/seq_window.h b/src/seq_window.h index 51bb1eb..612c2d1 100644 --- a/src/seq_window.h +++ b/src/seq_window.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_seq_window_h_INCLUDED diff --git a/src/sig_handler.c b/src/sig_handler.c index 69b96e3..5de168e 100644 --- a/src/sig_handler.c +++ b/src/sig_handler.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/sig_handler.h b/src/sig_handler.h index 749c80d..fbb66b6 100644 --- a/src/sig_handler.h +++ b/src/sig_handler.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_sig_handler_h_INCLUDED diff --git a/src/string_list.c b/src/string_list.c index 260dd92..97bc057 100644 --- a/src/string_list.c +++ b/src/string_list.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include diff --git a/src/string_list.h b/src/string_list.h index 2e29822..03ca276 100644 --- a/src/string_list.h +++ b/src/string_list.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_string_list_h_INCLUDED diff --git a/src/sysexec.c b/src/sysexec.c index 1191401..814d5ff 100644 --- a/src/sysexec.c +++ b/src/sysexec.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/sysexec.h b/src/sysexec.h index 7527584..da6555e 100644 --- a/src/sysexec.h +++ b/src/sysexec.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_sysexec_h_INCLUDED diff --git a/src/tun.h b/src/tun.h index 5051e19..fa6e689 100644 --- a/src/tun.h +++ b/src/tun.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_tun_h_INCLUDED diff --git a/src/tun_helper.h b/src/tun_helper.h index 6417d1c..15a1c81 100644 --- a/src/tun_helper.h +++ b/src/tun_helper.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_tun_helper_h_INCLUDED diff --git a/src/uanytun.c b/src/uanytun.c index 3453a38..93ddf63 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #include "datatypes.h" diff --git a/src/udp.c b/src/udp.c index f336c6e..75ee6ab 100644 --- a/src/udp.c +++ b/src/udp.c @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #define _GNU_SOURCE diff --git a/src/udp.h b/src/udp.h index 3e81650..bb266b0 100644 --- a/src/udp.h +++ b/src/udp.h @@ -10,7 +10,7 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * @@ -31,6 +31,19 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ #ifndef UANYTUN_udp_h_INCLUDED -- cgit v1.2.3