projects / debian / uanytun.git / blob
? search:


331a3c3cceb8c1639702b918e2586ae17cb80d90
[debian/uanytun.git] / src / options.c
1 /*
2  *  uAnytun
3  *
4  *  uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full
5  *  featured implementation uAnytun has no support for multiple connections
6  *  or synchronisation. It is a small single threaded implementation intended
7  *  to act as a client on small platforms.
8  *  The secure anycast tunneling protocol (satp) defines a protocol used
9  *  for communication between any combination of unicast and anycast
10  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
11  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
12  *  ethernet, ip, arp ...). satp directly includes cryptography and
13  *  message authentication based on the methodes used by SRTP.  It is
14  *  intended to deliver a generic, scaleable and secure solution for
15  *  tunneling and relaying of packets of any protocol.
16  *  
17  *
18  *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
19  *
20  *  This file is part of uAnytun.
21  *
22  *  uAnytun is free software: you can redistribute it and/or modify
23  *  it under the terms of the GNU General Public License as published by
24  *  the Free Software Foundation, either version 3 of the License, or
25  *  any later version.
26  *
27  *  uAnytun is distributed in the hope that it will be useful,
28  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
29  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
30  *  GNU General Public License for more details.
31  *
32  *  You should have received a copy of the GNU General Public License
33  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
34  */
35
36 #include "datatypes.h"
37 #include "version.h"
38
39 #include "options.h"
40
41 #include <stdlib.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <ctype.h>
45
46 #include "log.h"
47
48 #ifndef NO_CRYPT
49 #include "auth_algo.h"
50 #endif
51
52 #define PARSE_BOOL_PARAM(SHORT, LONG, VALUE)             \
53     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
54       VALUE = 1;
55
56 #define PARSE_INVERSE_BOOL_PARAM(SHORT, LONG, VALUE)     \
57     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
58       VALUE = 0;
59
60 #define PARSE_INT_PARAM(SHORT, LONG, VALUE)              \
61     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
62     {                                                    \
63       if(argc < 1)                                       \
64         return i;                                        \
65       VALUE = atoi(argv[i+1]);                           \
66       argc--;                                            \
67       i++;                                               \
68     }
69
70 #define PARSE_STRING_PARAM(SHORT, LONG, VALUE)           \
71     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
72     {                                                    \
73       if(argc < 1 || argv[i+1][0] == '-')                \
74         return i;                                        \
75       if(VALUE) free(VALUE);                             \
76       VALUE = strdup(argv[i+1]);                         \
77       if(!VALUE)                                         \
78         return -2;                                       \
79       argc--;                                            \
80       i++;                                               \
81     }
82
83 #define PARSE_STRING_PARAM_SEC(SHORT, LONG, VALUE)       \
84     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
85     {                                                    \
86       if(argc < 1 || argv[i+1][0] == '-')                \
87         return i;                                        \
88       if(VALUE) free(VALUE);                             \
89       VALUE = strdup(argv[i+1]);                         \
90       if(!VALUE)                                         \
91         return -2;                                       \
92       size_t j;                                          \
93       for(j=0; j < strlen(argv[i+1]); ++j)               \
94         argv[i+1][j] = '#';                              \
95       argc--;                                            \
96       i++;                                               \
97     }
98
99 #define PARSE_IFCONFIG_PARAM(SHORT, LONG, VALUE)         \
100     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
101     {                                                    \
102       if(argc < 1 || argv[i+1][0] == '-')                \
103         return i;                                        \
104       int ret;                                           \
105       ret = options_parse_ifconfig(argv[i+1], &VALUE);   \
106       if(ret > 0)                                        \
107         return i+1;                                      \
108       if(ret < 0)                                        \
109         return ret;                                      \
110       argc--;                                            \
111       i++;                                               \
112     }
113
114 #define PARSE_HEXSTRING_PARAM_SEC(SHORT, LONG, VALUE)    \
115     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
116     {                                                    \
117       if(argc < 1 || argv[i+1][0] == '-')                \
118         return i;                                        \
119       int ret;                                           \
120       ret = options_parse_hex_string(argv[i+1], &VALUE); \
121       if(ret > 0)                                        \
122         return i+1;                                      \
123       else if(ret < 0)                                   \
124         return ret;                                      \
125       size_t j;                                          \
126       for(j=0; j < strlen(argv[i+1]); ++j)               \
127         argv[i+1][j] = '#';                              \
128       argc--;                                            \
129       i++;                                               \
130     }
131
132 #define PARSE_STRING_LIST(SHORT, LONG, LIST)             \
133     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
134     {                                                    \
135       if(argc < 1 || argv[i+1][0] == '-')                \
136         return i;                                        \
137       int ret = string_list_add(&LIST, argv[i+1]);       \
138       if(ret == -2)                                      \
139         return ret;                                      \
140       else if(ret)                                       \
141         return i+1;                                      \
142       argc--;                                            \
143       i++;                                               \
144     }
145
146 int options_parse_hex_string(const char* hex, buffer_t* buffer)
147 {
148   if(!hex || !buffer)
149     return -1;
150
151   u_int32_t hex_len = strlen(hex);
152   if(hex_len%2)
153     return 1;
154
155   if(buffer->buf_) 
156     free(buffer->buf_);
157   
158   buffer->length_ = hex_len/2;
159   buffer->buf_ = malloc(buffer->length_);
160   if(!buffer->buf_) {
161     buffer->length_ = 0;
162     return -2;
163   }
164
165   const char* ptr = hex;
166   int i;
167   for(i=0;i<buffer->length_;++i) {
168     u_int32_t tmp;
169     sscanf(ptr, "%2X", &tmp);
170     buffer->buf_[i] = (u_int8_t)tmp;
171     ptr += 2;
172   }
173
174   return 0;
175 }
176
177 int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg)
178 {
179   char* str = strdup(arg);
180   if(!str)
181     return -2;
182
183   char* ptr = str;
184   for(;*ptr;++ptr) {
185     if(*ptr == '/') {
186       *ptr = 0;
187       ptr++;
188       if(!(*ptr)) {
189         free(str);
190         return 1;
191       }
192       
193       ifcfg->prefix_length_ = atoi(ptr);
194       ifcfg->net_addr_ = strdup(str);
195       free(str);
196
197       if(!ifcfg->net_addr_)
198         return -2;
199
200       return 0;
201     }
202     if(!isdigit(*ptr) && *ptr != '.') {
203       free(str);
204       return 1;
205     }
206   }
207
208   free(str);
209   return 1;
210 }
211
212
213 int options_parse(options_t* opt, int argc, char* argv[])
214 {
215   if(!opt)
216     return -1;
217
218   options_default(opt);
219
220   if(opt->progname_)
221     free(opt->progname_);
222   opt->progname_ = strdup(argv[0]);
223   if(!opt->progname_)
224     return -2;
225
226   argc--;
227
228   char* role = NULL;
229   int i, ipv4_only = 0, ipv6_only = 0;
230   for(i=1; argc > 0; ++i)
231   {
232     char* str = argv[i];
233     argc--;
234
235     if(!strcmp(str,"-h") || !strcmp(str,"--help"))
236       return -1;
237     else if(!strcmp(str,"-v") || !strcmp(str,"--version"))
238       return -5;
239     PARSE_INVERSE_BOOL_PARAM("-D","--nodaemonize", opt->daemonize_)
240     PARSE_STRING_PARAM("-u","--username", opt->username_)
241     PARSE_STRING_PARAM("-g","--groupname", opt->groupname_)
242     PARSE_STRING_PARAM("-C","--chroot", opt->chroot_dir_)
243     PARSE_STRING_PARAM("-P","--write-pid", opt->pid_file_)
244     PARSE_STRING_PARAM("-i","--interface", opt->local_addr_)
245     PARSE_STRING_PARAM("-p","--port", opt->local_port_)
246     PARSE_INT_PARAM("-s","--sender-id", opt->sender_id_)
247     PARSE_STRING_LIST("-L","--log", opt->log_targets_)
248     PARSE_BOOL_PARAM("-U", "--debug", opt->debug_)
249     PARSE_STRING_PARAM("-r","--remote-host", opt->remote_addr_)
250     PARSE_STRING_PARAM("-o","--remote-port", opt->remote_port_)
251     PARSE_BOOL_PARAM("-4","--ipv4-only", ipv4_only)
252     PARSE_BOOL_PARAM("-6","--ipv6-only", ipv6_only)
253     PARSE_STRING_PARAM("-d","--dev", opt->dev_name_)
254     PARSE_STRING_PARAM("-t","--type", opt->dev_type_)
255     PARSE_IFCONFIG_PARAM("-n","--ifconfig", opt->ifconfig_param_)
256     PARSE_STRING_PARAM("-x","--post-up-script", opt->post_up_script_)
257     PARSE_INT_PARAM("-m","--mux", opt->mux_)
258     PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
259 #ifndef NO_CRYPT
260     PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
261 #ifndef NO_PASSPHRASE
262     PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
263 #endif
264     PARSE_STRING_PARAM("-e","--role", role)
265     PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
266     PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
267     PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
268     PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
269     PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_)
270 #endif
271     else 
272       return i;
273   }
274   if(ipv4_only && ipv6_only)
275     return -3;
276   if(ipv4_only)
277     opt->resolv_addr_type_ = IPV4_ONLY;
278   if(ipv6_only)
279     opt->resolv_addr_type_ = IPV6_ONLY;
280
281   if(opt->debug_) {
282     string_list_add(&opt->log_targets_, "stdout:5");
283     opt->daemonize_ = 0;
284   }
285
286   if(!opt->log_targets_.first_)
287     string_list_add(&opt->log_targets_, "syslog:3,uanytun,daemon");
288
289 #ifndef NO_CRYPT
290   if(role) {
291     if(!strcmp(role, "alice") || !strcmp(role, "server") || !strcmp(role, "left"))
292       opt->role_ = ROLE_LEFT;
293     else if(!strcmp(role, "bob") || !strcmp(role, "client") || !strcmp(role, "right"))
294       opt->role_ = ROLE_RIGHT;
295     else {
296       free(role);
297       return -4;
298     }
299     free(role);
300   }
301 #endif
302   return 0;
303 }
304
305 void options_parse_post(options_t* opt)
306 {
307   if(!opt)
308     return;
309
310 #ifndef NO_CRYPT
311   if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") && 
312      strcmp(opt->kd_prf_, "null")) {
313     if(opt->kd_prf_)
314       free(opt->kd_prf_);
315     opt->kd_prf_ = strdup("null");
316   }
317   if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) && 
318      !strcmp(opt->kd_prf_, "null")) {
319     log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!");
320   }
321
322   u_int32_t tag_len_max = auth_algo_get_max_length(opt->auth_algo_);
323   if(!tag_len_max) opt->auth_tag_length_ = 0;
324   else if(tag_len_max < opt->auth_tag_length_) {
325     log_printf(WARNING, "%s auth algo can't generate tags of length %d, using maximum tag length(%d)", opt->auth_algo_, opt->auth_tag_length_, tag_len_max);
326     opt->auth_tag_length_ = tag_len_max;
327   }
328 #endif
329
330   if(!(opt->dev_name_) && !(opt->dev_type_))
331     opt->dev_type_ = strdup("tun");
332 }
333
334 void options_default(options_t* opt)
335 {
336   if(!opt)
337     return;
338
339   opt->progname_ = strdup("uanytun");
340   opt->daemonize_ = 1;
341   opt->username_ = NULL;
342   opt->groupname_ = NULL;
343   opt->chroot_dir_ = NULL;
344   opt->pid_file_ = NULL;
345   string_list_init(&opt->log_targets_);
346   opt->debug_ = 0;
347   opt->local_addr_ = NULL;
348   opt->local_port_ = strdup("4444");
349   opt->sender_id_ = 0;
350   opt->remote_addr_ = NULL;
351   opt->remote_port_ = strdup("4444");
352   opt->resolv_addr_type_ = ANY;
353   opt->dev_name_ = NULL;
354   opt->dev_type_ = NULL;
355   opt->ifconfig_param_.net_addr_ = NULL;
356   opt->ifconfig_param_.prefix_length_ = 0;
357   opt->post_up_script_ = NULL;
358   opt->mux_ = 0;
359   opt->seq_window_size_ = 0;
360 #ifndef NO_CRYPT
361   opt->kd_prf_ = strdup("aes-ctr");
362   opt->passphrase_ = NULL;
363   opt->role_ = ROLE_LEFT;
364   opt->cipher_ = strdup("aes-ctr");
365   opt->auth_algo_ = strdup("sha1");
366   opt->auth_tag_length_ = 10;
367 #else
368   opt->cipher_ = strdup("null");
369   opt->auth_tag_length_ = 0;
370 #endif
371   opt->key_.buf_ = NULL;
372   opt->key_.length_ = 0;
373   opt->salt_.buf_ = NULL;
374   opt->salt_.length_ = 0;
375 }
376
377 void options_clear(options_t* opt)
378 {
379   if(!opt)
380     return;
381
382   if(opt->progname_)
383     free(opt->progname_);
384   if(opt->username_)
385     free(opt->username_);
386   if(opt->groupname_)
387     free(opt->groupname_);
388   if(opt->chroot_dir_)
389     free(opt->chroot_dir_);
390   if(opt->pid_file_)
391     free(opt->pid_file_);
392   string_list_clear(&opt->log_targets_);
393   if(opt->local_addr_)
394     free(opt->local_addr_);
395   if(opt->local_port_)
396     free(opt->local_port_);
397   if(opt->remote_addr_)
398     free(opt->remote_addr_);
399   if(opt->remote_port_)
400     free(opt->remote_port_);
401   if(opt->dev_name_)
402     free(opt->dev_name_);
403   if(opt->dev_type_)
404     free(opt->dev_type_);
405   if(opt->ifconfig_param_.net_addr_)
406     free(opt->ifconfig_param_.net_addr_);
407   if(opt->post_up_script_)
408     free(opt->post_up_script_);
409   if(opt->cipher_)
410     free(opt->cipher_);
411 #ifndef NO_CRYPT
412   if(opt->auth_algo_)
413     free(opt->auth_algo_);
414   if(opt->kd_prf_)
415     free(opt->kd_prf_);
416   if(opt->passphrase_)
417     free(opt->passphrase_);
418 #endif
419   if(opt->key_.buf_)
420     free(opt->key_.buf_);
421   if(opt->salt_.buf_)
422     free(opt->salt_.buf_);
423 }
424
425 void options_print_usage()
426 {
427   printf("USAGE:\n");
428   printf("uanytun [-h|--help]                         prints this...\n");
429   printf("        [-v|--version]                      print version info and exit\n");
430   printf("        [-D|--nodaemonize]                  don't run in background\n");
431   printf("        [-u|--username] <username>          change to this user\n");
432   printf("        [-g|--groupname] <groupname>        change to this group\n");
433   printf("        [-C|--chroot] <path>                chroot to this directory\n");
434   printf("        [-P|--write-pid] <path>             write pid to this file\n");
435   printf("        [-i|--interface] <ip-address>       local ip address to bind to\n");
436   printf("        [-p|--port] <port>                  local port to bind to\n");
437   printf("        [-s|--sender-id ] <sender id>       the sender id to use\n");
438   printf("        [-L|--log] <target>:<level>[,<param1>[,<param2>..]]\n");
439   printf("                                            add a log target, can be invoked several times\n");
440   printf("        [-U|--debug]                        don't daemonize and log to stdout with maximum log level\n");
441
442   printf("        [-r|--remote-host] <hostname|ip>    remote host\n");
443   printf("        [-o|--remote-port] <port>           remote port\n");
444   printf("        [-4|--ipv4-only]                    always resolv IPv4 addresses\n");
445   printf("        [-6|--ipv6-only]                    always resolv IPv6 addresses\n");
446   printf("        [-d|--dev] <name>                   device name\n");
447   printf("        [-t|--type] <tun|tap>               device type\n");
448
449   printf("        [-n|--ifconfig] <local>/<prefix>    the local address for the tun/tap device and the used prefix length\n");
450   printf("        [-x|--post-up-script] <script>      script gets called after interface is created\n");
451   printf("        [-m|--mux] <mux-id>                 the multiplex id to use\n");
452   printf("        [-w|--window-size] <window size>    seqence number window size\n");
453 #ifndef NO_CRYPT
454   printf("        [-k|--kd-prf] <kd-prf type>         key derivation pseudo random function\n");
455 #ifndef NO_PASSPHRASE
456   printf("        [-E|--passphrase] <pass phrase>     a passprhase to generate master key and salt from\n");
457 #endif
458   printf("        [-K|--key] <master key>             master key to use for encryption\n");
459   printf("        [-A|--salt] <master salt>           master salt to use for encryption\n");
460   printf("        [-e|--role] <role>                  left (alice) or right (bob)\n");
461   printf("        [-c|--cipher] <cipher type>         payload encryption algorithm\n");
462   printf("        [-a|--auth-algo] <algo type>        message authentication algorithm\n");
463   printf("        [-b|--auth-tag-length] <length>     length of the auth tag\n");
464 #endif
465 }
466
467 void options_print_version()
468 {
469   printf("%s\n", VERSION_STRING_0);
470   printf("%s\n", VERSION_STRING_1);
471 }
472
473 void options_print(options_t* opt)
474 {
475   if(!opt)
476     return;
477
478   printf("progname: '%s'\n", opt->progname_);
479   printf("daemonize: %d\n", opt->daemonize_);
480   printf("username: '%s'\n", opt->username_);
481   printf("groupname: '%s'\n", opt->groupname_);
482   printf("chroot_dir: '%s'\n", opt->chroot_dir_);
483   printf("pid_file: '%s'\n", opt->pid_file_);
484   printf("log_targets: \n");
485   string_list_print(&opt->log_targets_, "  '", "'\n");
486   printf("debug: %s\n", !opt->debug_ ? "false" : "true");
487   printf("local_addr: '%s'\n", opt->local_addr_);
488   printf("local_port: '%s'\n", opt->local_port_);
489   printf("sender_id: %d\n", opt->sender_id_);
490   printf("remote_addr: '%s'\n", opt->remote_addr_);
491   printf("remote_port: '%s'\n", opt->remote_port_);
492   printf("resolv_addr_type: ");
493   switch(opt->resolv_addr_type_) {
494   case ANY: printf("any\n"); break;
495   case IPV4_ONLY: printf("ipv4-only\n"); break;
496   case IPV6_ONLY: printf("ipv6-only\n"); break;
497   default: printf("??\n"); break;
498   }
499   printf("dev_name: '%s'\n", opt->dev_name_);
500   printf("dev_type: '%s'\n", opt->dev_type_);
501   printf("ifconfig_net_addr: '%s'\n", opt->ifconfig_param_.net_addr_);
502   printf("ifconfig_prefix_length: %d\n", opt->ifconfig_param_.prefix_length_);
503   printf("post_up_script: '%s'\n", opt->post_up_script_);
504   printf("mux: %d\n", opt->mux_);
505   printf("seq_window_size: %d\n", opt->seq_window_size_);
506   printf("cipher: '%s'\n", opt->cipher_);
507 #ifndef NO_CRYPT
508   printf("auth_algo: '%s'\n", opt->auth_algo_);
509   printf("auth_tag_length: %d\n", opt->auth_tag_length_);
510   printf("kd_prf: '%s'\n", opt->kd_prf_);
511   printf("passphrase: '%s'\n", opt->passphrase_);
512   printf("role: ");
513   switch(opt->role_) {
514   case ROLE_LEFT: printf("left\n"); break;
515   case ROLE_RIGHT: printf("right\n"); break;
516   default: printf("??\n"); break;
517   }
518 #endif
519
520   u_int32_t i;
521   printf("key_[%d]: '", opt->key_.length_);
522   for(i=0; i<opt->key_.length_; ++i) printf("%02X", opt->key_.buf_[i]);
523   printf("'\n");
524
525   printf("salt_[%d]: '", opt->salt_.length_);
526   for(i=0; i<opt->salt_.length_; ++i) printf("%02X", opt->salt_.buf_[i]);
527   printf("'\n");
528 }