Imported Upstream version 0.3.5

diff --git a/ChangeLog b/ChangeLog
index 33d4752..8b9c45a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2014.06.21 -- Version 0.3.5
+
+* added support for libnettle as crypt library
+* added an exception to the license which allows linking with OpenSSL
+
+2014.06.08 -- Version 0.3.4
+
+* fixed build issues for clang
+* refactored the multi socket support
+

 2010.02.16 -- Version 0.3.3
 
 * added -v|--version option
 2010.02.16 -- Version 0.3.3
 
 * added -v|--version option


@@ -18,11 +28,11 @@
 * improved script execution
 * added signal handling without races
 * all log_targets print time now too
 * improved script execution
 * added signal handling without races
 * all log_targets print time now too

-       
+

 2009.05.01 -- Version 0.3
 
 * updated to new protocol specification (extended label and crypto role)
 2009.05.01 -- Version 0.3
 
 * updated to new protocol specification (extended label and crypto role)

-  Mind that due this protocol changes this version is incompatible to older 
+  Mind that due this protocol changes this version is incompatible to older

   version of anytun and uanytun
 * the auth tag length can now be configured
 * added extended logging support (syslog, file, stdout and stderr)
   version of anytun and uanytun
 * the auth tag length can now be configured
 * added extended logging support (syslog, file, stdout and stderr)


@@ -40,7 +50,7 @@
 
 * fixed bug which prevents the daemon from using the right cipher
   key when using a key derivation rate other than 1
 
 * fixed bug which prevents the daemon from using the right cipher
   key when using a key derivation rate other than 1

-       
+

 2009.01.11 -- Version 0.2
 
 * added crypto support using libgcrypt or openssl
 2009.01.11 -- Version 0.2
 
 * added crypto support using libgcrypt or openssl

diff --git a/LICENSE b/LICENSE
index 1406bb5..8146513 100644 (file)
--- a/LICENSE
+++ b/LICENSE
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,7 +31,23 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.
+ *

  */
  */

+
+

                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 

diff --git a/LICENSE.OpenSSL b/LICENSE.OpenSSL
new file mode 100644 (file)
index 0000000..4b57596
--- /dev/null
+++ b/LICENSE.OpenSSL
@@ -0,0 +1,186 @@
+/*
+ *  uAnytun
+ *
+ *  uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full
+ *  featured implementation uAnytun has no support for multiple connections
+ *  or synchronisation. It is a small single threaded implementation intended
+ *  to act as a client on small platforms.
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methods used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>
+ *
+ *  This file is part of uAnytun.
+ *
+ *  uAnytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  uAnytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.
+ *
+ */
+
+Certain source files in this program permit linking with the OpenSSL
+library (http://www.openssl.org), which otherwise wouldn't be allowed
+under the GPL.  For purposes of identifying OpenSSL, most source files
+giving this permission limit it to versions of OpenSSL having a license
+identical to that listed in this file (LICENSE.OpenSSL).  It is not
+necessary for the copyright years to match between this file and the
+OpenSSL version in question.  However, note that because this file is
+an extension of the license statements of these source files, this file
+may not be changed except with permission from all copyright holders
+of source files in this program which reference this file.
+
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */

diff --git a/README b/README
index 1c70648..dc07a11 100644 (file)
--- a/README
+++ b/README
@@ -1,8 +1,8 @@
 Dependencies
 ============
 
 Dependencies
 ============
 

-uAnytun can be built by using either libgcrypt or the openssl-crypto library. 
-The latter is more performant in most cases but there are some license 
+uAnytun can be built by using either libgcrypt, libnettle or the openssl-crypto
+library. The latter is more performant in most cases but there are some license

 issues when using this library. It also needs more space when installed.
 
 
 issues when using this library. It also needs more space when installed.
 
 


@@ -11,7 +11,7 @@ Linux
 (this includes Debian with FreeBSD Kernel)
 
 using libgcrypt:
 (this includes Debian with FreeBSD Kernel)
 
 using libgcrypt:

- 
+

  build-essential
  libgcrypt11-dev
 
  build-essential
  libgcrypt11-dev
 


@@ -20,6 +20,15 @@ using ssl crypto library:
  build-essential
  libssl-dev
 
  build-essential
  libssl-dev
 

+using nettle crypto library:
+
+ build-essential
+ nettle-dev
+
+if you want clang as compiler
+
+ clang
+

 if you want to rebuild the manpage:
 
  asciidoc
 if you want to rebuild the manpage:
 
  asciidoc


@@ -43,7 +52,7 @@ if you want to rebuild the manpage:
  textproc/libxslt
  textproc/docbook-xsl
  sysutils/readlink
  textproc/libxslt
  textproc/docbook-xsl
  sysutils/readlink

- misc/getopt 
+ misc/getopt

 
 
 
 
 
 


@@ -72,7 +81,7 @@ using ssl crypto library:
 # ./configure --use-ssl-crypto
 # make
 
 # ./configure --use-ssl-crypto
 # make
 

-Notes: 
+Notes:

   - try './configure --help' for further information
   - if using openssl pre 0.9.8 you have to disable passphrase
     because openssl had no SHA256 implementation prior to this
   - try './configure --help' for further information
   - if using openssl pre 0.9.8 you have to disable passphrase
     because openssl had no SHA256 implementation prior to this


@@ -93,7 +102,7 @@ Uninstalling
 
 # sudo make remove
 
 
 # sudo make remove
 

-This removes everytthing except for the config files
+This removes everything except for the config files

 
 # sudo make purge
 
 
 # sudo make purge
 


@@ -107,20 +116,20 @@ Usage:
 init.d script
 -------------
 
 init.d script
 -------------
 

-The init.d script can be used to start uanytun at boot time. It searches for 
+The init.d script can be used to start uanytun at boot time. It searches for

 configuration files which reside at $CONFIG_DIR. For each instance of uanytun
 which should be started there must be a directory containing at least a file
 named config. This file must contain all command line parameter which should
 be used when starting the daemon. One line for each parameter. Empty lines and
 lines starting with # are ignored. Besides the config file there may be a script
 configuration files which reside at $CONFIG_DIR. For each instance of uanytun
 which should be started there must be a directory containing at least a file
 named config. This file must contain all command line parameter which should
 be used when starting the daemon. One line for each parameter. Empty lines and
 lines starting with # are ignored. Besides the config file there may be a script

-named post-up.sh which will be called when the tun/tap device comes up. 
+named post-up.sh which will be called when the tun/tap device comes up.

 This is an example of how the init.d script can be used to start uanytun:
 
 # /etc/init.d/uanytun start client1 p2p-a
 
 In this case the script will start 2 instances of uanytun using the config files
 This is an example of how the init.d script can be used to start uanytun:
 
 # /etc/init.d/uanytun start client1 p2p-a
 
 In this case the script will start 2 instances of uanytun using the config files

-$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. 
+$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config.

 If no instance name is specified the script will use the file $CONFIG_DIR/autostart
 If no instance name is specified the script will use the file $CONFIG_DIR/autostart

-to determine which instances to start or stop. This file must contain a list 
-of instance names which should be used when no names are specified at the command 
+to determine which instances to start or stop. This file must contain a list
+of instance names which should be used when no names are specified at the command

 line. One line for each name. Empty lines and lines starting with # are ignored.
 line. One line for each name. Empty lines and lines starting with # are ignored.

diff --git a/doc/Makefile b/doc/Makefile
index b5eecb8..1e4b315 100644 (file)
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -10,12 +10,12 @@
 ##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 ##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 ##  ethernet, ip, arp ...). satp directly includes cryptography and
 ##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 ##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 ##  ethernet, ip, arp ...). satp directly includes cryptography and

-##  message authentication based on the methodes used by SRTP.  It is
+##  message authentication based on the methods used by SRTP.  It is

 ##  intended to deliver a generic, scaleable and secure solution for
 ##  tunneling and relaying of packets of any protocol.
 ##  intended to deliver a generic, scaleable and secure solution for
 ##  tunneling and relaying of packets of any protocol.

-##  

 ##
 ##

-##  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+##
+##  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

 ##
 ##  This file is part of uAnytun.
 ##
 ##
 ##  This file is part of uAnytun.
 ##


@@ -32,10 +32,23 @@
 ##  You should have received a copy of the GNU General Public License
 ##  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
 ##
 ##  You should have received a copy of the GNU General Public License
 ##  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
 ##

+##  In addition, as a special exception, the copyright holders give
+##  permission to link the code of portions of this program with the
+##  OpenSSL library under certain conditions as described in each
+##  individual source file, and distribute linked combinations
+##  including the two.
+##  You must obey the GNU General Public License in all respects
+##  for all of the code used other than OpenSSL.  If you modify
+##  file(s) with this exception, you may extend this exception to your
+##  version of the file(s), but you are not obligated to do so.  If you
+##  do not wish to do so, delete this exception statement from your
+##  version.  If you delete this exception statement from all source
+##  files in the program, then also delete it here.
+##

 
 VERSION=$(shell cat ../version)
 
 
 VERSION=$(shell cat ../version)
 

-.PHONY: clean 
+.PHONY: clean

 
 all: manpage
 
 
 all: manpage
 

diff --git a/doc/uanytun.8 b/doc/uanytun.8
index 7126c00..299c742 100644 (file)
--- a/doc/uanytun.8
+++ b/doc/uanytun.8
@@ -1,13 +1,22 @@
 '\" t
 .\"     Title: uanytun
 .\"    Author: [see the "AUTHORS" section]
 '\" t
 .\"     Title: uanytun
 .\"    Author: [see the "AUTHORS" section]

-.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
-.\"      Date: 02/17/2010
-.\"    Manual: uanytun user manual
-.\"    Source: uanytun 0.3.3
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 06/21/2014
+.\"    Manual: \ \&
+.\"    Source: \ \&

 .\"  Language: English
 .\"
 .\"  Language: English
 .\"

-.TH "UANYTUN" "8" "02/17/2010" "uanytun 0.3.3" "uanytun user manual"
+.TH "UANYTUN" "8" "06/21/2014" "\ \&" "\ \&"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '

 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------


@@ -94,9 +103,9 @@ to write it\(cqs pid to this file\&. The default is to not create a pid file\&.
 .PP
 \fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
 .RS 4
 .PP
 \fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
 .RS 4

-add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target has its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.

 
 

-The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+The file target can be used more than once with different levels\&. If no target is provided at the command line a single target with the config

 \fIsyslog:3,uanytun,daemon\fR
 is added\&.
 
 \fIsyslog:3,uanytun,daemon\fR
 is added\&.
 


@@ -216,7 +225,7 @@ does not support synchronisation it can\(cqt be used as an anycast endpoint ther
 .RS 4
 seqence window size
 
 .RS 4
 seqence window size
 

-Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
+Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.

 .RE
 .PP
 \fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR
 .RE
 .PP
 \fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR


@@ -370,7 +379,7 @@ auth algo is used in which case it defaults to 0\&.
 \fBHost A:\fR
 .RS 4
 .sp
 \fBHost A:\fR
 .RS 4
 .sp

-uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e left
+uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E have_a_very_safe_and_productive_day \-e left

 .RE
 .sp
 .it 1 an-trap
 .RE
 .sp
 .it 1 an-trap


@@ -381,7 +390,7 @@ uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ct
 \fBHost B:\fR
 .RS 4
 .sp
 \fBHost B:\fR
 .RS 4
 .sp

-uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e right
+uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E have_a_very_safe_and_productive_day \-e right

 .RE
 .SS "One unicast and one anycast tunnel endpoint:"
 .sp
 .RE
 .SS "One unicast and one anycast tunnel endpoint:"
 .sp


@@ -417,4 +426,4 @@ Christian Pointner <equinox@anytun\&.org>
 Main web site: http://www\&.anytun\&.org/
 .SH "COPYING"
 .sp
 Main web site: http://www\&.anytun\&.org/
 .SH "COPYING"
 .sp

-Copyright (C) 2008\-2010 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
+Copyright (C) 2008\-2014 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.

diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt
index 6fde9d2..ed978d4 100644 (file)
--- a/doc/uanytun.8.txt
+++ b/doc/uanytun.8.txt
@@ -51,9 +51,9 @@ DESCRIPTION
 (SATP). It provides a complete VPN solution similar to OpenVPN or
 IPsec in tunnel mode. The main difference is that anycast enables the
 setup of tunnels between an arbitrary combination of anycast, unicast
 (SATP). It provides a complete VPN solution similar to OpenVPN or
 IPsec in tunnel mode. The main difference is that anycast enables the
 setup of tunnels between an arbitrary combination of anycast, unicast

-and multicast hosts. Unlike Anytun which is a full featured implementation 
-uAnytun has no support for multiple connections or synchronisation. It is a 
-small single threaded implementation intended to act as a client on small 
+and multicast hosts. Unlike Anytun which is a full featured implementation
+uAnytun has no support for multiple connections or synchronisation. It is a
+small single threaded implementation intended to act as a client on small

 platforms.
 
 
 platforms.
 
 


@@ -69,7 +69,7 @@ passed to the daemon:
    instead of becoming a daemon which is the default.
 
 *-u, --username '<username>'*::
    instead of becoming a daemon which is the default.
 
 *-u, --username '<username>'*::

-   run as this user. If no group is specified (*-g*) the default group of 
+   run as this user. If no group is specified (*-g*) the default group of

    the user is used. The default is to not drop privileges.
 
 *-g, --groupname '<groupname>'*::
    the user is used. The default is to not drop privileges.
 
 *-g, --groupname '<groupname>'*::


@@ -77,30 +77,30 @@ passed to the daemon:
    The default is to not drop privileges.
 
 *-C, --chroot '<path>'*::
    The default is to not drop privileges.
 
 *-C, --chroot '<path>'*::

-   Instruct *uAnytun* to run in a chroot jail. The default is 
+   Instruct *uAnytun* to run in a chroot jail. The default is

    to not run in chroot.
 
 *-P, --write-pid <filename>*::
    to not run in chroot.
 
 *-P, --write-pid <filename>*::

-   Instruct *uAnytun* to write it's pid to this file. The default is 
+   Instruct *uAnytun* to write it's pid to this file. The default is

    to not create a pid file.
 
 *-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
    add log target to logging system. This can be invoked several times
    to not create a pid file.
 
 *-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
    add log target to logging system. This can be invoked several times

-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
+   in order to log to different targets at the same time. Every target
+   has its own log level which is a number between 0 and 5. Where 0 means

    disabling log and 5 means debug messages are enabled. +
    disabling log and 5 means debug messages are enabled. +

-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
+   The file target can be used more than once with different levels.
+   If no target is provided at the command line a single target with the

    config 'syslog:3,uanytun,daemon' is added. +
    The following targets are supported:
 
    'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
    'file';; log to file, parameters <level>[,<path>]
    'stdout';; log to standard output, parameters <level>
    config 'syslog:3,uanytun,daemon' is added. +
    The following targets are supported:
 
    'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
    'file';; log to file, parameters <level>[,<path>]
    'stdout';; log to standard output, parameters <level>

-   'stderr';; log to standard error, parameters <level> 
+   'stderr';; log to standard error, parameters <level>

 
 *-U, --debug*::
 
 *-U, --debug*::

-   This option instructs *uAnytun* to run in debug mode. It implicits *-D* 
+   This option instructs *uAnytun* to run in debug mode. It implicits *-D*

    (don't daemonize) and adds a log target with the configuration
    'stdout:5' (logging with maximum level). In future releases there might
    be additional output when this option is supplied.
    (don't daemonize) and adds a log target with the configuration
    'stdout:5' (logging with maximum level). In future releases there might
    be additional output when this option is supplied.


@@ -155,7 +155,7 @@ passed to the daemon:
    '<prefix>';; the prefix length of the network
 
 *-x, --post-up-script '<script>'*::
    '<prefix>';; the prefix length of the network
 
 *-x, --post-up-script '<script>'*::

-   This option instructs *uAnytun* to run this script after the interface 
+   This option instructs *uAnytun* to run this script after the interface

    is created. By default no script will be executed.
 
 *-m, --mux '<mux-id>'*::
    is created. By default no script will be executed.
 
 *-m, --mux '<mux-id>'*::


@@ -164,9 +164,9 @@ passed to the daemon:
 *-s, --sender-id '<sender id>'*::
    Each anycast tunnel endpoint needs a unique sender id
    (1, 2, 3, ...). It is needed to distinguish the senders
 *-s, --sender-id '<sender id>'*::
    Each anycast tunnel endpoint needs a unique sender id
    (1, 2, 3, ...). It is needed to distinguish the senders

-   in case of replay attacks. As *uAnytun* does not support 
-   synchronisation it can't be used as an anycast endpoint therefore 
-   this option is quite useless but implemented for compatibility 
+   in case of replay attacks. As *uAnytun* does not support
+   synchronisation it can't be used as an anycast endpoint therefore
+   this option is quite useless but implemented for compatibility

    reasons. default: 0
 
 *-w, --window-size '<window size>'*::
    reasons. default: 0
 
 *-w, --window-size '<window size>'*::


@@ -185,7 +185,7 @@ passed to the daemon:
 
 *-k, --kd--prf '<kd-prf type>'*::
    key derivation pseudo random function +
 
 *-k, --kd--prf '<kd-prf type>'*::
    key derivation pseudo random function +

-   The pseudo random function which is used for calculating the 
+   The pseudo random function which is used for calculating the

    session keys and session salt. +
    Possible values:
 
    session keys and session salt. +
    Possible values:
 


@@ -198,16 +198,16 @@ passed to the daemon:
 *-e, --role '<role>'*::
    SATP uses different session keys for inbound and outbound traffic. The
    role parameter is used to determine which keys to use for outbound or
 *-e, --role '<role>'*::
    SATP uses different session keys for inbound and outbound traffic. The
    role parameter is used to determine which keys to use for outbound or

-   inbound packets. On both sides of a vpn connection different roles have 
-   to be used. Possible values are 'left' and 'right'. You may also use 
-   'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as 
+   inbound packets. On both sides of a vpn connection different roles have
+   to be used. Possible values are 'left' and 'right'. You may also use
+   'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as

    a replacement for 'right'. By default 'left' is used.
 
 *-E, --passphrase '<pass phrase>'*::
    This passphrase is used to generate the master key and master salt.
    a replacement for 'right'. By default 'left' is used.
 
 *-E, --passphrase '<pass phrase>'*::
    This passphrase is used to generate the master key and master salt.

-   For the master key the last n bits of the SHA256 digest of the 
-   passphrase (where n is the length of the master key in bits) is used. 
-   The master salt gets generated with the SHA1 digest. 
+   For the master key the last n bits of the SHA256 digest of the
+   passphrase (where n is the length of the master key in bits) is used.
+   The master salt gets generated with the SHA1 digest.

    You may force a specific key and or salt by using *--key* and *--salt*.
 
 *-K, --key '<master key>'*::
    You may force a specific key and or salt by using *--key* and *--salt*.
 
 *-K, --key '<master key>'*::


@@ -236,7 +236,7 @@ passed to the daemon:
 *-a, --auth-algo '<algo type>'*::
    message authentication algorithm +
    This option sets the message authentication algorithm. +
 *-a, --auth-algo '<algo type>'*::
    message authentication algorithm +
    This option sets the message authentication algorithm. +

-   If HMAC-SHA1 is used, the packet length is increased. The additional bytes 
+   If HMAC-SHA1 is used, the packet length is increased. The additional bytes

    contain the authentication data. see *--auth-tag-length* for more info. +
    Possible values:
 
    contain the authentication data. see *--auth-tag-length* for more info. +
    Possible values:
 


@@ -244,8 +244,8 @@ passed to the daemon:
    'sha1';; HMAC-SHA1, default value
 
 *-b, --auth-tag-length '<length>'*::
    'sha1';; HMAC-SHA1, default value
 
 *-b, --auth-tag-length '<length>'*::

-   The number of bytes to use for the auth tag. This value defaults to 10 bytes 
-   unless the 'null' auth algo is used in which case it defaults to 0. 
+   The number of bytes to use for the auth tag. This value defaults to 10 bytes
+   unless the 'null' auth algo is used in which case it defaults to 0.

 
 
 EXAMPLES
 
 
 EXAMPLES


@@ -257,17 +257,18 @@ P2P Setup between two unicast enpoints:
 Host A:
 ^^^^^^^
 
 Host A:
 ^^^^^^^
 

-uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
+uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256

         -E have_a_very_safe_and_productive_day -e left
 
 Host B:
 ^^^^^^^
         -E have_a_very_safe_and_productive_day -e left
 
 Host B:
 ^^^^^^^

-uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
+uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256

         -E have_a_very_safe_and_productive_day -e right
 
         -E have_a_very_safe_and_productive_day -e right
 

+

 One unicast and one anycast tunnel endpoint:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 One unicast and one anycast tunnel endpoint:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- 
+

 Unicast tunnel endpoint:
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
 Unicast tunnel endpoint:
 ^^^^^^^^^^^^^^^^^^^^^^^^
 


@@ -281,6 +282,7 @@ have to use *Anytun* for that job.
 
 BUGS
 ----
 
 BUGS
 ----

+

 Most likely there are some bugs in *uAnytun*. If you find a bug, please let
 the developers know at uanytun@anytun.org. Of course, patches are preferred.
 
 Most likely there are some bugs in *uAnytun*. If you find a bug, please let
 the developers know at uanytun@anytun.org. Of course, patches are preferred.
 


@@ -300,7 +302,7 @@ Main web site: http://www.anytun.org/
 COPYING
 -------
 
 COPYING
 -------
 

-Copyright \(C) 2008-2010 Christian Pointner. This  program is  free 
-software: you can redistribute it and/or modify it under the terms 
-of the GNU General Public License as published by the Free Software 
+Copyright \(C) 2008-2014 Christian Pointner. This  program is  free
+software: you can redistribute it and/or modify it under the terms
+of the GNU General Public License as published by the Free Software

 Foundation, either version 3 of the License, or any later version.
 Foundation, either version 3 of the License, or any later version.

diff --git a/etc/init.d/uanytun b/etc/init.d/uanytun
index 9c2414a..9071e5a 100755 (executable)
--- a/etc/init.d/uanytun
+++ b/etc/init.d/uanytun
@@ -1,8 +1,8 @@
 #! /bin/sh
 ### BEGIN INIT INFO
 # Provides:          uanytun
 #! /bin/sh
 ### BEGIN INIT INFO
 # Provides:          uanytun

-# Required-Start:    $network $named $syslog
-# Required-Stop:     
+# Required-Start:    $remote_fs $network $named $syslog
+# Required-Stop:     $remote_fs

 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Start anycast tunneling daemon at boot time
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Start anycast tunneling daemon at boot time

diff --git a/src/Makefile b/src/Makefile
index 5ed36d9..feccbaa 100644 (file)
--- a/src/Makefile
+++ b/src/Makefile
@@ -10,12 +10,12 @@
 ##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 ##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 ##  ethernet, ip, arp ...). satp directly includes cryptography and
 ##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 ##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 ##  ethernet, ip, arp ...). satp directly includes cryptography and

-##  message authentication based on the methodes used by SRTP.  It is
+##  message authentication based on the methods used by SRTP.  It is

 ##  intended to deliver a generic, scaleable and secure solution for
 ##  tunneling and relaying of packets of any protocol.
 ##  intended to deliver a generic, scaleable and secure solution for
 ##  tunneling and relaying of packets of any protocol.

-##  

 ##
 ##

-##  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+##
+##  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

 ##
 ##  This file is part of uAnytun.
 ##
 ##
 ##  This file is part of uAnytun.
 ##


@@ -32,6 +32,19 @@
 ##  You should have received a copy of the GNU General Public License
 ##  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
 ##
 ##  You should have received a copy of the GNU General Public License
 ##  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
 ##

+##  In addition, as a special exception, the copyright holders give
+##  permission to link the code of portions of this program with the
+##  OpenSSL library under certain conditions as described in each
+##  individual source file, and distribute linked combinations
+##  including the two.
+##  You must obey the GNU General Public License in all respects
+##  for all of the code used other than OpenSSL.  If you modify
+##  file(s) with this exception, you may extend this exception to your
+##  version of the file(s), but you are not obligated to do so.  If you
+##  do not wish to do so, delete this exception statement from your
+##  version.  If you delete this exception statement from all source
+##  files in the program, then also delete it here.
+##

 
 ifneq ($(MAKECMDGOALS),distclean)
 include include.mk
 
 ifneq ($(MAKECMDGOALS),distclean)
 include include.mk

diff --git a/src/auth_algo.c b/src/auth_algo.c
index b148946..ac102c7 100644 (file)
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -50,7 +63,7 @@ auth_algo_type_t auth_algo_get_type(const char* type)
     return aa_null;
   else if(!strcmp(type, "sha1"))
     return aa_sha1;
     return aa_null;
   else if(!strcmp(type, "sha1"))
     return aa_sha1;

-  
+

   return aa_unknown;
 }
 
   return aa_unknown;
 }
 


@@ -65,7 +78,7 @@ u_int32_t auth_algo_get_max_length(const char* type)
 
 int auth_algo_init(auth_algo_t* aa, const char* type)
 {
 
 int auth_algo_init(auth_algo_t* aa, const char* type)
 {

-  if(!aa) 
+  if(!aa)

     return -1;
 
   aa->type_ = auth_algo_get_type(type);
     return -1;
 
   aa->type_ = auth_algo_get_type(type);


@@ -103,7 +116,7 @@ void auth_algo_close(auth_algo_t* aa)
 
 void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
 {
 
 void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
 {

-  if(!aa) 
+  if(!aa)

     return;
 
   if(aa->type_ == aa_null)
     return;
 
   if(aa->type_ == aa_null)


@@ -118,7 +131,7 @@ void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di
 
 int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
 {
 
 int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
 {

-  if(!aa) 
+  if(!aa)

     return 0;
 
   if(aa->type_ == aa_null)
     return 0;
 
   if(aa->type_ == aa_null)


@@ -152,17 +165,19 @@ int auth_algo_sha1_init(auth_algo_t* aa)
   if(!aa->params_)
     return -2;
 
   if(!aa->params_)
     return -2;
 

+#if defined(USE_SSL_CRYPTO)
+  auth_algo_sha1_param_t* params = aa->params_;
+  HMAC_CTX_init(&params->ctx_);
+  HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#elif defined(USE_NETTLE)
+  // nothing here
+#else  // USE_GCRYPT is the default

   auth_algo_sha1_param_t* params = aa->params_;
   auth_algo_sha1_param_t* params = aa->params_;

-
-#ifndef USE_SSL_CRYPTO

   gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
     log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err));
     return -1;
   gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
     log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err));
     return -1;

-  } 
-#else
-  HMAC_CTX_init(&params->ctx_);
-  HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+  }

 #endif
 
   return 0;
 #endif
 
   return 0;


@@ -174,14 +189,16 @@ void auth_algo_sha1_close(auth_algo_t* aa)
     return;
 
   if(aa->params_) {
     return;
 
   if(aa->params_) {

+#if defined(USE_SSL_CRYPTO)
+    auth_algo_sha1_param_t* params = aa->params_;
+    HMAC_CTX_cleanup(&params->ctx_);
+#elif defined(USE_NETTLE)
+    // nothing here
+#else  // USE_GCRYPT is the default

     auth_algo_sha1_param_t* params = aa->params_;
     auth_algo_sha1_param_t* params = aa->params_;

-
-#ifndef USE_SSL_CRYPTO

     if(params->handle_)
       gcry_md_close(params->handle_);
     if(params->handle_)
       gcry_md_close(params->handle_);

-#else
-    HMAC_CTX_cleanup(&params->ctx_);
-#endif    
+#endif

 
     free(aa->params_);
   }
 
     free(aa->params_);
   }


@@ -207,23 +224,29 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   if(ret < 0)
     return;
 
   if(ret < 0)
     return;
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
+  u_int8_t hmac[SHA1_LENGTH];
+  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+  HMAC_Final(&params->ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+  hmac_sha1_set_key(&params->ctx_, aa->key_.length_, aa->key_.buf_);
+
+  u_int8_t hmac[SHA1_LENGTH];
+  hmac_sha1_update(&params->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet));
+  hmac_sha1_digest(&params->ctx_, SHA1_LENGTH, hmac);
+#else  // USE_GCRYPT is the default

   gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
     return;
   gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
     return;

-  } 
-  
+  }
+

   gcry_md_reset(params->handle_);
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
   u_int8_t* hmac = gcry_md_read(params->handle_, 0);
   gcry_md_reset(params->handle_);
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
   u_int8_t* hmac = gcry_md_read(params->handle_, 0);

-#else
-  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
-
-  u_int8_t hmac[SHA1_LENGTH];
-  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
-  HMAC_Final(&params->ctx_, hmac, NULL);

 #endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
 #endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);


@@ -255,23 +278,29 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   if(ret < 0)
     return 0;
 
   if(ret < 0)
     return 0;
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
+  u_int8_t hmac[SHA1_LENGTH];
+  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+  HMAC_Final(&params->ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+  hmac_sha1_set_key(&params->ctx_, aa->key_.length_, aa->key_.buf_);
+
+  u_int8_t hmac[SHA1_LENGTH];
+  hmac_sha1_update(&params->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet));
+  hmac_sha1_digest(&params->ctx_, SHA1_LENGTH, hmac);
+#else  // USE_GCRYPT is the default

   gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
     return -1;
   gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
     return -1;

-  } 
+  }

 
   gcry_md_reset(params->handle_);
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
   u_int8_t* hmac = gcry_md_read(params->handle_, 0);
 
   gcry_md_reset(params->handle_);
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
   u_int8_t* hmac = gcry_md_read(params->handle_, 0);

-#else
-  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
-
-  u_int8_t hmac[SHA1_LENGTH];
-  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
-  HMAC_Final(&params->ctx_, hmac, NULL);

 #endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
 #endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);


@@ -280,11 +309,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   if(length > SHA1_LENGTH) {
     u_int32_t i;
     for(i=0; i < (encrypted_packet_get_auth_tag_length(packet) - SHA1_LENGTH); ++i)
   if(length > SHA1_LENGTH) {
     u_int32_t i;
     for(i=0; i < (encrypted_packet_get_auth_tag_length(packet) - SHA1_LENGTH); ++i)

-      if(tag[i]) return 0; 
+      if(tag[i]) return 0;

   }
   }

-  
+

   int result = memcmp(&tag[encrypted_packet_get_auth_tag_length(packet) - length], &hmac[SHA1_LENGTH - length], length);
   int result = memcmp(&tag[encrypted_packet_get_auth_tag_length(packet) - length], &hmac[SHA1_LENGTH - length], length);

-  
+

   if(result)
     return 0;
 
   if(result)
     return 0;
 

diff --git a/src/auth_algo.h b/src/auth_algo.h
index 1007955..d1e5178 100644 (file)
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,15 +31,30 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_auth_algo_h_INCLUDED
 #define UANYTUN_auth_algo_h_INCLUDED
 
  */
 
 #ifndef UANYTUN_auth_algo_h_INCLUDED
 #define UANYTUN_auth_algo_h_INCLUDED
 

-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#if defined(USE_SSL_CRYPTO)

 #include <openssl/hmac.h>
 #include <openssl/hmac.h>

+#elif defined(USE_NETTLE)
+#include <nettle/hmac.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>

 #endif
 #include "key_derivation.h"
 #include "encrypted_packet.h"
 #endif
 #include "key_derivation.h"
 #include "encrypted_packet.h"


@@ -66,10 +81,12 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di
 #define SHA1_LENGTH 20
 
 struct auth_algo_sha1_param_struct {
 #define SHA1_LENGTH 20
 
 struct auth_algo_sha1_param_struct {

-#ifndef USE_SSL_CRYPTO
-  gcry_md_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)

   HMAC_CTX ctx_;
   HMAC_CTX ctx_;

+#elif defined(USE_NETTLE)
+  struct hmac_sha1_ctx ctx_;
+#else  // USE_GCRYPT is the default
+  gcry_md_hd_t handle_;

 #endif
 };
 typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
 #endif
 };
 typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;

diff --git a/src/bsd/tun.c b/src/bsd/tun.c
index a995c35..a469c58 100644 (file)
--- a/src/bsd/tun.c
+++ b/src/bsd/tun.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -58,9 +71,9 @@
 
 int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix)
 {
 
 int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix)
 {

-  if(!dev) 
+  if(!dev)

     return -1;
     return -1;

- 
+

   tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400);
   dev->actual_name_ = NULL;
 
   tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400);
   dev->actual_name_ = NULL;
 


@@ -109,7 +122,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons
         tun_close(dev);
         return -2;
       }
         tun_close(dev);
         return -2;
       }

-        
+

       dev->fd_ = open(device_file_tmp, O_RDWR);
       free(device_file_tmp);
       if(dev->fd_ >= 0)
       dev->fd_ = open(device_file_tmp, O_RDWR);
       free(device_file_tmp);
       if(dev->fd_ >= 0)


@@ -125,7 +138,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons
       log_printf(ERROR, "can't open device file dynamically: no unused node left");
     else
       log_printf(ERROR, "can't open device file (%s): %s", device_file, strerror(errno));
       log_printf(ERROR, "can't open device file dynamically: no unused node left");
     else
       log_printf(ERROR, "can't open device file (%s): %s", device_file, strerror(errno));

-    
+

     tun_close(dev);
     return -1;
   }
     tun_close(dev);
     return -1;
   }


@@ -164,18 +177,18 @@ int tun_init_post(tun_device_t* dev)
   dev->with_pi_ = 1;
   if(dev->type_ == TYPE_TAP)
     dev->with_pi_ = 0;
   dev->with_pi_ = 1;
   if(dev->type_ == TYPE_TAP)
     dev->with_pi_ = 0;

-  
-  struct tuninfo ti;  
+
+  struct tuninfo ti;

 
   if(ioctl(dev->fd_, TUNGIFINFO, &ti) < 0) {
     log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno));
     return -1;
 
   if(ioctl(dev->fd_, TUNGIFINFO, &ti) < 0) {
     log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno));
     return -1;

-  }  
+  }

 
   ti.flags |= IFF_MULTICAST;
   if(dev->type_ == TYPE_TUN)
     ti.flags &= ~IFF_POINTOPOINT;
 
   ti.flags |= IFF_MULTICAST;
   if(dev->type_ == TYPE_TUN)
     ti.flags &= ~IFF_POINTOPOINT;

-  
+

   if(ioctl(dev->fd_, TUNSIFINFO, &ti) < 0) {
     log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno));
     return -1;
   if(ioctl(dev->fd_, TUNSIFINFO, &ti) < 0) {
     log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno));
     return -1;


@@ -199,20 +212,20 @@ int tun_init_post(tun_device_t* dev)
     if(ioctl(dev->fd_, TUNSLMODE, &arg) < 0) {
       log_printf(ERROR, "can't disable link-layer mode for interface: %s", strerror(errno));
       return -1;
     if(ioctl(dev->fd_, TUNSLMODE, &arg) < 0) {
       log_printf(ERROR, "can't disable link-layer mode for interface: %s", strerror(errno));
       return -1;

-    }  
+    }

 
     arg = 1;
     if(ioctl(dev->fd_, TUNSIFHEAD, &arg) < 0) {
       log_printf(ERROR, "can't enable multi-af mode for interface: %s", strerror(errno));
       return -1;
 
     arg = 1;
     if(ioctl(dev->fd_, TUNSIFHEAD, &arg) < 0) {
       log_printf(ERROR, "can't enable multi-af mode for interface: %s", strerror(errno));
       return -1;

-    }  
+    }

 
     arg = IFF_BROADCAST;
     arg |= IFF_MULTICAST;
     if(ioctl(dev->fd_, TUNSIFMODE, &arg) < 0) {
       log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno));
       return -1;
 
     arg = IFF_BROADCAST;
     arg |= IFF_MULTICAST;
     if(ioctl(dev->fd_, TUNSIFMODE, &arg) < 0) {
       log_printf(ERROR, "can't enable multicast for interface: %s", strerror(errno));
       return -1;

-    }  
+    }

   }
 
   return 0;
   }
 
   return 0;


@@ -268,7 +281,7 @@ int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len)
   {
     struct iovec iov[2];
     u_int32_t type;
   {
     struct iovec iov[2];
     u_int32_t type;

-    
+

     iov[0].iov_base = &type;
     iov[0].iov_len = sizeof(type);
     iov[1].iov_base = buf;
     iov[0].iov_base = &type;
     iov[0].iov_len = sizeof(type);
     iov[1].iov_base = buf;


@@ -292,13 +305,13 @@ int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len)
     struct iovec iov[2];
     u_int32_t type;
     struct ip *hdr = (struct ip*)buf;
     struct iovec iov[2];
     u_int32_t type;
     struct ip *hdr = (struct ip*)buf;

-    
+

     type = 0;
     if(hdr->ip_v == 4)
       type = htonl(AF_INET);
     else
       type = htonl(AF_INET6);
     type = 0;
     if(hdr->ip_v == 4)
       type = htonl(AF_INET);
     else
       type = htonl(AF_INET6);

-    
+

     iov[0].iov_base = &type;
     iov[0].iov_len = sizeof(type);
     iov[1].iov_base = buf;
     iov[0].iov_base = &type;
     iov[0].iov_len = sizeof(type);
     iov[1].iov_base = buf;

diff --git a/src/cipher.c b/src/cipher.c
index 8913f64..f87e2cf 100644 (file)
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -39,6 +52,9 @@
 #include "encrypted_packet.h"
 
 #include "cipher.h"
 #include "encrypted_packet.h"
 
 #include "cipher.h"

+#if defined(USE_NETTLE)
+#include <nettle/ctr.h>
+#endif

 
 #include "log.h"
 
 
 #include "log.h"
 


@@ -47,7 +63,7 @@
 
 int cipher_init(cipher_t* c, const char* type)
 {
 
 int cipher_init(cipher_t* c, const char* type)
 {

-  if(!c) 
+  if(!c)

     return -1;
 
   c->key_length_ = 0;
     return -1;
 
   c->key_length_ = 0;


@@ -61,7 +77,7 @@ int cipher_init(cipher_t* c, const char* type)
     if(type[7] == 0) {
       c->key_length_ = C_AESCTR_DEFAULT_KEY_LENGTH;
     }
     if(type[7] == 0) {
       c->key_length_ = C_AESCTR_DEFAULT_KEY_LENGTH;
     }

-    else if(type[7] != '-') 
+    else if(type[7] != '-')

       return -1;
     else {
       const char* tmp = &type[8];
       return -1;
     else {
       const char* tmp = &type[8];


@@ -113,12 +129,12 @@ void cipher_close(cipher_t* c)
 
 int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
 
 int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {

-  if(!c) 
+  if(!c)

     return -1;
 
     return -1;
 

-       int32_t len;
+  int32_t len;

   if(c->type_ == c_null)
   if(c->type_ == c_null)

-    len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in), 
+    len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in),

                             encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out));
 #ifndef NO_CRYPT
   else if(c->type_ == c_aes_ctr)
                             encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out));
 #ifndef NO_CRYPT
   else if(c->type_ == c_aes_ctr)


@@ -134,7 +150,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir,
   if(len < 0)
     return 0;
 
   if(len < 0)
     return 0;
 

-       encrypted_packet_set_sender_id(out, sender_id);
+  encrypted_packet_set_sender_id(out, sender_id);

   encrypted_packet_set_seq_nr(out, seq_nr);
   encrypted_packet_set_mux(out, mux);
 
   encrypted_packet_set_seq_nr(out, seq_nr);
   encrypted_packet_set_mux(out, mux);
 


@@ -145,10 +161,10 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir,
 
 int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out)
 {
 
 int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out)
 {

-  if(!c) 
+  if(!c)

     return -1;
 
     return -1;
 

-       int32_t len;
+  int32_t len;

   if(c->type_ == c_null)
     len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
                             plain_packet_get_packet(out), plain_packet_get_length(out));
   if(c->type_ == c_null)
     len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
                             plain_packet_get_packet(out), plain_packet_get_length(out));


@@ -163,11 +179,11 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir,
     log_printf(ERROR, "unknown cipher type");
     return -1;
   }
     log_printf(ERROR, "unknown cipher type");
     return -1;
   }

-  
+

   if(len < 0)
     return 0;
 
   if(len < 0)
     return 0;
 

-       plain_packet_set_length(out, len);
+  plain_packet_set_length(out, len);

 
   return 0;
 }
 
   return 0;
 }


@@ -176,7 +192,7 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir,
 
 int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen)
 {
 
 int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen)
 {

-       memcpy(out, in, (ilen < olen) ? ilen : olen);
+  memcpy(out, in, (ilen < olen) ? ilen : olen);

   return (ilen < olen) ? ilen : olen;
 }
 
   return (ilen < olen) ? ilen : olen;
 }
 


@@ -210,9 +226,11 @@ int cipher_aesctr_init(cipher_t* c)
   if(!c->params_)
     return -2;
 
   if(!c->params_)
     return -2;
 

-  cipher_aesctr_param_t* params = c->params_;
-
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  // nothing here
+#elif defined(USE_NETTLE)
+  // nothing here
+#else  // USE_GCRYPT is the default

   int algo;
   switch(c->key_length_) {
   case 128: algo = GCRY_CIPHER_AES128; break;
   int algo;
   switch(c->key_length_) {
   case 128: algo = GCRY_CIPHER_AES128; break;


@@ -224,11 +242,12 @@ int cipher_aesctr_init(cipher_t* c)
   }
   }
 
   }
   }
 

+  cipher_aesctr_param_t* params = c->params_;

   gcry_error_t err = gcry_cipher_open(&params->handle_, algo, GCRY_CIPHER_MODE_CTR, 0);
   if(err) {
     log_printf(ERROR, "failed to open cipher: %s", gcry_strerror(err));
     return -1;
   gcry_error_t err = gcry_cipher_open(&params->handle_, algo, GCRY_CIPHER_MODE_CTR, 0);
   if(err) {
     log_printf(ERROR, "failed to open cipher: %s", gcry_strerror(err));
     return -1;

-  } 
+  }

 #endif
 
   return 0;
 #endif
 
   return 0;


@@ -240,13 +259,14 @@ void cipher_aesctr_close(cipher_t* c)
     return;
 
   if(c->params_) {
     return;
 
   if(c->params_) {

+#if defined(USE_SSL_CRYPTO)
+    // nothing here
+#elif defined(USE_NETTLE)
+    // nothing here
+#else  // USE_GCRYPT is the default

     cipher_aesctr_param_t* params = c->params_;
     cipher_aesctr_param_t* params = c->params_;

-
-#ifndef USE_SSL_CRYPTO
-    if(params->handle_)
-      gcry_cipher_close(params->handle_);
+    gcry_cipher_close(params->handle_);

 #endif
 #endif

-

     free(c->params_);
   }
 }
     free(c->params_);
   }
 }


@@ -255,7 +275,7 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir
 {
   if(!c || !c->params_)
     return -1;
 {
   if(!c || !c->params_)
     return -1;

-  
+

   cipher_aesctr_param_t* params = c->params_;
 
   int ret = key_derivation_generate(kd, dir, LABEL_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
   cipher_aesctr_param_t* params = c->params_;
 
   int ret = key_derivation_generate(kd, dir, LABEL_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH);


@@ -288,14 +308,16 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
   int ret = key_derivation_generate(kd, dir, LABEL_ENC, seq_nr, c->key_.buf_, c->key_.length_);
   if(ret < 0)
     return ret;
   int ret = key_derivation_generate(kd, dir, LABEL_ENC, seq_nr, c->key_.buf_, c->key_.length_);
   if(ret < 0)
     return ret;

-  
-#ifdef USE_SSL_CRYPTO
+
+#if defined(USE_SSL_CRYPTO)

   ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, &params->aes_key_);
   if(ret) {
   ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, &params->aes_key_);
   if(ret) {

-    log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret);
+    log_printf(ERROR, "failed to set cipher key (code: %d)", ret);

     return -1;
   }
     return -1;
   }

-#else
+#elif defined(USE_NETTLE)
+  aes_set_encrypt_key(&params->ctx_, c->key_.length_, c->key_.buf_);
+#else  // USE_GCRYPT is the default

   gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err));
   gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err));


@@ -308,8 +330,22 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
     log_printf(ERROR, "failed to calculate cipher CTR");
     return ret;
   }
     log_printf(ERROR, "failed to calculate cipher CTR");
     return ret;
   }

-  
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_SSL_CRYPTO)
+  if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+    log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
+    return -1;
+  }
+  u_int32_t num = 0;
+  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+#elif defined(USE_NETTLE)
+  if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+    log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
+    return -1;
+  }
+  ctr_crypt(&params->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, (ilen < olen) ? ilen : olen, out, in);
+#else  // USE_GCRYPT is the default

   err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH);
   if(err) {
     log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err));
   err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH);
   if(err) {
     log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err));


@@ -321,16 +357,8 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
     log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err));
     return -1;
   }
     log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err));
     return -1;
   }

-#else
-  if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
-    log_printf(ERROR, "failed to set cipher CTR: size don't fits");
-    return -1;
-  }
-  u_int32_t num = 0;
-  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
-  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);

 #endif
 
 #endif
 

-  return (ilen < olen) ? ilen : olen;  
+  return (ilen < olen) ? ilen : olen;

 }
 #endif
 }
 #endif

diff --git a/src/cipher.h b/src/cipher.h
index e33d815..570df8d 100644 (file)
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,16 +31,31 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_cipher_h_INCLUDED
 #define UANYTUN_cipher_h_INCLUDED
 
 #ifndef NO_CRYPT
  */
 
 #ifndef UANYTUN_cipher_h_INCLUDED
 #define UANYTUN_cipher_h_INCLUDED
 
 #ifndef NO_CRYPT

-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#if defined(USE_SSL_CRYPTO)

 #include <openssl/aes.h>
 #include <openssl/aes.h>

+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>

 #endif
 #include "key_derivation.h"
 #else
 #endif
 #include "key_derivation.h"
 #else


@@ -94,11 +109,13 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union {
 typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t;
 
 struct cipher_aesctr_param_struct {
 typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t;
 
 struct cipher_aesctr_param_struct {

-#ifndef USE_SSL_CRYPTO
-  gcry_cipher_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)

   AES_KEY aes_key_;
   u_int8_t ecount_buf_[AES_BLOCK_SIZE];
   AES_KEY aes_key_;
   u_int8_t ecount_buf_[AES_BLOCK_SIZE];

+#elif defined(USE_NETTLE)
+  struct aes_ctx ctx_;
+#else  // USE_GCRYPT is the default
+  gcry_cipher_hd_t handle_;

 #endif
   cipher_aesctr_ctr_t ctr_;
 };
 #endif
   cipher_aesctr_ctr_t ctr_;
 };

diff --git a/src/configure b/src/configure
index ee80582..16d5cc7 100755 (executable)
--- a/src/configure
+++ b/src/configure
@@ -11,12 +11,12 @@
 #  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 #  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 #  ethernet, ip, arp ...). satp directly includes cryptography and
 #  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 #  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 #  ethernet, ip, arp ...). satp directly includes cryptography and

-#  message authentication based on the methodes used by SRTP.  It is
+#  message authentication based on the methods used by SRTP.  It is

 #  intended to deliver a generic, scaleable and secure solution for
 #  tunneling and relaying of packets of any protocol.
 #  intended to deliver a generic, scaleable and secure solution for
 #  tunneling and relaying of packets of any protocol.

-#  

 #
 #

-#  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+#
+#  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

 #
 #  This file is part of uAnytun.
 #
 #
 #  This file is part of uAnytun.
 #


@@ -33,13 +33,24 @@
 #  You should have received a copy of the GNU General Public License
 #  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
 #

+#   In addition, as a special exception, the copyright holders give
+#   permission to link the code of portions of this program with the
+#   OpenSSL library under certain conditions as described in each
+#   individual source file, and distribute linked combinations
+#   including the two.
+#   You must obey the GNU General Public License in all respects
+#   for all of the code used other than OpenSSL.  If you modify
+#   file(s) with this exception, you may extend this exception to your
+#   version of the file(s), but you are not obligated to do so.  If you
+#   do not wish to do so, delete this exception statement from your
+#   version.  If you delete this exception statement from all source
+#   files in the program, then also delete it here.
+#

 
 TARGET=`uname -s`
 
 TARGET=`uname -s`

-

 EBUILD_COMPAT=0
 
 EBUILD_COMPAT=0
 

-CFLAGS='-g -O2'
-LDFLAGS='-g -Wall -O2'
+USE_CLANG=0

 
 CRYPTO_LIB='gcrypt'
 PASSPHRASE=1
 
 CRYPTO_LIB='gcrypt'
 PASSPHRASE=1


@@ -62,10 +73,13 @@ print_usage() {
   echo "          --no-manpage              dont't install manpage"
   echo "          --examplesdir=<DIR>       the path to the examples files (default: $PREFIX/share/examples)"
   echo "          --no-examples             dont't install example files"
   echo "          --no-manpage              dont't install manpage"
   echo "          --examplesdir=<DIR>       the path to the examples files (default: $PREFIX/share/examples)"
   echo "          --no-examples             dont't install example files"

-  echo "          --use-ssl-crypto          use ssl crypto library instead of libgcrypt"
+  echo "          --use-gcrypt              use libgcrypt (this is the default)"
+  echo "          --use-nettle              use libnettle instead of libgcrypt"
+  echo "          --use-ssl-crypto          use openssl crypto library instead of libgcrypt"

   echo "          --no-crypto               disable crypto at all (only NULL cipher)"
   echo "          --disable-passphrase      disable master key and salt passphrase"
   echo "          --enable-passphrase       enable master key and salt passphrase"
   echo "          --no-crypto               disable crypto at all (only NULL cipher)"
   echo "          --disable-passphrase      disable master key and salt passphrase"
   echo "          --enable-passphrase       enable master key and salt passphrase"

+  echo "          --use-clang               use clang/llvm as compiler/linker"

 }
 
 for arg
 }
 
 for arg


@@ -74,6 +88,9 @@ do
   --target=*)
     TARGET=${arg#--target=}
   ;;
   --target=*)
     TARGET=${arg#--target=}
   ;;

+  --use-clang)
+    USE_CLANG=1
+  ;;

   --prefix=*)
     PREFIX=${arg#--prefix=}
   ;;
   --prefix=*)
     PREFIX=${arg#--prefix=}
   ;;


@@ -95,12 +112,18 @@ do
   --no-examples)
     INSTALLEXAMPLES=0
   ;;
   --no-examples)
     INSTALLEXAMPLES=0
   ;;

+  --use-gcrypt)
+    CRYPTO_LIB='gcrypt'
+  ;;
+  --use-nettle)
+    CRYPTO_LIB='nettle'
+  ;;

   --use-ssl-crypto)
     CRYPTO_LIB='ssl'
   ;;
   --no-crypto)
     CRYPTO_LIB='none'
   --use-ssl-crypto)
     CRYPTO_LIB='ssl'
   ;;
   --no-crypto)
     CRYPTO_LIB='none'

-  ;; 
+  ;;

   --disable-passphrase)
     PASSPHRASE=0
   ;;
   --disable-passphrase)
     PASSPHRASE=0
   ;;


@@ -129,9 +152,19 @@ if [ -n "$ERRORS" ] && [ $EBUILD_COMPAT -ne 1 ]; then
   exit 1
 fi
 
   exit 1
 fi
 

+if [ $USE_CLANG -eq 0 ]; then
+  CFLAGS='-g -Wall -O2'
+  LDFLAGS='-g -Wall -O2'
+  COMPILER='gcc'
+else
+  CFLAGS='-g -O2'
+  LDFLAGS='-g -O2'
+  COMPILER='clang'
+fi
+

 rm -f version.h
 rm -f include.mk
 rm -f version.h
 rm -f include.mk

-case $TARGET in 
+case $TARGET in

   Linux)
     rm -f tun.c
     ln -sf linux/tun.c
   Linux)
     rm -f tun.c
     ln -sf linux/tun.c


@@ -153,8 +186,14 @@ esac
 
 case $CRYPTO_LIB in
   gcrypt)
 
 case $CRYPTO_LIB in
   gcrypt)

+    CFLAGS=$CFLAGS' -DUSE_GCRYPT'

     LDFLAGS=$LDFLAGS' -lgcrypt'
     LDFLAGS=$LDFLAGS' -lgcrypt'

-    echo "using libgcrypt library"
+    echo "using gcrypt library"
+  ;;
+  nettle)
+    CFLAGS=$CFLAGS' -DUSE_NETTLE'
+    LDFLAGS=$LDFLAGS' -lnettle'
+    echo "using nettle library"

   ;;
   ssl)
     CFLAGS=$CFLAGS' -DUSE_SSL_CRYPTO'
   ;;
   ssl)
     CFLAGS=$CFLAGS' -DUSE_SSL_CRYPTO'


@@ -163,7 +202,6 @@ case $CRYPTO_LIB in
   ;;
   none)
     CFLAGS=$CFLAGS' -DNO_CRYPT'
   ;;
   none)
     CFLAGS=$CFLAGS' -DNO_CRYPT'

-    echo "NO_CRYPT_OBJ = 1" >> include.mk

     echo "disabling crypto"
   ;;
 esac
     echo "disabling crypto"
   ;;
 esac


@@ -189,13 +227,13 @@ if [ -z "$EXAMPLESDIR" ]; then
   EXAMPLESDIR=$PREFIX/share/examples
 fi
 
   EXAMPLESDIR=$PREFIX/share/examples
 fi
 

-cat >> include.mk <<EOF
+cat > include.mk <<EOF

 # this file was created automatically
 # this file was created automatically

-# do not edit this file directly 
+# do not edit this file directly

 # use ./configure instead
 
 TARGET := $TARGET
 # use ./configure instead
 
 TARGET := $TARGET

-CC := gcc
+CC := $COMPILER

 CFLAGS := $CFLAGS
 LDFLAGS := $LDFLAGS
 STRIP := strip
 CFLAGS := $CFLAGS
 LDFLAGS := $LDFLAGS
 STRIP := strip


@@ -206,6 +244,10 @@ SBINDIR := $SBINDIR
 ETCDIR := $ETCDIR
 EOF
 
 ETCDIR := $ETCDIR
 EOF
 

+if [ $CRYPTO_LIB = "none" ]; then
+  echo "NO_CRYPT_OBJ = 1" >> include.mk
+fi
+

 if [ $INSTALLMANPAGE -eq 1 ]; then
   echo "MANDIR := $MANDIR" >> include.mk
   echo "installing manpage"
 if [ $INSTALLMANPAGE -eq 1 ]; then
   echo "MANDIR := $MANDIR" >> include.mk
   echo "installing manpage"


@@ -222,7 +264,7 @@ fi
 
 VERSION=`cat ../version`
 if which svn >/dev/null; then
 
 VERSION=`cat ../version`
 if which svn >/dev/null; then

-  SVN_REV=`svn info | grep "^Revision: " | awk '{print($2)}'`
+  SVN_REV=`svn info 2> /dev/null | grep "^Revision: " | awk '{print($2)}'`

   if [ -n "$SVN_REV" ]; then
     VERSION="$VERSION (svn$SVN_REV)"
   fi
   if [ -n "$SVN_REV" ]; then
     VERSION="$VERSION (svn$SVN_REV)"
   fi


@@ -230,8 +272,8 @@ fi
 HOSTNAME=`hostname`
 DATE=`date +"%d.%m.%Y %H:%M:%S %Z"`
 
 HOSTNAME=`hostname`
 DATE=`date +"%d.%m.%Y %H:%M:%S %Z"`
 

-cat >> version.h <<EOF
-/* 
+cat > version.h <<EOF
+/*

  * uanytun version info
  *
  * this file was created automatically
  * uanytun version info
  *
  * this file was created automatically

diff --git a/src/daemon.h b/src/daemon.h
index 04a4d4f..9a477a7 100644 (file)
--- a/src/daemon.h
+++ b/src/daemon.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_daemon_h_INCLUDED
  */
 
 #ifndef UANYTUN_daemon_h_INCLUDED


@@ -60,7 +73,7 @@ int priv_init(priv_info_t* priv, const char* username, const char* groupname)
 
   priv->pw_ = getpwnam(username);
   if(!priv->pw_) {
 
   priv->pw_ = getpwnam(username);
   if(!priv->pw_) {

-    log_printf(ERROR, "unkown user %s", username);
+    log_printf(ERROR, "unknown user %s", username);

     return -1;
   }
 
     return -1;
   }
 


@@ -70,7 +83,7 @@ int priv_init(priv_info_t* priv, const char* username, const char* groupname)
     priv->gr_ = getgrgid(priv->pw_->pw_gid);
 
   if(!priv->gr_) {
     priv->gr_ = getgrgid(priv->pw_->pw_gid);
 
   if(!priv->gr_) {

-    log_printf(ERROR, "unkown group %s", groupname);
+    log_printf(ERROR, "unknown group %s", groupname);

     return -1;
   }
 
     return -1;
   }
 


@@ -122,6 +135,8 @@ int do_chroot(const char* chrootdir)
     log_printf(ERROR, "can't change to /: %s", strerror(errno));
     return -1;
   }
     log_printf(ERROR, "can't change to /: %s", strerror(errno));
     return -1;
   }

+
+  return 0;

 }
 
 void daemonize()
 }
 
 void daemonize()


@@ -170,4 +185,3 @@ void daemonize()
 }
 
 #endif
 }
 
 #endif

-

diff --git a/src/datatypes.h b/src/datatypes.h
index 0105062..58434c8 100644 (file)
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_datatypes_h_INCLUDED
  */
 
 #ifndef UANYTUN_datatypes_h_INCLUDED

diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c
index 12f04ef..2d46f40 100644 (file)
--- a/src/encrypted_packet.c
+++ b/src/encrypted_packet.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -188,7 +201,7 @@ mux_t encrypted_packet_get_mux(encrypted_packet_t* packet)
 {
   if(!packet)
     return 0;
 {
   if(!packet)
     return 0;

-  
+

   return MUX_T_NTOH(packet->data_.header_.mux_);
 }
 
   return MUX_T_NTOH(packet->data_.header_.mux_);
 }
 

diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h
index 4afe323..3f66f12 100644 (file)
--- a/src/encrypted_packet.h
+++ b/src/encrypted_packet.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_encrypted_packet_h_INCLUDED
  */
 
 #ifndef UANYTUN_encrypted_packet_h_INCLUDED

diff --git a/src/init_crypt.h b/src/init_crypt.h
index 2461a54..b0c6a49 100644 (file)
--- a/src/init_crypt.h
+++ b/src/init_crypt.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_init_crypt_h_INCLUDED
  */
 
 #ifndef UANYTUN_init_crypt_h_INCLUDED


@@ -48,13 +61,29 @@ int init_crypt()
 #else
 
 
 #else
 
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+
+int init_crypt()
+{
+// nothing here
+  return 0;
+}
+
+#elif defined(USE_NETTLE)
+
+int init_crypt()
+{
+// nothing here
+  return 0;
+}
+
+#else  // USE_GCRYPT is the default

 
 #include <gcrypt.h>
 
 #define MIN_GCRYPT_VERSION "1.2.0"
 
 
 #include <gcrypt.h>
 
 #define MIN_GCRYPT_VERSION "1.2.0"
 

-int init_crypt() 
+int init_crypt()

 {
   if(!gcry_check_version(MIN_GCRYPT_VERSION)) {
     log_printf(NOTICE, "invalid Version of libgcrypt, should be >= %s", MIN_GCRYPT_VERSION);
 {
   if(!gcry_check_version(MIN_GCRYPT_VERSION)) {
     log_printf(NOTICE, "invalid Version of libgcrypt, should be >= %s", MIN_GCRYPT_VERSION);


@@ -77,14 +106,6 @@ int init_crypt()
   return 0;
 }
 
   return 0;
 }
 

-#else
-
-int init_crypt()
-{
-// nothing here 
-  return 0;
-}
-

 #endif
 
 
 #endif
 
 

diff --git a/src/key_derivation.c b/src/key_derivation.c
index a01695b..f2d8548 100644 (file)
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,14 +31,31 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
 
 #include "key_derivation.h"
 
  */
 
 #include "datatypes.h"
 
 #include "key_derivation.h"
 

-#ifdef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)

 #include <openssl/sha.h>
 #include <openssl/sha.h>

+#elif defined(USE_NETTLE)
+#include <nettle/sha1.h>
+#include <nettle/sha2.h>
+#include <nettle/ctr.h>

 #endif
 
 #include "log.h"
 #endif
 
 #include "log.h"


@@ -48,7 +65,7 @@
 
 int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
 {
 
 int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
 {

-  if(!kd) 
+  if(!kd)

     return -1;
 
   kd->role_ = role;
     return -1;
 
   kd->role_ = role;


@@ -62,7 +79,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, con
     if(type[7] == 0) {
       kd->key_length_ = KD_AESCTR_DEFAULT_KEY_LENGTH;
     }
     if(type[7] == 0) {
       kd->key_length_ = KD_AESCTR_DEFAULT_KEY_LENGTH;
     }

-    else if(type[7] != '-') 
+    else if(type[7] != '-')

       return -1;
     else {
       const char* tmp = &type[8];
       return -1;
     else {
       const char* tmp = &type[8];


@@ -127,7 +144,7 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr
   if(kd->master_key_.buf_) {
     log_printf(WARNING, "master key and passphrase provided, ignoring passphrase");
     return 0;
   if(kd->master_key_.buf_) {
     log_printf(WARNING, "master key and passphrase provided, ignoring passphrase");
     return 0;

-  }    
+  }

   log_printf(NOTICE, "using passphrase to generate master key");
 
   if(!key_length || (key_length % 8)) {
   log_printf(NOTICE, "using passphrase to generate master key");
 
   if(!key_length || (key_length % 8)) {


@@ -135,30 +152,39 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr
     return -1;
   }
 
     return -1;
   }
 

-#ifndef USE_SSL_CRYPTO
-  if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) {
-#else
+#if defined(USE_SSL_CRYPTO)

   if(key_length > (SHA256_DIGEST_LENGTH * 8)) {
   if(key_length > (SHA256_DIGEST_LENGTH * 8)) {

+#elif defined(USE_NETTLE)
+  if(key_length > (SHA256_DIGEST_SIZE * 8)) {
+#else  // USE_GCRYPT is the default
+  if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) {

 #endif
     log_printf(ERROR, "master key too long for passphrase algorithm");
     return -1;
   }
 
   buffer_t digest;
 #endif
     log_printf(ERROR, "master key too long for passphrase algorithm");
     return -1;
   }
 
   buffer_t digest;

-#ifndef USE_SSL_CRYPTO
-  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
-#else
+#if defined(USE_SSL_CRYPTO)

   digest.length_ = SHA256_DIGEST_LENGTH;
   digest.length_ = SHA256_DIGEST_LENGTH;

+#elif defined(USE_NETTLE)
+  digest.length_ = SHA256_DIGEST_SIZE;
+#else  // USE_GCRYPT is the default
+  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256);

 #endif
   digest.buf_ = malloc(digest.length_);
   if(!digest.buf_)
     return -2;
 
 
 #endif
   digest.buf_ = malloc(digest.length_);
   if(!digest.buf_)
     return -2;
 
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
+#elif defined(USE_NETTLE)
+  struct sha256_ctx ctx;
+  sha256_init(&ctx);
+  sha256_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase);
+  sha256_digest(&ctx, digest.length_, digest.buf_);
+#else  // USE_GCRYPT is the default

   gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));
   gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));

-#else
-  SHA256(passphrase, strlen(passphrase), digest.buf_);

 #endif
 
   kd->master_key_.length_ = key_length/8;
 #endif
 
   kd->master_key_.length_ = key_length/8;


@@ -183,7 +209,7 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
   if(kd->master_salt_.buf_) {
     log_printf(WARNING, "master salt and passphrase provided, ignoring passphrase");
     return 0;
   if(kd->master_salt_.buf_) {
     log_printf(WARNING, "master salt and passphrase provided, ignoring passphrase");
     return 0;

-  }    
+  }

   log_printf(NOTICE, "using passphrase to generate master salt");
 
   if(!salt_length || (salt_length % 8)) {
   log_printf(NOTICE, "using passphrase to generate master salt");
 
   if(!salt_length || (salt_length % 8)) {


@@ -191,29 +217,38 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
     return -1;
   }
 
     return -1;
   }
 

-#ifndef USE_SSL_CRYPTO
-  if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) {
-#else
+#if defined(USE_SSL_CRYPTO)

   if(salt_length > (SHA_DIGEST_LENGTH * 8)) {
   if(salt_length > (SHA_DIGEST_LENGTH * 8)) {

+#elif defined(USE_NETTLE)
+  if(salt_length > (SHA1_DIGEST_SIZE * 8)) {
+#else  // USE_GCRYPT is the default
+  if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) {

 #endif
     log_printf(ERROR, "master salt too long for passphrase algorithm");
     return -1;
   }
 
   buffer_t digest;
 #endif
     log_printf(ERROR, "master salt too long for passphrase algorithm");
     return -1;
   }
 
   buffer_t digest;

-#ifndef USE_SSL_CRYPTO
-  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
-#else
+#if defined(USE_SSL_CRYPTO)

   digest.length_ = SHA_DIGEST_LENGTH;
   digest.length_ = SHA_DIGEST_LENGTH;

+#elif defined(USE_NETTLE)
+  digest.length_ = SHA1_DIGEST_SIZE;
+#else  // USE_GCRYPT is the default
+  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1);

 #endif
   digest.buf_ = malloc(digest.length_);
   if(!digest.buf_)
     return -2;
 
 #endif
   digest.buf_ = malloc(digest.length_);
   if(!digest.buf_)
     return -2;
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
+#elif defined(USE_NETTLE)
+  struct sha1_ctx ctx;
+  sha1_init(&ctx);
+  sha1_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase);
+  sha1_digest(&ctx, digest.length_, digest.buf_);
+#else  // USE_GCRYPT is the default

   gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));
   gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));

-#else
-  SHA1(passphrase, strlen(passphrase), digest.buf_);

 #endif
 
   kd->master_salt_.length_ = salt_length/8;
 #endif
 
   kd->master_salt_.length_ = salt_length/8;


@@ -247,7 +282,7 @@ void key_derivation_close(key_derivation_t* kd)
 
 int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
 {
 
 int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
 {

-  if(!kd || !key) 
+  if(!kd || !key)

     return -1;
 
   if(label >= LABEL_NIL) {
     return -1;
 
   if(label >= LABEL_NIL) {


@@ -330,7 +365,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
     return -2;
 
   key_derivation_aesctr_param_t* params = kd->params_;
     return -2;
 
   key_derivation_aesctr_param_t* params = kd->params_;

-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT

   params->handle_ = 0;
 #endif
 
   params->handle_ = 0;
 #endif
 


@@ -345,7 +380,15 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
   }
 #endif
 
   }
 #endif
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, &params->aes_key_);
+  if(ret) {
+    log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret);
+    return -1;
+  }
+#elif defined(USE_NETTLE)
+  aes_set_encrypt_key(&params->ctx_, kd->master_key_.length_, kd->master_key_.buf_);
+#else  // USE_GCRYPT is the default

   int algo;
   switch(kd->key_length_) {
   case 128: algo = GCRY_CIPHER_AES128; break;
   int algo;
   switch(kd->key_length_) {
   case 128: algo = GCRY_CIPHER_AES128; break;


@@ -361,19 +404,13 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
   if(err) {
     log_printf(ERROR, "failed to open key derivation cipher: %s", gcry_strerror(err));
     return -1;
   if(err) {
     log_printf(ERROR, "failed to open key derivation cipher: %s", gcry_strerror(err));
     return -1;

-  } 
+  }

 
   err = gcry_cipher_setkey(params->handle_, kd->master_key_.buf_, kd->master_key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err));
     return -1;
   }
 
   err = gcry_cipher_setkey(params->handle_, kd->master_key_.buf_, kd->master_key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err));
     return -1;
   }

-#else
-  int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, &params->aes_key_);
-  if(ret) {
-    log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret);
-    return -1;
-  }

 #endif
 
   return 0;
 #endif
 
   return 0;


@@ -385,9 +422,8 @@ void key_derivation_aesctr_close(key_derivation_t* kd)
     return;
 
   if(kd->params_) {
     return;
 
   if(kd->params_) {

+#ifdef USE_GCRYPT

     key_derivation_aesctr_param_t* params = kd->params_;
     key_derivation_aesctr_param_t* params = kd->params_;

-
-#ifndef USE_SSL_CRYPTO

     if(params->handle_)
       gcry_cipher_close(params->handle_);
 #endif
     if(params->handle_)
       gcry_cipher_close(params->handle_);
 #endif


@@ -429,7 +465,23 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
     return -1;
   }
 
     return -1;
   }
 

-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+    log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
+    return -1;
+  }
+  u_int32_t num = 0;
+  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+  memset(key, 0, len);
+  AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+#elif defined(USE_NETTLE)
+  if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+    log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
+    return -1;
+  }
+  memset(key, 0, len);
+  ctr_crypt(&params->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, len, key, key);
+#else  // USE_GCRYPT is the default

   gcry_error_t err = gcry_cipher_reset(params->handle_);
   if(err) {
     log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err));
   gcry_error_t err = gcry_cipher_reset(params->handle_);
   if(err) {
     log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err));


@@ -448,16 +500,7 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
     log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err));
     return -1;
   }
     log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err));
     return -1;
   }

-#else
-  if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
-    log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
-    return -1;
-  }
-  u_int32_t num = 0;
-  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
-  memset(key, 0, len);
-  AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);

 #endif
 #endif

-  
+

   return 0;
 }
   return 0;
 }

diff --git a/src/key_derivation.h b/src/key_derivation.h
index d037157..0f0942e 100644 (file)
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,15 +31,30 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_key_derivation_h_INCLUDED
 #define UANYTUN_key_derivation_h_INCLUDED
 
  */
 
 #ifndef UANYTUN_key_derivation_h_INCLUDED
 #define UANYTUN_key_derivation_h_INCLUDED
 

-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#if defined(USE_SSL_CRYPTO)

 #include <openssl/aes.h>
 #include <openssl/aes.h>

+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>

 #endif
 
 #include "options.h"
 #endif
 
 #include "options.h"


@@ -103,11 +118,13 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
 typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
 
 struct key_derivation_aesctr_param_struct {
 typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
 
 struct key_derivation_aesctr_param_struct {

-#ifndef USE_SSL_CRYPTO
-  gcry_cipher_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)

   AES_KEY aes_key_;
   u_int8_t ecount_buf_[AES_BLOCK_SIZE];
   AES_KEY aes_key_;
   u_int8_t ecount_buf_[AES_BLOCK_SIZE];

+#elif defined(USE_NETTLE)
+  struct aes_ctx ctx_;
+#else  // USE_GCRYPT is the default
+  gcry_cipher_hd_t handle_;

 #endif
   key_derivation_aesctr_ctr_t ctr_;
 };
 #endif
   key_derivation_aesctr_ctr_t ctr_;
 };

diff --git a/src/linux/tun.c b/src/linux/tun.c
index 85cdc01..c77cea1 100644 (file)
--- a/src/linux/tun.c
+++ b/src/linux/tun.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,8 +31,22 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
  */
 

+#define _GNU_SOURCE

 #include <stdio.h>
 
 #include "datatypes.h"
 #include <stdio.h>
 
 #include "datatypes.h"


@@ -58,44 +72,44 @@
 #include "sysexec.h"
 
 int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix){
 #include "sysexec.h"
 
 int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, const char* ifcfg_addr, u_int16_t ifcfg_prefix){

-  if(!dev) 
+  if(!dev)

     return -1;
     return -1;

- 
+

   tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400);
   dev->actual_name_ = NULL;
 
   tun_conf(dev, dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400);
   dev->actual_name_ = NULL;
 

-       dev->fd_ = open(DEFAULT_DEVICE, O_RDWR);
-       if(dev->fd_ < 0) {
+  dev->fd_ = open(DEFAULT_DEVICE, O_RDWR);
+  if(dev->fd_ < 0) {

     log_printf(ERROR, "can't open device file (%s): %s", DEFAULT_DEVICE, strerror(errno));
     tun_close(dev);
     return -1;
   }
 
     log_printf(ERROR, "can't open device file (%s): %s", DEFAULT_DEVICE, strerror(errno));
     tun_close(dev);
     return -1;
   }
 

-       struct ifreq ifr;
-       memset(&ifr, 0, sizeof(ifr));
+  struct ifreq ifr;
+  memset(&ifr, 0, sizeof(ifr));

 
   if(dev->type_ == TYPE_TUN) {
     ifr.ifr_flags = IFF_TUN;
     dev->with_pi_ = 1;
 
   if(dev->type_ == TYPE_TUN) {
     ifr.ifr_flags = IFF_TUN;
     dev->with_pi_ = 1;

-  } 
+  }

   else if(dev->type_ == TYPE_TAP) {
     ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
     dev->with_pi_ = 0;
   else if(dev->type_ == TYPE_TAP) {
     ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
     dev->with_pi_ = 0;

-  } 
+  }

   else {
     log_printf(ERROR, "unable to recognize type of device (tun or tap)");
     tun_close(dev);
     return -1;
   }
 
   else {
     log_printf(ERROR, "unable to recognize type of device (tun or tap)");
     tun_close(dev);
     return -1;
   }
 

-       if(dev_name)
-               strncpy(ifr.ifr_name, dev_name, IFNAMSIZ);
+  if(dev_name)
+    strncpy(ifr.ifr_name, dev_name, IFNAMSIZ);

 
 

-       if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) {
-               dev->actual_name_ = strdup(ifr.ifr_name);
-       } else if(!ioctl(dev->fd_, (('T' << 8) | 202), &ifr)) {
-               dev->actual_name_ = strdup(ifr.ifr_name);
-       } else {
+  if(!ioctl(dev->fd_, TUNSETIFF, &ifr)) {
+    dev->actual_name_ = strdup(ifr.ifr_name);
+  } else if(!ioctl(dev->fd_, (('T' << 8) | 202), &ifr)) {
+    dev->actual_name_ = strdup(ifr.ifr_name);
+  } else {

     log_printf(ERROR, "tun/tap device ioctl failed: %s", strerror(errno));
     tun_close(dev);
     return -1;
     log_printf(ERROR, "tun/tap device ioctl failed: %s", strerror(errno));
     tun_close(dev);
     return -1;


@@ -116,6 +130,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons
 int tun_init_post(tun_device_t* dev)
 {
 // nothing yet
 int tun_init_post(tun_device_t* dev)
 {
 // nothing yet

+  return 0;

 }
 
 void tun_close(tun_device_t* dev)
 }
 
 void tun_close(tun_device_t* dev)


@@ -145,7 +160,7 @@ int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len)
   {
     struct iovec iov[2];
     struct tun_pi tpi;
   {
     struct iovec iov[2];
     struct tun_pi tpi;

-    
+

     iov[0].iov_base = &tpi;
     iov[0].iov_len = sizeof(tpi);
     iov[1].iov_base = buf;
     iov[0].iov_base = &tpi;
     iov[0].iov_len = sizeof(tpi);
     iov[1].iov_base = buf;


@@ -169,13 +184,13 @@ int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len)
     struct iovec iov[2];
     struct tun_pi tpi;
     struct iphdr *hdr = (struct iphdr *)buf;
     struct iovec iov[2];
     struct tun_pi tpi;
     struct iphdr *hdr = (struct iphdr *)buf;

-    
+

     tpi.flags = 0;
     if(hdr->version == 4)
       tpi.proto = htons(ETH_P_IP);
     else
       tpi.proto = htons(ETH_P_IPV6);
     tpi.flags = 0;
     if(hdr->version == 4)
       tpi.proto = htons(ETH_P_IP);
     else
       tpi.proto = htons(ETH_P_IPV6);

-    
+

     iov[0].iov_base = &tpi;
     iov[0].iov_len = sizeof(tpi);
     iov[1].iov_base = buf;
     iov[0].iov_base = &tpi;
     iov[0].iov_len = sizeof(tpi);
     iov[1].iov_base = buf;


@@ -192,8 +207,8 @@ void tun_do_ifconfig(tun_device_t* dev)
     return;
 
   char* mtu_str = NULL;
     return;
 
   char* mtu_str = NULL;

-  asprintf(&mtu_str, "%d", dev->mtu_);
-  if(!mtu_str) {
+  int len = asprintf(&mtu_str, "%d", dev->mtu_);
+  if(len == -1) {

     log_printf(ERROR, "Execution of ifconfig failed");
     return;
   }
     log_printf(ERROR, "Execution of ifconfig failed");
     return;
   }

diff --git a/src/log.c b/src/log.c
index ae323e9..b094d49 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,10 +31,24 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
 
  */
 
 #include "datatypes.h"
 

+#include <ctype.h>

 #include <string.h>
 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
 #include <stdlib.h>


@@ -84,7 +98,7 @@ int log_targets_target_exists(log_targets_t* targets, log_target_type_t type)
     if(tmp->type_ == type)
       return 1;
     tmp = tmp->next_;
     if(tmp->type_ == type)
       return 1;
     tmp = tmp->next_;

-  }  
+  }

   return 0;
 }
 
   return 0;
 }
 


@@ -147,7 +161,7 @@ int log_targets_add(log_targets_t* targets, const char* conf)
     log_target_t* tmp = targets->first_;
     while(tmp->next_)
       tmp = tmp->next_;
     log_target_t* tmp = targets->first_;
     while(tmp->next_)
       tmp = tmp->next_;

-    
+

     tmp->next_ = new_target;
   }
   return 0;
     tmp->next_ = new_target;
   }
   return 0;


@@ -246,8 +260,8 @@ void log_print_hex_dump(log_prio_t prio, const u_int8_t* buf, u_int32_t len)
     int offset = snprintf(msg, MSG_LENGTH_MAX, "dump(%d): ", len);
     if(offset < 0)
       return;
     int offset = snprintf(msg, MSG_LENGTH_MAX, "dump(%d): ", len);
     if(offset < 0)
       return;

-    u_int8_t* ptr = &msg[offset];
-    
+    char* ptr = &msg[offset];
+

     for(i=0; i < len; i++) {
       if(((i+1)*3) >= (MSG_LENGTH_MAX - offset))
         break;
     for(i=0; i < len; i++) {
       if(((i+1)*3) >= (MSG_LENGTH_MAX - offset))
         break;

diff --git a/src/log.h b/src/log.h
index 17de487..9f89b4c 100644 (file)
--- a/src/log.h
+++ b/src/log.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_log_h_INCLUDED
  */
 
 #ifndef UANYTUN_log_h_INCLUDED

diff --git a/src/log_targets.h b/src/log_targets.h
index 4a19d8e..a0a774b 100644 (file)
--- a/src/log_targets.h
+++ b/src/log_targets.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_log_targets_h_INCLUDED
  */
 
 #ifndef UANYTUN_log_targets_h_INCLUDED


@@ -42,7 +55,7 @@ static char* get_time_formatted()
 {
   char* time_string;
   time_t t = time(NULL);
 {
   char* time_string;
   time_t t = time(NULL);

-  if(t < 0) 
+  if(t < 0)

     time_string = "<time read error>";
   else {
     time_string = ctime(&t);
     time_string = "<time read error>";
   else {
     time_string = ctime(&t);


@@ -79,7 +92,7 @@ int log_target_syslog_init(log_target_t* self, const char* conf)
 {
   if(!self || (conf && conf[0] == 0))
     return -1;
 {
   if(!self || (conf && conf[0] == 0))
     return -1;

-  
+

   self->param_ = malloc(sizeof(log_target_syslog_param_t));
   if(!self->param_)
     return -2;
   self->param_ = malloc(sizeof(log_target_syslog_param_t));
   if(!self->param_)
     return -2;


@@ -95,7 +108,7 @@ int log_target_syslog_init(log_target_t* self, const char* conf)
       if(!len) {
         free(self->param_);
         return -1;
       if(!len) {
         free(self->param_);
         return -1;

-      }  
+      }

       logname = malloc(len+1);
       if(logname) {
         strncpy(logname, conf, len);
       logname = malloc(len+1);
       if(logname) {
         strncpy(logname, conf, len);


@@ -116,13 +129,13 @@ int log_target_syslog_init(log_target_t* self, const char* conf)
     ((log_target_syslog_param_t*)(self->param_))->facility_ = DAEMON;
     return 0;
   }
     ((log_target_syslog_param_t*)(self->param_))->facility_ = DAEMON;
     return 0;
   }

-  
+

   if(end[1] == 0 || end[1] == ',') {
     free(logname);
     free(self->param_);
     return -1;
   }
   if(end[1] == 0 || end[1] == ',') {
     free(logname);
     free(self->param_);
     return -1;
   }

-    
+

   const char* start = end + 1;
   end = strchr(start, ',');
   int i;
   const char* start = end + 1;
   end = strchr(start, ',');
   int i;


@@ -157,7 +170,7 @@ void log_target_syslog_log(log_target_t* self, log_prio_t prio, const char* msg)
   if(!self || !self->param_ || !self->opened_)
     return;
 
   if(!self || !self->param_ || !self->opened_)
     return;
 

-  syslog((prio + 2) | ((log_target_syslog_param_t*)(self->param_))->facility_, "%s", msg);  
+  syslog((prio + 2) | ((log_target_syslog_param_t*)(self->param_))->facility_, "%s", msg);

 }
 
 void log_target_syslog_close(log_target_t* self)
 }
 
 void log_target_syslog_close(log_target_t* self)


@@ -209,7 +222,7 @@ int log_target_file_init(log_target_t* self, const char* conf)
 {
   if(!self || (conf && conf[0] == 0))
     return -1;
 {
   if(!self || (conf && conf[0] == 0))
     return -1;

-  
+

   self->param_ = malloc(sizeof(log_target_file_param_t));
   if(!self->param_)
     return -2;
   self->param_ = malloc(sizeof(log_target_file_param_t));
   if(!self->param_)
     return -2;


@@ -224,7 +237,7 @@ int log_target_file_init(log_target_t* self, const char* conf)
       if(!len) {
         free(self->param_);
         return -1;
       if(!len) {
         free(self->param_);
         return -1;

-      }  
+      }

       logfilename = malloc(len+1);
       if(logfilename) {
         strncpy(logfilename, conf, len);
       logfilename = malloc(len+1);
       if(logfilename) {
         strncpy(logfilename, conf, len);

diff --git a/src/options.c b/src/options.c
index 331a3c3..df32b1b 100644 (file)
--- a/src/options.c
+++ b/src/options.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -152,9 +165,9 @@ int options_parse_hex_string(const char* hex, buffer_t* buffer)
   if(hex_len%2)
     return 1;
 
   if(hex_len%2)
     return 1;
 

-  if(buffer->buf_) 
+  if(buffer->buf_)

     free(buffer->buf_);
     free(buffer->buf_);

-  
+

   buffer->length_ = hex_len/2;
   buffer->buf_ = malloc(buffer->length_);
   if(!buffer->buf_) {
   buffer->length_ = hex_len/2;
   buffer->buf_ = malloc(buffer->length_);
   if(!buffer->buf_) {


@@ -189,7 +202,7 @@ int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg)
         free(str);
         return 1;
       }
         free(str);
         return 1;
       }

-      
+

       ifcfg->prefix_length_ = atoi(ptr);
       ifcfg->net_addr_ = strdup(str);
       free(str);
       ifcfg->prefix_length_ = atoi(ptr);
       ifcfg->net_addr_ = strdup(str);
       free(str);


@@ -209,7 +222,6 @@ int options_parse_ifconfig(const char* arg, ifconfig_param_t* ifcfg)
   return 1;
 }
 
   return 1;
 }
 

-

 int options_parse(options_t* opt, int argc, char* argv[])
 {
   if(!opt)
 int options_parse(options_t* opt, int argc, char* argv[])
 {
   if(!opt)


@@ -225,7 +237,9 @@ int options_parse(options_t* opt, int argc, char* argv[])
 
   argc--;
 
 
   argc--;
 

+#ifndef NO_CRYPT

   char* role = NULL;
   char* role = NULL;

+#endif

   int i, ipv4_only = 0, ipv6_only = 0;
   for(i=1; argc > 0; ++i)
   {
   int i, ipv4_only = 0, ipv6_only = 0;
   for(i=1; argc > 0; ++i)
   {


@@ -268,7 +282,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
     PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
     PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_)
 #endif
     PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
     PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_)
 #endif

-    else 
+    else

       return i;
   }
   if(ipv4_only && ipv6_only)
       return i;
   }
   if(ipv4_only && ipv6_only)


@@ -308,13 +322,13 @@ void options_parse_post(options_t* opt)
     return;
 
 #ifndef NO_CRYPT
     return;
 
 #ifndef NO_CRYPT

-  if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") && 
+  if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null") &&

      strcmp(opt->kd_prf_, "null")) {
     if(opt->kd_prf_)
       free(opt->kd_prf_);
     opt->kd_prf_ = strdup("null");
   }
      strcmp(opt->kd_prf_, "null")) {
     if(opt->kd_prf_)
       free(opt->kd_prf_);
     opt->kd_prf_ = strdup("null");
   }

-  if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) && 
+  if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) &&

      !strcmp(opt->kd_prf_, "null")) {
     log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!");
   }
      !strcmp(opt->kd_prf_, "null")) {
     log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!");
   }

diff --git a/src/options.h b/src/options.h
index ccc5044..8f3593f 100644 (file)
--- a/src/options.h
+++ b/src/options.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_options_h_INCLUDED
  */
 
 #ifndef UANYTUN_options_h_INCLUDED


@@ -92,6 +105,7 @@ void options_parse_post(options_t* opt);
 void options_default(options_t* opt);
 void options_clear(options_t* opt);
 void options_print_usage();
 void options_default(options_t* opt);
 void options_clear(options_t* opt);
 void options_print_usage();

+void options_print_version();

 void options_print(options_t* opt);
 
 #endif
 void options_print(options_t* opt);
 
 #endif

diff --git a/src/plain_packet.c b/src/plain_packet.c
index 29ba5fe..868ebd8 100644 (file)
--- a/src/plain_packet.c
+++ b/src/plain_packet.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -77,7 +90,7 @@ void plain_packet_set_length(plain_packet_t* packet, u_int32_t len)
 {
   if(!packet)
     return;
 {
   if(!packet)
     return;

-  
+

   if(len > PLAIN_PACKET_SIZE_MAX)
     len = PLAIN_PACKET_SIZE_MAX - sizeof(payload_type_t);
   else if(len < sizeof(payload_type_t))
   if(len > PLAIN_PACKET_SIZE_MAX)
     len = PLAIN_PACKET_SIZE_MAX - sizeof(payload_type_t);
   else if(len < sizeof(payload_type_t))


@@ -85,7 +98,7 @@ void plain_packet_set_length(plain_packet_t* packet, u_int32_t len)
   else
     len -= sizeof(payload_type_t);
 
   else
     len -= sizeof(payload_type_t);
 

-  packet->payload_length_ = len;  
+  packet->payload_length_ = len;

 }
 
 u_int8_t* plain_packet_get_payload(plain_packet_t* packet)
 }
 
 u_int8_t* plain_packet_get_payload(plain_packet_t* packet)

diff --git a/src/plain_packet.h b/src/plain_packet.h
index 0dc62b7..5b79c39 100644 (file)
--- a/src/plain_packet.h
+++ b/src/plain_packet.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_plain_packet_h_INCLUDED
  */
 
 #ifndef UANYTUN_plain_packet_h_INCLUDED


@@ -41,7 +54,7 @@
 #define PAYLOAD_TYPE_TAP 0x6558
 #define PAYLOAD_TYPE_TUN 0x0000
 #define PAYLOAD_TYPE_TUN4 0x0800
 #define PAYLOAD_TYPE_TAP 0x6558
 #define PAYLOAD_TYPE_TUN 0x0000
 #define PAYLOAD_TYPE_TUN4 0x0800

-#define PAYLOAD_TYPE_TUN6 0x86DD 
+#define PAYLOAD_TYPE_TUN6 0x86DD

 #define PAYLOAD_TYPE_UNKNOWN 0xFFFF
 
 struct plain_packet_struct {
 #define PAYLOAD_TYPE_UNKNOWN 0xFFFF
 
 struct plain_packet_struct {

diff --git a/src/seq_window.c b/src/seq_window.c
index 0f58adb..fbeb3eb 100644 (file)
--- a/src/seq_window.c
+++ b/src/seq_window.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -67,9 +80,11 @@ void seq_win_clear(seq_win_t* win)
 
     free(to_free);
   }
 
     free(to_free);
   }

+
+  win->first_ = NULL;

 }
 
 }
 

-seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, window_size_t size)
+static seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, window_size_t size)

 {
   if(!size)
     return NULL;
 {
   if(!size)
     return NULL;


@@ -81,7 +96,7 @@ seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, wind
   e->sender_id_ = sender_id;
   e->max_ = max;
   e->pos_ = 0;
   e->sender_id_ = sender_id;
   e->max_ = max;
   e->pos_ = 0;

-  e->window_ = malloc(sizeof(seq_nr_t)*size);
+  e->window_ = malloc(sizeof((*e->window_))*size);

   if(!e->window_) {
     free(e);
     return NULL;
   if(!e->window_) {
     free(e);
     return NULL;


@@ -152,12 +167,12 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr
           ptr->max_ -= SEQ_NR_MAX/2;
         else if(shifted == 2)
           ptr->max_ += SEQ_NR_MAX/2;
           ptr->max_ -= SEQ_NR_MAX/2;
         else if(shifted == 2)
           ptr->max_ += SEQ_NR_MAX/2;

-        
+

         return 0;
       }
         return 0;
       }

-      
+

       seq_nr_t diff = ptr->max_ - seq_nr;
       seq_nr_t diff = ptr->max_ - seq_nr;

-      window_size_t pos = diff > ptr->pos_ ? ptr->pos_ + win->size_ : ptr->pos_; 
+      window_size_t pos = diff > ptr->pos_ ? ptr->pos_ + win->size_ : ptr->pos_;

       pos -= diff;
 
       if(shifted == 1)
       pos -= diff;
 
       if(shifted == 1)


@@ -170,7 +185,7 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr
       return ret;
     }
     ptr = ptr->next_;
       return ret;
     }
     ptr = ptr->next_;

-  }  
+  }

   if(!win->first_) {
     win->first_ = seq_win_new_element(sender_id, seq_nr, win->size_);
     if(!win->first_)
   if(!win->first_) {
     win->first_ = seq_win_new_element(sender_id, seq_nr, win->size_);
     if(!win->first_)


@@ -184,7 +199,7 @@ int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr
     if(!ptr->next_)
       return -2;
   }
     if(!ptr->next_)
       return -2;
   }

-  
+

   return 0;
 }
 
   return 0;
 }
 


@@ -204,7 +219,7 @@ void seq_win_print(seq_win_t* win)
         printf("O");
       else
         printf(".");
         printf("O");
       else
         printf(".");

-      
+

       if(i)
         i--;
       else
       if(i)
         i--;
       else

diff --git a/src/seq_window.h b/src/seq_window.h
index b699ee9..612c2d1 100644 (file)
--- a/src/seq_window.h
+++ b/src/seq_window.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_seq_window_h_INCLUDED
  */
 
 #ifndef UANYTUN_seq_window_h_INCLUDED


@@ -53,7 +66,6 @@ typedef struct seq_win_struct seq_win_t;
 
 int seq_win_init(seq_win_t* win, window_size_t size);
 void seq_win_clear(seq_win_t* win);
 
 int seq_win_init(seq_win_t* win, window_size_t size);
 void seq_win_clear(seq_win_t* win);

-seq_win_element_t* seq_win_new_element(sender_id_t sender_id, seq_nr_t max, window_size_t size);

 int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr);
 
 void seq_win_print(seq_win_t* win);
 int seq_win_check_and_add(seq_win_t* win, sender_id_t sender_id, seq_nr_t seq_nr);
 
 void seq_win_print(seq_win_t* win);

diff --git a/src/sig_handler.c b/src/sig_handler.c
index bed72ba..5de168e 100644 (file)
--- a/src/sig_handler.c
+++ b/src/sig_handler.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -42,7 +55,7 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <errno.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <errno.h>

-
+#include <string.h>

 
 static int sig_pipe_fds[2];
 
 
 static int sig_pipe_fds[2];
 


@@ -79,17 +92,22 @@ int signal_init()
     }
   }
 
     }
   }
 

-  struct sigaction act;
+  struct sigaction act, ign;

   act.sa_handler = sig_handler;
   sigfillset(&act.sa_mask);
   act.sa_flags = 0;
   act.sa_handler = sig_handler;
   sigfillset(&act.sa_mask);
   act.sa_flags = 0;

+  ign.sa_handler = SIG_IGN;
+  sigfillset(&ign.sa_mask);
+  ign.sa_flags = 0;

 
   if((sigaction(SIGINT, &act, NULL) < 0) ||
      (sigaction(SIGQUIT, &act, NULL) < 0) ||
      (sigaction(SIGTERM, &act, NULL) < 0) ||
      (sigaction(SIGHUP, &act, NULL) < 0) ||
      (sigaction(SIGUSR1, &act, NULL) < 0) ||
 
   if((sigaction(SIGINT, &act, NULL) < 0) ||
      (sigaction(SIGQUIT, &act, NULL) < 0) ||
      (sigaction(SIGTERM, &act, NULL) < 0) ||
      (sigaction(SIGHUP, &act, NULL) < 0) ||
      (sigaction(SIGUSR1, &act, NULL) < 0) ||

-     (sigaction(SIGUSR2, &act, NULL) < 0)) {
+     (sigaction(SIGUSR2, &act, NULL) < 0) ||
+     (sigaction(SIGCHLD, &ign, NULL) < 0) ||
+     (sigaction(SIGPIPE, &ign, NULL) < 0)) {

 
     log_printf(ERROR, "signal handling init failed (sigaction error: %s)", strerror(errno));
     close(sig_pipe_fds[0]);
 
     log_printf(ERROR, "signal handling init failed (sigaction error: %s)", strerror(errno));
     close(sig_pipe_fds[0]);


@@ -124,7 +142,7 @@ int signal_handle()
       case SIGINT: log_printf(NOTICE, "SIG-Int caught, exitting"); return_value = 1; break;
       case SIGQUIT: log_printf(NOTICE, "SIG-Quit caught, exitting"); return_value = 1; break;
       case SIGTERM: log_printf(NOTICE, "SIG-Term caught, exitting"); return_value = 1; break;
       case SIGINT: log_printf(NOTICE, "SIG-Int caught, exitting"); return_value = 1; break;
       case SIGQUIT: log_printf(NOTICE, "SIG-Quit caught, exitting"); return_value = 1; break;
       case SIGTERM: log_printf(NOTICE, "SIG-Term caught, exitting"); return_value = 1; break;

-      case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); break;
+      case SIGHUP: log_printf(NOTICE, "SIG-Hup caught"); return_value = 2; break;

       case SIGUSR1: log_printf(NOTICE, "SIG-Usr1 caught"); break;
       case SIGUSR2: log_printf(NOTICE, "SIG-Usr2 caught"); break;
       default: log_printf(WARNING, "unknown signal %d caught, ignoring", sig); break;
       case SIGUSR1: log_printf(NOTICE, "SIG-Usr1 caught"); break;
       case SIGUSR2: log_printf(NOTICE, "SIG-Usr2 caught"); break;
       default: log_printf(WARNING, "unknown signal %d caught, ignoring", sig); break;


@@ -150,6 +168,8 @@ void signal_stop()
   sigaction(SIGHUP, &act, NULL);
   sigaction(SIGUSR1, &act, NULL);
   sigaction(SIGUSR2, &act, NULL);
   sigaction(SIGHUP, &act, NULL);
   sigaction(SIGUSR1, &act, NULL);
   sigaction(SIGUSR2, &act, NULL);

+  sigaction(SIGPIPE, &act, NULL);
+  sigaction(SIGCHLD, &act, NULL);

 
   close(sig_pipe_fds[0]);
   close(sig_pipe_fds[1]);
 
   close(sig_pipe_fds[0]);
   close(sig_pipe_fds[1]);

diff --git a/src/sig_handler.h b/src/sig_handler.h
index 8219618..fbb66b6 100644 (file)
--- a/src/sig_handler.h
+++ b/src/sig_handler.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_sig_handler_h_INCLUDED
  */
 
 #ifndef UANYTUN_sig_handler_h_INCLUDED

diff --git a/src/string_list.c b/src/string_list.c
index 5e0ddf8..97bc057 100644 (file)
--- a/src/string_list.c
+++ b/src/string_list.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include <string.h>
  */
 
 #include <string.h>


@@ -43,7 +56,7 @@ void string_list_init(string_list_t* list)
 {
   if(!list)
     return;
 {
   if(!list)
     return;

-  
+

   list->first_ = NULL;
 }
 
   list->first_ = NULL;
 }
 


@@ -104,7 +117,7 @@ void string_list_print(string_list_t* list, const char* head, const char* tail)
 {
   if(!list)
     return;
 {
   if(!list)
     return;

-  
+

   string_list_element_t* tmp = list->first_;
   while(tmp) {
     printf("%s%s%s", head, tmp->string_, tail);
   string_list_element_t* tmp = list->first_;
   while(tmp) {
     printf("%s%s%s", head, tmp->string_, tail);

diff --git a/src/string_list.h b/src/string_list.h
index 9e210ae..03ca276 100644 (file)
--- a/src/string_list.h
+++ b/src/string_list.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_string_list_h_INCLUDED
  */
 
 #ifndef UANYTUN_string_list_h_INCLUDED

diff --git a/src/sysexec.c b/src/sysexec.c
index 6e4e821..814d5ff 100644 (file)
--- a/src/sysexec.c
+++ b/src/sysexec.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,10 +31,24 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
 
  */
 
 #include "datatypes.h"
 

+#include <unistd.h>

 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>


@@ -42,6 +56,7 @@
 #include <sys/wait.h>
 #include <sys/select.h>
 #include <stdlib.h>
 #include <sys/wait.h>
 #include <sys/select.h>
 #include <stdlib.h>

+#include <stdio.h>

 #include <string.h>
 
 #include "sysexec.h"
 #include <string.h>
 
 #include "sysexec.h"


@@ -80,10 +95,11 @@ int uanytun_exec(const char* script, char* const argv[], char* const evp[])
         log_printf(WARNING, "can't open stderr");
     }
     execve(script, argv, evp);
         log_printf(WARNING, "can't open stderr");
     }
     execve(script, argv, evp);

-        // if execve returns, an error occurred, but logging doesn't work 
+        // if execve returns, an error occurred, but logging doesn't work

         // because we closed all file descriptors, so just write errno to
         // pipe and call exit
         // because we closed all file descriptors, so just write errno to
         // pipe and call exit

-    write(pipefd[1], (void*)(&errno), sizeof(errno));
+    int ret = write(pipefd[1], (void*)(&errno), sizeof(errno));
+    if(ret == -1) exit(-1);

     exit(-1);
   }
   close(pipefd[1]);
     exit(-1);
   }
   close(pipefd[1]);


@@ -104,11 +120,11 @@ int uanytun_exec(const char* script, char* const argv[], char* const evp[])
     }
   }
   if(WIFEXITED(status))
     }
   }
   if(WIFEXITED(status))

-    log_printf(NOTICE, "script '%s' returned %d", script, WEXITSTATUS(status));  
+    log_printf(NOTICE, "script '%s' returned %d", script, WEXITSTATUS(status));

   else if(WIFSIGNALED(status))
     log_printf(NOTICE, "script '%s' terminated after signal %d", script, WTERMSIG(status));
   else
   else if(WIFSIGNALED(status))
     log_printf(NOTICE, "script '%s' terminated after signal %d", script, WTERMSIG(status));
   else

-    log_printf(ERROR, "executing script '%s': unkown error", script);
+    log_printf(ERROR, "executing script '%s': unknown error", script);

 
   close(pipefd[0]);
   return status;
 
   close(pipefd[0]);
   return status;

diff --git a/src/sysexec.h b/src/sysexec.h
index faed8eb..da6555e 100644 (file)
--- a/src/sysexec.h
+++ b/src/sysexec.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_sysexec_h_INCLUDED
  */
 
 #ifndef UANYTUN_sysexec_h_INCLUDED

diff --git a/src/tun.h b/src/tun.h
index 230b88d..fa6e689 100644 (file)
--- a/src/tun.h
+++ b/src/tun.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_tun_h_INCLUDED
  */
 
 #ifndef UANYTUN_tun_h_INCLUDED


@@ -57,7 +70,7 @@ int tun_init(tun_device_t* dev, const char* dev_name, const char* dev_type, cons
 int tun_init_post(tun_device_t* dev);
 void tun_do_ifconfig(tun_device_t* dev);
 void tun_close(tun_device_t* dev);
 int tun_init_post(tun_device_t* dev);
 void tun_do_ifconfig(tun_device_t* dev);
 void tun_close(tun_device_t* dev);

-  
+

 int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len);
 int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len);
 
 int tun_read(tun_device_t* dev, u_int8_t* buf, u_int32_t len);
 int tun_write(tun_device_t* dev, u_int8_t* buf, u_int32_t len);
 

diff --git a/src/tun_helper.h b/src/tun_helper.h
index 9d55267..15a1c81 100644 (file)
--- a/src/tun_helper.h
+++ b/src/tun_helper.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_tun_helper_h_INCLUDED
  */
 
 #ifndef UANYTUN_tun_helper_h_INCLUDED


@@ -92,7 +105,7 @@ const char* tun_get_type_string(tun_device_t* dev)
 {
   if(!dev || dev->fd_ < 0)
     return "";
 {
   if(!dev || dev->fd_ < 0)
     return "";

-  
+

   switch(dev->type_)
   {
   case TYPE_UNDEF: return "undef"; break;
   switch(dev->type_)
   {
   case TYPE_UNDEF: return "undef"; break;

diff --git a/src/uanytun.c b/src/uanytun.c
index 53acbaf..159f773 100644 (file)
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #include "datatypes.h"
  */
 
 #include "datatypes.h"


@@ -72,7 +85,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
     log_printf(ERROR, "could not initialize cipher of type %s", opt->cipher_);
     return ret;
   }
     log_printf(ERROR, "could not initialize cipher of type %s", opt->cipher_);
     return ret;
   }

-  
+

 #ifndef NO_CRYPT
   ret = auth_algo_init(aa, opt->auth_algo_);
   if(ret) {
 #ifndef NO_CRYPT
   ret = auth_algo_init(aa, opt->auth_algo_);
   if(ret) {


@@ -104,7 +117,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
 }
 
 int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packet_t* plain_packet, encrypted_packet_t* encrypted_packet,
 }
 
 int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packet_t* plain_packet, encrypted_packet_t* encrypted_packet,

-                     cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t seq_nr)
+                     cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t* seq_nr)

 {
   plain_packet_set_payload_length(plain_packet, -1);
   encrypted_packet_set_length(encrypted_packet, -1);
 {
   plain_packet_set_payload_length(plain_packet, -1);
   encrypted_packet_set_length(encrypted_packet, -1);


@@ -114,25 +127,25 @@ int process_tun_data(tun_device_t* dev, udp_t* sock, options_t* opt, plain_packe
     log_printf(ERROR, "error on reading from device: %s", strerror(errno));
     return 0;
   }
     log_printf(ERROR, "error on reading from device: %s", strerror(errno));
     return 0;
   }

-  
+

   plain_packet_set_payload_length(plain_packet, len);
   plain_packet_set_payload_length(plain_packet, len);

-  
+

   if(dev->type_ == TYPE_TUN)
     plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TUN);
   else if(dev->type_ == TYPE_TAP)
   if(dev->type_ == TYPE_TUN)
     plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TUN);
   else if(dev->type_ == TYPE_TAP)

-    plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP);    
+    plain_packet_set_type(plain_packet, PAYLOAD_TYPE_TAP);

   else
     plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN);
 
   else
     plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN);
 

-  if(!sock->remote_end_set_)
+  if(!udp_has_remote(sock))

     return 0;
     return 0;

-  
-  cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); 
-  
+
+  cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, *seq_nr, opt->sender_id_, opt->mux_);
+  (*seq_nr)++;

 #ifndef NO_CRYPT
   auth_algo_generate(aa, kd, kd_outbound, encrypted_packet);
 #endif
 #ifndef NO_CRYPT
   auth_algo_generate(aa, kd, kd_outbound, encrypted_packet);
 #endif

- 
+

   len = udp_write(sock, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet));
   if(len == -1)
     log_printf(ERROR, "error on sending udp packet: %s", strerror(errno));
   len = udp_write(sock, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet));
   if(len == -1)
     log_printf(ERROR, "error on sending udp packet: %s", strerror(errno));


@@ -147,62 +160,54 @@ int process_sock_data(tun_device_t* dev, int fd, udp_t* sock, options_t* opt, pl
   encrypted_packet_set_length(encrypted_packet, -1);
 
   udp_endpoint_t remote;
   encrypted_packet_set_length(encrypted_packet, -1);
 
   udp_endpoint_t remote;

-  memset(&remote, 0, sizeof(udp_endpoint_t));
+  memset(&(remote.addr_), 0, sizeof(remote.addr_));
+  remote.len_ = sizeof(remote.addr_);

   int len = udp_read(sock, fd, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet), &remote);
   if(len == -1) {
     log_printf(ERROR, "error on receiving udp packet: %s", strerror(errno));
     return 0;
   int len = udp_read(sock, fd, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet), &remote);
   if(len == -1) {
     log_printf(ERROR, "error on receiving udp packet: %s", strerror(errno));
     return 0;

-  }
-  else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) {
+  } else if(len < encrypted_packet_get_minimum_length(encrypted_packet)) {

     log_printf(WARNING, "received packet is too short");
     return 0;
   }
   encrypted_packet_set_length(encrypted_packet, len);
 
     log_printf(WARNING, "received packet is too short");
     return 0;
   }
   encrypted_packet_set_length(encrypted_packet, len);
 

+  if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) {
+    log_printf(WARNING, "wrong mux value, discarding packet");
+    return 0;
+  }
+

 #ifndef NO_CRYPT
   if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) {
     log_printf(WARNING, "wrong authentication tag, discarding packet");
     return 0;
   }
 #endif
 #ifndef NO_CRYPT
   if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) {
     log_printf(WARNING, "wrong authentication tag, discarding packet");
     return 0;
   }
 #endif

-  
-  if(encrypted_packet_get_mux(encrypted_packet) != opt->mux_) {
-    log_printf(WARNING, "wrong mux value, discarding packet");
-    return 0;
-  }
-  
+

   int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet));
   if(result > 0) {
     log_printf(WARNING, "detected replay attack, discarding packet");
     return 0;
   int result = seq_win_check_and_add(seq_win, encrypted_packet_get_sender_id(encrypted_packet), encrypted_packet_get_seq_nr(encrypted_packet));
   if(result > 0) {
     log_printf(WARNING, "detected replay attack, discarding packet");
     return 0;

-  }
-  else if(result < 0) {
+  } else if(result < 0) {

     log_printf(ERROR, "memory error at sequence window");
     return -2;
   }
     log_printf(ERROR, "memory error at sequence window");
     return -2;
   }

-   
-  udp_set_active_sock(sock, fd);
-  if(memcmp(&remote, &(sock->remote_end_), sizeof(remote))) {
-    memcpy(&(sock->remote_end_), &remote, sizeof(remote));
-    sock->remote_end_set_ = 1;
-    char* addrstring = udp_endpoint_to_string(remote);
-    log_printf(NOTICE, "autodetected remote host changed %s", addrstring);
-    free(addrstring);
-  }
+
+  udp_update_remote(sock, fd, &remote);

 
   if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) {
     log_printf(WARNING, "ignoring packet with zero length payload");
     return 0;
   }
 
 
   if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) {
     log_printf(WARNING, "ignoring packet with zero length payload");
     return 0;
   }
 

-  int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); 
-  if(ret) 
+  int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet);
+  if(ret)

     return ret;
     return ret;

- 
+

   len = tun_write(dev, plain_packet_get_payload(plain_packet), plain_packet_get_payload_length(plain_packet));
   if(len == -1)
     log_printf(ERROR, "error on writing to device: %s", strerror(errno));
   len = tun_write(dev, plain_packet_get_payload(plain_packet), plain_packet_get_payload_length(plain_packet));
   if(len == -1)
     log_printf(ERROR, "error on writing to device: %s", strerror(errno));

-  
+

   return 0;
 }
 
   return 0;
 }
 


@@ -229,13 +234,13 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt)
 
   FD_ZERO(&readfds);
   FD_SET(dev->fd_, &readfds);
 
   FD_ZERO(&readfds);
   FD_SET(dev->fd_, &readfds);

-  int nfds = udp_init_fd_set(sock, &readfds);
+  int nfds = udp_fill_fd_set(sock, &readfds);

   nfds = dev->fd_ > nfds ? dev->fd_ : nfds;
 
   int return_value = 0;
   int sig_fd = signal_init();
   if(sig_fd < 0)
   nfds = dev->fd_ > nfds ? dev->fd_ : nfds;
 
   int return_value = 0;
   int sig_fd = signal_init();
   if(sig_fd < 0)

-    return_value -1;
+    return_value = -1;

 
   FD_SET(sig_fd, &readfds);
   nfds = (nfds < sig_fd) ? sig_fd : nfds;
 
   FD_SET(sig_fd, &readfds);
   nfds = (nfds < sig_fd) ? sig_fd : nfds;


@@ -252,15 +257,21 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt)
       continue;
 
     if(FD_ISSET(sig_fd, &readyfds)) {
       continue;
 
     if(FD_ISSET(sig_fd, &readyfds)) {

-      if(signal_handle()) {
-        return_value = 1;
+      return_value = signal_handle();
+      if(return_value == 1)

         break;
         break;

+      else if(return_value == 2) {
+        seq_win_clear(&seq_win);
+        seq_nr = 0;
+        log_printf(NOTICE, "sequence window cleared");
+        return_value = 0;

       }
       }

+      else
+        return_value = 0;

     }
 
     if(FD_ISSET(dev->fd_, &readyfds)) {
     }
 
     if(FD_ISSET(dev->fd_, &readyfds)) {

-      return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, seq_nr);
-      seq_nr++;
+      return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_nr);

       if(return_value)
         break;
     }
       if(return_value)
         break;
     }


@@ -268,7 +279,7 @@ int main_loop(tun_device_t* dev, udp_t* sock, options_t* opt)
     udp_socket_t* s = sock->socks_;
     while(s) {
       if(FD_ISSET(s->fd_, &readyfds)) {
     udp_socket_t* s = sock->socks_;
     while(s) {
       if(FD_ISSET(s->fd_, &readyfds)) {

-        return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win); 
+        return_value = process_sock_data(dev, s->fd_, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win);

         if(return_value)
           break;
       }
         if(return_value)
           break;
       }


@@ -310,7 +321,7 @@ int main(int argc, char* argv[])
       options_print_version();
     }
 
       options_print_version();
     }
 

-    if(ret != -2 && ret != -5) 
+    if(ret != -2 && ret != -5)

       options_print_usage();
 
     if(ret == -1 || ret == -5)
       options_print_usage();
 
     if(ret == -1 || ret == -5)


@@ -330,7 +341,7 @@ int main(int argc, char* argv[])
       case -4: fprintf(stderr, "this log target is only allowed once: '%s', exitting\n", tmp->string_); break;
       default: fprintf(stderr, "syntax error near: '%s', exitting\n", tmp->string_); break;
       }
       case -4: fprintf(stderr, "this log target is only allowed once: '%s', exitting\n", tmp->string_); break;
       default: fprintf(stderr, "syntax error near: '%s', exitting\n", tmp->string_); break;
       }

-        
+

       options_clear(&opt);
       log_close();
       exit(ret);
       options_clear(&opt);
       log_close();
       exit(ret);


@@ -371,7 +382,7 @@ int main(int argc, char* argv[])
     log_printf(NOTICE, "executing post-up script '%s'", opt.post_up_script_);
     char* const argv[] = { opt.post_up_script_, dev.actual_name_, NULL };
     char* const evp[] = { NULL };
     log_printf(NOTICE, "executing post-up script '%s'", opt.post_up_script_);
     char* const argv[] = { opt.post_up_script_, dev.actual_name_, NULL };
     char* const evp[] = { NULL };

-    int ret = uanytun_exec(opt.post_up_script_, argv, evp);
+    uanytun_exec(opt.post_up_script_, argv, evp);

   }
 
 
   }
 
 


@@ -385,15 +396,8 @@ int main(int argc, char* argv[])
     exit(ret);
   }
 
     exit(ret);
   }
 

-  if(opt.remote_addr_) {
-    if(!udp_set_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_)) {
-      char* remote_string = udp_get_remote_end_string(&sock);
-      if(remote_string) {
-        log_printf(NOTICE, "set remote end to: %s", remote_string);
-        free(remote_string);
-      }
-    }
-  }
+  if(opt.remote_addr_)
+    udp_resolv_remote(&sock, opt.remote_addr_, opt.remote_port_, opt.resolv_addr_type_);

 
 
   FILE* pid_file = NULL;
 
 
   FILE* pid_file = NULL;


@@ -419,7 +423,7 @@ int main(int argc, char* argv[])
       options_clear(&opt);
       log_close();
       exit(-1);
       options_clear(&opt);
       log_close();
       exit(-1);

-    }  
+    }

 
   if(opt.daemonize_) {
     pid_t oldpid = getpid();
 
   if(opt.daemonize_) {
     pid_t oldpid = getpid();

diff --git a/src/udp.c b/src/udp.c
index 3e1def6..9217688 100644 (file)
--- a/src/udp.c
+++ b/src/udp.c
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,8 +31,24 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
  */
 

+#define _GNU_SOURCE
+#include <stdio.h>
+

 #include "datatypes.h"
 
 #include "udp.h"
 #include "datatypes.h"
 
 #include "udp.h"


@@ -49,16 +65,8 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 
 #include <arpa/inet.h>
 #include <netinet/in.h>
 

-int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type)
+static int udp_resolv_local(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type, unsigned int* idx)

 {
 {

-  if(!sock || !port) 
-    return -1;
-
-  sock->socks_ = NULL;
-  sock->active_sock_ = NULL;
-  memset(&(sock->remote_end_), 0, sizeof(sock->remote_end_));
-  sock->remote_end_set_ = 0;
-

   struct addrinfo hints, *res;
 
   res = NULL;
   struct addrinfo hints, *res;
 
   res = NULL;


@@ -85,7 +93,8 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_
   }
 
   struct addrinfo* r = res;
   }
 
   struct addrinfo* r = res;

-  udp_socket_t* prev_sock = NULL;
+  udp_socket_t* prev_sock = sock->socks_;
+  while(prev_sock && prev_sock->next_) prev_sock = prev_sock->next_;

   while(r) {
     udp_socket_t* new_sock = malloc(sizeof(udp_socket_t));
     if(!new_sock) {
   while(r) {
     udp_socket_t* new_sock = malloc(sizeof(udp_socket_t));
     if(!new_sock) {


@@ -94,8 +103,13 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_
       udp_close(sock);
       return -2;
     }
       udp_close(sock);
       return -2;
     }

-    memset(&(new_sock->local_end_), 0, sizeof(new_sock->local_end_));
+    memset(&(new_sock->local_end_.addr_), 0, sizeof(new_sock->local_end_.addr_));
+    new_sock->local_end_.len_ = sizeof(new_sock->local_end_.addr_);
+    memset(&(new_sock->remote_end_.addr_), 0, sizeof(new_sock->remote_end_.addr_));
+    new_sock->remote_end_.len_ = sizeof(new_sock->remote_end_.addr_);
+    new_sock->remote_end_set_ = 0;

     new_sock->next_ = NULL;
     new_sock->next_ = NULL;

+    new_sock->idx_ = (*idx)++;

 
     if(!sock->socks_) {
       sock->socks_ = new_sock;
 
     if(!sock->socks_) {
       sock->socks_ = new_sock;


@@ -105,9 +119,10 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_
       prev_sock->next_ = new_sock;
       prev_sock = new_sock;
     }
       prev_sock->next_ = new_sock;
       prev_sock = new_sock;
     }

-    
-    memcpy(&(new_sock->local_end_), r->ai_addr, r->ai_addrlen);
-    new_sock->fd_ = socket(r->ai_family, SOCK_DGRAM, 0);
+
+    memcpy(&(new_sock->local_end_.addr_), r->ai_addr, r->ai_addrlen);
+    new_sock->local_end_.len_ = r->ai_addrlen;
+    new_sock->fd_ = socket(new_sock->local_end_.addr_.ss_family, SOCK_DGRAM, 0);

     if(new_sock->fd_ < 0) {
       log_printf(ERROR, "Error on opening udp socket: %s", strerror(errno));
       freeaddrinfo(res);
     if(new_sock->fd_ < 0) {
       log_printf(ERROR, "Error on opening udp socket: %s", strerror(errno));
       freeaddrinfo(res);


@@ -121,17 +136,17 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_
         log_printf(ERROR, "Error on setting IPV6_V6ONLY socket option: %s", strerror(errno));
     }
 
         log_printf(ERROR, "Error on setting IPV6_V6ONLY socket option: %s", strerror(errno));
     }
 

-    errcode = bind(new_sock->fd_, r->ai_addr, r->ai_addrlen);
+    errcode = bind(new_sock->fd_, (struct sockaddr*)&(new_sock->local_end_.addr_), new_sock->local_end_.len_);

     if(errcode) {
       log_printf(ERROR, "Error on binding udp socket: %s", strerror(errno));
       freeaddrinfo(res);
       udp_close(sock);
       return -1;
     }
     if(errcode) {
       log_printf(ERROR, "Error on binding udp socket: %s", strerror(errno));
       freeaddrinfo(res);
       udp_close(sock);
       return -1;
     }

-  
-    char* local_string = udp_endpoint_to_string(new_sock->local_end_);
+
+    char* local_string = udp_endpoint_to_string(&(new_sock->local_end_));

     if(local_string) {
     if(local_string) {

-      log_printf(NOTICE, "listening on: %s", local_string);
+      log_printf(NOTICE, "socket[%d] listening on: %s", new_sock->idx_, local_string);

       free(local_string);
     }
 
       free(local_string);
     }
 


@@ -139,11 +154,26 @@ int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_
   }
 
   freeaddrinfo(res);
   }
 
   freeaddrinfo(res);

+  return 0;
+}
+
+int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type)
+{
+  if(!sock || !port)
+    return -1;
+
+  sock->socks_ = NULL;
+  sock->active_sock_ = NULL;
+
+  unsigned int idx = 0;
+  int ret = udp_resolv_local(sock, local_addr, port, resolv_type, &idx);
+  if(ret)
+    return ret;

 
   return 0;
 }
 
 
   return 0;
 }
 

-int udp_init_fd_set(udp_t* sock, fd_set* set)
+int udp_fill_fd_set(udp_t* sock, fd_set* set)

 {
   int max_fd = 0;
 
 {
   int max_fd = 0;
 


@@ -157,13 +187,28 @@ int udp_init_fd_set(udp_t* sock, fd_set* set)
   return max_fd;
 }
 
   return max_fd;
 }
 

-int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type)
+int udp_has_remote(udp_t* sock)

 {
 {

-  if(!sock || !remote_addr || !port) 
-    return -1;
+  if(!sock->active_sock_ || !sock->active_sock_->remote_end_set_)
+    return 0;

 
 

+  udp_socket_t* s = sock->socks_;
+  while(s) {
+    if(s->remote_end_set_)
+      return 1;
+    s = s->next_;
+  }
+
+  return 0;
+}
+
+int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type)
+{

   struct addrinfo hints, *res;
 
   struct addrinfo hints, *res;
 

+  if(!sock || !remote_addr || !port)
+    return -1;
+

   res = NULL;
   memset (&hints, 0, sizeof (hints));
   hints.ai_socktype = SOCK_DGRAM;
   res = NULL;
   memset (&hints, 0, sizeof (hints));
   hints.ai_socktype = SOCK_DGRAM;


@@ -183,37 +228,71 @@ int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resol
     log_printf(ERROR, "getaddrinfo returned no address for %s:%s", remote_addr, port);
     return -1;
   }
     log_printf(ERROR, "getaddrinfo returned no address for %s:%s", remote_addr, port);
     return -1;
   }

-  memcpy(&(sock->remote_end_), res->ai_addr, res->ai_addrlen);
-  sock->remote_end_set_ = 1;

 
 

-  if(!sock->active_sock_) {
+  int found = 0;
+  struct addrinfo* r = res;
+  while(r) {

     udp_socket_t* s = sock->socks_;
     while(s) {
     udp_socket_t* s = sock->socks_;
     while(s) {

-      if((((struct sockaddr *)&s->local_end_)->sa_family) == res->ai_family) {
+      if(s->local_end_.addr_.ss_family == r->ai_family && !(s->remote_end_set_)) {

         sock->active_sock_ = s;
         break;
       }
       s = s->next_;
     }
         sock->active_sock_ = s;
         break;
       }
       s = s->next_;
     }

-  }

 
 

+    if(s) {
+      memcpy(&(s->remote_end_.addr_), r->ai_addr, r->ai_addrlen);
+      s->remote_end_.len_ = r->ai_addrlen;
+      s->remote_end_set_ = 1;
+      found = 1;
+      char* remote_string = udp_endpoint_to_string(&(s->remote_end_));
+      if(remote_string) {
+        log_printf(NOTICE, "socket[%d] set remote end to: %s", s->idx_, remote_string);
+        free(remote_string);
+      }
+      break;
+    }
+
+    r = r->ai_next;
+  }

   freeaddrinfo(res);
 
   freeaddrinfo(res);
 

+  if(!found)
+    log_printf(WARNING, "no remote address for '%s' found that fits any of the local address families", remote_addr);
+

   return 0;
 }
 
   return 0;
 }
 

-void udp_set_active_sock(udp_t* sock, int fd)
+void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote)

 {
 {

-  if(!sock || (sock->active_sock_ && sock->active_sock_->fd_ == fd))
+  if(!sock)

     return;
 
     return;
 

-  udp_socket_t* s = sock->socks_;
-  while(s) {
-    if(s->fd_ == fd) {
-      sock->active_sock_ = s;
-      return;
+  if(!(sock->active_sock_) || sock->active_sock_->fd_ != fd) {
+    udp_socket_t* s = sock->socks_;
+    while(s) {
+      if(s->fd_ == fd) {
+        sock->active_sock_ = s;
+        break;
+      }
+      s = s->next_;
+    }
+  }
+
+  if(!remote)
+    return;
+
+  if(sock->active_sock_) {
+    if(remote->len_ != sock->active_sock_->remote_end_.len_ ||
+       memcmp(&(remote->addr_), &(sock->active_sock_->remote_end_.addr_), remote->len_)) {
+      memcpy(&(sock->active_sock_->remote_end_.addr_), &(remote->addr_), remote->len_);
+      sock->active_sock_->remote_end_.len_ = remote->len_;
+      sock->active_sock_->remote_end_set_ = 1;
+      char* addrstring = udp_endpoint_to_string(remote);
+      log_printf(NOTICE, "socket[%d] autodetected remote host changed %s", sock->active_sock_->idx_, addrstring);
+      free(addrstring);

     }
     }

-    s = s->next_;

   }
 }
 
   }
 }
 


@@ -225,78 +304,53 @@ void udp_close(udp_t* sock)
   while(sock->socks_) {
     if(sock->socks_->fd_ > 0)
       close(sock->socks_->fd_);
   while(sock->socks_) {
     if(sock->socks_->fd_ > 0)
       close(sock->socks_->fd_);

-    
+

     udp_socket_t*s = sock->socks_;
     sock->socks_ = sock->socks_->next_;
     udp_socket_t*s = sock->socks_;
     sock->socks_ = sock->socks_->next_;

-    
+

     free(s);
   }
   sock->socks_ = NULL;
     free(s);
   }
   sock->socks_ = NULL;

+  sock->active_sock_ = NULL;

 }
 
 }
 

-char* udp_endpoint_to_string(udp_endpoint_t e)
+char* udp_endpoint_to_string(udp_endpoint_t* e)

 {
 {

-  void* ptr;
-  u_int16_t port;
-  size_t addrstr_len = 0;
-  char* addrstr, *ret;
+  if(!e)
+    return strdup("<null>");
+
+  char addrstr[INET6_ADDRSTRLEN + 1], portstr[6], *ret;

   char addrport_sep = ':';
 
   char addrport_sep = ':';
 

-  switch (((struct sockaddr *)&e)->sa_family)
+  switch(e->addr_.ss_family)

   {
   {

-  case AF_INET:
-    ptr = &((struct sockaddr_in *)&e)->sin_addr;
-    port = ntohs(((struct sockaddr_in *)&e)->sin_port);
-    addrstr_len = INET_ADDRSTRLEN + 1;
-    addrport_sep = ':';
-    break;
-  case AF_INET6:
-    ptr = &((struct sockaddr_in6 *)&e)->sin6_addr;
-    port = ntohs(((struct sockaddr_in6 *)&e)->sin6_port);
-    addrstr_len = INET6_ADDRSTRLEN + 1;
-    addrport_sep = '.';
-    break;
-  default:
-    asprintf(&ret, "unknown address type");
-    return ;
+  case AF_INET: addrport_sep = ':'; break;
+  case AF_INET6: addrport_sep = '.'; break;
+  case AF_UNSPEC: return NULL;
+  default: return strdup("<unknown address type>");

   }
   }

-  addrstr = malloc(addrstr_len);
-  if(!addrstr)
-    return NULL;
-  inet_ntop (((struct sockaddr *)&e)->sa_family, ptr, addrstr, addrstr_len);
-  asprintf(&ret, "%s%c%d", addrstr, addrport_sep ,port);
-  free(addrstr);
+
+  int errcode  = getnameinfo((struct sockaddr *)&(e->addr_), e->len_, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST | NI_NUMERICSERV);
+  if (errcode != 0) return NULL;
+  int len = asprintf(&ret, "%s%c%s", addrstr, addrport_sep ,portstr);
+  if(len == -1) return NULL;

   return ret;
 }
 
   return ret;
 }
 

-char* udp_get_remote_end_string(udp_t* sock)
-{
-  if(!sock || !sock->remote_end_set_)
-    return NULL;

 
 

-  return udp_endpoint_to_string(sock->remote_end_);
-}
- 

 int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end)
 {
 int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end)
 {

-  if(!sock || !remote_end)
+  if(!sock || !buf || !remote_end)

     return -1;
 
     return -1;
 

-  socklen_t socklen = sizeof(*remote_end);
-  return recvfrom(fd, buf, len, 0, (struct sockaddr *)remote_end, &socklen);
+  return recvfrom(fd, buf, len, 0, (struct sockaddr *)&(remote_end->addr_), &(remote_end->len_));

 }
 
 }
 

+

 int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len)
 {
 int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len)
 {

-  if(!sock || !sock->remote_end_set_ || !sock->active_sock_)
+  if(!sock || !buf || !sock->active_sock_ || !sock->active_sock_->remote_end_set_)

     return 0;
 
     return 0;
 

-  socklen_t socklen = sizeof(sock->remote_end_);
-  if((((struct sockaddr *)&sock->active_sock_->local_end_)->sa_family) == AF_INET)
-    socklen = sizeof(struct sockaddr_in);
-  else if ((((struct sockaddr *)&sock->active_sock_->local_end_)->sa_family) == AF_INET6)
-    socklen = sizeof(struct sockaddr_in6);
-
-  return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->remote_end_), socklen);
+  return sendto(sock->active_sock_->fd_, buf, len, 0, (struct sockaddr *)&(sock->active_sock_->remote_end_.addr_), sock->active_sock_->remote_end_.len_);

 }
 }

-

diff --git a/src/udp.h b/src/udp.h
index edf0160..d0d218d 100644 (file)
--- a/src/udp.h
+++ b/src/udp.h
@@ -10,12 +10,12 @@
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and
  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
  *  ethernet, ip, arp ...). satp directly includes cryptography and

- *  message authentication based on the methodes used by SRTP.  It is
+ *  message authentication based on the methods used by SRTP.  It is

  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.
  *  intended to deliver a generic, scaleable and secure solution for
  *  tunneling and relaying of packets of any protocol.

- *  

  *
  *

- *  Copyright (C) 2007-2010 Christian Pointner <equinox@anytun.org>
+ *
+ *  Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>

  *
  *  This file is part of uAnytun.
  *
  *
  *  This file is part of uAnytun.
  *


@@ -31,6 +31,19 @@
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with uAnytun. If not, see <http://www.gnu.org/licenses/>.

+ *
+ *  In addition, as a special exception, the copyright holders give
+ *  permission to link the code of portions of this program with the
+ *  OpenSSL library under certain conditions as described in each
+ *  individual source file, and distribute linked combinations
+ *  including the two.
+ *  You must obey the GNU General Public License in all respects
+ *  for all of the code used other than OpenSSL.  If you modify
+ *  file(s) with this exception, you may extend this exception to your
+ *  version of the file(s), but you are not obligated to do so.  If you
+ *  do not wish to do so, delete this exception statement from your
+ *  version.  If you delete this exception statement from all source
+ *  files in the program, then also delete it here.

  */
 
 #ifndef UANYTUN_udp_h_INCLUDED
  */
 
 #ifndef UANYTUN_udp_h_INCLUDED


@@ -41,11 +54,17 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 
 #include <sys/types.h>
 #include <sys/socket.h>
 

-typedef struct sockaddr_storage udp_endpoint_t;
+typedef struct {
+  socklen_t len_;
+  struct sockaddr_storage addr_;
+} udp_endpoint_t;

 
 struct udp_socket_struct {
   int fd_;
 
 struct udp_socket_struct {
   int fd_;

+  unsigned int idx_;

   udp_endpoint_t local_end_;
   udp_endpoint_t local_end_;

+  udp_endpoint_t remote_end_;
+  int remote_end_set_;

   struct udp_socket_struct* next_;
 };
 typedef struct udp_socket_struct udp_socket_t;
   struct udp_socket_struct* next_;
 };
 typedef struct udp_socket_struct udp_socket_t;


@@ -53,19 +72,17 @@ typedef struct udp_socket_struct udp_socket_t;
 struct udp_struct {
   udp_socket_t* socks_;
   udp_socket_t* active_sock_;
 struct udp_struct {
   udp_socket_t* socks_;
   udp_socket_t* active_sock_;

-  udp_endpoint_t remote_end_;
-  int remote_end_set_;

 };
 typedef struct udp_struct udp_t;
 
 int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type);
 };
 typedef struct udp_struct udp_t;
 
 int udp_init(udp_t* sock, const char* local_addr, const char* port, resolv_addr_type_t resolv_type);

-int udp_init_fd_set(udp_t* sock, fd_set* set);
-int udp_set_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type);
-void udp_set_active_sock(udp_t* sock, int fd);
+int udp_fill_fd_set(udp_t* sock, fd_set* set);
+int udp_has_remote(udp_t* sock);
+int udp_resolv_remote(udp_t* sock, const char* remote_addr, const char* port, resolv_addr_type_t resolv_type);
+void udp_update_remote(udp_t* sock, int fd, udp_endpoint_t* remote);

 void udp_close(udp_t* sock);
 
 void udp_close(udp_t* sock);
 

-char* udp_endpoint_to_string(udp_endpoint_t e);
-char* udp_get_remote_end_string(udp_t* sock);
+char* udp_endpoint_to_string(udp_endpoint_t* e);

 
 int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end);
 int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len);
 
 int udp_read(udp_t* sock, int fd, u_int8_t* buf, u_int32_t len, udp_endpoint_t* remote_end);
 int udp_write(udp_t* sock, u_int8_t* buf, u_int32_t len);

diff --git a/version b/version
index 1c09c74..c2c0004 100644 (file)
--- a/version
+++ b/version
@@ -1 +1 @@
-0.3.3
+0.3.5