From: Michael Prokop Date: Fri, 29 Aug 2014 20:45:10 +0000 (-0700) Subject: Imported Upstream version 0.3.5 X-Git-Tag: upstream/0.3.5^0 X-Git-Url: https://git.syn-net.org/?p=debian%2Fuanytun.git;a=commitdiff_plain;h=71f6f666a3d69c6e1e7a77e238362c5bbe288e66 Imported Upstream version 0.3.5 --- diff --git a/ChangeLog b/ChangeLog index 33d4752..8b9c45a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2014.06.21 -- Version 0.3.5 + +* added support for libnettle as crypt library +* added an exception to the license which allows linking with OpenSSL + +2014.06.08 -- Version 0.3.4 + +* fixed build issues for clang +* refactored the multi socket support + 2010.02.16 -- Version 0.3.3 * added -v|--version option @@ -18,11 +28,11 @@ * improved script execution * added signal handling without races * all log_targets print time now too - + 2009.05.01 -- Version 0.3 * updated to new protocol specification (extended label and crypto role) - Mind that due this protocol changes this version is incompatible to older + Mind that due this protocol changes this version is incompatible to older version of anytun and uanytun * the auth tag length can now be configured * added extended logging support (syslog, file, stdout and stderr) @@ -40,7 +50,7 @@ * fixed bug which prevents the daemon from using the right cipher key when using a key derivation rate other than 1 - + 2009.01.11 -- Version 0.2 * added crypto support using libgcrypt or openssl diff --git a/LICENSE b/LICENSE index 1406bb5..8146513 100644 --- a/LICENSE +++ b/LICENSE @@ -10,12 +10,12 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. - * * - * Copyright (C) 2007-2008 Christian Pointner + * + * Copyright (C) 2007-2014 Christian Pointner * * This file is part of uAnytun. * @@ -31,7 +31,23 @@ * * You should have received a copy of the GNU General Public License * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + * */ + + GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 diff --git a/LICENSE.OpenSSL b/LICENSE.OpenSSL new file mode 100644 index 0000000..4b57596 --- /dev/null +++ b/LICENSE.OpenSSL @@ -0,0 +1,186 @@ +/* + * uAnytun + * + * uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation uAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methods used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2014 Christian Pointner + * + * This file is part of uAnytun. + * + * uAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * uAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with uAnytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + * + */ + +Certain source files in this program permit linking with the OpenSSL +library (http://www.openssl.org), which otherwise wouldn't be allowed +under the GPL. For purposes of identifying OpenSSL, most source files +giving this permission limit it to versions of OpenSSL having a license +identical to that listed in this file (LICENSE.OpenSSL). It is not +necessary for the copyright years to match between this file and the +OpenSSL version in question. However, note that because this file is +an extension of the license statements of these source files, this file +may not be changed except with permission from all copyright holders +of source files in this program which reference this file. + + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ diff --git a/README b/README index 1c70648..dc07a11 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt, libnettle or the openssl-crypto +library. The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -11,7 +11,7 @@ Linux (this includes Debian with FreeBSD Kernel) using libgcrypt: - + build-essential libgcrypt11-dev @@ -20,6 +20,15 @@ using ssl crypto library: build-essential libssl-dev +using nettle crypto library: + + build-essential + nettle-dev + +if you want clang as compiler + + clang + if you want to rebuild the manpage: asciidoc @@ -43,7 +52,7 @@ if you want to rebuild the manpage: textproc/libxslt textproc/docbook-xsl sysutils/readlink - misc/getopt + misc/getopt @@ -72,7 +81,7 @@ using ssl crypto library: # ./configure --use-ssl-crypto # make -Notes: +Notes: - try './configure --help' for further information - if using openssl pre 0.9.8 you have to disable passphrase because openssl had no SHA256 implementation prior to this @@ -93,7 +102,7 @@ Uninstalling # sudo make remove -This removes everytthing except for the config files +This removes everything except for the config files # sudo make purge @@ -107,20 +116,20 @@ Usage: init.d script ------------- -The init.d script can be used to start uanytun at boot time. It searches for +The init.d script can be used to start uanytun at boot time. It searches for configuration files which reside at $CONFIG_DIR. For each instance of uanytun which should be started there must be a directory containing at least a file named config. This file must contain all command line parameter which should be used when starting the daemon. One line for each parameter. Empty lines and lines starting with # are ignored. Besides the config file there may be a script -named post-up.sh which will be called when the tun/tap device comes up. +named post-up.sh which will be called when the tun/tap device comes up. This is an example of how the init.d script can be used to start uanytun: # /etc/init.d/uanytun start client1 p2p-a In this case the script will start 2 instances of uanytun using the config files -$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. +$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. If no instance name is specified the script will use the file $CONFIG_DIR/autostart -to determine which instances to start or stop. This file must contain a list -of instance names which should be used when no names are specified at the command +to determine which instances to start or stop. This file must contain a list +of instance names which should be used when no names are specified at the command line. One line for each name. Empty lines and lines starting with # are ignored. diff --git a/doc/Makefile b/doc/Makefile index b5eecb8..1e4b315 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -10,12 +10,12 @@ ## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel ## mode and allows tunneling of every ETHER TYPE protocol (e.g. ## ethernet, ip, arp ...). satp directly includes cryptography and -## message authentication based on the methodes used by SRTP. It is +## message authentication based on the methods used by SRTP. It is ## intended to deliver a generic, scaleable and secure solution for ## tunneling and relaying of packets of any protocol. -## ## -## Copyright (C) 2007-2010 Christian Pointner +## +## Copyright (C) 2007-2014 Christian Pointner ## ## This file is part of uAnytun. ## @@ -32,10 +32,23 @@ ## You should have received a copy of the GNU General Public License ## along with uAnytun. If not, see . ## +## In addition, as a special exception, the copyright holders give +## permission to link the code of portions of this program with the +## OpenSSL library under certain conditions as described in each +## individual source file, and distribute linked combinations +## including the two. +## You must obey the GNU General Public License in all respects +## for all of the code used other than OpenSSL. If you modify +## file(s) with this exception, you may extend this exception to your +## version of the file(s), but you are not obligated to do so. If you +## do not wish to do so, delete this exception statement from your +## version. If you delete this exception statement from all source +## files in the program, then also delete it here. +## VERSION=$(shell cat ../version) -.PHONY: clean +.PHONY: clean all: manpage diff --git a/doc/uanytun.8 b/doc/uanytun.8 index 7126c00..299c742 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -1,13 +1,22 @@ '\" t .\" Title: uanytun .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.75.1 -.\" Date: 02/17/2010 -.\" Manual: uanytun user manual -.\" Source: uanytun 0.3.3 +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 06/21/2014 +.\" Manual: \ \& +.\" Source: \ \& .\" Language: English .\" -.TH "UANYTUN" "8" "02/17/2010" "uanytun 0.3.3" "uanytun user manual" +.TH "UANYTUN" "8" "06/21/2014" "\ \&" "\ \&" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -94,9 +103,9 @@ to write it\(cqs pid to this file\&. The default is to not create a pid file\&. .PP \fB\-L, \-\-log \fR\fB\fI:[,[,[\&.\&.]]]\fR\fR .RS 4 -add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&. +add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target has its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&. -The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config +The file target can be used more than once with different levels\&. If no target is provided at the command line a single target with the config \fIsyslog:3,uanytun,daemon\fR is added\&. @@ -216,7 +225,7 @@ does not support synchronisation it can\(cqt be used as an anycast endpoint ther .RS 4 seqence window size -Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI\fR\fR @@ -370,7 +379,7 @@ auth algo is used in which case it defaults to 0\&. \fBHost A:\fR .RS 4 .sp -uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e left +uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E have_a_very_safe_and_productive_day \-e left .RE .sp .it 1 an-trap @@ -381,7 +390,7 @@ uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ct \fBHost B:\fR .RS 4 .sp -uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e right +uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E have_a_very_safe_and_productive_day \-e right .RE .SS "One unicast and one anycast tunnel endpoint:" .sp @@ -417,4 +426,4 @@ Christian Pointner Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp -Copyright (C) 2008\-2010 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. +Copyright (C) 2008\-2014 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index 6fde9d2..ed978d4 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -51,9 +51,9 @@ DESCRIPTION (SATP). It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode. The main difference is that anycast enables the setup of tunnels between an arbitrary combination of anycast, unicast -and multicast hosts. Unlike Anytun which is a full featured implementation -uAnytun has no support for multiple connections or synchronisation. It is a -small single threaded implementation intended to act as a client on small +and multicast hosts. Unlike Anytun which is a full featured implementation +uAnytun has no support for multiple connections or synchronisation. It is a +small single threaded implementation intended to act as a client on small platforms. @@ -69,7 +69,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username ''*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname ''*:: @@ -77,30 +77,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot ''*:: - Instruct *uAnytun* to run in a chroot jail. The default is + Instruct *uAnytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid *:: - Instruct *uAnytun* to write it's pid to this file. The default is + Instruct *uAnytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target - hast its own log level which is a number between 0 and 5. Where 0 means + in order to log to different targets at the same time. Every target + has its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + - The file target can be used more the once with different levels. - If no target is provided at the command line a single target with the + The file target can be used more than once with different levels. + If no target is provided at the command line a single target with the config 'syslog:3,uanytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters - 'stderr';; log to standard error, parameters + 'stderr';; log to standard error, parameters *-U, --debug*:: - This option instructs *uAnytun* to run in debug mode. It implicits *-D* + This option instructs *uAnytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -155,7 +155,7 @@ passed to the daemon: '';; the prefix length of the network *-x, --post-up-script '