+20**.**.** -- Version ?
+
+* Security fix: packet length check errors
+* fixed droping of priveleges on FreeBSD
+* added sysExec for Windows
+* added multi socket support which allows simultanous usage
+ of IPv4 and IPv6 even on operating systems without V4_MAPPED
+ address support
+* added -v|--version option
+* added prebuilt manpage to release tarball (less build deps)
+
2009.12.02 -- Version 0.3.2
* added 64bit build target to windows build system
Linux
-----
+(this includes Debian with FreeBSD Kernel)
using libgcrypt:
libgcrypt11-dev
libboost-system1.35-dev
libboost-regex1.35-dev
-only for manpage:
+if you want to rebuild the manpage:
asciidoc
<nothing here>
common:
- devel/boost
+ devel/boost (boost-libs on newer versions of the ports tree)
devel/gmake
-only for manpage:
-
+if you want to rebuild the manpage:
textproc/asciidoc
textproc/libxslt
textproc/docbook-xsl
--- /dev/null
+##
+## anytun
+##
+## The secure anycast tunneling protocol (satp) defines a protocol used
+## for communication between any combination of unicast and anycast
+## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+## mode and allows tunneling of every ETHER TYPE protocol (e.g.
+## ethernet, ip, arp ...). satp directly includes cryptography and
+## message authentication based on the methodes used by SRTP. It is
+## intended to deliver a generic, scaleable and secure solution for
+## tunneling and relaying of packets of any protocol.
+##
+##
+## Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+## Christian Pointner <satp@wirdorange.org>
+##
+## This file is part of Anytun.
+##
+## Anytun is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## any later version.
+##
+## Anytun is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with anytun. If not, see <http://www.gnu.org/licenses/>.
+##
+
+VERSION=$(shell cat ../version)
+
+MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8
+XML := $(MANPAGES:%.8=%.8.xml)
+
+.PHONY: clean realclean
+
+all: manpage
+
+define create-manpage
+ a2x -f manpage $(1)
+ @ sed -i -e 's/\[FIXME: source\]/anytun ${VERSION}/' $(2)
+ @ sed -i -e 's/\[FIXME: manual\]/$(2:.8=) user manual/' $(2)
+ @ sed -i -e 's/^\($(subst -,\\-,$(2:.8=))\)$$/\\fB\1\\fR/' $(2)
+ @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $(2)
+endef
+
+%.8: %.8.txt
+ $(call create-manpage,$<,$@)
+
+manpage: $(MANPAGES)
+
+clean:
+ rm -f $(XML)
+
+realclean:
+ rm -f $(MANPAGES)
--- /dev/null
+anyrtpproxy(8)
+==============
+
+NAME
+----
+anyrtpproxy - anycast rtpproxy
+
+SYNOPSIS
+--------
+
+....
+anyrtpproxy
+ [ -h|--help ]
+ [ -D|--nodaemonize ]
+ [ -C|--chroot ]
+ [ -u|--username <username> ]
+ [ -H|--chroot-dir <directory> ]
+ [ -P|--write-pid <filename> ]
+ [ -i|--interface <ip-address> ]
+ [ -s|--control <hostname|ip>[:<port>] ]
+ [ -p|--port-range <start> <end> ]
+ [ -n|--nat ]
+ [ -o|--no-nat-once ]
+ [ -S|--sync-port port> ]
+ [ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
+....
+
+
+DESCRIPTION
+-----------
+
+*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
+the same control protocol than rtpproxy though it can be controled through the nathelper
+plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun*
+to sync the session information among all anycast instances.
+
+
+OPTIONS
+-------
+
+*-D, --nodaemonize*::
+ This option instructs *anyrtpproxy* to run in the foreground
+ instead of becoming a daemon.
+
+*-C, --chroot*::
+ chroot and drop privileges
+
+*-u, --username <username>*::
+ if chroot change to this user
+
+*-H, --chroot-dir <directory>*::
+ chroot to this directory
+
+*-P, --write-pid <filename>*::
+ write pid to this file
+
+*-i, --interface <ip address>*::
+ The local interface to listen on for RTP packets
+
+*-s, --control <hostname|ip>[:<port>]*::
+ The local address and port to listen on for control messages from openser
+
+*-p, --port-range <start> <end>*::
+ A pool of ports which should be used by *anyrtpproxy* to relay RTP packets.
+ The range may not overlap between the anycast instances
+
+*-n, --nat*::
+ Allow to learn the remote address and port in order to handle clients behind nat.
+ This option should only be enabled if the source is authenticated (i.e. through
+ *anytun*)
+
+*-o, --no-nat-once*::
+ Disable learning of remote address and port in case the first packet does not
+ come from the client which is specified by openser during configuration. Invoking
+ this parameter increases the security level of the system but in case of nat needs
+ a working nat transversal such as stun.
+
+*-S, --sync-port <port>*::
+ local unicast(sync) port to bind to +
+ This port is used by anycast hosts to synchronize information about tunnel
+ endpoints. No payload data is transmitted via this port. +
+ It is possible to obtain a list of active connections by telnetting into
+ this port. This port is read-only and unprotected by default. It is advised
+ to protect this port using firewall rules and, eventually, IPsec.
+
+*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
+ remote hosts to sync with +
+ Here, one has to specify all unicast IP addresses of all
+ other anycast hosts that comprise the anycast tunnel endpoint.
+
+EXAMPLES
+--------
+
+Anycast Setup with 3 instances:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+On the host with unicast hostname unicast1.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+--------------------------------------------------------------------------------------
+# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
+ -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+--------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast2.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+--------------------------------------------------------------------------------------
+# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
+ -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+--------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast3.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+--------------------------------------------------------------------------------------
+# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
+ -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
+--------------------------------------------------------------------------------------
+
+
+BUGS
+----
+Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This program is free software: you can redistribute it
+and/or modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation, either version 3 of
+the License, or any later version.
+
--- /dev/null
+'\" t
+.\" Title: anytun-config
+.\" Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\" Date: 02/16/2010
+.\" Manual: anytun-config user manual
+.\" Source: anytun 0.3.3
+.\" Language: English
+.\"
+.TH "ANYTUN\-CONFIG" "8" "02/16/2010" "anytun 0.3.3" "anytun-config user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-config \- anycast tunneling configuration utility
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-config\fR
+ [ \fB\-h|\-\-help\fR ]
+ [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]]
+ [ \fB\-U|\-\-debug\fR ]
+ [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ]
+ [ \fB\-o|\-\-remote\-port\fR <port> ]
+ [ \fB\-4|\-\-ipv4\-only\fR ]
+ [ \fB\-6|\-\-ipv6\-only\fR ]
+ [ \fB\-R|\-\-route\fR <net>/<prefix length> ]
+ [ \fB\-m|\-\-mux\fR <mux\-id> ]
+ [ \fB\-w|\-\-window\-size\fR <window size> ]
+ [ \fB\-k|\-\-kd\-prf\fR <kd\-prf type> ]
+ [ \fB\-e|\-\-role\fR <role> ]
+ [ \fB\-E|\-\-passphrase\fR <pass phrase> ]
+ [ \fB\-K|\-\-key\fR <master key> ]
+ [ \fB\-A|\-\-salt\fR <master salt> ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-config\fR writes routing/connection table entries, that can be read by \fBanytun\-controld\fR\&.
+.SH "OPTIONS"
+.PP
+\fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fIsyslog:3,anytun\-config,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fIsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fIfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fIstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fIstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-U, \-\-debug\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in debug mode\&. It implicits
+\fB\-D\fR
+(don\(cqt daemonize) and adds a log target with the configuration
+\fIstdout:5\fR
+(logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&.
+.RE
+.PP
+\fB\-r, \-\-remote\-host \fR\fB\fI<hostname|ip>\fR\fR
+.RS 4
+This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-o, \-\-remote\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-4, \-\-ipv4\-only\fR
+.RS 4
+Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-6, \-\-ipv6\-only\fR
+.RS 4
+Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-R, \-\-route \fR\fB\fI<net>/<prefix length>\fR\fR
+.RS 4
+add a route to connection\&. This can be invoked several times\&.
+.RE
+.PP
+\fB\-m, \-\-mux \fR\fB\fI<mux\-id>\fR\fR
+.RS 4
+the multiplex id to use\&. default: 0
+.RE
+.PP
+\fB\-w, \-\-window\-size \fR\fB\fI<window size>\fR\fR
+.RS 4
+seqence window size
+
+Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
+.RE
+.PP
+\fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR
+.RS 4
+key derivation pseudo random function
+
+The pseudo random function which is used for calculating the session keys and session salt\&.
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no random function, keys and salt are set to 0\&.\&.00
+.RE
+.PP
+\fIaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fIaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fIaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fIaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-e, \-\-role \fR\fB\fI<role>\fR\fR
+.RS 4
+SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are
+\fBleft\fR
+and
+\fBright\fR\&. You may also use
+\fBalice\fR
+or
+\fBserver\fR
+as a replacement for
+\fBleft\fR
+and
+\fBbob\fR
+or
+\fBclient\fR
+as a replacement for
+\fBright\fR\&. By default
+\fBleft\fR
+is used\&.
+.RE
+.PP
+\fB\-E, \-\-passphrase \fR\fB\fI<pass phrase>\fR\fR
+.RS 4
+This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using
+\fB\-\-key\fR
+and
+\fB\-\-salt\fR\&.
+.RE
+.PP
+\fB\-K, \-\-key \fR\fB\fI<master key>\fR\fR
+.RS 4
+master key to use for key derivation
+
+Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&.
+.RE
+.PP
+\fB\-A, \-\-salt \fR\fB\fI<master salt>\fR\fR
+.RS 4
+master salt to use for key derivation
+
+Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&.
+.RE
+.SH "EXAMPLES"
+.sp
+Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun\-config \-w 0 \-m 12 \-K 0123456789ABCDEFFEDCBA9876543210 \-A 0123456789ABCDDCBA9876543210 \e
+ \-R 192\&.0\&.2\&.0/24 \-R 192\&.168\&.1\&.1/32 \-e server >> routingtable
+.fi
+.if n \{\
+.RE
+.\}
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-controld(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
--- /dev/null
+anytun-config(8)
+================
+
+NAME
+----
+
+anytun-config - anycast tunneling configuration utility
+
+SYNOPSIS
+--------
+
+....
+anytun-config
+ [ -h|--help ]
+ [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
+ [ -U|--debug ]
+ [ -r|--remote-host <hostname|ip> ]
+ [ -o|--remote-port <port> ]
+ [ -4|--ipv4-only ]
+ [ -6|--ipv6-only ]
+ [ -R|--route <net>/<prefix length> ]
+ [ -m|--mux <mux-id> ]
+ [ -w|--window-size <window size> ]
+ [ -k|--kd-prf <kd-prf type> ]
+ [ -e|--role <role> ]
+ [ -E|--passphrase <pass phrase> ]
+ [ -K|--key <master key> ]
+ [ -A|--salt <master salt> ]
+....
+
+DESCRIPTION
+-----------
+
+*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
+
+OPTIONS
+-------
+
+*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
+ add log target to logging system. This can be invoked several times
+ in order to log to different targets at the same time. Every target
+ hast its own log level which is a number between 0 and 5. Where 0 means
+ disabling log and 5 means debug messages are enabled. +
+ The file target can be used more the once with different levels.
+ If no target is provided at the command line a single target with the
+ config 'syslog:3,anytun-config,daemon' is added. +
+ The following targets are supported:
+
+ 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+ 'file';; log to file, parameters <level>[,<path>]
+ 'stdout';; log to standard output, parameters <level>
+ 'stderr';; log to standard error, parameters <level>
+
+*-U, --debug*::
+ This option instructs *Anytun* to run in debug mode. It implicits *-D*
+ (don't daemonize) and adds a log target with the configuration
+ 'stdout:5' (logging with maximum level). In future releases there might
+ be additional output when this option is supplied.
+
+*-r, --remote-host '<hostname|ip>'*::
+ This option can be used to specify the remote tunnel
+ endpoint. In case of anycast tunnel endpoints, the
+ anycast IP address has to be used. If you do not specify
+ an address, it is automatically determined after receiving
+ the first data packet.
+
+*-o, --remote-port '<port>'*::
+ The UDP port used for payload data by the remote host
+ (specified with -p on the remote host). If you do not specify
+ a port, it is automatically determined after receiving
+ the first data packet.
+
+*-4, --ipv4-only*::
+ Resolv to IPv4 addresses only. The default is to resolv both
+ IPv4 and IPv6 addresses.
+
+*-6, --ipv6-only*::
+ Resolv to IPv6 addresses only. The default is to resolv both
+ IPv4 and IPv6 addresses.
+
+*-R, --route '<net>/<prefix length>'*::
+ add a route to connection. This can be invoked several times.
+
+*-m, --mux '<mux-id>'*::
+ the multiplex id to use. default: 0
+
+*-w, --window-size '<window size>'*::
+ seqence window size +
+ Sometimes, packets arrive out of order on the receiver
+ side. This option defines the size of a list of received
+ packets' sequence numbers. If, according to this list,
+ a received packet has been previously received or has
+ been transmitted in the past, and is therefore not in
+ the list anymore, this is interpreted as a replay attack
+ and the packet is dropped. A value of 0 deactivates this
+ list and, as a consequence, the replay protection employed
+ by filtering packets according to their secuence number.
+ By default the sequence window is disabled and therefore a
+ window size of 0 is used.
+
+*-k, --kd--prf '<kd-prf type>'*::
+ key derivation pseudo random function +
+ The pseudo random function which is used for calculating the
+ session keys and session salt. +
+ Possible values:
+
+ 'null';; no random function, keys and salt are set to 0..00
+ 'aes-ctr';; AES in counter mode with 128 Bits, default value
+ 'aes-ctr-128';; AES in counter mode with 128 Bits
+ 'aes-ctr-192';; AES in counter mode with 192 Bits
+ 'aes-ctr-256';; AES in counter mode with 256 Bits
+
+*-e, --role '<role>'*::
+ SATP uses different session keys for inbound and outbound traffic. The
+ role parameter is used to determine which keys to use for outbound or
+ inbound packets. On both sides of a vpn connection different roles have
+ to be used. Possible values are *left* and *right*. You may also use
+ *alice* or *server* as a replacement for *left* and *bob* or *client* as
+ a replacement for *right*. By default *left* is used.
+
+*-E, --passphrase '<pass phrase>'*::
+ This passphrase is used to generate the master key and master salt.
+ For the master key the last n bits of the SHA256 digest of the
+ passphrase (where n is the length of the master key in bits) is used.
+ The master salt gets generated with the SHA1 digest.
+ You may force a specific key and or salt by using *--key* and *--salt*.
+
+*-K, --key '<master key>'*::
+ master key to use for key derivation +
+ Master key in hexadecimal notation, e.g.
+ 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
+ of 32, 48 or 64 characters (128, 192 or 256 bits).
+
+*-A, --salt '<master salt>'*::
+ master salt to use for key derivation +
+ Master salt in hexadecimal notation, e.g.
+ 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
+ of 28 characters (14 bytes).
+
+
+EXAMPLES
+--------
+
+Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
+
+------------------------------------------------------------------------------------------------
+# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
+ -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
+------------------------------------------------------------------------------------------------
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8), anytun-controld(8), anytun-showtables(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This program is free software: you can redistribute it
+and/or modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation, either version 3 of
+the License, or any later version.
--- /dev/null
+'\" t
+.\" Title: anytun-controld
+.\" Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\" Date: 02/16/2010
+.\" Manual: anytun-controld user manual
+.\" Source: anytun 0.3.3
+.\" Language: English
+.\"
+.TH "ANYTUN\-CONTROLD" "8" "02/16/2010" "anytun 0.3.3" "anytun-controld user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-controld \- anycast tunneling control daemon
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-controld\fR
+ [ \fB\-h|\-\-help\fR ]
+ [ \fB\-D|\-\-nodaemonize\fR ]
+ [ \fB\-u|\-\-username\fR <username> ]
+ [ \fB\-g|\-\-groupname\fR <groupname> ]
+ [ \fB\-C|\-\-chroot\fR <path> ]
+ [ \fB\-P|\-\-write\-pid\fR <filename> ]
+ [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]] ]
+ [ \fB\-U|\-\-debug\fR ]
+ [ \fB\-f|\-\-file\fR <path> ]
+ [ \fB\-X|\-\-control\-host\fR < <host>[:port>] | :<port> > ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-controld\fR configures the multi\-connection support for \fBAnytun\fR\&. It reads a connection/routing table and outputs it via a tcp socket to all connected \fBAnytun\fR servers\&. When the control daemon is restarted with a new connection/routing table all \fBAnytun\fR servers automatically load the new configuration\&. Please make sure to protect that information as it contains the connection keys\&.
+.SH "OPTIONS"
+.PP
+\fB\-D, \-\-nodaemonize\fR
+.RS 4
+This option instructs
+\fBanytun\-controld\fR
+to run in foreground instead of becoming a daemon which is the default\&.
+.RE
+.PP
+\fB\-u, \-\-username \fR\fB\fI<username>\fR\fR
+.RS 4
+run as this user\&. If no group is specified (\fB\-g\fR) the default group of the user is used\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-g, \-\-groupname \fR\fB\fI<groupname>\fR\fR
+.RS 4
+run as this group\&. If no username is specified (\fB\-u\fR) this gets ignored\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-C, \-\-chroot \fR\fB\fI<path>\fR\fR
+.RS 4
+Instruct
+\fBanytun\-controld\fR
+to run in a chroot jail\&. The default is to not run in chroot\&.
+.RE
+.PP
+\fB\-P, \-\-write\-pid \fR\fB\fI<filename>\fR\fR
+.RS 4
+Instruct
+\fBanytun\-controld\fR
+to write it\(cqs pid to this file\&. The default is to not create a pid file\&.
+.RE
+.PP
+\fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fIsyslog:3,anytun\-controld,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fIsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fIfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fIstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fIstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-U, \-\-debug\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in debug mode\&. It implicits
+\fB\-D\fR
+(don\(cqt daemonize) and adds a log target with the configuration
+\fIstdout:5\fR
+(logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&.
+.RE
+.PP
+\fB\-f, \-\-file \fR\fB\fI<path>\fR\fR
+.RS 4
+The path to the file which holds the sync information\&.
+.RE
+.PP
+\fB\-X, \-\-control\-host \fR\fB\fI<hostname|ip>[:<port>]\fR\fR
+.RS 4
+fetch the config from this host\&. The default is not to use a control host and therefore this is empty\&. Mind that the port can be omitted in which case port 2323 is used\&. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg\&.: [::1]:1234\&. If you want to use the default port [ and ] can be omitted\&.
+.RE
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-config(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
--- /dev/null
+anytun-controld(8)
+==================
+
+NAME
+----
+
+anytun-controld - anycast tunneling control daemon
+
+SYNOPSIS
+--------
+
+....
+anytun-controld
+ [ -h|--help ]
+ [ -D|--nodaemonize ]
+ [ -u|--username <username> ]
+ [ -g|--groupname <groupname> ]
+ [ -C|--chroot <path> ]
+ [ -P|--write-pid <filename> ]
+ [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
+ [ -U|--debug ]
+ [ -f|--file <path> ]
+ [ -X|--control-host < <host>[:port>] | :<port> > ]
+....
+
+DESCRIPTION
+-----------
+
+*anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys.
+
+OPTIONS
+-------
+
+*-D, --nodaemonize*::
+ This option instructs *anytun-controld* to run in foreground
+ instead of becoming a daemon which is the default.
+
+*-u, --username '<username>'*::
+ run as this user. If no group is specified (*-g*) the default group of
+ the user is used. The default is to not drop privileges.
+
+*-g, --groupname '<groupname>'*::
+ run as this group. If no username is specified (*-u*) this gets ignored.
+ The default is to not drop privileges.
+
+*-C, --chroot '<path>'*::
+ Instruct *anytun-controld* to run in a chroot jail. The default is
+ to not run in chroot.
+
+*-P, --write-pid '<filename>'*::
+ Instruct *anytun-controld* to write it's pid to this file. The default is
+ to not create a pid file.
+
+*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
+ add log target to logging system. This can be invoked several times
+ in order to log to different targets at the same time. Every target
+ hast its own log level which is a number between 0 and 5. Where 0 means
+ disabling log and 5 means debug messages are enabled. +
+ The file target can be used more the once with different levels.
+ If no target is provided at the command line a single target with the
+ config 'syslog:3,anytun-controld,daemon' is added. +
+ The following targets are supported:
+
+ 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+ 'file';; log to file, parameters <level>[,<path>]
+ 'stdout';; log to standard output, parameters <level>
+ 'stderr';; log to standard error, parameters <level>
+
+*-U, --debug*::
+ This option instructs *Anytun* to run in debug mode. It implicits *-D*
+ (don't daemonize) and adds a log target with the configuration
+ 'stdout:5' (logging with maximum level). In future releases there might
+ be additional output when this option is supplied.
+
+*-f, --file '<path>'*::
+ The path to the file which holds the sync information.
+
+*-X, --control-host '<hostname|ip>[:<port>]'*::
+ fetch the config from this host. The default is not to use a control
+ host and therefore this is empty. Mind that the port can be omitted
+ in which case port 2323 is used. If you want to specify an
+ ipv6 address and a port you have to use [ and ] to separate the address
+ from the port, eg.: [::1]:1234. If you want to use the default port
+ [ and ] can be omitted.
+
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8), anytun-config(8), anytun-showtables(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This program is free software: you can redistribute it
+and/or modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation, either version 3 of
+the License, or any later version.
+
--- /dev/null
+'\" t
+.\" Title: anytun-showtables
+.\" Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\" Date: 02/16/2010
+.\" Manual: anytun-showtables user manual
+.\" Source: anytun 0.3.3
+.\" Language: English
+.\"
+.TH "ANYTUN\-SHOWTABLES" "8" "02/16/2010" "anytun 0.3.3" "anytun-showtables user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-showtables \- anycast tunneling routing table visualization utility
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-showtables\fR
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-showtables\fR displays routing and connection tables used by \fBAnytun\fR\&. It can be used to display a saved routing/connection table used by \fBanytun\-controld\fR or to connect to a the sync port of \fBAnytun\fR\&.
+.SH "OPTIONS"
+.sp
+This Tool does not take any options\&. It takes the sync information from the standard input and prints the routing table to the standard output\&.
+.SH "EXAMPLES"
+.sp
+Print routing table stored in local file
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# perl \-ne \'chomp; print\' < routingtable | \&./anytun\-showtables
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Print current routing table and watch changes
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# nc unicast1\&.anycast\&.anytun\&.org 23 | \&./anytun\-showtables
+.fi
+.if n \{\
+.RE
+.\}
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-controld(8), anytun\-config(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
--- /dev/null
+anytun-showtables(8)
+====================
+
+NAME
+----
+
+anytun-showtables - anycast tunneling routing table visualization utility
+
+SYNOPSIS
+--------
+
+....
+anytun-showtables
+....
+
+DESCRIPTION
+-----------
+
+*anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*.
+
+OPTIONS
+-------
+
+This Tool does not take any options. It takes the sync information from
+the standard input and prints the routing table to the standard output.
+
+EXAMPLES
+--------
+
+Print routing table stored in local file
+
+-----------------------------------------------------------------------------------
+# perl -ne 'chomp; print' < routingtable | ./anytun-showtables
+-----------------------------------------------------------------------------------
+
+Print current routing table and watch changes
+
+-----------------------------------------------------------------------------------
+# nc unicast1.anycast.anytun.org 23 | ./anytun-showtables
+-----------------------------------------------------------------------------------
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8), anytun-controld(8), anytun-config(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This program is free software: you can redistribute it
+and/or modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation, either version 3 of
+the License, or any later version.
--- /dev/null
+'\" t
+.\" Title: anytun
+.\" Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\" Date: 02/16/2010
+.\" Manual: anytun user manual
+.\" Source: anytun 0.3.3
+.\" Language: English
+.\"
+.TH "ANYTUN" "8" "02/16/2010" "anytun 0.3.3" "anytun user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun \- anycast tunneling daemon
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\fR
+ [ \fB\-h|\-\-help\fR ]
+ [ \fB\-D|\-\-nodaemonize\fR ]
+ [ \fB\-u|\-\-username\fR <username> ]
+ [ \fB\-g|\-\-groupname\fR <groupname> ]
+ [ \fB\-C|\-\-chroot\fR <path> ]
+ [ \fB\-P|\-\-write\-pid\fR <filename> ]
+ [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]] ]
+ [ \fB\-U|\-\-debug\fR ]
+ [ \fB\-i|\-\-interface\fR <ip\-address> ]
+ [ \fB\-p|\-\-port\fR <port> ]
+ [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ]
+ [ \fB\-o|\-\-remote\-port\fR <port> ]
+ [ \fB\-4|\-\-ipv4\-only\fR ]
+ [ \fB\-6|\-\-ipv6\-only\fR ]
+ [ \fB\-I|\-\-sync\-interface\fR <ip\-address> ]
+ [ \fB\-S|\-\-sync\-port\fR port> ]
+ [ \fB\-M|\-\-sync\-hosts\fR <hostname|ip>[:<port>][,<hostname|ip>[:<port>][\&.\&.\&.]] ]
+ [ \fB\-X|\-\-control\-host\fR <hostname|ip>[:<port>]
+ [ \fB\-d|\-\-dev\fR <name> ]
+ [ \fB\-t|\-\-type\fR <tun|tap> ]
+ [ \fB\-n|\-\-ifconfig\fR <local>/<prefix> ]
+ [ \fB\-x|\-\-post\-up\-script\fR <script> ]
+ [ \fB\-R|\-\-route\fR <net>/<prefix length> ]
+ [ \fB\-m|\-\-mux\fR <mux\-id> ]
+ [ \fB\-s|\-\-sender\-id\fR <sender id> ]
+ [ \fB\-w|\-\-window\-size\fR <window size> ]
+ [ \fB\-k|\-\-kd\-prf\fR <kd\-prf type> ]
+ [ \fB\-e|\-\-role\fR <role> ]
+ [ \fB\-E|\-\-passphrase\fR <pass phrase> ]
+ [ \fB\-K|\-\-key\fR <master key> ]
+ [ \fB\-A|\-\-salt\fR <master salt> ]
+ [ \fB\-c|\-\-cipher\fR <cipher type> ]
+ [ \fB\-a|\-\-auth\-algo\fR <algo type> ]
+ [ \fB\-b|\-\-auth\-tag\-length\fR <length> ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBAnytun\fR is an implementation of the Secure Anycast Tunneling Protocol (SATP)\&. It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode\&. The main difference is that anycast allows a setup of tunnels between an arbitrary combination of anycast, unicast and multicast hosts\&.
+.SH "OPTIONS"
+.sp
+\fBAnytun\fR has been designed as a peer to peer application, so there is no difference between client and server\&. The following options can be passed to the daemon:
+.PP
+\fB\-D, \-\-nodaemonize\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in foreground instead of becoming a daemon which is the default\&.
+.RE
+.PP
+\fB\-u, \-\-username \fR\fB\fI<username>\fR\fR
+.RS 4
+run as this user\&. If no group is specified (\fB\-g\fR) the default group of the user is used\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-g, \-\-groupname \fR\fB\fI<groupname>\fR\fR
+.RS 4
+run as this group\&. If no username is specified (\fB\-u\fR) this gets ignored\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-C, \-\-chroot \fR\fB\fI<path>\fR\fR
+.RS 4
+Instruct
+\fBAnytun\fR
+to run in a chroot jail\&. The default is to not run in chroot\&.
+.RE
+.PP
+\fB\-P, \-\-write\-pid \fR\fB\fI<filename>\fR\fR
+.RS 4
+Instruct
+\fBAnytun\fR
+to write it\(cqs pid to this file\&. The default is to not create a pid file\&.
+.RE
+.PP
+\fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fIsyslog:3,anytun,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fIsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fIfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fIstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fIstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-U, \-\-debug\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in debug mode\&. It implicits
+\fB\-D\fR
+(don\(cqt daemonize) and adds a log target with the configuration
+\fIstdout:5\fR
+(logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&.
+.RE
+.PP
+\fB\-i, \-\-interface \fR\fB\fI<ip address>\fR\fR
+.RS 4
+This IP address is used as the sender address for outgoing packets\&. In case of anycast tunnel endpoints, the anycast IP has to be used\&. In case of unicast endpoints, the address is usually derived correctly from the routing table\&. The default is to not use a special inteface and just bind on all interfaces\&.
+.RE
+.PP
+\fB\-p, \-\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. If a tunnel endpoint consists of multiple anycast hosts, all hosts have to use the same port\&. default: 4444
+.RE
+.PP
+\fB\-r, \-\-remote\-host \fR\fB\fI<hostname|ip>\fR\fR
+.RS 4
+This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-o, \-\-remote\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-4, \-\-ipv4\-only\fR
+.RS 4
+Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-6, \-\-ipv6\-only\fR
+.RS 4
+Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-I, \-\-sync\-interface \fR\fB\fI<ip\-address>\fR\fR
+.RS 4
+local unicast(sync) ip address to bind to
+
+This option is only needed for tunnel endpoints consisting of multiple anycast hosts\&. The unicast IP address of the anycast host can be used here\&. This is needed for communication with the other anycast hosts\&. The default is to not use a special inteface and just bind on all interfaces\&. However this is only the case if synchronisation is active see
+\fB\-\-sync\-port\fR\&.
+.RE
+.PP
+\fB\-S, \-\-sync\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+local unicast(sync) port to bind to
+
+This option is only needed for tunnel endpoints consisting of multiple anycast hosts\&. This port is used by anycast hosts to synchronize information about tunnel endpoints\&. No payload data is transmitted via this port\&. By default the synchronisation is disabled an therefore the port is kept empty\&.
+
+It is possible to obtain a list of active connections by telnetting into this port\&. This port is read\-only and unprotected by default\&. It is advised to protect this port using firewall rules and, eventually, IPsec\&.
+.RE
+.PP
+\fB\-M, \-\-sync\-hosts \fR\fB\fI<hostname|ip>[:<port>],[<hostname|ip>[:<port>][\&...]]\fR\fR
+.RS 4
+remote hosts to sync with
+
+This option is only needed for tunnel endpoints consisting of multiple anycast hosts\&. Here, one has to specify all unicast IP addresses of all other anycast hosts that comprise the anycast tunnel endpoint\&. By default synchronisation is disabled and therefore this is empty\&. Mind that the port can be omitted in which case port 2323 is used\&. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg\&.: [::1]:1234\&. If you want to use the default port [ and ] can be omitted\&.
+.RE
+.PP
+\fB\-X, \-\-control\-host \fR\fB\fI<hostname|ip>[:<port>]\fR\fR
+.RS 4
+fetch the config from this host\&. The default is not to use a control host and therefore this is empty\&. Mind that the port can be omitted in which case port 2323 is used\&. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg\&.: [::1]:1234\&. If you want to use the default port [ and ] can be omitted\&.
+.RE
+.PP
+\fB\-d, \-\-dev \fR\fB\fI<name>\fR\fR
+.RS 4
+device name
+
+By default, tapN is used for Ethernet tunnel interfaces, and tunN for IP tunnels, respectively\&. This option can be used to manually override these defaults\&.
+.RE
+.PP
+\fB\-t, \-\-type \fR\fB\fI<tun|tap>\fR\fR
+.RS 4
+device type
+
+Type of the tunnels to create\&. Use tap for Ethernet tunnels, tun for IP tunnels\&.
+.RE
+.PP
+\fB\-n, \-\-ifconfig \fR\fB\fI<local>/<prefix>\fR\fR
+.RS 4
+The local IP address and prefix length\&. The remote tunnel endpoint has to use a different IP address in the same subnet\&.
+.PP
+\fI<local>\fR
+.RS 4
+the local IP address for the tun/tap device
+.RE
+.PP
+\fI<prefix>\fR
+.RS 4
+the prefix length of the network
+.RE
+.RE
+.PP
+\fB\-x, \-\-post\-up\-script \fR\fB\fI<script>\fR\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run this script after the interface is created\&. By default no script will be executed\&.
+.RE
+.PP
+\fB\-R, \-\-route \fR\fB\fI<net>/<prefix length>\fR\fR
+.RS 4
+add a route to connection\&. This can be invoked several times\&.
+.RE
+.PP
+\fB\-m, \-\-mux \fR\fB\fI<mux\-id>\fR\fR
+.RS 4
+the multiplex id to use\&. default: 0
+.RE
+.PP
+\fB\-s, \-\-sender\-id \fR\fB\fI<sender id>\fR\fR
+.RS 4
+Each anycast tunnel endpoint needs a uniqe sender id (1, 2, 3, \&...)\&. It is needed to distinguish the senders in case of replay attacks\&. This option can be ignored on unicast endpoints\&. default: 0
+.RE
+.PP
+\fB\-w, \-\-window\-size \fR\fB\fI<window size>\fR\fR
+.RS 4
+seqence window size
+
+Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
+.RE
+.PP
+\fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR
+.RS 4
+key derivation pseudo random function
+
+The pseudo random function which is used for calculating the session keys and session salt\&.
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no random function, keys and salt are set to 0\&.\&.00
+.RE
+.PP
+\fIaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fIaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fIaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fIaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-e, \-\-role \fR\fB\fI<role>\fR\fR
+.RS 4
+SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are
+\fIleft\fR
+and
+\fIright\fR\&. You may also use
+\fIalice\fR
+or
+\fIserver\fR
+as a replacement for
+\fIleft\fR
+and
+\fIbob\fR
+or
+\fIclient\fR
+as a replacement for
+\fIright\fR\&. By default
+\fIleft\fR
+is used\&.
+.RE
+.PP
+\fB\-E, \-\-passphrase \fR\fB\fI<passphrase>\fR\fR
+.RS 4
+This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using
+\fB\-\-key\fR
+and
+\fB\-\-salt\fR\&.
+.RE
+.PP
+\fB\-K, \-\-key \fR\fB\fI<master key>\fR\fR
+.RS 4
+master key to use for key derivation
+
+Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&.
+.RE
+.PP
+\fB\-A, \-\-salt \fR\fB\fI<master salt>\fR\fR
+.RS 4
+master salt to use for key derivation
+
+Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&.
+.RE
+.PP
+\fB\-c, \-\-cipher \fR\fB\fI<cipher type>\fR\fR
+.RS 4
+payload encryption algorithm
+
+Encryption algorithm used for encrypting the payload
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no encryption
+.RE
+.PP
+\fIaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fIaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fIaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fIaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-a, \-\-auth\-algo \fR\fB\fI<algo type>\fR\fR
+.RS 4
+message authentication algorithm
+
+This option sets the message authentication algorithm\&.
+
+If HMAC\-SHA1 is used, the packet length is increased\&. The additional bytes contain the authentication data\&. see
+\fB\-\-auth\-tag\-length\fR
+for more info\&.
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no message authentication
+.RE
+.PP
+\fIsha1\fR
+.RS 4
+HMAC\-SHA1, default value
+.RE
+.RE
+.PP
+\fB\-b, \-\-auth\-tag\-length \fR\fB\fI<length>\fR\fR
+.RS 4
+The number of bytes to use for the auth tag\&. This value defaults to 10 bytes unless the
+\fInull\fR
+auth algo is used in which case it defaults to 0\&.
+.RE
+.SH "EXAMPLES"
+.SS "P2P Setup between two unicast enpoints:"
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBHost A:\fR
+.RS 4
+.sp
+anytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e left
+.RE
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBHost B:\fR
+.RS 4
+.sp
+anytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e right
+.RE
+.SS "One unicast and one anycast tunnel endpoint:"
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBUnicast tunnel endpoint:\fR
+.RS 4
+.sp
+anytun \-r anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.2/30 \-a null \-c null \-w 0 \-e client
+.RE
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBAnycast tunnel endpoints:\fR
+.RS 4
+.sp
+On the host with unicast hostname unicast1\&.anycast\&.anytun\&.org and anycast hostname anycast\&.anytun\&.org:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun \-i anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.1/30 \-a null \-c null \-w 0 \-e server \e
+ \-S 2342 \-M unicast2\&.anycast\&.anytun\&.org:2342,unicast3\&.anycast\&.anytun\&.org:2342
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+On the host with unicast hostname unicast2\&.anycast\&.anytun\&.org and anycast hostname anycast\&.anytun\&.org:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun \-i anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.1/30 \-a null \-c null \-w 0 \-e server \e
+ \-S 2342 \-M unicast1\&.anycast\&.anytun\&.org:2342,unicast3\&.anycast\&.anytun\&.org:2342
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+On the host with unicast hostname unicast3\&.anycast\&.anytun\&.org and anycast hostname anycast\&.anytun\&.org:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun \-i anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.1/30 \-a null \-c null \-w 0 \-e server \e
+ \-S 2342 \-M unicast1\&.anycast\&.anytun\&.org:2342,unicast2\&.anycast\&.anytun\&.org:2342
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+For more sophisticated examples (like multiple unicast endpoints to one anycast tunnel endpoint) please consult the man page of anytun\-config(8)\&.
+.RE
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun\-config(8), anytun\-controld(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
--- /dev/null
+anytun(8)
+=========
+
+NAME
+----
+
+anytun - anycast tunneling daemon
+
+SYNOPSIS
+--------
+
+....
+anytun
+ [ -h|--help ]
+ [ -D|--nodaemonize ]
+ [ -u|--username <username> ]
+ [ -g|--groupname <groupname> ]
+ [ -C|--chroot <path> ]
+ [ -P|--write-pid <filename> ]
+ [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
+ [ -U|--debug ]
+ [ -i|--interface <ip-address> ]
+ [ -p|--port <port> ]
+ [ -r|--remote-host <hostname|ip> ]
+ [ -o|--remote-port <port> ]
+ [ -4|--ipv4-only ]
+ [ -6|--ipv6-only ]
+ [ -I|--sync-interface <ip-address> ]
+ [ -S|--sync-port port> ]
+ [ -M|--sync-hosts <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
+ [ -X|--control-host <hostname|ip>[:<port>]
+ [ -d|--dev <name> ]
+ [ -t|--type <tun|tap> ]
+ [ -n|--ifconfig <local>/<prefix> ]
+ [ -x|--post-up-script <script> ]
+ [ -R|--route <net>/<prefix length> ]
+ [ -m|--mux <mux-id> ]
+ [ -s|--sender-id <sender id> ]
+ [ -w|--window-size <window size> ]
+ [ -k|--kd-prf <kd-prf type> ]
+ [ -e|--role <role> ]
+ [ -E|--passphrase <pass phrase> ]
+ [ -K|--key <master key> ]
+ [ -A|--salt <master salt> ]
+ [ -c|--cipher <cipher type> ]
+ [ -a|--auth-algo <algo type> ]
+ [ -b|--auth-tag-length <length> ]
+....
+
+DESCRIPTION
+-----------
+
+*Anytun* is an implementation of the Secure Anycast Tunneling Protocol
+(SATP). It provides a complete VPN solution similar to OpenVPN or
+IPsec in tunnel mode. The main difference is that anycast allows a
+setup of tunnels between an arbitrary combination of anycast, unicast
+and multicast hosts.
+
+OPTIONS
+-------
+
+*Anytun* has been designed as a peer to peer application, so there is
+no difference between client and server. The following options can be
+passed to the daemon:
+
+*-D, --nodaemonize*::
+ This option instructs *Anytun* to run in foreground
+ instead of becoming a daemon which is the default.
+
+*-u, --username '<username>'*::
+ run as this user. If no group is specified (*-g*) the default group of
+ the user is used. The default is to not drop privileges.
+
+*-g, --groupname '<groupname>'*::
+ run as this group. If no username is specified (*-u*) this gets ignored.
+ The default is to not drop privileges.
+
+*-C, --chroot '<path>'*::
+ Instruct *Anytun* to run in a chroot jail. The default is
+ to not run in chroot.
+
+*-P, --write-pid '<filename>'*::
+ Instruct *Anytun* to write it's pid to this file. The default is
+ to not create a pid file.
+
+*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
+ add log target to logging system. This can be invoked several times
+ in order to log to different targets at the same time. Every target
+ hast its own log level which is a number between 0 and 5. Where 0 means
+ disabling log and 5 means debug messages are enabled. +
+ The file target can be used more the once with different levels.
+ If no target is provided at the command line a single target with the
+ config 'syslog:3,anytun,daemon' is added. +
+ The following targets are supported:
+
+ 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+ 'file';; log to file, parameters <level>[,<path>]
+ 'stdout';; log to standard output, parameters <level>
+ 'stderr';; log to standard error, parameters <level>
+
+*-U, --debug*::
+ This option instructs *Anytun* to run in debug mode. It implicits *-D*
+ (don't daemonize) and adds a log target with the configuration
+ 'stdout:5' (logging with maximum level). In future releases there might
+ be additional output when this option is supplied.
+
+*-i, --interface '<ip address>'*::
+ This IP address is used as the sender address for outgoing
+ packets. In case of anycast tunnel endpoints, the anycast
+ IP has to be used. In case of unicast endpoints, the
+ address is usually derived correctly from the routing
+ table. The default is to not use a special inteface and just
+ bind on all interfaces.
+
+*-p, --port '<port>'*::
+ The local UDP port that is used to send and receive the
+ payload data. The two tunnel endpoints can use different
+ ports. If a tunnel endpoint consists of multiple anycast
+ hosts, all hosts have to use the same port. default: 4444
+
+*-r, --remote-host '<hostname|ip>'*::
+ This option can be used to specify the remote tunnel
+ endpoint. In case of anycast tunnel endpoints, the
+ anycast IP address has to be used. If you do not specify
+ an address, it is automatically determined after receiving
+ the first data packet.
+
+*-o, --remote-port '<port>'*::
+ The UDP port used for payload data by the remote host
+ (specified with -p on the remote host). If you do not specify
+ a port, it is automatically determined after receiving
+ the first data packet.
+
+*-4, --ipv4-only*::
+ Resolv to IPv4 addresses only. The default is to resolv both
+ IPv4 and IPv6 addresses.
+
+*-6, --ipv6-only*::
+ Resolv to IPv6 addresses only. The default is to resolv both
+ IPv4 and IPv6 addresses.
+
+*-I, --sync-interface '<ip-address>'*::
+ local unicast(sync) ip address to bind to +
+ This option is only needed for tunnel endpoints consisting
+ of multiple anycast hosts. The unicast IP address of
+ the anycast host can be used here. This is needed for
+ communication with the other anycast hosts. The default is to
+ not use a special inteface and just bind on all interfaces. However
+ this is only the case if synchronisation is active see *--sync-port*.
+
+*-S, --sync-port '<port>'*::
+ local unicast(sync) port to bind to +
+ This option is only needed for tunnel endpoints
+ consisting of multiple anycast hosts. This port is used
+ by anycast hosts to synchronize information about tunnel
+ endpoints. No payload data is transmitted via this port.
+ By default the synchronisation is disabled an therefore the
+ port is kept empty. +
+ It is possible to obtain a list of active connections
+ by telnetting into this port. This port is read-only
+ and unprotected by default. It is advised to protect
+ this port using firewall rules and, eventually, IPsec.
+
+*-M, --sync-hosts '<hostname|ip>[:<port>],[<hostname|ip>[:<port>][...]]'*::
+ remote hosts to sync with +
+ This option is only needed for tunnel endpoints consisting
+ of multiple anycast hosts. Here, one has to specify all
+ unicast IP addresses of all other anycast hosts that
+ comprise the anycast tunnel endpoint. By default synchronisation is
+ disabled and therefore this is empty. Mind that the port can be
+ omitted in which case port 2323 is used. If you want to specify an
+ ipv6 address and a port you have to use [ and ] to separate the address
+ from the port, eg.: [::1]:1234. If you want to use the default port
+ [ and ] can be omitted.
+
+*-X, --control-host '<hostname|ip>[:<port>]'*::
+ fetch the config from this host. The default is not to use a control
+ host and therefore this is empty. Mind that the port can be omitted
+ in which case port 2323 is used. If you want to specify an
+ ipv6 address and a port you have to use [ and ] to separate the address
+ from the port, eg.: [::1]:1234. If you want to use the default port
+ [ and ] can be omitted.
+
+*-d, --dev '<name>'*::
+ device name +
+ By default, tapN is used for Ethernet tunnel interfaces,
+ and tunN for IP tunnels, respectively. This option can
+ be used to manually override these defaults.
+
+*-t, --type '<tun|tap>'*::
+ device type +
+ Type of the tunnels to create. Use tap for Ethernet
+ tunnels, tun for IP tunnels.
+
+*-n, --ifconfig '<local>/<prefix>'*::
+ The local IP address and prefix length. The remote tunnel endpoint
+ has to use a different IP address in the same subnet.
+
+ '<local>';; the local IP address for the tun/tap device
+ '<prefix>';; the prefix length of the network
+
+*-x, --post-up-script '<script>'*::
+ This option instructs *Anytun* to run this script after the interface
+ is created. By default no script will be executed.
+
+*-R, --route '<net>/<prefix length>'*::
+ add a route to connection. This can be invoked several times.
+
+*-m, --mux '<mux-id>'*::
+ the multiplex id to use. default: 0
+
+*-s, --sender-id '<sender id>'*::
+ Each anycast tunnel endpoint needs a uniqe sender id
+ (1, 2, 3, ...). It is needed to distinguish the senders
+ in case of replay attacks. This option can be ignored on
+ unicast endpoints. default: 0
+
+*-w, --window-size '<window size>'*::
+ seqence window size +
+ Sometimes, packets arrive out of order on the receiver
+ side. This option defines the size of a list of received
+ packets' sequence numbers. If, according to this list,
+ a received packet has been previously received or has
+ been transmitted in the past, and is therefore not in
+ the list anymore, this is interpreted as a replay attack
+ and the packet is dropped. A value of 0 deactivates this
+ list and, as a consequence, the replay protection employed
+ by filtering packets according to their secuence number.
+ By default the sequence window is disabled and therefore a
+ window size of 0 is used.
+
+*-k, --kd--prf '<kd-prf type>'*::
+ key derivation pseudo random function +
+ The pseudo random function which is used for calculating the
+ session keys and session salt. +
+ Possible values:
+
+ 'null';; no random function, keys and salt are set to 0..00
+ 'aes-ctr';; AES in counter mode with 128 Bits, default value
+ 'aes-ctr-128';; AES in counter mode with 128 Bits
+ 'aes-ctr-192';; AES in counter mode with 192 Bits
+ 'aes-ctr-256';; AES in counter mode with 256 Bits
+
+*-e, --role '<role>'*::
+ SATP uses different session keys for inbound and outbound traffic. The
+ role parameter is used to determine which keys to use for outbound or
+ inbound packets. On both sides of a vpn connection different roles have
+ to be used. Possible values are 'left' and 'right'. You may also use
+ 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as
+ a replacement for 'right'. By default 'left' is used.
+
+*-E, --passphrase '<passphrase>'*::
+ This passphrase is used to generate the master key and master salt.
+ For the master key the last n bits of the SHA256 digest of the
+ passphrase (where n is the length of the master key in bits) is used.
+ The master salt gets generated with the SHA1 digest.
+ You may force a specific key and or salt by using *--key* and *--salt*.
+
+*-K, --key '<master key>'*::
+ master key to use for key derivation +
+ Master key in hexadecimal notation, e.g.
+ 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
+ of 32, 48 or 64 characters (128, 192 or 256 bits).
+
+*-A, --salt '<master salt>'*::
+ master salt to use for key derivation +
+ Master salt in hexadecimal notation, e.g.
+ 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
+ of 28 characters (14 bytes).
+
+*-c, --cipher '<cipher type>'*::
+ payload encryption algorithm +
+ Encryption algorithm used for encrypting the payload +
+ Possible values:
+
+ 'null';; no encryption
+ 'aes-ctr';; AES in counter mode with 128 Bits, default value
+ 'aes-ctr-128';; AES in counter mode with 128 Bits
+ 'aes-ctr-192';; AES in counter mode with 192 Bits
+ 'aes-ctr-256';; AES in counter mode with 256 Bits
+
+*-a, --auth-algo '<algo type>'*::
+ message authentication algorithm +
+ This option sets the message authentication algorithm. +
+ If HMAC-SHA1 is used, the packet length is increased. The additional bytes
+ contain the authentication data. see *--auth-tag-length* for more info. +
+ Possible values:
+
+ 'null';; no message authentication
+ 'sha1';; HMAC-SHA1, default value
+
+*-b, --auth-tag-length '<length>'*::
+ The number of bytes to use for the auth tag. This value defaults to 10 bytes
+ unless the 'null' auth algo is used in which case it defaults to 0.
+
+
+EXAMPLES
+--------
+
+P2P Setup between two unicast enpoints:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Host A:
+^^^^^^^
+
+anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
+ -E have_a_very_safe_and_productive_day -e left
+
+Host B:
+^^^^^^^
+anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
+ -E have_a_very_safe_and_productive_day -e right
+
+
+One unicast and one anycast tunnel endpoint:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Unicast tunnel endpoint:
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client
+
+Anycast tunnel endpoints:
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+On the host with unicast hostname unicast1.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+-------------------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
+ -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+-------------------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast2.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+-------------------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
+ -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+-------------------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast3.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+-------------------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
+ -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
+-------------------------------------------------------------------------------------------------
+
+For more sophisticated examples (like multiple unicast endpoints to one
+anycast tunnel endpoint) please consult the man page of anytun-config(8).
+
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun-config(8), anytun-controld(8), anytun-showtables(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This program is free software: you can redistribute it
+and/or modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation, either version 3 of
+the License, or any later version.
#kd-prf aes-ctr-256
## Device name
-#dev uanytun0
+#dev anytun0
## Manually set encryption key and salt
## (this replaces the passphrase)
#kd-prf aes-ctr-256
## Device name
-#dev uanytun0
+#dev anytun0
## Manually set encryption key and salt
## (this replaces the passphrase)
DESC=anytun
CONFIG_DIR=/etc/anytun
VARCONFIG_DIR=/var/run/anytun-controld
-VARRUN_DIR=/var/run/anytun
+VARRUN_DIR=/var/run/$NAME/
test -x $DAEMON || exit 0
test -d $VARCONFIG_DIR || mkdir -p $VARCONFIG_DIR
chmod 700 $VARCONFIG_DIR
rm -f $VARCONFIG_DIR/$NAME 2>/dev/null
+ KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo`
for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do
echo -n " ($CLIENTNAME)"
DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo`
- $ANYTUNCONFIG $DAEMONARG >> $VARCONFIG_DIR/$NAME
+ $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONFIG_DIR/$NAME
done
- CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/'`
+ CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo`
$CONTROLDAEMON -f $VARCONFIG_DIR/$NAME $DAEMONOPTS $CONTROLHOST \
--write-pid $VARCONFIG_DIR/$NAME.pid
# rm -f $VARCONFIG_DIR/$NAME
}
stop_configd () {
if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
- echo -n " ($NAME)"
+ echo -n " ($NAME-controlld)"
kill `cat $VARCONFIG_DIR/$NAME.pid` || true
rm $VARCONFIG_DIR/$NAME.pid
fi
echo -n "Stoping $DESC:"
if test -z "$2" ; then
for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
- NAME=`echo $PIDFILE | cut -c17-`
+ NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
stop_vpn
[ -z "$1" ] && break
if test -e $VARRUN_DIR/$1.pid ; then
PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
- NAME=`echo $PIDFILE | cut -c17-`
+ NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
stop_vpn
echo -n "Reloading $DESC:"
if test -z "$2" ; then
for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
- NAME=`echo $PIDFILE | cut -c17-`
+ NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
[ -z "$1" ] && break
if test -e $VARRUN_DIR/$1.pid ; then
PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
- NAME=`echo $PIDFILE | cut -c17-`
+ NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
echo -n "Restarting $DESC:"
if test -z "$2" ; then
for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
- NAME=`echo $PIDFILE | cut -c17-`
+ NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
stop_vpn
[ -z "$1" ] && break
if test -e $VARRUN_DIR/$1.pid ; then
PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
- NAME=`echo $PIDFILE | cut -c17-`
+ NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
stop_vpn
+++ /dev/null
-# Doxyfile 1.5.1
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
-# by quotes) that should identify the project.
-
-PROJECT_NAME = "anytun"
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER =
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY = ./doc
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
-# 4096 sub-directories (in 2 levels) under the output directory of each output
-# format and will distribute the generated files over these directories.
-# Enabling this option can be useful when feeding doxygen a huge amount of
-# source files, where putting all generated files in the same directory would
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
-# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian,
-# Italian, Japanese, Japanese-en (Japanese with English messages), Korean,
-# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian,
-# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian.
-
-OUTPUT_LANGUAGE = English
-
-# This tag can be used to specify the encoding used in the generated output.
-# The encoding is not always determined by the language that is chosen,
-# but also whether or not the output is meant for Windows or non-Windows users.
-# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES
-# forces the Windows encoding (this is the default for the Windows binary),
-# whereas setting the tag to NO uses a Unix-style encoding (the default for
-# all platforms other than Windows).
-
-USE_WINDOWS_ENCODING = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator
-# that is used to form the text in various listings. Each string
-# in this list, if found as the leading text of the brief description, will be
-# stripped from the text and the result after processing the whole list, is
-# used as the annotated text. Otherwise, the brief description is used as-is.
-# If left blank, the following values are used ("$name" is automatically
-# replaced with the name of the entity): "The $name class" "The $name widget"
-# "The $name file" "is" "provides" "specifies" "contains"
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF =
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
-# inherited members of a class in the documentation of that class as if those
-# members were ordinary class members. Constructors, destructors and assignment
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES = YES
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user-defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. The tag can be used to show relative paths in the file list.
-# If left blank the directory from which doxygen is run is used as the
-# path to strip.
-
-STRIP_FROM_PATH =
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
-# the path mentioned in the documentation of a class, which tells
-# the reader which header file to include in order to use a class.
-# If left blank only the name of the header file containing the class
-# definition is used. Otherwise one should specify the include paths that
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH =
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful is your file systems
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like the Qt-style comments (thus requiring an
-# explicit @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member
-# documentation.
-
-DETAILS_AT_TOP = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# re-implements.
-
-INHERIT_DOCS = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
-# a new page for each member. If set to NO, the documentation of a member will
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 8
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user-defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
-# sources only. Doxygen will then generate output that is more tailored for C.
-# For instance, some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C = NO
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
-# sources only. Doxygen will then generate output that is more tailored for Java.
-# For instance, namespaces will be presented as packages, qualified scopes
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to
-# include (a tag file for) the STL sources as input, then you should
-# set this tag to YES in order to let doxygen match functions declarations and
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
-# func(std::string) {}). This also make the inheritance and collaboration
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT = NO
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
-# the same type (for instance a group of public functions) to be put as a
-# subgroup of that type (e.g. under the Public Functions section). Set it to
-# NO to prevent subgrouping. Alternatively, this can be done per class using
-# the \nosubgrouping command.
-
-SUBGROUPING = YES
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL = YES
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE = YES
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC = YES
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = YES
-
-# This flag is only useful for Objective-C code. When set to YES local
-# methods, which are defined in the implementation section but not in
-# the interface are included in the documentation.
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these classes will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS = NO
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower-case letters. If set to YES upper-case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES = YES
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put a list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = YES
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
-# brief documentation of file, namespace and class members alphabetically
-# by member name. If set to NO (the default) the members will appear in
-# declaration order.
-
-SORT_BRIEF_DOCS = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
-# sorted by fully-qualified names, including namespaces. If set to
-# NO (the default), the class list will be sorted only by class name,
-# not including the namespace part.
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or define consists of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and defines in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = YES
-
-# If the sources in your project are distributed over multiple directories
-# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
-# in the documentation. The default is NO.
-
-SHOW_DIRECTORIES = NO
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that
-# doxygen should invoke to get the current version for each file (typically from the
-# version control system). Doxygen will invoke the program by executing (via
-# popen()) the command <command> <input-file>, where <command> is the value of
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
-# provided by doxygen. Whatever the program writes to standard output
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER =
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR = YES
-
-# This WARN_NO_PARAMDOC option can be abled to get warnings for
-# functions that are documented, but have no documentation for their parameters
-# or return value. If set to NO (the default) doxygen will only warn about
-# wrong or incomplete parameter documentation, but not about the absence of
-# documentation.
-
-WARN_NO_PARAMDOC = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text. Optionally the format may contain
-# $version, which will be replaced by the version of the file (if it could
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT =
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
-# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
-
-FILE_PATTERNS =
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
-# directories that are symbolic links (a Unix filesystem feature) are excluded
-# from the input.
-
-EXCLUDE_SYMLINKS = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories. Note that the wildcards are matched
-# against the file with absolute path, so to exclude all test directories
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH =
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output. If FILTER_PATTERNS is specified, this tag will be
-# ignored.
-
-INPUT_FILTER =
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
-# basis. Doxygen will compare the file name with each pattern and apply the
-# filter if there is a match. The filters are a list of the form:
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
-# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
-# is applied to all files.
-
-FILTER_PATTERNS =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-# Note: To get rid of all source code in the generated output, make sure also
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default)
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES (the default)
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION = YES
-
-# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
-# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
-# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
-# link to the source code. Otherwise they will link to the documentstion.
-
-REFERENCES_LINK_SOURCE = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code
-# will point to the HTML generated by the htags(1) tool instead of doxygen
-# built-in source browser. The htags tool is part of GNU's global source
-# tagging system (see http://www.gnu.org/software/global/global.html). You
-# will need version 4.8.6 or higher.
-
-USE_HTAGS = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header.
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet. Note that doxygen will try to copy
-# the style sheet file to the HTML output directory, so don't put your own
-# stylesheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET =
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
-# files or namespaces will be aligned in HTML using tables. If set to
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output directory.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
-# top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it.
-
-DISABLE_INDEX = NO
-
-# This tag can be used to set the number of enum values (range [1..20])
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
-# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
-# probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW = YES
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX = YES
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, a4wide, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER =
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = NO
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = NO
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not
-# include the index chapters (such as File Index, Compound Index, etc.)
-# in the output.
-
-LATEX_HIDE_INDICES = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimized for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assignments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation.
-
-GENERATE_XML = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD =
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
-# dump the program listings (including syntax highlighting
-# and cross-referencing information) to the XML output. Note that
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader. This is useful
-# if you want to understand what is going on. On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed. To prevent a macro definition from being
-# undefined via #undef or recursively expanded use the := operator
-# instead of the = operator.
-
-PREDEFINED =
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all function-like macros that are alone
-# on a line, have an all uppercase name, and do not end with a semicolon. Such
-# function macros are typically used for boiler-plate code, and will confuse
-# the parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles.
-# Optionally an initial location of the external documentation
-# can be added for each tagfile. The format of a tag file without
-# this location is as follows:
-# TAGFILES = file1 file2 ...
-# Adding location for the tag files is done as follows:
-# TAGFILES = file1=loc1 "file2 = loc2" ...
-# where "loc1" and "loc2" can be relative or absolute paths or
-# URLs. If a location is present for each tag, the installdox tool
-# does not have to be run to correct the links.
-# Note that each tag file must have a unique name
-# (where the name does NOT include the path)
-# If a tag file is not located in the directory in which doxygen
-# is run, you must also specify the path to the tagfile here.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
-# or super classes. Setting the tag to NO turns the diagrams off. Note that
-# this option is superseded by the HAVE_DOT option below. This is only a
-# fallback. It is recommended to install and use dot, since it yields more
-# powerful graphs.
-
-CLASS_DIAGRAMS = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS = YES
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
-# collaboration diagrams in a style similar to the OMG's Unified Modeling
-# Language.
-
-UML_LOOK = NO
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will
-# generate a call dependency graph for every global function or class method.
-# Note that enabling this option will significantly increase the time of a run.
-# So in most cases it will be better to enable call graphs for selected
-# functions only using the \callgraph command.
-
-CALL_GRAPH = NO
-
-# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then doxygen will
-# generate a caller dependency graph for every global function or class method.
-# Note that enabling this option will significantly increase the time of a run.
-# So in most cases it will be better to enable caller graphs for selected
-# functions only using the \callergraph command.
-
-CALLER_GRAPH = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
-# then doxygen will show the dependencies a directory has on other directories
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_WIDTH = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT = 1024
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
-# graphs generated by dot. A depth value of 3 means that only nodes reachable
-# from the root by following a path via at most 3 edges will be shown. Nodes
-# that lay further from the root node will be omitted. Note that setting this
-# option to 1 or 2 may greatly reduce the computation time needed for large
-# code bases. Also note that a graph may be further truncated if the graph's
-# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH
-# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default),
-# the graph is not depth-constrained.
-
-MAX_DOT_GRAPH_DEPTH = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
-# background. This is disabled by default, which results in a white background.
-# Warning: Depending on the platform used, enabling this option may lead to
-# badly anti-aliased labels on the edges of a graph (i.e. they become hard to
-# read).
-
-DOT_TRANSPARENT = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
-# files in one run (i.e. multiple -o and -T options on the command line). This
-# makes dot run faster, but since only newer versions of dot (>1.8.10)
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermediate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to the search engine
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE = NO
include include.mk
endif
-OBJS := tunDevice.o \
- packetSource.o \
- buffer.o \
- syncBuffer.o \
- plainPacket.o \
- encryptedPacket.o \
- cipher.o \
- authAlgo.o \
- keyDerivation.o \
- cipherFactory.o \
- authAlgoFactory.o \
- keyDerivationFactory.o \
- connectionList.o \
- connectionParam.o \
- networkAddress.o \
- networkPrefix.o \
- routingTable.o \
- signalController.o \
- log.o \
- logTargets.o \
- sysExec.o \
- anytunError.o \
- options.o \
- seqWindow.o \
- routingTreeNode.o \
- resolver.o
+
+ANYTUNOBJS := tunDevice.o \
+ packetSource.o \
+ authAlgo.o \
+ authAlgoFactory.o \
+ cipher.o \
+ cipherFactory.o \
+ plainPacket.o \
+ encryptedPacket.o \
+ options.o \
+ signalController.o \
+ daemonService.o \
+ sysExec.o \
+ resolver.o \
+ buffer.o \
+ syncBuffer.o \
+ keyDerivation.o \
+ keyDerivationFactory.o \
+ connectionList.o \
+ connectionParam.o \
+ networkAddress.o \
+ networkPrefix.o \
+ routingTable.o \
+ routingTreeNode.o \
+ log.o \
+ logTargets.o \
+ anytunError.o \
+ seqWindow.o
+
+ANYSHOWOBJS := buffer.o \
+ syncBuffer.o \
+ keyDerivation.o \
+ keyDerivationFactory.o \
+ connectionList.o \
+ connectionParam.o \
+ networkAddress.o \
+ networkPrefix.o \
+ routingTable.o \
+ routingTreeNode.o \
+ log.o \
+ logTargets.o \
+ anytunError.o \
+ seqWindow.o \
+ nullOptions.o \
+ resolver.o
SYNCOBJS := syncServer.o \
syncClient.o \
syncTcpConnection.o
ANYCTROBJS := signalController.o \
+ daemonService.o \
anyCtrOptions.o \
buffer.o \
log.o \
EXECUTABLES := anytun anytun-config anytun-controld anytun-showtables anytun-nosync
EXEOBJS := anytun.o anytun-config.o anytun-controld.o anytun-showtables.o
-SRCS := $(OBJS:%.o=%.cpp)
+ANYTUNSRCS := $(ANYTUNOBJS:%.o=%.cpp)
+ANYSHOWSRCS := $(ANYSHOWOBJS:%.o=%.cpp)
SYNCSRCS := $(SYNCOBJS:%.o=%.cpp)
ANYCTRSRCS := $(ANYCTROBJS:%.o=%.cpp)
ANYCONFSRCS := $(ANYCONFOBJS:%.o=%.cpp)
rm -f $@.$$$$; echo '(re)building $@'
ifneq ($(MAKECMDGOALS),distclean)
--include $(SRCS:%.cpp=%.d) $(SYNCSRCS:%.cpp=%.d) $(ANYCTRSRCS:%.cpp=%.d) $(ANYCONFSRCS:%.cpp=%.d) $(EXESRCS:%.cpp=%.d)
+-include $(ANYTUNSRCS:%.cpp=%.d) $(ANYSHOWSRCS:%.cpp=%.d) $(SYNCSRCS:%.cpp=%.d) $(ANYCTRSRCS:%.cpp=%.d) $(ANYCONFSRCS:%.cpp=%.d) $(EXESRCS:%.cpp=%.d)
endif
strip: $(EXECUTABLES)
$(STRIP) -s $(EXECUTABLES)
-anytun: $(OBJS) $(SYNCOBJS) anytun.o
- $(LD) $(OBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS)
+anytun: $(ANYTUNOBJS) $(SYNCOBJS) anytun.o
+ $(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS)
-anytun-static: $(OBJS) $(SYNCOBJS) anytun-noprivdrop.o
- $(LD) $(OBJS) $(SYNCOBJS) anytun-noprivdrop.o -o $@ -Bstatic -lstdc++ -static $(LDFLAGS) -lpthread
+anytun-static: $(ANYTUNOBJS) $(SYNCOBJS) anytun-noprivdrop.o
+ $(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun-noprivdrop.o -o $@ -Bstatic -lstdc++ -static $(LDFLAGS) -lpthread
$(STRIP) -s anytun-static
-anytun-nosync: $(OBJS) anytun-nosync.o
- $(LD) $(OBJS) anytun-nosync.o -o $@ $(LDFLAGS)
+anytun-nosync: $(ANYTUNOBJS) anytun-nosync.o
+ $(LD) $(ANYTUNOBJS) anytun-nosync.o -o $@ $(LDFLAGS)
anytun-nosync.o: anytun.cpp
$(CXX) $(CXXFLAGS) -DANYTUN_NOSYNC $< -c -o anytun-nosync.o
-anytun-noprivdrop.o: anytun.cpp
- $(CXX) $(CXXFLAGS) -DNO_PRIVDROP $< -c -o anytun-noprivdrop.o
-
-anytun-showtables: $(OBJS) $(SYNCOBJS) anytun-showtables.o
- $(LD) $(OBJS) $(SYNCOBJS) anytun-showtables.o -o $@ $(LDFLAGS)
+anytun-showtables: $(ANYSHOWOBJS) $(SYNCOBJS) anytun-showtables.o
+ $(LD) $(ANYSHOWOBJS) $(SYNCOBJS) anytun-showtables.o -o $@ $(LDFLAGS)
anytun-config: $(ANYCONFOBJS) anytun-config.o
$(LD) $(ANYCONFOBJS) anytun-config.o -o $@ $(LDFLAGS)
anyConfOptions.o: options.cpp
$(CXX) $(CXXFLAGS) -DANYCONF_OPTIONS $< -c -o $@
+nullOptions.o: options.cpp
+ $(CXX) $(CXXFLAGS) $< -c -o $@
+
%.o: %.cpp
$(CXX) $(CXXFLAGS) $< -c
distclean: cleanall
find . -name *.o -exec rm -f {} \;
rm -f config.sub config.guess
+ rm -f daemonService.h
+ rm -f daemonService.cpp
+ rm -f signalHandler.hpp
+ rm -f sysExec.hpp
+ rm -f version.h
rm -f tunDevice.cpp
rm -f include.mk
cleanall: clean
- $(MAKE) --directory=$(CURDIR)/man clean
+ $(MAKE) --directory="../doc" clean
clean:
rm -f *.o
$(MAKE) --directory=$(CURDIR)/anyrtpproxy clean
manpage:
- @cd man ; $(MAKE)
+ $(MAKE) --directory="../doc" manpage
INSTALL_TARGETS := install-bin install-etc
cd conf.d ; \
for file in `ls`; do \
if [ -f $$file ]; then \
- $(INSTALL) -m 644 $$file $(DESTDIR)$(EXAMPLESDIR)/anytun/$$dir/conf.d ; \
+ $(INSTALL) -m 600 $$file $(DESTDIR)$(EXAMPLESDIR)/anytun/$$dir/conf.d ; \
fi ; \
done ; \
cd .. ; \
install-man: manpage
$(INSTALL) -d $(DESTDIR)$(MANDIR)/man8/
- $(INSTALL) -m 644 man/anytun.8 $(DESTDIR)$(MANDIR)/man8/
- $(INSTALL) -m 644 man/anytun-config.8 $(DESTDIR)$(MANDIR)/man8/
- $(INSTALL) -m 644 man/anytun-controld.8 $(DESTDIR)$(MANDIR)/man8/
- $(INSTALL) -m 644 man/anytun-showtables.8 $(DESTDIR)$(MANDIR)/man8/
+ $(INSTALL) -m 644 ../doc/anytun.8 $(DESTDIR)$(MANDIR)/man8/
+ $(INSTALL) -m 644 ../doc/anytun-config.8 $(DESTDIR)$(MANDIR)/man8/
+ $(INSTALL) -m 644 ../doc/anytun-controld.8 $(DESTDIR)$(MANDIR)/man8/
+ $(INSTALL) -m 644 ../doc/anytun-showtables.8 $(DESTDIR)$(MANDIR)/man8/
uninstall: remove
sem.up();
}
+void createConnectionResolver(PacketSourceResolverIt& it, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue, mux_t mux, Semaphore& sem)
+{
+ createConnection(*it, cl, seqSize, queue, mux, sem);
+}
+
void createConnectionError(const std::exception& e, Semaphore& sem, int& ret)
{
cLog.msg(Log::PRIO_ERROR) << "uncaught runtime error: " << e.what();
{
try
{
- bool result = gOpt.parse(argc, argv);
- if(!result) {
- gOpt.printUsage();
+ if(!gOpt.parse(argc, argv))
exit(0);
- }
+
StringList targets = gOpt.getLogTargets();
- if(targets.empty()) {
- cLog.addTarget("stderr:2");
- }
- else {
- StringList::const_iterator it;
- for(it = targets.begin();it != targets.end(); ++it)
- cLog.addTarget(*it);
- }
+ for(StringList::const_iterator it = targets.begin();it != targets.end(); ++it)
+ cLog.addTarget(*it);
}
catch(syntax_error& e)
{
UDPPacketSource::proto::endpoint endpoint;
// allow emtpy endpoint!!!
gResolver.resolveUdp(gOpt.getRemoteAddr(), gOpt.getRemotePort(),
- boost::bind(createConnection, _1, boost::ref(cl), gOpt.getSeqWindowSize(), boost::ref(queue), gOpt.getMux(), boost::ref(sem)),
+ boost::bind(createConnectionResolver, _1, boost::ref(cl), gOpt.getSeqWindowSize(), boost::ref(queue), gOpt.getMux(), boost::ref(sem)),
boost::bind(createConnectionError, _1, boost::ref(sem), boost::ref(ret)),
gOpt.getResolvAddrType());
sem.down();
#include "resolver.h"
#include "syncServer.h"
-#include "daemon.hpp"
+#include "daemonService.h"
+#include <vector>
+
+std::list<std::string> config_;
void syncOnConnect(SyncTcpConnection * connptr)
{
- std::ifstream file(gOpt.getFileName().c_str());
- if(file.is_open()) {
- std::string line;
- while (!file.eof()) {
- getline (file,line);
- connptr->Send(line);
- }
- file.close();
+ for(std::list<std::string>::const_iterator it=config_.begin(); it!=config_.end();++it)
+ {
+ connptr->Send(*it);
}
}
int main(int argc, char* argv[])
{
- bool daemonized=false;
+ DaemonService service;
try
{
try
{
- bool result = gOpt.parse(argc, argv);
- if(!result) {
- gOpt.printUsage();
+ if(!gOpt.parse(argc, argv))
exit(0);
- }
+
StringList targets = gOpt.getLogTargets();
- if(targets.empty()) {
- cLog.addTarget("syslog:3,anytun-controld,daemon");
- }
- else {
- StringList::const_iterator it;
- for(it = targets.begin();it != targets.end(); ++it)
- cLog.addTarget(*it);
- }
+ for(StringList::const_iterator it = targets.begin();it != targets.end(); ++it)
+ cLog.addTarget(*it);
}
catch(syntax_error& e)
{
std::ifstream file( gOpt.getFileName().c_str() );
if( file.is_open() )
+ {
+ std::string line;
+ while (!file.eof()) {
+ getline (file,line);
+ config_.push_back(line);
+ }
file.close();
- else {
+ } else {
std::cout << "ERROR: unable to open file!" << std::endl;
exit(-1);
}
- PrivInfo privs(gOpt.getUsername(), gOpt.getGroupname());
- if(gOpt.getDaemonize()) {
- daemonize();
- daemonized = true;
- }
+ service.initPrivs(gOpt.getUsername(), gOpt.getGroupname());
+ if(gOpt.getDaemonize())
+ service.daemonize();
- gSignalController.init();
- gResolver.init();
-
if(gOpt.getChrootDir() != "")
- do_chroot(gOpt.getChrootDir());
-
- privs.drop();
+ service.chroot(gOpt.getChrootDir());
+ service.dropPrivs();
+
+ gSignalController.init(service);
+ gResolver.init();
boost::thread * syncListenerThread;
syncListenerThread = new boost::thread(boost::bind(syncListener));
}
catch(std::runtime_error& e)
{
- if(daemonized)
+ if(service.isDaemonized())
cLog.msg(Log::PRIO_ERROR) << "uncaught runtime error, exiting: " << e.what();
else
std::cout << "uncaught runtime error, exiting: " << e.what() << std::endl;
}
catch(std::exception& e)
{
- if(daemonized)
+ if(service.isDaemonized())
cLog.msg(Log::PRIO_ERROR) << "uncaught exception, exiting: " << e.what();
else
std::cout << "uncaught exception, exiting: " << e.what() << std::endl;
#include "authAlgoFactory.h"
#include "keyDerivationFactory.h"
#include "signalController.h"
-#ifdef WIN_SERVICE
-#include "win32/winService.h"
+#ifndef _MSC_VER
+# include "daemonService.h"
+#else
+# ifdef WIN_SERVICE
+# include "win32/winService.h"
+# else
+# include "nullDaemon.h"
+# endif
#endif
#include "packetSource.h"
#include "tunDevice.h"
#include "networkAddress.h"
#endif
-
#ifndef ANYTUN_NOSYNC
#include "syncQueue.h"
#include "syncCommand.h"
#include "syncOnConnect.hpp"
#endif
-#define MAX_PACKET_LENGTH 1600
-
#include "cryptinit.hpp"
-#include "daemon.hpp"
#include "sysExec.h"
bool disableRouting = false;
#endif
}
+void createConnectionResolver(PacketSourceResolverIt& it, window_size_t seqSize, mux_t mux)
+{
+ createConnection(*it, seqSize, mux);
+}
+
void createConnectionError(const std::exception& e)
{
gSignalController.inject(SIGERROR, e.what());
std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND));
std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND));
- EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength());
+ u_int32_t auth_tag_length = gOpt.getAuthTagLength();
+ EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length);
PlainPacket plain_packet(MAX_PACKET_LENGTH);
while(1) {
if(len < 0)
continue; // silently ignore socket recv errors, this is probably no good idea...
- if(static_cast<u_int32_t>(len) < EncryptedPacket::getHeaderLength())
+ if(static_cast<u_int32_t>(len) < (EncryptedPacket::getHeaderLength() + auth_tag_length))
continue; // ignore short packets
encrypted_packet.setLength(len);
// check whether auth tag is ok or not
if(!a->checkTag(conn.kd_, encrypted_packet)) {
- cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!" << std::endl;
+ cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!";
continue;
}
}
}
-#ifndef NO_DAEMON
-void startSendRecvThreads(PrivInfo& privs, TunDevice* dev, PacketSource* src)
-#else
void startSendRecvThreads(TunDevice* dev, PacketSource* src)
-#endif
{
src->waitUntilReady();
-#ifndef NO_DAEMON
- if(gOpt.getChrootDir() != "") {
- try {
- do_chroot(gOpt.getChrootDir());
- }
- catch(const std::runtime_error& e) {
- cLog.msg(Log::PRIO_WARNING) << "ignoring chroot error: " << e.what();
- }
- }
-#ifndef NO_PRIVDROP
- privs.drop();
-#endif
-#endif
-
boost::thread(boost::bind(sender, dev, src));
boost::thread(boost::bind(receiver, dev, src));
}
-
#ifdef WIN_SERVICE
int main(int argc, char* argv[])
{
}
}
-int real_main(int argc, char* argv[])
+int real_main(int argc, char* argv[], WinService& service)
+{
#else
int main(int argc, char* argv[])
-#endif
{
-#ifdef WIN_SERVICE
- bool daemonized=true;
-#else
- bool daemonized=false;
+ DaemonService service;
#endif
try
{
try
{
- bool result = gOpt.parse(argc, argv);
- if(!result) {
- gOpt.printUsage();
+ if(!gOpt.parse(argc, argv))
exit(0);
- }
+
StringList targets = gOpt.getLogTargets();
- if(targets.empty()) {
-#ifndef _MSC_VER
- cLog.addTarget("syslog:3,anytun,daemon");
-#else
- #ifdef WIN_SERVICE
- cLog.addTarget("eventlog:3,anytun");
- #else
- cLog.addTarget("stdout:3");
- #endif
-#endif
- }
- else {
- StringList::const_iterator it;
- for(it = targets.begin();it != targets.end(); ++it)
- cLog.addTarget(*it);
- }
+ for(StringList::const_iterator it = targets.begin();it != targets.end(); ++it)
+ cLog.addTarget(*it);
}
catch(syntax_error& e)
{
gOpt.parse_post(); // print warnings
// daemonizing has to done before any thread gets started
-#ifndef NO_DAEMON
-#ifndef NO_PRIVDROP
- PrivInfo privs(gOpt.getUsername(), gOpt.getGroupname());
-#endif
- if(gOpt.getDaemonize()) {
- daemonize();
- daemonized = true;
- }
-#endif
-
- // this has to be called before the first thread is started
- gSignalController.init();
- gResolver.init();
-
-#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-// this must be called before any other libgcrypt call
- if(!initLibGCrypt())
- return -1;
-#endif
-#endif
+ service.initPrivs(gOpt.getUsername(), gOpt.getGroupname());
+ if(gOpt.getDaemonize())
+ service.daemonize();
OptionNetwork net = gOpt.getIfconfigParam();
TunDevice dev(gOpt.getDevName(), gOpt.getDevType(), net.net_addr, net.prefix_length);
cLog.msg(Log::PRIO_NOTICE) << "dev opened - name '" << dev.getActualName() << "', node '" << dev.getActualNode() << "'";
cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'";
-#ifndef NO_EXEC
+
+ SysExec * postup_script = NULL;
if(gOpt.getPostUpScript() != "") {
cLog.msg(Log::PRIO_NOTICE) << "executing post-up script '" << gOpt.getPostUpScript() << "'";
StringVector args = boost::assign::list_of(dev.getActualName())(dev.getActualNode());
- anytun_exec(gOpt.getPostUpScript(), args);
+ postup_script = new SysExec(gOpt.getPostUpScript(), args);
}
-#endif
-
+
+ if(gOpt.getChrootDir() != "") {
+ try {
+ service.chroot(gOpt.getChrootDir());
+ }
+ catch(const std::runtime_error& e) {
+ cLog.msg(Log::PRIO_WARNING) << "ignoring chroot error: " << e.what();
+ }
+ }
+ service.dropPrivs();
+
+ // this has to be called before the first thread is started
+ gSignalController.init(service);
+ gResolver.init();
+ boost::thread(boost::bind(&TunDevice::waitUntilReady,&dev));
+ if (postup_script)
+ boost::thread(boost::bind(&SysExec::waitAndDestroy,postup_script));
+
+ initCrypto();
+
PacketSource* src = new UDPPacketSource(gOpt.getLocalAddr(), gOpt.getLocalPort());
if(gOpt.getRemoteAddr() != "")
- gResolver.resolveUdp(gOpt.getRemoteAddr(), gOpt.getRemotePort(), boost::bind(createConnection, _1, gOpt.getSeqWindowSize(), gOpt.getMux()), boost::bind(createConnectionError, _1), gOpt.getResolvAddrType());
+ gResolver.resolveUdp(gOpt.getRemoteAddr(), gOpt.getRemotePort(), boost::bind(createConnectionResolver, _1, gOpt.getSeqWindowSize(), gOpt.getMux()), boost::bind(createConnectionError, _1), gOpt.getResolvAddrType());
HostList connect_to = gOpt.getRemoteSyncHosts();
#ifndef NO_ROUTING
connectThreads.create_thread(boost::bind(syncConnector, *it));
#endif
- // wait for packet source to finish in a seperate thread in order
- // to be still able to process signals while waiting
-#ifndef NO_DAEMON
- boost::thread(boost::bind(startSendRecvThreads, privs, &dev, src));
-#else
+ // wait for packet source to finish in a seperate thread in order
+ // to be still able to process signals while waiting
boost::thread(boost::bind(startSendRecvThreads, &dev, src));
-#endif
-#if defined(WIN_SERVICE)
- int ret = 0;
- gWinService.waitForStop();
-#else
int ret = gSignalController.run();
-#endif
// TODO: stop all threads and cleanup
//
// delete src;
// if(connTo)
// delete connTo;
-
-#if defined(WIN_SERVICE)
- gWinService.stop();
-#endif
return ret;
}
catch(std::runtime_error& e)
{
cLog.msg(Log::PRIO_ERROR) << "uncaught runtime error, exiting: " << e.what();
- if(!daemonized)
+ if(!service.isDaemonized())
std::cout << "uncaught runtime error, exiting: " << e.what() << std::endl;
}
catch(std::exception& e)
{
cLog.msg(Log::PRIO_ERROR) << "uncaught exception, exiting: " << e.what();
- if(!daemonized)
+ if(!service.isDaemonized())
std::cout << "uncaught exception, exiting: " << e.what() << std::endl;
}
-#if defined(WIN_SERVICE)
- gWinService.stop();
-#endif
return -1;
}
EndProject\r
Global\r
GlobalSection(SolutionConfigurationPlatforms) = preSolution\r
+ Debug with gcrypt|Win32 = Debug with gcrypt|Win32\r
+ Debug with gcrypt|x64 = Debug with gcrypt|x64\r
Debug|Win32 = Debug|Win32\r
Debug|x64 = Debug|x64\r
+ Release with gcrypt|Win32 = Release with gcrypt|Win32\r
+ Release with gcrypt|x64 = Release with gcrypt|x64\r
Release|Win32 = Release|Win32\r
Release|x64 = Release|x64\r
+ Service Debug with gcrypt|Win32 = Service Debug with gcrypt|Win32\r
+ Service Debug with gcrypt|x64 = Service Debug with gcrypt|x64\r
Service Debug|Win32 = Service Debug|Win32\r
Service Debug|x64 = Service Debug|x64\r
+ Service Release with gcrypt|Win32 = Service Release with gcrypt|Win32\r
+ Service Release with gcrypt|x64 = Service Release with gcrypt|x64\r
Service Release|Win32 = Service Release|Win32\r
Service Release|x64 = Service Release|x64\r
EndGlobalSection\r
GlobalSection(ProjectConfigurationPlatforms) = postSolution\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|Win32.ActiveCfg = Debug with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|Win32.Build.0 = Debug with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|x64.ActiveCfg = Debug with gcrypt|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|x64.Build.0 = Debug with gcrypt|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|Win32.ActiveCfg = Debug|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|Win32.Build.0 = Debug|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|x64.ActiveCfg = Debug|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|x64.Build.0 = Debug|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|Win32.ActiveCfg = Release with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|Win32.Build.0 = Release with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|x64.ActiveCfg = Release with gcrypt|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|x64.Build.0 = Release with gcrypt|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|Win32.ActiveCfg = Release|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|Win32.Build.0 = Release|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|x64.ActiveCfg = Release|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|x64.Build.0 = Release|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|Win32.ActiveCfg = Service Debug with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|Win32.Build.0 = Service Debug with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|x64.ActiveCfg = Service Debug with gcrypt|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|x64.Build.0 = Service Debug with gcrypt|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|Win32.ActiveCfg = Service Debug|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|Win32.Build.0 = Service Debug|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|x64.ActiveCfg = Service Debug|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|x64.Build.0 = Service Debug|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|Win32.ActiveCfg = Service Release with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|Win32.Build.0 = Service Release with gcrypt|Win32\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|x64.ActiveCfg = Service Release with gcrypt|x64\r
+ {12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|x64.Build.0 = Service Release with gcrypt|x64\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release|Win32.ActiveCfg = Service Release|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release|Win32.Build.0 = Service Release|Win32\r
{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release|x64.ActiveCfg = Service Release|x64\r
ProjectGUID="{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}"\r
RootNamespace="anytun"\r
Keyword="Win32Proj"\r
- AssemblyReferenceSearchPaths=""..\..\..\..\Program Files\boost\boost_1_35_0""\r
TargetFrameworkVersion="196613"\r
>\r
<Platforms>\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- AdditionalOptions="/I "C:\Program Files\boost\boost_1_35_0\""\r
Optimization="0"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
MinimalRebuild="true"\r
BasicRuntimeChecks="3"\r
RuntimeLibrary="3"\r
/>\r
</Configuration>\r
<Configuration\r
+ Name="Debug|x64"\r
+ OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ DebugInformationFormat="3"\r
+ ForcedIncludeFiles=""\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MDd.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ IgnoreAllDefaultLibraries="false"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="17"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
Name="Release|Win32"\r
OutputDirectory="Release"\r
IntermediateDirectory="Release"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="3"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MD.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Release|x64"\r
+ OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="3"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MD.lib"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="17"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Service Debug|Win32"\r
+ OutputDirectory="$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="4"\r
+ ForcedIncludeFiles=""\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MDd.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ IgnoreAllDefaultLibraries="false"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Service Debug|x64"\r
+ OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ Optimization="0"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="3"\r
+ ForcedIncludeFiles=""\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MDd.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ IgnoreAllDefaultLibraries="false"\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ TargetMachine="17"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Service Release|Win32"\r
+ OutputDirectory="$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="3"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MD.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Service Release|x64"\r
+ OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="3"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libeay32MD.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="17"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Debug with gcrypt|Win32"\r
+ OutputDirectory="$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
- RuntimeLibrary="2"\r
+ Optimization="0"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
UsePrecompiledHeader="0"\r
WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="3"\r
+ DebugInformationFormat="4"\r
+ ForcedIncludeFiles=""\r
/>\r
<Tool\r
Name="VCManagedResourceCompilerTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MD.lib"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
+ IgnoreAllDefaultLibraries="false"\r
GenerateDebugInformation="true"\r
SubSystem="1"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
TargetMachine="1"\r
/>\r
<Tool\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Service Debug|Win32"\r
- OutputDirectory="$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
+ Name="Debug with gcrypt|x64"\r
+ OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
ConfigurationType="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCMIDLTool"\r
+ TargetEnvironment="3"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- AdditionalOptions="/I "C:\Program Files\boost\boost_1_35_0\""\r
Optimization="0"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
MinimalRebuild="true"\r
BasicRuntimeChecks="3"\r
RuntimeLibrary="3"\r
UsePrecompiledHeader="0"\r
WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="4"\r
+ DebugInformationFormat="3"\r
ForcedIncludeFiles=""\r
/>\r
<Tool\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MDd.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
IgnoreAllDefaultLibraries="false"\r
GenerateDebugInformation="true"\r
SubSystem="1"\r
- TargetMachine="1"\r
+ TargetMachine="17"\r
/>\r
<Tool\r
Name="VCALinkTool"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Service Release|Win32"\r
+ Name="Release with gcrypt|Win32"\r
OutputDirectory="$(ConfigurationName)"\r
IntermediateDirectory="$(ConfigurationName)"\r
ConfigurationType="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
RuntimeLibrary="2"\r
UsePrecompiledHeader="0"\r
WarningLevel="3"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MD.lib"\r
- OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
GenerateDebugInformation="true"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Debug|x64"\r
+ Name="Release with gcrypt|x64"\r
OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
ConfigurationType="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- AdditionalOptions="/I "C:\Program Files\boost\boost_1_35_0\""\r
- Optimization="0"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
+ RuntimeLibrary="2"\r
UsePrecompiledHeader="0"\r
WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
DebugInformationFormat="3"\r
- ForcedIncludeFiles=""\r
/>\r
<Tool\r
Name="VCManagedResourceCompilerTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MDd.lib"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
- IgnoreAllDefaultLibraries="false"\r
GenerateDebugInformation="true"\r
SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
TargetMachine="17"\r
/>\r
<Tool\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Release|x64"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
+ Name="Service Debug with gcrypt|Win32"\r
+ OutputDirectory="$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
ConfigurationType="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
- RuntimeLibrary="2"\r
+ Optimization="0"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
+ MinimalRebuild="true"\r
+ BasicRuntimeChecks="3"\r
+ RuntimeLibrary="3"\r
UsePrecompiledHeader="0"\r
WarningLevel="3"\r
Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="3"\r
+ DebugInformationFormat="4"\r
+ ForcedIncludeFiles=""\r
/>\r
<Tool\r
Name="VCManagedResourceCompilerTool"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MD.lib"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
+ IgnoreAllDefaultLibraries="false"\r
GenerateDebugInformation="true"\r
SubSystem="1"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
- TargetMachine="17"\r
+ TargetMachine="1"\r
/>\r
<Tool\r
Name="VCALinkTool"\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Service Debug|x64"\r
+ Name="Service Debug with gcrypt|x64"\r
OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
ConfigurationType="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- AdditionalOptions="/I "C:\Program Files\boost\boost_1_35_0\""\r
Optimization="0"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
MinimalRebuild="true"\r
BasicRuntimeChecks="3"\r
RuntimeLibrary="3"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MDd.lib"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
/>\r
</Configuration>\r
<Configuration\r
- Name="Service Release|x64"\r
+ Name="Service Release with gcrypt|Win32"\r
+ OutputDirectory="$(ConfigurationName)"\r
+ IntermediateDirectory="$(ConfigurationName)"\r
+ ConfigurationType="1"\r
+ >\r
+ <Tool\r
+ Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
+ />\r
+ <Tool\r
+ Name="VCCustomBuildTool"\r
+ />\r
+ <Tool\r
+ Name="VCXMLDataGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCWebServiceProxyGeneratorTool"\r
+ />\r
+ <Tool\r
+ Name="VCMIDLTool"\r
+ />\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
+ RuntimeLibrary="2"\r
+ UsePrecompiledHeader="0"\r
+ WarningLevel="3"\r
+ Detect64BitPortabilityProblems="false"\r
+ DebugInformationFormat="3"\r
+ />\r
+ <Tool\r
+ Name="VCManagedResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCResourceCompilerTool"\r
+ />\r
+ <Tool\r
+ Name="VCPreLinkEventTool"\r
+ />\r
+ <Tool\r
+ Name="VCLinkerTool"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
+ OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
+ LinkIncremental="2"\r
+ AdditionalLibraryDirectories=""\r
+ GenerateDebugInformation="true"\r
+ SubSystem="1"\r
+ OptimizeReferences="2"\r
+ EnableCOMDATFolding="2"\r
+ TargetMachine="1"\r
+ />\r
+ <Tool\r
+ Name="VCALinkTool"\r
+ />\r
+ <Tool\r
+ Name="VCManifestTool"\r
+ />\r
+ <Tool\r
+ Name="VCXDCMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCBscMakeTool"\r
+ />\r
+ <Tool\r
+ Name="VCFxCopTool"\r
+ />\r
+ <Tool\r
+ Name="VCAppVerifierTool"\r
+ />\r
+ <Tool\r
+ Name="VCPostBuildEventTool"\r
+ />\r
+ </Configuration>\r
+ <Configuration\r
+ Name="Service Release with gcrypt|x64"\r
OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
ConfigurationType="1"\r
>\r
<Tool\r
Name="VCPreBuildEventTool"\r
+ CommandLine="win32/make_version_h.bat"\r
/>\r
<Tool\r
Name="VCCustomBuildTool"\r
/>\r
<Tool\r
Name="VCCLCompilerTool"\r
- PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"\r
+ PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"\r
RuntimeLibrary="2"\r
UsePrecompiledHeader="0"\r
WarningLevel="3"\r
/>\r
<Tool\r
Name="VCLinkerTool"\r
- AdditionalDependencies="libeay32MD.lib"\r
+ AdditionalDependencies="libgcrypt.lib libgpg-error.lib"\r
OutputFile="$(OutDir)\$(ProjectName)svc.exe"\r
LinkIncremental="2"\r
AdditionalLibraryDirectories=""\r
>\r
</File>\r
<File\r
- RelativePath=".\daemon.hpp"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\datatypes.h"\r
>\r
</File>\r
>\r
</File>\r
<File\r
+ RelativePath=".\nullDaemon.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\options.h"\r
>\r
</File>\r
>\r
</File>\r
<File\r
+ RelativePath=".\win32\signalHandler.hpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\win32\signalServiceHandler.hpp"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\syncBuffer.h"\r
>\r
</File>\r
>\r
</File>\r
<File\r
+ RelativePath=".\sysExec.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\threadUtils.hpp"\r
>\r
</File>\r
>\r
</File>\r
<File\r
+ RelativePath=".\nullDaemon.cpp"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\options.cpp"\r
>\r
<FileConfiguration\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
+ Name="Debug|x64"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
Name="Release|Win32"\r
>\r
<Tool\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
+ Name="Release|x64"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
Name="Service Debug|Win32"\r
>\r
<Tool\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
+ Name="Service Debug|x64"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
Name="Service Release|Win32"\r
>\r
<Tool\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
- Name="Debug|x64"\r
+ Name="Service Release|x64"\r
>\r
<Tool\r
Name="VCCLCompilerTool"\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
- Name="Release|x64"\r
+ Name="Debug with gcrypt|Win32"\r
>\r
<Tool\r
Name="VCCLCompilerTool"\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
- Name="Service Debug|x64"\r
+ Name="Debug with gcrypt|x64"\r
>\r
<Tool\r
Name="VCCLCompilerTool"\r
/>\r
</FileConfiguration>\r
<FileConfiguration\r
- Name="Service Release|x64"\r
+ Name="Release with gcrypt|Win32"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
+ Name="Release with gcrypt|x64"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
+ Name="Service Debug with gcrypt|Win32"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
+ Name="Service Debug with gcrypt|x64"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
+ Name="Service Release with gcrypt|Win32"\r
+ >\r
+ <Tool\r
+ Name="VCCLCompilerTool"\r
+ PreprocessorDefinitions="ANYTUN_OPTIONS"\r
+ />\r
+ </FileConfiguration>\r
+ <FileConfiguration\r
+ Name="Service Release with gcrypt|x64"\r
>\r
<Tool\r
Name="VCCLCompilerTool"\r
>\r
</File>\r
<File\r
+ RelativePath=".\sysExec.cpp"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\win32\tunDevice.cpp"\r
>\r
</File>\r
#define DEVICE_FILE_MAX 255
-TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400)
+TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400),sys_exec_(NULL)
{
std::string device_file = "/dev/";
bool dynamic = true;
}
}
-#elif defined(__GNUC__) && defined(__FreeBSD__)
+#elif defined(__GNUC__) && (defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
void TunDevice::init_post()
{
else {
#if defined(__GNUC__) && defined(__OpenBSD__)
args.push_back("link0");
-#elif defined(__GNUC__) && defined(__FreeBSD__)
+#elif defined(__GNUC__) && (defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
args.push_back("up");
#elif defined(__GNUC__) && defined(__NetBSD__)
// nothing to be done here
#error This Device works just for OpenBSD, FreeBSD or NetBSD
#endif
}
+ sys_exec_ = new SysExec("/sbin/ifconfig", args);
+}
- anytun_exec("/sbin/ifconfig", args);
+void TunDevice::waitUntilReady()
+{
+ if(sys_exec_)
+ SysExec::waitAndDestroy(sys_exec_);
}
+
rm -f include.mk
case $TARGET in
- Linux)
- rm -rf tunDevice.cpp
- ln -sf linux/tunDevice.cpp
+ Linux)
+ rm -f tunDevice.cpp
+ ln -sf linux/tunDevice.cpp
+ rm -f signalHandler.hpp
+ ln -sf posix/signalHandler.hpp
+ rm -f sysExec.hpp
+ ln -sf posix/sysExec.hpp
+ rm -f daemonService.h daemonService.cpp
+ ln -sf posix/posixDaemon.h daemonService.h
+ ln -sf posix/posixDaemon.cpp daemonService.cpp
echo "loading Linux specific TUN Device"
- ;;
- OpenBSD|FreeBSD|NetBSD)
- rm -rf tunDevice.cpp
- ln -sf bsd/tunDevice.cpp
+ ;;
+ OpenBSD|FreeBSD|NetBSD|GNU/kFreeBSD)
+ rm -f tunDevice.cpp
+ ln -sf bsd/tunDevice.cpp
+ rm -f signalHandler.hpp
+ ln -sf posix/signalHandler.hpp
+ rm -f sysExec.hpp
+ ln -sf posix/sysExec.hpp
+ rm -f daemonService.h daemonService.cpp
+ ln -sf posix/posixDaemon.h daemonService.h
+ ln -sf posix/posixDaemon.cpp daemonService.cpp
echo "loading BSD specific TUN Device"
CXXFLAGS=$CXXFLAGS' -I/usr/local/include'
LDFLAGS=$LDFLAGS' -L/usr/local/lib'
- ;;
- *)
- echo "Plattform not supported"
+ ;;
+ *)
+ echo "platform not supported"
exit 1
- ;;
+ ;;
esac
case $CRYPTO_LIB in
echo "not installing example files"
fi
+VERSION=`cat ../version`
+if which svn >/dev/null; then
+ SVN_REV=`svn info | grep "^Revision: " | awk '{print($2)}'`
+ if [ -n "$SVN_REV" ]; then
+ VERSION="$VERSION (svn$SVN_REV)"
+ fi
+fi
+HOSTNAME=`hostname`
+DATE=`date +"%d.%m.%Y %H:%M:%S %Z"`
+
+cat >> version.h <<EOF
+/*
+ * anytun version info
+ *
+ * this file was created automatically
+ * do not edit this file directly
+ * use ./configure instead
+ */
+
+#ifndef ANYTUN_version_h_INCLUDED
+#define ANYTUN_version_h_INCLUDED
+
+#define VERSION_STRING_0 " version $VERSION"
+#define VERSION_STRING_1 "built on $HOSTNAME, $DATE"
+
+#endif
+
+EOF
+
exit 0
#include <gcrypt.h>
// boost thread callbacks for libgcrypt
-#if defined(BOOST_HAS_PTHREADS)
-
static int boost_mutex_init(void **priv)
{
boost::mutex *lock = new boost::mutex();
{ GCRY_THREAD_OPTION_USER, NULL,
boost_mutex_init, boost_mutex_destroy,
boost_mutex_lock, boost_mutex_unlock };
-#else
-#error this libgcrypt thread callbacks only work with pthreads
-#endif
-
#define MIN_GCRYPT_VERSION "1.2.0"
#endif
#endif
+bool initCrypto()
+{
+#ifndef NO_CRYPT
+#ifndef USE_SSL_CRYPTO
+ return initLibGCrypt();
+#else
+ return true;
+#endif
+#else
+ return true;
+#endif
+}
+
#endif
+++ /dev/null
-/*
- * anytun
- *
- * The secure anycast tunneling protocol (satp) defines a protocol used
- * for communication between any combination of unicast and anycast
- * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
- * mode and allows tunneling of every ETHER TYPE protocol (e.g.
- * ethernet, ip, arp ...). satp directly includes cryptography and
- * message authentication based on the methodes used by SRTP. It is
- * intended to deliver a generic, scaleable and secure solution for
- * tunneling and relaying of packets of any protocol.
- *
- *
- * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
- * Christian Pointner <satp@wirdorange.org>
- *
- * This file is part of Anytun.
- *
- * Anytun is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * any later version.
- *
- * Anytun is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with anytun. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef ANYTUN_daemon_hpp_INCLUDED
-#define ANYTUN_daemon_hpp_INCLUDED
-#ifndef NO_DAEMON
-
-#include <poll.h>
-#include <fcntl.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "log.h"
-#include "anytunError.h"
-
-#ifndef NO_PRIVDROP
-class PrivInfo
-{
-public:
- PrivInfo(std::string const& username, std::string const& groupname)
- {
- pw_ = NULL;
- gr_ = NULL;
-
- if(username == "")
- return;
-
- pw_ = getpwnam(username.c_str());
- if(!pw_)
- AnytunError::throwErr() << "unkown user " << username;
-
- if(groupname != "")
- gr_ = getgrnam(groupname.c_str());
- else
- gr_ = getgrgid(pw_->pw_gid);
-
- if(!gr_)
- AnytunError::throwErr() << "unkown group " << groupname;
- }
-
- void drop()
- {
- if(!pw_ || !gr_)
- return;
-
- if(setgid(gr_->gr_gid))
- AnytunError::throwErr() << "setgid('" << gr_->gr_name << "') failed: " << AnytunErrno(errno);
-
- gid_t gr_list[1];
- gr_list[0] = gr_->gr_gid;
- if(setgroups (1, gr_list))
- AnytunError::throwErr() << "setgroups(['" << gr_->gr_name << "']) failed: " << AnytunErrno(errno);
-
- if(setuid(pw_->pw_uid))
- AnytunError::throwErr() << "setuid('" << pw_->pw_name << "') failed: " << AnytunErrno(errno);
-
- cLog.msg(Log::PRIO_NOTICE) << "dropped privileges to " << pw_->pw_name << ":" << gr_->gr_name;
- }
-
-private:
- struct passwd* pw_;
- struct group* gr_;
-};
-#endif
-
-void do_chroot(std::string const& chrootdir)
-{
- if (getuid() != 0)
- AnytunError::throwErr() << "this program has to be run as root in order to run in a chroot";
-
- if(chroot(chrootdir.c_str()))
- AnytunError::throwErr() << "can't chroot to " << chrootdir;
-
- cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
- if(chdir("/"))
- AnytunError::throwErr() << "can't change to /";
-}
-
-void daemonize()
-{
- std::ofstream pidFile;
- if(gOpt.getPidFile() != "") {
- pidFile.open(gOpt.getPidFile().c_str());
- if(!pidFile.is_open())
- AnytunError::throwErr() << "can't open pid file (" << gOpt.getPidFile() << "): " << AnytunErrno(errno);
- }
-
- pid_t pid;
-
- pid = fork();
- if(pid < 0)
- AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
-
- if(pid) exit(0);
-
- umask(0);
-
- if(setsid() < 0)
- AnytunError::throwErr() << "daemonizing failed at setsid(): " << AnytunErrno(errno) << ", exitting";
-
- pid = fork();
- if(pid < 0)
- AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
-
- if(pid) exit(0);
-
- if ((chdir("/")) < 0)
- AnytunError::throwErr() << "daemonizing failed at chdir(): " << AnytunErrno(errno) << ", exitting";
-
-// std::cout << "running in background now..." << std::endl;
-
- int fd;
-// for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
- for (fd=0;fd<=2;fd++) // close all file descriptors
- close(fd);
- fd = open("/dev/null",O_RDWR); // stdin
- if(fd == -1)
- cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdin";
- else {
- if(dup(fd) == -1) // stdout
- cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdout";
- if(dup(fd) == -1) // stderr
- cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stderr";
- }
-
- if(pidFile.is_open()) {
- pid_t pid = getpid();
- pidFile << pid;
- pidFile.close();
- }
-}
-#endif
-#endif
typedef DWORD system_error_t;
#endif
+#define MAX_PACKET_LENGTH 1600
+
#endif
}
#ifndef USE_SSL_CRYPTO
- Buffer digest(gcry_md_get_algo_dlen(GCRY_MD_SHA256));
+ Buffer digest(static_cast<u_int32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
#else
Buffer digest(u_int32_t(SHA256_DIGEST_LENGTH));
}
#ifndef USE_SSL_CRYPTO
- Buffer digest(gcry_md_get_algo_dlen(GCRY_MD_SHA1));
+ Buffer digest(static_cast<u_int32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
#else
Buffer digest(u_int32_t(SHA_DIGEST_LENGTH));
#include "anytunError.h"
#include "sysExec.h"
-TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400)
+TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400), sys_exec_(NULL)
{
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
std::ostringstream mtu_ss;
mtu_ss << conf_.mtu_;
StringVector args = boost::assign::list_of(actual_name_)(conf_.addr_.toString())("netmask")(conf_.netmask_.toString())("mtu")(mtu_ss.str());
- anytun_exec("/sbin/ifconfig", args);
+ sys_exec_ = new SysExec("/sbin/ifconfig", args);
+}
+
+void TunDevice::waitUntilReady()
+{
+ if(sys_exec_)
+ SysExec::waitAndDestroy(sys_exec_);
}
+++ /dev/null
-##
-## anytun
-##
-## The secure anycast tunneling protocol (satp) defines a protocol used
-## for communication between any combination of unicast and anycast
-## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
-## mode and allows tunneling of every ETHER TYPE protocol (e.g.
-## ethernet, ip, arp ...). satp directly includes cryptography and
-## message authentication based on the methodes used by SRTP. It is
-## intended to deliver a generic, scaleable and secure solution for
-## tunneling and relaying of packets of any protocol.
-##
-##
-## Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
-## Christian Pointner <satp@wirdorange.org>
-##
-## This file is part of Anytun.
-##
-## Anytun is free software: you can redistribute it and/or modify
-## it under the terms of the GNU General Public License as published by
-## the Free Software Foundation, either version 3 of the License, or
-## any later version.
-##
-## Anytun is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-## GNU General Public License for more details.
-##
-## You should have received a copy of the GNU General Public License
-## along with anytun. If not, see <http://www.gnu.org/licenses/>.
-##
-
-VERSION=$(shell cat ../../version)
-
-MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8
-XML := $(MANPAGES:%.8=%.8.xml)
-
-.PHONY: clean
-
-all: manpage
-
-define create-manpage
- a2x -f manpage $(1)
- @ sed -i -e 's/\[FIXME: source\]/anytun ${VERSION}/' $(2)
- @ sed -i -e 's/\[FIXME: manual\]/$(2:.8=) user manual/' $(2)
- @ sed -i -e 's/^\($(subst -,\\-,$(2:.8=))\)$$/\\fB\1\\fR/' $(2)
- @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $(2)
-endef
-
-%.8: %.8.txt
- $(call create-manpage,$<,$@)
-
-manpage: $(MANPAGES)
-
-clean:
- rm -f $(MANPAGES)
- rm -f $(XML)
+++ /dev/null
-anyrtpproxy(8)
-==============
-
-NAME
-----
-anyrtpproxy - anycast rtpproxy
-
-SYNOPSIS
---------
-
-....
-anyrtpproxy
- [ -h|--help ]
- [ -D|--nodaemonize ]
- [ -C|--chroot ]
- [ -u|--username <username> ]
- [ -H|--chroot-dir <directory> ]
- [ -P|--write-pid <filename> ]
- [ -i|--interface <ip-address> ]
- [ -s|--control <hostname|ip>[:<port>] ]
- [ -p|--port-range <start> <end> ]
- [ -n|--nat ]
- [ -o|--no-nat-once ]
- [ -S|--sync-port port> ]
- [ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
-....
-
-
-DESCRIPTION
------------
-
-*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
-the same control protocol than rtpproxy though it can be controled through the nathelper
-plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun*
-to sync the session information among all anycast instances.
-
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
- This option instructs *anyrtpproxy* to run in the foreground
- instead of becoming a daemon.
-
-*-C, --chroot*::
- chroot and drop privileges
-
-*-u, --username <username>*::
- if chroot change to this user
-
-*-H, --chroot-dir <directory>*::
- chroot to this directory
-
-*-P, --write-pid <filename>*::
- write pid to this file
-
-*-i, --interface <ip address>*::
- The local interface to listen on for RTP packets
-
-*-s, --control <hostname|ip>[:<port>]*::
- The local address and port to listen on for control messages from openser
-
-*-p, --port-range <start> <end>*::
- A pool of ports which should be used by *anyrtpproxy* to relay RTP packets.
- The range may not overlap between the anycast instances
-
-*-n, --nat*::
- Allow to learn the remote address and port in order to handle clients behind nat.
- This option should only be enabled if the source is authenticated (i.e. through
- *anytun*)
-
-*-o, --no-nat-once*::
- Disable learning of remote address and port in case the first packet does not
- come from the client which is specified by openser during configuration. Invoking
- this parameter increases the security level of the system but in case of nat needs
- a working nat transversal such as stun.
-
-*-S, --sync-port <port>*::
- local unicast(sync) port to bind to +
- This port is used by anycast hosts to synchronize information about tunnel
- endpoints. No payload data is transmitted via this port. +
- It is possible to obtain a list of active connections by telnetting into
- this port. This port is read-only and unprotected by default. It is advised
- to protect this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
- remote hosts to sync with +
- Here, one has to specify all unicast IP addresses of all
- other anycast hosts that comprise the anycast tunnel endpoint.
-
-EXAMPLES
---------
-
-Anycast Setup with 3 instances:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
- -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
- -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
- -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-
-BUGS
-----
-Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
-
+++ /dev/null
-anytun-config(8)
-================
-
-NAME
-----
-anytun-config - anycast tunneling configuration utility
-
-SYNOPSIS
---------
-
-....
-anytun-config
- [ -h|--help ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
- [ -r|--remote-host <hostname|ip> ]
- [ -o|--remote-port <port> ]
- [ -4|--ipv4-only ]
- [ -6|--ipv6-only ]
- [ -R|--route <net>/<prefix length> ]
- [ -m|--mux <mux-id> ]
- [ -w|--window-size <window size> ]
- [ -k|--kd-prf <kd-prf type> ]
- [ -e|--role <role> ]
- [ -E|--passphrase <pass phrase> ]
- [ -K|--key <master key> ]
- [ -A|--salt <master salt> ]
-....
-
-DESCRIPTION
------------
-
-*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
-
-OPTIONS
--------
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun-config,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-r, --remote-host <hostname|ip>*::
- This option can be used to specify the remote tunnel
- endpoint. In case of anycast tunnel endpoints, the
- anycast IP address has to be used. If you do not specify
- an address, it is automatically determined after receiving
- the first data packet.
-
-*-o, --remote-port <port>*::
- The UDP port used for payload data by the remote host
- (specified with -p on the remote host). If you do not specify
- a port, it is automatically determined after receiving
- the first data packet.
-
-*-4, --ipv4-only*::
- Resolv to IPv4 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
- Resolv to IPv6 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-R, --route <net>/<prefix length>*::
- add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
- the multiplex id to use. default: 0
-
-*-w, --window-size <window size>*::
- seqence window size +
- Sometimes, packets arrive out of order on the receiver
- side. This option defines the size of a list of received
- packets' sequence numbers. If, according to this list,
- a received packet has been previously received or has
- been transmitted in the past, and is therefore not in
- the list anymore, this is interpreted as a replay attack
- and the packet is dropped. A value of 0 deactivates this
- list and, as a consequence, the replay protection employed
- by filtering packets according to their secuence number.
- By default the sequence window is disabled and therefore a
- window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
- key derivation pseudo random function +
- The pseudo random function which is used for calculating the
- session keys and session salt. +
- Possible values:
-
- *null*;; no random function, keys and salt are set to 0..00
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
- SATP uses different session keys for inbound and outbound traffic. The
- role parameter is used to determine which keys to use for outbound or
- inbound packets. On both sides of a vpn connection different roles have
- to be used. Possible values are *left* and *right*. You may also use
- *alice* or *server* as a replacement for *left* and *bob* or *client* as
- a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
- This passphrase is used to generate the master key and master salt.
- For the master key the last n bits of the SHA256 digest of the
- passphrase (where n is the length of the master key in bits) is used.
- The master salt gets generated with the SHA1 digest.
- You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
- master key to use for key derivation +
- Master key in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
- of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
- master salt to use for key derivation +
- Master salt in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
- of 28 characters (14 bytes).
-
-
-EXAMPLES
---------
-
-Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
-
-------------------------------------------------------------------------------------------------
-# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
- -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
-------------------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
+++ /dev/null
-anytun-controld(8)
-==================
-
-NAME
-----
-anytun-controld - anycast tunneling control daemon
-
-SYNOPSIS
---------
-
-....
-anytun-controld
- [ -h|--help ]
- [ -D|--nodaemonize ]
- [ -u|--username <username> ]
- [ -g|--groupname <groupname> ]
- [ -C|--chroot <path> ]
- [ -P|--write-pid <filename> ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
- [ -f|--file <path> ]
- [ -X|--control-host < <host>[:port>] | :<port> > ]
-....
-
-DESCRIPTION
------------
-
-*anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys.
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
- This option instructs *anytun-controld* to run in foreground
- instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
- run as this user. If no group is specified (*-g*) the default group of
- the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
- run as this group. If no username is specified (*-u*) this gets ignored.
- The default is to not drop privileges.
-
-*-C, --chroot <path>*::
- Instruct *anytun-controld* to run in a chroot jail. The default is
- to not run in chroot.
-
-*-P, --write-pid <filename>*::
- Instruct *anytun-controld* to write it's pid to this file. The default is
- to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun-controld,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-f, --file <path>*::
- The path to the file which holds the sync information.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
- fetch the config from this host. The default is not to use a control
- host and therefore this is empty. Mind that the port can be omitted
- in which case port 2323 is used. If you want to specify an
- ipv6 address and a port you have to use [ and ] to seperate the address
- from the port, eg.: [::1]:1234. If you want to use the default port
- [ and ] can be omitted.
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-config(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
-
+++ /dev/null
-anytun-showtables(8)
-====================
-
-NAME
-----
-anytun-showtables - anycast tunneling routing table visualization utility
-
-SYNOPSIS
---------
-
-....
-anytun-showtables
-....
-
-DESCRIPTION
------------
-
-*anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*.
-
-OPTIONS
--------
-
-This Tool does not take any options. It takes the sync information from
-the standard input and prints the routing table to the standard output.
-
-EXAMPLES
---------
-
-Print routing table stored in local file
-
------------------------------------------------------------------------------------
-# perl -ne 'chomp; print' < routingtable | ./anytun-showtables
------------------------------------------------------------------------------------
-
-Print current routing table and watch changes
-
------------------------------------------------------------------------------------
-# nc unicast1.anycast.anytun.org 23 | ./anytun-showtables
------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-config(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
+++ /dev/null
-anytun(8)
-=========
-
-NAME
-----
-anytun - anycast tunneling daemon
-
-SYNOPSIS
---------
-
-....
-anytun
- [ -h|--help ]
- [ -D|--nodaemonize ]
- [ -u|--username <username> ]
- [ -g|--groupname <groupname> ]
- [ -C|--chroot <path> ]
- [ -P|--write-pid <filename> ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
- [ -i|--interface <ip-address> ]
- [ -p|--port <port> ]
- [ -r|--remote-host <hostname|ip> ]
- [ -o|--remote-port <port> ]
- [ -4|--ipv4-only ]
- [ -6|--ipv6-only ]
- [ -I|--sync-interface <ip-address> ]
- [ -S|--sync-port port> ]
- [ -M|--sync-hosts <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
- [ -X|--control-host <hostname|ip>[:<port>]
- [ -d|--dev <name> ]
- [ -t|--type <tun|tap> ]
- [ -n|--ifconfig <local>/<prefix> ]
- [ -x|--post-up-script <script> ]
- [ -R|--route <net>/<prefix length> ]
- [ -m|--mux <mux-id> ]
- [ -s|--sender-id <sender id> ]
- [ -w|--window-size <window size> ]
- [ -k|--kd-prf <kd-prf type> ]
- [ -e|--role <role> ]
- [ -E|--passphrase <pass phrase> ]
- [ -K|--key <master key> ]
- [ -A|--salt <master salt> ]
- [ -c|--cipher <cipher type> ]
- [ -a|--auth-algo <algo type> ]
- [ -b|--auth-tag-length <length> ]
-....
-
-DESCRIPTION
------------
-
-*Anytun* is an implementation of the Secure Anycast Tunneling Protocol
-(SATP). It provides a complete VPN solution similar to OpenVPN or
-IPsec in tunnel mode. The main difference is that anycast allows a
-setup of tunnels between an arbitrary combination of anycast, unicast
-and multicast hosts.
-
-OPTIONS
--------
-
-*Anytun* has been designed as a peer to peer application, so there is
-no difference between client and server. The following options can be
-passed to the daemon:
-
-*-D, --nodaemonize*::
- This option instructs *Anytun* to run in foreground
- instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
- run as this user. If no group is specified (*-g*) the default group of
- the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
- run as this group. If no username is specified (*-u*) this gets ignored.
- The default is to not drop privileges.
-
-*-C, --chroot <path>*::
- Instruct *Anytun* to run in a chroot jail. The default is
- to not run in chroot.
-
-*-P, --write-pid <filename>*::
- Instruct *Anytun* to write it's pid to this file. The default is
- to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-i, --interface <ip address>*::
- This IP address is used as the sender address for outgoing
- packets. In case of anycast tunnel endpoints, the anycast
- IP has to be used. In case of unicast endpoints, the
- address is usually derived correctly from the routing
- table. The default is to not use a special inteface and just
- bind on all interfaces.
-
-*-p, --port <port>*::
- The local UDP port that is used to send and receive the
- payload data. The two tunnel endpoints can use different
- ports. If a tunnel endpoint consists of multiple anycast
- hosts, all hosts have to use the same port. default: 4444
-
-*-r, --remote-host <hostname|ip>*::
- This option can be used to specify the remote tunnel
- endpoint. In case of anycast tunnel endpoints, the
- anycast IP address has to be used. If you do not specify
- an address, it is automatically determined after receiving
- the first data packet.
-
-*-o, --remote-port <port>*::
- The UDP port used for payload data by the remote host
- (specified with -p on the remote host). If you do not specify
- a port, it is automatically determined after receiving
- the first data packet.
-
-*-4, --ipv4-only*::
- Resolv to IPv4 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
- Resolv to IPv6 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-I, --sync-interface <ip-address>*::
- local unicast(sync) ip address to bind to +
- This option is only needed for tunnel endpoints consisting
- of multiple anycast hosts. The unicast IP address of
- the anycast host can be used here. This is needed for
- communication with the other anycast hosts. The default is to
- not use a special inteface and just bind on all interfaces. However
- this is only the case if synchronisation is active see *--sync-port*.
-
-*-S, --sync-port <port>*::
- local unicast(sync) port to bind to +
- This option is only needed for tunnel endpoints
- consisting of multiple anycast hosts. This port is used
- by anycast hosts to synchronize information about tunnel
- endpoints. No payload data is transmitted via this port.
- By default the synchronisation is disabled an therefore the
- port is kept empty. +
- It is possible to obtain a list of active connections
- by telnetting into this port. This port is read-only
- and unprotected by default. It is advised to protect
- this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>[:<port>],[<hostname|ip>[:<port>][...]]*::
- remote hosts to sync with +
- This option is only needed for tunnel endpoints consisting
- of multiple anycast hosts. Here, one has to specify all
- unicast IP addresses of all other anycast hosts that
- comprise the anycast tunnel endpoint. By default synchronisation is
- disabled and therefore this is empty. Mind that the port can be
- omitted in which case port 2323 is used. If you want to specify an
- ipv6 address and a port you have to use [ and ] to seperate the address
- from the port, eg.: [::1]:1234. If you want to use the default port
- [ and ] can be omitted.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
- fetch the config from this host. The default is not to use a control
- host and therefore this is empty. Mind that the port can be omitted
- in which case port 2323 is used. If you want to specify an
- ipv6 address and a port you have to use [ and ] to seperate the address
- from the port, eg.: [::1]:1234. If you want to use the default port
- [ and ] can be omitted.
-
-*-d, --dev <name>*::
- device name +
- By default, tapN is used for Ethernet tunnel interfaces,
- and tunN for IP tunnels, respectively. This option can
- be used to manually override these defaults.
-
-*-t, --type <tun|tap>*::
- device type +
- Type of the tunnels to create. Use tap for Ethernet
- tunnels, tun for IP tunnels.
-
-*-n, --ifconfig <local>/<prefix>*::
- The local IP address and prefix length. The remote tunnel endpoint
- has to use a different IP address in the same subnet.
-
- *<local>*;; the local IP address for the tun/tap device
- *<prefix>*;; the prefix length of the network
-
-*-x, --post-up-script <script>*::
- This option instructs *Anytun* to run this script after the interface
- is created. By default no script will be executed.
-
-*-R, --route <net>/<prefix length>*::
- add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
- the multiplex id to use. default: 0
-
-*-s, --sender-id <sender id>*::
- Each anycast tunnel endpoint needs a uniqe sender id
- (1, 2, 3, ...). It is needed to distinguish the senders
- in case of replay attacks. This option can be ignored on
- unicast endpoints. default: 0
-
-*-w, --window-size <window size>*::
- seqence window size +
- Sometimes, packets arrive out of order on the receiver
- side. This option defines the size of a list of received
- packets' sequence numbers. If, according to this list,
- a received packet has been previously received or has
- been transmitted in the past, and is therefore not in
- the list anymore, this is interpreted as a replay attack
- and the packet is dropped. A value of 0 deactivates this
- list and, as a consequence, the replay protection employed
- by filtering packets according to their secuence number.
- By default the sequence window is disabled and therefore a
- window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
- key derivation pseudo random function +
- The pseudo random function which is used for calculating the
- session keys and session salt. +
- Possible values:
-
- *null*;; no random function, keys and salt are set to 0..00
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
- SATP uses different session keys for inbound and outbound traffic. The
- role parameter is used to determine which keys to use for outbound or
- inbound packets. On both sides of a vpn connection different roles have
- to be used. Possible values are *left* and *right*. You may also use
- *alice* or *server* as a replacement for *left* and *bob* or *client* as
- a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
- This passphrase is used to generate the master key and master salt.
- For the master key the last n bits of the SHA256 digest of the
- passphrase (where n is the length of the master key in bits) is used.
- The master salt gets generated with the SHA1 digest.
- You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
- master key to use for key derivation +
- Master key in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
- of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
- master salt to use for key derivation +
- Master salt in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
- of 28 characters (14 bytes).
-
-*-c, --cipher <cipher type>*::
- payload encryption algorithm +
- Encryption algorithm used for encrypting the payload +
- Possible values:
-
- *null*;; no encryption
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-a, --auth-algo <algo type>*::
- message authentication algorithm +
- This option sets the message authentication algorithm. +
- If HMAC-SHA1 is used, the packet length is increased. The additional bytes
- contain the authentication data. see *--auth-tag-length* for more info. +
- Possible values:
-
- *null*;; no message authentication
- *sha1*;; HMAC-SHA1, default value
-
-*-b, --auth-tag-length <length>*::
- The number of bytes to use for the auth tag. This value defaults to 10 bytes
- unless the *null* auth algo is used in which case it defaults to 0.
-
-
-EXAMPLES
---------
-
-P2P Setup between two unicast enpoints:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Host A:
-^^^^^^^
-
-anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
- -E have_a_very_safe_and_productive_day -e left
-
-Host B:
-^^^^^^^
-anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
- -E have_a_very_safe_and_productive_day -e right
-
-
-One unicast and one anycast tunnel endpoint:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Unicast tunnel endpoint:
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client
-
-Anycast tunnel endpoints:
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
- -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
- -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
- -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-For more sophisticated examples (like multiple unicast endpoints to one
-anycast tunnel endpoint) please consult the man page of anytun-config(8).
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun-config(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "nullDaemon.h"
+
+void DaemonService::initPrivs(std::string const& username, std::string const& groupname)
+{
+// nothing here
+}
+
+void DaemonService::dropPrivs()
+{
+// nothing here
+}
+
+void DaemonService::chroot(std::string const& chrootdir)
+{
+// nothing here
+}
+
+void DaemonService::daemonize()
+{
+// nothing here
+}
+
+bool DaemonService::isDaemonized()
+{
+ return false;
+}
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_nullDaemon_h_INCLUDED
+#define ANYTUN_nullDaemon_h_INCLUDED
+
+#include <string>
+
+class DaemonService
+{
+public:
+ void initPrivs(std::string const& username, std::string const& groupname);
+ void dropPrivs();
+ void chroot(std::string const& dir);
+ void daemonize();
+ bool isDaemonized();
+};
+
+#endif
#include <sstream>
#include "datatypes.h"
+#include "version.h"
+
#include "options.h"
#include "log.h"
#include "authAlgoFactory.h"
chroot_dir_ = "";
pid_file_ = "";
+ debug_ = false;
+
file_name_ = "";
bind_to_.addr = "127.0.0.1";
bind_to_.port = "2323";
std::string str(argv[i]);
argc--;
- if(str == "-h" || str == "--help")
+ if(str == "-h" || str == "--help") {
+ printUsage();
return false;
+ }
+ else if(str == "-v" || str == "--version") {
+ printVersion();
+ return false;
+ }
#if defined(ANYTUN_OPTIONS) || defined(ANYCTR_OPTIONS)
- #ifndef NO_DAEMON
+ #ifndef _MSC_VER
PARSE_INVERSE_BOOL_PARAM("-D","--nodaemonize", daemonize_, NOTHING)
PARSE_SCALAR_PARAM("-u","--username", username_, NOTHING)
PARSE_SCALAR_PARAM("-g","--groupname", groupname_, NOTHING)
#endif
PARSE_STRING_LIST("-L","--log", log_targets_, NOTHING)
+ PARSE_BOOL_PARAM("-U","--debug", debug_, NOTHING)
#if defined(ANYCTR_OPTIONS)
PARSE_SCALAR_PARAM("-d","--dev", dev_name_, NOTHING)
PARSE_SCALAR_PARAM("-t","--type", dev_type_, NOTHING)
PARSE_SCALAR_PARAM("-n","--ifconfig", ifconfig_param_, NOTHING)
- #ifndef NO_EXEC
PARSE_SCALAR_PARAM("-x","--post-up-script", post_up_script_, NOTHING)
- #endif
#endif
#if defined(ANYTUN_OPTIONS) || defined(ANYCONF_OPTIONS)
throw syntax_error("unknown role name: " + role, -1);
}
+ if(debug_) {
+ log_targets_.push_back("stdout:5");
+ daemonize_ = false;
+ }
+
+ if(log_targets_.empty()) {
+#ifndef _MSC_VER
+ #if !defined(ANYCONF_OPTIONS)
+ log_targets_.push_back(std::string("syslog:3,").append(progname_).append(",daemon"));
+ #else
+ log_targets_.push_back("stderr:2");
+ #endif
+#else
+ #ifdef WIN_SERVICE
+ log_targets_.push_back(std::string("eventlog:3,").append(progname_));
+ #else
+ log_targets_.push_back("stdout:3");
+ #endif
+#endif
+ }
+
return true;
}
dev_type_ = "tun";
}
+void Options::printVersion()
+{
+#if defined(ANYCTR_OPTIONS)
+ std::cout << "anytun-controld";
+#elif defined(ANYCONF_OPTIONS)
+ std::cout << "anytun-config";
+#else
+ std::cout << "anytun";
+#endif
+ std::cout << VERSION_STRING_0 << std::endl;
+ std::cout << VERSION_STRING_1 << std::endl;
+}
+
void Options::printUsage()
{
std::cout << "USAGE:" << std::endl;
#endif
std::cout << " [-h|--help] prints this..." << std::endl;
+ std::cout << " [-v|--version] print version info and exit" << std::endl;
#if defined(ANYTUN_OPTIONS) || defined(ANYCTR_OPTIONS)
- #ifndef NO_DAEMON
+ #ifndef _MSC_VER
std::cout << " [-D|--nodaemonize] don't run in background" << std::endl;
std::cout << " [-u|--username] <username> change to this user" << std::endl;
std::cout << " [-g|--groupname] <groupname> change to this group" << std::endl;
std::cout << " [-L|--log] <target>:<level>[,<param1>[,<param2>..]]" << std::endl;
std::cout << " add a log target, can be invoked several times" << std::endl;
+ std::cout << " i.e.: stdout:5" << std::endl;
+ std::cout << " [-U|--debug] don't daemonize and log to stdout with maximum log level" << std::endl;
#if defined(ANYCTR_OPTIONS)
std::cout << " [-d|--dev] <name> device name" << std::endl;
std::cout << " [-t|--type] <tun|tap> device type" << std::endl;
std::cout << " [-n|--ifconfig] <local>/<prefix> the local address for the tun/tap device and the used prefix length" << std::endl;
- #ifndef NO_EXEC
std::cout << " [-x|--post-up-script] <script> script gets called after interface is created" << std::endl;
- #endif
#endif
#if defined(ANYTUN_OPTIONS) || defined(ANYCONF_OPTIONS)
StringList::const_iterator lit = log_targets_.begin();
for(; lit != log_targets_.end(); ++lit)
std::cout << " '" << *lit << "',";
- std::cout << std::endl << std::endl;
+ std::cout << std::endl;
+ std::cout << "debug = " << debug_ << std::endl;
+ std::cout << std::endl;
std::cout << "file_name = '" << file_name_ << "'" << std::endl;
std::cout << "bind_to.addr = '" << bind_to_.addr << "'" << std::endl;
std::cout << "bind_to.port = '" << bind_to_.port << "'" << std::endl;
}
-
StringList Options::getLogTargets()
{
ReadersLock lock(mutex);
return log_targets_;
}
+bool Options::getDebug()
+{
+ ReadersLock lock(mutex);
+ return debug_;
+}
+
+Options& Options::setDebug(bool d)
+{
+ WritersLock lock(mutex);
+ debug_ = d;
+ return *this;
+}
std::string Options::getFileName()
bool parse(int argc, char* argv[]);
void parse_post();
+ void printVersion();
void printUsage();
void printOptions();
Options& setPidFile(std::string p);
StringList getLogTargets();
+ bool getDebug();
+ Options& setDebug(bool d);
std::string getFileName();
Options& setFileName(std::string f);
std::string pid_file_;
StringList log_targets_;
+ bool debug_;
std::string file_name_;
OptionHost bind_to_;
#include <boost/asio.hpp>
#include <boost/bind.hpp>
+#include <boost/thread.hpp>
#include "datatypes.h"
#include "packetSource.h"
#include "resolver.h"
#include "options.h"
#include "signalController.h"
+#include "anytunError.h"
void PacketSource::waitUntilReady()
{
ready_sem_.down();
}
-UDPPacketSource::UDPPacketSource(std::string localaddr, std::string port) : sock_(io_service_)
+UDPPacketSource::UDPPacketSource(std::string localaddr, std::string port)
{
gResolver.resolveUdp(localaddr, port, boost::bind(&UDPPacketSource::onResolve, this, _1), boost::bind(&UDPPacketSource::onError, this, _1), gOpt.getResolvAddrType());
}
-void UDPPacketSource::onResolve(const boost::asio::ip::udp::endpoint& e)
+UDPPacketSource::~UDPPacketSource()
{
- cLog.msg(Log::PRIO_NOTICE) << "opening socket: " << e;
- sock_.open(e.protocol());
- sock_.bind(e);
+ std::list<SocketsElement>::iterator it = sockets_.begin();
+ for(;it != sockets_.end(); ++it) {
+/// this might be a needed by the receiver thread, TODO cleanup
+// delete[](it->buf_);
+// delete(it->sem_);
+// delete(it->sock_);
+ }
+}
+
+void UDPPacketSource::onResolve(PacketSourceResolverIt& it)
+{
+ while(it != PacketSourceResolverIt()) {
+ PacketSourceEndpoint e = *it;
+ cLog.msg(Log::PRIO_NOTICE) << "opening socket: " << e;
+
+ SocketsElement sock;
+ sock.buf_ = NULL;
+ sock.len_ = 0;
+ sock.sem_ = NULL;
+ sock.sock_ = new proto::socket(io_service_);
+ if(!sock.sock_)
+ AnytunError::throwErr() << "memory error";
+
+ sock.sock_->open(e.protocol());
+#ifndef _MSC_VER
+ if(e.protocol() == proto::v6())
+ sock.sock_->set_option(boost::asio::ip::v6_only(true));
+#endif
+ sock.sock_->bind(e);
+ sockets_.push_back(sock);
+
+ it++;
+ }
+
+ // prepare multi-socket recv
+ if(sockets_.size() > 1) {
+ std::list<SocketsElement>::iterator it = sockets_.begin();
+ for(;it != sockets_.end(); ++it) {
+ it->len_ = MAX_PACKET_LENGTH;
+ it->buf_ = new u_int8_t[it->len_];
+ if(!it->buf_)
+ AnytunError::throwErr() << "memory error";
+
+ it->sem_ = new Semaphore();
+ if(!it->sem_) {
+ delete[](it->buf_);
+ AnytunError::throwErr() << "memory error";
+ }
+
+ boost::thread(boost::bind(&UDPPacketSource::recv_thread, this, it));
+ it->sem_->up();
+ }
+
+ }
+
ready_sem_.up();
}
gSignalController.inject(SIGERROR, e.what());
}
+void UDPPacketSource::recv_thread(std::list<SocketsElement>::iterator it)
+{
+ cLog.msg(Log::PRIO_INFO) << "started receiver thread for " << it->sock_->local_endpoint();
+
+ ThreadResult result;
+ result.it_ = it;
+ for(;;) {
+ it->sem_->down();
+ result.len_ = static_cast<u_int32_t>(it->sock_->receive_from(boost::asio::buffer(it->buf_, it->len_), result.remote_));
+ {
+ Lock lock(thread_result_mutex_);
+ thread_result_queue_.push(result);
+ }
+ thread_result_sem_.up();
+ }
+}
+
u_int32_t UDPPacketSource::recv(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint& remote)
{
- return static_cast<u_int32_t>(sock_.receive_from(boost::asio::buffer(buf, len), remote));
+ if(sockets_.size() == 1)
+ return static_cast<u_int32_t>(sockets_.front().sock_->receive_from(boost::asio::buffer(buf, len), remote));
+
+ thread_result_sem_.down();
+ ThreadResult result;
+ {
+ Lock lock(thread_result_mutex_);
+ result = thread_result_queue_.front();
+ thread_result_queue_.pop();
+ }
+ remote = result.remote_;
+ std::memcpy(buf, result.it_->buf_, (len < result.len_) ? len : result.len_);
+ len = (len < result.len_) ? len : result.len_;
+ result.it_->sem_->up();
+
+ return len;
}
void UDPPacketSource::send(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint remote)
{
- sock_.send_to(boost::asio::buffer(buf, len), remote);
+ std::list<SocketsElement>::iterator it = sockets_.begin();
+ for(;it != sockets_.end(); ++it) {
+ if(it->sock_->local_endpoint().protocol() == remote.protocol()) {
+ it->sock_->send_to(boost::asio::buffer(buf, len), remote);
+ return;
+ }
+ }
+ cLog.msg(Log::PRIO_WARNING) << "no suitable socket found for remote endpoint protocol: " << remote;
}
#define ANYTUN_packetSource_h_INCLUDED
#include <boost/asio.hpp>
+#include <boost/thread.hpp>
+#include <list>
+#include <queue>
#include "datatypes.h"
#include "threadUtils.hpp"
// TODO: fix this when other packetSource types are introduced
typedef boost::asio::ip::udp::endpoint PacketSourceEndpoint;
+typedef boost::asio::ip::udp::resolver::iterator PacketSourceResolverIt;
class PacketSource
{
typedef boost::asio::ip::udp proto;
UDPPacketSource(std::string localaddr, std::string port);
+ ~UDPPacketSource();
u_int32_t recv(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint& remote);
void send(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint remote);
- void onResolve(const boost::asio::ip::udp::endpoint& e);
+ void onResolve(PacketSourceResolverIt& it);
void onError(const std::runtime_error& e);
private:
-
boost::asio::io_service io_service_;
- proto::socket sock_;
+
+ typedef struct {
+ u_int8_t* buf_;
+ u_int32_t len_;
+ proto::socket* sock_;
+ Semaphore* sem_;
+ } SocketsElement;
+ std::list<SocketsElement> sockets_;
+
+ void recv_thread(std::list<SocketsElement>::iterator it);
+ typedef struct {
+ u_int32_t len_;
+ PacketSourceEndpoint remote_;
+ std::list<SocketsElement>::iterator it_;
+ } ThreadResult;
+ std::queue<ThreadResult> thread_result_queue_;
+ Mutex thread_result_mutex_;
+ Semaphore thread_result_sem_;
};
#endif
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <poll.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <grp.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "daemonService.h"
+#include "log.h"
+#include "options.h"
+#include "anytunError.h"
+
+DaemonService::DaemonService() : pw_(NULL), gr_(NULL), daemonized_(false)
+{
+}
+
+void DaemonService::initPrivs(std::string const& username, std::string const& groupname)
+{
+ if(username == "")
+ return;
+
+ pw_ = getpwnam(username.c_str());
+ if(!pw_)
+ AnytunError::throwErr() << "unknown user " << username;
+
+ if(groupname != "")
+ gr_ = getgrnam(groupname.c_str());
+ else
+ gr_ = getgrgid(pw_->pw_gid);
+
+ if(!gr_)
+ AnytunError::throwErr() << "unknown group " << groupname;
+}
+
+void DaemonService::dropPrivs()
+{
+ if(!pw_ || !gr_)
+ return;
+
+ if(setgid(gr_->gr_gid))
+ AnytunError::throwErr() << "setgid('" << gr_->gr_name << "') failed: " << AnytunErrno(errno);
+
+ gid_t gr_list[1];
+ gr_list[0] = gr_->gr_gid;
+ if(setgroups (1, gr_list))
+ AnytunError::throwErr() << "setgroups(['" << gr_->gr_name << "']) failed: " << AnytunErrno(errno);
+
+ if(setuid(pw_->pw_uid))
+ AnytunError::throwErr() << "setuid('" << pw_->pw_name << "') failed: " << AnytunErrno(errno);
+
+ cLog.msg(Log::PRIO_NOTICE) << "dropped privileges to " << pw_->pw_name << ":" << gr_->gr_name;
+}
+
+void DaemonService::chroot(std::string const& chrootdir)
+{
+ if (getuid() != 0)
+ AnytunError::throwErr() << "this program has to be run as root in order to run in a chroot";
+
+ if(::chroot(chrootdir.c_str()))
+ AnytunError::throwErr() << "can't chroot to " << chrootdir;
+
+ cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
+ if(chdir("/"))
+ AnytunError::throwErr() << "can't change to /";
+}
+
+/// TODO: this outstandignly ugly please and i really can't stress the please fix it asap!!!!!!!
+
+std::ofstream pidFile; // FIXXXME no global variable
+
+void DaemonService::daemonize()
+{
+// std::ofstream pidFile;
+ if(gOpt.getPidFile() != "") {
+ pidFile.open(gOpt.getPidFile().c_str());
+ if(!pidFile.is_open())
+ AnytunError::throwErr() << "can't open pid file (" << gOpt.getPidFile() << "): " << AnytunErrno(errno);
+ }
+
+ pid_t pid;
+
+ pid = fork();
+ if(pid < 0)
+ AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
+
+ if(pid) exit(0);
+
+ umask(0);
+
+ if(setsid() < 0)
+ AnytunError::throwErr() << "daemonizing failed at setsid(): " << AnytunErrno(errno) << ", exitting";
+
+ pid = fork();
+ if(pid < 0)
+ AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
+
+ if(pid) exit(0);
+
+ if ((chdir("/")) < 0)
+ AnytunError::throwErr() << "daemonizing failed at chdir(): " << AnytunErrno(errno) << ", exitting";
+
+// std::cout << "running in background now..." << std::endl;
+
+ int fd;
+// for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
+ for (fd=0;fd<=2;fd++) // close all file descriptors
+ close(fd);
+ fd = open("/dev/null",O_RDWR); // stdin
+ if(fd == -1)
+ cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdin";
+ else {
+ if(dup(fd) == -1) // stdout
+ cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdout";
+ if(dup(fd) == -1) // stderr
+ cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stderr";
+ }
+
+// FIXXXXME: write this pid to file (currently pid from posix/signhandler.hpp:77 is used)
+//
+// if(pidFile.is_open()) {
+// pid_t pid = getpid();
+// pidFile << pid;
+// pidFile.close();
+// }
+
+ daemonized_ = true;
+}
+
+bool DaemonService::isDaemonized()
+{
+ return daemonized_;
+}
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_posixDaemon_h_INCLUDED
+#define ANYTUN_posixDaemon_h_INCLUDED
+
+#include <string>
+
+class DaemonService
+{
+public:
+ DaemonService();
+
+ void initPrivs(std::string const& username, std::string const& groupname);
+ void dropPrivs();
+ void chroot(std::string const& dir);
+ void daemonize();
+ bool isDaemonized();
+
+private:
+ struct passwd* pw_;
+ struct group* gr_;
+ bool daemonized_;
+};
+
+#endif
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_signalHandler_hpp_INCLUDED
+#define ANYTUN_signalHandler_hpp_INCLUDED
+
+#include <csignal>
+#include <boost/thread.hpp>
+#include <boost/bind.hpp>
+
+int SigIntHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "SIG-Int caught, exiting";
+ return 1;
+}
+
+int SigQuitHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "SIG-Quit caught, exiting";
+ return 1;
+}
+
+int SigHupHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "SIG-Hup caught";
+ return 0;
+}
+
+int SigTermHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "SIG-Term caught, exiting";
+ return 1;
+}
+
+int SigUsr1Handler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr1 caught";
+ return 0;
+}
+
+int SigUsr2Handler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr2 caught";
+ return 0;
+}
+
+/// TODO: this outstandignly ugly please and i really can't stress the please fix it asap!!!!!!!
+extern std::ofstream pidFile;
+
+void handleSignal()
+{
+ if(pidFile.is_open()) {
+ pid_t pid = getpid();
+ pidFile << pid;
+ pidFile.close();
+ }
+
+ struct timespec timeout;
+ sigset_t signal_set;
+ int sigNum;
+ while(1) {
+ sigemptyset(&signal_set);
+ sigaddset(&signal_set, SIGINT);
+ sigaddset(&signal_set, SIGQUIT);
+ sigaddset(&signal_set, SIGHUP);
+ sigaddset(&signal_set, SIGTERM);
+ sigaddset(&signal_set, SIGUSR1);
+ sigaddset(&signal_set, SIGUSR2);
+ timeout.tv_sec = 1;
+ timeout.tv_nsec = 0;
+ sigNum = sigtimedwait(&signal_set, NULL, &timeout);
+ if (sigNum == -1) {
+ if (errno != EINTR && errno != EAGAIN) {
+ cLog.msg(Log::PRIO_ERROR) << "sigwait failed with error: \"" << AnytunErrno(errno) << "\" SignalHandling will be disabled";
+ break;
+ }
+ } else {
+ gSignalController.inject(sigNum);
+ }
+ }
+}
+
+void registerSignalHandler(SignalController& ctrl, DaemonService& /*service*/)
+{
+ sigset_t signal_set;
+
+ sigemptyset(&signal_set);
+ sigaddset(&signal_set, SIGINT);
+ sigaddset(&signal_set, SIGQUIT);
+ sigaddset(&signal_set, SIGHUP);
+ sigaddset(&signal_set, SIGTERM);
+ sigaddset(&signal_set, SIGUSR1);
+ sigaddset(&signal_set, SIGUSR2);
+
+#if defined(BOOST_HAS_PTHREADS)
+ pthread_sigmask(SIG_BLOCK, &signal_set, NULL);
+#else
+#error The signalhandler works only with pthreads
+#endif
+
+ boost::thread(boost::bind(handleSignal));
+
+ ctrl.handler[SIGINT] = boost::bind(SigIntHandler, _1, _2);
+ ctrl.handler[SIGQUIT] = boost::bind(SigQuitHandler, _1, _2);
+ ctrl.handler[SIGHUP] = boost::bind(SigHupHandler, _1, _2);
+ ctrl.handler[SIGTERM] = boost::bind(SigTermHandler, _1, _2);
+ ctrl.handler[SIGUSR1] = boost::bind(SigUsr1Handler, _1, _2);
+ ctrl.handler[SIGUSR2] = boost::bind(SigUsr2Handler, _1, _2);
+
+ cLog.msg(Log::PRIO_DEBUG) << "signal handlers are now registered";
+}
+
+#endif
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+#pragma once
+#ifndef ANYTUN_sysexec_hpp_INCLUDED
+#define ANYTUN_sysexec_hpp_INCLUDED
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <stdlib.h>
+#include <string.h>
+#include <cstring>
+
+SysExec::~SysExec()
+{
+ if(!closed_)
+ close(pipefd_);
+}
+
+
+template<class T>
+char** dupSysStringArray(T const& array)
+{
+ char** new_array;
+ new_array = static_cast<char**>(malloc((array.size() + 1)*sizeof(char*)));
+ if(!new_array)
+ return NULL;
+
+ unsigned int i = 0;
+ for(typename T::const_iterator it = array.begin(); it != array.end(); ++it) {
+ new_array[i] = strdup(it->c_str());
+ if(!new_array) {
+ while(i--)
+ free(new_array[i]);
+ free(new_array);
+ return NULL;
+ }
+ ++i;
+ }
+ new_array[array.size()] = NULL;
+ return new_array;
+}
+
+void freeSysStringArray(char** array)
+{
+ if(!array)
+ return;
+
+ for(int i=0; array[i] ; ++i)
+ free(array[i]);
+
+ free(array);
+}
+
+void SysExec::doExec(StringVector args, StringList env)
+{
+ int pipefd[2];
+ if(pipe(pipefd) == -1) {
+ cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "' pipe() error: " << AnytunErrno(errno);
+ return;
+ }
+
+ pid_ = fork();
+ if(pid_ == -1) {
+ cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "' fork() error: " << AnytunErrno(errno);
+ return;
+ }
+
+ if(pid_) {
+ close(pipefd[1]);
+ pipefd_=pipefd[0];
+ // parent exits here, call waitForScript to cleanup up zombie
+ return;
+ }
+ // child code, exec the script
+ int fd;
+ for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
+ if(fd != pipefd[1]) close(fd);
+
+ fd = open("/dev/null",O_RDWR); // stdin
+ if(fd == -1)
+ cLog.msg(Log::PRIO_WARNING) << "can't open stdin";
+ else {
+ if(dup(fd) == -1) // stdout
+ cLog.msg(Log::PRIO_WARNING) << "can't open stdout";
+ if(dup(fd) == -1) // stderr
+ cLog.msg(Log::PRIO_WARNING) << "can't open stderr";
+ }
+
+ args.insert(args.begin(), script_);
+ char** argv = dupSysStringArray(args);
+ char** evp = dupSysStringArray(env);
+
+ execve(script_.c_str(), argv, evp);
+ // if execve returns, an error occurred, but logging doesn't work
+ // because we closed all file descriptors, so just write errno to
+ // pipe and call exit
+
+ freeSysStringArray(argv);
+ freeSysStringArray(evp);
+
+ int err = errno;
+ int ret = write(pipefd[1], (void*)(&err), sizeof(err));
+ if(ret != sizeof(errno))
+ exit(-2);
+ exit(-1);
+}
+
+int SysExec::waitForScript()
+{
+ int status = 0;
+ waitpid(pid_, &status, 0);
+
+ fd_set rfds;
+ FD_ZERO(&rfds);
+ FD_SET(pipefd_, &rfds);
+ struct timeval tv = { 0 , 0 };
+ if(select(pipefd_+1, &rfds, NULL, NULL, &tv) == 1) {
+ int err = 0;
+ if(read(pipefd_, (void*)(&err), sizeof(err)) >= static_cast<int>(sizeof(err))) {
+ cLog.msg(Log::PRIO_ERROR) << "script '" << script_ << "' exec() error: " << AnytunErrno(err);
+ close(pipefd_);
+ return_code_ = -1;
+ return return_code_;
+ }
+ }
+
+ close(pipefd_);
+ closed_ = true;
+ return_code_ = status;
+
+ return return_code_;
+}
+
+void SysExec::waitAndDestroy(SysExec*& s)
+{
+ if(!s)
+ return;
+
+ s->waitForScript();
+ if(WIFEXITED(s->return_code_))
+ cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' returned " << WEXITSTATUS(s->return_code_);
+ else if(WIFSIGNALED(s->return_code_))
+ cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' terminated after signal " << WTERMSIG(s->return_code_);
+ else if(WIFSTOPPED(s->return_code_))
+ cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' stopped after signal " << WSTOPSIG(s->return_code_);
+ else if(WIFCONTINUED(s->return_code_))
+ cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' continued after SIGCONT";
+
+ delete(s);
+ s = NULL;
+}
+
+#endif // ANYTUN_sysexec_hpp_INCLUDED
using ::boost::asio::ip::tcp;
template<class Proto>
-void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_
endpoint<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
+void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_
resolver_iterator<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
{
cLog.msg(Log::PRIO_ERROR) << "the resolver only supports udp and tcp";
}
template<>
-void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_endpoint<udp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
+void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_resolver_iterator<udp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
{
boost::this_thread::sleep(boost::posix_time::milliseconds(s * 1000));
gResolver.resolveUdp(addr, port, onResolve, onError, r);
}
template<>
-void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_endpoint<tcp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
+void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_resolver_iterator<tcp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
{
boost::this_thread::sleep(boost::posix_time::milliseconds(s * 1000));
gResolver.resolveTcp(addr, port, onResolve, onError, r);
template<class Proto>
-ResolveHandler<Proto>::ResolveHandler(const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_
endpoint<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r) : addr_(addr), port_(port), onResolve_(onResolve), onError_(onError), resolv_addr_type_(r)
+ResolveHandler<Proto>::ResolveHandler(const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_
resolver_iterator<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r) : addr_(addr), port_(port), onResolve_(onResolve), onError_(onError), resolv_addr_type_(r)
{
}
template<class Proto>
-void ResolveHandler<Proto>::operator()(const boost::system::error_code& e,
const boost::asio::ip::basic_resolver_iterator<Proto> endpointIt)
+void ResolveHandler<Proto>::operator()(const boost::system::error_code& e, boost::asio::ip::basic_resolver_iterator<Proto> endpointIt)
{
if(boost::system::posix_error::success == e) {
try {
- onResolve_(*endpointIt);
+ onResolve_(endpointIt);
}
catch(const std::runtime_error& e)
{
#include "datatypes.h"
#include "threadUtils.hpp"
-typedef boost::function<void (boost::asio::ip::udp::endpoint)> UdpResolveCallback;
-typedef boost::function<void (boost::asio::ip::tcp::endpoint)> TcpResolveCallback;
+typedef boost::function<void (boost::asio::ip::udp::resolver::iterator)> UdpResolveCallback;
+typedef boost::function<void (boost::asio::ip::tcp::resolver::iterator)> TcpResolveCallback;
typedef boost::function<void (std::runtime_error const&)> ErrorCallback;
template<class Proto>
class ResolveHandler
{
public:
- ResolveHandler(const std::string& addr, const std::string& port, boost::function<void (boost::asio::ip::basic_
endpoint<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r = ANY);
- void operator()(const boost::system::error_code& e,
const boost::asio::ip::basic_resolver_iterator<Proto>);
+ ResolveHandler(const std::string& addr, const std::string& port, boost::function<void (boost::asio::ip::basic_
resolver_iterator<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r = ANY);
+ void operator()(const boost::system::error_code& e, boost::asio::ip::basic_resolver_iterator<Proto>);
private:
std::string addr_;
std::string port_;
- boost::function<void (
boost::asio::ip::basic_endpoint<Proto>)> onResolve_;
+ boost::function<void (
const boost::asio::ip::basic_resolver_iterator<Proto>)> onResolve_;
ErrorCallback onError_;
ResolvAddrType resolv_addr_type_;
};
#include <map>
#include <iostream>
+#include <boost/bind.hpp>
#include "signalController.h"
#include "log.h"
#include "anytunError.h"
#include "threadUtils.hpp"
-#ifndef _MSC_VER
-#include <csignal>
-#include <boost/bind.hpp>
-#else
-#include <windows.h>
-#endif
-
SignalController* SignalController::inst = NULL;
Mutex SignalController::instMutex;
SignalController& gSignalController = SignalController::instance();
return *inst;
}
-int SigErrorHandler::handle(const std::string& msg)
+int SigErrorHandler(int /*sig*/, const std::string& msg)
{
AnytunError::throwErr() << msg;
return 0;
}
+//use system specific signal handler
#ifndef _MSC_VER
-
-int SigIntHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "SIG-Int caught, exiting";
-
- return 1;
-}
-
-int SigQuitHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "SIG-Quit caught, exiting";
-
- return 1;
-}
-
-int SigHupHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "SIG-Hup caught";
-
- return 0;
-}
-
-int SigTermHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "SIG-Term caughtm, exiting";
-
- return 1;
-}
-
-int SigUsr1Handler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr1 caught";
-
- return 0;
-}
-
-int SigUsr2Handler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr2 caught";
-
- return 0;
-}
-#else
-int CtrlCHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "CTRL-C Event received, exitting";
-
- return 1;
-}
-
-int CtrlBreakHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "CTRL-Break Event received, ignoring";
-
- return 0;
-}
-
-int CtrlCloseHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "Close Event received, exitting";
-
- return 1;
-}
-
-int CtrlLogoffHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "LogOff Event received, exitting";
-
- return 1;
-}
-
-int CtrlShutdownHandler::handle()
-{
- cLog.msg(Log::PRIO_NOTICE) << "Shutdown Event received, exitting";
-
- return 1;
-}
-#endif
-
-SignalController::~SignalController()
-{
- for(HandlerMap::iterator it = handler.begin(); it != handler.end(); ++it)
- delete it->second;
-}
-
-#ifndef _MSC_VER
-void SignalController::handle()
-{
- sigset_t signal_set;
- int sigNum;
-
- while(1)
- {
- sigfillset(&signal_set);
- sigwait(&signal_set, &sigNum);
- inject(sigNum);
- }
-}
+#include "signalHandler.hpp"
#else
-bool SignalController::handle(DWORD ctrlType)
-{
- gSignalController.inject(ctrlType);
- return true;
-}
+ #ifdef WIN_SERVICE
+ #include "win32/signalServiceHandler.hpp"
+ #else
+ #include "win32/signalHandler.hpp"
+ #endif
#endif
-void SignalController::init()
+void SignalController::init(DaemonService& service)
{
-#ifndef _MSC_VER
- sigset_t signal_set;
-
- sigfillset(&signal_set);
- sigdelset(&signal_set, SIGCHLD);
- sigdelset(&signal_set, SIGSEGV);
- sigdelset(&signal_set, SIGBUS);
- sigdelset(&signal_set, SIGFPE);
-
-#if defined(BOOST_HAS_PTHREADS)
- pthread_sigmask(SIG_BLOCK, &signal_set, NULL);
-#else
-#error The signalhandler works only with pthreads
-#endif
-
- boost::thread(boost::bind(&SignalController::handle, this));
-
- handler[SIGINT] = new SigIntHandler;
- handler[SIGQUIT] = new SigQuitHandler;
- handler[SIGHUP] = new SigHupHandler;
- handler[SIGTERM] = new SigTermHandler;
- handler[SIGUSR1] = new SigUsr1Handler;
- handler[SIGUSR2] = new SigUsr2Handler;
-#else
- if(!SetConsoleCtrlHandler((PHANDLER_ROUTINE)SignalController::handle, true))
- AnytunError::throwErr() << "Error on SetConsoleCtrlhandler: " << AnytunErrno(GetLastError());
-
- handler[CTRL_C_EVENT] = new CtrlCHandler;
- handler[CTRL_BREAK_EVENT] = new CtrlBreakHandler;
- handler[CTRL_CLOSE_EVENT] = new CtrlCloseHandler;
- handler[CTRL_LOGOFF_EVENT] = new CtrlLogoffHandler;
- handler[CTRL_SHUTDOWN_EVENT] = new CtrlShutdownHandler;
-#endif
-
- handler[SIGERROR] = new SigErrorHandler;
+ registerSignalHandler(*this, service);
+ handler[SIGERROR] = boost::bind(SigErrorHandler, _1, _2);
}
void SignalController::inject(int sig, const std::string& msg)
int SignalController::run()
{
+ for(CallbackMap::iterator it = callbacks.begin(); it != callbacks.end(); ++it)
+ if(it->first == CALLB_RUNNING)
+ it->second();
+
+ int ret = 0;
while(1) {
sigQueueSem.down();
SigPair sig;
HandlerMap::iterator it = handler.find(sig.first);
if(it != handler.end())
{
- int ret;
- if(sig.second == "")
- ret = it->second->handle();
- else
- ret = it->second->handle(sig.second);
+ ret = it->second(sig.first, sig.second);
if(ret)
- return ret;
+ break;
+ }
+ else {
+ it = handler.find(SIGUNKNOWN);
+ if(it != handler.end())
+ it->second(sig.first, sig.second);
+ else
+ cLog.msg(Log::PRIO_NOTICE) << "SIG " << sig.first << " caught with message '" << sig.second << "' - ignoring";
}
- else
- cLog.msg(Log::PRIO_NOTICE) << "SIG " << sig.first << " caught with message '" << sig.second << "' - ignoring";
}
- return 0;
+
+ for(CallbackMap::iterator it = callbacks.begin(); it != callbacks.end(); ++it)
+ if(it->first == CALLB_STOPPING)
+ it->second();
+
+ return ret;
}
#include <map>
#include <queue>
+#include <boost/function.hpp>
#include "threadUtils.hpp"
-#ifndef _MSC_VER
-#include <csignal>
+#ifdef WIN_SERVICE
+//#include "win32/winService.h"
+class WinService;
+typedef WinService DaemonService;
+#else
+class DaemonService;
#endif
#define SIGERROR -1
+#define SIGUNKNOWN -2
-class SignalHandler
-{
-public:
- virtual ~SignalHandler() {}
-
- virtual int handle() { return 0; }
- virtual int handle(const std::string& msg) { return 0; }
-
-protected:
- SignalHandler(int s) : sigNum(s) {}
-
-private:
- int sigNum;
- friend class SignalController;
-};
-
-class SigErrorHandler : public SignalHandler
-{
-public:
- SigErrorHandler() : SignalHandler(SIGERROR) {}
- int handle(const std::string& msg);
-};
-
-#ifndef _MSC_VER
-class SigIntHandler : public SignalHandler
-{
-public:
- SigIntHandler() : SignalHandler(SIGINT) {}
- int handle();
-};
-
-class SigQuitHandler : public SignalHandler
-{
-public:
- SigQuitHandler() : SignalHandler(SIGQUIT) {}
- int handle();
-};
-
-class SigHupHandler : public SignalHandler
-{
-public:
- SigHupHandler() : SignalHandler(SIGHUP) {}
- int handle();
-};
-
-class SigUsr1Handler : public SignalHandler
-{
-public:
- SigUsr1Handler() : SignalHandler(SIGUSR1) {}
- int handle();
-};
-
-class SigUsr2Handler : public SignalHandler
-{
-public:
- SigUsr2Handler() : SignalHandler(SIGUSR2) {}
- int handle();
-};
-
-class SigTermHandler : public SignalHandler
-{
-public:
- SigTermHandler() : SignalHandler(SIGTERM) {}
- int handle();
-};
-
-#else
-
-class CtrlCHandler : public SignalHandler
-{
-public:
- CtrlCHandler() : SignalHandler(CTRL_C_EVENT) {}
- int handle();
-};
-
-class CtrlBreakHandler : public SignalHandler
-{
-public:
- CtrlBreakHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
- int handle();
-};
-
-class CtrlCloseHandler : public SignalHandler
-{
-public:
- CtrlCloseHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
- int handle();
-};
-
-class CtrlLogoffHandler : public SignalHandler
-{
-public:
- CtrlLogoffHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
- int handle();
-};
-
-class CtrlShutdownHandler : public SignalHandler
-{
-public:
- CtrlShutdownHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
- int handle();
-};
-#endif
+typedef boost::function<int (int, std::string const&)> SignalHandler;
+typedef enum { CALLB_RUNNING, CALLB_STOPPING } CallbackType;
+typedef boost::function<void ()> ServiceCallback;
class SignalController
{
public:
static SignalController& instance();
-#ifndef _MSC_VER
- void handle();
-#else
- static bool handle(DWORD ctrlType);
-#endif
- void init();
+ void init(DaemonService& service);
int run();
void inject(int sig, const std::string& msg = "");
private:
- typedef std::map<int, SignalHandler*> HandlerMap;
-
SignalController() {};
- ~SignalController();
+ ~SignalController() {};
SignalController(const SignalController &s);
void operator=(const SignalController &s);
Mutex sigQueueMutex;
Semaphore sigQueueSem;
+ typedef std::map<int, SignalHandler> HandlerMap;
HandlerMap handler;
+ typedef std::map<CallbackType, ServiceCallback> CallbackMap;
+ CallbackMap callbacks;
+
+ friend void registerSignalHandler(SignalController& ctrl, DaemonService& service);
};
extern SignalController& gSignalController;
#include "syncServer.h"
#include "resolver.h"
#include "log.h"
+#include "anytunError.h"
//using asio::ip::tcp;
SyncServer::SyncServer(std::string localaddr, std::string port, ConnectCallback onConnect)
- : acceptor_(io_service_), onConnect_(onConnect)
+ : onConnect_(onConnect)
{
gResolver.resolveTcp(localaddr, port, boost::bind(&SyncServer::onResolve, this, _1), boost::bind(&SyncServer::onResolvError, this, _1));
}
-void SyncServer::onResolve(const SyncTcpConnection::proto::endpoint& e)
+SyncServer::~SyncServer()
{
- acceptor_.open(e.protocol());
- acceptor_.set_option(boost::asio::socket_base::reuse_address(true));
- acceptor_.bind(e);
- acceptor_.listen();
+ std::list<AcceptorsElement>::iterator it = acceptors_.begin();
+ for(;it != acceptors_.end(); ++it) {
+/// this might be a needed by a running thread, TODO cleanup
+// delete(it->acceptor_);
+ }
+}
+
+void SyncServer::onResolve(SyncTcpConnection::proto::resolver::iterator& it)
+{
+ while(it != SyncTcpConnection::proto::resolver::iterator()) {
+ SyncTcpConnection::proto::endpoint e = *it;
+
+ AcceptorsElement acceptor;
+ acceptor.acceptor_ = new SyncTcpConnection::proto::acceptor(io_service_);
+ if(!acceptor.acceptor_)
+ AnytunError::throwErr() << "memory error";
+
+ acceptor.acceptor_->open(e.protocol());
+#ifndef _MSC_VER
+ if(e.protocol() == boost::asio::ip::tcp::v6())
+ acceptor.acceptor_->set_option(boost::asio::ip::v6_only(true));
+#endif
+ acceptor.acceptor_->set_option(boost::asio::socket_base::reuse_address(true));
+ acceptor.acceptor_->bind(e);
+ acceptor.acceptor_->listen();
+ acceptor.started_ = false;
+
+ acceptors_.push_back(acceptor);
+
+ cLog.msg(Log::PRIO_NOTICE) << "sync server listening on " << e;
+
+ it++;
+ }
+
start_accept();
ready_sem_.up();
- cLog.msg(Log::PRIO_NOTICE) << "sync server listening on " << e;
}
void SyncServer::onResolvError(const std::runtime_error& e)
void SyncServer::start_accept()
{
Lock lock(mutex_);
- SyncTcpConnection::pointer new_connection = SyncTcpConnection::create(acceptor_.io_service());
- conns_.push_back(new_connection);
- acceptor_.async_accept(new_connection->socket(),
- boost::bind(&SyncServer::handle_accept, this, new_connection, boost::asio::placeholders::error));
+
+ std::list<AcceptorsElement>::iterator it = acceptors_.begin();
+ for(;it != acceptors_.end(); ++it) {
+ if(!it->started_) {
+ SyncTcpConnection::pointer new_connection = SyncTcpConnection::create(it->acceptor_->io_service());
+ conns_.push_back(new_connection);
+ it->acceptor_->async_accept(new_connection->socket(),
+ boost::bind(&SyncServer::handle_accept, this, new_connection, boost::asio::placeholders::error, it));
+ it->started_ = true;
+ }
+ }
}
-void SyncServer::handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error)
+void SyncServer::handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error, std::list<AcceptorsElement>::iterator it)
{
if (!error) {
+ cLog.msg(Log::PRIO_INFO) << "new sync client connected from " << new_connection->socket().remote_endpoint();
+
new_connection->onConnect = onConnect_;
new_connection->start();
+ it->started_ = false;
start_accept();
}
}
{
public:
SyncServer(std::string localaddr, std::string port, ConnectCallback onConnect);
- void onResolve(const SyncTcpConnection::proto::endpoint& e);
+ ~SyncServer();
+ void onResolve(SyncTcpConnection::proto::resolver::iterator& it);
void onResolvError(const std::runtime_error& e);
void run();
std::list<SyncTcpConnection::pointer> conns_;
private:
- void start_accept();
- void handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error);
-
Mutex mutex_; //Mutex for list conns_
boost::asio::io_service io_service_;
- SyncTcpConnection::proto::acceptor acceptor_;
+ typedef struct {
+ SyncTcpConnection::proto::acceptor* acceptor_;
+ bool started_;
+ } AcceptorsElement;
+ std::list<AcceptorsElement> acceptors_;
ConnectCallback onConnect_;
Semaphore ready_sem_;
+
+ void start_accept();
+ void handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error, std::list<AcceptorsElement>::iterator it);
};
#endif
void SyncTcpConnection::Send(std::string message)
{
- boost::asio::async_write(socket_, boost::asio::buffer(message),
- boost::bind(&SyncTcpConnection::handle_write, shared_from_this(),
- boost::asio::placeholders::error,
- boost::asio::placeholders::bytes_transferred));
+ boost::asio::async_write(socket_, boost::asio::buffer(message),
+ boost::bind(&SyncTcpConnection::handle_write, shared_from_this(),
+ boost::asio::placeholders::error,
+ boost::asio::placeholders::bytes_transferred));
}
SyncTcpConnection::SyncTcpConnection(boost::asio::io_service& io_service)
: socket_(io_service)
#include "log.h"
#include "anytunError.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/wait.h>
-#include <sys/select.h>
-#include <stdlib.h>
-#include <string.h>
-#include <cstring>
+//use system specific sys exec
+#ifndef _MSC_VER
+#include "sysExec.hpp"
+#else
+#include "win32/sysExec.hpp"
+#endif
-void anytun_exec(std::string const& script)
+
+SysExec::SysExec(std::string const& script) : script_(script),closed_(false),return_code_(0)
{
- anytun_exec(script, StringVector(), StringList());
+ doExec(StringVector(), StringList());
}
-void anytun_exec(std::string const& script, StringVector const& args)
+SysExec::SysExec(std::string const& script, StringVector args) : script_(script),closed_(false),return_code_(0)
{
- anytun_exec(script, args, StringList());
+ doExec(args, StringList());
}
-void anytun_exec(std::string const& script, StringList const& env)
+SysExec::SysExec(std::string const& script, StringList env) : script_(script),closed_(false),return_code_(0)
{
- anytun_exec(script, StringVector(), env);
+ doExec(StringVector(), env);
}
-void anytun_exec(std::string const& script, StringVector const& args, StringList const& env)
+SysExec::SysExec(std::string const& script, StringVector args, StringList env) : script_(script),closed_(false),return_code_(0)
{
- int pipefd[2];
- if(pipe(pipefd) == -1) {
- cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "' pipe() error: " << AnytunErrno(errno);
- return;
- }
-
- pid_t pid;
- pid = fork();
- if(pid == -1) {
- cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "' fork() error: " << AnytunErrno(errno);
- return;
- }
-
- if(pid) {
- close(pipefd[1]);
- boost::thread(boost::bind(waitForScript, script, pid, pipefd[0]));
- return;
- }
-
-// child code
- int fd;
- for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
- if(fd != pipefd[1]) close(fd);
-
- fd = open("/dev/null",O_RDWR); // stdin
- if(fd == -1)
- cLog.msg(Log::PRIO_WARNING) << "can't open stdin";
- else {
- if(dup(fd) == -1) // stdout
- cLog.msg(Log::PRIO_WARNING) << "can't open stdout";
- if(dup(fd) == -1) // stderr
- cLog.msg(Log::PRIO_WARNING) << "can't open stderr";
- }
-
- char** argv = new char*[args.size() + 2];
- argv[0] = new char[script.size() + 1];
- std::strcpy(argv[0], script.c_str());
- for(unsigned int i=0; i<args.size(); ++i) {
- argv[i+1] = new char[args[i].size() + 1];
- std::strcpy(argv[i+1], args[i].c_str());
- }
- argv[args.size() + 1] = NULL;
-
- char** evp;
- evp = new char*[env.size() + 1];
- unsigned int i = 0;
- for(StringList::const_iterator it = env.begin(); it != env.end(); ++it) {
- evp[i] = new char[it->size() + 1];
- std::strcpy(evp[i], it->c_str());
- ++i;
- }
- evp[env.size()] = NULL;
-
- execve(script.c_str(), argv, evp);
- // if execve returns, an error occurred, but logging doesn't work
- // because we closed all file descriptors, so just write errno to
- // pipe and call exit
- int err = errno;
- int ret = write(pipefd[1], (void*)(&err), sizeof(err));
- if(ret != sizeof(errno))
- exit(-2);
- exit(-1);
+ doExec(args, env);
}
-void waitForScript(std::string const& script, pid_t pid, int pipefd)
+int SysExec::getReturnCode() const
{
- int status = 0;
- waitpid(pid, &status, 0);
-
- fd_set rfds;
- FD_ZERO(&rfds);
- FD_SET(pipefd, &rfds);
- struct timeval tv = { 0 , 0 };
- if(select(pipefd+1, &rfds, NULL, NULL, &tv) == 1) {
- int err = 0;
- if(read(pipefd, (void*)(&err), sizeof(err)) >= static_cast<int>(sizeof(err))) {
- cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' exec() error: " << AnytunErrno(err);
- close(pipefd);
- return;
- }
- }
- if(WIFEXITED(status))
- cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' returned " << WEXITSTATUS(status);
- else if(WIFSIGNALED(status))
- cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' terminated after signal " << WTERMSIG(status);
- else
- cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "': unkown error";
-
- close(pipefd);
+ return return_code_;
}
#ifndef ANYTUN_sysExec_h_INCLUDED
#define ANYTUN_sysExec_h_INCLUDED
-#ifndef NO_EXEC
-
#include <vector>
#include <list>
#include <string>
typedef std::vector<std::string> StringVector;
typedef std::list<std::string> StringList;
-void anytun_exec(std::string const& script);
-void anytun_exec(std::string const& script, StringVector const& args);
-void anytun_exec(std::string const& script, StringList const& env);
-void anytun_exec(std::string const& script, StringVector const& args, StringList const& env);
-void waitForScript(std::string const& script, pid_t pid, int pipefd);
+class SysExec
+{
+ public:
+ SysExec(std::string const& script);
+ SysExec(std::string const& script, StringVector args);
+ SysExec(std::string const& script, StringList env);
+ SysExec(std::string const& script, StringVector args, StringList env);
+ ~SysExec();
+
+ int waitForScript();
+ int getReturnCode() const;
+
+ static void waitAndDestroy(SysExec*& s);
+ private:
+ void doExec(StringVector args, StringList env);
+
+ std::string script_;
+ bool closed_;
+#ifdef _MSC_VER
+ PROCESS_INFORMATION process_info_;
+ DWORD return_code_;
+#else
+ pid_t pid_;
+ int pipefd_;
+ int return_code_;
#endif
+
+
+};
+
#endif
#include "buffer.h"
#include "deviceConfig.hpp"
#include "threadUtils.hpp"
-
#ifdef _MSC_VER
#include <windows.h>
+#else
+#include "sysExec.h"
#endif
class TunDevice
const char* getActualName() const { return actual_name_.c_str(); }
const char* getActualNode() const { return actual_node_.c_str(); }
device_type_t getType() const { return conf_.type_; }
+ void waitUntilReady();
const char* getTypeString() const
{
#ifndef _MSC_VER
return "";
}
-
private:
void operator=(const TunDevice &src);
TunDevice(const TunDevice &src);
#endif
DeviceConfig conf_;
+#ifndef _MSC_VER
+ SysExec * sys_exec_;
+#endif
bool with_pi_;
std::string actual_name_;
std::string actual_node_;
--- /dev/null
+@echo off\r
+\r
+setlocal\r
+set /p VERSION=<..\version\r
+set OUTPUT_FILE=version.h\r
+\r
+echo /* > %OUTPUT_FILE%\r
+echo * anytun version info >> %OUTPUT_FILE%\r
+echo * >> %OUTPUT_FILE%\r
+echo * this file was created automatically >> %OUTPUT_FILE%\r
+echo * do not edit this file directly >> %OUTPUT_FILE%\r
+echo * use win32/make_version_h.bat instead >> %OUTPUT_FILE%\r
+echo */ >> %OUTPUT_FILE%\r
+echo. >> %OUTPUT_FILE%\r
+echo #ifndef ANYTUN_version_h_INCLUDED >> %OUTPUT_FILE%\r
+echo #define ANYTUN_version_h_INCLUDED >> %OUTPUT_FILE%\r
+echo. >> %OUTPUT_FILE%\r
+echo #define VERSION_STRING_0 " version %VERSION%" >> %OUTPUT_FILE%\r
+echo #define VERSION_STRING_1 "built on %COMPUTERNAME%, %DATE% %TIME%" >> %OUTPUT_FILE%\r
+echo. >> %OUTPUT_FILE%\r
+echo #endif >> %OUTPUT_FILE%\r
+\r
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_signalHandler_hpp_INCLUDED
+#define ANYTUN_signalHandler_hpp_INCLUDED
+
+#include <windows.h>
+
+int CtrlCHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "CTRL-C Event received, exitting";
+ return 1;
+}
+
+int CtrlBreakHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "CTRL-Break Event received, ignoring";
+ return 0;
+}
+
+int CtrlCloseHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "Close Event received, exitting";
+ return 1;
+}
+
+int CtrlLogoffHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "LogOff Event received, exitting";
+ return 1;
+}
+
+int CtrlShutdownHandler(int /*sig*/, const std::string& /*msg*/)
+{
+ cLog.msg(Log::PRIO_NOTICE) << "Shutdown Event received, exitting";
+ return 1;
+}
+
+bool handleSignal(DWORD ctrlType)
+{
+ gSignalController.inject(ctrlType);
+ return true;
+}
+
+void registerSignalHandler(SignalController& ctrl, DaemonService& /*service*/)
+{
+ if(!SetConsoleCtrlHandler((PHANDLER_ROUTINE)handleSignal, true))
+ AnytunError::throwErr() << "Error on SetConsoleCtrlhandler: " << AnytunErrno(GetLastError());
+
+ ctrl.handler[CTRL_C_EVENT] = boost::bind(CtrlCHandler, _1, _2);
+ ctrl.handler[CTRL_BREAK_EVENT] = boost::bind(CtrlBreakHandler, _1, _2);
+ ctrl.handler[CTRL_CLOSE_EVENT] = boost::bind(CtrlCloseHandler, _1, _2);
+ ctrl.handler[CTRL_LOGOFF_EVENT] = boost::bind(CtrlLogoffHandler, _1, _2);
+ ctrl.handler[CTRL_SHUTDOWN_EVENT] = boost::bind(CtrlShutdownHandler, _1, _2);
+}
+
+#endif
--- /dev/null
+/*
+ * anytun
+ *
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
+ * Christian Pointner <satp@wirdorange.org>
+ *
+ * This file is part of Anytun.
+ *
+ * Anytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Anytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_signalServiceHandler_hpp_INCLUDED
+#define ANYTUN_signalServiceHandler_hpp_INCLUDED
+
+#include "winService.h"
+
+void registerSignalHandler(SignalController& ctrl, WinService& service)
+{
+ ctrl.handler[SERVICE_CONTROL_STOP] = boost::bind(&WinService::handleCtrlSignal, &service, _1, _2);
+ ctrl.handler[SERVICE_CONTROL_INTERROGATE] = boost::bind(&WinService::handleCtrlSignal, &service, _1, _2);
+ ctrl.handler[SIGUNKNOWN] = boost::bind(&WinService::handleCtrlSignal, &service, _1, _2);
+
+ ctrl.callbacks.insert(SignalController::CallbackMap::value_type(CALLB_RUNNING, boost::bind(&WinService::reportStatus, &service, SERVICE_RUNNING, NO_ERROR)));
+ ctrl.callbacks.insert(SignalController::CallbackMap::value_type(CALLB_STOPPING, boost::bind(&WinService::reportStatus, &service, SERVICE_STOP_PENDING, NO_ERROR)));
+}
+
+#endif
--- /dev/null
+/*\r
+ * anytun\r
+ *\r
+ * The secure anycast tunneling protocol (satp) defines a protocol used\r
+ * for communication between any combination of unicast and anycast\r
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel\r
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.\r
+ * ethernet, ip, arp ...). satp directly includes cryptography and\r
+ * message authentication based on the methodes used by SRTP. It is\r
+ * intended to deliver a generic, scaleable and secure solution for\r
+ * tunneling and relaying of packets of any protocol.\r
+ *\r
+ *\r
+ * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, \r
+ * Christian Pointner <satp@wirdorange.org>\r
+ *\r
+ * This file is part of Anytun.\r
+ *\r
+ * Anytun is free software: you can redistribute it and/or modify\r
+ * it under the terms of the GNU General Public License as published by\r
+ * the Free Software Foundation, either version 3 of the License, or\r
+ * any later version.\r
+ *\r
+ * Anytun is distributed in the hope that it will be useful,\r
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
+ * GNU General Public License for more details.\r
+ *\r
+ * You should have received a copy of the GNU General Public License\r
+ * along with anytun. If not, see <http://www.gnu.org/licenses/>.\r
+ */\r
+#pragma once\r
+#ifndef ANYTUN_sysexec_hpp_INCLUDED\r
+#define ANYTUN_sysexec_hpp_INCLUDED\r
+\r
+#include <algorithm>\r
+#include <iostream> // todo remove\r
+#include <windows.h>\r
+\r
+SysExec::~SysExec()\r
+{\r
+ if(!closed_) {\r
+ CloseHandle(process_info_.hProcess);\r
+ CloseHandle(process_info_.hThread);\r
+ }\r
+}\r
+\r
+STARTUPINFOA getStartupInfo() {\r
+ STARTUPINFOA startup_info;\r
+ startup_info.cb = sizeof(STARTUPINFOA);\r
+ GetStartupInfoA(&startup_info);\r
+\r
+ //startup_info.dwFlags = STARTF_USESTDHANDLES;\r
+ //startup_info.hStdInput = CreateFile("NUL", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, 0, 0, 0); // INVALID_HANDLE_VALUE;\r
+ //startup_info.hStdOutput = CreateFile("NUL", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, 0, 0, 0); // INVALID_HANDLE_VALUE;\r
+ //startup_info.hStdError = CreateFile("NUL", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, 0, 0, 0); // INVALID_HANDLE_VALUE;\r
+ startup_info.dwFlags |= STARTF_USESHOWWINDOW;\r
+ startup_info.wShowWindow = SW_HIDE;\r
+ \r
+ return startup_info;\r
+}\r
+\r
+char const * const BATCH_FILE_EXTS[] = { ".bat", ".cmd" };\r
+int const BATCH_FILE_EXTS_COUNT = sizeof(BATCH_FILE_EXTS) / sizeof(BATCH_FILE_EXTS[0]);\r
+\r
+bool endsWith(std::string const& string, std::string const& suffix) {\r
+ return string.find(suffix, string.size() - suffix.size()) != std::string::npos;\r
+}\r
+\r
+void SysExec::doExec(StringVector args, StringList env)\r
+{\r
+ std::vector<char> arguments;\r
+ \r
+ bool isBatchFile = false;\r
+ for(int i = 0; i < BATCH_FILE_EXTS_COUNT; ++i) {\r
+ if(endsWith(script_, BATCH_FILE_EXTS[i])) {\r
+ isBatchFile = true;\r
+ break;\r
+ }\r
+ }\r
+\r
+ if(isBatchFile) {\r
+ std::string const BATCH_INTERPRETER = "cmd /c \"";\r
+ arguments.insert(arguments.end(), BATCH_INTERPRETER.begin(), BATCH_INTERPRETER.end());\r
+ }\r
+ arguments.push_back('\"');\r
+ arguments.insert(arguments.end(), script_.begin(), script_.end());\r
+ arguments.push_back('\"');\r
+ arguments.push_back(' ');\r
+ \r
+ for(StringVector::const_iterator it = args.begin(); it != args.end(); ++it) {\r
+ arguments.push_back('\"');\r
+ arguments.insert(arguments.end(), it->begin(), it->end());\r
+ arguments.push_back('\"');\r
+ arguments.push_back(' ');\r
+ }\r
+\r
+ if(isBatchFile) {\r
+ arguments.push_back('\"');\r
+ }\r
+ arguments.push_back(0);\r
+ \r
+ STARTUPINFOA startup_info = getStartupInfo();\r
+\r
+ std::map<std::string, std::string> envDict;\r
+ for(StringList::const_iterator it = env.begin(); it != env.begin(); ++it) {\r
+ size_t delimiter_pos = it->find('=');\r
+ envDict.insert(std::make_pair(it->substr(0, delimiter_pos), it->substr(delimiter_pos + 1)));\r
+ }\r
+ std::vector<char> env;\r
+ for(std::map<std::string, std::string>::iterator it = envDict.begin(); it != envDict.end(); ++it) {\r
+ env.insert(env.end(), it->first.begin(), it->first.end());\r
+ env.push_back(0);\r
+ }\r
+ env.push_back(0);\r
+\r
+ if(!CreateProcessA(NULL,\r
+ &arguments[0],\r
+ NULL,\r
+ NULL,\r
+ false,\r
+ NULL,\r
+ &env[0],\r
+ NULL,\r
+ &startup_info,\r
+ &process_info_\r
+ ))\r
+ {\r
+ cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "' CreateProcess() error: " << GetLastError();\r
+ return;\r
+ }\r
+}\r
+\r
+int SysExec::waitForScript()\r
+{\r
+ DWORD result = WaitForSingleObject(process_info_.hProcess, INFINITE);\r
+ assert(WAIT_OBJECT_0 == result); // WAIT_FAILED, WAIT_TIMEOUT ... ???\r
+ bool success = GetExitCodeProcess(process_info_.hProcess, &return_code_) != 0;\r
+ assert(true == success); // false -> HU?\r
+\r
+ CloseHandle(process_info_.hProcess);\r
+ CloseHandle(process_info_.hThread);\r
+ closed_ = true;\r
+\r
+ return static_cast<int>(return_code_);\r
+}\r
+\r
+void SysExec::waitAndDestroy(SysExec*& s)\r
+{\r
+ if(!s)\r
+ return;\r
+\r
+ s->waitForScript();\r
+ cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' returned " << s->return_code_;\r
+\r
+ delete(s);\r
+ s = NULL;\r
+}\r
+\r
+#endif // ANYTUN_sysexec_hpp_INCLUDED\r
}
conf_.mtu_ = static_cast<u_int16_t>(mtu);
}
+
+void TunDevice::waitUntilReady()
+{
+// nothing to be done here
+}
#include "../anytunError.h"\r
#include "../threadUtils.hpp"\r
\r
-WinService* WinService::inst = NULL;\r
-Mutex WinService::instMutex;\r
-WinService& gWinService = WinService::instance();\r
-\r
-WinService& WinService::instance()\r
-{\r
- Lock lock(instMutex);\r
- static instanceCleaner c;\r
- if(!inst)\r
- inst = new WinService();\r
- \r
- return *inst;\r
-}\r
-\r
-WinService::~WinService()\r
-{\r
- if(started_)\r
- CloseHandle(stop_event_);\r
-}\r
-\r
void WinService::install()\r
{\r
SC_HANDLE schSCManager;\r
AnytunError::throwErr() << "Error on StartServiceCtrlDispatcher: " << AnytunErrno(GetLastError());\r
}\r
\r
-void WinService::waitForStop()\r
-{\r
- if(!started_)\r
- AnytunError::throwErr() << "Service not started correctly";\r
- \r
- reportStatus(SERVICE_RUNNING, NO_ERROR);\r
- WaitForSingleObject(stop_event_, INFINITE);\r
- reportStatus(SERVICE_STOP_PENDING, NO_ERROR);\r
- cLog.msg(Log::PRIO_NOTICE) << "WinService received stop signal, exitting";\r
-}\r
-\r
-void WinService::stop()\r
-{\r
- if(!started_)\r
- AnytunError::throwErr() << "Service not started correctly";\r
-\r
- reportStatus(SERVICE_STOPPED, NO_ERROR);\r
-}\r
-\r
-int real_main(int argc, char* argv[]);\r
+int real_main(int argc, char* argv[], WinService& service);\r
\r
VOID WINAPI WinService::main(DWORD dwArgc, LPTSTR *lpszArgv)\r
{\r
- if(gWinService.started_) {\r
- cLog.msg(Log::PRIO_ERROR) << "Service is already running";\r
- return;\r
- }\r
+ WinService service;\r
\r
- gWinService.status_handle_ = RegisterServiceCtrlHandlerA(SVC_NAME, WinService::ctrlHandler);\r
- if(!gWinService.status_handle_) { \r
+ service.status_handle_ = RegisterServiceCtrlHandlerA(SVC_NAME, WinService::ctrlHandler);\r
+ if(!service.status_handle_) { \r
cLog.msg(Log::PRIO_ERROR) << "Error on RegisterServiceCtrlHandler: " << AnytunErrno(GetLastError());\r
return;\r
}\r
- gWinService.status_.dwServiceType = SERVICE_WIN32_OWN_PROCESS; \r
- gWinService.status_.dwServiceSpecificExitCode = 0; \r
- gWinService.reportStatus(SERVICE_START_PENDING, NO_ERROR);\r
- gWinService.started_ = true;\r
+ service.status_.dwServiceType = SERVICE_WIN32_OWN_PROCESS; \r
+ service.status_.dwServiceSpecificExitCode = 0; \r
+ service.reportStatus(SERVICE_START_PENDING, NO_ERROR);\r
\r
- gWinService.stop_event_ = CreateEvent(NULL, true, false, NULL);\r
- if(!gWinService.stop_event_) {\r
- cLog.msg(Log::PRIO_ERROR) << "WinService Error on CreateEvent: " << AnytunErrno(GetLastError());\r
- gWinService.reportStatus(SERVICE_STOPPED, -1);\r
- return;\r
- }\r
-\r
- real_main(dwArgc, lpszArgv);\r
+ real_main(dwArgc, lpszArgv, service);\r
+ \r
+ service.reportStatus(SERVICE_STOPPED, NO_ERROR);\r
}\r
\r
VOID WINAPI WinService::ctrlHandler(DWORD dwCtrl)\r
{\r
- switch(dwCtrl) {\r
+ gSignalController.inject(dwCtrl);\r
+}\r
+\r
+int WinService::handleCtrlSignal(int sig, const std::string& msg)\r
+{\r
+ switch(sig) {\r
case SERVICE_CONTROL_STOP: {\r
- gWinService.reportStatus(SERVICE_STOP_PENDING, NO_ERROR);\r
- SetEvent(gWinService.stop_event_);\r
- return;\r
+ reportStatus(SERVICE_STOP_PENDING, NO_ERROR);\r
+ cLog.msg(Log::PRIO_NOTICE) << "received service stop signal, exitting";\r
+ return 1;\r
}\r
case SERVICE_CONTROL_INTERROGATE: break;\r
default: break;\r
}\r
- gWinService.reportStatus(gWinService.status_.dwCurrentState, NO_ERROR);\r
+ reportStatus(status_.dwCurrentState, NO_ERROR);\r
+\r
+ return 0;\r
}\r
\r
-void WinService::reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint)\r
+void WinService::reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode)\r
{\r
static DWORD dwCheckPoint = 1;\r
\r
status_.dwCurrentState = dwCurrentState;\r
status_.dwWin32ExitCode = dwWin32ExitCode;\r
- status_.dwWaitHint = dwWaitHint;\r
+ status_.dwWaitHint = 0;\r
\r
if((dwCurrentState == SERVICE_START_PENDING) ||\r
(dwCurrentState == SERVICE_STOP_PENDING))\r
SetServiceStatus(status_handle_, &status_);\r
}\r
\r
+void WinService::initPrivs(std::string const& username, std::string const& groupname)\r
+{\r
+// nothing here\r
+}\r
+\r
+void WinService::dropPrivs()\r
+{\r
+// nothing here\r
+}\r
+\r
+void WinService::chroot(std::string const& dir)\r
+{\r
+// nothing here\r
+}\r
+\r
+void WinService::daemonize()\r
+{\r
+// nothing here\r
+}\r
+\r
+bool WinService::isDaemonized()\r
+{\r
+ return true;\r
+}\r
+\r
#endif\r
#ifdef WIN_SERVICE
#include "../threadUtils.hpp"
+#include "../signalController.h"
class WinService
{
public:
- static WinService& instance();
#define SVC_NAME "anytun"
static void install();
static void uninstall();
static void start();
- void waitForStop();
- void stop();
-
static VOID WINAPI main(DWORD dwArgc, LPTSTR *lpszArgv);
static VOID WINAPI ctrlHandler(DWORD dwCtrl);
+
+ void reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode);
+ int handleCtrlSignal(int sig, const std::string& msg);
+
+ void initPrivs(std::string const& username, std::string const& groupname);
+ void dropPrivs();
+ void chroot(std::string const& dir);
+ void daemonize();
+ bool isDaemonized();
+
private:
- WinService() : started_(false) {};
- ~WinService();
+ WinService() {};
+ ~WinService() {};
WinService(const WinService &w);
void operator=(const WinService &w);
- void reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint=0);
-
- static WinService* inst;
- static Mutex instMutex;
- class instanceCleaner {
- public: ~instanceCleaner() {
- if(WinService::inst != NULL)
- delete WinService::inst;
- }
- };
- friend class instanceCleaner;
-
- bool started_;
SERVICE_STATUS status_;
SERVICE_STATUS_HANDLE status_handle_;
- HANDLE stop_event_;
};
-extern WinService& gWinService;
+typedef WinService DaemonService;
#endif
-0.3.2
\ No newline at end of file
+0.3.3
+++ /dev/null
--- anytun
---
--- The secure anycast tunneling protocol (satp) defines a protocol used
--- for communication between any combination of unicast and anycast
--- tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
--- mode and allows tunneling of every ETHER TYPE protocol (e.g.
--- ethernet, ip, arp ...). satp directly includes cryptography and
--- message authentication based on the methodes used by SRTP. It is
--- intended to deliver a generic, scaleable and secure solution for
--- tunneling and relaying of packets of any protocol.
---
---
--- Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
--- Christian Pointner <satp@wirdorange.org>
---
--- This file is part of Anytun.
---
--- Anytun is free software: you can redistribute it and/or modify
--- it under the terms of the GNU General Public License as published by
--- the Free Software Foundation, either version 3 of the License, or
--- any later version.
---
--- Anytun is distributed in the hope that it will be useful,
--- but WITHOUT ANY WARRANTY; without even the implied warranty of
--- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--- GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License
--- along with anytun. If not, see <http://www.gnu.org/licenses/>.
-
-
-do
- local proto_satp = Proto("SATP","Secure Anycast Tunneling Protocol")
-
- local payload_types = {
- [0x0800] = "IPv4",
- [0x6558] = "Ethernet",
- [0x86DD] = "IPv6"
- }
-
- local payload_dissector = {
- [0x0800] = "ip",
- [0x6558] = "eth",
- [0x86DD] = "ipv6"
- }
-
- local field_seq = ProtoField.uint32("satp.seq","Sequence Number",base.DEC)
- local field_sid = ProtoField.uint16("satp.sid","Sender ID",base.DEC)
- local field_mux = ProtoField.uint16("satp.mux","Mux",base.DEC)
- local field_ptype = ProtoField.uint16("satp.ptype","Payload Type (plain?)",base.HEX,payload_types)
-
- proto_satp.fields = { field_seq, field_sid, field_mux, field_ptype }
-
-
- -- create a function to dissect it
- function proto_satp.dissector(buffer,pinfo,tree)
- local info_string = "Sender Id: " .. buffer(4,2):uint() .. ", Mux: " .. buffer(6,2):uint() .. ", SeqNr: " .. buffer(0,4):uint()
- pinfo.cols.protocol = "SATP"
- pinfo.cols.info = info_string
-
- local subtree = tree:add(proto_satp,buffer(),"SATP, " .. info_string)
-
- subtree:add(field_seq, buffer(0,4))
- subtree:add(field_sid, buffer(4,2))
- subtree:add(field_mux, buffer(6,2))
-
- local payload_type = buffer(8,2):uint()
-
- if payload_dissector[payload_type] ~= nil then
- subtree:add(field_ptype, buffer(8,2))
- Dissector.get(payload_dissector[payload_type]):call(buffer(10):tvb(),pinfo,tree)
- else
- Dissector.get("data"):call(buffer(8):tvb(),pinfo,tree)
- end
- end
-
- -- load the udp.port table
-
- udp_table = DissectorTable.get("udp.port")
-
- -- register our protocol to handle udp port 4444
- udp_table:add(4444,proto_satp)
-end
projects / anytun.git / commitdiff