From 91d2dadab8997ae23442f77dd28db9fa3aee1e7c Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Fri, 20 Jan 2017 16:45:21 +0100 Subject: [PATCH] New upstream version 0.3.6 --- ChangeLog | 6 + README | 18 +- contrib/build-boost-mingw-cross.sh | 2 +- contrib/build-openssl-mingw-cross.sh | 2 +- contrib/make-mingw-release.sh | 8 +- contrib/openssl-1.0.2h-configure.patch | 50 +++++ doc/anytun-config.8 | 6 +- doc/anytun-controld.8 | 6 +- doc/anytun-showtables.8 | 6 +- doc/anytun.8 | 6 +- etc/init.d/anytun | 260 ++++++++++------------ src/Makefile | 49 +++- src/anytun-config.cpp | 5 +- src/anytun-showtables.cpp | 4 +- src/anytun.cpp | 11 +- src/anytunError.h | 2 +- src/configure | 118 +++++++--- src/cryptinit.hpp | 10 +- src/datatypes.h | 7 + src/options.cpp | 9 + src/packetSource.cpp | 2 +- src/packetSource.h | 2 +- src/resolver.cpp | 28 +-- src/syncServer.cpp | 2 +- src/syncServer.h | 2 +- usr/lib/anytun-launcher | 59 +++++ usr/lib/systemd/system-generator/anytun-generator | 23 ++ usr/lib/systemd/system/anytun-controld@.service | 19 ++ usr/lib/systemd/system/anytun.service | 13 ++ usr/lib/systemd/system/anytun@.service | 20 ++ usr/lib/tmpfiles.d/anytun.conf | 2 + version | 2 +- 32 files changed, 523 insertions(+), 236 deletions(-) create mode 100644 contrib/openssl-1.0.2h-configure.patch create mode 100755 usr/lib/anytun-launcher create mode 100755 usr/lib/systemd/system-generator/anytun-generator create mode 100644 usr/lib/systemd/system/anytun-controld@.service create mode 100644 usr/lib/systemd/system/anytun.service create mode 100644 usr/lib/systemd/system/anytun@.service create mode 100644 usr/lib/tmpfiles.d/anytun.conf diff --git a/ChangeLog b/ChangeLog index 284ae2f..c9dda20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2016.07.08 -- Version 0.3.6 + +* fixed build for GCC-6 and C++0x +* fixed some libgcrypt warnings @ anytun-showtables and anytun-config +* added systemd unit files and gernator + 2014.08.26 -- Version 0.3.5 * added an exception to the license which allows linking with OpenSSL diff --git a/README b/README index 09f1692..8eb9c3b 100644 --- a/README +++ b/README @@ -102,10 +102,10 @@ Windows Installation ============ -Getting the source via subversion: ----------------------------------- +Getting the source via GIT: +--------------------------- -svn co http://svn.anytun.org/anytun/trunk anytun +git clone https://git.spreadspace.org/anytun/anytun.git cd anytun Building from source @@ -182,6 +182,18 @@ of instance names which should be used when no names are specified at the comman line. One line for each name. Empty lines and lines starting with # are ignored. +systemd usage +------------- + +Using the provided service units, anytun can now be started and managed via Systemd. +As with the init.d script, each VPN or anytun instance, identified by it's $vpnname, + needs it's own configuration subdirectory. E.g.: ${PREFIX}/etc/anytun/${vpnname}/. +For each such CLIENT instance, use the following command to enable it: + +# systemctl enable anytun@${vpnname}.service + +Manually start and stop instances by replacing enable with start or stop. + Errors: ======= diff --git a/contrib/build-boost-mingw-cross.sh b/contrib/build-boost-mingw-cross.sh index 5ca49e7..b340447 100755 --- a/contrib/build-boost-mingw-cross.sh +++ b/contrib/build-boost-mingw-cross.sh @@ -1,6 +1,6 @@ #!/bin/sh set -e -BOOST=1.55.0 +BOOST=1.58.0 BOOST_DASH=`echo $BOOST | perl -ne 's/\./_/g; print'` echo $BOOST_DASH diff --git a/contrib/build-openssl-mingw-cross.sh b/contrib/build-openssl-mingw-cross.sh index 7e165b1..4c00f5d 100755 --- a/contrib/build-openssl-mingw-cross.sh +++ b/contrib/build-openssl-mingw-cross.sh @@ -1,6 +1,6 @@ #!/bin/sh set -e -OPENSSL=openssl-1.0.1h +OPENSSL=openssl-1.0.2h BASE=`pwd` wget http://openssl.org/source/$OPENSSL.tar.gz -O - | tar xz diff --git a/contrib/make-mingw-release.sh b/contrib/make-mingw-release.sh index 5a1d29f..4df517a 100755 --- a/contrib/make-mingw-release.sh +++ b/contrib/make-mingw-release.sh @@ -4,11 +4,11 @@ VER=`cat ../version` for target in w32 w64; do if [ "$target" = "w32" ]; then - LIBGCC_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libgcc_s_sjlj-1.dll - LIBSTDCPP_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libstdc++-6.dll + LIBGCC_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libgcc_s_sjlj-1.dll + LIBSTDCPP_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libstdc++-6.dll else - LIBGCC_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libgcc_s_sjlj-1.dll - LIBSTDCPP_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libstdc++-6.dll + LIBGCC_DLL=/usr/lib/gcc/x86_64-w64-mingw32/`x86_64-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libgcc_s_seh-1.dll + LIBSTDCPP_DLL=/usr/lib/gcc/x86_64-w64-mingw32/`x86_64-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libstdc++-6.dll fi mkdir anytun-$VER-$target cp anytun-$target/*.exe anytun-$VER-$target diff --git a/contrib/openssl-1.0.2h-configure.patch b/contrib/openssl-1.0.2h-configure.patch new file mode 100644 index 0000000..11aa260 --- /dev/null +++ b/contrib/openssl-1.0.2h-configure.patch @@ -0,0 +1,50 @@ +diff -Nur openssl-1.0.2h.orig/config openssl-1.0.2h/config +--- openssl-1.0.2h.orig/config 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/config 2016-07-03 12:17:28.705241215 +0200 +@@ -877,11 +877,11 @@ + # options="$options -DATALLA" + #fi + +-if expr "$options" : '.*no\-asm' > /dev/null; then :; else +- sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \ +- grep \\--noexecstack >/dev/null && \ +- options="$options -Wa,--noexecstack" +-fi ++#if expr "$options" : '.*no\-asm' > /dev/null; then :; else ++# sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \ ++# grep \\--noexecstack >/dev/null && \ ++# options="$options -Wa,--noexecstack" ++#fi + + # gcc < 2.8 does not support -march=ultrasparc + if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] +diff -Nur openssl-1.0.2h.orig/Configure openssl-1.0.2h/Configure +--- openssl-1.0.2h.orig/Configure 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/Configure 2016-07-03 12:17:28.705241215 +0200 +@@ -599,7 +599,7 @@ + "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", + + # MinGW +-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", ++"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -Wl,--export-all -shared:.dll.a", + # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll + # compiled with one compiler with application compiled with another + # compiler. It's possible to engage Applink support in mingw64 build, +@@ -607,7 +607,7 @@ + # handling, one can't seriously consider its binaries for using with + # non-mingw64 run-time environment. And as mingw64 is always consistent + # with itself, Applink is never engaged and can as well be omitted. +-"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", ++"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin -Wl,--export-all -shared:.dll.a", + + # UWIN + "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +@@ -1005,7 +1005,7 @@ + } + else + { +- die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); ++ #die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); + $target=$_; + } + diff --git a/doc/anytun-config.8 b/doc/anytun-config.8 index 57e3753..bbb0b2e 100644 --- a/doc/anytun-config.8 +++ b/doc/anytun-config.8 @@ -1,13 +1,13 @@ '\" t .\" Title: anytun-config .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 08/26/2014 +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN\-CONFIG" "8" "08/26/2014" "\ \&" "\ \&" +.TH "ANYTUN\-CONFIG" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/doc/anytun-controld.8 b/doc/anytun-controld.8 index 9fbc11c..4cc0c41 100644 --- a/doc/anytun-controld.8 +++ b/doc/anytun-controld.8 @@ -1,13 +1,13 @@ '\" t .\" Title: anytun-controld .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 08/26/2014 +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN\-CONTROLD" "8" "08/26/2014" "\ \&" "\ \&" +.TH "ANYTUN\-CONTROLD" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/doc/anytun-showtables.8 b/doc/anytun-showtables.8 index 0558d9b..74d39e5 100644 --- a/doc/anytun-showtables.8 +++ b/doc/anytun-showtables.8 @@ -1,13 +1,13 @@ '\" t .\" Title: anytun-showtables .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 08/26/2014 +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN\-SHOWTABLES" "8" "08/26/2014" "\ \&" "\ \&" +.TH "ANYTUN\-SHOWTABLES" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/doc/anytun.8 b/doc/anytun.8 index 93e61c3..7a35e5a 100644 --- a/doc/anytun.8 +++ b/doc/anytun.8 @@ -1,13 +1,13 @@ '\" t .\" Title: anytun .\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 08/26/2014 +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" -.TH "ANYTUN" "8" "08/26/2014" "\ \&" "\ \&" +.TH "ANYTUN" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/etc/init.d/anytun b/etc/init.d/anytun index 6905c67..b47378d 100755 --- a/etc/init.d/anytun +++ b/etc/init.d/anytun @@ -9,199 +9,173 @@ # Description: Enables networking over vpn tunnel interfaces ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/anytun -ANYTUNCONFIG=/usr/bin/anytun-config -CONTROLDAEMON=/usr/bin/anytun-controld -NAME=anytun -DESC=anytun -CONFIG_DIR=/etc/anytun -VARCONFIG_DIR=/var/run/anytun-controld -VARRUN_DIR=/var/run/$NAME/ - -test -x $DAEMON || exit 0 +DAEMON=anytun +LAUNCHER=/usr/local/lib/$DAEMON-launcher +DESC="secure anycast tunneling daemon" +CONFIG_DIR=/usr/local/etc/$DAEMON +VARCONTROL_DIR=/var/run/$DAEMON-controld +VARRUN_DIR=/var/run/$DAEMON/ # Include anytun defaults if available if [ -f /etc/default/anytun ] ; then . /etc/default/anytun fi +. /lib/lsb/init-functions + start_vpn () { STATUS="OK" - if [ -f $CONFIG_DIR/$NAME/config ] ; then - POSTUP='' - test -f $CONFIG_DIR/$NAME/post-up.sh && POSTUP="-x $CONFIG_DIR/$NAME/post-up.sh" - CHROOTDIR=`grep '^chroot' < $CONFIG_DIR/$NAME/config | sed 's/chroot\s*//'` - if [ -n "$CHROOTDIR" ] ; then - test -d $CHROOTDIR || mkdir -p $CHROOTDIR - fi - test -d $VARRUN_DIR || mkdir -p $VARRUN_DIR - DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '` - $DAEMON --write-pid $VARRUN_DIR/$NAME.pid $POSTUP \ - $DAEMONOPTS $DAEMONARG || STATUS="FAILED" + if [ -f $CONFIG_DIR/$1/config ] ; then + $LAUNCHER vpn $1 || STATUS="FAILED" else - STATUS="no config found" + STATUS=" no config found" fi - start_configd + start_configd $1 echo -n "($STATUS)" } stop_vpn () { kill `cat $PIDFILE` || true rm $PIDFILE - stop_configd + stop_configd $1 } start_configd () { - if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - test -d $VARCONFIG_DIR || mkdir -p $VARCONFIG_DIR - chmod 700 $VARCONFIG_DIR - rm -f $VARCONFIG_DIR/$NAME 2>/dev/null - KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo` - for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do - echo -n " ($CLIENTNAME)" - DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo` - $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONFIG_DIR/$NAME - done - CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo` - $CONTROLDAEMON -f $VARCONFIG_DIR/$NAME $DAEMONOPTS $CONTROLHOST \ - --write-pid $VARCONFIG_DIR/$NAME.pid - # rm -f $VARCONFIG_DIR/$NAME - fi + $LAUNCHER configd $1 } stop_configd () { - if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - echo -n " ($NAME-controlld)" - kill `cat $VARCONFIG_DIR/$NAME.pid` || true - rm $VARCONFIG_DIR/$NAME.pid - fi + if [ -d $CONFIG_DIR/$1/conf.d ] ; then + echo -n " ($1-controlld)" + kill `cat $VARCONTROL_DIR/$1.pid` || true + rm $VARCONTROL_DIR/$1.pid + fi } set -e case "$1" in start) - echo -n "Starting $DESC:" - if test -z "$2" ; then - if [ -f $CONFIG_DIR/autostart ] ; then - for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do - echo -n " $NAME" - start_vpn - done + echo -n "Starting $DESC:" + if test -z "$2" ; then + if [ -f $CONFIG_DIR/autostart ] ; then + for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do + echo -n " $NAME" + start_vpn $NAME + done + else + echo "no config found" + exit 1; + fi else - echo "no config found" - exit 1; + while shift ; do + [ -z "$1" ] && break + echo -n " $1" + start_vpn $1 + done fi - else - while shift ; do - [ -z "$1" ] && break - NAME=$1 - echo -n " $NAME" - start_vpn - done - fi - echo "." - ;; + echo "." + ;; stop) - echo -n "Stoping $DESC:" - if test -z "$2" ; then - for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do - NAME=`basename $PIDFILE` - NAME=${NAME%%.pid} - echo -n " $NAME" - stop_vpn - done - else - while shift ; do - [ -z "$1" ] && break - if test -e $VARRUN_DIR/$1.pid ; then - PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + echo -n "Stoping $DESC:" + if test -z "$2" ; then + for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do NAME=`basename $PIDFILE` NAME=${NAME%%.pid} echo -n " $NAME" - stop_vpn - else - echo -n " (failure: No such tunnel is running: $1)" - fi - done - fi - echo "." - ;; + stop_vpn $NAME + done + else + while shift ; do + [ -z "$1" ] && break + if test -e $VARRUN_DIR/$1.pid ; then + PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + NAME=`basename $PIDFILE` + NAME=${NAME%%.pid} + echo -n " $NAME" + stop_vpn $NAME + else + echo -n " (failure: No such tunnel is running: $1)" + fi + done + fi + echo "." + ;; reload) - echo -n "Reloading $DESC:" - if test -z "$2" ; then - for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do - NAME=`basename $PIDFILE` - NAME=${NAME%%.pid} - echo -n " $NAME" - if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - stop_vpn - start_vpn - else - stop_configd - start_configd - fi - done - else - while shift ; do - [ -z "$1" ] && break - if test -e $VARRUN_DIR/$1.pid ; then - PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + echo -n "Reloading $DESC:" + if test -z "$2" ; then + for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do NAME=`basename $PIDFILE` NAME=${NAME%%.pid} echo -n " $NAME" if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then - stop_vpn - start_vpn + stop_vpn $NAME + start_vpn $NAME else - stop_configd - start_configd + stop_configd $NAME + start_configd $NAME fi - else - echo -n " (failure: No such tunnel is running: $1)" - fi - done - fi - echo "." - ;; + done + else + while shift ; do + [ -z "$1" ] && break + if test -e $VARRUN_DIR/$1.pid ; then + PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + NAME=`basename $PIDFILE` + NAME=${NAME%%.pid} + echo -n " $NAME" + if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then + stop_vpn $NAME + start_vpn $NAME + else + stop_configd $NAME + start_configd $NAME + fi + else + echo -n " (failure: No such tunnel is running: $1)" + fi + done + fi + echo "." + ;; force-reload) - echo -n "Restarting $DESC:" - if test -z "$2" ; then - for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do - NAME=`basename $PIDFILE` - NAME=${NAME%%.pid} - echo -n " $NAME" - stop_vpn - sleep 1 - start_vpn - done - else - while shift ; do - [ -z "$1" ] && break - if test -e $VARRUN_DIR/$1.pid ; then - PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + echo -n "Restarting $DESC:" + if test -z "$2" ; then + for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do NAME=`basename $PIDFILE` NAME=${NAME%%.pid} echo -n " $NAME" - stop_vpn + stop_vpn $NAME sleep 1 - start_vpn - else - echo -n " (failure: No such tunnel is running: $1)" - fi - done - fi - echo "." - ;; + start_vpn $NAME + done + else + while shift ; do + [ -z "$1" ] && break + if test -e $VARRUN_DIR/$1.pid ; then + PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null` + NAME=`basename $PIDFILE` + NAME=${NAME%%.pid} + echo -n " $NAME" + stop_vpn $NAME + sleep 1 + start_vpn $NAME + else + echo -n " (failure: No such tunnel is running: $1)" + fi + done + fi + echo "." + ;; restart) SCRIPT=$0 shift $SCRIPT stop $* sleep 1 $SCRIPT start $* - ;; + ;; *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 - exit 1 - ;; + N=/etc/init.d/$DAEMON + echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; esac exit 0 diff --git a/src/Makefile b/src/Makefile index b2f1646..9d29cb5 100644 --- a/src/Makefile +++ b/src/Makefile @@ -171,7 +171,7 @@ ANYCTRSRCS := $(ANYCTROBJS:%.o=%.cpp) ANYCONFSRCS := $(ANYCONFOBJS:%.o=%.cpp) EXESRCS := $(EXEOBJS:%.o=%.cpp) -.PHONY: distclean cleanall clean manpage install install-bin install-etc install-man uninstall remove purge +.PHONY: distclean cleanall clean manpage install install-bin install-etc install-man uninstall remove purge remove-systemd install-systemd remove-bin remove-man remove-examples all: $(EXECUTABLES) #libAnysync.a @@ -186,7 +186,7 @@ ifneq ($(MAKECMDGOALS),distclean) endif strip: $(EXECUTABLES) - $(STRIP) -s $(EXECUTABLES) + $(STRIP) -s $(EXECUTABLES) anytun$(EXE): $(ANYTUNOBJS) $(SYNCOBJS) anytun.o $(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS) @@ -211,13 +211,13 @@ anytun-controld$(EXE): $(ANYCTROBJS) anytun-controld.o $(LD) $(ANYCTROBJS) anytun-controld.o -o $@ $(LDFLAGS) -options.o: options.cpp +options.o: options.cpp $(CXX) $(CXXFLAGS) -DANYTUN_OPTIONS $< -c -o $@ -anyCtrOptions.o: options.cpp +anyCtrOptions.o: options.cpp $(CXX) $(CXXFLAGS) -DANYCTR_OPTIONS $< -c -o $@ -anyConfOptions.o: options.cpp +anyConfOptions.o: options.cpp $(CXX) $(CXXFLAGS) -DANYCONF_OPTIONS $< -c -o $@ nullOptions.o: options.cpp @@ -234,7 +234,6 @@ libAnysync.a: $(OBJS) anyrtpproxy: anytun $(MAKE) --directory=$(CURDIR)/anyrtpproxy - distclean: cleanall find . -name *.o -exec rm -f {} \; rm -f config.sub config.guess @@ -281,6 +280,11 @@ INSTALL_TARGETS += install-examples REMOVE_TARGETS += remove-examples endif +ifdef SYSTEMDDIR +INSTALL_TARGETS += install-systemd +REMOVE_TARGETS := remove-systemd +endif + install: all $(INSTALL_TARGETS) install-bin: $(EXECUTABLES) @@ -290,18 +294,36 @@ install-bin: $(EXECUTABLES) $(INSTALL) -m 755 anytun-config $(DESTDIR)$(BINDIR) $(INSTALL) -m 755 anytun-controld $(DESTDIR)$(BINDIR) $(INSTALL) -m 755 anytun-showtables $(DESTDIR)$(BINDIR) + $(INSTALL) -d $(DESTDIR)$(LIBDIR) + @ sed -e 's#/usr/local/sbin#$(SBINDIR)#' -e 's#/usr/local/bin#$(BINDIR)#' \ + -e 's#/usr/local/etc#$(ETCDIR)#' ../usr/lib/anytun-launcher > ../usr/lib/anytun-launcher.bak + $(INSTALL) -m 755 ../usr/lib/anytun-launcher.bak $(DESTDIR)$(LIBDIR)/anytun-launcher + rm -f ../usr/lib/anytun-launcher.bak install-etc: $(INSTALL) -d $(DESTDIR)$(ETCDIR)/anytun @ echo "example configurations can be found at $(EXAMPLESDIR)/anytun" > $(DESTDIR)$(ETCDIR)/anytun/README $(INSTALL) -d $(DESTDIR)$(ETCDIR)/init.d - @ sed -e 's#DAEMON=/usr/sbin/anytun#DAEMON=$(SBINDIR)/anytun#' \ - -e 's#ANYTUNCONFIG=/usr/bin/anytun-config#ANYTUNCONFIG=$(BINDIR)/anytun-config#' \ - -e 's#CONTROLDAEMON=/usr/bin/anytun-controld#CONTROLDAEMON=$(BINDIR)/anytun-controld#' \ - -e 's#CONFIG_DIR=/etc/anytun#CONFIG_DIR=$(ETCDIR)/anytun#' ../etc/init.d/anytun > ../etc/init.d/anytun.bak + @ sed -e 's#/usr/local/bin#$(BINDIR)#' -e 's#/usr/local/lib#$(LIBDIR)#' -e 's#/usr/local/etc#$(ETCDIR)#' ../etc/init.d/anytun > ../etc/init.d/anytun.bak $(INSTALL) -m 755 ../etc/init.d/anytun.bak $(DESTDIR)$(ETCDIR)/init.d/anytun rm -f ../etc/init.d/anytun.bak +install-systemd: + $(INSTALL) -d $(DESTDIR)$(SYSTEMDDIR) + $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun.service $(DESTDIR)$(SYSTEMDDIR)/anytun.service + @ sed -e 's#/usr/local/lib#$(LIBDIR)#' ../usr/lib/systemd/system/anytun@.service > ../usr/lib/systemd/system/anytun@.service.bak + @ sed -e 's#/usr/local/lib#$(LIBDIR)#' ../usr/lib/systemd/system/anytun-controld@.service > ../usr/lib/systemd/system/anytun-controld@.service.bak + $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun@.service + $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun-controld@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun-controld@.service + rm -f ../usr/lib/systemd/system/anytun@.service.bak + rm -f ../usr/lib/systemd/system/anytun-controld@.service.bak + $(INSTALL) -d $(DESTDIR)$(SYSTEMDGENERATORDIR) + @ sed -e 's#/usr/local/etc#$(ETCDIR)#' ../usr/lib/systemd/system-generator/anytun-generator > ../usr/lib/systemd/system-generator/anytun-generator.bak + $(INSTALL) -m 755 ../usr/lib/systemd/system-generator/anytun-generator.bak $(DESTDIR)$(SYSTEMDGENERATORDIR)/anytun-generator + rm -f ../usr/lib/systemd/system-generator/anytun-generator.bak + $(INSTALL) -d $(DESTDIR)$(TMPFILESDDIR) + $(INSTALL) -m 644 ../usr/lib/tmpfiles.d/anytun.conf $(DESTDIR)$(TMPFILESDDIR)/anytun.conf + install-examples: $(INSTALL) -d $(DESTDIR)$(EXAMPLESDIR)/anytun $(INSTALL) -m 644 ../etc/anytun/autostart $(DESTDIR)$(EXAMPLESDIR)/anytun/autostart @@ -351,6 +373,13 @@ remove-bin: remove-etc: rm -f $(DESTDIR)$(ETCDIR)/init.d/anytun +remove-systemd: + rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun.service + rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun@.service + rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun-controld@.service + rm -f $(DESTDIR)$(SYSTEMDGENERATORDIR)/anytun-generator + rm -f $(DESTDIR)$(TMPFILESDDIR)/anytun.conf + remove-examples: rm -rf $(DESTDIR)$(EXAMPLESDIR)/anytun/ diff --git a/src/anytun-config.cpp b/src/anytun-config.cpp index b305dc6..1d2ff64 100644 --- a/src/anytun-config.cpp +++ b/src/anytun-config.cpp @@ -57,6 +57,7 @@ #include "networkAddress.h" #include "packetSource.h" #include "resolver.h" +#include "cryptinit.hpp" #include "syncQueue.h" #include "syncCommand.h" @@ -99,7 +100,7 @@ void createConnection(const PacketSourceEndpoint& remote_end, ConnectionList& cl sem.up(); } -void createConnectionResolver(PacketSourceResolverIt& it, ConnectionList& cl, uint16_t seqSize, SyncQueue& queue, mux_t mux, Semaphore& sem) +void createConnectionResolver(PacketSourceResolverIt it, ConnectionList& cl, uint16_t seqSize, SyncQueue& queue, mux_t mux, Semaphore& sem) { createConnection(*it, cl, seqSize, queue, mux, sem); } @@ -132,6 +133,8 @@ int main(int argc, char* argv[]) gResolver.init(); + initCrypto(); + ConnectionList cl; SyncQueue queue; diff --git a/src/anytun-showtables.cpp b/src/anytun-showtables.cpp index bbfad88..ff9b402 100644 --- a/src/anytun-showtables.cpp +++ b/src/anytun-showtables.cpp @@ -53,6 +53,7 @@ #include "routingTable.h" #include "networkAddress.h" #include "syncCommand.h" +#include "cryptinit.hpp" #include #include @@ -127,8 +128,9 @@ void readAndProcessOne() int main(int argc, char* argv[]) { - int ret = 0; + initCrypto(); + int ret = 0; while(std::cin.good()) { try { readAndProcessOne(); diff --git a/src/anytun.cpp b/src/anytun.cpp index 3f14a5e..36ca0aa 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -112,7 +113,7 @@ void createConnection(const PacketSourceEndpoint& remote_end, window_size_t seqS #endif } -void createConnectionResolver(PacketSourceResolverIt& it, window_size_t seqSize, mux_t mux) +void createConnectionResolver(PacketSourceResolverIt it, window_size_t seqSize, mux_t mux) { createConnection(*it, seqSize, mux); } @@ -151,8 +152,8 @@ void sender(TunDevice* dev, PacketSource* src) } try { - std::auto_ptr c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND)); - std::auto_ptr a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND)); + boost::scoped_ptr c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND)); + boost::scoped_ptr a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND)); PlainPacket plain_packet(MAX_PACKET_LENGTH); EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength()); @@ -243,8 +244,8 @@ void receiver(TunDevice* dev, PacketSource* src) } try { - std::auto_ptr c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND)); - std::auto_ptr a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND)); + boost::scoped_ptr c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND)); + boost::scoped_ptr a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND)); uint32_t auth_tag_length = gOpt.getAuthTagLength(); EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length); diff --git a/src/anytunError.h b/src/anytunError.h index e31fa0e..0505497 100644 --- a/src/anytunError.h +++ b/src/anytunError.h @@ -81,7 +81,7 @@ class ErrorStringBuilder public: ErrorStringBuilder(ErrorStringBuilder const& src) { stream << src.stream.str(); }; ErrorStringBuilder() {}; - ~ErrorStringBuilder() { throw std::runtime_error(stream.str()); }; + ~ErrorStringBuilder() NOEXCEPT(false) { throw std::runtime_error(stream.str()); }; template std::ostream& operator<<(T const& value) { return stream << value; } diff --git a/src/configure b/src/configure index f070150..082e523 100755 --- a/src/configure +++ b/src/configure @@ -59,11 +59,16 @@ ROUTING=1 PREFIX='/usr/local' BINDIR='' SBINDIR='' +LIBDIR='' ETCDIR='' MANDIR='' INSTALLMANPAGE=1 EXAMPLESDIR='' INSTALLEXAMPLES=1 +SYSTEMDDIR='' +SYSTEMDGENERATORDIR='' +TMPFILESDDIR='' +INSTALLSYSTEMD=1 BOOST_PREFIX='' GCRYPT_PREFIX='' @@ -71,30 +76,35 @@ NETTLE_PREFIX='' OPENSSL_PREFIX='' print_usage() { - echo "configure --help print this" - echo " --target= build target i.e. Linux (default: autodetect)" - echo " --prefix= the installation prefix (default: /usr/local)" - echo " --bindir= the path to the bin directory (default: $PREFIX/bin)" - echo " --sbindir= the path to the sbin directory (default: $PREFIX/sbin)" - echo " --sysconfdir= the path to the system configuration directory (default: $PREFIX/etc" - echo " --mandir= the path to the system man pages (default: $PREFIX/share/man)" - echo " --no-manpage dont't install manpages" - echo " --examplesdir= the path to the examples files (default: $PREFIX/share/examples)" - echo " --no-examples dont't install example files" - echo " --use-gcrypt use libgcrypt (this is the default)" - echo " --use-nettle use libnettle instead of libgcrypt" - echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" - echo " --no-crypto disable crypto at all (only NULL cipher)" - echo " --disable-passphrase disable master key and salt passphrase" - echo " --enable-passphrase enable master key and salt passphrase" - echo " --disable-routing disable built-in routing capability" - echo " --enable-routing enable built-in routing capability" - echo " --cross-prefix= add PREFIX to compiler calls" - echo " --with-boost= don't use systemwide boost" - echo " --with-gcrypt= don't use systemwide gcrypt" - echo " --with-nettle= don't use systemwide nettle" - echo " --with-openssl= don't use systemwide openssl" - echo " --use-clang use clang/llvm as compiler/linker" + echo "configure --help print this" + echo " --target= build target i.e. Linux (default: autodetect)" + echo " --prefix= the installation prefix (default: /usr/local)" + echo " --bindir= the path to the bin directory (default: $PREFIX/bin)" + echo " --sbindir= the path to the sbin directory (default: $PREFIX/sbin)" + echo " --libdir= the path to the lib directory (default: $PREFIX/lib)" + echo " --sysconfdir= the path to the system configuration directory (default: $PREFIX/etc" + echo " --mandir= the path to the system man pages (default: $PREFIX/share/man)" + echo " --no-manpage don't install manpages" + echo " --examplesdir= the path to the examples files (default: $PREFIX/share/examples)" + echo " --no-examples don't install example files" + echo " --systemddir= the path to the systemd service unit directory (default: from pkg-config)" + echo " --systemdgeneratordir= the path to the systemd generator directory (default: from pkg-config)" + echo " --tmpfilesddir= the path to the systemd tmpfiles.d configuration file (default: from pkg-config)" + echo " --no-systemd don't install systemd units" + echo " --use-gcrypt use libgcrypt (this is the default)" + echo " --use-nettle use libnettle instead of libgcrypt" + echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" + echo " --no-crypto disable crypto at all (only NULL cipher)" + echo " --disable-passphrase disable master key and salt passphrase" + echo " --enable-passphrase enable master key and salt passphrase" + echo " --disable-routing disable built-in routing capability" + echo " --enable-routing enable built-in routing capability" + echo " --cross-prefix= add PREFIX to compiler calls" + echo " --with-boost= don't use systemwide boost" + echo " --with-gcrypt= don't use systemwide gcrypt" + echo " --with-nettle= don't use systemwide nettle" + echo " --with-openssl= don't use systemwide openssl" + echo " --use-clang use clang/llvm as compiler/linker" } for arg @@ -115,6 +125,9 @@ do --sbindir=*) SBINDIR=${arg#--sbindir=} ;; + --libdir=*) + LIBDIR=${arg#--libdir=} + ;; --sysconfdir=*) ETCDIR=${arg#--sysconfdir=} ;; @@ -130,6 +143,18 @@ do --no-examples) INSTALLEXAMPLES=0 ;; + --systemddir=*) + SYSTEMDDIR=${arg#--systemddir=} + ;; + --systemdgeneratordir=*) + SYSTEMDGENERATORDIR=${arg#--systemdgeneratordir=} + ;; + --tmpfilesddir=*) + TMPFILESDDIR=${arg#--tmpfilesddir=} + ;; + --no-systemd) + INSTALLSYSTEMD=0 + ;; --use-gcrypt) CRYPTO_LIB='gcrypt' ;; @@ -192,8 +217,8 @@ if [ -n "$ERRORS" ] && [ $EBUILD_COMPAT -ne 1 ]; then fi if [ $USE_CLANG -eq 0 ]; then - CXXFLAGS='-g -Wall -O2' - LDFLAGS='-g -Wall -O2' + CXXFLAGS='-g -Wall -Werror -Wno-error=unused-variable -O2' + LDFLAGS='-g -Wall -Werror -O2' COMPILER='g++' else CXXFLAGS='-g -O2' @@ -232,6 +257,7 @@ case $TARGET in CXXFLAGS=$CXXFLAGS' -I/usr/local/include' LDFLAGS=$LDFLAGS' -L/usr/local/lib -lboost_thread -lboost_serialization -lboost_system -lboost_date_time -lpthread' LOG_TARGETS='-DLOG_SYSLOG -DLOG_FILE -DLOG_STDOUT' + INSTALLSYSTEMD=0 ;; mingw) rm -f tunDevice.cpp @@ -242,6 +268,7 @@ case $TARGET in CXXFLAGS=$CXXFLAGS' -DMINGW -D_WIN32_WINNT=0x0501 -DWIN32_LEAN_AND_MEAN -DBOOST_WINDOWS -fno-strict-aliasing -DBOOST_THREAD_USE_LIB' LDFLAGS=$LDFLAGS' -lboost_thread_win32 -lboost_serialization -lboost_system -lboost_date_time -lwsock32 -lws2_32' LOG_TARGETS='-DWIN_EVENTLOG -DLOG_FILE -DLOG_STDOUT' + INSTALLSYSTEMD=0 ;; *) echo "platform not supported" @@ -308,6 +335,10 @@ if [ -z "$SBINDIR" ]; then SBINDIR=$PREFIX/sbin fi +if [ -z "$LIBDIR" ]; then + LIBDIR=$PREFIX/lib +fi + if [ -z "$ETCDIR" ]; then ETCDIR=$PREFIX/etc fi @@ -320,6 +351,18 @@ if [ -z "$EXAMPLESDIR" ]; then EXAMPLESDIR=$PREFIX/share/examples fi +if [ $INSTALLSYSTEMD -eq 1 ]; then + if [ -z "$SYSTEMDDIR" ]; then + SYSTEMDDIR=`pkg-config systemd --variable=systemdsystemunitdir` + fi + if [ -z "$SYSTEMDGENERATORDIR" ]; then + SYSTEMDGENERATORDIR=`pkg-config systemd --variable=systemdsystemgeneratordir` + fi + if [ -z "$TMPFILESDDIR" ]; then + TMPFILESDDIR=`pkg-config systemd --variable=tmpfilesdir` + fi +fi + cat > include.mk <> include.mk + echo "SYSTEMDGENERATORDIR := $SYSTEMDGENERATORDIR" >> include.mk + echo "TMPFILESDDIR := $TMPFILESDDIR" >> include.mk + echo "installing systemd units" +else + echo "not installing systemd units" +fi + VERSION=`cat ../version` -if which svn >/dev/null; then - SVN_REV=`svn info 2> /dev/null | grep "^Revision: " | awk '{print($2)}'` - if [ -n "$SVN_REV" ]; then - VERSION="$VERSION (svn$SVN_REV)" - fi +if which git >/dev/null; then + GIT_HASH=`git rev-parse HEAD 2> /dev/null` + if [ -n "$GIT_HASH" ]; then + VERSION="$VERSION (git $GIT_HASH)" + fi fi HOSTNAME=`hostname` DATE=`date +"%d.%m.%Y %H:%M:%S %Z"` @@ -383,7 +436,6 @@ cat > version.h < +#if GCRYPT_VERSION_NUMBER < 0x010600 #if defined(BOOST_HAS_PTHREADS) // boost thread callbacks for libgcrypt GCRY_THREAD_OPTION_PTHREAD_IMPL; #else #error You can not use gcrypt without pthreads - please configure Boost to use pthreads! -#endif +#endif // defined(BOOST_HAS_PTHREADS) +#endif // GCRYPT_VERSION_NUMBER < 0x010600 #define MIN_GCRYPT_VERSION "1.2.0" bool initLibGCrypt() { +#if GCRYPT_VERSION_NUMBER < 0x010600 #if defined(BOOST_HAS_PTHREADS) // make libgcrypt thread safe // this must be called before any other libgcrypt call gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #else #error You can not use gcrypt without pthreads - please configure Boost to use pthreads! -#endif +#endif // defined(BOOST_HAS_PTHREADS) +#endif // GCRYPT_VERSION_NUMBER < 0x010600 // this must be called right after the GCRYCTL_SET_THREAD_CBS command // no other function must be called till now diff --git a/src/datatypes.h b/src/datatypes.h index bce14dd..85ae9c4 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -48,6 +48,13 @@ #include #include +#include + +#ifndef BOOST_NO_NOEXCEPT +#define NOEXCEPT(x) noexcept(x) +#else +#define NOEXCEPT(x) +#endif // should not be necessary on GCC, #ifdef + #include should do the job; still required on MS VC++9, though. using boost::int8_t; diff --git a/src/options.cpp b/src/options.cpp index 284e9e8..038e7b7 100644 --- a/src/options.cpp +++ b/src/options.cpp @@ -559,7 +559,16 @@ void Options::printVersion() std::cout << "anytun"; #endif std::cout << VERSION_STRING_0 << std::endl; + +#if defined(__clang__) + std::cout << VERSION_STRING_1 << ", using CLANG " << __clang_version__ << std::endl; +#elif defined(__GNUC__) + std::cout << VERSION_STRING_1 << ", using GCC " << __GNUC__ << '.' << __GNUC_MINOR__ + << '.' << __GNUC_PATCHLEVEL__ << std::endl; +#else std::cout << VERSION_STRING_1 << std::endl; +#endif + } void Options::printUsage() diff --git a/src/packetSource.cpp b/src/packetSource.cpp index 882938f..711a206 100644 --- a/src/packetSource.cpp +++ b/src/packetSource.cpp @@ -76,7 +76,7 @@ UDPPacketSource::~UDPPacketSource() } } -void UDPPacketSource::onResolve(PacketSourceResolverIt& it) +void UDPPacketSource::onResolve(PacketSourceResolverIt it) { while(it != PacketSourceResolverIt()) { PacketSourceEndpoint e = *it; diff --git a/src/packetSource.h b/src/packetSource.h index 14ea9e9..a6656e3 100644 --- a/src/packetSource.h +++ b/src/packetSource.h @@ -83,7 +83,7 @@ public: uint32_t recv(uint8_t* buf, uint32_t len, PacketSourceEndpoint& remote); void send(uint8_t* buf, uint32_t len, PacketSourceEndpoint remote); - void onResolve(PacketSourceResolverIt& it); + void onResolve(PacketSourceResolverIt it); void onError(const std::runtime_error& e); private: diff --git a/src/resolver.cpp b/src/resolver.cpp index 346e5ef..81c30e3 100644 --- a/src/resolver.cpp +++ b/src/resolver.cpp @@ -141,29 +141,29 @@ void Resolver::resolveUdp(const std::string& addr, const std::string& port, UdpR { cLog.msg(Log::PRIO_DEBUG) << "trying to resolv UDP: '" << addr << "' '" << port << "'"; - std::auto_ptr query; + boost::shared_ptr query; if(addr != "") { switch(r) { case IPV4_ONLY: - query = std::auto_ptr(new udp::resolver::query(udp::v4(), addr, port)); + query = boost::shared_ptr(new udp::resolver::query(udp::v4(), addr, port)); break; case IPV6_ONLY: - query = std::auto_ptr(new udp::resolver::query(udp::v6(), addr, port)); + query = boost::shared_ptr(new udp::resolver::query(udp::v6(), addr, port)); break; default: - query = std::auto_ptr(new udp::resolver::query(addr, port)); + query = boost::shared_ptr(new udp::resolver::query(addr, port)); break; } } else { switch(r) { case IPV4_ONLY: - query = std::auto_ptr(new udp::resolver::query(udp::v4(), port)); + query = boost::shared_ptr(new udp::resolver::query(udp::v4(), port)); break; case IPV6_ONLY: - query = std::auto_ptr(new udp::resolver::query(udp::v6(), port)); + query = boost::shared_ptr(new udp::resolver::query(udp::v6(), port)); break; default: - query = std::auto_ptr(new udp::resolver::query(port)); + query = boost::shared_ptr(new udp::resolver::query(port)); break; } } @@ -175,29 +175,29 @@ void Resolver::resolveTcp(const std::string& addr, const std::string& port, TcpR { cLog.msg(Log::PRIO_DEBUG) << "trying to resolv TCP: '" << addr << "' '" << port << "'"; - std::auto_ptr query; + boost::shared_ptr query; if(addr != "") { switch(r) { case IPV4_ONLY: - query = std::auto_ptr(new tcp::resolver::query(tcp::v4(), addr, port)); + query = boost::shared_ptr(new tcp::resolver::query(tcp::v4(), addr, port)); break; case IPV6_ONLY: - query = std::auto_ptr(new tcp::resolver::query(tcp::v6(), addr, port)); + query = boost::shared_ptr(new tcp::resolver::query(tcp::v6(), addr, port)); break; default: - query = std::auto_ptr(new tcp::resolver::query(addr, port)); + query = boost::shared_ptr(new tcp::resolver::query(addr, port)); break; } } else { switch(r) { case IPV4_ONLY: - query = std::auto_ptr(new tcp::resolver::query(tcp::v4(), port)); + query = boost::shared_ptr(new tcp::resolver::query(tcp::v4(), port)); break; case IPV6_ONLY: - query = std::auto_ptr(new tcp::resolver::query(tcp::v6(), port)); + query = boost::shared_ptr(new tcp::resolver::query(tcp::v6(), port)); break; default: - query = std::auto_ptr(new tcp::resolver::query(port)); + query = boost::shared_ptr(new tcp::resolver::query(port)); break; } } diff --git a/src/syncServer.cpp b/src/syncServer.cpp index 35ad3f2..1e6e352 100644 --- a/src/syncServer.cpp +++ b/src/syncServer.cpp @@ -65,7 +65,7 @@ SyncServer::~SyncServer() } } -void SyncServer::onResolve(SyncTcpConnection::proto::resolver::iterator& it) +void SyncServer::onResolve(SyncTcpConnection::proto::resolver::iterator it) { while(it != SyncTcpConnection::proto::resolver::iterator()) { SyncTcpConnection::proto::endpoint e = *it; diff --git a/src/syncServer.h b/src/syncServer.h index 9be3fd0..c36e93d 100644 --- a/src/syncServer.h +++ b/src/syncServer.h @@ -64,7 +64,7 @@ class SyncServer public: SyncServer(std::string localaddr, std::string port, ConnectCallback onConnect); ~SyncServer(); - void onResolve(SyncTcpConnection::proto::resolver::iterator& it); + void onResolve(SyncTcpConnection::proto::resolver::iterator it); void onResolvError(const std::runtime_error& e); void run(); diff --git a/usr/lib/anytun-launcher b/usr/lib/anytun-launcher new file mode 100755 index 0000000..0980bda --- /dev/null +++ b/usr/lib/anytun-launcher @@ -0,0 +1,59 @@ +#!/bin/sh + +NAME="${NAME:-$2}" + +DAEMON=/usr/local/sbin/anytun +ANYTUNCONFIG=/usr/local/bin/anytun-config +CONTROLDAEMON=/usr/local/bin/anytun-controld +CONFIG_DIR=/usr/local/etc/anytun +VARRUN_DIR=/run/anytun +VARCONTROL_DIR=/run/anytun-controld + +test -x $DAEMON || exit 0 +test -z $NAME && exit 1 + +start_vpn () { + if [ -f $CONFIG_DIR/$NAME/config ] ; then + POSTUP='' + test -f $CONFIG_DIR/$NAME/post-up.sh && POSTUP="-x $CONFIG_DIR/$NAME/post-up.sh" + CHROOTDIR=`grep '^chroot' < $CONFIG_DIR/$NAME/config | sed 's/chroot\s*//'` + if [ -n "$CHROOTDIR" ] ; then + test -d $CHROOTDIR || mkdir -p $CHROOTDIR + fi + test -d $VARRUN_DIR || mkdir -p $VARRUN_DIR + DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '` + exec $DAEMON --write-pid $VARRUN_DIR/$NAME.pid $POSTUP $DAEMONOPTS $DAEMONARG + else + echo "no config found" >&2 + return 1 + fi +} + +start_configd () { + if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then + test -d $VARCONTROL_DIR || mkdir -p $VARCONTROL_DIR + chmod 700 $VARCONTROL_DIR + rm -f $VARCONTROL_DIR/$NAME 2>/dev/null + KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo` + for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do + echo -n " ($CLIENTNAME)" + DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo` + $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONTROL_DIR/$NAME + done + CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo` + exec $CONTROLDAEMON -f $VARCONTROL_DIR/$NAME $DAEMONOPTS $CONTROLHOST \ + --write-pid $VARCONTROL_DIR/$NAME.pid + fi +} + +case $1 in + vpn) + start_vpn + ;; + configd) + start_configd + ;; + *) + exit 2 + ;; +esac diff --git a/usr/lib/systemd/system-generator/anytun-generator b/usr/lib/systemd/system-generator/anytun-generator new file mode 100755 index 0000000..8e04ba9 --- /dev/null +++ b/usr/lib/systemd/system-generator/anytun-generator @@ -0,0 +1,23 @@ +#!/bin/sh + +# This systemd generator creates dependency symlinks that make all anytun +# tunnels listed in /etc/anytun/autostart be started/stopped/reloaded +# when anytun.service is started/stopped/reloaded. + +set -eu + +GENDIR="$1" +WANTDIR="$1/anytun.service.wants" +SERVICEFILE="/lib/systemd/system/anytun@.service" +AUTOSTART="all" +CONFIG_DIR=/usr/local/etc/anytun + +mkdir -p "$WANTDIR" + +if [ -f $CONFIG_DIR/autostart ] ; then + for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do + ln -s "$SERVICEFILE" "$WANTDIR/anytun@$NAME.service" + done +fi + +exit 0 diff --git a/usr/lib/systemd/system/anytun-controld@.service b/usr/lib/systemd/system/anytun-controld@.service new file mode 100644 index 0000000..87f7294 --- /dev/null +++ b/usr/lib/systemd/system/anytun-controld@.service @@ -0,0 +1,19 @@ +[Unit] +Description=secure anycast tunneling config daemon for %i +PartOf=anytun.service +After=anytun@%i.service +Documentation=man:anytun-controld(8) + +[Service] +Type=simple +PIDFile=/run/anytun-controld/%i.pid +Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun" +ExecStart=/usr/local/lib/anytun-launcher configd +Restart=on-failure +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes + +[Install] +WantedBy=multi-user.target diff --git a/usr/lib/systemd/system/anytun.service b/usr/lib/systemd/system/anytun.service new file mode 100644 index 0000000..46386f4 --- /dev/null +++ b/usr/lib/systemd/system/anytun.service @@ -0,0 +1,13 @@ +[Unit] +Description=Anytun Service +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true +WorkingDirectory=/etc/anytun + +[Install] +WantedBy=multi-user.target diff --git a/usr/lib/systemd/system/anytun@.service b/usr/lib/systemd/system/anytun@.service new file mode 100644 index 0000000..48627e8 --- /dev/null +++ b/usr/lib/systemd/system/anytun@.service @@ -0,0 +1,20 @@ +[Unit] +Description=secure anycast tunneling daemon for %i +PartOf=anytun.service +Requires=anytun-controld@%i.service +Documentation=man:anytun(8) + +[Service] +Type=simple +PIDFile=/run/anytun/%i.pid +Environment="NAME=%i" "DAEMONOPTS=-D --username anytun" +ExecStart=/usr/local/lib/anytun-launcher vpn +Restart=on-failure +PrivateTmp=yes +ProtectSystem=full +ProtectHome=yes +DeviceAllow=/dev/net/tun rw +DevicePolicy=closed + +[Install] +WantedBy=multi-user.target diff --git a/usr/lib/tmpfiles.d/anytun.conf b/usr/lib/tmpfiles.d/anytun.conf new file mode 100644 index 0000000..9fb1215 --- /dev/null +++ b/usr/lib/tmpfiles.d/anytun.conf @@ -0,0 +1,2 @@ +d /run/anytun-controld 0700 anytun anytun - +d /run/anytun 0700 anytun anytun - diff --git a/version b/version index c2c0004..449d7e7 100644 --- a/version +++ b/version @@ -1 +1 @@ -0.3.5 +0.3.6 -- 2.1.4