From ece844834d2cecc028ce81ca283f5d441088580e Mon Sep 17 00:00:00 2001
From: Michael Prokop <mika@debian.org>
Date: Wed, 17 Feb 2010 01:46:30 +0100
Subject: [PATCH] Imported Upstream version 0.3.3

---
 ChangeLog                          |   11 +
 README                             |    8 +-
 doc/Makefile                       |   59 ++
 doc/anyrtpproxy.8.txt              |  150 +++++
 doc/anytun-config.8                |  231 +++++++
 doc/anytun-config.8.txt            |  181 ++++++
 doc/anytun-controld.8              |  139 ++++
 doc/anytun-controld.8.txt          |  118 ++++
 doc/anytun-showtables.8            |   73 +++
 doc/anytun-showtables.8.txt        |   72 +++
 doc/anytun.8                       |  499 ++++++++++++++
 doc/anytun.8.txt                   |  381 +++++++++++
 etc/anytun/p2p-a/config            |    2 +-
 etc/anytun/p2p-b/config            |    2 +-
 etc/init.d/anytun                  |   21 +-
 src/Doxyfile                       | 1252 ------------------------------------
 src/Makefile                       |  118 ++--
 src/anytun-config.cpp              |   23 +-
 src/anytun-controld.cpp            |   65 +-
 src/anytun.cpp                     |  155 ++---
 src/anytun.sln                     |   24 +
 src/anytun.suo                     |  Bin 68608 -> 0 bytes
 src/anytun.vcproj                  |  809 +++++++++++++++++++++--
 src/bsd/tunDevice.cpp              |   14 +-
 src/configure                      |   65 +-
 src/cryptinit.hpp                  |   19 +-
 src/daemon.hpp                     |  165 -----
 src/datatypes.h                    |    2 +
 src/keyDerivation.cpp              |    4 +-
 src/linux/tunDevice.cpp            |   10 +-
 src/man/Makefile                   |   57 --
 src/man/anyrtpproxy.8.txt          |  150 -----
 src/man/anytun-config.8.txt        |  173 -----
 src/man/anytun-controld.8.txt      |  110 ----
 src/man/anytun-showtables.8.txt    |   71 --
 src/man/anytun.8.txt               |  373 -----------
 src/nullDaemon.cpp                 |   58 ++
 src/nullDaemon.h                   |   48 ++
 src/options.cpp                    |   75 ++-
 src/options.h                      |    4 +
 src/packetSource.cpp               |  107 ++-
 src/packetSource.h                 |   27 +-
 src/posix/posixDaemon.cpp          |  165 +++++
 src/posix/posixDaemon.h            |   55 ++
 src/posix/signalHandler.hpp        |  142 ++++
 src/posix/sysExec.hpp              |  186 ++++++
 src/resolver.cpp                   |   12 +-
 src/resolver.h                     |   10 +-
 src/signalController.cpp           |  188 +-----
 src/signalController.h             |  132 +---
 src/syncServer.cpp                 |   64 +-
 src/syncServer.h                   |   15 +-
 src/syncTcpConnection.cpp          |    8 +-
 src/sysExec.cpp                    |  119 +---
 src/sysExec.h                      |   36 +-
 src/tunDevice.h                    |    8 +-
 src/win32/make_version_h.bat       |   22 +
 src/win32/signalHandler.hpp        |   86 +++
 src/win32/signalServiceHandler.hpp |   48 ++
 src/win32/sysExec.hpp              |  160 +++++
 src/win32/tunDevice.cpp            |    5 +
 src/win32/winService.cpp           |  114 ++--
 src/win32/winService.h             |   35 +-
 version                            |    2 +-
 wireshark-lua/satp.lua             |   83 ---
 65 files changed, 4371 insertions(+), 3249 deletions(-)
 create mode 100644 doc/Makefile
 create mode 100644 doc/anyrtpproxy.8.txt
 create mode 100644 doc/anytun-config.8
 create mode 100644 doc/anytun-config.8.txt
 create mode 100644 doc/anytun-controld.8
 create mode 100644 doc/anytun-controld.8.txt
 create mode 100644 doc/anytun-showtables.8
 create mode 100644 doc/anytun-showtables.8.txt
 create mode 100644 doc/anytun.8
 create mode 100644 doc/anytun.8.txt
 delete mode 100644 src/Doxyfile
 delete mode 100644 src/anytun.suo
 delete mode 100644 src/daemon.hpp
 delete mode 100644 src/man/Makefile
 delete mode 100644 src/man/anyrtpproxy.8.txt
 delete mode 100644 src/man/anytun-config.8.txt
 delete mode 100644 src/man/anytun-controld.8.txt
 delete mode 100644 src/man/anytun-showtables.8.txt
 delete mode 100644 src/man/anytun.8.txt
 create mode 100644 src/nullDaemon.cpp
 create mode 100644 src/nullDaemon.h
 create mode 100644 src/posix/posixDaemon.cpp
 create mode 100644 src/posix/posixDaemon.h
 create mode 100644 src/posix/signalHandler.hpp
 create mode 100644 src/posix/sysExec.hpp
 create mode 100644 src/win32/make_version_h.bat
 create mode 100644 src/win32/signalHandler.hpp
 create mode 100644 src/win32/signalServiceHandler.hpp
 create mode 100644 src/win32/sysExec.hpp
 delete mode 100644 wireshark-lua/satp.lua

diff --git a/ChangeLog b/ChangeLog
index f53739c..88a0095 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+20**.**.** -- Version ?
+
+* Security fix: packet length check errors
+* fixed droping of priveleges on FreeBSD
+* added sysExec for Windows
+* added multi socket support which allows simultanous usage
+  of IPv4 and IPv6 even on operating systems without V4_MAPPED
+  address support
+* added -v|--version option
+* added prebuilt manpage to release tarball (less build deps)
+	
 2009.12.02 -- Version 0.3.2
 
 * added 64bit build target to windows build system
diff --git a/README b/README
index ffceb10..60ef964 100644
--- a/README
+++ b/README
@@ -7,6 +7,7 @@ issues when using this library.
 
 Linux
 -----
+(this includes Debian with FreeBSD Kernel)
 
 using libgcrypt:
   libgcrypt11-dev
@@ -21,7 +22,7 @@ common:
   libboost-system1.35-dev
   libboost-regex1.35-dev
 
-only for manpage:
+if you want to rebuild the manpage:
   asciidoc
 
 
@@ -35,11 +36,10 @@ using ssl crypto lib:
    <nothing here>
 
 common:
-   devel/boost
+   devel/boost (boost-libs on newer versions of the ports tree)
    devel/gmake
 
-only for manpage:
-
+if you want to rebuild the manpage:
  textproc/asciidoc
  textproc/libxslt
  textproc/docbook-xsl
diff --git a/doc/Makefile b/doc/Makefile
new file mode 100644
index 0000000..4f8d8e8
--- /dev/null
+++ b/doc/Makefile
@@ -0,0 +1,59 @@
+##
+##  anytun
+##
+##  The secure anycast tunneling protocol (satp) defines a protocol used
+##  for communication between any combination of unicast and anycast
+##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+##  ethernet, ip, arp ...). satp directly includes cryptography and
+##  message authentication based on the methodes used by SRTP.  It is
+##  intended to deliver a generic, scaleable and secure solution for
+##  tunneling and relaying of packets of any protocol.
+##
+##
+##  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+##                          Christian Pointner <satp@wirdorange.org>
+##
+##  This file is part of Anytun.
+##
+##  Anytun is free software: you can redistribute it and/or modify
+##  it under the terms of the GNU General Public License as published by
+##  the Free Software Foundation, either version 3 of the License, or
+##  any later version.
+##
+##  Anytun is distributed in the hope that it will be useful,
+##  but WITHOUT ANY WARRANTY; without even the implied warranty of
+##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##  GNU General Public License for more details.
+##
+##  You should have received a copy of the GNU General Public License
+##  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+##
+
+VERSION=$(shell cat ../version)
+
+MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8
+XML := $(MANPAGES:%.8=%.8.xml) 
+
+.PHONY: clean realclean
+
+all: manpage
+
+define create-manpage
+	a2x -f manpage $(1)
+	@ sed -i -e 's/\[FIXME: source\]/anytun ${VERSION}/' $(2)
+	@ sed -i -e 's/\[FIXME: manual\]/$(2:.8=) user manual/' $(2)
+	@ sed -i -e 's/^\($(subst -,\\-,$(2:.8=))\)$$/\\fB\1\\fR/' $(2)
+	@ sed -i -e 's/^  \[ \([^ ]*\)/  [ \\fB\1\\fR/' $(2)
+endef
+
+%.8: %.8.txt
+	$(call create-manpage,$<,$@)
+
+manpage: $(MANPAGES)
+
+clean:
+	rm -f $(XML)
+
+realclean:
+	rm -f $(MANPAGES)
diff --git a/doc/anyrtpproxy.8.txt b/doc/anyrtpproxy.8.txt
new file mode 100644
index 0000000..a92d2e6
--- /dev/null
+++ b/doc/anyrtpproxy.8.txt
@@ -0,0 +1,150 @@
+anyrtpproxy(8)
+==============
+
+NAME
+----
+anyrtpproxy - anycast rtpproxy
+
+SYNOPSIS
+--------
+
+....
+anyrtpproxy
+  [ -h|--help ]
+  [ -D|--nodaemonize ]
+  [ -C|--chroot ]
+  [ -u|--username <username> ]
+  [ -H|--chroot-dir <directory> ]
+  [ -P|--write-pid <filename> ]
+  [ -i|--interface <ip-address> ]
+  [ -s|--control <hostname|ip>[:<port>] ]
+  [ -p|--port-range <start> <end> ]
+  [ -n|--nat ]
+  [ -o|--no-nat-once ]
+  [ -S|--sync-port port> ]
+  [ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
+....
+
+
+DESCRIPTION
+-----------
+
+*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
+the same control protocol than rtpproxy though it can be controled through the nathelper
+plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun* 
+to sync the session information among all anycast instances.
+
+
+OPTIONS
+-------
+
+*-D, --nodaemonize*::
+   This option instructs *anyrtpproxy* to run in the foreground
+   instead of becoming a daemon.
+
+*-C, --chroot*::
+   chroot and drop privileges
+
+*-u, --username <username>*::
+   if chroot change to this user
+
+*-H, --chroot-dir <directory>*::
+   chroot to this directory
+
+*-P, --write-pid <filename>*::
+   write pid to this file
+
+*-i, --interface <ip address>*::
+  The local interface to listen on for RTP packets
+
+*-s, --control <hostname|ip>[:<port>]*::
+   The local address and port to listen on for control messages from openser
+
+*-p, --port-range <start> <end>*::
+   A pool of ports which should be used by *anyrtpproxy* to relay RTP packets. 
+   The range may not overlap between the anycast instances
+
+*-n, --nat*::
+   Allow to learn the remote address and port in order to handle clients behind nat.
+   This option should only be enabled if the source is authenticated (i.e. through 
+   *anytun*) 
+
+*-o, --no-nat-once*::
+   Disable learning of remote address and port in case the first packet does not 
+   come from the client which is specified by openser during configuration. Invoking
+   this parameter increases the security level of the system but in case of nat needs
+   a working nat transversal such as stun.
+
+*-S, --sync-port <port>*::
+   local unicast(sync) port to bind to +
+   This port is used by anycast hosts to synchronize information about tunnel
+   endpoints. No payload data is transmitted via this port. +
+   It is possible to obtain a list of active connections by telnetting into 
+   this port. This port is read-only and unprotected by default. It is advised 
+   to protect this port using firewall rules and, eventually, IPsec.
+
+*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
+   remote hosts to sync with +
+   Here, one has to specify all unicast IP addresses of all 
+   other anycast hosts that comprise the anycast tunnel endpoint.
+
+EXAMPLES
+--------
+
+Anycast Setup with 3 instances:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+On the host with unicast hostname unicast1.anycast.anytun.org and anycast 
+hostname anycast.anytun.org:
+--------------------------------------------------------------------------------------
+# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
+              -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+--------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast2.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+--------------------------------------------------------------------------------------
+# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
+              -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+--------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast3.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+--------------------------------------------------------------------------------------
+# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
+              -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
+--------------------------------------------------------------------------------------
+
+
+BUGS
+----
+Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This  program is  free software: you can redistribute it 
+and/or modify it under the terms of the GNU General Public License 
+as published by the Free Software Foundation, either version 3 of 
+the License, or any later version.
+
diff --git a/doc/anytun-config.8 b/doc/anytun-config.8
new file mode 100644
index 0000000..7947a65
--- /dev/null
+++ b/doc/anytun-config.8
@@ -0,0 +1,231 @@
+'\" t
+.\"     Title: anytun-config
+.\"    Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\"      Date: 02/16/2010
+.\"    Manual: anytun-config user manual
+.\"    Source: anytun 0.3.3
+.\"  Language: English
+.\"
+.TH "ANYTUN\-CONFIG" "8" "02/16/2010" "anytun 0.3.3" "anytun-config user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-config \- anycast tunneling configuration utility
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-config\fR
+  [ \fB\-h|\-\-help\fR ]
+  [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]]
+  [ \fB\-U|\-\-debug\fR ]
+  [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ]
+  [ \fB\-o|\-\-remote\-port\fR <port> ]
+  [ \fB\-4|\-\-ipv4\-only\fR ]
+  [ \fB\-6|\-\-ipv6\-only\fR ]
+  [ \fB\-R|\-\-route\fR <net>/<prefix length> ]
+  [ \fB\-m|\-\-mux\fR <mux\-id> ]
+  [ \fB\-w|\-\-window\-size\fR <window size> ]
+  [ \fB\-k|\-\-kd\-prf\fR <kd\-prf type> ]
+  [ \fB\-e|\-\-role\fR <role> ]
+  [ \fB\-E|\-\-passphrase\fR <pass phrase> ]
+  [ \fB\-K|\-\-key\fR <master key> ]
+  [ \fB\-A|\-\-salt\fR <master salt> ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-config\fR writes routing/connection table entries, that can be read by \fBanytun\-controld\fR\&.
+.SH "OPTIONS"
+.PP
+\fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fIsyslog:3,anytun\-config,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fIsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fIfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fIstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fIstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-U, \-\-debug\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in debug mode\&. It implicits
+\fB\-D\fR
+(don\(cqt daemonize) and adds a log target with the configuration
+\fIstdout:5\fR
+(logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&.
+.RE
+.PP
+\fB\-r, \-\-remote\-host \fR\fB\fI<hostname|ip>\fR\fR
+.RS 4
+This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-o, \-\-remote\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-4, \-\-ipv4\-only\fR
+.RS 4
+Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-6, \-\-ipv6\-only\fR
+.RS 4
+Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-R, \-\-route \fR\fB\fI<net>/<prefix length>\fR\fR
+.RS 4
+add a route to connection\&. This can be invoked several times\&.
+.RE
+.PP
+\fB\-m, \-\-mux \fR\fB\fI<mux\-id>\fR\fR
+.RS 4
+the multiplex id to use\&. default: 0
+.RE
+.PP
+\fB\-w, \-\-window\-size \fR\fB\fI<window size>\fR\fR
+.RS 4
+seqence window size
+
+Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
+.RE
+.PP
+\fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR
+.RS 4
+key derivation pseudo random function
+
+The pseudo random function which is used for calculating the session keys and session salt\&.
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no random function, keys and salt are set to 0\&.\&.00
+.RE
+.PP
+\fIaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fIaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fIaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fIaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-e, \-\-role \fR\fB\fI<role>\fR\fR
+.RS 4
+SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are
+\fBleft\fR
+and
+\fBright\fR\&. You may also use
+\fBalice\fR
+or
+\fBserver\fR
+as a replacement for
+\fBleft\fR
+and
+\fBbob\fR
+or
+\fBclient\fR
+as a replacement for
+\fBright\fR\&. By default
+\fBleft\fR
+is used\&.
+.RE
+.PP
+\fB\-E, \-\-passphrase \fR\fB\fI<pass phrase>\fR\fR
+.RS 4
+This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using
+\fB\-\-key\fR
+and
+\fB\-\-salt\fR\&.
+.RE
+.PP
+\fB\-K, \-\-key \fR\fB\fI<master key>\fR\fR
+.RS 4
+master key to use for key derivation
+
+Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&.
+.RE
+.PP
+\fB\-A, \-\-salt \fR\fB\fI<master salt>\fR\fR
+.RS 4
+master salt to use for key derivation
+
+Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&.
+.RE
+.SH "EXAMPLES"
+.sp
+Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun\-config \-w 0 \-m 12 \-K 0123456789ABCDEFFEDCBA9876543210 \-A 0123456789ABCDDCBA9876543210 \e
+                \-R 192\&.0\&.2\&.0/24 \-R 192\&.168\&.1\&.1/32 \-e server >> routingtable
+.fi
+.if n \{\
+.RE
+.\}
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-controld(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
diff --git a/doc/anytun-config.8.txt b/doc/anytun-config.8.txt
new file mode 100644
index 0000000..1aebf9a
--- /dev/null
+++ b/doc/anytun-config.8.txt
@@ -0,0 +1,181 @@
+anytun-config(8)
+================
+
+NAME
+----
+
+anytun-config - anycast tunneling configuration utility
+
+SYNOPSIS
+--------
+
+....
+anytun-config
+  [ -h|--help ]
+  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
+  [ -U|--debug ]
+  [ -r|--remote-host <hostname|ip> ]
+  [ -o|--remote-port <port> ]
+  [ -4|--ipv4-only ]
+  [ -6|--ipv6-only ]
+  [ -R|--route <net>/<prefix length> ]
+  [ -m|--mux <mux-id> ]
+  [ -w|--window-size <window size> ]
+  [ -k|--kd-prf <kd-prf type> ]
+  [ -e|--role <role> ]
+  [ -E|--passphrase <pass phrase> ]
+  [ -K|--key <master key> ]
+  [ -A|--salt <master salt> ]
+....
+
+DESCRIPTION
+-----------
+
+*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
+
+OPTIONS
+-------
+
+*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
+   add log target to logging system. This can be invoked several times
+   in order to log to different targets at the same time. Every target 
+   hast its own log level which is a number between 0 and 5. Where 0 means
+   disabling log and 5 means debug messages are enabled. +
+   The file target can be used more the once with different levels.
+   If no target is provided at the command line a single target with the 
+   config 'syslog:3,anytun-config,daemon' is added. +
+   The following targets are supported:
+
+   'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+   'file';; log to file, parameters <level>[,<path>]
+   'stdout';; log to standard output, parameters <level>
+   'stderr';; log to standard error, parameters <level> 
+
+*-U, --debug*::
+   This option instructs *Anytun* to run in debug mode. It implicits *-D* 
+   (don't daemonize) and adds a log target with the configuration
+   'stdout:5' (logging with maximum level). In future releases there might
+   be additional output when this option is supplied.
+
+*-r, --remote-host '<hostname|ip>'*::
+   This option can be used to specify the remote tunnel
+   endpoint. In case of anycast tunnel endpoints, the
+   anycast IP address has to be used. If you do not specify
+   an address, it is automatically determined after receiving
+   the first data packet.
+
+*-o, --remote-port '<port>'*::
+   The UDP port used for payload data by the remote host
+   (specified with -p on the remote host). If you do not specify
+   a port, it is automatically determined after receiving
+   the first data packet.
+
+*-4, --ipv4-only*::
+   Resolv to IPv4 addresses only. The default is to resolv both
+   IPv4 and IPv6 addresses.
+
+*-6, --ipv6-only*::
+   Resolv to IPv6 addresses only. The default is to resolv both
+   IPv4 and IPv6 addresses.
+
+*-R, --route '<net>/<prefix length>'*::
+   add a route to connection. This can be invoked several times.
+
+*-m, --mux '<mux-id>'*::
+   the multiplex id to use. default: 0
+
+*-w, --window-size '<window size>'*::
+   seqence window size +
+   Sometimes, packets arrive out of order on the receiver
+   side. This option defines the size of a list of received
+   packets' sequence numbers. If, according to this list,
+   a received packet has been previously received or has
+   been transmitted in the past, and is therefore not in
+   the list anymore, this is interpreted as a replay attack
+   and the packet is dropped. A value of 0 deactivates this
+   list and, as a consequence, the replay protection employed
+   by filtering packets according to their secuence number.
+   By default the sequence window is disabled and therefore a
+   window size of 0 is used.
+
+*-k, --kd--prf '<kd-prf type>'*::
+   key derivation pseudo random function +
+   The pseudo random function which is used for calculating the 
+   session keys and session salt. +
+   Possible values:
+
+   'null';; no random function, keys and salt are set to 0..00
+   'aes-ctr';; AES in counter mode with 128 Bits, default value
+   'aes-ctr-128';; AES in counter mode with 128 Bits
+   'aes-ctr-192';; AES in counter mode with 192 Bits
+   'aes-ctr-256';; AES in counter mode with 256 Bits
+
+*-e, --role '<role>'*::
+   SATP uses different session keys for inbound and outbound traffic. The
+   role parameter is used to determine which keys to use for outbound or
+   inbound packets. On both sides of a vpn connection different roles have 
+   to be used. Possible values are *left* and *right*. You may also use 
+   *alice* or *server* as a replacement for *left* and *bob* or *client* as 
+   a replacement for *right*. By default *left* is used.
+
+*-E, --passphrase '<pass phrase>'*::
+   This passphrase is used to generate the master key and master salt.
+   For the master key the last n bits of the SHA256 digest of the 
+   passphrase (where n is the length of the master key in bits) is used. 
+   The master salt gets generated with the SHA1 digest. 
+   You may force a specific key and or salt by using *--key* and *--salt*.
+
+*-K, --key '<master key>'*::
+   master key to use for key derivation +
+   Master key in hexadecimal notation, e.g.
+   01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
+   of 32, 48 or 64 characters (128, 192 or 256 bits).
+
+*-A, --salt '<master salt>'*::
+   master salt to use for key derivation +
+   Master salt in hexadecimal notation, e.g.
+   01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
+   of 28 characters (14 bytes).
+
+
+EXAMPLES
+--------
+
+Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
+
+------------------------------------------------------------------------------------------------ 
+# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
+                -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
+------------------------------------------------------------------------------------------------ 
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8), anytun-controld(8), anytun-showtables(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This  program is  free software: you can redistribute it 
+and/or modify it under the terms of the GNU General Public License 
+as published by the Free Software Foundation, either version 3 of 
+the License, or any later version.
diff --git a/doc/anytun-controld.8 b/doc/anytun-controld.8
new file mode 100644
index 0000000..8273d3e
--- /dev/null
+++ b/doc/anytun-controld.8
@@ -0,0 +1,139 @@
+'\" t
+.\"     Title: anytun-controld
+.\"    Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\"      Date: 02/16/2010
+.\"    Manual: anytun-controld user manual
+.\"    Source: anytun 0.3.3
+.\"  Language: English
+.\"
+.TH "ANYTUN\-CONTROLD" "8" "02/16/2010" "anytun 0.3.3" "anytun-controld user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-controld \- anycast tunneling control daemon
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-controld\fR
+  [ \fB\-h|\-\-help\fR ]
+  [ \fB\-D|\-\-nodaemonize\fR ]
+  [ \fB\-u|\-\-username\fR <username> ]
+  [ \fB\-g|\-\-groupname\fR <groupname> ]
+  [ \fB\-C|\-\-chroot\fR <path> ]
+  [ \fB\-P|\-\-write\-pid\fR <filename> ]
+  [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]] ]
+  [ \fB\-U|\-\-debug\fR ]
+  [ \fB\-f|\-\-file\fR <path> ]
+  [ \fB\-X|\-\-control\-host\fR < <host>[:port>] | :<port> > ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-controld\fR configures the multi\-connection support for \fBAnytun\fR\&. It reads a connection/routing table and outputs it via a tcp socket to all connected \fBAnytun\fR servers\&. When the control daemon is restarted with a new connection/routing table all \fBAnytun\fR servers automatically load the new configuration\&. Please make sure to protect that information as it contains the connection keys\&.
+.SH "OPTIONS"
+.PP
+\fB\-D, \-\-nodaemonize\fR
+.RS 4
+This option instructs
+\fBanytun\-controld\fR
+to run in foreground instead of becoming a daemon which is the default\&.
+.RE
+.PP
+\fB\-u, \-\-username \fR\fB\fI<username>\fR\fR
+.RS 4
+run as this user\&. If no group is specified (\fB\-g\fR) the default group of the user is used\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-g, \-\-groupname \fR\fB\fI<groupname>\fR\fR
+.RS 4
+run as this group\&. If no username is specified (\fB\-u\fR) this gets ignored\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-C, \-\-chroot \fR\fB\fI<path>\fR\fR
+.RS 4
+Instruct
+\fBanytun\-controld\fR
+to run in a chroot jail\&. The default is to not run in chroot\&.
+.RE
+.PP
+\fB\-P, \-\-write\-pid \fR\fB\fI<filename>\fR\fR
+.RS 4
+Instruct
+\fBanytun\-controld\fR
+to write it\(cqs pid to this file\&. The default is to not create a pid file\&.
+.RE
+.PP
+\fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fIsyslog:3,anytun\-controld,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fIsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fIfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fIstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fIstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-U, \-\-debug\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in debug mode\&. It implicits
+\fB\-D\fR
+(don\(cqt daemonize) and adds a log target with the configuration
+\fIstdout:5\fR
+(logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&.
+.RE
+.PP
+\fB\-f, \-\-file \fR\fB\fI<path>\fR\fR
+.RS 4
+The path to the file which holds the sync information\&.
+.RE
+.PP
+\fB\-X, \-\-control\-host \fR\fB\fI<hostname|ip>[:<port>]\fR\fR
+.RS 4
+fetch the config from this host\&. The default is not to use a control host and therefore this is empty\&. Mind that the port can be omitted in which case port 2323 is used\&. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg\&.: [::1]:1234\&. If you want to use the default port [ and ] can be omitted\&.
+.RE
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-config(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
diff --git a/doc/anytun-controld.8.txt b/doc/anytun-controld.8.txt
new file mode 100644
index 0000000..6c7a3d8
--- /dev/null
+++ b/doc/anytun-controld.8.txt
@@ -0,0 +1,118 @@
+anytun-controld(8)
+==================
+
+NAME
+----
+
+anytun-controld - anycast tunneling control daemon
+
+SYNOPSIS
+--------
+
+....
+anytun-controld
+  [ -h|--help ]
+  [ -D|--nodaemonize ]
+  [ -u|--username <username> ]
+  [ -g|--groupname <groupname> ]
+  [ -C|--chroot <path> ]
+  [ -P|--write-pid <filename> ]
+  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
+  [ -U|--debug ]
+  [ -f|--file <path> ]
+  [ -X|--control-host < <host>[:port>] | :<port> > ]
+....
+
+DESCRIPTION
+-----------
+
+*anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys.
+
+OPTIONS
+-------
+
+*-D, --nodaemonize*::
+   This option instructs *anytun-controld* to run in foreground
+   instead of becoming a daemon which is the default.
+
+*-u, --username '<username>'*::
+   run as this user. If no group is specified (*-g*) the default group of 
+   the user is used. The default is to not drop privileges.
+
+*-g, --groupname '<groupname>'*::
+   run as this group. If no username is specified (*-u*) this gets ignored.
+   The default is to not drop privileges.
+
+*-C, --chroot '<path>'*::
+   Instruct *anytun-controld* to run in a chroot jail. The default is 
+   to not run in chroot.
+
+*-P, --write-pid '<filename>'*::
+   Instruct *anytun-controld* to write it's pid to this file. The default is 
+   to not create a pid file.
+
+*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
+   add log target to logging system. This can be invoked several times
+   in order to log to different targets at the same time. Every target 
+   hast its own log level which is a number between 0 and 5. Where 0 means
+   disabling log and 5 means debug messages are enabled. +
+   The file target can be used more the once with different levels.
+   If no target is provided at the command line a single target with the 
+   config 'syslog:3,anytun-controld,daemon' is added. +
+   The following targets are supported:
+
+   'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+   'file';; log to file, parameters <level>[,<path>]
+   'stdout';; log to standard output, parameters <level>
+   'stderr';; log to standard error, parameters <level> 
+
+*-U, --debug*::
+   This option instructs *Anytun* to run in debug mode. It implicits *-D* 
+   (don't daemonize) and adds a log target with the configuration
+   'stdout:5' (logging with maximum level). In future releases there might
+   be additional output when this option is supplied.
+
+*-f, --file '<path>'*::
+   The path to the file which holds the sync information.
+
+*-X, --control-host '<hostname|ip>[:<port>]'*::
+   fetch the config from this host. The default is not to use a control
+   host and therefore this is empty. Mind that the port can be omitted 
+   in which case port 2323 is used. If you want to specify an
+   ipv6 address and a port you have to use [ and ] to separate the address
+   from the port, eg.: [::1]:1234. If you want to use the default port 
+   [ and ] can be omitted.
+
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8), anytun-config(8), anytun-showtables(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This  program is  free software: you can redistribute it 
+and/or modify it under the terms of the GNU General Public License 
+as published by the Free Software Foundation, either version 3 of 
+the License, or any later version.
+
diff --git a/doc/anytun-showtables.8 b/doc/anytun-showtables.8
new file mode 100644
index 0000000..0f0e598
--- /dev/null
+++ b/doc/anytun-showtables.8
@@ -0,0 +1,73 @@
+'\" t
+.\"     Title: anytun-showtables
+.\"    Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\"      Date: 02/16/2010
+.\"    Manual: anytun-showtables user manual
+.\"    Source: anytun 0.3.3
+.\"  Language: English
+.\"
+.TH "ANYTUN\-SHOWTABLES" "8" "02/16/2010" "anytun 0.3.3" "anytun-showtables user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-showtables \- anycast tunneling routing table visualization utility
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-showtables\fR
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-showtables\fR displays routing and connection tables used by \fBAnytun\fR\&. It can be used to display a saved routing/connection table used by \fBanytun\-controld\fR or to connect to a the sync port of \fBAnytun\fR\&.
+.SH "OPTIONS"
+.sp
+This Tool does not take any options\&. It takes the sync information from the standard input and prints the routing table to the standard output\&.
+.SH "EXAMPLES"
+.sp
+Print routing table stored in local file
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# perl \-ne \'chomp; print\' < routingtable | \&./anytun\-showtables
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Print current routing table and watch changes
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# nc unicast1\&.anycast\&.anytun\&.org 23 | \&./anytun\-showtables
+.fi
+.if n \{\
+.RE
+.\}
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-controld(8), anytun\-config(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
diff --git a/doc/anytun-showtables.8.txt b/doc/anytun-showtables.8.txt
new file mode 100644
index 0000000..13070a4
--- /dev/null
+++ b/doc/anytun-showtables.8.txt
@@ -0,0 +1,72 @@
+anytun-showtables(8)
+====================
+
+NAME
+----
+
+anytun-showtables - anycast tunneling routing table visualization utility
+
+SYNOPSIS
+--------
+
+....
+anytun-showtables
+....
+
+DESCRIPTION
+-----------
+
+*anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*.
+
+OPTIONS
+-------
+
+This Tool does not take any options. It takes the sync information from
+the standard input and prints the routing table to the standard output.
+
+EXAMPLES
+--------
+
+Print routing table stored in local file
+
+-----------------------------------------------------------------------------------
+# perl -ne 'chomp; print' < routingtable | ./anytun-showtables
+-----------------------------------------------------------------------------------
+
+Print current routing table and watch changes
+
+-----------------------------------------------------------------------------------
+# nc unicast1.anycast.anytun.org 23 | ./anytun-showtables
+-----------------------------------------------------------------------------------
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun(8), anytun-controld(8), anytun-config(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This  program is  free software: you can redistribute it 
+and/or modify it under the terms of the GNU General Public License 
+as published by the Free Software Foundation, either version 3 of 
+the License, or any later version.
diff --git a/doc/anytun.8 b/doc/anytun.8
new file mode 100644
index 0000000..9a167c6
--- /dev/null
+++ b/doc/anytun.8
@@ -0,0 +1,499 @@
+'\" t
+.\"     Title: anytun
+.\"    Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\"      Date: 02/16/2010
+.\"    Manual: anytun user manual
+.\"    Source: anytun 0.3.3
+.\"  Language: English
+.\"
+.TH "ANYTUN" "8" "02/16/2010" "anytun 0.3.3" "anytun user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun \- anycast tunneling daemon
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\fR
+  [ \fB\-h|\-\-help\fR ]
+  [ \fB\-D|\-\-nodaemonize\fR ]
+  [ \fB\-u|\-\-username\fR <username> ]
+  [ \fB\-g|\-\-groupname\fR <groupname> ]
+  [ \fB\-C|\-\-chroot\fR <path> ]
+  [ \fB\-P|\-\-write\-pid\fR <filename> ]
+  [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]] ]
+  [ \fB\-U|\-\-debug\fR ]
+  [ \fB\-i|\-\-interface\fR <ip\-address> ]
+  [ \fB\-p|\-\-port\fR <port> ]
+  [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ]
+  [ \fB\-o|\-\-remote\-port\fR <port> ]
+  [ \fB\-4|\-\-ipv4\-only\fR ]
+  [ \fB\-6|\-\-ipv6\-only\fR ]
+  [ \fB\-I|\-\-sync\-interface\fR <ip\-address> ]
+  [ \fB\-S|\-\-sync\-port\fR port> ]
+  [ \fB\-M|\-\-sync\-hosts\fR <hostname|ip>[:<port>][,<hostname|ip>[:<port>][\&.\&.\&.]] ]
+  [ \fB\-X|\-\-control\-host\fR <hostname|ip>[:<port>]
+  [ \fB\-d|\-\-dev\fR <name> ]
+  [ \fB\-t|\-\-type\fR <tun|tap> ]
+  [ \fB\-n|\-\-ifconfig\fR <local>/<prefix> ]
+  [ \fB\-x|\-\-post\-up\-script\fR <script> ]
+  [ \fB\-R|\-\-route\fR <net>/<prefix length> ]
+  [ \fB\-m|\-\-mux\fR <mux\-id> ]
+  [ \fB\-s|\-\-sender\-id\fR <sender id> ]
+  [ \fB\-w|\-\-window\-size\fR <window size> ]
+  [ \fB\-k|\-\-kd\-prf\fR <kd\-prf type> ]
+  [ \fB\-e|\-\-role\fR <role> ]
+  [ \fB\-E|\-\-passphrase\fR <pass phrase> ]
+  [ \fB\-K|\-\-key\fR <master key> ]
+  [ \fB\-A|\-\-salt\fR <master salt> ]
+  [ \fB\-c|\-\-cipher\fR <cipher type> ]
+  [ \fB\-a|\-\-auth\-algo\fR <algo type> ]
+  [ \fB\-b|\-\-auth\-tag\-length\fR <length> ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBAnytun\fR is an implementation of the Secure Anycast Tunneling Protocol (SATP)\&. It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode\&. The main difference is that anycast allows a setup of tunnels between an arbitrary combination of anycast, unicast and multicast hosts\&.
+.SH "OPTIONS"
+.sp
+\fBAnytun\fR has been designed as a peer to peer application, so there is no difference between client and server\&. The following options can be passed to the daemon:
+.PP
+\fB\-D, \-\-nodaemonize\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in foreground instead of becoming a daemon which is the default\&.
+.RE
+.PP
+\fB\-u, \-\-username \fR\fB\fI<username>\fR\fR
+.RS 4
+run as this user\&. If no group is specified (\fB\-g\fR) the default group of the user is used\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-g, \-\-groupname \fR\fB\fI<groupname>\fR\fR
+.RS 4
+run as this group\&. If no username is specified (\fB\-u\fR) this gets ignored\&. The default is to not drop privileges\&.
+.RE
+.PP
+\fB\-C, \-\-chroot \fR\fB\fI<path>\fR\fR
+.RS 4
+Instruct
+\fBAnytun\fR
+to run in a chroot jail\&. The default is to not run in chroot\&.
+.RE
+.PP
+\fB\-P, \-\-write\-pid \fR\fB\fI<filename>\fR\fR
+.RS 4
+Instruct
+\fBAnytun\fR
+to write it\(cqs pid to this file\&. The default is to not create a pid file\&.
+.RE
+.PP
+\fB\-L, \-\-log \fR\fB\fI<target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fIsyslog:3,anytun,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fIsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fIfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fIstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fIstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-U, \-\-debug\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run in debug mode\&. It implicits
+\fB\-D\fR
+(don\(cqt daemonize) and adds a log target with the configuration
+\fIstdout:5\fR
+(logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&.
+.RE
+.PP
+\fB\-i, \-\-interface \fR\fB\fI<ip address>\fR\fR
+.RS 4
+This IP address is used as the sender address for outgoing packets\&. In case of anycast tunnel endpoints, the anycast IP has to be used\&. In case of unicast endpoints, the address is usually derived correctly from the routing table\&. The default is to not use a special inteface and just bind on all interfaces\&.
+.RE
+.PP
+\fB\-p, \-\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. If a tunnel endpoint consists of multiple anycast hosts, all hosts have to use the same port\&. default: 4444
+.RE
+.PP
+\fB\-r, \-\-remote\-host \fR\fB\fI<hostname|ip>\fR\fR
+.RS 4
+This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-o, \-\-remote\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-4, \-\-ipv4\-only\fR
+.RS 4
+Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-6, \-\-ipv6\-only\fR
+.RS 4
+Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-I, \-\-sync\-interface \fR\fB\fI<ip\-address>\fR\fR
+.RS 4
+local unicast(sync) ip address to bind to
+
+This option is only needed for tunnel endpoints consisting of multiple anycast hosts\&. The unicast IP address of the anycast host can be used here\&. This is needed for communication with the other anycast hosts\&. The default is to not use a special inteface and just bind on all interfaces\&. However this is only the case if synchronisation is active see
+\fB\-\-sync\-port\fR\&.
+.RE
+.PP
+\fB\-S, \-\-sync\-port \fR\fB\fI<port>\fR\fR
+.RS 4
+local unicast(sync) port to bind to
+
+This option is only needed for tunnel endpoints consisting of multiple anycast hosts\&. This port is used by anycast hosts to synchronize information about tunnel endpoints\&. No payload data is transmitted via this port\&. By default the synchronisation is disabled an therefore the port is kept empty\&.
+
+It is possible to obtain a list of active connections by telnetting into this port\&. This port is read\-only and unprotected by default\&. It is advised to protect this port using firewall rules and, eventually, IPsec\&.
+.RE
+.PP
+\fB\-M, \-\-sync\-hosts \fR\fB\fI<hostname|ip>[:<port>],[<hostname|ip>[:<port>][\&...]]\fR\fR
+.RS 4
+remote hosts to sync with
+
+This option is only needed for tunnel endpoints consisting of multiple anycast hosts\&. Here, one has to specify all unicast IP addresses of all other anycast hosts that comprise the anycast tunnel endpoint\&. By default synchronisation is disabled and therefore this is empty\&. Mind that the port can be omitted in which case port 2323 is used\&. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg\&.: [::1]:1234\&. If you want to use the default port [ and ] can be omitted\&.
+.RE
+.PP
+\fB\-X, \-\-control\-host \fR\fB\fI<hostname|ip>[:<port>]\fR\fR
+.RS 4
+fetch the config from this host\&. The default is not to use a control host and therefore this is empty\&. Mind that the port can be omitted in which case port 2323 is used\&. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg\&.: [::1]:1234\&. If you want to use the default port [ and ] can be omitted\&.
+.RE
+.PP
+\fB\-d, \-\-dev \fR\fB\fI<name>\fR\fR
+.RS 4
+device name
+
+By default, tapN is used for Ethernet tunnel interfaces, and tunN for IP tunnels, respectively\&. This option can be used to manually override these defaults\&.
+.RE
+.PP
+\fB\-t, \-\-type \fR\fB\fI<tun|tap>\fR\fR
+.RS 4
+device type
+
+Type of the tunnels to create\&. Use tap for Ethernet tunnels, tun for IP tunnels\&.
+.RE
+.PP
+\fB\-n, \-\-ifconfig \fR\fB\fI<local>/<prefix>\fR\fR
+.RS 4
+The local IP address and prefix length\&. The remote tunnel endpoint has to use a different IP address in the same subnet\&.
+.PP
+\fI<local>\fR
+.RS 4
+the local IP address for the tun/tap device
+.RE
+.PP
+\fI<prefix>\fR
+.RS 4
+the prefix length of the network
+.RE
+.RE
+.PP
+\fB\-x, \-\-post\-up\-script \fR\fB\fI<script>\fR\fR
+.RS 4
+This option instructs
+\fBAnytun\fR
+to run this script after the interface is created\&. By default no script will be executed\&.
+.RE
+.PP
+\fB\-R, \-\-route \fR\fB\fI<net>/<prefix length>\fR\fR
+.RS 4
+add a route to connection\&. This can be invoked several times\&.
+.RE
+.PP
+\fB\-m, \-\-mux \fR\fB\fI<mux\-id>\fR\fR
+.RS 4
+the multiplex id to use\&. default: 0
+.RE
+.PP
+\fB\-s, \-\-sender\-id \fR\fB\fI<sender id>\fR\fR
+.RS 4
+Each anycast tunnel endpoint needs a uniqe sender id (1, 2, 3, \&...)\&. It is needed to distinguish the senders in case of replay attacks\&. This option can be ignored on unicast endpoints\&. default: 0
+.RE
+.PP
+\fB\-w, \-\-window\-size \fR\fB\fI<window size>\fR\fR
+.RS 4
+seqence window size
+
+Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
+.RE
+.PP
+\fB\-k, \-\-kd\(emprf \fR\fB\fI<kd\-prf type>\fR\fR
+.RS 4
+key derivation pseudo random function
+
+The pseudo random function which is used for calculating the session keys and session salt\&.
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no random function, keys and salt are set to 0\&.\&.00
+.RE
+.PP
+\fIaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fIaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fIaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fIaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-e, \-\-role \fR\fB\fI<role>\fR\fR
+.RS 4
+SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are
+\fIleft\fR
+and
+\fIright\fR\&. You may also use
+\fIalice\fR
+or
+\fIserver\fR
+as a replacement for
+\fIleft\fR
+and
+\fIbob\fR
+or
+\fIclient\fR
+as a replacement for
+\fIright\fR\&. By default
+\fIleft\fR
+is used\&.
+.RE
+.PP
+\fB\-E, \-\-passphrase \fR\fB\fI<passphrase>\fR\fR
+.RS 4
+This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using
+\fB\-\-key\fR
+and
+\fB\-\-salt\fR\&.
+.RE
+.PP
+\fB\-K, \-\-key \fR\fB\fI<master key>\fR\fR
+.RS 4
+master key to use for key derivation
+
+Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&.
+.RE
+.PP
+\fB\-A, \-\-salt \fR\fB\fI<master salt>\fR\fR
+.RS 4
+master salt to use for key derivation
+
+Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&.
+.RE
+.PP
+\fB\-c, \-\-cipher \fR\fB\fI<cipher type>\fR\fR
+.RS 4
+payload encryption algorithm
+
+Encryption algorithm used for encrypting the payload
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no encryption
+.RE
+.PP
+\fIaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fIaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fIaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fIaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-a, \-\-auth\-algo \fR\fB\fI<algo type>\fR\fR
+.RS 4
+message authentication algorithm
+
+This option sets the message authentication algorithm\&.
+
+If HMAC\-SHA1 is used, the packet length is increased\&. The additional bytes contain the authentication data\&. see
+\fB\-\-auth\-tag\-length\fR
+for more info\&.
+
+Possible values:
+.PP
+\fInull\fR
+.RS 4
+no message authentication
+.RE
+.PP
+\fIsha1\fR
+.RS 4
+HMAC\-SHA1, default value
+.RE
+.RE
+.PP
+\fB\-b, \-\-auth\-tag\-length \fR\fB\fI<length>\fR\fR
+.RS 4
+The number of bytes to use for the auth tag\&. This value defaults to 10 bytes unless the
+\fInull\fR
+auth algo is used in which case it defaults to 0\&.
+.RE
+.SH "EXAMPLES"
+.SS "P2P Setup between two unicast enpoints:"
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBHost A:\fR
+.RS 4
+.sp
+anytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e left
+.RE
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBHost B:\fR
+.RS 4
+.sp
+anytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e right
+.RE
+.SS "One unicast and one anycast tunnel endpoint:"
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBUnicast tunnel endpoint:\fR
+.RS 4
+.sp
+anytun \-r anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.2/30 \-a null \-c null \-w 0 \-e client
+.RE
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBAnycast tunnel endpoints:\fR
+.RS 4
+.sp
+On the host with unicast hostname unicast1\&.anycast\&.anytun\&.org and anycast hostname anycast\&.anytun\&.org:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun \-i anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.1/30 \-a null \-c null \-w 0 \-e server \e
+         \-S 2342 \-M unicast2\&.anycast\&.anytun\&.org:2342,unicast3\&.anycast\&.anytun\&.org:2342
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+On the host with unicast hostname unicast2\&.anycast\&.anytun\&.org and anycast hostname anycast\&.anytun\&.org:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun \-i anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.1/30 \-a null \-c null \-w 0 \-e server \e
+         \-S 2342 \-M unicast1\&.anycast\&.anytun\&.org:2342,unicast3\&.anycast\&.anytun\&.org:2342
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+On the host with unicast hostname unicast3\&.anycast\&.anytun\&.org and anycast hostname anycast\&.anytun\&.org:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun \-i anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.1/30 \-a null \-c null \-w 0 \-e server \e
+         \-S 2342 \-M unicast1\&.anycast\&.anytun\&.org:2342,unicast2\&.anycast\&.anytun\&.org:2342
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+For more sophisticated examples (like multiple unicast endpoints to one anycast tunnel endpoint) please consult the man page of anytun\-config(8)\&.
+.RE
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun\-config(8), anytun\-controld(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
diff --git a/doc/anytun.8.txt b/doc/anytun.8.txt
new file mode 100644
index 0000000..00d3e91
--- /dev/null
+++ b/doc/anytun.8.txt
@@ -0,0 +1,381 @@
+anytun(8)
+=========
+
+NAME
+----
+
+anytun - anycast tunneling daemon
+
+SYNOPSIS
+--------
+
+....
+anytun
+  [ -h|--help ]
+  [ -D|--nodaemonize ]
+  [ -u|--username <username> ]
+  [ -g|--groupname <groupname> ]
+  [ -C|--chroot <path> ]
+  [ -P|--write-pid <filename> ]
+  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
+  [ -U|--debug ]
+  [ -i|--interface <ip-address> ]
+  [ -p|--port <port> ]
+  [ -r|--remote-host <hostname|ip> ]
+  [ -o|--remote-port <port> ]
+  [ -4|--ipv4-only ]
+  [ -6|--ipv6-only ]
+  [ -I|--sync-interface <ip-address> ]
+  [ -S|--sync-port port> ]
+  [ -M|--sync-hosts <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
+  [ -X|--control-host <hostname|ip>[:<port>]
+  [ -d|--dev <name> ]
+  [ -t|--type <tun|tap> ]
+  [ -n|--ifconfig <local>/<prefix> ]
+  [ -x|--post-up-script <script> ]
+  [ -R|--route <net>/<prefix length> ]
+  [ -m|--mux <mux-id> ]
+  [ -s|--sender-id <sender id> ]
+  [ -w|--window-size <window size> ]
+  [ -k|--kd-prf <kd-prf type> ]
+  [ -e|--role <role> ]
+  [ -E|--passphrase <pass phrase> ]
+  [ -K|--key <master key> ]
+  [ -A|--salt <master salt> ]
+  [ -c|--cipher <cipher type> ]
+  [ -a|--auth-algo <algo type> ]
+  [ -b|--auth-tag-length <length> ]
+....
+
+DESCRIPTION
+-----------
+
+*Anytun* is an implementation of the Secure Anycast Tunneling Protocol
+(SATP). It provides a complete VPN solution similar to OpenVPN or
+IPsec in tunnel mode. The main difference is that anycast allows a
+setup of tunnels between an arbitrary combination of anycast, unicast
+and multicast hosts.
+
+OPTIONS
+-------
+
+*Anytun* has been designed as a peer to peer application, so there is
+no difference between client and server. The following options can be
+passed to the daemon:
+
+*-D, --nodaemonize*::
+   This option instructs *Anytun* to run in foreground
+   instead of becoming a daemon which is the default.
+
+*-u, --username '<username>'*::
+   run as this user. If no group is specified (*-g*) the default group of 
+   the user is used. The default is to not drop privileges.
+
+*-g, --groupname '<groupname>'*::
+   run as this group. If no username is specified (*-u*) this gets ignored.
+   The default is to not drop privileges.
+
+*-C, --chroot '<path>'*::
+   Instruct *Anytun* to run in a chroot jail. The default is 
+   to not run in chroot.
+
+*-P, --write-pid '<filename>'*::
+   Instruct *Anytun* to write it's pid to this file. The default is 
+   to not create a pid file.
+
+*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
+   add log target to logging system. This can be invoked several times
+   in order to log to different targets at the same time. Every target 
+   hast its own log level which is a number between 0 and 5. Where 0 means
+   disabling log and 5 means debug messages are enabled. +
+   The file target can be used more the once with different levels.
+   If no target is provided at the command line a single target with the 
+   config 'syslog:3,anytun,daemon' is added. +
+   The following targets are supported:
+
+   'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+   'file';; log to file, parameters <level>[,<path>]
+   'stdout';; log to standard output, parameters <level>
+   'stderr';; log to standard error, parameters <level> 
+
+*-U, --debug*::
+   This option instructs *Anytun* to run in debug mode. It implicits *-D* 
+   (don't daemonize) and adds a log target with the configuration
+   'stdout:5' (logging with maximum level). In future releases there might
+   be additional output when this option is supplied.
+
+*-i, --interface '<ip address>'*::
+   This IP address is used as the sender address for outgoing
+   packets. In case of anycast tunnel endpoints, the anycast
+   IP has to be used. In case of unicast endpoints, the
+   address is usually derived correctly from the routing
+   table. The default is to not use a special inteface and just
+   bind on all interfaces.
+
+*-p, --port '<port>'*::
+   The local UDP port that is used to send and receive the
+   payload data. The two tunnel endpoints can use different
+   ports. If a tunnel endpoint consists of multiple anycast
+   hosts, all hosts have to use the same port. default: 4444
+
+*-r, --remote-host '<hostname|ip>'*::
+   This option can be used to specify the remote tunnel
+   endpoint. In case of anycast tunnel endpoints, the
+   anycast IP address has to be used. If you do not specify
+   an address, it is automatically determined after receiving
+   the first data packet.
+
+*-o, --remote-port '<port>'*::
+   The UDP port used for payload data by the remote host
+   (specified with -p on the remote host). If you do not specify
+   a port, it is automatically determined after receiving
+   the first data packet.
+
+*-4, --ipv4-only*::
+   Resolv to IPv4 addresses only. The default is to resolv both
+   IPv4 and IPv6 addresses.
+
+*-6, --ipv6-only*::
+   Resolv to IPv6 addresses only. The default is to resolv both
+   IPv4 and IPv6 addresses.
+
+*-I, --sync-interface '<ip-address>'*::
+   local unicast(sync) ip address to bind to +
+   This option is only needed for tunnel endpoints consisting
+   of multiple anycast hosts. The unicast IP address of
+   the anycast host can be used here. This is needed for
+   communication with the other anycast hosts. The default is to 
+   not use a special inteface and just bind on all interfaces. However
+   this is only the case if synchronisation is active see *--sync-port*.
+
+*-S, --sync-port '<port>'*::
+   local unicast(sync) port to bind to +
+   This option is only needed for tunnel endpoints
+   consisting of multiple anycast hosts. This port is used
+   by anycast hosts to synchronize information about tunnel
+   endpoints. No payload data is transmitted via this port.
+   By default the synchronisation is disabled an therefore the
+   port is kept empty. +
+   It is possible to obtain a list of active connections
+   by telnetting into this port. This port is read-only
+   and unprotected by default. It is advised to protect
+   this port using firewall rules and, eventually, IPsec.
+
+*-M, --sync-hosts '<hostname|ip>[:<port>],[<hostname|ip>[:<port>][...]]'*::
+   remote hosts to sync with +
+   This option is only needed for tunnel endpoints consisting
+   of multiple anycast hosts. Here, one has to specify all
+   unicast IP addresses of all other anycast hosts that
+   comprise the anycast tunnel endpoint. By default synchronisation is
+   disabled and therefore this is empty. Mind that the port can be
+   omitted in which case port 2323 is used. If you want to specify an
+   ipv6 address and a port you have to use [ and ] to separate the address
+   from the port, eg.: [::1]:1234. If you want to use the default port 
+   [ and ] can be omitted.
+
+*-X, --control-host '<hostname|ip>[:<port>]'*::
+   fetch the config from this host. The default is not to use a control
+   host and therefore this is empty. Mind that the port can be omitted 
+   in which case port 2323 is used. If you want to specify an
+   ipv6 address and a port you have to use [ and ] to separate the address
+   from the port, eg.: [::1]:1234. If you want to use the default port 
+   [ and ] can be omitted.
+
+*-d, --dev '<name>'*::
+   device name +
+   By default, tapN is used for Ethernet tunnel interfaces,
+   and tunN for IP tunnels, respectively. This option can
+   be used to manually override these defaults.
+
+*-t, --type '<tun|tap>'*::
+   device type +
+   Type of the tunnels to create. Use tap for Ethernet
+   tunnels, tun for IP tunnels.
+
+*-n, --ifconfig '<local>/<prefix>'*::
+   The local IP address and prefix length. The remote tunnel endpoint
+   has to use a different IP address in the same subnet.
+
+   '<local>';; the local IP address for the tun/tap device
+   '<prefix>';; the prefix length of the network
+
+*-x, --post-up-script '<script>'*::
+   This option instructs *Anytun* to run this script after the interface 
+   is created. By default no script will be executed.
+
+*-R, --route '<net>/<prefix length>'*::
+   add a route to connection. This can be invoked several times.
+
+*-m, --mux '<mux-id>'*::
+   the multiplex id to use. default: 0
+
+*-s, --sender-id  '<sender id>'*::
+   Each anycast tunnel endpoint needs a uniqe sender id
+   (1, 2, 3, ...). It is needed to distinguish the senders
+   in case of replay attacks. This option can be ignored on
+   unicast endpoints. default: 0
+
+*-w, --window-size '<window size>'*::
+   seqence window size +
+   Sometimes, packets arrive out of order on the receiver
+   side. This option defines the size of a list of received
+   packets' sequence numbers. If, according to this list,
+   a received packet has been previously received or has
+   been transmitted in the past, and is therefore not in
+   the list anymore, this is interpreted as a replay attack
+   and the packet is dropped. A value of 0 deactivates this
+   list and, as a consequence, the replay protection employed
+   by filtering packets according to their secuence number.
+   By default the sequence window is disabled and therefore a
+   window size of 0 is used.
+
+*-k, --kd--prf '<kd-prf type>'*::
+   key derivation pseudo random function +
+   The pseudo random function which is used for calculating the 
+   session keys and session salt. +
+   Possible values:
+
+   'null';; no random function, keys and salt are set to 0..00
+   'aes-ctr';; AES in counter mode with 128 Bits, default value
+   'aes-ctr-128';; AES in counter mode with 128 Bits
+   'aes-ctr-192';; AES in counter mode with 192 Bits
+   'aes-ctr-256';; AES in counter mode with 256 Bits
+
+*-e, --role '<role>'*::
+   SATP uses different session keys for inbound and outbound traffic. The
+   role parameter is used to determine which keys to use for outbound or
+   inbound packets. On both sides of a vpn connection different roles have 
+   to be used. Possible values are 'left' and 'right'. You may also use 
+   'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as 
+   a replacement for 'right'. By default 'left' is used.
+
+*-E, --passphrase '<passphrase>'*::
+   This passphrase is used to generate the master key and master salt.
+   For the master key the last n bits of the SHA256 digest of the 
+   passphrase (where n is the length of the master key in bits) is used. 
+   The master salt gets generated with the SHA1 digest. 
+   You may force a specific key and or salt by using *--key* and *--salt*.
+
+*-K, --key '<master key>'*::
+   master key to use for key derivation +
+   Master key in hexadecimal notation, e.g.
+   01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
+   of 32, 48 or 64 characters (128, 192 or 256 bits).
+
+*-A, --salt '<master salt>'*::
+   master salt to use for key derivation +
+   Master salt in hexadecimal notation, e.g.
+   01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
+   of 28 characters (14 bytes).
+
+*-c, --cipher '<cipher type>'*::
+   payload encryption algorithm +
+   Encryption algorithm used for encrypting the payload +
+   Possible values:
+
+   'null';; no encryption
+   'aes-ctr';; AES in counter mode with 128 Bits, default value
+   'aes-ctr-128';; AES in counter mode with 128 Bits
+   'aes-ctr-192';; AES in counter mode with 192 Bits
+   'aes-ctr-256';; AES in counter mode with 256 Bits
+
+*-a, --auth-algo '<algo type>'*::
+   message authentication algorithm +
+   This option sets the message authentication algorithm. +
+   If HMAC-SHA1 is used, the packet length is increased. The additional bytes 
+   contain the authentication data. see *--auth-tag-length* for more info. +
+   Possible values:
+
+   'null';; no message authentication
+   'sha1';; HMAC-SHA1, default value
+
+*-b, --auth-tag-length '<length>'*::
+   The number of bytes to use for the auth tag. This value defaults to 10 bytes 
+   unless the 'null' auth algo is used in which case it defaults to 0. 
+
+
+EXAMPLES
+--------
+
+P2P Setup between two unicast enpoints:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Host A:
+^^^^^^^
+
+anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
+       -E have_a_very_safe_and_productive_day -e left
+
+Host B:
+^^^^^^^
+anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
+       -E have_a_very_safe_and_productive_day -e right
+
+
+One unicast and one anycast tunnel endpoint:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ 
+Unicast tunnel endpoint:
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client
+
+Anycast tunnel endpoints:
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+On the host with unicast hostname unicast1.anycast.anytun.org and anycast 
+hostname anycast.anytun.org:
+-------------------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
+         -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+-------------------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast2.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+-------------------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
+         -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+-------------------------------------------------------------------------------------------------
+
+On the host with unicast hostname unicast3.anycast.anytun.org and anycast
+hostname anycast.anytun.org:
+-------------------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
+         -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
+-------------------------------------------------------------------------------------------------
+
+For more sophisticated examples (like multiple unicast endpoints to one
+anycast tunnel endpoint) please consult the man page of anytun-config(8).
+
+
+BUGS
+----
+Most likely there are some bugs in *Anytun*. If you find a bug, please let
+the developers know at satp@anytun.org. Of course, patches are preferred.
+
+SEE ALSO
+--------
+anytun-config(8), anytun-controld(8), anytun-showtables(8)
+
+AUTHORS
+-------
+
+Othmar Gsenger <otti@anytun.org>
+Erwin Nindl <nine@anytun.org>
+Christian Pointner <equinox@anytun.org>
+
+
+RESOURCES
+---------
+
+Main web site: http://www.anytun.org/
+
+
+COPYING
+-------
+
+Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
+Pointner. This  program is  free software: you can redistribute it 
+and/or modify it under the terms of the GNU General Public License 
+as published by the Free Software Foundation, either version 3 of 
+the License, or any later version.
diff --git a/etc/anytun/p2p-a/config b/etc/anytun/p2p-a/config
index d7d25b0..eab10a9 100644
--- a/etc/anytun/p2p-a/config
+++ b/etc/anytun/p2p-a/config
@@ -75,7 +75,7 @@ log syslog:3,anytun-p2p-a,daemon
 #kd-prf aes-ctr-256
 
 ## Device name
-#dev uanytun0
+#dev anytun0
 
 ## Manually set encryption key and salt
 ## (this replaces the passphrase)
diff --git a/etc/anytun/p2p-b/config b/etc/anytun/p2p-b/config
index 6f2d7a3..9881b1e 100644
--- a/etc/anytun/p2p-b/config
+++ b/etc/anytun/p2p-b/config
@@ -75,7 +75,7 @@ log syslog:3,anytun-p2p-b,daemon
 #kd-prf aes-ctr-256
 
 ## Device name
-#dev uanytun0
+#dev anytun0
 
 ## Manually set encryption key and salt
 ## (this replaces the passphrase)
diff --git a/etc/init.d/anytun b/etc/init.d/anytun
index 3bf1e91..9fc4d4a 100755
--- a/etc/init.d/anytun
+++ b/etc/init.d/anytun
@@ -16,7 +16,7 @@ NAME=anytun
 DESC=anytun
 CONFIG_DIR=/etc/anytun
 VARCONFIG_DIR=/var/run/anytun-controld
-VARRUN_DIR=/var/run/anytun
+VARRUN_DIR=/var/run/$NAME/
 
 test -x $DAEMON || exit 0
 
@@ -55,12 +55,13 @@ start_configd () {
     test -d $VARCONFIG_DIR || mkdir -p $VARCONFIG_DIR
     chmod 700 $VARCONFIG_DIR
     rm -f $VARCONFIG_DIR/$NAME 2>/dev/null
+    KDPRF=`sed 's/#.*//'  <  $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed  's/^/ --/' | xargs echo`
     for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do
       echo -n " ($CLIENTNAME)"
       DAEMONARG=`sed 's/#.*//'  <  $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed  's/^/ --/' | xargs echo`
-      $ANYTUNCONFIG $DAEMONARG >> $VARCONFIG_DIR/$NAME
+      $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONFIG_DIR/$NAME
     done
-    CONTROLHOST=`sed 's/#.*//'  <  $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed  's/^/ --/'`
+    CONTROLHOST=`sed 's/#.*//'  <  $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed  's/^/ --/' | xargs echo`
     $CONTROLDAEMON -f $VARCONFIG_DIR/$NAME $DAEMONOPTS $CONTROLHOST \
       --write-pid $VARCONFIG_DIR/$NAME.pid
     # rm -f $VARCONFIG_DIR/$NAME
@@ -68,7 +69,7 @@ start_configd () {
 }
 stop_configd () {
   if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
-    echo -n " ($NAME)"
+    echo -n " ($NAME-controlld)"
     kill `cat $VARCONFIG_DIR/$NAME.pid` || true
     rm $VARCONFIG_DIR/$NAME.pid
   fi 
@@ -102,7 +103,7 @@ case "$1" in
   echo -n "Stoping $DESC:"
   if test -z "$2" ; then
     for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
-      NAME=`echo $PIDFILE | cut -c17-`
+      NAME=`basename $PIDFILE`
       NAME=${NAME%%.pid}
       echo -n " $NAME"
       stop_vpn
@@ -112,7 +113,7 @@ case "$1" in
       [ -z "$1" ] && break
       if test -e $VARRUN_DIR/$1.pid ; then
         PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
-        NAME=`echo $PIDFILE | cut -c17-`
+        NAME=`basename $PIDFILE`
         NAME=${NAME%%.pid}
         echo -n " $NAME"
         stop_vpn
@@ -127,7 +128,7 @@ case "$1" in
   echo -n "Reloading $DESC:"
   if test -z "$2" ; then
     for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
-      NAME=`echo $PIDFILE | cut -c17-`
+      NAME=`basename $PIDFILE`
       NAME=${NAME%%.pid}
       echo -n " $NAME"
       if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
@@ -143,7 +144,7 @@ case "$1" in
       [ -z "$1" ] && break
       if test -e $VARRUN_DIR/$1.pid ; then
         PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
-        NAME=`echo $PIDFILE | cut -c17-`
+        NAME=`basename $PIDFILE`
         NAME=${NAME%%.pid}
         echo -n " $NAME"
         if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
@@ -164,7 +165,7 @@ case "$1" in
   echo -n "Restarting $DESC:"
   if test -z "$2" ; then
     for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
-      NAME=`echo $PIDFILE | cut -c17-`
+      NAME=`basename $PIDFILE`
       NAME=${NAME%%.pid}
       echo -n " $NAME"
       stop_vpn
@@ -176,7 +177,7 @@ case "$1" in
       [ -z "$1" ] && break
       if test -e $VARRUN_DIR/$1.pid ; then
         PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
-        NAME=`echo $PIDFILE | cut -c17-`
+        NAME=`basename $PIDFILE`
         NAME=${NAME%%.pid}
         echo -n " $NAME"
         stop_vpn
diff --git a/src/Doxyfile b/src/Doxyfile
deleted file mode 100644
index 9b5e4ef..0000000
--- a/src/Doxyfile
+++ /dev/null
@@ -1,1252 +0,0 @@
-# Doxyfile 1.5.1
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-#       TAG = value [value, ...]
-# For lists items can also be appended using:
-#       TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
-# by quotes) that should identify the project.
-
-PROJECT_NAME           = "anytun"
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
-# This could be handy for archiving the generated documentation or 
-# if some version control system is used.
-
-PROJECT_NUMBER         = 
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
-# base path where the generated documentation will be put. 
-# If a relative path is entered, it will be relative to the location 
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY       = ./doc
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
-# 4096 sub-directories (in 2 levels) under the output directory of each output 
-# format and will distribute the generated files over these directories. 
-# Enabling this option can be useful when feeding doxygen a huge amount of 
-# source files, where putting all generated files in the same directory would 
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS         = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
-# documentation generated by doxygen is written. Doxygen will use this 
-# information to generate all constant output in the proper language. 
-# The default language is English, other supported languages are: 
-# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, 
-# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian, 
-# Italian, Japanese, Japanese-en (Japanese with English messages), Korean, 
-# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, 
-# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian.
-
-OUTPUT_LANGUAGE        = English
-
-# This tag can be used to specify the encoding used in the generated output. 
-# The encoding is not always determined by the language that is chosen, 
-# but also whether or not the output is meant for Windows or non-Windows users. 
-# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES 
-# forces the Windows encoding (this is the default for the Windows binary), 
-# whereas setting the tag to NO uses a Unix-style encoding (the default for 
-# all platforms other than Windows).
-
-USE_WINDOWS_ENCODING   = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
-# include brief member descriptions after the members that are listed in 
-# the file and class documentation (similar to JavaDoc). 
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC      = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
-# the brief description of a member or function before the detailed description. 
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF           = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator 
-# that is used to form the text in various listings. Each string 
-# in this list, if found as the leading text of the brief description, will be 
-# stripped from the text and the result after processing the whole list, is 
-# used as the annotated text. Otherwise, the brief description is used as-is. 
-# If left blank, the following values are used ("$name" is automatically 
-# replaced with the name of the entity): "The $name class" "The $name widget" 
-# "The $name file" "is" "provides" "specifies" "contains" 
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF       = 
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
-# Doxygen will generate a detailed section even if there is only a brief 
-# description.
-
-ALWAYS_DETAILED_SEC    = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
-# inherited members of a class in the documentation of that class as if those 
-# members were ordinary class members. Constructors, destructors and assignment 
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB  = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
-# path before files name in the file list and in the header files. If set 
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES        = YES
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
-# can be used to strip a user-defined part of the path. Stripping is 
-# only done if one of the specified strings matches the left-hand part of 
-# the path. The tag can be used to show relative paths in the file list. 
-# If left blank the directory from which doxygen is run is used as the 
-# path to strip.
-
-STRIP_FROM_PATH        = 
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
-# the path mentioned in the documentation of a class, which tells 
-# the reader which header file to include in order to use a class. 
-# If left blank only the name of the header file containing the class 
-# definition is used. Otherwise one should specify the include paths that 
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH    = 
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
-# (but less readable) file names. This can be useful is your file systems 
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES            = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
-# will interpret the first line (until the first dot) of a JavaDoc-style 
-# comment as the brief description. If set to NO, the JavaDoc 
-# comments will behave just like the Qt-style comments (thus requiring an 
-# explicit @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF      = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
-# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
-# comments) as a brief description. This used to be the default behaviour. 
-# The new default is to treat a multi-line C++ comment block as a detailed 
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member 
-# documentation.
-
-DETAILS_AT_TOP         = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
-# member inherits the documentation from any documented member that it 
-# re-implements.
-
-INHERIT_DOCS           = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
-# a new page for each member. If set to NO, the documentation of a member will 
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES  = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE               = 8
-
-# This tag can be used to specify a number of aliases that acts 
-# as commands in the documentation. An alias has the form "name=value". 
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
-# put the command \sideeffect (or @sideeffect) in the documentation, which 
-# will result in a user-defined paragraph with heading "Side Effects:". 
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES                = 
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
-# sources only. Doxygen will then generate output that is more tailored for C. 
-# For instance, some of the names that are used will be different. The list 
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C  = NO
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
-# sources only. Doxygen will then generate output that is more tailored for Java. 
-# For instance, namespaces will be presented as packages, qualified scopes 
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA   = NO
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to 
-# include (a tag file for) the STL sources as input, then you should 
-# set this tag to YES in order to let doxygen match functions declarations and 
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
-# func(std::string) {}). This also make the inheritance and collaboration 
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT    = NO
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
-# tag is set to YES, then doxygen will reuse the documentation of the first 
-# member in the group (if any) for the other members of the group. By default 
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC   = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
-# the same type (for instance a group of public functions) to be put as a 
-# subgroup of that type (e.g. under the Public Functions section). Set it to 
-# NO to prevent subgrouping. Alternatively, this can be done per class using 
-# the \nosubgrouping command.
-
-SUBGROUPING            = YES
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
-# documentation are documented, even if no documentation was available. 
-# Private class members and static file members will be hidden unless 
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL            = YES
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
-# will be included in the documentation.
-
-EXTRACT_PRIVATE        = YES
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file 
-# will be included in the documentation.
-
-EXTRACT_STATIC         = YES
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
-# defined locally in source files will be included in the documentation. 
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES  = YES
-
-# This flag is only useful for Objective-C code. When set to YES local 
-# methods, which are defined in the implementation section but not in 
-# the interface are included in the documentation. 
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS  = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
-# undocumented members of documented classes, files or namespaces. 
-# If set to NO (the default) these members will be included in the 
-# various overviews, but no documentation section is generated. 
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS     = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
-# undocumented classes that are normally visible in the class hierarchy. 
-# If set to NO (the default) these classes will be included in the various 
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES     = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
-# friend (class|struct|union) declarations. 
-# If set to NO (the default) these declarations will be included in the 
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS  = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
-# documentation blocks found inside the body of a function. 
-# If set to NO (the default) these blocks will be appended to the 
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS      = NO
-
-# The INTERNAL_DOCS tag determines if documentation 
-# that is typed after a \internal command is included. If the tag is set 
-# to NO (the default) then the documentation will be excluded. 
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS          = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
-# file names in lower-case letters. If set to YES upper-case letters are also 
-# allowed. This is useful if you have classes or files whose names only differ 
-# in case and if your file system supports case sensitive file names. Windows 
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES       = YES
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
-# will show members with their full class and namespace scopes in the 
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES       = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
-# will put a list of the files that are included by a file in the documentation 
-# of that file.
-
-SHOW_INCLUDE_FILES     = YES
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
-# is inserted in the documentation for inline members.
-
-INLINE_INFO            = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
-# will sort the (detailed) documentation of file and class members 
-# alphabetically by member name. If set to NO the members will appear in 
-# declaration order.
-
-SORT_MEMBER_DOCS       = YES
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
-# brief documentation of file, namespace and class members alphabetically 
-# by member name. If set to NO (the default) the members will appear in 
-# declaration order.
-
-SORT_BRIEF_DOCS        = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
-# sorted by fully-qualified names, including namespaces. If set to 
-# NO (the default), the class list will be sorted only by class name, 
-# not including the namespace part. 
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the 
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME     = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or 
-# disable (NO) the todo list. This list is created by putting \todo 
-# commands in the documentation.
-
-GENERATE_TODOLIST      = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or 
-# disable (NO) the test list. This list is created by putting \test 
-# commands in the documentation.
-
-GENERATE_TESTLIST      = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or 
-# disable (NO) the bug list. This list is created by putting \bug 
-# commands in the documentation.
-
-GENERATE_BUGLIST       = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
-# disable (NO) the deprecated list. This list is created by putting 
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional 
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS       = 
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
-# the initial value of a variable or define consists of for it to appear in 
-# the documentation. If the initializer consists of more lines than specified 
-# here it will be hidden. Use a value of 0 to hide initializers completely. 
-# The appearance of the initializer of individual variables and defines in the 
-# documentation can be controlled using \showinitializer or \hideinitializer 
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES  = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
-# at the bottom of the documentation of classes and structs. If set to YES the 
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES        = YES
-
-# If the sources in your project are distributed over multiple directories 
-# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
-# in the documentation. The default is NO.
-
-SHOW_DIRECTORIES       = NO
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
-# doxygen should invoke to get the current version for each file (typically from the 
-# version control system). Doxygen will invoke the program by executing (via 
-# popen()) the command <command> <input-file>, where <command> is the value of 
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
-# provided by doxygen. Whatever the program writes to standard output 
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER    = 
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated 
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET                  = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are 
-# generated by doxygen. Possible values are YES and NO. If left blank 
-# NO is used.
-
-WARNINGS               = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED   = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
-# potential errors in the documentation, such as not documenting some 
-# parameters in a documented function, or documenting parameters that 
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR      = YES
-
-# This WARN_NO_PARAMDOC option can be abled to get warnings for 
-# functions that are documented, but have no documentation for their parameters 
-# or return value. If set to NO (the default) doxygen will only warn about 
-# wrong or incomplete parameter documentation, but not about the absence of 
-# documentation.
-
-WARN_NO_PARAMDOC       = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that 
-# doxygen can produce. The string should contain the $file, $line, and $text 
-# tags, which will be replaced by the file and line number from which the 
-# warning originated and the warning text. Optionally the format may contain 
-# $version, which will be replaced by the version of the file (if it could 
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT            = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning 
-# and error messages should be written. If left blank the output is written 
-# to stderr.
-
-WARN_LOGFILE           = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain 
-# documented source files. You may enter file names like "myfile.cpp" or 
-# directories like "/usr/src/myproject". Separate the files or directories 
-# with spaces.
-
-INPUT                  = 
-
-# If the value of the INPUT tag contains directories, you can use the 
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
-# and *.h) to filter out the source-files in the directories. If left 
-# blank the following patterns are tested: 
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
-# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
-
-FILE_PATTERNS          = 
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
-# should be searched for input files as well. Possible values are YES and NO. 
-# If left blank NO is used.
-
-RECURSIVE              = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should 
-# excluded from the INPUT source files. This way you can easily exclude a 
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE                = 
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
-# directories that are symbolic links (a Unix filesystem feature) are excluded 
-# from the input.
-
-EXCLUDE_SYMLINKS       = NO
-
-# If the value of the INPUT tag contains directories, you can use the 
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
-# certain files from those directories. Note that the wildcards are matched 
-# against the file with absolute path, so to exclude all test directories 
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS       = 
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or 
-# directories that contain example code fragments that are included (see 
-# the \include command).
-
-EXAMPLE_PATH           = 
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
-# and *.h) to filter out the source-files in the directories. If left 
-# blank all files are included.
-
-EXAMPLE_PATTERNS       = 
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
-# searched for input files to be used with the \include or \dontinclude 
-# commands irrespective of the value of the RECURSIVE tag. 
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE      = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or 
-# directories that contain image that are included in the documentation (see 
-# the \image command).
-
-IMAGE_PATH             = 
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should 
-# invoke to filter for each input file. Doxygen will invoke the filter program 
-# by executing (via popen()) the command <filter> <input-file>, where <filter> 
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
-# input file. Doxygen will then use the output that the filter program writes 
-# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
-# ignored.
-
-INPUT_FILTER           = 
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
-# basis.  Doxygen will compare the file name with each pattern and apply the 
-# filter if there is a match.  The filters are a list of the form: 
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
-# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
-# is applied to all files.
-
-FILTER_PATTERNS        = 
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
-# INPUT_FILTER) will be used to filter the input files when producing source 
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES    = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
-# be generated. Documented entities will be cross-referenced with these sources. 
-# Note: To get rid of all source code in the generated output, make sure also 
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER         = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body 
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES         = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
-# doxygen to hide any special comment blocks from generated source code 
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS    = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
-# then for each documented function all documented 
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES (the default) 
-# then for each documented function all documented entities 
-# called/used by that function will be listed.
-
-REFERENCES_RELATION    = YES
-
-# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
-# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
-# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
-# link to the source code.  Otherwise they will link to the documentstion.
-
-REFERENCES_LINK_SOURCE = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code 
-# will point to the HTML generated by the htags(1) tool instead of doxygen 
-# built-in source browser. The htags tool is part of GNU's global source 
-# tagging system (see http://www.gnu.org/software/global/global.html). You 
-# will need version 4.8.6 or higher.
-
-USE_HTAGS              = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
-# will generate a verbatim copy of the header file for each class for 
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS       = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
-# of all compounds will be generated. Enable this if the project 
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX     = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX    = 5
-
-# In case all classes in a project start with a common prefix, all 
-# classes will be put under the same header in the alphabetical index. 
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX          = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
-# generate HTML output.
-
-GENERATE_HTML          = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT            = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION    = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for 
-# each generated HTML page. If it is left blank doxygen will generate a 
-# standard header.
-
-HTML_HEADER            = 
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
-# each generated HTML page. If it is left blank doxygen will generate a 
-# standard footer.
-
-HTML_FOOTER            = 
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
-# style sheet that is used by each HTML page. It can be used to 
-# fine-tune the look of the HTML output. If the tag is left blank doxygen 
-# will generate a default style sheet. Note that doxygen will try to copy 
-# the style sheet file to the HTML output directory, so don't put your own 
-# stylesheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET        = 
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
-# files or namespaces will be aligned in HTML using tables. If set to 
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS     = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
-# will be generated that can be used as input for tools like the 
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP      = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
-# be used to specify the file name of the resulting .chm file. You 
-# can add a path in front of the file if the result should not be 
-# written to the html output directory.
-
-CHM_FILE               = 
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
-# be used to specify the location (absolute path including file name) of 
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION           = 
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
-# controls if a separate .chi index file is generated (YES) or that 
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI           = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
-# controls whether a binary table of contents is generated (YES) or a 
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC             = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members 
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND             = NO
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
-# top of each HTML page. The value NO (the default) enables the index and 
-# the value YES disables it.
-
-DISABLE_INDEX          = NO
-
-# This tag can be used to set the number of enum values (range [1..20]) 
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE   = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that 
-# is generated for HTML Help). For this to work a browser that supports 
-# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
-# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
-# probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW      = YES
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
-# used to set the initial width (in pixels) of the frame in which the tree 
-# is shown.
-
-TREEVIEW_WIDTH         = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
-# generate Latex output.
-
-GENERATE_LATEX         = YES
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT           = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME         = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
-# generate index for LaTeX. If left blank `makeindex' will be used as the 
-# default command name.
-
-MAKEINDEX_CMD_NAME     = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
-# LaTeX documents. This may be useful for small projects and may help to 
-# save some trees in general.
-
-COMPACT_LATEX          = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used 
-# by the printer. Possible values are: a4, a4wide, letter, legal and 
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE             = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES         = 
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
-# the generated latex document. The header should contain everything until 
-# the first chapter. If it is left blank doxygen will generate a 
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER           = 
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
-# contain links (just like the HTML output) instead of page references 
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS         = NO
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
-# plain latex in the generated Makefile. Set this option to YES to get a 
-# higher quality PDF documentation.
-
-USE_PDFLATEX           = NO
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
-# command to the generated LaTeX files. This will instruct LaTeX to keep 
-# running if errors occur, instead of asking the user for help. 
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE        = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
-# include the index chapters (such as File Index, Compound Index, etc.) 
-# in the output.
-
-LATEX_HIDE_INDICES     = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
-# The RTF output is optimized for Word 97 and may not look very pretty with 
-# other RTF readers or editors.
-
-GENERATE_RTF           = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT             = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
-# RTF documents. This may be useful for small projects and may help to 
-# save some trees in general.
-
-COMPACT_RTF            = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
-# will contain hyperlink fields. The RTF file will 
-# contain links (just like the HTML output) instead of page references. 
-# This makes the output suitable for online browsing using WORD or other 
-# programs which support those fields. 
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS         = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's 
-# config file, i.e. a series of assignments. You only have to provide 
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE    = 
-
-# Set optional variables used in the generation of an rtf document. 
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE    = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
-# generate man pages
-
-GENERATE_MAN           = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT             = man
-
-# The MAN_EXTENSION tag determines the extension that is added to 
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION          = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
-# then it will generate one additional man file for each entity 
-# documented in the real man page(s). These additional files 
-# only source the real man page, but without them the man command 
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS              = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will 
-# generate an XML file that captures the structure of 
-# the code including all documentation.
-
-GENERATE_XML           = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT             = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema, 
-# which can be used by a validating XML parser to check the 
-# syntax of the XML files.
-
-XML_SCHEMA             = 
-
-# The XML_DTD tag can be used to specify an XML DTD, 
-# which can be used by a validating XML parser to check the 
-# syntax of the XML files.
-
-XML_DTD                = 
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
-# dump the program listings (including syntax highlighting 
-# and cross-referencing information) to the XML output. Note that 
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING     = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
-# generate an AutoGen Definitions (see autogen.sf.net) file 
-# that captures the structure of the code including all 
-# documentation. Note that this feature is still experimental 
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF   = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
-# generate a Perl module file that captures the structure of 
-# the code including all documentation. Note that this 
-# feature is still experimental and incomplete at the 
-# moment.
-
-GENERATE_PERLMOD       = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX          = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
-# nicely formatted so it can be parsed by a human reader.  This is useful 
-# if you want to understand what is going on.  On the other hand, if this 
-# tag is set to NO the size of the Perl module output will be much smaller 
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY         = YES
-
-# The names of the make variables in the generated doxyrules.make file 
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
-# This is useful so different doxyrules.make files included by the same 
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX = 
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor   
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
-# evaluate all C-preprocessor directives found in the sources and include 
-# files.
-
-ENABLE_PREPROCESSING   = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
-# names in the source code. If set to NO (the default) only conditional 
-# compilation will be performed. Macro expansion can be done in a controlled 
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION        = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
-# then the macro expansion is limited to the macros specified with the 
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF     = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES        = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that 
-# contain include files that are not input files but should be processed by 
-# the preprocessor.
-
-INCLUDE_PATH           = 
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
-# patterns (like *.h and *.hpp) to filter out the header-files in the 
-# directories. If left blank, the patterns specified with FILE_PATTERNS will 
-# be used.
-
-INCLUDE_FILE_PATTERNS  = 
-
-# The PREDEFINED tag can be used to specify one or more macro names that 
-# are defined before the preprocessor is started (similar to the -D option of 
-# gcc). The argument of the tag is a list of macros of the form: name 
-# or name=definition (no spaces). If the definition and the = are 
-# omitted =1 is assumed. To prevent a macro definition from being 
-# undefined via #undef or recursively expanded use the := operator 
-# instead of the = operator.
-
-PREDEFINED             = 
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
-# this tag can be used to specify a list of macro names that should be expanded. 
-# The macro definition that is found in the sources will be used. 
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED      = 
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
-# doxygen's preprocessor will remove all function-like macros that are alone 
-# on a line, have an all uppercase name, and do not end with a semicolon. Such 
-# function macros are typically used for boiler-plate code, and will confuse 
-# the parser if not removed.
-
-SKIP_FUNCTION_MACROS   = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references   
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles. 
-# Optionally an initial location of the external documentation 
-# can be added for each tagfile. The format of a tag file without 
-# this location is as follows: 
-#   TAGFILES = file1 file2 ... 
-# Adding location for the tag files is done as follows: 
-#   TAGFILES = file1=loc1 "file2 = loc2" ... 
-# where "loc1" and "loc2" can be relative or absolute paths or 
-# URLs. If a location is present for each tag, the installdox tool 
-# does not have to be run to correct the links.
-# Note that each tag file must have a unique name
-# (where the name does NOT include the path)
-# If a tag file is not located in the directory in which doxygen 
-# is run, you must also specify the path to the tagfile here.
-
-TAGFILES               = 
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE       = 
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
-# in the class index. If set to NO only the inherited external classes 
-# will be listed.
-
-ALLEXTERNALS           = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
-# in the modules index. If set to NO, only the current project's groups will 
-# be listed.
-
-EXTERNAL_GROUPS        = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script 
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH              = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool   
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
-# or super classes. Setting the tag to NO turns the diagrams off. Note that 
-# this option is superseded by the HAVE_DOT option below. This is only a 
-# fallback. It is recommended to install and use dot, since it yields more 
-# powerful graphs.
-
-CLASS_DIAGRAMS         = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide 
-# inheritance and usage relations if the target is undocumented 
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS   = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
-# available from the path. This tool is part of Graphviz, a graph visualization 
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT               = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for each documented class showing the direct and 
-# indirect inheritance relations. Setting this tag to YES will force the 
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH            = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for each documented class showing the direct and 
-# indirect implementation dependencies (inheritance, containment, and 
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH    = YES
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS           = YES
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
-# collaboration diagrams in a style similar to the OMG's Unified Modeling 
-# Language.
-
-UML_LOOK               = NO
-
-# If set to YES, the inheritance and collaboration graphs will show the 
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS     = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
-# tags are set to YES then doxygen will generate a graph for each documented 
-# file showing the direct and indirect include dependencies of the file with 
-# other documented files.
-
-INCLUDE_GRAPH          = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
-# documented header file showing the documented files that directly or 
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH      = YES
-
-# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
-# generate a call dependency graph for every global function or class method. 
-# Note that enabling this option will significantly increase the time of a run. 
-# So in most cases it will be better to enable call graphs for selected 
-# functions only using the \callgraph command.
-
-CALL_GRAPH             = NO
-
-# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
-# generate a caller dependency graph for every global function or class method. 
-# Note that enabling this option will significantly increase the time of a run. 
-# So in most cases it will be better to enable caller graphs for selected 
-# functions only using the \callergraph command.
-
-CALLER_GRAPH           = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY    = YES
-
-# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
-# then doxygen will show the dependencies a directory has on other directories 
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH        = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT       = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be 
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH               = 
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that 
-# contain dot files that are included in the documentation (see the 
-# \dotfile command).
-
-DOTFILE_DIRS           = 
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width 
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
-# this value, doxygen will try to truncate the graph, so that it fits within 
-# the specified constraint. Beware that most browsers cannot cope with very 
-# large images.
-
-MAX_DOT_GRAPH_WIDTH    = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height 
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
-# this value, doxygen will try to truncate the graph, so that it fits within 
-# the specified constraint. Beware that most browsers cannot cope with very 
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT   = 1024
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
-# graphs generated by dot. A depth value of 3 means that only nodes reachable 
-# from the root by following a path via at most 3 edges will be shown. Nodes 
-# that lay further from the root node will be omitted. Note that setting this 
-# option to 1 or 2 may greatly reduce the computation time needed for large 
-# code bases. Also note that a graph may be further truncated if the graph's 
-# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH 
-# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default), 
-# the graph is not depth-constrained.
-
-MAX_DOT_GRAPH_DEPTH    = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
-# background. This is disabled by default, which results in a white background. 
-# Warning: Depending on the platform used, enabling this option may lead to 
-# badly anti-aliased labels on the edges of a graph (i.e. they become hard to 
-# read).
-
-DOT_TRANSPARENT        = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
-# files in one run (i.e. multiple -o and -T options on the command line). This 
-# makes dot run faster, but since only newer versions of dot (>1.8.10) 
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS      = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
-# generate a legend page explaining the meaning of the various boxes and 
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND        = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
-# remove the intermediate dot files that are used to generate 
-# the various graphs.
-
-DOT_CLEANUP            = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to the search engine   
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be 
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE           = NO
diff --git a/src/Makefile b/src/Makefile
index f3c9801..34863b8 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -34,32 +34,51 @@ ifneq ($(MAKECMDGOALS),distclean)
 include include.mk
 endif
 
-OBJS := tunDevice.o \
-        packetSource.o \
-        buffer.o \
-        syncBuffer.o \
-        plainPacket.o \
-        encryptedPacket.o \
-        cipher.o \
-        authAlgo.o \
-        keyDerivation.o \
-        cipherFactory.o \
-        authAlgoFactory.o \
-        keyDerivationFactory.o \
-        connectionList.o \
-        connectionParam.o \
-        networkAddress.o \
-        networkPrefix.o \
-        routingTable.o \
-        signalController.o \
-        log.o \
-        logTargets.o \
-        sysExec.o \
-        anytunError.o \
-        options.o \
-        seqWindow.o \
-        routingTreeNode.o \
-        resolver.o
+
+ANYTUNOBJS := tunDevice.o \
+              packetSource.o \
+              authAlgo.o \
+              authAlgoFactory.o \
+              cipher.o \
+              cipherFactory.o \
+              plainPacket.o \
+              encryptedPacket.o \
+              options.o \
+              signalController.o \
+              daemonService.o \
+              sysExec.o \
+              resolver.o \
+              buffer.o \
+              syncBuffer.o \
+              keyDerivation.o \
+              keyDerivationFactory.o \
+              connectionList.o \
+              connectionParam.o \
+              networkAddress.o \
+              networkPrefix.o \
+              routingTable.o \
+              routingTreeNode.o \
+              log.o \
+              logTargets.o \
+              anytunError.o \
+              seqWindow.o
+
+ANYSHOWOBJS := buffer.o \
+               syncBuffer.o \
+               keyDerivation.o \
+               keyDerivationFactory.o \
+               connectionList.o \
+               connectionParam.o \
+               networkAddress.o \
+               networkPrefix.o \
+               routingTable.o \
+               routingTreeNode.o \
+               log.o \
+               logTargets.o \
+               anytunError.o \
+               seqWindow.o \
+               nullOptions.o \
+               resolver.o
 
 SYNCOBJS := syncServer.o \
             syncClient.o \
@@ -70,6 +89,7 @@ SYNCOBJS := syncServer.o \
             syncTcpConnection.o
 
 ANYCTROBJS := signalController.o \
+              daemonService.o \
               anyCtrOptions.o \
               buffer.o \
               log.o \
@@ -105,7 +125,8 @@ ANYCONFOBJS := log.o \
 EXECUTABLES := anytun anytun-config anytun-controld anytun-showtables anytun-nosync
 EXEOBJS := anytun.o anytun-config.o anytun-controld.o anytun-showtables.o
 
-SRCS := $(OBJS:%.o=%.cpp)
+ANYTUNSRCS := $(ANYTUNOBJS:%.o=%.cpp)
+ANYSHOWSRCS := $(ANYSHOWOBJS:%.o=%.cpp)
 SYNCSRCS := $(SYNCOBJS:%.o=%.cpp)
 ANYCTRSRCS := $(ANYCTROBJS:%.o=%.cpp)
 ANYCONFSRCS := $(ANYCONFOBJS:%.o=%.cpp)
@@ -122,30 +143,27 @@ all: $(EXECUTABLES) #libAnysync.a
    rm -f $@.$$$$; echo '(re)building $@'
 
 ifneq ($(MAKECMDGOALS),distclean)
--include $(SRCS:%.cpp=%.d) $(SYNCSRCS:%.cpp=%.d) $(ANYCTRSRCS:%.cpp=%.d) $(ANYCONFSRCS:%.cpp=%.d) $(EXESRCS:%.cpp=%.d)
+-include $(ANYTUNSRCS:%.cpp=%.d) $(ANYSHOWSRCS:%.cpp=%.d) $(SYNCSRCS:%.cpp=%.d) $(ANYCTRSRCS:%.cpp=%.d) $(ANYCONFSRCS:%.cpp=%.d) $(EXESRCS:%.cpp=%.d)
 endif
 
 strip: $(EXECUTABLES)
 	$(STRIP) -s $(EXECUTABLES) 
 
-anytun: $(OBJS) $(SYNCOBJS) anytun.o
-	$(LD) $(OBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS)
+anytun: $(ANYTUNOBJS) $(SYNCOBJS) anytun.o
+	$(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS)
 
-anytun-static: $(OBJS) $(SYNCOBJS) anytun-noprivdrop.o
-	$(LD) $(OBJS) $(SYNCOBJS) anytun-noprivdrop.o -o $@ -Bstatic -lstdc++ -static $(LDFLAGS) -lpthread
+anytun-static: $(ANYTUNOBJS) $(SYNCOBJS) anytun-noprivdrop.o
+	$(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun-noprivdrop.o -o $@ -Bstatic -lstdc++ -static $(LDFLAGS) -lpthread
 	$(STRIP) -s anytun-static
 
-anytun-nosync: $(OBJS) anytun-nosync.o
-	$(LD) $(OBJS) anytun-nosync.o -o $@ $(LDFLAGS)
+anytun-nosync: $(ANYTUNOBJS) anytun-nosync.o
+	$(LD) $(ANYTUNOBJS) anytun-nosync.o -o $@ $(LDFLAGS)
 
 anytun-nosync.o: anytun.cpp
 	$(CXX) $(CXXFLAGS) -DANYTUN_NOSYNC $< -c -o anytun-nosync.o
 
-anytun-noprivdrop.o: anytun.cpp
-	$(CXX) $(CXXFLAGS) -DNO_PRIVDROP $< -c -o anytun-noprivdrop.o
-
-anytun-showtables: $(OBJS) $(SYNCOBJS) anytun-showtables.o
-	$(LD) $(OBJS) $(SYNCOBJS) anytun-showtables.o -o $@ $(LDFLAGS)
+anytun-showtables: $(ANYSHOWOBJS) $(SYNCOBJS) anytun-showtables.o
+	$(LD) $(ANYSHOWOBJS) $(SYNCOBJS) anytun-showtables.o -o $@ $(LDFLAGS)
 
 anytun-config: $(ANYCONFOBJS) anytun-config.o
 	$(LD) $(ANYCONFOBJS) anytun-config.o -o $@ $(LDFLAGS)
@@ -163,6 +181,9 @@ anyCtrOptions.o: options.cpp
 anyConfOptions.o: options.cpp 
 	$(CXX) $(CXXFLAGS) -DANYCONF_OPTIONS $< -c -o $@
 
+nullOptions.o: options.cpp
+	$(CXX) $(CXXFLAGS) $< -c -o $@
+
 %.o: %.cpp
 	$(CXX) $(CXXFLAGS) $< -c
 
@@ -178,11 +199,16 @@ anyrtpproxy: anytun
 distclean: cleanall
 	find . -name *.o -exec rm -f {} \;
 	rm -f config.sub config.guess
+	rm -f daemonService.h
+	rm -f daemonService.cpp
+	rm -f signalHandler.hpp
+	rm -f sysExec.hpp
+	rm -f version.h
 	rm -f tunDevice.cpp
 	rm -f include.mk
 
 cleanall: clean
-	$(MAKE) --directory=$(CURDIR)/man clean
+	$(MAKE) --directory="../doc" clean
 
 clean:
 	rm -f *.o
@@ -196,7 +222,7 @@ clean:
 	$(MAKE) --directory=$(CURDIR)/anyrtpproxy clean
 
 manpage:
-	@cd man ; $(MAKE)
+	$(MAKE) --directory="../doc" manpage
 
 
 INSTALL_TARGETS := install-bin install-etc
@@ -251,7 +277,7 @@ install-examples:
            cd conf.d ;                                                                       \
            for file in `ls`; do                                                              \
              if [ -f $$file ]; then                                                          \
-               $(INSTALL) -m 644 $$file $(DESTDIR)$(EXAMPLESDIR)/anytun/$$dir/conf.d ;       \
+               $(INSTALL) -m 600 $$file $(DESTDIR)$(EXAMPLESDIR)/anytun/$$dir/conf.d ;       \
              fi ;                                                                            \
            done ;                                                                            \
            cd .. ;                                                                           \
@@ -263,10 +289,10 @@ install-examples:
 
 install-man: manpage
 	$(INSTALL) -d $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun.8 $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun-config.8 $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun-controld.8 $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun-showtables.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun-config.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun-controld.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun-showtables.8 $(DESTDIR)$(MANDIR)/man8/
 
 uninstall: remove
 
diff --git a/src/anytun-config.cpp b/src/anytun-config.cpp
index f8bc4f4..d09f1e8 100644
--- a/src/anytun-config.cpp
+++ b/src/anytun-config.cpp
@@ -88,6 +88,11 @@ void createConnection(const PacketSourceEndpoint & remote_end, ConnectionList &
   sem.up();
 }
 
+void createConnectionResolver(PacketSourceResolverIt& it, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue, mux_t mux, Semaphore& sem)
+{
+  createConnection(*it, cl, seqSize, queue, mux, sem);
+}
+
 void createConnectionError(const std::exception& e, Semaphore& sem, int& ret)
 {
   cLog.msg(Log::PRIO_ERROR) << "uncaught runtime error: " << e.what();
@@ -99,20 +104,12 @@ int main(int argc, char* argv[])
 {
   try 
   {
-    bool result = gOpt.parse(argc, argv);
-    if(!result) {
-      gOpt.printUsage();
+    if(!gOpt.parse(argc, argv))
       exit(0);
-    }
+
     StringList targets = gOpt.getLogTargets();
-    if(targets.empty()) {
-      cLog.addTarget("stderr:2");
-    }
-    else {
-      StringList::const_iterator it;
-      for(it = targets.begin();it != targets.end(); ++it)
-        cLog.addTarget(*it);
-    }
+    for(StringList::const_iterator it = targets.begin();it != targets.end(); ++it)
+      cLog.addTarget(*it);
   }
   catch(syntax_error& e)
   {
@@ -133,7 +130,7 @@ int main(int argc, char* argv[])
 	UDPPacketSource::proto::endpoint endpoint;
 	// allow emtpy endpoint!!!
 	gResolver.resolveUdp(gOpt.getRemoteAddr(), gOpt.getRemotePort(), 
-											 boost::bind(createConnection, _1, boost::ref(cl), gOpt.getSeqWindowSize(), boost::ref(queue), gOpt.getMux(), boost::ref(sem)),
+											 boost::bind(createConnectionResolver, _1, boost::ref(cl), gOpt.getSeqWindowSize(), boost::ref(queue), gOpt.getMux(), boost::ref(sem)),
 											 boost::bind(createConnectionError, _1, boost::ref(sem), boost::ref(ret)), 
 											 gOpt.getResolvAddrType());
 	sem.down();
diff --git a/src/anytun-controld.cpp b/src/anytun-controld.cpp
index 1dbc6f8..767db53 100644
--- a/src/anytun-controld.cpp
+++ b/src/anytun-controld.cpp
@@ -46,18 +46,16 @@
 #include "resolver.h"
 
 #include "syncServer.h"
-#include "daemon.hpp"
+#include "daemonService.h"
+#include <vector>
+
+std::list<std::string> config_;
 
 void syncOnConnect(SyncTcpConnection * connptr)
 {
-  std::ifstream file(gOpt.getFileName().c_str());
-  if(file.is_open()) {
-    std::string line;
-    while (!file.eof()) {
-      getline (file,line);
-      connptr->Send(line);
-    }
-    file.close();
+	for(std::list<std::string>::const_iterator it=config_.begin(); it!=config_.end();++it)
+	{
+    connptr->Send(*it);
   }
 }
 
@@ -79,25 +77,17 @@ void syncListener()
 
 int main(int argc, char* argv[])
 {
-  bool daemonized=false;
+  DaemonService service;
   try 
   {
     try 
     {
-      bool result = gOpt.parse(argc, argv);
-      if(!result) {
-        gOpt.printUsage();
+      if(!gOpt.parse(argc, argv))
         exit(0);
-      }
+
       StringList targets = gOpt.getLogTargets();
-      if(targets.empty()) {
-        cLog.addTarget("syslog:3,anytun-controld,daemon");
-      }
-      else {
-        StringList::const_iterator it;
-        for(it = targets.begin();it != targets.end(); ++it)
-          cLog.addTarget(*it);
-      }
+      for(StringList::const_iterator it = targets.begin();it != targets.end(); ++it)
+        cLog.addTarget(*it);
     }
     catch(syntax_error& e)
     {
@@ -112,25 +102,28 @@ int main(int argc, char* argv[])
 
     std::ifstream file( gOpt.getFileName().c_str() );
     if( file.is_open() )
+    {
+    	std::string line;
+    	while (!file.eof()) {
+      	getline (file,line);
+        config_.push_back(line);
+			}
       file.close();
-    else {
+    } else {
       std::cout << "ERROR: unable to open file!" << std::endl;
       exit(-1);
     }
     
-    PrivInfo privs(gOpt.getUsername(), gOpt.getGroupname());
-    if(gOpt.getDaemonize()) {
-      daemonize();
-      daemonized = true;
-    }
+    service.initPrivs(gOpt.getUsername(), gOpt.getGroupname());
+    if(gOpt.getDaemonize())
+      service.daemonize();
 
-    gSignalController.init();
-    gResolver.init();
-    
     if(gOpt.getChrootDir() != "")
-      do_chroot(gOpt.getChrootDir());
-    
-    privs.drop();
+      service.chroot(gOpt.getChrootDir());
+    service.dropPrivs();
+
+    gSignalController.init(service);
+    gResolver.init();
 
     boost::thread * syncListenerThread;
     syncListenerThread = new boost::thread(boost::bind(syncListener));
@@ -141,14 +134,14 @@ int main(int argc, char* argv[])
   }
   catch(std::runtime_error& e)
   {
-    if(daemonized)
+    if(service.isDaemonized())
       cLog.msg(Log::PRIO_ERROR) << "uncaught runtime error, exiting: " << e.what();
     else
       std::cout << "uncaught runtime error, exiting: " << e.what() << std::endl;
   }
   catch(std::exception& e)
   {
-    if(daemonized)
+    if(service.isDaemonized())
       cLog.msg(Log::PRIO_ERROR) << "uncaught exception, exiting: " << e.what();
     else
       std::cout << "uncaught exception, exiting: " << e.what() << std::endl;
diff --git a/src/anytun.cpp b/src/anytun.cpp
index de8429f..1ac9397 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -50,8 +50,14 @@
 #include "authAlgoFactory.h"
 #include "keyDerivationFactory.h"
 #include "signalController.h"
-#ifdef WIN_SERVICE
-#include "win32/winService.h"
+#ifndef _MSC_VER
+# include "daemonService.h"
+#else
+# ifdef WIN_SERVICE
+#  include "win32/winService.h"
+# else
+#  include "nullDaemon.h"
+# endif
 #endif
 #include "packetSource.h"
 #include "tunDevice.h"
@@ -63,7 +69,6 @@
 #include "networkAddress.h"
 #endif
 
-
 #ifndef ANYTUN_NOSYNC
 #include "syncQueue.h"
 #include "syncCommand.h"
@@ -72,10 +77,7 @@
 #include "syncOnConnect.hpp"
 #endif
 
-#define MAX_PACKET_LENGTH 1600
-
 #include "cryptinit.hpp"
-#include "daemon.hpp"
 #include "sysExec.h"
 
 bool disableRouting = false;
@@ -97,6 +99,11 @@ void createConnection(const PacketSourceEndpoint& remote_end, window_size_t seqS
 #endif
 }
 
+void createConnectionResolver(PacketSourceResolverIt& it, window_size_t seqSize, mux_t mux)
+{
+  createConnection(*it, seqSize, mux);
+}
+
 void createConnectionError(const std::exception& e)
 {
   gSignalController.inject(SIGERROR, e.what());
@@ -227,7 +234,8 @@ void receiver(TunDevice* dev, PacketSource* src)
     std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND));
     std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND));
     
-    EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength());
+    u_int32_t auth_tag_length = gOpt.getAuthTagLength();
+    EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length);
     PlainPacket plain_packet(MAX_PACKET_LENGTH);
     
     while(1) {
@@ -249,7 +257,7 @@ void receiver(TunDevice* dev, PacketSource* src)
       if(len < 0)
         continue; // silently ignore socket recv errors, this is probably no good idea...
 
-      if(static_cast<u_int32_t>(len) < EncryptedPacket::getHeaderLength())
+      if(static_cast<u_int32_t>(len) < (EncryptedPacket::getHeaderLength() + auth_tag_length))
         continue; // ignore short packets
       encrypted_packet.setLength(len);
       
@@ -267,7 +275,7 @@ void receiver(TunDevice* dev, PacketSource* src)
       
           // check whether auth tag is ok or not
       if(!a->checkTag(conn.kd_, encrypted_packet)) {
-        cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!" << std::endl;
+        cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!";
         continue;
       }        
 
@@ -313,34 +321,15 @@ void receiver(TunDevice* dev, PacketSource* src)
   }
 }
 
-#ifndef NO_DAEMON
-void startSendRecvThreads(PrivInfo& privs, TunDevice* dev, PacketSource* src)
-#else
 void startSendRecvThreads(TunDevice* dev, PacketSource* src)
-#endif
 {
   src->waitUntilReady();
   
-#ifndef NO_DAEMON
-  if(gOpt.getChrootDir() != "") {
-    try {
-      do_chroot(gOpt.getChrootDir());
-    }
-    catch(const std::runtime_error& e) {
-      cLog.msg(Log::PRIO_WARNING) << "ignoring chroot error: " << e.what();
-    }
-  }
-#ifndef NO_PRIVDROP
-  privs.drop();
-#endif
-#endif
-  
   boost::thread(boost::bind(sender, dev, src));
   boost::thread(boost::bind(receiver, dev, src)); 
 }
 
 
-
 #ifdef WIN_SERVICE
 int main(int argc, char* argv[])
 {
@@ -368,42 +357,23 @@ int main(int argc, char* argv[])
   }
 }
 
-int real_main(int argc, char* argv[])
+int real_main(int argc, char* argv[], WinService& service)
+{
 #else
 int main(int argc, char* argv[])
-#endif
 {
-#ifdef WIN_SERVICE
-  bool daemonized=true;
-#else
-  bool daemonized=false;
+  DaemonService service;
 #endif  
   try 
   {
     try 
     {
-      bool result = gOpt.parse(argc, argv);
-      if(!result) {
-        gOpt.printUsage();
+      if(!gOpt.parse(argc, argv))
         exit(0);
-      }
+
       StringList targets = gOpt.getLogTargets();
-      if(targets.empty()) {
-#ifndef _MSC_VER
-        cLog.addTarget("syslog:3,anytun,daemon");
-#else
- #ifdef WIN_SERVICE
-        cLog.addTarget("eventlog:3,anytun");
- #else
-        cLog.addTarget("stdout:3");
- #endif
-#endif
-      }
-      else {
-        StringList::const_iterator it;
-        for(it = targets.begin();it != targets.end(); ++it)
-          cLog.addTarget(*it);
-      }
+      for(StringList::const_iterator it = targets.begin();it != targets.end(); ++it)
+        cLog.addTarget(*it);
     }
     catch(syntax_error& e)
     {
@@ -416,44 +386,45 @@ int main(int argc, char* argv[])
     gOpt.parse_post(); // print warnings
 
         // daemonizing has to done before any thread gets started
-#ifndef NO_DAEMON
-#ifndef NO_PRIVDROP
-		PrivInfo privs(gOpt.getUsername(), gOpt.getGroupname());
-#endif
-    if(gOpt.getDaemonize()) {
-      daemonize();
-      daemonized = true;
-    }
-#endif
-
-        // this has to be called before the first thread is started
-    gSignalController.init();
-    gResolver.init();
-   
-#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-// this must be called before any other libgcrypt call
-    if(!initLibGCrypt())
-      return -1;
-#endif
-#endif
+    service.initPrivs(gOpt.getUsername(), gOpt.getGroupname());
+    if(gOpt.getDaemonize())
+      service.daemonize();
 
     OptionNetwork net = gOpt.getIfconfigParam();
     TunDevice dev(gOpt.getDevName(), gOpt.getDevType(), net.net_addr, net.prefix_length);
     cLog.msg(Log::PRIO_NOTICE) << "dev opened - name '" << dev.getActualName() << "', node '" << dev.getActualNode() << "'";
     cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'";
-#ifndef NO_EXEC
+
+    SysExec * postup_script = NULL;
     if(gOpt.getPostUpScript() != "") {
       cLog.msg(Log::PRIO_NOTICE) << "executing post-up script '" << gOpt.getPostUpScript() << "'";
       StringVector args = boost::assign::list_of(dev.getActualName())(dev.getActualNode());
-      anytun_exec(gOpt.getPostUpScript(), args);
+      postup_script = new SysExec(gOpt.getPostUpScript(), args);
     }
-#endif
-    
+
+    if(gOpt.getChrootDir() != "") {
+      try {
+        service.chroot(gOpt.getChrootDir());
+      }
+      catch(const std::runtime_error& e) {
+        cLog.msg(Log::PRIO_WARNING) << "ignoring chroot error: " << e.what();
+      }
+    }
+    service.dropPrivs();
+
+    // this has to be called before the first thread is started
+    gSignalController.init(service);
+    gResolver.init();
+    boost::thread(boost::bind(&TunDevice::waitUntilReady,&dev));
+    if (postup_script)
+      boost::thread(boost::bind(&SysExec::waitAndDestroy,postup_script));
+
+    initCrypto();   
+ 
     PacketSource* src = new UDPPacketSource(gOpt.getLocalAddr(), gOpt.getLocalPort());
 
     if(gOpt.getRemoteAddr() != "")
-      gResolver.resolveUdp(gOpt.getRemoteAddr(), gOpt.getRemotePort(), boost::bind(createConnection, _1, gOpt.getSeqWindowSize(), gOpt.getMux()), boost::bind(createConnectionError, _1), gOpt.getResolvAddrType());
+      gResolver.resolveUdp(gOpt.getRemoteAddr(), gOpt.getRemotePort(), boost::bind(createConnectionResolver, _1, gOpt.getSeqWindowSize(), gOpt.getMux()), boost::bind(createConnectionError, _1), gOpt.getResolvAddrType());
 
     HostList connect_to = gOpt.getRemoteSyncHosts();
 #ifndef NO_ROUTING
@@ -480,20 +451,11 @@ int main(int argc, char* argv[])
       connectThreads.create_thread(boost::bind(syncConnector, *it));
 #endif
 
-        // wait for packet source to finish in a seperate thread in order
-        // to be still able to process signals while waiting
-#ifndef NO_DAEMON
-    boost::thread(boost::bind(startSendRecvThreads, privs, &dev, src));
-#else
+    // wait for packet source to finish in a seperate thread in order
+    // to be still able to process signals while waiting
     boost::thread(boost::bind(startSendRecvThreads, &dev, src));
-#endif
 
-#if defined(WIN_SERVICE)
-    int ret = 0;
-    gWinService.waitForStop();
-#else
     int ret = gSignalController.run();  
-#endif
 
 // TODO: stop all threads and cleanup
 // 
@@ -501,27 +463,20 @@ int main(int argc, char* argv[])
 //       delete src;
 //     if(connTo)
 //       delete connTo;
-
-#if defined(WIN_SERVICE)
-    gWinService.stop();
-#endif
     return ret; 
   }
   catch(std::runtime_error& e)
   {
     cLog.msg(Log::PRIO_ERROR) << "uncaught runtime error, exiting: " << e.what();
-    if(!daemonized)
+    if(!service.isDaemonized())
       std::cout << "uncaught runtime error, exiting: " << e.what() << std::endl;
   }
   catch(std::exception& e)
   {
     cLog.msg(Log::PRIO_ERROR) << "uncaught exception, exiting: " << e.what();
-    if(!daemonized)
+    if(!service.isDaemonized())
       std::cout << "uncaught exception, exiting: " << e.what() << std::endl;
   }
-#if defined(WIN_SERVICE)
-  gWinService.stop();
-#endif
   return -1;
 }
   
diff --git a/src/anytun.sln b/src/anytun.sln
index 0e5c04c..99da3b0 100644
--- a/src/anytun.sln
+++ b/src/anytun.sln
@@ -5,28 +5,52 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "anytun", "anytun.vcproj", "
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug with gcrypt|Win32 = Debug with gcrypt|Win32
+		Debug with gcrypt|x64 = Debug with gcrypt|x64
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
+		Release with gcrypt|Win32 = Release with gcrypt|Win32
+		Release with gcrypt|x64 = Release with gcrypt|x64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
+		Service Debug with gcrypt|Win32 = Service Debug with gcrypt|Win32
+		Service Debug with gcrypt|x64 = Service Debug with gcrypt|x64
 		Service Debug|Win32 = Service Debug|Win32
 		Service Debug|x64 = Service Debug|x64
+		Service Release with gcrypt|Win32 = Service Release with gcrypt|Win32
+		Service Release with gcrypt|x64 = Service Release with gcrypt|x64
 		Service Release|Win32 = Service Release|Win32
 		Service Release|x64 = Service Release|x64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|Win32.ActiveCfg = Debug with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|Win32.Build.0 = Debug with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|x64.ActiveCfg = Debug with gcrypt|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug with gcrypt|x64.Build.0 = Debug with gcrypt|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|Win32.ActiveCfg = Debug|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|Win32.Build.0 = Debug|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|x64.ActiveCfg = Debug|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Debug|x64.Build.0 = Debug|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|Win32.ActiveCfg = Release with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|Win32.Build.0 = Release with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|x64.ActiveCfg = Release with gcrypt|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release with gcrypt|x64.Build.0 = Release with gcrypt|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|Win32.ActiveCfg = Release|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|Win32.Build.0 = Release|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|x64.ActiveCfg = Release|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Release|x64.Build.0 = Release|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|Win32.ActiveCfg = Service Debug with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|Win32.Build.0 = Service Debug with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|x64.ActiveCfg = Service Debug with gcrypt|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug with gcrypt|x64.Build.0 = Service Debug with gcrypt|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|Win32.ActiveCfg = Service Debug|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|Win32.Build.0 = Service Debug|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|x64.ActiveCfg = Service Debug|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Debug|x64.Build.0 = Service Debug|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|Win32.ActiveCfg = Service Release with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|Win32.Build.0 = Service Release with gcrypt|Win32
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|x64.ActiveCfg = Service Release with gcrypt|x64
+		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release with gcrypt|x64.Build.0 = Service Release with gcrypt|x64
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release|Win32.ActiveCfg = Service Release|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release|Win32.Build.0 = Service Release|Win32
 		{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}.Service Release|x64.ActiveCfg = Service Release|x64
diff --git a/src/anytun.suo b/src/anytun.suo
deleted file mode 100644
index 436969ab57180844bfa92ec8a2577d96ce69ea7c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 68608
zcmeI52b^71xwk_Iy-Dvdsf3b{9zvZ|LMRDI2rZC0DWsAD0qFwLr5BMdpn%e(DFOnb
zB8q|y6~!xFlxqR6y}<W8d%tVWp2?X#XAakUzwh_mH~F8n_J6Ov-c{dKcA0Ozyy+Xa
zJ-FS^I<=DhJFVI2z4zDaw042-jDL-E{Gm>rJofy1@4x?kqF3PI@PFn1krMbP>Fh$C
zZ4a!=wZJ-HU9dh_4{QiF02_gg!6ty}@3cAC6l?~z06oE$U@NdS*aqwX`ho_q3)m6t
z1a=19Kv&QkbO${^FE9Y~10%q$V0SPG>;d|Kq2OS!Kj;qzf+1ixFc@qHhJ(GpFfbbI
z0}ciIfdjxu&<G9$qreehEZ7!|0sDf3z>#1am;w#~dxFEjabOlW983h0z#Om$ECEM>
z@!)813^*1{1rxvwFbymOGr<X90hkO{f_Y#rI3COgrvUrd*|>|rbZ{b&I}>*qm>tK~
zXA^#$_gCSb3Qhwb2B(9i;0$mUI0sB5wM#m!=+r<dEyi7zY2!qVvK1{xU5ag}Og?nO
z^^1nhe{qd93DkH)9&!R2mrw!+p?wa%(Va|n?XneCDA%6<)_SGwSIPA+?bJj%R*?4w
zTFDI3GJ_hBYfrj$>b!>aV_z@@?S=RJ8o>UgOh(gkYX1;wdO0aLf?xF}et90O&EFpA
zx38r#Xft5pL}&a-zip_9cR5!)w*PAf?El&U&uIfv7~ARZ!BqvW*#EbMw?Eo8v<1cf
zZya6W27>P3MPOe~HlR0t!|WEW{r?)EZLlAH6WIS#TI}EU{}(_bu>X5*Z(RGPecI#a
zakT;Ix)I^m4#-`Lt6dliv;pIQ_Qw8yF0lXGx9!V@PyJuNc0^mDUmI|A_*4JaZrHEw
z|I@(?VAxr>vw?kgUU2qx&z*p)eb8QbEVMC~0_}jU)OO<7tNl0$oDA$qwoPq-{a-tv
z4Y2=fH_iel{`6aSKDpap4twgjgRb58{F~eB!d%f(Y|9@+-Wh2N`=1ljFUHK;d+LN`
zOXe<{v8Z9p{Dn=+8+xzWYsjus51l`2*^=c;=B#L#GJpBX84DXGtynpG{*s1aefv$F
zGIHwt51N0kcWfKkX>Z1d)ccp?*D9~TDooAn(JA;>Vwd_*)5{onrgDwaC3ounokDz*
z(Y1uuHIv^}jAYuMlh8aXYmMbmYyTYcHU%`xn(UwUKc)L9M$Couq#0;iz^_(!JfoC3
zUqXIsv48d_bt`z=6?IRKP@~W{laieq_WnrHu!6MAgKtl_Q8d&s{;b7yTeP8n1ZCeu
z8WvCnODF@!<g#@1M!&XP`&?`O*CuQuP+I5T@z;8<wFY`o|K`VDT&w<d2y2>^*80a}
zd7e!xTtcnb(zS?fi~7~OK0#{LukK#aaog5^3N6zfq1A0$(BItlYSpj(PBFIDe<=A~
zgjVNaM@CsJ!J4<#2KI>jZ$gB%>fea4&NYkToZteG+o60`G?!G&AT<rli04xd_K2y>
zkF*TV+LnVkw9f`cJZCQ}3B8b`NpLF}&FsMq%)t9HVoxRJCB$Xk7BhpN%E&s3+1^wv
z&8+O$ez%bGb2!fDrvGzkF@KJxwTWfdT0RKZI<B%~`|=uV<ZG)G?i=?G+U$4l{q}wN
z9+1wFb_GTLWsYA5_V*Rk>@sS_+N;!bnwd9IA1kuj(-t+gvPgT={%lXSJq2&O(z5+8
zA^w%rdmeMK%}=1MET<KfjRpPC?|d}ZUYmZ$D{YW63LS0fPowcDN@fM9CVkOwTpiJG
zUrpnmc5Wg0PkFSLxDuMrc%=PPb3PJQ)9#wM<Mzk3&np^j#BuvjG%d{Z*mGxOZGR;r
zKxzT5njN!UMLSpdFfD2Tz9IDMNu7FZ@Xz79U;3r75B~6;mp8xj$W0FEwDH%rTlkOl
zx{ts7{g3|T<!3)R+A9y~^wt(VU%9_~_X8jO#m`RPW#%FyLJn_mKHc%zk83pNL_OFg
zaQ3o*7G%m7&|<Vl{rJ~Evplwb=h=C9=TK7#lh2`Mb~@^1M-J!EeQ5_v`IqlwOyH=N
z8QEb~!Zk4~UrDVkCS9x0R$X_It>}Jg(NnLP9=dL`bj4>b<XlS)0Is730y*o@HI9>a
z*En)pf<~|dumTcy41Ui!e@xtL{H`HgBc=G9Q)$EI1vedcJWyPV7|yuuON!P~PJ81T
zME{lHs?Slh$eHHHf&JjwIA@c54(tM+4{i(GYk=|_U>w$1cRc2~2d<ntcEw|wb`Q>V
z=x>2Cw!kgGZy#73oc-|x{Mynb!D&-Y!f%>R4bE$B3+}VQSsxGLH;#u3+~@J{3-^WK
zOy3vr8{Z3sa9_i394`jv`LE+w*EfQ*j9$iX`rZo8^7{?`3An#2aDT+_I`z-NHQ*l?
z{=eboHd>9-vz9xaInD`K0LS{=_Ec>Alxzh}&=O((-)#HxxJv@ZDbs#V_(#$*+yPmh
z%^{kY>9kHod3@}DbXb3J{7E*>ad0VVapvV{m|H^2qFmg6ac!-AtTq3e5!U{v9D$Wk
z>kQ^gO(3NwA9dTB_2t+4TTl5H^FJ0lH9OP2m^?2eHDgH4!i-r)t+Xeu|8^&k?X}kY
z7xj<FS~&01T8g=ak{<=*-bR_!Q~&Ob{AK4n*4Cp(t@WPLv;+C4TV;K-*8Fcy_}&pg
z+UHCAf0MAdwn5jRmP~s!P*47~sjh*Pv2~AMw%WOcQS<6MUmb0XmPS#WdCF-acLQ3n
zfk19Fd-%1Dv&B(6X?AS7bIj(NyVbPr6rAnSG08IT8JsEU15C-3I`l85r>?+KSx=+t
zxZbssb*r7}n~kvD-s(Jr#I%`<4LO%u%+Ls@72TP2T*u2V>9@a?^*`qs?FsuI+4|f0
zNUiO^8)4@}Gbz*W{%w1r{%r{4oS|0zwu8$f;xhe~bbC_I{*P&$9TAu5@86zs&YOSd
zIbA`m`R_~E6;AGux!IkDnONYaLSKIUj_t1ZZ0i_pgH~KGV83>*(ed^-BWwNhxJS1T
z{YwgZ-~Pcpml|u*>+D8xHmcskz%-!D2Wv1Fb;NASR!pl3G2QaO4c|AER~1EDAg6t>
z9VjVRWAW#?%I`HA&NiT}Q2GHm=XI%Ws@c!#JGYfpN9up}|9Y;kzH%6O;iDIjuogM)
z8Ywl^&iU-oEmsa@?JqM)Tu~;rKZjCdPqkJS-gB1clM$#)zoSHZqJH)6K)_n{yYxK6
zB0<XZ56**>{?^m~ZBw=Mf798Xr2N~SYt8>Yggq)EuB<#ax^uH(l2I^mKEE?3r`5Li
zC|WQ%#~^!;;w(_^0I&y8QjhW4)MIQ_DWyr5C6c(c@S8f%Z4D-aF2Fl!avOm?fuapa
zwPdc6etW3W2;|f~94MoK+=swH>>hO7ex><G+ArvP<4>GYWwGie(Uz#G`phR!`P4e}
zFK6dtG1pDRcBb)vB{N0sN!xdhD)y&1fAOA+^M7rqtFU}Nve`j*J5_706a7k>Rk_oU
z1?Y5Hq<<+fI3G+q#_nLH9b<RV-N{?Qs;A<gMy*U^CODX1_lGNI+%a+AZwaicBKM?>
z%^bK}w;<!D!Jkr>{hUpF`7Zn7EWi1#&#7x1^r(4E?a%?z+Os|DI)hZ4H8uh{N2HFo
zAJ>`YXfb2g#1D9Ve&5V8s`TVjzq!vm)0T3gU(xQG>M_7MfRfKc)84!z%j`l-uN||U
zLvF<6we~!Fr2b>TQFWxh*nX?)H~FK!d3!b(=eaPw*8t@)kh6O<>+eYWw{6WOr|x&p
zqDAG;y}0VN#ilv=c?WGeM{TW3G4%mQyxp7YuOs@4{jZ+&hch1Q-JRiCSuWf~PW>Y9
z!PD10?C+*NZ>9QjNh>c~_i#`){`Jq+X>nm2j_ZFdfo-dGNwslF*8aYiZzz}QACQe7
zZN-xF?tg5H_aIQK{-uO{(IEvX&;MR|ppswnuU<#ITJ_&R*sN*cmgygm&DTnlb4vY=
z%8qcg>bKrA1A*&kt39xt*d{DTxr0ICGy!sl2j^a<R#7<;7*282wpz6d>DuG)d+oFW
zH#0cPAcdPB+@b<!J$dcQ0=Fu-GYi~DgS)E0T^rnu!MTDy7AT(vDb4rbH_i72XBpfN
z)cZ(*dm^}}3*58#^IkMASmzXnfGOb6;CkX(!pa1oW~U35rjkl)ef%kfGw>VE_-2ER
zKogML09b;GwJ7I&?1b>29ImqtOV#s<GrrS+*7S6cbexJ`ISa_yn$HG`r7PD9TmY2I
zK;GKY{3G2fbN*4={SWW4p2D81R?NLWN3eNu2WIG@{Y`qN*L-vXYlDTsZH2otP!<Ez
zSCkVu$kSKtu20eaRvW)+OMfwz)~itK<>x>DMV6%2X-nhB-kcqlg~*>|HJo#dU4v`H
zmD9SVyvpVIN~_*{7r*6`L$#$ptwQr%*U8jI6aNllByrAFnN6Jen>-_}^U*+B<gA;n
zK(UR;*?w%3ig}dl4$QOC2=aVXn?Kc-exKTz!@qpQPIK{pUb0SB>}o7ZZw};4Z7N|?
zDK`i>ekodfxlth1PU_vB(=IB<1H)|!rUAvCD%Ta*Ta_h1PMu4EayF3b2hIV?B|y%!
zTnd!yft)3G15j=Pa;E)epnMs~Z3kWe%8NkGe0?1#uK+oB0bT{l4}qNP=N|#(r$Ely
zd;=)&fE3@m8PloLKZ5It`_JIq49{z}wzWw8_QUngi7lRyskGUvXYbY31exNZSdwx*
z0-oCq$eD}Xfnv?bS>yeIvJXh%()#j%;I_tX1j<NYxJF<rQmzJawt_T^{dmUt<Z-_0
z%2y#PU+C_T8fBP2aZ_9wRs8w-X%uPgM=g(Hr)n=|bbV++Be^rb7rqg&qp9sawB*su
z<woEigMTD^KYRnTF~GFns7mBkkk_6THrd9qxox%k<hAwRYW1hx{Po0}Uc<@COE*cf
zo2D$)(-8cYYiBS4SYL+&xi!HgpiP|&<m}Oh0?!=*<Q!jy0_A8RR~%pD@-nHmSLdjN
z{L&av)xFCWo!2+~Cpu>l$v$vn(^_BsMAKSE+-Z+jxx(az^u=nN9QVAu>*I45`SXwI
zsf+jD-zQ6B^=C8k`-FyFH|wv(XESPP8)fs)ftfW*DXs20|FrZh*}RmhhbywSwqFKO
zuHX7C7xmjS8$qr5KS$UH*5U^#*FP{1RPu}dOs~3?lAz6}w#4^nw1IN{gPX5u%Ttej
zd&A?+5jq!ah}87LwV7%kcL{Fy;0(7%aQ%Zj5N<$l!-DGyw|8&{6u8FVMh9mf9uwRl
z1@6$`CI#n6H#xYYgR@;66WsLR2Eok;ZccFf!_5tDQE-lGi-TJpoc2E55jizDZS{vE
z+?m1I9?lBxyx<z(&JXV5;2cvf3GT|^c80quxa)&c#|^>V5}c#>t-;+Hob_>6aQ6k*
z4em3+JrtZ}^>A=c1gCxfd~i<(XB|D0acAQ@2Ydv0U;aGY^MSMe3&4foB5*Nqj$#;R
z{~rUFgDb$5U`v{f=bWGDia+8X1Mf)Z@h5O^178NW1a}wi?cq1fody4=!hcV=_l5h}
za38>ZF#HeW{slY&9tDp9+xQdU^WY2MN8pP<Jx}943%(S`&xPwb@fD803ceQn*KuD0
z--zRvalZw=4V+iK3cdrr3%vgOxIX}|fgc9<W8BxlPry&X8{lW)-@wnoo8TAV-@#iz
z8~H0>eE$({1LgT!{J#V51n2qx4F3U~_xR5oJL3Em_iy0u!1<cz-ot$#*wv3=->8=7
z+=}<#+uMIibMe1k|J*~NMyFYZ;zM=zKG9yd2LWxk+*-idm7KGu6z&lG4ZzV`Zapvw
zC{ux)7UejgOapTL!E~U^0&-ozLa-xP1mt!BbAYk}$SEsxCwr$xZey?tm`?kR+<xF>
zpx9UBb^!Jn#r~46wa<9Yej~RIu>UyYxC+Q^3hZCXbwJKCyB;XF0XfUbzN6d=<i-K}
ziSjs*(=yrz6x+GnHsH%Z`8tp@Z?<pqX4{tQ18nz-ZCuX$+Rl~Nft+HyR&3jH+ku|}
z#r7>{K5XZT?OaZ4Zd+G=57M=N$e6qhC(d@PtO=30d}fu~pu}yh2Wg0K2jlM=+-|{n
z-e(1sJ%TgMeS_;?;06XaB)IN`8yeiO;EZSQ;Pwg5`1T8KWP#HzDu)DT`#&_eBZ9O2
zPYLeW;JjvPaK{B_9UUKBQ*dM8(lZu|g4-U>=Npxk!F9%eGX6txR|U5dexH3*P7iJq
z{O92}-{%K65P!OldRcJh_X_;Vjlo&JHwAZ3a3kUF3+_w7O@w<kxUU9x7@W^YD&Gli
zJpS(n_XaK|Ei-4(4O5q`i6dIbdo3PXE=-JV>t6##XIa?R<+SCA`+jggDsZ-S!~I)u
z+v0u(D8B-cyiRZ9H#NTwP955AuT5=T?vKIQzP;A+{tZyNK&1F=>&CZEa9+DUe&gG$
zz-<-WP6e)8aJ_=tl55t*ucY>`zYm-?a?c2-jsf`9F}T3(72LiB&hf`^qY9kQ-pZx6
zZhYf|JE{=Qc5S%Sh7IQnc5=%L;cTyRA1-jVL%DMbob6Ta!r&~^e)yG-1=j<=_EC|G
zwltUpjoa@d!SKv?Isy6*7&vG!t$E8%3%U%**Lh`Y>wU6&%^h8lmBrYXG0*+3^mbkY
z_n(@wyH?&YZDMbC71neRyLWR~?WZ@{Mi62)$*(-cKa!(7UF;Z9%od6x!dEPE<fY&o
z6~7VOtHIgQzZ2YR!S#mwVQ_B*rxp2GaBtxjdMRg+^?7i1c>Vha-o^FKuy=tgyC}>8
zZ(08?qfh#@K6?U39`k97*b8h9hB0?oeg0G1{)O+W%&Izns_puvq&?lU^Zs3W+pV&T
zHT!~JI2CB_`}&pcz?=*KwqIorAm_Zv@jw|2<c<ZFg0eS|I|A$jltz$B%i}bD_rm{%
z1maxN>x}zdp!@?Yp0#l0?53&nmn>hgtZBv~>9zM=ymH~f{q-Wgs#?6^UCDHo(Mg^5
znzO~T?>)QIA)mZy_Gho#>373A_WlSOR^QY*jiRk={P)dXG0PuNIDsxQJDc!Ehyg7R
zsfFT9w`DYGUfX+{(|0y&mWPtu{3!n(L|&fl-wSC^zxT(BPs+_h$y0y1?(AxM?Qy1M
zD`3yHh1)abZ1uYWd+%;Q?n5Adi>ELk*0qbcx?QTg*I27fa#q=KTWNi@tl&z0*z{V~
zpzj){hJZR`985>oKSj%v`k4JI^)dUE<$C~dj;=T#OMT39)>Tj7d%nfz7p>oP=O~3w
z{kb3Kyw*7T17+{h_Iq-6Z*3r5L_1e`|1y6@;Fe`SX{z7;`4rA6bv-|wUug?jM*2?5
zY<T{TTgCSE+u)kdn7>p8`jyn49m{Rc)t*1C&HgT-<kP!#>A9z`{C>{mYO$1yl6saa
zBzu<UchB77$g|tI<39nJowaY-9@-vx@^ER7y?Fn$z2`?;-gz8O3n)Inm8{e+H-1|~
z(4qu2%BFpLV4mDH?|Az!-Z{)yjkZwZwN>gG_eX(NC#{IL#(zF=W_d9%+(y8$Sa}f0
zX|*!*iu*9gTflUD<AJgO7;*>T1Y_uW)A>yy^ZQP<wSk#c$M5#aKOgzi-Ru0VomRsd
zZHxW0!~f&zO1kvr;<#%1UE8#L{@UJu)>>;HiWB)Zoc&(wsEh(~+K$nn+WoWk(w{%`
zWGk9gy8k_(*~*}(4RQb78cNbeuokraVqq|4```VW@5{8fyv2d~EzfSiG_*L`#=$4y
zPl$8n`jbU(BO>T}@~>e#swVx8F6E;B27=fgYR&(Xgq;bLWC7FrNBPLG@kXy%poJKh
zb7Z?)8=MT>Pgw=(v0ugZx4Qmhzji!v%y&@`Y0%c+?IH3gFfAsr9{ZJ^KlI(h`Sb#x
z|Er8VKRoK<f?k$UKB78|iSHmf+#tGy3$zg!cW=86taeYZz5ZAI$%XaqUQ2^eD07c0
zBc8dn6qGdEAJqK(VR8JZ&GzMQVR*mZJ>fNR-Dl9hHtxN^y#bHiU)TU_0X6~~gH6Cl
z;Cc5QHU}SxWA`51e`^HKf$hNdU<a@xa8F`q;I-}(xG&+JTo2F_xIeKA=nZxSh8u+I
z9))`o?$7NBT+6#h=iY?-bB1$&VhC_=&ix7Z=G>Fp2Y7xz-2KD9PUn38YD64+el-3=
z!GXYii-W*8a4>NH!Z3&7jt3Lscp~m3Fc};HW`HAsdmBfCW5BV%YmdV{9!vw%gOi_y
ze>QOMV-A=L<^lIVP5_2kh`R_Z21~$FAioTEdH7f2x_9Ru$trLPI2E{8avC@tcui;W
zeinZIS6v%8ztXPS-}9MH{*HCpD@pTSqRHktj`YKT@yR(ym2(a(=gi5ukm9%{w;31<
z6q~-BG6AUja3JS2W*Tq?F&)Sm_YB}XYbKC0zDYp+bAX)raNbblw%|C;FdT6y4#ti7
z*t6XFxxTLTy}l7_5xIWwp1qc268{e2*r%#yVPE_XN)yM<Ha+h%_CCq(6X<EyIp*RK
zPIR*L>Lzi0ZyvS;&XUZ3D&x)ZI~Q;!m&((;T8_@f%(K^8PL`(@BbDc-_?=={CX<2T
z6t}o~f-``eIzATu%fnqC_n=ms<v9>2SAx7e%bxEuHHT$0&uZ(h+U%F5={IIv;pO$#
z_4!v<m<H2sd+P>lJ88efvgiRUPxEOw+e~T;j`pc6@MdDU=lQYJR$p!WPxp~gl!5K9
zxX!J-=}}z&<=+o;)s=P+9rMhueP{;Q2+Ra>8vy&9(gadC`%7Oizrfko6z6n?vvwB&
zWjT<uoU+QnJr(3-nzw7uTVJl5ZIg{aZZ}{%RczOC*5_!Tq_%7NolhBF9fq^6R|4C>
z6+q6tj~jsUagcP}m@%C?xp<Rv^>P<5j!y$Q``(?P3%Cc!tp|<($|FF|KA76mWB4PV
zr?Iu+Cd+8%55t*H_=uJdXwhxlk+T<TF^$32*$8$3<}`7~;P>3r0yi7KDYFI)XB#~p
zSc=w^+;pHdP>L(3yoU0p&TiXwX;;suTG6lU35;VY=m(S(?@;{nnGlt=ziMsH>j$4Z
z_eA3|?xI-oa+abkW($zk+t#wZ(R0ZPT0@qfVQf8KYj3wFD`SD2*B%bEUK4?w*G?it
zS^A6p$6cDa<k<I^T>Bl&@hOFQ<A086dWR^pxOJ155A|&aOs8T?l^X{fU6oYUwuMyI
zgYX-!0SpF8%6o78=3Utz7*5N408mnovDJ^yn94J6BRHOtalK3PpWbw{&JJI8=J{UI
zvW@If)Aeaizw<Sdtimj<x=DKCG5z-LRPW|5ah8XE+nlcTX?d*;j8M+LlFFkoILl%<
zP&{wA{$LDHEPwTAJv?XIvTl^=K+ZmwdbC`g|I~ilezLM}o%d#J#~t4XElWq)UTk^)
zZM{d9>T$ugOXiSF%IC6d6rai*qviX5mG6i(P{OOIr6H_d>i>G&6invovnqED^Zw{J
z6SZjlPC47*C#yMKWkX<1rW#%c|29DTEoTpL{LunCACR-RYFXC=JAxF>*3g>k3TF>Y
zt=KqhRbFpv^V+q*0AOoPmde)Vb%t*QhSTpDqu5Imr$sluk-_0)t=M$i>!VjX^ye>!
zR$JVj#@&xr<51cD$Dn4Lqqgee{)2l{2ZENCp?Y}PZOPPSW(+CUpJtVL*lNG(caC5=
z)~dgOu+P+_U;A4w=+E@3TPY8npLHa<H3F9BKaFD%xQbJc{v(O!nTV@Q|KR3XeHFz)
zS^jy>^WU~ZR?hqruX_SYx&E5Ue+~PUeZ1E4?~LwyRF0JCAC!%?dAPQIE&oF}naZH8
za7F%l4*pR?{s(2&qIl)%{(9=)XP$P`pdiJ2i^;mDuW&>XvvAHvoxRA}*R^j-+8dC|
z3@>gPt+j93KjjXP*H8ZTwrdaPp7|=Up7)nl|BA>wbc}fQA}6_7I(3umgvYcy!!RG4
z1M^UA|FE|8XIo?AyYqHCn}}CSfu&;#EXh7Vv46{H^@jpw5|A^6lYwH7l~bInD7OK*
zzTkGCyaVKHk?#V<oisT|G<VdL^dydHakoox=SXii;0}`Fj*(u|?#_|&k>I@c+~6(<
zt{0q7+bCLiy^gLQ3+}4my2D)^+zr90_v69c5}bN(4eqYsy!P(k?hDTH{7i5U2iFzu
zbHP0koUQfq!9A04^}K)Y9eGy+emUU?Rs(*Up!g2Y(7xU8L{STSWV>qsDmMqa0>|@e
z?Z3VK<7%s_)OWY~?ti{Xw3!~=Bt7t`doggHqFB0R_Rp_;wkP%2pJ#|Pwd`{J$$GS%
ziZuS%mut2E&R33)D9iP0$;w6jTM)$htX2P~39GGA%JjR^Yfl>Ln19?&r0yIjweE8k
zpNg49i(g6(D&I=jW#c}-H@4O#kgTpFLDA~k618uAvo>izNEXo=_pBp-YJFNpInOzN
zR`vyQhOs`C;Xuw6^a!B1(v#Z}I7TT4gOt+ZeOv3~qZd7*p^Wp@ch!oIGZj~dX<qO3
zNlaVls{Vo==hJnrR?U~v2u!zmHebqUAm{4WIlsIsSULN&c~zVb%h@gu14<e}*2kYl
zkh~A9fHAZdVrBTR4A<N(Y{hNL@#CNics9<hh5H<^j-L-s?biV1H$WX~clPf(-5H=<
zR)TmOPkcgKPHXvFpo|R8Hsl?WwQ;>GVz`ZgcR|#@A~;Lu#^62`oK@-_E#q*U;D0tA
zIzCw9j|6909>Z^Z&jjbS&*3-TF9+xO7w}saUkT3g_!@rG_p{&{@Owvz|Jhesqb2y^
zz<6c69{XSI&B<i{*S+_`AD}GLsGGzw$5dF$LfH+-^#qQLiWX1KerDTKQu{PqYM-`M
z!`XKmfie=vHG)w<xg5x8AFlw)wIE%4UB={luTeTJCxh(`hFR*rWORsiqPH8cUX-r~
z=V<p*aNiEjQh6n~?+2$P`ay6%3C?!?)8O6=&eHisaQ_jU@%=iucY-s%cZ2&=aK`uN
z;Qk(*@ugM48lCfeII4N4PFXuREuMESl?@BwHVSUDLb%O?+cr3Be!Jjy&bYGir+<y>
zAL}himaKMu_UHV}2ve@#QJ`GvnSa<$YZ-qBHt)l>orX03=t%zU3sWP?viuKd9_{{X
z_1{Z$(<92ZpJK9vhJ5?p3k?`eHLl6;kjQmrELr{evD(&8WlsUBd-3asysg5vbUQ}$
zuKN6DZTeTA#hf$s7uncfrqQ}{=8|luBZ0Pa8=!^pT1Odst|NiHU(Ra=17!%1+Yo4P
zl|~@vC}aCn4gzxK)c)eUW)_fB?`)tYnFHk1y8vjD)2QvWOM&5+1H+jXM}4^u13B~H
z+F(s^8c6Y-j^FTS1h*OPp#bC2=`4`KjcdgjF72A1gWvv<KMdaT>6biqOVyZ6ktJ(s
znxYiDxwJG>30rd7!8NL`pX#aqG=9E#QRlaaIMb|~B&F~p5T;PcQ;^?ZADC0kcV|3w
zmZPNc^A`MR{2Y$o+}#F70Odd+*9#mBl<`2$>m~qYGLW-wo!4~%bAg=g?FgXQ7E(Ct
z*7~q5$T=UjjVP&I+=kzFp_~E?cLz8XC}#pW+t;~Z2XH=+n-0zbisQVT>AM<i0Imgc
z&agfXY-g5-oV9){kh>G4Ywro}k>CvXD3}et7@Tok8UClkwI7TvaCzHn{jFKoCP#rG
z5z;p0tVivs#++X|gO_UzcRO5bN=aI};y)~7Dm7+KCxJ#_jTnb3x?_Q2F68W8sRb+w
z&XPL`C?^BMxsPIRRZ<VNpV%{%R6FW8Cu1tLV~s5f?gHGDmODsA+KJ2Su$nz@Zwi)f
zIZVvnV)47yBjZ_f*H3Dghfeb}f}`4=R%m^<)j0Bd)f0)Q+N}A5^!k3pnQ~tCwUd13
zrSg15ZC?_!6^$#+dD~;*7<QTb(w|EP?>1YKO`yH^MvAY$B-=KM>&BF(qnID-aP==E
zrnsgN*S})#%)YySX&TF)ez$xapQ=3<U0Vw&TV3r!%=?z6uDCZ)+*?THrd{t>8bj-S
zWpi{mDDOMvrINHenzVf4A@$4LCOEP=J6A>n?S%byY`EisGt3yESlTI^>Ffd02(>%@
zWEUN&3^x>Lca@nSUAqLoBfv$$Y3(l#E?Icvn+23>f!8`GxDF_3M6rk5DuFx-l8%?~
z+Z$gGP8~l1j&T1T+#KA;!vBYGZIx+EkjqCDEm=NN8-HhDUX9aoNStLMm-278V}d&l
zH-(!XTvLIw?!9(Ffm<Bhi3M&&a3=?6dM(GTfn}(UuHaJ81*Gyc+*QCa=xSg%$E{vK
z`2>)2q~94Ra(Vv!7FDvE9e@6~y`FMc;{(sAPyI!)eaYGWdd3Ocg<Nl7dr-9Lasxnr
zprrBLG2L-e84nD%Cvb+Pe@eJ(<2qg+46JL<?F&--Jw7<+1X@HTjp5z#TUW|5;I+!~
z+=-o$YWuIX*{R~QId3o8sGHFy9ibw7l1=VIz;d&mEi*amzEA1?^PuK?QUq;7T>l=x
zIZG&S6>S78&{I&qFp^rf{vDLnUE#ti-g?&mQ_=0S;YykQ!P(p}57*XjJ^Fu5WND|T
zT>sFv)Hd^$zpd7?SDH_hc-&=uMl+O&Z9Mf0ZKHP1la0Vaa!k<1E7~`?t-xrYXy4>)
zWA+QfYmel#T`PfoQadB(JoZMQXiMb0<|d%r4CHnKp902lFObuo-3_#1_W`-}fb(nR
zF(7B#PWI{v{CUYNAuX+Er_<}+zbHN%SawJ5-Sfv-L|M9Ylk~-7T9*QCkCN<!^`7iR
z%KKSx=2`g?@LJ2`S)hC!$PEH70p;63PW$%?P<{pEw2N;8Weo_q?SW56C~F6|BmQ-Q
z+X^=?%k;!?e*gK3?26+1dM&@onYWE<J4N-Ezt4YHo-uFxExaq<JL(4}FR~CR&38`Z
zY}1Y#%3vU8dmRFly@8x<)V`sN0CN4nNT7@Za@tp|p)wK3S-+EjVjq#S&m9evG>$mG
zOykIG{Dw1*CZH?^as$B<pqv8a?8m1Ab)Ny`8i8{g<t!j)zd9Qz*Ol780nKA%9=h7E
z_Q%{=BDLC|rwIFAL{?`126W*0BTJ-K{Z|wAo|^RA56i{;JJQ<{YSn)$VW$J7JpZ=G
za#6pbY^}BGznQSkES0lq66XNl3G!(UpWZkhd=&Uphx|pj7lTXU*e5%DqQkonSKwY5
zyiaso1Fi+vf$M=!clcC?cjP_+ZUQ$0pYXU9+y-t3cYsfVJHcJxZs6U!PXp7i3A&!e
z@7=r4g8RV(z;h4b`qYPa^SqPyDDW=c<G?3B4D$utC&3rNQ^7rh`z7F=BEvk7`(^L~
z_-b(8(R&eiN65QJhWjS&%ivq!JHR_guL93~7x#O>yGb6uhWkVCBk($K-1n}Mcaz=#
zKLh^;eh%IQ-ckB@@D}(b_!W2?c!$Y5OTPiX1-}E{Ve-z>@4<h9KLB-lN6EWOe*u35
ze*^OW4EMco9p=m0-{9sQ>%6U0`?dWM_4`^;-D+W4bKTKz9V+GewUOnb{_zCSy4I?H
zUvxhj(U$4=70>oW{f86C8Az@A4@dt|HRXR;d+NE<+41KuXQI0|b+44=e_->vDGyui
zSN+aptf^Y_?@HwN5m}jj|Hg28g8odex|R0Ad)`vj1}f$H(;OfVTkW?V{iBI!W<*w|
z-|u#`C#n9OrPP}L?-6#hXn%S9&Z#A~0?xU20-pwQ&c7Wko&Tgc_a^us1kOJn0*2ch
z*sBcx1W4Q$f_o;oZE!yiHU`gtq~lA$eKj~o^v{7c!HdDE*LkkGoa1`!w%`(=ybR<F
zcOg&`XSlQ`_%{B$v`(md{$Kl^ZQ6Z%{PHzTe3nApBt7w@R9ni<My+|dQJ@!4Dt*i|
z)|DZ1ah7h0d1f<U&yh<rS~+(voZ;^e47Vki#Y|xJ?}Hu4ncCh#sr~)K);szKGpkKI
z+8ZDK#mpX=s-kq|KyFje4H&3pDOBD>oWQvgfU*L3omP1zP)-4<hZH$W+%~Hf^BQ&Z
z2Xd)Ix4>_SDuY1^Hw3@oh7~wVS?+)WHzK&v1#WD{m45|i&9O`VM6gVsZW7aM8l0c*
z9%O1U9-3~&G#k#fgy~k&ddBwC2t4n)<9eW^HM!T`lrfcOjlK5v;F2xamE+F@_av_I
zbpu}v?kmCd#I<iL-vUXmeNp)?kn01!2b9-AUT67t&hxJX6~9$c|2}_P`;YU`Ip@Lq
zSE%3g6h*rz*BMxzZPk71VILxl?LcV+>DuA=z1H5HIQyL3xB}<Ci=1scg_{)Ilmd5j
za8nE1wBTk2XCJbSC?^8r+op8<8&c!=Zw)0e_V#1}swb-+DI5QWG^aNYTkY5JZ!#y2
z1g4={nAY5h=)Ne(a{V=}|1!ND$^Q!UpJo$6%JdJdvHY#!V?eF>KNJ0bP<bXhhijY2
zWAMI4t#?7^(1u&z(e1-MOTS6w-}K3Qtbb{3YIfwFO&{{rm$`Lc>}KU&>LSAW_rFhu
z^9wPH_~#wS{GR6(FFn7J35{kGY0lqtsHD2%cOlB}=CwV>=c)SMXD0l-TB?$r(8g*X
zHwVdP+n=@B&V%*<=14o?SneK<_D^m*Fa{{v2Dz?4o1nPjlG_s40~$fH364kF0;LHU
z&NL)jv?MrZ151JNCYxaTmI23*<-lvr$7w)09ms79&IZakK+Zg!3zYMKoN2iLD9+R5
zoHwol%4HyhyEkL<zrZD@-Uoo?`5=%peGdW4^K(GX`QBr|cpnFH=GXDa@K1xpJrmrQ
zgHy)~!MzlmdH+0c?)i=2)bUMVyu~@?l^iRt0CiZG9|KC_EUVPdzJovY)C;NYTK-DQ
z>fcwKNWJ>k3P)Axf0aJv_l*|Qmse%I&u=BR{{BOm{TW!>{htooKW&wJB1*Y_+fKQp
z_0LFxrBW@wB42xLQ-gj#_SBxJ-%)&DP^<p=g#C3yT$cYqwe3H2xcuKn_w*X{56tG;
z5wH!%{14*Xa8PUhe?wS%l2Vrc!L{Xojd8@IrL0x|9faKsDCPQVs{am`|NZEFDAV4a
z{s9rHZO8H-&FQhA*8Hp6JzZt>Cz|rt$DLO%&7R|0jMXU4zAMj*Ioed4f4BF%Sn>Oj
zEx&)5R?6!Tb3I>HOEI^+`{bxv{=8JnXMs~HW^rBp?}rw@5?lOAsN;OKSlcVL^pst-
z7yI)kG(Ol|Mhp6{zZ>TrH2>yR>p5d(%v$}sPR?}df8wwDd&1hRYR|5;R|~a0XXSWb
ze_5th+}>Yi?2DEU^8MdNt}nBHLz?#t2-t>Tf5>TWdup{m_hEZ>t6}^d+I$bT4du|<
zKlQr9QLFw3(e1q}r7ZtLYs>!{#}dy%P^<pWqu+ZFO1XYpX}MVb>P=D}IzRg~x_=k}
zcfn0-@wxCOYX>kd(zg`XxZOW%Jy!SxMEU+-t@r5r{IY3?2@0ipGck2?S^({);=YUA
z9w562ckkd_6KG+S5x{W$fVNF>rXbf791N6+KyFVk2`EPaxxK*AKsg@BnWkw#vDL{L
zM-xyM13A|aOMr3;kaHw*{iN<QfLtRu6)0x`IoCU91LZm(r{3#<@(Cbk`?v`xw*fiJ
z;&!0i2ju>H_UM*i+0)o*?rRyr%g3y?_UMw9=O5VB<yMwQ-6TEmm~Ur=*0tiATh4Z5
z+fi&Aa?Z2TT+cd}+YhAm$N1oEBNM{!?8k7{sTROGoeJb!4cLa1)NZ!JpW4kL{D$ie
zY%j_(Ag3(Po#wYEwe(j6_b_hWBOOJ{pOv0Xt4v?}%b(|-L!X_S?WyEX(|>Nk-%Vh%
z=1`KgKvT0Bu;nS1oSa2&$yuVQ=h?z7)wO`RH=KS;(b72(r1)%&%4Cq@vxGItbAsCf
zH?5fG;m>nieNTwfAt{9iah$ZIIySYbj#IyFgiHN)A%0WS2UtJKN+4%DIteKDUpd7-
zteg$xb^zx9<zgVWJ-7@sfR6z=`}gJHTCZ}J)|J3LjH`g0C4E2G3Ooc-INQMH;L(i1
z)BFV7bo_Z)VF3y56+Rn~bE`jDnuoBKF9FIIfL9s+lR$YI$SKcczt~HN6mB>k?edu5
zw95y05*Ztu<uER|!wTGl;Eo7xDB+F_?%3cqg>!Uj#C2rywDBFc#%wH(bIFeH{1u<y
zYwO-rvNOl`AKw*q%_XZ}>BT5hHkYk!ws`I>3m!E#b5)dN#Tp=c#tB=s;p}&gc8V=l
zZXckfP*T4fi(g)81cs9v4wUlwhjmdd^~^ucBM~n|wB`D>#pUAs?>K_kzLoOO`Ppxy
z-yW%y>reJS4_ob5{aTQ@pjQ3gK>s&^Ql@{e+V(%1^Iofd_r89-Zmxd~jIPfHb;0%e
z<8gh{Ty9<5^}zaI1F!|y5o`>6%e*Jp6d2Yw&2_iL-3n|CwgJ9*?i=UZgB^fj8gPC4
zd{@vFbOZ7|aQ!Y-FR%;n85Q{<xc(K|JwPAO7wif80sj*105A{?0)v6q48`3G3<G<E
zeSrLaxWmB#pfR`+xFf+RFbRwS2ZFKSAmDWe;~oMI1&4w0U;;QCOaz9RjC%x_0*(Yn
zfuq4O!1Ggaj|=}a-05Hjm<eWq*}!oBos!Q2294RrPPCc@a=v3jT?`yYl_P<i<5ZgC
zc(I)G(QG<_Yp;-V%ym>((mZ$o{!=ri^4^K|{F>ly!1dZ4!N-HU57&~3!)C{Djt_@{
zM&L{$afjnS0!$3fanxCd<NGneX<41SDJdV$K2kpH*~Yg%m<JTgBiB(r|0=it#@6T3
z+cni$Y`RIDA*jJpu@)3ZSUE2+S6zT5D`$!wbrs{4Q|1G^`cfdb9dKTixH9`Qq<Q|!
z1#O7-&ssT}^VMpn+GQUiA<43r=^xtM=BmY#bLj7|{o54%+76{$zwNYK>d}8W`ac!X
zmg^r_uAH-$zpZ;3sI~mBLjT9t%A?M&d5i<dHr|`aL$>vMA}2Nk%Ybp%$5sI6+b03J
z4ZsqhBpcwW;={o67ldm+KD8Csi{mtxzCO;W<D&2<&TDT1&W3J|bB4PWG=kfJx|~zr
z2$W9(xjn$0K)DylsaKn$JOondwzMBZO6Pz1J6e;uAHIwkLKEeZzWKk?y9fN(nAKF2
z)bGuWmdRPTDKXq8!1>>1z`0-I(k#tBCFl8lfRff?+u+|nWAeMe>Duz||F*S<z1Pq`
zYm72&mgf+lrAjHVaSaPDr66(I^u%q6Uu&e8I#X4YMh;TB7x{|czv$-tKmV(4b17%P
z1H6c`p33ih&bphr9L%Bg8}QBMZOY}G&FBBKIdgJ$d=k0vse~DvYyH<7QrIS9$?yDM
z_JjLhGZn2<tX-AcIAG~mZ*tb@Mqq6qFK5qiB$d-P%NfQ}(oOBb_-qfBSZWV=v-Yqi
z?(QJzum{)%tRgvkr(=dX4gg8V2>j}CcPxb)6I@!aJL-)Cx(5TpnPx{@-SI%q{7ejY
zQgB{371;KU3(i(>JTO1nEUz^`GlA)w1LVxRW0&p;K+bC&jSaT|$eD)4KyDR~vo&gE
z%-fkDU3(UO%lQ1@ETaoS1GosJa2MnE+Dn2n4OfA#;OgM)m-hqXcpx~_@+7d_zgXa&
z3GPe5SyrD1%5y-ymdCe&J3_AjImh&G0`vANkTWfBfUe-@K+bY`6PV_=fSh&yQ(&9>
zB}n0Zg@0%8>)=ewPk=gp6P)q=7W4$~2B+RX0(<$Nf-~Hof%W^B;P$}%12De77P$BE
z+s;jhX)#=9JaS!vvu&@9e+S%kf-~HD_$`a|3*097weHR(_@BkMd2m}4xNY$p@Akpz
z?}^`j)hoCS@q0gFTio3X;daHZjy{EO{qWmg1_Wmr48(7L862F~>=*u#;i~t*@E;nk
zc|Sb-Y4^ix-TmNy_BVrc<&Fz(M!2Tgoe<m23Bj2bpRJQy6r6Q4C;Usoh3a%7ey2do
z3*lCVe^t1)?Hj}YiEy<8-2jK#`#id~q4j{`yFKL=I}ewB%fCla+@s0;E&u*;-{v>%
zEu(3`GMx@gm*p`7m_F@`oO#kdnfEyv{uR%!7581;6KBmi^9Mt5vNY%>>5Ip7neIKq
zKOkJws9zZj4A&J50m^A0U3+@QRNA2N4e=!6y(YcAfbCM56x;{>`=8~{FZV}NwZHJw
z-d)zV<{eqCN@rZ|<T=_eWbWDWDS#QIrT*NucPDEevF`<{JrA+^u50D%ES3A-ZQbiI
z=KVlDcdLDlvi0*Dm8YlO-OO8tR^7MD6yGM(>qvP+aDNO=%lxO{+`ZA;4WzG$yDKB7
z)lMrccW>mp)?FE8-{7(q8Js&XDL!{%6n9@zeB*+1*F~;7aQ8)V$3?CWaOXvFrzM4R
zS4(l1C53ahML8k3uJ{)Ow=}rj;Z6+hl;FC-of_Pk!I|H)f;&GrcW*x$+$F);+b<37
zszSJ{gS(*+?&HDT9-R5TBe+imXMR5&-2H`c4+Qr}A>5<EJsF(o`(kj<250)73+`)$
za4!b;av|Keg8N=@yKwFIgZpuC_W##|`*|VUo5B665bo{Z-U-gO@osQ`3C=qDYjE!c
zXC1vC+*)hq^=r7b@hckyXSfZ6+bp<U;WiI$o8Sh*Z5!Oq!I_qZ;Ccqv53W~mdj!`2
z*C)6^!F7Wh9NgZ)*<SVuZg_Cowh_S{7@YYS8{A>Rndb4qO%Bd99}(Pf!8O1gAKa|q
zc7vN8+zA<1w*TPYY-vy2f6zjm3Thqqf4oLz=dfJA7PVZ|zl0zwK&|@!MA*foK`GZi
zEDu!jThIQF*7WU&vt0ks63zK3^KZVBw0i*o-bepE5zrC9Io<xTjxOFuYj2b;eu2gg
zIF^}l>w9tS#ZmmicID{-E2rAi1GSB$DP8IAojw19J|~^;lRL|=_Qjs|a+#j!s(dkh
zU1F;COj~;~m3^J8fjB$*K1Nyl8&=!?>l%yEdm^w6;<PJ%srbbRRj%Lhqg?9gfA`S5
zyi=`|>rb=qJZ!aJ`=5PiIjA-Nm!kXan)GYe%cY+Dcc=W%h*6*{|3jMJd2Blk=6@Ea
zJ7RyXBfNV+O1b{p#-FLgGX>OI{_ZEZU!j!iuWkI9K|Du+TJ^g>@<L7J|F5Zk_f{s8
z2Bm!cUHkVSA36WMtnb^bT}|w4<jC)UTv6WTAeB`Y{3C&3J_MX;DF*{N*Xz!pltY1>
zGo=*&c>F0Yyv=)J#`_O27W@-<o#R{sp1pCq;>x)m-WPZOINlV$dp2w1rl(ZWd8kfP
zBAn@RpQb17vf$ira6hF1*LVE*pQZm~Jf=DAs~GMSxNUGxjd14uqxiLW7X-IC{)_NC
zTf8_p({%~{?zq|!{%89f7vfn5|7F3MkK6I9>(jw)h5vK-)%93#H{-|KsR7&zl>303
zdsept%tf}>DQCR5wc;8$ehMg01H(0dF9GFQAm@tmVPJeO06Ek25GZoR`u!^BQvL3a
zUpWAH?Ixi7`RD5QUz+CymreaUQDkxHCh3hQrOny4dymc`66Y#Ov96MZaE0!9^O(|k
zWN<s+Y9Ewkz;M?6a-g_(BexSc11J{&Im_Zgpj-~*Y>!s~<ugFew0ssQUjTAb!IMCF
z1<2WMQ{Ryr6TE%G*^QF=Sy%jrWlZIZmeV+%7@Rh@qtEjHYyU=bB&-9DWil67S4tC*
z8wKV7<pdySSu6m`GLX1bkEaG_{eKuJ=K#amhd%<8RF4DkUy(8SlMjZIyEeFw<I35#
zZVc|O;D+Pg9o*x%sgFo?r2g_K(hjmM-Ib9!NV~<hK&_RnE?FyEk-NpF_H<nSXYUFw
z)Pwkjv0lS{1kVs$pZb#99-OTQ(c<Z~ce%5!Tpyg_Zo<DOuDi;fwujt;rw{I}!D-=c
z!`};6i^u;=uU5|<@Y&!@!`+@l9tduG#)q=!_tHBzZNCkL^@=!?MK#?|1ou?v84CAI
zaL)&)6@CT3t>@L?y!M3%_ub$&hkFgbR>HR?J-rop6VJ)GzX(pt{04qo^Dl!_@AvU5
z&N%fN?zebs-S1>;NAH%kezw2mSNfC1G|eqn82i8|whm*z1=wDd5kT%X;25ts9?Mx<
zhlJl+9RQTH&#jHJ#uROn*GvRSpZ!yAI2a9-2|&&kb2v~^-*qfo633Rf;no8yz)Y|b
z$XVLnJG69?T{heqU^+Mx7|!_41@pkgAjNkHer^4w!EJ|YA6L&c!5QDRz?!-)IQwj}
zEtaA2*&1#Q|6So)PM-qGgTQds=tJS}4k5P}=&c7yPwHBxsh16oaHcQaC)g)A^``ez
zMg*r`=S9l6;H-;-!#^=x$K+jFafUk*PB|vdIe+o#US)c4JK&!YTvKp6!g>EnNmgnQ
ze(!Thdml^JGDvf?#EpSF$&*O3Qd*8Pg3~hT?F!Bf?xNtj!8zwrt_aTEpeut*7Rk1!
zMN+gbdhK<e3cuDt&K|49)GwFYYg=k%Y;|5?8&{?P!`iQo1j?~M&bF^*Q>Fts<DUh(
zfYiRt>kOcr3{tpL@!J+o1B<z;p6@X@LX<x{Qtg|l_7<%|wf7%u+uNzO|6#1Vg3DqL
z>;IO&MQ!<)zjs>w-9+t2wYxpFl~7yvk&+F!Mfp77QhtvuUH=Yiw!qmXRe#)nIEgc>
zKyeOIHE@vocg~-@@~~|EJuDjy%3{i&e^YOg^3eI&520Usu9WN7(v*w)AIk{h_+c8#
zL+59`leH62%JpkW%0>Mt@3rb5jqYw5gG{>dyI{@SzZBOK&Q?zh?&RRK7^{LiJve(^
z+DSS$I7gK8BHTs6^?<uLxGRF|3U_62*9GT1@cQ6x4$f<D3GS1@X({gv?%v?Gfx9ob
z2ZP%M?xElw56-7No(S%#;CjP79o(03Q%R=#E2bgcUpXeOF%8GAS-$?P{>(z^iNAW{
zt@k?qw;(=q&N~|Wte$j}IE%9GHUs9{24+3V?FLd?9vqx=xjjqU-(K0Ol3*ob`*W`3
z+$EJ-N$~8{pGeZWCJQNR|9fTYi#%Lgzp4E@&#P7caCAHNDdqZ8ndM=t{h~k9t8S%Q
znAY5e=pR&5{;jKWG5_-kl54L`|JTvIqB&aI$=<*O*`G%OWfYKeX60yaxPyS4ZS795
z7H~Eyw>9`A=mI_s<Te6_0_EF4&Kb70M0pj|T58z^Rey}NDE4MKEt@$~oWIIxodyDB
z2&mk1di<JGOj@MJ(Xl6}Hd86yqcKh`PqNgh)GQ(AhRRrAI7ePfP)Tc_{`gY~rS;44
zaEBWRnGEt0D*grD%6F;CpFgf{f94VAWf$-8vhk;O^S|!@pCypm=s4PfZFEa;Fi=u^
z+yZ}Uk7*5ZHQZDKA+v$k$~6IH5y;zZ<q4;B7c_m>Vg@Vk^7kj(zyDxcZdi7bNzBrq
zo5Vh7x*X}W1CET2gmT(}en7Dg$~mlRClqZ&;*u5CUdU-C`T)hXt(-dYnRUK*Ag8|h
zKymLO#kVwLDsM-q*Y%l__8hdPXJkyi&)~JrT+Rbp;){UXTEKmTB4=8z0OtQnkiuPs
zzbCMs<P4`<lvHNAjta)_evaWxlWSlt{Qe-t(F4CS8l-T^!XF5iw*y10E;CrIHZd9>
znLTsw7mxe0_cDTY>k3wL)xJ%umddwjoqL#f>#f@T^!C<F{TS!^@vjeV^*_)(nz;Lr
z@6oi05%|a8ADLY>2Bv&{=W~or^o8^t!+h2Cw_|?iR&rKWo8op2|83#gzAV4B!R^7}
zG|Qd%@-jU+TTSo4vE^*p+kcM>cUo||6M-@l7|!-R3n;c9IcJNhy)F*Uw4}D1+NL_}
zcV3e?+xk7ACwK^WZY}UIkoz2vv+cYD9236*<eW*L1(Y9v6z&iBwM%~tZhc(eUA0|q
zi)%R3vLhbLVCUfa;eQP%dk1GZyT9dFo1TX?efbVdrTjLA)BZUNN@KKTV0snHmT0nB
z(eb$D_A4KMZ6)b_lh)5KTaIt;{lhD9vUqiq6#L=<kfwJ8P``cAKA6@LZ~kLaHxAp3
z!;_Y?G87nx_N1+LeLA7jHwHW2NB1M<N+128eay7@oUwb-b30@!Y%#+rBfmrH^S~pq
zEw=Xkc>i%d++wV&m=6xZo)@1;s*GLLcC#$|WyC%;OW7RaZu!Kq?f!$T50B>hdj7^@
zdpkh3=QOYV2!7u=UXFV%uy1Kw{#XA0C;{gH-VJlCc^p@}unBk?kM`!d;I!{A;a?Ni
zJ4*b|Y_E5uM&bWiaO>jt&XjYZ;+?5~hjWa2E5aGKcc~h2e-)hTs9)pP?s<ob|5+M-
zho?9GcY?#4ebYo6_?O_k_HX#*{$AkxZh>Qj-}{2@)Bw`68Joaa%efs`me~mB9r-tl
z^Y{Fm?^JsdF|7fKBD+7I;=Yz+<vJi|U%M0-?q(oo`CbC#%I6Q&ze{-Uy?@k*WpU{y
z*$t2J+o#=0Qw9RL31ARV?BjB|G?v~0t*kUxFP}8_%qF6G=3cq&EZW=3YP>6PR(o@#
zz4=@oXUlSPjCIVLf^B#0F#&fLJ667rThVAueNby%en+IOw_3)c`M>5nYR*^=A#b%m
zh5JG0&;PHFe;s+=x!U^GZ!qVUVtdNI{`&u~m`5IywWHN*zqUS;o|?9|I4iy^+EL3l
zs~ec*%+J0&?K{-|1z6v%UeUrojTQAYEYDzm`?WaZUk!9kzXaBI<W^)o(r?52&Q|J^
z)8J2GZsnU?mTkUj(!zJFZ72KUUwxd%Jh0kdfd8-SclGYX9ZA0GzuQ-4pRLLE#xKW#
z9l<J~oC)M^17`u{JRo-mI3Fk%1G(wIu}n$hoBJ7FzX9+X!#M`u4b}wr0XgRYp8;}d
z&FHm{1@|m&3ilj-$C(#{`#A0`;eRPy=Q0NsxO{9+UtAc>ndz(9#t%OFz5kC_HzevT
zrMgKRfm6<1dD(vLSBdL`e{Jmk>hGUcRvpE$u@7l4{zdlLg|X{|u197SXxv3f`gC0t
zE3O(1=XiGjJ+G*vqPf=RfAV$F2mgx?T7&eZLdRs+Z6BmxwEXgpPXzewhWWJf+*)@h
z_HvtB+uq~x#8b~3A*;_&Y(x{IeXhjvxt7$%rkQ42HPtewTI-fM-7d>%{$|ej%&IQt
z4d_YO($&9n;oqM3P1oi8(<-}rRo;K565>SG<<6^?P`YiUvbYn{)>?WgDRmBe%xb-~
z{ZeS}{oFKHbsy-kI^r)&v-Y$8_kJsX!`3qNZ>Chnygi8dU;Bj<6d-9=s{y|)TG1ls
z7Bo9-^GCa)J<<A_URRR+ft+?PtvVcu<h1av7>9t-AaU-@O$XzHb99&h7J!Mt9gLfH
z*^dg&_+|k0%q(yx;5RP|gEPKGz#Yyd!5xC@E{kbc5w0Uu+SN~-d2`id-c|y`n<n>+
z%AOx>`)&05mwsR6SxmY~df+kkFM^&y_73iL++Bkk5S)ju@f1tcYj*;!ca%mTw*?pu
z6iZ*uoUY8~VQF_#E1bS?<49U<zExX)*OH`_bh04bh_PBf>6nEZPKsw|R!%FGTXXBS
z{7Y=b@um8gaK{nHlsYU!*$gaMoz3cuyQOV!If|vYcP8%gb!+)s5cd85&cA|aKPun#
zsD9VPzFp7AV5zy@w>8efw~(=~veu}q|Lr0FJztYO0!`&B#n!zi)wTAp{#_BrNdGFA
zGrqjv49UKjwhOV|473UMB<I!6R&NDz+LKQM&)o;)wg#U9U4V0VIj!X9fY&|(<h0J0
z0_6!H=So>ypnL(yIfmMj6>VP{dD;t?UC^9Tk8aDU<~wJzIldz}Q=C%uS^TE%f#95Z
zm^<ZRkitER-*Ary*ALfRDk=4ze+uY61H5*B@FY;411Y{2@Eh){!HvOv9w=W2DcsBW
zdw^Ghb3O4AP`(Qcrv?8JFx;C!&RY5fu;ktXa*nCr1In*K((zaP)xL?+o<&aYMNFh8
zxw`hwO8ytyY+J>Zi7D(2<BnAIl}2&jVKkx3SLDTcq@(Lx+Ozu)%h)kEnB(*pMJEwc
zHEU7Z=(RMn82JvN)?y{`&m#7Uwdh6sd(@P#)OW4tdPcwUZ@A1O*7ZQTpHtk=swJ;w
z&%X_8e!C3?ZHUjGoy@t;AobZcf;Q7@5%`QaD%bCvv0UnT{?2D_yP065On?9E$$&gu
zTfaTXe-}<V!q=LAzkcJBwn}^Yok^F8`qgVct5yH8=)bl(QWLTT1|ivwE%C_h5S(`B
zHxaraxIH-T>IKNI!8sq_Ex7%H)6N})-}sIWPW$9rAgAKa3~mno{gXdjM-xXK4zo8v
zs^@N8X&-ERZZ;<C;VbCdT8?})T>7o4KSx=nQ8$U>pQ&&q?O3U#`FB_RY21>lo=UH%
zF5cU2`Ak3q7O<Xs-3Oqc<M-TMS+|_2Cwt|XQvP;aEw(ttHksIJx9nxBZSz_F)_O5r
zxxZxzSFHH4#Pz{<0A~|RwLOJe>~G6av63>|RsA!))pwU%57x7~X>a!I__I+P`EPF)
z(bjVc#<>9)QO9a5%_dU2)AFQUwT_OB)=gXY4qS7Wul=j9y3E^DP<BtbWt*t%$yQ$%
LIr`MUi~N58*bBX?

diff --git a/src/anytun.vcproj b/src/anytun.vcproj
index c64c5da..37ca622 100644
--- a/src/anytun.vcproj
+++ b/src/anytun.vcproj
@@ -6,7 +6,6 @@
 	ProjectGUID="{12460D00-D78A-4C68-BDE2-9E3B2F9CD0F3}"
 	RootNamespace="anytun"
 	Keyword="Win32Proj"
-	AssemblyReferenceSearchPaths="&quot;..\..\..\..\Program Files\boost\boost_1_35_0&quot;"
 	TargetFrameworkVersion="196613"
 	>
 	<Platforms>
@@ -28,6 +27,7 @@
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -43,9 +43,8 @@
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				AdditionalOptions="/I &quot;C:\Program Files\boost\boost_1_35_0\&quot;"
 				Optimization="0"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
 				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="3"
@@ -96,6 +95,82 @@
 			/>
 		</Configuration>
 		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+				ForcedIncludeFiles=""
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MDd.lib"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				IgnoreAllDefaultLibraries="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
 			Name="Release|Win32"
 			OutputDirectory="Release"
 			IntermediateDirectory="Release"
@@ -103,6 +178,458 @@
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MD.lib"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MD.lib"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Service Debug|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="4"
+				ForcedIncludeFiles=""
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MDd.lib"
+				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				IgnoreAllDefaultLibraries="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Service Debug|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="3"
+				ForcedIncludeFiles=""
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MDd.lib"
+				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				IgnoreAllDefaultLibraries="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Service Release|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MD.lib"
+				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Service Release|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libeay32MD.lib"
+				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug with gcrypt|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -118,12 +645,15 @@
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
-				RuntimeLibrary="2"
+				Optimization="0"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
-				Detect64BitPortabilityProblems="false"
-				DebugInformationFormat="3"
+				DebugInformationFormat="4"
+				ForcedIncludeFiles=""
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
@@ -136,13 +666,12 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MD.lib"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
+				IgnoreAllDefaultLibraries="false"
 				GenerateDebugInformation="true"
 				SubSystem="1"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
 				TargetMachine="1"
 			/>
 			<Tool
@@ -168,13 +697,14 @@
 			/>
 		</Configuration>
 		<Configuration
-			Name="Service Debug|Win32"
-			OutputDirectory="$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
+			Name="Debug with gcrypt|x64"
+			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
+			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 			ConfigurationType="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -187,19 +717,18 @@
 			/>
 			<Tool
 				Name="VCMIDLTool"
+				TargetEnvironment="3"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				AdditionalOptions="/I &quot;C:\Program Files\boost\boost_1_35_0\&quot;"
 				Optimization="0"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
 				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="3"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
-				Detect64BitPortabilityProblems="false"
-				DebugInformationFormat="4"
+				DebugInformationFormat="3"
 				ForcedIncludeFiles=""
 			/>
 			<Tool
@@ -213,14 +742,13 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MDd.lib"
-				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
 				IgnoreAllDefaultLibraries="false"
 				GenerateDebugInformation="true"
 				SubSystem="1"
-				TargetMachine="1"
+				TargetMachine="17"
 			/>
 			<Tool
 				Name="VCALinkTool"
@@ -245,13 +773,14 @@
 			/>
 		</Configuration>
 		<Configuration
-			Name="Service Release|Win32"
+			Name="Release with gcrypt|Win32"
 			OutputDirectory="$(ConfigurationName)"
 			IntermediateDirectory="$(ConfigurationName)"
 			ConfigurationType="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -267,7 +796,7 @@
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
@@ -285,8 +814,7 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MD.lib"
-				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
 				GenerateDebugInformation="true"
@@ -318,13 +846,14 @@
 			/>
 		</Configuration>
 		<Configuration
-			Name="Debug|x64"
+			Name="Release with gcrypt|x64"
 			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 			ConfigurationType="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -341,16 +870,12 @@
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				AdditionalOptions="/I &quot;C:\Program Files\boost\boost_1_35_0\&quot;"
-				Optimization="0"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
+				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
 				DebugInformationFormat="3"
-				ForcedIncludeFiles=""
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
@@ -363,12 +888,13 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MDd.lib"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
-				IgnoreAllDefaultLibraries="false"
 				GenerateDebugInformation="true"
 				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
 				TargetMachine="17"
 			/>
 			<Tool
@@ -394,13 +920,14 @@
 			/>
 		</Configuration>
 		<Configuration
-			Name="Release|x64"
-			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
-			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
+			Name="Service Debug with gcrypt|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
 			ConfigurationType="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -413,16 +940,19 @@
 			/>
 			<Tool
 				Name="VCMIDLTool"
-				TargetEnvironment="3"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
-				RuntimeLibrary="2"
+				Optimization="0"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
 				Detect64BitPortabilityProblems="false"
-				DebugInformationFormat="3"
+				DebugInformationFormat="4"
+				ForcedIncludeFiles=""
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
@@ -435,14 +965,14 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MD.lib"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
+				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
+				IgnoreAllDefaultLibraries="false"
 				GenerateDebugInformation="true"
 				SubSystem="1"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				TargetMachine="17"
+				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
@@ -467,13 +997,14 @@
 			/>
 		</Configuration>
 		<Configuration
-			Name="Service Debug|x64"
+			Name="Service Debug with gcrypt|x64"
 			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 			ConfigurationType="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -490,9 +1021,8 @@
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				AdditionalOptions="/I &quot;C:\Program Files\boost\boost_1_35_0\&quot;"
 				Optimization="0"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
 				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="3"
@@ -513,7 +1043,7 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MDd.lib"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
 				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
@@ -545,13 +1075,88 @@
 			/>
 		</Configuration>
 		<Configuration
-			Name="Service Release|x64"
+			Name="Service Release with gcrypt|Win32"
+			OutputDirectory="$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="false"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
+				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
+				LinkIncremental="2"
+				AdditionalLibraryDirectories=""
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Service Release with gcrypt|x64"
 			OutputDirectory="$(PlatformName)\$(ConfigurationName)"
 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 			ConfigurationType="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
+				CommandLine="win32/make_version_h.bat"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
@@ -568,7 +1173,7 @@
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				PreprocessorDefinitions="LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;USE_SSL_CRYPTO;NO_DAEMON;NO_EXEC;WIN32_LEAN_AND_MEAN;BOOST_ALL_DYN_LINK"
+				PreprocessorDefinitions="_WIN32_WINNT=0x0501;LOG_FILE;LOG_STDOUT;LOG_WINEVENTLOG;WIN_SERVICE;WIN32_LEAN_AND_MEAN;NOMINMAX;BOOST_ALL_DYN_LINK;ssize_t=long"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
@@ -586,7 +1191,7 @@
 			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MD.lib"
+				AdditionalDependencies="libgcrypt.lib libgpg-error.lib"
 				OutputFile="$(OutDir)\$(ProjectName)svc.exe"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories=""
@@ -664,10 +1269,6 @@
 				>
 			</File>
 			<File
-				RelativePath=".\daemon.hpp"
-				>
-			</File>
-			<File
 				RelativePath=".\datatypes.h"
 				>
 			</File>
@@ -708,6 +1309,10 @@
 				>
 			</File>
 			<File
+				RelativePath=".\nullDaemon.h"
+				>
+			</File>
+			<File
 				RelativePath=".\options.h"
 				>
 			</File>
@@ -748,6 +1353,14 @@
 				>
 			</File>
 			<File
+				RelativePath=".\win32\signalHandler.hpp"
+				>
+			</File>
+			<File
+				RelativePath=".\win32\signalServiceHandler.hpp"
+				>
+			</File>
+			<File
 				RelativePath=".\syncBuffer.h"
 				>
 			</File>
@@ -784,6 +1397,10 @@
 				>
 			</File>
 			<File
+				RelativePath=".\sysExec.h"
+				>
+			</File>
+			<File
 				RelativePath=".\threadUtils.hpp"
 				>
 			</File>
@@ -872,6 +1489,10 @@
 				>
 			</File>
 			<File
+				RelativePath=".\nullDaemon.cpp"
+				>
+			</File>
+			<File
 				RelativePath=".\options.cpp"
 				>
 				<FileConfiguration
@@ -883,6 +1504,14 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
+					Name="Debug|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
 					Name="Release|Win32"
 					>
 					<Tool
@@ -891,6 +1520,14 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
+					Name="Release|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
 					Name="Service Debug|Win32"
 					>
 					<Tool
@@ -899,6 +1536,14 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
+					Name="Service Debug|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
 					Name="Service Release|Win32"
 					>
 					<Tool
@@ -907,7 +1552,7 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
-					Name="Debug|x64"
+					Name="Service Release|x64"
 					>
 					<Tool
 						Name="VCCLCompilerTool"
@@ -915,7 +1560,7 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
-					Name="Release|x64"
+					Name="Debug with gcrypt|Win32"
 					>
 					<Tool
 						Name="VCCLCompilerTool"
@@ -923,7 +1568,7 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
-					Name="Service Debug|x64"
+					Name="Debug with gcrypt|x64"
 					>
 					<Tool
 						Name="VCCLCompilerTool"
@@ -931,7 +1576,47 @@
 					/>
 				</FileConfiguration>
 				<FileConfiguration
-					Name="Service Release|x64"
+					Name="Release with gcrypt|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release with gcrypt|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Service Debug with gcrypt|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Service Debug with gcrypt|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Service Release with gcrypt|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						PreprocessorDefinitions="ANYTUN_OPTIONS"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Service Release with gcrypt|x64"
 					>
 					<Tool
 						Name="VCCLCompilerTool"
@@ -1004,6 +1689,10 @@
 				>
 			</File>
 			<File
+				RelativePath=".\sysExec.cpp"
+				>
+			</File>
+			<File
 				RelativePath=".\win32\tunDevice.cpp"
 				>
 			</File>
diff --git a/src/bsd/tunDevice.cpp b/src/bsd/tunDevice.cpp
index 4fdd5fd..9cd58df 100644
--- a/src/bsd/tunDevice.cpp
+++ b/src/bsd/tunDevice.cpp
@@ -54,7 +54,7 @@
 
 #define DEVICE_FILE_MAX 255
 
-TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400)
+TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400),sys_exec_(NULL)
 {
   std::string device_file = "/dev/";
   bool dynamic = true;
@@ -149,7 +149,7 @@ void TunDevice::init_post()
   }
 }
 
-#elif defined(__GNUC__) && defined(__FreeBSD__)
+#elif defined(__GNUC__) && (defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
 
 void TunDevice::init_post()
 {
@@ -262,7 +262,7 @@ void TunDevice::do_ifconfig()
   else {
 #if defined(__GNUC__) && defined(__OpenBSD__)
     args.push_back("link0");
-#elif defined(__GNUC__) && defined(__FreeBSD__)
+#elif defined(__GNUC__) && (defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
     args.push_back("up");
 #elif defined(__GNUC__) && defined(__NetBSD__)
         // nothing to be done here
@@ -270,6 +270,12 @@ void TunDevice::do_ifconfig()
  #error This Device works just for OpenBSD, FreeBSD or NetBSD
 #endif
   }
+  sys_exec_ = new SysExec("/sbin/ifconfig", args);
+}
 
-  anytun_exec("/sbin/ifconfig", args);
+void TunDevice::waitUntilReady()
+{
+  if(sys_exec_)
+    SysExec::waitAndDestroy(sys_exec_);
 }
+
diff --git a/src/configure b/src/configure
index 5381010..bcadb99 100755
--- a/src/configure
+++ b/src/configure
@@ -143,22 +143,36 @@ fi
 
 rm -f include.mk
 case $TARGET in 
-	Linux)
-		rm -rf tunDevice.cpp
-		ln -sf linux/tunDevice.cpp 
+  Linux)
+    rm -f tunDevice.cpp
+    ln -sf linux/tunDevice.cpp 
+    rm -f signalHandler.hpp
+    ln -sf posix/signalHandler.hpp
+    rm -f sysExec.hpp
+    ln -sf posix/sysExec.hpp
+    rm -f daemonService.h daemonService.cpp
+    ln -sf posix/posixDaemon.h daemonService.h
+    ln -sf posix/posixDaemon.cpp daemonService.cpp
     echo "loading Linux specific TUN Device"
-	;;
-	OpenBSD|FreeBSD|NetBSD)
-		rm -rf tunDevice.cpp
-		ln -sf bsd/tunDevice.cpp 
+  ;;
+  OpenBSD|FreeBSD|NetBSD|GNU/kFreeBSD)
+    rm -f tunDevice.cpp
+    ln -sf bsd/tunDevice.cpp 
+    rm -f signalHandler.hpp
+    ln -sf posix/signalHandler.hpp
+    rm -f sysExec.hpp
+    ln -sf posix/sysExec.hpp
+    rm -f daemonService.h daemonService.cpp
+    ln -sf posix/posixDaemon.h daemonService.h
+    ln -sf posix/posixDaemon.cpp daemonService.cpp
     echo "loading BSD specific TUN Device"
     CXXFLAGS=$CXXFLAGS' -I/usr/local/include'
     LDFLAGS=$LDFLAGS' -L/usr/local/lib'
-	;;
-	*)
-		echo "Plattform not supported"
+  ;;
+  *)
+    echo "platform not supported"
     exit 1
-	;;
+  ;;
 esac
 
 case $CRYPTO_LIB in
@@ -241,4 +255,33 @@ else
   echo "not installing example files"
 fi
 
+VERSION=`cat ../version`
+if which svn >/dev/null; then
+  SVN_REV=`svn info | grep "^Revision: " | awk '{print($2)}'`
+  if [ -n "$SVN_REV" ]; then
+    VERSION="$VERSION (svn$SVN_REV)"
+  fi
+fi
+HOSTNAME=`hostname`
+DATE=`date +"%d.%m.%Y %H:%M:%S %Z"`
+
+cat >> version.h <<EOF
+/* 
+ * anytun version info
+ *
+ * this file was created automatically
+ * do not edit this file directly
+ * use ./configure instead
+ */
+
+#ifndef ANYTUN_version_h_INCLUDED
+#define ANYTUN_version_h_INCLUDED
+
+#define VERSION_STRING_0 " version $VERSION"
+#define VERSION_STRING_1 "built on $HOSTNAME, $DATE"
+
+#endif
+
+EOF
+
 exit 0
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
index c171c15..f8ac938 100644
--- a/src/cryptinit.hpp
+++ b/src/cryptinit.hpp
@@ -38,8 +38,6 @@
 #include <gcrypt.h>
 
 // boost thread callbacks for libgcrypt
-#if defined(BOOST_HAS_PTHREADS)
-
 static int boost_mutex_init(void **priv)
 {
   boost::mutex *lock = new boost::mutex();
@@ -71,10 +69,6 @@ static struct gcry_thread_cbs gcry_threads_boost =
 { GCRY_THREAD_OPTION_USER, NULL,
   boost_mutex_init, boost_mutex_destroy,
   boost_mutex_lock, boost_mutex_unlock };
-#else
-#error this libgcrypt thread callbacks only work with pthreads
-#endif
-
 
 #define MIN_GCRYPT_VERSION "1.2.0"
 
@@ -110,4 +104,17 @@ bool initLibGCrypt()
 #endif
 #endif
 
+bool initCrypto()
+{
+#ifndef NO_CRYPT
+#ifndef USE_SSL_CRYPTO
+  return initLibGCrypt();
+#else
+  return true;
+#endif
+#else
+  return true;
+#endif
+}
+
 #endif
diff --git a/src/daemon.hpp b/src/daemon.hpp
deleted file mode 100644
index 04834ca..0000000
--- a/src/daemon.hpp
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- *  anytun
- *
- *  The secure anycast tunneling protocol (satp) defines a protocol used
- *  for communication between any combination of unicast and anycast
- *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
- *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
- *  ethernet, ip, arp ...). satp directly includes cryptography and
- *  message authentication based on the methodes used by SRTP.  It is
- *  intended to deliver a generic, scaleable and secure solution for
- *  tunneling and relaying of packets of any protocol.
- *
- *
- *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
- *                          Christian Pointner <satp@wirdorange.org>
- *
- *  This file is part of Anytun.
- *
- *  Anytun is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  any later version.
- *
- *  Anytun is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef ANYTUN_daemon_hpp_INCLUDED
-#define ANYTUN_daemon_hpp_INCLUDED
-#ifndef NO_DAEMON
-
-#include <poll.h>
-#include <fcntl.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "log.h"
-#include "anytunError.h"
-
-#ifndef NO_PRIVDROP
-class PrivInfo
-{
-public:
-  PrivInfo(std::string const& username, std::string const& groupname)
-  {
-    pw_ = NULL;
-    gr_ = NULL;
-    
-    if(username == "")
-      return;
-
-    pw_ = getpwnam(username.c_str());
-    if(!pw_)
-      AnytunError::throwErr() << "unkown user " << username;
-    
-    if(groupname != "")
-      gr_ = getgrnam(groupname.c_str());
-    else
-      gr_ = getgrgid(pw_->pw_gid);
-    
-    if(!gr_)
-      AnytunError::throwErr() << "unkown group " << groupname;
-  }
-
-  void drop()
-  {
-    if(!pw_ || !gr_)
-      return;
-
-    if(setgid(gr_->gr_gid))
-      AnytunError::throwErr() << "setgid('" << gr_->gr_name << "') failed: " << AnytunErrno(errno);
-    
-    gid_t gr_list[1];
-    gr_list[0] = gr_->gr_gid;
-    if(setgroups (1, gr_list))
-      AnytunError::throwErr() << "setgroups(['" << gr_->gr_name << "']) failed: " << AnytunErrno(errno);
-    
-    if(setuid(pw_->pw_uid))
-      AnytunError::throwErr() << "setuid('" << pw_->pw_name << "') failed: " << AnytunErrno(errno);
-    
-    cLog.msg(Log::PRIO_NOTICE) << "dropped privileges to " << pw_->pw_name << ":" << gr_->gr_name;
-  }
-
-private:
-  struct passwd* pw_;
-  struct group* gr_;
-};
-#endif
-
-void do_chroot(std::string const& chrootdir)
-{
-  if (getuid() != 0)
-    AnytunError::throwErr() << "this program has to be run as root in order to run in a chroot";
-
-  if(chroot(chrootdir.c_str()))
-    AnytunError::throwErr() << "can't chroot to " << chrootdir;
-
-  cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
-  if(chdir("/"))
-    AnytunError::throwErr() << "can't change to /";
-}
-
-void daemonize()
-{
-  std::ofstream pidFile;
-  if(gOpt.getPidFile() != "") {
-    pidFile.open(gOpt.getPidFile().c_str());
-    if(!pidFile.is_open())
-      AnytunError::throwErr() << "can't open pid file (" << gOpt.getPidFile() << "): " << AnytunErrno(errno);
-  }
-
-  pid_t pid;
-
-  pid = fork();
-  if(pid < 0)
-    AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
-
-  if(pid) exit(0);
-
-  umask(0);
-
-  if(setsid() < 0)
-    AnytunError::throwErr() << "daemonizing failed at setsid(): " << AnytunErrno(errno) << ", exitting";
-
-  pid = fork();
-  if(pid < 0)
-    AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
-
-  if(pid) exit(0);
-
-  if ((chdir("/")) < 0)
-    AnytunError::throwErr() << "daemonizing failed at chdir(): " << AnytunErrno(errno) << ", exitting";
-
-//  std::cout << "running in background now..." << std::endl;
-
-  int fd;
-//  for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
-  for (fd=0;fd<=2;fd++) // close all file descriptors
-    close(fd);
-  fd = open("/dev/null",O_RDWR);        // stdin
-  if(fd == -1)
-    cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdin";
-  else {
-    if(dup(fd) == -1)   // stdout
-      cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdout";
-    if(dup(fd) == -1)   // stderr
-      cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stderr";
-  }
-
-  if(pidFile.is_open()) {
-    pid_t pid = getpid();
-    pidFile << pid;
-    pidFile.close();
-  }
-}
-#endif
-#endif
diff --git a/src/datatypes.h b/src/datatypes.h
index 4e5977d..ba34614 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -65,4 +65,6 @@ typedef int system_error_t;
 typedef DWORD system_error_t;
 #endif	  
 
+#define MAX_PACKET_LENGTH 1600
+
 #endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 6b102b9..25b7cf0 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -79,7 +79,7 @@ void KeyDerivation::calcMasterKey(std::string passphrase, u_int16_t length)
   }
 
 #ifndef USE_SSL_CRYPTO
-  Buffer digest(gcry_md_get_algo_dlen(GCRY_MD_SHA256));
+  Buffer digest(static_cast<u_int32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
   gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
 #else
   Buffer digest(u_int32_t(SHA256_DIGEST_LENGTH));
@@ -108,7 +108,7 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, u_int16_t length)
   }
 
 #ifndef USE_SSL_CRYPTO
-  Buffer digest(gcry_md_get_algo_dlen(GCRY_MD_SHA1));
+  Buffer digest(static_cast<u_int32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
   gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
 #else
   Buffer digest(u_int32_t(SHA_DIGEST_LENGTH));
diff --git a/src/linux/tunDevice.cpp b/src/linux/tunDevice.cpp
index 57b1c7c..ee6ac0e 100644
--- a/src/linux/tunDevice.cpp
+++ b/src/linux/tunDevice.cpp
@@ -50,7 +50,7 @@
 #include "anytunError.h"
 #include "sysExec.h"
 
-TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400)
+TunDevice::TunDevice(std::string dev_name, std::string dev_type, std::string ifcfg_addr, u_int16_t ifcfg_prefix) : conf_(dev_name, dev_type, ifcfg_addr, ifcfg_prefix, 1400), sys_exec_(NULL)
 {
 	struct ifreq ifr;
 	memset(&ifr, 0, sizeof(ifr));
@@ -161,5 +161,11 @@ void TunDevice::do_ifconfig()
   std::ostringstream mtu_ss;
   mtu_ss << conf_.mtu_;
   StringVector args = boost::assign::list_of(actual_name_)(conf_.addr_.toString())("netmask")(conf_.netmask_.toString())("mtu")(mtu_ss.str());
-  anytun_exec("/sbin/ifconfig", args);
+  sys_exec_ = new SysExec("/sbin/ifconfig", args);
+}
+
+void TunDevice::waitUntilReady()
+{
+  if(sys_exec_)
+    SysExec::waitAndDestroy(sys_exec_);
 }
diff --git a/src/man/Makefile b/src/man/Makefile
deleted file mode 100644
index adc9919..0000000
--- a/src/man/Makefile
+++ /dev/null
@@ -1,57 +0,0 @@
-##
-##  anytun
-##
-##  The secure anycast tunneling protocol (satp) defines a protocol used
-##  for communication between any combination of unicast and anycast
-##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
-##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
-##  ethernet, ip, arp ...). satp directly includes cryptography and
-##  message authentication based on the methodes used by SRTP.  It is
-##  intended to deliver a generic, scaleable and secure solution for
-##  tunneling and relaying of packets of any protocol.
-##
-##
-##  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
-##                          Christian Pointner <satp@wirdorange.org>
-##
-##  This file is part of Anytun.
-##
-##  Anytun is free software: you can redistribute it and/or modify
-##  it under the terms of the GNU General Public License as published by
-##  the Free Software Foundation, either version 3 of the License, or
-##  any later version.
-##
-##  Anytun is distributed in the hope that it will be useful,
-##  but WITHOUT ANY WARRANTY; without even the implied warranty of
-##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-##  GNU General Public License for more details.
-##
-##  You should have received a copy of the GNU General Public License
-##  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
-##
-
-VERSION=$(shell cat ../../version)
-
-MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8
-XML := $(MANPAGES:%.8=%.8.xml) 
-
-.PHONY: clean
-
-all: manpage
-
-define create-manpage
-	a2x -f manpage $(1)
-	@ sed -i -e 's/\[FIXME: source\]/anytun ${VERSION}/' $(2)
-	@ sed -i -e 's/\[FIXME: manual\]/$(2:.8=) user manual/' $(2)
-	@ sed -i -e 's/^\($(subst -,\\-,$(2:.8=))\)$$/\\fB\1\\fR/' $(2)
-	@ sed -i -e 's/^  \[ \([^ ]*\)/  [ \\fB\1\\fR/' $(2)
-endef
-
-%.8: %.8.txt
-	$(call create-manpage,$<,$@)
-
-manpage: $(MANPAGES)
-
-clean:
-	rm -f $(MANPAGES)
-	rm -f $(XML)
diff --git a/src/man/anyrtpproxy.8.txt b/src/man/anyrtpproxy.8.txt
deleted file mode 100644
index a92d2e6..0000000
--- a/src/man/anyrtpproxy.8.txt
+++ /dev/null
@@ -1,150 +0,0 @@
-anyrtpproxy(8)
-==============
-
-NAME
-----
-anyrtpproxy - anycast rtpproxy
-
-SYNOPSIS
---------
-
-....
-anyrtpproxy
-  [ -h|--help ]
-  [ -D|--nodaemonize ]
-  [ -C|--chroot ]
-  [ -u|--username <username> ]
-  [ -H|--chroot-dir <directory> ]
-  [ -P|--write-pid <filename> ]
-  [ -i|--interface <ip-address> ]
-  [ -s|--control <hostname|ip>[:<port>] ]
-  [ -p|--port-range <start> <end> ]
-  [ -n|--nat ]
-  [ -o|--no-nat-once ]
-  [ -S|--sync-port port> ]
-  [ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
-....
-
-
-DESCRIPTION
------------
-
-*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
-the same control protocol than rtpproxy though it can be controled through the nathelper
-plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun* 
-to sync the session information among all anycast instances.
-
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
-   This option instructs *anyrtpproxy* to run in the foreground
-   instead of becoming a daemon.
-
-*-C, --chroot*::
-   chroot and drop privileges
-
-*-u, --username <username>*::
-   if chroot change to this user
-
-*-H, --chroot-dir <directory>*::
-   chroot to this directory
-
-*-P, --write-pid <filename>*::
-   write pid to this file
-
-*-i, --interface <ip address>*::
-  The local interface to listen on for RTP packets
-
-*-s, --control <hostname|ip>[:<port>]*::
-   The local address and port to listen on for control messages from openser
-
-*-p, --port-range <start> <end>*::
-   A pool of ports which should be used by *anyrtpproxy* to relay RTP packets. 
-   The range may not overlap between the anycast instances
-
-*-n, --nat*::
-   Allow to learn the remote address and port in order to handle clients behind nat.
-   This option should only be enabled if the source is authenticated (i.e. through 
-   *anytun*) 
-
-*-o, --no-nat-once*::
-   Disable learning of remote address and port in case the first packet does not 
-   come from the client which is specified by openser during configuration. Invoking
-   this parameter increases the security level of the system but in case of nat needs
-   a working nat transversal such as stun.
-
-*-S, --sync-port <port>*::
-   local unicast(sync) port to bind to +
-   This port is used by anycast hosts to synchronize information about tunnel
-   endpoints. No payload data is transmitted via this port. +
-   It is possible to obtain a list of active connections by telnetting into 
-   this port. This port is read-only and unprotected by default. It is advised 
-   to protect this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
-   remote hosts to sync with +
-   Here, one has to specify all unicast IP addresses of all 
-   other anycast hosts that comprise the anycast tunnel endpoint.
-
-EXAMPLES
---------
-
-Anycast Setup with 3 instances:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast 
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
-              -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
-              -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
-              -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-
-BUGS
-----
-Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
-
diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt
deleted file mode 100644
index 6a80b4d..0000000
--- a/src/man/anytun-config.8.txt
+++ /dev/null
@@ -1,173 +0,0 @@
-anytun-config(8)
-================
-
-NAME
-----
-anytun-config - anycast tunneling configuration utility
-
-SYNOPSIS
---------
-
-....
-anytun-config
-  [ -h|--help ]
-  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
-  [ -r|--remote-host <hostname|ip> ]
-  [ -o|--remote-port <port> ]
-  [ -4|--ipv4-only ]
-  [ -6|--ipv6-only ]
-  [ -R|--route <net>/<prefix length> ]
-  [ -m|--mux <mux-id> ]
-  [ -w|--window-size <window size> ]
-  [ -k|--kd-prf <kd-prf type> ]
-  [ -e|--role <role> ]
-  [ -E|--passphrase <pass phrase> ]
-  [ -K|--key <master key> ]
-  [ -A|--salt <master salt> ]
-....
-
-DESCRIPTION
------------
-
-*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
-
-OPTIONS
--------
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
-   add log target to logging system. This can be invoked several times
-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
-   disabling log and 5 means debug messages are enabled. +
-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
-   config *syslog:3,anytun-config,daemon* is added. +
-   The following targets are supported:
-
-   *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-   *file*;; log to file, parameters <level>[,<path>]
-   *stdout*;; log to standard output, parameters <level>
-   *stderr*;; log to standard error, parameters <level> 
-
-*-r, --remote-host <hostname|ip>*::
-   This option can be used to specify the remote tunnel
-   endpoint. In case of anycast tunnel endpoints, the
-   anycast IP address has to be used. If you do not specify
-   an address, it is automatically determined after receiving
-   the first data packet.
-
-*-o, --remote-port <port>*::
-   The UDP port used for payload data by the remote host
-   (specified with -p on the remote host). If you do not specify
-   a port, it is automatically determined after receiving
-   the first data packet.
-
-*-4, --ipv4-only*::
-   Resolv to IPv4 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
-   Resolv to IPv6 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-R, --route <net>/<prefix length>*::
-   add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
-   the multiplex id to use. default: 0
-
-*-w, --window-size <window size>*::
-   seqence window size +
-   Sometimes, packets arrive out of order on the receiver
-   side. This option defines the size of a list of received
-   packets' sequence numbers. If, according to this list,
-   a received packet has been previously received or has
-   been transmitted in the past, and is therefore not in
-   the list anymore, this is interpreted as a replay attack
-   and the packet is dropped. A value of 0 deactivates this
-   list and, as a consequence, the replay protection employed
-   by filtering packets according to their secuence number.
-   By default the sequence window is disabled and therefore a
-   window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
-   key derivation pseudo random function +
-   The pseudo random function which is used for calculating the 
-   session keys and session salt. +
-   Possible values:
-
-   *null*;; no random function, keys and salt are set to 0..00
-   *aes-ctr*;; AES in counter mode with 128 Bits, default value
-   *aes-ctr-128*;; AES in counter mode with 128 Bits
-   *aes-ctr-192*;; AES in counter mode with 192 Bits
-   *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
-   SATP uses different session keys for inbound and outbound traffic. The
-   role parameter is used to determine which keys to use for outbound or
-   inbound packets. On both sides of a vpn connection different roles have 
-   to be used. Possible values are *left* and *right*. You may also use 
-   *alice* or *server* as a replacement for *left* and *bob* or *client* as 
-   a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
-   This passphrase is used to generate the master key and master salt.
-   For the master key the last n bits of the SHA256 digest of the 
-   passphrase (where n is the length of the master key in bits) is used. 
-   The master salt gets generated with the SHA1 digest. 
-   You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
-   master key to use for key derivation +
-   Master key in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-   of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
-   master salt to use for key derivation +
-   Master salt in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
-   of 28 characters (14 bytes).
-
-
-EXAMPLES
---------
-
-Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
-
------------------------------------------------------------------------------------------------- 
-# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
-                -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
------------------------------------------------------------------------------------------------- 
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
diff --git a/src/man/anytun-controld.8.txt b/src/man/anytun-controld.8.txt
deleted file mode 100644
index 0d3e0b8..0000000
--- a/src/man/anytun-controld.8.txt
+++ /dev/null
@@ -1,110 +0,0 @@
-anytun-controld(8)
-==================
-
-NAME
-----
-anytun-controld - anycast tunneling control daemon
-
-SYNOPSIS
---------
-
-....
-anytun-controld
-  [ -h|--help ]
-  [ -D|--nodaemonize ]
-  [ -u|--username <username> ]
-  [ -g|--groupname <groupname> ]
-  [ -C|--chroot <path> ]
-  [ -P|--write-pid <filename> ]
-  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
-  [ -f|--file <path> ]
-  [ -X|--control-host < <host>[:port>] | :<port> > ]
-....
-
-DESCRIPTION
------------
-
-*anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys.
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
-   This option instructs *anytun-controld* to run in foreground
-   instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
-   run as this user. If no group is specified (*-g*) the default group of 
-   the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
-   run as this group. If no username is specified (*-u*) this gets ignored.
-   The default is to not drop privileges.
-
-*-C, --chroot <path>*::
-   Instruct *anytun-controld* to run in a chroot jail. The default is 
-   to not run in chroot.
-
-*-P, --write-pid <filename>*::
-   Instruct *anytun-controld* to write it's pid to this file. The default is 
-   to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
-   add log target to logging system. This can be invoked several times
-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
-   disabling log and 5 means debug messages are enabled. +
-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
-   config *syslog:3,anytun-controld,daemon* is added. +
-   The following targets are supported:
-
-   *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-   *file*;; log to file, parameters <level>[,<path>]
-   *stdout*;; log to standard output, parameters <level>
-   *stderr*;; log to standard error, parameters <level> 
-
-*-f, --file <path>*::
-   The path to the file which holds the sync information.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
-   fetch the config from this host. The default is not to use a control
-   host and therefore this is empty. Mind that the port can be omitted 
-   in which case port 2323 is used. If you want to specify an
-   ipv6 address and a port you have to use [ and ] to seperate the address
-   from the port, eg.: [::1]:1234. If you want to use the default port 
-   [ and ] can be omitted.
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-config(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
-
diff --git a/src/man/anytun-showtables.8.txt b/src/man/anytun-showtables.8.txt
deleted file mode 100644
index 3a1fa8d..0000000
--- a/src/man/anytun-showtables.8.txt
+++ /dev/null
@@ -1,71 +0,0 @@
-anytun-showtables(8)
-====================
-
-NAME
-----
-anytun-showtables - anycast tunneling routing table visualization utility
-
-SYNOPSIS
---------
-
-....
-anytun-showtables
-....
-
-DESCRIPTION
------------
-
-*anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*.
-
-OPTIONS
--------
-
-This Tool does not take any options. It takes the sync information from
-the standard input and prints the routing table to the standard output.
-
-EXAMPLES
---------
-
-Print routing table stored in local file
-
------------------------------------------------------------------------------------
-# perl -ne 'chomp; print' < routingtable | ./anytun-showtables
------------------------------------------------------------------------------------
-
-Print current routing table and watch changes
-
------------------------------------------------------------------------------------
-# nc unicast1.anycast.anytun.org 23 | ./anytun-showtables
------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-config(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt
deleted file mode 100644
index 377bb2d..0000000
--- a/src/man/anytun.8.txt
+++ /dev/null
@@ -1,373 +0,0 @@
-anytun(8)
-=========
-
-NAME
-----
-anytun - anycast tunneling daemon
-
-SYNOPSIS
---------
-
-....
-anytun
-  [ -h|--help ]
-  [ -D|--nodaemonize ]
-  [ -u|--username <username> ]
-  [ -g|--groupname <groupname> ]
-  [ -C|--chroot <path> ]
-  [ -P|--write-pid <filename> ]
-  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
-  [ -i|--interface <ip-address> ]
-  [ -p|--port <port> ]
-  [ -r|--remote-host <hostname|ip> ]
-  [ -o|--remote-port <port> ]
-  [ -4|--ipv4-only ]
-  [ -6|--ipv6-only ]
-  [ -I|--sync-interface <ip-address> ]
-  [ -S|--sync-port port> ]
-  [ -M|--sync-hosts <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
-  [ -X|--control-host <hostname|ip>[:<port>]
-  [ -d|--dev <name> ]
-  [ -t|--type <tun|tap> ]
-  [ -n|--ifconfig <local>/<prefix> ]
-  [ -x|--post-up-script <script> ]
-  [ -R|--route <net>/<prefix length> ]
-  [ -m|--mux <mux-id> ]
-  [ -s|--sender-id <sender id> ]
-  [ -w|--window-size <window size> ]
-  [ -k|--kd-prf <kd-prf type> ]
-  [ -e|--role <role> ]
-  [ -E|--passphrase <pass phrase> ]
-  [ -K|--key <master key> ]
-  [ -A|--salt <master salt> ]
-  [ -c|--cipher <cipher type> ]
-  [ -a|--auth-algo <algo type> ]
-  [ -b|--auth-tag-length <length> ]
-....
-
-DESCRIPTION
------------
-
-*Anytun* is an implementation of the Secure Anycast Tunneling Protocol
-(SATP). It provides a complete VPN solution similar to OpenVPN or
-IPsec in tunnel mode. The main difference is that anycast allows a
-setup of tunnels between an arbitrary combination of anycast, unicast
-and multicast hosts.
-
-OPTIONS
--------
-
-*Anytun* has been designed as a peer to peer application, so there is
-no difference between client and server. The following options can be
-passed to the daemon:
-
-*-D, --nodaemonize*::
-   This option instructs *Anytun* to run in foreground
-   instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
-   run as this user. If no group is specified (*-g*) the default group of 
-   the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
-   run as this group. If no username is specified (*-u*) this gets ignored.
-   The default is to not drop privileges.
-
-*-C, --chroot <path>*::
-   Instruct *Anytun* to run in a chroot jail. The default is 
-   to not run in chroot.
-
-*-P, --write-pid <filename>*::
-   Instruct *Anytun* to write it's pid to this file. The default is 
-   to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
-   add log target to logging system. This can be invoked several times
-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
-   disabling log and 5 means debug messages are enabled. +
-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
-   config *syslog:3,anytun,daemon* is added. +
-   The following targets are supported:
-
-   *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-   *file*;; log to file, parameters <level>[,<path>]
-   *stdout*;; log to standard output, parameters <level>
-   *stderr*;; log to standard error, parameters <level> 
-
-*-i, --interface <ip address>*::
-   This IP address is used as the sender address for outgoing
-   packets. In case of anycast tunnel endpoints, the anycast
-   IP has to be used. In case of unicast endpoints, the
-   address is usually derived correctly from the routing
-   table. The default is to not use a special inteface and just
-   bind on all interfaces.
-
-*-p, --port <port>*::
-   The local UDP port that is used to send and receive the
-   payload data. The two tunnel endpoints can use different
-   ports. If a tunnel endpoint consists of multiple anycast
-   hosts, all hosts have to use the same port. default: 4444
-
-*-r, --remote-host <hostname|ip>*::
-   This option can be used to specify the remote tunnel
-   endpoint. In case of anycast tunnel endpoints, the
-   anycast IP address has to be used. If you do not specify
-   an address, it is automatically determined after receiving
-   the first data packet.
-
-*-o, --remote-port <port>*::
-   The UDP port used for payload data by the remote host
-   (specified with -p on the remote host). If you do not specify
-   a port, it is automatically determined after receiving
-   the first data packet.
-
-*-4, --ipv4-only*::
-   Resolv to IPv4 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
-   Resolv to IPv6 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-I, --sync-interface <ip-address>*::
-   local unicast(sync) ip address to bind to +
-   This option is only needed for tunnel endpoints consisting
-   of multiple anycast hosts. The unicast IP address of
-   the anycast host can be used here. This is needed for
-   communication with the other anycast hosts. The default is to 
-   not use a special inteface and just bind on all interfaces. However
-   this is only the case if synchronisation is active see *--sync-port*.
-
-*-S, --sync-port <port>*::
-   local unicast(sync) port to bind to +
-   This option is only needed for tunnel endpoints
-   consisting of multiple anycast hosts. This port is used
-   by anycast hosts to synchronize information about tunnel
-   endpoints. No payload data is transmitted via this port.
-   By default the synchronisation is disabled an therefore the
-   port is kept empty. +
-   It is possible to obtain a list of active connections
-   by telnetting into this port. This port is read-only
-   and unprotected by default. It is advised to protect
-   this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>[:<port>],[<hostname|ip>[:<port>][...]]*::
-   remote hosts to sync with +
-   This option is only needed for tunnel endpoints consisting
-   of multiple anycast hosts. Here, one has to specify all
-   unicast IP addresses of all other anycast hosts that
-   comprise the anycast tunnel endpoint. By default synchronisation is
-   disabled and therefore this is empty. Mind that the port can be
-   omitted in which case port 2323 is used. If you want to specify an
-   ipv6 address and a port you have to use [ and ] to seperate the address
-   from the port, eg.: [::1]:1234. If you want to use the default port 
-   [ and ] can be omitted.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
-   fetch the config from this host. The default is not to use a control
-   host and therefore this is empty. Mind that the port can be omitted 
-   in which case port 2323 is used. If you want to specify an
-   ipv6 address and a port you have to use [ and ] to seperate the address
-   from the port, eg.: [::1]:1234. If you want to use the default port 
-   [ and ] can be omitted.
-
-*-d, --dev <name>*::
-   device name +
-   By default, tapN is used for Ethernet tunnel interfaces,
-   and tunN for IP tunnels, respectively. This option can
-   be used to manually override these defaults.
-
-*-t, --type <tun|tap>*::
-   device type +
-   Type of the tunnels to create. Use tap for Ethernet
-   tunnels, tun for IP tunnels.
-
-*-n, --ifconfig <local>/<prefix>*::
-   The local IP address and prefix length. The remote tunnel endpoint
-   has to use a different IP address in the same subnet.
-
-   *<local>*;; the local IP address for the tun/tap device
-   *<prefix>*;; the prefix length of the network
-
-*-x, --post-up-script <script>*::
-   This option instructs *Anytun* to run this script after the interface 
-   is created. By default no script will be executed.
-
-*-R, --route <net>/<prefix length>*::
-   add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
-   the multiplex id to use. default: 0
-
-*-s, --sender-id  <sender id>*::
-   Each anycast tunnel endpoint needs a uniqe sender id
-   (1, 2, 3, ...). It is needed to distinguish the senders
-   in case of replay attacks. This option can be ignored on
-   unicast endpoints. default: 0
-
-*-w, --window-size <window size>*::
-   seqence window size +
-   Sometimes, packets arrive out of order on the receiver
-   side. This option defines the size of a list of received
-   packets' sequence numbers. If, according to this list,
-   a received packet has been previously received or has
-   been transmitted in the past, and is therefore not in
-   the list anymore, this is interpreted as a replay attack
-   and the packet is dropped. A value of 0 deactivates this
-   list and, as a consequence, the replay protection employed
-   by filtering packets according to their secuence number.
-   By default the sequence window is disabled and therefore a
-   window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
-   key derivation pseudo random function +
-   The pseudo random function which is used for calculating the 
-   session keys and session salt. +
-   Possible values:
-
-   *null*;; no random function, keys and salt are set to 0..00
-   *aes-ctr*;; AES in counter mode with 128 Bits, default value
-   *aes-ctr-128*;; AES in counter mode with 128 Bits
-   *aes-ctr-192*;; AES in counter mode with 192 Bits
-   *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
-   SATP uses different session keys for inbound and outbound traffic. The
-   role parameter is used to determine which keys to use for outbound or
-   inbound packets. On both sides of a vpn connection different roles have 
-   to be used. Possible values are *left* and *right*. You may also use 
-   *alice* or *server* as a replacement for *left* and *bob* or *client* as 
-   a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
-   This passphrase is used to generate the master key and master salt.
-   For the master key the last n bits of the SHA256 digest of the 
-   passphrase (where n is the length of the master key in bits) is used. 
-   The master salt gets generated with the SHA1 digest. 
-   You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
-   master key to use for key derivation +
-   Master key in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-   of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
-   master salt to use for key derivation +
-   Master salt in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
-   of 28 characters (14 bytes).
-
-*-c, --cipher <cipher type>*::
-   payload encryption algorithm +
-   Encryption algorithm used for encrypting the payload +
-   Possible values:
-
-   *null*;; no encryption
-   *aes-ctr*;; AES in counter mode with 128 Bits, default value
-   *aes-ctr-128*;; AES in counter mode with 128 Bits
-   *aes-ctr-192*;; AES in counter mode with 192 Bits
-   *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-a, --auth-algo <algo type>*::
-   message authentication algorithm +
-   This option sets the message authentication algorithm. +
-   If HMAC-SHA1 is used, the packet length is increased. The additional bytes 
-   contain the authentication data. see *--auth-tag-length* for more info. +
-   Possible values:
-
-   *null*;; no message authentication
-   *sha1*;; HMAC-SHA1, default value
-
-*-b, --auth-tag-length <length>*::
-   The number of bytes to use for the auth tag. This value defaults to 10 bytes 
-   unless the *null* auth algo is used in which case it defaults to 0. 
-
-
-EXAMPLES
---------
-
-P2P Setup between two unicast enpoints:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Host A:
-^^^^^^^
-
-anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
-       -E have_a_very_safe_and_productive_day -e left
-
-Host B:
-^^^^^^^
-anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
-       -E have_a_very_safe_and_productive_day -e right
-
-
-One unicast and one anycast tunnel endpoint:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 
-Unicast tunnel endpoint:
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client
-
-Anycast tunnel endpoints:
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast 
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
-         -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
-         -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
-         -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-For more sophisticated examples (like multiple unicast endpoints to one
-anycast tunnel endpoint) please consult the man page of anytun-config(8).
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun-config(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
diff --git a/src/nullDaemon.cpp b/src/nullDaemon.cpp
new file mode 100644
index 0000000..5c1235c
--- /dev/null
+++ b/src/nullDaemon.cpp
@@ -0,0 +1,58 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "nullDaemon.h"
+
+void DaemonService::initPrivs(std::string const& username, std::string const& groupname)
+{
+// nothing here
+}
+
+void DaemonService::dropPrivs()
+{
+// nothing here
+}
+
+void DaemonService::chroot(std::string const& chrootdir)
+{
+// nothing here
+}
+
+void DaemonService::daemonize()
+{
+// nothing here
+}
+
+bool DaemonService::isDaemonized()
+{
+  return false;
+}
diff --git a/src/nullDaemon.h b/src/nullDaemon.h
new file mode 100644
index 0000000..379b300
--- /dev/null
+++ b/src/nullDaemon.h
@@ -0,0 +1,48 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_nullDaemon_h_INCLUDED
+#define ANYTUN_nullDaemon_h_INCLUDED
+
+#include <string>
+
+class DaemonService
+{
+public:
+  void initPrivs(std::string const& username, std::string const& groupname);
+  void dropPrivs();
+  void chroot(std::string const& dir);
+  void daemonize();
+  bool isDaemonized();
+};
+
+#endif
diff --git a/src/options.cpp b/src/options.cpp
index 236acb1..5d70751 100644
--- a/src/options.cpp
+++ b/src/options.cpp
@@ -37,6 +37,8 @@
 #include <sstream>
 
 #include "datatypes.h"
+#include "version.h"
+
 #include "options.h"
 #include "log.h"
 #include "authAlgoFactory.h"
@@ -172,6 +174,8 @@ Options::Options() : key_(u_int32_t(0)), salt_(u_int32_t(0))
   chroot_dir_ = "";
   pid_file_ = "";
 
+  debug_ = false;
+
   file_name_ = "";
   bind_to_.addr = "127.0.0.1";
   bind_to_.port = "2323";
@@ -369,12 +373,18 @@ bool Options::parse(int argc, char* argv[])
     std::string str(argv[i]);
     argc--;
 
-    if(str == "-h" || str == "--help")
+    if(str == "-h" || str == "--help") {
+      printUsage();
       return false;
+    }
+    else if(str == "-v" || str == "--version") {
+      printVersion();
+      return false;
+    }
 
 #if defined(ANYTUN_OPTIONS) || defined(ANYCTR_OPTIONS)
 
-  #ifndef NO_DAEMON
+  #ifndef _MSC_VER
     PARSE_INVERSE_BOOL_PARAM("-D","--nodaemonize", daemonize_, NOTHING)
     PARSE_SCALAR_PARAM("-u","--username", username_, NOTHING)
     PARSE_SCALAR_PARAM("-g","--groupname", groupname_, NOTHING)
@@ -385,6 +395,7 @@ bool Options::parse(int argc, char* argv[])
 #endif
 
     PARSE_STRING_LIST("-L","--log", log_targets_, NOTHING)
+    PARSE_BOOL_PARAM("-U","--debug", debug_, NOTHING)
 
 #if defined(ANYCTR_OPTIONS)
 
@@ -417,9 +428,7 @@ bool Options::parse(int argc, char* argv[])
     PARSE_SCALAR_PARAM("-d","--dev", dev_name_, NOTHING)
     PARSE_SCALAR_PARAM("-t","--type", dev_type_, NOTHING)
     PARSE_SCALAR_PARAM("-n","--ifconfig", ifconfig_param_, NOTHING)
-  #ifndef NO_EXEC
     PARSE_SCALAR_PARAM("-x","--post-up-script", post_up_script_, NOTHING)
-  #endif
 
 #endif
 #if defined(ANYTUN_OPTIONS) || defined(ANYCONF_OPTIONS)
@@ -470,6 +479,27 @@ bool Options::parse(int argc, char* argv[])
       throw syntax_error("unknown role name: " + role, -1); 
   }
 
+  if(debug_) {
+    log_targets_.push_back("stdout:5");
+    daemonize_ = false; 
+  }
+
+  if(log_targets_.empty()) {
+#ifndef _MSC_VER
+ #if !defined(ANYCONF_OPTIONS)
+    log_targets_.push_back(std::string("syslog:3,").append(progname_).append(",daemon"));
+ #else
+    log_targets_.push_back("stderr:2");
+ #endif
+#else
+ #ifdef WIN_SERVICE
+    log_targets_.push_back(std::string("eventlog:3,").append(progname_));
+ #else
+    log_targets_.push_back("stdout:3");
+ #endif
+#endif
+  }
+
   return true;
 }
 
@@ -496,6 +526,19 @@ void Options::parse_post()
     dev_type_ = "tun";
 }
 
+void Options::printVersion()
+{
+#if defined(ANYCTR_OPTIONS)
+  std::cout << "anytun-controld";
+#elif defined(ANYCONF_OPTIONS)
+  std::cout << "anytun-config";
+#else
+  std::cout << "anytun";
+#endif
+  std::cout << VERSION_STRING_0 << std::endl;
+  std::cout << VERSION_STRING_1 << std::endl;
+}
+
 void Options::printUsage()
 {
   std::cout << "USAGE:" << std::endl;
@@ -509,10 +552,11 @@ void Options::printUsage()
 #endif
 
   std::cout << "   [-h|--help]                         prints this..." << std::endl;
+  std::cout << "   [-v|--version]                      print version info and exit" << std::endl;
 
 #if defined(ANYTUN_OPTIONS) || defined(ANYCTR_OPTIONS)
 
- #ifndef NO_DAEMON
+ #ifndef _MSC_VER
   std::cout << "   [-D|--nodaemonize]                  don't run in background" << std::endl;
   std::cout << "   [-u|--username] <username>          change to this user" << std::endl;
   std::cout << "   [-g|--groupname] <groupname>        change to this group" << std::endl;
@@ -524,6 +568,8 @@ void Options::printUsage()
 
   std::cout << "   [-L|--log] <target>:<level>[,<param1>[,<param2>..]]" << std::endl;
   std::cout << "                                       add a log target, can be invoked several times" << std::endl;
+  std::cout << "                                       i.e.: stdout:5" << std::endl;
+  std::cout << "   [-U|--debug]                        don't daemonize and log to stdout with maximum log level" << std::endl;
 
 #if defined(ANYCTR_OPTIONS)
 
@@ -559,9 +605,7 @@ void Options::printUsage()
   std::cout << "   [-d|--dev] <name>                   device name" << std::endl;
   std::cout << "   [-t|--type] <tun|tap>               device type" << std::endl;
   std::cout << "   [-n|--ifconfig] <local>/<prefix>    the local address for the tun/tap device and the used prefix length" << std::endl;
- #ifndef NO_EXEC
   std::cout << "   [-x|--post-up-script] <script>      script gets called after interface is created" << std::endl;
- #endif
 
 #endif
 #if defined(ANYTUN_OPTIONS) || defined(ANYCONF_OPTIONS)
@@ -611,7 +655,9 @@ void Options::printOptions()
   StringList::const_iterator lit = log_targets_.begin();
   for(; lit != log_targets_.end(); ++lit)
     std::cout << " '" << *lit << "',";
-  std::cout << std::endl << std::endl;
+  std::cout << std::endl;
+  std::cout << "debug = " << debug_ << std::endl;
+  std::cout << std::endl;
   std::cout << "file_name = '" << file_name_ << "'" << std::endl;
   std::cout << "bind_to.addr = '" << bind_to_.addr << "'" << std::endl;
   std::cout << "bind_to.port = '" << bind_to_.port << "'" << std::endl;
@@ -744,13 +790,24 @@ Options& Options::setPidFile(std::string p)
 }
 
 
-
 StringList Options::getLogTargets()
 {
   ReadersLock lock(mutex);
   return log_targets_;
 }
 
+bool Options::getDebug()
+{
+  ReadersLock lock(mutex);
+  return debug_;
+}
+
+Options& Options::setDebug(bool d)
+{
+  WritersLock lock(mutex);
+  debug_ = d;
+  return *this;
+}
 
 
 std::string Options::getFileName()
diff --git a/src/options.h b/src/options.h
index 92fc89f..7a58c58 100644
--- a/src/options.h
+++ b/src/options.h
@@ -88,6 +88,7 @@ public:
 
   bool parse(int argc, char* argv[]);
   void parse_post();
+  void printVersion();
   void printUsage();
   void printOptions();
 
@@ -105,6 +106,8 @@ public:
   Options& setPidFile(std::string p);
 
   StringList getLogTargets();
+  bool getDebug();
+  Options& setDebug(bool d);
 
   std::string getFileName();
   Options& setFileName(std::string f);
@@ -195,6 +198,7 @@ private:
   std::string pid_file_;
 
   StringList log_targets_;
+  bool debug_;
 
   std::string file_name_;
   OptionHost bind_to_;
diff --git a/src/packetSource.cpp b/src/packetSource.cpp
index 0882de5..a5443ad 100644
--- a/src/packetSource.cpp
+++ b/src/packetSource.cpp
@@ -32,6 +32,7 @@
 
 #include <boost/asio.hpp>
 #include <boost/bind.hpp>
+#include <boost/thread.hpp>
 
 #include "datatypes.h"
 #include "packetSource.h"
@@ -39,22 +40,75 @@
 #include "resolver.h"
 #include "options.h"
 #include "signalController.h"
+#include "anytunError.h"
 
 void PacketSource::waitUntilReady()
 {
   ready_sem_.down();
 }
 
-UDPPacketSource::UDPPacketSource(std::string localaddr, std::string port) : sock_(io_service_)
+UDPPacketSource::UDPPacketSource(std::string localaddr, std::string port)
 {
   gResolver.resolveUdp(localaddr, port, boost::bind(&UDPPacketSource::onResolve, this, _1), boost::bind(&UDPPacketSource::onError, this, _1), gOpt.getResolvAddrType());
 }
 
-void UDPPacketSource::onResolve(const boost::asio::ip::udp::endpoint& e)
+UDPPacketSource::~UDPPacketSource()
 {
-  cLog.msg(Log::PRIO_NOTICE) << "opening socket: " << e;
-  sock_.open(e.protocol());
-  sock_.bind(e);
+  std::list<SocketsElement>::iterator it = sockets_.begin();
+  for(;it != sockets_.end(); ++it) {
+/// this might be a needed by the receiver thread, TODO cleanup
+//    delete[](it->buf_);
+//    delete(it->sem_);
+//    delete(it->sock_);
+  }
+}
+
+void UDPPacketSource::onResolve(PacketSourceResolverIt& it)
+{
+  while(it != PacketSourceResolverIt()) {
+    PacketSourceEndpoint e = *it;
+    cLog.msg(Log::PRIO_NOTICE) << "opening socket: " << e;
+
+    SocketsElement sock;
+    sock.buf_ = NULL;
+    sock.len_ = 0;
+    sock.sem_ = NULL;
+    sock.sock_ = new proto::socket(io_service_);
+    if(!sock.sock_)
+      AnytunError::throwErr() << "memory error";
+
+    sock.sock_->open(e.protocol());
+#ifndef _MSC_VER
+    if(e.protocol() == proto::v6())
+      sock.sock_->set_option(boost::asio::ip::v6_only(true));
+#endif
+    sock.sock_->bind(e);
+    sockets_.push_back(sock);
+
+    it++;
+  }
+
+      // prepare multi-socket recv
+  if(sockets_.size() > 1) {
+    std::list<SocketsElement>::iterator it = sockets_.begin();
+    for(;it != sockets_.end(); ++it) {
+      it->len_ = MAX_PACKET_LENGTH;
+      it->buf_ = new u_int8_t[it->len_];
+      if(!it->buf_)
+        AnytunError::throwErr() << "memory error";
+      
+      it->sem_ = new Semaphore();
+      if(!it->sem_) {
+        delete[](it->buf_);
+        AnytunError::throwErr() << "memory error";
+      }
+
+      boost::thread(boost::bind(&UDPPacketSource::recv_thread, this, it));
+      it->sem_->up();
+    }
+
+  }
+
   ready_sem_.up();
 }
 
@@ -63,13 +117,52 @@ void UDPPacketSource::onError(const std::runtime_error& e)
   gSignalController.inject(SIGERROR, e.what());
 }
 
+void UDPPacketSource::recv_thread(std::list<SocketsElement>::iterator it)
+{
+  cLog.msg(Log::PRIO_INFO) << "started receiver thread for " << it->sock_->local_endpoint();
+
+  ThreadResult result;
+  result.it_ = it;
+  for(;;) {
+    it->sem_->down();
+    result.len_ = static_cast<u_int32_t>(it->sock_->receive_from(boost::asio::buffer(it->buf_, it->len_), result.remote_));
+    {
+      Lock lock(thread_result_mutex_);
+      thread_result_queue_.push(result);
+    }
+    thread_result_sem_.up();
+  }
+}
+
 u_int32_t UDPPacketSource::recv(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint& remote)
 {
-  return static_cast<u_int32_t>(sock_.receive_from(boost::asio::buffer(buf, len), remote));
+  if(sockets_.size() == 1)
+    return static_cast<u_int32_t>(sockets_.front().sock_->receive_from(boost::asio::buffer(buf, len), remote));
+
+  thread_result_sem_.down();
+  ThreadResult result;
+  {
+    Lock lock(thread_result_mutex_);
+    result = thread_result_queue_.front();
+    thread_result_queue_.pop();
+  }
+  remote = result.remote_;
+  std::memcpy(buf, result.it_->buf_, (len < result.len_) ? len : result.len_);
+  len = (len < result.len_) ? len : result.len_;
+  result.it_->sem_->up();
+
+  return len;
 }
 
 void UDPPacketSource::send(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint remote)
 {
-  sock_.send_to(boost::asio::buffer(buf, len), remote);
+  std::list<SocketsElement>::iterator it = sockets_.begin();
+  for(;it != sockets_.end(); ++it) {
+    if(it->sock_->local_endpoint().protocol() == remote.protocol()) {
+      it->sock_->send_to(boost::asio::buffer(buf, len), remote);
+      return;
+    }
+  }
+  cLog.msg(Log::PRIO_WARNING) << "no suitable socket found for remote endpoint protocol: " << remote;
 }
 
diff --git a/src/packetSource.h b/src/packetSource.h
index 626a259..d5ee736 100644
--- a/src/packetSource.h
+++ b/src/packetSource.h
@@ -34,12 +34,16 @@
 #define ANYTUN_packetSource_h_INCLUDED
 
 #include <boost/asio.hpp>
+#include <boost/thread.hpp>
+#include <list>
+#include <queue>
 
 #include "datatypes.h"
 #include "threadUtils.hpp"
 
 // TODO: fix this when other packetSource types are introduced
 typedef boost::asio::ip::udp::endpoint PacketSourceEndpoint;
+typedef boost::asio::ip::udp::resolver::iterator PacketSourceResolverIt;
 
 class PacketSource
 {
@@ -61,17 +65,34 @@ public:
   typedef boost::asio::ip::udp proto;
 
   UDPPacketSource(std::string localaddr, std::string port);
+  ~UDPPacketSource();
 
   u_int32_t recv(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint& remote);
   void send(u_int8_t* buf, u_int32_t len, PacketSourceEndpoint remote);
 
-  void onResolve(const boost::asio::ip::udp::endpoint& e);
+  void onResolve(PacketSourceResolverIt& it);
   void onError(const std::runtime_error& e);
 
 private:
-
   boost::asio::io_service io_service_;
-  proto::socket sock_;
+  
+  typedef struct {
+    u_int8_t* buf_;
+    u_int32_t len_;
+    proto::socket* sock_;
+    Semaphore* sem_;
+  } SocketsElement;
+  std::list<SocketsElement> sockets_;
+
+  void recv_thread(std::list<SocketsElement>::iterator it);
+  typedef struct {
+    u_int32_t len_;
+    PacketSourceEndpoint remote_;
+    std::list<SocketsElement>::iterator it_;
+  } ThreadResult;
+  std::queue<ThreadResult> thread_result_queue_;
+  Mutex thread_result_mutex_;
+  Semaphore thread_result_sem_;
 };
 
 #endif
diff --git a/src/posix/posixDaemon.cpp b/src/posix/posixDaemon.cpp
new file mode 100644
index 0000000..e4a4148
--- /dev/null
+++ b/src/posix/posixDaemon.cpp
@@ -0,0 +1,165 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <poll.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <grp.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "daemonService.h"
+#include "log.h"
+#include "options.h"
+#include "anytunError.h"
+
+DaemonService::DaemonService() : pw_(NULL), gr_(NULL), daemonized_(false)
+{
+}
+
+void DaemonService::initPrivs(std::string const& username, std::string const& groupname)
+{
+  if(username == "")
+    return;
+  
+  pw_ = getpwnam(username.c_str());
+  if(!pw_)
+    AnytunError::throwErr() << "unknown user " << username;
+  
+  if(groupname != "")
+    gr_ = getgrnam(groupname.c_str());
+  else
+    gr_ = getgrgid(pw_->pw_gid);
+  
+  if(!gr_)
+    AnytunError::throwErr() << "unknown group " << groupname;
+}
+
+void DaemonService::dropPrivs()
+{
+  if(!pw_ || !gr_)
+    return;
+  
+  if(setgid(gr_->gr_gid))
+    AnytunError::throwErr() << "setgid('" << gr_->gr_name << "') failed: " << AnytunErrno(errno);
+  
+  gid_t gr_list[1];
+  gr_list[0] = gr_->gr_gid;
+  if(setgroups (1, gr_list))
+    AnytunError::throwErr() << "setgroups(['" << gr_->gr_name << "']) failed: " << AnytunErrno(errno);
+  
+  if(setuid(pw_->pw_uid))
+    AnytunError::throwErr() << "setuid('" << pw_->pw_name << "') failed: " << AnytunErrno(errno);
+  
+  cLog.msg(Log::PRIO_NOTICE) << "dropped privileges to " << pw_->pw_name << ":" << gr_->gr_name;
+}
+
+void DaemonService::chroot(std::string const& chrootdir)
+{
+  if (getuid() != 0)
+    AnytunError::throwErr() << "this program has to be run as root in order to run in a chroot";
+
+  if(::chroot(chrootdir.c_str()))
+    AnytunError::throwErr() << "can't chroot to " << chrootdir;
+
+  cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
+  if(chdir("/"))
+    AnytunError::throwErr() << "can't change to /";
+}
+
+/// TODO: this outstandignly ugly please and i really can't stress the please fix it asap!!!!!!!
+
+std::ofstream pidFile; // FIXXXME no global variable 
+
+void DaemonService::daemonize()
+{
+//  std::ofstream pidFile;
+  if(gOpt.getPidFile() != "") {
+    pidFile.open(gOpt.getPidFile().c_str());
+    if(!pidFile.is_open())
+      AnytunError::throwErr() << "can't open pid file (" << gOpt.getPidFile() << "): " << AnytunErrno(errno);
+  }
+
+  pid_t pid;
+
+  pid = fork();
+  if(pid < 0)
+    AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
+
+  if(pid) exit(0);
+
+  umask(0);
+
+  if(setsid() < 0)
+    AnytunError::throwErr() << "daemonizing failed at setsid(): " << AnytunErrno(errno) << ", exitting";
+
+  pid = fork();
+  if(pid < 0)
+    AnytunError::throwErr() << "daemonizing failed at fork(): " << AnytunErrno(errno) << ", exitting";
+
+  if(pid) exit(0);
+
+  if ((chdir("/")) < 0)
+    AnytunError::throwErr() << "daemonizing failed at chdir(): " << AnytunErrno(errno) << ", exitting";
+
+//  std::cout << "running in background now..." << std::endl;
+
+  int fd;
+//  for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
+  for (fd=0;fd<=2;fd++) // close all file descriptors
+    close(fd);
+  fd = open("/dev/null",O_RDWR);        // stdin
+  if(fd == -1)
+    cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdin";
+  else {
+    if(dup(fd) == -1)   // stdout
+      cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stdout";
+    if(dup(fd) == -1)   // stderr
+      cLog.msg(Log::PRIO_WARNING) << "can't open /dev/null as stderr";
+  }
+  
+// FIXXXXME: write this pid to file (currently pid from posix/signhandler.hpp:77 is used)
+// 
+//   if(pidFile.is_open()) {
+//     pid_t pid = getpid();
+//     pidFile << pid;
+//     pidFile.close();
+//   }
+
+  daemonized_ = true;
+}
+
+bool DaemonService::isDaemonized()
+{
+  return daemonized_;
+}
diff --git a/src/posix/posixDaemon.h b/src/posix/posixDaemon.h
new file mode 100644
index 0000000..e6d56d5
--- /dev/null
+++ b/src/posix/posixDaemon.h
@@ -0,0 +1,55 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_posixDaemon_h_INCLUDED
+#define ANYTUN_posixDaemon_h_INCLUDED
+
+#include <string>
+
+class DaemonService
+{
+public:
+  DaemonService();
+
+  void initPrivs(std::string const& username, std::string const& groupname);
+  void dropPrivs();
+  void chroot(std::string const& dir);
+  void daemonize();
+  bool isDaemonized();
+
+private:
+  struct passwd* pw_;
+  struct group* gr_;
+  bool daemonized_;
+};
+
+#endif
diff --git a/src/posix/signalHandler.hpp b/src/posix/signalHandler.hpp
new file mode 100644
index 0000000..3851c78
--- /dev/null
+++ b/src/posix/signalHandler.hpp
@@ -0,0 +1,142 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_signalHandler_hpp_INCLUDED
+#define ANYTUN_signalHandler_hpp_INCLUDED
+
+#include <csignal>
+#include <boost/thread.hpp>
+#include <boost/bind.hpp>
+
+int SigIntHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "SIG-Int caught, exiting";
+  return 1;
+}
+
+int SigQuitHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "SIG-Quit caught, exiting";
+  return 1;
+}
+
+int SigHupHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "SIG-Hup caught"; 
+  return 0;
+}
+
+int SigTermHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "SIG-Term caught, exiting";
+  return 1;
+}
+
+int SigUsr1Handler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr1 caught";
+  return 0;
+}
+
+int SigUsr2Handler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr2 caught";
+  return 0;
+}
+
+/// TODO: this outstandignly ugly please and i really can't stress the please fix it asap!!!!!!!
+extern std::ofstream pidFile;
+
+void handleSignal()
+{
+  if(pidFile.is_open()) {
+    pid_t pid = getpid();
+    pidFile << pid;
+    pidFile.close();
+  }
+
+  struct timespec timeout;
+  sigset_t signal_set;
+  int sigNum;
+  while(1) {
+    sigemptyset(&signal_set);
+    sigaddset(&signal_set, SIGINT);
+    sigaddset(&signal_set, SIGQUIT);
+    sigaddset(&signal_set, SIGHUP);
+    sigaddset(&signal_set, SIGTERM);
+    sigaddset(&signal_set, SIGUSR1);
+    sigaddset(&signal_set, SIGUSR2);
+    timeout.tv_sec = 1;
+    timeout.tv_nsec = 0;
+    sigNum = sigtimedwait(&signal_set, NULL, &timeout);
+    if (sigNum == -1) {
+      if (errno != EINTR && errno != EAGAIN) {
+      	cLog.msg(Log::PRIO_ERROR) << "sigwait failed with error: \"" << AnytunErrno(errno) << "\" SignalHandling will be disabled";
+      	break;
+      }
+    } else {
+      gSignalController.inject(sigNum);
+    }
+  }
+}
+
+void registerSignalHandler(SignalController& ctrl, DaemonService& /*service*/)
+{
+  sigset_t signal_set;
+  
+  sigemptyset(&signal_set);
+  sigaddset(&signal_set, SIGINT);
+  sigaddset(&signal_set, SIGQUIT);
+  sigaddset(&signal_set, SIGHUP);
+  sigaddset(&signal_set, SIGTERM);
+  sigaddset(&signal_set, SIGUSR1);
+  sigaddset(&signal_set, SIGUSR2);
+  
+#if defined(BOOST_HAS_PTHREADS)
+  pthread_sigmask(SIG_BLOCK, &signal_set, NULL);
+#else
+#error The signalhandler works only with pthreads
+#endif
+  
+  boost::thread(boost::bind(handleSignal));
+
+  ctrl.handler[SIGINT] = boost::bind(SigIntHandler, _1, _2);
+  ctrl.handler[SIGQUIT] = boost::bind(SigQuitHandler, _1, _2);
+  ctrl.handler[SIGHUP] = boost::bind(SigHupHandler, _1, _2);
+  ctrl.handler[SIGTERM] = boost::bind(SigTermHandler, _1, _2);
+  ctrl.handler[SIGUSR1] = boost::bind(SigUsr1Handler, _1, _2);
+  ctrl.handler[SIGUSR2] = boost::bind(SigUsr2Handler, _1, _2);
+
+  cLog.msg(Log::PRIO_DEBUG) << "signal handlers are now registered";
+}
+
+#endif
diff --git a/src/posix/sysExec.hpp b/src/posix/sysExec.hpp
new file mode 100644
index 0000000..18fde97
--- /dev/null
+++ b/src/posix/sysExec.hpp
@@ -0,0 +1,186 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#pragma once
+#ifndef ANYTUN_sysexec_hpp_INCLUDED
+#define ANYTUN_sysexec_hpp_INCLUDED
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <stdlib.h>
+#include <string.h>
+#include <cstring>
+
+SysExec::~SysExec()
+{
+  if(!closed_)
+    close(pipefd_);
+}
+
+
+template<class T>
+char** dupSysStringArray(T const& array)
+{
+  char** new_array;
+  new_array = static_cast<char**>(malloc((array.size() + 1)*sizeof(char*)));
+  if(!new_array)
+    return NULL;
+
+  unsigned int i = 0;
+  for(typename T::const_iterator it = array.begin(); it != array.end(); ++it) {
+    new_array[i] = strdup(it->c_str());
+    if(!new_array) {
+      while(i--)
+        free(new_array[i]);
+      free(new_array);
+      return NULL;
+    }
+    ++i;
+  }
+  new_array[array.size()] = NULL;
+  return new_array;
+}
+
+void freeSysStringArray(char** array)
+{
+  if(!array)
+    return;
+
+  for(int i=0; array[i] ; ++i)
+    free(array[i]);
+
+  free(array);
+}
+
+void SysExec::doExec(StringVector args, StringList env)
+{
+  int pipefd[2];
+  if(pipe(pipefd) == -1) {
+    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "' pipe() error: " << AnytunErrno(errno);
+    return;
+  }
+
+  pid_ = fork();
+  if(pid_ == -1) {
+    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "' fork() error: " << AnytunErrno(errno);
+    return;
+  }
+
+  if(pid_) {
+    close(pipefd[1]);
+    pipefd_=pipefd[0];
+    // parent exits here, call waitForScript to cleanup up zombie
+    return;
+  }
+  // child code, exec the script
+  int fd;
+  for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
+    if(fd != pipefd[1]) close(fd);
+  
+  fd = open("/dev/null",O_RDWR);        // stdin
+  if(fd == -1)
+    cLog.msg(Log::PRIO_WARNING) << "can't open stdin";
+  else {
+    if(dup(fd) == -1)   // stdout
+      cLog.msg(Log::PRIO_WARNING) << "can't open stdout";
+    if(dup(fd) == -1)   // stderr
+      cLog.msg(Log::PRIO_WARNING) << "can't open stderr";
+  }
+  
+  args.insert(args.begin(), script_);
+  char** argv = dupSysStringArray(args);
+  char** evp = dupSysStringArray(env);
+  
+  execve(script_.c_str(), argv, evp);
+      // if execve returns, an error occurred, but logging doesn't work 
+      // because we closed all file descriptors, so just write errno to
+      // pipe and call exit
+  
+  freeSysStringArray(argv);
+  freeSysStringArray(evp);
+
+  int err = errno;
+  int ret = write(pipefd[1], (void*)(&err), sizeof(err));
+  if(ret != sizeof(errno))
+    exit(-2);
+  exit(-1);
+}
+
+int SysExec::waitForScript()
+{
+  int status = 0;
+  waitpid(pid_, &status, 0);
+
+  fd_set rfds;
+  FD_ZERO(&rfds);
+  FD_SET(pipefd_, &rfds);
+  struct timeval tv = { 0 , 0 };
+  if(select(pipefd_+1, &rfds, NULL, NULL, &tv) == 1) {
+    int err = 0;
+    if(read(pipefd_, (void*)(&err), sizeof(err)) >= static_cast<int>(sizeof(err))) {
+      cLog.msg(Log::PRIO_ERROR) << "script '" << script_ << "' exec() error: " << AnytunErrno(err);
+      close(pipefd_);
+      return_code_ = -1;
+      return return_code_;
+    }
+  }
+
+  close(pipefd_);
+  closed_ = true;
+  return_code_ = status;
+
+  return return_code_;
+}
+
+void SysExec::waitAndDestroy(SysExec*& s)
+{
+  if(!s)
+    return;
+
+  s->waitForScript();
+  if(WIFEXITED(s->return_code_))
+    cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' returned " << WEXITSTATUS(s->return_code_);  
+  else if(WIFSIGNALED(s->return_code_))
+    cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' terminated after signal " << WTERMSIG(s->return_code_);
+  else if(WIFSTOPPED(s->return_code_))
+    cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' stopped after signal " << WSTOPSIG(s->return_code_);
+  else if(WIFCONTINUED(s->return_code_))
+    cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' continued after SIGCONT";
+
+  delete(s);
+  s = NULL;
+}
+
+#endif // ANYTUN_sysexec_hpp_INCLUDED
diff --git a/src/resolver.cpp b/src/resolver.cpp
index 66f1e7e..55371d0 100644
--- a/src/resolver.cpp
+++ b/src/resolver.cpp
@@ -40,20 +40,20 @@ using ::boost::asio::ip::udp;
 using ::boost::asio::ip::tcp;
 
 template<class Proto>
-void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_endpoint<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
+void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_resolver_iterator<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
 {
   cLog.msg(Log::PRIO_ERROR) << "the resolver only supports udp and tcp";
 }
 
 template<>
-void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_endpoint<udp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
+void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_resolver_iterator<udp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
 {
   boost::this_thread::sleep(boost::posix_time::milliseconds(s * 1000));
   gResolver.resolveUdp(addr, port, onResolve, onError, r);
 }
 
 template<>
-void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_endpoint<tcp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
+void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_resolver_iterator<tcp>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r)
 {
   boost::this_thread::sleep(boost::posix_time::milliseconds(s * 1000));
   gResolver.resolveTcp(addr, port, onResolve, onError, r);
@@ -61,16 +61,16 @@ void waitAndEnqueue(u_int32_t s, const std::string& addr, const std::string& por
 
 
 template<class Proto>
-ResolveHandler<Proto>::ResolveHandler(const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_endpoint<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r) : addr_(addr), port_(port), onResolve_(onResolve), onError_(onError), resolv_addr_type_(r)
+ResolveHandler<Proto>::ResolveHandler(const std::string& addr, const std::string& port, boost::function<void(boost::asio::ip::basic_resolver_iterator<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r) : addr_(addr), port_(port), onResolve_(onResolve), onError_(onError), resolv_addr_type_(r)
 {
 }
 
 template<class Proto>
-void ResolveHandler<Proto>::operator()(const boost::system::error_code& e, const boost::asio::ip::basic_resolver_iterator<Proto> endpointIt)
+void ResolveHandler<Proto>::operator()(const boost::system::error_code& e, boost::asio::ip::basic_resolver_iterator<Proto> endpointIt)
 {
   if(boost::system::posix_error::success == e) {
     try {
-      onResolve_(*endpointIt);
+      onResolve_(endpointIt);
     }
     catch(const std::runtime_error& e)
     {
diff --git a/src/resolver.h b/src/resolver.h
index dfec8cc..35c2bc4 100644
--- a/src/resolver.h
+++ b/src/resolver.h
@@ -40,21 +40,21 @@
 #include "datatypes.h"
 #include "threadUtils.hpp"
 
-typedef boost::function<void (boost::asio::ip::udp::endpoint)> UdpResolveCallback;
-typedef boost::function<void (boost::asio::ip::tcp::endpoint)> TcpResolveCallback;
+typedef boost::function<void (boost::asio::ip::udp::resolver::iterator)> UdpResolveCallback;
+typedef boost::function<void (boost::asio::ip::tcp::resolver::iterator)> TcpResolveCallback;
 typedef boost::function<void (std::runtime_error const&)> ErrorCallback;
 
 template<class Proto>
 class ResolveHandler
 {
 public:
-  ResolveHandler(const std::string& addr, const std::string& port, boost::function<void (boost::asio::ip::basic_endpoint<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r = ANY);
-  void operator()(const boost::system::error_code& e, const boost::asio::ip::basic_resolver_iterator<Proto>);
+  ResolveHandler(const std::string& addr, const std::string& port, boost::function<void (boost::asio::ip::basic_resolver_iterator<Proto>)> const& onResolve, ErrorCallback const& onError, ResolvAddrType r = ANY);
+  void operator()(const boost::system::error_code& e, boost::asio::ip::basic_resolver_iterator<Proto>);
 
 private:
   std::string addr_;
   std::string port_;
-  boost::function<void (boost::asio::ip::basic_endpoint<Proto>)> onResolve_;
+  boost::function<void (const boost::asio::ip::basic_resolver_iterator<Proto>)> onResolve_;
   ErrorCallback onError_;
   ResolvAddrType resolv_addr_type_;
 };
diff --git a/src/signalController.cpp b/src/signalController.cpp
index 2e4a53e..6a20588 100644
--- a/src/signalController.cpp
+++ b/src/signalController.cpp
@@ -32,19 +32,13 @@
 
 #include <map>
 #include <iostream>
+#include <boost/bind.hpp>
 
 #include "signalController.h"
 #include "log.h"
 #include "anytunError.h"
 #include "threadUtils.hpp"
 
-#ifndef _MSC_VER
-#include <csignal>
-#include <boost/bind.hpp>
-#else
-#include <windows.h>
-#endif
-
 SignalController* SignalController::inst = NULL;
 Mutex SignalController::instMutex;
 SignalController& gSignalController = SignalController::instance();
@@ -59,157 +53,28 @@ SignalController& SignalController::instance()
 	return *inst;
 }
 
-int SigErrorHandler::handle(const std::string& msg)
+int SigErrorHandler(int /*sig*/, const std::string& msg)
 {
   AnytunError::throwErr() << msg;
 
   return 0;
 }
 
+//use system specific signal handler
 #ifndef _MSC_VER
-
-int SigIntHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "SIG-Int caught, exiting";
-
-  return 1;
-}
-
-int SigQuitHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "SIG-Quit caught, exiting";
-
-  return 1;
-}
-
-int SigHupHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "SIG-Hup caught";
-
-  return 0;
-}
-
-int SigTermHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "SIG-Term caughtm, exiting";
-
-  return 1;
-}
-
-int SigUsr1Handler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr1 caught";
-
-  return 0;
-}
-
-int SigUsr2Handler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "SIG-Usr2 caught";
-
-  return 0;
-}
-#else
-int CtrlCHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "CTRL-C Event received, exitting";
-
-  return 1;
-}
-
-int CtrlBreakHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "CTRL-Break Event received, ignoring";
-
-  return 0;
-}
-
-int CtrlCloseHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "Close Event received, exitting";
-
-  return 1;
-}
-
-int CtrlLogoffHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "LogOff Event received, exitting";
-
-  return 1;
-}
-
-int CtrlShutdownHandler::handle()
-{
-  cLog.msg(Log::PRIO_NOTICE) << "Shutdown Event received, exitting";
-
-  return 1;
-}
-#endif
-
-SignalController::~SignalController() 
-{
-  for(HandlerMap::iterator it = handler.begin(); it != handler.end(); ++it)
-    delete it->second;
-}
-
-#ifndef _MSC_VER
-void SignalController::handle()
-{
-  sigset_t signal_set;
-  int sigNum;
-
-  while(1) 
-  {
-    sigfillset(&signal_set);
-    sigwait(&signal_set, &sigNum);
-    inject(sigNum);
-  }
-}
+#include "signalHandler.hpp"
 #else
-bool SignalController::handle(DWORD ctrlType)
-{
-  gSignalController.inject(ctrlType);
-  return true;
-}
+ #ifdef WIN_SERVICE
+ #include "win32/signalServiceHandler.hpp"
+ #else
+ #include "win32/signalHandler.hpp"
+ #endif
 #endif
 
-void SignalController::init()
+void SignalController::init(DaemonService& service)
 {
-#ifndef _MSC_VER
-  sigset_t signal_set;
-  
-  sigfillset(&signal_set);        
-  sigdelset(&signal_set, SIGCHLD);
-  sigdelset(&signal_set, SIGSEGV);
-  sigdelset(&signal_set, SIGBUS);
-  sigdelset(&signal_set, SIGFPE);
-
-#if defined(BOOST_HAS_PTHREADS)
-  pthread_sigmask(SIG_BLOCK, &signal_set, NULL);
-#else
-#error The signalhandler works only with pthreads
-#endif
-  
-  boost::thread(boost::bind(&SignalController::handle, this));
-
-  handler[SIGINT] = new SigIntHandler;
-  handler[SIGQUIT] = new SigQuitHandler;
-  handler[SIGHUP] = new SigHupHandler;
-  handler[SIGTERM] = new SigTermHandler;
-  handler[SIGUSR1] = new SigUsr1Handler;
-  handler[SIGUSR2] = new SigUsr2Handler;
-#else
-  if(!SetConsoleCtrlHandler((PHANDLER_ROUTINE)SignalController::handle, true))
-    AnytunError::throwErr() << "Error on SetConsoleCtrlhandler: " << AnytunErrno(GetLastError());
-
-  handler[CTRL_C_EVENT] = new CtrlCHandler;
-  handler[CTRL_BREAK_EVENT] = new CtrlBreakHandler;
-  handler[CTRL_CLOSE_EVENT] = new CtrlCloseHandler;
-  handler[CTRL_LOGOFF_EVENT] = new CtrlLogoffHandler;
-  handler[CTRL_SHUTDOWN_EVENT] = new CtrlShutdownHandler;
-#endif
-
-  handler[SIGERROR] = new SigErrorHandler;
+  registerSignalHandler(*this, service);
+  handler[SIGERROR] = boost::bind(SigErrorHandler, _1, _2);
 }
 
 void SignalController::inject(int sig, const std::string& msg)
@@ -223,6 +88,11 @@ void SignalController::inject(int sig, const std::string& msg)
 
 int SignalController::run()
 {
+  for(CallbackMap::iterator it = callbacks.begin(); it != callbacks.end(); ++it)
+    if(it->first == CALLB_RUNNING)
+      it->second();
+
+  int ret = 0;
   while(1) {
     sigQueueSem.down();
     SigPair sig;
@@ -235,18 +105,24 @@ int SignalController::run()
     HandlerMap::iterator it = handler.find(sig.first);
     if(it != handler.end())
     {
-      int ret;
-      if(sig.second == "")
-        ret = it->second->handle();
-      else
-        ret = it->second->handle(sig.second);
+      ret = it->second(sig.first, sig.second);
 
       if(ret)
-        return ret;
+        break;
+    }
+    else {
+      it = handler.find(SIGUNKNOWN);
+      if(it != handler.end())
+        it->second(sig.first, sig.second);
+      else
+        cLog.msg(Log::PRIO_NOTICE) << "SIG " << sig.first << " caught with message '" << sig.second << "' - ignoring";
     }
-    else
-      cLog.msg(Log::PRIO_NOTICE) << "SIG " << sig.first << " caught with message '" << sig.second << "' - ignoring";
   }
-  return 0;
+
+  for(CallbackMap::iterator it = callbacks.begin(); it != callbacks.end(); ++it)
+    if(it->first == CALLB_STOPPING)
+      it->second();
+
+  return ret;
 }
 
diff --git a/src/signalController.h b/src/signalController.h
index 6108bea..fa5f0fb 100644
--- a/src/signalController.h
+++ b/src/signalController.h
@@ -35,138 +35,37 @@
 
 #include <map>
 #include <queue>
+#include <boost/function.hpp>
 
 #include "threadUtils.hpp"
 
-#ifndef _MSC_VER
-#include <csignal>
+#ifdef WIN_SERVICE
+//#include "win32/winService.h"
+class WinService;
+typedef WinService DaemonService;
+#else
+class DaemonService;
 #endif
 
 #define SIGERROR -1
+#define SIGUNKNOWN -2
 
-class SignalHandler
-{
-public:
-  virtual ~SignalHandler() {}
-
-  virtual int handle() { return 0; }
-  virtual int handle(const std::string& msg) { return 0; }
-
-protected:
-  SignalHandler(int s) : sigNum(s) {}
-
-private:
-  int sigNum;
-  friend class SignalController;
-};
-
-class SigErrorHandler : public SignalHandler
-{
-public:
-  SigErrorHandler() : SignalHandler(SIGERROR) {}
-  int handle(const std::string& msg);
-};
-
-#ifndef _MSC_VER
-class SigIntHandler : public SignalHandler
-{
-public:
-  SigIntHandler() : SignalHandler(SIGINT) {}
-  int handle();
-};
-
-class SigQuitHandler : public SignalHandler
-{
-public:
-  SigQuitHandler() : SignalHandler(SIGQUIT) {}
-  int handle();
-};
-
-class SigHupHandler : public SignalHandler
-{
-public:
-  SigHupHandler() : SignalHandler(SIGHUP) {}
-  int handle();
-};
-
-class SigUsr1Handler : public SignalHandler
-{
-public:
-  SigUsr1Handler() : SignalHandler(SIGUSR1) {}
-  int handle();
-};
-
-class SigUsr2Handler : public SignalHandler
-{
-public:
-  SigUsr2Handler() : SignalHandler(SIGUSR2) {}
-  int handle();
-};
-
-class SigTermHandler : public SignalHandler
-{
-public:
-  SigTermHandler() : SignalHandler(SIGTERM) {}
-  int handle();
-};
-
-#else
-
-class CtrlCHandler : public SignalHandler
-{
-public:
-  CtrlCHandler() : SignalHandler(CTRL_C_EVENT) {}
-  int handle();
-};
-
-class CtrlBreakHandler : public SignalHandler
-{
-public:
-  CtrlBreakHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
-  int handle();
-};
-
-class CtrlCloseHandler : public SignalHandler
-{
-public:
-  CtrlCloseHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
-  int handle();
-};
-
-class CtrlLogoffHandler : public SignalHandler
-{
-public:
-  CtrlLogoffHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
-  int handle();
-};
-
-class CtrlShutdownHandler : public SignalHandler
-{
-public:
-  CtrlShutdownHandler() : SignalHandler(CTRL_BREAK_EVENT) {}
-  int handle();
-};
-#endif
+typedef boost::function<int (int, std::string const&)> SignalHandler;
+typedef enum { CALLB_RUNNING, CALLB_STOPPING } CallbackType;
+typedef boost::function<void ()> ServiceCallback;
 
 class SignalController
 {
 public:
   static SignalController& instance();
-#ifndef _MSC_VER
-  void handle();
-#else
-  static bool handle(DWORD ctrlType);
-#endif
 
-  void init();
+  void init(DaemonService& service);
   int run();
   void inject(int sig, const std::string& msg = "");
 
 private:
-  typedef std::map<int, SignalHandler*> HandlerMap;
-
   SignalController() {};
-  ~SignalController();
+  ~SignalController() {};
   SignalController(const SignalController &s);
   void operator=(const SignalController &s);
 
@@ -185,7 +84,12 @@ private:
   Mutex sigQueueMutex;
   Semaphore sigQueueSem;
 
+  typedef std::map<int, SignalHandler> HandlerMap;
   HandlerMap handler;
+  typedef std::map<CallbackType, ServiceCallback> CallbackMap;
+  CallbackMap callbacks;
+
+  friend void registerSignalHandler(SignalController& ctrl, DaemonService& service);
 };
 
 extern SignalController& gSignalController;
diff --git a/src/syncServer.cpp b/src/syncServer.cpp
index b61872c..e4f6434 100644
--- a/src/syncServer.cpp
+++ b/src/syncServer.cpp
@@ -33,24 +33,54 @@
 #include "syncServer.h"
 #include "resolver.h"
 #include "log.h"
+#include "anytunError.h"
 
 //using asio::ip::tcp;
 
 SyncServer::SyncServer(std::string localaddr, std::string port, ConnectCallback onConnect) 
-  : acceptor_(io_service_), onConnect_(onConnect)
+  : onConnect_(onConnect)
 {
   gResolver.resolveTcp(localaddr, port, boost::bind(&SyncServer::onResolve, this, _1), boost::bind(&SyncServer::onResolvError, this, _1));
 }
 
-void SyncServer::onResolve(const SyncTcpConnection::proto::endpoint& e)
+SyncServer::~SyncServer() 
 {
-  acceptor_.open(e.protocol());
-  acceptor_.set_option(boost::asio::socket_base::reuse_address(true));
-  acceptor_.bind(e);
-  acceptor_.listen();
+  std::list<AcceptorsElement>::iterator it = acceptors_.begin();
+  for(;it != acceptors_.end(); ++it) {
+/// this might be a needed by a running thread, TODO cleanup
+//    delete(it->acceptor_);
+  }
+}
+
+void SyncServer::onResolve(SyncTcpConnection::proto::resolver::iterator& it)
+{
+  while(it != SyncTcpConnection::proto::resolver::iterator()) {
+    SyncTcpConnection::proto::endpoint e = *it;
+    
+    AcceptorsElement acceptor;
+    acceptor.acceptor_ = new SyncTcpConnection::proto::acceptor(io_service_);
+    if(!acceptor.acceptor_)
+      AnytunError::throwErr() << "memory error";
+
+    acceptor.acceptor_->open(e.protocol());
+#ifndef _MSC_VER
+    if(e.protocol() == boost::asio::ip::tcp::v6())
+      acceptor.acceptor_->set_option(boost::asio::ip::v6_only(true));
+#endif
+    acceptor.acceptor_->set_option(boost::asio::socket_base::reuse_address(true));
+    acceptor.acceptor_->bind(e);
+    acceptor.acceptor_->listen();
+    acceptor.started_ = false;
+
+    acceptors_.push_back(acceptor);
+
+    cLog.msg(Log::PRIO_NOTICE) << "sync server listening on " << e;
+
+    it++;
+  }
+
   start_accept();
   ready_sem_.up();
-  cLog.msg(Log::PRIO_NOTICE) << "sync server listening on " << e;
 }
 
 void SyncServer::onResolvError(const std::runtime_error& e)
@@ -75,17 +105,27 @@ void SyncServer::send(std::string message)
 void SyncServer::start_accept()
 {
   Lock lock(mutex_);
-  SyncTcpConnection::pointer new_connection = SyncTcpConnection::create(acceptor_.io_service());
-  conns_.push_back(new_connection);
-  acceptor_.async_accept(new_connection->socket(),
-                         boost::bind(&SyncServer::handle_accept, this, new_connection, boost::asio::placeholders::error));
+
+  std::list<AcceptorsElement>::iterator it = acceptors_.begin();
+  for(;it != acceptors_.end(); ++it) {
+    if(!it->started_) {
+      SyncTcpConnection::pointer new_connection = SyncTcpConnection::create(it->acceptor_->io_service());
+      conns_.push_back(new_connection);
+      it->acceptor_->async_accept(new_connection->socket(),
+                             boost::bind(&SyncServer::handle_accept, this, new_connection, boost::asio::placeholders::error, it));
+      it->started_ = true;
+    }
+  }
 }
 
-void SyncServer::handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error)
+void SyncServer::handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error, std::list<AcceptorsElement>::iterator it)
 {
   if (!error) {
+    cLog.msg(Log::PRIO_INFO) << "new sync client connected from " << new_connection->socket().remote_endpoint();
+
     new_connection->onConnect = onConnect_;
     new_connection->start();
+    it->started_ = false;
     start_accept();
   }
 }
diff --git a/src/syncServer.h b/src/syncServer.h
index b73247f..032e975 100644
--- a/src/syncServer.h
+++ b/src/syncServer.h
@@ -50,7 +50,8 @@ class SyncServer
 {
 public:
   SyncServer(std::string localaddr, std::string port, ConnectCallback onConnect);
-  void onResolve(const SyncTcpConnection::proto::endpoint& e);
+  ~SyncServer();
+  void onResolve(SyncTcpConnection::proto::resolver::iterator& it);
   void onResolvError(const std::runtime_error& e);
   
   void run();
@@ -59,14 +60,18 @@ public:
   std::list<SyncTcpConnection::pointer> conns_;
   
 private:
-  void start_accept();
-  void handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error);
-  
   Mutex mutex_; //Mutex for list conns_
   boost::asio::io_service io_service_;
-  SyncTcpConnection::proto::acceptor acceptor_;
+  typedef struct {
+    SyncTcpConnection::proto::acceptor* acceptor_;
+    bool started_;
+  } AcceptorsElement;
+  std::list<AcceptorsElement> acceptors_;
   ConnectCallback onConnect_;
   Semaphore ready_sem_;
+
+  void start_accept();
+  void handle_accept(SyncTcpConnection::pointer new_connection, const boost::system::error_code& error, std::list<AcceptorsElement>::iterator it);
 };
 
 #endif
diff --git a/src/syncTcpConnection.cpp b/src/syncTcpConnection.cpp
index d243633..08875c7 100644
--- a/src/syncTcpConnection.cpp
+++ b/src/syncTcpConnection.cpp
@@ -48,10 +48,10 @@ void SyncTcpConnection::start()
 
 void SyncTcpConnection::Send(std::string message)
 {
-    boost::asio::async_write(socket_, boost::asio::buffer(message),
-        boost::bind(&SyncTcpConnection::handle_write, shared_from_this(),
-          boost::asio::placeholders::error,
-          boost::asio::placeholders::bytes_transferred));
+  boost::asio::async_write(socket_, boost::asio::buffer(message),
+                           boost::bind(&SyncTcpConnection::handle_write, shared_from_this(),
+                                       boost::asio::placeholders::error,
+                                       boost::asio::placeholders::bytes_transferred));
 }
 SyncTcpConnection::SyncTcpConnection(boost::asio::io_service& io_service)
 	: socket_(io_service)
diff --git a/src/sysExec.cpp b/src/sysExec.cpp
index 49c0cae..a69349f 100644
--- a/src/sysExec.cpp
+++ b/src/sysExec.cpp
@@ -38,120 +38,35 @@
 #include "log.h"
 #include "anytunError.h"
 
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/wait.h>
-#include <sys/select.h>
-#include <stdlib.h>
-#include <string.h>
-#include <cstring>
+//use system specific sys exec
+#ifndef _MSC_VER
+#include "sysExec.hpp"
+#else
+#include "win32/sysExec.hpp"
+#endif
 
-void anytun_exec(std::string const& script)
+
+SysExec::SysExec(std::string const& script) : script_(script),closed_(false),return_code_(0)
 {
-  anytun_exec(script, StringVector(), StringList());
+  doExec(StringVector(), StringList());
 }
 
-void anytun_exec(std::string const& script, StringVector const& args)
+SysExec::SysExec(std::string const& script, StringVector args) : script_(script),closed_(false),return_code_(0)
 {
-  anytun_exec(script, args, StringList());
+  doExec(args, StringList());
 }
 
-void anytun_exec(std::string const& script, StringList const& env)
+SysExec::SysExec(std::string const& script, StringList env) : script_(script),closed_(false),return_code_(0)
 {
-  anytun_exec(script, StringVector(), env);
+  doExec(StringVector(), env);
 }
 
-void anytun_exec(std::string const& script, StringVector const& args, StringList const& env)
+SysExec::SysExec(std::string const& script, StringVector args, StringList env) : script_(script),closed_(false),return_code_(0)
 {
-  int pipefd[2];
-  if(pipe(pipefd) == -1) {
-    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "' pipe() error: " << AnytunErrno(errno);
-    return;
-  }
-
-  pid_t pid;
-  pid = fork();
-  if(pid == -1) {
-    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "' fork() error: " << AnytunErrno(errno);
-    return;
-  }
-
-  if(pid) {
-    close(pipefd[1]);
-    boost::thread(boost::bind(waitForScript, script, pid, pipefd[0]));
-    return;
-  }
-
-// child code
-  int fd;
-  for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
-    if(fd != pipefd[1]) close(fd);
-  
-  fd = open("/dev/null",O_RDWR);        // stdin
-  if(fd == -1)
-    cLog.msg(Log::PRIO_WARNING) << "can't open stdin";
-  else {
-    if(dup(fd) == -1)   // stdout
-      cLog.msg(Log::PRIO_WARNING) << "can't open stdout";
-    if(dup(fd) == -1)   // stderr
-      cLog.msg(Log::PRIO_WARNING) << "can't open stderr";
-  }
-  
-  char** argv = new char*[args.size() + 2];
-  argv[0] = new char[script.size() + 1];
-  std::strcpy(argv[0], script.c_str());
-  for(unsigned int i=0; i<args.size(); ++i) {
-    argv[i+1] = new char[args[i].size() + 1];
-    std::strcpy(argv[i+1], args[i].c_str());
-  }
-  argv[args.size() + 1] = NULL;
-
-  char** evp;
-  evp = new char*[env.size() + 1];
-  unsigned int i = 0;
-  for(StringList::const_iterator it = env.begin(); it != env.end(); ++it) {
-    evp[i] = new char[it->size() + 1];
-    std::strcpy(evp[i], it->c_str());
-    ++i;
-  }
-  evp[env.size()] = NULL;
-  
-  execve(script.c_str(), argv, evp);
-      // if execve returns, an error occurred, but logging doesn't work 
-      // because we closed all file descriptors, so just write errno to
-      // pipe and call exit
-  int err = errno;
-  int ret = write(pipefd[1], (void*)(&err), sizeof(err));
-  if(ret != sizeof(errno))
-    exit(-2);
-  exit(-1);
+  doExec(args, env);
 }
 
-void waitForScript(std::string const& script, pid_t pid, int pipefd)
+int SysExec::getReturnCode() const 
 {
-  int status = 0;
-  waitpid(pid, &status, 0);
-
-  fd_set rfds;
-  FD_ZERO(&rfds);
-  FD_SET(pipefd, &rfds);
-  struct timeval tv = { 0 , 0 };
-  if(select(pipefd+1, &rfds, NULL, NULL, &tv) == 1) {
-    int err = 0;
-    if(read(pipefd, (void*)(&err), sizeof(err)) >= static_cast<int>(sizeof(err))) {
-      cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' exec() error: " << AnytunErrno(err);
-      close(pipefd);
-      return;
-    }
-  }
-  if(WIFEXITED(status))
-    cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' returned " << WEXITSTATUS(status);  
-  else if(WIFSIGNALED(status))
-    cLog.msg(Log::PRIO_NOTICE) << "script '" << script << "' terminated after signal " << WTERMSIG(status);
-  else
-    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script << "': unkown error";
-
-  close(pipefd);
+  return return_code_;
 }
diff --git a/src/sysExec.h b/src/sysExec.h
index e608472..b5400b9 100644
--- a/src/sysExec.h
+++ b/src/sysExec.h
@@ -33,8 +33,6 @@
 #ifndef ANYTUN_sysExec_h_INCLUDED
 #define ANYTUN_sysExec_h_INCLUDED
 
-#ifndef NO_EXEC
-
 #include <vector>
 #include <list>
 #include <string>
@@ -42,11 +40,35 @@
 typedef std::vector<std::string> StringVector;
 typedef std::list<std::string> StringList;
 
-void anytun_exec(std::string const& script);
-void anytun_exec(std::string const& script, StringVector const& args);
-void anytun_exec(std::string const& script, StringList const& env);
-void anytun_exec(std::string const& script, StringVector const& args, StringList const& env);
-void waitForScript(std::string const& script, pid_t pid, int pipefd);
+class SysExec
+{
+  public:
+    SysExec(std::string const& script);
+    SysExec(std::string const& script, StringVector args);
+    SysExec(std::string const& script, StringList env);
+    SysExec(std::string const& script, StringVector args, StringList env);
+    ~SysExec();
+
+    int waitForScript();
+    int getReturnCode() const;
+
+    static void waitAndDestroy(SysExec*& s);
 
+  private:
+    void doExec(StringVector args, StringList env);
+
+    std::string script_;
+    bool closed_;    
+#ifdef _MSC_VER
+    PROCESS_INFORMATION process_info_;
+    DWORD return_code_;
+#else
+    pid_t pid_;
+    int pipefd_;
+    int return_code_;
 #endif
+
+    
+};
+
 #endif
diff --git a/src/tunDevice.h b/src/tunDevice.h
index e00751f..8b400a9 100644
--- a/src/tunDevice.h
+++ b/src/tunDevice.h
@@ -36,9 +36,10 @@
 #include "buffer.h"
 #include "deviceConfig.hpp"
 #include "threadUtils.hpp"
-
 #ifdef _MSC_VER
 #include <windows.h>
+#else
+#include "sysExec.h"
 #endif
 
 class TunDevice
@@ -53,6 +54,7 @@ public:
   const char* getActualName() const { return actual_name_.c_str(); }
   const char* getActualNode() const { return actual_node_.c_str(); }
   device_type_t getType() const { return conf_.type_; } 
+  void waitUntilReady();
   const char* getTypeString() const
   {
 #ifndef _MSC_VER
@@ -71,7 +73,6 @@ public:
     return "";
   }
 
-
 private:
   void operator=(const TunDevice &src);
   TunDevice(const TunDevice &src);
@@ -91,6 +92,9 @@ private:
 #endif
 
   DeviceConfig conf_;
+#ifndef _MSC_VER
+  SysExec * sys_exec_;
+#endif
   bool with_pi_;
   std::string actual_name_;
   std::string actual_node_;
diff --git a/src/win32/make_version_h.bat b/src/win32/make_version_h.bat
new file mode 100644
index 0000000..9506455
--- /dev/null
+++ b/src/win32/make_version_h.bat
@@ -0,0 +1,22 @@
+@echo off
+
+setlocal
+set /p VERSION=<..\version
+set OUTPUT_FILE=version.h
+
+echo /* > %OUTPUT_FILE%
+echo  * anytun version info >> %OUTPUT_FILE%
+echo  * >> %OUTPUT_FILE%
+echo  * this file was created automatically >> %OUTPUT_FILE%
+echo  * do not edit this file directly >> %OUTPUT_FILE%
+echo  * use win32/make_version_h.bat instead >> %OUTPUT_FILE%
+echo  */ >> %OUTPUT_FILE%
+echo. >> %OUTPUT_FILE%
+echo #ifndef ANYTUN_version_h_INCLUDED >> %OUTPUT_FILE%
+echo #define ANYTUN_version_h_INCLUDED >> %OUTPUT_FILE%
+echo. >> %OUTPUT_FILE%
+echo #define VERSION_STRING_0 " version %VERSION%" >> %OUTPUT_FILE%
+echo #define VERSION_STRING_1 "built on %COMPUTERNAME%, %DATE% %TIME%" >> %OUTPUT_FILE%
+echo. >> %OUTPUT_FILE%
+echo #endif >> %OUTPUT_FILE%
+
diff --git a/src/win32/signalHandler.hpp b/src/win32/signalHandler.hpp
new file mode 100644
index 0000000..23872a6
--- /dev/null
+++ b/src/win32/signalHandler.hpp
@@ -0,0 +1,86 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_signalHandler_hpp_INCLUDED
+#define ANYTUN_signalHandler_hpp_INCLUDED
+
+#include <windows.h>
+
+int CtrlCHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "CTRL-C Event received, exitting";
+  return 1;
+}
+
+int CtrlBreakHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "CTRL-Break Event received, ignoring";
+  return 0;
+}
+
+int CtrlCloseHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "Close Event received, exitting";
+  return 1;
+}
+
+int CtrlLogoffHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "LogOff Event received, exitting";
+  return 1;
+}
+
+int CtrlShutdownHandler(int /*sig*/, const std::string& /*msg*/)
+{
+  cLog.msg(Log::PRIO_NOTICE) << "Shutdown Event received, exitting";
+  return 1;
+}
+
+bool handleSignal(DWORD ctrlType)
+{
+  gSignalController.inject(ctrlType);
+  return true;
+}
+
+void registerSignalHandler(SignalController& ctrl, DaemonService& /*service*/)
+{
+  if(!SetConsoleCtrlHandler((PHANDLER_ROUTINE)handleSignal, true))
+    AnytunError::throwErr() << "Error on SetConsoleCtrlhandler: " << AnytunErrno(GetLastError());
+
+  ctrl.handler[CTRL_C_EVENT] = boost::bind(CtrlCHandler, _1, _2);
+  ctrl.handler[CTRL_BREAK_EVENT] = boost::bind(CtrlBreakHandler, _1, _2);
+  ctrl.handler[CTRL_CLOSE_EVENT] = boost::bind(CtrlCloseHandler, _1, _2);
+  ctrl.handler[CTRL_LOGOFF_EVENT] = boost::bind(CtrlLogoffHandler, _1, _2);
+  ctrl.handler[CTRL_SHUTDOWN_EVENT] = boost::bind(CtrlShutdownHandler, _1, _2);
+}
+
+#endif
diff --git a/src/win32/signalServiceHandler.hpp b/src/win32/signalServiceHandler.hpp
new file mode 100644
index 0000000..da16de5
--- /dev/null
+++ b/src/win32/signalServiceHandler.hpp
@@ -0,0 +1,48 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ANYTUN_signalServiceHandler_hpp_INCLUDED
+#define ANYTUN_signalServiceHandler_hpp_INCLUDED
+
+#include "winService.h"
+
+void registerSignalHandler(SignalController& ctrl, WinService& service)
+{
+  ctrl.handler[SERVICE_CONTROL_STOP] = boost::bind(&WinService::handleCtrlSignal, &service, _1, _2);
+  ctrl.handler[SERVICE_CONTROL_INTERROGATE] = boost::bind(&WinService::handleCtrlSignal, &service, _1, _2);
+  ctrl.handler[SIGUNKNOWN] = boost::bind(&WinService::handleCtrlSignal, &service, _1, _2);
+
+  ctrl.callbacks.insert(SignalController::CallbackMap::value_type(CALLB_RUNNING, boost::bind(&WinService::reportStatus, &service, SERVICE_RUNNING, NO_ERROR)));
+  ctrl.callbacks.insert(SignalController::CallbackMap::value_type(CALLB_STOPPING, boost::bind(&WinService::reportStatus, &service, SERVICE_STOP_PENDING, NO_ERROR)));
+}
+
+#endif
diff --git a/src/win32/sysExec.hpp b/src/win32/sysExec.hpp
new file mode 100644
index 0000000..ed5be01
--- /dev/null
+++ b/src/win32/sysExec.hpp
@@ -0,0 +1,160 @@
+/*
+ *  anytun
+ *
+ *  The secure anycast tunneling protocol (satp) defines a protocol used
+ *  for communication between any combination of unicast and anycast
+ *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
+ *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ *  ethernet, ip, arp ...). satp directly includes cryptography and
+ *  message authentication based on the methodes used by SRTP.  It is
+ *  intended to deliver a generic, scaleable and secure solution for
+ *  tunneling and relaying of packets of any protocol.
+ *
+ *
+ *  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
+ *                          Christian Pointner <satp@wirdorange.org>
+ *
+ *  This file is part of Anytun.
+ *
+ *  Anytun is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  any later version.
+ *
+ *  Anytun is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#pragma once
+#ifndef ANYTUN_sysexec_hpp_INCLUDED
+#define ANYTUN_sysexec_hpp_INCLUDED
+
+#include <algorithm>
+#include <iostream> // todo remove
+#include <windows.h>
+
+SysExec::~SysExec()
+{
+  if(!closed_) {
+    CloseHandle(process_info_.hProcess);
+    CloseHandle(process_info_.hThread);
+  }
+}
+
+STARTUPINFOA getStartupInfo() {
+  STARTUPINFOA startup_info;
+  startup_info.cb = sizeof(STARTUPINFOA);
+  GetStartupInfoA(&startup_info);
+
+  //startup_info.dwFlags = STARTF_USESTDHANDLES;
+  //startup_info.hStdInput = CreateFile("NUL", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, 0, 0, 0); // INVALID_HANDLE_VALUE;
+  //startup_info.hStdOutput = CreateFile("NUL", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, 0, 0, 0); // INVALID_HANDLE_VALUE;
+  //startup_info.hStdError = CreateFile("NUL", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, 0, 0, 0); // INVALID_HANDLE_VALUE;
+  startup_info.dwFlags |= STARTF_USESHOWWINDOW;
+  startup_info.wShowWindow = SW_HIDE;
+  
+  return startup_info;
+}
+
+char const * const BATCH_FILE_EXTS[] = { ".bat", ".cmd" };
+int const BATCH_FILE_EXTS_COUNT = sizeof(BATCH_FILE_EXTS) / sizeof(BATCH_FILE_EXTS[0]);
+
+bool endsWith(std::string const& string, std::string const& suffix) {
+  return string.find(suffix, string.size() - suffix.size()) != std::string::npos;
+}
+
+void SysExec::doExec(StringVector args, StringList env)
+{
+  std::vector<char> arguments;
+  
+  bool isBatchFile = false;
+  for(int i = 0; i < BATCH_FILE_EXTS_COUNT; ++i) {
+    if(endsWith(script_, BATCH_FILE_EXTS[i])) {
+      isBatchFile = true;
+      break;
+    }
+  }
+
+  if(isBatchFile) {
+    std::string const BATCH_INTERPRETER = "cmd /c \"";
+    arguments.insert(arguments.end(), BATCH_INTERPRETER.begin(), BATCH_INTERPRETER.end());
+  }
+  arguments.push_back('\"');
+  arguments.insert(arguments.end(), script_.begin(), script_.end());
+  arguments.push_back('\"');
+  arguments.push_back(' ');
+  
+  for(StringVector::const_iterator it = args.begin(); it != args.end(); ++it) {
+    arguments.push_back('\"');
+    arguments.insert(arguments.end(), it->begin(), it->end());
+    arguments.push_back('\"');
+    arguments.push_back(' ');
+  }
+
+  if(isBatchFile) {
+    arguments.push_back('\"');
+  }
+  arguments.push_back(0);
+  
+  STARTUPINFOA startup_info = getStartupInfo();
+
+  std::map<std::string, std::string> envDict;
+  for(StringList::const_iterator it = env.begin(); it != env.begin(); ++it) {
+    size_t delimiter_pos = it->find('=');
+    envDict.insert(std::make_pair(it->substr(0, delimiter_pos), it->substr(delimiter_pos + 1)));
+  }
+  std::vector<char> env;
+  for(std::map<std::string, std::string>::iterator it = envDict.begin(); it != envDict.end(); ++it) {
+    env.insert(env.end(), it->first.begin(), it->first.end());
+    env.push_back(0);
+  }
+  env.push_back(0);
+
+  if(!CreateProcessA(NULL,
+                   &arguments[0],
+                   NULL,
+                   NULL,
+                   false,
+                   NULL,
+                   &env[0],
+                   NULL,
+                   &startup_info,
+                   &process_info_
+                   ))
+  {
+    cLog.msg(Log::PRIO_ERROR) << "executing script '" << script_ << "' CreateProcess() error: " << GetLastError();
+    return;
+  }
+}
+
+int SysExec::waitForScript()
+{
+  DWORD result = WaitForSingleObject(process_info_.hProcess, INFINITE);
+  assert(WAIT_OBJECT_0 == result); // WAIT_FAILED, WAIT_TIMEOUT ... ???
+  bool success = GetExitCodeProcess(process_info_.hProcess, &return_code_) != 0;
+  assert(true == success); // false -> HU?
+
+  CloseHandle(process_info_.hProcess);
+  CloseHandle(process_info_.hThread);
+  closed_ = true;
+
+  return static_cast<int>(return_code_);
+}
+
+void SysExec::waitAndDestroy(SysExec*& s)
+{
+  if(!s)
+    return;
+
+  s->waitForScript();
+  cLog.msg(Log::PRIO_NOTICE) << "script '" << s->script_ << "' returned " << s->return_code_;
+
+  delete(s);
+  s = NULL;
+}
+
+#endif // ANYTUN_sysexec_hpp_INCLUDED
diff --git a/src/win32/tunDevice.cpp b/src/win32/tunDevice.cpp
index fe6ab44..6e6c83d 100644
--- a/src/win32/tunDevice.cpp
+++ b/src/win32/tunDevice.cpp
@@ -270,3 +270,8 @@ void TunDevice::do_ifconfig()
 	}
   conf_.mtu_ = static_cast<u_int16_t>(mtu);
 }
+
+void TunDevice::waitUntilReady()
+{
+// nothing to be done here
+}
diff --git a/src/win32/winService.cpp b/src/win32/winService.cpp
index 1b7c9f8..8c17420 100644
--- a/src/win32/winService.cpp
+++ b/src/win32/winService.cpp
@@ -41,26 +41,6 @@
 #include "../anytunError.h"
 #include "../threadUtils.hpp"
 
-WinService* WinService::inst = NULL;
-Mutex WinService::instMutex;
-WinService& gWinService = WinService::instance();
-
-WinService& WinService::instance()
-{
-	Lock lock(instMutex);
-	static instanceCleaner c;
-	if(!inst)
-		inst = new WinService();
-	
-	return *inst;
-}
-
-WinService::~WinService()
-{
-  if(started_)
-    CloseHandle(stop_event_);
-}
-
 void WinService::install()
 {
   SC_HANDLE schSCManager;
@@ -125,75 +105,54 @@ void WinService::start()
     AnytunError::throwErr() << "Error on StartServiceCtrlDispatcher: " << AnytunErrno(GetLastError());
 }
 
-void WinService::waitForStop()
-{
-  if(!started_)
-    AnytunError::throwErr() << "Service not started correctly";
-  
-  reportStatus(SERVICE_RUNNING, NO_ERROR);
-  WaitForSingleObject(stop_event_, INFINITE);
-  reportStatus(SERVICE_STOP_PENDING, NO_ERROR);
-  cLog.msg(Log::PRIO_NOTICE) << "WinService received stop signal, exitting";
-}
-
-void WinService::stop()
-{
-  if(!started_)
-    AnytunError::throwErr() << "Service not started correctly";
-
-  reportStatus(SERVICE_STOPPED, NO_ERROR);
-}
-
-int real_main(int argc, char* argv[]);
+int real_main(int argc, char* argv[], WinService& service);
 
 VOID WINAPI WinService::main(DWORD dwArgc, LPTSTR *lpszArgv)
 {
-  if(gWinService.started_) {
-    cLog.msg(Log::PRIO_ERROR) << "Service is already running";
-    return;
-  }
+  WinService service;
 
-  gWinService.status_handle_ = RegisterServiceCtrlHandlerA(SVC_NAME, WinService::ctrlHandler);
-  if(!gWinService.status_handle_) { 
+  service.status_handle_ = RegisterServiceCtrlHandlerA(SVC_NAME, WinService::ctrlHandler);
+  if(!service.status_handle_) { 
     cLog.msg(Log::PRIO_ERROR) << "Error on RegisterServiceCtrlHandler: " << AnytunErrno(GetLastError());
     return;
   }
-  gWinService.status_.dwServiceType = SERVICE_WIN32_OWN_PROCESS; 
-  gWinService.status_.dwServiceSpecificExitCode = 0;    
-  gWinService.reportStatus(SERVICE_START_PENDING, NO_ERROR);
-  gWinService.started_ = true;
+  service.status_.dwServiceType = SERVICE_WIN32_OWN_PROCESS; 
+  service.status_.dwServiceSpecificExitCode = 0;    
+  service.reportStatus(SERVICE_START_PENDING, NO_ERROR);
   
-  gWinService.stop_event_ = CreateEvent(NULL, true, false, NULL);
-  if(!gWinService.stop_event_) {
-    cLog.msg(Log::PRIO_ERROR) << "WinService Error on CreateEvent: " << AnytunErrno(GetLastError());
-    gWinService.reportStatus(SERVICE_STOPPED, -1);
-    return;
-  }
-
-  real_main(dwArgc, lpszArgv);
+  real_main(dwArgc, lpszArgv, service);
+  
+  service.reportStatus(SERVICE_STOPPED, NO_ERROR);
 }
 
 VOID WINAPI WinService::ctrlHandler(DWORD dwCtrl)
 {
-  switch(dwCtrl) {
+  gSignalController.inject(dwCtrl);
+}
+
+int WinService::handleCtrlSignal(int sig, const std::string& msg)
+{
+  switch(sig) {
     case SERVICE_CONTROL_STOP: {
-      gWinService.reportStatus(SERVICE_STOP_PENDING, NO_ERROR);
-      SetEvent(gWinService.stop_event_);
-      return;
+      reportStatus(SERVICE_STOP_PENDING, NO_ERROR);
+      cLog.msg(Log::PRIO_NOTICE) << "received service stop signal, exitting";
+      return 1;
     }
     case SERVICE_CONTROL_INTERROGATE: break;
     default: break;
   }
-  gWinService.reportStatus(gWinService.status_.dwCurrentState, NO_ERROR);
+  reportStatus(status_.dwCurrentState, NO_ERROR);
+
+  return 0;
 }
 
-void WinService::reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint)
+void WinService::reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode)
 {
   static DWORD dwCheckPoint = 1;
 
   status_.dwCurrentState = dwCurrentState;
   status_.dwWin32ExitCode = dwWin32ExitCode;
-  status_.dwWaitHint = dwWaitHint;
+  status_.dwWaitHint = 0;
 
   if((dwCurrentState == SERVICE_START_PENDING) ||
      (dwCurrentState == SERVICE_STOP_PENDING))
@@ -210,4 +169,29 @@ void WinService::reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD
   SetServiceStatus(status_handle_, &status_);
 }
 
+void WinService::initPrivs(std::string const& username, std::string const& groupname)
+{
+// nothing here
+}
+
+void WinService::dropPrivs()
+{
+// nothing here
+}
+
+void WinService::chroot(std::string const& dir)
+{
+// nothing here
+}
+
+void WinService::daemonize()
+{
+// nothing here
+}
+
+bool WinService::isDaemonized()
+{
+  return true;
+}
+
 #endif
diff --git a/src/win32/winService.h b/src/win32/winService.h
index 6867c7c..9c95400 100644
--- a/src/win32/winService.h
+++ b/src/win32/winService.h
@@ -36,46 +36,39 @@
 #ifdef WIN_SERVICE
 
 #include "../threadUtils.hpp"
+#include "../signalController.h"
 
 class WinService
 {
 public:
-  static WinService& instance();
   #define SVC_NAME "anytun"
   static void install();
   static void uninstall();
   static void start();
 
-  void waitForStop();
-  void stop();
-
   static VOID WINAPI main(DWORD dwArgc, LPTSTR *lpszArgv);
   static VOID WINAPI ctrlHandler(DWORD dwCtrl);
+
+  void reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode);
+  int handleCtrlSignal(int sig, const std::string& msg);
+
+  void initPrivs(std::string const& username, std::string const& groupname);
+  void dropPrivs();
+  void chroot(std::string const& dir);
+  void daemonize();
+  bool isDaemonized();
+
 private:
-  WinService() : started_(false) {};
-  ~WinService();
+  WinService() {};
+  ~WinService() {};
   WinService(const WinService &w);
   void operator=(const WinService &w);
 
-  void reportStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint=0);
-
-  static WinService* inst;
-  static Mutex instMutex;
-  class instanceCleaner {
-    public: ~instanceCleaner() {
-      if(WinService::inst != NULL)
-        delete WinService::inst;
-    }
-  };
-  friend class instanceCleaner;
-  
-  bool started_;
   SERVICE_STATUS status_;
   SERVICE_STATUS_HANDLE status_handle_;
-  HANDLE stop_event_;
 };
 
-extern WinService& gWinService;
+typedef WinService DaemonService;
 
 #endif
 
diff --git a/version b/version
index 9fc80f9..1c09c74 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-0.3.2
\ No newline at end of file
+0.3.3
diff --git a/wireshark-lua/satp.lua b/wireshark-lua/satp.lua
deleted file mode 100644
index 20ece82..0000000
--- a/wireshark-lua/satp.lua
+++ /dev/null
@@ -1,83 +0,0 @@
---  anytun
---
---  The secure anycast tunneling protocol (satp) defines a protocol used
---  for communication between any combination of unicast and anycast
---  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
---  mode and allows tunneling of every ETHER TYPE protocol (e.g.
---  ethernet, ip, arp ...). satp directly includes cryptography and
---  message authentication based on the methodes used by SRTP.  It is
---  intended to deliver a generic, scaleable and secure solution for
---  tunneling and relaying of packets of any protocol.
---
---
---  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
---                          Christian Pointner <satp@wirdorange.org>
---
---  This file is part of Anytun.
---
---  Anytun is free software: you can redistribute it and/or modify
---  it under the terms of the GNU General Public License as published by
---  the Free Software Foundation, either version 3 of the License, or
---  any later version.
---
---  Anytun is distributed in the hope that it will be useful,
---  but WITHOUT ANY WARRANTY; without even the implied warranty of
---  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
---  GNU General Public License for more details.
---
---  You should have received a copy of the GNU General Public License
---  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
-
-
-do
- local proto_satp = Proto("SATP","Secure Anycast Tunneling Protocol")
-
- local payload_types = {
-       [0x0800] = "IPv4",
-       [0x6558] = "Ethernet",
-       [0x86DD] = "IPv6"
- }
-
- local payload_dissector = {
-       [0x0800] = "ip",
-       [0x6558] = "eth",
-       [0x86DD] = "ipv6"
- }
-
- local field_seq = ProtoField.uint32("satp.seq","Sequence Number",base.DEC)
- local field_sid = ProtoField.uint16("satp.sid","Sender ID",base.DEC)
- local field_mux = ProtoField.uint16("satp.mux","Mux",base.DEC)
- local field_ptype = ProtoField.uint16("satp.ptype","Payload Type (plain?)",base.HEX,payload_types)
-
- proto_satp.fields = { field_seq, field_sid, field_mux, field_ptype }
-
-
- -- create a function to dissect it
- function proto_satp.dissector(buffer,pinfo,tree)
-    local info_string = "Sender Id: " .. buffer(4,2):uint() .. ", Mux: " .. buffer(6,2):uint() .. ", SeqNr: " .. buffer(0,4):uint()
-    pinfo.cols.protocol = "SATP"
-    pinfo.cols.info = info_string
-
-    local subtree = tree:add(proto_satp,buffer(),"SATP, " .. info_string)
-
-    subtree:add(field_seq, buffer(0,4))
-    subtree:add(field_sid, buffer(4,2))
-    subtree:add(field_mux, buffer(6,2))
-
-    local payload_type = buffer(8,2):uint()
-
-    if payload_dissector[payload_type] ~= nil then
-       subtree:add(field_ptype, buffer(8,2))
-       Dissector.get(payload_dissector[payload_type]):call(buffer(10):tvb(),pinfo,tree)
-    else
-       Dissector.get("data"):call(buffer(8):tvb(),pinfo,tree)
-    end
- end
-
- -- load the udp.port table
-
- udp_table = DissectorTable.get("udp.port")
- 
- -- register our protocol to handle udp port 4444
- udp_table:add(4444,proto_satp)
-end
-- 
2.1.4