mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 00:21:11 +02:00
Initial SVN import of n2n v2
This commit is contained in:
parent
faaa47eda7
commit
b1e9ce6d2a
131
CMakeLists.txt
Normal file
131
CMakeLists.txt
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
project(n2n)
|
||||||
|
cmake_minimum_required(VERSION 2.6)
|
||||||
|
|
||||||
|
# N2n information
|
||||||
|
set(N2N_VERSION 2.1.0)
|
||||||
|
set(N2N_OSNAME ${CMAKE_SYSTEM})
|
||||||
|
|
||||||
|
# N2n specific params
|
||||||
|
if(NOT DEFINED N2N_OPTION_AES)
|
||||||
|
set(N2N_OPTION_AES ON)
|
||||||
|
endif(NOT DEFINED N2N_OPTION_AES)
|
||||||
|
|
||||||
|
add_definitions(-DN2N_VERSION='\"${N2N_VERSION}\"' -DN2N_OSNAME='\"${N2N_OSNAME}\"')
|
||||||
|
|
||||||
|
if(N2N_OPTION_AES)
|
||||||
|
add_definitions(-DN2N_HAVE_AES)
|
||||||
|
endif(N2N_OPTION_AES)
|
||||||
|
|
||||||
|
# Build information
|
||||||
|
if(NOT DEFINED BUILD_SHARED_LIBS)
|
||||||
|
set(BUILD_SHARED_LIBS OFF)
|
||||||
|
endif(NOT DEFINED BUILD_SHARED_LIBS)
|
||||||
|
|
||||||
|
if(NOT DEFINED CMAKE_BUILD_TYPE)
|
||||||
|
set(CMAKE_BUILD_TYPE None)
|
||||||
|
endif(NOT DEFINED CMAKE_BUILD_TYPE)
|
||||||
|
#set(CMAKE_BUILD_TYPE Debug)
|
||||||
|
#set(CMAKE_BUILD_TYPE Release)
|
||||||
|
|
||||||
|
#Ultrasparc64 users experiencing SIGBUS should try the following gcc options
|
||||||
|
#(thanks to Robert Gibbon)
|
||||||
|
#PLATOPTS_SPARC64=-mcpu=ultrasparc -pipe -fomit-frame-pointer -ffast-math -finline-functions -fweb -frename-registers -mapp-regs
|
||||||
|
|
||||||
|
# None
|
||||||
|
set(CMAKE_C_FLAGS "-Wall -Wshadow -Wpointer-arith -Wmissing-declarations -Wnested-externs")
|
||||||
|
set(CMAKE_CXX_FLAGS "-Wall -Wshadow -Wpointer-arith -Wmissing-declarations -Wnested-externs")
|
||||||
|
# Debug
|
||||||
|
set(CMAKE_C_FLAGS_DEBUG "-g")
|
||||||
|
set(CMAKE_CXX_FLAGS_DEBUG "-g")
|
||||||
|
# Release
|
||||||
|
set(CMAKE_C_FLAGS_RELEASE "-O2 -DNDEBUG")
|
||||||
|
set(CMAKE_CXX_FLAGS_RELEASE "-O2 -DNDEBUG")
|
||||||
|
|
||||||
|
## DEBUG FOR CMAKE
|
||||||
|
#message(${N2N_VERSION})
|
||||||
|
#message(${N2N_OSNAME})
|
||||||
|
##message(${CMAKE_BUILD_TYPE})
|
||||||
|
#message(${N2N_OPTION_AES})
|
||||||
|
## DEBUG FOR CMAKE
|
||||||
|
|
||||||
|
add_library(n2n n2n.c
|
||||||
|
n2n_keyfile.c
|
||||||
|
wire.c
|
||||||
|
minilzo.c
|
||||||
|
twofish.c
|
||||||
|
transform_null.c
|
||||||
|
transform_tf.c
|
||||||
|
transform_aes.c
|
||||||
|
tuntap_freebsd.c
|
||||||
|
tuntap_netbsd.c
|
||||||
|
tuntap_linux.c
|
||||||
|
tuntap_osx.c
|
||||||
|
version.c
|
||||||
|
)
|
||||||
|
|
||||||
|
if(DEFINED WIN32)
|
||||||
|
add_subdirectory(win32)
|
||||||
|
target_link_libraries(n2n n2n_win32)
|
||||||
|
endif(DEFINED WIN32)
|
||||||
|
|
||||||
|
if(N2N_OPTION_AES)
|
||||||
|
target_link_libraries(n2n crypto)
|
||||||
|
endif(N2N_OPTION_AES)
|
||||||
|
|
||||||
|
# For Solaris (or OpenSolaris?)
|
||||||
|
#target_link_libraries(n2n socket nsl)
|
||||||
|
|
||||||
|
add_executable(edge edge.c)
|
||||||
|
target_link_libraries(edge n2n)
|
||||||
|
|
||||||
|
add_executable(supernode sn.c)
|
||||||
|
target_link_libraries(supernode n2n)
|
||||||
|
|
||||||
|
add_executable(test test.c)
|
||||||
|
target_link_libraries(test n2n)
|
||||||
|
|
||||||
|
add_executable(benchmark benchmark.c)
|
||||||
|
target_link_libraries(benchmark n2n)
|
||||||
|
|
||||||
|
install(TARGETS edge supernode
|
||||||
|
RUNTIME DESTINATION sbin
|
||||||
|
LIBRARY DESTINATION lib
|
||||||
|
ARCHIVE DESTINATION lib
|
||||||
|
)
|
||||||
|
|
||||||
|
# Documentation
|
||||||
|
if(DEFINED UNIX)
|
||||||
|
add_dependencies(n2n doc)
|
||||||
|
file(MAKE_DIRECTORY ${PROJECT_BINARY_DIR}/doc)
|
||||||
|
add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/doc/edge.8.gz
|
||||||
|
COMMAND gzip -c ${PROJECT_SOURCE_DIR}/edge.8 > ${PROJECT_BINARY_DIR}/doc/edge.8.gz
|
||||||
|
DEPENDS ${PROJECT_SOURCE_DIR}/edge.8
|
||||||
|
)
|
||||||
|
|
||||||
|
add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/doc/supernode.1.gz
|
||||||
|
COMMAND gzip -c ${PROJECT_SOURCE_DIR}/supernode.1 > ${PROJECT_BINARY_DIR}/doc/supernode.1.gz
|
||||||
|
DEPENDS ${PROJECT_SOURCE_DIR}/supernode.1
|
||||||
|
)
|
||||||
|
|
||||||
|
add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/doc/n2n_v2.7.gz
|
||||||
|
COMMAND gzip -c ${PROJECT_SOURCE_DIR}/n2n_v2.7 > ${PROJECT_BINARY_DIR}/doc/n2n_v2.7.gz
|
||||||
|
DEPENDS ${PROJECT_SOURCE_DIR}/n2n_v2.7
|
||||||
|
)
|
||||||
|
|
||||||
|
add_custom_target(doc DEPENDS ${PROJECT_BINARY_DIR}/doc/edge.8.gz
|
||||||
|
${PROJECT_BINARY_DIR}/doc/supernode.1.gz
|
||||||
|
${PROJECT_BINARY_DIR}/doc/n2n_v2.7.gz
|
||||||
|
)
|
||||||
|
|
||||||
|
set_source_files_properties(${PROJECT_BINARY_DIR}/doc/edge.8.gz
|
||||||
|
${PROJECT_BINARY_DIR}/doc/supernode.1.gz
|
||||||
|
${PROJECT_BINARY_DIR}/doc/n2n_v2.7.gz
|
||||||
|
PROPERTIES GENERATED 1)
|
||||||
|
|
||||||
|
install(FILES ${PROJECT_BINARY_DIR}/doc/edge.8.gz
|
||||||
|
DESTINATION /usr/share/man8)
|
||||||
|
install(FILES ${PROJECT_BINARY_DIR}/doc/supernode.1.gz
|
||||||
|
DESTINATION /usr/share/man1)
|
||||||
|
install(FILES ${PROJECT_BINARY_DIR}/doc/n2n_v2.7.gz
|
||||||
|
DESTINATION /usr/share/man7)
|
||||||
|
endif(DEFINED UNIX)
|
674
COPYING
Normal file
674
COPYING
Normal file
|
@ -0,0 +1,674 @@
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
|
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The GNU General Public License is a free, copyleft license for
|
||||||
|
software and other kinds of works.
|
||||||
|
|
||||||
|
The licenses for most software and other practical works are designed
|
||||||
|
to take away your freedom to share and change the works. By contrast,
|
||||||
|
the GNU General Public License is intended to guarantee your freedom to
|
||||||
|
share and change all versions of a program--to make sure it remains free
|
||||||
|
software for all its users. We, the Free Software Foundation, use the
|
||||||
|
GNU General Public License for most of our software; it applies also to
|
||||||
|
any other work released this way by its authors. You can apply it to
|
||||||
|
your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not
|
||||||
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
|
have the freedom to distribute copies of free software (and charge for
|
||||||
|
them if you wish), that you receive source code or can get it if you
|
||||||
|
want it, that you can change the software or use pieces of it in new
|
||||||
|
free programs, and that you know you can do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to prevent others from denying you
|
||||||
|
these rights or asking you to surrender the rights. Therefore, you have
|
||||||
|
certain responsibilities if you distribute copies of the software, or if
|
||||||
|
you modify it: responsibilities to respect the freedom of others.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether
|
||||||
|
gratis or for a fee, you must pass on to the recipients the same
|
||||||
|
freedoms that you received. You must make sure that they, too, receive
|
||||||
|
or can get the source code. And you must show them these terms so they
|
||||||
|
know their rights.
|
||||||
|
|
||||||
|
Developers that use the GNU GPL protect your rights with two steps:
|
||||||
|
(1) assert copyright on the software, and (2) offer you this License
|
||||||
|
giving you legal permission to copy, distribute and/or modify it.
|
||||||
|
|
||||||
|
For the developers' and authors' protection, the GPL clearly explains
|
||||||
|
that there is no warranty for this free software. For both users' and
|
||||||
|
authors' sake, the GPL requires that modified versions be marked as
|
||||||
|
changed, so that their problems will not be attributed erroneously to
|
||||||
|
authors of previous versions.
|
||||||
|
|
||||||
|
Some devices are designed to deny users access to install or run
|
||||||
|
modified versions of the software inside them, although the manufacturer
|
||||||
|
can do so. This is fundamentally incompatible with the aim of
|
||||||
|
protecting users' freedom to change the software. The systematic
|
||||||
|
pattern of such abuse occurs in the area of products for individuals to
|
||||||
|
use, which is precisely where it is most unacceptable. Therefore, we
|
||||||
|
have designed this version of the GPL to prohibit the practice for those
|
||||||
|
products. If such problems arise substantially in other domains, we
|
||||||
|
stand ready to extend this provision to those domains in future versions
|
||||||
|
of the GPL, as needed to protect the freedom of users.
|
||||||
|
|
||||||
|
Finally, every program is threatened constantly by software patents.
|
||||||
|
States should not allow patents to restrict development and use of
|
||||||
|
software on general-purpose computers, but in those that do, we wish to
|
||||||
|
avoid the special danger that patents applied to a free program could
|
||||||
|
make it effectively proprietary. To prevent this, the GPL assures that
|
||||||
|
patents cannot be used to render the program non-free.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow.
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
0. Definitions.
|
||||||
|
|
||||||
|
"This License" refers to version 3 of the GNU General Public License.
|
||||||
|
|
||||||
|
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||||
|
works, such as semiconductor masks.
|
||||||
|
|
||||||
|
"The Program" refers to any copyrightable work licensed under this
|
||||||
|
License. Each licensee is addressed as "you". "Licensees" and
|
||||||
|
"recipients" may be individuals or organizations.
|
||||||
|
|
||||||
|
To "modify" a work means to copy from or adapt all or part of the work
|
||||||
|
in a fashion requiring copyright permission, other than the making of an
|
||||||
|
exact copy. The resulting work is called a "modified version" of the
|
||||||
|
earlier work or a work "based on" the earlier work.
|
||||||
|
|
||||||
|
A "covered work" means either the unmodified Program or a work based
|
||||||
|
on the Program.
|
||||||
|
|
||||||
|
To "propagate" a work means to do anything with it that, without
|
||||||
|
permission, would make you directly or secondarily liable for
|
||||||
|
infringement under applicable copyright law, except executing it on a
|
||||||
|
computer or modifying a private copy. Propagation includes copying,
|
||||||
|
distribution (with or without modification), making available to the
|
||||||
|
public, and in some countries other activities as well.
|
||||||
|
|
||||||
|
To "convey" a work means any kind of propagation that enables other
|
||||||
|
parties to make or receive copies. Mere interaction with a user through
|
||||||
|
a computer network, with no transfer of a copy, is not conveying.
|
||||||
|
|
||||||
|
An interactive user interface displays "Appropriate Legal Notices"
|
||||||
|
to the extent that it includes a convenient and prominently visible
|
||||||
|
feature that (1) displays an appropriate copyright notice, and (2)
|
||||||
|
tells the user that there is no warranty for the work (except to the
|
||||||
|
extent that warranties are provided), that licensees may convey the
|
||||||
|
work under this License, and how to view a copy of this License. If
|
||||||
|
the interface presents a list of user commands or options, such as a
|
||||||
|
menu, a prominent item in the list meets this criterion.
|
||||||
|
|
||||||
|
1. Source Code.
|
||||||
|
|
||||||
|
The "source code" for a work means the preferred form of the work
|
||||||
|
for making modifications to it. "Object code" means any non-source
|
||||||
|
form of a work.
|
||||||
|
|
||||||
|
A "Standard Interface" means an interface that either is an official
|
||||||
|
standard defined by a recognized standards body, or, in the case of
|
||||||
|
interfaces specified for a particular programming language, one that
|
||||||
|
is widely used among developers working in that language.
|
||||||
|
|
||||||
|
The "System Libraries" of an executable work include anything, other
|
||||||
|
than the work as a whole, that (a) is included in the normal form of
|
||||||
|
packaging a Major Component, but which is not part of that Major
|
||||||
|
Component, and (b) serves only to enable use of the work with that
|
||||||
|
Major Component, or to implement a Standard Interface for which an
|
||||||
|
implementation is available to the public in source code form. A
|
||||||
|
"Major Component", in this context, means a major essential component
|
||||||
|
(kernel, window system, and so on) of the specific operating system
|
||||||
|
(if any) on which the executable work runs, or a compiler used to
|
||||||
|
produce the work, or an object code interpreter used to run it.
|
||||||
|
|
||||||
|
The "Corresponding Source" for a work in object code form means all
|
||||||
|
the source code needed to generate, install, and (for an executable
|
||||||
|
work) run the object code and to modify the work, including scripts to
|
||||||
|
control those activities. However, it does not include the work's
|
||||||
|
System Libraries, or general-purpose tools or generally available free
|
||||||
|
programs which are used unmodified in performing those activities but
|
||||||
|
which are not part of the work. For example, Corresponding Source
|
||||||
|
includes interface definition files associated with source files for
|
||||||
|
the work, and the source code for shared libraries and dynamically
|
||||||
|
linked subprograms that the work is specifically designed to require,
|
||||||
|
such as by intimate data communication or control flow between those
|
||||||
|
subprograms and other parts of the work.
|
||||||
|
|
||||||
|
The Corresponding Source need not include anything that users
|
||||||
|
can regenerate automatically from other parts of the Corresponding
|
||||||
|
Source.
|
||||||
|
|
||||||
|
The Corresponding Source for a work in source code form is that
|
||||||
|
same work.
|
||||||
|
|
||||||
|
2. Basic Permissions.
|
||||||
|
|
||||||
|
All rights granted under this License are granted for the term of
|
||||||
|
copyright on the Program, and are irrevocable provided the stated
|
||||||
|
conditions are met. This License explicitly affirms your unlimited
|
||||||
|
permission to run the unmodified Program. The output from running a
|
||||||
|
covered work is covered by this License only if the output, given its
|
||||||
|
content, constitutes a covered work. This License acknowledges your
|
||||||
|
rights of fair use or other equivalent, as provided by copyright law.
|
||||||
|
|
||||||
|
You may make, run and propagate covered works that you do not
|
||||||
|
convey, without conditions so long as your license otherwise remains
|
||||||
|
in force. You may convey covered works to others for the sole purpose
|
||||||
|
of having them make modifications exclusively for you, or provide you
|
||||||
|
with facilities for running those works, provided that you comply with
|
||||||
|
the terms of this License in conveying all material for which you do
|
||||||
|
not control copyright. Those thus making or running the covered works
|
||||||
|
for you must do so exclusively on your behalf, under your direction
|
||||||
|
and control, on terms that prohibit them from making any copies of
|
||||||
|
your copyrighted material outside their relationship with you.
|
||||||
|
|
||||||
|
Conveying under any other circumstances is permitted solely under
|
||||||
|
the conditions stated below. Sublicensing is not allowed; section 10
|
||||||
|
makes it unnecessary.
|
||||||
|
|
||||||
|
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||||
|
|
||||||
|
No covered work shall be deemed part of an effective technological
|
||||||
|
measure under any applicable law fulfilling obligations under article
|
||||||
|
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||||
|
similar laws prohibiting or restricting circumvention of such
|
||||||
|
measures.
|
||||||
|
|
||||||
|
When you convey a covered work, you waive any legal power to forbid
|
||||||
|
circumvention of technological measures to the extent such circumvention
|
||||||
|
is effected by exercising rights under this License with respect to
|
||||||
|
the covered work, and you disclaim any intention to limit operation or
|
||||||
|
modification of the work as a means of enforcing, against the work's
|
||||||
|
users, your or third parties' legal rights to forbid circumvention of
|
||||||
|
technological measures.
|
||||||
|
|
||||||
|
4. Conveying Verbatim Copies.
|
||||||
|
|
||||||
|
You may convey verbatim copies of the Program's source code as you
|
||||||
|
receive it, in any medium, provided that you conspicuously and
|
||||||
|
appropriately publish on each copy an appropriate copyright notice;
|
||||||
|
keep intact all notices stating that this License and any
|
||||||
|
non-permissive terms added in accord with section 7 apply to the code;
|
||||||
|
keep intact all notices of the absence of any warranty; and give all
|
||||||
|
recipients a copy of this License along with the Program.
|
||||||
|
|
||||||
|
You may charge any price or no price for each copy that you convey,
|
||||||
|
and you may offer support or warranty protection for a fee.
|
||||||
|
|
||||||
|
5. Conveying Modified Source Versions.
|
||||||
|
|
||||||
|
You may convey a work based on the Program, or the modifications to
|
||||||
|
produce it from the Program, in the form of source code under the
|
||||||
|
terms of section 4, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) The work must carry prominent notices stating that you modified
|
||||||
|
it, and giving a relevant date.
|
||||||
|
|
||||||
|
b) The work must carry prominent notices stating that it is
|
||||||
|
released under this License and any conditions added under section
|
||||||
|
7. This requirement modifies the requirement in section 4 to
|
||||||
|
"keep intact all notices".
|
||||||
|
|
||||||
|
c) You must license the entire work, as a whole, under this
|
||||||
|
License to anyone who comes into possession of a copy. This
|
||||||
|
License will therefore apply, along with any applicable section 7
|
||||||
|
additional terms, to the whole of the work, and all its parts,
|
||||||
|
regardless of how they are packaged. This License gives no
|
||||||
|
permission to license the work in any other way, but it does not
|
||||||
|
invalidate such permission if you have separately received it.
|
||||||
|
|
||||||
|
d) If the work has interactive user interfaces, each must display
|
||||||
|
Appropriate Legal Notices; however, if the Program has interactive
|
||||||
|
interfaces that do not display Appropriate Legal Notices, your
|
||||||
|
work need not make them do so.
|
||||||
|
|
||||||
|
A compilation of a covered work with other separate and independent
|
||||||
|
works, which are not by their nature extensions of the covered work,
|
||||||
|
and which are not combined with it such as to form a larger program,
|
||||||
|
in or on a volume of a storage or distribution medium, is called an
|
||||||
|
"aggregate" if the compilation and its resulting copyright are not
|
||||||
|
used to limit the access or legal rights of the compilation's users
|
||||||
|
beyond what the individual works permit. Inclusion of a covered work
|
||||||
|
in an aggregate does not cause this License to apply to the other
|
||||||
|
parts of the aggregate.
|
||||||
|
|
||||||
|
6. Conveying Non-Source Forms.
|
||||||
|
|
||||||
|
You may convey a covered work in object code form under the terms
|
||||||
|
of sections 4 and 5, provided that you also convey the
|
||||||
|
machine-readable Corresponding Source under the terms of this License,
|
||||||
|
in one of these ways:
|
||||||
|
|
||||||
|
a) Convey the object code in, or embodied in, a physical product
|
||||||
|
(including a physical distribution medium), accompanied by the
|
||||||
|
Corresponding Source fixed on a durable physical medium
|
||||||
|
customarily used for software interchange.
|
||||||
|
|
||||||
|
b) Convey the object code in, or embodied in, a physical product
|
||||||
|
(including a physical distribution medium), accompanied by a
|
||||||
|
written offer, valid for at least three years and valid for as
|
||||||
|
long as you offer spare parts or customer support for that product
|
||||||
|
model, to give anyone who possesses the object code either (1) a
|
||||||
|
copy of the Corresponding Source for all the software in the
|
||||||
|
product that is covered by this License, on a durable physical
|
||||||
|
medium customarily used for software interchange, for a price no
|
||||||
|
more than your reasonable cost of physically performing this
|
||||||
|
conveying of source, or (2) access to copy the
|
||||||
|
Corresponding Source from a network server at no charge.
|
||||||
|
|
||||||
|
c) Convey individual copies of the object code with a copy of the
|
||||||
|
written offer to provide the Corresponding Source. This
|
||||||
|
alternative is allowed only occasionally and noncommercially, and
|
||||||
|
only if you received the object code with such an offer, in accord
|
||||||
|
with subsection 6b.
|
||||||
|
|
||||||
|
d) Convey the object code by offering access from a designated
|
||||||
|
place (gratis or for a charge), and offer equivalent access to the
|
||||||
|
Corresponding Source in the same way through the same place at no
|
||||||
|
further charge. You need not require recipients to copy the
|
||||||
|
Corresponding Source along with the object code. If the place to
|
||||||
|
copy the object code is a network server, the Corresponding Source
|
||||||
|
may be on a different server (operated by you or a third party)
|
||||||
|
that supports equivalent copying facilities, provided you maintain
|
||||||
|
clear directions next to the object code saying where to find the
|
||||||
|
Corresponding Source. Regardless of what server hosts the
|
||||||
|
Corresponding Source, you remain obligated to ensure that it is
|
||||||
|
available for as long as needed to satisfy these requirements.
|
||||||
|
|
||||||
|
e) Convey the object code using peer-to-peer transmission, provided
|
||||||
|
you inform other peers where the object code and Corresponding
|
||||||
|
Source of the work are being offered to the general public at no
|
||||||
|
charge under subsection 6d.
|
||||||
|
|
||||||
|
A separable portion of the object code, whose source code is excluded
|
||||||
|
from the Corresponding Source as a System Library, need not be
|
||||||
|
included in conveying the object code work.
|
||||||
|
|
||||||
|
A "User Product" is either (1) a "consumer product", which means any
|
||||||
|
tangible personal property which is normally used for personal, family,
|
||||||
|
or household purposes, or (2) anything designed or sold for incorporation
|
||||||
|
into a dwelling. In determining whether a product is a consumer product,
|
||||||
|
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||||
|
product received by a particular user, "normally used" refers to a
|
||||||
|
typical or common use of that class of product, regardless of the status
|
||||||
|
of the particular user or of the way in which the particular user
|
||||||
|
actually uses, or expects or is expected to use, the product. A product
|
||||||
|
is a consumer product regardless of whether the product has substantial
|
||||||
|
commercial, industrial or non-consumer uses, unless such uses represent
|
||||||
|
the only significant mode of use of the product.
|
||||||
|
|
||||||
|
"Installation Information" for a User Product means any methods,
|
||||||
|
procedures, authorization keys, or other information required to install
|
||||||
|
and execute modified versions of a covered work in that User Product from
|
||||||
|
a modified version of its Corresponding Source. The information must
|
||||||
|
suffice to ensure that the continued functioning of the modified object
|
||||||
|
code is in no case prevented or interfered with solely because
|
||||||
|
modification has been made.
|
||||||
|
|
||||||
|
If you convey an object code work under this section in, or with, or
|
||||||
|
specifically for use in, a User Product, and the conveying occurs as
|
||||||
|
part of a transaction in which the right of possession and use of the
|
||||||
|
User Product is transferred to the recipient in perpetuity or for a
|
||||||
|
fixed term (regardless of how the transaction is characterized), the
|
||||||
|
Corresponding Source conveyed under this section must be accompanied
|
||||||
|
by the Installation Information. But this requirement does not apply
|
||||||
|
if neither you nor any third party retains the ability to install
|
||||||
|
modified object code on the User Product (for example, the work has
|
||||||
|
been installed in ROM).
|
||||||
|
|
||||||
|
The requirement to provide Installation Information does not include a
|
||||||
|
requirement to continue to provide support service, warranty, or updates
|
||||||
|
for a work that has been modified or installed by the recipient, or for
|
||||||
|
the User Product in which it has been modified or installed. Access to a
|
||||||
|
network may be denied when the modification itself materially and
|
||||||
|
adversely affects the operation of the network or violates the rules and
|
||||||
|
protocols for communication across the network.
|
||||||
|
|
||||||
|
Corresponding Source conveyed, and Installation Information provided,
|
||||||
|
in accord with this section must be in a format that is publicly
|
||||||
|
documented (and with an implementation available to the public in
|
||||||
|
source code form), and must require no special password or key for
|
||||||
|
unpacking, reading or copying.
|
||||||
|
|
||||||
|
7. Additional Terms.
|
||||||
|
|
||||||
|
"Additional permissions" are terms that supplement the terms of this
|
||||||
|
License by making exceptions from one or more of its conditions.
|
||||||
|
Additional permissions that are applicable to the entire Program shall
|
||||||
|
be treated as though they were included in this License, to the extent
|
||||||
|
that they are valid under applicable law. If additional permissions
|
||||||
|
apply only to part of the Program, that part may be used separately
|
||||||
|
under those permissions, but the entire Program remains governed by
|
||||||
|
this License without regard to the additional permissions.
|
||||||
|
|
||||||
|
When you convey a copy of a covered work, you may at your option
|
||||||
|
remove any additional permissions from that copy, or from any part of
|
||||||
|
it. (Additional permissions may be written to require their own
|
||||||
|
removal in certain cases when you modify the work.) You may place
|
||||||
|
additional permissions on material, added by you to a covered work,
|
||||||
|
for which you have or can give appropriate copyright permission.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, for material you
|
||||||
|
add to a covered work, you may (if authorized by the copyright holders of
|
||||||
|
that material) supplement the terms of this License with terms:
|
||||||
|
|
||||||
|
a) Disclaiming warranty or limiting liability differently from the
|
||||||
|
terms of sections 15 and 16 of this License; or
|
||||||
|
|
||||||
|
b) Requiring preservation of specified reasonable legal notices or
|
||||||
|
author attributions in that material or in the Appropriate Legal
|
||||||
|
Notices displayed by works containing it; or
|
||||||
|
|
||||||
|
c) Prohibiting misrepresentation of the origin of that material, or
|
||||||
|
requiring that modified versions of such material be marked in
|
||||||
|
reasonable ways as different from the original version; or
|
||||||
|
|
||||||
|
d) Limiting the use for publicity purposes of names of licensors or
|
||||||
|
authors of the material; or
|
||||||
|
|
||||||
|
e) Declining to grant rights under trademark law for use of some
|
||||||
|
trade names, trademarks, or service marks; or
|
||||||
|
|
||||||
|
f) Requiring indemnification of licensors and authors of that
|
||||||
|
material by anyone who conveys the material (or modified versions of
|
||||||
|
it) with contractual assumptions of liability to the recipient, for
|
||||||
|
any liability that these contractual assumptions directly impose on
|
||||||
|
those licensors and authors.
|
||||||
|
|
||||||
|
All other non-permissive additional terms are considered "further
|
||||||
|
restrictions" within the meaning of section 10. If the Program as you
|
||||||
|
received it, or any part of it, contains a notice stating that it is
|
||||||
|
governed by this License along with a term that is a further
|
||||||
|
restriction, you may remove that term. If a license document contains
|
||||||
|
a further restriction but permits relicensing or conveying under this
|
||||||
|
License, you may add to a covered work material governed by the terms
|
||||||
|
of that license document, provided that the further restriction does
|
||||||
|
not survive such relicensing or conveying.
|
||||||
|
|
||||||
|
If you add terms to a covered work in accord with this section, you
|
||||||
|
must place, in the relevant source files, a statement of the
|
||||||
|
additional terms that apply to those files, or a notice indicating
|
||||||
|
where to find the applicable terms.
|
||||||
|
|
||||||
|
Additional terms, permissive or non-permissive, may be stated in the
|
||||||
|
form of a separately written license, or stated as exceptions;
|
||||||
|
the above requirements apply either way.
|
||||||
|
|
||||||
|
8. Termination.
|
||||||
|
|
||||||
|
You may not propagate or modify a covered work except as expressly
|
||||||
|
provided under this License. Any attempt otherwise to propagate or
|
||||||
|
modify it is void, and will automatically terminate your rights under
|
||||||
|
this License (including any patent licenses granted under the third
|
||||||
|
paragraph of section 11).
|
||||||
|
|
||||||
|
However, if you cease all violation of this License, then your
|
||||||
|
license from a particular copyright holder is reinstated (a)
|
||||||
|
provisionally, unless and until the copyright holder explicitly and
|
||||||
|
finally terminates your license, and (b) permanently, if the copyright
|
||||||
|
holder fails to notify you of the violation by some reasonable means
|
||||||
|
prior to 60 days after the cessation.
|
||||||
|
|
||||||
|
Moreover, your license from a particular copyright holder is
|
||||||
|
reinstated permanently if the copyright holder notifies you of the
|
||||||
|
violation by some reasonable means, this is the first time you have
|
||||||
|
received notice of violation of this License (for any work) from that
|
||||||
|
copyright holder, and you cure the violation prior to 30 days after
|
||||||
|
your receipt of the notice.
|
||||||
|
|
||||||
|
Termination of your rights under this section does not terminate the
|
||||||
|
licenses of parties who have received copies or rights from you under
|
||||||
|
this License. If your rights have been terminated and not permanently
|
||||||
|
reinstated, you do not qualify to receive new licenses for the same
|
||||||
|
material under section 10.
|
||||||
|
|
||||||
|
9. Acceptance Not Required for Having Copies.
|
||||||
|
|
||||||
|
You are not required to accept this License in order to receive or
|
||||||
|
run a copy of the Program. Ancillary propagation of a covered work
|
||||||
|
occurring solely as a consequence of using peer-to-peer transmission
|
||||||
|
to receive a copy likewise does not require acceptance. However,
|
||||||
|
nothing other than this License grants you permission to propagate or
|
||||||
|
modify any covered work. These actions infringe copyright if you do
|
||||||
|
not accept this License. Therefore, by modifying or propagating a
|
||||||
|
covered work, you indicate your acceptance of this License to do so.
|
||||||
|
|
||||||
|
10. Automatic Licensing of Downstream Recipients.
|
||||||
|
|
||||||
|
Each time you convey a covered work, the recipient automatically
|
||||||
|
receives a license from the original licensors, to run, modify and
|
||||||
|
propagate that work, subject to this License. You are not responsible
|
||||||
|
for enforcing compliance by third parties with this License.
|
||||||
|
|
||||||
|
An "entity transaction" is a transaction transferring control of an
|
||||||
|
organization, or substantially all assets of one, or subdividing an
|
||||||
|
organization, or merging organizations. If propagation of a covered
|
||||||
|
work results from an entity transaction, each party to that
|
||||||
|
transaction who receives a copy of the work also receives whatever
|
||||||
|
licenses to the work the party's predecessor in interest had or could
|
||||||
|
give under the previous paragraph, plus a right to possession of the
|
||||||
|
Corresponding Source of the work from the predecessor in interest, if
|
||||||
|
the predecessor has it or can get it with reasonable efforts.
|
||||||
|
|
||||||
|
You may not impose any further restrictions on the exercise of the
|
||||||
|
rights granted or affirmed under this License. For example, you may
|
||||||
|
not impose a license fee, royalty, or other charge for exercise of
|
||||||
|
rights granted under this License, and you may not initiate litigation
|
||||||
|
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||||
|
any patent claim is infringed by making, using, selling, offering for
|
||||||
|
sale, or importing the Program or any portion of it.
|
||||||
|
|
||||||
|
11. Patents.
|
||||||
|
|
||||||
|
A "contributor" is a copyright holder who authorizes use under this
|
||||||
|
License of the Program or a work on which the Program is based. The
|
||||||
|
work thus licensed is called the contributor's "contributor version".
|
||||||
|
|
||||||
|
A contributor's "essential patent claims" are all patent claims
|
||||||
|
owned or controlled by the contributor, whether already acquired or
|
||||||
|
hereafter acquired, that would be infringed by some manner, permitted
|
||||||
|
by this License, of making, using, or selling its contributor version,
|
||||||
|
but do not include claims that would be infringed only as a
|
||||||
|
consequence of further modification of the contributor version. For
|
||||||
|
purposes of this definition, "control" includes the right to grant
|
||||||
|
patent sublicenses in a manner consistent with the requirements of
|
||||||
|
this License.
|
||||||
|
|
||||||
|
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||||
|
patent license under the contributor's essential patent claims, to
|
||||||
|
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||||
|
propagate the contents of its contributor version.
|
||||||
|
|
||||||
|
In the following three paragraphs, a "patent license" is any express
|
||||||
|
agreement or commitment, however denominated, not to enforce a patent
|
||||||
|
(such as an express permission to practice a patent or covenant not to
|
||||||
|
sue for patent infringement). To "grant" such a patent license to a
|
||||||
|
party means to make such an agreement or commitment not to enforce a
|
||||||
|
patent against the party.
|
||||||
|
|
||||||
|
If you convey a covered work, knowingly relying on a patent license,
|
||||||
|
and the Corresponding Source of the work is not available for anyone
|
||||||
|
to copy, free of charge and under the terms of this License, through a
|
||||||
|
publicly available network server or other readily accessible means,
|
||||||
|
then you must either (1) cause the Corresponding Source to be so
|
||||||
|
available, or (2) arrange to deprive yourself of the benefit of the
|
||||||
|
patent license for this particular work, or (3) arrange, in a manner
|
||||||
|
consistent with the requirements of this License, to extend the patent
|
||||||
|
license to downstream recipients. "Knowingly relying" means you have
|
||||||
|
actual knowledge that, but for the patent license, your conveying the
|
||||||
|
covered work in a country, or your recipient's use of the covered work
|
||||||
|
in a country, would infringe one or more identifiable patents in that
|
||||||
|
country that you have reason to believe are valid.
|
||||||
|
|
||||||
|
If, pursuant to or in connection with a single transaction or
|
||||||
|
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||||
|
covered work, and grant a patent license to some of the parties
|
||||||
|
receiving the covered work authorizing them to use, propagate, modify
|
||||||
|
or convey a specific copy of the covered work, then the patent license
|
||||||
|
you grant is automatically extended to all recipients of the covered
|
||||||
|
work and works based on it.
|
||||||
|
|
||||||
|
A patent license is "discriminatory" if it does not include within
|
||||||
|
the scope of its coverage, prohibits the exercise of, or is
|
||||||
|
conditioned on the non-exercise of one or more of the rights that are
|
||||||
|
specifically granted under this License. You may not convey a covered
|
||||||
|
work if you are a party to an arrangement with a third party that is
|
||||||
|
in the business of distributing software, under which you make payment
|
||||||
|
to the third party based on the extent of your activity of conveying
|
||||||
|
the work, and under which the third party grants, to any of the
|
||||||
|
parties who would receive the covered work from you, a discriminatory
|
||||||
|
patent license (a) in connection with copies of the covered work
|
||||||
|
conveyed by you (or copies made from those copies), or (b) primarily
|
||||||
|
for and in connection with specific products or compilations that
|
||||||
|
contain the covered work, unless you entered into that arrangement,
|
||||||
|
or that patent license was granted, prior to 28 March 2007.
|
||||||
|
|
||||||
|
Nothing in this License shall be construed as excluding or limiting
|
||||||
|
any implied license or other defenses to infringement that may
|
||||||
|
otherwise be available to you under applicable patent law.
|
||||||
|
|
||||||
|
12. No Surrender of Others' Freedom.
|
||||||
|
|
||||||
|
If conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot convey a
|
||||||
|
covered work so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you may
|
||||||
|
not convey it at all. For example, if you agree to terms that obligate you
|
||||||
|
to collect a royalty for further conveying from those to whom you convey
|
||||||
|
the Program, the only way you could satisfy both those terms and this
|
||||||
|
License would be to refrain entirely from conveying the Program.
|
||||||
|
|
||||||
|
13. Use with the GNU Affero General Public License.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, you have
|
||||||
|
permission to link or combine any covered work with a work licensed
|
||||||
|
under version 3 of the GNU Affero General Public License into a single
|
||||||
|
combined work, and to convey the resulting work. The terms of this
|
||||||
|
License will continue to apply to the part which is the covered work,
|
||||||
|
but the special requirements of the GNU Affero General Public License,
|
||||||
|
section 13, concerning interaction through a network will apply to the
|
||||||
|
combination as such.
|
||||||
|
|
||||||
|
14. Revised Versions of this License.
|
||||||
|
|
||||||
|
The Free Software Foundation may publish revised and/or new versions of
|
||||||
|
the GNU General Public License from time to time. Such new versions will
|
||||||
|
be similar in spirit to the present version, but may differ in detail to
|
||||||
|
address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the
|
||||||
|
Program specifies that a certain numbered version of the GNU General
|
||||||
|
Public License "or any later version" applies to it, you have the
|
||||||
|
option of following the terms and conditions either of that numbered
|
||||||
|
version or of any later version published by the Free Software
|
||||||
|
Foundation. If the Program does not specify a version number of the
|
||||||
|
GNU General Public License, you may choose any version ever published
|
||||||
|
by the Free Software Foundation.
|
||||||
|
|
||||||
|
If the Program specifies that a proxy can decide which future
|
||||||
|
versions of the GNU General Public License can be used, that proxy's
|
||||||
|
public statement of acceptance of a version permanently authorizes you
|
||||||
|
to choose that version for the Program.
|
||||||
|
|
||||||
|
Later license versions may give you additional or different
|
||||||
|
permissions. However, no additional obligations are imposed on any
|
||||||
|
author or copyright holder as a result of your choosing to follow a
|
||||||
|
later version.
|
||||||
|
|
||||||
|
15. Disclaimer of Warranty.
|
||||||
|
|
||||||
|
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||||
|
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||||
|
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||||
|
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||||
|
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||||
|
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
16. Limitation of Liability.
|
||||||
|
|
||||||
|
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||||
|
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||||
|
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||||
|
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||||
|
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||||
|
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||||
|
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||||
|
SUCH DAMAGES.
|
||||||
|
|
||||||
|
17. Interpretation of Sections 15 and 16.
|
||||||
|
|
||||||
|
If the disclaimer of warranty and limitation of liability provided
|
||||||
|
above cannot be given local legal effect according to their terms,
|
||||||
|
reviewing courts shall apply local law that most closely approximates
|
||||||
|
an absolute waiver of all civil liability in connection with the
|
||||||
|
Program, unless a warranty or assumption of liability accompanies a
|
||||||
|
copy of the Program in return for a fee.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
|
If you develop a new program, and you want it to be of the greatest
|
||||||
|
possible use to the public, the best way to achieve this is to make it
|
||||||
|
free software which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
|
To do so, attach the following notices to the program. It is safest
|
||||||
|
to attach them to the start of each source file to most effectively
|
||||||
|
state the exclusion of warranty; and each file should have at least
|
||||||
|
the "copyright" line and a pointer to where the full notice is found.
|
||||||
|
|
||||||
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
|
Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
|
If the program does terminal interaction, make it output a short
|
||||||
|
notice like this when it starts in an interactive mode:
|
||||||
|
|
||||||
|
n2n Copyright (C) 2007-08 Luca Deri <deri@ntop.org>
|
||||||
|
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
|
This is free software, and you are welcome to redistribute it
|
||||||
|
under certain conditions; type `show c' for details.
|
||||||
|
|
||||||
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
|
parts of the General Public License. Of course, your program's commands
|
||||||
|
might be different; for a GUI interface, you would use an "about box".
|
||||||
|
|
||||||
|
You should also get your employer (if you work as a programmer) or school,
|
||||||
|
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||||
|
For more information on this, and how to apply and follow the GNU GPL, see
|
||||||
|
<http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
The GNU General Public License does not permit incorporating your program
|
||||||
|
into proprietary programs. If your program is a subroutine library, you
|
||||||
|
may consider it more useful to permit linking proprietary applications with
|
||||||
|
the library. If this is what you want to do, use the GNU Lesser General
|
||||||
|
Public License instead of this License. But first, please read
|
||||||
|
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
255
HACKING
Normal file
255
HACKING
Normal file
|
@ -0,0 +1,255 @@
|
||||||
|
file: HACKING
|
||||||
|
|
||||||
|
Last updated: 2010-01-01 09:55 UTC
|
||||||
|
|
||||||
|
--------
|
||||||
|
(C) 2008-2010 - Richard Andrews
|
||||||
|
|
||||||
|
This program and document is free software; you can redistribute
|
||||||
|
it and/or modify it under the terms of the GNU General Public License
|
||||||
|
as published by the Free Software Foundation; either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not see see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
|
--------
|
||||||
|
|
||||||
|
|
||||||
|
This file describes the internals of n2n. Read this before starting to modify
|
||||||
|
the code. Because coding examples may be present in this document it is licensed
|
||||||
|
under the GPL rather than FDL.
|
||||||
|
|
||||||
|
|
||||||
|
SYMMETRIC NAT
|
||||||
|
-------------
|
||||||
|
|
||||||
|
Symmetric NAT is a form of firewall NAT in which an UDP packets are only passed
|
||||||
|
back to an inside host socket when the return packets originate from the outside
|
||||||
|
socket to which the initiating UDP packets were sent. This means that when an
|
||||||
|
inside host sends UDP to some outside socket; other hosts cannot piggyback on
|
||||||
|
this opening in the firewall to send data to the inside host.
|
||||||
|
|
||||||
|
When two inside hosts are both behind symmetric NAT, peer-to-peer packet
|
||||||
|
exchange is not possible via n2n. These hosts will require the supernode to
|
||||||
|
relay packets.
|
||||||
|
|
||||||
|
|
||||||
|
ARP CACHE
|
||||||
|
---------
|
||||||
|
|
||||||
|
n2n makes use of the host operating system's own ARP cache. Each edge node
|
||||||
|
allocates a random MAC address to itself. This MAC is constant for the life of
|
||||||
|
the edge process. ARP packets are passed around as broadcast ethernet packets
|
||||||
|
over n2n and these packets cause the native ARP cache to be updated.
|
||||||
|
|
||||||
|
Edge nodes send gratuitous ARP packets on startup. See GRATUITOUS ARP below.
|
||||||
|
|
||||||
|
|
||||||
|
REGISTRATION AND PEER-TO-PEER COMMUNICATION SETUP
|
||||||
|
-------------------------------------------------
|
||||||
|
|
||||||
|
A and B are edge nodes with public sockets Apub and Bpub; and private network
|
||||||
|
addresses A and B respectively. S is the supernode.
|
||||||
|
|
||||||
|
A sends {REGISTER,Amac} to S. S registers {Amac->Apub}.
|
||||||
|
B sends {REGISTER,Bmac} to S. S registers {Bmac->Bpub}.
|
||||||
|
|
||||||
|
Now ping from A to B.
|
||||||
|
|
||||||
|
A sends broadcast "arp who-has B" to S. S relays the packet to all known edge
|
||||||
|
nodes. B replies "B at Bmac" to supernode which forwards this to A. So now ping
|
||||||
|
A->B is known to be ping Amac(A)->Bmac(B). Note: gratuitous arp also requires
|
||||||
|
discussion.
|
||||||
|
|
||||||
|
In response to receiving the arp reply, Apub sends {REGISTER,Amac} to Bpub. If
|
||||||
|
Bpub receives the request it sends back {REGISTER_ACK,Amac} and also sends its
|
||||||
|
own {REGISTER,Bmac} request.
|
||||||
|
|
||||||
|
In response to receiving the "arp who-has", Bpub sends {REGISTER,Bmac} to Apub.
|
||||||
|
|
||||||
|
Now the OS has received the arp reply and sends ICMP to Bmac(B) via the tunnel
|
||||||
|
on A. A looks up Bmac in the peers list and encapsulates the packet to Bpub or
|
||||||
|
the supernode if the MAC is not found.
|
||||||
|
|
||||||
|
We assume that between two edge nodes, if Bpub receives a packet from Apub then
|
||||||
|
Apub can receive a packet from Bpub. This is the symmetric NAT case. Note: In
|
||||||
|
the symmetric NAT case, the public socket for a MAC address will be different
|
||||||
|
for direct contact when compared to information from the supernode.
|
||||||
|
|
||||||
|
When two edge nodes are both behind symmetric NAT they cannot establish direct
|
||||||
|
communication.
|
||||||
|
|
||||||
|
If A receives {REGISTER,Bmac} from B, A adds {Bmac->Bpub} to its peers list
|
||||||
|
knowing that Bmac is now reachable via that public socket. Similarly if B
|
||||||
|
receives {REGISTER,Amac} from A.
|
||||||
|
|
||||||
|
The supernode never forwards REGISTER messages because the public socket seen by
|
||||||
|
the supervisor for some edge (eg. A) may be different to the socket seen by
|
||||||
|
another edge due to the actions of symmetric NAT (alocating a new public socket
|
||||||
|
for the new outbound UDP "connection").
|
||||||
|
|
||||||
|
|
||||||
|
EDGE REGISTRATION DESIGN AMMENDMENTS (starting from 2008-04-10)
|
||||||
|
------------------------------------
|
||||||
|
|
||||||
|
* Send REGISTER on rx of PACKET or REGISTER only when dest_mac == device MAC
|
||||||
|
(do not send REGISTER on Rx of broadcast packets).
|
||||||
|
* After sending REGISTER add the new peer to pending_peers list; but
|
||||||
|
* Don't send REGISTER to a peer in pending_peers list
|
||||||
|
* Remove old entries from pending_peers at regular intervals
|
||||||
|
* On rx of REGISTER_ACK, move peer from pending_peers to known_peers for direct
|
||||||
|
comms and set last_seen=now
|
||||||
|
* On rx of any packet set last_seen=now in the known_peers entry (if it
|
||||||
|
exists); but do not add a new entry.
|
||||||
|
* If the public socket address for a known_peers entry changes, deleted it and
|
||||||
|
restart registration to the new peer.
|
||||||
|
* Peer sockets provided by the supernode are ignored unless no other entry
|
||||||
|
exists. Direct peer-to-peer sockets are always given more priority as the
|
||||||
|
supernode socket will not be usable for direct contact if the peer is behind
|
||||||
|
symmetric NAT.
|
||||||
|
|
||||||
|
|
||||||
|
The pending_peers list concept is to prevent massive registration traffic when
|
||||||
|
supernode relay is in force - this would occur if REGISTER was sent for every
|
||||||
|
incident packet sent via supernode. Periodic REGISTER attempts will still occur;
|
||||||
|
not for every received packet. In the case where the peer cannot be contacted
|
||||||
|
(eg. both peers behind symmetric NAT), then there will still be periodic
|
||||||
|
attempts. Suggest a pending timeout of about 60 sec.
|
||||||
|
|
||||||
|
A peer is only considered operational for peer-to-peer sending when a
|
||||||
|
REGISTER_ACK is returned. Once operational the peer is kept operational while
|
||||||
|
any direct packet communications are occurring. REGISTER is not required to
|
||||||
|
keep the path open through any firewalls; just some activity in one direction.
|
||||||
|
|
||||||
|
After an idle period; the peer should be deleted from the known_peers list. We
|
||||||
|
should not try to re-register when this time expires. If there is no data to
|
||||||
|
send then forget the peer. This helps scalability.
|
||||||
|
|
||||||
|
If a peer wants to be remembered it can send gratuitous ARP traffic which will
|
||||||
|
keep its entry in the known_peers list of any peers which already have the
|
||||||
|
entry.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
peer = find_by_src_mac( hdr, known_peers ); /* return NULL or entry */
|
||||||
|
|
||||||
|
if ( peer )
|
||||||
|
{
|
||||||
|
peer_last_seen = time(NULL);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if ( ! is_broadcast( hdr ) ) /* ignore broadcasts */
|
||||||
|
{
|
||||||
|
if ( IS_REGISTER_ACK( hdr ) )
|
||||||
|
{
|
||||||
|
/* move from pending to known_peers */
|
||||||
|
set_peer_operational( hdr );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* add to pending and send REGISTER - ignore if in pending. */
|
||||||
|
try_send_register( hdr )
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
(Notes):
|
||||||
|
|
||||||
|
* In testing it was noted that if a symmetric NAT firewall shuts down the UDP
|
||||||
|
association but the known_peers registration is still active, then the peer
|
||||||
|
becomes unreachable until the known_peers registration is deleted. Suggest two
|
||||||
|
ways to mitigate this problem:
|
||||||
|
(a) make the known_peers purge timeout a config paramter;
|
||||||
|
(b) send packets direct and via supernode if the registration is older than
|
||||||
|
eg. 60 sec.
|
||||||
|
|
||||||
|
|
||||||
|
GRATUITOUS ARP
|
||||||
|
--------------
|
||||||
|
|
||||||
|
In addition to the ARP who-has mechanism noted above, two edge nodes can become
|
||||||
|
aware of one another by gratuitous ARP. A gratuitous ARP packet is a broadcast
|
||||||
|
packet sent by a node for no other purpose than to announce its presence and
|
||||||
|
identify its MAC and IP address. Gratuitous ARP packets are to keep ARP caches
|
||||||
|
up to date so contacting the host will be faster after an long idle time.
|
||||||
|
|
||||||
|
|
||||||
|
MAN PAGES
|
||||||
|
---------
|
||||||
|
|
||||||
|
Look at a non-installed man page like this (linux/UNIX):
|
||||||
|
|
||||||
|
nroff -man edge.8 | less
|
||||||
|
|
||||||
|
|
||||||
|
PACKET message FORMAT
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
All message encoding and decoding is contained in wire.c. The PACKET message is
|
||||||
|
of main concern as it is the most frequently transferred as it contains
|
||||||
|
encapsulated ethernet packets.
|
||||||
|
|
||||||
|
Version 2
|
||||||
|
|
||||||
|
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
! Version=2 ! TTL ! Flags !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
4 ! Community :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
8 ! ... Community ... :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
12 ! ... Community ... :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
16 ! ... Community ... !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
20 ! Source MAC Address :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
24 : ! Destination MAC Address :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
28 : !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
32 ! Socket Flags (v=IPv4) ! Destination UDP Port !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
36 ! Destination IPv4 Address !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
40 ! Transform ID !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
44 ! Payload
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
|
||||||
|
So each n2n PACKET has a 44 byte overhead. For a 1500 byte ethernet packet this
|
||||||
|
is roughly 3%.
|
||||||
|
|
||||||
|
Socket flags provides support for IPv6. In this case the PACKET message ends as
|
||||||
|
follows:
|
||||||
|
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
32 ! Socket Flags (v=IPv6) ! Destination UDP Port !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
36 ! Destination IPv6 Address :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
40 : :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
44 : :
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
48 : !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
52 ! Transform ID !
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
56 ! Encapsulated ethernet payload
|
||||||
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||||
|
|
||||||
|
|
||||||
|
-------
|
||||||
|
|
||||||
|
January 2010 - Richard Andrews <andrews@ntop.org>
|
50
INSTALL
Normal file
50
INSTALL
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
INSTALL
|
||||||
|
|
||||||
|
To build the programs:
|
||||||
|
|
||||||
|
$ make
|
||||||
|
|
||||||
|
To install the programs and man pages:
|
||||||
|
|
||||||
|
$ make install
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
$ make PREFIX=/usr/local install
|
||||||
|
|
||||||
|
|
||||||
|
RPM Package
|
||||||
|
-----------
|
||||||
|
|
||||||
|
These steps should work with RPM based Linux distributions since rpmbuild was
|
||||||
|
split from the rpm utility (c RedHat 9).
|
||||||
|
|
||||||
|
|
||||||
|
To build an RPM the easy way follow these steps.
|
||||||
|
|
||||||
|
1. Build SRPM
|
||||||
|
|
||||||
|
$ cd n2n
|
||||||
|
$ scripts/mk_SRPM.sh
|
||||||
|
|
||||||
|
Look for where the src.rpm file was put ( "Wrote:" ).
|
||||||
|
|
||||||
|
2. Build binary RPM from SRPM
|
||||||
|
|
||||||
|
$ rpm -i path/to/n2n-<ver>.src.rpm
|
||||||
|
$ rpmbuild -bb n2n.spec
|
||||||
|
|
||||||
|
|
||||||
|
All this can be done as non-root user if you have a ~/.rpmmacros file with this
|
||||||
|
line in it:
|
||||||
|
|
||||||
|
%_topdir /home/username/rpmtopdir
|
||||||
|
|
||||||
|
|
||||||
|
To build an RPM the hard way follow these steps.
|
||||||
|
|
||||||
|
$ cp -a n2ndir n2n-2.0
|
||||||
|
$ tar czf n2n-2.0.tar.gz n2n-2.0
|
||||||
|
$ mv n2n-2.0.tar.gz /usr/src/redhat/SOURCES
|
||||||
|
$ cp n2ndir/n2n.spec /usr/src/redhat/SPECS
|
||||||
|
$ rpmbuild -bb n2n.spec
|
101
Makefile
Normal file
101
Makefile
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
|
||||||
|
N2N_VERSION=2.1.0
|
||||||
|
N2N_OSNAME=$(shell uname -p)
|
||||||
|
|
||||||
|
########
|
||||||
|
|
||||||
|
CC=gcc
|
||||||
|
DEBUG?=-g3
|
||||||
|
#OPTIMIZATION?=-O2
|
||||||
|
WARN?=-Wall -Wshadow -Wpointer-arith -Wmissing-declarations -Wnested-externs
|
||||||
|
|
||||||
|
#Ultrasparc64 users experiencing SIGBUS should try the following gcc options
|
||||||
|
#(thanks to Robert Gibbon)
|
||||||
|
PLATOPTS_SPARC64=-mcpu=ultrasparc -pipe -fomit-frame-pointer -ffast-math -finline-functions -fweb -frename-registers -mapp-regs
|
||||||
|
|
||||||
|
N2N_DEFINES=
|
||||||
|
N2N_OBJS_OPT=
|
||||||
|
LIBS_EDGE_OPT=
|
||||||
|
|
||||||
|
N2N_OPTION_AES?="yes"
|
||||||
|
#N2N_OPTION_AES=no
|
||||||
|
|
||||||
|
ifeq ($(N2N_OPTION_AES), "yes")
|
||||||
|
N2N_DEFINES+="-DN2N_HAVE_AES"
|
||||||
|
LIBS_EDGE_OPT+=-lcrypto
|
||||||
|
endif
|
||||||
|
|
||||||
|
CFLAGS+=$(DEBUG) $(OPTIMIZATION) $(WARN) $(OPTIONS) $(PLATOPTS) $(N2N_DEFINES)
|
||||||
|
|
||||||
|
INSTALL=install
|
||||||
|
MKDIR=mkdir -p
|
||||||
|
|
||||||
|
INSTALL_PROG=$(INSTALL) -m755
|
||||||
|
INSTALL_DOC=$(INSTALL) -m644
|
||||||
|
|
||||||
|
|
||||||
|
# DESTDIR set in debian make system
|
||||||
|
PREFIX?=$(DESTDIR)/usr
|
||||||
|
#BINDIR=$(PREFIX)/bin
|
||||||
|
SBINDIR=$(PREFIX)/sbin
|
||||||
|
MANDIR?=$(PREFIX)/share/man
|
||||||
|
MAN1DIR=$(MANDIR)/man1
|
||||||
|
MAN7DIR=$(MANDIR)/man7
|
||||||
|
MAN8DIR=$(MANDIR)/man8
|
||||||
|
|
||||||
|
N2N_LIB=n2n.a
|
||||||
|
N2N_OBJS=n2n.o n2n_keyfile.o wire.o minilzo.o twofish.o \
|
||||||
|
transform_null.o transform_tf.o transform_aes.o \
|
||||||
|
tuntap_freebsd.o tuntap_netbsd.o tuntap_linux.o tuntap_osx.o version.o
|
||||||
|
LIBS_EDGE+=$(LIBS_EDGE_OPT)
|
||||||
|
LIBS_SN=
|
||||||
|
|
||||||
|
#For OpenSolaris (Solaris too?)
|
||||||
|
ifeq ($(shell uname), SunOS)
|
||||||
|
LIBS_EDGE+=-lsocket -lnsl
|
||||||
|
LIBS_SN+=-lsocket -lnsl
|
||||||
|
endif
|
||||||
|
|
||||||
|
APPS=edge
|
||||||
|
APPS+=supernode
|
||||||
|
|
||||||
|
DOCS=edge.8.gz supernode.1.gz n2n_v2.7.gz
|
||||||
|
|
||||||
|
all: $(APPS) $(DOCS)
|
||||||
|
|
||||||
|
edge: edge.c $(N2N_LIB) n2n_wire.h n2n.h Makefile
|
||||||
|
$(CC) $(CFLAGS) edge.c $(N2N_LIB) $(LIBS_EDGE) -o edge
|
||||||
|
|
||||||
|
test: test.c $(N2N_LIB) n2n_wire.h n2n.h Makefile
|
||||||
|
$(CC) $(CFLAGS) test.c $(N2N_LIB) $(LIBS_EDGE) -o test
|
||||||
|
|
||||||
|
supernode: sn.c $(N2N_LIB) n2n.h Makefile
|
||||||
|
$(CC) $(CFLAGS) sn.c $(N2N_LIB) $(LIBS_SN) -o supernode
|
||||||
|
|
||||||
|
benchmark: benchmark.c $(N2N_LIB) n2n_wire.h n2n.h Makefile
|
||||||
|
$(CC) $(CFLAGS) benchmark.c $(N2N_LIB) $(LIBS_SN) -o benchmark
|
||||||
|
|
||||||
|
.c.o: n2n.h n2n_keyfile.h n2n_transforms.h n2n_wire.h twofish.h Makefile
|
||||||
|
$(CC) $(CFLAGS) -c $<
|
||||||
|
|
||||||
|
%.gz : %
|
||||||
|
gzip -c $< > $@
|
||||||
|
|
||||||
|
$(N2N_LIB): $(N2N_OBJS)
|
||||||
|
ar rcs $(N2N_LIB) $(N2N_OBJS)
|
||||||
|
# $(RANLIB) $@
|
||||||
|
|
||||||
|
version.o: Makefile
|
||||||
|
$(CC) $(CFLAGS) -DN2N_VERSION='"$(N2N_VERSION)"' -DN2N_OSNAME='"$(N2N_OSNAME)"' -c version.c
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf $(N2N_OBJS) $(N2N_LIB) $(APPS) $(DOCS) test *.dSYM *~
|
||||||
|
|
||||||
|
install: edge supernode edge.8.gz supernode.1.gz n2n_v2.7.gz
|
||||||
|
echo "MANDIR=$(MANDIR)"
|
||||||
|
$(MKDIR) $(SBINDIR) $(MAN1DIR) $(MAN7DIR) $(MAN8DIR)
|
||||||
|
$(INSTALL_PROG) supernode $(SBINDIR)/
|
||||||
|
$(INSTALL_PROG) edge $(SBINDIR)/
|
||||||
|
$(INSTALL_DOC) edge.8.gz $(MAN8DIR)/
|
||||||
|
$(INSTALL_DOC) supernode.1.gz $(MAN1DIR)/
|
||||||
|
$(INSTALL_DOC) n2n_v2.7.gz $(MAN7DIR)/
|
6
NEW_FEATURES.txt
Normal file
6
NEW_FEATURES.txt
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
|
||||||
|
Between 2.0.x and 2.1.x
|
||||||
|
|
||||||
|
* Better ming Windows build support.
|
||||||
|
* Added -E flag to allow multicast ethernet traffic.
|
||||||
|
|
112
README.md
Normal file
112
README.md
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
|
||||||
|
|
||||||
|
Edge node
|
||||||
|
---------
|
||||||
|
|
||||||
|
You need to start an edge node on each host you want to connect with the *same*
|
||||||
|
community.
|
||||||
|
|
||||||
|
0. become root
|
||||||
|
|
||||||
|
1. create tun device
|
||||||
|
# tunctl -t tun0
|
||||||
|
|
||||||
|
3. enable the edge process
|
||||||
|
# ./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw
|
||||||
|
or
|
||||||
|
# N2N_KEY=encryptme ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw
|
||||||
|
|
||||||
|
Once you have this worked out, you can add the "-f" option to make edge detach
|
||||||
|
and run as a daemon.
|
||||||
|
|
||||||
|
Note that -u, -g and -f options are not available for Windows.
|
||||||
|
|
||||||
|
Supernode
|
||||||
|
--------
|
||||||
|
|
||||||
|
You need to start the supernode once
|
||||||
|
|
||||||
|
1. ./supernode -l 1234 -v
|
||||||
|
|
||||||
|
|
||||||
|
Dropping Root Privileges and SUID-Root Executables (UNIX)
|
||||||
|
--------------------------------------------------
|
||||||
|
|
||||||
|
The edge node uses superuser privileges to create a TAP network interface
|
||||||
|
device. Once this is created root privileges are not required and can constitute
|
||||||
|
a security hazard if there is some way for an attacker to take control of an
|
||||||
|
edge process while it is running. Edge will drop to a non-privileged user if you
|
||||||
|
specify the -u <uid> and -g <gid> options. These are numeric IDs. Consult
|
||||||
|
/etc/passwd.
|
||||||
|
|
||||||
|
You may choose to install edge SUID-root to do this:
|
||||||
|
|
||||||
|
1. Become root
|
||||||
|
2. chown root:root edge
|
||||||
|
3. chmod +s edge
|
||||||
|
done
|
||||||
|
|
||||||
|
Any user can now run edge. You may not want this, but it may be convenient and
|
||||||
|
safe if your host has only one login user.
|
||||||
|
|
||||||
|
|
||||||
|
Running As a Daemon (UNIX)
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
Unless given "-f" as a command line option, edge will call daemon(3) after
|
||||||
|
successful setup. This causes the process to fork a child which closes stdin,
|
||||||
|
stdout and stderr then sets itself as process group leader. When this is done,
|
||||||
|
the edge command returns immediately and you will only see the edge process in
|
||||||
|
the process listings, eg. from ps or top.
|
||||||
|
|
||||||
|
If the edge command returns 0 then the daemon started successfully. If it
|
||||||
|
returns non-zero then edge failed to start up for some reason. When edge starts
|
||||||
|
running as a daemon, all logging goes to syslog daemon.info facility.
|
||||||
|
|
||||||
|
|
||||||
|
IPv6 Support
|
||||||
|
------------
|
||||||
|
|
||||||
|
n2n supports the carriage of IPv6 packets within the n2n tunnel. N2n does not
|
||||||
|
yet use IPv6 for transport between edges and supernodes.
|
||||||
|
|
||||||
|
To make IPv6 carriage work you need to manually add IPv6 addresses to the TAP
|
||||||
|
interfaces at each end. There is currently no way to specify an IPv6 address on
|
||||||
|
the edge command line.
|
||||||
|
|
||||||
|
eg. under linux:
|
||||||
|
|
||||||
|
on hostA:
|
||||||
|
[hostA] # /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0
|
||||||
|
|
||||||
|
on hostB:
|
||||||
|
[hostB] # /sbin/ip -6 addr add fc00:abcd:1234::6/48 dev n2n0
|
||||||
|
|
||||||
|
You may find it useful to make use of tunctl from the uml-utilities
|
||||||
|
package. Tunctl allow you to bring up a TAP interface and configure addressing
|
||||||
|
prior to starting edge. It also allows edge to be restarted without the
|
||||||
|
interface closing (which would normally affect routing tables).
|
||||||
|
|
||||||
|
Once the IPv6 addresses are configured and edge started, IPv6 neighbor discovery
|
||||||
|
packets flow (get broadcast) and IPv6 entities self arrange. Test your IPv6
|
||||||
|
setup with ping6 - the IPv6 ping command.
|
||||||
|
|
||||||
|
|
||||||
|
Performance Notes
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
The time taken to perform a ping test for various ciphers is given below:
|
||||||
|
|
||||||
|
Test: ping -f -l 8 -s 800 -c 10000 <far_edge>
|
||||||
|
|
||||||
|
AES (-O0) 11820
|
||||||
|
TF (-O0) 25761
|
||||||
|
|
||||||
|
TF (-O2) 20554
|
||||||
|
|
||||||
|
AES (-O3) 12532
|
||||||
|
TF (-O3) 14046
|
||||||
|
NULL (-O3) 10659
|
||||||
|
|
||||||
|
(C) 2007-2010 - Luca Deri <deri@ntop.org>, Richard Andrews <andrews@ntop.org>
|
||||||
|
(C) 2016 - ntop
|
110
benchmark.c
Normal file
110
benchmark.c
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
#include "n2n_wire.h"
|
||||||
|
#include "n2n_transforms.h"
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
#include <sys/time.h>
|
||||||
|
#include <time.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
uint8_t PKT_CONTENT[]={
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
|
||||||
|
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 };
|
||||||
|
|
||||||
|
/* Prototypes */
|
||||||
|
static ssize_t do_encode_packet( uint8_t * pktbuf, size_t bufsize, const n2n_community_t c );
|
||||||
|
|
||||||
|
int main( int argc, char * argv[] )
|
||||||
|
{
|
||||||
|
uint8_t pktbuf[N2N_PKT_BUF_SIZE];
|
||||||
|
n2n_trans_op_t transop_null;
|
||||||
|
|
||||||
|
n2n_common_t cmn;
|
||||||
|
n2n_PACKET_t pkt;
|
||||||
|
n2n_community_t c;
|
||||||
|
|
||||||
|
struct timeval t1;
|
||||||
|
struct timeval t2;
|
||||||
|
|
||||||
|
size_t i;
|
||||||
|
size_t n;
|
||||||
|
size_t idx;
|
||||||
|
size_t rem;
|
||||||
|
ssize_t nw;
|
||||||
|
ssize_t tdiff;
|
||||||
|
|
||||||
|
transop_null_init( &transop_null );
|
||||||
|
memset(c,0,sizeof(N2N_COMMUNITY_SIZE));
|
||||||
|
|
||||||
|
n=10000;
|
||||||
|
memcpy( c, "abc123def456", 12 );
|
||||||
|
|
||||||
|
gettimeofday( &t1, NULL );
|
||||||
|
for(i=0; i<n; ++i)
|
||||||
|
{
|
||||||
|
nw = do_encode_packet( pktbuf, N2N_PKT_BUF_SIZE, c);
|
||||||
|
|
||||||
|
nw += transop_null.fwd( &transop_null,
|
||||||
|
pktbuf+nw, N2N_PKT_BUF_SIZE-nw,
|
||||||
|
PKT_CONTENT, sizeof(PKT_CONTENT) );
|
||||||
|
|
||||||
|
idx=0;
|
||||||
|
rem=nw;
|
||||||
|
|
||||||
|
decode_common( &cmn, pktbuf, &rem, &idx);
|
||||||
|
decode_PACKET( &pkt, &cmn, pktbuf, &rem, &idx );
|
||||||
|
|
||||||
|
if ( 0 == (i%1000) )
|
||||||
|
{
|
||||||
|
fprintf(stderr,".");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
gettimeofday( &t2, NULL );
|
||||||
|
|
||||||
|
tdiff = ((t2.tv_sec - t1.tv_sec) * 1000000) + (t2.tv_usec - t1.tv_usec);
|
||||||
|
|
||||||
|
fprintf( stderr, "\nrun %u times. (%u -> %u nsec each) %u.%06u -> %u.%06u.\n", i, tdiff, (tdiff *1000)/i, (uint32_t)t1.tv_sec, (uint32_t)t1.tv_usec, (uint32_t)t2.tv_sec, (uint32_t)t2.tv_usec );
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static ssize_t do_encode_packet( uint8_t * pktbuf, size_t bufsize, const n2n_community_t c )
|
||||||
|
{
|
||||||
|
n2n_mac_t destMac={0,1,2,3,4,5};
|
||||||
|
n2n_common_t cmn;
|
||||||
|
n2n_PACKET_t pkt;
|
||||||
|
size_t idx;
|
||||||
|
|
||||||
|
|
||||||
|
memset( &cmn, 0, sizeof(cmn) );
|
||||||
|
cmn.ttl = N2N_DEFAULT_TTL;
|
||||||
|
cmn.pc = n2n_packet;
|
||||||
|
cmn.flags=0; /* no options, not from supernode, no socket */
|
||||||
|
memcpy( cmn.community, c, N2N_COMMUNITY_SIZE );
|
||||||
|
|
||||||
|
memset( &pkt, 0, sizeof(pkt) );
|
||||||
|
memcpy( pkt.srcMac, destMac, N2N_MAC_SIZE);
|
||||||
|
memcpy( pkt.dstMac, destMac, N2N_MAC_SIZE);
|
||||||
|
|
||||||
|
pkt.sock.family=0; /* do not encode sock */
|
||||||
|
|
||||||
|
idx=0;
|
||||||
|
encode_PACKET( pktbuf, &idx, &cmn, &pkt );
|
||||||
|
traceEvent( TRACE_DEBUG, "encoded PACKET header of size=%u", (unsigned int)idx );
|
||||||
|
|
||||||
|
return idx;
|
||||||
|
}
|
7
debian/README.Debian
vendored
Normal file
7
debian/README.Debian
vendored
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
n2n for Debian
|
||||||
|
--------------
|
||||||
|
|
||||||
|
This package depends on the kernel having the TUN/TAP driver configured in using
|
||||||
|
CONFIG_TUN=yes.
|
||||||
|
|
||||||
|
-- Richard Andrews <andrews@ntop.org> Thu, 10 Jul 2008 22:38:02 +1000
|
27
debian/changelog
vendored
Normal file
27
debian/changelog
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
n2n (2.1.0-1) unstable; urgency=low
|
||||||
|
|
||||||
|
* Split package in two.
|
||||||
|
* Move manpage for edge to section 8.
|
||||||
|
* Install manpage for n2n_v2 to section 7.
|
||||||
|
* Create init.d files for the daemons.
|
||||||
|
|
||||||
|
-- Kim Hansen <kim@i9.dk> Sun, 04 Apr 2010 21:40:46 +0200
|
||||||
|
|
||||||
|
n2n (2.0-1) hardy; urgency=low
|
||||||
|
|
||||||
|
* New upstream release
|
||||||
|
|
||||||
|
-- Richard Andrews <andrews@ntop.org> Tue, 30 Oct 2009 22:26:04 +1100
|
||||||
|
|
||||||
|
n2n (1.3-1) hardy; urgency=low
|
||||||
|
|
||||||
|
* New upstream release
|
||||||
|
|
||||||
|
-- Richard Andrews <andrews@ntop.org> Fri, 30 Jan 2009 23:49:56 +1100
|
||||||
|
|
||||||
|
n2n (1.2-1) unstable; urgency=low
|
||||||
|
|
||||||
|
* Initial release
|
||||||
|
|
||||||
|
-- Richard Andrews <andrews@ntop.org> Thu, 10 Jul 2008 22:38:02 +1000
|
||||||
|
|
1
debian/compat
vendored
Normal file
1
debian/compat
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
5
|
51
debian/control
vendored
Normal file
51
debian/control
vendored
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
Source: n2n
|
||||||
|
Section: net
|
||||||
|
Priority: extra
|
||||||
|
Maintainer: Jean-Baptiste Denis <jeanbaptiste.denis@gmail.com>
|
||||||
|
Build-Depends: cdbs, debhelper (>= 5), libc6-dev (>= 2.0), dpatch, gcc, libssl-dev
|
||||||
|
Standards-Version: 3.7.2
|
||||||
|
|
||||||
|
Package: n2n
|
||||||
|
Architecture: any
|
||||||
|
Depends: n2n-edge, n2n-supernode
|
||||||
|
Description: dummy package for transition purposes
|
||||||
|
A dummy package for transition purposes that depends on n2n-edge and
|
||||||
|
n2n-supernode
|
||||||
|
|
||||||
|
Package: n2n-edge
|
||||||
|
Architecture: any
|
||||||
|
Suggests: uml-utilities
|
||||||
|
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||||
|
Conflicts: n2n (<< 2.1.0-1)
|
||||||
|
Replaces: n2n (<< 2.1.0-1)
|
||||||
|
Description: a layer-two peer-to-peer virtual private network (VPN)
|
||||||
|
n2n is a layer-two peer-to-peer virtual private network (VPN) which allows
|
||||||
|
users to exploit features typical of P2P applications at network instead of
|
||||||
|
application level. This means that users can gain native IP visibility (e.g.
|
||||||
|
two PCs belonging to the same n2n network can ping each other) and be
|
||||||
|
reachable with the same network IP address regardless of the network where
|
||||||
|
they currently belong. In a nutshell, as OpenVPN moved SSL from application
|
||||||
|
(e.g. used to implement the https protocol) to network protocol, n2n moves
|
||||||
|
P2P from application to network level.
|
||||||
|
.
|
||||||
|
Edge is the edge node daemon for n2n which creates a TAP interface to expose
|
||||||
|
the n2n virtual LAN.
|
||||||
|
|
||||||
|
Package: n2n-supernode
|
||||||
|
Architecture: any
|
||||||
|
Suggests: n2n-edge
|
||||||
|
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||||
|
Conflicts: n2n (<< 2.1.0-1)
|
||||||
|
Replaces: n2n (<< 2.1.0-1)
|
||||||
|
Description: a layer-two peer-to-peer virtual private network (VPN)
|
||||||
|
n2n is a layer-two peer-to-peer virtual private network (VPN) which allows
|
||||||
|
users to exploit features typical of P2P applications at network instead of
|
||||||
|
application level. This means that users can gain native IP visibility (e.g.
|
||||||
|
two PCs belonging to the same n2n network can ping each other) and be
|
||||||
|
reachable with the same network IP address regardless of the network where
|
||||||
|
they currently belong. In a nutshell, as OpenVPN moved SSL from application
|
||||||
|
(e.g. used to implement the https protocol) to network protocol, n2n moves
|
||||||
|
P2P from application to network level.
|
||||||
|
.
|
||||||
|
Supernode is a node introduction registry, broadcast conduit and packet relay
|
||||||
|
node for the n2n system.
|
23
debian/copyright
vendored
Normal file
23
debian/copyright
vendored
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
This package was debianized by Jean-Baptiste Denis <jeanbaptiste.denis@gmail.com> on
|
||||||
|
Thu, 20 Nov 2008 23:53:02 +1000.
|
||||||
|
|
||||||
|
It was downloaded from http://www.ntop.org/n2n/
|
||||||
|
|
||||||
|
Upstream Author(s):
|
||||||
|
|
||||||
|
Luca Deri <deri@ntop.org>
|
||||||
|
Richard Andrews <andrews@ntop.org>
|
||||||
|
|
||||||
|
Copyright:
|
||||||
|
|
||||||
|
Copyright (C) 2008 Luca Deri
|
||||||
|
Copyright (C) 2008 Richard Andrews
|
||||||
|
|
||||||
|
License:
|
||||||
|
|
||||||
|
GPLv3
|
||||||
|
|
||||||
|
The Debian packaging is (C) 2008, Richard Andrews <andrews@ntop.org>,
|
||||||
|
Luca Deri <deri@ntop.org> and is licensed under the GPLv3, see
|
||||||
|
`/usr/share/common-licenses/GPL-3'.
|
||||||
|
|
21
debian/n2n-edge.default
vendored
Normal file
21
debian/n2n-edge.default
vendored
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Config file for the n2n edge node daemon.
|
||||||
|
|
||||||
|
# Sets the n2n community name. All edges within the same community appear on
|
||||||
|
# the same LAN (layer 2 network segment). Community name is 16 bytes in length.
|
||||||
|
N2N_COMMUNITY="MyCommunityName"
|
||||||
|
|
||||||
|
# Sets the twofish encryption key from ASCII text. All edges communicating must
|
||||||
|
# use the same key and community name.
|
||||||
|
N2N_KEY="MySecretCode"
|
||||||
|
|
||||||
|
# Sets the n2n supernode IP address to register to.
|
||||||
|
N2N_SUPERNODE="gw1.example.com"
|
||||||
|
|
||||||
|
# Sets the n2n virtual LAN IP address being claimed. This is a private IP
|
||||||
|
# address. All IP addresses in an n2n community typical belong to the same /24
|
||||||
|
# net‐ work (ie. only the last octet of the IP addresses varies).
|
||||||
|
N2N_IP="10.10.10.11"
|
||||||
|
|
||||||
|
# Uncomment this to get edge node started.
|
||||||
|
#N2N_EDGE_CONFIG_DONE="yes"
|
||||||
|
|
1
debian/n2n-edge.docs
vendored
Normal file
1
debian/n2n-edge.docs
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
README
|
129
debian/n2n-edge.init
vendored
Executable file
129
debian/n2n-edge.init
vendored
Executable file
|
@ -0,0 +1,129 @@
|
||||||
|
#! /bin/bash
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: n2n-edge
|
||||||
|
# Required-Start: $remote_fs $syslog
|
||||||
|
# Required-Stop: $remote_fs $syslog
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: n2n-edge
|
||||||
|
# Description: Start n2n edge node daemon
|
||||||
|
### END INIT INFO
|
||||||
|
|
||||||
|
# Init script for n2n edge node
|
||||||
|
# Copyright (C) 2010 Kim Hansen <kim@i9.dk>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# Do NOT "set -e"
|
||||||
|
|
||||||
|
# PATH should only include /usr/* if it runs after the mountnfs.sh script
|
||||||
|
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||||
|
DESC="n2n edge"
|
||||||
|
NAME=n2n-edge
|
||||||
|
DAEMON=/usr/sbin/edge
|
||||||
|
SCRIPTNAME=/etc/init.d/$NAME
|
||||||
|
|
||||||
|
# Exit if the package is not installed
|
||||||
|
[ -x "$DAEMON" ] || exit 0
|
||||||
|
|
||||||
|
# Read configuration variable file if it is present
|
||||||
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||||
|
|
||||||
|
# Check config
|
||||||
|
if [ -z "$N2N_EDGE_CONFIG_DONE" ]
|
||||||
|
then
|
||||||
|
echo "Warning: n2n-edge not configured, edit config file in /etc/default/$NAME." 1>&2
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Load the VERBOSE setting and other rcS variables
|
||||||
|
. /lib/init/vars.sh
|
||||||
|
|
||||||
|
# Define LSB log_* functions.
|
||||||
|
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
#
|
||||||
|
# Function that starts the daemon/service
|
||||||
|
#
|
||||||
|
do_start()
|
||||||
|
{
|
||||||
|
# Return
|
||||||
|
# 0 if daemon has been started
|
||||||
|
# 1 if daemon was already running
|
||||||
|
# 2 if daemon could not be started
|
||||||
|
start-stop-daemon --start --quiet --user nobody --exec $DAEMON --test \
|
||||||
|
|| return 1
|
||||||
|
export N2N_KEY
|
||||||
|
start-stop-daemon --start --quiet --user nobody --exec $DAEMON -- \
|
||||||
|
-a $N2N_IP -c $N2N_COMMUNITY -l $N2N_SUPERNODE:7654 -u $(id -u nobody) -g $(id -g nobody) \
|
||||||
|
$DAEMON_ARGS \
|
||||||
|
|| return 2
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Function that stops the daemon/service
|
||||||
|
#
|
||||||
|
do_stop()
|
||||||
|
{
|
||||||
|
# Return
|
||||||
|
# 0 if daemon has been stopped
|
||||||
|
# 1 if daemon was already stopped
|
||||||
|
# 2 if daemon could not be stopped
|
||||||
|
# other if a failure occurred
|
||||||
|
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user nobody --exec $DAEMON
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
|
||||||
|
do_start
|
||||||
|
case "$?" in
|
||||||
|
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||||
|
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
|
||||||
|
do_stop
|
||||||
|
case "$?" in
|
||||||
|
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||||
|
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
restart|force-reload)
|
||||||
|
log_daemon_msg "Restarting $DESC" "$NAME"
|
||||||
|
do_stop
|
||||||
|
case "$?" in
|
||||||
|
0|1)
|
||||||
|
do_start
|
||||||
|
case "$?" in
|
||||||
|
0) log_end_msg 0 ;;
|
||||||
|
1) log_end_msg 1 ;; # Old process is still running
|
||||||
|
*) log_end_msg 1 ;; # Failed to start
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# Failed to stop
|
||||||
|
log_end_msg 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
|
||||||
|
exit 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
true # Set exit status to 0 (succes)
|
1
debian/n2n-edge.install
vendored
Normal file
1
debian/n2n-edge.install
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
edge /usr/sbin
|
2
debian/n2n-edge.manpages
vendored
Normal file
2
debian/n2n-edge.manpages
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
edge.8
|
||||||
|
n2n_v2.7
|
121
debian/n2n-supernode.init
vendored
Executable file
121
debian/n2n-supernode.init
vendored
Executable file
|
@ -0,0 +1,121 @@
|
||||||
|
#! /bin/sh
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: n2n-supernode
|
||||||
|
# Required-Start: $remote_fs $syslog
|
||||||
|
# Required-Stop: $remote_fs $syslog
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: n2n-supernode
|
||||||
|
# Description: Start n2n supernode
|
||||||
|
### END INIT INFO
|
||||||
|
|
||||||
|
# Init script for n2n supernode
|
||||||
|
# Copyright (C) 2010 Kim Hansen <kim@i9.dk>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# Do NOT "set -e"
|
||||||
|
|
||||||
|
# PATH should only include /usr/* if it runs after the mountnfs.sh script
|
||||||
|
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||||
|
DESC="n2n supernode"
|
||||||
|
NAME=n2n-supernode
|
||||||
|
DAEMON=/usr/sbin/supernode
|
||||||
|
DAEMON_ARGS=""
|
||||||
|
SCRIPTNAME=/etc/init.d/$NAME
|
||||||
|
|
||||||
|
# Exit if the package is not installed
|
||||||
|
[ -x "$DAEMON" ] || exit 0
|
||||||
|
|
||||||
|
# Read configuration variable file if it is present
|
||||||
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||||
|
|
||||||
|
# Load the VERBOSE setting and other rcS variables
|
||||||
|
. /lib/init/vars.sh
|
||||||
|
|
||||||
|
# Define LSB log_* functions.
|
||||||
|
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
#
|
||||||
|
# Function that starts the daemon/service
|
||||||
|
#
|
||||||
|
do_start()
|
||||||
|
{
|
||||||
|
# Return
|
||||||
|
# 0 if daemon has been started
|
||||||
|
# 1 if daemon was already running
|
||||||
|
# 2 if daemon could not be started
|
||||||
|
start-stop-daemon --start --quiet --user nobody --exec $DAEMON --test \
|
||||||
|
|| return 1
|
||||||
|
start-stop-daemon --start --quiet --user nobody --chuid nobody --exec $DAEMON -- \
|
||||||
|
$DAEMON_ARGS \
|
||||||
|
|| return 2
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Function that stops the daemon/service
|
||||||
|
#
|
||||||
|
do_stop()
|
||||||
|
{
|
||||||
|
# Return
|
||||||
|
# 0 if daemon has been stopped
|
||||||
|
# 1 if daemon was already stopped
|
||||||
|
# 2 if daemon could not be stopped
|
||||||
|
# other if a failure occurred
|
||||||
|
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user nobody --exec $DAEMON
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
|
||||||
|
do_start
|
||||||
|
case "$?" in
|
||||||
|
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||||
|
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
|
||||||
|
do_stop
|
||||||
|
case "$?" in
|
||||||
|
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||||
|
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
restart|force-reload)
|
||||||
|
log_daemon_msg "Restarting $DESC" "$NAME"
|
||||||
|
do_stop
|
||||||
|
case "$?" in
|
||||||
|
0|1)
|
||||||
|
do_start
|
||||||
|
case "$?" in
|
||||||
|
0) log_end_msg 0 ;;
|
||||||
|
1) log_end_msg 1 ;; # Old process is still running
|
||||||
|
*) log_end_msg 1 ;; # Failed to start
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# Failed to stop
|
||||||
|
log_end_msg 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
|
||||||
|
exit 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
true # Set exit status to 0 (succes)
|
1
debian/n2n-supernode.install
vendored
Normal file
1
debian/n2n-supernode.install
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
supernode /usr/sbin
|
1
debian/n2n-supernode.manpages
vendored
Normal file
1
debian/n2n-supernode.manpages
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
supernode.1
|
5
debian/rules
vendored
Executable file
5
debian/rules
vendored
Executable file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/usr/bin/make -f
|
||||||
|
|
||||||
|
include /usr/share/cdbs/1/rules/debhelper.mk
|
||||||
|
include /usr/share/cdbs/1/class/makefile.mk
|
||||||
|
|
208
edge.8
Normal file
208
edge.8
Normal file
|
@ -0,0 +1,208 @@
|
||||||
|
.TH edge 8 "17 Mar 2010" "n2n-2.1" "SUPERUSER COMMANDS"
|
||||||
|
.SH NAME
|
||||||
|
edge \- n2n edge node daemon
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B edge
|
||||||
|
[\-d <tun device>] \-a <tun IP address> \-c <community> {\-k <encrypt key>|\-K <keyfile>}
|
||||||
|
[\-s <netmask>] \-l <supernode host:port>
|
||||||
|
[\-p <local port>] [\-u <UID>] [\-g <GID>] [-f] [\-m <MAC address>] [\-r] [\-v]
|
||||||
|
.SH DESCRIPTION
|
||||||
|
N2N is a peer-to-peer VPN system. Edge is the edge node daemon for n2n which
|
||||||
|
creates a TAP interface to expose the n2n virtual LAN. On startup n2n creates
|
||||||
|
the TAP interface and configures it then registers with the supernode so it can
|
||||||
|
begin to find other nodes in the community.
|
||||||
|
.PP
|
||||||
|
.SH OPTIONS
|
||||||
|
.TP
|
||||||
|
\-d <name>
|
||||||
|
sets the TAP device name as seen in ifconfig. Only available on Linux.
|
||||||
|
.TP
|
||||||
|
\-a {<addr>|static:<addr>|dhcp:0.0.0.0}
|
||||||
|
sets the n2n virtual LAN IP address being claimed. This is a private IP
|
||||||
|
address. All IP addresses in an n2n community typical belong to the same /24
|
||||||
|
network (ie. only the last octet of the IP addresses varies). If DHCP is used to
|
||||||
|
assign interface addresses then specify the address as
|
||||||
|
.B -a dhcp:0.0.0.0
|
||||||
|
.TP
|
||||||
|
\-b
|
||||||
|
cause edge to perform hostname resolution for the supernode address each time
|
||||||
|
the supernode is periodically contacted. This can cause reliability problems
|
||||||
|
because all packet processing stops while the supernode address is resolved
|
||||||
|
which might take 15 seconds.
|
||||||
|
.TP
|
||||||
|
\-c <community>
|
||||||
|
sets the n2n community name. All edges within the same community appear on the
|
||||||
|
same LAN (layer 2 network segment). Community name is 16 bytes in length. A name
|
||||||
|
smaller than this is padded with 0x00 bytes and a name longer than this is
|
||||||
|
truncated to take the first 16 bytes.
|
||||||
|
.TP
|
||||||
|
\-h
|
||||||
|
write usage then exit.
|
||||||
|
.TP
|
||||||
|
\-k <keystring>
|
||||||
|
sets the twofish encryption key from ASCII text (see also N2N_KEY in
|
||||||
|
ENVIRONMENT). All edges communicating must use the same key and community
|
||||||
|
name. If neither -k nor -K is used to specify a key source then edge uses
|
||||||
|
cleartext mode (no encryption). The -k and -K options are mutually exclusive.
|
||||||
|
.TP
|
||||||
|
\-K <keyfile>
|
||||||
|
Reads a key-schedule file <keyfile> and populates the internal transform
|
||||||
|
operations with the data found there. This mechanism allows keys to roll at
|
||||||
|
pre-determined times for a group of hosts. Accurate time synchronisation is not
|
||||||
|
required as older keys can be decoded for some time after expiry. If neither -k
|
||||||
|
nor -K is used to specify a key source then edge uses cleartext mode (no
|
||||||
|
encryption). The -k and -K options are mutually exclusive.
|
||||||
|
.TP
|
||||||
|
\-l <addr>:<port>
|
||||||
|
sets the n2n supernode IP address and port to register to. Up to 2 supernodes
|
||||||
|
can be specified by two invocations of -l <addr>:<port>. eg.
|
||||||
|
.B edge -l 12.34.56.78:7654 -l 98.76.54.32:7654
|
||||||
|
.
|
||||||
|
.TP
|
||||||
|
\-p <num>
|
||||||
|
binds edge to the given UDP port. Useful for keeping the same external socket
|
||||||
|
across restarts of edge. This allows peer edges which know the edge socket to
|
||||||
|
continue p2p operation without going back to the supernode.
|
||||||
|
.TP
|
||||||
|
\-t <num>
|
||||||
|
binds the edge management system to the given UDP port. Default 5644. Use this
|
||||||
|
if you need to run multiple instance of edge; or something is bound to that
|
||||||
|
port.
|
||||||
|
.TP
|
||||||
|
\-u <uid>
|
||||||
|
causes the edge process to drop to the given user ID when privileges are no
|
||||||
|
longer required (UNIX).
|
||||||
|
.TP
|
||||||
|
\-g <gid>
|
||||||
|
causes the edge process to drop to the given group ID when privileges are no
|
||||||
|
longer required (UNIX).
|
||||||
|
.TP
|
||||||
|
\-f
|
||||||
|
disables daemon mode (UNIX) and causes edge to run in the foreground.
|
||||||
|
.TP
|
||||||
|
\-m <MAC>
|
||||||
|
start the TAP interface with the given MAC address. This is highly recommended
|
||||||
|
as it means the same address will be used if edge stops and restarts. If this is
|
||||||
|
not done, the ARP caches of all peers will be wrong and packets will not flow to
|
||||||
|
this edge until the next ARP refresh.
|
||||||
|
.TP
|
||||||
|
\-M <MTU>
|
||||||
|
set the MTU of the edge interface in bytes. MTU is the largest packet fragment
|
||||||
|
size allowed to be moved throught the interface. The default is 1400.
|
||||||
|
.TP
|
||||||
|
\-s <netmask>
|
||||||
|
set the netmask of edge interface in IPv4 dotted decimal notation. The default
|
||||||
|
is 255.255.255.0 (ie. /24).
|
||||||
|
.TP
|
||||||
|
\-r
|
||||||
|
enable IP packet forwarding/routing through the n2n virtual LAN. Without this
|
||||||
|
option, IP packets arriving over n2n are dropped if not for the -a <addr> (or
|
||||||
|
DHCP assigned) IP address of the edge interface.
|
||||||
|
.TP
|
||||||
|
\-E
|
||||||
|
accept packets destined for multicast ethernet MAC addresses. These addresses
|
||||||
|
are used in multicast ethernet and IPv6 neighbour discovery. If this option is
|
||||||
|
not present these multicast packets are discarded as most users do not need or
|
||||||
|
understand them.
|
||||||
|
.TP
|
||||||
|
\-v
|
||||||
|
more verbose logging (may be specified several times for more verbosity).
|
||||||
|
.SH ENVIRONMENT
|
||||||
|
.TP
|
||||||
|
.B N2N_KEY
|
||||||
|
set the encryption key so it is not visible on the command line
|
||||||
|
.SH EXAMPLES
|
||||||
|
.TP
|
||||||
|
.B edge \-d n2n0 \-c mynetwork \-k encryptme \-u 99 \-g 99 \-m DE:AD:BE:EF:01:23 \-a 192.168.254.7 \-p 50001 \-l 123.121.120.119:7654
|
||||||
|
|
||||||
|
Start edge with TAP device n2n0 on community "mynetwork" with community
|
||||||
|
supernode at 123.121.120.119 UDP port 7654 and bind the locally used UDP port to
|
||||||
|
50001. Use "encryptme" as the single permanent shared encryption key. Assign MAC
|
||||||
|
address DE:AD:BE:EF:01:23 to the n2n interface and drop to user=99 and group=99
|
||||||
|
after the TAP device is successfull configured.
|
||||||
|
.PP
|
||||||
|
Add the -f option to stop edge running as a daemon.
|
||||||
|
.PP
|
||||||
|
Somewhere else setup another edge with similar parameters, eg.
|
||||||
|
|
||||||
|
.B edge \-d n2n0 \-c mynetwork \-k encryptme \-u 99 \-g 99 \-m DE:AD:BE:EF:01:21 \-a 192.168.254.5 \-p 50001 \-l 123.121.120.119:7654
|
||||||
|
.PP
|
||||||
|
Now you can ping from 192.168.254.5 to 192.168.254.7.
|
||||||
|
.PP
|
||||||
|
The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be different
|
||||||
|
on all edges in the same community.
|
||||||
|
|
||||||
|
.SH KEY SCHEDULE FILES
|
||||||
|
(See
|
||||||
|
.B n2n_v2(7)
|
||||||
|
for more details).
|
||||||
|
|
||||||
|
The -K <keyfile> option reads a key schedule file.
|
||||||
|
|
||||||
|
.B edge \-d n2n0 \-c mynetwork \-K /path/to/file \-u 99 \-g 99 \-m DE:AD:BE:EF:01:21 \-a 192.168.254.5 \-p 50001 \-l 123.121.120.119:7654
|
||||||
|
.PP
|
||||||
|
|
||||||
|
The key schedule file consists of line, one per key in the schedule. The purpose
|
||||||
|
of key schedules is to encourage regular changing of the encryption keys used by
|
||||||
|
a community. The file structure also allows for full binary keys to be specified
|
||||||
|
as compared to the ASCII keys allowed by the single key injection. Each key line
|
||||||
|
consists of the following:
|
||||||
|
|
||||||
|
.B <from> <until> <transform> <data>
|
||||||
|
|
||||||
|
<from> and <until> are ASCII decimal values of the UNIX times during which the
|
||||||
|
key is valid. <transform> is the index of the transform that <data> applies
|
||||||
|
to. <data> is some text which is parsed by the transform module to derive the
|
||||||
|
key for that line.
|
||||||
|
|
||||||
|
Supported <transform> values are:
|
||||||
|
.TP
|
||||||
|
2 = TwoFish
|
||||||
|
<data> has the form <SA>_<hex_key>. eg.
|
||||||
|
|
||||||
|
.B 1252327945 1252328305 2 602_3d7c7769b34b2a4812f8c0e9d87ce9
|
||||||
|
|
||||||
|
This specifies security association number 602 and a 16-octet key of numeric
|
||||||
|
value 0x3d7c7769b34b2a4812f8c0e9d87ce9. <SA> is a 32-bit unsigned integer which
|
||||||
|
is used to identify the encryption key to the receiver. The SA number is sent
|
||||||
|
unencrypted so the receiver may find the correct key from the key
|
||||||
|
schedule. <hex_key> is up to 16 octets although shorter keys are allowed.
|
||||||
|
|
||||||
|
.TP
|
||||||
|
3 = AES-CBC
|
||||||
|
<data> has the form <SA>_<hex_key>. Same rules as TwoFish.
|
||||||
|
|
||||||
|
.SH CLEARTEXT MODE
|
||||||
|
If neither
|
||||||
|
.B -k
|
||||||
|
nor
|
||||||
|
.B -K
|
||||||
|
is specified then edge uses cleartext mode. In cleartext mode there is no
|
||||||
|
transform of the packet data it is simply encrypted. This is useful for
|
||||||
|
debugging n2n as packet contents can be seen clearly.
|
||||||
|
|
||||||
|
To prevent accidental exposure of data, edge only enters cleartext mode when no
|
||||||
|
keying parameters are specified. In the case where keying parameters are
|
||||||
|
specified but no valid keys can be determined, edge exits with an error at
|
||||||
|
startup. If all keys become invalid while running, edge continues to encode
|
||||||
|
using the last key that was valid.
|
||||||
|
|
||||||
|
.SH MANAGEMENT INTERFACE
|
||||||
|
Edge provides a very simple management system on UDP port 5644. Send a newline
|
||||||
|
to receive a status output. Send 'reload' to cause re-read of the
|
||||||
|
keyfile. Send 'stop' to cause edge to exit cleanly.
|
||||||
|
|
||||||
|
.SH EXIT STATUS
|
||||||
|
edge is a daemon and any exit is an error.
|
||||||
|
.SH AUTHORS
|
||||||
|
.TP
|
||||||
|
Richard Andrews
|
||||||
|
andrews (at) ntop.org - n2n-1 maintainer and main author of n2n-2
|
||||||
|
.TP
|
||||||
|
Luca Deri
|
||||||
|
deri (at) ntop.org - original author of n2n
|
||||||
|
.TP
|
||||||
|
Don Bindner
|
||||||
|
(--) - significant contributions to n2n-1
|
||||||
|
.SH SEE ALSO
|
||||||
|
ifconfig(8) supernode(1) tunctl(8) n2n_v2(7)
|
44
gen_keyfile.py
Executable file
44
gen_keyfile.py
Executable file
|
@ -0,0 +1,44 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
# (c) 2009 Richard Andrews <andrews@ntop.org>
|
||||||
|
|
||||||
|
# Program to generate a n2n_edge key schedule file for twofish keys
|
||||||
|
# Each key line consists of the following element
|
||||||
|
# <from> <until> <txfrm> <opaque>
|
||||||
|
#
|
||||||
|
# where <from>, <until> are UNIX time_t values of key valid period
|
||||||
|
# <txfrm> is the transform ID (=2 for twofish)
|
||||||
|
# <opaque> is twofish-specific data as follows
|
||||||
|
# <sec_id>_<hex_key>
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import time
|
||||||
|
import random
|
||||||
|
|
||||||
|
NUM_KEYS=30
|
||||||
|
KEY_LIFE=300
|
||||||
|
KEY_LEN=16
|
||||||
|
|
||||||
|
now=time.time()
|
||||||
|
start_sa=random.randint( 0, 0xffffffff )
|
||||||
|
|
||||||
|
random.seed(now) # note now is a floating point time value
|
||||||
|
|
||||||
|
def rand_key():
|
||||||
|
key=str()
|
||||||
|
for i in range(0,KEY_LEN):
|
||||||
|
key += "%02x"%( random.randint( 0, 255) )
|
||||||
|
|
||||||
|
return key
|
||||||
|
|
||||||
|
for i in range(0,NUM_KEYS):
|
||||||
|
from_time = now + (KEY_LIFE * (i-1) )
|
||||||
|
until_time = now + (KEY_LIFE * (i+1) )
|
||||||
|
key = rand_key()
|
||||||
|
sa_idx = start_sa + i
|
||||||
|
transform_id = random.randint( 2, 3 )
|
||||||
|
|
||||||
|
sys.stdout.write("%d %d %d %d_%s\n"%(from_time, until_time, transform_id,sa_idx, key) )
|
||||||
|
|
||||||
|
|
417
lzoconf.h
Normal file
417
lzoconf.h
Normal file
|
@ -0,0 +1,417 @@
|
||||||
|
/* lzoconf.h -- configuration for the LZO real-time data compression library
|
||||||
|
|
||||||
|
This file is part of the LZO real-time data compression library.
|
||||||
|
|
||||||
|
Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
All Rights Reserved.
|
||||||
|
|
||||||
|
The LZO library is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation; either version 2 of
|
||||||
|
the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
The LZO library is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with the LZO library; see the file COPYING.
|
||||||
|
If not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
|
||||||
|
Markus F.X.J. Oberhumer
|
||||||
|
<markus@oberhumer.com>
|
||||||
|
http://www.oberhumer.com/opensource/lzo/
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef __LZOCONF_H_INCLUDED
|
||||||
|
#define __LZOCONF_H_INCLUDED
|
||||||
|
|
||||||
|
#define LZO_VERSION 0x2030
|
||||||
|
#define LZO_VERSION_STRING "2.03"
|
||||||
|
#define LZO_VERSION_DATE "Apr 30 2008"
|
||||||
|
|
||||||
|
/* internal Autoconf configuration file - only used when building LZO */
|
||||||
|
#if defined(LZO_HAVE_CONFIG_H)
|
||||||
|
# include <config.h>
|
||||||
|
#endif
|
||||||
|
#include <limits.h>
|
||||||
|
#include <stddef.h>
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
// LZO requires a conforming <limits.h>
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
#if !defined(CHAR_BIT) || (CHAR_BIT != 8)
|
||||||
|
# error "invalid CHAR_BIT"
|
||||||
|
#endif
|
||||||
|
#if !defined(UCHAR_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX)
|
||||||
|
# error "check your compiler installation"
|
||||||
|
#endif
|
||||||
|
#if (USHRT_MAX < 1) || (UINT_MAX < 1) || (ULONG_MAX < 1)
|
||||||
|
# error "your limits.h macros are broken"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* get OS and architecture defines */
|
||||||
|
#ifndef __LZODEFS_H_INCLUDED
|
||||||
|
#include "lzodefs.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
// some core defines
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
#if !defined(LZO_UINT32_C)
|
||||||
|
# if (UINT_MAX < LZO_0xffffffffL)
|
||||||
|
# define LZO_UINT32_C(c) c ## UL
|
||||||
|
# else
|
||||||
|
# define LZO_UINT32_C(c) ((c) + 0U)
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* memory checkers */
|
||||||
|
#if !defined(__LZO_CHECKER)
|
||||||
|
# if defined(__BOUNDS_CHECKING_ON)
|
||||||
|
# define __LZO_CHECKER 1
|
||||||
|
# elif defined(__CHECKER__)
|
||||||
|
# define __LZO_CHECKER 1
|
||||||
|
# elif defined(__INSURE__)
|
||||||
|
# define __LZO_CHECKER 1
|
||||||
|
# elif defined(__PURIFY__)
|
||||||
|
# define __LZO_CHECKER 1
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
// integral and pointer types
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
/* lzo_uint should match size_t */
|
||||||
|
#if !defined(LZO_UINT_MAX)
|
||||||
|
# if defined(LZO_ABI_LLP64) /* WIN64 */
|
||||||
|
# if defined(LZO_OS_WIN64)
|
||||||
|
typedef unsigned __int64 lzo_uint;
|
||||||
|
typedef __int64 lzo_int;
|
||||||
|
# else
|
||||||
|
typedef unsigned long long lzo_uint;
|
||||||
|
typedef long long lzo_int;
|
||||||
|
# endif
|
||||||
|
# define LZO_UINT_MAX 0xffffffffffffffffull
|
||||||
|
# define LZO_INT_MAX 9223372036854775807LL
|
||||||
|
# define LZO_INT_MIN (-1LL - LZO_INT_MAX)
|
||||||
|
# elif defined(LZO_ABI_IP32L64) /* MIPS R5900 */
|
||||||
|
typedef unsigned int lzo_uint;
|
||||||
|
typedef int lzo_int;
|
||||||
|
# define LZO_UINT_MAX UINT_MAX
|
||||||
|
# define LZO_INT_MAX INT_MAX
|
||||||
|
# define LZO_INT_MIN INT_MIN
|
||||||
|
# elif (ULONG_MAX >= LZO_0xffffffffL)
|
||||||
|
typedef unsigned long lzo_uint;
|
||||||
|
typedef long lzo_int;
|
||||||
|
# define LZO_UINT_MAX ULONG_MAX
|
||||||
|
# define LZO_INT_MAX LONG_MAX
|
||||||
|
# define LZO_INT_MIN LONG_MIN
|
||||||
|
# else
|
||||||
|
# error "lzo_uint"
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Integral types with 32 bits or more. */
|
||||||
|
#if !defined(LZO_UINT32_MAX)
|
||||||
|
# if (UINT_MAX >= LZO_0xffffffffL)
|
||||||
|
typedef unsigned int lzo_uint32;
|
||||||
|
typedef int lzo_int32;
|
||||||
|
# define LZO_UINT32_MAX UINT_MAX
|
||||||
|
# define LZO_INT32_MAX INT_MAX
|
||||||
|
# define LZO_INT32_MIN INT_MIN
|
||||||
|
# elif (ULONG_MAX >= LZO_0xffffffffL)
|
||||||
|
typedef unsigned long lzo_uint32;
|
||||||
|
typedef long lzo_int32;
|
||||||
|
# define LZO_UINT32_MAX ULONG_MAX
|
||||||
|
# define LZO_INT32_MAX LONG_MAX
|
||||||
|
# define LZO_INT32_MIN LONG_MIN
|
||||||
|
# else
|
||||||
|
# error "lzo_uint32"
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* The larger type of lzo_uint and lzo_uint32. */
|
||||||
|
#if (LZO_UINT_MAX >= LZO_UINT32_MAX)
|
||||||
|
# define lzo_xint lzo_uint
|
||||||
|
#else
|
||||||
|
# define lzo_xint lzo_uint32
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Memory model that allows to access memory at offsets of lzo_uint. */
|
||||||
|
#if !defined(__LZO_MMODEL)
|
||||||
|
# if (LZO_UINT_MAX <= UINT_MAX)
|
||||||
|
# define __LZO_MMODEL
|
||||||
|
# elif defined(LZO_HAVE_MM_HUGE_PTR)
|
||||||
|
# define __LZO_MMODEL_HUGE 1
|
||||||
|
# define __LZO_MMODEL __huge
|
||||||
|
# else
|
||||||
|
# define __LZO_MMODEL
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* no typedef here because of const-pointer issues */
|
||||||
|
#define lzo_bytep unsigned char __LZO_MMODEL *
|
||||||
|
#define lzo_charp char __LZO_MMODEL *
|
||||||
|
#define lzo_voidp void __LZO_MMODEL *
|
||||||
|
#define lzo_shortp short __LZO_MMODEL *
|
||||||
|
#define lzo_ushortp unsigned short __LZO_MMODEL *
|
||||||
|
#define lzo_uint32p lzo_uint32 __LZO_MMODEL *
|
||||||
|
#define lzo_int32p lzo_int32 __LZO_MMODEL *
|
||||||
|
#define lzo_uintp lzo_uint __LZO_MMODEL *
|
||||||
|
#define lzo_intp lzo_int __LZO_MMODEL *
|
||||||
|
#define lzo_xintp lzo_xint __LZO_MMODEL *
|
||||||
|
#define lzo_voidpp lzo_voidp __LZO_MMODEL *
|
||||||
|
#define lzo_bytepp lzo_bytep __LZO_MMODEL *
|
||||||
|
/* deprecated - use `lzo_bytep' instead of `lzo_byte *' */
|
||||||
|
#define lzo_byte unsigned char __LZO_MMODEL
|
||||||
|
|
||||||
|
typedef int lzo_bool;
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
// function types
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
/* name mangling */
|
||||||
|
#if !defined(__LZO_EXTERN_C)
|
||||||
|
# ifdef __cplusplus
|
||||||
|
# define __LZO_EXTERN_C extern "C"
|
||||||
|
# else
|
||||||
|
# define __LZO_EXTERN_C extern
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* calling convention */
|
||||||
|
#if !defined(__LZO_CDECL)
|
||||||
|
# define __LZO_CDECL __lzo_cdecl
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* DLL export information */
|
||||||
|
#if !defined(__LZO_EXPORT1)
|
||||||
|
# define __LZO_EXPORT1
|
||||||
|
#endif
|
||||||
|
#if !defined(__LZO_EXPORT2)
|
||||||
|
# define __LZO_EXPORT2
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* __cdecl calling convention for public C and assembly functions */
|
||||||
|
#if !defined(LZO_PUBLIC)
|
||||||
|
# define LZO_PUBLIC(_rettype) __LZO_EXPORT1 _rettype __LZO_EXPORT2 __LZO_CDECL
|
||||||
|
#endif
|
||||||
|
#if !defined(LZO_EXTERN)
|
||||||
|
# define LZO_EXTERN(_rettype) __LZO_EXTERN_C LZO_PUBLIC(_rettype)
|
||||||
|
#endif
|
||||||
|
#if !defined(LZO_PRIVATE)
|
||||||
|
# define LZO_PRIVATE(_rettype) static _rettype __LZO_CDECL
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* function types */
|
||||||
|
typedef int
|
||||||
|
(__LZO_CDECL *lzo_compress_t) ( const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem );
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(__LZO_CDECL *lzo_decompress_t) ( const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem );
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(__LZO_CDECL *lzo_optimize_t) ( lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem );
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(__LZO_CDECL *lzo_compress_dict_t)(const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem,
|
||||||
|
const lzo_bytep dict, lzo_uint dict_len );
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(__LZO_CDECL *lzo_decompress_dict_t)(const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem,
|
||||||
|
const lzo_bytep dict, lzo_uint dict_len );
|
||||||
|
|
||||||
|
|
||||||
|
/* Callback interface. Currently only the progress indicator ("nprogress")
|
||||||
|
* is used, but this may change in a future release. */
|
||||||
|
|
||||||
|
struct lzo_callback_t;
|
||||||
|
typedef struct lzo_callback_t lzo_callback_t;
|
||||||
|
#define lzo_callback_p lzo_callback_t __LZO_MMODEL *
|
||||||
|
|
||||||
|
/* malloc & free function types */
|
||||||
|
typedef lzo_voidp (__LZO_CDECL *lzo_alloc_func_t)
|
||||||
|
(lzo_callback_p self, lzo_uint items, lzo_uint size);
|
||||||
|
typedef void (__LZO_CDECL *lzo_free_func_t)
|
||||||
|
(lzo_callback_p self, lzo_voidp ptr);
|
||||||
|
|
||||||
|
/* a progress indicator callback function */
|
||||||
|
typedef void (__LZO_CDECL *lzo_progress_func_t)
|
||||||
|
(lzo_callback_p, lzo_uint, lzo_uint, int);
|
||||||
|
|
||||||
|
struct lzo_callback_t
|
||||||
|
{
|
||||||
|
/* custom allocators (set to 0 to disable) */
|
||||||
|
lzo_alloc_func_t nalloc; /* [not used right now] */
|
||||||
|
lzo_free_func_t nfree; /* [not used right now] */
|
||||||
|
|
||||||
|
/* a progress indicator callback function (set to 0 to disable) */
|
||||||
|
lzo_progress_func_t nprogress;
|
||||||
|
|
||||||
|
/* NOTE: the first parameter "self" of the nalloc/nfree/nprogress
|
||||||
|
* callbacks points back to this struct, so you are free to store
|
||||||
|
* some extra info in the following variables. */
|
||||||
|
lzo_voidp user1;
|
||||||
|
lzo_xint user2;
|
||||||
|
lzo_xint user3;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
// error codes and prototypes
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
/* Error codes for the compression/decompression functions. Negative
|
||||||
|
* values are errors, positive values will be used for special but
|
||||||
|
* normal events.
|
||||||
|
*/
|
||||||
|
#define LZO_E_OK 0
|
||||||
|
#define LZO_E_ERROR (-1)
|
||||||
|
#define LZO_E_OUT_OF_MEMORY (-2) /* [not used right now] */
|
||||||
|
#define LZO_E_NOT_COMPRESSIBLE (-3) /* [not used right now] */
|
||||||
|
#define LZO_E_INPUT_OVERRUN (-4)
|
||||||
|
#define LZO_E_OUTPUT_OVERRUN (-5)
|
||||||
|
#define LZO_E_LOOKBEHIND_OVERRUN (-6)
|
||||||
|
#define LZO_E_EOF_NOT_FOUND (-7)
|
||||||
|
#define LZO_E_INPUT_NOT_CONSUMED (-8)
|
||||||
|
#define LZO_E_NOT_YET_IMPLEMENTED (-9) /* [not used right now] */
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef lzo_sizeof_dict_t
|
||||||
|
# define lzo_sizeof_dict_t ((unsigned)sizeof(lzo_bytep))
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* lzo_init() should be the first function you call.
|
||||||
|
* Check the return code !
|
||||||
|
*
|
||||||
|
* lzo_init() is a macro to allow checking that the library and the
|
||||||
|
* compiler's view of various types are consistent.
|
||||||
|
*/
|
||||||
|
#define lzo_init() __lzo_init_v2(LZO_VERSION,(int)sizeof(short),(int)sizeof(int),\
|
||||||
|
(int)sizeof(long),(int)sizeof(lzo_uint32),(int)sizeof(lzo_uint),\
|
||||||
|
(int)lzo_sizeof_dict_t,(int)sizeof(char *),(int)sizeof(lzo_voidp),\
|
||||||
|
(int)sizeof(lzo_callback_t))
|
||||||
|
LZO_EXTERN(int) __lzo_init_v2(unsigned,int,int,int,int,int,int,int,int,int);
|
||||||
|
|
||||||
|
/* version functions (useful for shared libraries) */
|
||||||
|
LZO_EXTERN(unsigned) lzo_version(void);
|
||||||
|
LZO_EXTERN(const char *) lzo_version_string(void);
|
||||||
|
LZO_EXTERN(const char *) lzo_version_date(void);
|
||||||
|
LZO_EXTERN(const lzo_charp) _lzo_version_string(void);
|
||||||
|
LZO_EXTERN(const lzo_charp) _lzo_version_date(void);
|
||||||
|
|
||||||
|
/* string functions */
|
||||||
|
LZO_EXTERN(int)
|
||||||
|
lzo_memcmp(const lzo_voidp _s1, const lzo_voidp _s2, lzo_uint _len);
|
||||||
|
LZO_EXTERN(lzo_voidp)
|
||||||
|
lzo_memcpy(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len);
|
||||||
|
LZO_EXTERN(lzo_voidp)
|
||||||
|
lzo_memmove(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len);
|
||||||
|
LZO_EXTERN(lzo_voidp)
|
||||||
|
lzo_memset(lzo_voidp _s, int _c, lzo_uint _len);
|
||||||
|
|
||||||
|
/* checksum functions */
|
||||||
|
LZO_EXTERN(lzo_uint32)
|
||||||
|
lzo_adler32(lzo_uint32 _adler, const lzo_bytep _buf, lzo_uint _len);
|
||||||
|
LZO_EXTERN(lzo_uint32)
|
||||||
|
lzo_crc32(lzo_uint32 _c, const lzo_bytep _buf, lzo_uint _len);
|
||||||
|
LZO_EXTERN(const lzo_uint32p)
|
||||||
|
lzo_get_crc32_table(void);
|
||||||
|
|
||||||
|
/* misc. */
|
||||||
|
LZO_EXTERN(int) _lzo_config_check(void);
|
||||||
|
typedef union { lzo_bytep p; lzo_uint u; } __lzo_pu_u;
|
||||||
|
typedef union { lzo_bytep p; lzo_uint32 u32; } __lzo_pu32_u;
|
||||||
|
typedef union { void *vp; lzo_bytep bp; lzo_uint32 u32; long l; } lzo_align_t;
|
||||||
|
|
||||||
|
/* align a char pointer on a boundary that is a multiple of `size' */
|
||||||
|
LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp _ptr, lzo_uint _size);
|
||||||
|
#define LZO_PTR_ALIGN_UP(_ptr,_size) \
|
||||||
|
((_ptr) + (lzo_uint) __lzo_align_gap((const lzo_voidp)(_ptr),(lzo_uint)(_size)))
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
// deprecated macros - only for backward compatibility with LZO v1.xx
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
#if defined(LZO_CFG_COMPAT)
|
||||||
|
|
||||||
|
#define __LZOCONF_H 1
|
||||||
|
|
||||||
|
#if defined(LZO_ARCH_I086)
|
||||||
|
# define __LZO_i386 1
|
||||||
|
#elif defined(LZO_ARCH_I386)
|
||||||
|
# define __LZO_i386 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(LZO_OS_DOS16)
|
||||||
|
# define __LZO_DOS 1
|
||||||
|
# define __LZO_DOS16 1
|
||||||
|
#elif defined(LZO_OS_DOS32)
|
||||||
|
# define __LZO_DOS 1
|
||||||
|
#elif defined(LZO_OS_WIN16)
|
||||||
|
# define __LZO_WIN 1
|
||||||
|
# define __LZO_WIN16 1
|
||||||
|
#elif defined(LZO_OS_WIN32)
|
||||||
|
# define __LZO_WIN 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define __LZO_CMODEL
|
||||||
|
#define __LZO_DMODEL
|
||||||
|
#define __LZO_ENTRY __LZO_CDECL
|
||||||
|
#define LZO_EXTERN_CDECL LZO_EXTERN
|
||||||
|
#define LZO_ALIGN LZO_PTR_ALIGN_UP
|
||||||
|
|
||||||
|
#define lzo_compress_asm_t lzo_compress_t
|
||||||
|
#define lzo_decompress_asm_t lzo_decompress_t
|
||||||
|
|
||||||
|
#endif /* LZO_CFG_COMPAT */
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
} /* extern "C" */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* already included */
|
||||||
|
|
||||||
|
|
||||||
|
/* vim:set ts=4 et: */
|
106
minilzo.h
Normal file
106
minilzo.h
Normal file
|
@ -0,0 +1,106 @@
|
||||||
|
/* minilzo.h -- mini subset of the LZO real-time data compression library
|
||||||
|
|
||||||
|
This file is part of the LZO real-time data compression library.
|
||||||
|
|
||||||
|
Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer
|
||||||
|
All Rights Reserved.
|
||||||
|
|
||||||
|
The LZO library is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation; either version 2 of
|
||||||
|
the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
The LZO library is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with the LZO library; see the file COPYING.
|
||||||
|
If not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
|
||||||
|
Markus F.X.J. Oberhumer
|
||||||
|
<markus@oberhumer.com>
|
||||||
|
http://www.oberhumer.com/opensource/lzo/
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* NOTE:
|
||||||
|
* the full LZO package can be found at
|
||||||
|
* http://www.oberhumer.com/opensource/lzo/
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef __MINILZO_H
|
||||||
|
#define __MINILZO_H
|
||||||
|
|
||||||
|
#define MINILZO_VERSION 0x2030
|
||||||
|
|
||||||
|
#ifdef __LZOCONF_H
|
||||||
|
# error "you cannot use both LZO and miniLZO"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#undef LZO_HAVE_CONFIG_H
|
||||||
|
#include "lzoconf.h"
|
||||||
|
|
||||||
|
#if !defined(LZO_VERSION) || (LZO_VERSION != MINILZO_VERSION)
|
||||||
|
# error "version mismatch in header files"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
//
|
||||||
|
************************************************************************/
|
||||||
|
|
||||||
|
/* Memory required for the wrkmem parameter.
|
||||||
|
* When the required size is 0, you can also pass a NULL pointer.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define LZO1X_MEM_COMPRESS LZO1X_1_MEM_COMPRESS
|
||||||
|
#define LZO1X_1_MEM_COMPRESS ((lzo_uint32) (16384L * lzo_sizeof_dict_t))
|
||||||
|
#define LZO1X_MEM_DECOMPRESS (0)
|
||||||
|
|
||||||
|
|
||||||
|
/* compression */
|
||||||
|
LZO_EXTERN(int)
|
||||||
|
lzo1x_1_compress ( const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem );
|
||||||
|
|
||||||
|
/* decompression */
|
||||||
|
LZO_EXTERN(int)
|
||||||
|
lzo1x_decompress ( const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem /* NOT USED */ );
|
||||||
|
|
||||||
|
/* safe decompression with overrun testing */
|
||||||
|
LZO_EXTERN(int)
|
||||||
|
lzo1x_decompress_safe ( const lzo_bytep src, lzo_uint src_len,
|
||||||
|
lzo_bytep dst, lzo_uintp dst_len,
|
||||||
|
lzo_voidp wrkmem /* NOT USED */ );
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
} /* extern "C" */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* already included */
|
||||||
|
|
455
n2n.c
Normal file
455
n2n.c
Normal file
|
@ -0,0 +1,455 @@
|
||||||
|
/*
|
||||||
|
* (C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
* Richard Andrews <andrews@ntop.org>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
* Code contributions courtesy of:
|
||||||
|
* Massimo Torquati <torquati@ntop.org>
|
||||||
|
* Matt Gilg
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
#include "minilzo.h"
|
||||||
|
|
||||||
|
#include <assert.h>
|
||||||
|
|
||||||
|
#if defined(DEBUG)
|
||||||
|
# define PURGE_REGISTRATION_FREQUENCY 60
|
||||||
|
# define REGISTRATION_TIMEOUT 120
|
||||||
|
#else /* #if defined(DEBUG) */
|
||||||
|
# define PURGE_REGISTRATION_FREQUENCY 60
|
||||||
|
# define REGISTRATION_TIMEOUT (60*20)
|
||||||
|
#endif /* #if defined(DEBUG) */
|
||||||
|
|
||||||
|
|
||||||
|
const uint8_t broadcast_addr[6] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
|
||||||
|
const uint8_t multicast_addr[6] = { 0x01, 0x00, 0x5E, 0x00, 0x00, 0x00 }; /* First 3 bytes are meaningful */
|
||||||
|
const uint8_t ipv6_multicast_addr[6] = { 0x33, 0x33, 0x00, 0x00, 0x00, 0x00 }; /* First 2 bytes are meaningful */
|
||||||
|
|
||||||
|
/* ************************************** */
|
||||||
|
|
||||||
|
SOCKET open_socket(int local_port, int bind_any) {
|
||||||
|
SOCKET sock_fd;
|
||||||
|
struct sockaddr_in local_address;
|
||||||
|
int sockopt = 1;
|
||||||
|
|
||||||
|
if((sock_fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to create socket [%s][%d]\n",
|
||||||
|
strerror(errno), sock_fd);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifndef WIN32
|
||||||
|
/* fcntl(sock_fd, F_SETFL, O_NONBLOCK); */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
setsockopt(sock_fd, SOL_SOCKET, SO_REUSEADDR, (char *)&sockopt, sizeof(sockopt));
|
||||||
|
|
||||||
|
memset(&local_address, 0, sizeof(local_address));
|
||||||
|
local_address.sin_family = AF_INET;
|
||||||
|
local_address.sin_port = htons(local_port);
|
||||||
|
local_address.sin_addr.s_addr = htonl(bind_any?INADDR_ANY:INADDR_LOOPBACK);
|
||||||
|
if(bind(sock_fd, (struct sockaddr*) &local_address, sizeof(local_address)) == -1) {
|
||||||
|
traceEvent(TRACE_ERROR, "Bind error [%s]\n", strerror(errno));
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
return(sock_fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
int traceLevel = 2 /* NORMAL */;
|
||||||
|
int useSyslog = 0, syslog_opened = 0;
|
||||||
|
|
||||||
|
#define N2N_TRACE_DATESIZE 32
|
||||||
|
void traceEvent(int eventTraceLevel, char* file, int line, char * format, ...) {
|
||||||
|
va_list va_ap;
|
||||||
|
|
||||||
|
if(eventTraceLevel <= traceLevel) {
|
||||||
|
char buf[2048];
|
||||||
|
char out_buf[640];
|
||||||
|
char theDate[N2N_TRACE_DATESIZE];
|
||||||
|
char *extra_msg = "";
|
||||||
|
time_t theTime = time(NULL);
|
||||||
|
#ifdef WIN32
|
||||||
|
int i;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* We have two paths - one if we're logging, one if we aren't
|
||||||
|
* Note that the no-log case is those systems which don't support it (WIN32),
|
||||||
|
* those without the headers !defined(USE_SYSLOG)
|
||||||
|
* those where it's parametrically off...
|
||||||
|
*/
|
||||||
|
|
||||||
|
memset(buf, 0, sizeof(buf));
|
||||||
|
strftime(theDate, N2N_TRACE_DATESIZE, "%d/%b/%Y %H:%M:%S", localtime(&theTime));
|
||||||
|
|
||||||
|
va_start (va_ap, format);
|
||||||
|
vsnprintf(buf, sizeof(buf)-1, format, va_ap);
|
||||||
|
va_end(va_ap);
|
||||||
|
|
||||||
|
if(eventTraceLevel == 0 /* TRACE_ERROR */)
|
||||||
|
extra_msg = "ERROR: ";
|
||||||
|
else if(eventTraceLevel == 1 /* TRACE_WARNING */)
|
||||||
|
extra_msg = "WARNING: ";
|
||||||
|
|
||||||
|
while(buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0';
|
||||||
|
|
||||||
|
#ifndef WIN32
|
||||||
|
if(useSyslog) {
|
||||||
|
if(!syslog_opened) {
|
||||||
|
openlog("n2n", LOG_PID, LOG_DAEMON);
|
||||||
|
syslog_opened = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
snprintf(out_buf, sizeof(out_buf), "%s%s", extra_msg, buf);
|
||||||
|
syslog(LOG_INFO, "%s", out_buf);
|
||||||
|
} else {
|
||||||
|
snprintf(out_buf, sizeof(out_buf), "%s [%11s:%4d] %s%s", theDate, file, line, extra_msg, buf);
|
||||||
|
printf("%s\n", out_buf);
|
||||||
|
fflush(stdout);
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
/* this is the WIN32 code */
|
||||||
|
for(i=strlen(file)-1; i>0; i--) if(file[i] == '\\') { i++; break; };
|
||||||
|
snprintf(out_buf, sizeof(out_buf), "%s [%11s:%4d] %s%s", theDate, &file[i], line, extra_msg, buf);
|
||||||
|
printf("%s\n", out_buf);
|
||||||
|
fflush(stdout);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
/* addr should be in network order. Things are so much simpler that way. */
|
||||||
|
char* intoa(uint32_t /* host order */ addr, char* buf, uint16_t buf_len) {
|
||||||
|
char *cp, *retStr;
|
||||||
|
uint8_t byteval;
|
||||||
|
int n;
|
||||||
|
|
||||||
|
cp = &buf[buf_len];
|
||||||
|
*--cp = '\0';
|
||||||
|
|
||||||
|
n = 4;
|
||||||
|
do {
|
||||||
|
byteval = addr & 0xff;
|
||||||
|
*--cp = byteval % 10 + '0';
|
||||||
|
byteval /= 10;
|
||||||
|
if (byteval > 0) {
|
||||||
|
*--cp = byteval % 10 + '0';
|
||||||
|
byteval /= 10;
|
||||||
|
if (byteval > 0)
|
||||||
|
*--cp = byteval + '0';
|
||||||
|
}
|
||||||
|
*--cp = '.';
|
||||||
|
addr >>= 8;
|
||||||
|
} while (--n > 0);
|
||||||
|
|
||||||
|
/* Convert the string to lowercase */
|
||||||
|
retStr = (char*)(cp+1);
|
||||||
|
|
||||||
|
return(retStr);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
char * macaddr_str( macstr_t buf,
|
||||||
|
const n2n_mac_t mac )
|
||||||
|
{
|
||||||
|
snprintf(buf, N2N_MACSTR_SIZE, "%02X:%02X:%02X:%02X:%02X:%02X",
|
||||||
|
mac[0] & 0xFF, mac[1] & 0xFF, mac[2] & 0xFF,
|
||||||
|
mac[3] & 0xFF, mac[4] & 0xFF, mac[5] & 0xFF);
|
||||||
|
return(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
uint8_t is_multi_broadcast(const uint8_t * dest_mac) {
|
||||||
|
|
||||||
|
int is_broadcast = ( memcmp(broadcast_addr, dest_mac, 6) == 0 );
|
||||||
|
int is_multicast = ( memcmp(multicast_addr, dest_mac, 3) == 0 );
|
||||||
|
int is_ipv6_multicast = ( memcmp(ipv6_multicast_addr, dest_mac, 2) == 0 );
|
||||||
|
|
||||||
|
return is_broadcast || is_multicast || is_ipv6_multicast;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/* http://www.faqs.org/rfcs/rfc908.html */
|
||||||
|
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
char* msg_type2str(uint16_t msg_type) {
|
||||||
|
switch(msg_type) {
|
||||||
|
case MSG_TYPE_REGISTER: return("MSG_TYPE_REGISTER");
|
||||||
|
case MSG_TYPE_DEREGISTER: return("MSG_TYPE_DEREGISTER");
|
||||||
|
case MSG_TYPE_PACKET: return("MSG_TYPE_PACKET");
|
||||||
|
case MSG_TYPE_REGISTER_ACK: return("MSG_TYPE_REGISTER_ACK");
|
||||||
|
case MSG_TYPE_REGISTER_SUPER: return("MSG_TYPE_REGISTER_SUPER");
|
||||||
|
case MSG_TYPE_REGISTER_SUPER_ACK: return("MSG_TYPE_REGISTER_SUPER_ACK");
|
||||||
|
case MSG_TYPE_REGISTER_SUPER_NAK: return("MSG_TYPE_REGISTER_SUPER_NAK");
|
||||||
|
case MSG_TYPE_FEDERATION: return("MSG_TYPE_FEDERATION");
|
||||||
|
default: return("???");
|
||||||
|
}
|
||||||
|
|
||||||
|
return("???");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
void hexdump(const uint8_t * buf, size_t len)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
if ( 0 == len ) { return; }
|
||||||
|
|
||||||
|
for(i=0; i<len; i++)
|
||||||
|
{
|
||||||
|
if((i > 0) && ((i % 16) == 0)) { printf("\n"); }
|
||||||
|
printf("%02X ", buf[i] & 0xFF);
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
void print_n2n_version() {
|
||||||
|
printf("Welcome to n2n v.%s for %s\n"
|
||||||
|
"Built on %s\n"
|
||||||
|
"Copyright 2007-09 - http://www.ntop.org\n\n",
|
||||||
|
n2n_sw_version, n2n_sw_osName, n2n_sw_buildDate);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/** Find the peer entry in list with mac_addr equal to mac.
|
||||||
|
*
|
||||||
|
* Does not modify the list.
|
||||||
|
*
|
||||||
|
* @return NULL if not found; otherwise pointer to peer entry.
|
||||||
|
*/
|
||||||
|
struct peer_info * find_peer_by_mac( struct peer_info * list, const n2n_mac_t mac )
|
||||||
|
{
|
||||||
|
while(list != NULL)
|
||||||
|
{
|
||||||
|
if( 0 == memcmp(mac, list->mac_addr, 6) )
|
||||||
|
{
|
||||||
|
return list;
|
||||||
|
}
|
||||||
|
list = list->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Return the number of elements in the list.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
size_t peer_list_size( const struct peer_info * list )
|
||||||
|
{
|
||||||
|
size_t retval=0;
|
||||||
|
|
||||||
|
while ( list )
|
||||||
|
{
|
||||||
|
++retval;
|
||||||
|
list = list->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Add new to the head of list. If list is NULL; create it.
|
||||||
|
*
|
||||||
|
* The item new is added to the head of the list. New is modified during
|
||||||
|
* insertion. list takes ownership of new.
|
||||||
|
*/
|
||||||
|
void peer_list_add( struct peer_info * * list,
|
||||||
|
struct peer_info * new )
|
||||||
|
{
|
||||||
|
new->next = *list;
|
||||||
|
new->last_seen = time(NULL);
|
||||||
|
*list = new;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
size_t purge_expired_registrations( struct peer_info ** peer_list ) {
|
||||||
|
static time_t last_purge = 0;
|
||||||
|
time_t now = time(NULL);
|
||||||
|
size_t num_reg = 0;
|
||||||
|
|
||||||
|
if((now - last_purge) < PURGE_REGISTRATION_FREQUENCY) return 0;
|
||||||
|
|
||||||
|
traceEvent(TRACE_INFO, "Purging old registrations");
|
||||||
|
|
||||||
|
num_reg = purge_peer_list( peer_list, now-REGISTRATION_TIMEOUT );
|
||||||
|
|
||||||
|
last_purge = now;
|
||||||
|
traceEvent(TRACE_INFO, "Remove %ld registrations", num_reg);
|
||||||
|
|
||||||
|
return num_reg;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Purge old items from the peer_list and return the number of items that were removed. */
|
||||||
|
size_t purge_peer_list( struct peer_info ** peer_list,
|
||||||
|
time_t purge_before )
|
||||||
|
{
|
||||||
|
struct peer_info *scan;
|
||||||
|
struct peer_info *prev;
|
||||||
|
size_t retval=0;
|
||||||
|
|
||||||
|
scan = *peer_list;
|
||||||
|
prev = NULL;
|
||||||
|
while(scan != NULL)
|
||||||
|
{
|
||||||
|
if(scan->last_seen < purge_before)
|
||||||
|
{
|
||||||
|
struct peer_info *next = scan->next;
|
||||||
|
|
||||||
|
if(prev == NULL)
|
||||||
|
{
|
||||||
|
*peer_list = next;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
prev->next = next;
|
||||||
|
}
|
||||||
|
|
||||||
|
++retval;
|
||||||
|
free(scan);
|
||||||
|
scan = next;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
prev = scan;
|
||||||
|
scan = scan->next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Purge all items from the peer_list and return the number of items that were removed. */
|
||||||
|
size_t clear_peer_list( struct peer_info ** peer_list )
|
||||||
|
{
|
||||||
|
struct peer_info *scan;
|
||||||
|
struct peer_info *prev;
|
||||||
|
size_t retval=0;
|
||||||
|
|
||||||
|
scan = *peer_list;
|
||||||
|
prev = NULL;
|
||||||
|
while(scan != NULL)
|
||||||
|
{
|
||||||
|
struct peer_info *next = scan->next;
|
||||||
|
|
||||||
|
if(prev == NULL)
|
||||||
|
{
|
||||||
|
*peer_list = next;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
prev->next = next;
|
||||||
|
}
|
||||||
|
|
||||||
|
++retval;
|
||||||
|
free(scan);
|
||||||
|
scan = next;
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
static uint8_t hex2byte( const char * s )
|
||||||
|
{
|
||||||
|
char tmp[3];
|
||||||
|
tmp[0]=s[0];
|
||||||
|
tmp[1]=s[1];
|
||||||
|
tmp[2]=0; /* NULL term */
|
||||||
|
|
||||||
|
return((uint8_t)strtol( s, NULL, 16 ));
|
||||||
|
}
|
||||||
|
|
||||||
|
extern int str2mac( uint8_t * outmac /* 6 bytes */, const char * s )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
/* break it down as one case for the first "HH", the 5 x through loop for
|
||||||
|
* each ":HH" where HH is a two hex nibbles in ASCII. */
|
||||||
|
|
||||||
|
*outmac=hex2byte(s);
|
||||||
|
++outmac;
|
||||||
|
s+=2; /* don't skip colon yet - helps generalise loop. */
|
||||||
|
|
||||||
|
for (i=1; i<6; ++i )
|
||||||
|
{
|
||||||
|
s+=1;
|
||||||
|
*outmac=hex2byte(s);
|
||||||
|
++outmac;
|
||||||
|
s+=2;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0; /* ok */
|
||||||
|
}
|
||||||
|
|
||||||
|
extern char * sock_to_cstr( n2n_sock_str_t out,
|
||||||
|
const n2n_sock_t * sock )
|
||||||
|
{
|
||||||
|
int r;
|
||||||
|
|
||||||
|
if ( NULL == out ) { return NULL; }
|
||||||
|
memset(out, 0, N2N_SOCKBUF_SIZE);
|
||||||
|
|
||||||
|
if ( AF_INET6 == sock->family )
|
||||||
|
{
|
||||||
|
/* INET6 not written yet */
|
||||||
|
r = snprintf( out, N2N_SOCKBUF_SIZE, "XXXX:%hu", sock->port );
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
const uint8_t * a = sock->addr.v4;
|
||||||
|
r = snprintf( out, N2N_SOCKBUF_SIZE, "%hu.%hu.%hu.%hu:%hu",
|
||||||
|
(a[0] & 0xff), (a[1] & 0xff), (a[2] & 0xff), (a[3] & 0xff), sock->port );
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* @return zero if the two sockets are equivalent. */
|
||||||
|
int sock_equal( const n2n_sock_t * a,
|
||||||
|
const n2n_sock_t * b )
|
||||||
|
{
|
||||||
|
if ( a->port != b->port ) { return 1; }
|
||||||
|
if ( a->family != b->family ) { return 1; }
|
||||||
|
switch (a->family) /* they are the same */
|
||||||
|
{
|
||||||
|
case AF_INET:
|
||||||
|
if ( 0 != memcmp( a->addr.v4, b->addr.v4, IPV4_SIZE ) ) { return 1;};
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if ( 0 != memcmp( a->addr.v6, b->addr.v6, IPV6_SIZE ) ) { return 1;};
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
254
n2n.h
Normal file
254
n2n.h
Normal file
|
@ -0,0 +1,254 @@
|
||||||
|
/*
|
||||||
|
* (C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
* Richard Andrews <andrews@ntop.org>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
* Code contributions courtesy of:
|
||||||
|
* Babak Farrokhi <babak@farrokhi.net> [FreeBSD port]
|
||||||
|
* Lukasz Taczuk
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _N2N_H_
|
||||||
|
#define _N2N_H_
|
||||||
|
|
||||||
|
/*
|
||||||
|
tunctl -t tun0
|
||||||
|
tunctl -t tun1
|
||||||
|
ifconfig tun0 1.2.3.4 up
|
||||||
|
ifconfig tun1 1.2.3.5 up
|
||||||
|
./edge -d tun0 -l 2000 -r 127.0.0.1:3000 -c hello
|
||||||
|
./edge -d tun1 -l 3000 -r 127.0.0.1:2000 -c hello
|
||||||
|
|
||||||
|
|
||||||
|
tunctl -u UID -t tunX
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if defined(__APPLE__) && defined(__MACH__)
|
||||||
|
#define _DARWIN_
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/* Some capability defaults which can be reset for particular platforms. */
|
||||||
|
#define N2N_HAVE_DAEMON 1
|
||||||
|
#define N2N_HAVE_SETUID 1
|
||||||
|
/* #define N2N_CAN_NAME_IFACE */
|
||||||
|
|
||||||
|
/* Moved here to define _CRT_SECURE_NO_WARNINGS before all the including takes place */
|
||||||
|
#ifdef WIN32
|
||||||
|
#include "win32/n2n_win32.h"
|
||||||
|
#undef N2N_HAVE_DAEMON
|
||||||
|
#undef N2N_HAVE_SETUID
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include <time.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
#ifndef WIN32
|
||||||
|
#include <netdb.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef _MSC_VER
|
||||||
|
#include <getopt.h>
|
||||||
|
#endif /* #ifndef _MSC_VER */
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
|
||||||
|
#ifndef WIN32
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <sys/ioctl.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/param.h>
|
||||||
|
#include <pthread.h>
|
||||||
|
|
||||||
|
#ifdef __linux__
|
||||||
|
#include <linux/if.h>
|
||||||
|
#include <linux/if_tun.h>
|
||||||
|
#define N2N_CAN_NAME_IFACE 1
|
||||||
|
#endif /* #ifdef __linux__ */
|
||||||
|
|
||||||
|
#ifdef __FreeBSD__
|
||||||
|
#include <netinet/in_systm.h>
|
||||||
|
#endif /* #ifdef __FreeBSD__ */
|
||||||
|
|
||||||
|
#include <syslog.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
|
||||||
|
#define ETH_ADDR_LEN 6
|
||||||
|
struct ether_hdr
|
||||||
|
{
|
||||||
|
uint8_t dhost[ETH_ADDR_LEN];
|
||||||
|
uint8_t shost[ETH_ADDR_LEN];
|
||||||
|
uint16_t type; /* higher layer protocol encapsulated */
|
||||||
|
} __attribute__ ((__packed__));
|
||||||
|
|
||||||
|
typedef struct ether_hdr ether_hdr_t;
|
||||||
|
|
||||||
|
#ifdef __sun__
|
||||||
|
#include <sys/sysmacros.h> /* MIN() and MAX() declared here */
|
||||||
|
#undef N2N_HAVE_DAEMON
|
||||||
|
#endif /* #ifdef __sun__ */
|
||||||
|
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <netinet/ip.h>
|
||||||
|
#include <netinet/udp.h>
|
||||||
|
#include <signal.h>
|
||||||
|
#include <arpa/inet.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#define closesocket(a) close(a)
|
||||||
|
#endif /* #ifndef WIN32 */
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include <stdarg.h>
|
||||||
|
|
||||||
|
#ifdef WIN32
|
||||||
|
#include "win32/wintap.h"
|
||||||
|
#endif /* #ifdef WIN32 */
|
||||||
|
|
||||||
|
#include "n2n_wire.h"
|
||||||
|
|
||||||
|
/* N2N_IFNAMSIZ is needed on win32 even if dev_name is not used after declaration */
|
||||||
|
#define N2N_IFNAMSIZ 16 /* 15 chars * NULL */
|
||||||
|
#ifndef WIN32
|
||||||
|
typedef struct tuntap_dev {
|
||||||
|
int fd;
|
||||||
|
uint8_t mac_addr[6];
|
||||||
|
uint32_t ip_addr, device_mask;
|
||||||
|
uint16_t mtu;
|
||||||
|
char dev_name[N2N_IFNAMSIZ];
|
||||||
|
} tuntap_dev;
|
||||||
|
|
||||||
|
#define SOCKET int
|
||||||
|
#endif /* #ifndef WIN32 */
|
||||||
|
|
||||||
|
#define QUICKLZ 1
|
||||||
|
|
||||||
|
/* N2N packet header indicators. */
|
||||||
|
#define MSG_TYPE_REGISTER 1
|
||||||
|
#define MSG_TYPE_DEREGISTER 2
|
||||||
|
#define MSG_TYPE_PACKET 3
|
||||||
|
#define MSG_TYPE_REGISTER_ACK 4
|
||||||
|
#define MSG_TYPE_REGISTER_SUPER 5
|
||||||
|
#define MSG_TYPE_REGISTER_SUPER_ACK 6
|
||||||
|
#define MSG_TYPE_REGISTER_SUPER_NAK 7
|
||||||
|
#define MSG_TYPE_FEDERATION 8
|
||||||
|
|
||||||
|
/* Set N2N_COMPRESSION_ENABLED to 0 to disable lzo1x compression of ethernet
|
||||||
|
* frames. Doing this will break compatibility with the standard n2n packet
|
||||||
|
* format so do it only for experimentation. All edges must be built with the
|
||||||
|
* same value if they are to understand each other. */
|
||||||
|
#define N2N_COMPRESSION_ENABLED 1
|
||||||
|
|
||||||
|
#define DEFAULT_MTU 1400
|
||||||
|
|
||||||
|
/** Common type used to hold stringified IP addresses. */
|
||||||
|
typedef char ipstr_t[32];
|
||||||
|
|
||||||
|
/** Common type used to hold stringified MAC addresses. */
|
||||||
|
#define N2N_MACSTR_SIZE 32
|
||||||
|
typedef char macstr_t[N2N_MACSTR_SIZE];
|
||||||
|
|
||||||
|
struct peer_info {
|
||||||
|
struct peer_info * next;
|
||||||
|
n2n_community_t community_name;
|
||||||
|
n2n_mac_t mac_addr;
|
||||||
|
n2n_sock_t sock;
|
||||||
|
time_t last_seen;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct n2n_edge; /* defined in edge.c */
|
||||||
|
typedef struct n2n_edge n2n_edge_t;
|
||||||
|
|
||||||
|
|
||||||
|
/* ************************************** */
|
||||||
|
|
||||||
|
#define TRACE_ERROR 0, __FILE__, __LINE__
|
||||||
|
#define TRACE_WARNING 1, __FILE__, __LINE__
|
||||||
|
#define TRACE_NORMAL 2, __FILE__, __LINE__
|
||||||
|
#define TRACE_INFO 3, __FILE__, __LINE__
|
||||||
|
#define TRACE_DEBUG 4, __FILE__, __LINE__
|
||||||
|
|
||||||
|
/* ************************************** */
|
||||||
|
|
||||||
|
#define SUPERNODE_IP "127.0.0.1"
|
||||||
|
#define SUPERNODE_PORT 1234
|
||||||
|
|
||||||
|
/* ************************************** */
|
||||||
|
|
||||||
|
#ifndef max
|
||||||
|
#define max(a, b) ((a < b) ? b : a)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef min
|
||||||
|
#define min(a, b) ((a > b) ? b : a)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* ************************************** */
|
||||||
|
|
||||||
|
/* Variables */
|
||||||
|
/* extern TWOFISH *tf; */
|
||||||
|
extern int traceLevel;
|
||||||
|
extern int useSyslog;
|
||||||
|
extern const uint8_t broadcast_addr[6];
|
||||||
|
extern const uint8_t multicast_addr[6];
|
||||||
|
|
||||||
|
/* Functions */
|
||||||
|
extern void traceEvent(int eventTraceLevel, char* file, int line, char * format, ...);
|
||||||
|
extern int tuntap_open(tuntap_dev *device, char *dev, const char *address_mode, char *device_ip,
|
||||||
|
char *device_mask, const char * device_mac, int mtu);
|
||||||
|
extern int tuntap_read(struct tuntap_dev *tuntap, unsigned char *buf, int len);
|
||||||
|
extern int tuntap_write(struct tuntap_dev *tuntap, unsigned char *buf, int len);
|
||||||
|
extern void tuntap_close(struct tuntap_dev *tuntap);
|
||||||
|
extern void tuntap_get_address(struct tuntap_dev *tuntap);
|
||||||
|
|
||||||
|
extern SOCKET open_socket(int local_port, int bind_any);
|
||||||
|
|
||||||
|
extern char* intoa(uint32_t addr, char* buf, uint16_t buf_len);
|
||||||
|
extern char* macaddr_str(macstr_t buf, const n2n_mac_t mac);
|
||||||
|
extern int str2mac( uint8_t * outmac /* 6 bytes */, const char * s );
|
||||||
|
extern char * sock_to_cstr( n2n_sock_str_t out,
|
||||||
|
const n2n_sock_t * sock );
|
||||||
|
|
||||||
|
extern int sock_equal( const n2n_sock_t * a,
|
||||||
|
const n2n_sock_t * b );
|
||||||
|
|
||||||
|
extern uint8_t is_multi_broadcast(const uint8_t * dest_mac);
|
||||||
|
extern char* msg_type2str(uint16_t msg_type);
|
||||||
|
extern void hexdump(const uint8_t * buf, size_t len);
|
||||||
|
|
||||||
|
void print_n2n_version();
|
||||||
|
|
||||||
|
|
||||||
|
/* Operations on peer_info lists. */
|
||||||
|
struct peer_info * find_peer_by_mac( struct peer_info * list,
|
||||||
|
const n2n_mac_t mac );
|
||||||
|
void peer_list_add( struct peer_info * * list,
|
||||||
|
struct peer_info * new );
|
||||||
|
size_t peer_list_size( const struct peer_info * list );
|
||||||
|
size_t purge_peer_list( struct peer_info ** peer_list,
|
||||||
|
time_t purge_before );
|
||||||
|
size_t clear_peer_list( struct peer_info ** peer_list );
|
||||||
|
size_t purge_expired_registrations( struct peer_info ** peer_list );
|
||||||
|
|
||||||
|
/* version.c */
|
||||||
|
extern char *n2n_sw_version, *n2n_sw_osName, *n2n_sw_buildDate;
|
||||||
|
|
||||||
|
#endif /* _N2N_H_ */
|
52
n2n.spec
Normal file
52
n2n.spec
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
Summary: N2N peer-to-peer virtual private network system.
|
||||||
|
Name: n2n
|
||||||
|
Version: 2.1.0
|
||||||
|
Release: 1
|
||||||
|
License: GPLv3
|
||||||
|
Vendor: ntop.org
|
||||||
|
Group: None
|
||||||
|
URL: http://www.ntop.org/n2n
|
||||||
|
Source0: %{name}-%{version}.tar.gz
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||||
|
|
||||||
|
%description
|
||||||
|
N2N is a peer-to-peer virtual private network system. N2N uses the universal
|
||||||
|
TUNTAP interface to create TAP network interfaces to an encrypted virtual
|
||||||
|
LAN. Members of a community share encryption keys which allow exchange of
|
||||||
|
data. The supernode is used for peer discovery and initial packet relay before
|
||||||
|
direct peer-to-peer exchange is established. Once direct packet exchange is
|
||||||
|
established, the supernode is not required.
|
||||||
|
|
||||||
|
N2N-2 introduces additional security features and multiple supernodes.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
|
||||||
|
%setup -q
|
||||||
|
|
||||||
|
echo -e "\n *** Building ${RPM_PACKAGE_NAME}-${RPM_PACKAGE_VERSION}-${RPM_PACKAGE_RELEASE} ***\n"
|
||||||
|
|
||||||
|
%build
|
||||||
|
make
|
||||||
|
|
||||||
|
%install
|
||||||
|
make PREFIX=${RPM_BUILD_ROOT}/usr install
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root,-)
|
||||||
|
/usr/sbin/supernode
|
||||||
|
/usr/sbin/edge
|
||||||
|
%doc /usr/share/man/man1/supernode.1.gz
|
||||||
|
%doc /usr/share/man/man8/edge.8.gz
|
||||||
|
%doc /usr/share/man/man7/n2n_v2.7.gz
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Fri Oct 30 2009 Richard Andrews <andrews@ntop.org> -
|
||||||
|
- First beta for n2n-2
|
||||||
|
* Sat May 3 2008 Richard Andrews <andrews@ntop.org> -
|
||||||
|
- Initial build.
|
||||||
|
|
203
n2n_keyfile.c
Normal file
203
n2n_keyfile.c
Normal file
|
@ -0,0 +1,203 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
/* Contributions from:
|
||||||
|
* - Jozef Kralik
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
#include "n2n_keyfile.h"
|
||||||
|
#include <errno.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <time.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef WIN32
|
||||||
|
char *strsep( char **ppsz_string, const char *psz_delimiters )
|
||||||
|
{
|
||||||
|
char *p;
|
||||||
|
char *psz_string = *ppsz_string;
|
||||||
|
if( !psz_string )
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
p = strpbrk( psz_string, psz_delimiters );
|
||||||
|
if( !p )
|
||||||
|
{
|
||||||
|
*ppsz_string = NULL;
|
||||||
|
return psz_string;
|
||||||
|
}
|
||||||
|
*p++ = '\0';
|
||||||
|
|
||||||
|
*ppsz_string = p;
|
||||||
|
return psz_string;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/* Parse hex nibbles in ascii until a non-nibble character is found. Nibble
|
||||||
|
* characters are 0-9, a-f and A-F.
|
||||||
|
*
|
||||||
|
* Return number of bytes parsed into keyBuf or a negative error code.
|
||||||
|
*/
|
||||||
|
ssize_t n2n_parse_hex( uint8_t * keyBuf,
|
||||||
|
size_t keyLen,
|
||||||
|
const char * textKey,
|
||||||
|
size_t textLen)
|
||||||
|
{
|
||||||
|
ssize_t retval=0;
|
||||||
|
uint8_t * pout=keyBuf;
|
||||||
|
size_t octet=0;
|
||||||
|
const char * textEnd;
|
||||||
|
const char * pbeg;
|
||||||
|
|
||||||
|
textEnd = textKey+textLen;
|
||||||
|
pbeg=textKey;
|
||||||
|
|
||||||
|
while ( ( pbeg + 1 < textEnd ) && ( retval < (ssize_t)keyLen ) )
|
||||||
|
{
|
||||||
|
if ( 1 != sscanf( pbeg, "%02x", (unsigned int*)&octet ) )
|
||||||
|
{
|
||||||
|
retval=-1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
*pout = (octet & 0xff);
|
||||||
|
++pout;
|
||||||
|
++retval;
|
||||||
|
pbeg += 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int parseKeyLine( n2n_cipherspec_t * spec,
|
||||||
|
const char * linein )
|
||||||
|
{
|
||||||
|
/* parameters are separated by whitespace */
|
||||||
|
char line[N2N_KEYFILE_LINESIZE];
|
||||||
|
char * lp=line;
|
||||||
|
const char * token;
|
||||||
|
strncpy( line, linein, N2N_KEYFILE_LINESIZE );
|
||||||
|
|
||||||
|
memset( spec, 0, sizeof( n2n_cipherspec_t ) );
|
||||||
|
|
||||||
|
/* decode valid_from time */
|
||||||
|
token = strsep( &lp, DELIMITERS );
|
||||||
|
if ( !token ) { goto error; }
|
||||||
|
spec->valid_from = atol(token);
|
||||||
|
|
||||||
|
/* decode valid_until time */
|
||||||
|
token = strsep( &lp, DELIMITERS );
|
||||||
|
if ( !token ) { goto error; }
|
||||||
|
spec->valid_until = atol(token);
|
||||||
|
|
||||||
|
/* decode the transform number */
|
||||||
|
token = strsep( &lp, DELIMITERS );
|
||||||
|
if ( !token ) { goto error; }
|
||||||
|
spec->t = atoi(token);
|
||||||
|
|
||||||
|
/* The reset if opaque key data */
|
||||||
|
token = strsep( &lp, DELIMITERS );
|
||||||
|
if ( !token ) { goto error; }
|
||||||
|
strncpy( (char *)spec->opaque, token, N2N_MAX_KEYSIZE );
|
||||||
|
spec->opaque_size=strlen( (char *)spec->opaque);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
error:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#define SEP "/"
|
||||||
|
|
||||||
|
|
||||||
|
int validCipherSpec( const n2n_cipherspec_t * k,
|
||||||
|
time_t now )
|
||||||
|
{
|
||||||
|
if ( k->valid_until < k->valid_from ) { goto bad; }
|
||||||
|
if ( k->valid_from > now ) { goto bad; }
|
||||||
|
if ( k->valid_until < now ) { goto bad; }
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
bad:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Read key control file and return the number of specs stored or a negative
|
||||||
|
* error code.
|
||||||
|
*
|
||||||
|
* As the specs are read in the from and until time values are compared to
|
||||||
|
* present time. Only those keys which are valid are stored.
|
||||||
|
*/
|
||||||
|
int n2n_read_keyfile( n2n_cipherspec_t * specs, /* fill out this array of cipherspecs */
|
||||||
|
size_t numspecs, /* number of slots in the array. */
|
||||||
|
const char * ctrlfile_path ) /* path to control file */
|
||||||
|
{
|
||||||
|
/* Each line contains one cipherspec. */
|
||||||
|
|
||||||
|
int retval=0;
|
||||||
|
FILE * fp=NULL;
|
||||||
|
size_t idx=0;
|
||||||
|
time_t now = time(NULL);
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "Reading '%s'\n", ctrlfile_path );
|
||||||
|
|
||||||
|
fp = fopen( ctrlfile_path, "r" );
|
||||||
|
if ( fp )
|
||||||
|
{
|
||||||
|
/* Read the file a line a time with fgets. */
|
||||||
|
char line[N2N_KEYFILE_LINESIZE];
|
||||||
|
size_t lineNum=0;
|
||||||
|
|
||||||
|
while ( idx < numspecs )
|
||||||
|
{
|
||||||
|
n2n_cipherspec_t * k = &(specs[idx]);
|
||||||
|
fgets( line, N2N_KEYFILE_LINESIZE, fp );
|
||||||
|
++lineNum;
|
||||||
|
|
||||||
|
if ( strlen(line) > 1 )
|
||||||
|
{
|
||||||
|
if ( 0 == parseKeyLine( k, line ) )
|
||||||
|
{
|
||||||
|
if ( k->valid_until > now )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_INFO, " --> [%u] from %lu, until %lu, transform=%hu, data=%s\n",
|
||||||
|
idx, k->valid_from, k->valid_until, k->t, k->opaque );
|
||||||
|
|
||||||
|
++retval;
|
||||||
|
++idx;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_INFO, " --X [%u] from %lu, until %lu, transform=%hu, data=%s\n",
|
||||||
|
idx, k->valid_from, k->valid_until, k->t, k->opaque );
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_WARNING, "Failed to decode line %u\n", lineNum );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( feof(fp) )
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
line[0]=0; /* this line has been consumed */
|
||||||
|
}
|
||||||
|
|
||||||
|
fclose( fp);
|
||||||
|
fp=NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to open '%s'\n", ctrlfile_path );
|
||||||
|
retval = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
101
n2n_keyfile.h
Normal file
101
n2n_keyfile.h
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
|
||||||
|
/** Key files
|
||||||
|
*
|
||||||
|
* Edge implements a very simple interface for getting instructions about
|
||||||
|
* rolling keys.
|
||||||
|
*
|
||||||
|
* Key definitions are written as individual files in <transform>/<sa>.key. The
|
||||||
|
* format of each key is a single line of hex nibbles as follows:
|
||||||
|
*
|
||||||
|
* 0102030405060708090a0b0c0d0e0f
|
||||||
|
*
|
||||||
|
* Any external key exchange mechanism can receive the key data write it into
|
||||||
|
* the keyfiles.
|
||||||
|
*
|
||||||
|
* To control which keys are active at what times the key control file is
|
||||||
|
* used. This is a single file which is periodically reread. It contains key
|
||||||
|
* definitions in chronological order with one line per key definition as
|
||||||
|
* follows:
|
||||||
|
*
|
||||||
|
* <valid_from> <valid_until> <transform> <opaque>
|
||||||
|
*
|
||||||
|
* edge reads the key control file periodically to get updates in policy. edge
|
||||||
|
* holds a number of keys in memory. Data can be decoded if it was encoded by
|
||||||
|
* any of the keys still in memory. By having at least 2 keys in memory it
|
||||||
|
* allows for clock skew and transmission delay when encoder and decoder roll
|
||||||
|
* keys at slightly different times. The amount of overlap in the valid time
|
||||||
|
* ranges provides the tolerance to timing skews in the system.
|
||||||
|
*
|
||||||
|
* The keys have the same level of secrecy as any other user file. Existing
|
||||||
|
* UNIX permission systems can be used to provide access controls.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/** How Edge Uses The Key Schedule
|
||||||
|
*
|
||||||
|
* Edge provides state space for a number of transform algorithms. Each
|
||||||
|
* transform uses its state space to store the SA information for its keys as
|
||||||
|
* found in the key file. When a packet is received the transform ID is in
|
||||||
|
* plain text. The packets is then sent to that transform for decoding. Each
|
||||||
|
* transform can store its SA numbers differently (or not at all). The
|
||||||
|
* transform code then finds the SA number, then finds the cipher (with key) in
|
||||||
|
* the state space and uses this to decode the packet.
|
||||||
|
*
|
||||||
|
* To support this, as edge reads each key line, it passes it to the
|
||||||
|
* appropriate transform to parse the line and store the SA information in its
|
||||||
|
* state space.
|
||||||
|
*
|
||||||
|
* When encoding a packet, edge has several transforms and potentially valid
|
||||||
|
* SAs to choose from. To keep track of which one to use for encoding edge does
|
||||||
|
* its own book-keeping as each key line is passed to the transform code: it
|
||||||
|
* stores a lookup of valid_from -> transform. When encoding a packet it then
|
||||||
|
* just calls the transform with the best valid_from in the table. The
|
||||||
|
* transform's own state space has all the SAs for its keys and the best of
|
||||||
|
* those is chosen.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if !defined( N2N_KEYFILE_H_ )
|
||||||
|
#define N2N_KEYFILE_H_
|
||||||
|
|
||||||
|
|
||||||
|
#include "n2n_wire.h"
|
||||||
|
#include <time.h>
|
||||||
|
|
||||||
|
#define N2N_MAX_KEYSIZE 256 /* bytes */
|
||||||
|
#define N2N_MAX_NUM_CIPHERSPECS 8
|
||||||
|
#define N2N_KEYPATH_SIZE 256
|
||||||
|
#define N2N_KEYFILE_LINESIZE 256
|
||||||
|
|
||||||
|
/** This structure stores an encryption cipher spec. */
|
||||||
|
struct n2n_cipherspec
|
||||||
|
{
|
||||||
|
n2n_transform_t t; /* N2N_TRANSFORM_ID_xxx for this spec. */
|
||||||
|
time_t valid_from; /* Start using the key at this time. */
|
||||||
|
time_t valid_until; /* Key is valid if time < valid_until. */
|
||||||
|
uint16_t opaque_size; /* Size in bytes of key. */
|
||||||
|
uint8_t opaque[N2N_MAX_KEYSIZE];/* Key matter. */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_cipherspec n2n_cipherspec_t;
|
||||||
|
|
||||||
|
|
||||||
|
static const char * const DELIMITERS=" \t\n\r";
|
||||||
|
|
||||||
|
|
||||||
|
/** @return number of cipherspec items filled. */
|
||||||
|
int n2n_read_keyfile( n2n_cipherspec_t * specs, /* fill out this array of cipherspecs */
|
||||||
|
size_t numspecs, /* number of slots in the array. */
|
||||||
|
const char * ctrlfile_path ); /* path to control file */
|
||||||
|
|
||||||
|
int validCipherSpec( const n2n_cipherspec_t * k,
|
||||||
|
time_t now );
|
||||||
|
|
||||||
|
ssize_t n2n_parse_hex( uint8_t * keyBuf,
|
||||||
|
size_t keyMax,
|
||||||
|
const char * textKey,
|
||||||
|
size_t textLen );
|
||||||
|
|
||||||
|
/*----------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
#endif /* #if !defined( N2N_KEYFILE_H_ ) */
|
78
n2n_transforms.h
Normal file
78
n2n_transforms.h
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
|
||||||
|
#if !defined(N2N_TRANSFORMS_H_)
|
||||||
|
#define N2N_TRANSFORMS_H_
|
||||||
|
|
||||||
|
#include "n2n_keyfile.h"
|
||||||
|
#include "n2n_wire.h"
|
||||||
|
|
||||||
|
|
||||||
|
#define N2N_TRANSFORM_ID_INVAL 0 /* marks uninitialised data */
|
||||||
|
#define N2N_TRANSFORM_ID_NULL 1
|
||||||
|
#define N2N_TRANSFORM_ID_TWOFISH 2
|
||||||
|
#define N2N_TRANSFORM_ID_AESCBC 3
|
||||||
|
#define N2N_TRANSFORM_ID_LZO 4
|
||||||
|
#define N2N_TRANSFORM_ID_TWOFISH_LZO 5
|
||||||
|
#define N2N_TRANSFORM_ID_AESCBC_LZO 6
|
||||||
|
#define N2N_TRANSFORM_ID_USER_START 64
|
||||||
|
#define N2N_TRANSFORM_ID_MAX 65535
|
||||||
|
|
||||||
|
|
||||||
|
struct n2n_trans_op;
|
||||||
|
typedef struct n2n_trans_op n2n_trans_op_t;
|
||||||
|
|
||||||
|
struct n2n_tostat
|
||||||
|
{
|
||||||
|
uint8_t can_tx; /* Does this transop have a valid SA for encoding. */
|
||||||
|
n2n_cipherspec_t tx_spec; /* If can_tx, the spec used to encode. */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_tostat n2n_tostat_t;
|
||||||
|
|
||||||
|
|
||||||
|
typedef int (*n2n_transdeinit_f)( n2n_trans_op_t * arg );
|
||||||
|
typedef int (*n2n_transaddspec_f)( n2n_trans_op_t * arg,
|
||||||
|
const n2n_cipherspec_t * cspec );
|
||||||
|
typedef n2n_tostat_t (*n2n_transtick_f)( n2n_trans_op_t * arg,
|
||||||
|
time_t now );
|
||||||
|
|
||||||
|
typedef int (*n2n_transform_f)( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len );
|
||||||
|
|
||||||
|
/** Holds the info associated with a data transform plugin.
|
||||||
|
*
|
||||||
|
* When a packet arrives the transform ID is extracted. This defines the code
|
||||||
|
* to use to decode the packet content. The transform code then decodes the
|
||||||
|
* packet and consults its internal key lookup.
|
||||||
|
*/
|
||||||
|
struct n2n_trans_op
|
||||||
|
{
|
||||||
|
void * priv; /* opaque data. Key schedule goes here. */
|
||||||
|
|
||||||
|
n2n_transform_t transform_id; /* link header enum to a transform */
|
||||||
|
size_t tx_cnt;
|
||||||
|
size_t rx_cnt;
|
||||||
|
|
||||||
|
n2n_transdeinit_f deinit; /* destructor function */
|
||||||
|
n2n_transaddspec_f addspec; /* parse opaque data from a key schedule file. */
|
||||||
|
n2n_transtick_f tick; /* periodic maintenance */
|
||||||
|
n2n_transform_f fwd; /* encode a payload */
|
||||||
|
n2n_transform_f rev; /* decode a payload */
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Setup a single twofish SA for single-key operation. */
|
||||||
|
int transop_twofish_setup( n2n_trans_op_t * ttt,
|
||||||
|
n2n_sa_t sa_num,
|
||||||
|
uint8_t * encrypt_pwd,
|
||||||
|
uint32_t encrypt_pwd_len );
|
||||||
|
|
||||||
|
/* Initialise an empty transop ready to receive cipherspec elements. */
|
||||||
|
int transop_twofish_init( n2n_trans_op_t * ttt );
|
||||||
|
int transop_aes_init( n2n_trans_op_t * ttt );
|
||||||
|
void transop_null_init( n2n_trans_op_t * ttt );
|
||||||
|
|
||||||
|
#endif /* #if !defined(N2N_TRANSFORMS_H_) */
|
||||||
|
|
156
n2n_v2.7
Normal file
156
n2n_v2.7
Normal file
|
@ -0,0 +1,156 @@
|
||||||
|
.TH "n2n_v2" 7 "Sep 21, 2009" "revision 3909" "Background"
|
||||||
|
.SH NAME
|
||||||
|
N2n Version 2 \- version 2 of the n2n decentralised peer-to-peer network overlay
|
||||||
|
VPN.
|
||||||
|
.SH DESCRIPTION
|
||||||
|
N2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
|
||||||
|
layer 3 encapsulation with data transform capabilities such as encryption and
|
||||||
|
compression. This guide discusses the differences of version 2 or n2n from
|
||||||
|
version 1.
|
||||||
|
.SH PROTOCOLS
|
||||||
|
N2n-2 uses a different set of messages to communicate with edges and
|
||||||
|
supernodes. The n2n-2 messages are not compatible with n2n-1. There is no
|
||||||
|
backward compatibility for n2n-1.
|
||||||
|
.SH ENCRYPTION
|
||||||
|
N2n-2 offers a new way of handling encryption compared to n2n-1. N2n-1 provided
|
||||||
|
facility for a single community password with no expiration. In n2n-2 this
|
||||||
|
method is preserved but a new mechanism has been added using a key schedule
|
||||||
|
file.
|
||||||
|
.TP
|
||||||
|
Key Schedule
|
||||||
|
A key schedule file lists a number of keys with the period for which each is
|
||||||
|
valid along with the encryption type identifier and the actual key value. This
|
||||||
|
allows the user to define up to 32 keys in advance with a pre-set time at which
|
||||||
|
they keys will change. The key schedule file can be reloaded while the edge is
|
||||||
|
running to allow new keys to be loaded and unused keys expunged.
|
||||||
|
.TP
|
||||||
|
Timing Requirements When a key rolls over to the next in the schedule, the new
|
||||||
|
key is used for all transmitted packets; however any packets received using an
|
||||||
|
older key can still be decoded as the keys from the key schedule are still
|
||||||
|
known. As a result edges do not need to have accurate time synchronisation. The
|
||||||
|
accuracy of required synchronisation depends to a large degree on the key
|
||||||
|
schedule. Rapid key roll-overs requires more accurate time synchronisation.
|
||||||
|
.P
|
||||||
|
N2n-2 provides the following encryption ciphers; more can be added as required:
|
||||||
|
.TP
|
||||||
|
.B (1) NULL
|
||||||
|
Data is encapsulated unchanged. Useful for testing and high-performance, low
|
||||||
|
sensitivity applications.
|
||||||
|
.TP
|
||||||
|
.B (2) TF
|
||||||
|
Twofish AES candidate.
|
||||||
|
.P
|
||||||
|
The following additional ciphers are specified but not yet implemented:
|
||||||
|
.TP
|
||||||
|
.B (3) AES-CBC
|
||||||
|
AES in CBC mode with 256-bit key.
|
||||||
|
.TP
|
||||||
|
.B (4) LZO
|
||||||
|
LZO compression of data (no encryption).
|
||||||
|
.TP
|
||||||
|
.B (5) TF-LZO
|
||||||
|
TF cipher with LZO compression of data prior to encryption.
|
||||||
|
.TP
|
||||||
|
.B (6) AES-CBC-LZO
|
||||||
|
AES-CBC ciper with LZO compression of data prior to encryption.
|
||||||
|
|
||||||
|
.SH EXTENSIBILITY
|
||||||
|
N2n-2 decouples the data transform system from the core of the edge
|
||||||
|
operation. This allows for easier addition of new data transform
|
||||||
|
operations. N2n-2 reserves 64 standard transform identifiers (such as TwoFish
|
||||||
|
encryption) but allocates transform identifiers 64 - 65536 for user-defined
|
||||||
|
transforms. This allows anyone to add to n2n new private transforms without
|
||||||
|
breaking compatibility with the standard offering.
|
||||||
|
|
||||||
|
.SH MULTIPLE SUPERNODES
|
||||||
|
N2n-2 introduces the capability of multiple supernodes to be used by an
|
||||||
|
edge. N2n-2 offers supernode in several flavours:
|
||||||
|
.TP
|
||||||
|
Stand-alone supernode
|
||||||
|
|
||||||
|
This is the same concept as from n2n-1. Supernode is a small efficient C program
|
||||||
|
which operates in isolation.
|
||||||
|
.TP
|
||||||
|
Federated supernodes
|
||||||
|
|
||||||
|
This is a cluster of supernodes which share information. Edges registered to any
|
||||||
|
of the cooperating supernodes can relay packets through the supernode federation
|
||||||
|
and switch supernodes if required. Supernodes can send PACKET or REGISTER
|
||||||
|
messages to other supernodes to try and find the destination edge.
|
||||||
|
|
||||||
|
.P
|
||||||
|
The n2n-2 edge implementation allows multiple supernodes to be specified on the
|
||||||
|
command line. Edges monitor the current supernode for responses to
|
||||||
|
REGISTER_SUPER messages. If 3 responses are missed then the edge starts looking
|
||||||
|
for a new supernode. It cycles through the list of supernodes specified until it
|
||||||
|
finds a working one.
|
||||||
|
|
||||||
|
.SH EFFICIENCY
|
||||||
|
The n2n-2 message formats have been made more efficient. The amount of data
|
||||||
|
overhead has been reduced by ensuring the messages contain only the data fields
|
||||||
|
required. Some optional fields do not consume data if they are not present.
|
||||||
|
|
||||||
|
.SH DAEMON OPERATION
|
||||||
|
The supernode and edge use daemon mode of operation by default. This sense is
|
||||||
|
inverted from n2n-1 where they ran in the foreground by default. They can be
|
||||||
|
made to run in the foreground so tools such a DJB's daemontools can work with
|
||||||
|
them. See the
|
||||||
|
.B -f
|
||||||
|
option
|
||||||
|
|
||||||
|
.SH MANAGEMENT CONSOLE
|
||||||
|
Edge and supernode in n2n-2 provide a UDP-based management console. Both listen
|
||||||
|
on the localhost address 127.0.0.1. Commands can be sent to the programs by
|
||||||
|
sending to the UDP socket. Responses are returned to the socket from which
|
||||||
|
commands were issued. This only works from the computer on which the programs
|
||||||
|
are running. Statistics can be retrieved and commands issued. The netcat utility
|
||||||
|
is all that is required; but more sophisticated tools could be built on the
|
||||||
|
interface.
|
||||||
|
|
||||||
|
.SH SUPERNODE AUTHENTICATION
|
||||||
|
.B (To be implemented)
|
||||||
|
Space has been reserved in the supernode registration messages for an
|
||||||
|
authentication mechanism.
|
||||||
|
|
||||||
|
.SH MESSAGE SUMMARY
|
||||||
|
The following message types work within n2n-2.
|
||||||
|
.TP
|
||||||
|
REGISTER_SUPER
|
||||||
|
Sent from an edge to its local supernode to register its MAC with the community.
|
||||||
|
.TP
|
||||||
|
REGISTER_SUPER_ACK
|
||||||
|
Sent from a supernode to an edge to confirm registration. This also carries the
|
||||||
|
definition of the edge socket as seen at the supernode so NAT can be detected
|
||||||
|
and described.
|
||||||
|
.TP
|
||||||
|
REGISTER_SUPER_NAK
|
||||||
|
Supernode refusing to register an edge.
|
||||||
|
.TP
|
||||||
|
PACKET
|
||||||
|
Encapsulated ethernet packets sent between edges. Supernodes forward or
|
||||||
|
broadcast these and edges send them direct in peer-to-peer mode.
|
||||||
|
.TP
|
||||||
|
REGISTER
|
||||||
|
A peer-to-peer mode registration request from one edge to another. Supernodes
|
||||||
|
forward these to facilitate NAT crossing introductions.
|
||||||
|
.TP
|
||||||
|
REGISTER_ACK
|
||||||
|
Complete peer-to-peer mode setup between two edges. These messages need to
|
||||||
|
travel direct between edges.
|
||||||
|
.TP
|
||||||
|
FEDERATION
|
||||||
|
Federated supernodes exchanging community information.
|
||||||
|
|
||||||
|
.SH OTHER DIFFERENCES
|
||||||
|
.TP
|
||||||
|
HTTP Tunneling
|
||||||
|
This experimental feature (-t option in n2n_v1) of n2n_v1 has been removed
|
||||||
|
entirely from n2n_v2.
|
||||||
|
.SH AUTHORS
|
||||||
|
.TP
|
||||||
|
Richard Andrews andrews (at) ntop.org - main author of n2n-2
|
||||||
|
.TP
|
||||||
|
Luca Deri
|
||||||
|
deri (at) ntop.org - code inherited from n2n-1
|
||||||
|
.SH SEE ALSO
|
||||||
|
ifconfig(8) edge(8) supernode(1)
|
321
n2n_wire.h
Normal file
321
n2n_wire.h
Normal file
|
@ -0,0 +1,321 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org>
|
||||||
|
*
|
||||||
|
* Contributions by:
|
||||||
|
* Luca Deri
|
||||||
|
* Lukasz Taczuk
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if !defined( N2N_WIRE_H_ )
|
||||||
|
#define N2N_WIRE_H_
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
#if defined(WIN32)
|
||||||
|
#include "win32/n2n_win32.h"
|
||||||
|
|
||||||
|
#if defined(__MINGW32__)
|
||||||
|
#include <stdint.h>
|
||||||
|
#endif /* #ifdef __MINGW32__ */
|
||||||
|
|
||||||
|
#else /* #if defined(WIN32) */
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <sys/socket.h> /* AF_INET and AF_INET6 */
|
||||||
|
#endif /* #if defined(WIN32) */
|
||||||
|
|
||||||
|
#define N2N_PKT_VERSION 2
|
||||||
|
#define N2N_DEFAULT_TTL 2 /* can be forwarded twice at most */
|
||||||
|
#define N2N_COMMUNITY_SIZE 16
|
||||||
|
#define N2N_MAC_SIZE 6
|
||||||
|
#define N2N_COOKIE_SIZE 4
|
||||||
|
#define N2N_PKT_BUF_SIZE 2048
|
||||||
|
#define N2N_SOCKBUF_SIZE 64 /* string representation of INET or INET6 sockets */
|
||||||
|
|
||||||
|
typedef uint8_t n2n_community_t[N2N_COMMUNITY_SIZE];
|
||||||
|
typedef uint8_t n2n_mac_t[N2N_MAC_SIZE];
|
||||||
|
typedef uint8_t n2n_cookie_t[N2N_COOKIE_SIZE];
|
||||||
|
|
||||||
|
typedef char n2n_sock_str_t[N2N_SOCKBUF_SIZE]; /* tracing string buffer */
|
||||||
|
|
||||||
|
enum n2n_pc
|
||||||
|
{
|
||||||
|
n2n_ping=0, /* Not used */
|
||||||
|
n2n_register=1, /* Register edge to edge */
|
||||||
|
n2n_deregister=2, /* Deregister this edge */
|
||||||
|
n2n_packet=3, /* PACKET data content */
|
||||||
|
n2n_register_ack=4, /* ACK of a registration from edge to edge */
|
||||||
|
n2n_register_super=5, /* Register edge to supernode */
|
||||||
|
n2n_register_super_ack=6, /* ACK from supernode to edge */
|
||||||
|
n2n_register_super_nak=7, /* NAK from supernode to edge - registration refused */
|
||||||
|
n2n_federation=8 /* Not used by edge */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef enum n2n_pc n2n_pc_t;
|
||||||
|
|
||||||
|
#define N2N_FLAGS_OPTIONS 0x0080
|
||||||
|
#define N2N_FLAGS_SOCKET 0x0040
|
||||||
|
#define N2N_FLAGS_FROM_SUPERNODE 0x0020
|
||||||
|
|
||||||
|
/* The bits in flag that are the packet type */
|
||||||
|
#define N2N_FLAGS_TYPE_MASK 0x001f /* 0 - 31 */
|
||||||
|
#define N2N_FLAGS_BITS_MASK 0xffe0
|
||||||
|
|
||||||
|
#define IPV4_SIZE 4
|
||||||
|
#define IPV6_SIZE 16
|
||||||
|
|
||||||
|
|
||||||
|
#define N2N_AUTH_TOKEN_SIZE 32 /* bytes */
|
||||||
|
|
||||||
|
|
||||||
|
#define N2N_EUNKNOWN -1
|
||||||
|
#define N2N_ENOTIMPL -2
|
||||||
|
#define N2N_EINVAL -3
|
||||||
|
#define N2N_ENOSPACE -4
|
||||||
|
|
||||||
|
|
||||||
|
typedef uint16_t n2n_flags_t;
|
||||||
|
typedef uint16_t n2n_transform_t; /* Encryption, compression type. */
|
||||||
|
typedef uint32_t n2n_sa_t; /* security association number */
|
||||||
|
|
||||||
|
struct n2n_sock
|
||||||
|
{
|
||||||
|
uint8_t family; /* AF_INET or AF_INET6; or 0 if invalid */
|
||||||
|
uint16_t port; /* host order */
|
||||||
|
union
|
||||||
|
{
|
||||||
|
uint8_t v6[IPV6_SIZE]; /* byte sequence */
|
||||||
|
uint8_t v4[IPV4_SIZE]; /* byte sequence */
|
||||||
|
} addr;
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_sock n2n_sock_t;
|
||||||
|
|
||||||
|
struct n2n_auth
|
||||||
|
{
|
||||||
|
uint16_t scheme; /* What kind of auth */
|
||||||
|
uint16_t toksize; /* Size of auth token */
|
||||||
|
uint8_t token[N2N_AUTH_TOKEN_SIZE]; /* Auth data interpreted based on scheme */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_auth n2n_auth_t;
|
||||||
|
|
||||||
|
|
||||||
|
struct n2n_common
|
||||||
|
{
|
||||||
|
/* int version; */
|
||||||
|
uint8_t ttl;
|
||||||
|
n2n_pc_t pc;
|
||||||
|
n2n_flags_t flags;
|
||||||
|
n2n_community_t community;
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_common n2n_common_t;
|
||||||
|
|
||||||
|
struct n2n_REGISTER
|
||||||
|
{
|
||||||
|
n2n_cookie_t cookie; /* Link REGISTER and REGISTER_ACK */
|
||||||
|
n2n_mac_t srcMac; /* MAC of registering party */
|
||||||
|
n2n_mac_t dstMac; /* MAC of target edge */
|
||||||
|
n2n_sock_t sock; /* REVISIT: unused? */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_REGISTER n2n_REGISTER_t;
|
||||||
|
|
||||||
|
struct n2n_REGISTER_ACK
|
||||||
|
{
|
||||||
|
n2n_cookie_t cookie; /* Return cookie from REGISTER */
|
||||||
|
n2n_mac_t srcMac; /* MAC of acknowledging party (supernode or edge) */
|
||||||
|
n2n_mac_t dstMac; /* Reflected MAC of registering edge from REGISTER */
|
||||||
|
n2n_sock_t sock; /* Supernode's view of edge socket (IP Addr, port) */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_REGISTER_ACK n2n_REGISTER_ACK_t;
|
||||||
|
|
||||||
|
struct n2n_PACKET
|
||||||
|
{
|
||||||
|
n2n_mac_t srcMac;
|
||||||
|
n2n_mac_t dstMac;
|
||||||
|
n2n_sock_t sock;
|
||||||
|
n2n_transform_t transform;
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_PACKET n2n_PACKET_t;
|
||||||
|
|
||||||
|
|
||||||
|
/* Linked with n2n_register_super in n2n_pc_t. Only from edge to supernode. */
|
||||||
|
struct n2n_REGISTER_SUPER
|
||||||
|
{
|
||||||
|
n2n_cookie_t cookie; /* Link REGISTER_SUPER and REGISTER_SUPER_ACK */
|
||||||
|
n2n_mac_t edgeMac; /* MAC to register with edge sending socket */
|
||||||
|
n2n_auth_t auth; /* Authentication scheme and tokens */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_REGISTER_SUPER n2n_REGISTER_SUPER_t;
|
||||||
|
|
||||||
|
|
||||||
|
/* Linked with n2n_register_super_ack in n2n_pc_t. Only from supernode to edge. */
|
||||||
|
struct n2n_REGISTER_SUPER_ACK
|
||||||
|
{
|
||||||
|
n2n_cookie_t cookie; /* Return cookie from REGISTER_SUPER */
|
||||||
|
n2n_mac_t edgeMac; /* MAC registered to edge sending socket */
|
||||||
|
uint16_t lifetime; /* How long the registration will live */
|
||||||
|
n2n_sock_t sock; /* Sending sockets associated with edgeMac */
|
||||||
|
|
||||||
|
/* The packet format provides additional supernode definitions here.
|
||||||
|
* uint8_t count, then for each count there is one
|
||||||
|
* n2n_sock_t.
|
||||||
|
*/
|
||||||
|
uint8_t num_sn; /* Number of supernodes that were send
|
||||||
|
* even if we cannot store them all. If
|
||||||
|
* non-zero then sn_bak is valid. */
|
||||||
|
n2n_sock_t sn_bak; /* Socket of the first backup supernode */
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_REGISTER_SUPER_ACK n2n_REGISTER_SUPER_ACK_t;
|
||||||
|
|
||||||
|
|
||||||
|
/* Linked with n2n_register_super_ack in n2n_pc_t. Only from supernode to edge. */
|
||||||
|
struct n2n_REGISTER_SUPER_NAK
|
||||||
|
{
|
||||||
|
n2n_cookie_t cookie; /* Return cookie from REGISTER_SUPER */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_REGISTER_SUPER_NAK n2n_REGISTER_SUPER_NAK_t;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
struct n2n_buf
|
||||||
|
{
|
||||||
|
uint8_t * data;
|
||||||
|
size_t size;
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_buf n2n_buf_t;
|
||||||
|
|
||||||
|
int encode_uint8( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const uint8_t v );
|
||||||
|
|
||||||
|
int decode_uint8( uint8_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_uint16( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const uint16_t v );
|
||||||
|
|
||||||
|
int decode_uint16( uint16_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_uint32( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const uint32_t v );
|
||||||
|
|
||||||
|
int decode_uint32( uint32_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_buf( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const void * p,
|
||||||
|
size_t s);
|
||||||
|
|
||||||
|
int decode_buf( uint8_t * out,
|
||||||
|
size_t bufsize,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_mac( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_mac_t m );
|
||||||
|
|
||||||
|
int decode_mac( uint8_t * out, /* of size N2N_MAC_SIZE. This clearer than passing a n2n_mac_t */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_common( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common );
|
||||||
|
|
||||||
|
int decode_common( n2n_common_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_sock( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_sock_t * sock );
|
||||||
|
|
||||||
|
int decode_sock( n2n_sock_t * sock,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_REGISTER( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_t * reg );
|
||||||
|
|
||||||
|
int decode_REGISTER( n2n_REGISTER_t * pkt,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_REGISTER_SUPER( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_SUPER_t * reg );
|
||||||
|
|
||||||
|
int decode_REGISTER_SUPER( n2n_REGISTER_SUPER_t * pkt,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_REGISTER_ACK( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_ACK_t * reg );
|
||||||
|
|
||||||
|
int decode_REGISTER_ACK( n2n_REGISTER_ACK_t * pkt,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int encode_REGISTER_SUPER_ACK( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * cmn,
|
||||||
|
const n2n_REGISTER_SUPER_ACK_t * reg );
|
||||||
|
|
||||||
|
int decode_REGISTER_SUPER_ACK( n2n_REGISTER_SUPER_ACK_t * reg,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
int fill_sockaddr( struct sockaddr * addr,
|
||||||
|
size_t addrlen,
|
||||||
|
const n2n_sock_t * sock );
|
||||||
|
|
||||||
|
int encode_PACKET( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_PACKET_t * pkt );
|
||||||
|
|
||||||
|
int decode_PACKET( n2n_PACKET_t * pkt,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx );
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* #if !defined( N2N_WIRE_H_ ) */
|
55
openwrt/kamikaze/Makefile
Normal file
55
openwrt/kamikaze/Makefile
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
#
|
||||||
|
# Copyright (C) 2008 OpenWrt.org
|
||||||
|
#
|
||||||
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
|
|
||||||
|
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_BRANCH:=trunk
|
||||||
|
PKG_SOURCE_URL:=https://svn.ntop.org/svn/ntop/trunk/n2n
|
||||||
|
PKG_REV:=$(shell LC_ALL=C svn info ${PKG_SOURCE_URL} | sed -ne's/^Last Changed Rev: //p')
|
||||||
|
|
||||||
|
PKG_NAME:=n2n
|
||||||
|
PKG_VERSION:=svn$(PKG_REV)
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
|
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.gz
|
||||||
|
PKG_SOURCE_PROTO:=svn
|
||||||
|
PKG_SOURCE_VERSION:=$(PKG_REV)
|
||||||
|
|
||||||
|
PKG_BUILD_DEPENDS:=
|
||||||
|
|
||||||
|
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/n2n
|
||||||
|
SECTION:=net
|
||||||
|
CATEGORY:=Network
|
||||||
|
TITLE:=VPN tunneling daemon
|
||||||
|
URL:=http://www.ntop.org/n2n/
|
||||||
|
SUBMENU:=VPN
|
||||||
|
DEPENDS:=libpthread
|
||||||
|
endef
|
||||||
|
|
||||||
|
|
||||||
|
define Build/Configure
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Build/Compile
|
||||||
|
$(MAKE) CC="$(TARGET_CC)" -C $(PKG_BUILD_DIR)
|
||||||
|
endef
|
||||||
|
|
||||||
|
|
||||||
|
define Package/n2n/install
|
||||||
|
$(INSTALL_DIR) $(1)/usr/sbin
|
||||||
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/edge $(1)/usr/sbin/
|
||||||
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/supernode $(1)/usr/sbin/
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,n2n))
|
30
scripts/mk_SRPM.sh
Executable file
30
scripts/mk_SRPM.sh
Executable file
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# This script makes a SRPM - a source RPM file which can be built into the
|
||||||
|
# appropriate distro specific RPM for any platform.
|
||||||
|
#
|
||||||
|
# To build the binary package:
|
||||||
|
# rpm -i n2n-<ver>.src.rpm
|
||||||
|
# rpmbuild -bb n2n.spec
|
||||||
|
#
|
||||||
|
# Look for the "Wrote:" line to see where the final RPM is.
|
||||||
|
#
|
||||||
|
# To run this script cd to the n2n directory and run it as follows
|
||||||
|
# scripts/mk_SRPMS.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
BASE=`pwd`
|
||||||
|
|
||||||
|
TARFILE=`${BASE}/scripts/mk_tar.sh`
|
||||||
|
|
||||||
|
test -f ${TARFILE}
|
||||||
|
|
||||||
|
echo "Building SRPM"
|
||||||
|
# -ts means build source RPM from tarfile
|
||||||
|
rpmbuild -ts ${TARFILE}
|
||||||
|
|
||||||
|
echo "Done"
|
46
scripts/mk_deb.sh
Executable file
46
scripts/mk_deb.sh
Executable file
|
@ -0,0 +1,46 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script makes a SRPM - a source RPM file which can be built into the
|
||||||
|
# appropriate distro specific RPM for any platform.
|
||||||
|
#
|
||||||
|
# To build the binary package:
|
||||||
|
# rpm -i n2n-<ver>.src.rpm
|
||||||
|
# rpmbuild -bb n2n.spec
|
||||||
|
#
|
||||||
|
# Look for the "Wrote:" line to see where the final RPM is.
|
||||||
|
#
|
||||||
|
# To run this script cd to the n2n directory and run it as follows
|
||||||
|
# scripts/mk_SRPMS.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
BASE=`pwd`
|
||||||
|
|
||||||
|
TARFILE=`${BASE}/scripts/mk_tar.sh`
|
||||||
|
TEMPDIR="build_deb"
|
||||||
|
|
||||||
|
test -f ${TARFILE}
|
||||||
|
|
||||||
|
echo "Building .deb"
|
||||||
|
|
||||||
|
if [ -d ${TEMPDIR} ]; then
|
||||||
|
echo "Removing ${TEMPDIR} directory"
|
||||||
|
rm -rf ${TEMPDIR} >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir ${TEMPDIR}
|
||||||
|
|
||||||
|
pushd ${TEMPDIR}
|
||||||
|
|
||||||
|
tar xzf ${TARFILE} #At original location
|
||||||
|
|
||||||
|
cd n2n*
|
||||||
|
|
||||||
|
dpkg-buildpackage -rfakeroot
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
echo "Done"
|
116
scripts/mk_tar.sh
Executable file
116
scripts/mk_tar.sh
Executable file
|
@ -0,0 +1,116 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script makes a SRPM - a source RPM file which can be built into the
|
||||||
|
# appropriate distro specific RPM for any platform.
|
||||||
|
#
|
||||||
|
# To build the binary package:
|
||||||
|
# rpm -i n2n-<ver>.src.rpm
|
||||||
|
# rpmbuild -bb n2n.spec
|
||||||
|
#
|
||||||
|
# Look for the "Wrote:" line to see where the final RPM is.
|
||||||
|
#
|
||||||
|
# To run this script cd to the n2n directory and run it as follows
|
||||||
|
# scripts/mk_SRPMS.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
function exit_fail()
|
||||||
|
{
|
||||||
|
echo "$1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
PACKAGE="n2n"
|
||||||
|
PKG_VERSION="2.1.0"
|
||||||
|
PKG_AND_VERSION="${PACKAGE}-${PKG_VERSION}"
|
||||||
|
|
||||||
|
TEMPDIR="tmp"
|
||||||
|
|
||||||
|
SOURCE_MANIFEST="
|
||||||
|
README
|
||||||
|
edge.c
|
||||||
|
lzoconf.h
|
||||||
|
lzodefs.h
|
||||||
|
Makefile
|
||||||
|
minilzo.c
|
||||||
|
minilzo.h
|
||||||
|
n2n.c
|
||||||
|
n2n.h
|
||||||
|
n2n_keyfile.c
|
||||||
|
n2n_keyfile.h
|
||||||
|
n2n.spec
|
||||||
|
n2n_transforms.h
|
||||||
|
n2n_wire.h
|
||||||
|
sn.c
|
||||||
|
transform_aes.c
|
||||||
|
transform_null.c
|
||||||
|
transform_tf.c
|
||||||
|
tuntap_linux.c
|
||||||
|
tuntap_freebsd.c
|
||||||
|
tuntap_netbsd.c
|
||||||
|
tuntap_osx.c
|
||||||
|
twofish.c
|
||||||
|
twofish.h
|
||||||
|
version.c
|
||||||
|
wire.c
|
||||||
|
edge.8
|
||||||
|
supernode.1
|
||||||
|
n2n_v2.7
|
||||||
|
debian/changelog
|
||||||
|
debian/compat
|
||||||
|
debian/control
|
||||||
|
debian/copyright
|
||||||
|
debian/n2n-edge.docs
|
||||||
|
debian/n2n-edge.install
|
||||||
|
debian/n2n-supernode.install
|
||||||
|
debian/n2n-edge.manpages
|
||||||
|
debian/n2n-supernode.manpages
|
||||||
|
debian/README.Debian
|
||||||
|
debian/rules
|
||||||
|
"
|
||||||
|
|
||||||
|
BASE=`pwd`
|
||||||
|
|
||||||
|
for F in ${SOURCE_MANIFEST}; do
|
||||||
|
test -e $F || exit_fail "Cannot find $F. Maybe you're in the wrong directory. Please execute from n2n directory."; >&2
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Found critical files. Proceeding." >&2
|
||||||
|
|
||||||
|
if [ -d ${TEMPDIR} ]; then
|
||||||
|
echo "Removing ${TEMPDIR} directory"
|
||||||
|
rm -rf ${TEMPDIR} >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir ${TEMPDIR} >&2
|
||||||
|
|
||||||
|
pushd ${TEMPDIR} >&2
|
||||||
|
|
||||||
|
echo "Creating staging directory ${PWD}/${PKG_AND_VERSION}" >&2
|
||||||
|
|
||||||
|
if [ -d ${PKG_AND_VERSION} ] ; then
|
||||||
|
echo "Removing ${PKG_AND_VERSION} directory"
|
||||||
|
rm -rf ${PKG_AND_VERSION} >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir ${PKG_AND_VERSION}
|
||||||
|
|
||||||
|
pushd ${BASE} >&2
|
||||||
|
|
||||||
|
echo "Copying in files" >&2
|
||||||
|
for F in ${SOURCE_MANIFEST}; do
|
||||||
|
cp --parents -a $F ${TEMPDIR}/${PKG_AND_VERSION}/
|
||||||
|
done
|
||||||
|
|
||||||
|
popd >&2
|
||||||
|
|
||||||
|
TARFILE="${PKG_AND_VERSION}.tar.gz"
|
||||||
|
echo "Creating ${TARFILE}" >&2
|
||||||
|
tar czf ${BASE}/${TARFILE} ${PKG_AND_VERSION}
|
||||||
|
|
||||||
|
popd >&2
|
||||||
|
|
||||||
|
rm -rf ${TEMPDIR} >&2
|
||||||
|
|
||||||
|
echo ${BASE}/${TARFILE}
|
793
sn.c
Normal file
793
sn.c
Normal file
|
@ -0,0 +1,793 @@
|
||||||
|
/* Supernode for n2n-2.x */
|
||||||
|
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org>
|
||||||
|
*
|
||||||
|
* Contributions by:
|
||||||
|
* Lukasz Taczuk
|
||||||
|
* Struan Bartlett
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
|
||||||
|
#define N2N_SN_LPORT_DEFAULT 7654
|
||||||
|
#define N2N_SN_PKTBUF_SIZE 2048
|
||||||
|
|
||||||
|
#define N2N_SN_MGMT_PORT 5645
|
||||||
|
|
||||||
|
|
||||||
|
struct sn_stats
|
||||||
|
{
|
||||||
|
size_t errors; /* Number of errors encountered. */
|
||||||
|
size_t reg_super; /* Number of REGISTER_SUPER requests received. */
|
||||||
|
size_t reg_super_nak; /* Number of REGISTER_SUPER requests declined. */
|
||||||
|
size_t fwd; /* Number of messages forwarded. */
|
||||||
|
size_t broadcast; /* Number of messages broadcast to a community. */
|
||||||
|
time_t last_fwd; /* Time when last message was forwarded. */
|
||||||
|
time_t last_reg_super; /* Time when last REGISTER_SUPER was received. */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct sn_stats sn_stats_t;
|
||||||
|
|
||||||
|
struct n2n_sn
|
||||||
|
{
|
||||||
|
time_t start_time; /* Used to measure uptime. */
|
||||||
|
sn_stats_t stats;
|
||||||
|
int daemon; /* If non-zero then daemonise. */
|
||||||
|
uint16_t lport; /* Local UDP port to bind to. */
|
||||||
|
int sock; /* Main socket for UDP traffic with edges. */
|
||||||
|
int mgmt_sock; /* management socket. */
|
||||||
|
struct peer_info * edges; /* Link list of registered edges. */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct n2n_sn n2n_sn_t;
|
||||||
|
|
||||||
|
|
||||||
|
static int try_forward( n2n_sn_t * sss,
|
||||||
|
const n2n_common_t * cmn,
|
||||||
|
const n2n_mac_t dstMac,
|
||||||
|
const uint8_t * pktbuf,
|
||||||
|
size_t pktsize );
|
||||||
|
|
||||||
|
static int try_broadcast( n2n_sn_t * sss,
|
||||||
|
const n2n_common_t * cmn,
|
||||||
|
const n2n_mac_t srcMac,
|
||||||
|
const uint8_t * pktbuf,
|
||||||
|
size_t pktsize );
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/** Initialise the supernode structure */
|
||||||
|
static int init_sn( n2n_sn_t * sss )
|
||||||
|
{
|
||||||
|
#ifdef WIN32
|
||||||
|
initWin32();
|
||||||
|
#endif
|
||||||
|
memset( sss, 0, sizeof(n2n_sn_t) );
|
||||||
|
|
||||||
|
sss->daemon = 1; /* By defult run as a daemon. */
|
||||||
|
sss->lport = N2N_SN_LPORT_DEFAULT;
|
||||||
|
sss->sock = -1;
|
||||||
|
sss->mgmt_sock = -1;
|
||||||
|
sss->edges = NULL;
|
||||||
|
|
||||||
|
return 0; /* OK */
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Deinitialise the supernode structure and deallocate any memory owned by
|
||||||
|
* it. */
|
||||||
|
static void deinit_sn( n2n_sn_t * sss )
|
||||||
|
{
|
||||||
|
if (sss->sock >= 0)
|
||||||
|
{
|
||||||
|
closesocket(sss->sock);
|
||||||
|
}
|
||||||
|
sss->sock=-1;
|
||||||
|
|
||||||
|
if ( sss->mgmt_sock >= 0 )
|
||||||
|
{
|
||||||
|
closesocket(sss->mgmt_sock);
|
||||||
|
}
|
||||||
|
sss->mgmt_sock=-1;
|
||||||
|
|
||||||
|
purge_peer_list( &(sss->edges), 0xffffffff );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Determine the appropriate lifetime for new registrations.
|
||||||
|
*
|
||||||
|
* If the supernode has been put into a pre-shutdown phase then this lifetime
|
||||||
|
* should not allow registrations to continue beyond the shutdown point.
|
||||||
|
*/
|
||||||
|
static uint16_t reg_lifetime( n2n_sn_t * sss )
|
||||||
|
{
|
||||||
|
return 120;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Update the edge table with the details of the edge which contacted the
|
||||||
|
* supernode. */
|
||||||
|
static int update_edge( n2n_sn_t * sss,
|
||||||
|
const n2n_mac_t edgeMac,
|
||||||
|
const n2n_community_t community,
|
||||||
|
const n2n_sock_t * sender_sock,
|
||||||
|
time_t now)
|
||||||
|
{
|
||||||
|
macstr_t mac_buf;
|
||||||
|
n2n_sock_str_t sockbuf;
|
||||||
|
struct peer_info * scan;
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "update_edge for %s [%s]",
|
||||||
|
macaddr_str( mac_buf, edgeMac ),
|
||||||
|
sock_to_cstr( sockbuf, sender_sock ) );
|
||||||
|
|
||||||
|
scan = find_peer_by_mac( sss->edges, edgeMac );
|
||||||
|
|
||||||
|
if ( NULL == scan )
|
||||||
|
{
|
||||||
|
/* Not known */
|
||||||
|
|
||||||
|
scan = (struct peer_info*)calloc(1, sizeof(struct peer_info)); /* deallocated in purge_expired_registrations */
|
||||||
|
|
||||||
|
memcpy(scan->community_name, community, sizeof(n2n_community_t) );
|
||||||
|
memcpy(&(scan->mac_addr), edgeMac, sizeof(n2n_mac_t));
|
||||||
|
memcpy(&(scan->sock), sender_sock, sizeof(n2n_sock_t));
|
||||||
|
|
||||||
|
/* insert this guy at the head of the edges list */
|
||||||
|
scan->next = sss->edges; /* first in list */
|
||||||
|
sss->edges = scan; /* head of list points to new scan */
|
||||||
|
|
||||||
|
traceEvent( TRACE_INFO, "update_edge created %s ==> %s",
|
||||||
|
macaddr_str( mac_buf, edgeMac ),
|
||||||
|
sock_to_cstr( sockbuf, sender_sock ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Known */
|
||||||
|
if ( (0 != memcmp(community, scan->community_name, sizeof(n2n_community_t))) ||
|
||||||
|
(0 != sock_equal(sender_sock, &(scan->sock) )) )
|
||||||
|
{
|
||||||
|
memcpy(scan->community_name, community, sizeof(n2n_community_t) );
|
||||||
|
memcpy(&(scan->sock), sender_sock, sizeof(n2n_sock_t));
|
||||||
|
|
||||||
|
traceEvent( TRACE_INFO, "update_edge updated %s ==> %s",
|
||||||
|
macaddr_str( mac_buf, edgeMac ),
|
||||||
|
sock_to_cstr( sockbuf, sender_sock ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "update_edge unchanged %s ==> %s",
|
||||||
|
macaddr_str( mac_buf, edgeMac ),
|
||||||
|
sock_to_cstr( sockbuf, sender_sock ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
scan->last_seen = now;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Send a datagram to the destination embodied in a n2n_sock_t.
|
||||||
|
*
|
||||||
|
* @return -1 on error otherwise number of bytes sent
|
||||||
|
*/
|
||||||
|
static ssize_t sendto_sock(n2n_sn_t * sss,
|
||||||
|
const n2n_sock_t * sock,
|
||||||
|
const uint8_t * pktbuf,
|
||||||
|
size_t pktsize)
|
||||||
|
{
|
||||||
|
n2n_sock_str_t sockbuf;
|
||||||
|
|
||||||
|
if ( AF_INET == sock->family )
|
||||||
|
{
|
||||||
|
struct sockaddr_in udpsock;
|
||||||
|
|
||||||
|
udpsock.sin_family = AF_INET;
|
||||||
|
udpsock.sin_port = htons( sock->port );
|
||||||
|
memcpy( &(udpsock.sin_addr.s_addr), &(sock->addr.v4), IPV4_SIZE );
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "sendto_sock %lu to [%s]",
|
||||||
|
pktsize,
|
||||||
|
sock_to_cstr( sockbuf, sock ) );
|
||||||
|
|
||||||
|
return sendto( sss->sock, pktbuf, pktsize, 0,
|
||||||
|
(const struct sockaddr *)&udpsock, sizeof(struct sockaddr_in) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* AF_INET6 not implemented */
|
||||||
|
errno = EAFNOSUPPORT;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/** Try to forward a message to a unicast MAC. If the MAC is unknown then
|
||||||
|
* broadcast to all edges in the destination community.
|
||||||
|
*/
|
||||||
|
static int try_forward( n2n_sn_t * sss,
|
||||||
|
const n2n_common_t * cmn,
|
||||||
|
const n2n_mac_t dstMac,
|
||||||
|
const uint8_t * pktbuf,
|
||||||
|
size_t pktsize )
|
||||||
|
{
|
||||||
|
struct peer_info * scan;
|
||||||
|
macstr_t mac_buf;
|
||||||
|
n2n_sock_str_t sockbuf;
|
||||||
|
|
||||||
|
scan = find_peer_by_mac( sss->edges, dstMac );
|
||||||
|
|
||||||
|
if ( NULL != scan )
|
||||||
|
{
|
||||||
|
int data_sent_len;
|
||||||
|
data_sent_len = sendto_sock( sss, &(scan->sock), pktbuf, pktsize );
|
||||||
|
|
||||||
|
if ( data_sent_len == pktsize )
|
||||||
|
{
|
||||||
|
++(sss->stats.fwd);
|
||||||
|
traceEvent(TRACE_DEBUG, "unicast %lu to [%s] %s",
|
||||||
|
pktsize,
|
||||||
|
sock_to_cstr( sockbuf, &(scan->sock) ),
|
||||||
|
macaddr_str(mac_buf, scan->mac_addr));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
++(sss->stats.errors);
|
||||||
|
traceEvent(TRACE_ERROR, "unicast %lu to [%s] %s FAILED (%d: %s)",
|
||||||
|
pktsize,
|
||||||
|
sock_to_cstr( sockbuf, &(scan->sock) ),
|
||||||
|
macaddr_str(mac_buf, scan->mac_addr),
|
||||||
|
errno, strerror(errno) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "try_forward unknown MAC" );
|
||||||
|
|
||||||
|
/* Not a known MAC so drop. */
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Try and broadcast a message to all edges in the community.
|
||||||
|
*
|
||||||
|
* This will send the exact same datagram to zero or more edges registered to
|
||||||
|
* the supernode.
|
||||||
|
*/
|
||||||
|
static int try_broadcast( n2n_sn_t * sss,
|
||||||
|
const n2n_common_t * cmn,
|
||||||
|
const n2n_mac_t srcMac,
|
||||||
|
const uint8_t * pktbuf,
|
||||||
|
size_t pktsize )
|
||||||
|
{
|
||||||
|
struct peer_info * scan;
|
||||||
|
macstr_t mac_buf;
|
||||||
|
n2n_sock_str_t sockbuf;
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "try_broadcast" );
|
||||||
|
|
||||||
|
scan = sss->edges;
|
||||||
|
while(scan != NULL)
|
||||||
|
{
|
||||||
|
if( 0 == (memcmp(scan->community_name, cmn->community, sizeof(n2n_community_t)) )
|
||||||
|
&& (0 != memcmp(srcMac, scan->mac_addr, sizeof(n2n_mac_t)) ) )
|
||||||
|
/* REVISIT: exclude if the destination socket is where the packet came from. */
|
||||||
|
{
|
||||||
|
int data_sent_len;
|
||||||
|
|
||||||
|
data_sent_len = sendto_sock(sss, &(scan->sock), pktbuf, pktsize);
|
||||||
|
|
||||||
|
if(data_sent_len != pktsize)
|
||||||
|
{
|
||||||
|
++(sss->stats.errors);
|
||||||
|
traceEvent(TRACE_WARNING, "multicast %lu to [%s] %s failed %s",
|
||||||
|
pktsize,
|
||||||
|
sock_to_cstr( sockbuf, &(scan->sock) ),
|
||||||
|
macaddr_str(mac_buf, scan->mac_addr),
|
||||||
|
strerror(errno));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
++(sss->stats.broadcast);
|
||||||
|
traceEvent(TRACE_DEBUG, "multicast %lu to [%s] %s",
|
||||||
|
pktsize,
|
||||||
|
sock_to_cstr( sockbuf, &(scan->sock) ),
|
||||||
|
macaddr_str(mac_buf, scan->mac_addr));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
scan = scan->next;
|
||||||
|
} /* while */
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int process_mgmt( n2n_sn_t * sss,
|
||||||
|
const struct sockaddr_in * sender_sock,
|
||||||
|
const uint8_t * mgmt_buf,
|
||||||
|
size_t mgmt_size,
|
||||||
|
time_t now)
|
||||||
|
{
|
||||||
|
char resbuf[N2N_SN_PKTBUF_SIZE];
|
||||||
|
size_t ressize=0;
|
||||||
|
ssize_t r;
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "process_mgmt" );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"----------------\n" );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"uptime %lu\n", (now - sss->start_time) );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"edges %u\n",
|
||||||
|
(unsigned int)peer_list_size( sss->edges ) );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"errors %u\n",
|
||||||
|
(unsigned int)sss->stats.errors );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"reg_sup %u\n",
|
||||||
|
(unsigned int)sss->stats.reg_super );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"reg_nak %u\n",
|
||||||
|
(unsigned int)sss->stats.reg_super_nak );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"fwd %u\n",
|
||||||
|
(unsigned int) sss->stats.fwd );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"broadcast %u\n",
|
||||||
|
(unsigned int) sss->stats.broadcast );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"last fwd %lu sec ago\n",
|
||||||
|
(long unsigned int)(now - sss->stats.last_fwd) );
|
||||||
|
|
||||||
|
ressize += snprintf( resbuf+ressize, N2N_SN_PKTBUF_SIZE-ressize,
|
||||||
|
"last reg %lu sec ago\n",
|
||||||
|
(long unsigned int) (now - sss->stats.last_reg_super) );
|
||||||
|
|
||||||
|
|
||||||
|
r = sendto( sss->mgmt_sock, resbuf, ressize, 0/*flags*/,
|
||||||
|
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
|
||||||
|
|
||||||
|
if ( r <= 0 )
|
||||||
|
{
|
||||||
|
++(sss->stats.errors);
|
||||||
|
traceEvent( TRACE_ERROR, "process_mgmt : sendto failed. %s", strerror(errno) );
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Examine a datagram and determine what to do with it.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
static int process_udp( n2n_sn_t * sss,
|
||||||
|
const struct sockaddr_in * sender_sock,
|
||||||
|
const uint8_t * udp_buf,
|
||||||
|
size_t udp_size,
|
||||||
|
time_t now)
|
||||||
|
{
|
||||||
|
n2n_common_t cmn; /* common fields in the packet header */
|
||||||
|
size_t rem;
|
||||||
|
size_t idx;
|
||||||
|
size_t msg_type;
|
||||||
|
uint8_t from_supernode;
|
||||||
|
macstr_t mac_buf;
|
||||||
|
macstr_t mac_buf2;
|
||||||
|
n2n_sock_str_t sockbuf;
|
||||||
|
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "process_udp(%lu)", udp_size );
|
||||||
|
|
||||||
|
/* Use decode_common() to determine the kind of packet then process it:
|
||||||
|
*
|
||||||
|
* REGISTER_SUPER adds an edge and generate a return REGISTER_SUPER_ACK
|
||||||
|
*
|
||||||
|
* REGISTER, REGISTER_ACK and PACKET messages are forwarded to their
|
||||||
|
* destination edge. If the destination is not known then PACKETs are
|
||||||
|
* broadcast.
|
||||||
|
*/
|
||||||
|
|
||||||
|
rem = udp_size; /* Counts down bytes of packet to protect against buffer overruns. */
|
||||||
|
idx = 0; /* marches through packet header as parts are decoded. */
|
||||||
|
if ( decode_common(&cmn, udp_buf, &rem, &idx) < 0 )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to decode common section" );
|
||||||
|
return -1; /* failed to decode packet */
|
||||||
|
}
|
||||||
|
|
||||||
|
msg_type = cmn.pc; /* packet code */
|
||||||
|
from_supernode= cmn.flags & N2N_FLAGS_FROM_SUPERNODE;
|
||||||
|
|
||||||
|
if ( cmn.ttl < 1 )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_WARNING, "Expired TTL" );
|
||||||
|
return 0; /* Don't process further */
|
||||||
|
}
|
||||||
|
|
||||||
|
--(cmn.ttl); /* The value copied into all forwarded packets. */
|
||||||
|
|
||||||
|
if ( msg_type == MSG_TYPE_PACKET )
|
||||||
|
{
|
||||||
|
/* PACKET from one edge to another edge via supernode. */
|
||||||
|
|
||||||
|
/* pkt will be modified in place and recoded to an output of potentially
|
||||||
|
* different size due to addition of the socket.*/
|
||||||
|
n2n_PACKET_t pkt;
|
||||||
|
n2n_common_t cmn2;
|
||||||
|
uint8_t encbuf[N2N_SN_PKTBUF_SIZE];
|
||||||
|
size_t encx=0;
|
||||||
|
int unicast; /* non-zero if unicast */
|
||||||
|
const uint8_t * rec_buf; /* either udp_buf or encbuf */
|
||||||
|
|
||||||
|
|
||||||
|
sss->stats.last_fwd=now;
|
||||||
|
decode_PACKET( &pkt, &cmn, udp_buf, &rem, &idx );
|
||||||
|
|
||||||
|
unicast = (0 == is_multi_broadcast(pkt.dstMac) );
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "Rx PACKET (%s) %s -> %s %s",
|
||||||
|
(unicast?"unicast":"multicast"),
|
||||||
|
macaddr_str( mac_buf, pkt.srcMac ),
|
||||||
|
macaddr_str( mac_buf2, pkt.dstMac ),
|
||||||
|
(from_supernode?"from sn":"local") );
|
||||||
|
|
||||||
|
if ( !from_supernode )
|
||||||
|
{
|
||||||
|
memcpy( &cmn2, &cmn, sizeof( n2n_common_t ) );
|
||||||
|
|
||||||
|
/* We are going to add socket even if it was not there before */
|
||||||
|
cmn2.flags |= N2N_FLAGS_SOCKET | N2N_FLAGS_FROM_SUPERNODE;
|
||||||
|
|
||||||
|
pkt.sock.family = AF_INET;
|
||||||
|
pkt.sock.port = ntohs(sender_sock->sin_port);
|
||||||
|
memcpy( pkt.sock.addr.v4, &(sender_sock->sin_addr.s_addr), IPV4_SIZE );
|
||||||
|
|
||||||
|
rec_buf = encbuf;
|
||||||
|
|
||||||
|
/* Re-encode the header. */
|
||||||
|
encode_PACKET( encbuf, &encx, &cmn2, &pkt );
|
||||||
|
|
||||||
|
/* Copy the original payload unchanged */
|
||||||
|
encode_buf( encbuf, &encx, (udp_buf + idx), (udp_size - idx ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Already from a supernode. Nothing to modify, just pass to
|
||||||
|
* destination. */
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "Rx PACKET fwd unmodified" );
|
||||||
|
|
||||||
|
rec_buf = udp_buf;
|
||||||
|
encx = udp_size;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Common section to forward the final product. */
|
||||||
|
if ( unicast )
|
||||||
|
{
|
||||||
|
try_forward( sss, &cmn, pkt.dstMac, rec_buf, encx );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
try_broadcast( sss, &cmn, pkt.srcMac, rec_buf, encx );
|
||||||
|
}
|
||||||
|
}/* MSG_TYPE_PACKET */
|
||||||
|
else if ( msg_type == MSG_TYPE_REGISTER )
|
||||||
|
{
|
||||||
|
/* Forwarding a REGISTER from one edge to the next */
|
||||||
|
|
||||||
|
n2n_REGISTER_t reg;
|
||||||
|
n2n_common_t cmn2;
|
||||||
|
uint8_t encbuf[N2N_SN_PKTBUF_SIZE];
|
||||||
|
size_t encx=0;
|
||||||
|
int unicast; /* non-zero if unicast */
|
||||||
|
const uint8_t * rec_buf; /* either udp_buf or encbuf */
|
||||||
|
|
||||||
|
sss->stats.last_fwd=now;
|
||||||
|
decode_REGISTER( ®, &cmn, udp_buf, &rem, &idx );
|
||||||
|
|
||||||
|
unicast = (0 == is_multi_broadcast(reg.dstMac) );
|
||||||
|
|
||||||
|
if ( unicast )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "Rx REGISTER %s -> %s %s",
|
||||||
|
macaddr_str( mac_buf, reg.srcMac ),
|
||||||
|
macaddr_str( mac_buf2, reg.dstMac ),
|
||||||
|
((cmn.flags & N2N_FLAGS_FROM_SUPERNODE)?"from sn":"local") );
|
||||||
|
|
||||||
|
if ( 0 != (cmn.flags & N2N_FLAGS_FROM_SUPERNODE) )
|
||||||
|
{
|
||||||
|
memcpy( &cmn2, &cmn, sizeof( n2n_common_t ) );
|
||||||
|
|
||||||
|
/* We are going to add socket even if it was not there before */
|
||||||
|
cmn2.flags |= N2N_FLAGS_SOCKET | N2N_FLAGS_FROM_SUPERNODE;
|
||||||
|
|
||||||
|
reg.sock.family = AF_INET;
|
||||||
|
reg.sock.port = ntohs(sender_sock->sin_port);
|
||||||
|
memcpy( reg.sock.addr.v4, &(sender_sock->sin_addr.s_addr), IPV4_SIZE );
|
||||||
|
|
||||||
|
rec_buf = encbuf;
|
||||||
|
|
||||||
|
/* Re-encode the header. */
|
||||||
|
encode_REGISTER( encbuf, &encx, &cmn2, ® );
|
||||||
|
|
||||||
|
/* Copy the original payload unchanged */
|
||||||
|
encode_buf( encbuf, &encx, (udp_buf + idx), (udp_size - idx ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Already from a supernode. Nothing to modify, just pass to
|
||||||
|
* destination. */
|
||||||
|
|
||||||
|
rec_buf = udp_buf;
|
||||||
|
encx = udp_size;
|
||||||
|
}
|
||||||
|
|
||||||
|
try_forward( sss, &cmn, reg.dstMac, rec_buf, encx ); /* unicast only */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "Rx REGISTER with multicast destination" );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else if ( msg_type == MSG_TYPE_REGISTER_ACK )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "Rx REGISTER_ACK (NOT IMPLEMENTED) SHould not be via supernode" );
|
||||||
|
}
|
||||||
|
else if ( msg_type == MSG_TYPE_REGISTER_SUPER )
|
||||||
|
{
|
||||||
|
n2n_REGISTER_SUPER_t reg;
|
||||||
|
n2n_REGISTER_SUPER_ACK_t ack;
|
||||||
|
n2n_common_t cmn2;
|
||||||
|
uint8_t ackbuf[N2N_SN_PKTBUF_SIZE];
|
||||||
|
size_t encx=0;
|
||||||
|
|
||||||
|
/* Edge requesting registration with us. */
|
||||||
|
|
||||||
|
sss->stats.last_reg_super=now;
|
||||||
|
++(sss->stats.reg_super);
|
||||||
|
decode_REGISTER_SUPER( ®, &cmn, udp_buf, &rem, &idx );
|
||||||
|
|
||||||
|
cmn2.ttl = N2N_DEFAULT_TTL;
|
||||||
|
cmn2.pc = n2n_register_super_ack;
|
||||||
|
cmn2.flags = N2N_FLAGS_SOCKET | N2N_FLAGS_FROM_SUPERNODE;
|
||||||
|
memcpy( cmn2.community, cmn.community, sizeof(n2n_community_t) );
|
||||||
|
|
||||||
|
memcpy( &(ack.cookie), &(reg.cookie), sizeof(n2n_cookie_t) );
|
||||||
|
memcpy( ack.edgeMac, reg.edgeMac, sizeof(n2n_mac_t) );
|
||||||
|
ack.lifetime = reg_lifetime( sss );
|
||||||
|
|
||||||
|
ack.sock.family = AF_INET;
|
||||||
|
ack.sock.port = ntohs(sender_sock->sin_port);
|
||||||
|
memcpy( ack.sock.addr.v4, &(sender_sock->sin_addr.s_addr), IPV4_SIZE );
|
||||||
|
|
||||||
|
ack.num_sn=0; /* No backup */
|
||||||
|
memset( &(ack.sn_bak), 0, sizeof(n2n_sock_t) );
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "Rx REGISTER_SUPER for %s [%s]",
|
||||||
|
macaddr_str( mac_buf, reg.edgeMac ),
|
||||||
|
sock_to_cstr( sockbuf, &(ack.sock) ) );
|
||||||
|
|
||||||
|
update_edge( sss, reg.edgeMac, cmn.community, &(ack.sock), now );
|
||||||
|
|
||||||
|
encode_REGISTER_SUPER_ACK( ackbuf, &encx, &cmn2, &ack );
|
||||||
|
|
||||||
|
sendto( sss->sock, ackbuf, encx, 0,
|
||||||
|
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "Tx REGISTER_SUPER_ACK for %s [%s]",
|
||||||
|
macaddr_str( mac_buf, reg.edgeMac ),
|
||||||
|
sock_to_cstr( sockbuf, &(ack.sock) ) );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Help message to print if the command line arguments are not valid. */
|
||||||
|
static void exit_help(int argc, char * const argv[])
|
||||||
|
{
|
||||||
|
fprintf( stderr, "%s usage\n", argv[0] );
|
||||||
|
fprintf( stderr, "-l <lport>\tSet UDP main listen port to <lport>\n" );
|
||||||
|
|
||||||
|
#if defined(N2N_HAVE_DAEMON)
|
||||||
|
fprintf( stderr, "-f \tRun in foreground.\n" );
|
||||||
|
#endif /* #if defined(N2N_HAVE_DAEMON) */
|
||||||
|
fprintf( stderr, "-v \tIncrease verbosity. Can be used multiple times.\n" );
|
||||||
|
fprintf( stderr, "-h \tThis help message.\n" );
|
||||||
|
fprintf( stderr, "\n" );
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int run_loop( n2n_sn_t * sss );
|
||||||
|
|
||||||
|
/* *********************************************** */
|
||||||
|
|
||||||
|
static const struct option long_options[] = {
|
||||||
|
{ "foreground", no_argument, NULL, 'f' },
|
||||||
|
{ "local-port", required_argument, NULL, 'l' },
|
||||||
|
{ "help" , no_argument, NULL, 'h' },
|
||||||
|
{ "verbose", no_argument, NULL, 'v' },
|
||||||
|
{ NULL, 0, NULL, 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
/** Main program entry point from kernel. */
|
||||||
|
int main( int argc, char * const argv[] )
|
||||||
|
{
|
||||||
|
n2n_sn_t sss;
|
||||||
|
|
||||||
|
init_sn( &sss );
|
||||||
|
|
||||||
|
{
|
||||||
|
int opt;
|
||||||
|
|
||||||
|
while((opt = getopt_long(argc, argv, "fl:vh", long_options, NULL)) != -1)
|
||||||
|
{
|
||||||
|
switch (opt)
|
||||||
|
{
|
||||||
|
case 'l': /* local-port */
|
||||||
|
sss.lport = atoi(optarg);
|
||||||
|
break;
|
||||||
|
case 'f': /* foreground */
|
||||||
|
sss.daemon = 0;
|
||||||
|
break;
|
||||||
|
case 'h': /* help */
|
||||||
|
exit_help(argc, argv);
|
||||||
|
break;
|
||||||
|
case 'v': /* verbose */
|
||||||
|
++traceLevel;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(N2N_HAVE_DAEMON)
|
||||||
|
if (sss.daemon)
|
||||||
|
{
|
||||||
|
useSyslog=1; /* traceEvent output now goes to syslog. */
|
||||||
|
if ( -1 == daemon( 0, 0 ) )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to become daemon." );
|
||||||
|
exit(-5);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* #if defined(N2N_HAVE_DAEMON) */
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "traceLevel is %d", traceLevel);
|
||||||
|
|
||||||
|
sss.sock = open_socket(sss.lport, 1 /*bind ANY*/ );
|
||||||
|
if ( -1 == sss.sock )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to open main socket. %s", strerror(errno) );
|
||||||
|
exit(-2);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_NORMAL, "supernode is listening on UDP %u (main)", sss.lport );
|
||||||
|
}
|
||||||
|
|
||||||
|
sss.mgmt_sock = open_socket(N2N_SN_MGMT_PORT, 0 /* bind LOOPBACK */ );
|
||||||
|
if ( -1 == sss.mgmt_sock )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to open management socket. %s", strerror(errno) );
|
||||||
|
exit(-2);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_NORMAL, "supernode is listening on UDP %u (management)", N2N_SN_MGMT_PORT );
|
||||||
|
}
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "supernode started");
|
||||||
|
|
||||||
|
return run_loop(&sss);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** Long lived processing entry point. Split out from main to simply
|
||||||
|
* daemonisation on some platforms. */
|
||||||
|
static int run_loop( n2n_sn_t * sss )
|
||||||
|
{
|
||||||
|
uint8_t pktbuf[N2N_SN_PKTBUF_SIZE];
|
||||||
|
int keep_running=1;
|
||||||
|
|
||||||
|
sss->start_time = time(NULL);
|
||||||
|
|
||||||
|
while(keep_running)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
ssize_t bread;
|
||||||
|
int max_sock;
|
||||||
|
fd_set socket_mask;
|
||||||
|
struct timeval wait_time;
|
||||||
|
time_t now=0;
|
||||||
|
|
||||||
|
FD_ZERO(&socket_mask);
|
||||||
|
max_sock = MAX(sss->sock, sss->mgmt_sock);
|
||||||
|
|
||||||
|
FD_SET(sss->sock, &socket_mask);
|
||||||
|
FD_SET(sss->mgmt_sock, &socket_mask);
|
||||||
|
|
||||||
|
wait_time.tv_sec = 10; wait_time.tv_usec = 0;
|
||||||
|
rc = select(max_sock+1, &socket_mask, NULL, NULL, &wait_time);
|
||||||
|
|
||||||
|
now = time(NULL);
|
||||||
|
|
||||||
|
if(rc > 0)
|
||||||
|
{
|
||||||
|
if (FD_ISSET(sss->sock, &socket_mask))
|
||||||
|
{
|
||||||
|
struct sockaddr_in sender_sock;
|
||||||
|
socklen_t i;
|
||||||
|
|
||||||
|
i = sizeof(sender_sock);
|
||||||
|
bread = recvfrom( sss->sock, pktbuf, N2N_SN_PKTBUF_SIZE, 0/*flags*/,
|
||||||
|
(struct sockaddr *)&sender_sock, (socklen_t*)&i);
|
||||||
|
|
||||||
|
if ( bread < 0 ) /* For UDP bread of zero just means no data (unlike TCP). */
|
||||||
|
{
|
||||||
|
/* The fd is no good now. Maybe we lost our interface. */
|
||||||
|
traceEvent( TRACE_ERROR, "recvfrom() failed %d errno %d (%s)", bread, errno, strerror(errno) );
|
||||||
|
keep_running=0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We have a datagram to process */
|
||||||
|
if ( bread > 0 )
|
||||||
|
{
|
||||||
|
/* And the datagram has data (not just a header) */
|
||||||
|
process_udp( sss, &sender_sock, pktbuf, bread, now );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (FD_ISSET(sss->mgmt_sock, &socket_mask))
|
||||||
|
{
|
||||||
|
struct sockaddr_in sender_sock;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
i = sizeof(sender_sock);
|
||||||
|
bread = recvfrom( sss->mgmt_sock, pktbuf, N2N_SN_PKTBUF_SIZE, 0/*flags*/,
|
||||||
|
(struct sockaddr *)&sender_sock, (socklen_t*)&i);
|
||||||
|
|
||||||
|
if ( bread <= 0 )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "recvfrom() failed %d errno %d (%s)", bread, errno, strerror(errno) );
|
||||||
|
keep_running=0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We have a datagram to process */
|
||||||
|
process_mgmt( sss, &sender_sock, pktbuf, bread, now );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "timeout" );
|
||||||
|
}
|
||||||
|
|
||||||
|
purge_expired_registrations( &(sss->edges) );
|
||||||
|
|
||||||
|
} /* while */
|
||||||
|
|
||||||
|
deinit_sn( sss );
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
43
supernode.1
Normal file
43
supernode.1
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
.TH supernode 1 "Jan 3, 2009" "revision 3679" "USER COMMANDS"
|
||||||
|
.SH NAME
|
||||||
|
supernode \- n2n supernode daemon
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B supernode \-l <port> [\-v]
|
||||||
|
.SH DESCRIPTION
|
||||||
|
N2N is a peer-to-peer VPN system. Supernode is a node introduction registry,
|
||||||
|
broadcast conduit and packet relay node for the n2n system. On startup supernode
|
||||||
|
begins listening on the specified UDP port for node registrations, and other
|
||||||
|
packets to route. The supernode can service any number of communities and routes
|
||||||
|
packets only between members of the same community. The supernode does not hold
|
||||||
|
the community encryption key and so cannot snoop or inject packets into the
|
||||||
|
community.
|
||||||
|
.PP
|
||||||
|
Supernode can service a number of n2n communities concurrently. Traffic does not
|
||||||
|
cross between communities.
|
||||||
|
.PP
|
||||||
|
All logging goes to stdout.
|
||||||
|
.SH OPTIONS
|
||||||
|
.TP
|
||||||
|
\-l <port>
|
||||||
|
listen on the given UDP port
|
||||||
|
.TP
|
||||||
|
\-v
|
||||||
|
use verbose logging
|
||||||
|
.TP
|
||||||
|
\-f
|
||||||
|
disable daemon mode (UNIX) and run in foreground.
|
||||||
|
.SH EXAMPLES
|
||||||
|
.TP
|
||||||
|
.B supernode -l 7654 -v
|
||||||
|
Start supernode listening on UDP port 7654 with verbose output.
|
||||||
|
.PP
|
||||||
|
.SH RESTART
|
||||||
|
When suprenode restarts it loses all registration information from associated
|
||||||
|
edge nodes. It can take up to five minutes for the edge nodes to re-register and
|
||||||
|
normal traffic flow to resume.
|
||||||
|
.SH EXIT STATUS
|
||||||
|
supernode is a daemon and any exit is an error
|
||||||
|
.SH AUTHOR
|
||||||
|
Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
|
||||||
|
.SH SEE ALSO
|
||||||
|
ifconfig(8) edge(8)
|
24
test.c
Normal file
24
test.c
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
#include "n2n.h"
|
||||||
|
#include "n2n_keyfile.h"
|
||||||
|
#include <assert.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
|
||||||
|
int main(int arc, const char * argv[] )
|
||||||
|
{
|
||||||
|
int e;
|
||||||
|
n2n_cipherspec_t specs[N2N_MAX_NUM_CIPHERSPECS];
|
||||||
|
|
||||||
|
e = n2n_read_keyfile( specs, N2N_MAX_NUM_CIPHERSPECS, "keyctrl.conf" );
|
||||||
|
|
||||||
|
if ( e < 0 )
|
||||||
|
{
|
||||||
|
perror( "Failed to read keyfile" );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fprintf( stderr, "Stored %d keys.\n", e );
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
597
transform_aes.c
Normal file
597
transform_aes.c
Normal file
|
@ -0,0 +1,597 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
/* Contributions from:
|
||||||
|
* - Jozef Kralik
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
#include "n2n_transforms.h"
|
||||||
|
|
||||||
|
#if defined(N2N_HAVE_AES)
|
||||||
|
|
||||||
|
|
||||||
|
#include "openssl/aes.h"
|
||||||
|
#ifndef _MSC_VER
|
||||||
|
/* Not included in Visual Studio 2008 */
|
||||||
|
#include <strings.h> /* index() */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define N2N_AES_NUM_SA 32 /* space for SAa */
|
||||||
|
|
||||||
|
#define N2N_AES_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
||||||
|
#define N2N_AES_IVEC_SIZE 32 /* Enough space for biggest AES ivec */
|
||||||
|
|
||||||
|
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
|
||||||
|
|
||||||
|
struct sa_aes
|
||||||
|
{
|
||||||
|
n2n_cipherspec_t spec; /* cipher spec parameters */
|
||||||
|
n2n_sa_t sa_id; /* security association index */
|
||||||
|
AES_KEY enc_key; /* tx key */
|
||||||
|
n2n_aes_ivec_t enc_ivec; /* tx CBC state */
|
||||||
|
AES_KEY dec_key; /* tx key */
|
||||||
|
n2n_aes_ivec_t dec_ivec; /* tx CBC state */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct sa_aes sa_aes_t;
|
||||||
|
|
||||||
|
|
||||||
|
/** Aes transform state data.
|
||||||
|
*
|
||||||
|
* With a key-schedule in place this will be populated with a number of
|
||||||
|
* SAs. Each SA has a lifetime and some opque data. The opaque data for aes
|
||||||
|
* consists of the SA number and key material.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
struct transop_aes
|
||||||
|
{
|
||||||
|
ssize_t tx_sa;
|
||||||
|
size_t num_sa;
|
||||||
|
sa_aes_t sa[N2N_AES_NUM_SA];
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct transop_aes transop_aes_t;
|
||||||
|
|
||||||
|
static int transop_deinit_aes( n2n_trans_op_t * arg )
|
||||||
|
{
|
||||||
|
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
if ( priv )
|
||||||
|
{
|
||||||
|
/* Memory was previously allocated */
|
||||||
|
for (i=0; i<N2N_AES_NUM_SA; ++i )
|
||||||
|
{
|
||||||
|
sa_aes_t * sa = &(priv->sa[i]);
|
||||||
|
|
||||||
|
sa->sa_id=0;
|
||||||
|
}
|
||||||
|
|
||||||
|
priv->num_sa=0;
|
||||||
|
priv->tx_sa=-1;
|
||||||
|
|
||||||
|
free(priv);
|
||||||
|
}
|
||||||
|
|
||||||
|
arg->priv=NULL; /* return to fully uninitialised state */
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t aes_choose_tx_sa( transop_aes_t * priv )
|
||||||
|
{
|
||||||
|
return priv->tx_sa; /* set in tick */
|
||||||
|
}
|
||||||
|
|
||||||
|
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
||||||
|
#define TRANSOP_AES_NONCE_SIZE 4
|
||||||
|
#define TRANSOP_AES_SA_SIZE 4
|
||||||
|
|
||||||
|
|
||||||
|
#define AES256_KEY_BYTES (256/8)
|
||||||
|
#define AES192_KEY_BYTES (192/8)
|
||||||
|
#define AES128_KEY_BYTES (128/8)
|
||||||
|
|
||||||
|
/* Return the best acceptable AES key size (in bytes) given an input keysize.
|
||||||
|
*
|
||||||
|
* The value returned will be one of AES128_KEY_BYTES, AES192_KEY_BYTES or
|
||||||
|
* AES256_KEY_BYTES.
|
||||||
|
*/
|
||||||
|
static size_t aes_best_keysize(size_t numBytes)
|
||||||
|
{
|
||||||
|
if (numBytes >= AES256_KEY_BYTES )
|
||||||
|
{
|
||||||
|
return AES256_KEY_BYTES;
|
||||||
|
}
|
||||||
|
else if (numBytes >= AES192_KEY_BYTES)
|
||||||
|
{
|
||||||
|
return AES192_KEY_BYTES;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return AES128_KEY_BYTES;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** The aes packet format consists of:
|
||||||
|
*
|
||||||
|
* - a 8-bit aes encoding version in clear text
|
||||||
|
* - a 32-bit SA number in clear text
|
||||||
|
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||||
|
*
|
||||||
|
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||||
|
* |<------ encrypted ------>|
|
||||||
|
*/
|
||||||
|
static int transop_encode_aes( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
int len2=-1;
|
||||||
|
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||||
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
uint32_t * pnonce;
|
||||||
|
|
||||||
|
if ( (in_len + TRANSOP_AES_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
|
||||||
|
{
|
||||||
|
if ( (in_len + TRANSOP_AES_NONCE_SIZE + TRANSOP_AES_SA_SIZE + TRANSOP_AES_VER_SIZE) <= out_len )
|
||||||
|
{
|
||||||
|
int len=-1;
|
||||||
|
size_t idx=0;
|
||||||
|
sa_aes_t * sa;
|
||||||
|
size_t tx_sa_num = 0;
|
||||||
|
|
||||||
|
/* The transmit sa is periodically updated */
|
||||||
|
tx_sa_num = aes_choose_tx_sa( priv );
|
||||||
|
|
||||||
|
sa = &(priv->sa[tx_sa_num]); /* Proper Tx SA index */
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "encode_aes %lu with SA %lu.", in_len, sa->sa_id );
|
||||||
|
|
||||||
|
/* Encode the aes format version. */
|
||||||
|
encode_uint8( outbuf, &idx, N2N_AES_TRANSFORM_VERSION );
|
||||||
|
|
||||||
|
/* Encode the security association (SA) number */
|
||||||
|
encode_uint32( outbuf, &idx, sa->sa_id );
|
||||||
|
|
||||||
|
/* Encrypt the assembly contents and write the ciphertext after the SA. */
|
||||||
|
len = in_len + TRANSOP_AES_NONCE_SIZE;
|
||||||
|
|
||||||
|
/* The assembly buffer is a source for encrypting data. The nonce is
|
||||||
|
* written in first followed by the packet payload. The whole
|
||||||
|
* contents of assembly are encrypted. */
|
||||||
|
pnonce = (uint32_t *)assembly;
|
||||||
|
*pnonce = rand();
|
||||||
|
memcpy( assembly + TRANSOP_AES_NONCE_SIZE, inbuf, in_len );
|
||||||
|
|
||||||
|
/* Need at least one encrypted byte at the end for the padding. */
|
||||||
|
len2 = ( (len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */
|
||||||
|
assembly[ len2-1 ]=(len2-len);
|
||||||
|
traceEvent( TRACE_DEBUG, "padding = %u", assembly[ len2-1 ] );
|
||||||
|
|
||||||
|
memset( &(sa->enc_ivec), 0, sizeof(N2N_AES_IVEC_SIZE) );
|
||||||
|
AES_cbc_encrypt( assembly, /* source */
|
||||||
|
outbuf + TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE, /* dest */
|
||||||
|
len2, /* enc size */
|
||||||
|
&(sa->enc_key), sa->enc_ivec, 1 /* encrypt */ );
|
||||||
|
|
||||||
|
len2 += TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE; /* size of data carried in UDP. */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "encode_aes outbuf too small." );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "encode_aes inbuf too big to encrypt." );
|
||||||
|
}
|
||||||
|
|
||||||
|
return len2;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Search through the array of SAs to find the one with the required ID.
|
||||||
|
*
|
||||||
|
* @return array index where found or -1 if not found
|
||||||
|
*/
|
||||||
|
static ssize_t aes_find_sa( const transop_aes_t * priv, const n2n_sa_t req_id )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i=0; i < priv->num_sa; ++i)
|
||||||
|
{
|
||||||
|
const sa_aes_t * sa=NULL;
|
||||||
|
|
||||||
|
sa = &(priv->sa[i]);
|
||||||
|
if (req_id == sa->sa_id)
|
||||||
|
{
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** The aes packet format consists of:
|
||||||
|
*
|
||||||
|
* - a 8-bit aes encoding version in clear text
|
||||||
|
* - a 32-bit SA number in clear text
|
||||||
|
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||||
|
*
|
||||||
|
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||||
|
* |<------ encrypted ------>|
|
||||||
|
*/
|
||||||
|
static int transop_decode_aes( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
int len=0;
|
||||||
|
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||||
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
|
||||||
|
if ( ( (in_len - (TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
|
||||||
|
&& (in_len >= (TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE + TRANSOP_AES_NONCE_SIZE) ) /* Has at least version, SA and nonce */
|
||||||
|
)
|
||||||
|
{
|
||||||
|
n2n_sa_t sa_rx;
|
||||||
|
ssize_t sa_idx=-1;
|
||||||
|
size_t rem=in_len;
|
||||||
|
size_t idx=0;
|
||||||
|
uint8_t aes_enc_ver=0;
|
||||||
|
|
||||||
|
/* Get the encoding version to make sure it is supported */
|
||||||
|
decode_uint8( &aes_enc_ver, inbuf, &rem, &idx );
|
||||||
|
|
||||||
|
if ( N2N_AES_TRANSFORM_VERSION == aes_enc_ver )
|
||||||
|
{
|
||||||
|
/* Get the SA number and make sure we are decrypting with the right one. */
|
||||||
|
decode_uint32( &sa_rx, inbuf, &rem, &idx );
|
||||||
|
|
||||||
|
sa_idx = aes_find_sa(priv, sa_rx);
|
||||||
|
if ( sa_idx >= 0 )
|
||||||
|
{
|
||||||
|
sa_aes_t * sa = &(priv->sa[sa_idx]);
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "decode_aes %lu with SA %lu.", in_len, sa_rx, sa->sa_id );
|
||||||
|
|
||||||
|
len = (in_len - (TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE));
|
||||||
|
|
||||||
|
if ( 0 == (len % AES_BLOCK_SIZE ) )
|
||||||
|
{
|
||||||
|
uint8_t padding;
|
||||||
|
|
||||||
|
memset( &(sa->dec_ivec), 0, sizeof(N2N_AES_IVEC_SIZE) );
|
||||||
|
AES_cbc_encrypt( (inbuf + TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE),
|
||||||
|
assembly, /* destination */
|
||||||
|
len,
|
||||||
|
&(sa->dec_key),
|
||||||
|
sa->dec_ivec, 0 /* decrypt */ );
|
||||||
|
|
||||||
|
/* last byte is how much was padding: max value should be
|
||||||
|
* AES_BLOCKSIZE-1 */
|
||||||
|
padding = assembly[ len-1 ] & 0xff;
|
||||||
|
|
||||||
|
if ( len >= (padding + TRANSOP_AES_NONCE_SIZE))
|
||||||
|
{
|
||||||
|
/* strictly speaking for this to be an ethernet packet
|
||||||
|
* it is going to need to be even bigger; but this is
|
||||||
|
* enough to prevent segfaults. */
|
||||||
|
traceEvent( TRACE_DEBUG, "padding = %u", padding );
|
||||||
|
len -= padding;
|
||||||
|
|
||||||
|
len -= TRANSOP_AES_NONCE_SIZE; /* size of ethernet packet */
|
||||||
|
|
||||||
|
/* Step over 4-byte random nonce value */
|
||||||
|
memcpy( outbuf,
|
||||||
|
assembly + TRANSOP_AES_NONCE_SIZE,
|
||||||
|
len );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_WARNING, "UDP payload decryption failed." );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE );
|
||||||
|
len = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Wrong security association; drop the packet as it is undecodable. */
|
||||||
|
traceEvent( TRACE_ERROR, "decode_aes SA number %lu not found.", sa_rx );
|
||||||
|
|
||||||
|
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Wrong security association; drop the packet as it is undecodable. */
|
||||||
|
traceEvent( TRACE_ERROR, "decode_aes unsupported aes version %u.", aes_enc_ver );
|
||||||
|
|
||||||
|
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len );
|
||||||
|
}
|
||||||
|
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_addspec_aes( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
|
||||||
|
{
|
||||||
|
int retval = 1;
|
||||||
|
ssize_t pstat=-1;
|
||||||
|
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||||
|
uint8_t keybuf[N2N_MAX_KEYSIZE];
|
||||||
|
|
||||||
|
if ( priv->num_sa < N2N_AES_NUM_SA )
|
||||||
|
{
|
||||||
|
const char * op = (const char *)cspec->opaque;
|
||||||
|
const char * sep = index( op, '_' );
|
||||||
|
|
||||||
|
if ( sep )
|
||||||
|
{
|
||||||
|
char tmp[256];
|
||||||
|
size_t s;
|
||||||
|
|
||||||
|
s = sep - op;
|
||||||
|
memcpy( tmp, cspec->opaque, s );
|
||||||
|
tmp[s]=0;
|
||||||
|
|
||||||
|
s = strlen(sep+1); /* sep is the _ which might be immediately followed by NULL */
|
||||||
|
|
||||||
|
priv->sa[priv->num_sa].spec = *cspec;
|
||||||
|
priv->sa[priv->num_sa].sa_id = strtoul(tmp, NULL, 10);
|
||||||
|
|
||||||
|
memset( keybuf, 0, N2N_MAX_KEYSIZE );
|
||||||
|
pstat = n2n_parse_hex( keybuf, N2N_MAX_KEYSIZE, sep+1, s );
|
||||||
|
if ( pstat > 0 )
|
||||||
|
{
|
||||||
|
/* pstat is number of bytes read into keybuf. */
|
||||||
|
sa_aes_t * sa = &(priv->sa[priv->num_sa]);
|
||||||
|
size_t aes_keysize_bytes;
|
||||||
|
size_t aes_keysize_bits;
|
||||||
|
|
||||||
|
/* Clear out any old possibly longer key matter. */
|
||||||
|
memset( &(sa->enc_key), 0, sizeof(AES_KEY) );
|
||||||
|
memset( &(sa->dec_key), 0, sizeof(AES_KEY) );
|
||||||
|
|
||||||
|
memset( &(sa->enc_ivec), 0, sizeof(N2N_AES_IVEC_SIZE) );
|
||||||
|
memset( &(sa->dec_ivec), 0, sizeof(N2N_AES_IVEC_SIZE) );
|
||||||
|
|
||||||
|
aes_keysize_bytes = aes_best_keysize(pstat);
|
||||||
|
aes_keysize_bits = 8 * aes_keysize_bytes;
|
||||||
|
|
||||||
|
/* Use N2N_MAX_KEYSIZE because the AES key needs to be of fixed
|
||||||
|
* size. If fewer bits specified then the rest will be
|
||||||
|
* zeroes. AES acceptable key sizes are 128, 192 and 256
|
||||||
|
* bits. */
|
||||||
|
AES_set_encrypt_key( keybuf, aes_keysize_bits, &(sa->enc_key));
|
||||||
|
AES_set_decrypt_key( keybuf, aes_keysize_bits, &(sa->dec_key));
|
||||||
|
/* Leave ivecs set to all zeroes */
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_addspec_aes sa_id=%u, %u bits data=%s.\n",
|
||||||
|
priv->sa[priv->num_sa].sa_id, aes_keysize_bits, sep+1);
|
||||||
|
|
||||||
|
++(priv->num_sa);
|
||||||
|
retval = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "transop_addspec_aes : bad key data - missing '_'.\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "transop_addspec_aes : full.\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static n2n_tostat_t transop_tick_aes( n2n_trans_op_t * arg, time_t now )
|
||||||
|
{
|
||||||
|
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||||
|
size_t i;
|
||||||
|
int found=0;
|
||||||
|
n2n_tostat_t r;
|
||||||
|
|
||||||
|
memset( &r, 0, sizeof(r) );
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_aes tick num_sa=%u now=%lu", priv->num_sa, now );
|
||||||
|
|
||||||
|
for ( i=0; i < priv->num_sa; ++i )
|
||||||
|
{
|
||||||
|
if ( 0 == validCipherSpec( &(priv->sa[i].spec), now ) )
|
||||||
|
{
|
||||||
|
time_t remaining = priv->sa[i].spec.valid_until - now;
|
||||||
|
|
||||||
|
traceEvent( TRACE_INFO, "transop_aes choosing tx_sa=%u (valid for %lu sec)", priv->sa[i].sa_id, remaining );
|
||||||
|
priv->tx_sa=i;
|
||||||
|
found=1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_aes tick rejecting sa=%u %lu -> %lu",
|
||||||
|
priv->sa[i].sa_id, priv->sa[i].spec.valid_from, priv->sa[i].spec.valid_until );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( 0==found)
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_INFO, "transop_aes no keys are currently valid. Keeping tx_sa=%u", priv->tx_sa );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
r.can_tx = 1;
|
||||||
|
r.tx_spec.t = N2N_TRANSFORM_ID_AESCBC;
|
||||||
|
r.tx_spec = priv->sa[priv->tx_sa].spec;
|
||||||
|
}
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int transop_aes_init( n2n_trans_op_t * ttt )
|
||||||
|
{
|
||||||
|
int retval = 1;
|
||||||
|
transop_aes_t * priv = NULL;
|
||||||
|
|
||||||
|
if ( ttt->priv )
|
||||||
|
{
|
||||||
|
transop_deinit_aes( ttt );
|
||||||
|
}
|
||||||
|
|
||||||
|
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
|
||||||
|
|
||||||
|
priv = (transop_aes_t *) malloc( sizeof(transop_aes_t) );
|
||||||
|
|
||||||
|
if ( NULL != priv )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
sa_aes_t * sa=NULL;
|
||||||
|
|
||||||
|
/* install the private structure. */
|
||||||
|
ttt->priv = priv;
|
||||||
|
priv->num_sa=0;
|
||||||
|
priv->tx_sa=0; /* We will use this sa index for encoding. */
|
||||||
|
|
||||||
|
ttt->transform_id = N2N_TRANSFORM_ID_AESCBC;
|
||||||
|
ttt->addspec = transop_addspec_aes;
|
||||||
|
ttt->tick = transop_tick_aes; /* chooses a new tx_sa */
|
||||||
|
ttt->deinit = transop_deinit_aes;
|
||||||
|
ttt->fwd = transop_encode_aes;
|
||||||
|
ttt->rev = transop_decode_aes;
|
||||||
|
|
||||||
|
for(i=0; i<N2N_AES_NUM_SA; ++i)
|
||||||
|
{
|
||||||
|
sa = &(priv->sa[i]);
|
||||||
|
sa->sa_id=0;
|
||||||
|
memset( &(sa->spec), 0, sizeof(n2n_cipherspec_t) );
|
||||||
|
memset( &(sa->enc_key), 0, sizeof(AES_KEY) );
|
||||||
|
memset( &(sa->enc_ivec), 0, sizeof(N2N_AES_IVEC_SIZE) );
|
||||||
|
memset( &(sa->dec_key), 0, sizeof(AES_KEY) );
|
||||||
|
memset( &(sa->dec_ivec), 0, sizeof(N2N_AES_IVEC_SIZE) );
|
||||||
|
}
|
||||||
|
|
||||||
|
retval = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memset( ttt, 0, sizeof(n2n_trans_op_t) );
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to allocate priv for aes" );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
#else /* #if defined(N2N_HAVE_AES) */
|
||||||
|
|
||||||
|
struct transop_aes
|
||||||
|
{
|
||||||
|
ssize_t tx_sa;
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct transop_aes transop_aes_t;
|
||||||
|
|
||||||
|
|
||||||
|
static int transop_deinit_aes( n2n_trans_op_t * arg )
|
||||||
|
{
|
||||||
|
transop_aes_t * priv = (transop_aes_t *)arg->priv;
|
||||||
|
|
||||||
|
if ( priv )
|
||||||
|
{
|
||||||
|
free(priv);
|
||||||
|
}
|
||||||
|
|
||||||
|
arg->priv=NULL; /* return to fully uninitialised state */
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_encode_aes( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_decode_aes( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_addspec_aes( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_addspec_aes AES not built into edge.\n");
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static n2n_tostat_t transop_tick_aes( n2n_trans_op_t * arg, time_t now )
|
||||||
|
{
|
||||||
|
n2n_tostat_t r;
|
||||||
|
|
||||||
|
memset( &r, 0, sizeof(r) );
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
int transop_aes_init( n2n_trans_op_t * ttt )
|
||||||
|
{
|
||||||
|
int retval = 1;
|
||||||
|
transop_aes_t * priv = NULL;
|
||||||
|
|
||||||
|
if ( ttt->priv )
|
||||||
|
{
|
||||||
|
transop_deinit_aes( ttt );
|
||||||
|
}
|
||||||
|
|
||||||
|
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
|
||||||
|
|
||||||
|
priv = (transop_aes_t *) malloc( sizeof(transop_aes_t) );
|
||||||
|
|
||||||
|
if ( NULL != priv )
|
||||||
|
{
|
||||||
|
/* install the private structure. */
|
||||||
|
ttt->priv = priv;
|
||||||
|
priv->tx_sa=0; /* We will use this sa index for encoding. */
|
||||||
|
|
||||||
|
ttt->transform_id = N2N_TRANSFORM_ID_AESCBC;
|
||||||
|
ttt->addspec = transop_addspec_aes;
|
||||||
|
ttt->tick = transop_tick_aes; /* chooses a new tx_sa */
|
||||||
|
ttt->deinit = transop_deinit_aes;
|
||||||
|
ttt->fwd = transop_encode_aes;
|
||||||
|
ttt->rev = transop_decode_aes;
|
||||||
|
|
||||||
|
retval = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memset( ttt, 0, sizeof(n2n_trans_op_t) );
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to allocate priv for aes" );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* #if defined(N2N_HAVE_AES) */
|
||||||
|
|
84
transform_null.c
Normal file
84
transform_null.c
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
#include "n2n_transforms.h"
|
||||||
|
|
||||||
|
static int transop_deinit_null( n2n_trans_op_t * arg )
|
||||||
|
{
|
||||||
|
/* nothing to deallocate, nothing to release. */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_encode_null( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
int retval = -1;
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "encode_null %lu", in_len );
|
||||||
|
if ( out_len >= in_len )
|
||||||
|
{
|
||||||
|
memcpy( outbuf, inbuf, in_len );
|
||||||
|
retval = in_len;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "encode_null %lu too big for packet buffer", in_len );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_decode_null( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
int retval = -1;
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "decode_null %lu", in_len );
|
||||||
|
if ( out_len >= in_len )
|
||||||
|
{
|
||||||
|
memcpy( outbuf, inbuf, in_len );
|
||||||
|
retval = in_len;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "decode_null %lu too big for packet buffer", in_len );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_addspec_null( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static n2n_tostat_t transop_tick_null( n2n_trans_op_t * arg, time_t now )
|
||||||
|
{
|
||||||
|
n2n_tostat_t r;
|
||||||
|
|
||||||
|
r.can_tx=1;
|
||||||
|
r.tx_spec.t = N2N_TRANSFORM_ID_NULL;
|
||||||
|
r.tx_spec.valid_from = 0;
|
||||||
|
r.tx_spec.valid_until = (time_t)(-1);
|
||||||
|
r.tx_spec.opaque_size=0;
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
void transop_null_init( n2n_trans_op_t * ttt )
|
||||||
|
{
|
||||||
|
memset(ttt, 0, sizeof(n2n_trans_op_t) );
|
||||||
|
|
||||||
|
ttt->transform_id = N2N_TRANSFORM_ID_NULL;
|
||||||
|
ttt->deinit = transop_deinit_null;
|
||||||
|
ttt->addspec = transop_addspec_null;
|
||||||
|
ttt->tick = transop_tick_null;
|
||||||
|
ttt->fwd = transop_encode_null;
|
||||||
|
ttt->rev = transop_decode_null;
|
||||||
|
}
|
487
transform_tf.c
Normal file
487
transform_tf.c
Normal file
|
@ -0,0 +1,487 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
#include "n2n_transforms.h"
|
||||||
|
#include "twofish.h"
|
||||||
|
#ifndef _MSC_VER
|
||||||
|
/* Not included in Visual Studio 2008 */
|
||||||
|
#include <strings.h> /* index() */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define N2N_TWOFISH_NUM_SA 32 /* space for SAa */
|
||||||
|
|
||||||
|
#define N2N_TWOFISH_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
||||||
|
|
||||||
|
struct sa_twofish
|
||||||
|
{
|
||||||
|
n2n_cipherspec_t spec; /* cipher spec parameters */
|
||||||
|
n2n_sa_t sa_id; /* security association index */
|
||||||
|
TWOFISH * enc_tf; /* tx state */
|
||||||
|
TWOFISH * dec_tf; /* rx state */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct sa_twofish sa_twofish_t;
|
||||||
|
|
||||||
|
|
||||||
|
/** Twofish transform state data.
|
||||||
|
*
|
||||||
|
* With a key-schedule in place this will be populated with a number of
|
||||||
|
* SAs. Each SA has a lifetime and some opque data. The opaque data for twofish
|
||||||
|
* consists of the SA number and key material.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
struct transop_tf
|
||||||
|
{
|
||||||
|
ssize_t tx_sa;
|
||||||
|
size_t num_sa;
|
||||||
|
sa_twofish_t sa[N2N_TWOFISH_NUM_SA];
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct transop_tf transop_tf_t;
|
||||||
|
|
||||||
|
static int transop_deinit_twofish( n2n_trans_op_t * arg )
|
||||||
|
{
|
||||||
|
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
if ( priv )
|
||||||
|
{
|
||||||
|
/* Memory was previously allocated */
|
||||||
|
for (i=0; i<N2N_TWOFISH_NUM_SA; ++i )
|
||||||
|
{
|
||||||
|
sa_twofish_t * sa = &(priv->sa[i]);
|
||||||
|
|
||||||
|
TwoFishDestroy(sa->enc_tf); /* deallocate TWOFISH */
|
||||||
|
sa->enc_tf=NULL;
|
||||||
|
|
||||||
|
TwoFishDestroy(sa->dec_tf); /* deallocate TWOFISH */
|
||||||
|
sa->dec_tf=NULL;
|
||||||
|
|
||||||
|
sa->sa_id=0;
|
||||||
|
}
|
||||||
|
|
||||||
|
priv->num_sa=0;
|
||||||
|
priv->tx_sa=-1;
|
||||||
|
|
||||||
|
free(priv);
|
||||||
|
}
|
||||||
|
|
||||||
|
arg->priv=NULL; /* return to fully uninitialised state */
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static size_t tf_choose_tx_sa( transop_tf_t * priv )
|
||||||
|
{
|
||||||
|
return priv->tx_sa; /* set in tick */
|
||||||
|
}
|
||||||
|
|
||||||
|
#define TRANSOP_TF_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
||||||
|
#define TRANSOP_TF_NONCE_SIZE 4
|
||||||
|
#define TRANSOP_TF_SA_SIZE 4
|
||||||
|
|
||||||
|
/** The twofish packet format consists of:
|
||||||
|
*
|
||||||
|
* - a 8-bit twofish encoding version in clear text
|
||||||
|
* - a 32-bit SA number in clear text
|
||||||
|
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||||
|
*
|
||||||
|
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||||
|
* |<------ encrypted ------>|
|
||||||
|
*/
|
||||||
|
static int transop_encode_twofish( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
int len=-1;
|
||||||
|
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||||
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
uint32_t * pnonce;
|
||||||
|
|
||||||
|
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
|
||||||
|
{
|
||||||
|
if ( (in_len + TRANSOP_TF_NONCE_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_VER_SIZE) <= out_len )
|
||||||
|
{
|
||||||
|
size_t idx=0;
|
||||||
|
sa_twofish_t * sa;
|
||||||
|
size_t tx_sa_num = 0;
|
||||||
|
|
||||||
|
/* The transmit sa is periodically updated */
|
||||||
|
tx_sa_num = tf_choose_tx_sa( priv );
|
||||||
|
|
||||||
|
sa = &(priv->sa[tx_sa_num]); /* Proper Tx SA index */
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "encode_twofish %lu with SA %lu.", in_len, sa->sa_id );
|
||||||
|
|
||||||
|
/* Encode the twofish format version. */
|
||||||
|
encode_uint8( outbuf, &idx, N2N_TWOFISH_TRANSFORM_VERSION );
|
||||||
|
|
||||||
|
/* Encode the security association (SA) number */
|
||||||
|
encode_uint32( outbuf, &idx, sa->sa_id );
|
||||||
|
|
||||||
|
/* The assembly buffer is a source for encrypting data. The nonce is
|
||||||
|
* written in first followed by the packet payload. The whole
|
||||||
|
* contents of assembly are encrypted. */
|
||||||
|
pnonce = (uint32_t *)assembly;
|
||||||
|
*pnonce = rand();
|
||||||
|
memcpy( assembly + TRANSOP_TF_NONCE_SIZE, inbuf, in_len );
|
||||||
|
|
||||||
|
/* Encrypt the assembly contents and write the ciphertext after the SA. */
|
||||||
|
len = TwoFishEncryptRaw( assembly, /* source */
|
||||||
|
outbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE,
|
||||||
|
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
|
||||||
|
sa->enc_tf);
|
||||||
|
if ( len > 0 )
|
||||||
|
{
|
||||||
|
len += TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE; /* size of data carried in UDP. */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "encode_twofish outbuf too small." );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "encode_twofish inbuf too big to encrypt." );
|
||||||
|
}
|
||||||
|
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Search through the array of SAs to find the one with the required ID.
|
||||||
|
*
|
||||||
|
* @return array index where found or -1 if not found
|
||||||
|
*/
|
||||||
|
static ssize_t twofish_find_sa( const transop_tf_t * priv, const n2n_sa_t req_id )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i=0; i < priv->num_sa; ++i)
|
||||||
|
{
|
||||||
|
const sa_twofish_t * sa=NULL;
|
||||||
|
|
||||||
|
sa = &(priv->sa[i]);
|
||||||
|
if (req_id == sa->sa_id)
|
||||||
|
{
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/** The twofish packet format consists of:
|
||||||
|
*
|
||||||
|
* - a 8-bit twofish encoding version in clear text
|
||||||
|
* - a 32-bit SA number in clear text
|
||||||
|
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||||
|
*
|
||||||
|
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||||
|
* |<------ encrypted ------>|
|
||||||
|
*/
|
||||||
|
static int transop_decode_twofish( n2n_trans_op_t * arg,
|
||||||
|
uint8_t * outbuf,
|
||||||
|
size_t out_len,
|
||||||
|
const uint8_t * inbuf,
|
||||||
|
size_t in_len )
|
||||||
|
{
|
||||||
|
int len=0;
|
||||||
|
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||||
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
|
||||||
|
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
|
||||||
|
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) /* Has at least version, SA and nonce */
|
||||||
|
)
|
||||||
|
{
|
||||||
|
n2n_sa_t sa_rx;
|
||||||
|
ssize_t sa_idx=-1;
|
||||||
|
size_t rem=in_len;
|
||||||
|
size_t idx=0;
|
||||||
|
uint8_t tf_enc_ver=0;
|
||||||
|
|
||||||
|
/* Get the encoding version to make sure it is supported */
|
||||||
|
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
|
||||||
|
|
||||||
|
if ( N2N_TWOFISH_TRANSFORM_VERSION == tf_enc_ver )
|
||||||
|
{
|
||||||
|
/* Get the SA number and make sure we are decrypting with the right one. */
|
||||||
|
decode_uint32( &sa_rx, inbuf, &rem, &idx );
|
||||||
|
|
||||||
|
sa_idx = twofish_find_sa(priv, sa_rx);
|
||||||
|
if ( sa_idx >= 0 )
|
||||||
|
{
|
||||||
|
sa_twofish_t * sa = &(priv->sa[sa_idx]);
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "decode_twofish %lu with SA %lu.", in_len, sa_rx, sa->sa_id );
|
||||||
|
|
||||||
|
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
|
||||||
|
assembly, /* destination */
|
||||||
|
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
|
||||||
|
sa->dec_tf);
|
||||||
|
|
||||||
|
if ( len > 0 )
|
||||||
|
{
|
||||||
|
/* Step over 4-byte random nonce value */
|
||||||
|
len -= TRANSOP_TF_NONCE_SIZE; /* size of ethernet packet */
|
||||||
|
|
||||||
|
memcpy( outbuf,
|
||||||
|
assembly + TRANSOP_TF_NONCE_SIZE,
|
||||||
|
len );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "decode_twofish decryption failed." );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Wrong security association; drop the packet as it is undecodable. */
|
||||||
|
traceEvent( TRACE_ERROR, "decode_twofish SA number %lu not found.", sa_rx );
|
||||||
|
|
||||||
|
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Wrong security association; drop the packet as it is undecodable. */
|
||||||
|
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
|
||||||
|
|
||||||
|
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );
|
||||||
|
}
|
||||||
|
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int transop_addspec_twofish( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
|
||||||
|
{
|
||||||
|
int retval = 1;
|
||||||
|
ssize_t pstat=-1;
|
||||||
|
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||||
|
uint8_t keybuf[N2N_MAX_KEYSIZE];
|
||||||
|
|
||||||
|
if ( priv->num_sa < N2N_TWOFISH_NUM_SA )
|
||||||
|
{
|
||||||
|
const char * op = (const char *)cspec->opaque;
|
||||||
|
const char * sep = index( op, '_' );
|
||||||
|
|
||||||
|
if ( sep )
|
||||||
|
{
|
||||||
|
char tmp[256];
|
||||||
|
size_t s;
|
||||||
|
|
||||||
|
s = sep - op;
|
||||||
|
memcpy( tmp, cspec->opaque, s );
|
||||||
|
tmp[s]=0;
|
||||||
|
|
||||||
|
s = strlen(sep+1); /* sep is the _ which might be immediately followed by NULL */
|
||||||
|
|
||||||
|
priv->sa[priv->num_sa].spec = *cspec;
|
||||||
|
priv->sa[priv->num_sa].sa_id = strtoul(tmp, NULL, 10);
|
||||||
|
|
||||||
|
pstat = n2n_parse_hex( keybuf, N2N_MAX_KEYSIZE, sep+1, s );
|
||||||
|
if ( pstat > 0 )
|
||||||
|
{
|
||||||
|
priv->sa[priv->num_sa].enc_tf = TwoFishInit( keybuf, pstat);
|
||||||
|
priv->sa[priv->num_sa].dec_tf = TwoFishInit( keybuf, pstat);
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_addspec_twofish sa_id=%u data=%s.\n",
|
||||||
|
priv->sa[priv->num_sa].sa_id, sep+1);
|
||||||
|
|
||||||
|
++(priv->num_sa);
|
||||||
|
retval = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "transop_addspec_twofish : bad key data - missing '_'.\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "transop_addspec_twofish : full.\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static n2n_tostat_t transop_tick_twofish( n2n_trans_op_t * arg, time_t now )
|
||||||
|
{
|
||||||
|
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||||
|
size_t i;
|
||||||
|
int found=0;
|
||||||
|
n2n_tostat_t r;
|
||||||
|
|
||||||
|
memset( &r, 0, sizeof(r) );
|
||||||
|
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_tf tick num_sa=%u", priv->num_sa );
|
||||||
|
|
||||||
|
for ( i=0; i < priv->num_sa; ++i )
|
||||||
|
{
|
||||||
|
if ( 0 == validCipherSpec( &(priv->sa[i].spec), now ) )
|
||||||
|
{
|
||||||
|
time_t remaining = priv->sa[i].spec.valid_until - now;
|
||||||
|
|
||||||
|
traceEvent( TRACE_INFO, "transop_tf choosing tx_sa=%u (valid for %lu sec)", priv->sa[i].sa_id, remaining );
|
||||||
|
priv->tx_sa=i;
|
||||||
|
found=1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_DEBUG, "transop_tf tick rejecting sa=%u %lu -> %lu",
|
||||||
|
priv->sa[i].sa_id, priv->sa[i].spec.valid_from, priv->sa[i].spec.valid_until );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( 0==found)
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_INFO, "transop_tf no keys are currently valid. Keeping tx_sa=%u", priv->tx_sa );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
r.can_tx = 1;
|
||||||
|
r.tx_spec.t = N2N_TRANSFORM_ID_TWOFISH;
|
||||||
|
r.tx_spec = priv->sa[priv->tx_sa].spec;
|
||||||
|
}
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int transop_twofish_setup( n2n_trans_op_t * ttt,
|
||||||
|
n2n_sa_t sa_num,
|
||||||
|
uint8_t * encrypt_pwd,
|
||||||
|
uint32_t encrypt_pwd_len )
|
||||||
|
{
|
||||||
|
int retval = 1;
|
||||||
|
transop_tf_t * priv = NULL;
|
||||||
|
|
||||||
|
if ( ttt->priv )
|
||||||
|
{
|
||||||
|
transop_deinit_twofish( ttt );
|
||||||
|
}
|
||||||
|
|
||||||
|
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
|
||||||
|
|
||||||
|
priv = (transop_tf_t *) malloc( sizeof(transop_tf_t) );
|
||||||
|
|
||||||
|
if ( NULL != priv )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
sa_twofish_t * sa=NULL;
|
||||||
|
|
||||||
|
/* install the private structure. */
|
||||||
|
ttt->priv = priv;
|
||||||
|
|
||||||
|
for(i=0; i<N2N_TWOFISH_NUM_SA; ++i)
|
||||||
|
{
|
||||||
|
sa = &(priv->sa[i]);
|
||||||
|
sa->sa_id=0;
|
||||||
|
memset( &(sa->spec), 0, sizeof(n2n_cipherspec_t) );
|
||||||
|
sa->enc_tf=NULL;
|
||||||
|
sa->dec_tf=NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
priv->num_sa=1; /* There is one SA in the array. */
|
||||||
|
priv->tx_sa=0;
|
||||||
|
sa = &(priv->sa[priv->tx_sa]);
|
||||||
|
sa->sa_id=sa_num;
|
||||||
|
sa->spec.valid_until = 0x7fffffff;
|
||||||
|
|
||||||
|
/* This is a preshared key setup. Both Tx and Rx are using the same security association. */
|
||||||
|
|
||||||
|
sa->enc_tf = TwoFishInit(encrypt_pwd, encrypt_pwd_len);
|
||||||
|
sa->dec_tf = TwoFishInit(encrypt_pwd, encrypt_pwd_len);
|
||||||
|
|
||||||
|
if ( (sa->enc_tf) && (sa->dec_tf) )
|
||||||
|
{
|
||||||
|
ttt->transform_id = N2N_TRANSFORM_ID_TWOFISH;
|
||||||
|
ttt->deinit = transop_deinit_twofish;
|
||||||
|
ttt->addspec = transop_addspec_twofish;
|
||||||
|
ttt->tick = transop_tick_twofish; /* chooses a new tx_sa */
|
||||||
|
ttt->fwd = transop_encode_twofish;
|
||||||
|
ttt->rev = transop_decode_twofish;
|
||||||
|
|
||||||
|
retval = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
traceEvent( TRACE_ERROR, "TwoFishInit failed" );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memset( ttt, 0, sizeof(n2n_trans_op_t) );
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to allocate priv for twofish" );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int transop_twofish_init( n2n_trans_op_t * ttt )
|
||||||
|
{
|
||||||
|
int retval = 1;
|
||||||
|
transop_tf_t * priv = NULL;
|
||||||
|
|
||||||
|
if ( ttt->priv )
|
||||||
|
{
|
||||||
|
transop_deinit_twofish( ttt );
|
||||||
|
}
|
||||||
|
|
||||||
|
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
|
||||||
|
|
||||||
|
priv = (transop_tf_t *) malloc( sizeof(transop_tf_t) );
|
||||||
|
|
||||||
|
if ( NULL != priv )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
sa_twofish_t * sa=NULL;
|
||||||
|
|
||||||
|
/* install the private structure. */
|
||||||
|
ttt->priv = priv;
|
||||||
|
priv->num_sa=0;
|
||||||
|
priv->tx_sa=0; /* We will use this sa index for encoding. */
|
||||||
|
|
||||||
|
ttt->transform_id = N2N_TRANSFORM_ID_TWOFISH;
|
||||||
|
ttt->addspec = transop_addspec_twofish;
|
||||||
|
ttt->tick = transop_tick_twofish; /* chooses a new tx_sa */
|
||||||
|
ttt->deinit = transop_deinit_twofish;
|
||||||
|
ttt->fwd = transop_encode_twofish;
|
||||||
|
ttt->rev = transop_decode_twofish;
|
||||||
|
|
||||||
|
for(i=0; i<N2N_TWOFISH_NUM_SA; ++i)
|
||||||
|
{
|
||||||
|
sa = &(priv->sa[i]);
|
||||||
|
sa->sa_id=0;
|
||||||
|
memset( &(sa->spec), 0, sizeof(n2n_cipherspec_t) );
|
||||||
|
sa->enc_tf=NULL;
|
||||||
|
sa->dec_tf=NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
retval = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memset( ttt, 0, sizeof(n2n_trans_op_t) );
|
||||||
|
traceEvent( TRACE_ERROR, "Failed to allocate priv for twofish" );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
132
tuntap_freebsd.c
Normal file
132
tuntap_freebsd.c
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
/*
|
||||||
|
* (C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not see see <http://www.gnu.org/licenses/>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
#ifdef __FreeBSD__
|
||||||
|
|
||||||
|
void tun_close(tuntap_dev *device);
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
#define N2N_FREEBSD_TAPDEVICE_SIZE 32
|
||||||
|
int tuntap_open(tuntap_dev *device /* ignored */,
|
||||||
|
char *dev,
|
||||||
|
const char *address_mode, /* static or dhcp */
|
||||||
|
char *device_ip,
|
||||||
|
char *device_mask,
|
||||||
|
const char * device_mac,
|
||||||
|
int mtu) {
|
||||||
|
int i;
|
||||||
|
char tap_device[N2N_FREEBSD_TAPDEVICE_SIZE];
|
||||||
|
|
||||||
|
for (i = 0; i < 255; i++) {
|
||||||
|
snprintf(tap_device, sizeof(tap_device), "/dev/tap%d", i);
|
||||||
|
|
||||||
|
device->fd = open(tap_device, O_RDWR);
|
||||||
|
if(device->fd > 0) {
|
||||||
|
traceEvent(TRACE_NORMAL, "Succesfully open %s", tap_device);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device->fd < 0) {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to open tap device");
|
||||||
|
return(-1);
|
||||||
|
} else {
|
||||||
|
char buf[256];
|
||||||
|
FILE *fd;
|
||||||
|
|
||||||
|
device->ip_addr = inet_addr(device_ip);
|
||||||
|
|
||||||
|
if ( device_mac && device_mac[0] != '\0' )
|
||||||
|
{
|
||||||
|
/* FIXME - This is not tested. Might be wrong syntax for OS X */
|
||||||
|
|
||||||
|
/* Set the hw address before bringing the if up. */
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig tap%d ether %s",
|
||||||
|
i, device_mac);
|
||||||
|
system(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig tap%d %s netmask %s mtu %d up",
|
||||||
|
i, device_ip, device_mask, mtu);
|
||||||
|
system(buf);
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface tap%d up and running (%s/%s)",
|
||||||
|
i, device_ip, device_mask);
|
||||||
|
|
||||||
|
/* Read MAC address */
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig tap%d |grep ether|cut -c 8-24", i);
|
||||||
|
/* traceEvent(TRACE_INFO, "%s", buf); */
|
||||||
|
|
||||||
|
fd = popen(buf, "r");
|
||||||
|
if(fd < 0) {
|
||||||
|
tun_close(device);
|
||||||
|
return(-1);
|
||||||
|
} else {
|
||||||
|
int a, b, c, d, e, f;
|
||||||
|
|
||||||
|
buf[0] = 0;
|
||||||
|
fgets(buf, sizeof(buf), fd);
|
||||||
|
pclose(fd);
|
||||||
|
|
||||||
|
if(buf[0] == '\0') {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to read tap%d interface MAC address");
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface tap%d mac %s", i, buf);
|
||||||
|
if(sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", &a, &b, &c, &d, &e, &f) == 6) {
|
||||||
|
device->mac_addr[0] = a, device->mac_addr[1] = b;
|
||||||
|
device->mac_addr[2] = c, device->mac_addr[3] = d;
|
||||||
|
device->mac_addr[4] = e, device->mac_addr[5] = f;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* read_mac(dev, device->mac_addr); */
|
||||||
|
return(device->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
int tuntap_read(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(read(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
int tuntap_write(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(write(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
void tuntap_close(struct tuntap_dev *tuntap) {
|
||||||
|
close(tuntap->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill out the ip_addr value from the interface. Called to pick up dynamic
|
||||||
|
* address changes. */
|
||||||
|
void tuntap_get_address(struct tuntap_dev *tuntap)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* #ifdef __FreeBSD__ */
|
165
tuntap_linux.c
Normal file
165
tuntap_linux.c
Normal file
|
@ -0,0 +1,165 @@
|
||||||
|
/*
|
||||||
|
* (C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, see <http://www.gnu.org/licenses/>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
#ifdef __linux__
|
||||||
|
|
||||||
|
static void read_mac(char *ifname, n2n_mac_t mac_addr) {
|
||||||
|
int _sock, res;
|
||||||
|
struct ifreq ifr;
|
||||||
|
macstr_t mac_addr_buf;
|
||||||
|
|
||||||
|
memset (&ifr,0,sizeof(struct ifreq));
|
||||||
|
|
||||||
|
/* Dummy socket, just to make ioctls with */
|
||||||
|
_sock=socket(PF_INET, SOCK_DGRAM, 0);
|
||||||
|
strcpy(ifr.ifr_name, ifname);
|
||||||
|
res = ioctl(_sock,SIOCGIFHWADDR,&ifr);
|
||||||
|
if (res<0) {
|
||||||
|
perror ("Get hw addr");
|
||||||
|
} else
|
||||||
|
memcpy(mac_addr, ifr.ifr_ifru.ifru_hwaddr.sa_data, 6);
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface %s has MAC %s",
|
||||||
|
ifname,
|
||||||
|
macaddr_str(mac_addr_buf, mac_addr ));
|
||||||
|
close(_sock);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
/** @brief Open and configure the TAP device for packet read/write.
|
||||||
|
*
|
||||||
|
* This routine creates the interface via the tuntap driver then uses ifconfig
|
||||||
|
* to configure address/mask and MTU.
|
||||||
|
*
|
||||||
|
* @param device - [inout] a device info holder object
|
||||||
|
* @param dev - user-defined name for the new iface,
|
||||||
|
* if NULL system will assign a name
|
||||||
|
* @param device_ip - address of iface
|
||||||
|
* @param device_mask - netmask for device_ip
|
||||||
|
* @param mtu - MTU for device_ip
|
||||||
|
*
|
||||||
|
* @return - negative value on error
|
||||||
|
* - non-negative file-descriptor on success
|
||||||
|
*/
|
||||||
|
int tuntap_open(tuntap_dev *device,
|
||||||
|
char *dev, /* user-definable interface name, eg. edge0 */
|
||||||
|
const char *address_mode, /* static or dhcp */
|
||||||
|
char *device_ip,
|
||||||
|
char *device_mask,
|
||||||
|
const char * device_mac,
|
||||||
|
int mtu) {
|
||||||
|
char *tuntap_device = "/dev/net/tun";
|
||||||
|
#define N2N_LINUX_SYSTEMCMD_SIZE 128
|
||||||
|
char buf[N2N_LINUX_SYSTEMCMD_SIZE];
|
||||||
|
struct ifreq ifr;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
device->fd = open(tuntap_device, O_RDWR);
|
||||||
|
if(device->fd < 0) {
|
||||||
|
printf("ERROR: ioctl() [%s][%d]\n", strerror(errno), errno);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&ifr, 0, sizeof(ifr));
|
||||||
|
ifr.ifr_flags = IFF_TAP|IFF_NO_PI; /* Want a TAP device for layer 2 frames. */
|
||||||
|
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
|
||||||
|
rc = ioctl(device->fd, TUNSETIFF, (void *)&ifr);
|
||||||
|
|
||||||
|
if(rc < 0) {
|
||||||
|
traceEvent(TRACE_ERROR, "ioctl() [%s][%d]\n", strerror(errno), rc);
|
||||||
|
close(device->fd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Store the device name for later reuse */
|
||||||
|
strncpy(device->dev_name, ifr.ifr_name, MIN(IFNAMSIZ, N2N_IFNAMSIZ) );
|
||||||
|
|
||||||
|
if ( device_mac && device_mac[0] != '\0' )
|
||||||
|
{
|
||||||
|
/* Set the hw address before bringing the if up. */
|
||||||
|
snprintf(buf, sizeof(buf), "/sbin/ifconfig %s hw ether %s",
|
||||||
|
ifr.ifr_name, device_mac );
|
||||||
|
system(buf);
|
||||||
|
traceEvent(TRACE_INFO, "Setting MAC: %s", buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( 0 == strncmp( "dhcp", address_mode, 5 ) )
|
||||||
|
{
|
||||||
|
snprintf(buf, sizeof(buf), "/sbin/ifconfig %s %s mtu %d up",
|
||||||
|
ifr.ifr_name, device_ip, mtu);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
snprintf(buf, sizeof(buf), "/sbin/ifconfig %s %s netmask %s mtu %d up",
|
||||||
|
ifr.ifr_name, device_ip, device_mask, mtu);
|
||||||
|
}
|
||||||
|
|
||||||
|
system(buf);
|
||||||
|
traceEvent(TRACE_INFO, "Bringing up: %s", buf);
|
||||||
|
|
||||||
|
device->ip_addr = inet_addr(device_ip);
|
||||||
|
device->device_mask = inet_addr(device_mask);
|
||||||
|
read_mac(dev, device->mac_addr);
|
||||||
|
return(device->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
int tuntap_read(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(read(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
int tuntap_write(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(write(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
void tuntap_close(struct tuntap_dev *tuntap) {
|
||||||
|
close(tuntap->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill out the ip_addr value from the interface. Called to pick up dynamic
|
||||||
|
* address changes. */
|
||||||
|
void tuntap_get_address(struct tuntap_dev *tuntap)
|
||||||
|
{
|
||||||
|
FILE * fp=NULL;
|
||||||
|
ssize_t nread=0;
|
||||||
|
char buf[N2N_LINUX_SYSTEMCMD_SIZE];
|
||||||
|
|
||||||
|
/* Would rather have a more direct way to get the inet address but a netlink
|
||||||
|
* socket is overkill and probably less portable than ifconfig and sed. */
|
||||||
|
|
||||||
|
/* If the interface has no address (0.0.0.0) there will be no inet addr
|
||||||
|
* line and the returned string will be empty. */
|
||||||
|
snprintf( buf, sizeof(buf), "/sbin/ifconfig %s | /bin/sed -e '/inet addr:/!d' -e 's/^.*inet addr://' -e 's/ .*$//'",
|
||||||
|
tuntap->dev_name );
|
||||||
|
fp=popen(buf, "r");
|
||||||
|
if (fp )
|
||||||
|
{
|
||||||
|
memset(buf,0,N2N_LINUX_SYSTEMCMD_SIZE); /* make sure buf is NULL terminated. */
|
||||||
|
nread=fread(buf, 1, 15, fp);
|
||||||
|
fclose(fp);
|
||||||
|
fp=NULL;
|
||||||
|
|
||||||
|
traceEvent(TRACE_INFO, "ifconfig address = %s", buf);
|
||||||
|
|
||||||
|
tuntap->ip_addr = inet_addr(buf);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* #ifdef __linux__ */
|
146
tuntap_netbsd.c
Normal file
146
tuntap_netbsd.c
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
/*
|
||||||
|
* (C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
* (C) 2009 - Alaric Snell-Pym <alaric@kitten-technologies.co.uk>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not see see <http://www.gnu.org/licenses/>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
#ifdef __NetBSD__
|
||||||
|
|
||||||
|
#include <errno.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <net/if_tap.h>
|
||||||
|
|
||||||
|
void tun_close(tuntap_dev *device);
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
#define N2N_NETBSD_TAPDEVICE_SIZE 32
|
||||||
|
int tuntap_open(tuntap_dev *device /* ignored */,
|
||||||
|
char *dev,
|
||||||
|
const char *address_mode, /* static or dhcp */
|
||||||
|
char *device_ip,
|
||||||
|
char *device_mask,
|
||||||
|
const char * device_mac,
|
||||||
|
int mtu) {
|
||||||
|
char tap_device[N2N_NETBSD_TAPDEVICE_SIZE];
|
||||||
|
struct ifreq req;
|
||||||
|
|
||||||
|
if (dev) {
|
||||||
|
snprintf(tap_device, sizeof(tap_device), "/dev/%s", dev);
|
||||||
|
device->fd = open(tap_device, O_RDWR);
|
||||||
|
snprintf(tap_device, sizeof(tap_device), "%s", dev);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
device->fd = open("/dev/tap", O_RDWR);
|
||||||
|
if(device->fd >= 0) {
|
||||||
|
if (ioctl(device->fd, TAPGIFNAME, &req) == -1) {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to obtain name of tap device (%s)", strerror(errno));
|
||||||
|
close(device->fd);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
snprintf(tap_device, sizeof(tap_device), req.ifr_name);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device->fd < 0) {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to open tap device (%s)", strerror(errno));
|
||||||
|
return(-1);
|
||||||
|
} else {
|
||||||
|
char buf[256];
|
||||||
|
FILE *fd;
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Succesfully open %s", tap_device);
|
||||||
|
|
||||||
|
device->ip_addr = inet_addr(device_ip);
|
||||||
|
|
||||||
|
if ( device_mac && device_mac[0] != '\0' )
|
||||||
|
{
|
||||||
|
/* Set the hw address before bringing the if up. */
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig %s link %s active",
|
||||||
|
tap_device, device_mac);
|
||||||
|
system(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig %s %s netmask %s mtu %d up",
|
||||||
|
tap_device, device_ip, device_mask, mtu);
|
||||||
|
system(buf);
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface %s up and running (%s/%s)",
|
||||||
|
tap_device, device_ip, device_mask);
|
||||||
|
|
||||||
|
/* Read MAC address */
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig %s |grep address|cut -c 11-28", tap_device);
|
||||||
|
/* traceEvent(TRACE_INFO, "%s", buf); */
|
||||||
|
|
||||||
|
fd = popen(buf, "r");
|
||||||
|
if(fd < 0) {
|
||||||
|
tun_close(device);
|
||||||
|
return(-1);
|
||||||
|
} else {
|
||||||
|
int a, b, c, d, e, f;
|
||||||
|
|
||||||
|
buf[0] = 0;
|
||||||
|
fgets(buf, sizeof(buf), fd);
|
||||||
|
pclose(fd);
|
||||||
|
|
||||||
|
if(buf[0] == '\0') {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to read %s interface MAC address", tap_device);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface %s mac %s", tap_device, buf);
|
||||||
|
if(sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", &a, &b, &c, &d, &e, &f) == 6) {
|
||||||
|
device->mac_addr[0] = a, device->mac_addr[1] = b;
|
||||||
|
device->mac_addr[2] = c, device->mac_addr[3] = d;
|
||||||
|
device->mac_addr[4] = e, device->mac_addr[5] = f;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* read_mac(dev, device->mac_addr); */
|
||||||
|
return(device->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
int tuntap_read(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(read(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
int tuntap_write(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(write(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
void tuntap_close(struct tuntap_dev *tuntap) {
|
||||||
|
close(tuntap->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill out the ip_addr value from the interface. Called to pick up dynamic
|
||||||
|
* address changes. */
|
||||||
|
void tuntap_get_address(struct tuntap_dev *tuntap)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* #ifdef __NetBSD__ */
|
132
tuntap_osx.c
Normal file
132
tuntap_osx.c
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
/*
|
||||||
|
* (C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not see see <http://www.gnu.org/licenses/>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
|
||||||
|
#ifdef _DARWIN_
|
||||||
|
|
||||||
|
void tun_close(tuntap_dev *device);
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
#define N2N_OSX_TAPDEVICE_SIZE 32
|
||||||
|
int tuntap_open(tuntap_dev *device /* ignored */,
|
||||||
|
char *dev,
|
||||||
|
const char *address_mode, /* static or dhcp */
|
||||||
|
char *device_ip,
|
||||||
|
char *device_mask,
|
||||||
|
const char * device_mac,
|
||||||
|
int mtu) {
|
||||||
|
int i;
|
||||||
|
char tap_device[N2N_OSX_TAPDEVICE_SIZE];
|
||||||
|
|
||||||
|
for (i = 0; i < 255; i++) {
|
||||||
|
snprintf(tap_device, sizeof(tap_device), "/dev/tap%d", i);
|
||||||
|
|
||||||
|
device->fd = open(tap_device, O_RDWR);
|
||||||
|
if(device->fd > 0) {
|
||||||
|
traceEvent(TRACE_NORMAL, "Succesfully open %s", tap_device);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device->fd < 0) {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to open tap device");
|
||||||
|
return(-1);
|
||||||
|
} else {
|
||||||
|
char buf[256];
|
||||||
|
FILE *fd;
|
||||||
|
|
||||||
|
device->ip_addr = inet_addr(device_ip);
|
||||||
|
|
||||||
|
if ( device_mac && device_mac[0] != '\0' )
|
||||||
|
{
|
||||||
|
/* FIXME - This is not tested. Might be wrong syntax for OS X */
|
||||||
|
|
||||||
|
/* Set the hw address before bringing the if up. */
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig tap%d ether %s",
|
||||||
|
i, device_mac);
|
||||||
|
system(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig tap%d %s netmask %s mtu %d up",
|
||||||
|
i, device_ip, device_mask, mtu);
|
||||||
|
system(buf);
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface tap%d up and running (%s/%s)",
|
||||||
|
i, device_ip, device_mask);
|
||||||
|
|
||||||
|
/* Read MAC address */
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "ifconfig tap%d |grep ether|cut -c 8-24", i);
|
||||||
|
/* traceEvent(TRACE_INFO, "%s", buf); */
|
||||||
|
|
||||||
|
fd = popen(buf, "r");
|
||||||
|
if(fd < 0) {
|
||||||
|
tun_close(device);
|
||||||
|
return(-1);
|
||||||
|
} else {
|
||||||
|
int a, b, c, d, e, f;
|
||||||
|
|
||||||
|
buf[0] = 0;
|
||||||
|
fgets(buf, sizeof(buf), fd);
|
||||||
|
pclose(fd);
|
||||||
|
|
||||||
|
if(buf[0] == '\0') {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to read tap%d interface MAC address");
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
traceEvent(TRACE_NORMAL, "Interface tap%d [MTU %d] mac %s", i, mtu, buf);
|
||||||
|
if(sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", &a, &b, &c, &d, &e, &f) == 6) {
|
||||||
|
device->mac_addr[0] = a, device->mac_addr[1] = b;
|
||||||
|
device->mac_addr[2] = c, device->mac_addr[3] = d;
|
||||||
|
device->mac_addr[4] = e, device->mac_addr[5] = f;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* read_mac(dev, device->mac_addr); */
|
||||||
|
return(device->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
int tuntap_read(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(read(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
int tuntap_write(struct tuntap_dev *tuntap, unsigned char *buf, int len) {
|
||||||
|
return(write(tuntap->fd, buf, len));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ********************************** */
|
||||||
|
|
||||||
|
void tuntap_close(struct tuntap_dev *tuntap) {
|
||||||
|
close(tuntap->fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill out the ip_addr value from the interface. Called to pick up dynamic
|
||||||
|
* address changes. */
|
||||||
|
void tuntap_get_address(struct tuntap_dev *tuntap)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* _DARWIN_ */
|
292
twofish.h
Normal file
292
twofish.h
Normal file
|
@ -0,0 +1,292 @@
|
||||||
|
/* $Id: twofish.h,v 2.0 2002/08/11 22:32:25 fknobbe Exp $
|
||||||
|
*
|
||||||
|
*
|
||||||
|
* Copyright (C) 1997-2000 The Cryptix Foundation Limited.
|
||||||
|
* Copyright (C) 2000 Farm9.
|
||||||
|
* Copyright (C) 2001 Frank Knobbe.
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* For Cryptix code:
|
||||||
|
* Use, modification, copying and distribution of this software is subject
|
||||||
|
* the terms and conditions of the Cryptix General Licence. You should have
|
||||||
|
* received a copy of the Cryptix General Licence along with this library;
|
||||||
|
* if not, you can download a copy from http://www.cryptix.org/ .
|
||||||
|
*
|
||||||
|
* For Farm9:
|
||||||
|
* --- jojo@farm9.com, August 2000, converted from Java to C++, added CBC mode and
|
||||||
|
* ciphertext stealing technique, added AsciiTwofish class for easy encryption
|
||||||
|
* decryption of text strings
|
||||||
|
*
|
||||||
|
* Frank Knobbe <frank@knobbe.us>:
|
||||||
|
* --- April 2001, converted from C++ to C, prefixed global variables
|
||||||
|
* with TwoFish, substituted some defines, changed functions to make use of
|
||||||
|
* variables supplied in a struct, modified and added routines for modular calls.
|
||||||
|
* Cleaned up the code so that defines are used instead of fixed 16's and 32's.
|
||||||
|
* Created two general purpose crypt routines for one block and multiple block
|
||||||
|
* encryption using Joh's CBC code.
|
||||||
|
* Added crypt routines that use a header (with a magic and data length).
|
||||||
|
* (Basically a major rewrite).
|
||||||
|
*
|
||||||
|
* Note: Routines labeled _TwoFish are private and should not be used
|
||||||
|
* (or with extreme caution).
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef __TWOFISH_LIBRARY_HEADER__
|
||||||
|
#define __TWOFISH_LIBRARY_HEADER__
|
||||||
|
|
||||||
|
#ifndef FALSE
|
||||||
|
#define FALSE 0
|
||||||
|
#endif
|
||||||
|
#ifndef TRUE
|
||||||
|
#define TRUE !FALSE
|
||||||
|
#endif
|
||||||
|
#ifndef bool
|
||||||
|
#define bool int
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef WIN32
|
||||||
|
#include "win32/n2n_win32.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef _MSC_VER
|
||||||
|
/* Not shipped with Visual Studio (as stated by the stdint.h wikipedia page) */
|
||||||
|
#include <stdint.h> /* defines uintN_t types */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef __sun__ /* Should be HAVE_SYS_TYPES */
|
||||||
|
/* The following are redefinitions if sys/types.h has been included too.*/
|
||||||
|
typedef uint32_t uint32_t;
|
||||||
|
typedef uint8_t uint8_t;
|
||||||
|
#endif /* #ifdef __sun__ */
|
||||||
|
|
||||||
|
/* Constants */
|
||||||
|
|
||||||
|
#define TwoFish_DEFAULT_PW "SnortHas2FishEncryptionRoutines!" /* default password (not more than 32 chars) */
|
||||||
|
#define TwoFish_DEFAULT_PW_LEN 32
|
||||||
|
#define TwoFish_MAGIC "TwoFish" /* to indentify a successful decryption */
|
||||||
|
|
||||||
|
enum
|
||||||
|
{ TwoFish_KEY_SIZE = 256, /* Valid values: 64, 128, 192, 256 */
|
||||||
|
/* User 256, other key sizes have not been tested. */
|
||||||
|
/* (But should work. I substitutes as much as */
|
||||||
|
/* I could with this define.) */
|
||||||
|
TwoFish_ROUNDS = 16,
|
||||||
|
TwoFish_BLOCK_SIZE = 16, /* bytes in a data-block */
|
||||||
|
TwoFish_KEY_LENGTH = TwoFish_KEY_SIZE/8, /* 32= 256-bit key */
|
||||||
|
TwoFish_TOTAL_SUBKEYS = 4+4+2*TwoFish_ROUNDS,
|
||||||
|
TwoFish_MAGIC_LEN = TwoFish_BLOCK_SIZE-8,
|
||||||
|
TwoFish_SK_BUMP = 0x01010101,
|
||||||
|
TwoFish_SK_ROTL = 9,
|
||||||
|
TwoFish_P_00 = 1,
|
||||||
|
TwoFish_P_01 = 0,
|
||||||
|
TwoFish_P_02 = 0,
|
||||||
|
TwoFish_P_03 = TwoFish_P_01 ^ 1,
|
||||||
|
TwoFish_P_04 = 1,
|
||||||
|
TwoFish_P_10 = 0,
|
||||||
|
TwoFish_P_11 = 0,
|
||||||
|
TwoFish_P_12 = 1,
|
||||||
|
TwoFish_P_13 = TwoFish_P_11 ^ 1,
|
||||||
|
TwoFish_P_14 = 0,
|
||||||
|
TwoFish_P_20 = 1,
|
||||||
|
TwoFish_P_21 = 1,
|
||||||
|
TwoFish_P_22 = 0,
|
||||||
|
TwoFish_P_23 = TwoFish_P_21 ^ 1,
|
||||||
|
TwoFish_P_24 = 0,
|
||||||
|
TwoFish_P_30 = 0,
|
||||||
|
TwoFish_P_31 = 1,
|
||||||
|
TwoFish_P_32 = 1,
|
||||||
|
TwoFish_P_33 = TwoFish_P_31 ^ 1,
|
||||||
|
TwoFish_P_34 = 1,
|
||||||
|
TwoFish_GF256_FDBK = 0x169,
|
||||||
|
TwoFish_GF256_FDBK_2 = 0x169 / 2,
|
||||||
|
TwoFish_GF256_FDBK_4 = 0x169 / 4,
|
||||||
|
TwoFish_RS_GF_FDBK = 0x14D, /* field generator */
|
||||||
|
TwoFish_MDS_GF_FDBK = 0x169 /* primitive polynomial for GF(256) */
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/* Global data structure for callers */
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
uint32_t sBox[4 * 256]; /* Key dependent S-box */
|
||||||
|
uint32_t subKeys[TwoFish_TOTAL_SUBKEYS]; /* Subkeys */
|
||||||
|
uint8_t key[TwoFish_KEY_LENGTH]; /* Encryption Key */
|
||||||
|
uint8_t *output; /* Pointer to output buffer */
|
||||||
|
uint8_t qBlockPlain[TwoFish_BLOCK_SIZE]; /* Used by CBC */
|
||||||
|
uint8_t qBlockCrypt[TwoFish_BLOCK_SIZE];
|
||||||
|
uint8_t prevCipher[TwoFish_BLOCK_SIZE];
|
||||||
|
struct /* Header for crypt functions. Has to be at least one block long. */
|
||||||
|
{ uint32_t salt; /* Random salt in first block (will salt the rest through CBC) */
|
||||||
|
uint8_t length[4]; /* The amount of data following the header */
|
||||||
|
uint8_t magic[TwoFish_MAGIC_LEN]; /* Magic to identify successful decryption */
|
||||||
|
} header;
|
||||||
|
bool qBlockDefined;
|
||||||
|
bool dontflush;
|
||||||
|
} TWOFISH;
|
||||||
|
|
||||||
|
#ifndef __TWOFISH_LIBRARY_SOURCE__
|
||||||
|
|
||||||
|
extern bool TwoFish_srand; /* if set to TRUE (default), first call of TwoFishInit will seed rand(); */
|
||||||
|
/* call of TwoFishInit */
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/**** Public Functions ****/
|
||||||
|
|
||||||
|
/* TwoFish Initialization
|
||||||
|
*
|
||||||
|
* This routine generates a global data structure for use with TwoFish,
|
||||||
|
* initializes important values (such as subkeys, sBoxes), generates subkeys
|
||||||
|
* and precomputes the MDS matrix if not already done.
|
||||||
|
*
|
||||||
|
* Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!')
|
||||||
|
*
|
||||||
|
* Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
|
||||||
|
* This pointer is used with all other crypt functions.
|
||||||
|
*/
|
||||||
|
TWOFISH *TwoFishInit(const uint8_t *userkey, uint32_t keysize );
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Destroy
|
||||||
|
*
|
||||||
|
* Nothing else but a free...
|
||||||
|
*
|
||||||
|
* Input: Pointer to the TwoFish structure.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void TwoFishDestroy(TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Alloc
|
||||||
|
*
|
||||||
|
* Allocates enough memory for the output buffer as required.
|
||||||
|
*
|
||||||
|
* Input: Length of the plaintext.
|
||||||
|
* Boolean flag for BinHex Output.
|
||||||
|
* Pointer to the TwoFish structure.
|
||||||
|
*
|
||||||
|
* Output: Returns a pointer to the memory allocated.
|
||||||
|
*/
|
||||||
|
void *TwoFishAlloc(uint32_t len,bool binhex,bool decrypt,TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Free
|
||||||
|
*
|
||||||
|
* Free's the allocated buffer.
|
||||||
|
*
|
||||||
|
* Input: Pointer to the TwoFish structure
|
||||||
|
*
|
||||||
|
* Output: (none)
|
||||||
|
*/
|
||||||
|
void TwoFishFree(TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Set Output
|
||||||
|
*
|
||||||
|
* If you want to allocate the output buffer yourself,
|
||||||
|
* then you can set it with this function.
|
||||||
|
*
|
||||||
|
* Input: Pointer to your output buffer
|
||||||
|
* Pointer to the TwoFish structure
|
||||||
|
*
|
||||||
|
* Output: (none)
|
||||||
|
*/
|
||||||
|
void TwoFishSetOutput(uint8_t *outp,TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Raw Encryption
|
||||||
|
*
|
||||||
|
* Does not use header, but does use CBC (if more than one block has to be encrypted).
|
||||||
|
*
|
||||||
|
* Input: Pointer to the buffer of the plaintext to be encrypted.
|
||||||
|
* Pointer to the buffer receiving the ciphertext.
|
||||||
|
* The length of the plaintext buffer.
|
||||||
|
* The TwoFish structure.
|
||||||
|
*
|
||||||
|
* Output: The amount of bytes encrypted if successful, otherwise 0.
|
||||||
|
*/
|
||||||
|
uint32_t TwoFishEncryptRaw(uint8_t *in,uint8_t *out,uint32_t len,TWOFISH *tfdata);
|
||||||
|
|
||||||
|
/* TwoFish Raw Decryption
|
||||||
|
*
|
||||||
|
* Does not use header, but does use CBC (if more than one block has to be decrypted).
|
||||||
|
*
|
||||||
|
* Input: Pointer to the buffer of the ciphertext to be decrypted.
|
||||||
|
* Pointer to the buffer receiving the plaintext.
|
||||||
|
* The length of the ciphertext buffer (at least one cipher block).
|
||||||
|
* The TwoFish structure.
|
||||||
|
*
|
||||||
|
* Output: The amount of bytes decrypted if successful, otherwise 0.
|
||||||
|
*/
|
||||||
|
uint32_t TwoFishDecryptRaw(uint8_t *in,uint8_t *out,uint32_t len,TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Encryption
|
||||||
|
*
|
||||||
|
* Uses header and CBC. If the output area has not been intialized with TwoFishAlloc,
|
||||||
|
* this routine will alloc the memory. In addition, it will include a small 'header'
|
||||||
|
* containing the magic and some salt. That way the decrypt routine can check if the
|
||||||
|
* packet got decrypted successfully, and return 0 instead of garbage.
|
||||||
|
*
|
||||||
|
* Input: Pointer to the buffer of the plaintext to be encrypted.
|
||||||
|
* Pointer to the pointer to the buffer receiving the ciphertext.
|
||||||
|
* The pointer either points to user allocated output buffer space, or to NULL, in which case
|
||||||
|
* this routine will set the pointer to the buffer allocated through the struct.
|
||||||
|
* The length of the plaintext buffer.
|
||||||
|
* Can be -1 if the input is a null terminated string, in which case we'll count for you.
|
||||||
|
* Boolean flag for BinHex Output (if used, output will be twice as large as input).
|
||||||
|
* Note: BinHex conversion overwrites (converts) input buffer!
|
||||||
|
* The TwoFish structure.
|
||||||
|
*
|
||||||
|
* Output: The amount of bytes encrypted if successful, otherwise 0.
|
||||||
|
*/
|
||||||
|
uint32_t TwoFishEncrypt(uint8_t *in,uint8_t **out,signed long len,bool binhex,TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/* TwoFish Decryption
|
||||||
|
*
|
||||||
|
* Uses header and CBC. If the output area has not been intialized with TwoFishAlloc,
|
||||||
|
* this routine will alloc the memory. In addition, it will check the small 'header'
|
||||||
|
* containing the magic. If magic does not match we return 0. Otherwise we return the
|
||||||
|
* amount of bytes decrypted (should be the same as the length in the header).
|
||||||
|
*
|
||||||
|
* Input: Pointer to the buffer of the ciphertext to be decrypted.
|
||||||
|
* Pointer to the pointer to the buffer receiving the plaintext.
|
||||||
|
* The pointer either points to user allocated output buffer space, or to NULL, in which case
|
||||||
|
* this routine will set the pointer to the buffer allocated through the struct.
|
||||||
|
* The length of the ciphertext buffer.
|
||||||
|
* Can be -1 if the input is a null terminated binhex string, in which case we'll count for you.
|
||||||
|
* Boolean flag for BinHex Input (if used, plaintext will be half as large as input).
|
||||||
|
* Note: BinHex conversion overwrites (converts) input buffer!
|
||||||
|
* The TwoFish structure.
|
||||||
|
*
|
||||||
|
* Output: The amount of bytes decrypted if successful, otherwise 0.
|
||||||
|
*/
|
||||||
|
uint32_t TwoFishDecrypt(uint8_t *in,uint8_t **out,signed long len,bool binhex,TWOFISH *tfdata);
|
||||||
|
|
||||||
|
|
||||||
|
/**** Private Functions ****/
|
||||||
|
|
||||||
|
uint8_t TwoFish__b(uint32_t x,int n);
|
||||||
|
void _TwoFish_BinHex(uint8_t *buf,uint32_t len,bool bintohex);
|
||||||
|
uint32_t _TwoFish_CryptRawCBC(uint8_t *in,uint8_t *out,uint32_t len,bool decrypt,TWOFISH *tfdata);
|
||||||
|
uint32_t _TwoFish_CryptRaw16(uint8_t *in,uint8_t *out,uint32_t len,bool decrypt,TWOFISH *tfdata);
|
||||||
|
uint32_t _TwoFish_CryptRaw(uint8_t *in,uint8_t *out,uint32_t len,bool decrypt,TWOFISH *tfdata);
|
||||||
|
void _TwoFish_PrecomputeMDSmatrix(void);
|
||||||
|
void _TwoFish_MakeSubKeys(TWOFISH *tfdata);
|
||||||
|
void _TwoFish_qBlockPush(uint8_t *p,uint8_t *c,TWOFISH *tfdata);
|
||||||
|
void _TwoFish_qBlockPop(uint8_t *p,uint8_t *c,TWOFISH *tfdata);
|
||||||
|
void _TwoFish_ResetCBC(TWOFISH *tfdata);
|
||||||
|
void _TwoFish_FlushOutput(uint8_t *b,uint32_t len,TWOFISH *tfdata);
|
||||||
|
void _TwoFish_BlockCrypt(uint8_t *in,uint8_t *out,uint32_t size,int decrypt,TWOFISH *tfdata);
|
||||||
|
void _TwoFish_BlockCrypt16(uint8_t *in,uint8_t *out,bool decrypt,TWOFISH *tfdata);
|
||||||
|
uint32_t _TwoFish_RS_MDS_Encode(uint32_t k0,uint32_t k1);
|
||||||
|
uint32_t _TwoFish_F32(uint32_t k64Cnt,uint32_t x,uint32_t *k32);
|
||||||
|
uint32_t _TwoFish_Fe320(uint32_t *lsBox,uint32_t x);
|
||||||
|
uint32_t _TwoFish_Fe323(uint32_t *lsBox,uint32_t x);
|
||||||
|
uint32_t _TwoFish_Fe32(uint32_t *lsBox,uint32_t x,uint32_t R);
|
||||||
|
|
||||||
|
|
||||||
|
#endif
|
3
version.c
Normal file
3
version.c
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
const char * n2n_sw_version = N2N_VERSION;
|
||||||
|
const char * n2n_sw_osName = N2N_OSNAME;
|
||||||
|
const char * n2n_sw_buildDate = __DATE__ " " __TIME__;
|
4
win32/CMakeLists.txt
Normal file
4
win32/CMakeLists.txt
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
add_library(n2n_win32
|
||||||
|
win32/getopt1.c
|
||||||
|
win32/getopt.c
|
||||||
|
win32/wintap.c)
|
26
win32/DotNet/n2n.sln
Normal file
26
win32/DotNet/n2n.sln
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
|
||||||
|
Microsoft Visual Studio Solution File, Format Version 10.00
|
||||||
|
# Visual C++ Express 2008
|
||||||
|
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "edge", "n2n.vcproj", "{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}"
|
||||||
|
EndProject
|
||||||
|
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "supernode", "supernode.vcproj", "{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}"
|
||||||
|
EndProject
|
||||||
|
Global
|
||||||
|
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||||
|
Debug|Win32 = Debug|Win32
|
||||||
|
Release|Win32 = Release|Win32
|
||||||
|
EndGlobalSection
|
||||||
|
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
||||||
|
{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
|
{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
|
{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Release|Win32.ActiveCfg = Release|Win32
|
||||||
|
{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}.Release|Win32.Build.0 = Release|Win32
|
||||||
|
{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
|
{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
|
{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Release|Win32.ActiveCfg = Release|Win32
|
||||||
|
{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}.Release|Win32.Build.0 = Release|Win32
|
||||||
|
EndGlobalSection
|
||||||
|
GlobalSection(SolutionProperties) = preSolution
|
||||||
|
HideSolutionNode = FALSE
|
||||||
|
EndGlobalSection
|
||||||
|
EndGlobal
|
BIN
win32/DotNet/n2n.suo
Normal file
BIN
win32/DotNet/n2n.suo
Normal file
Binary file not shown.
300
win32/DotNet/n2n.vcproj
Normal file
300
win32/DotNet/n2n.vcproj
Normal file
|
@ -0,0 +1,300 @@
|
||||||
|
<?xml version="1.0" encoding="Windows-1252"?>
|
||||||
|
<VisualStudioProject
|
||||||
|
ProjectType="Visual C++"
|
||||||
|
Version="9,00"
|
||||||
|
Name="edge"
|
||||||
|
ProjectGUID="{4911ADD4-08A3-4C9F-B9C9-9492DA10D01D}"
|
||||||
|
RootNamespace="n2n"
|
||||||
|
Keyword="Win32Proj"
|
||||||
|
TargetFrameworkVersion="131072"
|
||||||
|
>
|
||||||
|
<Platforms>
|
||||||
|
<Platform
|
||||||
|
Name="Win32"
|
||||||
|
/>
|
||||||
|
</Platforms>
|
||||||
|
<ToolFiles>
|
||||||
|
</ToolFiles>
|
||||||
|
<Configurations>
|
||||||
|
<Configuration
|
||||||
|
Name="Debug|Win32"
|
||||||
|
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
||||||
|
IntermediateDirectory="$(ConfigurationName)"
|
||||||
|
ConfigurationType="1"
|
||||||
|
CharacterSet="2"
|
||||||
|
>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreBuildEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCustomBuildTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXMLDataGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCWebServiceProxyGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCMIDLTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCLCompilerTool"
|
||||||
|
UseUnicodeResponseFiles="false"
|
||||||
|
Optimization="0"
|
||||||
|
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
|
||||||
|
MinimalRebuild="true"
|
||||||
|
BasicRuntimeChecks="3"
|
||||||
|
RuntimeLibrary="3"
|
||||||
|
UsePrecompiledHeader="0"
|
||||||
|
WarningLevel="3"
|
||||||
|
Detect64BitPortabilityProblems="false"
|
||||||
|
DebugInformationFormat="4"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManagedResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreLinkEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCLinkerTool"
|
||||||
|
AdditionalDependencies="Ws2_32.lib Advapi32.lib libeay32.lib"
|
||||||
|
LinkIncremental="2"
|
||||||
|
GenerateDebugInformation="true"
|
||||||
|
SubSystem="1"
|
||||||
|
RandomizedBaseAddress="1"
|
||||||
|
DataExecutionPrevention="0"
|
||||||
|
TargetMachine="1"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCALinkTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManifestTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXDCMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCBscMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCFxCopTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCAppVerifierTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPostBuildEventTool"
|
||||||
|
/>
|
||||||
|
</Configuration>
|
||||||
|
<Configuration
|
||||||
|
Name="Release|Win32"
|
||||||
|
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
||||||
|
IntermediateDirectory="$(ConfigurationName)"
|
||||||
|
ConfigurationType="1"
|
||||||
|
CharacterSet="2"
|
||||||
|
WholeProgramOptimization="1"
|
||||||
|
>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreBuildEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCustomBuildTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXMLDataGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCWebServiceProxyGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCMIDLTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCLCompilerTool"
|
||||||
|
Optimization="2"
|
||||||
|
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
|
||||||
|
RuntimeLibrary="0"
|
||||||
|
UsePrecompiledHeader="0"
|
||||||
|
WarningLevel="3"
|
||||||
|
Detect64BitPortabilityProblems="false"
|
||||||
|
DebugInformationFormat="3"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManagedResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreLinkEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCLinkerTool"
|
||||||
|
AdditionalDependencies="Ws2_32.lib Advapi32.lib libeay32.lib"
|
||||||
|
LinkIncremental="1"
|
||||||
|
GenerateDebugInformation="true"
|
||||||
|
SubSystem="1"
|
||||||
|
OptimizeReferences="2"
|
||||||
|
EnableCOMDATFolding="2"
|
||||||
|
RandomizedBaseAddress="1"
|
||||||
|
DataExecutionPrevention="0"
|
||||||
|
TargetMachine="1"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCALinkTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManifestTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXDCMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCBscMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCFxCopTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCAppVerifierTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPostBuildEventTool"
|
||||||
|
/>
|
||||||
|
</Configuration>
|
||||||
|
</Configurations>
|
||||||
|
<References>
|
||||||
|
</References>
|
||||||
|
<Files>
|
||||||
|
<Filter
|
||||||
|
Name="Source Files"
|
||||||
|
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
||||||
|
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
||||||
|
>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\edge.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\getopt.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\getopt1.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\minilzo.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n_keyfile.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\transform_aes.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\transform_null.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\transform_tf.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\twofish.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\version-msvc.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\wintap.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\wire.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
</Filter>
|
||||||
|
<Filter
|
||||||
|
Name="Header Files"
|
||||||
|
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
||||||
|
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
||||||
|
>
|
||||||
|
<File
|
||||||
|
RelativePath="..\getopt.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\lzoconf.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\lzodefs.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\minilzo.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n_keyfile.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n_transforms.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\n2n_win32.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n_wire.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\twofish.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\wintap.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
</Filter>
|
||||||
|
<Filter
|
||||||
|
Name="Resource Files"
|
||||||
|
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
||||||
|
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
||||||
|
>
|
||||||
|
</Filter>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\HACKING"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\README"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
</Files>
|
||||||
|
<Globals>
|
||||||
|
</Globals>
|
||||||
|
</VisualStudioProject>
|
226
win32/DotNet/supernode.vcproj
Normal file
226
win32/DotNet/supernode.vcproj
Normal file
|
@ -0,0 +1,226 @@
|
||||||
|
<?xml version="1.0" encoding="windows-1250"?>
|
||||||
|
<VisualStudioProject
|
||||||
|
ProjectType="Visual C++"
|
||||||
|
Version="9,00"
|
||||||
|
Name="supernode"
|
||||||
|
ProjectGUID="{BDB93CAB-BE22-4ED6-9A05-2E4D6F1D76E1}"
|
||||||
|
RootNamespace="supernode"
|
||||||
|
TargetFrameworkVersion="196613"
|
||||||
|
>
|
||||||
|
<Platforms>
|
||||||
|
<Platform
|
||||||
|
Name="Win32"
|
||||||
|
/>
|
||||||
|
</Platforms>
|
||||||
|
<ToolFiles>
|
||||||
|
</ToolFiles>
|
||||||
|
<Configurations>
|
||||||
|
<Configuration
|
||||||
|
Name="Debug|Win32"
|
||||||
|
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
||||||
|
IntermediateDirectory="$(ConfigurationName)"
|
||||||
|
ConfigurationType="1"
|
||||||
|
CharacterSet="2"
|
||||||
|
>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreBuildEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCustomBuildTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXMLDataGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCWebServiceProxyGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCMIDLTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCLCompilerTool"
|
||||||
|
Optimization="0"
|
||||||
|
MinimalRebuild="true"
|
||||||
|
BasicRuntimeChecks="3"
|
||||||
|
RuntimeLibrary="3"
|
||||||
|
WarningLevel="3"
|
||||||
|
DebugInformationFormat="4"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManagedResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreLinkEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCLinkerTool"
|
||||||
|
GenerateDebugInformation="true"
|
||||||
|
TargetMachine="1"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCALinkTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManifestTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXDCMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCBscMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCFxCopTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCAppVerifierTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPostBuildEventTool"
|
||||||
|
/>
|
||||||
|
</Configuration>
|
||||||
|
<Configuration
|
||||||
|
Name="Release|Win32"
|
||||||
|
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
||||||
|
IntermediateDirectory="$(ConfigurationName)"
|
||||||
|
ConfigurationType="1"
|
||||||
|
CharacterSet="2"
|
||||||
|
WholeProgramOptimization="1"
|
||||||
|
>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreBuildEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCustomBuildTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXMLDataGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCWebServiceProxyGeneratorTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCMIDLTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCCLCompilerTool"
|
||||||
|
Optimization="2"
|
||||||
|
EnableIntrinsicFunctions="false"
|
||||||
|
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
|
||||||
|
RuntimeLibrary="0"
|
||||||
|
EnableFunctionLevelLinking="false"
|
||||||
|
WarningLevel="3"
|
||||||
|
DebugInformationFormat="3"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManagedResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCResourceCompilerTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPreLinkEventTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCLinkerTool"
|
||||||
|
AdditionalDependencies="Ws2_32.lib"
|
||||||
|
GenerateDebugInformation="true"
|
||||||
|
OptimizeReferences="2"
|
||||||
|
EnableCOMDATFolding="2"
|
||||||
|
TargetMachine="1"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCALinkTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCManifestTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCXDCMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCBscMakeTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCFxCopTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCAppVerifierTool"
|
||||||
|
/>
|
||||||
|
<Tool
|
||||||
|
Name="VCPostBuildEventTool"
|
||||||
|
/>
|
||||||
|
</Configuration>
|
||||||
|
</Configurations>
|
||||||
|
<References>
|
||||||
|
</References>
|
||||||
|
<Files>
|
||||||
|
<Filter
|
||||||
|
Name="Source Files"
|
||||||
|
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
||||||
|
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
||||||
|
>
|
||||||
|
<File
|
||||||
|
RelativePath="..\getopt.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\getopt1.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\sn.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\version-msvc.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\wintap.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\wire.c"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
</Filter>
|
||||||
|
<Filter
|
||||||
|
Name="Header Files"
|
||||||
|
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
||||||
|
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
||||||
|
>
|
||||||
|
<File
|
||||||
|
RelativePath="..\getopt.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\n2n_win32.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
<File
|
||||||
|
RelativePath="..\..\n2n_wire.h"
|
||||||
|
>
|
||||||
|
</File>
|
||||||
|
</Filter>
|
||||||
|
<Filter
|
||||||
|
Name="Resource Files"
|
||||||
|
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
||||||
|
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
||||||
|
>
|
||||||
|
</Filter>
|
||||||
|
</Files>
|
||||||
|
<Globals>
|
||||||
|
</Globals>
|
||||||
|
</VisualStudioProject>
|
1074
win32/getopt.c
Normal file
1074
win32/getopt.c
Normal file
File diff suppressed because it is too large
Load Diff
169
win32/getopt.h
Normal file
169
win32/getopt.h
Normal file
|
@ -0,0 +1,169 @@
|
||||||
|
/* Declarations for getopt.
|
||||||
|
Copyright (C) 1989,90,91,92,93,94,96,97,98 Free Software Foundation, Inc.
|
||||||
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU Library General Public License as
|
||||||
|
published by the Free Software Foundation; either version 2 of the
|
||||||
|
License, or (at your option) any later version.
|
||||||
|
|
||||||
|
The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
Library General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Library General Public
|
||||||
|
License along with the GNU C Library; see the file COPYING.LIB. If not,
|
||||||
|
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
Boston, MA 02111-1307, USA. */
|
||||||
|
|
||||||
|
#ifndef _GETOPT_H
|
||||||
|
|
||||||
|
#ifndef __need_getopt
|
||||||
|
# define _GETOPT_H 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* For communication from `getopt' to the caller.
|
||||||
|
When `getopt' finds an option that takes an argument,
|
||||||
|
the argument value is returned here.
|
||||||
|
Also, when `ordering' is RETURN_IN_ORDER,
|
||||||
|
each non-option ARGV-element is returned here. */
|
||||||
|
|
||||||
|
extern char *optarg;
|
||||||
|
|
||||||
|
/* Index in ARGV of the next element to be scanned.
|
||||||
|
This is used for communication to and from the caller
|
||||||
|
and for communication between successive calls to `getopt'.
|
||||||
|
|
||||||
|
On entry to `getopt', zero means this is the first call; initialize.
|
||||||
|
|
||||||
|
When `getopt' returns -1, this is the index of the first of the
|
||||||
|
non-option elements that the caller should itself scan.
|
||||||
|
|
||||||
|
Otherwise, `optind' communicates from one call to the next
|
||||||
|
how much of ARGV has been scanned so far. */
|
||||||
|
|
||||||
|
extern int optind;
|
||||||
|
|
||||||
|
/* Callers store zero here to inhibit the error message `getopt' prints
|
||||||
|
for unrecognized options. */
|
||||||
|
|
||||||
|
extern int opterr;
|
||||||
|
|
||||||
|
/* Set to an option character which was unrecognized. */
|
||||||
|
|
||||||
|
extern int optopt;
|
||||||
|
|
||||||
|
#ifndef __need_getopt
|
||||||
|
/* Describe the long-named options requested by the application.
|
||||||
|
The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
|
||||||
|
of `struct option' terminated by an element containing a name which is
|
||||||
|
zero.
|
||||||
|
|
||||||
|
The field `has_arg' is:
|
||||||
|
no_argument (or 0) if the option does not take an argument,
|
||||||
|
required_argument (or 1) if the option requires an argument,
|
||||||
|
optional_argument (or 2) if the option takes an optional argument.
|
||||||
|
|
||||||
|
If the field `flag' is not NULL, it points to a variable that is set
|
||||||
|
to the value given in the field `val' when the option is found, but
|
||||||
|
left unchanged if the option is not found.
|
||||||
|
|
||||||
|
To have a long-named option do something other than set an `int' to
|
||||||
|
a compiled-in constant, such as set a value from `optarg', set the
|
||||||
|
option's `flag' field to zero and its `val' field to a nonzero
|
||||||
|
value (the equivalent single-letter option character, if there is
|
||||||
|
one). For long options that have a zero `flag' field, `getopt'
|
||||||
|
returns the contents of the `val' field. */
|
||||||
|
|
||||||
|
struct option
|
||||||
|
{
|
||||||
|
# if defined __STDC__ && __STDC__
|
||||||
|
const char *name;
|
||||||
|
# else
|
||||||
|
char *name;
|
||||||
|
# endif
|
||||||
|
/* has_arg can't be an enum because some compilers complain about
|
||||||
|
type mismatches in all the code that assumes it is an int. */
|
||||||
|
int has_arg;
|
||||||
|
int *flag;
|
||||||
|
int val;
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Names for the values of the `has_arg' field of `struct option'. */
|
||||||
|
|
||||||
|
# define no_argument 0
|
||||||
|
# define required_argument 1
|
||||||
|
# define optional_argument 2
|
||||||
|
#endif /* need getopt */
|
||||||
|
|
||||||
|
|
||||||
|
/* Get definitions and prototypes for functions to process the
|
||||||
|
arguments in ARGV (ARGC of them, minus the program name) for
|
||||||
|
options given in OPTS.
|
||||||
|
|
||||||
|
Return the option character from OPTS just read. Return -1 when
|
||||||
|
there are no more options. For unrecognized options, or options
|
||||||
|
missing arguments, `optopt' is set to the option letter, and '?' is
|
||||||
|
returned.
|
||||||
|
|
||||||
|
The OPTS string is a list of characters which are recognized option
|
||||||
|
letters, optionally followed by colons, specifying that that letter
|
||||||
|
takes an argument, to be placed in `optarg'.
|
||||||
|
|
||||||
|
If a letter in OPTS is followed by two colons, its argument is
|
||||||
|
optional. This behavior is specific to the GNU `getopt'.
|
||||||
|
|
||||||
|
The argument `--' causes premature termination of argument
|
||||||
|
scanning, explicitly telling `getopt' that there are no more
|
||||||
|
options.
|
||||||
|
|
||||||
|
If OPTS begins with `--', then non-option arguments are treated as
|
||||||
|
arguments to the option '\0'. This behavior is specific to the GNU
|
||||||
|
`getopt'. */
|
||||||
|
|
||||||
|
#if defined __STDC__ && __STDC__
|
||||||
|
# ifdef __GNU_LIBRARY__
|
||||||
|
/* Many other libraries have conflicting prototypes for getopt, with
|
||||||
|
differences in the consts, in stdlib.h. To avoid compilation
|
||||||
|
errors, only prototype getopt for the GNU C library. */
|
||||||
|
extern int getopt (int __argc, char *const *__argv, const char *__shortopts);
|
||||||
|
# else /* not __GNU_LIBRARY__ */
|
||||||
|
extern int getopt ();
|
||||||
|
# endif /* __GNU_LIBRARY__ */
|
||||||
|
|
||||||
|
# ifndef __need_getopt
|
||||||
|
extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
|
||||||
|
const struct option *__longopts, int *__longind);
|
||||||
|
extern int getopt_long_only (int __argc, char *const *__argv,
|
||||||
|
const char *__shortopts,
|
||||||
|
const struct option *__longopts, int *__longind);
|
||||||
|
|
||||||
|
/* Internal only. Users should not call this directly. */
|
||||||
|
extern int _getopt_internal (int __argc, char *const *__argv,
|
||||||
|
const char *__shortopts,
|
||||||
|
const struct option *__longopts, int *__longind,
|
||||||
|
int __long_only);
|
||||||
|
# endif
|
||||||
|
#else /* not __STDC__ */
|
||||||
|
extern int getopt ();
|
||||||
|
# ifndef __need_getopt
|
||||||
|
extern int getopt_long ();
|
||||||
|
extern int getopt_long_only ();
|
||||||
|
|
||||||
|
extern int _getopt_internal ();
|
||||||
|
# endif
|
||||||
|
#endif /* __STDC__ */
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Make sure we later can get all the definitions and declarations. */
|
||||||
|
#undef __need_getopt
|
||||||
|
|
||||||
|
#endif /* getopt.h */
|
188
win32/getopt1.c
Normal file
188
win32/getopt1.c
Normal file
|
@ -0,0 +1,188 @@
|
||||||
|
/* getopt_long and getopt_long_only entry points for GNU getopt.
|
||||||
|
Copyright (C) 1987,88,89,90,91,92,93,94,96,97,98
|
||||||
|
Free Software Foundation, Inc.
|
||||||
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU Library General Public License as
|
||||||
|
published by the Free Software Foundation; either version 2 of the
|
||||||
|
License, or (at your option) any later version.
|
||||||
|
|
||||||
|
The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
Library General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Library General Public
|
||||||
|
License along with the GNU C Library; see the file COPYING.LIB. If not,
|
||||||
|
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
Boston, MA 02111-1307, USA. */
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
#include <config.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "getopt.h"
|
||||||
|
|
||||||
|
#if !defined __STDC__ || !__STDC__
|
||||||
|
/* This is a separate conditional since some stdc systems
|
||||||
|
reject `defined (const)'. */
|
||||||
|
#ifndef const
|
||||||
|
#define const
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
/* Comment out all this code if we are using the GNU C Library, and are not
|
||||||
|
actually compiling the library itself. This code is part of the GNU C
|
||||||
|
Library, but also included in many other GNU distributions. Compiling
|
||||||
|
and linking in this code is a waste when using the GNU C library
|
||||||
|
(especially if it is a shared library). Rather than having every GNU
|
||||||
|
program understand `configure --with-gnu-libc' and omit the object files,
|
||||||
|
it is simpler to just do this in the source for each such file. */
|
||||||
|
|
||||||
|
#define GETOPT_INTERFACE_VERSION 2
|
||||||
|
#if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2
|
||||||
|
#include <gnu-versions.h>
|
||||||
|
#if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
|
||||||
|
#define ELIDE_CODE
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef ELIDE_CODE
|
||||||
|
|
||||||
|
|
||||||
|
/* This needs to come after some library #include
|
||||||
|
to get __GNU_LIBRARY__ defined. */
|
||||||
|
#ifdef __GNU_LIBRARY__
|
||||||
|
#include <stdlib.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef NULL
|
||||||
|
#define NULL 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int
|
||||||
|
getopt_long (argc, argv, options, long_options, opt_index)
|
||||||
|
int argc;
|
||||||
|
char *const *argv;
|
||||||
|
const char *options;
|
||||||
|
const struct option *long_options;
|
||||||
|
int *opt_index;
|
||||||
|
{
|
||||||
|
return _getopt_internal (argc, argv, options, long_options, opt_index, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Like getopt_long, but '-' as well as '--' can indicate a long option.
|
||||||
|
If an option that starts with '-' (not '--') doesn't match a long option,
|
||||||
|
but does match a short option, it is parsed as a short option
|
||||||
|
instead. */
|
||||||
|
|
||||||
|
int
|
||||||
|
getopt_long_only (argc, argv, options, long_options, opt_index)
|
||||||
|
int argc;
|
||||||
|
char *const *argv;
|
||||||
|
const char *options;
|
||||||
|
const struct option *long_options;
|
||||||
|
int *opt_index;
|
||||||
|
{
|
||||||
|
return _getopt_internal (argc, argv, options, long_options, opt_index, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* Not ELIDE_CODE. */
|
||||||
|
|
||||||
|
#ifdef TEST
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
int
|
||||||
|
main (argc, argv)
|
||||||
|
int argc;
|
||||||
|
char **argv;
|
||||||
|
{
|
||||||
|
int c;
|
||||||
|
int digit_optind = 0;
|
||||||
|
|
||||||
|
while (1)
|
||||||
|
{
|
||||||
|
int this_option_optind = optind ? optind : 1;
|
||||||
|
int option_index = 0;
|
||||||
|
static struct option long_options[] =
|
||||||
|
{
|
||||||
|
{"add", 1, 0, 0},
|
||||||
|
{"append", 0, 0, 0},
|
||||||
|
{"delete", 1, 0, 0},
|
||||||
|
{"verbose", 0, 0, 0},
|
||||||
|
{"create", 0, 0, 0},
|
||||||
|
{"file", 1, 0, 0},
|
||||||
|
{0, 0, 0, 0}
|
||||||
|
};
|
||||||
|
|
||||||
|
c = getopt_long (argc, argv, "abc:d:0123456789",
|
||||||
|
long_options, &option_index);
|
||||||
|
if (c == -1)
|
||||||
|
break;
|
||||||
|
|
||||||
|
switch (c)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
printf ("option %s", long_options[option_index].name);
|
||||||
|
if (optarg)
|
||||||
|
printf (" with arg %s", optarg);
|
||||||
|
printf ("\n");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case '0':
|
||||||
|
case '1':
|
||||||
|
case '2':
|
||||||
|
case '3':
|
||||||
|
case '4':
|
||||||
|
case '5':
|
||||||
|
case '6':
|
||||||
|
case '7':
|
||||||
|
case '8':
|
||||||
|
case '9':
|
||||||
|
if (digit_optind != 0 && digit_optind != this_option_optind)
|
||||||
|
printf ("digits occur in two different argv-elements.\n");
|
||||||
|
digit_optind = this_option_optind;
|
||||||
|
printf ("option %c\n", c);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'a':
|
||||||
|
printf ("option a\n");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'b':
|
||||||
|
printf ("option b\n");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'c':
|
||||||
|
printf ("option c with value `%s'\n", optarg);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'd':
|
||||||
|
printf ("option d with value `%s'\n", optarg);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case '?':
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
printf ("?? getopt returned character code 0%o ??\n", c);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (optind < argc)
|
||||||
|
{
|
||||||
|
printf ("non-option ARGV-elements: ");
|
||||||
|
while (optind < argc)
|
||||||
|
printf ("%s ", argv[optind++]);
|
||||||
|
printf ("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
exit (0);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* TEST */
|
109
win32/n2n_win32.h
Normal file
109
win32/n2n_win32.h
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
/*
|
||||||
|
|
||||||
|
(C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _N2N_WIN32_H_
|
||||||
|
#define _N2N_WIN32_H_
|
||||||
|
|
||||||
|
#ifndef _CRT_SECURE_NO_WARNINGS
|
||||||
|
#define _CRT_SECURE_NO_WARNINGS
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(__MINGW32__)
|
||||||
|
/* should be defined here and before winsock gets included */
|
||||||
|
#define _WIN32_WINNT 0x501 //Otherwise the linker doesnt find getaddrinfo
|
||||||
|
#include <inttypes.h>
|
||||||
|
#endif /* #if defined(__MINGW32__) */
|
||||||
|
|
||||||
|
#include <winsock2.h>
|
||||||
|
#include <windows.h>
|
||||||
|
#include <winioctl.h>
|
||||||
|
|
||||||
|
|
||||||
|
#include "wintap.h"
|
||||||
|
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
#include "getopt.h"
|
||||||
|
|
||||||
|
/* Other Win environments are expected to support stdint.h */
|
||||||
|
|
||||||
|
/* stdint.h typedefs (C99) (not present in Visual Studio) */
|
||||||
|
typedef unsigned int uint32_t;
|
||||||
|
typedef unsigned short uint16_t;
|
||||||
|
typedef unsigned char uint8_t;
|
||||||
|
|
||||||
|
/* sys/types.h typedefs (not present in Visual Studio) */
|
||||||
|
typedef unsigned int u_int32_t;
|
||||||
|
typedef unsigned short u_int16_t;
|
||||||
|
typedef unsigned char u_int8_t;
|
||||||
|
|
||||||
|
typedef int ssize_t;
|
||||||
|
#endif /* #ifdef _MSC_VER */
|
||||||
|
|
||||||
|
typedef unsigned long in_addr_t;
|
||||||
|
|
||||||
|
|
||||||
|
#define EAFNOSUPPORT WSAEAFNOSUPPORT
|
||||||
|
#define MAX(a,b) (a > b ? a : b)
|
||||||
|
#define MIN(a,b) (a < b ? a : b)
|
||||||
|
|
||||||
|
#define snprintf _snprintf
|
||||||
|
#define strdup _strdup
|
||||||
|
|
||||||
|
#define socklen_t int
|
||||||
|
|
||||||
|
#define ETH_ADDR_LEN 6
|
||||||
|
/*
|
||||||
|
* Structure of a 10Mb/s Ethernet header.
|
||||||
|
*/
|
||||||
|
struct ether_hdr
|
||||||
|
{
|
||||||
|
uint8_t dhost[ETH_ADDR_LEN];
|
||||||
|
uint8_t shost[ETH_ADDR_LEN];
|
||||||
|
uint16_t type; /* higher layer protocol encapsulated */
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct ether_hdr ether_hdr_t;
|
||||||
|
|
||||||
|
/* ************************************* */
|
||||||
|
|
||||||
|
struct ip {
|
||||||
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||||
|
u_char ip_hl:4, /* header length */
|
||||||
|
ip_v:4; /* version */
|
||||||
|
#else
|
||||||
|
u_char ip_v:4, /* version */
|
||||||
|
ip_hl:4; /* header length */
|
||||||
|
#endif
|
||||||
|
u_char ip_tos; /* type of service */
|
||||||
|
short ip_len; /* total length */
|
||||||
|
u_short ip_id; /* identification */
|
||||||
|
short ip_off; /* fragment offset field */
|
||||||
|
#define IP_DF 0x4000 /* dont fragment flag */
|
||||||
|
#define IP_MF 0x2000 /* more fragments flag */
|
||||||
|
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
|
||||||
|
u_char ip_ttl; /* time to live */
|
||||||
|
u_char ip_p; /* protocol */
|
||||||
|
u_short ip_sum; /* checksum */
|
||||||
|
struct in_addr ip_src,ip_dst; /* source and dest address */
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/* ************************************* */
|
||||||
|
|
||||||
|
typedef struct tuntap_dev {
|
||||||
|
HANDLE device_handle;
|
||||||
|
char *device_name;
|
||||||
|
char *ifName;
|
||||||
|
OVERLAPPED overlap_read, overlap_write;
|
||||||
|
uint8_t mac_addr[6];
|
||||||
|
uint32_t ip_addr, device_mask;
|
||||||
|
unsigned int mtu;
|
||||||
|
} tuntap_dev;
|
||||||
|
|
||||||
|
#define index(a, b) strchr(a, b)
|
||||||
|
|
||||||
|
|
||||||
|
#endif
|
3
win32/version-msvc.c
Normal file
3
win32/version-msvc.c
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
const char * n2n_sw_version = "2.0.0";
|
||||||
|
const char * n2n_sw_osName = "Win32";
|
||||||
|
const char * n2n_sw_buildDate = __DATE__ " " __TIME__;
|
310
win32/wintap.c
Normal file
310
win32/wintap.c
Normal file
|
@ -0,0 +1,310 @@
|
||||||
|
/*
|
||||||
|
(C) 2007-09 - Luca Deri <deri@ntop.org>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "../n2n.h"
|
||||||
|
#include "n2n_win32.h"
|
||||||
|
|
||||||
|
/* 1500 bytes payload + 14 bytes ethernet header + 4 bytes VLAN tag */
|
||||||
|
#define MTU 1518
|
||||||
|
|
||||||
|
void initWin32() {
|
||||||
|
WSADATA wsaData;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
err = WSAStartup(MAKEWORD(2, 2), &wsaData );
|
||||||
|
if( err != 0 ) {
|
||||||
|
/* Tell the user that we could not find a usable */
|
||||||
|
/* WinSock DLL. */
|
||||||
|
printf("FATAL ERROR: unable to initialise Winsock 2.x.");
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int open_wintap(struct tuntap_dev *device,
|
||||||
|
const char * address_mode, /* "static" or "dhcp" */
|
||||||
|
char *device_ip,
|
||||||
|
char *device_mask,
|
||||||
|
const char *device_mac,
|
||||||
|
int mtu) {
|
||||||
|
HKEY key, key2;
|
||||||
|
LONG rc;
|
||||||
|
char regpath[1024], cmd[256];
|
||||||
|
char adapterid[1024];
|
||||||
|
char adaptername[1024];
|
||||||
|
char tapname[1024];
|
||||||
|
long len;
|
||||||
|
int found = 0;
|
||||||
|
int err, i;
|
||||||
|
ULONG status = TRUE;
|
||||||
|
|
||||||
|
memset(device, 0, sizeof(struct tuntap_dev));
|
||||||
|
device->device_handle = INVALID_HANDLE_VALUE;
|
||||||
|
device->device_name = NULL;
|
||||||
|
device->ifName = NULL;
|
||||||
|
device->ip_addr = inet_addr(device_ip);
|
||||||
|
|
||||||
|
/* Open registry and look for network adapters */
|
||||||
|
if((rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &key))) {
|
||||||
|
printf("Unable to read registry: [rc=%d]\n", rc);
|
||||||
|
exit(-1);
|
||||||
|
/* MSVC Note: If you keep getting rc=2 errors, make sure you set:
|
||||||
|
Project -> Properties -> Configuration Properties -> General -> Character set
|
||||||
|
to: "Use Multi-Byte Character Set"
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; ; i++) {
|
||||||
|
len = sizeof(adapterid);
|
||||||
|
if(RegEnumKeyEx(key, i, (LPTSTR)adapterid, &len, 0, 0, 0, NULL))
|
||||||
|
break;
|
||||||
|
|
||||||
|
/* Find out more about this adapter */
|
||||||
|
|
||||||
|
_snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", NETWORK_CONNECTIONS_KEY, adapterid);
|
||||||
|
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, (LPCSTR)regpath, 0, KEY_READ, &key2))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
len = sizeof(adaptername);
|
||||||
|
err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len);
|
||||||
|
|
||||||
|
RegCloseKey(key2);
|
||||||
|
|
||||||
|
if(err)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if(device->device_name) {
|
||||||
|
if(!strcmp(device->device_name, adapterid)) {
|
||||||
|
found = 1;
|
||||||
|
break;
|
||||||
|
} else
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device->ifName) {
|
||||||
|
if(!strcmp(device->ifName, adaptername)) {
|
||||||
|
found = 1;
|
||||||
|
break;
|
||||||
|
} else
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
_snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid);
|
||||||
|
device->device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ,
|
||||||
|
0, /* Don't let other processes share or open
|
||||||
|
the resource until the handle's been closed */
|
||||||
|
0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0);
|
||||||
|
if(device->device_handle != INVALID_HANDLE_VALUE) {
|
||||||
|
found = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
RegCloseKey(key);
|
||||||
|
|
||||||
|
if(!found) {
|
||||||
|
printf("No Windows tap device found!\n");
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ************************************** */
|
||||||
|
|
||||||
|
if(!device->device_name)
|
||||||
|
device->device_name = _strdup(adapterid);
|
||||||
|
|
||||||
|
if(!device->ifName)
|
||||||
|
device->ifName = _strdup(adaptername);
|
||||||
|
|
||||||
|
/* Try to open the corresponding tap device->device_name */
|
||||||
|
|
||||||
|
if(device->device_handle == INVALID_HANDLE_VALUE) {
|
||||||
|
_snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device->device_name);
|
||||||
|
device->device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0,
|
||||||
|
OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(device->device_handle == INVALID_HANDLE_VALUE) {
|
||||||
|
printf("%s (%s) is not a usable Windows tap device\n", device->device_name, device->ifName);
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get MAC address from tap device->device_name */
|
||||||
|
|
||||||
|
if(!DeviceIoControl(device->device_handle, TAP_IOCTL_GET_MAC,
|
||||||
|
device->mac_addr, sizeof(device->mac_addr),
|
||||||
|
device->mac_addr, sizeof(device->mac_addr), &len, 0)) {
|
||||||
|
printf("Could not get MAC address from Windows tap %s (%s)\n",
|
||||||
|
device->device_name, device->ifName);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
device->mtu = mtu;
|
||||||
|
|
||||||
|
printf("Open device [name=%s][ip=%s][ifName=%s][MTU=%d][mac=%02X:%02X:%02X:%02X:%02X:%02X]\n",
|
||||||
|
device->device_name, device_ip, device->ifName, device->mtu,
|
||||||
|
device->mac_addr[0] & 0xFF,
|
||||||
|
device->mac_addr[1] & 0xFF,
|
||||||
|
device->mac_addr[2] & 0xFF,
|
||||||
|
device->mac_addr[3] & 0xFF,
|
||||||
|
device->mac_addr[4] & 0xFF,
|
||||||
|
device->mac_addr[5] & 0xFF);
|
||||||
|
|
||||||
|
/* ****************** */
|
||||||
|
|
||||||
|
printf("Setting %s device address...\n", device->ifName);
|
||||||
|
|
||||||
|
if ( 0 == strcmp("dhcp", address_mode) )
|
||||||
|
{
|
||||||
|
_snprintf(cmd, sizeof(cmd),
|
||||||
|
"netsh interface ip set address \"%s\" dhcp",
|
||||||
|
device->ifName);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
_snprintf(cmd, sizeof(cmd),
|
||||||
|
"netsh interface ip set address \"%s\" static %s %s",
|
||||||
|
device->ifName, device_ip, device_mask);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(system(cmd) == 0) {
|
||||||
|
device->ip_addr = inet_addr(device_ip);
|
||||||
|
device->device_mask = inet_addr(device_mask);
|
||||||
|
printf("Device %s set to %s/%s\n",
|
||||||
|
device->ifName, device_ip, device_mask);
|
||||||
|
} else
|
||||||
|
printf("WARNING: Unable to set device %s IP address [%s]\n",
|
||||||
|
device->ifName, cmd);
|
||||||
|
|
||||||
|
/* ****************** */
|
||||||
|
|
||||||
|
if(device->mtu != DEFAULT_MTU)
|
||||||
|
printf("WARNING: MTU set is not supported on Windows\n");
|
||||||
|
|
||||||
|
/* set driver media status to 'connected' (i.e. set the interface up) */
|
||||||
|
if (!DeviceIoControl (device->device_handle, TAP_IOCTL_SET_MEDIA_STATUS,
|
||||||
|
&status, sizeof (status),
|
||||||
|
&status, sizeof (status), &len, NULL))
|
||||||
|
printf("WARNING: Unable to enable TAP adapter\n");
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Initialize overlapped structures
|
||||||
|
*/
|
||||||
|
device->overlap_read.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
|
||||||
|
device->overlap_write.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
|
||||||
|
if (!device->overlap_read.hEvent || !device->overlap_write.hEvent) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ************************************************ */
|
||||||
|
|
||||||
|
int tuntap_read(struct tuntap_dev *tuntap, unsigned char *buf, int len)
|
||||||
|
{
|
||||||
|
DWORD read_size, last_err;
|
||||||
|
|
||||||
|
ResetEvent(tuntap->overlap_read.hEvent);
|
||||||
|
if (ReadFile(tuntap->device_handle, buf, len, &read_size, &tuntap->overlap_read)) {
|
||||||
|
//printf("tun_read(len=%d)\n", read_size);
|
||||||
|
return read_size;
|
||||||
|
}
|
||||||
|
switch (last_err = GetLastError()) {
|
||||||
|
case ERROR_IO_PENDING:
|
||||||
|
WaitForSingleObject(tuntap->overlap_read.hEvent, INFINITE);
|
||||||
|
GetOverlappedResult(tuntap->device_handle, &tuntap->overlap_read, &read_size, FALSE);
|
||||||
|
return read_size;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
printf("GetLastError() returned %d\n", last_err);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
/* ************************************************ */
|
||||||
|
|
||||||
|
int tuntap_write(struct tuntap_dev *tuntap, unsigned char *buf, int len)
|
||||||
|
{
|
||||||
|
DWORD write_size;
|
||||||
|
|
||||||
|
//printf("tun_write(len=%d)\n", len);
|
||||||
|
|
||||||
|
ResetEvent(tuntap->overlap_write.hEvent);
|
||||||
|
if (WriteFile(tuntap->device_handle,
|
||||||
|
buf,
|
||||||
|
len,
|
||||||
|
&write_size,
|
||||||
|
&tuntap->overlap_write)) {
|
||||||
|
//printf("DONE tun_write(len=%d)\n", write_size);
|
||||||
|
return write_size;
|
||||||
|
}
|
||||||
|
switch (GetLastError()) {
|
||||||
|
case ERROR_IO_PENDING:
|
||||||
|
WaitForSingleObject(tuntap->overlap_write.hEvent, INFINITE);
|
||||||
|
GetOverlappedResult(tuntap->device_handle, &tuntap->overlap_write,
|
||||||
|
&write_size, FALSE);
|
||||||
|
return write_size;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ************************************************ */
|
||||||
|
|
||||||
|
int tuntap_open(struct tuntap_dev *device,
|
||||||
|
char *dev,
|
||||||
|
const char *address_mode, /* static or dhcp */
|
||||||
|
char *device_ip,
|
||||||
|
char *device_mask,
|
||||||
|
const char * device_mac,
|
||||||
|
int mtu) {
|
||||||
|
return(open_wintap(device, address_mode, device_ip, device_mask, device_mac, mtu));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ************************************************ */
|
||||||
|
|
||||||
|
void tuntap_close(struct tuntap_dev *tuntap) {
|
||||||
|
CloseHandle(tuntap->device_handle);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill out the ip_addr value from the interface. Called to pick up dynamic
|
||||||
|
* address changes. */
|
||||||
|
void tuntap_get_address(struct tuntap_dev *tuntap)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ************************************************ */
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
int main(int argc, char* argv[]) {
|
||||||
|
struct tuntap_dev tuntap;
|
||||||
|
int i;
|
||||||
|
int mtu = 1400;
|
||||||
|
|
||||||
|
printf("Welcome to n2n\n");
|
||||||
|
initWin32();
|
||||||
|
open_wintap(&tuntap, "static", "1.2.3.20", "255.255.255.0", mtu);
|
||||||
|
|
||||||
|
for(i=0; i<10; i++) {
|
||||||
|
u_char buf[MTU];
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
rc = tun_read(&tuntap, buf, sizeof(buf));
|
||||||
|
buf[0]=2;
|
||||||
|
buf[1]=3;
|
||||||
|
buf[2]=4;
|
||||||
|
|
||||||
|
printf("tun_read returned %d\n", rc);
|
||||||
|
rc = tun_write(&tuntap, buf, rc);
|
||||||
|
printf("tun_write returned %d\n", rc);
|
||||||
|
}
|
||||||
|
// rc = tun_open (device->device_name, IF_MODE_TUN);
|
||||||
|
WSACleanup ();
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
67
win32/wintap.h
Normal file
67
win32/wintap.h
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
/*
|
||||||
|
(C) 2007 - Luca Deri <deri@ntop.org>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _WINTAP_H_
|
||||||
|
#define _WINTAP_H_
|
||||||
|
|
||||||
|
#undef UNICODE
|
||||||
|
#undef _UNICODE
|
||||||
|
#define _CRT_SECURE_NO_WARNINGS
|
||||||
|
|
||||||
|
#include <ws2tcpip.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
//===============================================
|
||||||
|
// This file is included both by OpenVPN and
|
||||||
|
// the TAP-Win32 driver and contains definitions
|
||||||
|
// common to both.
|
||||||
|
//===============================================
|
||||||
|
|
||||||
|
//=============
|
||||||
|
// TAP IOCTLs
|
||||||
|
//=============
|
||||||
|
|
||||||
|
#define TAP_CONTROL_CODE(request,method) \
|
||||||
|
CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS)
|
||||||
|
|
||||||
|
#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE (1, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_GET_VERSION TAP_CONTROL_CODE (2, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_GET_MTU TAP_CONTROL_CODE (3, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_GET_INFO TAP_CONTROL_CODE (4, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_CONFIG_POINT_TO_POINT TAP_CONTROL_CODE (5, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_SET_MEDIA_STATUS TAP_CONTROL_CODE (6, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_CONFIG_DHCP_MASQ TAP_CONTROL_CODE (7, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_GET_LOG_LINE TAP_CONTROL_CODE (8, METHOD_BUFFERED)
|
||||||
|
#define TAP_IOCTL_CONFIG_DHCP_SET_OPT TAP_CONTROL_CODE (9, METHOD_BUFFERED)
|
||||||
|
|
||||||
|
//=================
|
||||||
|
// Registry keys
|
||||||
|
//=================
|
||||||
|
|
||||||
|
#define ADAPTER_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
|
||||||
|
#define NETWORK_CONNECTIONS_KEY "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
|
||||||
|
|
||||||
|
//======================
|
||||||
|
// Filesystem prefixes
|
||||||
|
//======================
|
||||||
|
|
||||||
|
#define USERMODEDEVICEDIR "\\\\.\\Global\\"
|
||||||
|
#define SYSDEVICEDIR "\\Device\\"
|
||||||
|
#define USERDEVICEDIR "\\DosDevices\\Global\\"
|
||||||
|
#define TAPSUFFIX ".tap"
|
||||||
|
|
||||||
|
//=========================================================
|
||||||
|
// TAP_COMPONENT_ID -- This string defines the TAP driver
|
||||||
|
// type -- different component IDs can reside in the system
|
||||||
|
// simultaneously.
|
||||||
|
//=========================================================
|
||||||
|
|
||||||
|
#define TAP_COMPONENT_ID "tap0801"
|
||||||
|
|
||||||
|
extern void initWin32();
|
||||||
|
|
||||||
|
#endif
|
461
wire.c
Normal file
461
wire.c
Normal file
|
@ -0,0 +1,461 @@
|
||||||
|
/* (c) 2009 Richard Andrews <andrews@ntop.org> */
|
||||||
|
|
||||||
|
/** Routines for encoding and decoding n2n packets on the wire.
|
||||||
|
*
|
||||||
|
* encode_X(base,idx,v) prototypes are inspired by the erlang internal
|
||||||
|
* encoding model. Passing the start of a buffer in base and a pointer to an
|
||||||
|
* integer (initially set to zero). Each encode routine increases idx by the
|
||||||
|
* amount written and returns the amount written. In this way complex sequences
|
||||||
|
* of encodings can be represented cleanly. See encode_register() for an
|
||||||
|
* example.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "n2n_wire.h"
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
int encode_uint8( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const uint8_t v )
|
||||||
|
{
|
||||||
|
*(base + (*idx)) = (v & 0xff);
|
||||||
|
++(*idx);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_uint8( uint8_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
if (*rem < 1 ) { return 0; }
|
||||||
|
|
||||||
|
*out = ( base[*idx] & 0xff );
|
||||||
|
++(*idx);
|
||||||
|
--(*rem);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_uint16( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const uint16_t v )
|
||||||
|
{
|
||||||
|
*(base + (*idx)) = ( v >> 8) & 0xff;
|
||||||
|
*(base + (1 + *idx)) = ( v & 0xff );
|
||||||
|
*idx += 2;
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_uint16( uint16_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
if (*rem < 2 ) { return 0; }
|
||||||
|
|
||||||
|
*out = ( base[*idx] & 0xff ) << 8;
|
||||||
|
*out |= ( base[1 + *idx] & 0xff );
|
||||||
|
*idx += 2;
|
||||||
|
*rem -= 2;
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_uint32( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const uint32_t v )
|
||||||
|
{
|
||||||
|
*(base + (0 + *idx)) = ( v >> 24) & 0xff;
|
||||||
|
*(base + (1 + *idx)) = ( v >> 16) & 0xff;
|
||||||
|
*(base + (2 + *idx)) = ( v >> 8) & 0xff;
|
||||||
|
*(base + (3 + *idx)) = ( v & 0xff );
|
||||||
|
*idx += 4;
|
||||||
|
return 4;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_uint32( uint32_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
if (*rem < 4 ) { return 0; }
|
||||||
|
|
||||||
|
*out = ( base[0 + *idx] & 0xff ) << 24;
|
||||||
|
*out |= ( base[1 + *idx] & 0xff ) << 16;
|
||||||
|
*out |= ( base[2 + *idx] & 0xff ) << 8;
|
||||||
|
*out |= ( base[3 + *idx] & 0xff );
|
||||||
|
*idx += 4;
|
||||||
|
*rem -= 4;
|
||||||
|
return 4;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_buf( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const void * p,
|
||||||
|
size_t s)
|
||||||
|
{
|
||||||
|
memcpy( (base + (*idx)), p, s );
|
||||||
|
*idx += s;
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Copy from base to out of size bufsize */
|
||||||
|
int decode_buf( uint8_t * out,
|
||||||
|
size_t bufsize,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
if (*rem < bufsize ) { return 0; }
|
||||||
|
|
||||||
|
memcpy( out, (base + *idx), bufsize );
|
||||||
|
*idx += bufsize;
|
||||||
|
*rem -= bufsize;
|
||||||
|
return bufsize;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
int encode_mac( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_mac_t m )
|
||||||
|
{
|
||||||
|
return encode_buf( base, idx, m, N2N_MAC_SIZE );
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_mac( uint8_t * out, /* of size N2N_MAC_SIZE. This clearer than passing a n2n_mac_t */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
return decode_buf( out, N2N_MAC_SIZE, base, rem, idx );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
int encode_common( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common )
|
||||||
|
{
|
||||||
|
uint16_t flags=0;
|
||||||
|
encode_uint8( base, idx, N2N_PKT_VERSION );
|
||||||
|
encode_uint8( base, idx, common->ttl );
|
||||||
|
|
||||||
|
flags = common->pc & N2N_FLAGS_TYPE_MASK;
|
||||||
|
flags |= common->flags & N2N_FLAGS_BITS_MASK;
|
||||||
|
|
||||||
|
encode_uint16( base, idx, flags );
|
||||||
|
encode_buf( base, idx, common->community, N2N_COMMUNITY_SIZE );
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_common( n2n_common_t * out,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t idx0=*idx;
|
||||||
|
uint8_t dummy=0;
|
||||||
|
decode_uint8( &dummy, base, rem, idx );
|
||||||
|
|
||||||
|
if ( N2N_PKT_VERSION != dummy )
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
decode_uint8( &(out->ttl), base, rem, idx );
|
||||||
|
decode_uint16( &(out->flags), base, rem, idx );
|
||||||
|
out->pc = ( out->flags & N2N_FLAGS_TYPE_MASK );
|
||||||
|
out->flags &= N2N_FLAGS_BITS_MASK;
|
||||||
|
|
||||||
|
decode_buf( out->community, N2N_COMMUNITY_SIZE, base, rem, idx );
|
||||||
|
|
||||||
|
return (*idx - idx0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int encode_sock( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_sock_t * sock )
|
||||||
|
{
|
||||||
|
int retval=0;
|
||||||
|
uint16_t f;
|
||||||
|
|
||||||
|
switch (sock->family)
|
||||||
|
{
|
||||||
|
case AF_INET:
|
||||||
|
{
|
||||||
|
f = 0;
|
||||||
|
retval += encode_uint16(base,idx,f);
|
||||||
|
retval += encode_uint16(base,idx,sock->port);
|
||||||
|
retval += encode_buf(base,idx,sock->addr.v4,IPV4_SIZE);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case AF_INET6:
|
||||||
|
{
|
||||||
|
f = 0x8000;
|
||||||
|
retval += encode_uint16(base,idx,f);
|
||||||
|
retval += encode_uint16(base,idx,sock->port);
|
||||||
|
retval += encode_buf(base,idx,sock->addr.v6,IPV6_SIZE);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
retval=-1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int decode_sock( n2n_sock_t * sock,
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t * idx0=idx;
|
||||||
|
uint16_t f;
|
||||||
|
|
||||||
|
decode_uint16( &f, base, rem, idx );
|
||||||
|
|
||||||
|
if( f & 0x8000 )
|
||||||
|
{
|
||||||
|
/* IPv6 */
|
||||||
|
sock->family = AF_INET6;
|
||||||
|
decode_uint16( &(sock->port), base, rem, idx );
|
||||||
|
decode_buf( sock->addr.v6, IPV6_SIZE, base, rem, idx );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* IPv4 */
|
||||||
|
sock->family = AF_INET;
|
||||||
|
decode_uint16( &(sock->port), base, rem, idx );
|
||||||
|
memset( sock->addr.v6, 0, IPV6_SIZE ); /* so memcmp() works for equality. */
|
||||||
|
decode_buf( sock->addr.v4, IPV4_SIZE, base, rem, idx );
|
||||||
|
}
|
||||||
|
|
||||||
|
return (idx-idx0);
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_REGISTER( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_t * reg )
|
||||||
|
{
|
||||||
|
int retval=0;
|
||||||
|
retval += encode_common( base, idx, common );
|
||||||
|
retval += encode_buf( base, idx, reg->cookie, N2N_COOKIE_SIZE );
|
||||||
|
retval += encode_mac( base, idx, reg->srcMac );
|
||||||
|
retval += encode_mac( base, idx, reg->dstMac );
|
||||||
|
if ( 0 != reg->sock.family )
|
||||||
|
{
|
||||||
|
retval += encode_sock( base, idx, &(reg->sock) );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_REGISTER( n2n_REGISTER_t * reg,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t retval=0;
|
||||||
|
memset( reg, 0, sizeof(n2n_REGISTER_t) );
|
||||||
|
retval += decode_buf( reg->cookie, N2N_COOKIE_SIZE, base, rem, idx );
|
||||||
|
retval += decode_mac( reg->srcMac, base, rem, idx );
|
||||||
|
retval += decode_mac( reg->dstMac, base, rem, idx );
|
||||||
|
|
||||||
|
if ( cmn->flags & N2N_FLAGS_SOCKET )
|
||||||
|
{
|
||||||
|
retval += decode_sock( &(reg->sock), base, rem, idx );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_REGISTER_SUPER( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_SUPER_t * reg )
|
||||||
|
{
|
||||||
|
int retval=0;
|
||||||
|
retval += encode_common( base, idx, common );
|
||||||
|
retval += encode_buf( base, idx, reg->cookie, N2N_COOKIE_SIZE );
|
||||||
|
retval += encode_mac( base, idx, reg->edgeMac );
|
||||||
|
retval += encode_uint16( base, idx, 0 ); /* NULL auth scheme */
|
||||||
|
retval += encode_uint16( base, idx, 0 ); /* No auth data */
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_REGISTER_SUPER( n2n_REGISTER_SUPER_t * reg,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t retval=0;
|
||||||
|
memset( reg, 0, sizeof(n2n_REGISTER_SUPER_t) );
|
||||||
|
retval += decode_buf( reg->cookie, N2N_COOKIE_SIZE, base, rem, idx );
|
||||||
|
retval += decode_mac( reg->edgeMac, base, rem, idx );
|
||||||
|
retval += decode_uint16( &(reg->auth.scheme), base, rem, idx );
|
||||||
|
retval += decode_uint16( &(reg->auth.toksize), base, rem, idx );
|
||||||
|
retval += decode_buf( reg->auth.token, reg->auth.toksize, base, rem, idx );
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_REGISTER_ACK( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_ACK_t * reg )
|
||||||
|
{
|
||||||
|
int retval=0;
|
||||||
|
retval += encode_common( base, idx, common );
|
||||||
|
retval += encode_buf( base, idx, reg->cookie, N2N_COOKIE_SIZE );
|
||||||
|
retval += encode_mac( base, idx, reg->dstMac );
|
||||||
|
retval += encode_mac( base, idx, reg->srcMac );
|
||||||
|
|
||||||
|
/* The socket in REGISTER_ACK is the socket from which the REGISTER
|
||||||
|
* arrived. This is sent back to the sender so it knows what its public
|
||||||
|
* socket is. */
|
||||||
|
if ( 0 != reg->sock.family )
|
||||||
|
{
|
||||||
|
retval += encode_sock( base, idx, &(reg->sock) );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_REGISTER_ACK( n2n_REGISTER_ACK_t * reg,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t retval=0;
|
||||||
|
memset( reg, 0, sizeof(n2n_REGISTER_ACK_t) );
|
||||||
|
retval += decode_buf( reg->cookie, N2N_COOKIE_SIZE, base, rem, idx );
|
||||||
|
retval += decode_mac( reg->dstMac, base, rem, idx );
|
||||||
|
retval += decode_mac( reg->srcMac, base, rem, idx );
|
||||||
|
|
||||||
|
/* The socket in REGISTER_ACK is the socket from which the REGISTER
|
||||||
|
* arrived. This is sent back to the sender so it knows what its public
|
||||||
|
* socket is. */
|
||||||
|
if ( cmn->flags & N2N_FLAGS_SOCKET )
|
||||||
|
{
|
||||||
|
retval += decode_sock( &(reg->sock), base, rem, idx );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encode_REGISTER_SUPER_ACK( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_REGISTER_SUPER_ACK_t * reg )
|
||||||
|
{
|
||||||
|
int retval=0;
|
||||||
|
retval += encode_common( base, idx, common );
|
||||||
|
retval += encode_buf( base, idx, reg->cookie, N2N_COOKIE_SIZE );
|
||||||
|
retval += encode_mac( base, idx, reg->edgeMac );
|
||||||
|
retval += encode_uint16( base, idx, reg->lifetime );
|
||||||
|
retval += encode_sock( base, idx, &(reg->sock) );
|
||||||
|
retval += encode_uint8( base, idx, reg->num_sn );
|
||||||
|
if ( reg->num_sn > 0 )
|
||||||
|
{
|
||||||
|
/* We only support 0 or 1 at this stage */
|
||||||
|
retval += encode_sock( base, idx, &(reg->sn_bak) );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decode_REGISTER_SUPER_ACK( n2n_REGISTER_SUPER_ACK_t * reg,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t retval=0;
|
||||||
|
|
||||||
|
memset( reg, 0, sizeof(n2n_REGISTER_SUPER_ACK_t) );
|
||||||
|
retval += decode_buf( reg->cookie, N2N_COOKIE_SIZE, base, rem, idx );
|
||||||
|
retval += decode_mac( reg->edgeMac, base, rem, idx );
|
||||||
|
retval += decode_uint16( &(reg->lifetime), base, rem, idx );
|
||||||
|
|
||||||
|
/* Socket is mandatory in this message type */
|
||||||
|
retval += decode_sock( &(reg->sock), base, rem, idx );
|
||||||
|
|
||||||
|
/* Following the edge socket are an array of backup supernodes. */
|
||||||
|
retval += decode_uint8( &(reg->num_sn), base, rem, idx );
|
||||||
|
if ( reg->num_sn > 0 )
|
||||||
|
{
|
||||||
|
/* We only support 0 or 1 at this stage */
|
||||||
|
retval += decode_sock( &(reg->sn_bak), base, rem, idx );
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
int fill_sockaddr( struct sockaddr * addr,
|
||||||
|
size_t addrlen,
|
||||||
|
const n2n_sock_t * sock )
|
||||||
|
{
|
||||||
|
int retval=-1;
|
||||||
|
|
||||||
|
if ( AF_INET == sock->family )
|
||||||
|
{
|
||||||
|
if ( addrlen >= sizeof(struct sockaddr_in) )
|
||||||
|
{
|
||||||
|
struct sockaddr_in * si = (struct sockaddr_in *)addr;
|
||||||
|
si->sin_family = sock->family;
|
||||||
|
si->sin_port = htons( sock->port );
|
||||||
|
memcpy( &(si->sin_addr.s_addr), sock->addr.v4, IPV4_SIZE );
|
||||||
|
retval=0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int encode_PACKET( uint8_t * base,
|
||||||
|
size_t * idx,
|
||||||
|
const n2n_common_t * common,
|
||||||
|
const n2n_PACKET_t * pkt )
|
||||||
|
{
|
||||||
|
int retval=0;
|
||||||
|
retval += encode_common( base, idx, common );
|
||||||
|
retval += encode_mac( base, idx, pkt->srcMac );
|
||||||
|
retval += encode_mac( base, idx, pkt->dstMac );
|
||||||
|
if ( 0 != pkt->sock.family )
|
||||||
|
{
|
||||||
|
retval += encode_sock( base, idx, &(pkt->sock) );
|
||||||
|
}
|
||||||
|
retval += encode_uint16( base, idx, pkt->transform );
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int decode_PACKET( n2n_PACKET_t * pkt,
|
||||||
|
const n2n_common_t * cmn, /* info on how to interpret it */
|
||||||
|
const uint8_t * base,
|
||||||
|
size_t * rem,
|
||||||
|
size_t * idx )
|
||||||
|
{
|
||||||
|
size_t retval=0;
|
||||||
|
memset( pkt, 0, sizeof(n2n_PACKET_t) );
|
||||||
|
retval += decode_mac( pkt->srcMac, base, rem, idx );
|
||||||
|
retval += decode_mac( pkt->dstMac, base, rem, idx );
|
||||||
|
|
||||||
|
if ( cmn->flags & N2N_FLAGS_SOCKET )
|
||||||
|
{
|
||||||
|
retval += decode_sock( &(pkt->sock), base, rem, idx );
|
||||||
|
}
|
||||||
|
|
||||||
|
retval += decode_uint16( &(pkt->transform), base, rem, idx );
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user