mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 00:21:11 +02:00
Compilation fixes
This commit is contained in:
parent
597c5be4b0
commit
b8fcf09177
|
@ -109,7 +109,8 @@ When encryption is enabled, the supernode will not be able to decrypt the traffi
|
|||
two edge nodes, but it will know that edge A is talking with edge B.
|
||||
|
||||
Recently AES encryption support has been implemented, which increases both security and performance,
|
||||
so it is recommended to enable it on all the edge nodes by specifying the `-A` option.
|
||||
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible
|
||||
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4
|
||||
|
||||
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
||||
|
||||
|
|
87
edge.c
87
edge.c
|
@ -189,12 +189,12 @@ static void help() {
|
|||
#endif
|
||||
printf("-r | Enable packet forwarding through n2n community.\n");
|
||||
printf("-A1 | Disable payload encryption. Do not use with -k.\n");
|
||||
printf("-A2 | Use Twofish for payload encryption (default). Requires a key.\n");
|
||||
printf("-A2 | Use Twofish for payload encryption (default). Requires a key (-k).\n");
|
||||
#ifdef N2N_HAVE_AES
|
||||
printf("-A3 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key.\n");
|
||||
printf("-A3 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key (-k).\n");
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_1_1
|
||||
printf("-A4 | Use ChaCha20 for payload encryption. Requires a key.\n");
|
||||
printf("-A4 | Use ChaCha20 for payload encryption. Requires a key (-k).\n");
|
||||
#endif
|
||||
printf("-z | Enable lzo1x compression for outgoing data packets\n");
|
||||
printf(" | (default=disabled).\n");
|
||||
|
@ -220,6 +220,46 @@ static void help() {
|
|||
|
||||
/* *************************************************** */
|
||||
|
||||
static void setPayloadEncryption( n2n_edge_conf_t *conf, int cipher) {
|
||||
/* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
|
||||
* a switch-statement under conditional compilation is used to sort out the
|
||||
* unsupported ciphers */
|
||||
switch (cipher) {
|
||||
case 1:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_NULL;
|
||||
break;
|
||||
}
|
||||
case 2:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
||||
break;
|
||||
}
|
||||
#ifdef N2N_HAVE_AES
|
||||
case 3:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_1_1
|
||||
case 4:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
default:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_INVAL;
|
||||
traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* *************************************************** */
|
||||
|
||||
static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_edge_conf_t *conf) {
|
||||
/* traceEvent(TRACE_NORMAL, "Option %c = %s", optkey, optargument ? optargument : ""); */
|
||||
|
||||
|
@ -308,48 +348,17 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e
|
|||
|
||||
case 'A':
|
||||
{
|
||||
int cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only
|
||||
int cipher;
|
||||
|
||||
if (optargument) {
|
||||
cipher = atoi(optargument);
|
||||
} else {
|
||||
traceEvent(TRACE_NORMAL, "the use of the solitary -A switch is deprecated and might not be supported in future versions. "
|
||||
"please use -A3 instead to choose a the AES-CBC cipher for payload encryption.");
|
||||
cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only
|
||||
}
|
||||
/* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
|
||||
* a switch-statement under conditional compilation is used to sort out the
|
||||
* unsupported ciphers */
|
||||
switch (cipher) {
|
||||
case 1:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_NULL;
|
||||
break;
|
||||
}
|
||||
case 2:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
||||
break;
|
||||
}
|
||||
#ifdef N2N_HAVE_AES
|
||||
case 3:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_1_1
|
||||
case 4:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
default:
|
||||
{
|
||||
conf->transop_id = N2N_TRANSFORM_ID_INVAL;
|
||||
traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
setPayloadEncryption(conf, cipher);
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -120,9 +120,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
|
|||
/* Generate and encode the IV. */
|
||||
set_cc20_iv(priv, enc_ivec);
|
||||
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
|
||||
traceEvent(TRACE_DEBUG, "encode_cc20 iv=%016llx:%016llx",
|
||||
htobe64(*(uint64_t*)&enc_ivec[0]),
|
||||
htobe64(*(uint64_t*)&enc_ivec[8]) );
|
||||
|
||||
/* Encrypt the assembly contents and write the ciphertext after the iv. */
|
||||
/* len is set to the length of the cipher plain text to be encrpyted
|
||||
|
@ -198,9 +195,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
|
|||
|
||||
/* Get the IV */
|
||||
decode_buf((uint8_t *)&dec_ivec, N2N_CC20_IVEC_SIZE, inbuf, &rem, &idx);
|
||||
traceEvent(TRACE_DEBUG, "decode_cc20 iv=%016llx:%016llx",
|
||||
htobe64(*(uint64_t*)&dec_ivec[0]),
|
||||
htobe64(*(uint64_t*)&dec_ivec[8]) );
|
||||
|
||||
EVP_CIPHER_CTX *ctx = priv->dec_ctx;
|
||||
int evp_len;
|
||||
|
|
Loading…
Reference in New Issue
Block a user