mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
Compilation fixes
This commit is contained in:
parent
597c5be4b0
commit
b8fcf09177
|
@ -109,7 +109,8 @@ When encryption is enabled, the supernode will not be able to decrypt the traffi
|
||||||
two edge nodes, but it will know that edge A is talking with edge B.
|
two edge nodes, but it will know that edge A is talking with edge B.
|
||||||
|
|
||||||
Recently AES encryption support has been implemented, which increases both security and performance,
|
Recently AES encryption support has been implemented, which increases both security and performance,
|
||||||
so it is recommended to enable it on all the edge nodes by specifying the `-A` option.
|
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible
|
||||||
|
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4
|
||||||
|
|
||||||
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
||||||
|
|
||||||
|
|
87
edge.c
87
edge.c
|
@ -189,12 +189,12 @@ static void help() {
|
||||||
#endif
|
#endif
|
||||||
printf("-r | Enable packet forwarding through n2n community.\n");
|
printf("-r | Enable packet forwarding through n2n community.\n");
|
||||||
printf("-A1 | Disable payload encryption. Do not use with -k.\n");
|
printf("-A1 | Disable payload encryption. Do not use with -k.\n");
|
||||||
printf("-A2 | Use Twofish for payload encryption (default). Requires a key.\n");
|
printf("-A2 | Use Twofish for payload encryption (default). Requires a key (-k).\n");
|
||||||
#ifdef N2N_HAVE_AES
|
#ifdef N2N_HAVE_AES
|
||||||
printf("-A3 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key.\n");
|
printf("-A3 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key (-k).\n");
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
printf("-A4 | Use ChaCha20 for payload encryption. Requires a key.\n");
|
printf("-A4 | Use ChaCha20 for payload encryption. Requires a key (-k).\n");
|
||||||
#endif
|
#endif
|
||||||
printf("-z | Enable lzo1x compression for outgoing data packets\n");
|
printf("-z | Enable lzo1x compression for outgoing data packets\n");
|
||||||
printf(" | (default=disabled).\n");
|
printf(" | (default=disabled).\n");
|
||||||
|
@ -220,6 +220,46 @@ static void help() {
|
||||||
|
|
||||||
/* *************************************************** */
|
/* *************************************************** */
|
||||||
|
|
||||||
|
static void setPayloadEncryption( n2n_edge_conf_t *conf, int cipher) {
|
||||||
|
/* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
|
||||||
|
* a switch-statement under conditional compilation is used to sort out the
|
||||||
|
* unsupported ciphers */
|
||||||
|
switch (cipher) {
|
||||||
|
case 1:
|
||||||
|
{
|
||||||
|
conf->transop_id = N2N_TRANSFORM_ID_NULL;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
case 2:
|
||||||
|
{
|
||||||
|
conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#ifdef N2N_HAVE_AES
|
||||||
|
case 3:
|
||||||
|
{
|
||||||
|
conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
|
case 4:
|
||||||
|
{
|
||||||
|
conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
{
|
||||||
|
conf->transop_id = N2N_TRANSFORM_ID_INVAL;
|
||||||
|
traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* *************************************************** */
|
||||||
|
|
||||||
static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_edge_conf_t *conf) {
|
static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_edge_conf_t *conf) {
|
||||||
/* traceEvent(TRACE_NORMAL, "Option %c = %s", optkey, optargument ? optargument : ""); */
|
/* traceEvent(TRACE_NORMAL, "Option %c = %s", optkey, optargument ? optargument : ""); */
|
||||||
|
|
||||||
|
@ -308,48 +348,17 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e
|
||||||
|
|
||||||
case 'A':
|
case 'A':
|
||||||
{
|
{
|
||||||
int cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only
|
int cipher;
|
||||||
|
|
||||||
if (optargument) {
|
if (optargument) {
|
||||||
cipher = atoi(optargument);
|
cipher = atoi(optargument);
|
||||||
} else {
|
} else {
|
||||||
traceEvent(TRACE_NORMAL, "the use of the solitary -A switch is deprecated and might not be supported in future versions. "
|
traceEvent(TRACE_NORMAL, "the use of the solitary -A switch is deprecated and might not be supported in future versions. "
|
||||||
"please use -A3 instead to choose a the AES-CBC cipher for payload encryption.");
|
"please use -A3 instead to choose a the AES-CBC cipher for payload encryption.");
|
||||||
|
cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only
|
||||||
}
|
}
|
||||||
/* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
|
|
||||||
* a switch-statement under conditional compilation is used to sort out the
|
setPayloadEncryption(conf, cipher);
|
||||||
* unsupported ciphers */
|
|
||||||
switch (cipher) {
|
|
||||||
case 1:
|
|
||||||
{
|
|
||||||
conf->transop_id = N2N_TRANSFORM_ID_NULL;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case 2:
|
|
||||||
{
|
|
||||||
conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#ifdef N2N_HAVE_AES
|
|
||||||
case 3:
|
|
||||||
{
|
|
||||||
conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#ifdef HAVE_OPENSSL_1_1
|
|
||||||
case 4:
|
|
||||||
{
|
|
||||||
conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
default:
|
|
||||||
{
|
|
||||||
conf->transop_id = N2N_TRANSFORM_ID_INVAL;
|
|
||||||
traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -120,9 +120,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
|
||||||
/* Generate and encode the IV. */
|
/* Generate and encode the IV. */
|
||||||
set_cc20_iv(priv, enc_ivec);
|
set_cc20_iv(priv, enc_ivec);
|
||||||
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
|
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
|
||||||
traceEvent(TRACE_DEBUG, "encode_cc20 iv=%016llx:%016llx",
|
|
||||||
htobe64(*(uint64_t*)&enc_ivec[0]),
|
|
||||||
htobe64(*(uint64_t*)&enc_ivec[8]) );
|
|
||||||
|
|
||||||
/* Encrypt the assembly contents and write the ciphertext after the iv. */
|
/* Encrypt the assembly contents and write the ciphertext after the iv. */
|
||||||
/* len is set to the length of the cipher plain text to be encrpyted
|
/* len is set to the length of the cipher plain text to be encrpyted
|
||||||
|
@ -198,9 +195,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
|
||||||
|
|
||||||
/* Get the IV */
|
/* Get the IV */
|
||||||
decode_buf((uint8_t *)&dec_ivec, N2N_CC20_IVEC_SIZE, inbuf, &rem, &idx);
|
decode_buf((uint8_t *)&dec_ivec, N2N_CC20_IVEC_SIZE, inbuf, &rem, &idx);
|
||||||
traceEvent(TRACE_DEBUG, "decode_cc20 iv=%016llx:%016llx",
|
|
||||||
htobe64(*(uint64_t*)&dec_ivec[0]),
|
|
||||||
htobe64(*(uint64_t*)&dec_ivec[8]) );
|
|
||||||
|
|
||||||
EVP_CIPHER_CTX *ctx = priv->dec_ctx;
|
EVP_CIPHER_CTX *ctx = priv->dec_ctx;
|
||||||
int evp_len;
|
int evp_len;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user