Update autotools and add missing files

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>

.gitignore

@@ -11,3 +11,5 @@ build-aux
 .deps
 .dirstamp
 glorytun
+build*
+VERSION

Makefile.am

@@ -7,7 +7,6 @@ glorytun_LDADD = $(libsodium_LIBS)
 glorytun_SOURCES = \
     src/common.h \
     src/common.c \
-    src/buffer.h \
     src/ip.h \
     src/str.h \
     src/main.c \
@@ -15,13 +14,10 @@ glorytun_SOURCES = \
     src/option.h \
     src/tun.c \
     src/tun.h \
+    src/iface.c \
+    src/iface.h \
     src/db.c \
     src/db.h \
-    src/state.c \
-    src/state.h
-
-glorytun_CFLAGS  += -I$(srcdir)/mud
-glorytun_SOURCES += \
     mud/mud.h \
     mud/mud.c
 
@@ -29,5 +25,13 @@ EXTRA_DIST = \
     LICENSE \
     README.md \
     VERSION \
+    systemd/glorytun-client.network \
+    systemd/glorytun-run \
+    systemd/glorytun-setup \
+    systemd/glorytun.network \
+    systemd/glorytun@.service.in \
+    mud/LICENSE \
+    mud/README.md \
+    meson.build \
     autogen.sh \
     version.sh

README.md

@@ -1,23 +1,53 @@
-# π₁(Glorytun)=ℤ²
+# Glorytun
 
 Small, Simple and Stupid VPN over [mud](https://github.com/angt/mud).
 
-#### Work In Progress
+### Build and Install
 
-This code will probably format your harddisk!
+Glorytun depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4.
 
-#### Build and Install
+On Ubuntu, the following command should be sufficient:
 
-Glorytun depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4
+    $ sudo apt-get install meson libsodium-dev pkg-config
-and needs an AES-NI capable CPU.
 
-To build and install the latest version:
+Grab the latest release from github:
 
-    $ git clone https://github.com/angt/glorytun --recursive --branch mud
+    $ git clone https://github.com/angt/glorytun --recursive
     $ cd glorytun
-    $ ./autogen.sh
+
-    $ ./configure
+To build and install the latest version with [meson](http://mesonbuild.com):
-    $ make
+
-    # make install
+    $ meson build
+    $ sudo ninja -C build install
+
+The more classical autotools suite is also available.
+
+### Easy setup with systemd
+
+Just call `glorytun-setup` and follow the instructions.
+
+First, setup the server:
+
+    $ sudo glorytun-setup
+    Config filename (tun0):
+    Server ip (enter for server conf):
+    Server key (enter to generate a new one):
+    Your new key: NEW_KEY
+    Start glorytun now ? (enter to skip): y
+
+Copy the new generated key and use it when configuring the client:
+
+    $ sudo glorytun-setup
+    Config filename (tun0):
+    Server ip (enter for server conf): SERVER_IP
+    Server key (enter to generate a new one): NEW_KEY
+    Start glorytun now ? (enter to skip): y
+
+You can check easily if it works by looking at your public ip.
+To stop the service:
+
+    $ sudo systemctl stop glorytun@tun0
+
+---
 
 For feature requests and bug reports, please create an [issue](https://github.com/angt/glorytun/issues).

configure.ac

@@ -8,14 +8,15 @@ AC_DEFINE_UNQUOTED([VERSION_MAJOR], [m4_esyscmd([./version.sh major])])
 AC_CONFIG_SRCDIR([src/common.h])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE([1.9 -Wall -Werror foreign tar-ustar subdir-objects])
+AM_INIT_AUTOMAKE([1.12 -Wall -Werror foreign tar-ustar subdir-objects])
 AM_DEP_TRACK
 AM_SILENT_RULES([yes])
 AM_PROG_CC_C_O
 AC_PROG_CC_C99
 AC_USE_SYSTEM_EXTENSIONS
-AC_SEARCH_LIBS([getaddrinfo], [resolv nsl])
 AC_SEARCH_LIBS([socket], [socket])
+AC_CHECK_LIB([rt], [clock_gettime])
+AC_CHECK_FUNCS([clock_gettime])
 PKG_CHECK_MODULES([libsodium], [libsodium >= 1.0.4])
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT

m4/pkg.m4

@@ -1,6 +1,6 @@
-dnl pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
+# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
-dnl serial 11 (pkg-config-0.29)
+# serial 12 (pkg-config-0.29.2)
-dnl
+
 dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
 dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
 dnl
@@ -41,7 +41,7 @@ dnl
 dnl See the "Since" comment for each macro you use to see what version
 dnl of the macros you require.
 m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29])
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
 m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
     [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
 ])dnl PKG_PREREQ
@@ -142,7 +142,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
 AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
 
 pkg_failed=no
-AC_MSG_CHECKING([for $1])
+AC_MSG_CHECKING([for $2])
 
 _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
 _PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -152,11 +152,11 @@ and $1[]_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.])
 
 if test $pkg_failed = yes; then
-   	AC_MSG_RESULT([no])
+        AC_MSG_RESULT([no])
         _PKG_SHORT_ERRORS_SUPPORTED
         if test $_pkg_short_errors_supported = yes; then
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else 
+        else
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
         fi
 	# Put the nasty error message in config.log where it belongs
@@ -173,7 +173,7 @@ installed software in a non-standard prefix.
 _PKG_TEXT])[]dnl
         ])
 elif test $pkg_failed = untried; then
-     	AC_MSG_RESULT([no])
+        AC_MSG_RESULT([no])
 	m4_default([$4], [AC_MSG_FAILURE(
 [The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full

meson.build

@@ -0,0 +1,49 @@
+project('glorytun', 'c',
+    version: run_command('./version.sh').stdout(),
+    license: 'BSD-3-Clause',
+    default_options : [ 'buildtype=debugoptimized' ]
+)
+
+prefix = get_option('prefix')
+bindir = join_paths(prefix, get_option('bindir'))
+
+conf_data = configuration_data()
+conf_data.set('prefix', prefix)
+conf_data.set('bindir', bindir)
+
+add_global_arguments('-DPACKAGE_VERSION="'+meson.project_version()+'"', language : 'c')
+
+src = [
+    'src/common.c',
+    'src/iface.c',
+    'src/option.c',
+    'src/tun.c',
+    'mud/mud.c',
+    'src/main.c'
+]
+
+deps = [
+    dependency('libsodium', version : '>=1.0.4')
+]
+
+executable('glorytun', install: true, sources: src, dependencies: deps)
+
+systemd = dependency('systemd', required: false)
+
+if systemd.found()
+  systemdutildir = systemd.get_pkgconfig_variable('systemdutildir')
+  configure_file(
+      input: 'systemd/glorytun@.service.in',
+      output: 'glorytun@.service',
+      configuration: conf_data,
+      install_dir: join_paths(systemdutildir, 'system')
+  )
+  install_data('systemd/glorytun.network',
+      install_dir: join_paths(systemdutildir, 'network'))
+  install_data('systemd/glorytun-client.network',
+      install_dir: join_paths(systemdutildir, 'network'))
+  install_data('systemd/glorytun-run',
+      install_dir: bindir)
+  install_data('systemd/glorytun-setup',
+      install_dir: bindir)
+endif

src/buffer.h

@@ -1,66 +0,0 @@
-#pragma once
-
-#include "common.h"
-
-typedef struct buffer buffer_t;
-
-struct buffer {
-    uint8_t *data;
-    uint8_t *read;
-    uint8_t *write;
-    uint8_t *end;
-};
-
-static inline void buffer_setup (buffer_t *buffer, void *data, size_t size)
-{
-    if (!data)
-        data = malloc(ALIGN(size));
-
-    buffer->data  = data;
-    buffer->read  = data;
-    buffer->write = data;
-    buffer->end   = data;
-    buffer->end  += size;
-}
-
-static inline void buffer_format (buffer_t *buffer)
-{
-    buffer->write = buffer->data;
-    buffer->read  = buffer->data;
-}
-
-_pure_
-static inline size_t buffer_size (buffer_t *buffer)
-{
-    return buffer->end-buffer->data;
-}
-
-_pure_
-static inline size_t buffer_write_size (buffer_t *buffer)
-{
-    return buffer->end-buffer->write;
-}
-
-_pure_
-static inline size_t buffer_read_size (buffer_t *buffer)
-{
-    return buffer->write-buffer->read;
-}
-
-static inline void buffer_shift (buffer_t *buffer)
-{
-    if (buffer->read==buffer->data)
-        return;
-
-    if (buffer->read==buffer->write) {
-        buffer_format(buffer);
-        return;
-    }
-
-    const size_t size = buffer_read_size(buffer);
-
-    memmove(buffer->data, buffer->read, size);
-
-    buffer->read  = buffer->data;
-    buffer->write = buffer->data+size;
-}

src/common.c

@@ -1,22 +1,24 @@
 #include "common.h"
 
-#include <stdio.h>
 #include <stdarg.h>
+#include <stdio.h>
 
-int gt_print (const char *fmt, ...)
+int
+gt_print(const char *fmt, ...)
 {
     va_list ap;
     va_start(ap, fmt);
     int ret = vfprintf(stdout, fmt, ap);
     va_end(ap);
 
-    if (ret<0)
+    if (ret < 0)
         return 0;
 
     return ret;
 }
 
-void gt_log (const char *fmt, ...)
+void
+gt_log(const char *fmt, ...)
 {
     va_list ap;
     va_start(ap, fmt);
@@ -24,34 +26,20 @@ void gt_log (const char *fmt, ...)
     va_end(ap);
 }
 
-void gt_fatal (const char *fmt, ...)
+int
+gt_tohex(char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
 {
-    va_list ap;
+    if (_0_(!dst_size))
-    va_start(ap, fmt);
-    vfprintf(stderr, fmt, ap);
-    va_end(ap);
-
-    exit(EXIT_FAILURE);
-}
-
-void gt_na (const char *name)
-{
-    gt_log("%s is not available on your platform\n", name);
-}
-
-int gt_tohex (char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
-{
-    if _0_(!dst_size)
         return -1;
 
-    if _0_(((dst_size-1)/2)<src_size)
+    if (_0_(((dst_size - 1) / 2) < src_size))
         return -1;
 
     static const char tbl[] = "0123456789ABCDEF";
 
-    for (size_t i=0; i<src_size; i++) {
+    for (size_t i = 0; i < src_size; i++) {
-        *dst++ = tbl[0xF&(src[i]>>4)];
+        *dst++ = tbl[0xF & (src[i] >> 4)];
-        *dst++ = tbl[0xF&(src[i])];
+        *dst++ = tbl[0xF & (src[i])];
     }
 
     *dst = 0;
@@ -59,37 +47,38 @@ int gt_tohex (char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
     return 0;
 }
 
-_const_
+_const_ static inline int
-static inline int fromhex (const char c)
+fromhex(const char c)
 {
-    if (c>='0' && c<='9')
+    if (c >= '0' && c <= '9')
-        return c-'0';
+        return c - '0';
 
-    if (c>='A' && c<='F')
+    if (c >= 'A' && c <= 'F')
-        return c-'A'+10;
+        return c - 'A' + 10;
 
-    if (c>='a' && c<='f')
+    if (c >= 'a' && c <= 'f')
-        return c-'a'+10;
+        return c - 'a' + 10;
 
     return -1;
 }
 
-int gt_fromhex (uint8_t *dst, size_t dst_size, const char *src, size_t src_size)
+int
+gt_fromhex(uint8_t *dst, size_t dst_size, const char *src, size_t src_size)
 {
-    if _0_(src_size&1)
+    if (_0_(src_size & 1))
         return -1;
 
-    if _0_(dst_size<(src_size/2))
+    if (_0_(dst_size < (src_size / 2)))
         return -1;
 
-    for (size_t i=0; i<src_size; i+=2) {
+    for (size_t i = 0; i < src_size; i += 2) {
         const int a = fromhex(src[i]);
-        const int b = fromhex(src[i+1]);
+        const int b = fromhex(src[i + 1]);
 
-        if _0_(a==-1 || b==-1)
+        if (_0_(a == -1 || b == -1))
             return -1;
 
-        *dst++ = (a<<4)|b;
+        *dst++ = (a << 4) | b;
     }
 
     return 0;

src/common.h

@@ -29,10 +29,14 @@
 #define _const_        __attribute__ ((const))
 #define _align_(...)   __attribute__ ((aligned(__VA_ARGS__)))
 
+#undef MAX
+#define MAX(x,y) ({ __typeof__(x) X=(x); __typeof__(y) Y=(y); X > Y ? X : Y; })
+
+#undef MIN
+#define MIN(x,y) ({ __typeof__(x) X=(x); __typeof__(y) Y=(y); X < Y ? X : Y; })
+
 int  gt_print (const char *, ...) _printf_(1,2);
 void gt_log   (const char *, ...) _printf_(1,2);
-void gt_fatal (const char *, ...) _printf_(1,2) _noreturn_;
-void gt_na    (const char *);
 
 int gt_tohex   (char *, size_t, const uint8_t *, size_t);
 int gt_fromhex (uint8_t *, size_t, const char *, size_t);

src/db.c

@@ -3,56 +3,57 @@
 #include "db.h"
 #include "str.h"
 
-#define CBIT(X)      (1&(intptr_t)(X))
+#define CBIT(X) (1 & (intptr_t)(X))
-#define CBIT_PTR(X)  (uint8_t *)(1|(intptr_t)(X))
+#define CBIT_PTR(X) (uint8_t *)(1 | (intptr_t)(X))
-#define CBIT_NODE(X) (struct node *)(1^(intptr_t)(X))
+#define CBIT_NODE(X) (struct node *)(1 ^ (intptr_t)(X))
 
 struct node {
     uint8_t *child[2];
     uint32_t point;
 };
 
-_pure_
+_pure_ static inline size_t
-static inline size_t db_size (const uint8_t *a)
+db_size(const uint8_t *a)
 {
-    return (a[0]?:str_len((char *)a+1))+1;
+    return (a[0] ?: str_len((char *)a + 1)) + 1;
 }
 
-_pure_
+_pure_ static inline size_t
-static inline size_t db_cmp (const uint8_t *a, const uint8_t *b)
+db_cmp(const uint8_t *a, const uint8_t *b)
 {
     const size_t size = a[0];
 
-    if (size!=b[0])
+    if (size != b[0])
         return 1;
 
     if (!size) {
-        size_t i = str_cmp((char *)a+1, (char *)b+1);
+        size_t i = str_cmp((char *)a + 1, (char *)b + 1);
-        return i?i+1:0;
+        return i ? i + 1 : 0;
     }
 
-    for (size_t i=1; i<=size; i++) {
+    for (size_t i = 1; i <= size; i++) {
-        if (a[i]!=b[i])
+        if (a[i] != b[i])
-            return i+1;
+            return i + 1;
     }
 
     return 0;
 }
 
-_pure_
+_pure_ static inline int
-static inline int db_dir (const uint32_t point, uint8_t *data, const size_t size)
+db_dir(const uint32_t point, uint8_t *data, const size_t size)
 {
-    const size_t pos = point>>8;
+    const size_t pos = point >> 8;
 
-    if (pos>=size)
+    if (pos >= size)
         return 0;
 
-    return ((point|data[pos])&255)==255;
+    return ((point | data[pos]) & 255) == 255;
 }
 
-uint8_t *db_search (uint8_t **p, uint8_t *data)
+uint8_t *
+db_search(uint8_t **p, uint8_t *data)
 {
-    if _0_(!*p)
+    if (_0_(!*p))
         return NULL;
 
     uint8_t *r = *p;
@@ -69,12 +70,13 @@ uint8_t *db_search (uint8_t **p, uint8_t *data)
     return NULL;
 }
 
-uint8_t *db_insert (uint8_t **p, uint8_t *data)
+uint8_t *
+db_insert(uint8_t **p, uint8_t *data)
 {
-    if _0_(CBIT(data))
+    if (_0_(CBIT(data)))
         return NULL;
 
-    if _0_(!*p) {
+    if (_0_(!*p)) {
         *p = data;
         return data;
     }
@@ -89,31 +91,31 @@ uint8_t *db_insert (uint8_t **p, uint8_t *data)
 
     const size_t diff = db_cmp(r, data);
 
-    if _0_(!diff)
+    if (_0_(!diff))
         return r;
 
-    const size_t pos = diff-1;
+    const size_t pos = diff - 1;
-    const uint8_t mask = ~((1u<<31)>>CLZ(r[pos]^data[pos]));
+    const uint8_t mask = ~((1u << 31) >> CLZ(r[pos] ^ data[pos]));
-    const size_t point = (pos<<8)|mask;
+    const size_t point = (pos << 8) | mask;
 
     while (CBIT(*p)) {
         struct node *node = CBIT_NODE(*p);
 
-        if (node->point>point)
+        if (node->point > point)
             break;
 
-        p = node->child+db_dir(node->point, data, size);
+        p = node->child + db_dir(node->point, data, size);
     }
 
     struct node *node = malloc(sizeof(struct node));
 
-    if _0_(!node)
+    if (_0_(!node))
         return NULL;
 
-    const int dir = (mask|r[pos])==255;
+    const int dir = (mask | r[pos]) == 255;
 
     node->child[dir] = *p;
-    node->child[1-dir] = data;
+    node->child[1 - dir] = data;
     node->point = point;
 
     *p = CBIT_PTR(node);
@@ -121,9 +123,10 @@ uint8_t *db_insert (uint8_t **p, uint8_t *data)
     return data;
 }
 
-uint8_t *db_remove (uint8_t **p, uint8_t *data)
+uint8_t *
+db_remove(uint8_t **p, uint8_t *data)
 {
-    if _0_(!*p)
+    if (_0_(!*p))
         return NULL;
 
     const size_t size = db_size(data);
@@ -136,16 +139,16 @@ uint8_t *db_remove (uint8_t **p, uint8_t *data)
         p_old = p;
         node = CBIT_NODE(*p);
         dir = db_dir(node->point, data, size);
-        p = node->child+dir;
+        p = node->child + dir;
     }
 
-    if _0_(db_cmp(data, *p))
+    if (_0_(db_cmp(data, *p)))
         return NULL;
 
     uint8_t *r = *p;
 
     if (p_old) {
-        *p_old = node->child[1-dir];
+        *p_old = node->child[1 - dir];
         free(node);
     } else {
         *p = NULL;

src/iface.c

@@ -0,0 +1,29 @@
+#include "common.h"
+
+#include "str.h"
+
+#include <sys/ioctl.h>
+#include <net/if.h>
+
+int
+iface_set_mtu(char *dev_name, int mtu)
+{
+    struct ifreq ifr = {
+        .ifr_mtu = mtu,
+    };
+
+    str_cpy(ifr.ifr_name, dev_name, IFNAMSIZ - 1);
+
+    int fd = socket(AF_INET, SOCK_DGRAM, 0);
+
+    if (fd == -1)
+        return -1;
+
+    int ret = ioctl(fd, SIOCSIFMTU, &ifr);
+
+    int err = errno;
+    close(fd);
+    errno = err;
+
+    return ret;
+}

src/iface.h

@@ -0,0 +1,3 @@
+#pragma once
+
+int iface_set_mtu (char *, int);

src/ip.h

@@ -4,34 +4,40 @@
 
 struct ip_common {
     uint8_t version;
+    uint8_t tc;
     uint8_t proto;
     uint8_t hdr_size;
     uint16_t size;
 };
 
-_pure_
+_pure_ static inline uint8_t
-static inline uint8_t ip_get_version (const uint8_t *data, size_t size)
+ip_get_version(const uint8_t *data, size_t size)
 {
-    if (size<20)
+    if (size < 20)
         return 0;
 
-    return data[0]>>4;
+    return data[0] >> 4;
 }
 
-static inline int ip_get_common (struct ip_common *ic, const uint8_t *data, size_t size)
+static inline int
+ip_get_common(struct ip_common *ic, const uint8_t *data, size_t size)
 {
     ic->version = ip_get_version(data, size);
 
     switch (ic->version) {
     case 4:
+        ic->tc = data[1];
         ic->proto = data[9];
-        ic->hdr_size = (data[0]&0xF)<<2;
+        ic->hdr_size = (data[0] & 0xF) << 2;
-        ic->size = ((data[2]<<8)|data[3]);
+        ic->size = ((data[2] << 8) | data[3]);
-        return 0;
+        if (ic->size >= 20)
+            return 0;
+        break;
     case 6:
+        ic->tc = ((data[0] & 0xF) << 4) | (data[1] >> 4);
         ic->proto = data[6];
         ic->hdr_size = 40;
-        ic->size = ((data[4]<<8)|data[5])+40;
+        ic->size = ((data[4] << 8) | data[5]) + 40;
         return 0;
     }
 

src/main.c

@@ -1,71 +1,107 @@
 #include "common.h"
 
-#include "buffer.h"
-#include "ip.h"
-#include "str.h"
-#include "option.h"
-#include "tun.h"
 #include "db.h"
-#include "state.h"
+#include "ip.h"
+#include "option.h"
+#include "str.h"
+#include "tun.h"
+#include "iface.h"
 
+#include <fcntl.h>
 #include <inttypes.h>
 #include <limits.h>
-#include <stdio.h>
-#include <signal.h>
 #include <poll.h>
-#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
 #include <sys/socket.h>
 #include <sys/time.h>
+#include <netinet/in.h>
 
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include "mud.h"
+#include "../mud/mud.h"
 
 #ifndef O_CLOEXEC
 #define O_CLOEXEC 0
 #endif
 
+#ifndef PACKAGE_VERSION
+#define PACKAGE_VERSION "unknown"
+#endif
+
+#define GT_MTU(X) ((X)-28)
+
 static struct {
     volatile sig_atomic_t quit;
-    volatile sig_atomic_t info;
+    volatile sig_atomic_t reload;
-    int timeout;
+    char *dev;
-    int state_fd;
+    char *keyfile;
-} gt;
+    char *host;
+    long port;
+    struct {
+        char *list;
+        char *backup;
+        long port;
+    } bind;
+    long mtu;
+    long timeout;
+    long time_tolerance;
+    int ipv4;
+    int ipv6;
+    int mtu_auto;
+    int chacha20;
+    int version;
+    int keygen;
+    int persist;
+    struct {
+        unsigned char *data;
+        long size;
+    } buf;
+} gt = {
+    .port = 5000,
+    .bind = {
+        .port = 5000,
+    },
+    .mtu = 1500,
+    .timeout = 5000,
+    .ipv4 = 1,
+#ifdef __linux__
+    .ipv6 = 1,
+#endif
+    .buf = {
+        .size = 64 * 1024,
+    },
+};
 
-static void fd_set_nonblock (int fd)
+static void
+fd_set_nonblock(int fd)
 {
     int ret;
 
     do {
         ret = fcntl(fd, F_GETFL, 0);
-    } while (ret==-1 && errno==EINTR);
+    } while (ret == -1 && errno == EINTR);
 
-    int flags = (ret==-1)?0:ret;
+    int flags = (ret == -1) ? 0 : ret;
 
     do {
-        ret = fcntl(fd, F_SETFL, flags|O_NONBLOCK);
+        ret = fcntl(fd, F_SETFL, flags | O_NONBLOCK);
-    } while (ret==-1 && errno==EINTR);
+    } while (ret == -1 && errno == EINTR);
 
-    if (ret==-1)
+    if (ret == -1)
         perror("fcntl O_NONBLOCK");
 }
 
-static void gt_sa_handler (int sig)
+static void
+gt_quit_handler(int sig)
 {
-    switch (sig) {
+    gt.reload = (sig == SIGHUP);
-    case SIGINT:
+    gt.quit = 1;
-    case SIGQUIT:
-    case SIGTERM:
-        gt.quit = 1;
-        break;
-    case SIGUSR1:
-        gt.info = 1;
-        break;
-    }
 }
 
-static void gt_set_signal (void)
+static void
+gt_set_signal(void)
 {
     struct sigaction sa = {
         .sa_flags = 0,
@@ -73,147 +109,66 @@ static void gt_set_signal (void)
 
     sigemptyset(&sa.sa_mask);
 
-    sa.sa_handler = gt_sa_handler;
+    sa.sa_handler = gt_quit_handler;
-    sigaction(SIGINT,  &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
     sigaction(SIGQUIT, &sa, NULL);
     sigaction(SIGTERM, &sa, NULL);
-    sigaction(SIGUSR1, &sa, NULL);
+    sigaction(SIGHUP, &sa, NULL);
 
     sa.sa_handler = SIG_IGN;
-    sigaction(SIGHUP,  &sa, NULL);
     sigaction(SIGPIPE, &sa, NULL);
+    sigaction(SIGUSR1, &sa, NULL);
+    sigaction(SIGUSR2, &sa, NULL);
 }
 
-static ssize_t fd_read (int fd, void *data, size_t size)
+static void
-{
+gt_print_secretkey(struct mud *mud)
-    if ((fd==-1) || !size)
-        return -1;
-
-    ssize_t ret = read(fd, data, size);
-
-    if (ret==-1) {
-        if (errno==EAGAIN || errno==EINTR)
-            return -1;
-
-        if (errno)
-            perror("read");
-
-        return 0;
-    }
-
-    return ret;
-}
-
-static ssize_t fd_write (int fd, const void *data, size_t size)
-{
-    if ((fd==-1) || !size)
-        return -1;
-
-    ssize_t ret = write(fd, data, size);
-
-    if (ret==-1) {
-        if (errno==EAGAIN || errno==EINTR)
-            return -1;
-
-        if (errno==EPIPE || errno==ECONNRESET)
-            return 0;
-
-        if (errno)
-            perror("write");
-
-        return 0;
-    }
-
-    return ret;
-}
-
-static size_t fd_read_all (int fd, void *data, size_t size)
-{
-    size_t done = 0;
-
-    while (done<size) {
-        ssize_t ret = fd_read(fd, (uint8_t *)data+done, size-done);
-
-        if (!ret)
-            break;
-
-        if (ret<0) {
-            struct pollfd pollfd = {
-                .fd = fd,
-                .events = POLLIN,
-            };
-
-            if (!poll(&pollfd, 1, gt.timeout))
-                break;
-
-            continue;
-        }
-
-        done += ret;
-    }
-
-    return done;
-}
-
-static size_t fd_write_all (int fd, const void *data, size_t size)
-{
-    size_t done = 0;
-
-    while (done<size) {
-        ssize_t ret = fd_write(fd, (const uint8_t *)data+done, size-done);
-
-        if (!ret)
-            break;
-
-        if (ret<0) {
-            struct pollfd pollfd = {
-                .fd = fd,
-                .events = POLLOUT,
-            };
-
-            if (!poll(&pollfd, 1, gt.timeout))
-                break;
-
-            continue;
-        }
-
-        done += ret;
-    }
-
-    return done;
-}
-
-static int gt_setup_secretkey (struct mud *mud, char *keyfile)
 {
     unsigned char key[32];
+    size_t size = sizeof(key);
 
-    if (str_empty(keyfile)) {
+    if (mud_get_key(mud, key, &size))
-        char buf[2*sizeof(key)+1];
+        return;
 
-        mud_get_key(mud, key, sizeof(key));
+    char buf[2 * sizeof(key) + 1];
-        gt_tohex(buf, sizeof(buf), key, sizeof(key));
-        state_send(gt.state_fd, "SECRETKEY", buf);
 
-        return 0;
+    gt_tohex(buf, sizeof(buf), key, size);
-    }
+    gt_print("%s\n", buf);
+}
 
+static int
+gt_setup_secretkey(struct mud *mud, char *keyfile)
+{
     int fd;
 
     do {
-        fd = open(keyfile, O_RDONLY|O_CLOEXEC);
+        fd = open(keyfile, O_RDONLY | O_CLOEXEC);
-    } while (fd==-1 && errno==EINTR);
+    } while (fd == -1 && errno == EINTR);
 
-    if (fd==-1) {
+    if (fd == -1) {
         perror("open keyfile");
         return -1;
     }
 
-    char buf[2*sizeof(key)];
+    unsigned char key[32];
-    size_t r = fd_read_all(fd, buf, sizeof(buf));
+    char buf[2 * sizeof(key)];
+    size_t size = 0;
+
+    while (size < sizeof(buf)) {
+        ssize_t r = read(fd, &buf[size], sizeof(buf) - size);
+
+        if (r <= (ssize_t)0) {
+            if (r && (errno == EAGAIN || errno == EINTR))
+                continue;
+            break;
+        }
+
+        size += r;
+    }
 
     close(fd);
 
-    if (r!=sizeof(buf)) {
+    if (size != sizeof(buf)) {
         gt_log("unable to read secret key\n");
         return -1;
     }
@@ -228,207 +183,339 @@ static int gt_setup_secretkey (struct mud *mud, char *keyfile)
     return 0;
 }
 
-int main (int argc, char **argv)
+static int
+gt_setup_option(int argc, char **argv)
 {
-    gt_set_signal();
+    // clang-format off
-
-    char *host = NULL;
-    char *port = "5000";
-    char *bind_list = NULL;
-    char *bind_port = "5000";
-    char *dev = NULL;
-    char *keyfile = NULL;
-    char *statefile = NULL;
-
-    gt.timeout = 5000;
-
-    long time_tolerance = 0;
-
-    int v4 = 1;
-    int v6 = 1;
 
     struct option opts[] = {
-        { "host",           &host,           option_str    },
+        { "host",           &gt.host,           option_str    },
-        { "port",           &port,           option_str    },
+        { "port",           &gt.port,           option_long   },
-        { "bind",           &bind_list,      option_str    },
+        { "bind",           &gt.bind.list,      option_str    },
-        { "bind-port",      &bind_port,      option_str    },
+        { "bind-backup",    &gt.bind.backup,    option_str    },
-        { "dev",            &dev,            option_str    },
+        { "bind-port",      &gt.bind.port,      option_long   },
-        { "keyfile",        &keyfile,        option_str    },
+        { "dev",            &gt.dev,            option_str    },
-        { "multiqueue",     NULL,            option_option },
+        { "persist",        NULL,               option_option },
-        { "statefile",      &statefile,      option_str    },
+        { "mtu",            &gt.mtu,            option_long   },
-        { "timeout",        &gt.timeout,     option_long   },
+        { "mtu-auto",       NULL,               option_option },
-        { "time-tolerance", &time_tolerance, option_long   },
+        { "keyfile",        &gt.keyfile,        option_str    },
-        { "v4only",         NULL,            option_option },
+        { "keygen",         NULL,               option_option },
-        { "v6only",         NULL,            option_option },
+        { "timeout",        &gt.timeout,        option_long   },
-        { "version",        NULL,            option_option },
+        { "time-tolerance", &gt.time_tolerance, option_long   },
-        { NULL },
+        { "v4only",         NULL,               option_option },
+        { "v6only",         NULL,               option_option },
+        { "chacha20",       NULL,               option_option },
+        { "buf-size",       &gt.buf.size,       option_long   },
+        { "version",        NULL,               option_option },
+        {  NULL                                               },
     };
 
+    // clang-format on
+
     if (option(opts, argc, argv))
         return 1;
 
-    if (option_is_set(opts, "version")) {
+    int v4only = option_is_set(opts, "v4only");
-        gt_print(PACKAGE_STRING"\n");
+    int v6only = option_is_set(opts, "v6only");
-        return 0;
-    }
 
-    if (option_is_set(opts, "v4only"))
+    if (v4only && v6only) {
-        v6 = 0;
+        gt_log("v4only and v6only cannot be both set\n");
-
-    if (option_is_set(opts, "v6only"))
-        v4 = 0;
-
-    if (!v4 && !v6) {
-        gt_log("v4only and v6only are both set\n");
         return 1;
     }
 
-    if (host && !option_is_set(opts, "keyfile")) {
+    if ((int)gt.timeout <= 0) {
-        gt_log("keyfile option must be set\n");
-        return 1;
-    }
-
-    if (gt.timeout<=0 || gt.timeout>INT_MAX) {
         gt_log("bad timeout\n");
         return 1;
     }
 
-    gt.state_fd = state_create(statefile);
+    if (gt.buf.size <= 0) {
-
+        gt_log("bad buf-size\n");
-    if (statefile && gt.state_fd==-1)
-        return 1;
-
-    char *tun_name = NULL;
-
-    int tun_fd = tun_create(dev, &tun_name, option_is_set(opts, "multiqueue"));
-
-    if (tun_fd==-1) {
-        gt_log("couldn't create tun device\n");
         return 1;
     }
 
-    fd_set_nonblock(tun_fd);
+    if (v4only) {
+        gt.ipv4 = 1;
+        gt.ipv6 = 0;
+    }
 
-    struct mud *mud = mud_create(bind_port, v4, v6);
+    if (v6only) {
+        gt.ipv4 = 0;
+        gt.ipv6 = 1;
+    }
+
+    gt.mtu_auto = option_is_set(opts, "mtu-auto");
+    gt.chacha20 = option_is_set(opts, "chacha20");
+    gt.version = option_is_set(opts, "version");
+    gt.keygen = option_is_set(opts, "keygen");
+    gt.persist = option_is_set(opts, "persist");
+
+    gt.buf.data = malloc(gt.buf.size);
+
+    return 0;
+}
+
+static void
+gt_setup_mtu(struct mud *mud, char *tun_name)
+{
+    int mtu = mud_get_mtu(mud);
+
+    if (mtu == (int)gt.mtu)
+        return;
+
+    gt.mtu = mtu;
+
+    gt_log("setup MTU to %i on interface %s\n", mtu, tun_name);
+
+    if (iface_set_mtu(tun_name, mtu) == -1)
+        perror("tun_set_mtu");
+}
+
+int
+main(int argc, char **argv)
+{
+    gt_set_signal();
+
+    if (gt_setup_option(argc, argv))
+        return 1;
+
+    if (gt.version) {
+        gt_print(PACKAGE_VERSION "\n");
+        return 0;
+    }
+
+    int icmp_fd = -1;
+
+    if (gt.ipv4 && gt.mtu_auto) {
+        icmp_fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+
+        if (icmp_fd == -1)
+            gt_log("couldn't create ICMP socket\n");
+    }
+
+    struct mud *mud = mud_create(gt.bind.port, gt.ipv4, gt.ipv6);
 
     if (!mud) {
         gt_log("couldn't create mud\n");
         return 1;
     }
 
-    if (gt_setup_secretkey(mud, keyfile))
+    if (gt.keygen || str_empty(gt.keyfile)) {
-        return 1;
+        if (mud_new_key(mud)) {
-
+            gt_log("couldn't generate a new key\n");
-    mud_set_send_timeout_msec(mud, gt.timeout);
+            return 1;
-
-    if (time_tolerance > 0)
-        mud_set_time_tolerance_sec(mud, time_tolerance);
-
-    if (bind_list) {
-        char tmp[1024];
-        char *name = &tmp[0];
-
-        size_t size = str_cpy(tmp, bind_list, sizeof(tmp)-1);
-
-        for (size_t i=0; i<size; i++) {
-            if (tmp[i]!=',')
-                continue;
-
-            tmp[i] = 0;
-
-            if (mud_bind(mud, name))
-                return 1;
-
-            name = &tmp[i+1];
         }
+    }
 
-        if (name[0] && mud_bind(mud, name))
+    if (gt.keygen) {
+        gt_print_secretkey(mud);
+        return 0;
+    }
+
+    if (!gt.chacha20 && mud_set_aes(mud))
+        gt_log("AES is not available\n");
+
+    if (gt.timeout > 0)
+        mud_set_send_timeout_msec(mud, gt.timeout);
+
+    if (gt.time_tolerance > 0)
+        mud_set_time_tolerance_sec(mud, gt.time_tolerance);
+
+    mud_set_mtu(mud, GT_MTU(gt.mtu));
+
+    char *tun_name = NULL;
+
+    int tun_fd = tun_create(gt.dev, &tun_name);
+
+    if (tun_fd == -1) {
+        gt_log("couldn't create tun device\n");
+        return 1;
+    }
+
+    if (tun_set_persist(tun_fd, gt.persist) == -1)
+        perror("tun_set_persist");
+
+    if (str_empty(gt.keyfile)) {
+        gt_print("here is your new secret key:\n");
+        gt_print_secretkey(mud);
+    } else {
+        if (gt_setup_secretkey(mud, gt.keyfile))
             return 1;
     }
 
-    if (host && mud_peer(mud, host, port))
+    if (gt.host && gt.port) {
-        return 1;
+        if (gt.bind.backup) {
+            if (mud_peer(mud, gt.bind.backup, gt.host, gt.port, 1)) {
+                perror("mud_peer (backup)");
+                return 1;
+            }
+        }
+
+        if (gt.bind.list) {
+            char tmp[1024];
+            char *name = &tmp[0];
+
+            str_cpy(tmp, gt.bind.list, sizeof(tmp) - 1);
+
+            while (*name) {
+                char *p = name;
+
+                while (*p && *p != ',')
+                    p++;
+
+                if (*p)
+                    *p++ = 0;
+
+                if (mud_peer(mud, name, gt.host, gt.port, 0)) {
+                    perror("mud_peer");
+                    return 1;
+                }
+
+                name = p;
+            }
+        }
+    }
+
+    gt_setup_mtu(mud, tun_name);
 
     int mud_fd = mud_get_fd(mud);
 
-    state_send(gt.state_fd, "INITIALIZED", tun_name);
+    fd_set_nonblock(tun_fd);
+    fd_set_nonblock(mud_fd);
+
+    if (icmp_fd != -1)
+        fd_set_nonblock(icmp_fd);
+
+    gt_log("running...\n");
 
     fd_set rfds;
     FD_ZERO(&rfds);
 
-    int started = 0;
+    int last_fd = 1 + MAX(tun_fd, MAX(mud_fd, icmp_fd));
-    unsigned char buf[2048];
 
     while (!gt.quit) {
         FD_SET(tun_fd, &rfds);
+        FD_SET(mud_fd, &rfds);
 
-        if (mud_can_pull(mud)) {
+        if (icmp_fd != -1)
-            FD_SET(mud_fd, &rfds);
+            FD_SET(icmp_fd, &rfds);
-        } else {
-            FD_CLR(mud_fd, &rfds);
-        }
 
-        struct timeval timeout = {
+        if (select(last_fd, &rfds, NULL, NULL, NULL) == -1) {
-            .tv_usec = 100000,
+            if (errno != EBADF)
-        };
-
-        if (mud_can_push(mud))
-            timeout.tv_usec = 1000;
-
-        if _0_(select(mud_fd+1, &rfds, NULL, NULL, &timeout)==-1) {
-            if (errno==EINTR)
                 continue;
             perror("select");
             return 1;
         }
 
-        if (mud_is_up(mud)) {
+        if (icmp_fd != -1 && FD_ISSET(icmp_fd, &rfds)) {
-            if (!started) {
+            struct sockaddr_storage ss;
-                state_send(gt.state_fd, "STARTED", tun_name);
+            socklen_t sl = sizeof(ss);
-                started = 1;
+            ssize_t r = recvfrom(icmp_fd, gt.buf.data, gt.buf.size, 0,
-            }
+                                 (struct sockaddr *)&ss, &sl);
-        } else {
+            if (r >= 8) {
-            if (started) {
+                struct ip_common ic;
-                state_send(gt.state_fd, "STOPPED", tun_name);
+                if (!ip_get_common(&ic, gt.buf.data, r) && ic.proto == 1) {
-                started = 0;
+                    unsigned char *data = &gt.buf.data[ic.hdr_size];
+                    if (data[0] == 3) {
+                        int mtu = (data[6] << 8) | data[7];
+                        if (mtu) {
+                            gt_log("received MTU from ICMP: %i\n", mtu);
+                            mud_set_mtu(mud, GT_MTU(mtu));
+                        }
+                    }
+                }
             }
         }
 
         if (FD_ISSET(tun_fd, &rfds)) {
-            while (1) {
+            size_t size = 0;
-                const ssize_t r = tun_read(tun_fd, buf, sizeof(buf));
 
-                if (r<=0) {
+            while (gt.buf.size - size >= gt.mtu) {
-                    gt.quit |= !r;
+                const int r = tun_read(tun_fd, &gt.buf.data[size], gt.buf.size - size);
+
+                if (r <= 0 || r > gt.mtu)
                     break;
-                }
 
                 struct ip_common ic;
 
-                if (!ip_get_common(&ic, buf, sizeof(buf)) && ic.size==r)
+                if (ip_get_common(&ic, &gt.buf.data[size], r) || ic.size != r)
-                    mud_send(mud, buf, r);
+                    break;
+
+                size += r;
+            }
+
+            int p = 0;
+
+            while (p < size) {
+                int tc = 0;
+                int q = p;
+
+                while (q < size) {
+                    struct ip_common ic;
+
+                    if ((ip_get_common(&ic, &gt.buf.data[q], size - q)) ||
+                        (ic.size > size - q))
+                        break;
+
+                    if (q + ic.size > p + gt.mtu)
+                        break;
+
+                    q += ic.size;
+
+                    if (tc < (ic.tc & 0xFC))
+                        tc = ic.tc & 0xFC;
+                }
+
+                if (p >= q)
+                    break;
+
+                int r = mud_send(mud, &gt.buf.data[p], q - p, tc);
+
+                if (r == -1 && errno == EMSGSIZE) {
+                    gt_setup_mtu(mud, tun_name);
+                } else {
+                    if (r == -1 && errno != EAGAIN)
+                        perror("mud_send");
+                }
+
+                p = q;
             }
         }
 
-        mud_push(mud);
+        if (FD_ISSET(mud_fd, &rfds)) {
+            size_t size = 0;
 
-        if (FD_ISSET(mud_fd, &rfds))
+            while (gt.buf.size - size >= gt.mtu) {
-            mud_pull(mud);
+                const int r = mud_recv(mud, &gt.buf.data[size], gt.buf.size - size);
 
-        while (1) {
+                if (r <= 0) {
-            const int size = mud_recv(mud, buf, sizeof(buf));
+                    if (r == -1 && errno != EAGAIN)
+                        perror("mud_recv");
+                    break;
+                }
 
-            if (size<=0)
+                size += r;
-                break;
+            }
 
-            const ssize_t r = tun_write(tun_fd, buf, size);
+            int p = 0;
 
-            if (r<=0) {
+            while (p < size) {
-                gt.quit |= !r;
+                struct ip_common ic;
-                break;
+
+                if ((ip_get_common(&ic, &gt.buf.data[p], size - p)) ||
+                    (ic.size > size - p))
+                    break;
+
+                tun_write(tun_fd, &gt.buf.data[p], ic.size);
+
+                p += ic.size;
             }
         }
     }
 
+    if (gt.reload && tun_fd >= 0) {
+        if (tun_set_persist(tun_fd, 1) == -1)
+            perror("tun_set_persist");
+    }
+
     return 0;
 }

src/option.c

@@ -3,9 +3,10 @@
 #include "option.h"
 #include "str.h"
 
-int option_str (void *data, int argc, char **argv)
+int
+option_str(void *data, int argc, char **argv)
 {
-    if (argc<2 || str_empty(argv[1])) {
+    if (argc < 2 || str_empty(argv[1])) {
         gt_print("option `%s' need a string argument\n", argv[0]);
         return -1;
     }
@@ -15,9 +16,10 @@ int option_str (void *data, int argc, char **argv)
     return 1;
 }
 
-int option_long (void *data, int argc, char **argv)
+int
+option_long(void *data, int argc, char **argv)
 {
-    if (argc<2 || str_empty(argv[1])) {
+    if (argc < 2 || str_empty(argv[1])) {
         gt_print("option `%s' need an integer argument\n", argv[0]);
         return -1;
     }
@@ -26,7 +28,7 @@ int option_long (void *data, int argc, char **argv)
     char *end;
     long val = strtol(argv[1], &end, 0);
 
-    if (errno || argv[1]==end) {
+    if (errno || argv[1] == end) {
         gt_print("argument `%s' is not a valid integer\n", argv[1]);
         return -1;
     }
@@ -36,9 +38,10 @@ int option_long (void *data, int argc, char **argv)
     return 1;
 }
 
-int option_is_set (struct option *opts, const char *name)
+int
+option_is_set(struct option *opts, const char *name)
 {
-    for (int k=0; opts[k].name; k++) {
+    for (int k = 0; opts[k].name; k++) {
         if (!str_cmp(opts[k].name, name))
             return opts[k].set;
     }
@@ -46,20 +49,21 @@ int option_is_set (struct option *opts, const char *name)
     return 0;
 }
 
-int option_option (void *data, int argc, char **argv)
+int
+option_option(void *data, int argc, char **argv)
 {
     if (!data)
         return 0;
 
     struct option *opts = (struct option *)data;
 
-    for (int k=0; opts[k].name; k++)
+    for (int k = 0; opts[k].name; k++)
         opts[k].set = 0;
 
-    for (int i=1; i<argc; i++) {
+    for (int i = 1; i < argc; i++) {
         int found = 0;
 
-        for (int k=0; opts[k].name; k++) {
+        for (int k = 0; opts[k].name; k++) {
             if (str_cmp(opts[k].name, argv[i]))
                 continue;
 
@@ -68,9 +72,9 @@ int option_option (void *data, int argc, char **argv)
                 return -1;
             }
 
-            int ret = opts[k].call(opts[k].data, argc-i, &argv[i]);
+            int ret = opts[k].call(opts[k].data, argc - i, &argv[i]);
 
-            if (ret<0)
+            if (ret < 0)
                 return -1;
 
             opts[k].set = 1;
@@ -81,29 +85,30 @@ int option_option (void *data, int argc, char **argv)
         }
 
         if (!found)
-            return i-1;
+            return i - 1;
     }
 
     return argc;
 }
 
-static int option_usage (struct option *opts, int slen)
+static int
+option_usage(struct option *opts, int slen)
 {
     if (!opts)
         return 0;
 
     int len = 0;
 
-    for (int k=0; opts[k].name; k++) {
+    for (int k = 0; opts[k].name; k++) {
-        if (len>40) {
+        if (len > 40) {
             gt_print("\n%*s", slen, "");
             len = 0;
         }
 
         len += gt_print(" [%s", opts[k].name);
 
-        if (opts[k].call==option_option) {
+        if (opts[k].call == option_option) {
-            len += option_usage((struct option *)opts[k].data, slen+len);
+            len += option_usage((struct option *)opts[k].data, slen + len);
         } else {
             len += gt_print(" ARG");
         }
@@ -114,21 +119,22 @@ static int option_usage (struct option *opts, int slen)
     return len;
 }
 
-int option (struct option *opts, int argc, char **argv)
+int
+option(struct option *opts, int argc, char **argv)
 {
     int ret = option_option(opts, argc, argv);
 
-    if (ret==argc)
+    if (ret == argc)
         return 0;
 
-    if (ret<0 || ret+1>=argc)
+    if (ret < 0 || ret + 1 >= argc)
         return 1;
 
-    gt_print("option `%s' is unknown\n", argv[ret+1]);
+    gt_print("option `%s' is unknown\n", argv[ret + 1]);
 
     int slen = gt_print("usage: %s", argv[0]);
 
-    if (slen>40) {
+    if (slen > 40) {
         slen = 12;
         gt_print("\n%*s", slen, "");
     }

src/state.c

@@ -1,62 +0,0 @@
-#include "common.h"
-
-#include "state.h"
-#include "str.h"
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-int state_create (const char *filename)
-{
-    if (str_empty(filename))
-        return -1;
-
-    int fd = open(filename, O_WRONLY);
-
-    if (fd==-1) {
-        if (errno!=EINTR)
-            perror("open");
-        return -1;
-    }
-
-    struct stat st = {0};
-
-    if (fstat(fd, &st)==-1) {
-        perror("fstat");
-        close(fd);
-        return -1;
-    }
-
-    if (!S_ISFIFO(st.st_mode)) {
-        gt_log("`%s' is not a fifo\n", filename);
-        close(fd);
-        return -1;
-    }
-
-    return fd;
-}
-
-void state_send (int fd, const char *state, const char *info)
-{
-    if (str_empty(state))
-        return;
-
-    if (fd==-1) {
-        gt_print("%s %s\n", state, info);
-        return;
-    }
-
-    const char *strs[] = { state, " ", info, "\n" };
-    char *str = str_cat(strs, COUNT(strs));
-
-    if (!str) {
-        perror("str_cat");
-        return;
-    }
-
-    if (write(fd, str, str_len(str))==-1 && errno!=EINTR)
-        perror("write");
-
-    free(str);
-}

src/state.h

@@ -1,4 +0,0 @@
-#pragma once
-
-int  state_create (const char *);
-void state_send   (int, const char *, const char *);

src/str.h

@@ -2,14 +2,15 @@
 
 #include "common.h"
 
-static inline size_t str_cpy (char *restrict dst, const char *restrict src, size_t len)
+static inline size_t
+str_cpy(char *restrict dst, const char *restrict src, size_t len)
 {
     if (!dst || !src)
         return 0;
 
     size_t i;
 
-    for (i=0; i<len && src[i]; i++)
+    for (i = 0; i < len && src[i]; i++)
         dst[i] = src[i];
 
     dst[i] = 0;
@@ -17,29 +18,29 @@ static inline size_t str_cpy (char *restrict dst, const char *restrict src, size
     return i;
 }
 
-_pure_
+_pure_ static inline int
-static inline int str_empty (const char *restrict str)
+str_empty(const char *restrict str)
 {
     return !str || !str[0];
 }
 
-_pure_
+_pure_ static inline size_t
-static inline size_t str_cmp (const char *restrict sa, const char *restrict sb)
+str_cmp(const char *restrict sa, const char *restrict sb)
 {
     if (!sa || !sb)
         return 1;
 
     size_t i = 0;
 
-    while (sa[i]==sb[i])
+    while (sa[i] == sb[i])
         if (!sa[i++])
             return 0;
 
-    return i+1;
+    return i + 1;
 }
 
-_pure_
+_pure_ static inline size_t
-static inline size_t str_len (const char *restrict str)
+str_len(const char *restrict str)
 {
     if (!str)
         return 0;
@@ -47,11 +48,12 @@ static inline size_t str_len (const char *restrict str)
     return strlen(str);
 }
 
-static inline char *str_cat (const char **strs, size_t count)
+static inline char *
+str_cat(const char **strs, size_t count)
 {
     size_t size = 1;
 
-    for (size_t i=0; i<count; i++)
+    for (size_t i = 0; i < count; i++)
         size += str_len(strs[i]);
 
     char *str = malloc(size);
@@ -61,7 +63,7 @@ static inline char *str_cat (const char **strs, size_t count)
 
     char *p = str;
 
-    for (size_t i=0; i<count; i++) {
+    for (size_t i = 0; i < count; i++) {
         size_t len = str_len(strs[i]);
         memcpy(p, strs[i], len);
         p += len;

src/tun.c

@@ -1,25 +1,29 @@
 #include "common.h"
 
-#include "tun.h"
-#include "str.h"
 #include "ip.h"
+#include "str.h"
+#include "tun.h"
 
-#include <stdio.h>
 #include <fcntl.h>
+#include <stdio.h>
 
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 
+#include <net/if.h>
+
 #ifdef __linux__
-#include <linux/if.h>
+#define IFF_TUN 0x0001
-#include <linux/if_tun.h>
+#define IFF_NO_PI 0x1000
+#define TUNSETIFF _IOW('T', 202, int)
+#define TUNSETPERSIST _IOW('T', 203, int)
 #endif
 
 #ifdef __APPLE__
-#include <sys/sys_domain.h>
-#include <sys/kern_control.h>
 #include <net/if_utun.h>
+#include <sys/kern_control.h>
+#include <sys/sys_domain.h>
 #endif
 
 #if defined(__APPLE__) || defined(__OpenBSD__)
@@ -28,20 +32,23 @@
 
 #ifdef __APPLE__
 
-static int tun_create_by_id (char *name, size_t size, unsigned id, _unused_ int mq)
+static int
+tun_create_by_id(char *name, size_t size, unsigned id)
 {
     int fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
 
-    if (fd==-1)
+    if (fd == -1)
         return -1;
 
     struct ctl_info ci;
 
     memset(&ci, 0, sizeof(ci));
-    str_cpy(ci.ctl_name, UTUN_CONTROL_NAME, sizeof(ci.ctl_name)-1);
+    str_cpy(ci.ctl_name, UTUN_CONTROL_NAME, sizeof(ci.ctl_name) - 1);
 
     if (ioctl(fd, CTLIOCGINFO, &ci)) {
+        int err = errno;
         close(fd);
+        errno = err;
         return -1;
     }
 
@@ -50,11 +57,13 @@ static int tun_create_by_id (char *name, size_t size, unsigned id, _unused_ int
         .sc_len = sizeof(sc),
         .sc_family = AF_SYSTEM,
         .ss_sysaddr = AF_SYS_CONTROL,
-        .sc_unit = id+1,
+        .sc_unit = id + 1,
     };
 
     if (connect(fd, (struct sockaddr *)&sc, sizeof(sc))) {
+        int err = errno;
         close(fd);
+        errno = err;
         return -1;
     }
 
@@ -63,139 +72,132 @@ static int tun_create_by_id (char *name, size_t size, unsigned id, _unused_ int
     return fd;
 }
 
-static int tun_create_by_name (char *name, size_t size, char *dev_name, int mq)
+static int
+tun_create_by_name(char *name, size_t size, char *dev_name)
 {
     unsigned id = 0;
 
-    if (sscanf(dev_name, "utun%u", &id)!=1)
+    if (sscanf(dev_name, "utun%u", &id) != 1) {
+        errno = EINVAL;
         return -1;
+    }
 
-    return tun_create_by_id(name, size, id, mq);
+    return tun_create_by_id(name, size, id);
 }
 
 #else /* not __APPLE__ */
 
 #ifdef __linux__
 
-static int tun_create_by_name (char *name, size_t size, char *dev_name, int mq)
+static int
+tun_create_by_name(char *name, size_t size, char *dev_name)
 {
     int fd = open("/dev/net/tun", O_RDWR);
 
-    if (fd==-1)
+    if (fd == -1)
         return -1;
 
     struct ifreq ifr = {
-        .ifr_flags = IFF_TUN|IFF_NO_PI,
+        .ifr_flags = IFF_TUN | IFF_NO_PI,
     };
 
-    if (mq) {
+    str_cpy(ifr.ifr_name, dev_name, IFNAMSIZ - 1);
-#ifdef IFF_MULTI_QUEUE
-        ifr.ifr_flags |= IFF_MULTI_QUEUE;
-#endif
-    }
-
-    str_cpy(ifr.ifr_name, dev_name, IFNAMSIZ-1);
 
     if (ioctl(fd, TUNSETIFF, &ifr)) {
         close(fd);
         return -1;
     }
 
-    str_cpy(name, ifr.ifr_name, size-1);
+    str_cpy(name, ifr.ifr_name, size - 1);
 
     return fd;
 }
 
 #else /* not __linux__ not __APPLE__ */
 
-static int tun_create_by_name (char *name, size_t size, char *dev_name, _unused_ int mq)
+static int
+tun_create_by_name(char *name, size_t size, char *dev_name)
 {
     char path[64];
 
     snprintf(path, sizeof(path), "/dev/%s", dev_name);
-    str_cpy(name, dev_name, size-1);
+    str_cpy(name, dev_name, size - 1);
 
     return open(path, O_RDWR);
 }
 
 #endif /* not __APPLE__ */
 
-static int tun_create_by_id (char *name, size_t size, unsigned id, int mq)
+static int
+tun_create_by_id(char *name, size_t size, unsigned id)
 {
     char dev_name[64];
 
     snprintf(dev_name, sizeof(dev_name), "tun%u", id);
 
-    return tun_create_by_name(name, size, dev_name, mq);
+    return tun_create_by_name(name, size, dev_name);
 }
 
 #endif
 
-int tun_create (char *dev_name, char **ret_name, int mq)
+int
+tun_create(char *dev_name, char **ret_name)
 {
     char name[64] = {0};
     int fd = -1;
 
-#ifndef IFF_MULTI_QUEUE
-    if (mq)
-        gt_na("IFF_MULTI_QUEUE");
-#endif
-
     if (str_empty(dev_name)) {
-        for (unsigned id=0; id<32 && fd==-1; id++)
+        for (unsigned id = 0; id < 32 && fd == -1; id++)
-            fd = tun_create_by_id(name, sizeof(name), id, mq);
+            fd = tun_create_by_id(name, sizeof(name), id);
     } else {
-        fd = tun_create_by_name(name, sizeof(name), dev_name, mq);
+        fd = tun_create_by_name(name, sizeof(name), dev_name);
     }
 
-    if (fd!=-1 && ret_name)
+    if (fd != -1 && ret_name)
         *ret_name = strdup(name);
 
     return fd;
 }
 
-ssize_t tun_read (int fd, void *data, size_t size)
+int
+tun_read(int fd, void *data, size_t size)
 {
     if (!size)
-        return -1;
+        return 0;
 
 #ifdef GT_BSD_TUN
     uint32_t family;
 
     struct iovec iov[2] = {
-        { .iov_base = &family, .iov_len = sizeof(family) },
+        {
-        { .iov_base = data, .iov_len = size }
+            .iov_base = &family,
+            .iov_len = sizeof(family),
+        },
+        {
+            .iov_base = data,
+            .iov_len = size,
+        },
     };
 
     ssize_t ret = readv(fd, iov, 2);
-#else
-    ssize_t ret = read(fd, data, size);
-#endif
 
-    if (ret==-1) {
+    if (ret <= (ssize_t)0)
-        if (errno==EAGAIN || errno==EINTR)
+        return ret;
-            return -1;
 
-        if (errno)
+    if (ret <= (ssize_t)sizeof(family))
-            perror("tun read");
-
-        return 0;
-    }
-
-#ifdef GT_BSD_TUN
-    if (ret<(ssize_t) sizeof(family))
         return 0;
 
-    return ret-sizeof(family);
+    return ret - sizeof(family);
 #else
-    return ret;
+    return read(fd, data, size);
 #endif
 }
 
-ssize_t tun_write (int fd, const void *data, size_t size)
+int
+tun_write(int fd, const void *data, size_t size)
 {
     if (!size)
-        return -1;
+        return 0;
 
 #ifdef GT_BSD_TUN
     uint32_t family;
@@ -208,35 +210,42 @@ ssize_t tun_write (int fd, const void *data, size_t size)
         family = htonl(AF_INET6);
         break;
     default:
+        errno = EINVAL;
         return -1;
     }
 
     struct iovec iov[2] = {
-        { .iov_base = &family, .iov_len = sizeof(family) },
+        {
-        { .iov_base = (void *) data, .iov_len = size },
+            .iov_base = &family,
+            .iov_len = sizeof(family),
+        },
+        {
+            .iov_base = (void *)data,
+            .iov_len = size,
+        },
     };
 
     ssize_t ret = writev(fd, iov, 2);
-#else
-    ssize_t ret = write(fd, data, size);
-#endif
 
-    if (ret==-1) {
+    if (ret <= (ssize_t)0)
-        if (errno==EAGAIN || errno==EINTR)
+        return ret;
-            return -1;
 
-        if (errno)
+    if (ret <= (ssize_t)sizeof(family))
-            perror("tun write");
-
-        return 0;
-    }
-
-#ifdef GT_BSD_TUN
-    if (ret<(ssize_t) sizeof(family))
         return 0;
 
-    return ret-sizeof(family);
+    return ret - sizeof(family);
 #else
-    return ret;
+    return write(fd, data, size);
+#endif
+}
+
+int
+tun_set_persist(int fd, int on)
+{
+#ifdef TUNSETPERSIST
+    return ioctl(fd, TUNSETPERSIST, on);
+#else
+    errno = ENOSYS;
+    return -1;
 #endif
 }

src/tun.h

@@ -1,7 +1,6 @@
 #pragma once
 
-#include <unistd.h>
+int tun_create      (char *, char **);
-
+int tun_read        (int, void *, size_t);
-int     tun_create (char *, char **, int);
+int tun_write       (int, const void *, size_t);
-ssize_t tun_read   (int, void *, size_t);
+int tun_set_persist (int, int);
-ssize_t tun_write  (int, const void *, size_t);

systemd/glorytun-client.network

@@ -0,0 +1,10 @@
+[Match]
+Name=gtc-*
+
+[Network]
+Description=Glorytun client device
+DHCP=ipv4
+
+[DHCP]
+CriticalConnection=yes
+RouteTable=200

systemd/glorytun-run

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+if [ ! -f "$1" ]; then
+	echo "usage: $(basename "$0") FILE"
+	exit 1
+fi
+
+. "$(readlink -f "$1")"
+
+DEV="gt${HOST:+c}-$(basename "$1")"
+
+# Setting BIND is like going to 'expert mode'
+# This helper is pretty stupid and still needs some work
+if [ -n "$HOST" ]; then
+	if [ -z "$PREF" ]; then
+		PREF=$(ip rule | awk '/from all lookup main/{print $1; exit}' | tr -d :)
+		PREF=$((PREF-1))
+	fi
+	if [ -z "$BIND" ]; then
+		BIND=$(ip route get "$HOST" | awk '/src/{getline;print $0}' RS=' ')
+		ip rule add from "$BIND" table main pref "$((PREF-1))"
+	fi
+	ip rule add from all table 200 pref "$PREF"
+fi
+
+exec glorytun \
+	v4only \
+	keyfile "$1".key \
+	dev "$DEV" \
+	${HOST:+host "$HOST"} \
+	${PORT:+port "$PORT"} \
+	${BIND:+bind "$BIND"} \
+	${BIND_PORT:+bind-port "$BIND_PORT"} \
+	${MTU:+mtu "$MTU"} \
+	${MTU_AUTO:+mtu-auto}

systemd/glorytun-setup

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+_ask() {
+	printf "%s: " "$1"
+	read -r "$2"
+}
+
+_ask "Config filename (tun0)" NAME
+NAME=${NAME:-tun0}
+
+if [ -f /etc/glorytun/"$NAME" ]; then
+	echo "This config already exit!"
+	exit 1
+fi
+
+_ask "Server ip (enter for server conf)" HOST
+
+_ask "Server key (enter to generate a new one)" KEY
+if [ -z "$KEY" ]; then
+	KEY=$(glorytun keygen)
+	echo "Your new key: $KEY"
+fi
+
+# install files
+mkdir -p /etc/glorytun
+
+cat > /etc/glorytun/"$NAME" <<EOF
+${HOST:+HOST="$HOST"}
+EOF
+
+( umask 077; echo "$KEY" > /etc/glorytun/"$NAME".key )
+
+# start services
+_ask "Start glorytun now ? (enter to skip)" START
+case "$START" in y*|Y*)
+	systemctl restart systemd-networkd
+	systemctl start glorytun@"$NAME" ;;
+esac

systemd/glorytun.network

@@ -0,0 +1,14 @@
+[Match]
+Name=gt-*
+
+[Network]
+Description=Glorytun server device
+Address=0.0.0.0/24
+DHCPServer=yes
+IPMasquerade=yes
+
+[DHCPServer]
+PoolOffset=2
+PoolSize=1
+EmitDNS=yes
+DNS=9.9.9.9

systemd/glorytun@.service.in

@@ -0,0 +1,12 @@
+[Unit]
+Description=Glorytun on %I
+After=network.target
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=@bindir@/glorytun-run /etc/glorytun/%i
+CapabilityBoundingSet=CAP_NET_ADMIN
+
+[Install]
+WantedBy=multi-user.target