miegl/glorytun
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: miegl:v0.0.99-mud
Branches Tags
miegl:master miegl:stable miegl:mud miegl:tcp
miegl:v0.3.4 miegl:v0.3.3 miegl:v0.3.2 miegl:v0.3.1 miegl:v0.3.0 miegl:v0.2.2 miegl:v0.2.1 miegl:v0.2.0 miegl:v0.1.3 miegl:v0.1.2 miegl:v0.1.1 miegl:v0.1.0 miegl:v0.0.99-mud miegl:v0.0.98-mud miegl:v0.0.97-mud miegl:v0.0.96-mud miegl:v0.0.95-mud miegl:v0.0.94-mud miegl:v0.0.93-mud miegl:v0.0.92-mud miegl:v0.0.91-mud miegl:v0.0.35 miegl:v0.0.90-mud miegl:v0.0.89-mud miegl:v0.0.88-mud miegl:v0.0.87-mud miegl:v0.0.86-mud miegl:v0.0.85-mud miegl:v0.0.84-mud miegl:v0.0.83-mud miegl:v0.0.82-mud miegl:v0.0.81-mud miegl:v0.0.80-mud miegl:v0.0.79-mud miegl:v0.0.78-mud miegl:v0.0.77-mud miegl:v0.0.76-mud miegl:v0.0.75-mud miegl:v0.0.74-mud miegl:v0.0.73-mud miegl:v0.0.72-mud miegl:v0.0.71-mud miegl:v0.0.70-mud miegl:v0.0.69-mud miegl:v0.0.68-mud miegl:v0.0.67-mud miegl:v0.0.66-mud miegl:v0.0.65-mud miegl:v0.0.64-mud miegl:v0.0.63-mud miegl:v0.0.62-mud miegl:v0.0.61-mud miegl:v0.0.60-mud miegl:v0.0.59-mud miegl:v0.0.58-mud miegl:v0.0.57-mud miegl:v0.0.56-mud miegl:v0.0.34 miegl:v0.0.55-mud miegl:v0.0.54-mud miegl:v0.0.53-mud miegl:v0.0.52-mud miegl:v0.0.51-mud miegl:v0.0.50-mud miegl:v0.0.49-mud miegl:v0.0.48-mud miegl:v0.0.47-mud miegl:v0.0.46-mud miegl:v0.0.45-mud miegl:v0.0.44-mud miegl:v0.0.33 miegl:v0.0.43-mud miegl:v0.0.32 miegl:v0.0.31 miegl:v0.0.42-mud miegl:v0.0.41-mud miegl:v0.0.30 miegl:v0.0.40-mud miegl:v0.0.39-mud miegl:v0.0.38-mud miegl:v0.0.37-mud miegl:v0.0.36-mud miegl:v0.0.29 miegl:v0.0.35-mud miegl:v0.0.34-mud miegl:v0.0.33-mud miegl:v0.0.32-mud miegl:v0.0.31-mud miegl:v0.0.30-mud miegl:v0.0.29-mud miegl:v0.0.28-mud miegl:v0.0.28 miegl:v0.0.27-mud miegl:v0.0.27 miegl:v0.0.26 miegl:v0.0.25 miegl:v0.0.24 miegl:v0.0.23 miegl:v0.0.22 miegl:v0.0.21 miegl:v0.0.20 miegl:v0.0.19 miegl:v0.0.18 miegl:v0.0.17 miegl:v0.0.16 miegl:v0.0.15 miegl:v0.0.14 miegl:v0.0.13 miegl:v0.0.12 miegl:v0.0.11 miegl:v0.0.10 miegl:v0.0.9 miegl:v0.0.8 miegl:v0.0.7 miegl:v0.0.6 miegl:v0.0.5 miegl:v0.0.4 miegl:v0.0.3 miegl:v0.0.2 miegl:v0.0.1
..
compare: miegl:v0.0.28
Branches Tags
miegl:master miegl:stable miegl:mud miegl:tcp
miegl:v0.3.4 miegl:v0.3.3 miegl:v0.3.2 miegl:v0.3.1 miegl:v0.3.0 miegl:v0.2.2 miegl:v0.2.1 miegl:v0.2.0 miegl:v0.1.3 miegl:v0.1.2 miegl:v0.1.1 miegl:v0.1.0 miegl:v0.0.99-mud miegl:v0.0.98-mud miegl:v0.0.97-mud miegl:v0.0.96-mud miegl:v0.0.95-mud miegl:v0.0.94-mud miegl:v0.0.93-mud miegl:v0.0.92-mud miegl:v0.0.91-mud miegl:v0.0.35 miegl:v0.0.90-mud miegl:v0.0.89-mud miegl:v0.0.88-mud miegl:v0.0.87-mud miegl:v0.0.86-mud miegl:v0.0.85-mud miegl:v0.0.84-mud miegl:v0.0.83-mud miegl:v0.0.82-mud miegl:v0.0.81-mud miegl:v0.0.80-mud miegl:v0.0.79-mud miegl:v0.0.78-mud miegl:v0.0.77-mud miegl:v0.0.76-mud miegl:v0.0.75-mud miegl:v0.0.74-mud miegl:v0.0.73-mud miegl:v0.0.72-mud miegl:v0.0.71-mud miegl:v0.0.70-mud miegl:v0.0.69-mud miegl:v0.0.68-mud miegl:v0.0.67-mud miegl:v0.0.66-mud miegl:v0.0.65-mud miegl:v0.0.64-mud miegl:v0.0.63-mud miegl:v0.0.62-mud miegl:v0.0.61-mud miegl:v0.0.60-mud miegl:v0.0.59-mud miegl:v0.0.58-mud miegl:v0.0.57-mud miegl:v0.0.56-mud miegl:v0.0.34 miegl:v0.0.55-mud miegl:v0.0.54-mud miegl:v0.0.53-mud miegl:v0.0.52-mud miegl:v0.0.51-mud miegl:v0.0.50-mud miegl:v0.0.49-mud miegl:v0.0.48-mud miegl:v0.0.47-mud miegl:v0.0.46-mud miegl:v0.0.45-mud miegl:v0.0.44-mud miegl:v0.0.33 miegl:v0.0.43-mud miegl:v0.0.32 miegl:v0.0.31 miegl:v0.0.42-mud miegl:v0.0.41-mud miegl:v0.0.30 miegl:v0.0.40-mud miegl:v0.0.39-mud miegl:v0.0.38-mud miegl:v0.0.37-mud miegl:v0.0.36-mud miegl:v0.0.29 miegl:v0.0.35-mud miegl:v0.0.34-mud miegl:v0.0.33-mud miegl:v0.0.32-mud miegl:v0.0.31-mud miegl:v0.0.30-mud miegl:v0.0.29-mud miegl:v0.0.28-mud miegl:v0.0.28 miegl:v0.0.27-mud miegl:v0.0.27 miegl:v0.0.26 miegl:v0.0.25 miegl:v0.0.24 miegl:v0.0.23 miegl:v0.0.22 miegl:v0.0.21 miegl:v0.0.20 miegl:v0.0.19 miegl:v0.0.18 miegl:v0.0.17 miegl:v0.0.16 miegl:v0.0.15 miegl:v0.0.14 miegl:v0.0.13 miegl:v0.0.12 miegl:v0.0.11 miegl:v0.0.10 miegl:v0.0.9 miegl:v0.0.8 miegl:v0.0.7 miegl:v0.0.6 miegl:v0.0.5 miegl:v0.0.4 miegl:v0.0.3 miegl:v0.0.2 miegl:v0.0.1

2 Commits
v0.0.99-mu ... v0.0.28

Author SHA1 Message Date
angt
ad0d205ff3 Add option chacha20 
Chacha20 will be automatically used if aesni is not available.
 2016-03-18 14:43:30 +00:00
angt
030087cb27 Add mptcp option 2016-02-25 14:38:51 +00:00
39 changed files with 2203 additions and 1931 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -11,5 +11,3 @@ build-aux
.deps
.dirstamp
glorytun
build*
VERSION

6
.gitmodules vendored
View File

@@ -1,6 +0,0 @@
[submodule "mud"]
path = mud
url = https://github.com/angt/mud.git
[submodule "argz"]
path = argz
url = https://github.com/angt/argz.git

31
Makefile.am
View File

@@ -5,35 +5,24 @@ bin_PROGRAMS = glorytun
glorytun_CFLAGS = $(libsodium_CFLAGS)
glorytun_LDADD = $(libsodium_LIBS)
glorytun_SOURCES = \
argz/argz.c \
argz/argz.h \
mud/mud.c \
mud/mud.h \
src/bench.c \
src/bind.c \
src/common.c \
src/common.h \
src/ctl.c \
src/ctl.h \
src/iface.c \
src/iface.h \
src/common.c \
src/buffer.h \
src/ip.h \
src/keygen.c \
src/main.c \
src/path.c \
src/set.c \
src/show.c \
src/str.h \
src/main.c \
src/option.c \
src/option.h \
src/tun.c \
src/tun.h
src/tun.h \
src/db.c \
src/db.h \
src/state.c \
src/state.h
EXTRA_DIST = \
LICENSE \
README.md \
VERSION \
autogen.sh \
meson.build \
mud/LICENSE \
mud/README.md \
systemd \
version.sh

116
README.md
View File

@@ -1,113 +1,23 @@
# Glorytun
Glorytun is a small, simple and secure VPN over [mud](https://github.com/angt/mud).
It runs on Linux, OpenBSD, FreeBSD and MacOS.
Small, Simple and Stupid TCP VPN.
## Features
#### Work In Progress
The key features of Glorytun come directly from mud:
This code will probably format your harddisk!
* **Fast and highly secure**
#### Build and Install
The use of UDP and [libsodium](https://github.com/jedisct1/libsodium) allows you to secure
your communications without impacting performance.
Glorytun uses AES only if AES-NI is available otherwise ChaCha20 is used.
You can force the use of ChaCha20 for higher security.
All messages are encrypted, authenticated and marked with a timestamp.
Perfect forward secrecy is also implemented with ECDH over Curve25519.
Glorytun depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4
and needs an AES-NI capable CPU.
* **Multipath and active failover**
To build and install the latest version:
This is the main feature of Glorytun that allows to build an SD-WAN like service.
This allows a TCP connection to explore and exploit multiple links without being disconnected.
* **Path MTU discovery without ICMP**
Bad MTU configuration is a very common problem in the world of VPN.
As it is critical, Glorytun will try to setup it correctly by guessing its value.
It doesn't rely on ICMP Next-hop MTU to avoid black holes.
## Build and Install
Glorytun depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4.
We recommend the use of [meson](http://mesonbuild.com) for building instead of
the more classical autotools suite (also available for old systems).
On Ubuntu, the following command should be sufficient to get all the necessary build dependencies:
$ sudo apt-get install meson libsodium-dev pkg-config
To build and install the latest release from github:
$ git clone https://github.com/angt/glorytun --recursive
$ meson glorytun glorytun/build
$ sudo ninja -C glorytun/build install
This will install all binaries in `/usr/local/bin` by default.
You can easily customize your setup with meson (see `meson help`).
## Usage
Just run `glorytun` with no arguments to view the list of available commands:
```
$ glorytun
available commands:
show show all running tunnels
bench start a crypto bench
bind start a new tunnel
set change tunnel properties
keygen generate a new secret key
path manage paths
version show version
```
Use the keyword `help` after a command to show its usage.
## Mini HowTo
Glorytun does not touch the configuration of its network interface (except for the MTU),
It is up to the user to do it according to the tools available
on his system (systemd-networkd, netifd, ...).
This also allows a wide variety of configurations.
To start a server:
# (umask 066; glorytun keygen > my_secret_key)
# glorytun bind 0.0.0.0 keyfile my_secret_key &
You should now have an unconfigured network interface (let's say `tun0`).
For exemple, the simplest setup with `ifconfig`:
# ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up
To check if the server is running, simply call `glorytun show`.
It will show you all the running tunnels.
To start a new client, you need to get the secret key generated for the server.
Then simply call:
# glorytun bind 0.0.0.0 to SERVER_IP keyfile my_secret_key &
# ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up
Here the tricky part... You need to specify your paths or glorytun will not send anything, it's easy:
# glorytun path LOCAL_IPADDR up
Again, to check if your path is working, you can watch its status with `glorytun path`.
You should now be able to ping your server with `ping 10.0.1.1`.
If you have systemd-networkd, you can use the helper program `glorytun-setup`.
## Thanks
* @jedisct1 for all his help and the code for MacOS/BSD.
* The team OTB (@bessa, @gregdel, @pouulet, @sduponch and @simon) for all tests and discussions.
* OVH
---
$ git clone https://github.com/angt/glorytun
$ cd glorytun
$ ./autogen.sh
$ ./configure
$ make
# make install
For feature requests and bug reports, please create an [issue](https://github.com/angt/glorytun/issues).

1
argz

Submodule argz deleted from 3ee68b227f

7
configure.ac
View File

@@ -4,19 +4,18 @@ AC_INIT([glorytun],
[https://github.com/angt/glorytun/issues],
[glorytun],
[https://github.com/angt/glorytun])
AC_DEFINE_UNQUOTED([VERSION_MAJOR], [m4_esyscmd([./version.sh major])])
AC_CONFIG_SRCDIR([src/common.h])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([1.12 -Wall -Werror foreign tar-ustar subdir-objects])
AM_INIT_AUTOMAKE([1.9 -Wall -Werror foreign tar-ustar subdir-objects])
AM_DEP_TRACK
AM_SILENT_RULES([yes])
AM_PROG_CC_C_O
AC_PROG_CC_C99
AC_USE_SYSTEM_EXTENSIONS
AC_SEARCH_LIBS([getaddrinfo], [resolv nsl])
AC_SEARCH_LIBS([socket], [socket])
AC_SEARCH_LIBS([fmin], [m])
AC_CHECK_LIB([rt], [clock_gettime])
AC_CHECK_FUNCS([clock_gettime])
PKG_CHECK_MODULES([libsodium], [libsodium >= 1.0.4])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT

14
m4/pkg.m4
View File

@@ -1,6 +1,6 @@
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
# serial 12 (pkg-config-0.29.2)
dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
dnl serial 11 (pkg-config-0.29)
dnl
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
dnl
@@ -41,7 +41,7 @@ dnl
dnl See the "Since" comment for each macro you use to see what version
dnl of the macros you require.
m4_defun([PKG_PREREQ],
[m4_define([PKG_MACROS_VERSION], [0.29.2])
[m4_define([PKG_MACROS_VERSION], [0.29])
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
])dnl PKG_PREREQ
@@ -142,7 +142,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $2])
AC_MSG_CHECKING([for $1])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -152,7 +152,7 @@ and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
AC_MSG_RESULT([no])
AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
@@ -173,7 +173,7 @@ installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
AC_MSG_RESULT([no])
AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full

62
meson.build
View File

@@ -1,62 +0,0 @@
project('glorytun', 'c',
version: run_command('./version.sh').stdout(),
license: 'BSD-3-Clause',
default_options : [
'buildtype=debugoptimized',
'c_std=gnu99'
]
)
cc = meson.get_compiler('c')
prefix = get_option('prefix')
bindir = join_paths(prefix, get_option('bindir'))
conf_data = configuration_data()
conf_data.set('prefix', prefix)
conf_data.set('bindir', bindir)
add_global_arguments('-DPACKAGE_VERSION="'+meson.project_version()+'"', language : 'c')
add_global_arguments('-DPACKAGE_NAME="'+meson.project_name()+'"', language : 'c')
executable('glorytun', install: true,
sources: [
'argz/argz.c',
'mud/mud.c',
'src/bench.c',
'src/bind.c',
'src/common.c',
'src/ctl.c',
'src/iface.c',
'src/keygen.c',
'src/main.c',
'src/path.c',
'src/set.c',
'src/show.c',
'src/tun.c',
],
dependencies: [
dependency('libsodium', version : '>=1.0.4'),
cc.find_library('m', required : false)
]
)
systemd = dependency('systemd', required: false)
if systemd.found()
systemdutildir = systemd.get_pkgconfig_variable('systemdutildir')
configure_file(
input: 'systemd/glorytun@.service.in',
output: 'glorytun@.service',
configuration: conf_data,
install_dir: join_paths(systemdutildir, 'system')
)
install_data('systemd/glorytun.network',
install_dir: join_paths(systemdutildir, 'network'))
install_data('systemd/glorytun-client.network',
install_dir: join_paths(systemdutildir, 'network'))
install_data('systemd/glorytun-run',
install_dir: bindir)
install_data('systemd/glorytun-setup',
install_dir: bindir)
endif

1
mud

Submodule mud deleted from 964672adb5

159
src/bench.c
View File

@@ -1,159 +0,0 @@
#include "common.h"
#include <math.h>
#include <sodium.h>
#include <string.h>
#include <stdio.h>
#include <sys/time.h>
#include <time.h>
#include <unistd.h>
#if defined __APPLE__
#include <mach/mach_time.h>
#endif
#include "../argz/argz.h"
#define STR_S(X) (((X) > 1) ? "s" : "")
static unsigned long long
gt_now(void)
{
#if defined __APPLE__
static mach_timebase_info_data_t mtid;
if (!mtid.denom)
mach_timebase_info(&mtid);
return (mach_absolute_time() * mtid.numer / mtid.denom) / 1000ULL;
#elif defined CLOCK_MONOTONIC
struct timespec tv;
clock_gettime(CLOCK_MONOTONIC, &tv);
return tv.tv_sec * 1000000ULL + tv.tv_nsec / 1000ULL;
#else
struct timeval tv;
gettimeofday(&tv, NULL);
return tv.tv_sec * 1000000ULL + tv.tv_usec;
#endif
}
int
gt_bench(int argc, char **argv)
{
unsigned long precision = 10;
size_t bufsize = 64 * 1024;
unsigned long duration = 1000;
struct argz bench_argz[] = {
{"aes|chacha", NULL, NULL, argz_option},
{"precision", "EXPONENT", &precision, argz_ulong},
{"bufsize", "BYTES", &bufsize, argz_bytes},
{"duration", "SECONDS", &duration, argz_time},
{NULL}};
if (argz(bench_argz, argc, argv))
return 1;
if (duration == 0 || bufsize == 0)
return 0;
if (sodium_init() == -1) {
gt_log("sodium init failed\n");
return 1;
}
duration /= 1000;
int term = isatty(1);
int chacha = argz_is_set(bench_argz, "chacha");
if (!chacha && !crypto_aead_aes256gcm_is_available()) {
gt_log("aes is not available on your platform\n");
return 1;
}
unsigned char *buf = calloc(1, bufsize + crypto_aead_aes256gcm_ABYTES);
if (!buf) {
perror("calloc");
return 1;
}
unsigned char npub[crypto_aead_aes256gcm_NPUBBYTES];
unsigned char key[crypto_aead_aes256gcm_KEYBYTES];
randombytes_buf(npub, sizeof(npub));
randombytes_buf(key, sizeof(key));
if (term) {
printf("\n");
printf(" %-10s %s\n", "bench", chacha ? "chacha20poly1305" : "aes256gcm");
printf(" %-10s %s\n", "libsodium", sodium_version_string());
printf("\n");
printf(" %-10s 2^(-%lu)\n", "precision", precision);
printf(" %-10s %zu byte%s\n", "bufsize", bufsize, STR_S(bufsize));
printf(" %-10s %lu second%s\n", "duration", duration, STR_S(duration));
printf("\n");
printf("------------------------------------------------------------\n");
printf(" %3s %9s %14s %14s %14s\n", "2^n", "min", "avg", "max", "delta");
printf("------------------------------------------------------------\n");
}
for (int i = 0; !gt_quit && bufsize >> i; i++) {
unsigned long long total_dt = 0ULL;
size_t total_bytes = 0;
double mbps = 0.0;
double mbps_min = INFINITY;
double mbps_max = 0.0;
double mbps_dlt = INFINITY;
while (!gt_quit && mbps_dlt > ldexp(mbps, -(int)precision)) {
crypto_aead_aes256gcm_state ctx;
if (!chacha)
crypto_aead_aes256gcm_beforenm(&ctx, key);
unsigned long long now = gt_now();
double mbps_old = mbps;
size_t bytes = 0;
gt_alarm = 0;
alarm(duration);
while (!gt_quit && !gt_alarm) {
if (chacha) {
crypto_aead_chacha20poly1305_encrypt(
buf, NULL, buf, 1ULL << i, NULL, 0, NULL, npub, key);
} else {
crypto_aead_aes256gcm_encrypt_afternm(
buf, NULL, buf, 1ULL << i, NULL, 0, NULL, npub,
(const crypto_aead_aes256gcm_state *)&ctx);
}
bytes += 1ULL << i;
}
total_dt += gt_now() - now;
total_bytes += bytes;
mbps = (total_bytes * 8.0) / total_dt;
mbps_min = fmin(mbps_min, mbps);
mbps_max = fmax(mbps_max, mbps);
mbps_dlt = fabs(mbps_old - mbps);
if (term) {
printf("\r %3i %9.2f Mbps %9.2f Mbps %9.2f Mbps %9.2e",
i, mbps_min, mbps, mbps_max, mbps_dlt);
fflush(stdout);
}
}
if (term) {
printf("\n");
} else {
printf("%i %.2f %.2f %.2f\n", i, mbps_min, mbps, mbps_max);
}
}
printf("\n");
free(buf);
return 0;
}

340
src/bind.c
View File

@@ -1,340 +0,0 @@
#include "common.h"
#include "ctl.h"
#include "iface.h"
#include "ip.h"
#include "str.h"
#include "tun.h"
#include <fcntl.h>
#include <stdio.h>
#include <sys/select.h>
#include "../argz/argz.h"
#include "../mud/mud.h"
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
static void
fd_set_nonblock(int fd)
{
int ret;
if (fd == -1)
return;
do {
ret = fcntl(fd, F_GETFL, 0);
} while (ret == -1 && errno == EINTR);
int flags = (ret == -1) ? 0 : ret;
do {
ret = fcntl(fd, F_SETFL, flags | O_NONBLOCK);
} while (ret == -1 && errno == EINTR);
if (ret == -1)
perror("fcntl O_NONBLOCK");
}
static int
gt_setup_secretkey(struct mud *mud, const char *keyfile)
{
int fd;
do {
fd = open(keyfile, O_RDONLY | O_CLOEXEC);
} while (fd == -1 && errno == EINTR);
if (fd == -1) {
perror("open keyfile");
return -1;
}
unsigned char key[32];
char buf[2 * sizeof(key)];
size_t size = 0;
while (size < sizeof(buf)) {
ssize_t r = read(fd, &buf[size], sizeof(buf) - size);
if (r <= (ssize_t)0) {
if (r && (errno == EAGAIN || errno == EINTR))
continue;
break;
}
size += r;
}
close(fd);
if (size != sizeof(buf)) {
gt_log("unable to read secret key\n");
return -1;
}
if (gt_fromhex(key, sizeof(key), buf, sizeof(buf))) {
gt_log("secret key is not valid\n");
return -1;
}
mud_set_key(mud, key, sizeof(key));
return 0;
}
static size_t
gt_setup_mtu(struct mud *mud, const char *tun_name)
{
static size_t oldmtu = 0;
size_t mtu = mud_get_mtu(mud);
if (mtu == oldmtu)
return mtu;
if (iface_set_mtu(tun_name, mtu) == -1)
perror("tun_set_mtu");
oldmtu = mtu;
return mtu;
}
int
gt_bind(int argc, char **argv)
{
struct sockaddr_storage bind_addr = { .ss_family = AF_INET };
struct sockaddr_storage peer_addr = { 0 };
unsigned short bind_port = 5000;
unsigned short peer_port = bind_port;
const char *dev = NULL;
const char *keyfile = NULL;
struct argz toz[] = {
{NULL, "IPADDR", &peer_addr, argz_addr},
{NULL, "PORT", &peer_port, argz_ushort},
{NULL}};
struct argz bindz[] = {
{NULL, "IPADDR", &bind_addr, argz_addr},
{NULL, "PORT", &bind_port, argz_ushort},
{"to", NULL, &toz, argz_option},
{"dev", "NAME", &dev, argz_str},
{"keyfile", "FILE", &keyfile, argz_str},
{"chacha", NULL, NULL, argz_option},
{"persist", NULL, NULL, argz_option},
{NULL}};
if (argz(bindz, argc, argv))
return 1;
if (str_empty(keyfile)) {
gt_log("a keyfile is needed!\n");
return 1;
}
gt_set_port((struct sockaddr *)&bind_addr, bind_port);
gt_set_port((struct sockaddr *)&peer_addr, peer_port);
const size_t bufsize = 4096U;
unsigned char *buf = malloc(bufsize);
if (!buf) {
perror("malloc");
return 1;
}
int chacha = argz_is_set(bindz, "chacha");
int persist = argz_is_set(bindz, "persist");
struct mud *mud = mud_create((struct sockaddr *)&bind_addr);
if (!mud) {
gt_log("couldn't create mud\n");
return 1;
}
if (gt_setup_secretkey(mud, keyfile))
return 1;
if (!chacha && mud_set_aes(mud)) {
gt_log("AES is not available, enjoy ChaCha20!\n");
chacha = 1;
}
char tun_name[64];
const int tun_fd = tun_create(tun_name, sizeof(tun_name) - 1, dev);
if (tun_fd == -1) {
gt_log("couldn't create tun device\n");
return 1;
}
size_t mtu = gt_setup_mtu(mud, tun_name);
if (tun_set_persist(tun_fd, persist) == -1)
perror("tun_set_persist");
if (peer_addr.ss_family) {
if (mud_peer(mud, (struct sockaddr *)&peer_addr)) {
perror("mud_peer");
return 1;
}
}
const int ctl_fd = ctl_create(GT_RUNDIR, tun_name);
if (ctl_fd == -1) {
perror("ctl_create");
return 1;
}
const int mud_fd = mud_get_fd(mud);
fd_set_nonblock(tun_fd);
fd_set_nonblock(mud_fd);
fd_set_nonblock(ctl_fd);
const long pid = (long)getpid();
gt_log("running on device %s as pid %li\n", tun_name, pid);
fd_set rfds;
FD_ZERO(&rfds);
const int last_fd = 1 + MAX(tun_fd, MAX(mud_fd, ctl_fd));
while (!gt_quit) {
FD_SET(tun_fd, &rfds);
FD_SET(mud_fd, &rfds);
FD_SET(ctl_fd, &rfds);
if (select(last_fd, &rfds, NULL, NULL, NULL) == -1) {
if (errno != EBADF)
continue;
perror("select");
return 1;
}
mtu = gt_setup_mtu(mud, tun_name);
if (FD_ISSET(ctl_fd, &rfds)) {
struct ctl_msg req, res = {.reply = 1};
struct sockaddr_storage ss;
socklen_t sl = sizeof(ss);
ssize_t r = recvfrom(ctl_fd, &req, sizeof(req), 0,
(struct sockaddr *)&ss, &sl);
if (r == (ssize_t)sizeof(req)) {
res.type = req.type;
switch (req.type) {
case CTL_NONE:
break;
case CTL_STATE:
if (mud_set_state(mud, (struct sockaddr *)&req.path.addr, req.path.state))
res.ret = errno;
break;
case CTL_PATH_STATUS:
{
unsigned count = 0;
struct mud_path *paths = mud_get_paths(mud, &count);
if (!paths) {
res.ret = errno;
break;
}
res.ret = EAGAIN;
for (unsigned i = 0; i < count; i++) {
memcpy(&res.path_status, &paths[i], sizeof(struct mud_path));
if (sendto(ctl_fd, &res, sizeof(res), 0,
(const struct sockaddr *)&ss, sl) == -1)
perror("sendto(ctl)");
}
free(paths);
res.ret = 0;
}
break;
case CTL_MTU:
mud_set_mtu(mud, req.mtu);
mtu = gt_setup_mtu(mud, tun_name);
res.mtu = mtu;
break;
case CTL_TC:
if (mud_set_tc(mud, req.tc))
res.ret = errno;
break;
case CTL_KXTIMEOUT:
if (mud_set_keyx_timeout(mud, req.ms))
res.ret = errno;
break;
case CTL_TIMEOUT:
if (mud_set_send_timeout(mud, req.ms))
res.ret = errno;
break;
case CTL_TIMETOLERANCE:
if (mud_set_time_tolerance(mud, req.ms))
res.ret = errno;
break;
case CTL_STATUS:
res.status.pid = pid;
res.status.mtu = mtu;
res.status.chacha = chacha;
res.status.bind = bind_addr;
res.status.peer = peer_addr;
break;
}
if (sendto(ctl_fd, &res, sizeof(res), 0,
(const struct sockaddr *)&ss, sl) == -1)
perror("sendto(ctl)");
} else if (r == -1 && errno != EAGAIN) {
perror("recvfrom(ctl)");
}
}
if (FD_ISSET(tun_fd, &rfds)) {
struct ip_common ic;
const int r = tun_read(tun_fd, buf, bufsize);
if (r <= 0) {
if (r == -1 && errno != EAGAIN)
perror("tun_read");
} else if ((!ip_get_common(&ic, buf, r)) &&
(mud_send(mud, buf, r, ic.tc) == -1)) {
if (errno != EAGAIN)
perror("mud_send");
}
}
if (FD_ISSET(mud_fd, &rfds)) {
struct ip_common ic;
const int r = mud_recv(mud, buf, bufsize);
if (r <= 0) {
if (r == -1 && errno != EAGAIN)
perror("mud_recv");
} else if ((!ip_get_common(&ic, buf, r)) &&
(tun_write(tun_fd, buf, r) == -1)) {
if (errno != EAGAIN)
perror("tun_write");
}
}
}
if (gt_reload && tun_fd >= 0) {
if (tun_set_persist(tun_fd, 1) == -1)
perror("tun_set_persist");
}
mud_delete(mud);
ctl_delete(ctl_fd);
free(buf);
return 0;
}

66
src/buffer.h Normal file
View File

@@ -0,0 +1,66 @@
#pragma once
#include "common.h"
typedef struct buffer buffer_t;
struct buffer {
uint8_t *data;
uint8_t *read;
uint8_t *write;
uint8_t *end;
};
static inline void buffer_setup (buffer_t *buffer, void *data, size_t size)
{
if (!data)
data = malloc(ALIGN(size));
buffer->data = data;
buffer->read = data;
buffer->write = data;
buffer->end = data;
buffer->end += size;
}
static inline void buffer_format (buffer_t *buffer)
{
buffer->write = buffer->data;
buffer->read = buffer->data;
}
_pure_
static inline size_t buffer_size (buffer_t *buffer)
{
return buffer->end-buffer->data;
}
_pure_
static inline size_t buffer_write_size (buffer_t *buffer)
{
return buffer->end-buffer->write;
}
_pure_
static inline size_t buffer_read_size (buffer_t *buffer)
{
return buffer->write-buffer->read;
}
static inline void buffer_shift (buffer_t *buffer)
{
if (buffer->read==buffer->data)
return;
if (buffer->read==buffer->write) {
buffer_format(buffer);
return;
}
const size_t size = buffer_read_size(buffer);
memmove(buffer->data, buffer->read, size);
buffer->read = buffer->data;
buffer->write = buffer->data+size;
}

122
src/common.c
View File

@@ -1,10 +1,22 @@
#include "common.h"
#include <stdarg.h>
#include <stdio.h>
#include <stdarg.h>
void
gt_log(const char *fmt, ...)
int gt_print (const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
int ret = vfprintf(stdout, fmt, ap);
va_end(ap);
if (ret<0)
return 0;
return ret;
}
void gt_log (const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
@@ -12,20 +24,34 @@ gt_log(const char *fmt, ...)
va_end(ap);
}
int
gt_tohex(char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
void gt_fatal (const char *fmt, ...)
{
if (_0_(!dst_size))
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
exit(EXIT_FAILURE);
}
void gt_na (const char *name)
{
gt_log("%s is not available on your platform\n", name);
}
int gt_tohex (char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
{
if _0_(!dst_size)
return -1;
if (_0_(((dst_size - 1) / 2) < src_size))
if _0_(((dst_size-1)/2)<src_size)
return -1;
static const char tbl[] = "0123456789ABCDEF";
for (size_t i = 0; i < src_size; i++) {
*dst++ = tbl[0xF & (src[i] >> 4)];
*dst++ = tbl[0xF & (src[i])];
for (size_t i=0; i<src_size; i++) {
*dst++ = tbl[0xF&(src[i]>>4)];
*dst++ = tbl[0xF&(src[i])];
}
*dst = 0;
@@ -33,84 +59,38 @@ gt_tohex(char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
return 0;
}
_const_ static inline int
fromhex(const char c)
_const_
static inline int fromhex (const char c)
{
if (c >= '0' && c <= '9')
return c - '0';
if (c>='0' && c<='9')
return c-'0';
if (c >= 'A' && c <= 'F')
return c - 'A' + 10;
if (c>='A' && c<='F')
return c-'A'+10;
if (c >= 'a' && c <= 'f')
return c - 'a' + 10;
if (c>='a' && c<='f')
return c-'a'+10;
return -1;
}
int
gt_fromhex(uint8_t *dst, size_t dst_size, const char *src, size_t src_size)
int gt_fromhex (uint8_t *dst, size_t dst_size, const char *src, size_t src_size)
{
if (_0_(src_size & 1))
if _0_(src_size&1)
return -1;
if (_0_(dst_size < (src_size / 2)))
if _0_(dst_size<(src_size/2))
return -1;
for (size_t i = 0; i < src_size; i += 2) {
for (size_t i=0; i<src_size; i+=2) {
const int a = fromhex(src[i]);
const int b = fromhex(src[i + 1]);
const int b = fromhex(src[i+1]);
if (_0_(a == -1 || b == -1))
if _0_(a==-1 || b==-1)
return -1;
*dst++ = (a << 4) | b;
*dst++ = (a<<4)|b;
}
return 0;
}
void
gt_set_port(struct sockaddr *sa, uint16_t port)
{
switch (sa->sa_family) {
case AF_INET:
((struct sockaddr_in *)sa)->sin_port = htons(port);
break;
case AF_INET6:
((struct sockaddr_in6 *)sa)->sin6_port = htons(port);
break;
}
}
uint16_t
gt_get_port(struct sockaddr *sa)
{
switch (sa->sa_family) {
case AF_INET:
return ntohs(((struct sockaddr_in *)sa)->sin_port);
case AF_INET6:
return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
}
return 0;
}
int
gt_toaddr(char *str, size_t size, struct sockaddr *sa)
{
if (str)
str[0] = 0;
switch (sa->sa_family) {
case AF_INET:
return -!inet_ntop(AF_INET,
&((struct sockaddr_in *)sa)->sin_addr, str, size);
case AF_INET6:
return -!inet_ntop(AF_INET6,
&((struct sockaddr_in6 *)sa)->sin6_addr, str, size);
}
errno = EAFNOSUPPORT;
return -1;
}

42
src/common.h
View File

@@ -1,30 +1,11 @@
#pragma once
#if defined __linux__ && !defined _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <errno.h>
#include <arpa/inet.h>
#ifndef PACKAGE_NAME
#define PACKAGE_NAME "glorytun"
#endif
#ifndef PACKAGE_VERSION
#define PACKAGE_VERSION "0.0.0"
#endif
#ifndef GT_RUNDIR
#define GT_RUNDIR "/run/" PACKAGE_NAME
#endif
#define COUNT(x) (sizeof(x)/sizeof(x[0]))
#define ALIGN_SIZE (1<<4)
@@ -48,29 +29,10 @@
#define _const_ __attribute__ ((const))
#define _align_(...) __attribute__ ((aligned(__VA_ARGS__)))
#undef MAX
#define MAX(x,y) ({ __typeof__(x) X=(x); __typeof__(y) Y=(y); X > Y ? X : Y; })
#undef MIN
#define MIN(x,y) ({ __typeof__(x) X=(x); __typeof__(y) Y=(y); X < Y ? X : Y; })
extern volatile sig_atomic_t gt_alarm;
extern volatile sig_atomic_t gt_reload;
extern volatile sig_atomic_t gt_quit;
int gt_print (const char *, ...) _printf_(1,2);
void gt_log (const char *, ...) _printf_(1,2);
void gt_fatal (const char *, ...) _printf_(1,2) _noreturn_;
void gt_na (const char *);
int gt_tohex (char *, size_t, const uint8_t *, size_t);
int gt_fromhex (uint8_t *, size_t, const char *, size_t);
void gt_set_port (struct sockaddr *, uint16_t);
uint16_t gt_get_port (struct sockaddr *);
int gt_toaddr (char *, size_t, struct sockaddr *);
int gt_show (int, char **);
int gt_bind (int, char **);
int gt_path (int, char **);
int gt_keygen (int, char **);
int gt_bench (int, char **);
int gt_set (int, char **);

194
src/ctl.c
View File

@@ -1,194 +0,0 @@
#include "common.h"
#include "ctl.h"
#include "str.h"
#include <stdio.h>
#include <unistd.h>
#include <dirent.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h>
#define CTL_BIND_MAX 64
int
ctl_reply(int fd, struct ctl_msg *res, struct ctl_msg *req)
{
if (fd == -1) {
errno = EINVAL;
return -1;
}
if ((send(fd, req, sizeof(struct ctl_msg), 0) == -1) ||
(recv(fd, res, sizeof(struct ctl_msg), 0) == -1))
return -1;
if (res->type != req->type || !res->reply) {
errno = EINTR;
return -1;
}
if (res->ret) {
errno = res->ret;
return -1;
}
return 0;
}
static int
ctl_setsun(struct sockaddr_un *dst, const char *dir, const char *file)
{
struct sockaddr_un sun = {
.sun_family = AF_UNIX,
};
const char *path[] = {dir, "/", file};
const size_t len = sizeof(sun.sun_path) - 1;
if (str_cat(sun.sun_path, len, path, COUNT(path)) == len) {
if (str_cat(NULL, len + 1, path, COUNT(path)) > len) {
errno = EINVAL;
return -1;
}
}
*dst = sun;
return 0;
}
static int
ctl_bind(int fd, const char *dir, const char *file)
{
char tmp[32];
struct sockaddr_un sun;
if (str_empty(file)) {
for (int i = 0; i < CTL_BIND_MAX; i++) {
if (snprintf(tmp, sizeof(tmp), ".%i", i) >= sizeof(tmp))
return -1;
if (ctl_setsun(&sun, dir, tmp))
return -1;
if (!bind(fd, (struct sockaddr *)&sun, sizeof(sun)))
return 0;
}
} else {
if (ctl_setsun(&sun, dir, file))
return -1;
unlink(sun.sun_path);
if (!bind(fd, (struct sockaddr *)&sun, sizeof(sun)))
return 0;
}
return -1;
}
void
ctl_delete(int fd)
{
if (fd == -1)
return;
struct sockaddr_storage ss;
socklen_t sslen = sizeof(ss);
if ((getsockname(fd, (struct sockaddr *)&ss, &sslen) == 0) &&
(ss.ss_family == AF_UNIX))
unlink(((struct sockaddr_un *)&ss)->sun_path);
close(fd);
}
int
ctl_create(const char *dir, const char *file)
{
if (str_empty(dir)) {
errno = EINVAL;
return -1;
}
if (mkdir(dir, 0700) == -1 && errno != EEXIST)
return -1;
int fd = socket(AF_UNIX, SOCK_DGRAM, 0);
if (fd == -1)
return -1;
if (ctl_bind(fd, dir, file)) {
int err = errno;
close(fd);
errno = err;
return -1;
}
return fd;
}
int
ctl_connect(const char *dir, const char *file)
{
DIR *dp = NULL;
if (str_empty(dir)) {
errno = EINVAL;
return -1;
}
if (!file) {
dp = opendir(dir);
if (!dp)
return -1;
struct dirent *d = NULL;
while (d = readdir(dp), d) {
if (d->d_name[0] == '.')
continue;
if (file) {
closedir(dp);
return -3;
}
file = &d->d_name[0];
}
if (!file) {
closedir(dp);
return -2;
}
}
struct sockaddr_un sun;
const int ret = ctl_setsun(&sun, dir, file);
if (dp) {
int err = errno;
closedir(dp);
errno = err;
}
if (ret)
return -1;
int fd = ctl_create(dir, NULL);
if (fd == -1)
return -1;
if (connect(fd, (struct sockaddr *)&sun, sizeof(sun))) {
int err = errno;
ctl_delete(fd);
errno = err;
return -1;
}
return fd;
}

44
src/ctl.h
View File

@@ -1,44 +0,0 @@
#pragma once
#include "../mud/mud.h"
#include <sys/socket.h>
enum ctl_type {
CTL_NONE = 0,
CTL_STATE,
CTL_STATUS,
CTL_MTU,
CTL_TC,
CTL_KXTIMEOUT,
CTL_TIMEOUT,
CTL_TIMETOLERANCE,
CTL_PATH_STATUS,
};
struct ctl_msg {
enum ctl_type type;
int reply, ret;
union {
struct {
struct sockaddr_storage addr;
enum mud_state state;
} path;
struct mud_path path_status;
struct {
long pid;
size_t mtu;
int chacha;
struct sockaddr_storage bind;
struct sockaddr_storage peer;
} status;
size_t mtu;
int tc;
unsigned long ms;
};
};
int ctl_create (const char *, const char *);
int ctl_connect (const char *, const char *);
int ctl_reply (int, struct ctl_msg *, struct ctl_msg *);
void ctl_delete (int);

155
src/db.c Normal file
View File

@@ -0,0 +1,155 @@
#include "common.h"
#include "db.h"
#include "str.h"
#define CBIT(X) (1&(intptr_t)(X))
#define CBIT_PTR(X) (uint8_t *)(1|(intptr_t)(X))
#define CBIT_NODE(X) (struct node *)(1^(intptr_t)(X))
struct node {
uint8_t *child[2];
uint32_t point;
};
_pure_
static inline size_t db_size (const uint8_t *a)
{
return (a[0]?:str_len((char *)a+1))+1;
}
_pure_
static inline size_t db_cmp (const uint8_t *a, const uint8_t *b)
{
const size_t size = a[0];
if (size!=b[0])
return 1;
if (!size) {
size_t i = str_cmp((char *)a+1, (char *)b+1);
return i?i+1:0;
}
for (size_t i=1; i<=size; i++) {
if (a[i]!=b[i])
return i+1;
}
return 0;
}
_pure_
static inline int db_dir (const uint32_t point, uint8_t *data, const size_t size)
{
const size_t pos = point>>8;
if (pos>=size)
return 0;
return ((point|data[pos])&255)==255;
}
uint8_t *db_search (uint8_t **p, uint8_t *data)
{
if _0_(!*p)
return NULL;
uint8_t *r = *p;
const size_t size = db_size(data);
while (CBIT(r)) {
struct node *node = CBIT_NODE(r);
r = node->child[db_dir(node->point, data, size)];
}
if (!db_cmp(r, data))
return r;
return NULL;
}
uint8_t *db_insert (uint8_t **p, uint8_t *data)
{
if _0_(CBIT(data))
return NULL;
if _0_(!*p) {
*p = data;
return data;
}
uint8_t *r = *p;
size_t size = db_size(data);
while (CBIT(r)) {
struct node *node = CBIT_NODE(r);
r = node->child[db_dir(node->point, data, size)];
}
const size_t diff = db_cmp(r, data);
if _0_(!diff)
return r;
const size_t pos = diff-1;
const uint8_t mask = ~((1u<<31)>>CLZ(r[pos]^data[pos]));
const size_t point = (pos<<8)|mask;
while (CBIT(*p)) {
struct node *node = CBIT_NODE(*p);
if (node->point>point)
break;
p = node->child+db_dir(node->point, data, size);
}
struct node *node = malloc(sizeof(struct node));
if _0_(!node)
return NULL;
const int dir = (mask|r[pos])==255;
node->child[dir] = *p;
node->child[1-dir] = data;
node->point = point;
*p = CBIT_PTR(node);
return data;
}
uint8_t *db_remove (uint8_t **p, uint8_t *data)
{
if _0_(!*p)
return NULL;
const size_t size = db_size(data);
uint8_t **p_old = NULL;
struct node *node = NULL;
int dir = 0;
while (CBIT(*p)) {
p_old = p;
node = CBIT_NODE(*p);
dir = db_dir(node->point, data, size);
p = node->child+dir;
}
if _0_(db_cmp(data, *p))
return NULL;
uint8_t *r = *p;
if (p_old) {
*p_old = node->child[1-dir];
free(node);
} else {
*p = NULL;
}
return r;
}

7
src/db.h Normal file
View File

@@ -0,0 +1,7 @@
#pragma once
#include <stdint.h>
uint8_t *db_search (uint8_t **, uint8_t *);
uint8_t *db_insert (uint8_t **, uint8_t *);
uint8_t *db_remove (uint8_t **, uint8_t *);

36
src/iface.c
View File

@@ -1,36 +0,0 @@
#include "common.h"
#include "iface.h"
#include "str.h"
#include <net/if.h>
#include <sys/ioctl.h>
int
iface_set_mtu(const char *dev_name, int mtu)
{
struct ifreq ifr = {
.ifr_mtu = mtu,
};
const size_t len = sizeof(ifr.ifr_name) - 1;
if (str_cpy(ifr.ifr_name, len, dev_name) == len) {
if (str_len(dev_name, len + 1) > len) {
errno = EINTR;
return -1;
}
}
int fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd == -1)
return -1;
int ret = ioctl(fd, SIOCSIFMTU, &ifr);
int err = errno;
close(fd);
errno = err;
return ret;
}

3
src/iface.h
View File

@@ -1,3 +0,0 @@
#pragma once
int iface_set_mtu (const char *, int);

41
src/ip.h
View File

@@ -3,40 +3,37 @@
#include <stdint.h>
struct ip_common {
uint8_t tc;
uint8_t version;
uint8_t proto;
uint8_t hdr_size;
uint16_t size;
};
static inline uint8_t
ip_get_version(const uint8_t *data)
_pure_
static inline uint8_t ip_get_version (const uint8_t *data, size_t size)
{
return data[0] >> 4;
if (size<20)
return 0;
return data[0]>>4;
}
static inline uint16_t
ip_read16(const uint8_t *src)
static inline int ip_get_common (struct ip_common *ic, const uint8_t *data, size_t size)
{
uint16_t ret = src[1];
ret |= ((uint16_t)src[0]) << 8;
return ret;
}
ic->version = ip_get_version(data, size);
static inline int
ip_get_common(struct ip_common *ic, const uint8_t *data, size_t size)
{
if (size < 20)
return 1;
switch (ip_get_version(data)) {
switch (ic->version) {
case 4:
ic->tc = data[1];
ic->proto = data[9];
return size != ip_read16(&data[2]);
ic->hdr_size = (data[0]&0xF)<<2;
ic->size = ((data[2]<<8)|data[3]);
return 0;
case 6:
ic->tc = ((data[0] & 0xF) << 4) | (data[1] >> 4);
ic->proto = data[6];
return size != ip_read16(&data[4]) + 40;
ic->hdr_size = 40;
ic->size = ((data[4]<<8)|data[5])+40;
return 0;
}
return 1;
return -1;
}

22
src/keygen.c
View File

@@ -1,22 +0,0 @@
#include "common.h"
#include <sodium.h>
#include <stdio.h>
int
gt_keygen(int argc, char **argv)
{
if (sodium_init() == -1) {
gt_log("sodium init failed\n");
return 1;
}
unsigned char key[32];
randombytes_buf(key, sizeof(key));
char buf[2 * sizeof(key) + 1];
gt_tohex(buf, sizeof(buf), key, sizeof(key));
printf("%s\n", buf);
return 0;
}

1550
src/main.c
View File

File diff suppressed because it is too large Load Diff

140
src/option.c Normal file
View File

@@ -0,0 +1,140 @@
#include "common.h"
#include "option.h"
#include "str.h"
int option_str (void *data, int argc, char **argv)
{
if (argc<2 || str_empty(argv[1])) {
gt_print("option `%s' need a string argument\n", argv[0]);
return -1;
}
memcpy(data, &argv[1], sizeof(argv[1]));
return 1;
}
int option_long (void *data, int argc, char **argv)
{
if (argc<2 || str_empty(argv[1])) {
gt_print("option `%s' need an integer argument\n", argv[0]);
return -1;
}
errno = 0;
char *end;
long val = strtol(argv[1], &end, 0);
if (errno || argv[1]==end) {
gt_print("argument `%s' is not a valid integer\n", argv[1]);
return -1;
}
memcpy(data, &val, sizeof(val));
return 1;
}
int option_is_set (struct option *opts, const char *name)
{
for (int k=0; opts[k].name; k++) {
if (!str_cmp(opts[k].name, name))
return opts[k].set;
}
return 0;
}
int option_option (void *data, int argc, char **argv)
{
if (!data)
return 0;
struct option *opts = (struct option *)data;
for (int k=0; opts[k].name; k++)
opts[k].set = 0;
for (int i=1; i<argc; i++) {
int found = 0;
for (int k=0; opts[k].name; k++) {
if (str_cmp(opts[k].name, argv[i]))
continue;
if (opts[k].set) {
gt_print("option `%s' is already set\n", opts[k].name);
return -1;
}
int ret = opts[k].call(opts[k].data, argc-i, &argv[i]);
if (ret<0)
return -1;
opts[k].set = 1;
i += ret;
found = 1;
break;
}
if (!found)
return i-1;
}
return argc;
}
static int option_usage (struct option *opts, int slen)
{
if (!opts)
return 0;
int len = 0;
for (int k=0; opts[k].name; k++) {
if (len>40) {
gt_print("\n%*s", slen, "");
len = 0;
}
len += gt_print(" [%s", opts[k].name);
if (opts[k].call==option_option) {
len += option_usage((struct option *)opts[k].data, slen+len);
} else {
len += gt_print(" ARG");
}
len += gt_print("]");
}
return len;
}
int option (struct option *opts, int argc, char **argv)
{
int ret = option_option(opts, argc, argv);
if (ret==argc)
return 0;
if (ret<0 || ret+1>=argc)
return 1;
gt_print("option `%s' is unknown\n", argv[ret+1]);
int slen = gt_print("usage: %s", argv[0]);
if (slen>40) {
slen = 12;
gt_print("\n%*s", slen, "");
}
option_usage(opts, slen);
gt_print("\n");
return 1;
}

15
src/option.h Normal file
View File

@@ -0,0 +1,15 @@
#pragma once
struct option {
char *name;
void *data;
int (*call) (void *, int, char **);
int set;
};
int option_option (void *, int, char **);
int option_str (void *, int, char **);
int option_long (void *, int, char **);
int option_is_set (struct option *, const char *);
int option (struct option *, int, char **);

145
src/path.c
View File

@@ -1,145 +0,0 @@
#include "common.h"
#include "ctl.h"
#include "str.h"
#include <stdio.h>
#include <sys/socket.h>
#include "../argz/argz.h"
int
gt_path_status(int fd)
{
struct ctl_msg req = {
.type = CTL_PATH_STATUS,
}, res = {0};
if (send(fd, &req, sizeof(struct ctl_msg), 0) == -1)
return -1;
do {
if (recv(fd, &res, sizeof(struct ctl_msg), 0) == -1)
return -1;
if (res.type != req.type)
return -2;
if (!res.ret)
return 0;
char bindstr[INET6_ADDRSTRLEN];
char publstr[INET6_ADDRSTRLEN];
char peerstr[INET6_ADDRSTRLEN];
gt_toaddr(bindstr, sizeof(bindstr),
(struct sockaddr *)&res.path_status.local_addr);
gt_toaddr(publstr, sizeof(publstr),
(struct sockaddr *)&res.path_status.r_addr);
gt_toaddr(peerstr, sizeof(peerstr),
(struct sockaddr *)&res.path_status.addr);
const char *statestr = NULL;
switch (res.path_status.state) {
case MUD_UP: statestr = "UP"; break;
case MUD_BACKUP: statestr = "BACKUP"; break;
case MUD_DOWN: statestr = "DOWN"; break;
default: return -2;
}
printf("path %s\n"
" bind: %s port %"PRIu16"\n"
" public: %s port %"PRIu16"\n"
" peer: %s port %"PRIu16"\n"
" mtu: %zu bytes\n"
" rtt: %.3f ms\n"
" rttvar: %.3f ms\n"
" upload: %"PRIu64" bytes/s (max: %"PRIu64")\n"
" download: %"PRIu64" bytes/s (max: %"PRIu64")\n"
" output: %"PRIu64" packets\n"
" input: %"PRIu64" packets\n",
statestr,
bindstr[0] ? bindstr : "-",
gt_get_port((struct sockaddr *)&res.path_status.local_addr),
publstr[0] ? publstr : "-",
gt_get_port((struct sockaddr *)&res.path_status.r_addr),
peerstr[0] ? peerstr : "-",
gt_get_port((struct sockaddr *)&res.path_status.addr),
res.path_status.mtu.ok,
res.path_status.rtt/(double)1e3,
res.path_status.rttvar/(double)1e3,
res.path_status.r_rate,
res.path_status.r_ratemax,
res.path_status.recv.rate,
res.path_status.recv.ratemax,
res.path_status.send.total,
res.path_status.recv.total);
} while (res.ret == EAGAIN);
return 0;
}
int
gt_path(int argc, char **argv)
{
const char *dev = NULL;
struct ctl_msg req = {
.type = CTL_STATE,
}, res = {0};
struct argz pathz[] = {
{NULL, "IPADDR", &req.path.addr, argz_addr},
{"dev", "NAME", &dev, argz_str},
{"up|backup|down", NULL, NULL, argz_option},
{NULL}};
if (argz(pathz, argc, argv))
return 1;
int fd = ctl_connect(GT_RUNDIR, dev);
if (fd < 0) {
switch (fd) {
case -1:
perror("path");
break;
case -2:
gt_log("no device\n");
break;
case -3:
gt_log("please choose a device\n");
break;
default:
gt_log("couldn't connect\n");
}
return 1;
}
int ret = 0;
if (!req.path.addr.ss_family) {
ret = gt_path_status(fd);
if (ret == -2)
gt_log("bad reply from server\n");
} else {
if (argz_is_set(pathz, "up")) {
req.path.state = MUD_UP;
} else if (argz_is_set(pathz, "backup")) {
req.path.state = MUD_BACKUP;
} else if (argz_is_set(pathz, "down")) {
req.path.state = MUD_DOWN;
}
if (req.path.state)
ret = ctl_reply(fd, &res, &req);
}
if (ret == -1)
perror("path");
ctl_delete(fd);
return 0;
}

189
src/set.c
View File

@@ -1,189 +0,0 @@
#include "common.h"
#include "ctl.h"
#include "str.h"
#include <stdio.h>
#include <sys/socket.h>
#include "../argz/argz.h"
static int
gt_set_mtu(int fd, size_t mtu)
{
struct ctl_msg res, req = {
.type = CTL_MTU,
.mtu = mtu,
};
int ret = ctl_reply(fd, &res, &req);
if (ret) {
perror("set mtu");
return 1;
}
printf("mtu set to %zu\n", res.mtu);
return 0;
}
static int
gt_set_kxtimeout(int fd, unsigned long ms)
{
struct ctl_msg res, req = {
.type = CTL_KXTIMEOUT,
.ms = ms,
};
int ret = ctl_reply(fd, &res, &req);
if (ret) {
perror("set kxtimeout");
return 1;
}
return 0;
}
static int
gt_set_timeout(int fd, unsigned long ms)
{
struct ctl_msg res, req = {
.type = CTL_TIMEOUT,
.ms = ms,
};
int ret = ctl_reply(fd, &res, &req);
if (ret) {
perror("set timeout");
return 1;
}
return 0;
}
static int
gt_set_timetolerance(int fd, unsigned long ms)
{
struct ctl_msg res, req = {
.type = CTL_TIMETOLERANCE,
.ms = ms,
};
int ret = ctl_reply(fd, &res, &req);
if (ret) {
perror("set timetolerance");
return 1;
}
return 0;
}
static int
gt_set_tc(int fd, int tc)
{
struct ctl_msg res, req = {
.type = CTL_TC,
.tc = tc,
};
int ret = ctl_reply(fd, &res, &req);
if (ret) {
perror("set tc");
return 1;
}
return 0;
}
static int
gt_argz_tc(void *data, int argc, char **argv)
{
if (argc < 1 || !argv[0])
return -1;
int val = 0;
const char *s = argv[0];
if ((s[0] == 'C') && (s[1] == 'S') &&
(s[2] >= '0') && (s[2] <= '7') && !s[3]) {
val = (s[2] - '0') << 3;
} else if ((s[0] == 'A') && (s[1] == 'F') &&
(s[2] >= '1') && (s[2] <= '4') &&
(s[3] >= '1') && (s[3] <= '3') && !s[4]) {
val = ((s[2] - '0') << 3) | ((s[3] - '0') << 1);
} else if ((s[0] == 'E') && (s[1] == 'F') && !s[2]) {
val = 46;
} else return -1;
if (data)
*(int *)data = val;
return 1;
}
int
gt_set(int argc, char **argv)
{
const char *dev = NULL;
size_t mtu;
int tc;
unsigned long kxtimeout;
unsigned long timeout;
unsigned long timetolerance;
struct argz pathz[] = {
{"dev", "NAME", &dev, argz_str},
{"mtu", "BYTES", &mtu, argz_bytes},
{"tc", "CS|AF|EF", &tc, gt_argz_tc},
{"kxtimeout", "SECONDS", &kxtimeout, argz_time},
{"timeout", "SECONDS", &timeout, argz_time},
{"timetolerance", "SECONDS", &timetolerance, argz_time},
{NULL}};
if (argz(pathz, argc, argv))
return 1;
int fd = ctl_connect(GT_RUNDIR, dev);
if (fd < 0) {
switch (fd) {
case -1:
perror("set");
break;
case -2:
gt_log("no device\n");
break;
case -3:
gt_log("please choose a device\n");
break;
default:
gt_log("couldn't connect\n");
}
return 1;
}
int ret = 0;
if (argz_is_set(pathz, "mtu"))
ret |= gt_set_mtu(fd, mtu);
if (argz_is_set(pathz, "tc"))
ret |= gt_set_tc(fd, tc);
if (argz_is_set(pathz, "kxtimeout"))
ret |= gt_set_kxtimeout(fd, kxtimeout);
if (argz_is_set(pathz, "timeout"))
ret |= gt_set_timeout(fd, timeout);
if (argz_is_set(pathz, "timetolerance"))
ret |= gt_set_timetolerance(fd, timetolerance);
ctl_delete(fd);
return ret;
}

122
src/show.c
View File

@@ -1,122 +0,0 @@
#include "common.h"
#include "ctl.h"
#include "str.h"
#include "../argz/argz.h"
#include <stdio.h>
#include <sys/socket.h>
#include <dirent.h>
#include <sys/un.h>
#include <arpa/inet.h>
static int
gt_show_dev_status(int fd, const char *dev)
{
struct ctl_msg res, req = {.type = CTL_STATUS};
if (ctl_reply(fd, &res, &req))
return -1;
char bindstr[INET6_ADDRSTRLEN];
char peerstr[INET6_ADDRSTRLEN];
gt_toaddr(bindstr, sizeof(bindstr),
(struct sockaddr *)&res.status.bind);
int server = gt_toaddr(peerstr, sizeof(peerstr),
(struct sockaddr *)&res.status.peer);
if (server) {
printf("server %s:\n"
" pid: %li\n"
" bind: %s port %"PRIu16"\n"
" mtu: %zu\n"
" cipher: %s\n",
dev,
res.status.pid,
bindstr[0] ? bindstr : "-",
gt_get_port((struct sockaddr *)&res.status.bind),
res.status.mtu,
res.status.chacha ? "chacha20poly1305" : "aes256gcm");
} else {
printf("client %s:\n"
" pid: %li\n"
" bind: %s port %"PRIu16"\n"
" peer: %s port %"PRIu16"\n"
" mtu: %zu\n"
" cipher: %s\n",
dev,
res.status.pid,
bindstr[0] ? bindstr : "-",
gt_get_port((struct sockaddr *)&res.status.bind),
peerstr[0] ? peerstr : "-",
gt_get_port((struct sockaddr *)&res.status.peer),
res.status.mtu,
res.status.chacha ? "chacha20poly1305" : "aes256gcm");
}
return 0;
}
static int
gt_show_dev(const char *dev)
{
int fd = ctl_connect(GT_RUNDIR, dev);
if (fd < 0) {
if (fd == -1)
perror("show");
return -1;
}
int ret = gt_show_dev_status(fd, dev);
if (ret == -1)
perror(dev);
if (ret == -2)
gt_log("%s: bad reply from server\n", dev);
ctl_delete(fd);
return ret;
}
int
gt_show(int argc, char **argv)
{
const char *dev = NULL;
struct argz showz[] = {
{"dev", "NAME", &dev, argz_str},
{NULL}};
if (argz(showz, argc, argv))
return 1;
if (dev) {
gt_show_dev(dev);
return 0;
}
DIR *dp = opendir(GT_RUNDIR);
if (!dp) {
if (errno == ENOENT)
return 0;
perror("show");
return 1;
}
struct dirent *d = NULL;
while (d = readdir(dp), d) {
if (d->d_name[0] != '.')
gt_show_dev(d->d_name);
}
closedir(dp);
return 0;
}

61
src/state.c Normal file
View File

@@ -0,0 +1,61 @@
#include "common.h"
#include "state.h"
#include "str.h"
#include <stdio.h>
#include <fcntl.h>
#include <sys/stat.h>
static int state_fd = -1;
int state_init (const char *filename)
{
if (str_empty(filename))
return 0;
state_fd = open(filename, O_WRONLY);
if (state_fd==-1) {
if (errno!=EINTR)
perror("open");
return -1;
}
struct stat st = {0};
if (fstat(state_fd, &st)==-1) {
perror("fstat");
close(state_fd);
state_fd = -1;
return -1;
}
if (!S_ISFIFO(st.st_mode)) {
gt_log("`%s' is not a fifo\n", filename);
close(state_fd);
state_fd = -1;
return -1;
}
return 0;
}
void state (const char *state, const char *info)
{
if (str_empty(state))
return;
const char *strs[] = { state, " ", info, "\n" };
char *str = str_cat(strs, COUNT(strs));
if (!str)
return;
if (state_fd==-1) {
gt_print("%s", str);
} else {
if (write(state_fd, str, str_len(str))==-1 && errno!=EINTR)
perror("write");
}
}

4
src/state.h Normal file
View File

@@ -0,0 +1,4 @@
#pragma once
int state_init (const char *);
void state (const char *, const char *);

67
src/str.h
View File

@@ -2,61 +2,72 @@
#include "common.h"
_pure_ static inline int
str_empty(const char *restrict str)
static inline size_t str_cpy (char *restrict dst, const char *restrict src, size_t len)
{
if (!dst || !src)
return 0;
size_t i;
for (i=0; i<len && src[i]; i++)
dst[i] = src[i];
dst[i] = 0;
return i;
}
_pure_
static inline int str_empty (const char *restrict str)
{
return !str || !str[0];
}
_pure_ static inline size_t
str_cmp(const char *restrict sa, const char *restrict sb)
_pure_
static inline size_t str_cmp (const char *restrict sa, const char *restrict sb)
{
if (!sa || !sb)
return 1;
size_t i = 0;
while (sa[i] == sb[i])
while (sa[i]==sb[i])
if (!sa[i++])
return 0;
return i + 1;
return i+1;
}
_pure_ static inline size_t
str_len(const char *restrict str, size_t len)
_pure_
static inline size_t str_len (const char *restrict str)
{
if (!str)
return 0;
return strnlen(str, len);
return strlen(str);
}
static inline size_t
str_cat(char *dst, size_t dst_len, const char **src, size_t count)
static inline char *str_cat (const char **strs, size_t count)
{
if (count && !src)
return 0;
size_t size = 1;
size_t len = 0;
for (size_t i=0; i<count; i++)
size += str_len(strs[i]);
for (size_t i = 0; i < count && dst_len > len; i++) {
size_t n = str_len(src[i], dst_len - len);
char *str = malloc(size);
if (dst && n)
memmove(&dst[len], src[i], n);
if (!str)
return NULL;
len += n;
char *p = str;
for (size_t i=0; i<count; i++) {
size_t len = str_len(strs[i]);
memcpy(p, strs[i], len);
p += len;
}
if (dst)
dst[len] = 0;
p[0] = 0;
return len;
}
static inline size_t
str_cpy(char *dst, size_t dst_len, const char *src)
{
return str_cat(dst, dst_len, &src, 1);
return str;
}

229
src/tun.c
View File

@@ -1,26 +1,25 @@
#include "common.h"
#include "ip.h"
#include "str.h"
#include "tun.h"
#include <fcntl.h>
#include "tun.h"
#include "str.h"
#include "ip.h"
#include <stdio.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <net/if.h>
#ifdef __linux__
#define IFF_TUN 0x0001
#define IFF_NO_PI 0x1000
#define TUNSETIFF _IOW('T', 202, int)
#define TUNSETPERSIST _IOW('T', 203, int)
#include <linux/if.h>
#include <linux/if_tun.h>
#endif
#ifdef __APPLE__
#include <net/if_utun.h>
#include <sys/kern_control.h>
#include <sys/sys_domain.h>
#include <sys/kern_control.h>
#include <net/if_utun.h>
#endif
#if defined(__APPLE__) || defined(__OpenBSD__)
@@ -29,28 +28,20 @@
#ifdef __APPLE__
static int
tun_create_by_id(char *name, size_t len, unsigned id)
static int tun_create_by_id (char *name, size_t size, unsigned id, _unused_ int mq)
{
int ret = snprintf(name, len + 1, "utun%u", id);
if (ret <= 0 || ret > len) {
errno = EINVAL;
return -1;
}
int fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
if (fd == -1)
if (fd==-1)
return -1;
struct ctl_info ci = {0};
str_cpy(ci.ctl_name, sizeof(ci.ctl_name) - 1, UTUN_CONTROL_NAME);
struct ctl_info ci;
memset(&ci, 0, sizeof(ci));
str_cpy(ci.ctl_name, UTUN_CONTROL_NAME, sizeof(ci.ctl_name)-1);
if (ioctl(fd, CTLIOCGINFO, &ci)) {
int err = errno;
close(fd);
errno = err;
return -1;
}
@@ -59,172 +50,157 @@ tun_create_by_id(char *name, size_t len, unsigned id)
.sc_len = sizeof(sc),
.sc_family = AF_SYSTEM,
.ss_sysaddr = AF_SYS_CONTROL,
.sc_unit = id + 1,
.sc_unit = id+1,
};
if (connect(fd, (struct sockaddr *)&sc, sizeof(sc))) {
int err = errno;
close(fd);
errno = err;
return -1;
}
snprintf(name, size, "utun%u", id);
return fd;
}
static int
tun_create_by_name(char *name, size_t len, const char *dev_name)
static int tun_create_by_name (char *name, size_t size, char *dev_name, int mq)
{
unsigned id = 0;
if (sscanf(dev_name, "utun%u", &id) != 1) {
errno = EINVAL;
if (sscanf(dev_name, "utun%u", &id)!=1)
return -1;
}
return tun_create_by_id(name, len, id);
return tun_create_by_id(name, size, id, mq);
}
#else /* not __APPLE__ */
#ifdef __linux__
static int
tun_create_by_name(char *name, size_t len, const char *dev_name)
static int tun_create_by_name (char *name, size_t size, char *dev_name, int mq)
{
struct ifreq ifr = {
.ifr_flags = IFF_TUN | IFF_NO_PI,
};
const size_t ifr_len = sizeof(ifr.ifr_name) - 1;
if ((len < ifr_len) ||
(str_len(dev_name, ifr_len + 1) > ifr_len)) {
errno = EINVAL;
return -1;
}
int fd = open("/dev/net/tun", O_RDWR);
if (fd == -1)
if (fd==-1)
return -1;
str_cpy(ifr.ifr_name, ifr_len, dev_name);
struct ifreq ifr = {
.ifr_flags = IFF_TUN|IFF_NO_PI,
};
if (mq) {
#ifdef IFF_MULTI_QUEUE
ifr.ifr_flags |= IFF_MULTI_QUEUE;
#endif
}
str_cpy(ifr.ifr_name, dev_name, IFNAMSIZ-1);
if (ioctl(fd, TUNSETIFF, &ifr)) {
int err = errno;
close(fd);
errno = err;
return -1;
}
str_cpy(name, len, ifr.ifr_name);
str_cpy(name, ifr.ifr_name, size-1);
return fd;
}
#else /* not __linux__ not __APPLE__ */
static int
tun_create_by_name(char *name, size_t len, const char *dev_name)
static int tun_create_by_name (char *name, size_t size, char *dev_name, _unused_ int mq)
{
char tmp[128];
char path[64];
int ret = snprintf(tmp, sizeof(tmp), "/dev/%s", dev_name);
snprintf(path, sizeof(path), "/dev/%s", dev_name);
str_cpy(name, dev_name, size-1);
if (ret <= 0 || ret >= sizeof(tmp)) {
errno = EINVAL;
return -1;
}
if (str_cpy(name, len, dev_name) == len) {
if (str_len(dev_name, len + 1) > len) {
errno = EINVAL;
return -1;
}
}
return open(tmp, O_RDWR);
return open(path, O_RDWR);
}
#endif /* not __APPLE__ */
static int
tun_create_by_id(char *name, size_t len, unsigned id)
static int tun_create_by_id (char *name, size_t size, unsigned id, int mq)
{
char tmp[64];
char dev_name[64];
int ret = snprintf(tmp, sizeof(tmp), "tun%u", id);
snprintf(dev_name, sizeof(dev_name), "tun%u", id);
if (ret <= 0 || ret >= sizeof(tmp)) {
errno = EINVAL;
return -1;
}
return tun_create_by_name(name, len, tmp);
return tun_create_by_name(name, size, dev_name, mq);
}
#endif
int
tun_create(char *name, size_t len, const char *dev_name)
int tun_create (char *dev_name, char **ret_name, int mq)
{
char name[64] = {0};
int fd = -1;
#ifndef IFF_MULTI_QUEUE
if (mq)
gt_na("IFF_MULTI_QUEUE");
#endif
if (str_empty(dev_name)) {
for (unsigned id = 0; id < 32 && fd == -1; id++)
fd = tun_create_by_id(name, len, id);
for (unsigned id=0; id<32 && fd==-1; id++)
fd = tun_create_by_id(name, sizeof(name), id, mq);
} else {
fd = tun_create_by_name(name, len, dev_name);
fd = tun_create_by_name(name, sizeof(name), dev_name, mq);
}
if (fd!=-1 && ret_name)
*ret_name = strdup(name);
return fd;
}
int
tun_read(int fd, void *data, size_t size)
ssize_t tun_read (int fd, void *data, size_t size)
{
if (!size)
return 0;
return -1;
#ifdef GT_BSD_TUN
uint32_t family;
struct iovec iov[2] = {
{
.iov_base = &family,
.iov_len = sizeof(family),
},
{
.iov_base = data,
.iov_len = size,
},
{ .iov_base = &family, .iov_len = sizeof(family) },
{ .iov_base = data, .iov_len = size }
};
ssize_t ret = readv(fd, iov, 2);
#else
ssize_t ret = read(fd, data, size);
#endif
if (ret <= (ssize_t)0)
return ret;
if (ret==-1) {
if (errno==EAGAIN || errno==EINTR)
return -1;
if (ret <= (ssize_t)sizeof(family))
if (errno)
perror("tun read");
return 0;
}
#ifdef GT_BSD_TUN
if (ret<(ssize_t) sizeof(family))
return 0;
return ret - sizeof(family);
return ret-sizeof(family);
#else
return read(fd, data, size);
return ret;
#endif
}
int
tun_write(int fd, const void *data, size_t size)
ssize_t tun_write (int fd, const void *data, size_t size)
{
if (!size)
return 0;
return -1;
#ifdef GT_BSD_TUN
uint32_t family;
switch (ip_get_version(data)) {
switch (ip_get_version(data, size)) {
case 4:
family = htonl(AF_INET);
break;
@@ -232,42 +208,35 @@ tun_write(int fd, const void *data, size_t size)
family = htonl(AF_INET6);
break;
default:
errno = EINVAL;
return -1;
}
struct iovec iov[2] = {
{
.iov_base = &family,
.iov_len = sizeof(family),
},
{
.iov_base = (void *)data,
.iov_len = size,
},
{ .iov_base = &family, .iov_len = sizeof(family) },
{ .iov_base = (void *) data, .iov_len = size },
};
ssize_t ret = writev(fd, iov, 2);
#else
ssize_t ret = write(fd, data, size);
#endif
if (ret <= (ssize_t)0)
return ret;
if (ret==-1) {
if (errno==EAGAIN || errno==EINTR)
return -1;
if (ret <= (ssize_t)sizeof(family))
if (errno)
perror("tun write");
return 0;
}
#ifdef GT_BSD_TUN
if (ret<(ssize_t) sizeof(family))
return 0;
return ret - sizeof(family);
return ret-sizeof(family);
#else
return write(fd, data, size);
#endif
}
int
tun_set_persist(int fd, int on)
{
#ifdef TUNSETPERSIST
return ioctl(fd, TUNSETPERSIST, on);
#else
errno = ENOSYS;
return -1;
return ret;
#endif
}

9
src/tun.h
View File

@@ -1,6 +1,7 @@
#pragma once
int tun_create (char *, size_t, const char *);
int tun_read (int, void *, size_t);
int tun_write (int, const void *, size_t);
int tun_set_persist (int, int);
#include <unistd.h>
int tun_create (char *, char **, int);
ssize_t tun_read (int, void *, size_t);
ssize_t tun_write (int, const void *, size_t);

10
systemd/glorytun-client.network
View File

@@ -1,10 +0,0 @@
[Match]
Name=gtc-*
[Network]
Description=Glorytun client device
DHCP=ipv4
[DHCP]
CriticalConnection=yes
RouteTable=200

6
systemd/glorytun-run
View File

@@ -1,6 +0,0 @@
#!/bin/sh
exec glorytun bind "$@" \
$BIND $BIND_PORT \
${DEV:+dev "$DEV"} \
${HOST:+to "$HOST" "$PORT"}

73
systemd/glorytun-setup
View File

@@ -1,73 +0,0 @@
#!/bin/sh
set -e
_ask() {
printf "%s: " "$1"
read -r "$2"
}
_ask "Config filename (tun0)" NAME
NAME=${NAME:-tun0}
DIR="/etc/glorytun/$NAME"
if [ -d "$DIR" ]; then
echo "This config already exit!"
exit 1
fi
_ask "Server ip (enter for server conf)" HOST
if [ -z "$HOST" ]; then
_ask "Bind to port (5000)" BIND_PORT
BIND_PORT=${BIND_PORT:-5000}
else
_ask "Server port (5000)" PORT
PORT=${PORT:-5000}
fi
BIND=0.0.0.0
case "$HOST" in
*:*) BIND=::
esac
_ask "Server key (enter to generate a new one)" KEY
if [ -z "$KEY" ]; then
KEY=$(glorytun keygen)
echo "Your new key: $KEY"
fi
# install files
mkdir -p "$DIR"
cat > "$DIR/env" <<EOF
DEV=gt${HOST:+c}-$NAME
HOST=$HOST
PORT=$PORT
BIND=$BIND
BIND_PORT=$BIND_PORT
OPTIONS=
EOF
( umask 077; echo "$KEY" > "$DIR/key" )
[ "$HOST" ] && cat > "$DIR/post.sh" <<'EOF'
#!/bin/sh
PREF=32765
TABLE=200
# keep the current route to HOST
SRC=$(ip route get "$HOST" | awk '/src/{getline;print $0}' RS=' ')
ip rule add from "$SRC" table main pref "$((PREF-1))" || true
glorytun path up "$SRC" dev "$DEV"
# forward everything else to the tunnel
ip rule add from all table "$TABLE" pref "$PREF" || true
EOF
[ -f "$DIR/post.sh" ] && chmod u+x "$DIR/post.sh"
# start services
_ask "Start glorytun now ? (enter to skip)" START
case "$START" in y*|Y*)
systemctl start glorytun@"$NAME" ;;
esac

14
systemd/glorytun.network
View File

@@ -1,14 +0,0 @@
[Match]
Name=gt-*
[Network]
Description=Glorytun server device
Address=0.0.0.0/24
DHCPServer=yes
IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=1
EmitDNS=yes
DNS=9.9.9.9

14
systemd/glorytun@.service.in
View File

@@ -1,14 +0,0 @@
[Unit]
Description=Glorytun on %I
After=network.target
[Service]
Type=simple
Restart=always
EnvironmentFile=/etc/glorytun/%i/env
ExecStart=@bindir@/glorytun-run keyfile /etc/glorytun/%i/key $OPTIONS
ExecStartPost=-/etc/glorytun/%i/post.sh
CapabilityBoundingSet=CAP_NET_ADMIN
[Install]
WantedBy=multi-user.target

13
version.sh
View File

@@ -1,12 +1,13 @@
#!/bin/sh
[ -z "${VERSION}" ] && VERSION="$(git describe --tags --match='v[0-9].*' 2>/dev/null)" \
&& VERSION="${VERSION#v}"
[ -z "${VERSION}" ] && VERSION=`git describe --tags --match='v[0-9].*' 2>/dev/null` \
&& VERSION=${VERSION#v}
[ -z "${VERSION}" ] && VERSION="$(git rev-parse HEAD 2>/dev/null)"
[ -z "${VERSION}" ] && VERSION=`cat VERSION 2>/dev/null`
[ -z "${VERSION}" ] && VERSION="$(cat VERSION 2>/dev/null)"
[ -z "${VERSION}" ] && VERSION=0.0.0
[ -z "${VERSION}" ] && VERSION="0.0.0"
[ "$1" = "major" ] && printf ${VERSION%%.*} \
&& exit 0
printf "%s" "${VERSION}" | tee VERSION
printf ${VERSION} | tee VERSION