Update README.md

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2015-2019, angt
+Copyright (c) 2015-2019, Adrien Gallouët <adrien@gallouet.fr>
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Makefile

@@ -0,0 +1,32 @@
+NAME    := glorytun
+VERSION := $(shell ./version.sh)
+DIST    := $(NAME)-$(VERSION)
+
+DESTDIR ?=
+CC      ?= gcc
+INSTALL ?= install
+prefix  ?= /usr
+CFLAGS  ?= -std=c11 -O2 -Wall -fstack-protector-strong
+
+FLAGS := $(CFLAGS) $(LDFLAGS) $(CPPFLAGS)
+FLAGS += -DPACKAGE_NAME=\"$(NAME)\" -DPACKAGE_VERSION=\"$(VERSION)\"
+
+SRC := argz/argz.c mud/mud.c $(wildcard src/*.c)
+
+.PHONY: $(NAME)
+$(NAME):
+	@echo "Building $(NAME)"
+	@$(CC) $(FLAGS) -o $(NAME) $(SRC) -lsodium -lm
+
+.PHONY: install
+install: $(NAME)
+	@echo "Installing $(NAME)"
+	@$(INSTALL) -m 755 -d $(DESTDIR)$(prefix)/bin
+	@$(INSTALL) -m 755 -s $(NAME) $(DESTDIR)$(prefix)/bin
+
+.PHONY: dist
+dist:
+	@echo "Building $(DIST).tar.gz"
+	@(git --git-dir=.git ls-files --recurse-submodules -- ':!:.*' ':!:**/.*' && echo VERSION) | ( \
+	    tar zcf $(DIST).tar.gz -T- --transform 's:^:$(DIST)/:' || \
+	    tar zcf $(DIST).tar.gz -T- -s ':^:$(DIST)/:' ) 2>/dev/null

Makefile.am

@@ -24,7 +24,6 @@ glorytun_SOURCES = \
     src/set.c \
     src/show.c \
     src/str.h \
-    src/sync.c \
     src/tun.c \
     src/tun.h
 

README.md

@@ -6,9 +6,12 @@ Glorytun is a small, simple and secure VPN over [mud](https://github.com/angt/mu
 
 Glorytun only depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4.
 Which can be installed on a wide variety of systems.
+
 Linux is the platform of choice but the code is standard so it should be easily ported on other posix systems.
 It was successfully tested on OpenBSD, FreeBSD and MacOS.
 
+IPv4 and IPv6 are supported.
+
 ## Features
 
 The key features of Glorytun come directly from mud:
@@ -18,7 +21,7 @@ The key features of Glorytun come directly from mud:
    The use of UDP and [libsodium](https://github.com/jedisct1/libsodium) allows you to secure
    your communications without impacting performance.
    Glorytun uses AES only if AES-NI is available otherwise ChaCha20 is used.
-   You can force the use of ChaCha20 for higher security.
+   If you are not cpu bounded, you can force the use of ChaCha20 for higher security.
    All messages are encrypted, authenticated and marked with a timestamp.
    Perfect forward secrecy is also implemented with ECDH over Curve25519.
 
@@ -26,6 +29,7 @@ The key features of Glorytun come directly from mud:
 
    This is the main feature of Glorytun that allows to build an SD-WAN like service.
    This allows a TCP connection to explore and exploit multiple links without being disconnected.
+   Aggregation should work on all conventional links, only very high latency (+500ms) links are not recommended for now.
 
  * **Traffic shaping**
 
@@ -48,22 +52,20 @@ By default, an offset of 10min is accepted.
 
 ## Build and Install
 
-We recommend the use of [meson](http://mesonbuild.com) for building instead of
-the more classical autotools suite (also available for old systems).
+You will need `git`, `make`, `gcc` and `libsodium`:
 
-On Ubuntu, the following command should be sufficient to get all the necessary build dependencies:
-
-    $ sudo apt-get install meson libsodium-dev pkg-config
+    $ sudo apt install git make gcc libsodium-dev    # debian based
+    $ sudo yum install git make gcc libsodium-devel  # redhat based
 
 To build and install the latest release from github:
 
     $ git clone https://github.com/angt/glorytun --recursive
-    $ meson glorytun glorytun/build
-    $ sudo ninja -C glorytun/build install
+    $ cd glorytun
+    $ sudo make install
 
-This will install all binaries in `/usr/local/bin` by default.
+This will install the binary in `/usr/bin` by default.
 
-You can easily customize your setup with meson (see `meson help`).
+The more classical autotools suite is also available.
 
 ## Usage
 
@@ -77,7 +79,6 @@ available commands:
   bench    start a crypto bench
   bind     start a new tunnel
   set      change tunnel properties
-  sync     re-sync tunnels
   keygen   generate a new secret key
   path     manage paths
   version  show version

meson.build

@@ -33,7 +33,6 @@ executable('glorytun', install: true,
     'src/path.c',
     'src/set.c',
     'src/show.c',
-    'src/sync.c',
     'src/tun.c',
   ],
   dependencies: [

src/bench.c

@@ -27,11 +27,13 @@ gt_now(void)
 #elif defined CLOCK_MONOTONIC
     struct timespec tv;
     clock_gettime(CLOCK_MONOTONIC, &tv);
-    return tv.tv_sec * 1000000ULL + tv.tv_nsec / 1000ULL;
+    return (unsigned long long)tv.tv_sec * 1000000ULL
+         + (unsigned long long)tv.tv_nsec / 1000ULL;
 #else
     struct timeval tv;
     gettimeofday(&tv, NULL);
-    return tv.tv_sec * 1000000ULL + tv.tv_usec;
+    return (unsigned long long)tv.tv_sec * 1000000ULL
+         + (unsigned long long)tv.tv_usec;
 #endif
 }
 
@@ -116,7 +118,7 @@ gt_bench(int argc, char **argv)
             size_t bytes = 0;
 
             gt_alarm = 0;
-            alarm(duration);
+            alarm((unsigned int)duration);
 
             while (!gt_quit && !gt_alarm) {
                 if (chacha) {
@@ -133,7 +135,7 @@ gt_bench(int argc, char **argv)
             total_dt += gt_now() - now;
             total_bytes += bytes;
 
-            mbps = (total_bytes * 8.0) / total_dt;
+            mbps = ((double)total_bytes * 8.0) / (double)total_dt;
             mbps_min = fmin(mbps_min, mbps);
             mbps_max = fmax(mbps_max, mbps);
             mbps_dlt = fabs(mbps_old - mbps);

src/bind.c

@@ -67,7 +67,7 @@ gt_setup_secretkey(struct mud *mud, const char *keyfile)
             break;
         }
 
-        size += r;
+        size += (size_t)r;
     }
 
     close(fd);
@@ -207,7 +207,7 @@ gt_bind(int argc, char **argv)
     unsigned char buf[4096];
 
     while (!gt_quit) {
-        unsigned long send_wait = mud_send_wait(mud);
+        long send_wait = mud_send_wait(mud);
 
         if (send_wait) {
             FD_CLR(tun_fd, &rfds);
@@ -223,7 +223,7 @@ gt_bind(int argc, char **argv)
             .tv_usec = send_wait,
         };
 
-        const int ret = select(last_fd, &rfds, NULL, NULL, send_wait ? &tv : NULL);
+        const int ret = select(last_fd, &rfds, NULL, NULL, send_wait > 0 ? &tv : NULL);
 
         if (ret == -1) {
             if (errno == EBADF) {
@@ -300,9 +300,6 @@ gt_bind(int argc, char **argv)
                     res.status.bind = bind_addr;
                     res.status.peer = peer_addr;
                     break;
-                case CTL_SYNC:
-                    res.ms = mud_sync(mud);
-                    break;
                 }
                 if (sendto(ctl_fd, &res, sizeof(res), 0,
                            (const struct sockaddr *)&ss, sl) == -1)
@@ -315,15 +312,15 @@ gt_bind(int argc, char **argv)
         if (FD_ISSET(mud_fd, &rfds)) {
             const int r = mud_recv(mud, buf, sizeof(buf));
 
-            if (ip_is_valid(buf, r))
-                tun_write(tun_fd, buf, r);
+            if (r > 0 && ip_is_valid(buf, r))
+                tun_write(tun_fd, buf, (size_t)r);
         }
 
         if (FD_ISSET(tun_fd, &rfds) && !mud_send_wait(mud)) {
             struct ip_common ic;
             const int r = tun_read(tun_fd, buf, sizeof(buf));
 
-            if (!ip_get_common(&ic, buf, r)) {
+            if (r > 0 && !ip_get_common(&ic, buf, r)) {
              // TODO: disable hash for now
              // unsigned char hash[crypto_shorthash_BYTES];
              // crypto_shorthash(hash, (const unsigned char *)&ic, sizeof(ic), hashkey);
@@ -331,7 +328,7 @@ gt_bind(int argc, char **argv)
                 unsigned h = 0;
              // memcpy(&h, hash, sizeof(h));
 
-                mud_send(mud, buf, r, (h << 8) | ic.tc);
+                mud_send(mud, buf, (size_t)r, (h << 8) | ic.tc);
             }
         }
     }

src/common.c

@@ -64,7 +64,7 @@ gt_fromhex(uint8_t *dst, size_t dst_size, const char *src, size_t src_size)
         if (_0_(a == -1 || b == -1))
             return -1;
 
-        *dst++ = (a << 4) | b;
+        *dst++ = (uint8_t)((a << 4) | b);
     }
 
     return 0;
@@ -105,10 +105,10 @@ gt_toaddr(char *str, size_t size, struct sockaddr *sa)
     switch (sa->sa_family) {
     case AF_INET:
         return -!inet_ntop(AF_INET,
-                           &((struct sockaddr_in *)sa)->sin_addr, str, size);
+                &((struct sockaddr_in *)sa)->sin_addr, str, (socklen_t)size);
     case AF_INET6:
         return -!inet_ntop(AF_INET6,
-                           &((struct sockaddr_in6 *)sa)->sin6_addr, str, size);
+                &((struct sockaddr_in6 *)sa)->sin6_addr, str, (socklen_t)size);
     }
 
     errno = EAFNOSUPPORT;

src/common.h

@@ -74,4 +74,3 @@ int gt_path   (int, char **);
 int gt_keygen (int, char **);
 int gt_bench  (int, char **);
 int gt_set    (int, char **);
-int gt_sync   (int, char **);

src/ctl.c

@@ -2,15 +2,13 @@
 #include "ctl.h"
 #include "str.h"
 
-#include <stdio.h>
 #include <unistd.h>
 #include <dirent.h>
 #include <sys/socket.h>
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/un.h>
 
-#define CTL_BIND_MAX 64
-
 int
 ctl_reply(int fd, struct ctl_msg *res, struct ctl_msg *req)
 {
@@ -61,20 +59,20 @@ ctl_setsun(struct sockaddr_un *dst, const char *dir, const char *file)
 static int
 ctl_bind(int fd, const char *dir, const char *file)
 {
-    char tmp[32];
     struct sockaddr_un sun;
 
     if (str_empty(file)) {
-        for (int i = 0; i < CTL_BIND_MAX; i++) {
-            if (snprintf(tmp, sizeof(tmp), ".%i", i) >= sizeof(tmp))
-                return -1;
+        char name[10] = { [0] = '.' };
+        unsigned pid = (unsigned)getpid();
 
-            if (ctl_setsun(&sun, dir, tmp))
-                return -1;
+        for (size_t i = 1; i < sizeof(name) - 1; i++, pid >>= 4)
+            name[i] = "uncopyrightables"[pid & 15];
 
-            if (!bind(fd, (struct sockaddr *)&sun, sizeof(sun)))
-                return 0;
-        }
+        if (ctl_setsun(&sun, dir, name))
+            return -1;
+
+        if (!bind(fd, (struct sockaddr *)&sun, sizeof(sun)))
+            return 0;
     } else {
         if (ctl_setsun(&sun, dir, file))
             return -1;

src/ctl.h

@@ -13,7 +13,6 @@ enum ctl_type {
     CTL_KXTIMEOUT,
     CTL_TIMETOLERANCE,
     CTL_PATH_STATUS,
-    CTL_SYNC,
 };
 
 struct ctl_msg {

src/iface.c

@@ -6,10 +6,15 @@
 #include <sys/ioctl.h>
 
 int
-iface_set_mtu(const char *dev_name, int mtu)
+iface_set_mtu(const char *dev_name, size_t mtu)
 {
+    if (mtu > (size_t)0xFFFF) {
+        errno = EINVAL;
+        return -1;
+    }
+
     struct ifreq ifr = {
-        .ifr_mtu = mtu,
+        .ifr_mtu = (int)mtu,
     };
 
     const size_t len = sizeof(ifr.ifr_name) - 1;

src/iface.h

@@ -1,3 +1,3 @@
 #pragma once
 
-int iface_set_mtu (const char *, int);
+int iface_set_mtu (const char *, size_t);

src/ip.h

@@ -21,9 +21,7 @@ struct ip_common {
 static inline int
 ip_read16(const uint8_t *src)
 {
-    uint16_t ret = src[1];
-    ret |= ((uint16_t)src[0]) << 8;
-    return (int)ret;
+    return ((int)src[1]) | (((int)src[0]) << 8);
 }
 
 static inline uint8_t
@@ -75,7 +73,7 @@ ip_get_common(struct ip_common *ic, const uint8_t *data, int size)
         }
         break;
     case 6:
-        ic->tc = ((data[0] & 0xF) << 4) | (data[1] >> 4);
+        ic->tc = (uint8_t)((data[0] << 4) | (data[1] >> 4));
         ic->proto = data[6];
         if (size == ip_read16(&data[4]) + 40) {
             memcpy(ic->src.v6, &data[8], sizeof(ic->src.v6));

src/main.c

@@ -64,7 +64,6 @@ main(int argc, char **argv)
         {"bench", "start a crypto bench", gt_bench},
         {"bind", "start a new tunnel", gt_bind},
         {"set", "change tunnel properties", gt_set},
-        {"sync", "re-sync tunnels", gt_sync},
         {"keygen", "generate a new secret key", gt_keygen},
         {"path", "manage paths", gt_path},
         {"version", "show version", gt_version},

src/path.c

@@ -84,8 +84,8 @@ gt_path_status(int fd)
             peerstr[0] ? peerstr : "-",
             gt_get_port((struct sockaddr *)&res.path_status.addr),
             res.path_status.mtu.ok,
-            res.path_status.rtt.val / 1e3,
-            res.path_status.rtt.var / 1e3,
+            (double)res.path_status.rtt.val / 1e3,
+            (double)res.path_status.rtt.var / 1e3,
             res.path_status.rate_tx,
             res.path_status.rate_rx,
             res.path_status.send.total,

src/sync.c

@@ -1,76 +0,0 @@
-#include "common.h"
-#include "ctl.h"
-#include "str.h"
-
-#include "../argz/argz.h"
-
-#include <stdio.h>
-#include <dirent.h>
-
-static int
-gt_sync_dev(const char *dev, unsigned long timeout)
-{
-    const int fd = ctl_connect(GT_RUNDIR, dev);
-
-    if (fd < 0) {
-        if (fd == -1)
-            perror("sync");
-        return 1;
-    }
-
-    struct ctl_msg res, req = {
-        .type = CTL_SYNC,
-    };
-
-    int ret = ctl_reply(fd, &res, &req);
-
-    if (!ret) {
-        if (res.ms > timeout)
-            ret = 1;
-    } else {
-        perror("sync");
-    }
-
-    ctl_delete(fd);
-
-    return ret;
-}
-
-int
-gt_sync(int argc, char **argv)
-{
-    const char *dev = NULL;
-    unsigned long timeout = 20000;
-
-    struct argz syncz[] = {
-        {"dev", "NAME", &dev, argz_str},
-        {"timeout", "SECONDS", &timeout, argz_time},
-        {NULL}};
-
-    if (argz(syncz, argc, argv))
-        return 1;
-
-    if (dev)
-        return !!gt_sync_dev(dev, timeout);
-
-    DIR *dp = opendir(GT_RUNDIR);
-
-    if (!dp) {
-        if (errno == ENOENT)
-            return 0;
-        perror("sync");
-        return 1;
-    }
-
-    int ret = 0;
-    struct dirent *d = NULL;
-
-    while (d = readdir(dp), d) {
-        if (d->d_name[0] != '.')
-            ret |= !!gt_sync_dev(d->d_name, timeout);
-    }
-
-    closedir(dp);
-
-    return ret;
-}

src/tun.c

@@ -129,10 +129,9 @@ static int
 tun_create_by_name(char *name, size_t len, const char *dev_name)
 {
     char tmp[128];
-
     int ret = snprintf(tmp, sizeof(tmp), "/dev/%s", dev_name);
 
-    if (ret <= 0 || ret >= sizeof(tmp)) {
+    if (ret <= 0 || (size_t)ret >= sizeof(tmp)) {
         errno = EINVAL;
         return -1;
     }
@@ -153,10 +152,9 @@ static int
 tun_create_by_id(char *name, size_t len, unsigned id)
 {
     char tmp[64];
-
     int ret = snprintf(tmp, sizeof(tmp), "tun%u", id);
 
-    if (ret <= 0 || ret >= sizeof(tmp)) {
+    if (ret <= 0 || (size_t)ret >= sizeof(tmp)) {
         errno = EINVAL;
         return -1;
     }
@@ -201,17 +199,17 @@ tun_read(int fd, void *data, size_t size)
         },
     };
 
-    ssize_t ret = readv(fd, iov, 2);
+    int ret = (int)readv(fd, iov, 2);
 
-    if (ret <= (ssize_t)0)
+    if (ret <= 0)
         return ret;
 
-    if (ret <= (ssize_t)sizeof(family))
+    if ((size_t)ret <= sizeof(family))
         return 0;
 
-    return ret - sizeof(family);
+    return ret - (int)sizeof(family);
 #else
-    return read(fd, data, size);
+    return (int)read(fd, data, size);
 #endif
 }
 
@@ -247,17 +245,17 @@ tun_write(int fd, const void *data, size_t size)
         },
     };
 
-    ssize_t ret = writev(fd, iov, 2);
+    int ret = (int)writev(fd, iov, 2);
 
-    if (ret <= (ssize_t)0)
+    if (ret <= 0)
         return ret;
 
-    if (ret <= (ssize_t)sizeof(family))
+    if ((size_t)ret <= sizeof(family))
         return 0;
 
-    return ret - sizeof(family);
+    return ret - (int)sizeof(family);
 #else
-    return write(fd, data, size);
+    return (int)write(fd, data, size);
 #endif
 }