5 * Main header file for TrIPE
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 /*----- Header files ------------------------------------------------------*/
52 #include <sys/types.h>
58 #include <sys/socket.h>
60 #include <netinet/in.h>
61 #include <arpa/inet.h>
67 #include <mLib/alloc.h>
68 #include <mLib/arena.h>
69 #include <mLib/bres.h>
70 #include <mLib/dstr.h>
72 #include <mLib/fdflags.h>
73 #include <mLib/fwatch.h>
74 #include <mLib/mdwopt.h>
75 #include <mLib/quis.h>
76 #include <mLib/report.h>
78 #include <mLib/selbuf.h>
82 #include <mLib/trace.h>
84 #include <catacomb/buf.h>
86 #include <catacomb/gcipher.h>
87 #include <catacomb/gmac.h>
88 #include <catacomb/grand.h>
89 #include <catacomb/key.h>
90 #include <catacomb/paranoia.h>
92 #include <catacomb/noise.h>
93 #include <catacomb/rand.h>
95 #include <catacomb/mp.h>
96 #include <catacomb/mprand.h>
97 #include <catacomb/dh.h>
98 #include <catacomb/ec.h>
99 #include <catacomb/ec-keys.h>
100 #include <catacomb/group.h>
102 #include "tripe-protocol.h"
107 /*----- Magic numbers -----------------------------------------------------*/
109 /* --- Tunnel types --- */
117 /* --- Trace flags --- */
125 #define T_KEYEXCH 64u
126 #define T_KEYMGMT 128u
132 #define SEC(n) (n##u)
133 #define MIN(n) (n##u * 60u)
134 #define MEG(n) (n##ul * 1024ul * 1024ul)
136 /* --- Other things --- */
138 #define PKBUFSZ 65536
140 /*----- Cipher selections -------------------------------------------------*/
142 typedef struct algswitch {
143 const gccipher *c; /* Symmetric encryption scheme */
144 const gccipher *mgf; /* Mask-generation function */
145 const gchash *h; /* Hash function */
146 const gcmac *m; /* Message authentication code */
147 size_t hashsz; /* Hash output size */
148 size_t tagsz; /* Length to truncate MAC tags */
149 size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
152 extern algswitch algs;
154 #define MAXHASHSZ 64 /* Largest possible hash size */
156 #define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
158 /*----- Data structures ---------------------------------------------------*/
160 /* --- Socket addresses --- *
162 * A magic union of supported socket addresses.
167 struct sockaddr_in sin;
170 /* --- A symmetric keyset --- *
172 * A keyset contains a set of symmetric keys for encrypting and decrypting
173 * packets. Keysets are stored in a list, sorted in reverse order of
174 * creation, so that the most recent keyset (the one most likely to be used)
177 * Each keyset has a time limit and a data limit. The keyset is destroyed
178 * when either it has existed for too long, or it has been used to encrypt
179 * too much data. New key exchanges are triggered when keys are close to
183 typedef struct keyset {
184 struct keyset *next; /* Next active keyset in the list */
185 unsigned ref; /* Reference count for keyset */
186 struct peer *p; /* Pointer to peer structure */
187 time_t t_exp; /* Expiry time for this keyset */
188 unsigned long sz_exp; /* Data limit for the keyset */
189 T( unsigned seq; ) /* Sequence number for tracing */
190 unsigned f; /* Various useful flags */
191 gcipher *cin, *cout; /* Keyset ciphers for encryption */
192 size_t tagsz; /* Length to truncate MAC tags */
193 gmac *min, *mout; /* Keyset MACs for integrity */
194 uint32 oseq; /* Outbound sequence number */
195 uint32 iseq, iwin; /* Inbound sequence number */
198 #define KS_SEQWINSZ 32 /* Bits in sequence number window */
200 #define KSF_LISTEN 1u /* Don't encrypt packets yet */
201 #define KSF_LINK 2u /* Key is in a linked list */
203 /* --- Key exchange --- *
205 * TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
206 * Protocol has a number of desirable features (e.g., perfect forward
207 * secrecy, and zero-knowledge authentication) which make it attractive for
208 * use in TrIPE. The Wrestlers Protocol was designed by Mark Wooding and
215 typedef struct kxchal {
216 struct keyexch *kx; /* Pointer back to key exchange */
217 ge *c; /* Responder's challenge */
218 ge *r; /* My reply to the challenge */
219 keyset *ks; /* Pointer to temporary keyset */
220 unsigned f; /* Various useful flags */
221 sel_timer t; /* Response timer for challenge */
222 octet hc[MAXHASHSZ]; /* Hash of his challenge */
223 mp *ck; /* The check value */
224 octet hswrq_in[MAXHASHSZ]; /* Inbound switch request message */
225 octet hswok_in[MAXHASHSZ]; /* Inbound switch confirmation */
226 octet hswrq_out[MAXHASHSZ]; /* Outbound switch request message */
227 octet hswok_out[MAXHASHSZ]; /* Outbound switch confirmation */
230 typedef struct keyexch {
231 struct peer *p; /* Pointer back to the peer */
232 keyset **ks; /* Peer's list of keysets */
233 unsigned f; /* Various useful flags */
234 unsigned s; /* Current state in exchange */
235 sel_timer t; /* Timer for next exchange */
236 ge *kpub; /* Peer's public key */
237 time_t texp_kpub; /* Expiry time for public key */
238 mp *alpha; /* My temporary secret */
239 ge *c; /* My challenge */
240 ge *rx; /* The expected response */
241 unsigned nr; /* Number of extant responses */
242 time_t t_valid; /* When this exchange goes bad */
243 octet hc[MAXHASHSZ]; /* Hash of my challenge */
244 kxchal *r[KX_NCHAL]; /* Array of challenges */
247 #define KXF_TIMER 1u /* Waiting for a timer to go off */
248 #define KXF_DEAD 2u /* The key-exchanger isn't up */
249 #define KXF_PUBKEY 4u /* Key exchanger has a public key */
252 KXS_DEAD, /* Uninitialized state (magical) */
253 KXS_CHAL, /* Main answer-challenges state */
254 KXS_COMMIT, /* Committed: send switch request */
255 KXS_SWITCH /* Switched: send confirmation */
258 /* --- Tunnel structure --- *
260 * Used to maintain system-specific information about the tunnel interface.
263 #if TUN_TYPE == TUN_LINUX
264 # include <linux/if.h>
265 # include <linux/if_tun.h>
268 #if TUN_TYPE == TUN_SLIP
269 typedef struct slipif {
270 struct slipif *next; /* Next one in the list */
271 int ifd, ofd; /* File descriptors to talk on */
272 char *name; /* Interface name */
273 pid_t kid; /* Child process id */
274 unsigned f; /* Various flags */
275 # define SLIPIFF_INUSE 1u /* Interface is in use */
276 # define SLIPIFF_DYNAMIC 2u /* Interface found dynamically */
280 typedef struct tunnel {
281 #if TUN_TYPE == TUN_UNET
282 sel_file f; /* Selector for Usernet device */
283 struct peer *p; /* Pointer to my peer */
284 #elif TUN_TYPE == TUN_LINUX
285 sel_file f; /* Selector for TUN/TAP device */
286 struct peer *p; /* Pointer to my peer */
287 char ifn[IFNAMSIZ]; /* Interface name buffer */
288 #elif TUN_TYPE == TUN_BSD
289 sel_file f; /* Selector for tunnel device */
290 struct peer *p; /* Pointer to my peer */
291 unsigned n; /* Number of my tunnel device */
292 #elif TUN_TYPE == TUN_SLIP
293 slipif *sl; /* My interface record */
294 sel_file f; /* Selector for SLIP tty */
295 struct peer *p; /* Pointer to my peer */
296 unsigned st; /* Current parser state */
297 # define SLIPST_ESC 1u /* Last saw an escape character */
298 # define SLIPST_BAD 2u /* This packet is malformed */
299 # define SLIPST_EOF 4u /* File descriptor reported EOF */
300 size_t n; /* Number of bytes used in buffer */
301 octet buf[PKBUFSZ]; /* Buffer for incoming data */
303 # error "No support for this tunnel type"
307 /* --- Peer statistics --- *
309 * Contains various interesting and not-so-interesting statistics about a
310 * peer. This is updated by various parts of the code. The format of the
311 * structure isn't considered private, and @p_stats@ returns a pointer to the
312 * statistics block for a given peer.
315 typedef struct stats {
316 unsigned long sz_in, sz_out; /* Size of all data in and out */
317 unsigned long sz_kxin, sz_kxout; /* Size of key exchange messages */
318 unsigned long sz_ipin, sz_ipout; /* Size of encapsulated IP packets */
319 time_t t_start, t_last, t_kx; /* Time peer created, last pk, kx */
320 unsigned long n_reject; /* Number of rejected packets */
321 unsigned long n_in, n_out; /* Number of packets in and out */
322 unsigned long n_kxin, n_kxout; /* Number of key exchange packets */
323 unsigned long n_ipin, n_ipout; /* Number of encrypted packets */
326 /* --- Peer structure --- *
328 * The main structure which glues everything else together.
331 typedef struct peer {
332 struct peer *next, *prev; /* Links to next and previous */
333 char *name; /* Name of this peer */
334 tunnel t; /* Tunnel for local packets */
335 keyset *ks; /* List head for keysets */
336 buf b; /* Buffer for sending packets */
337 addr peer; /* Peer socket address */
338 size_t sasz; /* Socket address size */
339 stats st; /* Statistics */
340 keyexch kx; /* Key exchange protocol block */
343 /* --- Admin structure --- */
345 #define OBUFSZ 16384u
347 typedef struct obuf {
348 struct obuf *next; /* Next buffer in list */
349 char *p_in, *p_out; /* Pointers into the buffer */
350 char buf[OBUFSZ]; /* The actual buffer */
353 typedef struct admin {
354 struct admin *next, *prev; /* Links to next and previous */
355 unsigned f; /* Various useful flags */
357 unsigned seq; /* Sequence number for tracing */
359 char *pname; /* Peer name to create */
360 char *paddr; /* Address string to resolve */
361 obuf *o_head, *o_tail; /* Output buffer list */
362 selbuf b; /* Line buffer for commands */
363 sel_file w; /* Selector for write buffering */
364 bres_client r; /* Background resolver task */
365 sel_timer t; /* Timer for resolver */
366 addr peer; /* Address to set */
367 size_t sasz; /* Size of the address */
370 #define AF_DEAD 1u /* Destroy this admin block */
371 #define AF_LOCK 2u /* Don't destroy it yet */
372 #define AF_NOTE 4u /* Catch notifications */
374 #define AF_TRACE 8u /* Catch tracing */
376 #define AF_WARN 16u /* Catch warning messages */
379 # define AF_ALLMSGS (AF_NOTE | AF_TRACE | AF_WARN)
381 # define AF_ALLMSGS (AF_NOTE | AF_WARN)
384 /*----- Global variables --------------------------------------------------*/
386 extern sel_state sel; /* Global I/O event state */
387 extern group *gg; /* The group we work in */
388 extern mp *kpriv; /* Our private key */
389 extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
392 extern const trace_opt tr_opts[]; /* Trace options array */
393 extern unsigned tr_flags; /* Trace options flags */
396 /*----- Other macros ------------------------------------------------------*/
398 #define TIMER noise_timer(RAND_GLOBAL)
400 /*----- Key management ----------------------------------------------------*/
402 /* --- @km_interval@ --- *
406 * Returns: Zero if OK, nonzero to force reloading of keys.
408 * Use: Called on the interval timer to perform various useful jobs.
411 extern int km_interval(void);
413 /* --- @km_init@ --- *
415 * Arguments: @const char *kr_priv@ = private keyring file
416 * @const char *kr_pub@ = public keyring file
417 * @const char *tag@ = tag to load
421 * Use: Initializes, and loads the private key.
424 extern void km_init(const char */*kr_priv*/, const char */*kr_pub*/,
425 const char */*tag*/);
427 /* --- @km_getpubkey@ --- *
429 * Arguments: @const char *tag@ = public key tag to load
430 * @ge *kpub@ = where to put the public key
431 * @time_t *t_exp@ = where to put the expiry time
433 * Returns: Zero if OK, nonzero if it failed.
435 * Use: Fetches a public key from the keyring.
438 extern int km_getpubkey(const char */*tag*/, ge */*kpub*/,
441 /*----- Key exchange ------------------------------------------------------*/
443 /* --- @kx_start@ --- *
445 * Arguments: @keyexch *kx@ = pointer to key exchange context
449 * Use: Stimulates a key exchange. If a key exchage is in progress,
450 * a new challenge is sent (unless the quiet timer forbids
451 * this); if no exchange is in progress, one is commenced.
454 extern void kx_start(keyexch */*kx*/);
456 /* --- @kx_message@ --- *
458 * Arguments: @keyexch *kx@ = pointer to key exchange context
459 * @unsigned msg@ = the message code
460 * @buf *b@ = pointer to buffer containing the packet
464 * Use: Reads a packet containing key exchange messages and handles
468 extern void kx_message(keyexch */*kx*/, unsigned /*msg*/, buf */*b*/);
470 /* --- @kx_free@ --- *
472 * Arguments: @keyexch *kx@ = pointer to key exchange context
476 * Use: Frees everything in a key exchange context.
479 extern void kx_free(keyexch */*kx*/);
481 /* --- @kx_newkeys@ --- *
483 * Arguments: @keyexch *kx@ = pointer to key exchange context
487 * Use: Informs the key exchange module that its keys may have
488 * changed. If fetching the new keys fails, the peer will be
489 * destroyed, we log messages and struggle along with the old
493 extern void kx_newkeys(keyexch */*kx*/);
495 /* --- @kx_init@ --- *
497 * Arguments: @keyexch *kx@ = pointer to key exchange context
498 * @peer *p@ = pointer to peer context
499 * @keyset **ks@ = pointer to keyset list
501 * Returns: Zero if OK, nonzero if it failed.
503 * Use: Initializes a key exchange module. The module currently
504 * contains no keys, and will attempt to initiate a key
508 extern int kx_init(keyexch */*kx*/, peer */*p*/, keyset **/*ks*/);
510 /*----- Keysets and symmetric cryptography --------------------------------*/
512 /* --- @ks_drop@ --- *
514 * Arguments: @keyset *ks@ = pointer to a keyset
518 * Use: Decrements a keyset's reference counter. If the counter hits
519 * zero, the keyset is freed.
522 extern void ks_drop(keyset */*ks*/);
524 /* --- @ks_gen@ --- *
526 * Arguments: @const void *k@ = pointer to key material
527 * @size_t x, y, z@ = offsets into key material (see below)
528 * @peer *p@ = pointer to peer information
530 * Returns: A pointer to the new keyset.
532 * Use: Derives a new keyset from the given key material. The
533 * offsets @x@, @y@ and @z@ separate the key material into three
534 * parts. Between the @k@ and @k + x@ is `my' contribution to
535 * the key material; between @k + x@ and @k + y@ is `your'
536 * contribution; and between @k + y@ and @k + z@ is a shared
537 * value we made together. These are used to construct two
538 * pairs of symmetric keys. Each pair consists of an encryption
539 * key and a message authentication key. One pair is used for
540 * outgoing messages, the other for incoming messages.
542 * The new key is marked so that it won't be selected for output
543 * by @ksl_encrypt@. You can still encrypt data with it by
544 * calling @ks_encrypt@ directly.
547 extern keyset *ks_gen(const void */*k*/,
548 size_t /*x*/, size_t /*y*/, size_t /*z*/,
551 /* --- @ks_tregen@ --- *
553 * Arguments: @keyset *ks@ = pointer to a keyset
555 * Returns: The time at which moves ought to be made to replace this key.
558 extern time_t ks_tregen(keyset */*ks*/);
560 /* --- @ks_activate@ --- *
562 * Arguments: @keyset *ks@ = pointer to a keyset
566 * Use: Activates a keyset, so that it can be used for encrypting
570 extern void ks_activate(keyset */*ks*/);
572 /* --- @ks_encrypt@ --- *
574 * Arguments: @keyset *ks@ = pointer to a keyset
575 * @unsigned ty@ = message type
576 * @buf *b@ = pointer to input buffer
577 * @buf *bb@ = pointer to output buffer
579 * Returns: Zero if OK, nonzero if the key needs replacing. If the
580 * encryption failed, the output buffer is broken and zero is
583 * Use: Encrypts a block of data using the key. Note that the `key
584 * ought to be replaced' notification is only ever given once
585 * for each key. Also note that this call forces a keyset to be
586 * used even if it's marked as not for data output.
589 extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
590 buf */*b*/, buf */*bb*/);
592 /* --- @ks_decrypt@ --- *
594 * Arguments: @keyset *ks@ = pointer to a keyset
595 * @unsigned ty@ = expected type code
596 * @buf *b@ = pointer to an input buffer
597 * @buf *bb@ = pointer to an output buffer
599 * Returns: Zero on success, or nonzero if there was some problem.
601 * Use: Attempts to decrypt a message using a given key. Note that
602 * requesting decryption with a key directly won't clear a
603 * marking that it's not for encryption.
606 extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/,
607 buf */*b*/, buf */*bb*/);
609 /* --- @ksl_free@ --- *
611 * Arguments: @keyset **ksroot@ = pointer to keyset list head
615 * Use: Frees (releases references to) all of the keys in a keyset.
618 extern void ksl_free(keyset **/*ksroot*/);
620 /* --- @ksl_link@ --- *
622 * Arguments: @keyset **ksroot@ = pointer to keyset list head
623 * @keyset *ks@ = pointer to a keyset
627 * Use: Links a keyset into a list. A keyset can only be on one list
628 * at a time. Bad things happen otherwise.
631 extern void ksl_link(keyset **/*ksroot*/, keyset */*ks*/);
633 /* --- @ksl_prune@ --- *
635 * Arguments: @keyset **ksroot@ = pointer to keyset list head
639 * Use: Prunes the keyset list by removing keys which mustn't be used
643 extern void ksl_prune(keyset **/*ksroot*/);
645 /* --- @ksl_encrypt@ --- *
647 * Arguments: @keyset **ksroot@ = pointer to keyset list head
648 * @unsigned ty@ = message type
649 * @buf *b@ = pointer to input buffer
650 * @buf *bb@ = pointer to output buffer
652 * Returns: Nonzero if a new key is needed.
654 * Use: Encrypts a packet.
657 extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/,
658 buf */*b*/, buf */*bb*/);
660 /* --- @ksl_decrypt@ --- *
662 * Arguments: @keyset **ksroot@ = pointer to keyset list head
663 * @unsigned ty@ = expected type code
664 * @buf *b@ = pointer to input buffer
665 * @buf *bb@ = pointer to output buffer
667 * Returns: Nonzero if the packet couldn't be decrypted.
669 * Use: Decrypts a packet.
672 extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/,
673 buf */*b*/, buf */*bb*/);
675 /*----- Administration interface ------------------------------------------*/
677 /* --- @a_warn@ --- *
679 * Arguments: @const char *fmt@ = pointer to format string
680 * @...@ = other arguments
684 * Use: Informs all admin connections of a warning.
687 extern void a_warn(const char */*fmt*/, ...);
689 /* --- @a_notify@ --- *
691 * Arguments: @const char *fmt@ = pointer to format string
692 * @...@ = other arguments
696 * Use: Sends a notification to interested admin connections.
699 extern void a_notify(const char */*fmt*/, ...);
701 /* --- @a_create@ --- *
703 * Arguments: @int fd_in, fd_out@ = file descriptors to use
704 * @unsigned f@ = initial flags to set
708 * Use: Creates a new admin connection.
711 extern void a_create(int /*fd_in*/, int /*fd_out*/, unsigned /*f*/);
713 /* --- @a_quit@ --- *
719 * Use: Shuts things down nicely.
722 extern void a_quit(void);
724 /* --- @a_daemon@ --- *
730 * Use: Informs the admin module that it's a daemon.
733 extern void a_daemon(void);
735 /* --- @a_init@ --- *
737 * Arguments: @const char *sock@ = socket name to create
741 * Use: Creates the admin listening socket.
744 extern void a_init(const char */*sock*/);
746 /*----- Peer management ---------------------------------------------------*/
748 /* --- @p_txstart@ --- *
750 * Arguments: @peer *p@ = pointer to peer block
751 * @unsigned msg@ = message type code
753 * Returns: A pointer to a buffer to write to.
755 * Use: Starts sending to a peer. Only one send can happen at a
759 extern buf *p_txstart(peer */*p*/, unsigned /*msg*/);
761 /* --- @p_txend@ --- *
763 * Arguments: @peer *p@ = pointer to peer block
767 * Use: Sends a packet to the peer.
770 extern void p_txend(peer */*p*/);
774 * Arguments: @peer *p@ = pointer to peer block
775 * @buf *b@ = buffer containing incoming packet
779 * Use: Handles a packet which needs to be sent to a peer.
782 extern void p_tun(peer */*p*/, buf */*b*/);
784 /* --- @p_interval@ --- *
790 * Use: Called periodically to do tidying.
793 extern void p_interval(void);
795 /* --- @p_stats@ --- *
797 * Arguments: @peer *p@ = pointer to a peer block
799 * Returns: A pointer to the peer's statistics.
802 extern stats *p_stats(peer */*p*/);
804 /* --- @p_ifname@ --- *
806 * Arguments: @peer *p@ = pointer to a peer block
808 * Returns: A pointer to the peer's interface name.
811 extern const char *p_ifname(peer */*p*/);
813 /* --- @p_addr@ --- *
815 * Arguments: @peer *p@ = pointer to a peer block
817 * Returns: A pointer to the peer's address.
820 extern const addr *p_addr(peer */*p*/);
822 /* --- @p_init@ --- *
824 * Arguments: @struct in_addr addr@ = address to bind to
825 * @unsigned port@ = port number to listen to
829 * Use: Initializes the peer system; creates the socket.
832 extern void p_init(struct in_addr /*addr*/, unsigned /*port*/);
834 /* --- @p_port@ --- *
838 * Returns: Port number used for socket.
841 unsigned p_port(void);
843 /* --- @p_create@ --- *
845 * Arguments: @const char *name@ = name for this peer
846 * @struct sockaddr *sa@ = socket address of peer
847 * @size_t sz@ = size of socket address
849 * Returns: Pointer to the peer block, or null if it failed.
851 * Use: Creates a new named peer block. No peer is actually attached
855 extern peer *p_create(const char */*name*/,
856 struct sockaddr */*sa*/, size_t /*sz*/);
858 /* --- @p_name@ --- *
860 * Arguments: @peer *p@ = pointer to a peer block
862 * Returns: A pointer to the peer's name.
865 extern const char *p_name(peer */*p*/);
867 /* --- @p_find@ --- *
869 * Arguments: @const char *name@ = name to look up
871 * Returns: Pointer to the peer block, or null if not found.
873 * Use: Finds a peer by name.
876 extern peer *p_find(const char */*name*/);
878 /* --- @p_destroy@ --- *
880 * Arguments: @peer *p@ = pointer to a peer
884 * Use: Destroys a peer.
887 extern void p_destroy(peer */*p*/);
889 /* --- @p_first@, @p_next@ --- *
891 * Arguments: @peer *p@ = a peer block
893 * Returns: @peer_first@ returns the first peer in some ordering;
894 * @peer_next@ returns the peer following a given one in the
895 * same ordering. Null is returned for the end of the list.
898 extern peer *p_first(void);
899 extern peer *p_next(peer */*p*/);
901 /*----- Tunnel interface --------------------------------------------------*/
903 /* --- @tun_init@ --- *
909 * Use: Initializes the tunneling system. Maybe this will require
910 * opening file descriptors or something.
913 extern void tun_init(void);
915 /* --- @tun_create@ --- *
917 * Arguments: @tunnel *t@ = pointer to tunnel block
918 * @peer *p@ = pointer to peer block
920 * Returns: Zero if it worked, nonzero on failure.
922 * Use: Initializes a new tunnel.
925 extern int tun_create(tunnel */*t*/, peer */*p*/);
927 /* --- @tun_ifname@ --- *
929 * Arguments: @tunnel *t@ = pointer to tunnel block
931 * Returns: A pointer to the tunnel's interface name.
934 extern const char *tun_ifname(tunnel */*t*/);
936 /* --- @tun_inject@ --- *
938 * Arguments: @tunnel *t@ = pointer to tunnel block
939 * @buf *b@ = buffer to send
943 * Use: Injects a packet into the local network stack.
946 extern void tun_inject(tunnel */*t*/, buf */*b*/);
948 /* --- @tun_destroy@ --- *
950 * Arguments: @tunnel *t@ = pointer to tunnel block
954 * Use: Destroys a tunnel.
957 extern void tun_destroy(tunnel */*t*/);
959 /*----- Other handy utilities ---------------------------------------------*/
963 * Arguments: @mp *m@ = a multiprecision integer
965 * Returns: A pointer to the integer's textual representation.
967 * Use: Converts a multiprecision integer to a string. Corrupts
971 extern const char *mpstr(mp */*m*/);
975 * Arguments: @group *g@ = a group
976 * @ge *x@ = a group element
978 * Returns: A pointer to the element's textual representation.
980 * Use: Converts a group element to a string. Corrupts
984 extern const char *gestr(group */*g*/, ge */*x*/);
986 /* --- @timestr@ --- *
988 * Arguments: @time_t t@ = a time to convert
990 * Returns: A pointer to a textual representation of the time.
992 * Use: Converts a time to a textual representation. Corrupts
996 extern const char *timestr(time_t /*t*/);
998 /*----- That's all, folks -------------------------------------------------*/