build
config.h.in
stamp-h.in
+deb-build
+test
## -*-makefile-*-
##
-## $Id: Makefile.am,v 1.8 2003/10/15 09:31:24 mdw Exp $
+## $Id: Makefile.am,v 1.9 2003/11/29 23:49:32 mdw Exp $
##
## Makefile for TrIPE
##
##----- Revision history ----------------------------------------------------
##
## $Log: Makefile.am,v $
+## Revision 1.9 2003/11/29 23:49:32 mdw
+## Debianization.
+##
## Revision 1.8 2003/10/15 09:31:24 mdw
## Remove buf, and add Ethereal analysis.
##
AUTOMAKE_OPTIONS = foreign
SUBDIRS = doc @DIRS@
+configdir = @configdir@
+socketdir = @socketdir@
+logdir = @logdir@
CATACOMB_LIBS = @CATACOMB_LIBS@
tun = @tun@
bin_PROGRAMS = tripectl tripe-mitm pkstream
noinst_SCRIPTS = tripe-init
tripe_SOURCES = \
- tripe.c tripe.h \
+ tripe.c tripe.h tripe-protocol.h \
admin.c peer.c tun-$(tun).c \
keymgmt.c keyexch.c keyset.c \
servutil.c util.c util.h
pkstream_SOURCES = \
pkstream.c
-EXTRA_DIST = tripe.conf
+install-hook:
+ for i in "$(configdir)" "$(socketdir)"; do \
+ case "$$i" in /*) $(mkinstalldirs) $(DESTDIR)$$i;; esac; \
+ done
+
+EXTRA_DIST = tripe.conf \
+ debian/rules debian/control debian/changelog debian/copyright \
+ debian/tripe.postinst debian/tripe.prerm debian/tripe.postrm
##----- That's all, folks ---------------------------------------------------
/* -*-c-*-
*
- * $Id: acconfig.h,v 1.4 2003/10/15 09:30:18 mdw Exp $
+ * $Id: acconfig.h,v 1.5 2003/11/29 23:49:32 mdw Exp $
*
* Configuration header for TrIPE
*
/*----- Revision history --------------------------------------------------*
*
* $Log: acconfig.h,v $
+ * Revision 1.5 2003/11/29 23:49:32 mdw
+ * Debianization.
+ *
* Revision 1.4 2003/10/15 09:30:18 mdw
* Add support for Ethereal protocol analysis.
*
* built-in `tun' devices. */
#undef TUN_TYPE
+/* Define this to your default configuration directory. This is where
+ * tripe searches for keys and other stuff. */
+#define CONFIGDIR "."
+
+/* Define this to the directory in which tripe's admin socket is to be
+ * placed. Common choices are `.' -- the tripe configuration directory --
+ * and /var/run. */
+#define SOCKETDIR "."
+
/* Define if your Ethereal plugin headers are broken (e.g., Debian 3.0) but
* you're running some sensible ELF system, and I should try to bodge around
* the damage. */
/* -*-c-*-
*
- * $Id: client.c,v 1.12 2003/10/15 09:29:38 mdw Exp $
+ * $Id: client.c,v 1.13 2003/11/29 23:49:32 mdw Exp $
*
* Client for TrIPE
*
/*----- Revision history --------------------------------------------------*
*
* $Log: client.c,v $
+ * Revision 1.13 2003/11/29 23:49:32 mdw
+ * Debianization.
+ *
* Revision 1.12 2003/10/15 09:29:38 mdw
* Cosmetic fix to changelog comment.
*
-u, --usage Show brief usage message.\n\
\n\
-D, --daemon Become a background task after connecting.\n\
--d, --directory=DIR Select current directory [default /var/lib/tripe]\n\
--a, --admin-socket=FILE Select socket to connect to.\n\
+-d, --directory=DIR Select current directory [default " CONFIGDIR "].\n\
+-a, --admin-socket=FILE Select socket to connect to
+ [default " SOCKETDIR "/tripesock].\n\
-P, --pidfile=FILE Write process-id to FILE.\n\
\n\
-s, --spawn Start server rather than connecting.\n\
int main(int argc, char *argv[])
{
- const char *dir = "/var/lib/tripe";
- const char *sock = "tripesock";
+ const char *dir = CONFIGDIR;
+ const char *sock = SOCKETDIR "/tripesock";
const char *spawnpath = "tripe";
string_v spawnopts = DA_INIT;
char *p;
dnl -*-autoconf-*-
dnl
-dnl $Id: configure.in,v 1.13 2003/10/15 09:30:18 mdw Exp $
+dnl $Id: configure.in,v 1.14 2003/11/29 23:49:32 mdw Exp $
dnl
dnl Configuration script for TrIPE
dnl
dnl ----- Revision history --------------------------------------------------
dnl
dnl $Log: configure.in,v $
+dnl Revision 1.14 2003/11/29 23:49:32 mdw
+dnl Debianization.
+dnl
dnl Revision 1.13 2003/10/15 09:30:18 mdw
dnl Add support for Ethereal protocol analysis.
dnl
dnl
AC_INIT(tripe.c)
-AM_INIT_AUTOMAKE(tripe, 1.0.0pre5)
+AM_INIT_AUTOMAKE(tripe, 1.0.0pre6)
AM_CONFIG_HEADER(config.h)
AC_CANONICAL_HOST
[CFLAGS="$CFLAGS -I$withval"],
[:])
+AC_ARG_WITH([configdir],
+[ --with-configdir=DIR look for keys and other configuration in DIR
+ [default=/var/lib/tripe]],
+[configdir=$withval],
+[configdir=/var/lib/tripe])
+
+AC_ARG_WITH([socketdir],
+[ --with-socketdir=DIR put admin socket in DIR [default=.]],
+[socketdir=$withval],
+[socketdir=.])
+
+AC_ARG_WITH([pidfile],
+[ --with-pidfile=FILE make tripectl write its pid to FILE
+ [default=./tripectl.pid]],
+[pidfile=$withval],
+[pidfile=tripectl.pid])
+
+AC_ARG_WITH([initconfig],
+[ --with-initconfig=FILE read definitions from FILE in init script
+ [default=/etc/tripe.conf]],
+[initconfig=$withval],
+[initconfig=/etc/tripe.conf])
+
+AC_ARG_WITH([logfile],
+[ --with-logfile=DIR make tripectl write its log to FILE
+ [default=./tripe.log]],
+[logfile=$withval],
+[logfile=tripe.log])
+
DIRS=""
+ETHEREAL_CFLAGS=""
+ETHEREAL_PLUGIN_DIR="unknown"
AC_ARG_WITH([ethereal],
-[ --with-ethereal build and install Ethereal plugin],
+[ --with-ethereal build and install Ethereal plugin],
[case "$withval" in
- no) ethereal=false;;
- yes) ethereal='${prefix}/lib/ethereal/plugins';;
- *) ethereal=$withval;;
+ no) ethereal=false requireethereal=false;;
+ yes) ethereal=true; requireethereal=true;;
+ *) ethereal=true requireethereal=true ETHEREAL_PLUGIN_DIR=$withval;;
esac],
-[ethereal=false])
+[ethereal=true requireethereal=false])
case $host_os in
linux*)
mdw_MLIB(2.0.0)
mdw_CATACOMB(2.0.1, [CFLAGS="$CFLAGS $CATACOMB_CFLAGS"])
-if test "$ethereal" != false; then
- AM_PATH_GLIB([1.2.0], [], AC_MSG_ERROR([failed to find GLib]), [gmodule])
+if test "$ethereal" = true -a "$ETHEREAL_PLUGIN_DIR" = unknown; then
+ AC_CACHE_CHECK([where to put Ethereal plugins],
+ [mdw_cv_ethereal_plugin_dir], [
+ changequote(,)
+ mdw_cv_ethereal_plugin_dir="failed"
+ ethprefix=none
+ for i in "${prefix}" /usr/local /usr `echo $PATH | tr : " "`; do
+ if test -x "$i/bin/ethereal"; then
+ ethprefix=$i
+ break
+ fi
+ done
+ if test "$ethprefix" != none; then
+ ethbin=$ethprefix/bin/ethereal
+ ethver=`$ethbin -v | sed 's/^[^ ]* \([0-9A-Za-z.]*\).*$/\1/'`
+ dir=$ethprefix/lib/ethereal/plugins/$ethver
+ if test -d "$dir"; then
+ mdw_cv_ethereal_plugin_dir=$dir
+ fi
+ fi
+ changequote([, ])
+ ])
+ case $mdw_cv_ethereal_plugin_dir in
+ failed) ethereal=false;;
+ *) ETHEREAL_PLUGIN_DIR=$mdw_cv_ethereal_plugin_dir;;
+ esac
+fi
+
+if test "$ethereal" = true; then
+ AM_PATH_GLIB([1.2.0], [], ethereal=false, [gmodule])
+fi
+if test "$ethereal" = true; then
bad=true
mdw_CFLAGS=$CFLAGS
+ ethprefix=`echo $ETHEREAL_PLUGIN_DIR | sed 's:/lib/.*$::'`
AC_CACHE_CHECK([how to find the Ethereal headers],
[mdw_cv_ethereal_includes], [
- for i in "" "-I/usr/include/ethereal"; do
+ mdw_cv_ethereal_includes=failed
+ for i in \
+ "" \
+ "-I${ethprefix}/include/ethereal" \
+ "-I${ethprefix}/include" \
+ "-I${prefix}/include/ethereal" \
+ "-I${prefix}/include" \
+ "-I/usr/include/ethereal" \
+ "-I/usr/local/include/ethereal" \
+ "-I/usr/local/include"; do
CFLAGS="$GLIB_CFLAGS $i"
AC_TRY_COMPILE([
#include <netinet/in.h>
dh = creat_dissector_handle(0, 0);
], [bad=false; break])
done
- if $bad; then
- AC_MSG_ERROR([failed to find Ethereal headers])
+ if test $bad = false; then
+ mdw_cv_ethereal_includes=$i
fi
- mdw_cv_ethereal_includes=$i
CFLAGS=$mdw_CFLAGS
])
+ case $mdw_cv_ethereal_plugin_dir in
+ failed) ethereal=false;;
+ *) ETHEREAL_PLUGIN_DIR=$mdw_cv_ethereal_plugin_dir;;
+ esac
+fi
+
+if test "$ethereal" = true; then
AC_CACHE_CHECK([whether the Ethereal headers are broken],
[mdw_cv_ethereal_buggered], [
CFLAGS="$GLIB_CFLAGS $i"
fi
ETHEREAL_CFLAGS="$CFLAGS $GLIB_CFLAGS $mdw_cv_ethereal_includes"
- ETHEREAL_PLUGIN_DIR=$ethereal
AC_SUBST(ETHEREAL_CFLAGS)
AC_SUBST(ETHEREAL_PLUGIN_DIR)
DIRS="$DIRS ethereal"
fi
+if test "$ethereal" = false -a "$requireethereal" = true; then
+ AC_MSG_ERROR([failed to configure Ethereal plugin])
+fi
+
+mdw_DEFINE_PATHS([
+ mdw_DEFINE_PATH([CONFIGDIR], [$configdir])
+ mdw_DEFINE_PATH([SOCKETDIR], [$socketdir])
+ AC_SUBST(socketdir) AC_SUBST(configdir) AC_SUBST(logfile) AC_SUBST(pidfile)
+ AC_SUBST(initconfig)
+])
AC_SUBST(DIRS)
AC_OUTPUT(Makefile doc/Makefile ethereal/Makefile tripe-init)
--- /dev/null
+files tmp substvars *.substvars *.debhelper
+pkstream tripe tripe-ethereal
--- /dev/null
+tripe (1.0.0pre6) experimental; urgency=low
+
+ * Debianization!
+
+ -- Mark Wooding <mdw@nsict.org> Sat, 22 Nov 2003 18:35:50 +0000
--- /dev/null
+Source: tripe
+Section: net
+Priority: extra
+Maintainer: Mark Wooding <mdw@nsict.org>
+Build-Depends: catacomb-dev (>= 2.0.1), mlib-dev (>= 2.0.2),
+ ethereal-dev, debhelper (>= 4.0.2)
+Standards-Version: 3.1.1
+
+Package: tripe
+Architecture: any
+Depends: ${shlibs:Depends}, sysvinit (>= 2.80-1), makedev (>= 2.3.1-63)
+Recommends: catacomb-bin
+Suggests: pkstream
+Description: Trivial IP Encryption: a simple virtual private network
+ TrIPE is a simple VPN protocol. It uses cryptography to ensure secrecy
+ and authenticity of packets it sends and receives.
+ .
+ This package contains the main daemon and support programs. It needs
+ a 2.4 series kernel with the TUN/TAP driver enabled.
+
+Package: pkstream
+Architecture: any
+Depends: ${shlibs:Depends}
+Suggests: fw | ssh | stunnel
+Description: Forward UDP packets over a stream
+ Pkstream is a simple program which transmits and receives UDP datagrams
+ over a reliable stream. By default, it will send and receive the
+ packets on standard input and output; it also natively understands TCP
+ sockets. Anything else can probably be fudged up with port forwarder.
+
+Package: tripe-ethereal
+Architecture: any
+Depends: ${shlibs:Depends}, ethereal-common (= ${tripe:Ethereal-Version})
+Description: Trivial IP Encryption: a simple virtual private network
+ TrIPE is a simple VPN protocol. It uses cryptography to ensure secrecy
+ and authenticity of packets it sends and receives.
+ .
+ This package contains the protocol analysis plug-in for Ethereal.
--- /dev/null
+Tripe is copyright (c) 2003 Straylight/Edgeware.
+
+Tripe is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+Tripe is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have a copy of the GNU General Public License in
+/usr/share/common-licenses/GPL; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+USA.
--- /dev/null
+Pkstream is copyright (c) 2003 Straylight/Edgeware.
+
+Pkstream is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+Pkstream is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have a copy of the GNU General Public License in
+/usr/share/common-licenses/GPL; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+USA.
--- /dev/null
+#! /usr/bin/make -f
+
+export DH_COMPAT = 4
+
+build:
+ rm -rf build deb-build
+ mkdir deb-build
+ cd deb-build; ../configure \
+ --prefix=/usr --mandir=/usr/share/man \
+ --with-configdir=/etc/tripe \
+ --with-socketdir=/var/run \
+ --with-logfile=/var/log/tripe.log \
+ --with-pidfile=/var/run/tripectl.pid \
+ --with-initconfig=/etc/default/tripe \
+ --with-ethereal
+ make -C deb-build
+ touch build
+
+clean:
+ dh_clean
+ rm -rf deb-build build
+
+install: build
+ dh_clean
+ make -C deb-build install DESTDIR=`pwd`/debian/tripe
+ mkdir -p debian/tripe/etc/tripe/peers
+ mkdir -p debian/tripe/etc/default
+ mkdir -p debian/tripe/etc/init.d
+ cp deb-build/tripe-init debian/tripe/etc/init.d/tripe
+ chmod 755 debian/tripe/etc/init.d/tripe
+ cp tripe.conf debian/tripe/etc/default/tripe
+ mkdir -p debian/pkstream/usr/bin
+ mv debian/tripe/usr/bin/pkstream debian/pkstream/usr/bin
+ mkdir -p debian/pkstream/usr/share/man/man1
+ mv debian/tripe/usr/share/man/man1/pkstream.1 \
+ debian/pkstream/usr/share/man/man1
+ mkdir -p debian/tripe-ethereal/usr/lib
+ mv debian/tripe/usr/lib/ethereal debian/tripe-ethereal/usr/lib
+ rm -f debian/tripe-ethereal/usr/lib/ethereal/plugins/*/*.a
+ rmdir debian/tripe/usr/lib
+
+binary-indep:
+
+binary-arch: install
+ dpkg --status ethereal | \
+ sed -n 's/^Version: */tripe:Ethereal-Version=/p' \
+ >> debian/tripe-ethereal.substvars
+ dh_testdir -a
+ dh_testroot -a
+ dh_compress -a
+ dh_installdocs -a
+ dh_strip -a
+ dh_shlibdeps -a
+ dh_installlogrotate -a
+ dh_gencontrol -a
+ dh_fixperms -a
+ dh_installdeb -a
+ dh_md5sums -a
+ dh_builddeb -a
+
+binary: binary-indep binary-arch
+
+source:
+ rm -rf deb-build/*.tar.gz deb-build/=deb=
+ make -C deb-build dist
+ mkdir deb-build/=deb=
+ cd deb-build/=deb=; tar xvfz ../*.tar.gz
+ d=`pwd`; cd ..; dpkg-source -i -b $$d/deb-build/=deb=/*
+ rm -rf deb-build/=deb=
+
+.PHONY: binary binary-arch binary-indep clean install source
--- /dev/null
+SETTING UP TRIPE FOR DEBIAN GNU/LINUX
+
+ Firstly, you need to set up public key parameters. To generate
+ a new set, run
+
+ # cd /etc/tripe
+ # key add -adh-param -LS -b2048 -B256 -eforever \
+ -tparam tripe-dh-param
+ # key extract param param
+
+ (Feel free to twiddle these settings. Read key(1) for details
+ about the various options.) You can now copy the file `param'
+ to the other hosts which will participate in the VPN. If you
+ already have a `param' file from this procedure, you should
+ copy it into /etc/tripe and run
+
+ # key merge param
+
+ instead.
+
+ Now, generate a public key. Before you can do this, you'll need
+ to give this host a name. Let's say we've chosen `alice' as the
+ name. Run
+
+ # key add -adh -pparam -talice -e"now + 1 year" tripe-dh
+ # key extract -f-secret alice.pub alice
+ # key -kkeyring.pub merge alice.pub
+
+ Now copy `alice.pub' to the other hosts, and run the `key merge'
+ command on each of them. Also merge the keys from the other
+ hosts into alice's `keyring.pub' file.
+
+ Finally, you need to write a script in /etc/tripe/peers for each
+ peer you want to communicate with. The following template works
+ OK.
+
+ #! /bin/sh
+
+ set -e
+
+ PEER=... # The peer's name
+ PEERADDR=... # Peer's publicly-routable address
+ PEERPORT=22003 # Port peer is listening on
+ LOCAL=... # My address for point-to-point
+ REMOTE=... # His address for point-to-point
+ RNET=... # Remote network address
+ RMASK=... # Netmask of remote network
+
+ tripectl add $PEER $PEERADDR $PEERPORT
+ ifname=`tripectl ifname $PEER`
+ ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429
+ route add -net $RNET netmask $RMASK gw $REMOTE
+
--- /dev/null
+/var/log/tripe {
+ rotate 7
+ weekly
+ compress
+ postrotate
+ kill -HUP `cat /var/run/tripectl.pid`
+ endscript
+ missingok
+}
--- /dev/null
+#! /bin/sh
+
+set -e
+
+if [ ! -c /dev/.devfsd ] && [ ! -c /dev/net/tun ]; then
+ (cd /dev && /sbin/MAKEDEV tun)
+fi
+
+#DEBHELPER#
+
+if [ -x "/etc/init.d/tripe" ]; then
+ update-rc.d tripe defaults >/dev/null
+ invoke-rc.d tripe start
+fi
--- /dev/null
+#! /bin/sh
+
+set -e
+
+if [ "$1" = "purge" ] ; then
+ update-rc.d tripe remove >/dev/null
+fi
+
+#DEBHELPER#
--- /dev/null
+#! /bin/sh
+
+set -e
+
+if [ -x "/etc/init.d/tripe" ]; then
+ invoke-rc.d tripe stop
+fi
+
+#DEBHELPER#
.IR port ]
.RB [ \-p
.IR addr ]
+.RB [ \-b
+.IR addr ]
.RB [ \-c
.IR addr \c
.BR : \c
.BR ssh (1),
.BR stunnel (1),
etc. It's intended, among other things, to provide a transport for
-.B tripe (8)
+.BR tripe (8)
packets where there are annoying firewalls in the way.
.SS "Command-line arguments"
The two
Only one connection is allowed at a time. When a connection is
accepted, forward UDP packets over the TCP stream until it closes; then
wait for another connection.
+.TP
.BI "\-p, \-\-peer=" addr
Only accept TCP connections from
.IR addr .
This option only makes sense in conjunction with
.BR \-l .
.TP
+.BI "\-b, \-\-bind=" addr
+When making a connection (see
+.B \-c
+below), use
+.I addr
+as the source address rather than letting the kernel choose the address
+automatically. This is useful when the other end will only accept
+connections from a particular address and you get the wrong one otherwise.
+.TP
.BI "\-c, \-\-connect=" addr : port
Connect to the given
.I addr
/* -*-c-*-
*
- * $Id: pkstream.c,v 1.1 2003/04/23 12:53:28 mdw Exp $
+ * $Id: pkstream.c,v 1.2 2003/11/29 23:49:32 mdw Exp $
*
* Forwarding UDP packets over a stream
*
/*----- Revision history --------------------------------------------------*
*
* $Log: pkstream.c,v $
+ * Revision 1.2 2003/11/29 23:49:32 mdw
+ * Debianization.
+ *
* Revision 1.1 2003/04/23 12:53:28 mdw
* New pkstream program.
*
int opt = 1;
if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0 ||
- bind(fd, (struct sockaddr *)&cw.me, sizeof(cw.me)) ||
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) ||
+ bind(fd, (struct sockaddr *)&cw.me, sizeof(cw.me)) ||
listen(fd, 1) || nonblockify(fd) || cloexec(fd))
die(1, "couldn't set up listening socket: %s", strerror(errno));
sel_initfile(&sel, &cw.a, fd, SEL_READ, doaccept, 0);
static void usage(FILE *fp)
{
pquis(fp,
- "Usage: $ [-l PORT] [-p ADDR] [-c ADDR:PORT] ADDR:PORT ADDR:PORT\n");
+ "Usage: $ [-l PORT] [-b ADDR] [-p ADDR] [-c ADDR:PORT]\n\
+ ADDR:PORT ADDR:PORT\n");
}
static void version(FILE *fp)
-u, --usage Display pointless usage message.\n\
\n\
-l, --listen=PORT Listen for connections to TCP PORT.\n\
--p, --peer=PORT Only accept connections from IP ADDR.\n\
+-p, --peer=ADDR Only accept connections from IP ADDR.\n\
+-b, --bind=ADDR Bind to ADDR before connecting.\n\
-c, --connect=ADDR:PORT Connect to IP ADDR, TCP PORT.\n\
\n\
Forwards UDP packets over a reliable stream. By default, uses stdin and\n\
{
unsigned f = 0;
unsigned short pt;
- struct sockaddr_in connaddr;
+ struct sockaddr_in connaddr, bindaddr;
struct sockaddr_in udp_me, udp_peer;
int len = 65536;
#define f_bogus 1u
ego(argv[0]);
+ bindaddr.sin_family = AF_INET;
+ bindaddr.sin_addr.s_addr = INADDR_ANY;
+ bindaddr.sin_port = 0;
connaddr.sin_family = AF_INET;
+ connaddr.sin_addr.s_addr = INADDR_ANY;
cw.me.sin_family = AF_INET;
cw.me.sin_addr.s_addr = INADDR_ANY;
cw.me.sin_port = 0;
{ "usage", 0, 0, 'u' },
{ "listen", OPTF_ARGREQ, 0, 'l' },
{ "peer", OPTF_ARGREQ, 0, 'p' },
+ { "bind", OPTF_ARGREQ, 0, 'b' },
{ "connect", OPTF_ARGREQ, 0, 'c' },
{ 0, 0, 0, 0 }
};
int i;
- i = mdwopt(argc, argv, "hvul:p:c:", opt, 0, 0, 0);
+ i = mdwopt(argc, argv, "hvul:p:b:c:", opt, 0, 0, 0);
if (i < 0)
break;
switch (i) {
case 'p':
parseaddr(optarg, &cw.peer, 0);
break;
+ case 'b':
+ parseaddr(optarg, &bindaddr.sin_addr, 0);
+ break;
case 'c':
parseaddr(optarg, &connaddr.sin_addr, &pt);
connaddr.sin_port = pt;
else if (connaddr.sin_addr.s_addr != INADDR_ANY) {
int fd;
if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0 ||
+ bind(fd, (struct sockaddr *)&bindaddr, sizeof(bindaddr)) ||
connect(fd, (struct sockaddr *)&connaddr, sizeof(connaddr)) ||
nonblockify(fd) || cloexec(fd))
die(1, "couldn't connect to TCP server: %s", strerror(errno));
# tripe init script
# suitable for direct use in most SysV-style inits
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-bindir=@bindir@
-sbindir=@sbindir@
-
set -e
-[ -f /etc/tripe.conf ] && . /etc/tripe.conf
-: ${TRIPEDIR=/var/lib/tripe}
-export TRIPEDIR
+# --- Setup ---
-: ${tripe=$sbindir/tripe}
-: ${tripectl=$bindir/tripectl}
+[ -f @initconfig@ ] && . @initconfig@
+: ${prefix=@prefix@} ${exec_prefix=@exec_prefix@}
+: ${bindir=@bindir@} ${sbindir=@sbindir@}
+: ${TRIPEDIR=@configdir@}
+: ${tripe=$sbindir/tripe} ${tripectl=$bindir/tripectl}
PATH=/usr/bin:/usr/sbin:/bin:/sbin:$bindir
-export PATH
+export PATH TRIPEDIR
+
+# --- Check it will work, or at least stands a fighting chance ---
+#
+# Having loads of different tunnel types doesn't help any.
+
+test -x $tripe -a -x $tripectl || exit 0
+
+case `$tripe --tunnel` in
+ linux)
+ case `uname -s` in
+ Linux)
+ if { test -f /proc/misc && grep -q net/tun /proc/misc; } ||
+ modprobe -q tun; then
+ : good
+ else
+ echo >&2 "$tripe needs the Linux TUN/TAP driver to run."
+ exit 1
+ fi
+ if test -c /dev/net/tun; then
+ : good
+ else
+ echo >&2 "$tripe needs /dev/net/tun, which is missing."
+ exit 1
+ fi
+ ;;
+ *)
+ echo >&2 "CONFIGURATION ERROR"
+ echo >&2 " $tripe is compiled to use a Linux tunnel device, but"
+ echo >&2 " this system is `uname -s`"
+ exit 1
+ ;;
+ esac
+ ;;
+ unet)
+ case `uname -s` in
+ Linux)
+ if { test -f /proc/devices && grep -q unet /proc/devices; } ||
+ modprobe -q unet; then
+ : good
+ else
+ echo >&2 "$tripe needs the Linux UNET driver to run."
+ exit 1
+ fi
+ if test -c /dev/unet; then
+ : good
+ else
+ echo >&2 "$tripe needs /dev/unet, which is missing."
+ exit 1
+ fi
+ ;;
+ *)
+ echo >&2 "CONFIGURATION ERROR"
+ echo >&2 " $tripe is compiled to use a Linux tunnel device, but"
+ echo >&2 " this system is `uname -s`"
+ exit 1
+ ;;
+ esac
+ ;;
+ bsd)
+ case `uname -s` in
+ *BSD)
+ # Don't know how to check the device is working.
+ if test -c /dev/tun0; then
+ : good
+ else
+ echo >&2 "$tripe needs /dev/tun0, which is missing."
+ exit 1
+ fi
+ ;;
+ *)
+ echo >&2 "CONFIGURATION ERROR"
+ echo >&2 " $tripe is compiled to use a BSD tunnel device, but"
+ echo >&2 " this system is `uname -s`"
+ exit 1
+ ;;
+ esac
+ ;;
+esac
+
+# --- Do what was wanted ---
case "$1" in
start)
echo " already running"
exit 0
fi
- $tripectl -D -f ${logfile-tripe.log} -p $tripe -s \
+ $tripectl -D -s -p$tripe \
+ -f${logfile-@logfile@} \
+ -P${pidfile-@pidfile@} \
${addr+-S-b}$addr \
${port+-S-p}${port} \
${user+-S-u}${user} \
$tripectl quit
echo " done"
;;
+ status)
+ for i in `$tripectl list`; do
+ echo "Peer \`$i':"
+ $tripectl stats $i | sed 's/^/ /'
+ done
+ ;;
restart | force-reload)
sh $0 stop
sh $0 start
;;
*)
- echo >&2 "usage: $0 start|stop|restart|force-reload"
+ echo >&2 "usage: $0 start|stop|restart|status|force-reload"
exit 1
;;
esac
/* -*-c-*-
*
- * $Id: tripe.c,v 1.11 2003/05/17 11:02:03 mdw Exp $
+ * $Id: tripe.c,v 1.12 2003/11/29 23:49:32 mdw Exp $
*
* Main program
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tripe.c,v $
+ * Revision 1.12 2003/11/29 23:49:32 mdw
+ * Debianization.
+ *
* Revision 1.11 2003/05/17 11:02:03 mdw
* Document the new `-b' option.
*
-u, --usage Display pointless usage message.\n\
\n\
-D, --daemon Run in the background.\n\
--d, --directory=DIR Switch to directory DIR (default $TRIPEDIR).\n\
+-d, --directory=DIR Switch to directory DIR [default " CONFIGDIR "].\n\
-b, --bind-address=ADDR Bind UDP socket to this IP ADDR.\n\
-p, --port=PORT Select UDP port to listen to.\n\
-U, --setuid=USER Set uid to USER after initialization.\n\
{
const char *kr_priv = "keyring", *kr_pub = "keyring.pub";
const char *tag_priv = "tripe-dh";
- const char *csock = "tripesock";
- const char *dir = "/var/lib/tripe";
+ const char *csock = SOCKETDIR "/tripesock";
+ const char *dir = CONFIGDIR;
const char *p;
unsigned port = 0;
struct in_addr baddr = { INADDR_ANY };
{ "trace", OPTF_ARGREQ, 0, 'T' },
#endif
+ { "tunnel", 0, 0, '0' },
{ 0, 0, 0, 0 }
};
trace_level(tr_flags);
break;
#endif
+ case '0': {
+ static const char *tun[] = { "notdef", "unet", "bsd", "linux" };
+ puts(tun[TUN_TYPE]);
+ exit(0);
+ } break;
default:
f |= f_bogus;
break;
# tripe configuration file
#
-# this is sourced as a Bourne shell script by tripe-init
+# this is sourced as a Bourne shell script by /etc/init.d/tripe
# The directory you want tripe to work in. This is where it will search for
# keyrings, and where its admin socket and logfile are kept.
-# TRIPEDIR=/var/lib/tripe
+# TRIPEDIR=/etc/tripe
# The address you want tripe to bind to. By default, tripe will accept
# packets to any address acceptable to the host, and send packets from the
# miscopts=
# Logfile to write to. The default is `tripe.log' in the working directory.
-# logfile=tripe.log
+# logfile=/var/log/tripe
+
+# Where to put tripectl's pidfile when it starts up. The default is
+# tripectl.pid in the working directory.
+# pidfile=/var/run/tripectl.pid
/* -*-c-*-
*
- * $Id: tun-bsd.c,v 1.1 2001/02/05 19:48:18 mdw Exp $
+ * $Id: tun-bsd.c,v 1.2 2003/11/29 23:49:32 mdw Exp $
*
* Tunnel interface for 4.4BSD-derived systems
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tun-bsd.c,v $
+ * Revision 1.2 2003/11/29 23:49:32 mdw
+ * Debianization.
+ *
* Revision 1.1 2001/02/05 19:48:18 mdw
* Initial support for BSD tunnel devices.
*
n = 0;
for (;;) {
sprintf(buf, "/dev/tun%u", n);
- if ((fd = open("/dev/unet", O_RDWR)) >= 0)
+ if ((fd = open(buf, O_RDWR)) >= 0)
break;
switch (errno) {
case EBUSY:
/* -*-c-*-
*
- * $Id: tun-linux.c,v 1.1 2003/04/06 10:25:17 mdw Exp $
+ * $Id: tun-linux.c,v 1.2 2003/11/29 23:49:32 mdw Exp $
*
* Tunnel interface based on Linux TUN/TAP driver
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tun-linux.c,v $
+ * Revision 1.2 2003/11/29 23:49:32 mdw
+ * Debianization.
+ *
* Revision 1.1 2003/04/06 10:25:17 mdw
* Support Linux TUN/TAP device. Fix some bugs.
*
}
fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
iff.ifr_name[0] = 0;
- iff.ifr_flags = IFF_TUN | IFF_NO_PI;
+ iff.ifr_flags = IFF_TUN;
if ((f = ioctl(fd, TUNSETIFF, &iff)) < 0) {
a_warn("couldn't set configure new TUN/TAP interface: %s",
strerror(errno));