From ef4a1ab72d88f8790c367b513863d4f9a101a34d Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Sat, 29 Nov 2003 23:49:32 +0000 Subject: [PATCH] Debianization. Organization: Straylight/Edgeware From: mdw --- .cvsignore | 2 + Makefile.am | 19 ++++++- acconfig.h | 14 ++++- client.c | 14 +++-- configure.in | 117 +++++++++++++++++++++++++++++++++----- debian/.cvsignore | 2 + debian/changelog | 5 ++ debian/control | 38 +++++++++++++ debian/copyright | 16 ++++++ debian/pkstream.copyright | 16 ++++++ debian/rules | 71 +++++++++++++++++++++++ debian/tripe.README | 53 +++++++++++++++++ debian/tripe.logrotate | 9 +++ debian/tripe.postinst | 14 +++++ debian/tripe.postrm | 9 +++ debian/tripe.prerm | 9 +++ doc/pkstream.1 | 14 ++++- pkstream.c | 26 +++++++-- tripe-init.in | 110 ++++++++++++++++++++++++++++++----- tripe.c | 17 ++++-- tripe.conf | 10 +++- tun-bsd.c | 7 ++- tun-linux.c | 7 ++- 23 files changed, 545 insertions(+), 54 deletions(-) create mode 100644 debian/.cvsignore create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/pkstream.copyright create mode 100755 debian/rules create mode 100644 debian/tripe.README create mode 100644 debian/tripe.logrotate create mode 100644 debian/tripe.postinst create mode 100644 debian/tripe.postrm create mode 100644 debian/tripe.prerm diff --git a/.cvsignore b/.cvsignore index 3006d566..81d83556 100644 --- a/.cvsignore +++ b/.cvsignore @@ -4,3 +4,5 @@ aclocal.m4 build config.h.in stamp-h.in +deb-build +test diff --git a/Makefile.am b/Makefile.am index 435d649a..9a2419db 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## -*-makefile-*- ## -## $Id: Makefile.am,v 1.8 2003/10/15 09:31:24 mdw Exp $ +## $Id: Makefile.am,v 1.9 2003/11/29 23:49:32 mdw Exp $ ## ## Makefile for TrIPE ## @@ -28,6 +28,9 @@ ##----- Revision history ---------------------------------------------------- ## ## $Log: Makefile.am,v $ +## Revision 1.9 2003/11/29 23:49:32 mdw +## Debianization. +## ## Revision 1.8 2003/10/15 09:31:24 mdw ## Remove buf, and add Ethereal analysis. ## @@ -55,6 +58,9 @@ AUTOMAKE_OPTIONS = foreign SUBDIRS = doc @DIRS@ +configdir = @configdir@ +socketdir = @socketdir@ +logdir = @logdir@ CATACOMB_LIBS = @CATACOMB_LIBS@ tun = @tun@ @@ -63,7 +69,7 @@ sbin_PROGRAMS = tripe bin_PROGRAMS = tripectl tripe-mitm pkstream noinst_SCRIPTS = tripe-init tripe_SOURCES = \ - tripe.c tripe.h \ + tripe.c tripe.h tripe-protocol.h \ admin.c peer.c tun-$(tun).c \ keymgmt.c keyexch.c keyset.c \ servutil.c util.c util.h @@ -79,6 +85,13 @@ tripe_mitm_LDADD = $(CATACOMB_LIBS) pkstream_SOURCES = \ pkstream.c -EXTRA_DIST = tripe.conf +install-hook: + for i in "$(configdir)" "$(socketdir)"; do \ + case "$$i" in /*) $(mkinstalldirs) $(DESTDIR)$$i;; esac; \ + done + +EXTRA_DIST = tripe.conf \ + debian/rules debian/control debian/changelog debian/copyright \ + debian/tripe.postinst debian/tripe.prerm debian/tripe.postrm ##----- That's all, folks --------------------------------------------------- diff --git a/acconfig.h b/acconfig.h index f7462e36..07dedb88 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: acconfig.h,v 1.4 2003/10/15 09:30:18 mdw Exp $ + * $Id: acconfig.h,v 1.5 2003/11/29 23:49:32 mdw Exp $ * * Configuration header for TrIPE * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: acconfig.h,v $ + * Revision 1.5 2003/11/29 23:49:32 mdw + * Debianization. + * * Revision 1.4 2003/10/15 09:30:18 mdw * Add support for Ethereal protocol analysis. * @@ -70,6 +73,15 @@ * built-in `tun' devices. */ #undef TUN_TYPE +/* Define this to your default configuration directory. This is where + * tripe searches for keys and other stuff. */ +#define CONFIGDIR "." + +/* Define this to the directory in which tripe's admin socket is to be + * placed. Common choices are `.' -- the tripe configuration directory -- + * and /var/run. */ +#define SOCKETDIR "." + /* Define if your Ethereal plugin headers are broken (e.g., Debian 3.0) but * you're running some sensible ELF system, and I should try to bodge around * the damage. */ diff --git a/client.c b/client.c index ccc3a055..1910ef74 100644 --- a/client.c +++ b/client.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: client.c,v 1.12 2003/10/15 09:29:38 mdw Exp $ + * $Id: client.c,v 1.13 2003/11/29 23:49:32 mdw Exp $ * * Client for TrIPE * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: client.c,v $ + * Revision 1.13 2003/11/29 23:49:32 mdw + * Debianization. + * * Revision 1.12 2003/10/15 09:29:38 mdw * Cosmetic fix to changelog comment. * @@ -289,8 +292,9 @@ Options in full:\n\ -u, --usage Show brief usage message.\n\ \n\ -D, --daemon Become a background task after connecting.\n\ --d, --directory=DIR Select current directory [default /var/lib/tripe]\n\ --a, --admin-socket=FILE Select socket to connect to.\n\ +-d, --directory=DIR Select current directory [default " CONFIGDIR "].\n\ +-a, --admin-socket=FILE Select socket to connect to + [default " SOCKETDIR "/tripesock].\n\ -P, --pidfile=FILE Write process-id to FILE.\n\ \n\ -s, --spawn Start server rather than connecting.\n\ @@ -305,8 +309,8 @@ Options in full:\n\ int main(int argc, char *argv[]) { - const char *dir = "/var/lib/tripe"; - const char *sock = "tripesock"; + const char *dir = CONFIGDIR; + const char *sock = SOCKETDIR "/tripesock"; const char *spawnpath = "tripe"; string_v spawnopts = DA_INIT; char *p; diff --git a/configure.in b/configure.in index b2049dcd..38fb539c 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl -*-autoconf-*- dnl -dnl $Id: configure.in,v 1.13 2003/10/15 09:30:18 mdw Exp $ +dnl $Id: configure.in,v 1.14 2003/11/29 23:49:32 mdw Exp $ dnl dnl Configuration script for TrIPE dnl @@ -28,6 +28,9 @@ dnl Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. dnl ----- Revision history -------------------------------------------------- dnl dnl $Log: configure.in,v $ +dnl Revision 1.14 2003/11/29 23:49:32 mdw +dnl Debianization. +dnl dnl Revision 1.13 2003/10/15 09:30:18 mdw dnl Add support for Ethereal protocol analysis. dnl @@ -66,7 +69,7 @@ dnl Initial checkin. dnl AC_INIT(tripe.c) -AM_INIT_AUTOMAKE(tripe, 1.0.0pre5) +AM_INIT_AUTOMAKE(tripe, 1.0.0pre6) AM_CONFIG_HEADER(config.h) AC_CANONICAL_HOST @@ -82,15 +85,46 @@ AC_ARG_WITH([linux-includes], [CFLAGS="$CFLAGS -I$withval"], [:]) +AC_ARG_WITH([configdir], +[ --with-configdir=DIR look for keys and other configuration in DIR + [default=/var/lib/tripe]], +[configdir=$withval], +[configdir=/var/lib/tripe]) + +AC_ARG_WITH([socketdir], +[ --with-socketdir=DIR put admin socket in DIR [default=.]], +[socketdir=$withval], +[socketdir=.]) + +AC_ARG_WITH([pidfile], +[ --with-pidfile=FILE make tripectl write its pid to FILE + [default=./tripectl.pid]], +[pidfile=$withval], +[pidfile=tripectl.pid]) + +AC_ARG_WITH([initconfig], +[ --with-initconfig=FILE read definitions from FILE in init script + [default=/etc/tripe.conf]], +[initconfig=$withval], +[initconfig=/etc/tripe.conf]) + +AC_ARG_WITH([logfile], +[ --with-logfile=DIR make tripectl write its log to FILE + [default=./tripe.log]], +[logfile=$withval], +[logfile=tripe.log]) + DIRS="" +ETHEREAL_CFLAGS="" +ETHEREAL_PLUGIN_DIR="unknown" AC_ARG_WITH([ethereal], -[ --with-ethereal build and install Ethereal plugin], +[ --with-ethereal build and install Ethereal plugin], [case "$withval" in - no) ethereal=false;; - yes) ethereal='${prefix}/lib/ethereal/plugins';; - *) ethereal=$withval;; + no) ethereal=false requireethereal=false;; + yes) ethereal=true; requireethereal=true;; + *) ethereal=true requireethereal=true ETHEREAL_PLUGIN_DIR=$withval;; esac], -[ethereal=false]) +[ethereal=true requireethereal=false]) case $host_os in linux*) @@ -120,13 +154,53 @@ AC_SUBST(tun) mdw_MLIB(2.0.0) mdw_CATACOMB(2.0.1, [CFLAGS="$CFLAGS $CATACOMB_CFLAGS"]) -if test "$ethereal" != false; then - AM_PATH_GLIB([1.2.0], [], AC_MSG_ERROR([failed to find GLib]), [gmodule]) +if test "$ethereal" = true -a "$ETHEREAL_PLUGIN_DIR" = unknown; then + AC_CACHE_CHECK([where to put Ethereal plugins], + [mdw_cv_ethereal_plugin_dir], [ + changequote(,) + mdw_cv_ethereal_plugin_dir="failed" + ethprefix=none + for i in "${prefix}" /usr/local /usr `echo $PATH | tr : " "`; do + if test -x "$i/bin/ethereal"; then + ethprefix=$i + break + fi + done + if test "$ethprefix" != none; then + ethbin=$ethprefix/bin/ethereal + ethver=`$ethbin -v | sed 's/^[^ ]* \([0-9A-Za-z.]*\).*$/\1/'` + dir=$ethprefix/lib/ethereal/plugins/$ethver + if test -d "$dir"; then + mdw_cv_ethereal_plugin_dir=$dir + fi + fi + changequote([, ]) + ]) + case $mdw_cv_ethereal_plugin_dir in + failed) ethereal=false;; + *) ETHEREAL_PLUGIN_DIR=$mdw_cv_ethereal_plugin_dir;; + esac +fi + +if test "$ethereal" = true; then + AM_PATH_GLIB([1.2.0], [], ethereal=false, [gmodule]) +fi +if test "$ethereal" = true; then bad=true mdw_CFLAGS=$CFLAGS + ethprefix=`echo $ETHEREAL_PLUGIN_DIR | sed 's:/lib/.*$::'` AC_CACHE_CHECK([how to find the Ethereal headers], [mdw_cv_ethereal_includes], [ - for i in "" "-I/usr/include/ethereal"; do + mdw_cv_ethereal_includes=failed + for i in \ + "" \ + "-I${ethprefix}/include/ethereal" \ + "-I${ethprefix}/include" \ + "-I${prefix}/include/ethereal" \ + "-I${prefix}/include" \ + "-I/usr/include/ethereal" \ + "-I/usr/local/include/ethereal" \ + "-I/usr/local/include"; do CFLAGS="$GLIB_CFLAGS $i" AC_TRY_COMPILE([ #include @@ -137,12 +211,18 @@ if test "$ethereal" != false; then dh = creat_dissector_handle(0, 0); ], [bad=false; break]) done - if $bad; then - AC_MSG_ERROR([failed to find Ethereal headers]) + if test $bad = false; then + mdw_cv_ethereal_includes=$i fi - mdw_cv_ethereal_includes=$i CFLAGS=$mdw_CFLAGS ]) + case $mdw_cv_ethereal_plugin_dir in + failed) ethereal=false;; + *) ETHEREAL_PLUGIN_DIR=$mdw_cv_ethereal_plugin_dir;; + esac +fi + +if test "$ethereal" = true; then AC_CACHE_CHECK([whether the Ethereal headers are broken], [mdw_cv_ethereal_buggered], [ CFLAGS="$GLIB_CFLAGS $i" @@ -164,12 +244,21 @@ if test "$ethereal" != false; then fi ETHEREAL_CFLAGS="$CFLAGS $GLIB_CFLAGS $mdw_cv_ethereal_includes" - ETHEREAL_PLUGIN_DIR=$ethereal AC_SUBST(ETHEREAL_CFLAGS) AC_SUBST(ETHEREAL_PLUGIN_DIR) DIRS="$DIRS ethereal" fi +if test "$ethereal" = false -a "$requireethereal" = true; then + AC_MSG_ERROR([failed to configure Ethereal plugin]) +fi + +mdw_DEFINE_PATHS([ + mdw_DEFINE_PATH([CONFIGDIR], [$configdir]) + mdw_DEFINE_PATH([SOCKETDIR], [$socketdir]) + AC_SUBST(socketdir) AC_SUBST(configdir) AC_SUBST(logfile) AC_SUBST(pidfile) + AC_SUBST(initconfig) +]) AC_SUBST(DIRS) AC_OUTPUT(Makefile doc/Makefile ethereal/Makefile tripe-init) diff --git a/debian/.cvsignore b/debian/.cvsignore new file mode 100644 index 00000000..fef6b094 --- /dev/null +++ b/debian/.cvsignore @@ -0,0 +1,2 @@ +files tmp substvars *.substvars *.debhelper +pkstream tripe tripe-ethereal diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..a19e8839 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +tripe (1.0.0pre6) experimental; urgency=low + + * Debianization! + + -- Mark Wooding Sat, 22 Nov 2003 18:35:50 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..d4482636 --- /dev/null +++ b/debian/control @@ -0,0 +1,38 @@ +Source: tripe +Section: net +Priority: extra +Maintainer: Mark Wooding +Build-Depends: catacomb-dev (>= 2.0.1), mlib-dev (>= 2.0.2), + ethereal-dev, debhelper (>= 4.0.2) +Standards-Version: 3.1.1 + +Package: tripe +Architecture: any +Depends: ${shlibs:Depends}, sysvinit (>= 2.80-1), makedev (>= 2.3.1-63) +Recommends: catacomb-bin +Suggests: pkstream +Description: Trivial IP Encryption: a simple virtual private network + TrIPE is a simple VPN protocol. It uses cryptography to ensure secrecy + and authenticity of packets it sends and receives. + . + This package contains the main daemon and support programs. It needs + a 2.4 series kernel with the TUN/TAP driver enabled. + +Package: pkstream +Architecture: any +Depends: ${shlibs:Depends} +Suggests: fw | ssh | stunnel +Description: Forward UDP packets over a stream + Pkstream is a simple program which transmits and receives UDP datagrams + over a reliable stream. By default, it will send and receive the + packets on standard input and output; it also natively understands TCP + sockets. Anything else can probably be fudged up with port forwarder. + +Package: tripe-ethereal +Architecture: any +Depends: ${shlibs:Depends}, ethereal-common (= ${tripe:Ethereal-Version}) +Description: Trivial IP Encryption: a simple virtual private network + TrIPE is a simple VPN protocol. It uses cryptography to ensure secrecy + and authenticity of packets it sends and receives. + . + This package contains the protocol analysis plug-in for Ethereal. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..a7e11e06 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,16 @@ +Tripe is copyright (c) 2003 Straylight/Edgeware. + +Tripe is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +Tripe is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have a copy of the GNU General Public License in +/usr/share/common-licenses/GPL; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. diff --git a/debian/pkstream.copyright b/debian/pkstream.copyright new file mode 100644 index 00000000..5eb25170 --- /dev/null +++ b/debian/pkstream.copyright @@ -0,0 +1,16 @@ +Pkstream is copyright (c) 2003 Straylight/Edgeware. + +Pkstream is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +Pkstream is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have a copy of the GNU General Public License in +/usr/share/common-licenses/GPL; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +USA. diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..e164a834 --- /dev/null +++ b/debian/rules @@ -0,0 +1,71 @@ +#! /usr/bin/make -f + +export DH_COMPAT = 4 + +build: + rm -rf build deb-build + mkdir deb-build + cd deb-build; ../configure \ + --prefix=/usr --mandir=/usr/share/man \ + --with-configdir=/etc/tripe \ + --with-socketdir=/var/run \ + --with-logfile=/var/log/tripe.log \ + --with-pidfile=/var/run/tripectl.pid \ + --with-initconfig=/etc/default/tripe \ + --with-ethereal + make -C deb-build + touch build + +clean: + dh_clean + rm -rf deb-build build + +install: build + dh_clean + make -C deb-build install DESTDIR=`pwd`/debian/tripe + mkdir -p debian/tripe/etc/tripe/peers + mkdir -p debian/tripe/etc/default + mkdir -p debian/tripe/etc/init.d + cp deb-build/tripe-init debian/tripe/etc/init.d/tripe + chmod 755 debian/tripe/etc/init.d/tripe + cp tripe.conf debian/tripe/etc/default/tripe + mkdir -p debian/pkstream/usr/bin + mv debian/tripe/usr/bin/pkstream debian/pkstream/usr/bin + mkdir -p debian/pkstream/usr/share/man/man1 + mv debian/tripe/usr/share/man/man1/pkstream.1 \ + debian/pkstream/usr/share/man/man1 + mkdir -p debian/tripe-ethereal/usr/lib + mv debian/tripe/usr/lib/ethereal debian/tripe-ethereal/usr/lib + rm -f debian/tripe-ethereal/usr/lib/ethereal/plugins/*/*.a + rmdir debian/tripe/usr/lib + +binary-indep: + +binary-arch: install + dpkg --status ethereal | \ + sed -n 's/^Version: */tripe:Ethereal-Version=/p' \ + >> debian/tripe-ethereal.substvars + dh_testdir -a + dh_testroot -a + dh_compress -a + dh_installdocs -a + dh_strip -a + dh_shlibdeps -a + dh_installlogrotate -a + dh_gencontrol -a + dh_fixperms -a + dh_installdeb -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch + +source: + rm -rf deb-build/*.tar.gz deb-build/=deb= + make -C deb-build dist + mkdir deb-build/=deb= + cd deb-build/=deb=; tar xvfz ../*.tar.gz + d=`pwd`; cd ..; dpkg-source -i -b $$d/deb-build/=deb=/* + rm -rf deb-build/=deb= + +.PHONY: binary binary-arch binary-indep clean install source diff --git a/debian/tripe.README b/debian/tripe.README new file mode 100644 index 00000000..275768d7 --- /dev/null +++ b/debian/tripe.README @@ -0,0 +1,53 @@ +SETTING UP TRIPE FOR DEBIAN GNU/LINUX + + Firstly, you need to set up public key parameters. To generate + a new set, run + + # cd /etc/tripe + # key add -adh-param -LS -b2048 -B256 -eforever \ + -tparam tripe-dh-param + # key extract param param + + (Feel free to twiddle these settings. Read key(1) for details + about the various options.) You can now copy the file `param' + to the other hosts which will participate in the VPN. If you + already have a `param' file from this procedure, you should + copy it into /etc/tripe and run + + # key merge param + + instead. + + Now, generate a public key. Before you can do this, you'll need + to give this host a name. Let's say we've chosen `alice' as the + name. Run + + # key add -adh -pparam -talice -e"now + 1 year" tripe-dh + # key extract -f-secret alice.pub alice + # key -kkeyring.pub merge alice.pub + + Now copy `alice.pub' to the other hosts, and run the `key merge' + command on each of them. Also merge the keys from the other + hosts into alice's `keyring.pub' file. + + Finally, you need to write a script in /etc/tripe/peers for each + peer you want to communicate with. The following template works + OK. + + #! /bin/sh + + set -e + + PEER=... # The peer's name + PEERADDR=... # Peer's publicly-routable address + PEERPORT=22003 # Port peer is listening on + LOCAL=... # My address for point-to-point + REMOTE=... # His address for point-to-point + RNET=... # Remote network address + RMASK=... # Netmask of remote network + + tripectl add $PEER $PEERADDR $PEERPORT + ifname=`tripectl ifname $PEER` + ifconfig $ifname $LOCAL pointopoint $REMOTE mtu 1429 + route add -net $RNET netmask $RMASK gw $REMOTE + diff --git a/debian/tripe.logrotate b/debian/tripe.logrotate new file mode 100644 index 00000000..5006869b --- /dev/null +++ b/debian/tripe.logrotate @@ -0,0 +1,9 @@ +/var/log/tripe { + rotate 7 + weekly + compress + postrotate + kill -HUP `cat /var/run/tripectl.pid` + endscript + missingok +} diff --git a/debian/tripe.postinst b/debian/tripe.postinst new file mode 100644 index 00000000..311664a8 --- /dev/null +++ b/debian/tripe.postinst @@ -0,0 +1,14 @@ +#! /bin/sh + +set -e + +if [ ! -c /dev/.devfsd ] && [ ! -c /dev/net/tun ]; then + (cd /dev && /sbin/MAKEDEV tun) +fi + +#DEBHELPER# + +if [ -x "/etc/init.d/tripe" ]; then + update-rc.d tripe defaults >/dev/null + invoke-rc.d tripe start +fi diff --git a/debian/tripe.postrm b/debian/tripe.postrm new file mode 100644 index 00000000..28575372 --- /dev/null +++ b/debian/tripe.postrm @@ -0,0 +1,9 @@ +#! /bin/sh + +set -e + +if [ "$1" = "purge" ] ; then + update-rc.d tripe remove >/dev/null +fi + +#DEBHELPER# diff --git a/debian/tripe.prerm b/debian/tripe.prerm new file mode 100644 index 00000000..c613d4e6 --- /dev/null +++ b/debian/tripe.prerm @@ -0,0 +1,9 @@ +#! /bin/sh + +set -e + +if [ -x "/etc/init.d/tripe" ]; then + invoke-rc.d tripe stop +fi + +#DEBHELPER# diff --git a/doc/pkstream.1 b/doc/pkstream.1 index 62aee14c..26594be6 100644 --- a/doc/pkstream.1 +++ b/doc/pkstream.1 @@ -38,6 +38,8 @@ pkstream \- forward UDP packets over streams .IR port ] .RB [ \-p .IR addr ] +.RB [ \-b +.IR addr ] .RB [ \-c .IR addr \c .BR : \c @@ -56,7 +58,7 @@ using some kind of port forwarder like .BR ssh (1), .BR stunnel (1), etc. It's intended, among other things, to provide a transport for -.B tripe (8) +.BR tripe (8) packets where there are annoying firewalls in the way. .SS "Command-line arguments" The two @@ -95,12 +97,22 @@ Listen for connections on the given TCP Only one connection is allowed at a time. When a connection is accepted, forward UDP packets over the TCP stream until it closes; then wait for another connection. +.TP .BI "\-p, \-\-peer=" addr Only accept TCP connections from .IR addr . This option only makes sense in conjunction with .BR \-l . .TP +.BI "\-b, \-\-bind=" addr +When making a connection (see +.B \-c +below), use +.I addr +as the source address rather than letting the kernel choose the address +automatically. This is useful when the other end will only accept +connections from a particular address and you get the wrong one otherwise. +.TP .BI "\-c, \-\-connect=" addr : port Connect to the given .I addr diff --git a/pkstream.c b/pkstream.c index 176192a8..ba95728f 100644 --- a/pkstream.c +++ b/pkstream.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pkstream.c,v 1.1 2003/04/23 12:53:28 mdw Exp $ + * $Id: pkstream.c,v 1.2 2003/11/29 23:49:32 mdw Exp $ * * Forwarding UDP packets over a stream * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: pkstream.c,v $ + * Revision 1.2 2003/11/29 23:49:32 mdw + * Debianization. + * * Revision 1.1 2003/04/23 12:53:28 mdw * New pkstream program. * @@ -277,8 +280,8 @@ static void dolisten(void) int opt = 1; if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0 || - bind(fd, (struct sockaddr *)&cw.me, sizeof(cw.me)) || setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) || + bind(fd, (struct sockaddr *)&cw.me, sizeof(cw.me)) || listen(fd, 1) || nonblockify(fd) || cloexec(fd)) die(1, "couldn't set up listening socket: %s", strerror(errno)); sel_initfile(&sel, &cw.a, fd, SEL_READ, doaccept, 0); @@ -321,7 +324,8 @@ static void parseaddr(const char *pp, struct in_addr *a, unsigned short *pt) static void usage(FILE *fp) { pquis(fp, - "Usage: $ [-l PORT] [-p ADDR] [-c ADDR:PORT] ADDR:PORT ADDR:PORT\n"); + "Usage: $ [-l PORT] [-b ADDR] [-p ADDR] [-c ADDR:PORT]\n\ + ADDR:PORT ADDR:PORT\n"); } static void version(FILE *fp) @@ -342,7 +346,8 @@ Options:\n\ -u, --usage Display pointless usage message.\n\ \n\ -l, --listen=PORT Listen for connections to TCP PORT.\n\ --p, --peer=PORT Only accept connections from IP ADDR.\n\ +-p, --peer=ADDR Only accept connections from IP ADDR.\n\ +-b, --bind=ADDR Bind to ADDR before connecting.\n\ -c, --connect=ADDR:PORT Connect to IP ADDR, TCP PORT.\n\ \n\ Forwards UDP packets over a reliable stream. By default, uses stdin and\n\ @@ -354,14 +359,18 @@ int main(int argc, char *argv[]) { unsigned f = 0; unsigned short pt; - struct sockaddr_in connaddr; + struct sockaddr_in connaddr, bindaddr; struct sockaddr_in udp_me, udp_peer; int len = 65536; #define f_bogus 1u ego(argv[0]); + bindaddr.sin_family = AF_INET; + bindaddr.sin_addr.s_addr = INADDR_ANY; + bindaddr.sin_port = 0; connaddr.sin_family = AF_INET; + connaddr.sin_addr.s_addr = INADDR_ANY; cw.me.sin_family = AF_INET; cw.me.sin_addr.s_addr = INADDR_ANY; cw.me.sin_port = 0; @@ -374,12 +383,13 @@ int main(int argc, char *argv[]) { "usage", 0, 0, 'u' }, { "listen", OPTF_ARGREQ, 0, 'l' }, { "peer", OPTF_ARGREQ, 0, 'p' }, + { "bind", OPTF_ARGREQ, 0, 'b' }, { "connect", OPTF_ARGREQ, 0, 'c' }, { 0, 0, 0, 0 } }; int i; - i = mdwopt(argc, argv, "hvul:p:c:", opt, 0, 0, 0); + i = mdwopt(argc, argv, "hvul:p:b:c:", opt, 0, 0, 0); if (i < 0) break; switch (i) { @@ -399,6 +409,9 @@ int main(int argc, char *argv[]) case 'p': parseaddr(optarg, &cw.peer, 0); break; + case 'b': + parseaddr(optarg, &bindaddr.sin_addr, 0); + break; case 'c': parseaddr(optarg, &connaddr.sin_addr, &pt); connaddr.sin_port = pt; @@ -432,6 +445,7 @@ int main(int argc, char *argv[]) else if (connaddr.sin_addr.s_addr != INADDR_ANY) { int fd; if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0 || + bind(fd, (struct sockaddr *)&bindaddr, sizeof(bindaddr)) || connect(fd, (struct sockaddr *)&connaddr, sizeof(connaddr)) || nonblockify(fd) || cloexec(fd)) die(1, "couldn't connect to TCP server: %s", strerror(errno)); diff --git a/tripe-init.in b/tripe-init.in index 5d96691c..db9cb35f 100755 --- a/tripe-init.in +++ b/tripe-init.in @@ -3,21 +3,97 @@ # tripe init script # suitable for direct use in most SysV-style inits -prefix=@prefix@ -exec_prefix=@exec_prefix@ -bindir=@bindir@ -sbindir=@sbindir@ - set -e -[ -f /etc/tripe.conf ] && . /etc/tripe.conf -: ${TRIPEDIR=/var/lib/tripe} -export TRIPEDIR +# --- Setup --- -: ${tripe=$sbindir/tripe} -: ${tripectl=$bindir/tripectl} +[ -f @initconfig@ ] && . @initconfig@ +: ${prefix=@prefix@} ${exec_prefix=@exec_prefix@} +: ${bindir=@bindir@} ${sbindir=@sbindir@} +: ${TRIPEDIR=@configdir@} +: ${tripe=$sbindir/tripe} ${tripectl=$bindir/tripectl} PATH=/usr/bin:/usr/sbin:/bin:/sbin:$bindir -export PATH +export PATH TRIPEDIR + +# --- Check it will work, or at least stands a fighting chance --- +# +# Having loads of different tunnel types doesn't help any. + +test -x $tripe -a -x $tripectl || exit 0 + +case `$tripe --tunnel` in + linux) + case `uname -s` in + Linux) + if { test -f /proc/misc && grep -q net/tun /proc/misc; } || + modprobe -q tun; then + : good + else + echo >&2 "$tripe needs the Linux TUN/TAP driver to run." + exit 1 + fi + if test -c /dev/net/tun; then + : good + else + echo >&2 "$tripe needs /dev/net/tun, which is missing." + exit 1 + fi + ;; + *) + echo >&2 "CONFIGURATION ERROR" + echo >&2 " $tripe is compiled to use a Linux tunnel device, but" + echo >&2 " this system is `uname -s`" + exit 1 + ;; + esac + ;; + unet) + case `uname -s` in + Linux) + if { test -f /proc/devices && grep -q unet /proc/devices; } || + modprobe -q unet; then + : good + else + echo >&2 "$tripe needs the Linux UNET driver to run." + exit 1 + fi + if test -c /dev/unet; then + : good + else + echo >&2 "$tripe needs /dev/unet, which is missing." + exit 1 + fi + ;; + *) + echo >&2 "CONFIGURATION ERROR" + echo >&2 " $tripe is compiled to use a Linux tunnel device, but" + echo >&2 " this system is `uname -s`" + exit 1 + ;; + esac + ;; + bsd) + case `uname -s` in + *BSD) + # Don't know how to check the device is working. + if test -c /dev/tun0; then + : good + else + echo >&2 "$tripe needs /dev/tun0, which is missing." + exit 1 + fi + ;; + *) + echo >&2 "CONFIGURATION ERROR" + echo >&2 " $tripe is compiled to use a BSD tunnel device, but" + echo >&2 " this system is `uname -s`" + exit 1 + ;; + esac + ;; +esac + +# --- Do what was wanted --- case "$1" in start) @@ -26,7 +102,9 @@ case "$1" in echo " already running" exit 0 fi - $tripectl -D -f ${logfile-tripe.log} -p $tripe -s \ + $tripectl -D -s -p$tripe \ + -f${logfile-@logfile@} \ + -P${pidfile-@pidfile@} \ ${addr+-S-b}$addr \ ${port+-S-p}${port} \ ${user+-S-u}${user} \ @@ -59,12 +137,18 @@ case "$1" in $tripectl quit echo " done" ;; + status) + for i in `$tripectl list`; do + echo "Peer \`$i':" + $tripectl stats $i | sed 's/^/ /' + done + ;; restart | force-reload) sh $0 stop sh $0 start ;; *) - echo >&2 "usage: $0 start|stop|restart|force-reload" + echo >&2 "usage: $0 start|stop|restart|status|force-reload" exit 1 ;; esac diff --git a/tripe.c b/tripe.c index adbd7a11..447a0c4c 100644 --- a/tripe.c +++ b/tripe.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tripe.c,v 1.11 2003/05/17 11:02:03 mdw Exp $ + * $Id: tripe.c,v 1.12 2003/11/29 23:49:32 mdw Exp $ * * Main program * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: tripe.c,v $ + * Revision 1.12 2003/11/29 23:49:32 mdw + * Debianization. + * * Revision 1.11 2003/05/17 11:02:03 mdw * Document the new `-b' option. * @@ -135,7 +138,7 @@ Options:\n\ -u, --usage Display pointless usage message.\n\ \n\ -D, --daemon Run in the background.\n\ --d, --directory=DIR Switch to directory DIR (default $TRIPEDIR).\n\ +-d, --directory=DIR Switch to directory DIR [default " CONFIGDIR "].\n\ -b, --bind-address=ADDR Bind UDP socket to this IP ADDR.\n\ -p, --port=PORT Select UDP port to listen to.\n\ -U, --setuid=USER Set uid to USER after initialization.\n\ @@ -154,8 +157,8 @@ int main(int argc, char *argv[]) { const char *kr_priv = "keyring", *kr_pub = "keyring.pub"; const char *tag_priv = "tripe-dh"; - const char *csock = "tripesock"; - const char *dir = "/var/lib/tripe"; + const char *csock = SOCKETDIR "/tripesock"; + const char *dir = CONFIGDIR; const char *p; unsigned port = 0; struct in_addr baddr = { INADDR_ANY }; @@ -194,6 +197,7 @@ int main(int argc, char *argv[]) { "trace", OPTF_ARGREQ, 0, 'T' }, #endif + { "tunnel", 0, 0, '0' }, { 0, 0, 0, 0 } }; @@ -282,6 +286,11 @@ int main(int argc, char *argv[]) trace_level(tr_flags); break; #endif + case '0': { + static const char *tun[] = { "notdef", "unet", "bsd", "linux" }; + puts(tun[TUN_TYPE]); + exit(0); + } break; default: f |= f_bogus; break; diff --git a/tripe.conf b/tripe.conf index 3ca4edb0..36bb1326 100644 --- a/tripe.conf +++ b/tripe.conf @@ -1,10 +1,10 @@ # tripe configuration file # -# this is sourced as a Bourne shell script by tripe-init +# this is sourced as a Bourne shell script by /etc/init.d/tripe # The directory you want tripe to work in. This is where it will search for # keyrings, and where its admin socket and logfile are kept. -# TRIPEDIR=/var/lib/tripe +# TRIPEDIR=/etc/tripe # The address you want tripe to bind to. By default, tripe will accept # packets to any address acceptable to the host, and send packets from the @@ -37,4 +37,8 @@ # miscopts= # Logfile to write to. The default is `tripe.log' in the working directory. -# logfile=tripe.log +# logfile=/var/log/tripe + +# Where to put tripectl's pidfile when it starts up. The default is +# tripectl.pid in the working directory. +# pidfile=/var/run/tripectl.pid diff --git a/tun-bsd.c b/tun-bsd.c index 39e3e108..bc82be3b 100644 --- a/tun-bsd.c +++ b/tun-bsd.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tun-bsd.c,v 1.1 2001/02/05 19:48:18 mdw Exp $ + * $Id: tun-bsd.c,v 1.2 2003/11/29 23:49:32 mdw Exp $ * * Tunnel interface for 4.4BSD-derived systems * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: tun-bsd.c,v $ + * Revision 1.2 2003/11/29 23:49:32 mdw + * Debianization. + * * Revision 1.1 2001/02/05 19:48:18 mdw * Initial support for BSD tunnel devices. * @@ -108,7 +111,7 @@ int tun_create(tunnel *t, peer *p) n = 0; for (;;) { sprintf(buf, "/dev/tun%u", n); - if ((fd = open("/dev/unet", O_RDWR)) >= 0) + if ((fd = open(buf, O_RDWR)) >= 0) break; switch (errno) { case EBUSY: diff --git a/tun-linux.c b/tun-linux.c index 5ffd0ade..84dca602 100644 --- a/tun-linux.c +++ b/tun-linux.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tun-linux.c,v 1.1 2003/04/06 10:25:17 mdw Exp $ + * $Id: tun-linux.c,v 1.2 2003/11/29 23:49:32 mdw Exp $ * * Tunnel interface based on Linux TUN/TAP driver * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: tun-linux.c,v $ + * Revision 1.2 2003/11/29 23:49:32 mdw + * Debianization. + * * Revision 1.1 2003/04/06 10:25:17 mdw * Support Linux TUN/TAP device. Fix some bugs. * @@ -113,7 +116,7 @@ int tun_create(tunnel *t, peer *p) } fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); iff.ifr_name[0] = 0; - iff.ifr_flags = IFF_TUN | IFF_NO_PI; + iff.ifr_flags = IFF_TUN; if ((f = ioctl(fd, TUNSETIFF, &iff)) < 0) { a_warn("couldn't set configure new TUN/TAP interface: %s", strerror(errno)); -- [mdw]