├── README.md ├── src ├── sha1_license.txt ├── config.h ├── utility.h ├── exception.h ├── exception.cpp ├── tun_dev_darwin_emu.c ├── tun.h ├── utility.cpp ├── time.h ├── auth.h ├── tun_dev.h ├── auth.cpp ├── echo.h ├── tunemu.h ├── tun_dev_generic.c ├── tun_dev_freebsd.c ├── client.h ├── time.cpp ├── sha1.h ├── tun_dev_openbsd.c ├── tun_dev_utun.c ├── worker.h ├── server.h ├── tun_dev_linux.c ├── echo.cpp ├── tun.cpp ├── tun_dev_svr4.c ├── worker.cpp ├── client.cpp ├── main.cpp ├── tunemu.c ├── tun_dev_cygwin.c ├── server.cpp └── sha1.cpp ├── website ├── hans │ ├── main.css │ └── index.html └── tunemu │ └── index.html ├── osflags ├── CHANGES ├── Makefile └── LICENSE /README.md: -------------------------------------------------------------------------------- 1 | Hans - IP over ICMP 2 | =================== 3 | 4 | Hans makes it possible to tunnel IPv4 through ICMP echo packets, so you could call it a ping tunnel. This can be useful when you find yourself in the situation that your Internet access is firewalled, but pings are allowed. 5 | 6 | http://code.gerade.org/hans/ 7 | -------------------------------------------------------------------------------- /src/sha1_license.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1998, 2009 2 | Paul E. Jones 3 | 4 | Freeware Public License (FPL) 5 | 6 | This software is licensed as "freeware." Permission to distribute 7 | this software in source and binary forms, including incorporation 8 | into other products, is hereby granted without a fee. THIS SOFTWARE 9 | IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES, 10 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 11 | AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL NOT BE HELD 12 | LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER 13 | DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA 14 | OR DATA BEING RENDERED INACCURATE. 15 | -------------------------------------------------------------------------------- /src/config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #define MAX_BUFFERED_PACKETS 20 21 | 22 | #define KEEP_ALIVE_INTERVAL (60 * 1000) 23 | #define POLL_INTERVAL 2000 24 | 25 | #define CHALLENGE_SIZE 20 26 | 27 | // #define DEBUG_ONLY(a) a 28 | #define DEBUG_ONLY(a) 29 | -------------------------------------------------------------------------------- /src/utility.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef UTILITY_H 21 | #define UTILITY_H 22 | 23 | #include 24 | #include 25 | 26 | class Utility 27 | { 28 | public: 29 | static std::string formatIp(uint32_t ip); 30 | static int rand(); 31 | }; 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /src/exception.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include 21 | 22 | class Exception 23 | { 24 | public: 25 | Exception(const std::string &msg); 26 | Exception(const std::string &msg, bool appendSystemError); 27 | 28 | const std::string &errorMessage() const { return msg; } 29 | protected: 30 | std::string msg; 31 | }; 32 | -------------------------------------------------------------------------------- /website/hans/main.css: -------------------------------------------------------------------------------- 1 | body { 2 | max-width: 650px; 3 | margin: 40px auto; 4 | padding: 0 10px; 5 | /* https://practicaltypography.com/system-fonts.html */ 6 | /* https://www.cssfontstack.com/Palatino */ 7 | font-family: Palatino, "Palatino Linotype", "Palatino LT STD", "Book Antiqua", Georgia, serif; 8 | font-size: 16px; 9 | line-height: 1.6; 10 | color: #444; 11 | background: #fafafa; 12 | } 13 | 14 | h1, 15 | h2, 16 | h3 { 17 | margin-top: 1.2em; 18 | line-height: 1.2; 19 | } 20 | 21 | a:link, 22 | a:visited { 23 | color: #215187; 24 | } 25 | 26 | code { 27 | display: block; 28 | overflow: auto; 29 | padding: 1em 1.5em; 30 | border-radius: 10px; 31 | font-size: 14px; 32 | line-height: 1.5; 33 | background: #fff; 34 | box-shadow: rgba(0, 0, 0, 0.05) 0px 0px 0px 1px; 35 | } 36 | 37 | @media (prefers-color-scheme: dark) { 38 | body { 39 | color: #dadadada; 40 | background: #121212; 41 | } 42 | 43 | a:link, 44 | a:visited { 45 | color: #7eade7; 46 | } 47 | 48 | code { 49 | background: #000; 50 | box-shadow: rgba(255, 255, 255, 0.05) 0px 0px 0px 1px; 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /osflags: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | OS=`uname | tr "a-z" "A-Z"` 4 | MODE=`echo "$2" | tr "a-z" "A-Z"` 5 | 6 | case $1 in 7 | ld) 8 | case $OS in 9 | DARWIN) 10 | if [ "$MODE" == TUNEMU ]; then 11 | echo build/tunemu.o -lpcap 12 | fi 13 | ;; 14 | esac 15 | ;; 16 | c) 17 | case $OS in 18 | LINUX) 19 | echo $FLAGS -DHAVE_LINUX_IF_TUN_H -DLINUX 20 | ;; 21 | CYGWIN*) 22 | echo $FLAGS -DWIN32 23 | ;; 24 | *) 25 | echo $FLAGS 26 | ;; 27 | esac 28 | ;; 29 | dev) 30 | case $OS in 31 | LINUX) 32 | echo src/tun_dev_linux.c 33 | ;; 34 | FREEBSD) 35 | echo src/tun_dev_freebsd.c 36 | ;; 37 | OPENBSD) 38 | echo src/tun_dev_openbsd.c 39 | ;; 40 | DARWIN) 41 | if [ "$MODE" == TUNEMU ]; then 42 | echo src/tun_dev_darwin_emu.c 43 | else 44 | echo src/tun_dev_utun.c 45 | fi 46 | ;; 47 | CYGWIN*) 48 | echo src/tun_dev_cygwin.c 49 | ;; 50 | *) 51 | echo src/tun_dev_generic.c 52 | ;; 53 | esac 54 | ;; 55 | esac 56 | -------------------------------------------------------------------------------- /src/exception.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "exception.h" 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | using std::string; 27 | 28 | Exception::Exception(const string &msg) 29 | { 30 | this->msg = msg; 31 | } 32 | 33 | Exception::Exception(const string &msg, bool appendSystemError) 34 | { 35 | if (appendSystemError) 36 | this->msg = msg + ": " + strerror(errno); 37 | else 38 | this->msg = msg; 39 | } 40 | -------------------------------------------------------------------------------- /src/tun_dev_darwin_emu.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "tunemu.h" 21 | 22 | #include 23 | 24 | int tun_open(char *dev) 25 | { 26 | return tunemu_open(dev); 27 | } 28 | 29 | int tun_close(int fd, char *dev) 30 | { 31 | return tunemu_close(fd); 32 | } 33 | 34 | int tun_write(int fd, char *buf, int len) 35 | { 36 | return tunemu_write(fd, buf, len); 37 | } 38 | 39 | int tun_read(int fd, char *buf, int len) 40 | { 41 | return tunemu_read(fd, buf, len); 42 | } 43 | 44 | const char *tun_last_error() 45 | { 46 | return tunemu_error; 47 | } 48 | -------------------------------------------------------------------------------- /src/tun.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef TUN_H 21 | #define TUN_H 22 | 23 | #include "tun_dev.h" 24 | 25 | #include 26 | #include 27 | 28 | class Tun 29 | { 30 | public: 31 | Tun(const std::string *device, int mtu); 32 | ~Tun(); 33 | 34 | int getFd() { return fd; } 35 | 36 | int read(char *buffer); 37 | int read(char *buffer, uint32_t &sourceIp, uint32_t &destIp); 38 | 39 | void write(const char *buffer, int length); 40 | 41 | void setIp(uint32_t ip, uint32_t destIp); 42 | protected: 43 | std::string device; 44 | 45 | int mtu; 46 | int fd; 47 | }; 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /src/utility.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "utility.h" 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | std::string Utility::formatIp(uint32_t ip) 28 | { 29 | std::stringstream s; 30 | s << ((ip >> 24) & 0xff) << '.' 31 | << ((ip >> 16) & 0xff) << '.' 32 | << ((ip >> 8) & 0xff) << '.' 33 | << ((ip >> 0) & 0xff); 34 | return s.str(); 35 | } 36 | 37 | int Utility::rand() 38 | { 39 | static bool init = false; 40 | if (!init) 41 | { 42 | init = true; 43 | srand(time(NULL)); 44 | } 45 | return ::rand(); 46 | } 47 | -------------------------------------------------------------------------------- /src/time.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef TIME_H 21 | #define TIME_H 22 | 23 | #include 24 | 25 | class Time 26 | { 27 | public: 28 | Time() { tv.tv_sec = 0; tv.tv_usec = 0; }; 29 | Time(int ms); 30 | 31 | timeval &getTimeval() { return tv; } 32 | 33 | Time operator+(const Time &other) const; 34 | Time operator-(const Time &other) const; 35 | 36 | bool operator!=(const Time &other) const; 37 | bool operator==(const Time &other) const; 38 | bool operator<(const Time &other) const; 39 | bool operator>(const Time &other) const; 40 | 41 | static Time now(); 42 | 43 | static const Time ZERO; 44 | protected: 45 | timeval tv; 46 | }; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /src/auth.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef AUTH_H 21 | #define AUTH_H 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | class Auth 29 | { 30 | public: 31 | typedef std::vector Challenge; 32 | 33 | struct Response 34 | { 35 | uint32_t data[5]; 36 | bool operator==(const Response &other) const { return memcmp(this, &other, sizeof(Response)) == 0; } 37 | }; 38 | 39 | Auth(const std::string &passphrase); 40 | 41 | Challenge generateChallenge(int length) const; 42 | Response getResponse(const Challenge &challenge) const; 43 | 44 | protected: 45 | std::string passphrase; 46 | std::string challenge; 47 | }; 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /src/tun_dev.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2013 Friedrich Schöller 4 | * 1998-2000 Maxim Krasnyansky 5 | * 6 | * This program is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | * 19 | */ 20 | 21 | #ifdef WIN32 22 | 23 | #include 24 | #include 25 | 26 | #define VTUN_DEV_LEN 100 27 | 28 | #else 29 | 30 | #define VTUN_DEV_LEN 20 31 | 32 | #endif 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | int tun_open(char *dev); 39 | int tun_close(int fd, char *dev); 40 | int tun_write(int fd, char *buf, int len); 41 | int tun_read(int fd, char *buf, int len); 42 | const char *tun_last_error(); 43 | 44 | #ifdef WIN32 45 | bool tun_set_ip(int fd, uint32_t local, uint32_t network, uint32_t netmask); 46 | #endif 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | -------------------------------------------------------------------------------- /CHANGES: -------------------------------------------------------------------------------- 1 | Release 1.1 (November 2022) 2 | --------------------------- 3 | * Switch to utun devices on macOS (thanks to unkernet) 4 | 5 | Release 1.0 (November 2016) 6 | --------------------------- 7 | * Added cygwin support 8 | * Remove supplementary groups when dropping privileges 9 | * Fixed compile error on FreeBSD 10 | 11 | Release 0.4.4 (February 2014) 12 | ----------------------------- 13 | * Fixed writing beyond array bounds 14 | * Fixed some smaller bugs 15 | * Clean exit on signal 16 | * Improved error reporting 17 | 18 | Release 0.4.3 (Mai 2013) 19 | ------------------------ 20 | * Fixed tunemu compiling issue 21 | 22 | Release 0.4.2 (Mai 2013) 23 | ------------------------ 24 | * Fixed compilation issue on Linux 25 | * Changed the license of tunemu from GPL to BSD 26 | * Minor changes 27 | 28 | Release 0.4.1 (February 2010) 29 | ----------------------------- 30 | * Complies on GCC 4.4.1 31 | 32 | Release 0.4 (December 2009) 33 | --------------------------- 34 | * Improved IP assignment 35 | 36 | Release 0.3.1 (August 2009) 37 | --------------------------- 38 | * Fixed IP assignment on Linux 39 | * Corrected usage text 40 | 41 | Release 0.3 (August 2009) 42 | ------------------------- 43 | * Fixed specifying the tun device with the "-d" option 44 | * Added the debug output option "-v" 45 | * Ignore broadcasts 46 | * Added tun device emulation for Darwin (tunemu) 47 | * Improved IP and route assignment 48 | * Improved error handling 49 | 50 | Release 0.2 (July 2009) 51 | ----------------------- 52 | * Compiles on FreeBSD and OpenBSD 53 | * Minor enhancements 54 | 55 | Release 0.1 (July 2009) 56 | ----------------------- 57 | * First release 58 | -------------------------------------------------------------------------------- /src/auth.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "auth.h" 21 | #include "sha1.h" 22 | #include "utility.h" 23 | 24 | #include 25 | 26 | Auth::Auth(const std::string &passphrase) 27 | : passphrase(passphrase) 28 | { } 29 | 30 | Auth::Response Auth::getResponse(const Challenge &challenge) const 31 | { 32 | SHA1 hasher; 33 | 34 | Response response; 35 | 36 | hasher << passphrase.data(); 37 | hasher.Input(&challenge[0], challenge.size()); 38 | 39 | hasher.Result((unsigned int *)response.data); 40 | 41 | for (int i = 0; i < 5; i++) 42 | response.data[i] = htonl(response.data[i]); 43 | 44 | return response; 45 | } 46 | 47 | Auth::Challenge Auth::generateChallenge(int length) const 48 | { 49 | Challenge challenge; 50 | challenge.resize(length); 51 | 52 | for (int i = 0; i < length; i++) 53 | challenge[i] = Utility::rand(); 54 | 55 | return challenge; 56 | } 57 | -------------------------------------------------------------------------------- /src/echo.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef ECHO_H 21 | #define ECHO_H 22 | 23 | #include 24 | #include 25 | #include 26 | 27 | class Echo 28 | { 29 | public: 30 | Echo(int maxPayloadSize); 31 | ~Echo(); 32 | 33 | int getFd() { return fd; } 34 | 35 | void send(int payloadLength, uint32_t realIp, bool reply, uint16_t id, uint16_t seq); 36 | int receive(uint32_t &realIp, bool &reply, uint16_t &id, uint16_t &seq); 37 | 38 | char *sendPayloadBuffer(); 39 | char *receivePayloadBuffer(); 40 | 41 | static int headerSize(); 42 | protected: 43 | struct EchoHeader 44 | { 45 | uint8_t type; 46 | uint8_t code; 47 | uint16_t chksum; 48 | uint16_t id; 49 | uint16_t seq; 50 | }; // size = 8 51 | 52 | uint16_t icmpChecksum(const char *data, int length); 53 | 54 | int fd; 55 | int bufferSize; 56 | std::vector sendBuffer; 57 | std::vector receiveBuffer; 58 | }; 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /src/tunemu.h: -------------------------------------------------------------------------------- 1 | /* 2 | * tunemu - Tun device emulation for Darwin 3 | * 4 | * Copyright (c) 2009-2013 Friedrich Schöller 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 | * POSSIBILITY OF SUCH DAMAGE. 26 | * 27 | */ 28 | 29 | #ifndef TUNEMU_H 30 | #define TUNEMU_H 31 | 32 | typedef char tunemu_device[7]; 33 | 34 | extern char tunemu_error[]; 35 | 36 | int tunemu_open(tunemu_device dev); 37 | int tunemu_close(int fd); 38 | int tunemu_read(int fd, char *buffer, int length); 39 | int tunemu_write(int fd, char *buffer, int length); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/tun_dev_generic.c: -------------------------------------------------------------------------------- 1 | /* 2 | VTun - Virtual Tunnel over TCP/IP network. 3 | 4 | Copyright (C) 1998-2000 Maxim Krasnyansky 5 | 6 | VTun has been derived from VPPP package by Maxim Krasnyansky. 7 | 8 | This program is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | This program is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | */ 18 | 19 | /* 20 | * tun_dev.c,v 1.2.2.1.2.1 2006/11/16 04:04:40 mtbishop Exp 21 | */ 22 | 23 | /* #include "config.h" */ 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | /* #include "vtun.h" 34 | #include "lib.h" */ 35 | 36 | /* 37 | * Allocate TUN device, returns opened fd. 38 | * Stores dev name in the first arg(must be large enough). 39 | */ 40 | int tun_open(char *dev) 41 | { 42 | char tunname[14]; 43 | int i, fd; 44 | 45 | if( *dev ) { 46 | sprintf(tunname, "/dev/%s", dev); 47 | return open(tunname, O_RDWR); 48 | } 49 | 50 | for(i=0; i < 255; i++){ 51 | sprintf(tunname, "/dev/tun%d", i); 52 | /* Open device */ 53 | if( (fd=open(tunname, O_RDWR)) > 0 ){ 54 | sprintf(dev, "tun%d", i); 55 | return fd; 56 | } 57 | } 58 | return -1; 59 | } 60 | 61 | int tun_close(int fd, char *dev) 62 | { 63 | return close(fd); 64 | } 65 | 66 | /* Read/write frames from TUN device */ 67 | int tun_write(int fd, char *buf, int len) 68 | { 69 | return write(fd, buf, len); 70 | } 71 | 72 | int tun_read(int fd, char *buf, int len) 73 | { 74 | return read(fd, buf, len); 75 | } 76 | 77 | const char *tun_last_error() 78 | { 79 | return strerror(errno); 80 | } 81 | -------------------------------------------------------------------------------- /src/tun_dev_freebsd.c: -------------------------------------------------------------------------------- 1 | /* 2 | VTun - Virtual Tunnel over TCP/IP network. 3 | 4 | Copyright (C) 1998-2000 Maxim Krasnyansky 5 | 6 | VTun has been derived from VPPP package by Maxim Krasnyansky. 7 | 8 | This program is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | This program is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | */ 18 | 19 | /* 20 | * tun_dev.c,v 1.2.2.1.2.1 2006/11/16 04:04:23 mtbishop Exp 21 | */ 22 | 23 | /* #include "config.h" */ 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include 34 | #include 35 | 36 | /* #include "vtun.h" 37 | #include "lib.h" */ 38 | 39 | /* 40 | * Allocate TUN device, returns opened fd. 41 | * Stores dev name in the first arg(must be large enough). 42 | */ 43 | int tun_open(char *dev) 44 | { 45 | char tunname[14]; 46 | int i, fd = -1; 47 | 48 | if( *dev ){ 49 | sprintf(tunname, "/dev/%s", dev); 50 | fd = open(tunname, O_RDWR); 51 | } else { 52 | for(i=0; i < 255; i++){ 53 | sprintf(tunname, "/dev/tun%d", i); 54 | /* Open device */ 55 | if( (fd=open(tunname, O_RDWR)) > 0 ){ 56 | sprintf(dev, "tun%d", i); 57 | break; 58 | } 59 | } 60 | } 61 | if( fd > -1 ){ 62 | i=0; 63 | /* Disable extended modes */ 64 | ioctl(fd, TUNSLMODE, &i); 65 | ioctl(fd, TUNSIFHEAD, &i); 66 | } 67 | return fd; 68 | } 69 | 70 | int tun_close(int fd, char *dev) 71 | { 72 | return close(fd); 73 | } 74 | 75 | /* Read/write frames from/to TUN device */ 76 | int tun_write(int fd, char *buf, int len) 77 | { 78 | return write(fd, buf, len); 79 | } 80 | 81 | int tun_read(int fd, char *buf, int len) 82 | { 83 | return read(fd, buf, len); 84 | } 85 | 86 | const char *tun_last_error() 87 | { 88 | return strerror(errno); 89 | } 90 | -------------------------------------------------------------------------------- /src/client.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef CLIENT_H 21 | #define CLIENT_H 22 | 23 | #include "worker.h" 24 | #include "auth.h" 25 | 26 | #include 27 | 28 | class Client : public Worker 29 | { 30 | 31 | public: 32 | Client(int tunnelMtu, const std::string *deviceName, uint32_t serverIp, 33 | int maxPolls, const std::string &passphrase, uid_t uid, gid_t gid, 34 | bool changeEchoId, bool changeEchoSeq, uint32_t desiredIp); 35 | virtual ~Client(); 36 | 37 | virtual void run(); 38 | 39 | static const Worker::TunnelHeader::Magic magic; 40 | protected: 41 | enum State 42 | { 43 | STATE_CLOSED, 44 | STATE_CONNECTION_REQUEST_SENT, 45 | STATE_CHALLENGE_RESPONSE_SENT, 46 | STATE_ESTABLISHED 47 | }; 48 | 49 | virtual bool handleEchoData(const TunnelHeader &header, int dataLength, uint32_t realIp, bool reply, uint16_t id, uint16_t seq); 50 | virtual void handleTunData(int dataLength, uint32_t sourceIp, uint32_t destIp); 51 | virtual void handleTimeout(); 52 | 53 | void handleDataFromServer(int length); 54 | 55 | void startPolling(); 56 | 57 | void sendEchoToServer(Worker::TunnelHeader::Type type, int dataLength); 58 | void sendChallengeResponse(int dataLength); 59 | void sendConnectionRequest(); 60 | 61 | Auth auth; 62 | 63 | uint32_t serverIp; 64 | uint32_t clientIp; 65 | uint32_t desiredIp; 66 | 67 | int maxPolls; 68 | int pollTimeoutNr; 69 | 70 | bool changeEchoId, changeEchoSeq; 71 | 72 | uint16_t nextEchoId; 73 | uint16_t nextEchoSequence; 74 | 75 | State state; 76 | }; 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /src/time.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "time.h" 21 | 22 | const Time Time::ZERO = Time(0); 23 | 24 | Time::Time(int ms) 25 | { 26 | tv.tv_sec = ms / 1000; 27 | tv.tv_usec = (ms % 1000) * 1000; 28 | } 29 | 30 | Time Time::operator-(const Time &other) const 31 | { 32 | Time result; 33 | result.tv.tv_sec = tv.tv_sec - other.tv.tv_sec; 34 | result.tv.tv_usec = tv.tv_usec - other.tv.tv_usec; 35 | 36 | if (result.tv.tv_usec < 0) 37 | { 38 | result.tv.tv_usec += 1000000; 39 | result.tv.tv_sec -= 1; 40 | } 41 | 42 | return result; 43 | } 44 | 45 | Time Time::operator+(const Time &other) const 46 | { 47 | Time result; 48 | result.tv.tv_sec = tv.tv_sec + other.tv.tv_sec; 49 | result.tv.tv_usec = tv.tv_usec + other.tv.tv_usec; 50 | 51 | if (result.tv.tv_usec >= 1000000) 52 | { 53 | result.tv.tv_usec -= 1000000; 54 | result.tv.tv_sec += 1; 55 | } 56 | 57 | return result; 58 | } 59 | 60 | bool Time::operator==(const Time &other) const 61 | { 62 | return tv.tv_sec != other.tv.tv_sec ? false : tv.tv_usec == other.tv.tv_usec; 63 | } 64 | 65 | bool Time::operator!=(const Time &other) const 66 | { 67 | return tv.tv_sec != other.tv.tv_sec ? true : tv.tv_usec != other.tv.tv_usec; 68 | } 69 | 70 | bool Time::operator<(const Time &other) const 71 | { 72 | return tv.tv_sec != other.tv.tv_sec ? tv.tv_sec < other.tv.tv_sec : tv.tv_usec < other.tv.tv_usec; 73 | } 74 | 75 | bool Time::operator>(const Time &other) const 76 | { 77 | return tv.tv_sec != other.tv.tv_sec ? tv.tv_sec > other.tv.tv_sec : tv.tv_usec > other.tv.tv_usec; 78 | } 79 | 80 | Time Time::now() 81 | { 82 | Time result; 83 | gettimeofday(&result.tv, 0); 84 | return result; 85 | } 86 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | LDFLAGS = `sh osflags ld $(MODE)` 2 | CFLAGS = -c -g `sh osflags c $(MODE)` 3 | CPPFLAGS = -c -g -std=c++98 -pedantic -Wall -Wextra -Wno-sign-compare -Wno-missing-field-initializers `sh osflags c $(MODE)` 4 | TUN_DEV_FILE = `sh osflags dev $(MODE)` 5 | GCC = gcc 6 | GPP = g++ 7 | 8 | .PHONY: directories 9 | 10 | all: directories hans 11 | 12 | directories: build_dir 13 | 14 | build_dir: 15 | mkdir -p build 16 | 17 | tunemu.o: directories build/tunemu.o 18 | 19 | hans: build/tun.o build/sha1.o build/main.o build/client.o build/server.o build/auth.o build/worker.o build/time.o build/tun_dev.o build/echo.o build/exception.o build/utility.o 20 | $(GPP) -o hans build/tun.o build/sha1.o build/main.o build/client.o build/server.o build/auth.o build/worker.o build/time.o build/tun_dev.o build/echo.o build/exception.o build/utility.o $(LDFLAGS) 21 | 22 | build/utility.o: src/utility.cpp src/utility.h 23 | $(GPP) -c src/utility.cpp -o $@ -o $@ $(CPPFLAGS) 24 | 25 | build/exception.o: src/exception.cpp src/exception.h 26 | $(GPP) -c src/exception.cpp -o $@ $(CPPFLAGS) 27 | 28 | build/echo.o: src/echo.cpp src/echo.h src/exception.h 29 | $(GPP) -c src/echo.cpp -o $@ $(CPPFLAGS) 30 | 31 | build/tun.o: src/tun.cpp src/tun.h src/exception.h src/utility.h src/tun_dev.h 32 | $(GPP) -c src/tun.cpp -o $@ $(CPPFLAGS) 33 | 34 | build/tun_dev.o: 35 | $(GCC) -c $(TUN_DEV_FILE) -o build/tun_dev.o -o $@ $(CFLAGS) 36 | 37 | build/sha1.o: src/sha1.cpp src/sha1.h 38 | $(GPP) -c src/sha1.cpp -o $@ $(CPPFLAGS) 39 | 40 | build/main.o: src/main.cpp src/client.h src/server.h src/exception.h src/worker.h src/auth.h src/time.h src/echo.h src/tun.h src/tun_dev.h 41 | $(GPP) -c src/main.cpp -o $@ $(CPPFLAGS) 42 | 43 | build/client.o: src/client.cpp src/client.h src/server.h src/exception.h src/config.h src/worker.h src/auth.h src/time.h src/echo.h src/tun.h src/tun_dev.h 44 | $(GPP) -c src/client.cpp -o $@ $(CPPFLAGS) 45 | 46 | build/server.o: src/server.cpp src/server.h src/client.h src/utility.h src/config.h src/worker.h src/auth.h src/time.h src/echo.h src/tun.h src/tun_dev.h 47 | $(GPP) -c src/server.cpp -o $@ $(CPPFLAGS) 48 | 49 | build/auth.o: src/auth.cpp src/auth.h src/sha1.h src/utility.h 50 | $(GPP) -c src/auth.cpp -o $@ $(CPPFLAGS) 51 | 52 | build/worker.o: src/worker.cpp src/worker.h src/tun.h src/exception.h src/time.h src/echo.h src/tun_dev.h src/config.h 53 | $(GPP) -c src/worker.cpp -o $@ $(CPPFLAGS) 54 | 55 | build/time.o: src/time.cpp src/time.h 56 | $(GPP) -c src/time.cpp -o $@ $(CPPFLAGS) 57 | 58 | clean: 59 | rm -rf build hans 60 | 61 | build/tunemu.o: src/tunemu.h src/tunemu.c 62 | $(GCC) -c src/tunemu.c -o build/tunemu.o 63 | -------------------------------------------------------------------------------- /src/sha1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * sha1.h 3 | * 4 | * Copyright (C) 1998, 2009 5 | * Paul E. Jones 6 | * All Rights Reserved. 7 | * 8 | ***************************************************************************** 9 | * $Id: sha1.h 12 2009-06-22 19:34:25Z paulej $ 10 | ***************************************************************************** 11 | * 12 | * Description: 13 | * This class implements the Secure Hashing Standard as defined 14 | * in FIPS PUB 180-1 published April 17, 1995. 15 | * 16 | * Many of the variable names in this class, especially the single 17 | * character names, were used because those were the names used 18 | * in the publication. 19 | * 20 | * Please read the file sha1.cpp for more information. 21 | * 22 | */ 23 | 24 | #ifndef _SHA1_H_ 25 | #define _SHA1_H_ 26 | 27 | class SHA1 28 | { 29 | 30 | public: 31 | 32 | SHA1(); 33 | virtual ~SHA1(); 34 | 35 | /* 36 | * Re-initialize the class 37 | */ 38 | void Reset(); 39 | 40 | /* 41 | * Returns the message digest 42 | */ 43 | bool Result(unsigned *message_digest_array); 44 | 45 | /* 46 | * Provide input to SHA1 47 | */ 48 | void Input( const unsigned char *message_array, 49 | unsigned length); 50 | void Input( const char *message_array, 51 | unsigned length); 52 | void Input(unsigned char message_element); 53 | void Input(char message_element); 54 | SHA1& operator<<(const char *message_array); 55 | SHA1& operator<<(const unsigned char *message_array); 56 | SHA1& operator<<(const char message_element); 57 | SHA1& operator<<(const unsigned char message_element); 58 | 59 | private: 60 | 61 | /* 62 | * Process the next 512 bits of the message 63 | */ 64 | void ProcessMessageBlock(); 65 | 66 | /* 67 | * Pads the current message block to 512 bits 68 | */ 69 | void PadMessage(); 70 | 71 | /* 72 | * Performs a circular left shift operation 73 | */ 74 | inline unsigned CircularShift(int bits, unsigned word); 75 | 76 | unsigned H[5]; // Message digest buffers 77 | 78 | unsigned Length_Low; // Message length in bits 79 | unsigned Length_High; // Message length in bits 80 | 81 | unsigned char Message_Block[64]; // 512-bit message blocks 82 | int Message_Block_Index; // Index into message block array 83 | 84 | bool Computed; // Is the digest computed? 85 | bool Corrupted; // Is the message digest corruped? 86 | 87 | }; 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /src/tun_dev_openbsd.c: -------------------------------------------------------------------------------- 1 | /* 2 | VTun - Virtual Tunnel over TCP/IP network. 3 | 4 | Copyright (C) 1998-2000 Maxim Krasnyansky 5 | 6 | VTun has been derived from VPPP package by Maxim Krasnyansky. 7 | 8 | This program is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | This program is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | */ 18 | 19 | /* 20 | * tun_dev.c,v 1.3.2.1.2.1 2006/11/16 04:04:52 mtbishop Exp 21 | */ 22 | 23 | /* #include "config.h" */ 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | /* #include "vtun.h" 40 | #include "lib.h" */ 41 | 42 | /* 43 | * Allocate TUN device, returns opened fd. 44 | * Stores dev name in the first arg(must be large enough). 45 | */ 46 | int tun_open(char *dev) 47 | { 48 | char tunname[14]; 49 | int i, fd = -1; 50 | 51 | if( *dev ){ 52 | sprintf(tunname, "/dev/%s", dev); 53 | fd = open(tunname, O_RDWR); 54 | } else { 55 | for(i=0; i < 255; i++){ 56 | sprintf(tunname, "/dev/tun%d", i); 57 | /* Open device */ 58 | if( (fd=open(tunname, O_RDWR)) > 0 ){ 59 | sprintf(dev, "tun%d", i); 60 | break; 61 | } 62 | } 63 | } 64 | return fd; 65 | } 66 | 67 | int tun_close(int fd, char *dev) 68 | { 69 | return close(fd); 70 | } 71 | 72 | /* Read/write frames from TUN device */ 73 | int tun_write(int fd, char *buf, int len) 74 | { 75 | u_int32_t type = htonl(AF_INET); 76 | struct iovec iv[2]; 77 | 78 | iv[0].iov_base = &type; 79 | iv[0].iov_len = sizeof(type); 80 | iv[1].iov_base = buf; 81 | iv[1].iov_len = len; 82 | 83 | return writev(fd, iv, 2); 84 | } 85 | 86 | int tun_read(int fd, char *buf, int len) 87 | { 88 | struct iovec iv[2]; 89 | u_int32_t type; 90 | register int rlen; 91 | 92 | iv[0].iov_base = &type; 93 | iv[0].iov_len = sizeof(type); 94 | iv[1].iov_base = buf; 95 | iv[1].iov_len = len; 96 | 97 | if( (rlen = readv(fd, iv, 2)) > 0 ) 98 | return rlen - sizeof(type); 99 | else 100 | return rlen; 101 | } 102 | 103 | const char *tun_last_error() 104 | { 105 | return strerror(errno); 106 | } 107 | -------------------------------------------------------------------------------- /src/tun_dev_utun.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | #include "tun_dev.h" 19 | 20 | /* 21 | * Allocate TUN device, returns opened fd. 22 | * Stores dev name in the first arg(must be large enough). 23 | */ 24 | int tun_open(char *ifname) 25 | { 26 | struct sockaddr_ctl addr; 27 | struct ctl_info info; 28 | int fd = -1; 29 | int err = 0; 30 | int unit = 0; 31 | 32 | fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL); 33 | if (fd < 0) { 34 | return -1; 35 | } 36 | 37 | /* Look up the kernel controller ID for utun devices. */ 38 | memset(&info, 0, sizeof(info)); 39 | strncpy(info.ctl_name, UTUN_CONTROL_NAME, MAX_KCTL_NAME); 40 | 41 | err = ioctl(fd, CTLIOCGINFO, &info); 42 | if (err != 0) { 43 | close(fd); 44 | return -1; 45 | } 46 | 47 | /* Connecting to the socket creates the utun device. */ 48 | addr.sc_len = sizeof(addr); 49 | addr.sc_family = AF_SYSTEM; 50 | addr.ss_sysaddr = AF_SYS_CONTROL; 51 | addr.sc_id = info.ctl_id; 52 | 53 | /* Look for a first available utun device */ 54 | for (unit = 1; unit < 50; unit++) { 55 | addr.sc_unit = unit; 56 | err = connect(fd, (struct sockaddr *) &addr, sizeof(addr)); 57 | if (err == 0) { 58 | break; 59 | } 60 | } 61 | if (err != 0) { 62 | close(fd); 63 | return -1; 64 | } 65 | 66 | /* Retrieve the assigned interface name. */ 67 | socklen_t ifname_len = VTUN_DEV_LEN; 68 | err = getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &ifname_len); 69 | if (err != 0) { 70 | close(fd); 71 | return -1; 72 | } 73 | 74 | /* Set FD_CLOEXEC flag on file descriptor. 75 | * This stops it from being inherited by system() calls. 76 | */ 77 | if (fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC) < 0) { 78 | close(fd); 79 | return -1; 80 | } 81 | return fd; 82 | } 83 | 84 | int tun_close(int fd, char *dev) 85 | { 86 | return close(fd); 87 | } 88 | 89 | /* Read/write frames from TUN device */ 90 | int tun_write(int fd, char *buf, int len) 91 | { 92 | u_int32_t type = htonl(AF_INET); 93 | struct iovec iv[2]; 94 | int wlen; 95 | 96 | iv[0].iov_base = &type; 97 | iv[0].iov_len = sizeof(type); 98 | iv[1].iov_base = buf; 99 | iv[1].iov_len = len; 100 | 101 | if ((wlen = writev(fd, iv, 2)) > 0) 102 | return wlen - sizeof(type); 103 | return wlen; 104 | } 105 | 106 | int tun_read(int fd, char *buf, int len) 107 | { 108 | struct iovec iv[2]; 109 | u_int32_t type; 110 | register int rlen; 111 | 112 | iv[0].iov_base = &type; 113 | iv[0].iov_len = sizeof(type); 114 | iv[1].iov_base = buf; 115 | iv[1].iov_len = len; 116 | 117 | if ((rlen = readv(fd, iv, 2)) > 0) 118 | return rlen - sizeof(type); 119 | else 120 | return rlen; 121 | } 122 | 123 | const char *tun_last_error() 124 | { 125 | return strerror(errno); 126 | } 127 | -------------------------------------------------------------------------------- /src/worker.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef WORKER_H 21 | #define WORKER_H 22 | 23 | #include "time.h" 24 | #include "echo.h" 25 | #include "tun.h" 26 | 27 | #include 28 | #include 29 | 30 | class Worker 31 | { 32 | public: 33 | Worker(int tunnelMtu, const std::string *deviceName, bool answerEcho, 34 | uid_t uid, gid_t gid); 35 | virtual ~Worker() { } 36 | 37 | virtual void run(); 38 | virtual void stop(); 39 | 40 | static int headerSize() { return sizeof(TunnelHeader); } 41 | 42 | protected: 43 | struct TunnelHeader 44 | { 45 | struct Magic 46 | { 47 | Magic() { } 48 | Magic(const char *magic); 49 | 50 | bool operator==(const Magic &other) const; 51 | bool operator!=(const Magic &other) const; 52 | 53 | char data[4]; 54 | }; 55 | 56 | enum Type 57 | { 58 | TYPE_RESET_CONNECTION = 1, 59 | TYPE_CONNECTION_REQUEST = 2, 60 | TYPE_CHALLENGE = 3, 61 | TYPE_CHALLENGE_RESPONSE = 4, 62 | TYPE_CONNECTION_ACCEPT = 5, 63 | TYPE_CHALLENGE_ERROR = 6, 64 | TYPE_DATA = 7, 65 | TYPE_POLL = 8, 66 | TYPE_SERVER_FULL = 9 67 | }; 68 | 69 | Magic magic; 70 | uint8_t type; 71 | }; // size = 5 72 | 73 | virtual bool handleEchoData(const TunnelHeader &header, int dataLength, 74 | uint32_t realIp, bool reply, uint16_t id, uint16_t seq); 75 | virtual void handleTunData(int dataLength, uint32_t sourceIp, 76 | uint32_t destIp); // to echoSendPayloadBuffer 77 | virtual void handleTimeout(); 78 | 79 | void sendEcho(const TunnelHeader::Magic &magic, TunnelHeader::Type type, 80 | int length, uint32_t realIp, bool reply, uint16_t id, uint16_t seq); 81 | void sendToTun(int length); // from echoReceivePayloadBuffer 82 | 83 | void setTimeout(Time delta); 84 | 85 | char *echoSendPayloadBuffer(); 86 | char *echoReceivePayloadBuffer(); 87 | 88 | int payloadBufferSize() { return tunnelMtu; } 89 | 90 | void dropPrivileges(); 91 | 92 | Echo echo; 93 | Tun tun; 94 | bool alive; 95 | bool answerEcho; 96 | int tunnelMtu; 97 | int maxTunnelHeaderSize; 98 | uid_t uid; 99 | gid_t gid; 100 | 101 | bool privilegesDropped; 102 | 103 | Time now; 104 | private: 105 | int readIcmpData(int *realIp, int *id, int *seq); 106 | 107 | Time nextTimeout; 108 | }; 109 | 110 | #endif 111 | -------------------------------------------------------------------------------- /website/tunemu/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | tunemu - Tun device emulation for Darwin 6 | 7 | 83 | 84 | 85 | 86 | 87 |
88 |
89 |

tunemu Tun device emulation for Darwin

90 |

tunemu allows programs that require tun devices to run on Darwin (OS X) without kernel support.

91 |

How

92 | tunemu uses the kernel ppp driver to create a ppp device. It then reads packets from the ppp instance and writes packets to the loopback device using libpcap. 93 |

Source

94 | 98 |

tunemu is part of Hans.

99 |

Supported programs

100 |
101 |
Hans
102 |
In order to build Hans with tunemu support, first run "make tunemu.o" and then "MODE=tunemu make".
103 |
iodine
104 |
Get the patched iodine.
105 |
OpenVPN
106 |
107 |
    108 |
  • Get the patched OpenVPN.
    • 109 |
  • Run "./configure --enable-tunemu".
    • 110 |
  • Run "make".
    • 111 |
112 |
113 |
114 |
115 |
116 | 117 | 118 | 119 | -------------------------------------------------------------------------------- /src/server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #ifndef SERVER_H 21 | #define SERVER_H 22 | 23 | #include "worker.h" 24 | #include "auth.h" 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | class Server : public Worker 34 | { 35 | public: 36 | Server(int tunnelMtu, const std::string *deviceName, const std::string &passphrase, 37 | uint32_t network, bool answerEcho, uid_t uid, gid_t gid, int pollTimeout); 38 | virtual ~Server(); 39 | 40 | struct ClientConnectData 41 | { 42 | uint8_t maxPolls; 43 | uint32_t desiredIp; 44 | }; 45 | 46 | static const TunnelHeader::Magic magic; 47 | 48 | protected: 49 | struct Packet 50 | { 51 | TunnelHeader::Type type; 52 | std::vector data; 53 | }; 54 | 55 | struct ClientData 56 | { 57 | enum State 58 | { 59 | STATE_NEW, 60 | STATE_CHALLENGE_SENT, 61 | STATE_ESTABLISHED 62 | }; 63 | 64 | struct EchoId 65 | { 66 | EchoId(uint16_t id, uint16_t seq) { this->id = id; this->seq = seq; } 67 | 68 | uint16_t id; 69 | uint16_t seq; 70 | }; 71 | 72 | uint32_t realIp; 73 | uint32_t tunnelIp; 74 | 75 | std::queue pendingPackets; 76 | 77 | int maxPolls; 78 | std::queue pollIds; 79 | Time lastActivity; 80 | 81 | State state; 82 | 83 | Auth::Challenge challenge; 84 | }; 85 | 86 | typedef std::list ClientList; 87 | typedef std::map ClientIpMap; 88 | 89 | virtual bool handleEchoData(const TunnelHeader &header, int dataLength, uint32_t realIp, bool reply, uint16_t id, uint16_t seq); 90 | virtual void handleTunData(int dataLength, uint32_t sourceIp, uint32_t destIp); 91 | virtual void handleTimeout(); 92 | 93 | virtual void run(); 94 | 95 | void serveTun(ClientData *client); 96 | 97 | void handleUnknownClient(const TunnelHeader &header, int dataLength, uint32_t realIp, uint16_t echoId, uint16_t echoSeq); 98 | void removeClient(ClientData *client); 99 | 100 | void sendChallenge(ClientData *client); 101 | void checkChallenge(ClientData *client, int dataLength); 102 | void sendReset(ClientData *client); 103 | 104 | void sendEchoToClient(ClientData *client, TunnelHeader::Type type, int dataLength); 105 | 106 | void pollReceived(ClientData *client, uint16_t echoId, uint16_t echoSeq); 107 | 108 | uint32_t reserveTunnelIp(uint32_t desiredIp); 109 | void releaseTunnelIp(uint32_t tunnelIp); 110 | 111 | ClientData *getClientByTunnelIp(uint32_t ip); 112 | ClientData *getClientByRealIp(uint32_t ip); 113 | 114 | Auth auth; 115 | 116 | uint32_t network; 117 | std::set usedIps; 118 | uint32_t latestAssignedIpOffset; 119 | 120 | Time pollTimeout; 121 | 122 | ClientList clientList; 123 | ClientIpMap clientRealIpMap; 124 | ClientIpMap clientTunnelIpMap; 125 | }; 126 | 127 | #endif 128 | -------------------------------------------------------------------------------- /src/tun_dev_linux.c: -------------------------------------------------------------------------------- 1 | /* 2 | VTun - Virtual Tunnel over TCP/IP network. 3 | 4 | Copyright (C) 1998-2000 Maxim Krasnyansky 5 | 6 | VTun has been derived from VPPP package by Maxim Krasnyansky. 7 | 8 | This program is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | This program is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | */ 18 | 19 | /* 20 | * $Id: tun_dev.c,v 1.4 2006/12/11 10:45:35 mtbishop Exp $ 21 | */ 22 | 23 | /* #include "config.h" */ 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include 34 | #include 35 | #include 36 | 37 | /* #include "vtun.h" 38 | #include "lib.h" */ 39 | 40 | /* 41 | * Allocate TUN device, returns opened fd. 42 | * Stores dev name in the first arg(must be large enough). 43 | */ 44 | static int tun_open_common0(char *dev, int istun) 45 | { 46 | char tunname[14]; 47 | int i, fd, err; 48 | 49 | if( *dev ) { 50 | sprintf(tunname, "/dev/%s", dev); 51 | return open(tunname, O_RDWR); 52 | } 53 | 54 | sprintf(tunname, "/dev/%s", istun ? "tun" : "tap"); 55 | err = 0; 56 | for(i=0; i < 255; i++){ 57 | sprintf(tunname + 8, "%d", i); 58 | /* Open device */ 59 | if( (fd=open(tunname, O_RDWR)) > 0 ) { 60 | strcpy(dev, tunname + 5); 61 | return fd; 62 | } 63 | else if (errno != ENOENT) 64 | err = errno; 65 | else if (i) /* don't try all 256 devices */ 66 | break; 67 | } 68 | if (err) 69 | errno = err; 70 | return -1; 71 | } 72 | 73 | #ifdef HAVE_LINUX_IF_TUN_H /* New driver support */ 74 | #include 75 | 76 | #ifndef OTUNSETNOCSUM 77 | /* pre 2.4.6 compatibility */ 78 | #define OTUNSETNOCSUM (('T'<< 8) | 200) 79 | #define OTUNSETDEBUG (('T'<< 8) | 201) 80 | #define OTUNSETIFF (('T'<< 8) | 202) 81 | #define OTUNSETPERSIST (('T'<< 8) | 203) 82 | #define OTUNSETOWNER (('T'<< 8) | 204) 83 | #endif 84 | 85 | static int tun_open_common(char *dev, int istun) 86 | { 87 | struct ifreq ifr; 88 | int fd; 89 | 90 | if ((fd = open("/dev/net/tun", O_RDWR)) < 0) 91 | return tun_open_common0(dev, istun); 92 | 93 | memset(&ifr, 0, sizeof(ifr)); 94 | ifr.ifr_flags = (istun ? IFF_TUN : IFF_TAP) | IFF_NO_PI; 95 | if (*dev) 96 | strncpy(ifr.ifr_name, dev, IFNAMSIZ); 97 | 98 | if (ioctl(fd, TUNSETIFF, (void *) &ifr) < 0) { 99 | if (errno == EBADFD) { 100 | /* Try old ioctl */ 101 | if (ioctl(fd, OTUNSETIFF, (void *) &ifr) < 0) 102 | goto failed; 103 | } else 104 | goto failed; 105 | } 106 | 107 | strcpy(dev, ifr.ifr_name); 108 | return fd; 109 | 110 | failed: 111 | close(fd); 112 | return -1; 113 | } 114 | 115 | #else 116 | 117 | # define tun_open_common(dev, type) tun_open_common0(dev, type) 118 | 119 | #endif /* New driver support */ 120 | 121 | int tun_open(char *dev) { return tun_open_common(dev, 1); } 122 | int tap_open(char *dev) { return tun_open_common(dev, 0); } 123 | 124 | int tun_close(int fd, char *dev) { return close(fd); } 125 | int tap_close(int fd, char *dev) { return close(fd); } 126 | 127 | /* Read/write frames from TUN device */ 128 | int tun_write(int fd, char *buf, int len) { return write(fd, buf, len); } 129 | int tap_write(int fd, char *buf, int len) { return write(fd, buf, len); } 130 | 131 | int tun_read(int fd, char *buf, int len) { return read(fd, buf, len); } 132 | int tap_read(int fd, char *buf, int len) { return read(fd, buf, len); } 133 | 134 | const char *tun_last_error() 135 | { 136 | return strerror(errno); 137 | } 138 | -------------------------------------------------------------------------------- /src/echo.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "echo.h" 21 | #include "exception.h" 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | typedef ip IpHeader; 37 | 38 | Echo::Echo(int maxPayloadSize) 39 | { 40 | fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 41 | if (fd == -1) 42 | throw Exception("creating icmp socket", true); 43 | 44 | bufferSize = maxPayloadSize + headerSize(); 45 | sendBuffer.resize(bufferSize); 46 | receiveBuffer.resize(bufferSize); 47 | } 48 | 49 | Echo::~Echo() 50 | { 51 | close(fd); 52 | } 53 | 54 | int Echo::headerSize() 55 | { 56 | return sizeof(IpHeader) + sizeof(EchoHeader); 57 | } 58 | 59 | void Echo::send(int payloadLength, uint32_t realIp, bool reply, uint16_t id, uint16_t seq) 60 | { 61 | struct sockaddr_in target; 62 | target.sin_family = AF_INET; 63 | target.sin_addr.s_addr = htonl(realIp); 64 | 65 | if (payloadLength + sizeof(IpHeader) + sizeof(EchoHeader) > bufferSize) 66 | throw Exception("packet too big"); 67 | 68 | EchoHeader *header = (EchoHeader *)(sendBuffer.data() + sizeof(IpHeader)); 69 | header->type = reply ? 0: 8; 70 | header->code = 0; 71 | header->id = htons(id); 72 | header->seq = htons(seq); 73 | header->chksum = 0; 74 | header->chksum = icmpChecksum(sendBuffer.data() + sizeof(IpHeader), payloadLength + sizeof(EchoHeader)); 75 | 76 | int result = sendto(fd, sendBuffer.data() + sizeof(IpHeader), payloadLength + sizeof(EchoHeader), 0, (struct sockaddr *)&target, sizeof(struct sockaddr_in)); 77 | if (result == -1) 78 | syslog(LOG_ERR, "error sending icmp packet: %s", strerror(errno)); 79 | } 80 | 81 | int Echo::receive(uint32_t &realIp, bool &reply, uint16_t &id, uint16_t &seq) 82 | { 83 | struct sockaddr_in source; 84 | int source_addr_len = sizeof(struct sockaddr_in); 85 | 86 | int dataLength = recvfrom(fd, receiveBuffer.data(), bufferSize, 0, (struct sockaddr *)&source, (socklen_t *)&source_addr_len); 87 | if (dataLength == -1) 88 | { 89 | syslog(LOG_ERR, "error receiving icmp packet: %s", strerror(errno)); 90 | return -1; 91 | } 92 | 93 | if (dataLength < sizeof(IpHeader) + sizeof(EchoHeader)) 94 | return -1; 95 | 96 | EchoHeader *header = (EchoHeader *)(receiveBuffer.data() + sizeof(IpHeader)); 97 | if ((header->type != 0 && header->type != 8) || header->code != 0) 98 | return -1; 99 | 100 | realIp = ntohl(source.sin_addr.s_addr); 101 | reply = header->type == 0; 102 | id = ntohs(header->id); 103 | seq = ntohs(header->seq); 104 | 105 | return dataLength - sizeof(IpHeader) - sizeof(EchoHeader); 106 | } 107 | 108 | uint16_t Echo::icmpChecksum(const char *data, int length) 109 | { 110 | uint16_t *data16 = (uint16_t *)data; 111 | uint32_t sum = 0; 112 | 113 | for (sum = 0; length > 1; length -= 2) 114 | sum += *data16++; 115 | if (length == 1) 116 | sum += *(unsigned char *)data16; 117 | 118 | sum = (sum >> 16) + (sum & 0xffff); 119 | sum += (sum >> 16); 120 | return ~sum; 121 | } 122 | 123 | char *Echo::sendPayloadBuffer() 124 | { 125 | return sendBuffer.data() + headerSize(); 126 | } 127 | 128 | char *Echo::receivePayloadBuffer() 129 | { 130 | return receiveBuffer.data() + headerSize(); 131 | } 132 | -------------------------------------------------------------------------------- /src/tun.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "tun.h" 21 | #include "exception.h" 22 | #include "utility.h" 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | #ifdef WIN32 36 | #include 37 | #endif 38 | 39 | typedef ip IpHeader; 40 | 41 | using std::string; 42 | 43 | #ifdef WIN32 44 | static void winsystem(char *cmd) 45 | { 46 | STARTUPINFO info = { sizeof(info) }; 47 | PROCESS_INFORMATION processInfo; 48 | if (CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo)) 49 | { 50 | WaitForSingleObject(processInfo.hProcess, INFINITE); 51 | CloseHandle(processInfo.hProcess); 52 | CloseHandle(processInfo.hThread); 53 | } 54 | } 55 | #endif 56 | 57 | Tun::Tun(const string *device, int mtu) 58 | { 59 | this->mtu = mtu; 60 | 61 | if (device) 62 | this->device = *device; 63 | 64 | this->device.resize(VTUN_DEV_LEN); 65 | fd = tun_open(&this->device[0]); 66 | this->device.resize(strlen(this->device.data())); 67 | 68 | if (fd == -1) 69 | throw Exception(string("could not create tunnel device: ") + tun_last_error()); 70 | 71 | syslog(LOG_INFO, "opened tunnel device: %s", this->device.data()); 72 | 73 | std::stringstream cmdline; 74 | 75 | #ifdef WIN32 76 | cmdline << "netsh interface ipv4 set subinterface \"" << this->device 77 | << "\" mtu=" << mtu; 78 | winsystem(cmdline.str().data()); 79 | #else 80 | cmdline << "/sbin/ifconfig " << this->device << " mtu " << mtu; 81 | if (system(cmdline.str().data()) != 0) 82 | syslog(LOG_ERR, "could not set tun device mtu"); 83 | #endif 84 | } 85 | 86 | Tun::~Tun() 87 | { 88 | tun_close(fd, &device[0]); 89 | } 90 | 91 | void Tun::setIp(uint32_t ip, uint32_t destIp) 92 | { 93 | std::stringstream cmdline; 94 | string ips = Utility::formatIp(ip); 95 | string destIps = Utility::formatIp(destIp); 96 | 97 | #ifdef WIN32 98 | cmdline << "netsh interface ip set address name=\"" << device << "\" " 99 | << "static " << ips << " 255.255.255.0"; 100 | winsystem(cmdline.str().data()); 101 | 102 | if (!tun_set_ip(fd, ip, ip & 0xffffff00, 0xffffff00)) 103 | syslog(LOG_ERR, "could not set tun device driver ip address: %s", tun_last_error()); 104 | #elif LINUX 105 | cmdline << "/sbin/ifconfig " << device << " " << ips << " netmask 255.255.255.0"; 106 | if (system(cmdline.str().data()) != 0) 107 | syslog(LOG_ERR, "could not set tun device ip address"); 108 | #else 109 | cmdline << "/sbin/ifconfig " << device << " " << ips << " " << destIps 110 | << " netmask 255.255.255.255"; 111 | if (system(cmdline.str().data()) != 0) 112 | syslog(LOG_ERR, "could not set tun device ip address"); 113 | #endif 114 | } 115 | 116 | void Tun::write(const char *buffer, int length) 117 | { 118 | if (tun_write(fd, (char *)buffer, length) == -1) 119 | syslog(LOG_ERR, "error writing %d bytes to tun: %s", length, tun_last_error()); 120 | } 121 | 122 | int Tun::read(char *buffer) 123 | { 124 | int length = tun_read(fd, buffer, mtu); 125 | if (length == -1) 126 | syslog(LOG_ERR, "error reading from tun: %s", tun_last_error()); 127 | return length; 128 | } 129 | 130 | int Tun::read(char *buffer, uint32_t &sourceIp, uint32_t &destIp) 131 | { 132 | int length = read(buffer); 133 | 134 | IpHeader *header = (IpHeader *)buffer; 135 | sourceIp = ntohl(header->ip_src.s_addr); 136 | destIp = ntohl(header->ip_dst.s_addr); 137 | 138 | return length; 139 | } 140 | -------------------------------------------------------------------------------- /website/hans/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Hans – IP over ICMP 8 | 9 | 10 | 11 | 12 |

Hans – IP over ICMP

13 |

Hans makes it possible to tunnel IPv4 through ICMP echo packets, so you could call it a ping tunnel. This can 14 | be useful when you find yourself in the situation that your Internet access is firewalled, but pings are 15 | allowed.

16 |

Hans runs on Linux as a client and a server. It runs on Mac OS X, iPhone/iPod touch, FreeBSD, OpenBSD and 17 | Windows as a client only.

18 |

Is is inspired by icmptx and adds some features:

19 |

Features

20 |
    21 |
  • Reliability: Hans works reliably in situations when the client is behind a firewall that allows only one 22 | echo reply per request.
    • 23 |
  • Security: Hans uses a challenge-response based login mechanism.
    • 24 |
  • Multiple clients: Hans currently supports up to 253 clients, which is the number of available IPs on the 25 | virtual subnet.
    • 26 |
  • Easy setup: Hans automatically assigns IP addresses.
    • 27 |
28 |

For the iPhone/iPod touch version have a look at tunemu.

29 |

Get Hans

30 |

Hans source. 31 | Hans Mac OS X binary. 32 | Hans Windows binary.

33 |

Browse the source and contribute on Github.

34 |

View the changelog.

35 |

Use Hans

36 |

First, make sure you kernel supports tun devices. For Mac OS X you can get the drivers here. 38 | On Windows you have to install a tap device driver by downloading the Windows Installer of OpenVPN and selecting 40 | "TAP Virtual Ethernet Adapter" during the installation.

41 |

To compile hans, unpack it and run "make":

42 | 
tar -xzf hans-version.tar.gz
43 | cd hans-version
44 | make
45 |
46 |

To run as a server (as root):

47 | 
./hans -s 10.1.2.0 -p password
48 |
49 |

This will create a new tun device and assign the IP 10.1.2.1 to it. Note that Hans can not receive echo 50 | requests on BSD systems. Therefore the server only works on Linux.

51 |

To run as a client (as root):

52 | 
./hans -c server_address -p password
53 |
54 |

This will connect to the server at "server_addess", create a new tun device and assign an IP from the network 55 | 10.1.2.0/24 to it.

56 |

Now you can run a proxy on the server or let it act as a router and use NAT to allow the clients to access the 57 | Internet.

58 |

On Windows you must run your command prompt as Administrator in order for hans to work.

59 |

Troubleshoot / Tweak

60 |

If you are behind a firewall that filters icmp packets in any way, which is likely, you might have to make some 61 | adjustments. During this process it is useful to add the "-fv" options to the command. With this hans stays 62 | attached to the terminal and shows some debug output.

63 |

First, you should tell your operating system not to respond to echo requests. On Linux this can be done by:

64 | 
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
65 |
66 |

Now you might want to add the "-r" option to the server command. This tells Hans also to respond to ordinary 67 | pings.

68 |

By default the client is configured to send 10 poll "echo requests" that can be answered by the server, when 69 | data needs to be transmitted. You might want to lower this value using the "-w" flag, if you experience packet 70 | loss. You can also try to raise this value to increase the throughput of the tunnel.

71 |

In some cases it might be necessary to tell the client to change the echo id or sequence number with each 72 | request. This might have a serious impact on performance. You should first try the "-q" flag and if this does 73 | not work, the "-i" flag.

74 |

Finally you can tell Hans to run as a different user via the "-u" flag.

75 |

Note that when you run Hans without any parameters you get a short description of the available commands.

76 |

Please report at the issue tracker if there are further 77 | problems.

78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /src/tun_dev_svr4.c: -------------------------------------------------------------------------------- 1 | /* 2 | VTun - Virtual Tunnel over TCP/IP network. 3 | 4 | Copyright (C) 1998-2000 Maxim Krasnyansky 5 | 6 | VTun has been derived from VPPP package by Maxim Krasnyansky. 7 | 8 | This program is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | This program is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | */ 18 | 19 | /* 20 | * tun_dev.c,v 1.2.2.2.2.1 2006/11/16 04:05:18 mtbishop Exp 21 | */ 22 | 23 | /* #include "config.h" */ 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | 45 | #ifdef HAVE_NETINET_IN_H 46 | #include 47 | #endif 48 | 49 | #ifdef HAVE_NETINET_IN_SYSTM_H 50 | #include 51 | #endif 52 | 53 | #ifdef HAVE_NETINET_IP_H 54 | #include 55 | #endif 56 | 57 | #ifdef HAVE_NETINET_TCP_H 58 | #include 59 | #endif 60 | 61 | /* #include "vtun.h" 62 | #include "lib.h" */ 63 | 64 | static int ip_fd = -1; 65 | 66 | /* 67 | * Allocate TUN device, returns opened fd. 68 | * Stores dev name in the first arg(must be large enough). 69 | */ 70 | int tun_open(char *dev) 71 | { 72 | int tun_fd, if_fd, muxid, ppa = -1; 73 | struct ifreq ifr; 74 | char *ptr; 75 | 76 | if( *dev ){ 77 | ptr = dev; 78 | while( *ptr && !isdigit((int)*ptr) ) ptr++; 79 | ppa = atoi(ptr); 80 | } 81 | 82 | if( (ip_fd = open("/dev/udp", O_RDWR, 0)) < 0){ 83 | syslog(LOG_ERR, "Can't open /dev/ip"); 84 | return -1; 85 | } 86 | 87 | if( (tun_fd = open("/dev/tun", O_RDWR, 0)) < 0){ 88 | syslog(LOG_ERR, "Can't open /dev/tun"); 89 | return -1; 90 | } 91 | 92 | /* Assign a new PPA and get its unit number. */ 93 | if( (ppa = ioctl(tun_fd, TUNNEWPPA, ppa)) < 0){ 94 | syslog(LOG_ERR, "Can't assign new interface"); 95 | return -1; 96 | } 97 | 98 | if( (if_fd = open("/dev/tun", O_RDWR, 0)) < 0){ 99 | syslog(LOG_ERR, "Can't open /dev/tun (2)"); 100 | return -1; 101 | } 102 | if(ioctl(if_fd, I_PUSH, "ip") < 0){ 103 | syslog(LOG_ERR, "Can't push IP module"); 104 | return -1; 105 | } 106 | 107 | /* Assign ppa according to the unit number returned by tun device */ 108 | if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0){ 109 | syslog(LOG_ERR, "Can't set PPA %d", ppa); 110 | return -1; 111 | } 112 | if( (muxid = ioctl(ip_fd, I_PLINK, if_fd)) < 0){ 113 | syslog(LOG_ERR, "Can't link TUN device to IP"); 114 | return -1; 115 | } 116 | close(if_fd); 117 | 118 | sprintf(dev, "tun%d", ppa); 119 | 120 | memset(&ifr, 0, sizeof(ifr)); 121 | strcpy(ifr.ifr_name, dev); 122 | ifr.ifr_ip_muxid = muxid; 123 | 124 | if( ioctl(ip_fd, SIOCSIFMUXID, &ifr) < 0 ){ 125 | ioctl(ip_fd, I_PUNLINK, muxid); 126 | syslog(LOG_ERR, "Can't set multiplexor id"); 127 | return -1; 128 | } 129 | 130 | return tun_fd; 131 | } 132 | 133 | /* 134 | * Close TUN device. 135 | */ 136 | int tun_close(int fd, char *dev) 137 | { 138 | struct ifreq ifr; 139 | 140 | memset(&ifr, 0, sizeof(ifr)); 141 | strcpy(ifr.ifr_name, dev); 142 | if( ioctl(ip_fd, SIOCGIFFLAGS, &ifr) < 0 ){ 143 | syslog(LOG_ERR, "Can't get iface flags"); 144 | return 0; 145 | } 146 | 147 | if( ioctl(ip_fd, SIOCGIFMUXID, &ifr) < 0 ){ 148 | syslog(LOG_ERR, "Can't get multiplexor id"); 149 | return 0; 150 | } 151 | 152 | if( ioctl(ip_fd, I_PUNLINK, ifr.ifr_ip_muxid) < 0 ){ 153 | syslog(LOG_ERR, "Can't unlink interface"); 154 | return 0; 155 | } 156 | 157 | close(ip_fd); close(fd); 158 | return 0; 159 | } 160 | 161 | int tun_write(int fd, char *buf, int len) 162 | { 163 | struct strbuf sbuf; 164 | sbuf.len = len; 165 | sbuf.buf = buf; 166 | return putmsg(fd, NULL, &sbuf, 0) >=0 ? sbuf.len : -1; 167 | } 168 | 169 | int tun_read(int fd, char *buf, int len) 170 | { 171 | struct strbuf sbuf; 172 | int f = 0; 173 | 174 | sbuf.maxlen = len; 175 | sbuf.buf = buf; 176 | return getmsg(fd, NULL, &sbuf, &f) >=0 ? sbuf.len : -1; 177 | } 178 | 179 | const char *tun_last_error() 180 | { 181 | return strerror(errno); 182 | } 183 | -------------------------------------------------------------------------------- /src/worker.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "worker.h" 21 | #include "tun.h" 22 | #include "exception.h" 23 | #include "config.h" 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | using std::cout; 34 | using std::endl; 35 | 36 | Worker::TunnelHeader::Magic::Magic(const char *magic) 37 | { 38 | memset(data, 0, sizeof(data)); 39 | strncpy(data, magic, sizeof(data)); 40 | } 41 | 42 | bool Worker::TunnelHeader::Magic::operator==(const Magic &other) const 43 | { 44 | return memcmp(data, other.data, sizeof(data)) == 0; 45 | } 46 | 47 | bool Worker::TunnelHeader::Magic::operator!=(const Magic &other) const 48 | { 49 | return memcmp(data, other.data, sizeof(data)) != 0; 50 | } 51 | 52 | Worker::Worker(int tunnelMtu, const std::string *deviceName, bool answerEcho, 53 | uid_t uid, gid_t gid) 54 | : echo(tunnelMtu + sizeof(TunnelHeader)), tun(deviceName, tunnelMtu) 55 | { 56 | this->tunnelMtu = tunnelMtu; 57 | this->answerEcho = answerEcho; 58 | this->uid = uid; 59 | this->gid = gid; 60 | this->privilegesDropped = false; 61 | } 62 | 63 | void Worker::sendEcho(const TunnelHeader::Magic &magic, TunnelHeader::Type type, 64 | int length, uint32_t realIp, bool reply, uint16_t id, uint16_t seq) 65 | { 66 | if (length > payloadBufferSize()) 67 | throw Exception("packet too big"); 68 | 69 | TunnelHeader *header = (TunnelHeader *)echo.sendPayloadBuffer(); 70 | header->magic = magic; 71 | header->type = type; 72 | 73 | DEBUG_ONLY( 74 | cout << "sending: type " << type << ", length " << length 75 | << ", id " << id << ", seq " << seq << endl); 76 | 77 | echo.send(length + sizeof(TunnelHeader), realIp, reply, id, seq); 78 | } 79 | 80 | void Worker::sendToTun(int length) 81 | { 82 | tun.write(echoReceivePayloadBuffer(), length); 83 | } 84 | 85 | void Worker::setTimeout(Time delta) 86 | { 87 | nextTimeout = now + delta; 88 | } 89 | 90 | void Worker::run() 91 | { 92 | now = Time::now(); 93 | alive = true; 94 | 95 | int maxFd = echo.getFd() > tun.getFd() ? echo.getFd() : tun.getFd(); 96 | 97 | while (alive) 98 | { 99 | fd_set fs; 100 | Time timeout; 101 | 102 | FD_ZERO(&fs); 103 | FD_SET(tun.getFd(), &fs); 104 | FD_SET(echo.getFd(), &fs); 105 | 106 | if (nextTimeout != Time::ZERO) 107 | { 108 | timeout = nextTimeout - now; 109 | if (timeout < Time::ZERO) 110 | timeout = Time::ZERO; 111 | } 112 | 113 | // wait for data or timeout 114 | timeval *timeval = nextTimeout != Time::ZERO ? &timeout.getTimeval() : NULL; 115 | int result = select(maxFd + 1 , &fs, NULL, NULL, timeval); 116 | if (result == -1) 117 | { 118 | if (alive) 119 | throw Exception("select", true); 120 | else 121 | return; 122 | } 123 | now = Time::now(); 124 | 125 | // timeout 126 | if (result == 0) 127 | { 128 | nextTimeout = Time::ZERO; 129 | handleTimeout(); 130 | continue; 131 | } 132 | 133 | // icmp data 134 | if (FD_ISSET(echo.getFd(), &fs)) 135 | { 136 | bool reply; 137 | uint16_t id, seq; 138 | uint32_t ip; 139 | 140 | int dataLength = echo.receive(ip, reply, id, seq); 141 | if (dataLength != -1) 142 | { 143 | bool valid = dataLength >= sizeof(TunnelHeader); 144 | 145 | if (valid) 146 | { 147 | TunnelHeader *header = (TunnelHeader *)echo.receivePayloadBuffer(); 148 | 149 | DEBUG_ONLY( 150 | cout << "received: type " << header->type 151 | << ", length " << dataLength - sizeof(TunnelHeader) 152 | << ", id " << id << ", seq " << seq << endl); 153 | 154 | valid = handleEchoData(*header, dataLength - sizeof(TunnelHeader), ip, reply, id, seq); 155 | } 156 | 157 | if (!valid && !reply && answerEcho) 158 | { 159 | memcpy(echo.sendPayloadBuffer(), echo.receivePayloadBuffer(), dataLength); 160 | echo.send(dataLength, ip, true, id, seq); 161 | } 162 | } 163 | } 164 | 165 | // data from tun 166 | if (FD_ISSET(tun.getFd(), &fs)) 167 | { 168 | uint32_t sourceIp, destIp; 169 | 170 | int dataLength = tun.read(echoSendPayloadBuffer(), sourceIp, destIp); 171 | 172 | if (dataLength == 0) 173 | throw Exception("tunnel closed"); 174 | 175 | if (dataLength != -1) 176 | handleTunData(dataLength, sourceIp, destIp); 177 | } 178 | } 179 | } 180 | 181 | void Worker::stop() 182 | { 183 | alive = false; 184 | } 185 | 186 | void Worker::dropPrivileges() 187 | { 188 | if (uid <= 0 || privilegesDropped) 189 | return; 190 | 191 | #ifdef WIN32 192 | throw Exception("dropping privileges not supported"); 193 | #else 194 | syslog(LOG_INFO, "dropping privileges"); 195 | 196 | if (setgroups(0, NULL) == -1) 197 | throw Exception("setgroups", true); 198 | 199 | if (setgid(gid) == -1) 200 | throw Exception("setgid", true); 201 | 202 | if (setuid(uid) == -1) 203 | throw Exception("setuid", true); 204 | 205 | privilegesDropped = true; 206 | #endif 207 | } 208 | 209 | bool Worker::handleEchoData(const TunnelHeader &, int, uint32_t, bool, uint16_t, uint16_t) 210 | { 211 | return true; 212 | } 213 | 214 | void Worker::handleTunData(int, uint32_t, uint32_t) { } 215 | 216 | void Worker::handleTimeout() { } 217 | 218 | char *Worker::echoSendPayloadBuffer() 219 | { 220 | return echo.sendPayloadBuffer() + sizeof(TunnelHeader); 221 | } 222 | 223 | char *Worker::echoReceivePayloadBuffer() 224 | { 225 | return echo.receivePayloadBuffer() + sizeof(TunnelHeader); 226 | } 227 | -------------------------------------------------------------------------------- /src/client.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "client.h" 21 | #include "server.h" 22 | #include "exception.h" 23 | #include "config.h" 24 | #include "utility.h" 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | using std::vector; 32 | using std::string; 33 | 34 | const Worker::TunnelHeader::Magic Client::magic("hanc"); 35 | 36 | Client::Client(int tunnelMtu, const string *deviceName, uint32_t serverIp, 37 | int maxPolls, const string &passphrase, uid_t uid, gid_t gid, 38 | bool changeEchoId, bool changeEchoSeq, uint32_t desiredIp) 39 | : Worker(tunnelMtu, deviceName, false, uid, gid), auth(passphrase) 40 | { 41 | this->serverIp = serverIp; 42 | this->clientIp = INADDR_NONE; 43 | this->desiredIp = desiredIp; 44 | this->maxPolls = maxPolls; 45 | this->nextEchoId = Utility::rand(); 46 | this->changeEchoId = changeEchoId; 47 | this->changeEchoSeq = changeEchoSeq; 48 | this->nextEchoSequence = Utility::rand(); 49 | 50 | state = STATE_CLOSED; 51 | } 52 | 53 | Client::~Client() 54 | { 55 | 56 | } 57 | 58 | void Client::sendConnectionRequest() 59 | { 60 | Server::ClientConnectData *connectData = (Server::ClientConnectData *)echoSendPayloadBuffer(); 61 | connectData->maxPolls = maxPolls; 62 | connectData->desiredIp = desiredIp; 63 | 64 | syslog(LOG_DEBUG, "sending connection request"); 65 | 66 | sendEchoToServer(TunnelHeader::TYPE_CONNECTION_REQUEST, sizeof(Server::ClientConnectData)); 67 | 68 | state = STATE_CONNECTION_REQUEST_SENT; 69 | setTimeout(5000); 70 | } 71 | 72 | void Client::sendChallengeResponse(int dataLength) 73 | { 74 | if (dataLength != CHALLENGE_SIZE) 75 | throw Exception("invalid challenge received"); 76 | 77 | state = STATE_CHALLENGE_RESPONSE_SENT; 78 | 79 | syslog(LOG_DEBUG, "sending challenge response"); 80 | 81 | vector challenge; 82 | challenge.resize(dataLength); 83 | memcpy(&challenge[0], echoReceivePayloadBuffer(), dataLength); 84 | 85 | Auth::Response response = auth.getResponse(challenge); 86 | 87 | memcpy(echoSendPayloadBuffer(), (char *)&response, sizeof(Auth::Response)); 88 | sendEchoToServer(TunnelHeader::TYPE_CHALLENGE_RESPONSE, sizeof(Auth::Response)); 89 | 90 | setTimeout(5000); 91 | } 92 | 93 | bool Client::handleEchoData(const TunnelHeader &header, int dataLength, uint32_t realIp, bool reply, uint16_t, uint16_t) 94 | { 95 | if (realIp != serverIp || !reply) 96 | return false; 97 | 98 | if (header.magic != Server::magic) 99 | return false; 100 | 101 | switch (header.type) 102 | { 103 | case TunnelHeader::TYPE_RESET_CONNECTION: 104 | syslog(LOG_DEBUG, "reset received"); 105 | 106 | sendConnectionRequest(); 107 | return true; 108 | case TunnelHeader::TYPE_SERVER_FULL: 109 | if (state == STATE_CONNECTION_REQUEST_SENT) 110 | { 111 | throw Exception("server full"); 112 | } 113 | break; 114 | case TunnelHeader::TYPE_CHALLENGE: 115 | if (state == STATE_CONNECTION_REQUEST_SENT) 116 | { 117 | syslog(LOG_DEBUG, "authentication request received"); 118 | sendChallengeResponse(dataLength); 119 | return true; 120 | } 121 | break; 122 | case TunnelHeader::TYPE_CONNECTION_ACCEPT: 123 | if (state == STATE_CHALLENGE_RESPONSE_SENT) 124 | { 125 | if (dataLength != sizeof(uint32_t)) 126 | { 127 | throw Exception("invalid ip received"); 128 | return true; 129 | } 130 | 131 | syslog(LOG_INFO, "connection established"); 132 | 133 | uint32_t ip = ntohl(*(uint32_t *)echoReceivePayloadBuffer()); 134 | if (ip != clientIp) 135 | { 136 | if (privilegesDropped) 137 | throw Exception("could not get the same ip address, so root privileges are required to change it"); 138 | 139 | clientIp = ip; 140 | desiredIp = ip; 141 | tun.setIp(ip, (ip & 0xffffff00) + 1); 142 | } 143 | state = STATE_ESTABLISHED; 144 | 145 | dropPrivileges(); 146 | startPolling(); 147 | 148 | return true; 149 | } 150 | break; 151 | case TunnelHeader::TYPE_CHALLENGE_ERROR: 152 | if (state == STATE_CHALLENGE_RESPONSE_SENT) 153 | { 154 | throw Exception("password error"); 155 | } 156 | break; 157 | case TunnelHeader::TYPE_DATA: 158 | if (state == STATE_ESTABLISHED) 159 | { 160 | handleDataFromServer(dataLength); 161 | return true; 162 | } 163 | break; 164 | default: 165 | break; 166 | } 167 | 168 | syslog(LOG_DEBUG, "invalid packet type: %d, state: %d", header.type, state); 169 | 170 | return true; 171 | } 172 | 173 | void Client::sendEchoToServer(Worker::TunnelHeader::Type type, int dataLength) 174 | { 175 | if (maxPolls == 0 && state == STATE_ESTABLISHED) 176 | setTimeout(KEEP_ALIVE_INTERVAL); 177 | 178 | sendEcho(magic, type, dataLength, serverIp, false, nextEchoId, nextEchoSequence); 179 | 180 | if (changeEchoId) 181 | nextEchoId = nextEchoId + 38543; // some random prime 182 | if (changeEchoSeq) 183 | nextEchoSequence = nextEchoSequence + 38543; // some random prime 184 | } 185 | 186 | void Client::startPolling() 187 | { 188 | if (maxPolls == 0) 189 | { 190 | setTimeout(KEEP_ALIVE_INTERVAL); 191 | } 192 | else 193 | { 194 | for (int i = 0; i < maxPolls; i++) 195 | sendEchoToServer(TunnelHeader::TYPE_POLL, 0); 196 | setTimeout(POLL_INTERVAL); 197 | } 198 | } 199 | 200 | void Client::handleDataFromServer(int dataLength) 201 | { 202 | if (dataLength == 0) 203 | { 204 | syslog(LOG_WARNING, "received empty data packet"); 205 | return; 206 | } 207 | 208 | sendToTun(dataLength); 209 | 210 | if (maxPolls != 0) 211 | sendEchoToServer(TunnelHeader::TYPE_POLL, 0); 212 | } 213 | 214 | void Client::handleTunData(int dataLength, uint32_t, uint32_t) 215 | { 216 | if (state != STATE_ESTABLISHED) 217 | return; 218 | 219 | sendEchoToServer(TunnelHeader::TYPE_DATA, dataLength); 220 | } 221 | 222 | void Client::handleTimeout() 223 | { 224 | switch (state) 225 | { 226 | case STATE_CONNECTION_REQUEST_SENT: 227 | case STATE_CHALLENGE_RESPONSE_SENT: 228 | sendConnectionRequest(); 229 | break; 230 | 231 | case STATE_ESTABLISHED: 232 | sendEchoToServer(TunnelHeader::TYPE_POLL, 0); 233 | setTimeout(maxPolls == 0 ? KEEP_ALIVE_INTERVAL : POLL_INTERVAL); 234 | break; 235 | case STATE_CLOSED: 236 | break; 237 | } 238 | } 239 | 240 | void Client::run() 241 | { 242 | now = Time::now(); 243 | 244 | sendConnectionRequest(); 245 | 246 | Worker::run(); 247 | } 248 | -------------------------------------------------------------------------------- /src/main.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "client.h" 21 | #include "server.h" 22 | #include "exception.h" 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | // #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #ifndef AI_V4MAPPED // Not supported on OpenBSD 6.0 41 | #define AI_V4MAPPED 0 42 | #endif 43 | 44 | using std::string; 45 | 46 | static Worker *worker = NULL; 47 | 48 | static void sig_term_handler(int) 49 | { 50 | syslog(LOG_INFO, "SIGTERM received"); 51 | if (worker) 52 | worker->stop(); 53 | } 54 | 55 | static void sig_int_handler(int) 56 | { 57 | syslog(LOG_INFO, "SIGINT received"); 58 | if (worker) 59 | worker->stop(); 60 | } 61 | 62 | static void usage() 63 | { 64 | std::cerr << 65 | "Hans - IP over ICMP version 1.1\n\n" 66 | "RUN AS CLIENT\n" 67 | " hans -c server [-fv] [-p passphrase] [-u user] [-d tun_device]\n" 68 | " [-m reference_mtu] [-w polls]\n\n" 69 | "RUN AS SERVER (linux only)\n" 70 | " hans -s network [-fvr] [-p passphrase] [-u user] [-d tun_device]\n" 71 | " [-m reference_mtu] [-a ip]\n\n" 72 | "ARGUMENTS\n" 73 | " -c server Run as client. Connect to given server address.\n" 74 | " -s network Run as server. Use given network address on virtual interfaces.\n" 75 | " -p passphrase Set passphrase.\n" 76 | " -u username Change user under which the program runs.\n" 77 | " -a ip Request assignment of given tunnel ip address from the server.\n" 78 | " -r Respond to ordinary pings in server mode.\n" 79 | " -d device Use given tun device.\n" 80 | " -m mtu Set maximum echo packet size. This should correspond to the MTU\n" 81 | " of the network between client and server, which is usually 1500\n" 82 | " over Ethernet. Has to be the same on client and server. Defaults\n" 83 | " to 1500.\n" 84 | " -w polls Number of echo requests the client sends in advance for the\n" 85 | " server to reply to. 0 disables polling, which is the best choice\n" 86 | " if the network allows unlimited echo replies. Defaults to 10.\n" 87 | " -i Change echo id on every echo request. May help with buggy\n" 88 | " routers. May impact performance with others.\n" 89 | " -q Change echo sequence number on every echo request. May help with\n" 90 | " buggy routers. May impact performance with others.\n" 91 | " -f Run in foreground.\n" 92 | " -v Print debug information.\n"; 93 | } 94 | 95 | int main(int argc, char *argv[]) 96 | { 97 | string serverName; 98 | string userName; 99 | string passphrase; 100 | string device; 101 | bool isServer = false; 102 | bool isClient = false; 103 | bool foreground = false; 104 | int mtu = 1500; 105 | int maxPolls = 10; 106 | uint32_t network = INADDR_NONE; 107 | uint32_t clientIp = INADDR_NONE; 108 | bool answerPing = false; 109 | uid_t uid = 0; 110 | gid_t gid = 0; 111 | bool changeEchoId = false; 112 | bool changeEchoSeq = false; 113 | bool verbose = false; 114 | 115 | openlog(argv[0], LOG_PERROR, LOG_DAEMON); 116 | 117 | int c; 118 | while ((c = getopt(argc, argv, "fru:d:p:s:c:m:w:qiva:")) != -1) 119 | { 120 | switch(c) { 121 | case 'f': 122 | foreground = true; 123 | break; 124 | case 'u': 125 | userName = optarg; 126 | break; 127 | case 'd': 128 | device = optarg; 129 | break; 130 | case 'p': 131 | passphrase = optarg; 132 | memset(optarg, 0, strlen(optarg)); 133 | break; 134 | case 'c': 135 | isClient = true; 136 | serverName = optarg; 137 | break; 138 | case 's': 139 | isServer = true; 140 | network = ntohl(inet_addr(optarg)); 141 | if (network == INADDR_NONE) 142 | std::cerr << "invalid network\n"; 143 | break; 144 | case 'm': 145 | mtu = atoi(optarg); 146 | break; 147 | case 'w': 148 | maxPolls = atoi(optarg); 149 | break; 150 | case 'r': 151 | answerPing = true; 152 | break; 153 | case 'q': 154 | changeEchoSeq = true; 155 | break; 156 | case 'i': 157 | changeEchoId = true; 158 | break; 159 | case 'v': 160 | verbose = true; 161 | break; 162 | case 'a': 163 | clientIp = ntohl(inet_addr(optarg)); 164 | break; 165 | default: 166 | usage(); 167 | return 1; 168 | } 169 | } 170 | 171 | mtu -= Echo::headerSize() + Worker::headerSize(); 172 | 173 | if (mtu < 68) 174 | { 175 | // RFC 791: Every internet module must be able to forward a datagram of 176 | // 68 octets without further fragmentation. 177 | std::cerr << "mtu too small\n"; 178 | return 1; 179 | } 180 | 181 | if ((isClient == isServer) || 182 | (isServer && network == INADDR_NONE) || 183 | (maxPolls < 0 || maxPolls > 255) || 184 | (isServer && (changeEchoSeq || changeEchoId))) 185 | { 186 | usage(); 187 | return 1; 188 | } 189 | 190 | if (!userName.empty()) 191 | { 192 | #ifdef WIN32 193 | syslog(LOG_ERR, "dropping privileges is not supported on Windows"); 194 | return 1; 195 | #endif 196 | passwd *pw = getpwnam(userName.data()); 197 | 198 | if (pw != NULL) 199 | { 200 | uid = pw->pw_uid; 201 | gid = pw->pw_gid; 202 | } 203 | else 204 | { 205 | syslog(LOG_ERR, "user not found"); 206 | return 1; 207 | } 208 | } 209 | 210 | if (!verbose) 211 | setlogmask(LOG_UPTO(LOG_INFO)); 212 | 213 | signal(SIGTERM, sig_term_handler); 214 | signal(SIGINT, sig_int_handler); 215 | 216 | try 217 | { 218 | if (isServer) 219 | { 220 | worker = new Server(mtu, device.empty() ? NULL : &device, passphrase, 221 | network, answerPing, uid, gid, 5000); 222 | } 223 | else 224 | { 225 | struct addrinfo hints = {0}; 226 | struct addrinfo *res = NULL; 227 | 228 | hints.ai_family = AF_INET; 229 | hints.ai_flags = AI_V4MAPPED | AI_ADDRCONFIG; 230 | 231 | int err = getaddrinfo(serverName.data(), NULL, &hints, &res); 232 | if (err) 233 | { 234 | syslog(LOG_ERR, "getaddrinfo: %s", gai_strerror(err)); 235 | return 1; 236 | } 237 | 238 | sockaddr_in *sockaddr = reinterpret_cast(res->ai_addr); 239 | uint32_t serverIp = sockaddr->sin_addr.s_addr; 240 | 241 | worker = new Client(mtu, device.empty() ? NULL : &device, 242 | ntohl(serverIp), maxPolls, passphrase, uid, gid, 243 | changeEchoId, changeEchoSeq, clientIp); 244 | 245 | freeaddrinfo(res); 246 | } 247 | 248 | if (!foreground) 249 | { 250 | syslog(LOG_INFO, "detaching from terminal"); 251 | daemon(0, 0); 252 | } 253 | 254 | worker->run(); 255 | } 256 | catch (Exception e) 257 | { 258 | syslog(LOG_ERR, "%s", e.errorMessage().data()); 259 | delete worker; 260 | return 1; 261 | } 262 | 263 | return 0; 264 | } 265 | -------------------------------------------------------------------------------- /src/tunemu.c: -------------------------------------------------------------------------------- 1 | /* 2 | * tunemu - Tun device emulation for Darwin 3 | * 4 | * Copyright (c) 2009-2013 Friedrich Schöller 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 | * POSSIBILITY OF SUCH DAMAGE. 26 | * 27 | */ 28 | 29 | #include "tunemu.h" 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | 47 | #define PPPPROTO_CTL 1 48 | 49 | #define PPP_IP 0x21 50 | #define PPP_IPV6 0x57 51 | 52 | #define SC_LOOP_TRAFFIC 0x00000200 53 | 54 | #define PPPIOCNEWUNIT _IOWR('t', 62, int) 55 | #define PPPIOCSFLAGS _IOW('t', 89, int) 56 | #define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) 57 | #define PPPIOCATTCHAN _IOW('t', 56, int) 58 | #define PPPIOCGCHAN _IOR('t', 55, int) 59 | #define PPPIOCCONNECT _IOW('t', 58, int) 60 | #define PPPIOCGUNIT _IOR('t', 86, int) 61 | 62 | struct sockaddr_ppp 63 | { 64 | u_int8_t ppp_len; 65 | u_int8_t ppp_family; 66 | u_int16_t ppp_proto; 67 | u_int32_t ppp_cookie; 68 | }; 69 | 70 | enum NPmode 71 | { 72 | NPMODE_PASS, 73 | NPMODE_DROP, 74 | NPMODE_ERROR, 75 | NPMODE_QUEUE 76 | }; 77 | 78 | struct npioctl 79 | { 80 | int protocol; 81 | enum NPmode mode; 82 | }; 83 | 84 | #define PPP_KEXT_PATH "/System/Library/Extensions/PPP.kext" 85 | 86 | #define ERROR_BUFFER_SIZE 1024 87 | 88 | char tunemu_error[ERROR_BUFFER_SIZE]; 89 | 90 | static int pcap_use_count = 0; 91 | static pcap_t *pcap = NULL; 92 | 93 | static int data_buffer_length = 0; 94 | static char *data_buffer = NULL; 95 | 96 | static void tun_error(char *format, ...) 97 | { 98 | va_list vl; 99 | va_start(vl, format); 100 | vsnprintf(tunemu_error, ERROR_BUFFER_SIZE, format, vl); 101 | va_end(vl); 102 | } 103 | 104 | static void tun_noerror(void) 105 | { 106 | *tunemu_error = 0; 107 | } 108 | 109 | static void closeall(void) 110 | { 111 | int fd = getdtablesize(); 112 | while (fd--) 113 | close(fd); 114 | 115 | open("/dev/null", O_RDWR, 0); 116 | dup(0); 117 | dup(0); 118 | } 119 | 120 | static int ppp_load_kext(void) 121 | { 122 | int pid = fork(); 123 | if (pid < 0) 124 | { 125 | tun_error("fork for ppp kext: %s", strerror(errno)); 126 | return -1; 127 | } 128 | 129 | if (pid == 0) 130 | { 131 | closeall(); 132 | execle("/sbin/kextload", "kextload", PPP_KEXT_PATH, NULL, NULL); 133 | exit(1); 134 | } 135 | 136 | int status; 137 | while (waitpid(pid, &status, 0) < 0) 138 | { 139 | if (errno == EINTR) 140 | continue; 141 | 142 | tun_error("waitpid for ppp kext: %s", strerror(errno)); 143 | return -1; 144 | } 145 | 146 | if (WEXITSTATUS(status) != 0) 147 | { 148 | tun_error("could not load ppp kext \"%s\"", PPP_KEXT_PATH); 149 | return -1; 150 | } 151 | 152 | tun_noerror(); 153 | return 0; 154 | } 155 | 156 | static int ppp_new_instance(void) 157 | { 158 | // create ppp socket 159 | int ppp_sockfd = socket(PF_PPP, SOCK_RAW, PPPPROTO_CTL); 160 | if (ppp_sockfd < 0) 161 | { 162 | if (ppp_load_kext() < 0) 163 | return -1; 164 | 165 | ppp_sockfd = socket(PF_PPP, SOCK_RAW, PPPPROTO_CTL); 166 | if (ppp_sockfd < 0) 167 | { 168 | tun_error("creating ppp socket: %s", strerror(errno)); 169 | return -1; 170 | } 171 | } 172 | 173 | // connect to ppp procotol 174 | struct sockaddr_ppp pppaddr; 175 | pppaddr.ppp_len = sizeof(struct sockaddr_ppp); 176 | pppaddr.ppp_family = AF_PPP; 177 | pppaddr.ppp_proto = PPPPROTO_CTL; 178 | pppaddr.ppp_cookie = 0; 179 | if (connect(ppp_sockfd, (struct sockaddr *)&pppaddr, sizeof(struct sockaddr_ppp)) < 0) 180 | { 181 | tun_error("connecting ppp socket: %s", strerror(errno)); 182 | close(ppp_sockfd); 183 | return -1; 184 | } 185 | 186 | tun_noerror(); 187 | return ppp_sockfd; 188 | } 189 | 190 | static int ppp_new_unit(int *unit_number) 191 | { 192 | int fd = ppp_new_instance(); 193 | if (fd < 0) 194 | return -1; 195 | 196 | // create ppp unit 197 | if (ioctl(fd, PPPIOCNEWUNIT, unit_number) < 0) 198 | { 199 | tun_error("creating ppp unit: %s", strerror(errno)); 200 | close(fd); 201 | return -1; 202 | } 203 | 204 | tun_noerror(); 205 | return fd; 206 | } 207 | 208 | static int ppp_setup_unit(int unit_fd) 209 | { 210 | // send traffic to program 211 | int flags = SC_LOOP_TRAFFIC; 212 | if (ioctl(unit_fd, PPPIOCSFLAGS, &flags) < 0) 213 | { 214 | tun_error("setting ppp loopback mode: %s", strerror(errno)); 215 | return -1; 216 | } 217 | 218 | // allow packets 219 | struct npioctl npi; 220 | npi.protocol = PPP_IP; 221 | npi.mode = NPMODE_PASS; 222 | if (ioctl(unit_fd, PPPIOCSNPMODE, &npi) < 0) 223 | { 224 | tun_error("starting ppp unit: %s", strerror(errno)); 225 | return -1; 226 | } 227 | 228 | tun_noerror(); 229 | return 0; 230 | } 231 | 232 | static int open_pcap(void) 233 | { 234 | if (pcap != NULL) 235 | { 236 | pcap_use_count++; 237 | return 0; 238 | } 239 | 240 | char errbuf[PCAP_ERRBUF_SIZE]; 241 | pcap = pcap_open_live("lo0", BUFSIZ, 0, 1, errbuf); 242 | pcap_use_count = 1; 243 | 244 | if (pcap == NULL) 245 | { 246 | tun_error("opening pcap: %s", errbuf); 247 | return -1; 248 | } 249 | 250 | tun_noerror(); 251 | return 0; 252 | } 253 | 254 | static void close_pcap(void) 255 | { 256 | if (pcap == NULL) 257 | return; 258 | 259 | pcap_use_count--; 260 | if (pcap_use_count == 0) 261 | { 262 | pcap_close(pcap); 263 | pcap = NULL; 264 | } 265 | } 266 | 267 | static void allocate_data_buffer(int size) 268 | { 269 | if (data_buffer_length < size) 270 | { 271 | free(data_buffer); 272 | data_buffer_length = size; 273 | data_buffer = malloc(data_buffer_length); 274 | } 275 | } 276 | 277 | static void make_device_name(tunemu_device device, int unit_number) 278 | { 279 | snprintf(device, sizeof(tunemu_device), "ppp%d", unit_number); 280 | } 281 | 282 | static int check_device_name(tunemu_device device) 283 | { 284 | if (strlen(device) < 4) 285 | return -1; 286 | 287 | int unit_number = atoi(device + 3); 288 | if (unit_number < 0 || unit_number > 999) 289 | return -1; 290 | 291 | tunemu_device compare; 292 | make_device_name(compare, unit_number); 293 | 294 | if (strcmp(device, compare) != 0) 295 | return -1; 296 | 297 | return 0; 298 | } 299 | 300 | int tunemu_open(tunemu_device device) 301 | { 302 | int ppp_unit_number = -1; 303 | if (device[0] != 0) 304 | { 305 | if (check_device_name(device) < 0) 306 | { 307 | tun_error("invalid device name \"%s\"", device); 308 | return -1; 309 | } 310 | 311 | ppp_unit_number = atoi(device + 3); 312 | } 313 | 314 | int ppp_unit_fd = ppp_new_unit(&ppp_unit_number); 315 | if (ppp_unit_fd < 0) 316 | return -1; 317 | 318 | if (ppp_setup_unit(ppp_unit_fd) < 0) 319 | { 320 | close(ppp_unit_fd); 321 | return -1; 322 | } 323 | 324 | if (open_pcap() < 0) 325 | { 326 | close(ppp_unit_fd); 327 | return -1; 328 | } 329 | 330 | make_device_name(device, ppp_unit_number); 331 | 332 | return ppp_unit_fd; 333 | } 334 | 335 | int tunemu_close(int ppp_sockfd) 336 | { 337 | int ret = close(ppp_sockfd); 338 | 339 | if (ret == 0) 340 | close_pcap(); 341 | 342 | return ret; 343 | } 344 | 345 | int tunemu_read(int ppp_sockfd, char *buffer, int length) 346 | { 347 | allocate_data_buffer(length + 2); 348 | 349 | length = read(ppp_sockfd, data_buffer, length + 2); 350 | if (length < 0) 351 | { 352 | tun_error("reading packet: %s", strerror(errno)); 353 | return length; 354 | } 355 | tun_noerror(); 356 | 357 | length -= 2; 358 | if (length < 0) 359 | return 0; 360 | 361 | memcpy(buffer, data_buffer + 2, length); 362 | 363 | return length; 364 | } 365 | 366 | int tunemu_write(int ppp_sockfd, char *buffer, int length) 367 | { 368 | allocate_data_buffer(length + 4); 369 | 370 | data_buffer[0] = 0x02; 371 | data_buffer[1] = 0x00; 372 | data_buffer[2] = 0x00; 373 | data_buffer[3] = 0x00; 374 | 375 | memcpy(data_buffer + 4, buffer, length); 376 | 377 | if (pcap == NULL) 378 | { 379 | tun_error("pcap not open"); 380 | return -1; 381 | } 382 | 383 | length = pcap_inject(pcap, data_buffer, length + 4); 384 | if (length < 0) 385 | { 386 | tun_error("injecting packet: %s", pcap_geterr(pcap)); 387 | return length; 388 | } 389 | tun_noerror(); 390 | 391 | length -= 4; 392 | if (length < 0) 393 | return 0; 394 | 395 | return length; 396 | } 397 | -------------------------------------------------------------------------------- /src/tun_dev_cygwin.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2013 Friedrich Schöller 4 | * 2002-2005 Ivo Timmermans, 5 | * 2002-2011 Guus Sliepen 6 | * 7 | * This program is free software: you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation, either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program. If not, see . 19 | * 20 | */ 21 | 22 | #include "tun_dev.h" 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #include 32 | #include 33 | 34 | #define TAP_WIN_CONTROL_CODE(request,method) CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS) 35 | #define TAP_WIN_IOCTL_GET_MAC TAP_WIN_CONTROL_CODE (1, METHOD_BUFFERED) 36 | #define TAP_WIN_IOCTL_GET_VERSION TAP_WIN_CONTROL_CODE (2, METHOD_BUFFERED) 37 | #define TAP_WIN_IOCTL_GET_MTU TAP_WIN_CONTROL_CODE (3, METHOD_BUFFERED) 38 | #define TAP_WIN_IOCTL_GET_INFO TAP_WIN_CONTROL_CODE (4, METHOD_BUFFERED) 39 | #define TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT TAP_WIN_CONTROL_CODE (5, METHOD_BUFFERED) 40 | #define TAP_WIN_IOCTL_SET_MEDIA_STATUS TAP_WIN_CONTROL_CODE (6, METHOD_BUFFERED) 41 | #define TAP_WIN_IOCTL_CONFIG_DHCP_MASQ TAP_WIN_CONTROL_CODE (7, METHOD_BUFFERED) 42 | #define TAP_WIN_IOCTL_GET_LOG_LINE TAP_WIN_CONTROL_CODE (8, METHOD_BUFFERED) 43 | #define TAP_WIN_IOCTL_CONFIG_DHCP_SET_OPT TAP_WIN_CONTROL_CODE (9, METHOD_BUFFERED) 44 | #define TAP_WIN_IOCTL_CONFIG_TUN TAP_WIN_CONTROL_CODE (10, METHOD_BUFFERED) 45 | #define ADAPTER_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 46 | #define NETWORK_CONNECTIONS_KEY "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 47 | #define USERMODEDEVICEDIR "\\\\.\\Global\\" 48 | #define SYSDEVICEDIR "\\Device\\" 49 | #define USERDEVICEDIR "\\DosDevices\\Global\\" 50 | #define TAP_WIN_SUFFIX ".tap" 51 | 52 | struct adapter_info 53 | { 54 | int reader_read_fd, reader_write_fd; 55 | HANDLE reader_thread; 56 | HANDLE adapter_handle; 57 | }; 58 | 59 | #define ERROR_BUFFER_SIZE 1024 60 | 61 | char error_buffer[ERROR_BUFFER_SIZE]; 62 | 63 | static void error(char *format, ...) 64 | { 65 | va_list vl; 66 | va_start(vl, format); 67 | vsnprintf(error_buffer, ERROR_BUFFER_SIZE, format, vl); 68 | va_end(vl); 69 | } 70 | 71 | static void noerror(void) 72 | { 73 | *error_buffer = 0; 74 | } 75 | 76 | static const char *winerror(int err) 77 | { 78 | static char buf[1024], *ptr; 79 | 80 | ptr = buf + sprintf(buf, "(%d) ", err); 81 | 82 | if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 83 | NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), ptr, sizeof(buf) - (ptr - buf), NULL)) { 84 | strcpy(ptr, "(unable to format errormessage)"); 85 | }; 86 | 87 | if((ptr = strchr(buf, '\r'))) 88 | *ptr = '\0'; 89 | 90 | return buf; 91 | } 92 | 93 | static struct adapter_info *get_adapter_info_from_fd(int fd) 94 | { 95 | static struct adapter_info single_adapter_info = { 96 | .reader_read_fd = -1, 97 | .reader_write_fd = -1, 98 | .reader_thread = INVALID_HANDLE_VALUE, 99 | .adapter_handle = INVALID_HANDLE_VALUE 100 | }; 101 | return &single_adapter_info; 102 | } 103 | 104 | static HANDLE open_tap_adapter(char *name) 105 | { 106 | HKEY connections_key, adapter_key; 107 | int adapter_index, error_code; 108 | char regpath[1024]; 109 | char adapter_id[VTUN_DEV_LEN]; 110 | char adapter_path[1024]; 111 | char adapter_name[1024]; 112 | HANDLE adapter_handle = INVALID_HANDLE_VALUE; 113 | DWORD len; 114 | 115 | if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, NETWORK_CONNECTIONS_KEY, 0, KEY_READ, &connections_key) != ERROR_SUCCESS) 116 | { 117 | error("opening registry: %s", winerror(GetLastError())); 118 | return INVALID_HANDLE_VALUE; 119 | } 120 | 121 | for (adapter_index = 0; ; adapter_index++) 122 | { 123 | len = sizeof(adapter_id); 124 | if (RegEnumKeyEx(connections_key, adapter_index, adapter_id, &len, 0, 0, 0, NULL) != ERROR_SUCCESS) 125 | break; 126 | 127 | snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", NETWORK_CONNECTIONS_KEY, adapter_id); 128 | if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &adapter_key) != ERROR_SUCCESS) 129 | continue; 130 | len = sizeof(adapter_name); 131 | if (RegQueryValueEx(adapter_key, "Name", 0, 0, adapter_name, &len) != ERROR_SUCCESS) 132 | { 133 | RegCloseKey(adapter_key); 134 | continue; 135 | } 136 | RegCloseKey(adapter_key); 137 | 138 | if (name && name[0] && strcmp(name, adapter_name) && strcmp(name, adapter_id)) 139 | continue; 140 | 141 | snprintf(adapter_path, sizeof(adapter_path), USERMODEDEVICEDIR "%s" TAP_WIN_SUFFIX, adapter_id); 142 | 143 | adapter_handle = CreateFile(adapter_path, GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0); 144 | if (adapter_handle != INVALID_HANDLE_VALUE) 145 | break; 146 | } 147 | 148 | RegCloseKey(connections_key); 149 | 150 | if (adapter_handle == INVALID_HANDLE_VALUE) 151 | { 152 | error("could not open tap adapter"); 153 | return INVALID_HANDLE_VALUE; 154 | } 155 | 156 | strncpy(name, adapter_name, VTUN_DEV_LEN); 157 | 158 | noerror(); 159 | return adapter_handle; 160 | } 161 | 162 | static __stdcall DWORD reader_thread(LPVOID ptr) 163 | { 164 | struct adapter_info *adapter_info = ptr; 165 | char buf[0xffff]; // maximum IPv4 packet size 166 | OVERLAPPED overlapped; 167 | DWORD len; 168 | int wait_result; 169 | 170 | memset(&overlapped, 0, sizeof(overlapped)); 171 | overlapped.hEvent = CreateEvent(NULL, true, false, NULL); 172 | 173 | while (true) 174 | { 175 | if (!ReadFile(adapter_info->adapter_handle, buf, sizeof(buf), &len, &overlapped)) 176 | { 177 | if (GetLastError() != ERROR_IO_PENDING) 178 | { 179 | syslog(LOG_ERR, "error reading from tap adapter: %s", winerror(GetLastError())); 180 | return 1; 181 | } 182 | 183 | wait_result = WaitForSingleObjectEx(overlapped.hEvent, INFINITE, false); 184 | 185 | if (wait_result != WAIT_OBJECT_0) 186 | { 187 | syslog(LOG_ERR, "error waiting for tap adapter: %s", winerror(GetLastError())); 188 | return 1; 189 | } 190 | 191 | if (!GetOverlappedResult(adapter_info->adapter_handle, &overlapped, &len, true)) 192 | { 193 | syslog(LOG_ERR, "error getting tap adapter reading result: %s", winerror(GetLastError())); 194 | return 1; 195 | } 196 | } 197 | 198 | write(adapter_info->reader_write_fd, buf, len); 199 | } 200 | } 201 | 202 | int tun_open(char *dev) 203 | { 204 | struct adapter_info *adapter_info; 205 | int socket_pair[2]; 206 | 207 | if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, socket_pair)) 208 | { 209 | error("creating socket pair: %s", strerror(errno)); 210 | return -1; 211 | } 212 | 213 | adapter_info = get_adapter_info_from_fd(socket_pair[0]); 214 | adapter_info->reader_read_fd = socket_pair[0]; 215 | adapter_info->reader_write_fd = socket_pair[1]; 216 | 217 | adapter_info->adapter_handle = open_tap_adapter(dev); 218 | if (adapter_info->adapter_handle == INVALID_HANDLE_VALUE) 219 | { 220 | tun_close(adapter_info->reader_read_fd, NULL); 221 | return -1; 222 | } 223 | 224 | adapter_info->reader_thread = CreateThread(NULL, 0, reader_thread, adapter_info, 0, NULL); 225 | if (adapter_info->reader_thread == INVALID_HANDLE_VALUE) 226 | { 227 | error("reader thread creation: %s", winerror(GetLastError())); 228 | tun_close(adapter_info->reader_read_fd, NULL); 229 | return -1; 230 | } 231 | 232 | return adapter_info->reader_read_fd; 233 | } 234 | 235 | int tun_close(int fd, char *dev) 236 | { 237 | struct adapter_info *adapter_info = get_adapter_info_from_fd(fd); 238 | 239 | if (adapter_info->reader_thread != INVALID_HANDLE_VALUE) 240 | { 241 | TerminateThread(adapter_info->reader_thread, 0); 242 | adapter_info->reader_thread = INVALID_HANDLE_VALUE; 243 | } 244 | 245 | close(adapter_info->reader_read_fd); 246 | adapter_info->reader_read_fd = -1; 247 | 248 | close(adapter_info->reader_write_fd); 249 | adapter_info->reader_write_fd = -1; 250 | 251 | if (adapter_info->adapter_handle != INVALID_HANDLE_VALUE) 252 | { 253 | CloseHandle(adapter_info->adapter_handle); 254 | adapter_info->adapter_handle = INVALID_HANDLE_VALUE; 255 | } 256 | 257 | return 0; 258 | } 259 | 260 | int tun_write(int fd, char *buf, int len) 261 | { 262 | struct adapter_info *adapter_info = get_adapter_info_from_fd(fd); 263 | OVERLAPPED overlapped; 264 | DWORD written; 265 | 266 | memset(&overlapped, 0, sizeof(overlapped)); 267 | 268 | if (!WriteFile(adapter_info->adapter_handle, buf, len, &written, &overlapped)) 269 | { 270 | error("tap write: %s", winerror(GetLastError())); 271 | return -1; 272 | } 273 | 274 | return written; 275 | } 276 | 277 | int tun_read(int fd, char *buf, int len) 278 | { 279 | len = read(fd, buf, len); 280 | if (len == -1) 281 | error("reader read: %s", strerror(errno)); 282 | return len; 283 | } 284 | 285 | const char *tun_last_error() 286 | { 287 | return error_buffer; 288 | } 289 | 290 | bool tun_set_ip(int fd, uint32_t local, uint32_t network, uint32_t netmask) 291 | { 292 | struct adapter_info *adapter_info = get_adapter_info_from_fd(fd); 293 | uint32_t addresses[3]; 294 | DWORD status; 295 | DWORD len; 296 | 297 | addresses[0] = htonl(local); 298 | addresses[1] = htonl(network); 299 | addresses[2] = htonl(netmask); 300 | 301 | if (!DeviceIoControl(adapter_info->adapter_handle, TAP_WIN_IOCTL_CONFIG_TUN, 302 | &addresses, sizeof(addresses), &addresses, sizeof(addresses), &len, NULL)) 303 | { 304 | error("configuring tap addresses: %s", winerror(GetLastError())); 305 | return false; 306 | } 307 | 308 | status = true; 309 | if (!DeviceIoControl(adapter_info->adapter_handle, TAP_WIN_IOCTL_SET_MEDIA_STATUS, 310 | &status, sizeof(status), &status, sizeof(status), &len, NULL)) 311 | { 312 | error("enabling tap device: %s", winerror(GetLastError())); 313 | return false; 314 | } 315 | 316 | noerror(); 317 | return true; 318 | } 319 | -------------------------------------------------------------------------------- /src/server.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Hans - IP over ICMP 3 | * Copyright (C) 2009 Friedrich Schöller 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation, either version 3 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | */ 19 | 20 | #include "server.h" 21 | #include "client.h" 22 | #include "config.h" 23 | #include "utility.h" 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | using std::string; 31 | using std::cout; 32 | using std::endl; 33 | 34 | #define FIRST_ASSIGNED_IP_OFFSET 100 35 | 36 | const Worker::TunnelHeader::Magic Server::magic("hans"); 37 | 38 | Server::Server(int tunnelMtu, const string *deviceName, const string &passphrase, 39 | uint32_t network, bool answerEcho, uid_t uid, gid_t gid, int pollTimeout) 40 | : Worker(tunnelMtu, deviceName, answerEcho, uid, gid), auth(passphrase) 41 | { 42 | this->network = network & 0xffffff00; 43 | this->pollTimeout = pollTimeout; 44 | this->latestAssignedIpOffset = FIRST_ASSIGNED_IP_OFFSET - 1; 45 | 46 | tun.setIp(this->network + 1, this->network + 2); 47 | 48 | dropPrivileges(); 49 | } 50 | 51 | Server::~Server() 52 | { 53 | 54 | } 55 | 56 | void Server::handleUnknownClient(const TunnelHeader &header, int dataLength, uint32_t realIp, uint16_t echoId, uint16_t echoSeq) 57 | { 58 | ClientData client; 59 | client.realIp = realIp; 60 | client.maxPolls = 1; 61 | 62 | pollReceived(&client, echoId, echoSeq); 63 | 64 | if (header.type != TunnelHeader::TYPE_CONNECTION_REQUEST || dataLength != sizeof(ClientConnectData)) 65 | { 66 | syslog(LOG_DEBUG, "invalid request (type %d) from %s", header.type, 67 | Utility::formatIp(realIp).c_str()); 68 | sendReset(&client); 69 | return; 70 | } 71 | 72 | ClientConnectData *connectData = (ClientConnectData *)echoReceivePayloadBuffer(); 73 | 74 | client.maxPolls = connectData->maxPolls; 75 | client.state = ClientData::STATE_NEW; 76 | client.tunnelIp = reserveTunnelIp(connectData->desiredIp); 77 | 78 | syslog(LOG_DEBUG, "new client %s with tunnel address %s\n", 79 | Utility::formatIp(client.realIp).data(), 80 | Utility::formatIp(client.tunnelIp).data()); 81 | 82 | if (client.tunnelIp != 0) 83 | { 84 | client.challenge = auth.generateChallenge(CHALLENGE_SIZE); 85 | sendChallenge(&client); 86 | 87 | // add client to list 88 | clientList.push_front(client); 89 | clientRealIpMap[realIp] = clientList.begin(); 90 | clientTunnelIpMap[client.tunnelIp] = clientList.begin(); 91 | } 92 | else 93 | { 94 | syslog(LOG_WARNING, "server full"); 95 | sendEchoToClient(&client, TunnelHeader::TYPE_SERVER_FULL, 0); 96 | } 97 | } 98 | 99 | void Server::sendChallenge(ClientData *client) 100 | { 101 | syslog(LOG_DEBUG, "sending authentication request to %s\n", 102 | Utility::formatIp(client->realIp).data()); 103 | 104 | memcpy(echoSendPayloadBuffer(), &client->challenge[0], client->challenge.size()); 105 | sendEchoToClient(client, TunnelHeader::TYPE_CHALLENGE, client->challenge.size()); 106 | 107 | client->state = ClientData::STATE_CHALLENGE_SENT; 108 | } 109 | 110 | void Server::removeClient(ClientData *client) 111 | { 112 | syslog(LOG_DEBUG, "removing client %s with tunnel ip %s\n", 113 | Utility::formatIp(client->realIp).data(), 114 | Utility::formatIp(client->tunnelIp).data()); 115 | 116 | releaseTunnelIp(client->tunnelIp); 117 | 118 | ClientList::iterator it = clientRealIpMap[client->realIp]; 119 | 120 | clientRealIpMap.erase(client->realIp); 121 | clientTunnelIpMap.erase(client->tunnelIp); 122 | 123 | clientList.erase(it); 124 | } 125 | 126 | void Server::checkChallenge(ClientData *client, int length) 127 | { 128 | Auth::Response rightResponse = auth.getResponse(client->challenge); 129 | 130 | if (length != sizeof(Auth::Response) || memcmp(&rightResponse, echoReceivePayloadBuffer(), length) != 0) 131 | { 132 | syslog(LOG_DEBUG, "wrong challenge response from %s\n", 133 | Utility::formatIp(client->realIp).data()); 134 | 135 | sendEchoToClient(client, TunnelHeader::TYPE_CHALLENGE_ERROR, 0); 136 | 137 | removeClient(client); 138 | return; 139 | } 140 | 141 | uint32_t *ip = (uint32_t *)echoSendPayloadBuffer(); 142 | *ip = htonl(client->tunnelIp); 143 | 144 | sendEchoToClient(client, TunnelHeader::TYPE_CONNECTION_ACCEPT, sizeof(uint32_t)); 145 | 146 | client->state = ClientData::STATE_ESTABLISHED; 147 | 148 | syslog(LOG_INFO, "connection established to %s", 149 | Utility::formatIp(client->realIp).data()); 150 | } 151 | 152 | void Server::sendReset(ClientData *client) 153 | { 154 | syslog(LOG_DEBUG, "sending reset to %s", 155 | Utility::formatIp(client->realIp).data()); 156 | sendEchoToClient(client, TunnelHeader::TYPE_RESET_CONNECTION, 0); 157 | } 158 | 159 | bool Server::handleEchoData(const TunnelHeader &header, int dataLength, uint32_t realIp, bool reply, uint16_t id, uint16_t seq) 160 | { 161 | if (reply) 162 | return false; 163 | 164 | if (header.magic != Client::magic) 165 | return false; 166 | 167 | ClientData *client = getClientByRealIp(realIp); 168 | if (client == NULL) 169 | { 170 | handleUnknownClient(header, dataLength, realIp, id, seq); 171 | return true; 172 | } 173 | 174 | pollReceived(client, id, seq); 175 | 176 | switch (header.type) 177 | { 178 | case TunnelHeader::TYPE_CONNECTION_REQUEST: 179 | if (client->state == ClientData::STATE_CHALLENGE_SENT) 180 | { 181 | sendChallenge(client); 182 | return true; 183 | } 184 | 185 | while (client->pollIds.size() > 1) 186 | client->pollIds.pop(); 187 | 188 | syslog(LOG_DEBUG, "reconnecting %s", Utility::formatIp(realIp).data()); 189 | sendReset(client); 190 | removeClient(client); 191 | return true; 192 | case TunnelHeader::TYPE_CHALLENGE_RESPONSE: 193 | if (client->state == ClientData::STATE_CHALLENGE_SENT) 194 | { 195 | checkChallenge(client, dataLength); 196 | return true; 197 | } 198 | break; 199 | case TunnelHeader::TYPE_DATA: 200 | if (client->state == ClientData::STATE_ESTABLISHED) 201 | { 202 | if (dataLength == 0) 203 | { 204 | syslog(LOG_WARNING, "received empty data packet"); 205 | return true; 206 | } 207 | 208 | sendToTun(dataLength); 209 | return true; 210 | } 211 | break; 212 | case TunnelHeader::TYPE_POLL: 213 | return true; 214 | default: 215 | break; 216 | } 217 | 218 | syslog(LOG_DEBUG, "invalid packet from: %s, type: %d, state: %d", 219 | Utility::formatIp(realIp).data(), header.type, client->state); 220 | 221 | return true; 222 | } 223 | 224 | Server::ClientData *Server::getClientByTunnelIp(uint32_t ip) 225 | { 226 | ClientIpMap::iterator it = clientTunnelIpMap.find(ip); 227 | if (it == clientTunnelIpMap.end()) 228 | return NULL; 229 | 230 | return &*it->second; 231 | } 232 | 233 | Server::ClientData *Server::getClientByRealIp(uint32_t ip) 234 | { 235 | ClientIpMap::iterator it = clientRealIpMap.find(ip); 236 | if (it == clientRealIpMap.end()) 237 | return NULL; 238 | 239 | return &*it->second; 240 | } 241 | 242 | void Server::handleTunData(int dataLength, uint32_t, uint32_t destIp) 243 | { 244 | if (destIp == network + 255) // ignore broadcasts 245 | return; 246 | 247 | ClientData *client = getClientByTunnelIp(destIp); 248 | 249 | if (client == NULL) 250 | { 251 | syslog(LOG_DEBUG, "data received for unknown client %s\n", 252 | Utility::formatIp(destIp).data()); 253 | return; 254 | } 255 | 256 | sendEchoToClient(client, TunnelHeader::TYPE_DATA, dataLength); 257 | } 258 | 259 | void Server::pollReceived(ClientData *client, uint16_t echoId, uint16_t echoSeq) 260 | { 261 | unsigned int maxSavedPolls = client->maxPolls != 0 ? client->maxPolls : 1; 262 | 263 | client->pollIds.push(ClientData::EchoId(echoId, echoSeq)); 264 | if (client->pollIds.size() > maxSavedPolls) 265 | client->pollIds.pop(); 266 | DEBUG_ONLY(cout << "poll -> " << client->pollIds.size() << endl); 267 | 268 | if (client->pendingPackets.size() > 0) 269 | { 270 | Packet &packet = client->pendingPackets.front(); 271 | memcpy(echoSendPayloadBuffer(), &packet.data[0], packet.data.size()); 272 | client->pendingPackets.pop(); 273 | 274 | DEBUG_ONLY(cout << "pending packet: " << packet.data.size() << " bytes\n"); 275 | sendEchoToClient(client, packet.type, packet.data.size()); 276 | } 277 | 278 | client->lastActivity = now; 279 | } 280 | 281 | void Server::sendEchoToClient(ClientData *client, TunnelHeader::Type type, int dataLength) 282 | { 283 | if (client->maxPolls == 0) 284 | { 285 | sendEcho(magic, type, dataLength, client->realIp, true, client->pollIds.front().id, client->pollIds.front().seq); 286 | return; 287 | } 288 | 289 | if (client->pollIds.size() != 0) 290 | { 291 | ClientData::EchoId echoId = client->pollIds.front(); 292 | client->pollIds.pop(); 293 | 294 | DEBUG_ONLY(cout << "sending -> " << client->pollIds.size() << endl); 295 | sendEcho(magic, type, dataLength, client->realIp, true, echoId.id, echoId.seq); 296 | return; 297 | } 298 | 299 | if (client->pendingPackets.size() == MAX_BUFFERED_PACKETS) 300 | { 301 | client->pendingPackets.pop(); 302 | syslog(LOG_WARNING, "packet to %s dropped", 303 | Utility::formatIp(client->tunnelIp).data()); 304 | } 305 | 306 | DEBUG_ONLY(cout << "packet queued: " << dataLength << " bytes\n"); 307 | 308 | client->pendingPackets.push(Packet()); 309 | Packet &packet = client->pendingPackets.back(); 310 | packet.type = type; 311 | packet.data.resize(dataLength); 312 | memcpy(&packet.data[0], echoReceivePayloadBuffer(), dataLength); 313 | } 314 | 315 | void Server::releaseTunnelIp(uint32_t tunnelIp) 316 | { 317 | usedIps.erase(tunnelIp); 318 | } 319 | 320 | void Server::handleTimeout() 321 | { 322 | ClientList::iterator it = clientList.begin(); 323 | while (it != clientList.end()) 324 | { 325 | ClientData &client = *it++; 326 | 327 | if (client.lastActivity + KEEP_ALIVE_INTERVAL * 2 < now) 328 | { 329 | syslog(LOG_DEBUG, "client %s timed out\n", 330 | Utility::formatIp(client.realIp).data()); 331 | removeClient(&client); 332 | } 333 | } 334 | 335 | setTimeout(KEEP_ALIVE_INTERVAL); 336 | } 337 | 338 | uint32_t Server::reserveTunnelIp(uint32_t desiredIp) 339 | { 340 | if (desiredIp > network + 1 && desiredIp < network + 255 && !usedIps.count(desiredIp)) 341 | { 342 | usedIps.insert(desiredIp); 343 | return desiredIp; 344 | } 345 | 346 | bool ipAvailable = false; 347 | 348 | for (int i = 0; i < 255 - FIRST_ASSIGNED_IP_OFFSET; i++) 349 | { 350 | latestAssignedIpOffset++; 351 | if (latestAssignedIpOffset == 255) 352 | latestAssignedIpOffset = FIRST_ASSIGNED_IP_OFFSET; 353 | 354 | if (!usedIps.count(network + latestAssignedIpOffset)) 355 | { 356 | ipAvailable = true; 357 | break; 358 | } 359 | } 360 | 361 | if (!ipAvailable) 362 | return 0; 363 | 364 | usedIps.insert(network + latestAssignedIpOffset); 365 | return network + latestAssignedIpOffset; 366 | } 367 | 368 | void Server::run() 369 | { 370 | setTimeout(KEEP_ALIVE_INTERVAL); 371 | 372 | Worker::run(); 373 | } 374 | -------------------------------------------------------------------------------- /src/sha1.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * sha1.cpp 3 | * 4 | * Copyright (C) 1998, 2009 5 | * Paul E. Jones 6 | * All Rights Reserved. 7 | * 8 | ***************************************************************************** 9 | * $Id: sha1.cpp 12 2009-06-22 19:34:25Z paulej $ 10 | ***************************************************************************** 11 | * 12 | * Description: 13 | * This class implements the Secure Hashing Standard as defined 14 | * in FIPS PUB 180-1 published April 17, 1995. 15 | * 16 | * The Secure Hashing Standard, which uses the Secure Hashing 17 | * Algorithm (SHA), produces a 160-bit message digest for a 18 | * given data stream. In theory, it is highly improbable that 19 | * two messages will produce the same message digest. Therefore, 20 | * this algorithm can serve as a means of providing a "fingerprint" 21 | * for a message. 22 | * 23 | * Portability Issues: 24 | * SHA-1 is defined in terms of 32-bit "words". This code was 25 | * written with the expectation that the processor has at least 26 | * a 32-bit machine word size. If the machine word size is larger, 27 | * the code should still function properly. One caveat to that 28 | * is that the input functions taking characters and character arrays 29 | * assume that only 8 bits of information are stored in each character. 30 | * 31 | * Caveats: 32 | * SHA-1 is designed to work with messages less than 2^64 bits long. 33 | * Although SHA-1 allows a message digest to be generated for 34 | * messages of any number of bits less than 2^64, this implementation 35 | * only works with messages with a length that is a multiple of 8 36 | * bits. 37 | * 38 | */ 39 | 40 | 41 | #include "sha1.h" 42 | 43 | /* 44 | * SHA1 45 | * 46 | * Description: 47 | * This is the constructor for the sha1 class. 48 | * 49 | * Parameters: 50 | * None. 51 | * 52 | * Returns: 53 | * Nothing. 54 | * 55 | * Comments: 56 | * 57 | */ 58 | SHA1::SHA1() 59 | { 60 | Reset(); 61 | } 62 | 63 | /* 64 | * ~SHA1 65 | * 66 | * Description: 67 | * This is the destructor for the sha1 class 68 | * 69 | * Parameters: 70 | * None. 71 | * 72 | * Returns: 73 | * Nothing. 74 | * 75 | * Comments: 76 | * 77 | */ 78 | SHA1::~SHA1() 79 | { 80 | // The destructor does nothing 81 | } 82 | 83 | /* 84 | * Reset 85 | * 86 | * Description: 87 | * This function will initialize the sha1 class member variables 88 | * in preparation for computing a new message digest. 89 | * 90 | * Parameters: 91 | * None. 92 | * 93 | * Returns: 94 | * Nothing. 95 | * 96 | * Comments: 97 | * 98 | */ 99 | void SHA1::Reset() 100 | { 101 | Length_Low = 0; 102 | Length_High = 0; 103 | Message_Block_Index = 0; 104 | 105 | H[0] = 0x67452301; 106 | H[1] = 0xEFCDAB89; 107 | H[2] = 0x98BADCFE; 108 | H[3] = 0x10325476; 109 | H[4] = 0xC3D2E1F0; 110 | 111 | Computed = false; 112 | Corrupted = false; 113 | } 114 | 115 | /* 116 | * Result 117 | * 118 | * Description: 119 | * This function will return the 160-bit message digest into the 120 | * array provided. 121 | * 122 | * Parameters: 123 | * message_digest_array: [out] 124 | * This is an array of five unsigned integers which will be filled 125 | * with the message digest that has been computed. 126 | * 127 | * Returns: 128 | * True if successful, false if it failed. 129 | * 130 | * Comments: 131 | * 132 | */ 133 | bool SHA1::Result(unsigned *message_digest_array) 134 | { 135 | int i; // Counter 136 | 137 | if (Corrupted) 138 | { 139 | return false; 140 | } 141 | 142 | if (!Computed) 143 | { 144 | PadMessage(); 145 | Computed = true; 146 | } 147 | 148 | for(i = 0; i < 5; i++) 149 | { 150 | message_digest_array[i] = H[i]; 151 | } 152 | 153 | return true; 154 | } 155 | 156 | /* 157 | * Input 158 | * 159 | * Description: 160 | * This function accepts an array of octets as the next portion of 161 | * the message. 162 | * 163 | * Parameters: 164 | * message_array: [in] 165 | * An array of characters representing the next portion of the 166 | * message. 167 | * 168 | * Returns: 169 | * Nothing. 170 | * 171 | * Comments: 172 | * 173 | */ 174 | void SHA1::Input( const unsigned char *message_array, 175 | unsigned length) 176 | { 177 | if (!length) 178 | { 179 | return; 180 | } 181 | 182 | if (Computed || Corrupted) 183 | { 184 | Corrupted = true; 185 | return; 186 | } 187 | 188 | while(length-- && !Corrupted) 189 | { 190 | Message_Block[Message_Block_Index++] = (*message_array & 0xFF); 191 | 192 | Length_Low += 8; 193 | Length_Low &= 0xFFFFFFFF; // Force it to 32 bits 194 | if (Length_Low == 0) 195 | { 196 | Length_High++; 197 | Length_High &= 0xFFFFFFFF; // Force it to 32 bits 198 | if (Length_High == 0) 199 | { 200 | Corrupted = true; // Message is too long 201 | } 202 | } 203 | 204 | if (Message_Block_Index == 64) 205 | { 206 | ProcessMessageBlock(); 207 | } 208 | 209 | message_array++; 210 | } 211 | } 212 | 213 | /* 214 | * Input 215 | * 216 | * Description: 217 | * This function accepts an array of octets as the next portion of 218 | * the message. 219 | * 220 | * Parameters: 221 | * message_array: [in] 222 | * An array of characters representing the next portion of the 223 | * message. 224 | * length: [in] 225 | * The length of the message_array 226 | * 227 | * Returns: 228 | * Nothing. 229 | * 230 | * Comments: 231 | * 232 | */ 233 | void SHA1::Input( const char *message_array, 234 | unsigned length) 235 | { 236 | Input((unsigned char *) message_array, length); 237 | } 238 | 239 | /* 240 | * Input 241 | * 242 | * Description: 243 | * This function accepts a single octets as the next message element. 244 | * 245 | * Parameters: 246 | * message_element: [in] 247 | * The next octet in the message. 248 | * 249 | * Returns: 250 | * Nothing. 251 | * 252 | * Comments: 253 | * 254 | */ 255 | void SHA1::Input(unsigned char message_element) 256 | { 257 | Input(&message_element, 1); 258 | } 259 | 260 | /* 261 | * Input 262 | * 263 | * Description: 264 | * This function accepts a single octet as the next message element. 265 | * 266 | * Parameters: 267 | * message_element: [in] 268 | * The next octet in the message. 269 | * 270 | * Returns: 271 | * Nothing. 272 | * 273 | * Comments: 274 | * 275 | */ 276 | void SHA1::Input(char message_element) 277 | { 278 | Input((unsigned char *) &message_element, 1); 279 | } 280 | 281 | /* 282 | * operator<< 283 | * 284 | * Description: 285 | * This operator makes it convenient to provide character strings to 286 | * the SHA1 object for processing. 287 | * 288 | * Parameters: 289 | * message_array: [in] 290 | * The character array to take as input. 291 | * 292 | * Returns: 293 | * A reference to the SHA1 object. 294 | * 295 | * Comments: 296 | * Each character is assumed to hold 8 bits of information. 297 | * 298 | */ 299 | SHA1& SHA1::operator<<(const char *message_array) 300 | { 301 | const char *p = message_array; 302 | 303 | while(*p) 304 | { 305 | Input(*p); 306 | p++; 307 | } 308 | 309 | return *this; 310 | } 311 | 312 | /* 313 | * operator<< 314 | * 315 | * Description: 316 | * This operator makes it convenient to provide character strings to 317 | * the SHA1 object for processing. 318 | * 319 | * Parameters: 320 | * message_array: [in] 321 | * The character array to take as input. 322 | * 323 | * Returns: 324 | * A reference to the SHA1 object. 325 | * 326 | * Comments: 327 | * Each character is assumed to hold 8 bits of information. 328 | * 329 | */ 330 | SHA1& SHA1::operator<<(const unsigned char *message_array) 331 | { 332 | const unsigned char *p = message_array; 333 | 334 | while(*p) 335 | { 336 | Input(*p); 337 | p++; 338 | } 339 | 340 | return *this; 341 | } 342 | 343 | /* 344 | * operator<< 345 | * 346 | * Description: 347 | * This function provides the next octet in the message. 348 | * 349 | * Parameters: 350 | * message_element: [in] 351 | * The next octet in the message 352 | * 353 | * Returns: 354 | * A reference to the SHA1 object. 355 | * 356 | * Comments: 357 | * The character is assumed to hold 8 bits of information. 358 | * 359 | */ 360 | SHA1& SHA1::operator<<(const char message_element) 361 | { 362 | Input((unsigned char *) &message_element, 1); 363 | 364 | return *this; 365 | } 366 | 367 | /* 368 | * operator<< 369 | * 370 | * Description: 371 | * This function provides the next octet in the message. 372 | * 373 | * Parameters: 374 | * message_element: [in] 375 | * The next octet in the message 376 | * 377 | * Returns: 378 | * A reference to the SHA1 object. 379 | * 380 | * Comments: 381 | * The character is assumed to hold 8 bits of information. 382 | * 383 | */ 384 | SHA1& SHA1::operator<<(const unsigned char message_element) 385 | { 386 | Input(&message_element, 1); 387 | 388 | return *this; 389 | } 390 | 391 | /* 392 | * ProcessMessageBlock 393 | * 394 | * Description: 395 | * This function will process the next 512 bits of the message 396 | * stored in the Message_Block array. 397 | * 398 | * Parameters: 399 | * None. 400 | * 401 | * Returns: 402 | * Nothing. 403 | * 404 | * Comments: 405 | * Many of the variable names in this function, especially the single 406 | * character names, were used because those were the names used 407 | * in the publication. 408 | * 409 | */ 410 | void SHA1::ProcessMessageBlock() 411 | { 412 | const unsigned K[] = { // Constants defined for SHA-1 413 | 0x5A827999, 414 | 0x6ED9EBA1, 415 | 0x8F1BBCDC, 416 | 0xCA62C1D6 417 | }; 418 | int t; // Loop counter 419 | unsigned temp; // Temporary word value 420 | unsigned W[80]; // Word sequence 421 | unsigned A, B, C, D, E; // Word buffers 422 | 423 | /* 424 | * Initialize the first 16 words in the array W 425 | */ 426 | for(t = 0; t < 16; t++) 427 | { 428 | W[t] = ((unsigned) Message_Block[t * 4]) << 24; 429 | W[t] |= ((unsigned) Message_Block[t * 4 + 1]) << 16; 430 | W[t] |= ((unsigned) Message_Block[t * 4 + 2]) << 8; 431 | W[t] |= ((unsigned) Message_Block[t * 4 + 3]); 432 | } 433 | 434 | for(t = 16; t < 80; t++) 435 | { 436 | W[t] = CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); 437 | } 438 | 439 | A = H[0]; 440 | B = H[1]; 441 | C = H[2]; 442 | D = H[3]; 443 | E = H[4]; 444 | 445 | for(t = 0; t < 20; t++) 446 | { 447 | temp = CircularShift(5,A) + ((B & C) | ((~B) & D)) + E + W[t] + K[0]; 448 | temp &= 0xFFFFFFFF; 449 | E = D; 450 | D = C; 451 | C = CircularShift(30,B); 452 | B = A; 453 | A = temp; 454 | } 455 | 456 | for(t = 20; t < 40; t++) 457 | { 458 | temp = CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; 459 | temp &= 0xFFFFFFFF; 460 | E = D; 461 | D = C; 462 | C = CircularShift(30,B); 463 | B = A; 464 | A = temp; 465 | } 466 | 467 | for(t = 40; t < 60; t++) 468 | { 469 | temp = CircularShift(5,A) + 470 | ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; 471 | temp &= 0xFFFFFFFF; 472 | E = D; 473 | D = C; 474 | C = CircularShift(30,B); 475 | B = A; 476 | A = temp; 477 | } 478 | 479 | for(t = 60; t < 80; t++) 480 | { 481 | temp = CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; 482 | temp &= 0xFFFFFFFF; 483 | E = D; 484 | D = C; 485 | C = CircularShift(30,B); 486 | B = A; 487 | A = temp; 488 | } 489 | 490 | H[0] = (H[0] + A) & 0xFFFFFFFF; 491 | H[1] = (H[1] + B) & 0xFFFFFFFF; 492 | H[2] = (H[2] + C) & 0xFFFFFFFF; 493 | H[3] = (H[3] + D) & 0xFFFFFFFF; 494 | H[4] = (H[4] + E) & 0xFFFFFFFF; 495 | 496 | Message_Block_Index = 0; 497 | } 498 | 499 | /* 500 | * PadMessage 501 | * 502 | * Description: 503 | * According to the standard, the message must be padded to an even 504 | * 512 bits. The first padding bit must be a '1'. The last 64 bits 505 | * represent the length of the original message. All bits in between 506 | * should be 0. This function will pad the message according to those 507 | * rules by filling the message_block array accordingly. It will also 508 | * call ProcessMessageBlock() appropriately. When it returns, it 509 | * can be assumed that the message digest has been computed. 510 | * 511 | * Parameters: 512 | * None. 513 | * 514 | * Returns: 515 | * Nothing. 516 | * 517 | * Comments: 518 | * 519 | */ 520 | void SHA1::PadMessage() 521 | { 522 | /* 523 | * Check to see if the current message block is too small to hold 524 | * the initial padding bits and length. If so, we will pad the 525 | * block, process it, and then continue padding into a second block. 526 | */ 527 | if (Message_Block_Index > 55) 528 | { 529 | Message_Block[Message_Block_Index++] = 0x80; 530 | while(Message_Block_Index < 64) 531 | { 532 | Message_Block[Message_Block_Index++] = 0; 533 | } 534 | 535 | ProcessMessageBlock(); 536 | 537 | while(Message_Block_Index < 56) 538 | { 539 | Message_Block[Message_Block_Index++] = 0; 540 | } 541 | } 542 | else 543 | { 544 | Message_Block[Message_Block_Index++] = 0x80; 545 | while(Message_Block_Index < 56) 546 | { 547 | Message_Block[Message_Block_Index++] = 0; 548 | } 549 | 550 | } 551 | 552 | /* 553 | * Store the message length as the last 8 octets 554 | */ 555 | Message_Block[56] = (Length_High >> 24) & 0xFF; 556 | Message_Block[57] = (Length_High >> 16) & 0xFF; 557 | Message_Block[58] = (Length_High >> 8) & 0xFF; 558 | Message_Block[59] = (Length_High) & 0xFF; 559 | Message_Block[60] = (Length_Low >> 24) & 0xFF; 560 | Message_Block[61] = (Length_Low >> 16) & 0xFF; 561 | Message_Block[62] = (Length_Low >> 8) & 0xFF; 562 | Message_Block[63] = (Length_Low) & 0xFF; 563 | 564 | ProcessMessageBlock(); 565 | } 566 | 567 | 568 | /* 569 | * CircularShift 570 | * 571 | * Description: 572 | * This member function will perform a circular shifting operation. 573 | * 574 | * Parameters: 575 | * bits: [in] 576 | * The number of bits to shift (1-31) 577 | * word: [in] 578 | * The value to shift (assumes a 32-bit integer) 579 | * 580 | * Returns: 581 | * The shifted value. 582 | * 583 | * Comments: 584 | * 585 | */ 586 | unsigned SHA1::CircularShift(int bits, unsigned word) 587 | { 588 | return ((word << bits) & 0xFFFFFFFF) | ((word & 0xFFFFFFFF) >> (32-bits)); 589 | } 590 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | --------------------------------------------------------------------------------